summary refs log tree commit diff
path: root/gnu/packages
diff options
context:
space:
mode:
authorEfraim Flashner <efraim@flashner.co.il>2017-10-01 19:59:55 +0300
committerEfraim Flashner <efraim@flashner.co.il>2017-10-01 22:16:22 +0300
commit64df08f0cfac8f7a329002afa3461fd62a4b229c (patch)
tree019909423138ceb49cdd86f1af48d366503db68f /gnu/packages
parentb83ad3ace56c65a367e8f58c7b78323cf251b94b (diff)
parent0ef1c223071869488c35b72b7407234c11425589 (diff)
downloadguix-64df08f0cfac8f7a329002afa3461fd62a4b229c.tar.gz
Merge remote-tracking branch 'origin/master' into core-updates
Diffstat (limited to 'gnu/packages')
-rw-r--r--gnu/packages/accessibility.scm45
-rw-r--r--gnu/packages/admin.scm11
-rw-r--r--gnu/packages/aidc.scm24
-rw-r--r--gnu/packages/algebra.scm4
-rw-r--r--gnu/packages/astronomy.scm10
-rw-r--r--gnu/packages/audio.scm54
-rw-r--r--gnu/packages/aux-files/linux-libre/4.13-i686.conf (renamed from gnu/packages/aux-files/linux-libre/4.12-i686.conf)190
-rw-r--r--gnu/packages/aux-files/linux-libre/4.13-x86_64.conf (renamed from gnu/packages/aux-files/linux-libre/4.12-x86_64.conf)191
-rw-r--r--gnu/packages/avr.scm2
-rw-r--r--gnu/packages/backup.scm11
-rw-r--r--gnu/packages/base.scm14
-rw-r--r--gnu/packages/bdw-gc.scm12
-rw-r--r--gnu/packages/bioinformatics.scm106
-rw-r--r--gnu/packages/bootloaders.scm69
-rw-r--r--gnu/packages/build-tools.scm23
-rw-r--r--gnu/packages/calendar.scm9
-rw-r--r--gnu/packages/cdrom.scm4
-rw-r--r--gnu/packages/certs.scm4
-rw-r--r--gnu/packages/check.scm26
-rw-r--r--gnu/packages/ci.scm24
-rw-r--r--gnu/packages/cobol.scm59
-rw-r--r--gnu/packages/code.scm8
-rw-r--r--gnu/packages/commencement.scm8
-rw-r--r--gnu/packages/compression.scm46
-rw-r--r--gnu/packages/cpp.scm6
-rw-r--r--gnu/packages/cran.scm329
-rw-r--r--gnu/packages/crypto.scm41
-rw-r--r--gnu/packages/cups.scm124
-rw-r--r--gnu/packages/databases.scm115
-rw-r--r--gnu/packages/dav.scm4
-rw-r--r--gnu/packages/debug.scm2
-rw-r--r--gnu/packages/disk.scm25
-rw-r--r--gnu/packages/display-managers.scm16
-rw-r--r--gnu/packages/django.scm4
-rw-r--r--gnu/packages/djvu.scm8
-rw-r--r--gnu/packages/dns.scm8
-rw-r--r--gnu/packages/documentation.scm2
-rw-r--r--gnu/packages/dunst.scm17
-rw-r--r--gnu/packages/ebook.scm12
-rw-r--r--gnu/packages/electronics.scm5
-rw-r--r--gnu/packages/emacs.scm617
-rw-r--r--gnu/packages/embedded.scm121
-rw-r--r--gnu/packages/engineering.scm70
-rw-r--r--gnu/packages/enlightenment.scm18
-rw-r--r--gnu/packages/erlang.scm2
-rw-r--r--gnu/packages/fabric-management.scm173
-rw-r--r--gnu/packages/file.scm1
-rw-r--r--gnu/packages/finance.scm216
-rw-r--r--gnu/packages/fltk.scm2
-rw-r--r--gnu/packages/fonts.scm31
-rw-r--r--gnu/packages/fontutils.scm37
-rw-r--r--gnu/packages/freedesktop.scm82
-rw-r--r--gnu/packages/ftp.scm10
-rw-r--r--gnu/packages/game-development.scm148
-rw-r--r--gnu/packages/games.scm148
-rw-r--r--gnu/packages/gcc.scm112
-rw-r--r--gnu/packages/gd.scm20
-rw-r--r--gnu/packages/gdb.scm4
-rw-r--r--gnu/packages/gnome.scm321
-rw-r--r--gnu/packages/gnunet.scm20
-rw-r--r--gnu/packages/gnupg.scm161
-rw-r--r--gnu/packages/gnustep.scm2
-rw-r--r--gnu/packages/gnuzilla.scm217
-rw-r--r--gnu/packages/graphics.scm40
-rw-r--r--gnu/packages/gstreamer.scm28
-rw-r--r--gnu/packages/gtk.scm30
-rw-r--r--gnu/packages/guile.scm16
-rw-r--r--gnu/packages/haskell.scm40
-rw-r--r--gnu/packages/hexedit.scm2
-rw-r--r--gnu/packages/ibus.scm20
-rw-r--r--gnu/packages/image-viewers.scm4
-rw-r--r--gnu/packages/image.scm15
-rw-r--r--gnu/packages/imagemagick.scm14
-rw-r--r--gnu/packages/irc.scm57
-rw-r--r--gnu/packages/java.scm30
-rw-r--r--gnu/packages/javascript.scm12
-rw-r--r--gnu/packages/jemalloc.scm8
-rw-r--r--gnu/packages/kde-frameworks.scm26
-rw-r--r--gnu/packages/kde.scm8
-rw-r--r--gnu/packages/ldc.scm4
-rw-r--r--gnu/packages/libffcall.scm4
-rw-r--r--gnu/packages/libidn.scm1
-rw-r--r--gnu/packages/libreoffice.scm86
-rw-r--r--gnu/packages/libunwind.scm8
-rw-r--r--gnu/packages/libusb.scm2
-rw-r--r--gnu/packages/linux.scm138
-rw-r--r--gnu/packages/lirc.scm14
-rw-r--r--gnu/packages/logging.scm2
-rw-r--r--gnu/packages/lxqt.scm30
-rw-r--r--gnu/packages/machine-learning.scm17
-rw-r--r--gnu/packages/mail.scm102
-rw-r--r--gnu/packages/man.scm4
-rw-r--r--gnu/packages/markup.scm88
-rw-r--r--gnu/packages/mate.scm655
-rw-r--r--gnu/packages/maths.scm263
-rw-r--r--gnu/packages/mes.scm9
-rw-r--r--gnu/packages/messaging.scm129
-rw-r--r--gnu/packages/microcom.scm2
-rw-r--r--gnu/packages/mp3.scm4
-rw-r--r--gnu/packages/mpd.scm4
-rw-r--r--gnu/packages/mpi.scm23
-rw-r--r--gnu/packages/music.scm120
-rw-r--r--gnu/packages/networking.scm4
-rw-r--r--gnu/packages/node.scm12
-rw-r--r--gnu/packages/ntp.scm6
-rw-r--r--gnu/packages/ocaml.scm395
-rw-r--r--gnu/packages/package-management.scm19
-rw-r--r--gnu/packages/parallel.scm11
-rw-r--r--gnu/packages/password-utils.scm98
-rw-r--r--gnu/packages/patches/bluez-CVE-2017-1000250.patch42
-rw-r--r--gnu/packages/patches/calibre-drop-unrar.patch49
-rw-r--r--gnu/packages/patches/csound-header-ordering.patch20
-rw-r--r--gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch46
-rw-r--r--gnu/packages/patches/file-CVE-2017-1000249.patch27
-rw-r--r--gnu/packages/patches/fontforge-svg-modtime.patch35
-rw-r--r--gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch14
-rw-r--r--gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch13
-rw-r--r--gnu/packages/patches/gd-CVE-2017-7890.patch30
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch137
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-13775.patch195
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch179
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch80
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch72
-rw-r--r--gnu/packages/patches/httpd-CVE-2017-9798.patch22
-rw-r--r--gnu/packages/patches/libarchive-CVE-2017-14166.patch45
-rw-r--r--gnu/packages/patches/libunwind-CVE-2015-3239.patch17
-rw-r--r--gnu/packages/patches/libxml2-CVE-2017-0663.patch53
-rw-r--r--gnu/packages/patches/libxml2-CVE-2017-7375.patch45
-rw-r--r--gnu/packages/patches/libxml2-CVE-2017-7376.patch41
-rw-r--r--gnu/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch130
-rw-r--r--gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch319
-rw-r--r--gnu/packages/patches/libzip-CVE-2017-12858.patch45
-rw-r--r--gnu/packages/patches/meson-for-build-rpath.patch24
-rw-r--r--gnu/packages/patches/metabat-fix-boost-issue.patch27
-rw-r--r--gnu/packages/patches/metabat-remove-compilation-date.patch16
-rw-r--r--gnu/packages/patches/multiqc-fix-git-subprocess-error.patch16
-rw-r--r--gnu/packages/patches/newsbeuter-CVE-2017-14500.patch43
-rw-r--r--gnu/packages/patches/node-9077.patch31
-rw-r--r--gnu/packages/patches/ocaml-graph-honor-source-date-epoch.patch34
-rw-r--r--gnu/packages/patches/openfoam-4.1-cleanup.patch243
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2017-14040.patch83
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2017-14041.patch25
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2017-14151.patch46
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2017-14152.patch38
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2017-14164.patch89
-rw-r--r--gnu/packages/patches/openocd-nrf52.patch64
-rw-r--r--gnu/packages/patches/perl-text-markdown-discount-use-system-markdown.patch32
-rw-r--r--gnu/packages/patches/python2-larch-coverage-4.0a6-compatibility.patch29
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-10664.patch27
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-10806.patch38
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-10911.patch106
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-11334.patch52
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-11434.patch25
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-12809.patch38
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-13711.patch89
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-14167.patch69
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-7493.patch182
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-8112.patch41
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-8309.patch46
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-8379.patch98
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-8380.patch53
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-9524.patch287
-rw-r--r--gnu/packages/patches/wmfire-update-for-new-gdk-versions.patch2
-rw-r--r--gnu/packages/pdf.scm2
-rw-r--r--gnu/packages/perl.scm498
-rw-r--r--gnu/packages/photo.scm4
-rw-r--r--gnu/packages/php.scm17
-rw-r--r--gnu/packages/python.scm554
-rw-r--r--gnu/packages/qt.scm16
-rw-r--r--gnu/packages/ruby.scm238
-rw-r--r--gnu/packages/samba.scm27
-rw-r--r--gnu/packages/screen.scm4
-rw-r--r--gnu/packages/search.scm10
-rw-r--r--gnu/packages/serialization.scm10
-rw-r--r--gnu/packages/shells.scm2
-rw-r--r--gnu/packages/shellutils.scm35
-rw-r--r--gnu/packages/simulation.scm212
-rw-r--r--gnu/packages/statistics.scm215
-rw-r--r--gnu/packages/sync.scm4
-rw-r--r--gnu/packages/syndication.scm5
-rw-r--r--gnu/packages/tcl.scm54
-rw-r--r--gnu/packages/telephony.scm2
-rw-r--r--gnu/packages/terminals.scm2
-rw-r--r--gnu/packages/tex.scm20
-rw-r--r--gnu/packages/texinfo.scm16
-rw-r--r--gnu/packages/textutils.scm4
-rw-r--r--gnu/packages/time.scm59
-rw-r--r--gnu/packages/tls.scm31
-rw-r--r--gnu/packages/tor.scm4
-rw-r--r--gnu/packages/version-control.scm120
-rw-r--r--gnu/packages/video.scm71
-rw-r--r--gnu/packages/vim.scm25
-rw-r--r--gnu/packages/virtualization.scm45
-rw-r--r--gnu/packages/vpn.scm7
-rw-r--r--gnu/packages/w3m.scm2
-rw-r--r--gnu/packages/web-browsers.scm6
-rw-r--r--gnu/packages/web.scm243
-rw-r--r--gnu/packages/webkit.scm17
-rw-r--r--gnu/packages/wine.scm4
-rw-r--r--gnu/packages/wm.scm4
-rw-r--r--gnu/packages/xdisorg.scm35
-rw-r--r--gnu/packages/xfce.scm2
-rw-r--r--gnu/packages/xml.scm9
-rw-r--r--gnu/packages/xorg.scm133
204 files changed, 10320 insertions, 2906 deletions
diff --git a/gnu/packages/accessibility.scm b/gnu/packages/accessibility.scm
index 0795808768..78cb64a2d7 100644
--- a/gnu/packages/accessibility.scm
+++ b/gnu/packages/accessibility.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 ng0 <ng0@no-reply.pragmatique.xyz>
+;;; Copyright © 2017 Stefan Reichör <stefan@xsteve.at>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -20,6 +21,8 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix build-system gnu)
   #:use-module (guix build-system glib-or-gtk)
   #:use-module (gnu packages)
   #:use-module (gnu packages xml)
@@ -29,7 +32,8 @@
   #:use-module (gnu packages xorg)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages glib)
-  #:use-module (gnu packages pkg-config))
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages libusb))
 
 (define-public florence
   (package
@@ -76,3 +80,42 @@ available to help to click.")
     ;; The documentation is under FDL1.2, but we do not install the
     ;; documentation.
     (license license:gpl2+)))
+
+(define-public footswitch
+  (let ((commit "7cb0a9333a150c27c7e4746ee827765d244e567a"))
+    (package
+      (name "footswitch")
+      (version (git-version "0.1" "1" commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/rgerganov/footswitch")
+                      (commit commit)))
+                (file-name (git-file-name name version))
+                (sha256
+                 (base32 "0mg1vr4a9vls5y435w7wdnr1vb5059gy60lvrdfjgzhd2wwf47iw"))))
+      (build-system gnu-build-system)
+      (native-inputs
+       `(("pkg-config" ,pkg-config)))
+      (inputs
+       `(("hidapi" ,hidapi)))
+      (arguments
+       `(#:tests? #f ; no tests
+         #:make-flags (list "CC=gcc")
+         #:phases (modify-phases %standard-phases
+                    (delete 'configure)
+                    ;; Install target in the Makefile does not work for Guix
+                    (replace 'install
+                      (lambda* (#:key outputs #:allow-other-keys)
+                        (let ((bin (string-append (assoc-ref outputs "out")
+                                                  "/bin")))
+                          (mkdir-p bin)
+                          (install-file "footswitch" bin)
+                          #t))))))
+      (home-page "https://github.com/rgerganov/footswitch")
+      (synopsis "Command line utility for PCsensor foot switch")
+      (description
+       "Command line utility for programming foot switches sold by PCsensor.
+It works for both single pedal devices and three pedal devices.  All supported
+devices have vendorId:productId = 0c45:7403 or 0c45:7404.")
+    (license license:expat))))
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index ea71de6f57..8e98174f47 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -661,14 +661,14 @@ network statistics collection, security monitoring, network debugging, etc.")
 (define-public tcpdump
   (package
     (name "tcpdump")
-    (version "4.9.1")
+    (version "4.9.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://www.tcpdump.org/release/tcpdump-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1wyqbg7bkmgqyslf1ns0xx9fcqi66hvcfm9nf77rl15jvvs8qi7r"))))
+                "0ygy0layzqaj838r5xd613iraz09wlfgpyh7pc6cwclql8v3b2vr"))))
     (build-system gnu-build-system)
     (inputs `(("libpcap" ,libpcap)
               ("openssl" ,openssl)))
@@ -818,7 +818,7 @@ system administrator.")
 (define-public sudo
   (package
     (name "sudo")
-    (version "1.8.20p2")
+    (version "1.8.21p2")
     (source (origin
               (method url-fetch)
               (uri
@@ -828,7 +828,7 @@ system administrator.")
                                     version ".tar.gz")))
               (sha256
                (base32
-                "1na5likm1srnd1g5sjx7b0543sczw0yppacyqsazfdg9b48awhmx"))
+                "0s33szq6q59v5s377l4v6ybsdy7pfq6sz7y364j4x09ssdn79ibl"))
               (modules '((guix build utils)))
               (snippet
                '(delete-file-recursively "lib/zlib"))))
@@ -871,7 +871,8 @@ system administrator.")
                 "$(TMPDIR)/dummy")
                (("\\$\\(DESTDIR\\)\\$\\(vardir\\)")
                 ;; Don't try to create /var/db/sudo.
-                "$(TMPDIR)/dummy")))))
+                "$(TMPDIR)/dummy"))
+             #t)))
 
        ;; XXX: The 'testsudoers' test series expects user 'root' to exist, but
        ;; the chroot's /etc/passwd doesn't have it.  Turn off the tests.
diff --git a/gnu/packages/aidc.scm b/gnu/packages/aidc.scm
index 0864aa6490..fa4555ede6 100644
--- a/gnu/packages/aidc.scm
+++ b/gnu/packages/aidc.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 John Darringon <jmd@gnu.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -69,3 +70,26 @@ a mobile phone with CCD.  The capacity of QR Code is up to 7000 digits or 4000
 characters, and is highly robust.")
     (license license:lgpl2.1+)
     (home-page "https://fukuchi.org/works/qrencode")))
+
+(define-public libdmtx
+  (package
+    (name "libdmtx")
+    (version "0.7.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://sourceforge/libdmtx/" name "/" version "/"
+             name "-" version ".tar.bz2"))
+       (sha256
+        (base32 "0xnxx075ycy58n92yfda2z9zgd41h3d4ik5d9l197lzsqim5hb5n"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "http://libdmtx.sourceforge.net/")
+    (synopsis "Library for reading and writing Data Matrix 2D barcodes")
+    (description "libdmtx is open source software for reading and writing Data
+Matrix 2D barcodes on Linux and Unix.  At its core libdmtx is a shared
+library, allowing C/C++ programs to use its capabilities without restrictions
+or overhead.")
+    (license license:bsd-3)))
diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm
index 74ef7dc285..e4f30a5791 100644
--- a/gnu/packages/algebra.scm
+++ b/gnu/packages/algebra.scm
@@ -133,7 +133,7 @@ solve the shortest vector problem.")
 (define-public pari-gp
   (package
    (name "pari-gp")
-   (version "2.9.2")
+   (version "2.9.3")
    (source (origin
             (method url-fetch)
             (uri (string-append
@@ -141,7 +141,7 @@ solve the shortest vector problem.")
                   version ".tar.gz"))
             (sha256
               (base32
-                "0zi08qz9nk17wwdna4xb2vp3i3mh5sgv1y8wqbf0j2sfryxlr8ls"))))
+                "0qqal1lpggd6dvs19svnz0dil86xk0xkcj5s3b7104ibkmvjfsp7"))))
    (build-system gnu-build-system)
    (native-inputs `(("texlive" ,texlive-tiny)))
    (inputs `(("gmp" ,gmp)
diff --git a/gnu/packages/astronomy.scm b/gnu/packages/astronomy.scm
index 132013b57a..a1f5bd1820 100644
--- a/gnu/packages/astronomy.scm
+++ b/gnu/packages/astronomy.scm
@@ -64,7 +64,7 @@ in FITS files.")
 (define-public wcslib
   (package
     (name "wcslib")
-    (version "5.16")
+    (version "5.17")
     (source
      (origin
        (method url-fetch)
@@ -72,7 +72,7 @@ in FITS files.")
              "ftp://ftp.atnf.csiro.au/pub/software/wcslib/" name "-" version
              ".tar.bz2"))
        (sha256
-        (base32 "1vwrzkznpig2q40m11j12hsfqvsjz8z44l66pz5fkh6fy461w0zd"))))
+        (base32 "0v23x1fw01arhmqdrzfd9n593mjglhzfyx4793v065z0dg4bb72w"))))
     (inputs
      `(("cfitsio" ,cfitsio)))
     (build-system gnu-build-system)
@@ -83,7 +83,7 @@ in FITS files.")
                       (substitute* "makedefs.in"
                         (("/bin/sh") "sh"))
                       #t)))))
-    (home-page "http://www.atnf.csiro.au/people/mcalabre/WCS")
+    (home-page "https://www.atnf.csiro.au/people/mcalabre/WCS")
     (synopsis "Library which implements the FITS WCS standard")
     (description "The FITS \"World Coordinate System\" (WCS) standard defines
 keywords and usage that provide for the description of astronomical coordinate
@@ -93,7 +93,7 @@ systems in a FITS image header.")
 (define-public gnuastro
   (package
     (name "gnuastro")
-    (version "0.3")
+    (version "0.4")
     (source
      (origin
        (method url-fetch)
@@ -101,7 +101,7 @@ systems in a FITS image header.")
                            version ".tar.gz"))
        (sha256
         (base32
-         "109xjwbs36gbkx5sd5yzf6ailfcldc5d28vl1n19z0ylfzww4nwa"))))
+         "1n30zz4kg89ic5h30b7nrxp0bk0ls2m3xnfi81mja56bxxwpihrs"))))
     (inputs
      `(("cfitsio" ,cfitsio)
        ("gsl" ,gsl)
diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index 62b526b10d..95a5fdd7c8 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -328,7 +328,7 @@ engineers, musicians, soundtrack editors and composers.")
        #:phases
        (modify-phases %standard-phases
          ;; FFmpeg is only detected if autoreconf runs.
-         (add-before 'configure 'autoreconf
+         (add-after 'unpack 'autoreconf
            (lambda _
              (zero? (system* "autoreconf" "-vfi")))))
        ;; The test suite is not "well exercised" according to the developers,
@@ -568,23 +568,17 @@ emulation (valve, tape), bit fiddling (decimator, pointer-cast), etc.")
 (define-public csound
   (package
     (name "csound")
-    (version "6.05")
+    (version "6.09.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                    "mirror://sourceforge/csound/csound6/Csound"
-                    version "/Csound" version ".tar.gz"))
+                    "https://github.com/csound/csound/archive/"
+                    version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0a1sni6lr7qpwywpggbkp0ia3h9bwwgf9i87gsag8ra2h30v82hd"))
-              (patches (search-patches "csound-header-ordering.patch"))))
+                "0f67vyy3r29hn26qkkcwnizrnzzy8p7gmg3say5q3wjhxns3b5yl"))))
     (build-system cmake-build-system)
-    (arguments
-     ;; Work around this error on x86_64 with libc 2.22+:
-     ;;    libmvec.so.1: error adding symbols: DSO missing from command line
-     (if (string-prefix? "x86_64" (or (%current-target-system) (%current-system)))
-         '(#:configure-flags '("-DCMAKE_EXE_LINKER_FLAGS=-lmvec"))
-         '()))
     (inputs
      `(("alsa-lib" ,alsa-lib)
        ("boost" ,boost)
@@ -1084,7 +1078,7 @@ PS, and DAB+.")
     (native-inputs
      `(("llvm" ,llvm-with-rtti)
        ("which" ,which)
-       ("xxd" ,vim)
+       ("xxd" ,xxd)
        ("ctags" ,emacs-minimal)  ; for ctags
        ("pkg-config" ,pkg-config)))
     (inputs
@@ -1136,7 +1130,7 @@ patches that can be used with softsynths such as Timidity and WildMidi.")
 (define-public guitarix
   (package
     (name "guitarix")
-    (version "0.35.5")
+    (version "0.35.6")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -1144,7 +1138,7 @@ patches that can be used with softsynths such as Timidity and WildMidi.")
                    version ".tar.xz"))
              (sha256
               (base32
-               "00pfb6qa3jfa6qaql7isnb8srfdfmk362ygslh7y0qkm36qasmh4"))))
+               "0ffvfnvhj6vz73zsrpi88hs69ys4zskm847zf825dl2r39n9nn41"))))
     (build-system waf-build-system)
     (arguments
      `(#:tests? #f ; no "check" target
@@ -1979,8 +1973,8 @@ tempo and pitch of an audio recording independently of one another.")
     (arguments
      `(#:tests? #f ;no "check" target
        #:phases (modify-phases %standard-phases
-                  (add-before
-                   'configure 'autoconf
+                  (add-after
+                   'unpack 'autoconf
                    (lambda _ (zero? (system* "autoreconf" "-vfi"))))
                   (add-before
                    'build 'fix-makefile
@@ -2906,3 +2900,29 @@ code, used in @code{libtoxcore}.")
 06.10 RPE-LTP lossy speech compression algorithm.")
     (home-page "http://quut.com/gsm/")
     (license (license:non-copyleft "file://COPYRIGHT"))))
+
+(define-public python-pyalsaaudio
+  (package
+    (name "python-pyalsaaudio")
+    (version "0.8.4")
+    (source (origin
+              (method url-fetch)
+              (uri (pypi-uri "pyalsaaudio" version))
+              (sha256
+               (base32
+                "1180ypn9596rq4b7y7dyv627j1q0fqilmkkrckclnzsdakdgis44"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:tests? #f))                   ; tests require access to ALSA devices.
+    (inputs
+     `(("alsa-lib" ,alsa-lib)))
+    (home-page "http://larsimmisch.github.io/pyalsaaudio/")
+    (synopsis "ALSA wrappers for Python")
+    (description
+     "This package contains wrappers for accessing the ALSA API from Python.
+It is currently fairly complete for PCM devices, and has some support for
+mixers.")
+    (license license:psfl)))
+
+(define-public python2-pyalsaaudio
+  (package-with-python2 python-pyalsaaudio))
diff --git a/gnu/packages/aux-files/linux-libre/4.12-i686.conf b/gnu/packages/aux-files/linux-libre/4.13-i686.conf
index 384764f841..4a56afa864 100644
--- a/gnu/packages/aux-files/linux-libre/4.12-i686.conf
+++ b/gnu/packages/aux-files/linux-libre/4.13-i686.conf
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.12.0-gnu Kernel Configuration
+# Linux/x86 4.13.0-gnu Kernel Configuration
 #
 # CONFIG_64BIT is not set
 CONFIG_X86_32=y
@@ -84,7 +84,9 @@ CONFIG_AUDIT_TREE=y
 #
 CONFIG_GENERIC_IRQ_PROBE=y
 CONFIG_GENERIC_IRQ_SHOW=y
+CONFIG_GENERIC_IRQ_EFFECTIVE_AFF_MASK=y
 CONFIG_GENERIC_PENDING_IRQ=y
+CONFIG_GENERIC_IRQ_MIGRATION=y
 CONFIG_GENERIC_IRQ_CHIP=y
 CONFIG_IRQ_DOMAIN=y
 CONFIG_IRQ_DOMAIN_HIERARCHY=y
@@ -93,6 +95,7 @@ CONFIG_GENERIC_MSI_IRQ_DOMAIN=y
 # CONFIG_IRQ_DOMAIN_DEBUG is not set
 CONFIG_IRQ_FORCED_THREADING=y
 CONFIG_SPARSE_IRQ=y
+# CONFIG_GENERIC_IRQ_DEBUGFS is not set
 CONFIG_CLOCKSOURCE_WATCHDOG=y
 CONFIG_ARCH_CLOCKSOURCE_DATA=y
 CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y
@@ -134,7 +137,6 @@ CONFIG_TREE_SRCU=y
 # CONFIG_TASKS_RCU is not set
 CONFIG_RCU_STALL_COMMON=y
 CONFIG_RCU_NEED_SEGCBLIST=y
-# CONFIG_TREE_RCU_TRACE is not set
 CONFIG_BUILD_BIN2C=y
 # CONFIG_IKCONFIG is not set
 CONFIG_LOG_BUF_SHIFT=17
@@ -237,6 +239,7 @@ CONFIG_SLUB_DEBUG=y
 # CONFIG_SLAB is not set
 CONFIG_SLUB=y
 # CONFIG_SLOB is not set
+CONFIG_SLAB_MERGE_DEFAULT=y
 CONFIG_SLAB_FREELIST_RANDOM=y
 CONFIG_SLUB_CPU_PARTIAL=y
 # CONFIG_SYSTEM_DATA_VERIFICATION is not set
@@ -268,6 +271,7 @@ CONFIG_HAVE_NMI=y
 CONFIG_HAVE_ARCH_TRACEHOOK=y
 CONFIG_HAVE_DMA_CONTIGUOUS=y
 CONFIG_GENERIC_SMP_IDLE_THREAD=y
+CONFIG_ARCH_HAS_FORTIFY_SOURCE=y
 CONFIG_ARCH_HAS_SET_MEMORY=y
 CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y
 CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
@@ -277,6 +281,7 @@ CONFIG_HAVE_HW_BREAKPOINT=y
 CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y
 CONFIG_HAVE_USER_RETURN_NOTIFIER=y
 CONFIG_HAVE_PERF_EVENTS_NMI=y
+CONFIG_HAVE_HARDLOCKUP_DETECTOR_PERF=y
 CONFIG_HAVE_PERF_REGS=y
 CONFIG_HAVE_PERF_USER_STACK_DUMP=y
 CONFIG_HAVE_ARCH_JUMP_LABEL=y
@@ -292,11 +297,13 @@ CONFIG_GCC_PLUGINS=y
 # CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
 # CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
 # CONFIG_GCC_PLUGIN_STRUCTLEAK is not set
+# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set
 CONFIG_HAVE_CC_STACKPROTECTOR=y
 CONFIG_CC_STACKPROTECTOR=y
 # CONFIG_CC_STACKPROTECTOR_NONE is not set
 # CONFIG_CC_STACKPROTECTOR_REGULAR is not set
 CONFIG_CC_STACKPROTECTOR_STRONG=y
+CONFIG_THIN_ARCHIVES=y
 CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y
 CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y
 CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
@@ -320,6 +327,7 @@ CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y
 CONFIG_STRICT_KERNEL_RWX=y
 CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
 CONFIG_STRICT_MODULE_RWX=y
+CONFIG_REFCOUNT_FULL=y
 
 #
 # GCOV-based kernel profiling
@@ -522,6 +530,7 @@ CONFIG_X86_MCE_INTEL=y
 CONFIG_X86_MCE_AMD=y
 # CONFIG_X86_ANCIENT_MCE is not set
 CONFIG_X86_MCE_THRESHOLD=y
+# CONFIG_X86_MCE_INJECT is not set
 CONFIG_X86_THERMAL_VECTOR=y
 
 #
@@ -568,6 +577,7 @@ CONFIG_HAVE_MEMORY_PRESENT=y
 CONFIG_SPARSEMEM_STATIC=y
 CONFIG_HAVE_MEMBLOCK=y
 CONFIG_HAVE_MEMBLOCK_NODE_MAP=y
+CONFIG_HAVE_GENERIC_GUP=y
 CONFIG_ARCH_DISCARD_MEMBLOCK=y
 CONFIG_MEMORY_ISOLATION=y
 # CONFIG_HAVE_BOOTMEM_INFO_NODE is not set
@@ -590,6 +600,7 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
 CONFIG_TRANSPARENT_HUGEPAGE=y
 CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS=y
 # CONFIG_TRANSPARENT_HUGEPAGE_MADVISE is not set
+# CONFIG_ARCH_WANTS_THP_SWAP is not set
 CONFIG_TRANSPARENT_HUGE_PAGECACHE=y
 CONFIG_CLEANCACHE=y
 CONFIG_FRONTSWAP=y
@@ -609,6 +620,7 @@ CONFIG_ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT=y
 # CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
 CONFIG_IDLE_PAGE_TRACKING=y
 CONFIG_FRAME_VECTOR=y
+# CONFIG_PERCPU_STATS is not set
 CONFIG_X86_PMEM_LEGACY_DEVICE=y
 CONFIG_X86_PMEM_LEGACY=y
 CONFIG_HIGHPTE=y
@@ -832,6 +844,7 @@ CONFIG_PCI_STUB=m
 CONFIG_XEN_PCIDEV_FRONTEND=m
 CONFIG_HT_IRQ=y
 CONFIG_PCI_ATS=y
+CONFIG_PCI_LOCKLESS_CONFIG=y
 CONFIG_PCI_IOV=y
 CONFIG_PCI_PRI=y
 CONFIG_PCI_PASID=y
@@ -943,6 +956,7 @@ CONFIG_PACKET=y
 CONFIG_PACKET_DIAG=m
 CONFIG_UNIX=y
 CONFIG_UNIX_DIAG=m
+CONFIG_TLS=m
 CONFIG_XFRM=y
 CONFIG_XFRM_OFFLOAD=y
 CONFIG_XFRM_ALGO=m
@@ -1451,10 +1465,11 @@ CONFIG_HAVE_NET_DSA=y
 CONFIG_NET_DSA=m
 CONFIG_NET_DSA_TAG_DSA=y
 CONFIG_NET_DSA_TAG_EDSA=y
+CONFIG_NET_DSA_TAG_KSZ=y
+CONFIG_NET_DSA_TAG_LAN9303=y
+CONFIG_NET_DSA_TAG_MTK=y
 CONFIG_NET_DSA_TAG_TRAILER=y
 CONFIG_NET_DSA_TAG_QCA=y
-CONFIG_NET_DSA_TAG_MTK=y
-CONFIG_NET_DSA_TAG_LAN9303=y
 CONFIG_VLAN_8021Q=m
 CONFIG_VLAN_8021Q_GVRP=y
 CONFIG_VLAN_8021Q_MVRP=y
@@ -1972,6 +1987,10 @@ CONFIG_MTD_CMDLINE_PARTS=m
 CONFIG_MTD_AR7_PARTS=m
 
 #
+# Partition parsers
+#
+
+#
 # User Modules And Translation Layers
 #
 CONFIG_MTD_BLKDEVS=m
@@ -2046,6 +2065,7 @@ CONFIG_MTD_DATAFLASH=m
 # CONFIG_MTD_DATAFLASH_WRITE_VERIFY is not set
 CONFIG_MTD_DATAFLASH_OTP=y
 CONFIG_MTD_M25P80=m
+CONFIG_MTD_MCHP23K256=m
 CONFIG_MTD_SST25L=m
 CONFIG_MTD_SLRAM=m
 CONFIG_MTD_PHRAM=m
@@ -2080,8 +2100,6 @@ CONFIG_MTD_NAND_CAFE=m
 CONFIG_MTD_NAND_CS553X=m
 CONFIG_MTD_NAND_NANDSIM=m
 CONFIG_MTD_NAND_PLATFORM=m
-CONFIG_MTD_NAND_HISI504=m
-CONFIG_MTD_NAND_MTK=m
 CONFIG_MTD_ONENAND=m
 CONFIG_MTD_ONENAND_VERIFY_WRITE=y
 CONFIG_MTD_ONENAND_GENERIC=m
@@ -2189,7 +2207,6 @@ CONFIG_BLK_DEV_RBD=m
 CONFIG_BLK_DEV_RSXX=m
 CONFIG_NVME_CORE=m
 CONFIG_BLK_DEV_NVME=m
-# CONFIG_BLK_DEV_NVME_SCSI is not set
 CONFIG_NVME_FABRICS=m
 CONFIG_NVME_RDMA=m
 CONFIG_NVME_FC=m
@@ -2299,6 +2316,7 @@ CONFIG_VHOST_RING=m
 CONFIG_ECHO=m
 # CONFIG_CXL_BASE is not set
 # CONFIG_CXL_AFU_DRIVER_OPS is not set
+# CONFIG_CXL_LIB is not set
 CONFIG_HAVE_IDE=y
 # CONFIG_IDE is not set
 
@@ -2616,6 +2634,7 @@ CONFIG_DM_VERITY=m
 CONFIG_DM_SWITCH=m
 CONFIG_DM_LOG_WRITES=m
 CONFIG_DM_INTEGRITY=m
+CONFIG_DM_ZONED=m
 CONFIG_TARGET_CORE=m
 CONFIG_TCM_IBLOCK=m
 CONFIG_TCM_FILEIO=m
@@ -2739,17 +2758,19 @@ CONFIG_CAIF_VIRTIO=m
 #
 # Distributed Switch Architecture drivers
 #
-CONFIG_NET_DSA_MV88E6060=m
 CONFIG_B53=m
 CONFIG_B53_SPI_DRIVER=m
 CONFIG_B53_MDIO_DRIVER=m
 CONFIG_B53_MMAP_DRIVER=m
 CONFIG_B53_SRAB_DRIVER=m
+# CONFIG_NET_DSA_LOOP is not set
+CONFIG_NET_DSA_MT7530=m
+CONFIG_NET_DSA_MV88E6060=m
+CONFIG_MICROCHIP_KSZ=m
+CONFIG_MICROCHIP_KSZ_SPI_DRIVER=m
 CONFIG_NET_DSA_MV88E6XXX=m
 CONFIG_NET_DSA_MV88E6XXX_GLOBAL2=y
 CONFIG_NET_DSA_QCA8K=m
-# CONFIG_NET_DSA_LOOP is not set
-CONFIG_NET_DSA_MT7530=m
 CONFIG_NET_DSA_SMSC_LAN9303=m
 CONFIG_NET_DSA_SMSC_LAN9303_I2C=m
 CONFIG_NET_DSA_SMSC_LAN9303_MDIO=m
@@ -2795,6 +2816,7 @@ CONFIG_NET_VENDOR_AURORA=y
 CONFIG_AURORA_NB8800=m
 CONFIG_NET_CADENCE=y
 CONFIG_MACB=m
+CONFIG_MACB_USE_HWSTAMP=y
 CONFIG_MACB_PCI=m
 CONFIG_NET_VENDOR_BROADCOM=y
 CONFIG_B44=m
@@ -2892,6 +2914,7 @@ CONFIG_MLX4_EN_DCB=y
 CONFIG_MLX4_CORE=m
 CONFIG_MLX4_DEBUG=y
 CONFIG_MLX5_CORE=m
+# CONFIG_MLX5_FPGA is not set
 CONFIG_MLX5_CORE_EN=y
 CONFIG_MLX5_CORE_EN_DCB=y
 # CONFIG_MLX5_CORE_IPOIB is not set
@@ -2905,6 +2928,7 @@ CONFIG_MLXSW_SWITCHX2=m
 CONFIG_MLXSW_SPECTRUM=m
 CONFIG_MLXSW_SPECTRUM_DCB=y
 CONFIG_MLXSW_MINIMAL=m
+CONFIG_MLXFW=m
 CONFIG_NET_VENDOR_MICREL=y
 CONFIG_KS8842=m
 CONFIG_KS8851=m
@@ -2922,6 +2946,7 @@ CONFIG_NATSEMI=m
 CONFIG_NS83820=m
 CONFIG_NET_VENDOR_NETRONOME=y
 CONFIG_NFP=m
+# CONFIG_NFP_APP_FLOWER is not set
 # CONFIG_NFP_DEBUG is not set
 CONFIG_NET_VENDOR_8390=y
 CONFIG_PCMCIA_AXNET=m
@@ -3029,6 +3054,7 @@ CONFIG_SKFP=m
 # CONFIG_HIPPI is not set
 CONFIG_NET_SB1000=m
 CONFIG_MDIO_DEVICE=y
+CONFIG_MDIO_BUS=y
 CONFIG_MDIO_BITBANG=m
 CONFIG_MDIO_GPIO=m
 CONFIG_PHYLIB=y
@@ -3046,6 +3072,7 @@ CONFIG_BCM87XX_PHY=m
 CONFIG_BCM_NET_PHYLIB=m
 CONFIG_BROADCOM_PHY=m
 CONFIG_CICADA_PHY=m
+CONFIG_CORTINA_PHY=m
 CONFIG_DAVICOM_PHY=m
 CONFIG_DP83848_PHY=m
 CONFIG_DP83867_PHY=m
@@ -3055,6 +3082,7 @@ CONFIG_INTEL_XWAY_PHY=m
 CONFIG_LSI_ET1011C_PHY=m
 CONFIG_LXT_PHY=m
 CONFIG_MARVELL_PHY=m
+CONFIG_MARVELL_10G_PHY=m
 CONFIG_MICREL_PHY=m
 CONFIG_MICROCHIP_PHY=m
 CONFIG_MICROSEMI_PHY=m
@@ -3173,6 +3201,7 @@ CONFIG_WIL6210_ISR_COR=y
 CONFIG_WIL6210_TRACING=y
 CONFIG_ATH10K=m
 CONFIG_ATH10K_PCI=m
+CONFIG_ATH10K_SDIO=m
 # CONFIG_ATH10K_DEBUG is not set
 CONFIG_ATH10K_DEBUGFS=y
 CONFIG_ATH10K_TRACING=y
@@ -3377,6 +3406,9 @@ CONFIG_WLAN_VENDOR_ZYDAS=y
 CONFIG_USB_ZD1201=m
 CONFIG_ZD1211RW=m
 # CONFIG_ZD1211RW_DEBUG is not set
+CONFIG_WLAN_VENDOR_QUANTENNA=y
+CONFIG_QTNFMAC=m
+CONFIG_QTNFMAC_PEARL_PCIE=m
 CONFIG_PCMCIA_RAYCS=m
 CONFIG_PCMCIA_WL3501=m
 CONFIG_MAC80211_HWSIM=m
@@ -3607,6 +3639,7 @@ CONFIG_KEYBOARD_ADP5589=m
 CONFIG_KEYBOARD_ATKBD=y
 CONFIG_KEYBOARD_QT1070=m
 CONFIG_KEYBOARD_QT2160=m
+CONFIG_KEYBOARD_DLINK_DIR685=m
 CONFIG_KEYBOARD_LKKBD=m
 CONFIG_KEYBOARD_GPIO=m
 CONFIG_KEYBOARD_GPIO_POLLED=m
@@ -3785,6 +3818,7 @@ CONFIG_TOUCHSCREEN_RM_TS=m
 CONFIG_TOUCHSCREEN_SILEAD=m
 CONFIG_TOUCHSCREEN_SIS_I2C=m
 CONFIG_TOUCHSCREEN_ST1232=m
+CONFIG_TOUCHSCREEN_STMFTS=m
 CONFIG_TOUCHSCREEN_SUR40=m
 CONFIG_TOUCHSCREEN_SURFACE3_SPI=m
 CONFIG_TOUCHSCREEN_SX8654=m
@@ -3994,6 +4028,7 @@ CONFIG_HVC_XEN=y
 CONFIG_HVC_XEN_FRONTEND=y
 CONFIG_VIRTIO_CONSOLE=y
 CONFIG_IPMI_HANDLER=m
+CONFIG_IPMI_DMI_DECODE=y
 # CONFIG_IPMI_PANIC_EVENT is not set
 CONFIG_IPMI_DEVICE_INTERFACE=m
 CONFIG_IPMI_SI=m
@@ -4112,8 +4147,9 @@ CONFIG_I2C_SCMI=m
 # I2C system bus drivers (mostly embedded / system-on-chip)
 #
 CONFIG_I2C_CBUS_GPIO=m
-CONFIG_I2C_DESIGNWARE_CORE=m
-CONFIG_I2C_DESIGNWARE_PLATFORM=m
+CONFIG_I2C_DESIGNWARE_CORE=y
+CONFIG_I2C_DESIGNWARE_PLATFORM=y
+# CONFIG_I2C_DESIGNWARE_SLAVE is not set
 CONFIG_I2C_DESIGNWARE_PCI=m
 CONFIG_I2C_DESIGNWARE_BAYTRAIL=y
 CONFIG_I2C_EG20T=m
@@ -4185,6 +4221,7 @@ CONFIG_SPI_ZYNQMP_GQSPI=m
 CONFIG_SPI_SPIDEV=m
 # CONFIG_SPI_LOOPBACK_TEST is not set
 CONFIG_SPI_TLE62X0=m
+# CONFIG_SPI_SLAVE is not set
 CONFIG_SPMI=m
 CONFIG_HSI=m
 CONFIG_HSI_BOARDINFO=y
@@ -4197,10 +4234,6 @@ CONFIG_HSI_BOARDINFO=y
 # HSI clients
 #
 CONFIG_HSI_CHAR=m
-
-#
-# PPS support
-#
 CONFIG_PPS=m
 # CONFIG_PPS_DEBUG is not set
 
@@ -4236,12 +4269,14 @@ CONFIG_PINCONF=y
 CONFIG_GENERIC_PINCONF=y
 # CONFIG_DEBUG_PINCTRL is not set
 CONFIG_PINCTRL_AMD=y
+CONFIG_PINCTRL_MCP23S08=m
 CONFIG_PINCTRL_SX150X=y
 CONFIG_PINCTRL_BAYTRAIL=y
 CONFIG_PINCTRL_CHERRYVIEW=m
 CONFIG_PINCTRL_MERRIFIELD=m
 CONFIG_PINCTRL_INTEL=m
 CONFIG_PINCTRL_BROXTON=m
+CONFIG_PINCTRL_CANNONLAKE=m
 CONFIG_PINCTRL_GEMINILAKE=m
 CONFIG_PINCTRL_SUNRISEPOINT=m
 CONFIG_GPIOLIB=y
@@ -4334,10 +4369,7 @@ CONFIG_GPIO_RDC321X=m
 CONFIG_GPIO_MAX7301=m
 CONFIG_GPIO_MC33880=m
 CONFIG_GPIO_PISOSR=m
-
-#
-# SPI or I2C GPIO expanders
-#
+CONFIG_GPIO_XRA1403=m
 
 #
 # USB GPIO expanders
@@ -4396,6 +4428,7 @@ CONFIG_BATTERY_SBS=m
 CONFIG_CHARGER_SBS=m
 CONFIG_BATTERY_BQ27XXX=m
 CONFIG_BATTERY_BQ27XXX_I2C=m
+# CONFIG_BATTERY_BQ27XXX_DT_UPDATES_NVM is not set
 CONFIG_BATTERY_DA9030=m
 CONFIG_BATTERY_DA9052=m
 CONFIG_CHARGER_DA9150=m
@@ -4418,6 +4451,7 @@ CONFIG_CHARGER_LP8727=m
 CONFIG_CHARGER_LP8788=m
 CONFIG_CHARGER_GPIO=m
 CONFIG_CHARGER_MANAGER=y
+CONFIG_CHARGER_LTC3651=m
 CONFIG_CHARGER_MAX14577=m
 CONFIG_CHARGER_MAX77693=m
 CONFIG_CHARGER_MAX8997=m
@@ -4543,6 +4577,7 @@ CONFIG_SENSORS_PCF8591=m
 CONFIG_PMBUS=m
 CONFIG_SENSORS_PMBUS=m
 CONFIG_SENSORS_ADM1275=m
+CONFIG_SENSORS_IR35221=m
 CONFIG_SENSORS_LM25066=m
 CONFIG_SENSORS_LTC2978=m
 CONFIG_SENSORS_LTC2978_REGULATOR=y
@@ -4641,6 +4676,7 @@ CONFIG_GENERIC_ADC_THERMAL=m
 CONFIG_WATCHDOG=y
 CONFIG_WATCHDOG_CORE=y
 # CONFIG_WATCHDOG_NOWAYOUT is not set
+CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED=y
 CONFIG_WATCHDOG_SYSFS=y
 
 #
@@ -4798,6 +4834,7 @@ CONFIG_LPC_ICH=m
 CONFIG_LPC_SCH=m
 CONFIG_INTEL_SOC_PMIC=y
 CONFIG_INTEL_SOC_PMIC_BXTWC=m
+CONFIG_INTEL_SOC_PMIC_CHTWC=m
 CONFIG_MFD_INTEL_LPSS=m
 CONFIG_MFD_INTEL_LPSS_ACPI=m
 CONFIG_MFD_INTEL_LPSS_PCI=m
@@ -4991,6 +5028,7 @@ CONFIG_VIDEO_V4L2=m
 CONFIG_VIDEO_TUNER=m
 CONFIG_V4L2_MEM2MEM_DEV=m
 CONFIG_V4L2_FLASH_LED_CLASS=m
+CONFIG_V4L2_FWNODE=m
 CONFIG_VIDEOBUF_GEN=m
 CONFIG_VIDEOBUF_DMA_SG=m
 CONFIG_VIDEOBUF_VMALLOC=m
@@ -5312,6 +5350,7 @@ CONFIG_VIDEO_VIVID_MAX_DEVS=64
 CONFIG_VIDEO_VIM2M=m
 CONFIG_DVB_PLATFORM_DRIVERS=y
 CONFIG_CEC_PLATFORM_DRIVERS=y
+CONFIG_SDR_PLATFORM_DRIVERS=y
 
 #
 # Supported MMC/SDIO adapters
@@ -5468,6 +5507,10 @@ CONFIG_VIDEO_UPD64083=m
 CONFIG_VIDEO_SAA6752HS=m
 
 #
+# SDR tuner chips
+#
+
+#
 # Miscellaneous helper chips
 #
 CONFIG_VIDEO_M52790=m
@@ -5744,6 +5787,7 @@ CONFIG_DRM_I915_USERPTR=y
 # CONFIG_DRM_I915_WERROR is not set
 # CONFIG_DRM_I915_DEBUG is not set
 # CONFIG_DRM_I915_SW_FENCE_DEBUG_OBJECTS is not set
+# CONFIG_DRM_I915_SW_FENCE_CHECK_DAG is not set
 # CONFIG_DRM_I915_SELFTEST is not set
 # CONFIG_DRM_I915_LOW_LEVEL_TRACEPOINTS is not set
 # CONFIG_DRM_I915_DEBUG_VBLANK_EVADE is not set
@@ -5767,6 +5811,7 @@ CONFIG_DRM_PANEL=y
 # Display Panels
 #
 CONFIG_DRM_BRIDGE=y
+CONFIG_DRM_PANEL_BRIDGE=y
 
 #
 # Display Interface Bridges
@@ -5972,20 +6017,17 @@ CONFIG_SND_PCM_ELD=y
 CONFIG_SND_PCM_IEC958=y
 CONFIG_SND_DMAENGINE_PCM=m
 CONFIG_SND_HWDEP=m
+CONFIG_SND_SEQ_DEVICE=m
 CONFIG_SND_RAWMIDI=m
 CONFIG_SND_COMPRESS_OFFLOAD=m
 CONFIG_SND_JACK=y
 CONFIG_SND_JACK_INPUT_DEV=y
-CONFIG_SND_SEQUENCER=m
-CONFIG_SND_SEQ_DUMMY=m
 CONFIG_SND_OSSEMUL=y
 CONFIG_SND_MIXER_OSS=m
 CONFIG_SND_PCM_OSS=m
 CONFIG_SND_PCM_OSS_PLUGINS=y
 CONFIG_SND_PCM_TIMER=y
-# CONFIG_SND_SEQUENCER_OSS is not set
 CONFIG_SND_HRTIMER=m
-CONFIG_SND_SEQ_HRTIMER_DEFAULT=y
 CONFIG_SND_DYNAMIC_MINORS=y
 CONFIG_SND_MAX_CARDS=32
 CONFIG_SND_SUPPORT_OLD_API=y
@@ -5995,14 +6037,19 @@ CONFIG_SND_VERBOSE_PROCFS=y
 # CONFIG_SND_DEBUG is not set
 CONFIG_SND_VMASTER=y
 CONFIG_SND_DMA_SGBUF=y
-CONFIG_SND_RAWMIDI_SEQ=m
-CONFIG_SND_OPL3_LIB_SEQ=m
-CONFIG_SND_OPL4_LIB_SEQ=m
-CONFIG_SND_SBAWE_SEQ=m
-CONFIG_SND_EMU10K1_SEQ=m
+CONFIG_SND_SEQUENCER=m
+CONFIG_SND_SEQ_DUMMY=m
+# CONFIG_SND_SEQUENCER_OSS is not set
+CONFIG_SND_SEQ_HRTIMER_DEFAULT=y
+CONFIG_SND_SEQ_MIDI_EVENT=m
+CONFIG_SND_SEQ_MIDI=m
+CONFIG_SND_SEQ_MIDI_EMUL=m
+CONFIG_SND_SEQ_VIRMIDI=m
 CONFIG_SND_MPU401_UART=m
 CONFIG_SND_OPL3_LIB=m
 CONFIG_SND_OPL4_LIB=m
+CONFIG_SND_OPL3_LIB_SEQ=m
+CONFIG_SND_OPL4_LIB_SEQ=m
 CONFIG_SND_VX_LIB=m
 CONFIG_SND_AC97_CODEC=m
 CONFIG_SND_DRIVERS=y
@@ -6050,6 +6097,7 @@ CONFIG_SND_MIRO=m
 CONFIG_SND_SB8=m
 CONFIG_SND_SB16=m
 CONFIG_SND_SBAWE=m
+CONFIG_SND_SBAWE_SEQ=m
 CONFIG_SND_SB16_CSP=y
 CONFIG_SND_SSCAPE=m
 CONFIG_SND_WAVEFRONT=m
@@ -6095,6 +6143,7 @@ CONFIG_SND_INDIGODJ=m
 CONFIG_SND_INDIGOIOX=m
 CONFIG_SND_INDIGODJX=m
 CONFIG_SND_EMU10K1=m
+CONFIG_SND_EMU10K1_SEQ=m
 CONFIG_SND_EMU10K1X=m
 CONFIG_SND_ENS1370=m
 CONFIG_SND_ENS1371=m
@@ -6236,11 +6285,18 @@ CONFIG_SND_SOC_INTEL_CHT_BSW_RT5672_MACH=m
 CONFIG_SND_SOC_INTEL_CHT_BSW_RT5645_MACH=m
 CONFIG_SND_SOC_INTEL_CHT_BSW_MAX98090_TI_MACH=m
 CONFIG_SND_SOC_INTEL_BYT_CHT_DA7213_MACH=m
+CONFIG_SND_SOC_INTEL_BYT_CHT_ES8316_MACH=m
 CONFIG_SND_SOC_INTEL_BYT_CHT_NOCODEC_MACH=m
+CONFIG_SND_SOC_INTEL_KBL_RT5663_MAX98927_MACH=m
+CONFIG_SND_SOC_INTEL_KBL_RT5663_RT5514_MAX98927_MACH=m
 CONFIG_SND_SOC_INTEL_SKYLAKE=m
 CONFIG_SND_SOC_INTEL_SKL_RT286_MACH=m
 CONFIG_SND_SOC_INTEL_SKL_NAU88L25_SSM4567_MACH=m
 CONFIG_SND_SOC_INTEL_SKL_NAU88L25_MAX98357A_MACH=m
+
+#
+# STMicroelectronics STM32 SOC audio support
+#
 CONFIG_SND_SOC_XTFPGA_I2S=m
 CONFIG_ZX_TDM=m
 CONFIG_SND_SOC_I2C_AND_SPI=m
@@ -6288,6 +6344,7 @@ CONFIG_SND_SOC_DIO2125=m
 CONFIG_SND_SOC_DMIC=m
 CONFIG_SND_SOC_HDMI_CODEC=m
 CONFIG_SND_SOC_ES7134=m
+CONFIG_SND_SOC_ES8316=m
 CONFIG_SND_SOC_ES8328=m
 CONFIG_SND_SOC_ES8328_I2C=m
 CONFIG_SND_SOC_ES8328_SPI=m
@@ -6315,11 +6372,13 @@ CONFIG_SND_SOC_RL6231=m
 CONFIG_SND_SOC_RL6347A=m
 CONFIG_SND_SOC_RT286=m
 CONFIG_SND_SOC_RT298=m
+CONFIG_SND_SOC_RT5514=m
 CONFIG_SND_SOC_RT5616=m
 CONFIG_SND_SOC_RT5631=m
 CONFIG_SND_SOC_RT5640=m
 CONFIG_SND_SOC_RT5645=m
 CONFIG_SND_SOC_RT5651=m
+CONFIG_SND_SOC_RT5663=m
 CONFIG_SND_SOC_RT5670=m
 CONFIG_SND_SOC_RT5677=m
 CONFIG_SND_SOC_RT5677_SPI=m
@@ -6370,6 +6429,7 @@ CONFIG_SND_SOC_WM8962=m
 CONFIG_SND_SOC_WM8974=m
 CONFIG_SND_SOC_WM8978=m
 CONFIG_SND_SOC_WM8985=m
+CONFIG_SND_SOC_ZX_AUD96P22=m
 CONFIG_SND_SOC_NAU8540=m
 CONFIG_SND_SOC_NAU8810=m
 CONFIG_SND_SOC_NAU8824=m
@@ -6379,6 +6439,7 @@ CONFIG_SND_SIMPLE_CARD_UTILS=m
 CONFIG_SND_SIMPLE_CARD=m
 CONFIG_SND_X86=y
 CONFIG_HDMI_LPE_AUDIO=m
+CONFIG_SND_SYNTH_EMUX=m
 CONFIG_AC97_BUS=m
 
 #
@@ -6427,6 +6488,7 @@ CONFIG_HID_UCLOGIC=m
 CONFIG_HID_WALTOP=m
 CONFIG_HID_GYRATION=m
 CONFIG_HID_ICADE=m
+CONFIG_HID_ITE=m
 CONFIG_HID_TWINHAN=m
 CONFIG_HID_KENSINGTON=m
 CONFIG_HID_LCPOWER=m
@@ -6459,6 +6521,7 @@ CONFIG_HID_PICOLCD_LEDS=y
 CONFIG_HID_PICOLCD_CIR=y
 CONFIG_HID_PLANTRONICS=m
 CONFIG_HID_PRIMAX=m
+CONFIG_HID_RETRODE=m
 CONFIG_HID_ROCCAT=m
 CONFIG_HID_SAITEK=m
 CONFIG_HID_SAMSUNG=m
@@ -6752,7 +6815,6 @@ CONFIG_USB_HSIC_USB3503=m
 CONFIG_USB_HSIC_USB4604=m
 CONFIG_USB_LINK_LAYER_TEST=m
 CONFIG_USB_CHAOSKEY=m
-CONFIG_UCSI=m
 CONFIG_USB_ATM=m
 CONFIG_USB_SPEEDTOUCH=m
 CONFIG_USB_CXACRU=m
@@ -6805,6 +6867,7 @@ CONFIG_USB_F_ACM=m
 CONFIG_USB_F_SS_LB=m
 CONFIG_USB_U_SERIAL=m
 CONFIG_USB_U_ETHER=m
+CONFIG_USB_U_AUDIO=m
 CONFIG_USB_F_SERIAL=m
 CONFIG_USB_F_OBEX=m
 CONFIG_USB_F_NCM=m
@@ -6836,6 +6899,7 @@ CONFIG_USB_CONFIGFS_MASS_STORAGE=y
 CONFIG_USB_CONFIGFS_F_LB_SS=y
 CONFIG_USB_CONFIGFS_F_FS=y
 CONFIG_USB_CONFIGFS_F_UAC1=y
+# CONFIG_USB_CONFIGFS_F_UAC1_LEGACY is not set
 CONFIG_USB_CONFIGFS_F_UAC2=y
 CONFIG_USB_CONFIGFS_F_MIDI=y
 CONFIG_USB_CONFIGFS_F_HID=y
@@ -6845,6 +6909,7 @@ CONFIG_USB_CONFIGFS_F_PRINTER=y
 CONFIG_USB_ZERO=m
 CONFIG_USB_AUDIO=m
 CONFIG_GADGET_UAC1=y
+# CONFIG_GADGET_UAC1_LEGACY is not set
 CONFIG_USB_ETH=m
 CONFIG_USB_ETH_RNDIS=y
 CONFIG_USB_ETH_EEM=y
@@ -6873,6 +6938,8 @@ CONFIG_USB_G_WEBCAM=m
 # USB Power Delivery and Type-C drivers
 #
 CONFIG_TYPEC=m
+CONFIG_TYPEC_UCSI=m
+CONFIG_UCSI_ACPI=m
 CONFIG_USB_LED_TRIG=y
 CONFIG_USB_ULPI_BUS=m
 CONFIG_UWB=m
@@ -6883,7 +6950,6 @@ CONFIG_MMC=y
 # CONFIG_MMC_DEBUG is not set
 CONFIG_MMC_BLOCK=m
 CONFIG_MMC_BLOCK_MINORS=8
-CONFIG_MMC_BLOCK_BOUNCE=y
 CONFIG_SDIO_UART=m
 # CONFIG_MMC_TEST is not set
 
@@ -7065,6 +7131,7 @@ CONFIG_RTC_HCTOSYS_DEVICE="rtc0"
 CONFIG_RTC_SYSTOHC=y
 CONFIG_RTC_SYSTOHC_DEVICE="rtc0"
 # CONFIG_RTC_DEBUG is not set
+CONFIG_RTC_NVMEM=y
 
 #
 # RTC interfaces
@@ -7143,6 +7210,7 @@ CONFIG_RTC_I2C_AND_SPI=y
 # SPI and I2C RTC drivers
 #
 CONFIG_RTC_DRV_DS3232=m
+CONFIG_RTC_DRV_DS3232_HWMON=y
 CONFIG_RTC_DRV_PCF2127=m
 CONFIG_RTC_DRV_RV3029C2=m
 CONFIG_RTC_DRV_RV3029_HWMON=y
@@ -7184,6 +7252,7 @@ CONFIG_RTC_DRV_AB3100=m
 #
 # on-CPU RTC drivers
 #
+CONFIG_RTC_DRV_FTRTC010=m
 CONFIG_RTC_DRV_PCAP=m
 CONFIG_RTC_DRV_MC13XXX=m
 CONFIG_RTC_DRV_MT6397=m
@@ -7518,7 +7587,6 @@ CONFIG_AD5933=m
 #
 # Light sensors
 #
-CONFIG_SENSORS_ISL29028=m
 CONFIG_TSL2x7x=m
 
 #
@@ -7644,6 +7712,7 @@ CONFIG_KS7010=m
 CONFIG_TYPEC_TCPM=m
 CONFIG_TYPEC_TCPCI=m
 CONFIG_TYPEC_FUSB302=m
+CONFIG_DRM_VBOXVIDEO=m
 CONFIG_X86_PLATFORM_DEVICES=y
 CONFIG_ACER_WMI=m
 CONFIG_ACERHDF=m
@@ -7657,7 +7726,6 @@ CONFIG_DELL_WMI_LED=m
 CONFIG_DELL_SMO8800=m
 CONFIG_DELL_RBTN=m
 CONFIG_FUJITSU_LAPTOP=m
-# CONFIG_FUJITSU_LAPTOP_DEBUG is not set
 CONFIG_FUJITSU_TABLET=m
 CONFIG_AMILO_RFKILL=m
 CONFIG_TC1100_WMI=m
@@ -7686,7 +7754,9 @@ CONFIG_ASUS_NB_WMI=m
 CONFIG_EEEPC_WMI=m
 CONFIG_ASUS_WIRELESS=m
 CONFIG_ACPI_WMI=m
+CONFIG_WMI_BMOF=m
 CONFIG_MSI_WMI=m
+CONFIG_PEAQ_WMI=m
 CONFIG_TOPSTAR_LAPTOP=m
 CONFIG_ACPI_TOSHIBA=m
 CONFIG_TOSHIBA_BT_RFKILL=m
@@ -7694,6 +7764,7 @@ CONFIG_TOSHIBA_HAPS=m
 CONFIG_TOSHIBA_WMI=m
 CONFIG_ACPI_CMPC=m
 CONFIG_INTEL_CHT_INT33FE=m
+CONFIG_INTEL_INT0002_VGPIO=m
 CONFIG_INTEL_HID_EVENT=m
 CONFIG_INTEL_VBTN=m
 CONFIG_INTEL_SCU_IPC=y
@@ -7724,6 +7795,7 @@ CONFIG_CHROMEOS_LAPTOP=m
 CONFIG_CHROMEOS_PSTORE=m
 CONFIG_CROS_EC_CHARDEV=m
 CONFIG_CROS_EC_LPC=m
+# CONFIG_CROS_EC_LPC_MEC is not set
 CONFIG_CROS_EC_PROTO=y
 CONFIG_CROS_KBD_LED_BACKLIGHT=m
 CONFIG_CLKDEV_LOOKUP=y
@@ -7744,10 +7816,7 @@ CONFIG_COMMON_CLK_PALMAS=m
 CONFIG_COMMON_CLK_PWM=m
 # CONFIG_COMMON_CLK_PXA is not set
 # CONFIG_COMMON_CLK_PIC32 is not set
-
-#
-# Hardware Spinlock drivers
-#
+CONFIG_HWSPINLOCK=m
 
 #
 # Clock Source drivers
@@ -7786,6 +7855,9 @@ CONFIG_REMOTEPROC=m
 #
 # Rpmsg drivers
 #
+CONFIG_RPMSG=m
+# CONFIG_RPMSG_CHAR is not set
+CONFIG_RPMSG_QCOM_GLINK_RPM=m
 
 #
 # SOC (System On Chip) specific Drivers
@@ -7800,7 +7872,6 @@ CONFIG_REMOTEPROC=m
 #
 # CONFIG_SUNXI_SRAM is not set
 CONFIG_SOC_TI=y
-# CONFIG_SOC_ZTE is not set
 CONFIG_PM_DEVFREQ=y
 
 #
@@ -7826,13 +7897,13 @@ CONFIG_EXTCON_ARIZONA=m
 CONFIG_EXTCON_AXP288=m
 CONFIG_EXTCON_GPIO=m
 CONFIG_EXTCON_INTEL_INT3496=m
+CONFIG_EXTCON_INTEL_CHT_WC=m
 CONFIG_EXTCON_MAX14577=m
 CONFIG_EXTCON_MAX3355=m
 CONFIG_EXTCON_MAX77693=m
 CONFIG_EXTCON_MAX77843=m
 CONFIG_EXTCON_MAX8997=m
 CONFIG_EXTCON_PALMAS=m
-CONFIG_EXTCON_QCOM_SPMI_MISC=m
 CONFIG_EXTCON_RT8973A=m
 CONFIG_EXTCON_SM5502=m
 CONFIG_EXTCON_USB_GPIO=m
@@ -7923,7 +7994,9 @@ CONFIG_QCOM_SPMI_IADC=m
 CONFIG_QCOM_SPMI_VADC=m
 CONFIG_TI_ADC081C=m
 CONFIG_TI_ADC0832=m
+CONFIG_TI_ADC084S021=m
 CONFIG_TI_ADC12138=m
+CONFIG_TI_ADC108S102=m
 CONFIG_TI_ADC128S052=m
 CONFIG_TI_ADC161S626=m
 CONFIG_TI_ADS1015=m
@@ -8097,6 +8170,7 @@ CONFIG_CM36651=m
 CONFIG_IIO_CROS_EC_LIGHT_PROX=m
 CONFIG_GP2AP020A00F=m
 CONFIG_SENSORS_ISL29018=m
+CONFIG_SENSORS_ISL29028=m
 CONFIG_ISL29125=m
 CONFIG_HID_SENSOR_ALS=m
 CONFIG_HID_SENSOR_PROX=m
@@ -8138,6 +8212,10 @@ CONFIG_SENSORS_HMC5843_I2C=m
 CONFIG_SENSORS_HMC5843_SPI=m
 
 #
+# Multiplexers
+#
+
+#
 # Inclinometer sensors
 #
 CONFIG_HID_SENSOR_INCLINOMETER_3D=m
@@ -8217,6 +8295,7 @@ CONFIG_TMP007=m
 CONFIG_TSYS01=m
 CONFIG_TSYS02D=m
 CONFIG_NTB=m
+CONFIG_NTB_IDT=m
 CONFIG_NTB_PINGPONG=m
 CONFIG_NTB_TOOL=m
 CONFIG_NTB_PERF=m
@@ -8258,6 +8337,7 @@ CONFIG_SERIAL_IPOCTAL=m
 CONFIG_RESET_CONTROLLER=y
 # CONFIG_RESET_ATH79 is not set
 # CONFIG_RESET_BERLIN is not set
+# CONFIG_RESET_GEMINI is not set
 # CONFIG_RESET_IMX7 is not set
 # CONFIG_RESET_LPC18XX is not set
 # CONFIG_RESET_MESON is not set
@@ -8265,7 +8345,7 @@ CONFIG_RESET_CONTROLLER=y
 # CONFIG_RESET_SOCFPGA is not set
 # CONFIG_RESET_STM32 is not set
 # CONFIG_RESET_SUNXI is not set
-CONFIG_TI_SYSCON_RESET=m
+CONFIG_RESET_TI_SYSCON=m
 # CONFIG_RESET_ZYNQ is not set
 # CONFIG_RESET_TEGRA_BPMP is not set
 CONFIG_FMC=m
@@ -8278,15 +8358,16 @@ CONFIG_FMC_CHARDEV=m
 # PHY Subsystem
 #
 CONFIG_GENERIC_PHY=y
+CONFIG_BCM_KONA_USB2_PHY=m
 CONFIG_PHY_PXA_28NM_HSIC=m
 CONFIG_PHY_PXA_28NM_USB2=m
-CONFIG_BCM_KONA_USB2_PHY=m
+CONFIG_PHY_CPCAP_USB=m
+CONFIG_PHY_QCOM_USB_HS=m
+CONFIG_PHY_QCOM_USB_HSIC=m
 CONFIG_PHY_SAMSUNG_USB2=m
 # CONFIG_PHY_EXYNOS4210_USB2 is not set
 # CONFIG_PHY_EXYNOS4X12_USB2 is not set
 # CONFIG_PHY_EXYNOS5250_USB2 is not set
-CONFIG_PHY_QCOM_USB_HS=m
-CONFIG_PHY_QCOM_USB_HSIC=m
 CONFIG_PHY_TUSB1210=m
 CONFIG_POWERCAP=y
 CONFIG_INTEL_RAPL=m
@@ -8298,7 +8379,6 @@ CONFIG_MCB_LPC=m
 # Performance monitor support
 #
 CONFIG_RAS=y
-# CONFIG_MCE_AMD_INJ is not set
 CONFIG_THUNDERBOLT=m
 
 #
@@ -8313,7 +8393,7 @@ CONFIG_ND_BTT=m
 CONFIG_BTT=y
 CONFIG_DAX=y
 CONFIG_DEV_DAX=m
-CONFIG_NVMEM=m
+CONFIG_NVMEM=y
 CONFIG_STM=m
 CONFIG_STM_DUMMY=m
 CONFIG_STM_SOURCE_CONSOLE=m
@@ -8367,7 +8447,8 @@ CONFIG_EFI_RUNTIME_MAP=y
 # CONFIG_EFI_FAKE_MEMMAP is not set
 CONFIG_EFI_RUNTIME_WRAPPERS=y
 CONFIG_EFI_BOOTLOADER_CONTROL=m
-# CONFIG_EFI_CAPSULE_LOADER is not set
+CONFIG_EFI_CAPSULE_LOADER=y
+CONFIG_EFI_CAPSULE_QUIRK_QUARK_CSH=y
 # CONFIG_EFI_TEST is not set
 CONFIG_APPLE_PROPERTIES=y
 CONFIG_UEFI_CPER=y
@@ -8459,6 +8540,7 @@ CONFIG_FUSE_FS=y
 CONFIG_CUSE=m
 CONFIG_OVERLAY_FS=m
 # CONFIG_OVERLAY_FS_REDIRECT_DIR is not set
+# CONFIG_OVERLAY_FS_INDEX is not set
 
 #
 # Caches
@@ -8646,8 +8728,8 @@ CONFIG_CIFS_POSIX=y
 CONFIG_CIFS_ACL=y
 CONFIG_CIFS_DEBUG=y
 # CONFIG_CIFS_DEBUG2 is not set
+# CONFIG_CIFS_DEBUG_DUMP_KEYS is not set
 CONFIG_CIFS_DFS_UPCALL=y
-CONFIG_CIFS_SMB2=y
 CONFIG_CIFS_SMB311=y
 CONFIG_CIFS_FSCACHE=y
 CONFIG_NCP_FS=m
@@ -8788,6 +8870,8 @@ CONFIG_HAVE_ARCH_KMEMCHECK=y
 # Debug Lockups and Hangs
 #
 CONFIG_LOCKUP_DETECTOR=y
+CONFIG_SOFTLOCKUP_DETECTOR=y
+CONFIG_HARDLOCKUP_DETECTOR_PERF=y
 CONFIG_HARDLOCKUP_DETECTOR=y
 # CONFIG_BOOTPARAM_HARDLOCKUP_PANIC is not set
 CONFIG_BOOTPARAM_HARDLOCKUP_PANIC_VALUE=0
@@ -8822,6 +8906,7 @@ CONFIG_SCHED_STACK_END_CHECK=y
 CONFIG_LOCK_TORTURE_TEST=m
 CONFIG_WW_MUTEX_SELFTEST=m
 CONFIG_STACKTRACE=y
+# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set
 # CONFIG_DEBUG_KOBJECT is not set
 CONFIG_DEBUG_BUGVERBOSE=y
 # CONFIG_DEBUG_LIST is not set
@@ -8834,7 +8919,6 @@ CONFIG_DEBUG_BUGVERBOSE=y
 # RCU Debugging
 #
 # CONFIG_PROVE_RCU is not set
-# CONFIG_SPARSE_RCU_POINTER is not set
 CONFIG_TORTURE_TEST=m
 # CONFIG_RCU_PERF_TEST is not set
 # CONFIG_RCU_TORTURE_TEST is not set
@@ -8897,7 +8981,7 @@ CONFIG_MMIOTRACE=y
 # CONFIG_TRACEPOINT_BENCHMARK is not set
 # CONFIG_RING_BUFFER_BENCHMARK is not set
 # CONFIG_RING_BUFFER_STARTUP_TEST is not set
-# CONFIG_TRACE_ENUM_MAP_FILE is not set
+# CONFIG_TRACE_EVAL_MAP_FILE is not set
 CONFIG_TRACING_EVENTS_GPIO=y
 
 #
@@ -8928,10 +9012,12 @@ CONFIG_TEST_LKM=m
 CONFIG_TEST_USER_COPY=m
 CONFIG_TEST_BPF=m
 CONFIG_TEST_FIRMWARE=m
+# CONFIG_TEST_SYSCTL is not set
 CONFIG_TEST_UDELAY=m
 CONFIG_MEMTEST=y
 CONFIG_TEST_STATIC_KEYS=m
 # CONFIG_BUG_ON_DATA_CORRUPTION is not set
+# CONFIG_TEST_KMOD is not set
 # CONFIG_SAMPLES is not set
 CONFIG_HAVE_ARCH_KGDB=y
 CONFIG_KGDB=y
@@ -8994,6 +9080,7 @@ CONFIG_SECURITY=y
 CONFIG_SECURITY_WRITABLE_HOOKS=y
 CONFIG_SECURITYFS=y
 CONFIG_SECURITY_NETWORK=y
+# CONFIG_SECURITY_INFINIBAND is not set
 CONFIG_SECURITY_NETWORK_XFRM=y
 CONFIG_SECURITY_PATH=y
 CONFIG_INTEL_TXT=y
@@ -9001,6 +9088,7 @@ CONFIG_LSM_MMAP_MIN_ADDR=0
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 CONFIG_HARDENED_USERCOPY=y
 # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
+CONFIG_FORTIFY_SOURCE=y
 # CONFIG_STATIC_USERMODEHELPER is not set
 CONFIG_SECURITY_SELINUX=y
 CONFIG_SECURITY_SELINUX_BOOTPARAM=y
@@ -9040,12 +9128,11 @@ CONFIG_IMA_NG_TEMPLATE=y
 CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
 CONFIG_IMA_DEFAULT_HASH_SHA1=y
 # CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
-# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
-# CONFIG_IMA_DEFAULT_HASH_WP512 is not set
 CONFIG_IMA_DEFAULT_HASH="sha1"
 # CONFIG_IMA_WRITE_POLICY is not set
 # CONFIG_IMA_READ_POLICY is not set
 CONFIG_IMA_APPRAISE=y
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
 CONFIG_IMA_TRUSTED_KEYRING=y
 CONFIG_IMA_BLACKLIST_KEYRING=y
 # CONFIG_IMA_LOAD_X509 is not set
@@ -9295,6 +9382,7 @@ CONFIG_CRC32_SLICEBY8=y
 # CONFIG_CRC32_SLICEBY4 is not set
 # CONFIG_CRC32_SARWATE is not set
 # CONFIG_CRC32_BIT is not set
+# CONFIG_CRC4 is not set
 CONFIG_CRC7=m
 CONFIG_LIBCRC32C=m
 CONFIG_CRC8=m
diff --git a/gnu/packages/aux-files/linux-libre/4.12-x86_64.conf b/gnu/packages/aux-files/linux-libre/4.13-x86_64.conf
index 2613eb6222..35a6a91b4f 100644
--- a/gnu/packages/aux-files/linux-libre/4.12-x86_64.conf
+++ b/gnu/packages/aux-files/linux-libre/4.13-x86_64.conf
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.12.0-gnu Kernel Configuration
+# Linux/x86 4.13.0-gnu Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
@@ -87,7 +87,9 @@ CONFIG_AUDIT_TREE=y
 #
 CONFIG_GENERIC_IRQ_PROBE=y
 CONFIG_GENERIC_IRQ_SHOW=y
+CONFIG_GENERIC_IRQ_EFFECTIVE_AFF_MASK=y
 CONFIG_GENERIC_PENDING_IRQ=y
+CONFIG_GENERIC_IRQ_MIGRATION=y
 CONFIG_GENERIC_IRQ_CHIP=y
 CONFIG_IRQ_DOMAIN=y
 CONFIG_IRQ_DOMAIN_HIERARCHY=y
@@ -96,6 +98,7 @@ CONFIG_GENERIC_MSI_IRQ_DOMAIN=y
 # CONFIG_IRQ_DOMAIN_DEBUG is not set
 CONFIG_IRQ_FORCED_THREADING=y
 CONFIG_SPARSE_IRQ=y
+# CONFIG_GENERIC_IRQ_DEBUGFS is not set
 CONFIG_CLOCKSOURCE_WATCHDOG=y
 CONFIG_ARCH_CLOCKSOURCE_DATA=y
 CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y
@@ -139,7 +142,6 @@ CONFIG_TREE_SRCU=y
 # CONFIG_TASKS_RCU is not set
 CONFIG_RCU_STALL_COMMON=y
 CONFIG_RCU_NEED_SEGCBLIST=y
-# CONFIG_TREE_RCU_TRACE is not set
 CONFIG_BUILD_BIN2C=y
 # CONFIG_IKCONFIG is not set
 CONFIG_LOG_BUF_SHIFT=18
@@ -246,6 +248,7 @@ CONFIG_SLUB_DEBUG=y
 # CONFIG_SLAB is not set
 CONFIG_SLUB=y
 # CONFIG_SLOB is not set
+CONFIG_SLAB_MERGE_DEFAULT=y
 CONFIG_SLAB_FREELIST_RANDOM=y
 CONFIG_SLUB_CPU_PARTIAL=y
 # CONFIG_SYSTEM_DATA_VERIFICATION is not set
@@ -277,6 +280,7 @@ CONFIG_HAVE_NMI=y
 CONFIG_HAVE_ARCH_TRACEHOOK=y
 CONFIG_HAVE_DMA_CONTIGUOUS=y
 CONFIG_GENERIC_SMP_IDLE_THREAD=y
+CONFIG_ARCH_HAS_FORTIFY_SOURCE=y
 CONFIG_ARCH_HAS_SET_MEMORY=y
 CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y
 CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
@@ -286,6 +290,7 @@ CONFIG_HAVE_HW_BREAKPOINT=y
 CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y
 CONFIG_HAVE_USER_RETURN_NOTIFIER=y
 CONFIG_HAVE_PERF_EVENTS_NMI=y
+CONFIG_HAVE_HARDLOCKUP_DETECTOR_PERF=y
 CONFIG_HAVE_PERF_REGS=y
 CONFIG_HAVE_PERF_USER_STACK_DUMP=y
 CONFIG_HAVE_ARCH_JUMP_LABEL=y
@@ -302,11 +307,13 @@ CONFIG_GCC_PLUGINS=y
 # CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
 # CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
 # CONFIG_GCC_PLUGIN_STRUCTLEAK is not set
+# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set
 CONFIG_HAVE_CC_STACKPROTECTOR=y
 CONFIG_CC_STACKPROTECTOR=y
 # CONFIG_CC_STACKPROTECTOR_NONE is not set
 # CONFIG_CC_STACKPROTECTOR_REGULAR is not set
 CONFIG_CC_STACKPROTECTOR_STRONG=y
+CONFIG_THIN_ARCHIVES=y
 CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y
 CONFIG_HAVE_CONTEXT_TRACKING=y
 CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
@@ -339,6 +346,7 @@ CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y
 CONFIG_STRICT_KERNEL_RWX=y
 CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
 CONFIG_STRICT_MODULE_RWX=y
+CONFIG_REFCOUNT_FULL=y
 
 #
 # GCOV-based kernel profiling
@@ -517,6 +525,7 @@ CONFIG_X86_MCE=y
 CONFIG_X86_MCE_INTEL=y
 CONFIG_X86_MCE_AMD=y
 CONFIG_X86_MCE_THRESHOLD=y
+# CONFIG_X86_MCE_INJECT is not set
 CONFIG_X86_THERMAL_VECTOR=y
 
 #
@@ -563,9 +572,9 @@ CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y
 CONFIG_SPARSEMEM_VMEMMAP=y
 CONFIG_HAVE_MEMBLOCK=y
 CONFIG_HAVE_MEMBLOCK_NODE_MAP=y
+CONFIG_HAVE_GENERIC_GUP=y
 CONFIG_ARCH_DISCARD_MEMBLOCK=y
 CONFIG_MEMORY_ISOLATION=y
-CONFIG_MOVABLE_NODE=y
 CONFIG_HAVE_BOOTMEM_INFO_NODE=y
 CONFIG_MEMORY_HOTPLUG=y
 CONFIG_MEMORY_HOTPLUG_SPARSE=y
@@ -589,6 +598,8 @@ CONFIG_HWPOISON_INJECT=m
 CONFIG_TRANSPARENT_HUGEPAGE=y
 CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS=y
 # CONFIG_TRANSPARENT_HUGEPAGE_MADVISE is not set
+CONFIG_ARCH_WANTS_THP_SWAP=y
+CONFIG_THP_SWAP=y
 CONFIG_TRANSPARENT_HUGE_PAGECACHE=y
 CONFIG_CLEANCACHE=y
 CONFIG_FRONTSWAP=y
@@ -608,10 +619,12 @@ CONFIG_GENERIC_EARLY_IOREMAP=y
 CONFIG_ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT=y
 # CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
 CONFIG_IDLE_PAGE_TRACKING=y
+CONFIG_ARCH_HAS_ZONE_DEVICE=y
 CONFIG_ZONE_DEVICE=y
 CONFIG_FRAME_VECTOR=y
 CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y
 CONFIG_ARCH_HAS_PKEYS=y
+# CONFIG_PERCPU_STATS is not set
 CONFIG_X86_PMEM_LEGACY_DEVICE=y
 CONFIG_X86_PMEM_LEGACY=y
 CONFIG_X86_CHECK_BIOS_CORRUPTION=y
@@ -824,6 +837,7 @@ CONFIG_PCI_STUB=m
 CONFIG_XEN_PCIDEV_FRONTEND=m
 CONFIG_HT_IRQ=y
 CONFIG_PCI_ATS=y
+CONFIG_PCI_LOCKLESS_CONFIG=y
 CONFIG_PCI_IOV=y
 CONFIG_PCI_PRI=y
 CONFIG_PCI_PASID=y
@@ -927,6 +941,7 @@ CONFIG_PACKET=y
 CONFIG_PACKET_DIAG=m
 CONFIG_UNIX=y
 CONFIG_UNIX_DIAG=m
+CONFIG_TLS=m
 CONFIG_XFRM=y
 CONFIG_XFRM_OFFLOAD=y
 CONFIG_XFRM_ALGO=m
@@ -1435,10 +1450,11 @@ CONFIG_HAVE_NET_DSA=y
 CONFIG_NET_DSA=m
 CONFIG_NET_DSA_TAG_DSA=y
 CONFIG_NET_DSA_TAG_EDSA=y
+CONFIG_NET_DSA_TAG_KSZ=y
+CONFIG_NET_DSA_TAG_LAN9303=y
+CONFIG_NET_DSA_TAG_MTK=y
 CONFIG_NET_DSA_TAG_TRAILER=y
 CONFIG_NET_DSA_TAG_QCA=y
-CONFIG_NET_DSA_TAG_MTK=y
-CONFIG_NET_DSA_TAG_LAN9303=y
 CONFIG_VLAN_8021Q=m
 CONFIG_VLAN_8021Q_GVRP=y
 CONFIG_VLAN_8021Q_MVRP=y
@@ -1947,6 +1963,10 @@ CONFIG_MTD_CMDLINE_PARTS=m
 CONFIG_MTD_AR7_PARTS=m
 
 #
+# Partition parsers
+#
+
+#
 # User Modules And Translation Layers
 #
 CONFIG_MTD_BLKDEVS=m
@@ -2020,6 +2040,7 @@ CONFIG_MTD_DATAFLASH=m
 # CONFIG_MTD_DATAFLASH_WRITE_VERIFY is not set
 CONFIG_MTD_DATAFLASH_OTP=y
 CONFIG_MTD_M25P80=m
+CONFIG_MTD_MCHP23K256=m
 CONFIG_MTD_SST25L=m
 CONFIG_MTD_SLRAM=m
 CONFIG_MTD_PHRAM=m
@@ -2053,8 +2074,6 @@ CONFIG_MTD_NAND_DOCG4=m
 CONFIG_MTD_NAND_CAFE=m
 CONFIG_MTD_NAND_NANDSIM=m
 CONFIG_MTD_NAND_PLATFORM=m
-CONFIG_MTD_NAND_HISI504=m
-CONFIG_MTD_NAND_MTK=m
 CONFIG_MTD_ONENAND=m
 CONFIG_MTD_ONENAND_VERIFY_WRITE=y
 CONFIG_MTD_ONENAND_GENERIC=m
@@ -2159,7 +2178,6 @@ CONFIG_BLK_DEV_RBD=m
 CONFIG_BLK_DEV_RSXX=m
 CONFIG_NVME_CORE=m
 CONFIG_BLK_DEV_NVME=m
-# CONFIG_BLK_DEV_NVME_SCSI is not set
 CONFIG_NVME_FABRICS=m
 CONFIG_NVME_RDMA=m
 CONFIG_NVME_FC=m
@@ -2276,6 +2294,7 @@ CONFIG_GENWQE_PLATFORM_ERROR_RECOVERY=0
 CONFIG_ECHO=m
 # CONFIG_CXL_BASE is not set
 # CONFIG_CXL_AFU_DRIVER_OPS is not set
+# CONFIG_CXL_LIB is not set
 CONFIG_HAVE_IDE=y
 # CONFIG_IDE is not set
 
@@ -2575,6 +2594,7 @@ CONFIG_DM_VERITY=m
 CONFIG_DM_SWITCH=m
 CONFIG_DM_LOG_WRITES=m
 CONFIG_DM_INTEGRITY=m
+CONFIG_DM_ZONED=m
 CONFIG_TARGET_CORE=m
 CONFIG_TCM_IBLOCK=m
 CONFIG_TCM_FILEIO=m
@@ -2697,17 +2717,19 @@ CONFIG_CAIF_VIRTIO=m
 #
 # Distributed Switch Architecture drivers
 #
-CONFIG_NET_DSA_MV88E6060=m
 CONFIG_B53=m
 CONFIG_B53_SPI_DRIVER=m
 CONFIG_B53_MDIO_DRIVER=m
 CONFIG_B53_MMAP_DRIVER=m
 CONFIG_B53_SRAB_DRIVER=m
+# CONFIG_NET_DSA_LOOP is not set
+CONFIG_NET_DSA_MT7530=m
+CONFIG_NET_DSA_MV88E6060=m
+CONFIG_MICROCHIP_KSZ=m
+CONFIG_MICROCHIP_KSZ_SPI_DRIVER=m
 CONFIG_NET_DSA_MV88E6XXX=m
 CONFIG_NET_DSA_MV88E6XXX_GLOBAL2=y
 CONFIG_NET_DSA_QCA8K=m
-# CONFIG_NET_DSA_LOOP is not set
-CONFIG_NET_DSA_MT7530=m
 CONFIG_NET_DSA_SMSC_LAN9303=m
 CONFIG_NET_DSA_SMSC_LAN9303_I2C=m
 CONFIG_NET_DSA_SMSC_LAN9303_MDIO=m
@@ -2750,6 +2772,7 @@ CONFIG_NET_VENDOR_AURORA=y
 CONFIG_AURORA_NB8800=m
 CONFIG_NET_CADENCE=y
 CONFIG_MACB=m
+CONFIG_MACB_USE_HWSTAMP=y
 CONFIG_MACB_PCI=m
 CONFIG_NET_VENDOR_BROADCOM=y
 CONFIG_B44=m
@@ -2851,6 +2874,7 @@ CONFIG_MLX4_EN_DCB=y
 CONFIG_MLX4_CORE=m
 CONFIG_MLX4_DEBUG=y
 CONFIG_MLX5_CORE=m
+# CONFIG_MLX5_FPGA is not set
 CONFIG_MLX5_CORE_EN=y
 CONFIG_MLX5_CORE_EN_DCB=y
 # CONFIG_MLX5_CORE_IPOIB is not set
@@ -2864,6 +2888,7 @@ CONFIG_MLXSW_SWITCHX2=m
 CONFIG_MLXSW_SPECTRUM=m
 CONFIG_MLXSW_SPECTRUM_DCB=y
 CONFIG_MLXSW_MINIMAL=m
+CONFIG_MLXFW=m
 CONFIG_NET_VENDOR_MICREL=y
 CONFIG_KS8842=m
 CONFIG_KS8851=m
@@ -2882,6 +2907,7 @@ CONFIG_NATSEMI=m
 CONFIG_NS83820=m
 CONFIG_NET_VENDOR_NETRONOME=y
 CONFIG_NFP=m
+# CONFIG_NFP_APP_FLOWER is not set
 # CONFIG_NFP_DEBUG is not set
 CONFIG_NET_VENDOR_8390=y
 CONFIG_PCMCIA_AXNET=m
@@ -2985,6 +3011,7 @@ CONFIG_SKFP=m
 # CONFIG_HIPPI is not set
 CONFIG_NET_SB1000=m
 CONFIG_MDIO_DEVICE=y
+CONFIG_MDIO_BUS=y
 CONFIG_MDIO_BITBANG=m
 CONFIG_MDIO_CAVIUM=m
 CONFIG_MDIO_GPIO=m
@@ -3004,6 +3031,7 @@ CONFIG_BCM87XX_PHY=m
 CONFIG_BCM_NET_PHYLIB=m
 CONFIG_BROADCOM_PHY=m
 CONFIG_CICADA_PHY=m
+CONFIG_CORTINA_PHY=m
 CONFIG_DAVICOM_PHY=m
 CONFIG_DP83848_PHY=m
 CONFIG_DP83867_PHY=m
@@ -3013,6 +3041,7 @@ CONFIG_INTEL_XWAY_PHY=m
 CONFIG_LSI_ET1011C_PHY=m
 CONFIG_LXT_PHY=m
 CONFIG_MARVELL_PHY=m
+CONFIG_MARVELL_10G_PHY=m
 CONFIG_MICREL_PHY=m
 CONFIG_MICROCHIP_PHY=m
 CONFIG_MICROSEMI_PHY=m
@@ -3131,6 +3160,7 @@ CONFIG_WIL6210_ISR_COR=y
 CONFIG_WIL6210_TRACING=y
 CONFIG_ATH10K=m
 CONFIG_ATH10K_PCI=m
+CONFIG_ATH10K_SDIO=m
 # CONFIG_ATH10K_DEBUG is not set
 CONFIG_ATH10K_DEBUGFS=y
 CONFIG_ATH10K_TRACING=y
@@ -3335,6 +3365,9 @@ CONFIG_WLAN_VENDOR_ZYDAS=y
 CONFIG_USB_ZD1201=m
 CONFIG_ZD1211RW=m
 # CONFIG_ZD1211RW_DEBUG is not set
+CONFIG_WLAN_VENDOR_QUANTENNA=y
+CONFIG_QTNFMAC=m
+CONFIG_QTNFMAC_PEARL_PCIE=m
 CONFIG_PCMCIA_RAYCS=m
 CONFIG_PCMCIA_WL3501=m
 CONFIG_MAC80211_HWSIM=m
@@ -3547,6 +3580,7 @@ CONFIG_KEYBOARD_ADP5589=m
 CONFIG_KEYBOARD_ATKBD=y
 CONFIG_KEYBOARD_QT1070=m
 CONFIG_KEYBOARD_QT2160=m
+CONFIG_KEYBOARD_DLINK_DIR685=m
 CONFIG_KEYBOARD_LKKBD=m
 CONFIG_KEYBOARD_GPIO=m
 CONFIG_KEYBOARD_GPIO_POLLED=m
@@ -3721,6 +3755,7 @@ CONFIG_TOUCHSCREEN_RM_TS=m
 CONFIG_TOUCHSCREEN_SILEAD=m
 CONFIG_TOUCHSCREEN_SIS_I2C=m
 CONFIG_TOUCHSCREEN_ST1232=m
+CONFIG_TOUCHSCREEN_STMFTS=m
 CONFIG_TOUCHSCREEN_SUR40=m
 CONFIG_TOUCHSCREEN_SURFACE3_SPI=m
 CONFIG_TOUCHSCREEN_SX8654=m
@@ -3922,6 +3957,7 @@ CONFIG_HVC_XEN=y
 CONFIG_HVC_XEN_FRONTEND=y
 CONFIG_VIRTIO_CONSOLE=y
 CONFIG_IPMI_HANDLER=m
+CONFIG_IPMI_DMI_DECODE=y
 # CONFIG_IPMI_PANIC_EVENT is not set
 CONFIG_IPMI_DEVICE_INTERFACE=m
 CONFIG_IPMI_SI=m
@@ -4034,8 +4070,9 @@ CONFIG_I2C_SCMI=m
 # I2C system bus drivers (mostly embedded / system-on-chip)
 #
 CONFIG_I2C_CBUS_GPIO=m
-CONFIG_I2C_DESIGNWARE_CORE=m
-CONFIG_I2C_DESIGNWARE_PLATFORM=m
+CONFIG_I2C_DESIGNWARE_CORE=y
+CONFIG_I2C_DESIGNWARE_PLATFORM=y
+# CONFIG_I2C_DESIGNWARE_SLAVE is not set
 CONFIG_I2C_DESIGNWARE_PCI=m
 CONFIG_I2C_DESIGNWARE_BAYTRAIL=y
 CONFIG_I2C_EMEV2=m
@@ -4104,6 +4141,7 @@ CONFIG_SPI_ZYNQMP_GQSPI=m
 CONFIG_SPI_SPIDEV=m
 # CONFIG_SPI_LOOPBACK_TEST is not set
 CONFIG_SPI_TLE62X0=m
+# CONFIG_SPI_SLAVE is not set
 CONFIG_SPMI=m
 CONFIG_HSI=m
 CONFIG_HSI_BOARDINFO=y
@@ -4116,10 +4154,6 @@ CONFIG_HSI_BOARDINFO=y
 # HSI clients
 #
 CONFIG_HSI_CHAR=m
-
-#
-# PPS support
-#
 CONFIG_PPS=m
 # CONFIG_PPS_DEBUG is not set
 
@@ -4154,11 +4188,13 @@ CONFIG_PINCONF=y
 CONFIG_GENERIC_PINCONF=y
 # CONFIG_DEBUG_PINCTRL is not set
 CONFIG_PINCTRL_AMD=y
+CONFIG_PINCTRL_MCP23S08=m
 CONFIG_PINCTRL_SX150X=y
 CONFIG_PINCTRL_BAYTRAIL=y
 CONFIG_PINCTRL_CHERRYVIEW=m
 CONFIG_PINCTRL_INTEL=m
 CONFIG_PINCTRL_BROXTON=m
+CONFIG_PINCTRL_CANNONLAKE=m
 CONFIG_PINCTRL_GEMINILAKE=m
 CONFIG_PINCTRL_SUNRISEPOINT=m
 CONFIG_GPIOLIB=y
@@ -4244,10 +4280,7 @@ CONFIG_GPIO_RDC321X=m
 CONFIG_GPIO_MAX7301=m
 CONFIG_GPIO_MC33880=m
 CONFIG_GPIO_PISOSR=m
-
-#
-# SPI or I2C GPIO expanders
-#
+CONFIG_GPIO_XRA1403=m
 
 #
 # USB GPIO expanders
@@ -4306,6 +4339,7 @@ CONFIG_BATTERY_SBS=m
 CONFIG_CHARGER_SBS=m
 CONFIG_BATTERY_BQ27XXX=m
 CONFIG_BATTERY_BQ27XXX_I2C=m
+# CONFIG_BATTERY_BQ27XXX_DT_UPDATES_NVM is not set
 CONFIG_BATTERY_DA9030=m
 CONFIG_BATTERY_DA9052=m
 CONFIG_CHARGER_DA9150=m
@@ -4328,6 +4362,7 @@ CONFIG_CHARGER_LP8727=m
 CONFIG_CHARGER_LP8788=m
 CONFIG_CHARGER_GPIO=m
 CONFIG_CHARGER_MANAGER=y
+CONFIG_CHARGER_LTC3651=m
 CONFIG_CHARGER_MAX14577=m
 CONFIG_CHARGER_MAX77693=m
 CONFIG_CHARGER_MAX8997=m
@@ -4453,6 +4488,7 @@ CONFIG_SENSORS_PCF8591=m
 CONFIG_PMBUS=m
 CONFIG_SENSORS_PMBUS=m
 CONFIG_SENSORS_ADM1275=m
+CONFIG_SENSORS_IR35221=m
 CONFIG_SENSORS_LM25066=m
 CONFIG_SENSORS_LTC2978=m
 CONFIG_SENSORS_LTC2978_REGULATOR=y
@@ -4551,6 +4587,7 @@ CONFIG_GENERIC_ADC_THERMAL=m
 CONFIG_WATCHDOG=y
 CONFIG_WATCHDOG_CORE=y
 # CONFIG_WATCHDOG_NOWAYOUT is not set
+CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED=y
 CONFIG_WATCHDOG_SYSFS=y
 
 #
@@ -4694,6 +4731,7 @@ CONFIG_LPC_ICH=m
 CONFIG_LPC_SCH=m
 CONFIG_INTEL_SOC_PMIC=y
 CONFIG_INTEL_SOC_PMIC_BXTWC=m
+CONFIG_INTEL_SOC_PMIC_CHTWC=m
 CONFIG_MFD_INTEL_LPSS=m
 CONFIG_MFD_INTEL_LPSS_ACPI=m
 CONFIG_MFD_INTEL_LPSS_PCI=m
@@ -4885,6 +4923,7 @@ CONFIG_VIDEO_V4L2=m
 CONFIG_VIDEO_TUNER=m
 CONFIG_V4L2_MEM2MEM_DEV=m
 CONFIG_V4L2_FLASH_LED_CLASS=m
+CONFIG_V4L2_FWNODE=m
 CONFIG_VIDEOBUF_GEN=m
 CONFIG_VIDEOBUF_DMA_SG=m
 CONFIG_VIDEOBUF_VMALLOC=m
@@ -5206,6 +5245,7 @@ CONFIG_VIDEO_VIVID_MAX_DEVS=64
 CONFIG_VIDEO_VIM2M=m
 CONFIG_DVB_PLATFORM_DRIVERS=y
 CONFIG_CEC_PLATFORM_DRIVERS=y
+CONFIG_SDR_PLATFORM_DRIVERS=y
 
 #
 # Supported MMC/SDIO adapters
@@ -5347,6 +5387,10 @@ CONFIG_VIDEO_UPD64083=m
 CONFIG_VIDEO_SAA6752HS=m
 
 #
+# SDR tuner chips
+#
+
+#
 # Miscellaneous helper chips
 #
 CONFIG_VIDEO_M52790=m
@@ -5618,6 +5662,7 @@ CONFIG_DRM_I915_USERPTR=y
 # CONFIG_DRM_I915_WERROR is not set
 # CONFIG_DRM_I915_DEBUG is not set
 # CONFIG_DRM_I915_SW_FENCE_DEBUG_OBJECTS is not set
+# CONFIG_DRM_I915_SW_FENCE_CHECK_DAG is not set
 # CONFIG_DRM_I915_SELFTEST is not set
 # CONFIG_DRM_I915_LOW_LEVEL_TRACEPOINTS is not set
 # CONFIG_DRM_I915_DEBUG_VBLANK_EVADE is not set
@@ -5640,6 +5685,7 @@ CONFIG_DRM_PANEL=y
 # Display Panels
 #
 CONFIG_DRM_BRIDGE=y
+CONFIG_DRM_PANEL_BRIDGE=y
 
 #
 # Display Interface Bridges
@@ -5839,20 +5885,17 @@ CONFIG_SND_PCM_ELD=y
 CONFIG_SND_PCM_IEC958=y
 CONFIG_SND_DMAENGINE_PCM=m
 CONFIG_SND_HWDEP=m
+CONFIG_SND_SEQ_DEVICE=m
 CONFIG_SND_RAWMIDI=m
 CONFIG_SND_COMPRESS_OFFLOAD=m
 CONFIG_SND_JACK=y
 CONFIG_SND_JACK_INPUT_DEV=y
-CONFIG_SND_SEQUENCER=m
-CONFIG_SND_SEQ_DUMMY=m
 CONFIG_SND_OSSEMUL=y
 CONFIG_SND_MIXER_OSS=m
 CONFIG_SND_PCM_OSS=m
 CONFIG_SND_PCM_OSS_PLUGINS=y
 CONFIG_SND_PCM_TIMER=y
-# CONFIG_SND_SEQUENCER_OSS is not set
 CONFIG_SND_HRTIMER=m
-CONFIG_SND_SEQ_HRTIMER_DEFAULT=y
 CONFIG_SND_DYNAMIC_MINORS=y
 CONFIG_SND_MAX_CARDS=32
 CONFIG_SND_SUPPORT_OLD_API=y
@@ -5862,13 +5905,18 @@ CONFIG_SND_VERBOSE_PROCFS=y
 # CONFIG_SND_DEBUG is not set
 CONFIG_SND_VMASTER=y
 CONFIG_SND_DMA_SGBUF=y
-CONFIG_SND_RAWMIDI_SEQ=m
-CONFIG_SND_OPL3_LIB_SEQ=m
-# CONFIG_SND_OPL4_LIB_SEQ is not set
-# CONFIG_SND_SBAWE_SEQ is not set
-# CONFIG_SND_EMU10K1_SEQ is not set
+CONFIG_SND_SEQUENCER=m
+CONFIG_SND_SEQ_DUMMY=m
+# CONFIG_SND_SEQUENCER_OSS is not set
+CONFIG_SND_SEQ_HRTIMER_DEFAULT=y
+CONFIG_SND_SEQ_MIDI_EVENT=m
+CONFIG_SND_SEQ_MIDI=m
+CONFIG_SND_SEQ_MIDI_EMUL=m
+CONFIG_SND_SEQ_VIRMIDI=m
 CONFIG_SND_MPU401_UART=m
 CONFIG_SND_OPL3_LIB=m
+CONFIG_SND_OPL3_LIB_SEQ=m
+# CONFIG_SND_OPL4_LIB_SEQ is not set
 CONFIG_SND_VX_LIB=m
 CONFIG_SND_AC97_CODEC=m
 CONFIG_SND_DRIVERS=y
@@ -5918,6 +5966,7 @@ CONFIG_SND_INDIGOIO=m
 CONFIG_SND_INDIGODJ=m
 CONFIG_SND_INDIGOIOX=m
 CONFIG_SND_INDIGODJX=m
+# CONFIG_SND_EMU10K1_SEQ is not set
 CONFIG_SND_ENS1370=m
 CONFIG_SND_ENS1371=m
 CONFIG_SND_FM801=m
@@ -6046,11 +6095,18 @@ CONFIG_SND_SOC_INTEL_CHT_BSW_RT5672_MACH=m
 CONFIG_SND_SOC_INTEL_CHT_BSW_RT5645_MACH=m
 CONFIG_SND_SOC_INTEL_CHT_BSW_MAX98090_TI_MACH=m
 CONFIG_SND_SOC_INTEL_BYT_CHT_DA7213_MACH=m
+CONFIG_SND_SOC_INTEL_BYT_CHT_ES8316_MACH=m
 CONFIG_SND_SOC_INTEL_BYT_CHT_NOCODEC_MACH=m
+CONFIG_SND_SOC_INTEL_KBL_RT5663_MAX98927_MACH=m
+CONFIG_SND_SOC_INTEL_KBL_RT5663_RT5514_MAX98927_MACH=m
 CONFIG_SND_SOC_INTEL_SKYLAKE=m
 CONFIG_SND_SOC_INTEL_SKL_RT286_MACH=m
 CONFIG_SND_SOC_INTEL_SKL_NAU88L25_SSM4567_MACH=m
 CONFIG_SND_SOC_INTEL_SKL_NAU88L25_MAX98357A_MACH=m
+
+#
+# STMicroelectronics STM32 SOC audio support
+#
 CONFIG_SND_SOC_XTFPGA_I2S=m
 CONFIG_ZX_TDM=m
 CONFIG_SND_SOC_I2C_AND_SPI=m
@@ -6098,6 +6154,7 @@ CONFIG_SND_SOC_DIO2125=m
 CONFIG_SND_SOC_DMIC=m
 CONFIG_SND_SOC_HDMI_CODEC=m
 CONFIG_SND_SOC_ES7134=m
+CONFIG_SND_SOC_ES8316=m
 CONFIG_SND_SOC_ES8328=m
 CONFIG_SND_SOC_ES8328_I2C=m
 CONFIG_SND_SOC_ES8328_SPI=m
@@ -6125,11 +6182,13 @@ CONFIG_SND_SOC_RL6231=m
 CONFIG_SND_SOC_RL6347A=m
 CONFIG_SND_SOC_RT286=m
 CONFIG_SND_SOC_RT298=m
+CONFIG_SND_SOC_RT5514=m
 CONFIG_SND_SOC_RT5616=m
 CONFIG_SND_SOC_RT5631=m
 CONFIG_SND_SOC_RT5640=m
 CONFIG_SND_SOC_RT5645=m
 CONFIG_SND_SOC_RT5651=m
+CONFIG_SND_SOC_RT5663=m
 CONFIG_SND_SOC_RT5670=m
 CONFIG_SND_SOC_RT5677=m
 CONFIG_SND_SOC_RT5677_SPI=m
@@ -6179,6 +6238,7 @@ CONFIG_SND_SOC_WM8962=m
 CONFIG_SND_SOC_WM8974=m
 CONFIG_SND_SOC_WM8978=m
 CONFIG_SND_SOC_WM8985=m
+CONFIG_SND_SOC_ZX_AUD96P22=m
 CONFIG_SND_SOC_NAU8540=m
 CONFIG_SND_SOC_NAU8810=m
 CONFIG_SND_SOC_NAU8824=m
@@ -6236,6 +6296,7 @@ CONFIG_HID_UCLOGIC=m
 CONFIG_HID_WALTOP=m
 CONFIG_HID_GYRATION=m
 CONFIG_HID_ICADE=m
+CONFIG_HID_ITE=m
 CONFIG_HID_TWINHAN=m
 CONFIG_HID_KENSINGTON=m
 CONFIG_HID_LCPOWER=m
@@ -6268,6 +6329,7 @@ CONFIG_HID_PICOLCD_LEDS=y
 CONFIG_HID_PICOLCD_CIR=y
 CONFIG_HID_PLANTRONICS=m
 CONFIG_HID_PRIMAX=m
+CONFIG_HID_RETRODE=m
 CONFIG_HID_ROCCAT=m
 CONFIG_HID_SAITEK=m
 CONFIG_HID_SAMSUNG=m
@@ -6566,7 +6628,6 @@ CONFIG_USB_HSIC_USB3503=m
 CONFIG_USB_HSIC_USB4604=m
 CONFIG_USB_LINK_LAYER_TEST=m
 CONFIG_USB_CHAOSKEY=m
-CONFIG_UCSI=m
 CONFIG_USB_ATM=m
 CONFIG_USB_SPEEDTOUCH=m
 CONFIG_USB_CXACRU=m
@@ -6619,6 +6680,7 @@ CONFIG_USB_F_ACM=m
 CONFIG_USB_F_SS_LB=m
 CONFIG_USB_U_SERIAL=m
 CONFIG_USB_U_ETHER=m
+CONFIG_USB_U_AUDIO=m
 CONFIG_USB_F_SERIAL=m
 CONFIG_USB_F_OBEX=m
 CONFIG_USB_F_NCM=m
@@ -6650,6 +6712,7 @@ CONFIG_USB_CONFIGFS_MASS_STORAGE=y
 CONFIG_USB_CONFIGFS_F_LB_SS=y
 CONFIG_USB_CONFIGFS_F_FS=y
 CONFIG_USB_CONFIGFS_F_UAC1=y
+# CONFIG_USB_CONFIGFS_F_UAC1_LEGACY is not set
 CONFIG_USB_CONFIGFS_F_UAC2=y
 CONFIG_USB_CONFIGFS_F_MIDI=y
 CONFIG_USB_CONFIGFS_F_HID=y
@@ -6659,6 +6722,7 @@ CONFIG_USB_CONFIGFS_F_PRINTER=y
 CONFIG_USB_ZERO=m
 CONFIG_USB_AUDIO=m
 CONFIG_GADGET_UAC1=y
+# CONFIG_GADGET_UAC1_LEGACY is not set
 CONFIG_USB_ETH=m
 CONFIG_USB_ETH_RNDIS=y
 CONFIG_USB_ETH_EEM=y
@@ -6687,6 +6751,8 @@ CONFIG_USB_G_WEBCAM=m
 # USB Power Delivery and Type-C drivers
 #
 CONFIG_TYPEC=m
+CONFIG_TYPEC_UCSI=m
+CONFIG_UCSI_ACPI=m
 CONFIG_USB_LED_TRIG=y
 CONFIG_USB_ULPI_BUS=m
 CONFIG_UWB=m
@@ -6697,7 +6763,6 @@ CONFIG_MMC=y
 # CONFIG_MMC_DEBUG is not set
 CONFIG_MMC_BLOCK=m
 CONFIG_MMC_BLOCK_MINORS=8
-CONFIG_MMC_BLOCK_BOUNCE=y
 CONFIG_SDIO_UART=m
 # CONFIG_MMC_TEST is not set
 
@@ -6885,6 +6950,7 @@ CONFIG_RTC_HCTOSYS_DEVICE="rtc0"
 CONFIG_RTC_SYSTOHC=y
 CONFIG_RTC_SYSTOHC_DEVICE="rtc0"
 # CONFIG_RTC_DEBUG is not set
+CONFIG_RTC_NVMEM=y
 
 #
 # RTC interfaces
@@ -6963,6 +7029,7 @@ CONFIG_RTC_I2C_AND_SPI=y
 # SPI and I2C RTC drivers
 #
 CONFIG_RTC_DRV_DS3232=m
+CONFIG_RTC_DRV_DS3232_HWMON=y
 CONFIG_RTC_DRV_PCF2127=m
 CONFIG_RTC_DRV_RV3029C2=m
 CONFIG_RTC_DRV_RV3029_HWMON=y
@@ -7003,6 +7070,7 @@ CONFIG_RTC_DRV_AB3100=m
 #
 # on-CPU RTC drivers
 #
+CONFIG_RTC_DRV_FTRTC010=m
 CONFIG_RTC_DRV_PCAP=m
 CONFIG_RTC_DRV_MC13XXX=m
 CONFIG_RTC_DRV_MT6397=m
@@ -7339,7 +7407,6 @@ CONFIG_AD5933=m
 #
 # Light sensors
 #
-CONFIG_SENSORS_ISL29028=m
 CONFIG_TSL2x7x=m
 
 #
@@ -7467,6 +7534,7 @@ CONFIG_KS7010=m
 CONFIG_TYPEC_TCPM=m
 CONFIG_TYPEC_TCPCI=m
 CONFIG_TYPEC_FUSB302=m
+CONFIG_DRM_VBOXVIDEO=m
 CONFIG_X86_PLATFORM_DEVICES=y
 CONFIG_ACER_WMI=m
 CONFIG_ACERHDF=m
@@ -7480,7 +7548,6 @@ CONFIG_DELL_WMI_LED=m
 CONFIG_DELL_SMO8800=m
 CONFIG_DELL_RBTN=m
 CONFIG_FUJITSU_LAPTOP=m
-# CONFIG_FUJITSU_LAPTOP_DEBUG is not set
 CONFIG_FUJITSU_TABLET=m
 CONFIG_AMILO_RFKILL=m
 CONFIG_HP_ACCEL=m
@@ -7508,7 +7575,9 @@ CONFIG_ASUS_NB_WMI=m
 CONFIG_EEEPC_WMI=m
 CONFIG_ASUS_WIRELESS=m
 CONFIG_ACPI_WMI=m
+CONFIG_WMI_BMOF=m
 CONFIG_MSI_WMI=m
+CONFIG_PEAQ_WMI=m
 CONFIG_TOPSTAR_LAPTOP=m
 CONFIG_ACPI_TOSHIBA=m
 CONFIG_TOSHIBA_BT_RFKILL=m
@@ -7516,6 +7585,7 @@ CONFIG_TOSHIBA_HAPS=m
 CONFIG_TOSHIBA_WMI=m
 CONFIG_ACPI_CMPC=m
 CONFIG_INTEL_CHT_INT33FE=m
+CONFIG_INTEL_INT0002_VGPIO=m
 CONFIG_INTEL_HID_EVENT=m
 CONFIG_INTEL_VBTN=m
 CONFIG_INTEL_IPS=m
@@ -7545,6 +7615,7 @@ CONFIG_CHROMEOS_LAPTOP=m
 CONFIG_CHROMEOS_PSTORE=m
 CONFIG_CROS_EC_CHARDEV=m
 CONFIG_CROS_EC_LPC=m
+# CONFIG_CROS_EC_LPC_MEC is not set
 CONFIG_CROS_EC_PROTO=y
 CONFIG_CROS_KBD_LED_BACKLIGHT=m
 CONFIG_CLKDEV_LOOKUP=y
@@ -7565,10 +7636,7 @@ CONFIG_COMMON_CLK_PALMAS=m
 CONFIG_COMMON_CLK_PWM=m
 # CONFIG_COMMON_CLK_PXA is not set
 # CONFIG_COMMON_CLK_PIC32 is not set
-
-#
-# Hardware Spinlock drivers
-#
+CONFIG_HWSPINLOCK=m
 
 #
 # Clock Source drivers
@@ -7608,6 +7676,9 @@ CONFIG_REMOTEPROC=m
 #
 # Rpmsg drivers
 #
+CONFIG_RPMSG=m
+# CONFIG_RPMSG_CHAR is not set
+CONFIG_RPMSG_QCOM_GLINK_RPM=m
 
 #
 # SOC (System On Chip) specific Drivers
@@ -7622,7 +7693,6 @@ CONFIG_REMOTEPROC=m
 #
 # CONFIG_SUNXI_SRAM is not set
 CONFIG_SOC_TI=y
-# CONFIG_SOC_ZTE is not set
 CONFIG_PM_DEVFREQ=y
 
 #
@@ -7648,13 +7718,13 @@ CONFIG_EXTCON_ARIZONA=m
 CONFIG_EXTCON_AXP288=m
 CONFIG_EXTCON_GPIO=m
 CONFIG_EXTCON_INTEL_INT3496=m
+CONFIG_EXTCON_INTEL_CHT_WC=m
 CONFIG_EXTCON_MAX14577=m
 CONFIG_EXTCON_MAX3355=m
 CONFIG_EXTCON_MAX77693=m
 CONFIG_EXTCON_MAX77843=m
 CONFIG_EXTCON_MAX8997=m
 CONFIG_EXTCON_PALMAS=m
-CONFIG_EXTCON_QCOM_SPMI_MISC=m
 CONFIG_EXTCON_RT8973A=m
 CONFIG_EXTCON_SM5502=m
 CONFIG_EXTCON_USB_GPIO=m
@@ -7745,7 +7815,9 @@ CONFIG_QCOM_SPMI_IADC=m
 CONFIG_QCOM_SPMI_VADC=m
 CONFIG_TI_ADC081C=m
 CONFIG_TI_ADC0832=m
+CONFIG_TI_ADC084S021=m
 CONFIG_TI_ADC12138=m
+CONFIG_TI_ADC108S102=m
 CONFIG_TI_ADC128S052=m
 CONFIG_TI_ADC161S626=m
 CONFIG_TI_ADS1015=m
@@ -7918,6 +7990,7 @@ CONFIG_CM36651=m
 CONFIG_IIO_CROS_EC_LIGHT_PROX=m
 CONFIG_GP2AP020A00F=m
 CONFIG_SENSORS_ISL29018=m
+CONFIG_SENSORS_ISL29028=m
 CONFIG_ISL29125=m
 CONFIG_HID_SENSOR_ALS=m
 CONFIG_HID_SENSOR_PROX=m
@@ -7959,6 +8032,10 @@ CONFIG_SENSORS_HMC5843_I2C=m
 CONFIG_SENSORS_HMC5843_SPI=m
 
 #
+# Multiplexers
+#
+
+#
 # Inclinometer sensors
 #
 CONFIG_HID_SENSOR_INCLINOMETER_3D=m
@@ -8039,6 +8116,7 @@ CONFIG_TSYS01=m
 CONFIG_TSYS02D=m
 CONFIG_NTB=m
 CONFIG_NTB_AMD=m
+CONFIG_NTB_IDT=m
 CONFIG_NTB_INTEL=m
 CONFIG_NTB_PINGPONG=m
 CONFIG_NTB_TOOL=m
@@ -8081,6 +8159,7 @@ CONFIG_SERIAL_IPOCTAL=m
 CONFIG_RESET_CONTROLLER=y
 # CONFIG_RESET_ATH79 is not set
 # CONFIG_RESET_BERLIN is not set
+# CONFIG_RESET_GEMINI is not set
 # CONFIG_RESET_IMX7 is not set
 # CONFIG_RESET_LPC18XX is not set
 # CONFIG_RESET_MESON is not set
@@ -8088,7 +8167,7 @@ CONFIG_RESET_CONTROLLER=y
 # CONFIG_RESET_SOCFPGA is not set
 # CONFIG_RESET_STM32 is not set
 # CONFIG_RESET_SUNXI is not set
-CONFIG_TI_SYSCON_RESET=m
+CONFIG_RESET_TI_SYSCON=m
 # CONFIG_RESET_ZYNQ is not set
 # CONFIG_RESET_TEGRA_BPMP is not set
 CONFIG_FMC=m
@@ -8101,15 +8180,16 @@ CONFIG_FMC_CHARDEV=m
 # PHY Subsystem
 #
 CONFIG_GENERIC_PHY=y
+CONFIG_BCM_KONA_USB2_PHY=m
 CONFIG_PHY_PXA_28NM_HSIC=m
 CONFIG_PHY_PXA_28NM_USB2=m
-CONFIG_BCM_KONA_USB2_PHY=m
+CONFIG_PHY_CPCAP_USB=m
+CONFIG_PHY_QCOM_USB_HS=m
+CONFIG_PHY_QCOM_USB_HSIC=m
 CONFIG_PHY_SAMSUNG_USB2=m
 # CONFIG_PHY_EXYNOS4210_USB2 is not set
 # CONFIG_PHY_EXYNOS4X12_USB2 is not set
 # CONFIG_PHY_EXYNOS5250_USB2 is not set
-CONFIG_PHY_QCOM_USB_HS=m
-CONFIG_PHY_QCOM_USB_HSIC=m
 CONFIG_PHY_TUSB1210=m
 CONFIG_POWERCAP=y
 CONFIG_INTEL_RAPL=m
@@ -8121,7 +8201,6 @@ CONFIG_MCB_LPC=m
 # Performance monitor support
 #
 CONFIG_RAS=y
-# CONFIG_MCE_AMD_INJ is not set
 # CONFIG_RAS_CEC is not set
 CONFIG_THUNDERBOLT=m
 
@@ -8141,7 +8220,7 @@ CONFIG_NVDIMM_DAX=y
 CONFIG_DAX=y
 CONFIG_DEV_DAX=m
 CONFIG_DEV_DAX_PMEM=m
-CONFIG_NVMEM=m
+CONFIG_NVMEM=y
 CONFIG_STM=m
 CONFIG_STM_DUMMY=m
 CONFIG_STM_SOURCE_CONSOLE=m
@@ -8289,6 +8368,7 @@ CONFIG_FUSE_FS=y
 CONFIG_CUSE=m
 CONFIG_OVERLAY_FS=m
 # CONFIG_OVERLAY_FS_REDIRECT_DIR is not set
+# CONFIG_OVERLAY_FS_INDEX is not set
 
 #
 # Caches
@@ -8477,8 +8557,8 @@ CONFIG_CIFS_POSIX=y
 CONFIG_CIFS_ACL=y
 CONFIG_CIFS_DEBUG=y
 # CONFIG_CIFS_DEBUG2 is not set
+# CONFIG_CIFS_DEBUG_DUMP_KEYS is not set
 CONFIG_CIFS_DFS_UPCALL=y
-CONFIG_CIFS_SMB2=y
 CONFIG_CIFS_SMB311=y
 CONFIG_CIFS_FSCACHE=y
 CONFIG_NCP_FS=m
@@ -8623,6 +8703,9 @@ CONFIG_ARCH_HAS_KCOV=y
 # Debug Lockups and Hangs
 #
 CONFIG_LOCKUP_DETECTOR=y
+CONFIG_SOFTLOCKUP_DETECTOR=y
+CONFIG_HARDLOCKUP_DETECTOR_PERF=y
+CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y
 CONFIG_HARDLOCKUP_DETECTOR=y
 # CONFIG_BOOTPARAM_HARDLOCKUP_PANIC is not set
 CONFIG_BOOTPARAM_HARDLOCKUP_PANIC_VALUE=0
@@ -8657,6 +8740,7 @@ CONFIG_SCHED_STACK_END_CHECK=y
 CONFIG_LOCK_TORTURE_TEST=m
 CONFIG_WW_MUTEX_SELFTEST=m
 CONFIG_STACKTRACE=y
+# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set
 # CONFIG_DEBUG_KOBJECT is not set
 CONFIG_DEBUG_BUGVERBOSE=y
 # CONFIG_DEBUG_LIST is not set
@@ -8669,7 +8753,6 @@ CONFIG_DEBUG_BUGVERBOSE=y
 # RCU Debugging
 #
 # CONFIG_PROVE_RCU is not set
-# CONFIG_SPARSE_RCU_POINTER is not set
 CONFIG_TORTURE_TEST=m
 # CONFIG_RCU_PERF_TEST is not set
 # CONFIG_RCU_TORTURE_TEST is not set
@@ -8732,7 +8815,7 @@ CONFIG_MMIOTRACE=y
 # CONFIG_TRACEPOINT_BENCHMARK is not set
 # CONFIG_RING_BUFFER_BENCHMARK is not set
 # CONFIG_RING_BUFFER_STARTUP_TEST is not set
-# CONFIG_TRACE_ENUM_MAP_FILE is not set
+# CONFIG_TRACE_EVAL_MAP_FILE is not set
 CONFIG_TRACING_EVENTS_GPIO=y
 
 #
@@ -8763,10 +8846,12 @@ CONFIG_TEST_LKM=m
 CONFIG_TEST_USER_COPY=m
 CONFIG_TEST_BPF=m
 CONFIG_TEST_FIRMWARE=m
+# CONFIG_TEST_SYSCTL is not set
 CONFIG_TEST_UDELAY=m
 CONFIG_MEMTEST=y
 CONFIG_TEST_STATIC_KEYS=m
 # CONFIG_BUG_ON_DATA_CORRUPTION is not set
+# CONFIG_TEST_KMOD is not set
 # CONFIG_SAMPLES is not set
 CONFIG_HAVE_ARCH_KGDB=y
 CONFIG_KGDB=y
@@ -8831,6 +8916,7 @@ CONFIG_SECURITY=y
 CONFIG_SECURITY_WRITABLE_HOOKS=y
 CONFIG_SECURITYFS=y
 CONFIG_SECURITY_NETWORK=y
+# CONFIG_SECURITY_INFINIBAND is not set
 CONFIG_SECURITY_NETWORK_XFRM=y
 CONFIG_SECURITY_PATH=y
 CONFIG_INTEL_TXT=y
@@ -8838,6 +8924,7 @@ CONFIG_LSM_MMAP_MIN_ADDR=0
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 CONFIG_HARDENED_USERCOPY=y
 # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
+CONFIG_FORTIFY_SOURCE=y
 # CONFIG_STATIC_USERMODEHELPER is not set
 CONFIG_SECURITY_SELINUX=y
 CONFIG_SECURITY_SELINUX_BOOTPARAM=y
@@ -8878,11 +8965,11 @@ CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
 CONFIG_IMA_DEFAULT_HASH_SHA1=y
 # CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
 # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
-# CONFIG_IMA_DEFAULT_HASH_WP512 is not set
 CONFIG_IMA_DEFAULT_HASH="sha1"
 # CONFIG_IMA_WRITE_POLICY is not set
 # CONFIG_IMA_READ_POLICY is not set
 CONFIG_IMA_APPRAISE=y
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
 CONFIG_IMA_TRUSTED_KEYRING=y
 CONFIG_IMA_BLACKLIST_KEYRING=y
 # CONFIG_IMA_LOAD_X509 is not set
@@ -9087,6 +9174,8 @@ CONFIG_CRYPTO_DEV_QAT_C62X=m
 CONFIG_CRYPTO_DEV_QAT_DH895xCCVF=m
 CONFIG_CRYPTO_DEV_QAT_C3XXXVF=m
 CONFIG_CRYPTO_DEV_QAT_C62XVF=m
+CONFIG_CRYPTO_DEV_NITROX=m
+CONFIG_CRYPTO_DEV_NITROX_CNN55XX=m
 CONFIG_CRYPTO_DEV_CHELSIO=m
 CONFIG_CRYPTO_DEV_VIRTIO=m
 CONFIG_ASYMMETRIC_KEY_TYPE=y
@@ -9153,6 +9242,7 @@ CONFIG_CRC32_SLICEBY8=y
 # CONFIG_CRC32_SLICEBY4 is not set
 # CONFIG_CRC32_SARWATE is not set
 # CONFIG_CRC32_BIT is not set
+# CONFIG_CRC4 is not set
 CONFIG_CRC7=m
 CONFIG_LIBCRC32C=m
 CONFIG_CRC8=m
@@ -9225,6 +9315,7 @@ CONFIG_FONT_8x16=y
 CONFIG_SG_POOL=y
 CONFIG_ARCH_HAS_SG_CHAIN=y
 CONFIG_ARCH_HAS_PMEM_API=y
+CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y
 CONFIG_ARCH_HAS_MMIO_FLUSH=y
 CONFIG_SBITMAP=y
 CONFIG_PARMAN=m
diff --git a/gnu/packages/avr.scm b/gnu/packages/avr.scm
index aaa0428041..ecb7cd19a8 100644
--- a/gnu/packages/avr.scm
+++ b/gnu/packages/avr.scm
@@ -157,7 +157,7 @@ C++.")
        (list (string-append "PREFIX=" (assoc-ref %outputs "out")))))
     (native-inputs
      `(("unzip" ,unzip)
-       ("vim" ,vim))) ; for xxd
+       ("xxd" ,xxd)))
     (home-page "http://microscheme.org/")
     (synopsis "Scheme subset for Atmel microcontrollers")
     (description
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index 157b6a7cc5..006d00ef0c 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -5,7 +5,7 @@
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
-;;; Copyright © 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -184,6 +184,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
 (define-public libarchive
   (package
     (name "libarchive")
+    (replacement libarchive-3.3.2)
     (version "3.3.1")
     (source
      (origin
@@ -239,19 +240,19 @@ archive.  In particular, note that there is currently no built-in support for
 random access nor for in-place modification.")
     (license license:bsd-2)))
 
-(define libarchive-3.3.1
+(define libarchive-3.3.2
   (package
     (inherit libarchive)
-    (name "libarchive")
-    (version "3.3.1")
+    (version "3.3.2")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "http://libarchive.org/downloads/libarchive-"
                            version ".tar.gz"))
+       (patches (search-patches "libarchive-CVE-2017-14166.patch"))
        (sha256
         (base32
-         "1rr40hxlm9vy5z2zb5w7pyfkgd1a4s061qapm83s19accb8mpji9"))))))
+         "1km0mzfl6in7l5vz9kl09a88ajx562rw93ng9h2jqavrailvsbgd"))))))
 
 (define-public rdup
   (package
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index 7147baeb0a..e0f2844bce 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -392,6 +392,7 @@ change.  GNU make offers many powerful extensions over the standard utility.")
 
 (define-public binutils
   (package
+   (replacement binutils/fixed)
    (name "binutils")
    (version "2.28")
    (source (origin
@@ -433,6 +434,19 @@ included.")
    (license gpl3+)
    (home-page "https://www.gnu.org/software/binutils/")))
 
+(define binutils/fixed
+  (package
+    (inherit binutils)
+    ;; 2.28.1 is two characters longer than 2.28, so grafting fails due to
+    ;; mismatched lengths of filenames, so we have to force  it to the same length.
+    (version "2281")
+    (source
+      (origin (inherit (package-source binutils))
+              (uri "mirror://gnu/binutils/binutils-2.28.1.tar.bz2")
+              (sha256
+               (base32
+                "1sj234nd05cdgga1r36zalvvdkvpfbr12g5mir2n8i1dwsdrj939"))))))
+
 (define* (make-ld-wrapper name #:key
                           (target (const #f))
                           binutils
diff --git a/gnu/packages/bdw-gc.scm b/gnu/packages/bdw-gc.scm
index 790a238579..ca47227826 100644
--- a/gnu/packages/bdw-gc.scm
+++ b/gnu/packages/bdw-gc.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017 Rene Saavedra <rennes@openmailbox.org>
@@ -78,6 +78,16 @@ C or C++ programs, though that is not its primary goal.")
 
    (license (x11-style (string-append home-page "license.txt")))))
 
+(define-public libgc/back-pointers
+  (package
+    (inherit libgc)
+    (name "libgc-back-pointers")
+    (arguments
+     `(#:make-flags
+       (list "CPPFLAGS=-DKEEP_BACK_PTRS=1")
+       ,@(package-arguments libgc)))
+    (synopsis "The BDW garbage collector, with back-pointer tracking")))
+
 (define-public libatomic-ops
   (package
     (name "libatomic-ops")
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index c5157046ab..5e98aea91f 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -3450,7 +3450,7 @@ sequences).")
                (("^#include \"kseq\\.h\"")
                 "#include \"htslib/kseq.h\""))
              #t))
-         (add-before 'configure 'autoconf
+         (add-after 'fix-includes 'autoconf
            (lambda _ (zero? (system* "autoconf")))))))
     (native-inputs
      `(("autoconf" ,autoconf)
@@ -3475,7 +3475,7 @@ form of assemblies or reads.")
 (define-public metabat
   (package
     (name "metabat")
-    (version "2.11.2")
+    (version "2.12.1")
     (source
      (origin
        (method url-fetch)
@@ -3484,10 +3484,8 @@ form of assemblies or reads.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "0rws9r1ziv6way8cf49jg8bzj7x2131kfqkhj8byf0z5hnrq3bwv"))
-       (patches (search-patches "metabat-remove-compilation-date.patch"
-                                "metabat-fix-compilation.patch"
-                                "metabat-fix-boost-issue.patch"))))
+         "1hmvdalz3zj5sqqklg0l4npjdv37cv2hsdi1al9iby2ndxjs1b73"))
+       (patches (search-patches "metabat-fix-compilation.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -4065,7 +4063,7 @@ predicts the locations of structural units in the sequences.")
 (define-public proteinortho
   (package
     (name "proteinortho")
-    (version "5.16")
+    (version "5.16b")
     (source
      (origin
       (method url-fetch)
@@ -4075,7 +4073,7 @@ predicts the locations of structural units in the sequences.")
         version "_src.tar.gz"))
       (sha256
        (base32
-        "0z4f5cg0cs8ai62hfvp4q6w66q2phcc55nhs4xj5cyhxxivjv2ai"))))
+        "1wl0dawpssqwfjvr651r4wlww8hhjin8nba6xh71ks7sbypx886j"))))
     (build-system gnu-build-system)
     (arguments
      `(#:test-target "test"
@@ -4751,6 +4749,13 @@ simultaneously.")
        #:tests? #f ; no "check" target
        #:phases
        (modify-phases %standard-phases
+         (add-before 'configure 'set-perl-search-path
+           (lambda _
+             ;; Work around "dotless @INC" build failure.
+             (setenv "PERL5LIB"
+                     (string-append (getcwd) "/setup:"
+                                    (getenv "PERL5LIB")))
+             #t))
          (replace 'configure
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (let ((out (assoc-ref outputs "out")))
@@ -5056,6 +5061,13 @@ sequence itself can be retrieved from these databases.")
                                  "/lib32")))
        #:phases
        (modify-phases %standard-phases
+         (add-before 'configure 'set-perl-search-path
+           (lambda _
+             ;; Work around "dotless @INC" build failure.
+             (setenv "PERL5LIB"
+                     (string-append (getcwd) "/setup:"
+                                    (getenv "PERL5LIB")))
+             #t))
          (replace 'configure
            (lambda* (#:key inputs outputs #:allow-other-keys)
              ;; The build system expects a directory containing the sources and
@@ -5396,7 +5408,7 @@ application of SortMeRNA is filtering rRNA from metatranscriptomic data.")
              #t))
          (delete 'configure))))
     (native-inputs
-     `(("vim" ,vim))) ; for xxd
+     `(("xxd" ,xxd)))
     (inputs
      `(("htslib" ,htslib)
        ("zlib" ,zlib)))
@@ -5654,18 +5666,17 @@ information as possible.")
 (define-public r-vegan
   (package
     (name "r-vegan")
-    (version "2.4-3")
+    (version "2.4-4")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "vegan" version))
        (sha256
         (base32
-         "15zcxfix2d854897k1lr0sfmj2n00339nlsppcr3zrb238lb2mi5"))))
+         "1n57dzv2aid6iqd9fkqik401sidqanhzsawyak94qbiyh6dbd1x9"))))
     (build-system r-build-system)
     (native-inputs
-     `(("gfortran" ,gfortran)
-       ("r-knitr" ,r-knitr)))
+     `(("gfortran" ,gfortran)))
     (propagated-inputs
      `(("r-cluster" ,r-cluster)
        ("r-lattice" ,r-lattice)
@@ -6126,10 +6137,33 @@ data.  It is derived from the UCSC hg19 genome and based on the \"knownGene\"
 track.  The database is exposed as a @code{TxDb} object.")
     (license license:artistic2.0)))
 
+(define-public r-sparql
+  (package
+  (name "r-sparql")
+  (version "1.16")
+  (source (origin
+           (method url-fetch)
+           (uri (cran-uri "SPARQL" version))
+           (sha256
+            (base32
+             "0gak1q06yyhdmcxb2n3v0h9gr1vqd0viqji52wpw211qp6r6dcrc"))))
+  (properties `((upstream-name . "SPARQL")))
+  (build-system r-build-system)
+  (propagated-inputs
+   `(("r-rcurl" ,r-rcurl)
+     ("r-xml" ,r-xml)))
+  (home-page "http://cran.r-project.org/web/packages/SPARQL")
+  (synopsis "SPARQL client for R")
+  (description "This package provides an interface to use SPARQL to pose
+SELECT or UPDATE queries to an end-point.")
+  ;; The only license indication is found in the DESCRIPTION file,
+  ;; which states GPL-3.  So we cannot assume GPLv3+.
+  (license license:gpl3)))
+
 (define-public vsearch
   (package
     (name "vsearch")
-    (version "2.4.3")
+    (version "2.4.4")
     (source
      (origin
        (method url-fetch)
@@ -6139,7 +6173,7 @@ track.  The database is exposed as a @code{TxDb} object.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "0hc110ycqpa54nr6x173qg7190hk08qp7yz7zzqxlsypqnpc5zzp"))
+         "1d8a4gjwaqdv57krlr80x18mg5py1bbdiqs5m0jdn38filc9z40k"))
        (patches (search-patches "vsearch-unbundle-cityhash.patch"))
        (snippet
         '(begin
@@ -6153,8 +6187,8 @@ track.  The database is exposed as a @code{TxDb} object.")
     (arguments
      `(#:phases
        (modify-phases %standard-phases
-         (add-before 'configure 'autogen
-                     (lambda _ (zero? (system* "autoreconf" "-vif")))))))
+         (add-after 'unpack 'autogen
+           (lambda _ (zero? (system* "autoreconf" "-vif")))))))
     (inputs
      `(("zlib" ,zlib)
        ("bzip2" ,bzip2)
@@ -6433,13 +6467,13 @@ also known as views, in a controlled vocabulary.")
 (define-public r-bookdown
   (package
   (name "r-bookdown")
-  (version "0.4")
+  (version "0.5")
   (source (origin
             (method url-fetch)
             (uri (cran-uri "bookdown" version))
             (sha256
              (base32
-              "1fp1k7hivrb7s2dwgrsqy9s7xg6pk9hczhrc149y1dwh901j6qvv"))))
+              "0zm63kr4f4kja4qpwkzl119zzyciqj7ihajfqgfjpgb4dzaiycxp"))))
   (build-system r-build-system)
   (propagated-inputs
    `(("r-htmltools" ,r-htmltools)
@@ -7109,13 +7143,13 @@ samples.")
 (define-public r-genomicalignments
   (package
     (name "r-genomicalignments")
-    (version "1.12.1")
+    (version "1.12.2")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "GenomicAlignments" version))
               (sha256
                (base32
-                "127690sys4i5q3l4vxnjg4xg8q19qlw2258vgs5d1156w9ypp04h"))))
+                "03ysxi9fdd3bcfj05iaysya9knn2aa2irwpypb5srg0xwv92bdb9"))))
     (properties
      `((upstream-name . "GenomicAlignments")))
     (build-system r-build-system)
@@ -7990,7 +8024,7 @@ paired-end data.")
 (define-public r-rcas
   (package
     (name "r-rcas")
-    (version "1.1.1")
+    (version "1.3.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/BIMSBbioinfo/RCAS/archive/v"
@@ -7998,7 +8032,7 @@ paired-end data.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1hd0r66556bxbdd82ksjklq7nfli36l4k6y88ic7kkg9873wa1nw"))))
+                "1qgc7vi6fpzl440yg7jhiycg5q336kd4pxqzx10yx2zcq3bq3msg"))))
     (build-system r-build-system)
     (native-inputs
      `(("r-knitr" ,r-knitr)
@@ -8019,6 +8053,7 @@ paired-end data.")
        ("r-bsgenome-dmelanogaster-ucsc-dm3" ,r-bsgenome-dmelanogaster-ucsc-dm3)
        ("r-topgo" ,r-topgo)
        ("r-dt" ,r-dt)
+       ("r-pbapply" ,r-pbapply)
        ("r-plotly" ,r-plotly)
        ("r-plotrix" ,r-plotrix)
        ("r-motifrg" ,r-motifrg)
@@ -8032,7 +8067,7 @@ paired-end data.")
 intuitive reports and publication-ready graphics.  This package provides the R
 library implementing most of the pipeline's features.")
     (home-page "https://github.com/BIMSBbioinfo/RCAS")
-    (license license:expat)))
+    (license license:artistic2.0)))
 
 (define-public rcas-web
   (package
@@ -8370,14 +8405,14 @@ used by @code{ensembldb}, @code{Organism.dplyr}, and other packages.")
 AC_DEFINE([PLD_png], [1], [Define to 1 if PNG support is available])
 AM_CONDITIONAL(AMPNG, true)"))
              #t))
-         (add-after 'unpack 'disable-update-check
+         (add-after 'fix-checks 'disable-update-check
            (lambda _
              ;; At build time there is no connection to the Internet, so
              ;; looking for updates will not work.
              (substitute* "Makefile.am"
                (("\\$\\(bindir\\)/embossupdate") ""))
              #t))
-         (add-before 'configure 'autogen
+         (add-after 'disable-update-check 'autogen
            (lambda _ (zero? (system* "autoreconf" "-vif")))))))
     (inputs
      `(("perl" ,perl)
@@ -8575,25 +8610,24 @@ replacement for strverscmp.")
 (define-public multiqc
   (package
     (name "multiqc")
-    (version "0.9")
+    (version "1.2")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "multiqc" version))
        (sha256
         (base32
-         "12gs1jw2jrxrij529rnl5kaqxfcqn15yzcsggxkfhdx634ml0cny"))
-       (patches (search-patches "multiqc-fix-git-subprocess-error.patch"))))
+         "032svgym67k2ds7wp0cxzv79gi30yrdl45zbqn74lni3dk04qm33"))))
     (build-system python-build-system)
-    (arguments
-     ;; Tests are to be introduced in the next version, see
-     ;; https://github.com/ewels/MultiQC/issues/376
-     `(#:tests? #f))
     (propagated-inputs
      `(("python-jinja2" ,python-jinja2)
        ("python-simplejson" ,python-simplejson)
        ("python-pyyaml" ,python-pyyaml)
        ("python-click" ,python-click)
+       ("python-spectra" ,python-spectra)
+       ("python-requests" ,python-requests)
+       ("python-markdown" ,python-markdown)
+       ("python-lzstring" ,python-lzstring)
        ("python-matplotlib" ,python-matplotlib)
        ("python-numpy" ,python-numpy)
        ;; MultQC checks for the presence of nose at runtime.
@@ -8830,14 +8864,14 @@ trait.")
 (define-public r-maldiquant
   (package
     (name "r-maldiquant")
-    (version "1.16.2")
+    (version "1.16.4")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "MALDIquant" version))
        (sha256
         (base32
-         "0z5srzsfgsgi4bssr4chls4ry6d18y2g9143znqmraylppwrrqzr"))))
+         "1pmhsfvd45a44xdiml4zx3zd5fhygqyziqvygahkk9yibnyhv4cv"))))
     (properties `((upstream-name . "MALDIquant")))
     (build-system r-build-system)
     (home-page "http://cran.r-project.org/web/packages/MALDIquant")
@@ -9443,7 +9477,7 @@ problems in genomics, brain imaging, astrophysics, and data mining.")
        (substitute-keyword-arguments (package-arguments htslib)
          ((#:phases phases)
           `(modify-phases  ,phases
-             (add-before 'configure 'bootstrap
+             (add-after 'unpack 'bootstrap
                (lambda _
                  (zero? (system* "autoreconf" "-vif"))))))))
       (native-inputs
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
index f66d0bb3f4..613537a5d1 100644
--- a/gnu/packages/bootloaders.scm
+++ b/gnu/packages/bootloaders.scm
@@ -395,3 +395,72 @@ also initializes the boards (RAM etc).")
 
 (define-public u-boot-odroid-c2
   (make-u-boot-package "odroid-c2" "aarch64-linux-gnu"))
+
+(define-public os-prober
+  (package
+    (name "os-prober")
+    (version "1.76")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://debian/pool/main/o/os-prober/os-prober_"
+                           version ".tar.xz"))
+       (sha256
+        (base32
+         "1vb45i76bqivlghrq7m3n07qfmmq4wxrkplqx8gywj011rhq19fk"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (ice-9 regex)   ; for string-match
+                  (srfi srfi-26)) ; for cut
+       #:make-flags (list "CC=gcc")
+       #:tests? #f ; no tests
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda* (#:key outputs #:allow-other-keys)
+             (substitute* (find-files ".")
+               (("/usr") (assoc-ref outputs "out")))
+             (substitute* (find-files "." "50mounted-tests$")
+               (("mkdir") "mkdir -p"))
+             #t))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (define (find-files-non-recursive directory)
+               (find-files directory
+                           (lambda (file stat)
+                             (string-match (string-append "^" directory "/[^/]*$")
+                                           file))
+                           #:directories? #t))
+
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin"))
+                    (lib (string-append out "/lib"))
+                    (share (string-append out "/share")))
+               (for-each (cut install-file <> bin)
+                         (list "linux-boot-prober" "os-prober"))
+               (install-file "newns" (string-append lib "/os-prober"))
+               (install-file "common.sh" (string-append share "/os-prober"))
+               (install-file "os-probes/mounted/powerpc/20macosx"
+                             (string-append lib "/os-probes/mounted"))
+               (for-each
+                (lambda (directory)
+                  (for-each
+                   (lambda (file)
+                     (let ((destination (string-append lib "/" directory
+                                                       "/" (basename file))))
+                       (mkdir-p (dirname destination))
+                       (copy-recursively file destination)))
+                   (append (find-files-non-recursive (string-append directory "/common"))
+                           (find-files-non-recursive (string-append directory "/x86")))))
+                (list "os-probes" "os-probes/mounted" "os-probes/init"
+                      "linux-boot-probes" "linux-boot-probes/mounted"))
+               #t))))))
+    (home-page "https://joeyh.name/code/os-prober")
+    (synopsis "Detect other operating systems")
+    (description "os-prober probes disks on the system for other operating
+systems so that they can be added to the bootloader.  It also works out how to
+boot existing GNU/Linux systems and detects what distribution is installed in
+order to add a suitable bootloader menu entry.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/build-tools.scm b/gnu/packages/build-tools.scm
index 353c9c8efb..c535f52400 100644
--- a/gnu/packages/build-tools.scm
+++ b/gnu/packages/build-tools.scm
@@ -70,7 +70,7 @@ makes a few sacrifices to acquire fast full and incremental build times.")
 (define-public meson
   (package
     (name "meson")
-    (version "0.41.1")
+    (version "0.42.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/mesonbuild/meson/"
@@ -78,9 +78,10 @@ makes a few sacrifices to acquire fast full and incremental build times.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "12ygjh1dxi8z06nl704rfb6zj0m2zjqp279nymfgzfgy5zq032d4"))))
+                "0vyp9rkymzzzilhnf04ryszslyp9a0y0wf4agyijd4w5lcnqlcbc"))))
     (build-system python-build-system)
     (inputs `(("ninja", ninja)))
+    (propagated-inputs `(("python" ,python)))
     (home-page "https://mesonbuild.com/")
     (synopsis "Build system designed to be fast and user-friendly")
     (description
@@ -92,6 +93,24 @@ files}, are written in a custom domain-specific language (DSL) that resembles
 Python.")
     (license license:asl2.0)))
 
+(define-public meson-for-build
+  (package
+    (inherit meson)
+    (name "meson-for-build")
+    (version "0.42.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/mesonbuild/meson/"
+                                  "archive/" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0vyp9rkymzzzilhnf04ryszslyp9a0y0wf4agyijd4w5lcnqlcbc"))
+              (patches (search-patches "meson-for-build-rpath.patch"))))
+
+    ;; People should probably install "meson", not "meson-for-build".
+    (properties `((hidden? . #t)))))
+
 (define-public premake4
   (package
     (name "premake")
diff --git a/gnu/packages/calendar.scm b/gnu/packages/calendar.scm
index 74601871cc..9a3aab33ab 100644
--- a/gnu/packages/calendar.scm
+++ b/gnu/packages/calendar.scm
@@ -1,8 +1,8 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
-;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Troy Sankey <sankeytms@gmail.com>
 ;;; Copyright © 2016 Stefan Reichoer <stefan@xsteve.at>
 ;;;
@@ -55,9 +55,8 @@
     (arguments
      '(#:tests? #f ; test suite appears broken
        #:configure-flags
-       (list (string-append "-DCMAKE_INSTALL_RPATH="
-                            (assoc-ref %outputs "out") "/lib:"
-                            (assoc-ref %outputs "out") "/lib64"))
+       (list (string-append "-DCMAKE_INSTALL_LIBDIR="
+                            (assoc-ref %outputs "out") "/lib"))
        #:phases
        (modify-phases %standard-phases
          (add-before 'configure 'patch-paths
diff --git a/gnu/packages/cdrom.scm b/gnu/packages/cdrom.scm
index 704e8ad36d..2f708f0c0b 100644
--- a/gnu/packages/cdrom.scm
+++ b/gnu/packages/cdrom.scm
@@ -147,14 +147,14 @@ libcdio.")
 (define-public xorriso
   (package
     (name "xorriso")
-    (version "1.4.6")
+    (version "1.4.8")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/xorriso/xorriso-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "112p0ghwzxrcjbsir1n2jxhq103ckrw93wzvd55qqvzfgs674vsj"))))
+               "10c44yr3dpmwxa7rf23mwfsy1bahny3jpcg9ig0xjv090jg0d0pc"))))
     (build-system gnu-build-system)
     (inputs
      `(("acl" ,acl)
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 31ffa54d87..6c2ea4c6ec 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -74,7 +74,7 @@
 (define-public nss-certs
   (package
     (name "nss-certs")
-    (version "3.32")
+    (version "3.33")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -85,7 +85,7 @@
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "0dfkgvah0ji8b8lpxyy2w0b3lyz5ldmryii4z7j2bfwnrj0z7iim"))))
+                "1r44qa4j7sri50mxxbnrpm6fxprwrhv76whi7bfq73j06syxmw4q"))))
     (build-system gnu-build-system)
     (outputs '("out"))
     (native-inputs
diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm
index 008dfc1ccd..fcfedb99aa 100644
--- a/gnu/packages/check.scm
+++ b/gnu/packages/check.scm
@@ -7,7 +7,8 @@
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
 ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox.org>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
-;;; Copyright © 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2017 Kei Kebreau <kkebreau@posteo.net>
+;;; Copyright © 2017 ng0 <ng0@infotropique.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -270,3 +271,26 @@ normally do not detect.  The goal is to detect only real errors in the code
 discovery, death tests, assertions, parameterized tests and XML test report
 generation.")
     (license bsd-3)))
+
+(define-public cpputest
+  (package
+    (name "cpputest")
+    (version "3.8")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/cpputest/cpputest/releases/download/v"
+                           version "/cpputest-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0mk48xd3klyqi7wf3f4wn4zqxxzmvrhhl32r25jzrixzl72wq7f8"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("googletest" ,googletest)))
+    (home-page "https://cpputest.github.io/")
+    (synopsis "Unit testing and mocking framework for C/C++")
+    (description
+     "CppUTest is a C/C++ based unit xUnit test framework.  It is written in
+C++ but is used in C and C++ projects and frequently used in embedded systems
+but it works for any C/C++ project.")
+    (license bsd-3)))
diff --git a/gnu/packages/ci.scm b/gnu/packages/ci.scm
index d936c8fa10..2a22f222d3 100644
--- a/gnu/packages/ci.scm
+++ b/gnu/packages/ci.scm
@@ -187,8 +187,8 @@ their dependencies.")
       (license l:gpl3+))))
 
 (define-public cuirass
-  (let ((commit "6f85bc04f31ae5853ceaa0bb3e1dedfe8412a189")
-        (revision "7"))
+  (let ((commit "9cfea9fe2e3ca6a3d1b832a6ec217426ec973c93")
+        (revision "10"))
     (package
       (name "cuirass")
       (version (string-append "0.0.1-" revision "." (string-take commit 7)))
@@ -200,7 +200,7 @@ their dependencies.")
                 (file-name (string-append name "-" version))
                 (sha256
                  (base32
-                  "1dglsa23z21m1s70420ar73qmg39fvdvwlz9xjz6lfp5s9mgzx15"))))
+                  "177klidmsw12kjk9dzawc0bqcwqlplgx45m87qpgjfx3cnk28i2b"))))
       (build-system gnu-build-system)
       (arguments
        '(#:modules ((guix build utils)
@@ -216,7 +216,12 @@ their dependencies.")
                (substitute* "Makefile.am"
                  (("tests/repo.scm \\\\") "\\"))
                #t))
-           (add-before 'configure 'bootstrap
+           (add-after 'disable-repo-tests 'patch-/bin/sh
+             (lambda _
+               (substitute* "build-aux/git-version-gen"
+                 (("#!/bin/sh") (string-append "#!" (which "sh"))))
+               #t))
+           (add-after 'patch-/bin/sh 'bootstrap
              (lambda _ (zero? (system* "sh" "bootstrap"))))
            (add-after 'install 'wrap-program
              (lambda* (#:key inputs outputs #:allow-other-keys)
@@ -263,6 +268,17 @@ their dependencies.")
          ("automake" ,automake)
          ("pkg-config" ,pkg-config)
          ("texinfo" ,texinfo)))
+      (native-search-paths
+       ;; For HTTPS access, Cuirass itself honors these variables, with the
+       ;; same semantics as Git and OpenSSL (respectively).
+       (list (search-path-specification
+              (variable "GIT_SSL_CAINFO")
+              (file-type 'regular)
+              (separator #f)                      ;single entry
+              (files '("etc/ssl/certs/ca-certificates.crt")))
+             (search-path-specification
+              (variable "SSL_CERT_DIR")
+              (files '("etc/ssl/certs")))))
       (synopsis "Continuous integration system")
       (description
        "Cuirass is a continuous integration tool using GNU Guix.  It is
diff --git a/gnu/packages/cobol.scm b/gnu/packages/cobol.scm
new file mode 100644
index 0000000000..f8f35928a7
--- /dev/null
+++ b/gnu/packages/cobol.scm
@@ -0,0 +1,59 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages cobol)
+  #:use-module (gnu packages)
+  #:use-module (guix build-system gnu)
+  #:use-module (guix licenses)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (gnu packages databases)
+  #:use-module (gnu packages multiprecision)
+  #:use-module (gnu packages ncurses))
+
+(define-public gnucobol
+  (package
+    (name "gnucobol")
+    (version "2.2")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append
+               "mirror://gnu/gnucobol/gnucobol-"
+               version ".tar.xz"))
+        (sha256
+         (base32
+          "1814s1n95xax2dz938cf4fkcp0q94nkj1gjbdblbzpk9q92zq66w"))))
+    (arguments
+     '(#:configure-flags (list (string-append "LDFLAGS=-Wl,-rpath="
+                                              (assoc-ref %outputs "out")
+                                              "/lib"))))
+    (inputs
+     `(("bdb" ,bdb)
+       ("gmp" ,gmp)
+       ("ncurses" ,ncurses)))
+    (build-system gnu-build-system)
+    (home-page "https://savannah.gnu.org/projects/gnucobol/")
+    (synopsis "A modern COBOL compiler")
+    (description "GnuCOBOL is a free, modern COBOL compiler.  GnuCOBOL
+implements a substantial part of the COBOL 85, COBOL 2002 and COBOL 2014
+standards and X/Open COBOL, as well as many extensions included in other
+COBOL compilers (IBM COBOL, MicroFocus COBOL, ACUCOBOL-GT and others).
+GnuCOBOL translates COBOL into C and compiles the translated code using
+a native C compiler.")
+    (license gpl3+)))
diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index fa9e19db7d..6e04739f62 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -193,16 +193,16 @@ COCOMO model or user-provided parameters.")
 (define-public cloc
   (package
     (name "cloc")
-    (version "1.72")
+    (version "1.74")
     (source
      (origin
        (method url-fetch)
        (uri (string-append
-             "https://github.com/AlDanial/cloc/releases/download/v" version
+             "https://github.com/AlDanial/cloc/releases/download/" version
              "/cloc-" version ".tar.gz"))
        (sha256
         (base32
-         "1gl7bxb4bi6pms0zzl133pzpfypvz57hk2cw7yf6rvs8b48kilnz"))))
+         "0rq5xfiln1wlv3yr9mg18ax4gskbss786iqaf0v45iv6awyl5b2m"))))
     (build-system gnu-build-system)
     (inputs
      `(("coreutils" ,coreutils)
@@ -241,7 +241,7 @@ of source code in many programming languages.  Given two versions of a code
 base, cloc can compute differences in blank, comment, and source lines.
 
 cloc contains code from David Wheeler's SLOCCount.  Compared to SLOCCount,
-cloc can handle a greater variety of programming langauges.")
+cloc can handle a greater variety of programming languages.")
     (license license:gpl2+)))
 
 (define-public the-silver-searcher
diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm
index 318a2795b1..23939157ec 100644
--- a/gnu/packages/commencement.scm
+++ b/gnu/packages/commencement.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2014 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org>
 ;;; Copyright © 2014, 2015, 2017 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -112,8 +113,7 @@
 
 (define file-boot0
   (package-with-bootstrap-guile
-   (package-with-explicit-inputs (package
-                                   (inherit file)
+   (package-with-explicit-inputs (package/inherit file
                                    (name "file-boot0"))
                                  `(("make" ,gnu-make-boot0)
                                    ,@%bootstrap-inputs)
@@ -140,7 +140,7 @@
 
 (define binutils-boot0
   (package-with-bootstrap-guile
-   (package (inherit binutils)
+   (package/inherit binutils
      (name "binutils-cross-boot0")
      (arguments
       `(#:guile ,%bootstrap-guile
@@ -681,7 +681,7 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
 
 (define binutils-final
   (package-with-bootstrap-guile
-   (package (inherit binutils)
+   (package/inherit binutils
      (arguments
       `(#:guile ,%bootstrap-guile
         #:implicit-inputs? #f
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index cd9ed7cccf..f3fe5e8de1 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -12,7 +12,7 @@
 ;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
 ;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
-;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2017 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
@@ -114,7 +114,7 @@ in compression.")
        (modify-phases %standard-phases
          (add-after 'unpack 'enter-source
            (lambda _ (chdir "contrib/minizip") #t))
-         (add-before 'configure 'autoreconf
+         (add-after 'enter-source 'autoreconf
            (lambda _
              (zero? (system* "autoreconf" "-vif")))))))
     (native-inputs
@@ -767,6 +767,28 @@ the LZ4 frame format.")
 (define-public python2-lz4
   (package-with-python2 python-lz4))
 
+(define-public python-lzstring
+  (package
+    (name "python-lzstring")
+    (version "1.0.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "lzstring" version))
+       (sha256
+        (base32
+         "1d3ck454y41mii0gcjabpmp2skb7n0f9zk232gycqdv8z2jxakfm"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-future" ,python-future)))
+    (home-page "https://github.com/gkovacs/lz-string-python")
+    (synopsis "String compression")
+    (description "Lz-string is a string compressor library for Python.")
+    (license license:expat)))
+
+(define-public python2-lzstring
+  (package-with-python2 python-lzstring))
+
 (define-public squashfs-tools
   (package
     (name "squashfs-tools")
@@ -963,7 +985,7 @@ respectively, based on the reference implementation from Google.")
        (modify-phases %standard-phases
          (add-after 'unpack 'enter-build-directory
            (lambda _ (chdir "xdelta3")))
-         (add-before 'configure 'autoconf
+         (add-after 'enter-build-directory 'autoconf
            (lambda _ (zero? (system* "autoreconf" "-vfi")))))))
     (home-page "http://xdelta.com")
     (synopsis "Delta encoder for binary files")
@@ -1529,22 +1551,24 @@ manipulate, read, and write Zip archive files.")
 (define-public libzip
   (package
     (name "libzip")
-    (version "1.2.0")
+    (version "1.3.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                    "https://nih.at/libzip/libzip-" version ".tar.gz"))
-              (patches (search-patches "libzip-CVE-2017-12858.patch"))
+                    "https://nih.at/libzip/libzip-" version ".tar.xz"))
               (sha256
                (base32
-                "17vxj2ffsxwh8lkc6801ppmwj15jp8q58rin76znxfbx88789ybc"))))
+                "0wykw0q9dwdzx0gssi2dpgckx9ggr2spzc1amjnff6wi6kz6x4xa"))))
     (arguments
-     `(#:phases
+     '(#:phases
        (modify-phases %standard-phases
-         (add-before 'configure 'patch-perl
+         (add-after 'build 'remove-failing-tests
+           ;; These tests are known to fail on 32-bit architectures.
+           ;; see thread: https://nih.at/listarchive/libzip-discuss/msg00713.html
            (lambda _
-             (substitute* "regress/runtest.in"
-               (("/usr/bin/env perl") (which "perl"))))))))
+             (substitute* "regress/Makefile"
+               (("encryption-nonrandom") "#encryption-nonrandom"))
+             #t)))))
     (native-inputs
      `(("perl" ,perl)))
     (inputs
diff --git a/gnu/packages/cpp.scm b/gnu/packages/cpp.scm
index da192553a5..5ad9fd33bc 100644
--- a/gnu/packages/cpp.scm
+++ b/gnu/packages/cpp.scm
@@ -45,12 +45,12 @@
      '(#:phases
        ;; build scripts not in root of archive
        (modify-phases %standard-phases
-         (add-before 'configure 'pre-configure
+         (add-after 'unpack 'pre-configure
            (lambda _
              (chdir "Project/GNU/Library")))
-         (add-before 'configure 'autogen
+         (add-after 'pre-configure 'autogen
            (lambda _
-             (zero? (system* "./autogen.sh")))))))
+             (zero? (system* "sh" "autogen.sh")))))))
     (home-page "https://github.com/MediaArea/ZenLib")
     (synopsis "C++ utility library")
     (description "ZenLib is a C++ utility library.  It includes classes for handling
diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm
index bb7576352f..e00a8a4ba2 100644
--- a/gnu/packages/cran.scm
+++ b/gnu/packages/cran.scm
@@ -23,6 +23,7 @@
   #:use-module (guix utils)
   #:use-module (guix build-system r)
   #:use-module (gnu packages gcc)
+  #:use-module (gnu packages machine-learning)
   #:use-module (gnu packages maths)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages statistics)
@@ -91,13 +92,13 @@ error stream.")
 (define-public r-rcpp
   (package
     (name "r-rcpp")
-    (version "0.12.12")
+    (version "0.12.13")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "Rcpp" version))
        (sha256
-        (base32 "1byyqvlgb2p46p1gv243k73rk69fa8pa4l5m5asmckag2pkb2glz"))))
+        (base32 "1bm84yc48475plgsnnbvzi6nzkixpnfw8ry86ax63f9g524asw55"))))
     (build-system r-build-system)
     (home-page "http://www.rcpp.org")
     (synopsis "Seamless R and C++ integration")
@@ -202,14 +203,14 @@ on (non-orthogonal) variable vectors in scatterplots and biplots.")
 (define-public r-shape
   (package
     (name "r-shape")
-    (version "1.4.2")
+    (version "1.4.3")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "shape" version))
        (sha256
         (base32
-         "0yk3cmsa57svcvbnm21pyr0s0qbhnllka8nmsg4yb41frjlqph66"))))
+         "1v9xp60p813rnx41vchkh32qmcb4z2zp9l7r1a8a6f8aqylnq3vj"))))
     (build-system r-build-system)
     (home-page "http://cran.r-project.org/web/packages/shape")
     (synopsis "Functions for plotting graphical shapes")
@@ -241,14 +242,14 @@ validation and filtering on the values, making options invisible or private.")
 (define-public r-circlize
   (package
     (name "r-circlize")
-    (version "0.4.0")
+    (version "0.4.1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "circlize" version))
        (sha256
         (base32
-         "0p1zx1aawkblz48kzzfn5w1k3lbwv9wrk1k5gcfjrr2b4sz1pp5b"))))
+         "1w7i3jgxgq510axglzmw54ma9kq7k4c86i9ccndz10mrwc51fji0"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-colorspace" ,r-colorspace)
@@ -271,14 +272,14 @@ patterns behind multiple dimensional data.")
 (define-public r-powerlaw
   (package
     (name "r-powerlaw")
-    (version "0.70.0")
+    (version "0.70.1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "poweRlaw" version))
        (sha256
         (base32
-         "1p2la3hslxq2xa8jkwvci6zcpn47cvyr9xqd5agp1riwwp2xw5gh"))))
+         "04sr0nhdd1v915m0zf5gasznzgi08ykcy20kkwdw0l5mvvdbic8m"))))
     (properties `((upstream-name . "poweRlaw")))
     (build-system r-build-system)
     (propagated-inputs
@@ -459,14 +460,14 @@ quantities.")
 (define-public r-reshape
   (package
     (name "r-reshape")
-    (version "0.8.6")
+    (version "0.8.7")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "reshape" version))
        (sha256
         (base32
-         "1f1ngalc22knhdm9djv1m6abnjqpv1frdzxfkpakhph2l67bk7fq"))))
+         "14ir3w4bb3bsz8jsak27nj7kpn227pdgr9653gjq5wc93rywi9ig"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-plyr" ,r-plyr)
@@ -505,14 +506,14 @@ package also provides a C++ API, that works with or without Rcpp.")
 (define-public r-ggally
   (package
     (name "r-ggally")
-    (version "1.3.0")
+    (version "1.3.2")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "GGally" version))
        (sha256
         (base32
-         "12ddab0nd0f9c7bb6cx3c22mliyvc8xsxv26aqz3cvfbla8crp3b"))))
+         "02px7j28wzbhcgcwm2m0pxb6g7s5zvphl64ix55pkvag4m2ky57l"))))
     (properties `((upstream-name . "GGally")))
     (build-system r-build-system)
     (propagated-inputs
@@ -556,14 +557,14 @@ most popular ones.")
 (define-public r-sp
   (package
     (name "r-sp")
-    (version "1.2-4")
+    (version "1.2-5")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "sp" version))
        (sha256
         (base32
-         "0crba3j00mb2xv2yk60rpa57gn97xq4ql3a6p9cjzqjxzv2cknk2"))))
+         "09yydnacp33yx0kn537k96fjlbf75fjafqfknpa5gvci4l888bqd"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-lattice" ,r-lattice)))
@@ -623,14 +624,14 @@ quantile mixture from L-moments and trimmed L-moments.")
 (define-public r-distillery
   (package
     (name "r-distillery")
-    (version "1.0-2")
+    (version "1.0-4")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "distillery" version))
        (sha256
         (base32
-         "12m4cacvc18fd3aayc8iih5q6bwsmvf29b55fwp7vs8wp1h8nd8c"))))
+         "1m0pgmlvk7bsb6q3kxagnq422babk61sf73naavac68v8x2q8fix"))))
     (build-system r-build-system)
     (home-page "http://www.ral.ucar.edu/staff/ericg")
     (synopsis "Functions for confidence intervals and object information")
@@ -851,14 +852,14 @@ data).  Weighted versions of MLE, MME and QME are available.")
 (define-public r-energy
   (package
     (name "r-energy")
-    (version "1.7-0")
+    (version "1.7-2")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "energy" version))
        (sha256
         (base32
-         "1g4hqi6mgsnd1w4q7dd2m40ljh2jdmvad91ksbq9fscnrqpvji1x"))))
+         "19c7bgjnm4ggf7w5mk64c5shkma3sa9wc8x117iqv7pk1bvvyy3p"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-boot" ,r-boot)
@@ -904,14 +905,14 @@ George Marsaglia are included.")
 (define-public r-ksamples
   (package
     (name "r-ksamples")
-    (version "1.2-6")
+    (version "1.2-7")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "kSamples" version))
        (sha256
         (base32
-         "1pbam0zqq44slpxdgl2s2fsfdgl7i0pgm8bzlvnm0fy0na24bgdj"))))
+         "0f19rjngk0lg6s8c6h5l55qpxp8sl4vxj3kpi05cizzncny9b9bj"))))
     (properties `((upstream-name . "kSamples")))
     (build-system r-build-system)
     (propagated-inputs
@@ -928,3 +929,291 @@ sampling from populations, given the observed tie pattern.  Except for Steel's
 test and the JT test it also combines these tests across several blocks of
 samples.")
     (license license:gpl2+)))
+
+(define-public r-cvst
+  (package
+    (name "r-cvst")
+    (version "0.2-1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "CVST" version))
+       (sha256
+        (base32
+         "17xacyi8cf37rr2xswx96qy7pwkaqq394awdlswykz3qlyzx4zx2"))))
+    (properties `((upstream-name . "CVST")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-kernlab" ,r-kernlab)
+       ("r-matrix" ,r-matrix)))
+    (home-page "http://cran.r-project.org/web/packages/CVST")
+    (synopsis "Fast cross-validation via sequential testing")
+    (description
+     "This package implements the fast cross-validation via sequential
+testing (CVST) procedure.  CVST is an improved cross-validation procedure
+which uses non-parametric testing coupled with sequential analysis to
+determine the best parameter set on linearly increasing subsets of the data.
+Additionally to the CVST the package contains an implementation of the
+ordinary k-fold cross-validation with a flexible and powerful set of helper
+objects and methods to handle the overall model selection process.  The
+implementations of the Cochran's Q test with permutations and the sequential
+testing framework of Wald are generic and can therefore also be used in other
+contexts.")
+    (license license:gpl2+)))
+
+(define-public r-lava
+  (package
+    (name "r-lava")
+    (version "1.5.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "lava" version))
+       (sha256
+        (base32
+         "1vcm04h9i39gmf2prl5d4j4il4gs6skzr6y2fvl1vn4hklna87f4"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-numderiv" ,r-numderiv)
+       ("r-survival" ,r-survival)))
+    (home-page "https://github.com/kkholst/lava")
+    (synopsis "Latent variable models")
+    (description
+     "This package provides tools for the estimation and simulation of latent
+variable models.")
+    (license license:gpl3)))
+
+(define-public r-drr
+  (package
+    (name "r-drr")
+    (version "0.0.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "DRR" version))
+       (sha256
+        (base32
+         "1scfwp6ry6apxzqjclsmn2frxp9qfw6zxsxn5w0j0q3sz42hz1h2"))))
+    (properties `((upstream-name . "DRR")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-cvst" ,r-cvst)
+       ("r-kernlab" ,r-kernlab)
+       ("r-matrix" ,r-matrix)))
+    (home-page "http://cran.r-project.org/web/packages/DRR")
+    (synopsis "Dimensionality reduction via regression")
+    (description
+     "This package provides an implementation of dimensionality reduction via
+regression using Kernel Ridge Regression.")
+    (license license:gpl3)))
+
+(define-public r-prodlim
+  (package
+    (name "r-prodlim")
+    (version "1.6.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "prodlim" version))
+       (sha256
+        (base32
+         "0m51rkivx1zr6whdqwj66jpnkmp4385m06kkha3dp8qqf4jna9iz"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-kernsmooth" ,r-kernsmooth)
+       ("r-lava" ,r-lava)
+       ("r-rcpp" ,r-rcpp)
+       ("r-survival" ,r-survival)))
+    (home-page "http://cran.r-project.org/web/packages/prodlim")
+    (synopsis "Product-limit estimation for censored event history analysis")
+    (description
+     "This package provides a fast and user-friendly implementation of
+nonparametric estimators for censored event history (survival) analysis with
+the Kaplan-Meier and Aalen-Johansen methods.")
+    (license license:gpl2+)))
+
+(define-public r-dimred
+  (package
+    (name "r-dimred")
+    (version "0.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "dimRed" version))
+       (sha256
+        (base32
+         "0fasca5fsbrxdwv30hch7vb9snb844l7l8p5fjf239dq45xfy37v"))))
+    (properties `((upstream-name . "dimRed")))
+    (build-system r-build-system)
+    (propagated-inputs `(("r-drr" ,r-drr)))
+    (home-page "https://github.com/gdkrmr/dimRed")
+    (synopsis "Framework for dimensionality reduction")
+    (description
+     "This package provides a collection of dimensionality reduction
+techniques from R packages and provides a common interface for calling the
+methods.")
+    (license license:gpl3)))
+
+(define-public r-timedate
+  (package
+    (name "r-timedate")
+    (version "3012.100")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "timeDate" version))
+       (sha256
+        (base32
+         "0cn4h23y2y2bbg62qgm79xx4cvfla5xbpmi9hbdvkvpmm5yfyqk2"))))
+    (properties `((upstream-name . "timeDate")))
+    (build-system r-build-system)
+    (home-page "https://www.rmetrics.org")
+    (synopsis "Chronological and calendar objects")
+    (description
+     "This package provides an environment for teaching \"Financial
+Engineering and Computational Finance\" and for managing chronological and
+calendar objects.")
+    (license license:gpl2+)))
+
+(define-public r-ddalpha
+  (package
+    (name "r-ddalpha")
+    (version "1.3.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "ddalpha" version))
+       (sha256
+        (base32
+         "0pczw9543y7f92m7gyk7rxcjn8vsjaldc5vl0r56ywip9i374zbh"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-bh" ,r-bh)
+       ("r-class" ,r-class)
+       ("r-mass" ,r-mass)
+       ("r-rcpp" ,r-rcpp)
+       ("r-robustbase" ,r-robustbase)
+       ("r-sfsmisc" ,r-sfsmisc)))
+    (native-inputs
+     `(("gfortran" ,gfortran)))
+    (home-page "http://cran.r-project.org/web/packages/ddalpha")
+    (synopsis "Depth-Based classification and calculation of data depth")
+    (description
+     "This package contains procedures for depth-based supervised learning,
+which are entirely non-parametric, in particular the DDalpha-procedure (Lange,
+Mosler and Mozharovskyi, 2014).  The training data sample is transformed by a
+statistical depth function to a compact low-dimensional space, where the final
+classification is done.  It also offers an extension to functional data and
+routines for calculating certain notions of statistical depth functions.  50
+multivariate and 5 functional classification problems are included.")
+    (license license:gpl2)))
+
+(define-public r-gower
+  (package
+    (name "r-gower")
+    (version "0.1.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "gower" version))
+       (sha256
+        (base32
+         "1mbrj1lam3jfbby2j32shmmj5cn09zx3rkxbamq7q8sdg39b54gb"))))
+    (build-system r-build-system)
+    (native-inputs
+     `(("r-knitr" ,r-knitr)))
+    (home-page "https://github.com/markvanderloo/gower")
+    (synopsis "Gower's distance")
+    (description
+     "This package provides tools to compute Gower's distance (or similarity)
+coefficient between records, and to compute the top-n matches between records.
+Core algorithms are executed in parallel on systems supporting OpenMP.")
+    (license license:gpl3)))
+
+(define-public r-rcpproll
+  (package
+    (name "r-rcpproll")
+    (version "0.2.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "RcppRoll" version))
+       (sha256
+        (base32
+         "19xzvxym8zbighndygkq4imfwc0abh4hqyq3qrr8aakyd096iisi"))))
+    (properties `((upstream-name . "RcppRoll")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-rcpp" ,r-rcpp)))
+    (home-page "http://cran.r-project.org/web/packages/RcppRoll")
+    (synopsis "Efficient rolling and windowed operations")
+    (description
+     "This package provides fast and efficient routines for common rolling /
+windowed operations.  Routines for the efficient computation of windowed mean,
+median, sum, product, minimum, maximum, standard deviation and variance are
+provided.")
+    (license license:gpl2+)))
+
+(define-public r-ipred
+  (package
+    (name "r-ipred")
+    (version "0.9-6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "ipred" version))
+       (sha256
+        (base32
+         "1vrw1pqcpnc04x1r2h9grdfm6bivs358sww5gg90jwlvxcw69lxq"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-class" ,r-class)
+       ("r-mass" ,r-mass)
+       ("r-nnet" ,r-nnet)
+       ("r-prodlim" ,r-prodlim)
+       ("r-rpart" ,r-rpart)
+       ("r-survival" ,r-survival)))
+    (home-page "http://cran.r-project.org/web/packages/ipred")
+    (synopsis "Improved predictors")
+    (description
+     "This package provides improved predictive models by indirect
+classification and bagging for classification, regression and survival
+problems as well as resampling based estimators of prediction error.")
+    (license license:gpl2+)))
+
+(define-public r-recipes
+  (package
+    (name "r-recipes")
+    (version "0.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "recipes" version))
+       (sha256
+        (base32
+         "0rydk403qihxmcv3zz323r3ywk4g1v7ibvj452rxhm0z22sqk9kb"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-ddalpha" ,r-ddalpha)
+       ("r-dimred" ,r-dimred)
+       ("r-dplyr" ,r-dplyr)
+       ("r-gower" ,r-gower)
+       ("r-ipred" ,r-ipred)
+       ("r-lubridate" ,r-lubridate)
+       ("r-magrittr" ,r-magrittr)
+       ("r-purrr" ,r-purrr)
+       ("r-rcpproll" ,r-rcpproll)
+       ("r-rlang" ,r-rlang)
+       ("r-tibble" ,r-tibble)
+       ("r-tidyselect" ,r-tidyselect)
+       ("r-timedate" ,r-timedate)))
+    (home-page "https://github.com/topepo/recipes")
+    (synopsis "Preprocessing tools to create design matrices")
+    (description
+     "Recipes is an extensible framework to create and preprocess design
+matrices.  Recipes consist of one or more data manipulation and analysis
+\"steps\".  Statistical parameters for the steps can be estimated from an
+initial data set and then applied to other data sets.  The resulting design
+matrices can then be used as inputs into statistical or machine learning
+models.")
+    (license license:gpl2)))
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index 0a05a10698..9c657cd1f6 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -58,25 +58,56 @@
 (define-public libsodium
   (package
     (name "libsodium")
-    (version "1.0.13")
+    (version "1.0.14")
     (source (origin
             (method url-fetch)
             (uri (list (string-append
-                        "http://download.libsodium.org/libsodium/"
+                        "https://download.libsodium.org/libsodium/"
                         "releases/libsodium-" version ".tar.gz")
                        (string-append
                         "https://download.libsodium.org/libsodium/"
                         "releases/old/libsodium-" version ".tar.gz")))
             (sha256
              (base32
-              "1z93wfg4k5svg8yck6cgdr6ysj91kbpn03nyzwxanncy3b5sq4ww"))))
+              "1rvylybhxyn6ap3hrcingsl737zrqg12l7r91ns93j7xjz889z1w"))))
     (build-system gnu-build-system)
     (synopsis "Portable NaCl-based crypto library")
     (description
      "Sodium is a new easy-to-use high-speed software library for network
 communication, encryption, decryption, signatures, etc.")
     (license license:isc)
-    (home-page "http://libsodium.org")))
+    (home-page "https://libsodium.org")))
+
+(define-public libmd
+  (package
+    (name "libmd")
+    (version "0.0.0")
+    (source (origin
+            (method url-fetch)
+            (uri (string-append
+                  "https://archive.hadrons.org/software/libmd/libmd-"
+                  version
+                  ".tar.xz"))
+            (sha256
+             (base32
+              "121s73pgbqsnmy6xblbrkj9y44c5zzzpf2hcmh6zvcvg4dk26gzx"))))
+    (build-system gnu-build-system)
+    (synopsis "Message Digest functions from BSD systems")
+    (description
+     "The currently provided message digest algorithms are:
+@itemize
+@item MD2
+@item MD4
+@item MD5
+@item RIPEMD-160
+@item SHA-1
+@item SHA-2 (SHA-256, SHA-384 and SHA-512)
+@end itemize")
+    (license (list license:bsd-3
+                   license:bsd-2
+                   license:isc
+                   license:public-domain))
+    (home-page "https://www.hadrons.org/software/libmd/")))
 
 (define-public signify
   (package
@@ -161,7 +192,7 @@ OpenBSD tool of the same name.")
     (arguments
      `(#:configure-flags '("--disable-tools" "--disable-python")
        #:phases (modify-phases %standard-phases
-                  (add-before 'configure 'autoconf
+                  (add-after 'unpack 'autoconf
                     (lambda _
                       (zero? (system* "autoreconf" "-vfi")))))))
     (home-page "https://github.com/savoirfairelinux/opendht/")
diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index aba8ce7eb1..cef586f763 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
@@ -27,10 +27,14 @@
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages)
+  #:use-module (gnu packages algebra)
+  #:use-module (gnu packages autotools)
   #:use-module (gnu packages avahi)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages groff)
   #:use-module (gnu packages libusb)
-  #:use-module (gnu packages autotools)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages pretty-print)
   #:use-module (gnu packages python)
   #:use-module (gnu packages scanner)
   #:use-module (gnu packages image)
@@ -445,3 +449,119 @@ device-specific programs to convert and print many types of files.")
               ;; TODO: Make hp-setup find python-dbus.
               ("python-dbus" ,python-dbus)))
     (native-inputs `(("pkg-config" ,pkg-config)))))
+
+(define-public foomatic-filters
+  (package
+    (name "foomatic-filters")
+    (version "4.0.12")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "http://www.openprinting.org/download/foomatic/"
+                    name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "17w26r15094j4fqifa7f7i7jad4gsy9zdlq69kffrykcw31qx3q8"))
+              (patches
+               (search-patches "foomatic-filters-CVE-2015-8327.patch"
+                               "foomatic-filters-CVE-2015-8560.patch"))))
+    (build-system gnu-build-system)
+    (home-page
+     "https://wiki.linuxfoundation.org/openprinting/database/foomatic")
+    (native-inputs
+     `(("perl" ,perl)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("dbus" ,dbus)
+       ("a2ps" ,a2ps)))
+    (arguments
+     '( ;; Specify the installation directories.
+       #:configure-flags (list (string-append "ac_cv_path_CUPS_BACKENDS="
+                                              (assoc-ref %outputs "out")
+                                              "/lib/cups/backend")
+                               (string-append "ac_cv_path_CUPS_FILTERS="
+                                              (assoc-ref %outputs "out")
+                                              "/lib/cups/filter")
+                               (string-append "ac_cv_path_PPR_INTERFACES="
+                                              (assoc-ref %outputs "out")
+                                              "/lib/ppr/interfaces")
+                               (string-append "ac_cv_path_PPR_LIB="
+                                              (assoc-ref %outputs "out")
+                                              "/lib/ppr/lib")
+
+                               ;; For some reason these are misdiagnosed.
+                               "ac_cv_func_malloc_0_nonnull=yes"
+                               "ac_cv_func_realloc_0_nonnull=yes")
+       #:test-target "tests"))
+    (synopsis "Convert PostScript to the printer's native format")
+    (description
+     "This package contains filter scripts used by the printer spoolers to
+convert the incoming PostScript data into the printer's native format using a
+printer/driver specific, but spooler-independent PPD file.")
+    (license license:gpl2+)))
+
+(define-public foo2zjs
+  (package
+    ;; The tarball is called "foo2zjs", but the web page talks about
+    ;; "foo2xqx".  Go figure!
+    (name "foo2zjs")
+    (version "201709")
+    (source (origin
+              (method url-fetch)
+              ;; XXX: This is an unversioned URL!
+              (uri "http://foo2zjs.rkkda.com/foo2zjs.tar.gz")
+              (sha256
+               (base32
+                "0amjj3jr6s6h7crzxyx11v31sj0blz7k5c2vycz4gn8cxlmk3c7w"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (replace 'configure
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      (substitute* (find-files "." "^Makefile$")
+                        ;; Set the installation directory.
+                        (("^PREFIX[[:blank:]]*=.*$")
+                         (string-append "PREFIX = "
+                                        (assoc-ref outputs "out")
+                                        "\n"))
+                        (("^UDEVBIN[[:blank:]]*=.*$")
+                         "UDEVBIN = $(PREFIX)/bin\n")
+                        ;; Don't try to chown/chgrp the installed files.
+                        (("-oroot")
+                         "")
+                        (("-glp")
+                         "")
+                        ;; Placate the dependency checks.
+                        (("/usr/include/stdio.h")
+                         "/etc/passwd")
+                        (("/usr/")
+                         "$(PREFIX)/")
+                        ;; Ensure fixed timestamps in man pages.
+                        (("^MODTIME[[:blank:]]*=.*$")
+                         "MODTIME = echo Thu Jan 01 01:00:00 1970\n"))
+                      #t))
+                  (add-after 'install 'remove-pdf
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      ;; Remove 'manual.pdf' which is (1) useless (it's a
+                      ;; concatenation of man pages), and (2) not
+                      ;; bit-reproducible due to <https://bugs.gnu.org/27593>.
+                      (let ((out (assoc-ref outputs "out")))
+                        (for-each delete-file
+                                  (find-files out "^manual\\.pdf$"))
+                        #t))))
+       #:parallel-build? #f                       ;broken makefile
+       #:tests? #f                                ;no tests
+       #:make-flags '("CC=gcc")))
+    (inputs
+     `(("ghostscript" ,ghostscript)
+       ("foomatic-filters" ,foomatic-filters)))   ;for 'foomatic-rip'
+    (native-inputs
+     `(("bc" ,bc)
+       ("groff" ,groff)))
+    (home-page "http://foo2xqx.rkkda.com/")
+    (synopsis "Printer driver for XQX stream protocol")
+    (description
+     "This package provides a printer driver notably for the ZJS and XQX
+protocols, which cover printers made by Konica, HP (LaserJet), Oki, Samsung,
+and more.  See @file{README} for details.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 37890a91fc..20981dced1 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -5,7 +5,7 @@
 ;;; Copyright © 2014, 2016 David Thompson <davet@gnu.org>
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
+;;; Copyright © 2015, 2016 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
@@ -18,6 +18,7 @@
 ;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
+;;; Copyright © 2017 Ben Woodcroft <donttrustben@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -52,6 +53,7 @@
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnupg)
+  #:use-module (gnu packages time)
   #:use-module (gnu packages jemalloc)
   #:use-module (gnu packages language)
   #:use-module (gnu packages libevent)
@@ -66,6 +68,7 @@
   #:use-module (gnu packages python)
   #:use-module (gnu packages rdf)
   #:use-module (gnu packages readline)
+  #:use-module (gnu packages ruby)
   #:use-module (gnu packages tcl)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages xml)
@@ -75,6 +78,7 @@
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system perl)
   #:use-module (guix build-system python)
+  #:use-module (guix build-system ruby)
   #:use-module (guix build-system cmake)
   #:use-module (guix utils)
   #:use-module (srfi srfi-26)
@@ -115,9 +119,9 @@
     (arguments
      `(#:phases
        (modify-phases %standard-phases
-         (add-before 'configure 'generate-configure
+         (add-after 'unpack 'generate-configure
            (lambda _
-             (zero? (system* "./autogen.sh")))))))
+             (zero? (system* "sh" "autogen.sh")))))))
     ;; http://www.4store.org has been down for a while now.
     (home-page "https://github.com/garlik/4store")
     (synopsis "Clustered RDF storage and query engine")
@@ -254,6 +258,45 @@ SQL, Key/Value, XML/XQuery or Java Object storage for their data model.")
                       "--enable-cxx"))))
                  %standard-phases)))))
 
+(define-public es-dump-restore
+  (package
+    (name "es-dump-restore")
+    (version "2.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (rubygems-uri "es_dump_restore" version))
+       (sha256
+        (base32
+         "020yk7f1hw48clmf5501z3xv9shsdchyymcv0y2cci2c1xvr1mim"))))
+    (build-system ruby-build-system)
+    (arguments
+     '(#:tests? #f ;; No testsuite.
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'wrap-bin-es_dump_restore
+           (lambda* (#:key outputs #:allow-other-keys)
+             (wrap-program (string-append (assoc-ref outputs "out")
+                                          "/bin/es_dump_restore")
+               `("GEM_PATH" ":" prefix (,(string-append
+                                          (getenv "GEM_PATH")
+                                          ":"
+                                          (getenv "GEM_HOME")))))
+             #t)))))
+    (propagated-inputs
+     `(("ruby-httpclient" ,ruby-httpclient)
+       ("ruby-multi-json" ,ruby-multi-json)
+       ("ruby-progress_bar" ,ruby-progress_bar)
+       ("ruby-rubyzip" ,ruby-rubyzip)
+       ("ruby-thor" ,ruby-thor)))
+    (synopsis "Utility for dumping and restoring ElasticSearch indexes")
+    (description
+     "This package provides a utility for dumping the contents of an
+ElasticSearch index to a compressed file and restoring the dumpfile back to an
+ElasticSearch server")
+    (home-page "https://github.com/patientslikeme/es_dump_restore")
+    (license license:expat)))
+
 (define-public leveldb
   (package
     (name "leveldb")
@@ -371,12 +414,7 @@ applications.")
                        (for-each delete-file
                                  (find-files (string-append out "/bin")
                                              "_embedded$"))
-                       #t))))
-       ;; On aarch64 the test suite runs out of memory and fails.
-       ,@(if (string-prefix? "aarch64-linux"
-                             (or (%current-target-system) (%current-system)))
-           '(#:tests? #f)
-           '())))
+                       #t))))))
     (native-inputs
      `(("bison" ,bison)
        ("perl" ,perl)))
@@ -474,14 +512,14 @@ as a drop-in replacement of MySQL.")
 (define-public postgresql
   (package
     (name "postgresql")
-    (version "9.6.4")
+    (version "9.6.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://ftp.postgresql.org/pub/source/v"
                                   version "/postgresql-" version ".tar.bz2"))
               (sha256
                (base32
-                "04yffrrmn85k25n3nq389aa9c1j8mkimrf889kayl772h9nv2fib"))))
+                "0k3ls2x182jz6djjiqj9kycddabdl2gk1y1ajq1vipnxwfki5nh6"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags '("--with-uuid=e2fs")
@@ -1568,7 +1606,7 @@ for ODBC.")
     (arguments
      `(#:phases
        (modify-phases %standard-phases
-         (add-before 'configure 'autoreconf
+         (add-after 'unpack 'autoreconf
            (lambda _
              (zero? (system* "autoreconf" "-vfi")))))))
     (home-page "http://mdbtools.sourceforge.net/")
@@ -1626,3 +1664,56 @@ Memory-Mapped Database} (LMDB), a high-performance key-value store.")
 
 (define-public python2-lmdb
   (package-with-python2 python-lmdb))
+
+(define-public python-orator
+  (package
+    (name "python-orator")
+    (version "0.9.7")
+    (source (origin
+              (method url-fetch)
+              (uri (pypi-uri "orator" version))
+              (sha256
+               (base32
+                "14r58z64fdp76ixnvmi4lni762b405ynmsx6chr1qihs3yl9zn6c"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'loosen-dependencies
+           ;; Tests are not actually run since they are not included with the
+           ;; distributed package, but dependencies are checked.
+           (lambda _
+             (substitute* "setup.py"
+               ((",<.*'") "'")
+               (("flexmock==0.9.7") "flexmock")
+               ;; The pytest-mock package is out of date, so we remove minimum
+               ;; version requirement.
+               (("pytest-mock.*'") "pytest-mock'"))
+             #t)))))
+    (native-inputs
+     `(("python-pytest-mock" ,python-pytest-mock)
+       ("python-pytest" ,python-pytest-3.0)
+       ("python-flexmock" ,python-flexmock)))
+    (propagated-inputs
+     `(("python-backpack" ,python-backpack)
+       ("python-blinker" ,python-blinker)
+       ("python-cleo" ,python-cleo)
+       ("python-faker" ,python-faker)
+       ("python-inflection" ,python-inflection)
+       ("python-lazy-object-proxy" ,python-lazy-object-proxy)
+       ("python-pendulum" ,python-pendulum)
+       ("python-pyaml" ,python-pyaml)
+       ("python-pygments" ,python-pygments)
+       ("python-simplejson" ,python-simplejson)
+       ("python-six" ,python-six)
+       ("python-wrapt" ,python-wrapt)))
+    (home-page "https://orator-orm.com/")
+    (synopsis "ActiveRecord ORM for Python")
+    (description
+     "Orator provides a simple ActiveRecord-like Object Relational Mapping
+implementation for Python.")
+    (license license:expat)
+    (properties `((python2-variant . ,(delay python2-orator))))))
+
+(define-public python2-orator
+  (package-with-python2 (strip-python2-variant python-orator)))
diff --git a/gnu/packages/dav.scm b/gnu/packages/dav.scm
index 86cfaa64b1..6c466977d2 100644
--- a/gnu/packages/dav.scm
+++ b/gnu/packages/dav.scm
@@ -55,13 +55,13 @@ clients.")
 (define-public vdirsyncer
   (package
     (name "vdirsyncer")
-    (version "0.16.1")
+    (version "0.16.2")
     (source (origin
              (method url-fetch)
              (uri (pypi-uri name version))
              (sha256
               (base32
-               "0pnsb9h4r0hhmqhzx9nbrd7jawir9ysrh3wrrkhzi0ssarmxyp67"))))
+               "19xqzxcgmpm2z56l2d4a1n4sqmhrnzfwx3d9avfzgldwyhlrz0da"))))
     (build-system python-build-system)
     (arguments
       `(#:phases (modify-phases %standard-phases
diff --git a/gnu/packages/debug.scm b/gnu/packages/debug.scm
index 0fc1f513ba..43bfd9e514 100644
--- a/gnu/packages/debug.scm
+++ b/gnu/packages/debug.scm
@@ -319,7 +319,7 @@ down the road.")
              (add-before 'configure 'repack-make
                (lambda _
                  (zero? (system* "tar" "cJf" "./make.tar.xz" ,make-dir))))
-             (add-before 'configure 'bootstrap
+             (add-after 'unpack 'bootstrap
                (lambda _
                  (zero? (system* "autoreconf" "-vfi"))))))))
       (home-page "https://github.com/losalamos/stress-make")
diff --git a/gnu/packages/disk.scm b/gnu/packages/disk.scm
index 030fabfa58..d19f8e873e 100644
--- a/gnu/packages/disk.scm
+++ b/gnu/packages/disk.scm
@@ -8,6 +8,7 @@
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
 ;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Hartmut Goebel <h.goebel@crazy-compilers.com>
+;;; Copyright © 2017 Stefan Reichör <stefan@xsteve.at>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -30,6 +31,7 @@
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system trivial)
+  #:use-module (guix build-system python)
   #:use-module (gnu packages)
   #:use-module (gnu packages base)
   #:use-module (gnu packages docbook)
@@ -214,7 +216,7 @@ to recover data more efficiently by only reading the necessary blocks.")
      `(#:make-flags (list (string-append "PREFIX=" %output)
                           "CC=gcc")))
     (native-inputs
-     `(("xxd" ,vim))) ; for tests
+     `(("xxd" ,xxd))) ; for tests
     (home-page "https://github.com/dosfstools/dosfstools")
     (synopsis "Utilities for making and checking MS-DOS FAT file systems")
     (description
@@ -344,7 +346,7 @@ and can dramatically shorten the lifespan of the drive if left unchecked.")
     (native-inputs
      `(("intltool" ,intltool)
        ("pkg-config" ,pkg-config)))
-    (home-page "https://sourceforge.net/projects/gparted/")
+    (home-page "https://gparted.org/")
     (synopsis "Partition editor to graphically manage disk partitions")
     (description "GParted is a GNOME partition editor for creating,
 reorganizing, and deleting disk partitions.  It uses libparted from the parted
@@ -353,6 +355,25 @@ permit managing file systems not included in libparted.")
     ;; The home page says GPLv2, but the source code says GPLv2+.
     (license license:gpl2+)))
 
+(define-public pydf
+  (package
+    (name "pydf")
+    (version "12")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "pydf" version))
+       (sha256
+        (base32
+         "0f8ly8xyp93i2hm9c0qjqd4y86nz73axw2f09z01mszwmg1sfivz"))))
+  (build-system python-build-system)
+  (home-page "http://kassiopeia.juls.savba.sk/~garabik/software/pydf/")
+  (synopsis "Colourised @command{df} clone")
+  (description "All-singing, all-dancing, fully colourised @command{df} clone
+written in Python.  It displays the amount of disk space available on the
+mounted filesystems, using different colours for different types of file
+systems.  Output format is completely customizable.")
+  (license license:public-domain)))
 
 (define-public f3
   (package
diff --git a/gnu/packages/display-managers.scm b/gnu/packages/display-managers.scm
index 869d6239ef..9f8d7b8250 100644
--- a/gnu/packages/display-managers.scm
+++ b/gnu/packages/display-managers.scm
@@ -132,23 +132,24 @@ Qt-style API for Wayland clients.")
 (define-public sddm
   (package
     (name "sddm")
-    (version "0.14.0")
+    (version "0.15.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
                     "https://github.com/sddm/sddm"
                     "/releases/download/v" version "/"
-                    "sddm-" version ".tar.xz"))
+                    "sddm-" version ".tar.gz"))
               (sha256
                (base32
-                "0y3pn8g2qj7q20zkmbasrfsj925lfzizk63sfrvzf84bc5c84d3y"))))
+                "0x1igkjm3k8q26xbmg0qah1fc2pn2sfc675w0xg42x7ncrdiw8d4"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
        ("pkg-config" ,pkg-config)
        ("qttools" ,qttools)))
     (inputs
-     `(("glib" ,glib)
+     `(("elogind" ,elogind)
+       ("glib" ,glib)
        ("libxcb" ,libxcb)
        ("libxkbcommon" ,libxkbcommon)
        ("linux-pam" ,linux-pam)
@@ -163,6 +164,8 @@ Qt-style API for Wayland clients.")
         ;; Option added by enable wayland greeters PR
         "-DENABLE_WAYLAND=ON"
         "-DENABLE_PAM=ON"
+        ;; Both flags are required for elogind support.
+        "-DNO_SYSTEMD=ON" "-DUSE_ELOGIND=ON"
         "-DCONFIG_FILE=/etc/sddm.conf"
         ;; Set path to /etc/login.defs
         ;; Alternatively use -DUID_MIN and -DUID_MAX
@@ -180,6 +183,11 @@ Qt-style API for Wayland clients.")
                            (guix build qt-utils))
        #:phases
        (modify-phases %standard-phases
+         (add-after 'unpack 'embed-loginctl-reference
+           (lambda _
+             (substitute* "CMakeLists.txt"
+               (("/usr/bin/loginctl") (which "loginctl")))
+             #t))
          (add-after 'install 'wrap-programs
            (lambda* (#:key outputs #:allow-other-keys)
              (let ((out (assoc-ref outputs "out")))
diff --git a/gnu/packages/django.scm b/gnu/packages/django.scm
index 356586e1bc..c70c074938 100644
--- a/gnu/packages/django.scm
+++ b/gnu/packages/django.scm
@@ -31,13 +31,13 @@
 (define-public python-django
   (package
     (name "python-django")
-    (version "1.10.7")
+    (version "1.10.8")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "Django" version))
               (sha256
                (base32
-                "1f5hnn2dzfr5szk4yc47bs4kk2nmrayjcvgpqi2s4l13pjfpfgar"))))
+                "1fwqqh2zbcy9dy0lnvk338s11llnnfz2k56bf84w0wv56ayq7vyl"))))
     (build-system python-build-system)
     (arguments
      '(#:phases
diff --git a/gnu/packages/djvu.scm b/gnu/packages/djvu.scm
index e739df3772..10cdbf31a8 100644
--- a/gnu/packages/djvu.scm
+++ b/gnu/packages/djvu.scm
@@ -34,6 +34,14 @@
                (base32
                 "0psh3zl9dj4n4r3lx25390nx34xz0bg0ql48zdskhq354ljni5p6"))))
     (build-system gnu-build-system)
+    (arguments
+     `(#:phases (modify-phases %standard-phases
+                  (add-after 'unpack 'reproducible
+                    (lambda _
+                      ;; Ensure there are no timestamps in .svgz files.
+                      (substitute* "desktopfiles/Makefile.in"
+                        (("gzip") "gzip -n"))
+                      #t)))))
     (home-page "http://djvu.sourceforge.net/")
     (synopsis "Implementation of DjVu, the document format")
     (description "DjVuLibre is an implementation of DjVu,
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index afae4596bd..e0a3f5dc58 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -181,7 +181,7 @@ high-volume and high-reliability applications. The name BIND stands for
     (arguments
      `(#:phases
        (modify-phases %standard-phases
-         (add-before 'configure 'autoreconf
+         (add-after 'unpack 'autoreconf
            (lambda _
              ;; Re-generate build files due to unbundling ltdl.
              ;; TODO: Prevent generating new libltdl and building it.
@@ -229,7 +229,7 @@ servers is included, and an up-to-date version is available at
        #:tests? #f
        #:phases
        (modify-phases %standard-phases
-         (add-before 'configure 'create-configure
+         (add-after 'unpack 'create-configure
            (lambda _
              (zero? (system* "make" "configure")))))))
     (native-inputs
@@ -483,14 +483,14 @@ Extensions} (DNSSEC).")
 (define-public knot
   (package
     (name "knot")
-    (version "2.5.3")
+    (version "2.5.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://secure.nic.cz/files/knot-dns/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "13lxxnnw0v7s0q648grz87bwlfwjh5sfbj1qax7jdklalqqy52np"))
+                "1bwv2a290inkjb5x9a9sahls39rgaqyq9dwfrk1ilmzy9nmls87f"))
               (modules '((guix build utils)))
               (snippet
                '(begin
diff --git a/gnu/packages/documentation.scm b/gnu/packages/documentation.scm
index 5d3d6f170b..9c5ca74d73 100644
--- a/gnu/packages/documentation.scm
+++ b/gnu/packages/documentation.scm
@@ -4,7 +4,7 @@
 ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
 ;;; Copyright © 2016 Thomas Danckaert <post@thomasdanckaert.be>
-;;; Copyright © 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
diff --git a/gnu/packages/dunst.scm b/gnu/packages/dunst.scm
index d5e177f0ce..68637ea6cd 100644
--- a/gnu/packages/dunst.scm
+++ b/gnu/packages/dunst.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2015 Alex Kost <alezost@gmail.com>
+;;; Copyright © 2015, 2017 Alex Kost <alezost@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -32,15 +32,16 @@
 (define-public dunst
   (package
     (name "dunst")
-    (version "1.1.0")
+    (version "1.2.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                    "http://knopwob.org/public/dunst-release/dunst-"
-                    version ".tar.bz2"))
+                    "https://github.com/dunst-project/dunst/archive/v"
+                    version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0w3hilzwanwsp4q6dxbdj6l0mvpg4fq02wf8isll8kmbx9kz2ay7"))))
+                "1bf5fmmj79wlwi8wzir3rd8czyrxfx16w8q7c957123yz1g5ph53"))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f                      ; no check target
@@ -55,15 +56,15 @@
     (inputs
      `(("dbus" ,dbus)
        ("glib" ,glib)
+       ("gtk" ,gtk+-2)
        ("cairo" ,cairo)
        ("pango" ,pango)
        ("libx11" ,libx11)
-       ("libxext" ,libxext)
-       ("libxft" ,libxft)
        ("libxscrnsaver" ,libxscrnsaver)
        ("libxinerama" ,libxinerama)
+       ("libxrandr" ,libxrandr)
        ("libxdg-basedir" ,libxdg-basedir)))
-    (home-page "http://knopwob.org/dunst")
+    (home-page "https://dunst-project.org/")
     (synopsis "Customizable and lightweight notification daemon")
     (description
      "Dunst is a highly configurable and minimalistic notification daemon.
diff --git a/gnu/packages/ebook.scm b/gnu/packages/ebook.scm
index 38abf47c87..4bcaa0abfe 100644
--- a/gnu/packages/ebook.scm
+++ b/gnu/packages/ebook.scm
@@ -72,7 +72,7 @@
 (define-public calibre
   (package
     (name "calibre")
-    (version "3.0.0")
+    (version "3.6.0")
     (source
       (origin
         (method url-fetch)
@@ -81,21 +81,19 @@
                             version ".tar.xz"))
         (sha256
          (base32
-          "1zhk7bvgr973dd18x4wp48kzai29qqqi5qcy72sxc4wcbk2sbnkw"))
+          "0vp2nds4b5xbchsh1rpc1q7093gd26dnw7mgbnax97dcchvlc4sc"))
         ;; Remove non-free or doubtful code, see
         ;; https://lists.gnu.org/archive/html/guix-devel/2015-02/msg00478.html
         (modules '((guix build utils)))
         (snippet
           '(begin
             (delete-file-recursively "src/calibre/ebooks/markdown")
-            (delete-file-recursively "src/unrar")
             (delete-file "src/odf/thumbnail.py")
             (delete-file-recursively "resources/fonts/liberation")
             (substitute* (find-files "." "\\.py")
               (("calibre\\.ebooks\\.markdown") "markdown"))
             #t))
-        (patches (search-patches "calibre-drop-unrar.patch"
-                                 "calibre-use-packaged-feedparser.patch"
+        (patches (search-patches "calibre-use-packaged-feedparser.patch"
                                  "calibre-no-updates-dialog.patch"))))
     (build-system python-build-system)
     (native-inputs
@@ -129,6 +127,7 @@
        ("python2-dbus" ,python2-dbus)
        ("python2-dnspython" ,python2-dnspython)
        ("python2-feedparser" ,python2-feedparser)
+       ("python2-html5-parser" ,python2-html5-parser)
        ("python2-lxml" ,python2-lxml)
        ("python2-markdown" ,python2-markdown)
        ("python2-mechanize" ,python2-mechanize)
@@ -140,6 +139,9 @@
        ("python2-pyqt" ,python2-pyqt)
        ("python2-sip" ,python2-sip)
        ("python2-regex" ,python2-regex)
+       ;; python2-unrardll is needed for decompressing RAR files.
+       ;; A program called 'pdf2html' is needed for reading PDF books
+       ;; in the web interface.
        ("sqlite" ,sqlite)))
     (arguments
      `(#:python ,python-2
diff --git a/gnu/packages/electronics.scm b/gnu/packages/electronics.scm
index 8a9f625dc5..91209376cd 100644
--- a/gnu/packages/electronics.scm
+++ b/gnu/packages/electronics.scm
@@ -242,9 +242,10 @@ format support.")
      `(("boost" ,boost)
        ("glib" ,glib)
        ("glibmm" ,glibmm)
-       ("qt" ,qt)
        ("libsigrok" ,libsigrok)
-       ("libsigrokdecode" ,libsigrokdecode)))
+       ("libsigrokdecode" ,libsigrokdecode)
+       ("qtbase" ,qtbase)
+       ("qtsvg" ,qtsvg)))
     (build-system cmake-build-system)
     (home-page "http://www.sigrok.org/wiki/PulseView")
     (synopsis "Qt based logic analyzer, oscilloscope and MSO GUI for sigrok")
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index fb92da6a6d..5d1090fb7e 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -12,7 +12,7 @@
 ;;; Copyright © 2016 David Thompson <davet@gnu.org>
 ;;; Copyright © 2016 Matthew Jordan <matthewjordandevops@yandex.com>
 ;;; Copyright © 2016, 2017 Roel Janssen <roel@gnu.org>
-;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
+;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2016, 2017 Nicolas Goaziou <mail@nicolasgoaziou.fr>
 ;;; Copyright © 2016 Alex Vong <alexvong1995@gmail.com>
@@ -22,12 +22,13 @@
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2017 Vasile Dumitrascu <va511e@yahoo.com>
 ;;; Copyright © 2017 Kyle Meyer <kyle@kyleam.com>
-;;; Copyright © 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2017 George Clemmer <myglc2@gmail.com>
 ;;; Copyright © 2017 Feng Shu <tumashu@163.com>
 ;;; Copyright © 2017 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;; Copyright © 2017 Oleg Pykhalov <go.wigust@gmail.com>
 ;;; Copyright © 2017 Mekeor Melire <mekeor.melire@gmail.com>
+;;; Copyright © 2017 Peter Mikkelsen <petermikkelsen10@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -58,6 +59,7 @@
   #:use-module (guix build-system trivial)
   #:use-module (gnu packages)
   #:use-module (gnu packages audio)
+  #:use-module (gnu packages bash)
   #:use-module (gnu packages code)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages gtk)
@@ -101,14 +103,14 @@
 (define-public emacs
   (package
     (name "emacs")
-    (version "25.2")
+    (version "25.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/emacs/emacs-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1ykkq0xl28ljdg61bm6gzy04ww86ajms98gix72qg6cpr6a53dar"))
+               "02y00y9q42g1iqgz5qhmsja75hwxd88yrn9zp14lanay0zkwafi5"))
              (patches (search-patches "emacs-exec-path.patch"
                                       "emacs-fix-scheme-indent-function.patch"
                                       "emacs-source-date-epoch.patch"))
@@ -839,6 +841,7 @@ provides an optional IDE-like error list.")
          (replace 'configure
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (let ((out     (assoc-ref outputs "out"))
+                   (flac    (assoc-ref inputs "flac"))
                    (vorbis  (assoc-ref inputs "vorbis-tools"))
                    (alsa    (assoc-ref inputs "alsa-utils"))
                    (mpg321  (assoc-ref inputs "mpg321"))
@@ -861,6 +864,9 @@ provides an optional IDE-like error list.")
                  (substitute* "emms-player-simple.el"
                    (("\"ogg123\"")
                     (string-append "\"" vorbis "/bin/ogg123\"")))
+                 (substitute* "emms-player-simple.el"
+                   (("\"mpg321\"")
+                    (string-append "\"" mpg321 "/bin/mpg321\"")))
                  (emacs-substitute-variables "emms-info-ogginfo.el"
                    ("emms-info-ogginfo-program-name"
                     (string-append vorbis "/bin/ogginfo")))
@@ -870,6 +876,11 @@ provides an optional IDE-like error list.")
                  (emacs-substitute-variables "emms-info-mp3info.el"
                    ("emms-info-mp3info-program-name"
                     (string-append mp3info "/bin/mp3info")))
+                 (emacs-substitute-variables "emms-info-metaflac.el"
+                   ("emms-info-metaflac-program-name"
+                    (string-append flac "/bin/metaflac")))
+                 (emacs-substitute-variables "emms-source-file.el"
+                   ("emms-source-file-gnu-find" (which "find")))
                  (substitute* "emms-volume-amixer.el"
                    (("\"amixer\"")
                     (string-append "\"" alsa "/bin/amixer\"")))
@@ -895,6 +906,7 @@ provides an optional IDE-like error list.")
     (native-inputs `(("emacs" ,emacs-minimal)    ;for (guix build emacs-utils)
                      ("texinfo" ,texinfo)))
     (inputs `(("alsa-utils" ,alsa-utils)
+              ("flac" ,flac)            ;for metaflac
               ("vorbis-tools" ,vorbis-tools)
               ("mpg321" ,mpg321)
               ("taglib" ,taglib)
@@ -1192,6 +1204,26 @@ Using emacs-direnv means that programs started from Emacs will use the
 environment set through Direnv.")
     (license license:gpl3+)))
 
+(define-public emacs-go-mode
+  (package
+    (name "emacs-go-mode")
+    (version "1.5.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/dominikh/go-mode.el/"
+                                  "archive/v" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1adngbjyb8qnwg7n6r2y31djw9j6qf3b9fi63zd85035q7x4ljnm"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/dominikh/go-mode.el")
+    (synopsis "Go mode for Emacs")
+    (description
+     "This package provides go-mode, an Emacs mode for working with software
+written in the Go programming language.")
+    (license license:bsd-3)))
+
 (define-public emacs-google-maps
   (package
     (name "emacs-google-maps")
@@ -1244,10 +1276,32 @@ Maps directly inside Emacs.")
 single buffer.")
     (license license:gpl3+)))
 
+(define-public emacs-tablist
+  (package
+    (name "emacs-tablist")
+    (version "0.70")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/politza/tablist/archive/v"
+                    version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "177d6s7ym1mwz1nhnl09r14z3n093g9a2szm97xsaig0c204xz9c"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/politza/tablist")
+    (synopsis "Extension for @code{tabulated-list-mode}")
+    (description "Tablist is the Emacs package that provides several
+additional features to @code{tabulated-list-mode}: it adds marks,
+filters, new key bindings and faces.  It can be enabled by
+@code{tablist-mode} or @code{tablist-minor-mode} commands.")
+    (license license:gpl3+)))
+
 (define-public emacs-pdf-tools
   (package
     (name "emacs-pdf-tools")
-    (version "0.70")
+    (version "0.80")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1256,7 +1310,7 @@ single buffer.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1m0api6wiawswyk46bdsyk6r5rg3b86a4paar6nassm6x6c6vr77"))))
+                "06imydn3a92vr57azpn1zhqc14kxyyslmyi9ldsyphan9b724gb6"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; there are no tests
@@ -1272,7 +1326,7 @@ single buffer.")
          ;; Build server side using 'gnu-build-system'.
          (add-after 'unpack 'enter-server-dir
            (lambda _ (chdir "server") #t))
-         (add-before 'configure 'autogen
+         (add-after 'enter-server-dir 'autogen
            (lambda _
              (zero? (system* "bash" "autogen.sh"))))
 
@@ -1305,6 +1359,7 @@ single buffer.")
               ("glib" ,glib)
               ("libpng" ,libpng)
               ("zlib" ,zlib)))
+    (propagated-inputs `(("tablist" ,emacs-tablist)))
     (synopsis "Emacs support library for PDF files")
     (description
      "PDF Tools is, among other things, a replacement of DocView for PDF
@@ -1366,7 +1421,7 @@ type, for example: packages, buffers, files, etc.")
 (define-public emacs-guix
   (package
     (name "emacs-guix")
-    (version "0.3.2")
+    (version "0.3.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/alezost/guix.el"
@@ -1374,7 +1429,7 @@ type, for example: packages, buffers, files, etc.")
                                   "/emacs-guix-" version ".tar.gz"))
               (sha256
                (base32
-                "0bffxlaq4w9yijl9prnfm26fisr2rd1whjg1yzvri1zl6zh9s0lk"))))
+                "0mjb2yb454389ds2kr5rkjkl21r78z4c0f88ivf4g471yzg279mc"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
@@ -1470,6 +1525,25 @@ work with Emacs 24 and 25.")
 a command.")
     (license license:gpl3+)))
 
+(define-public emacs-olivetti
+  (package
+    (name "emacs-olivetti")
+    (version "1.5.7")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://stable.melpa.org/packages/olivetti-"
+                    version ".el"))
+              (sha256
+               (base32
+                "1yj2ylg46q0pw1xzlv2b0fv9x8p56x25284s9v2smwjr4vf0nwcj"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/rnkn/olivetti")
+    (synopsis "Emacs minor mode for a nice writing environment")
+    (description "This package provides an Emacs minor mode that puts writing
+in the center.")
+    (license license:gpl3+)))
+
 (define-public emacs-undo-tree
   (package
     (name "emacs-undo-tree")
@@ -1628,6 +1702,36 @@ display and behaviour is easily customisable.")
 of files under Git version control from within Emacs.")
     (license license:gpl3+)))
 
+(define-public emacs-minitest
+  (package
+    (name "emacs-minitest")
+    (version "0.8.0")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append
+                   "https://github.com/arthurnn/minitest-emacs/archive/v"
+                   version ".tar.gz"))
+             (file-name (string-append name "-" version ".tar.gz"))
+             (sha256
+              (base32
+               "1dsb7kzvs1x6g4sgqmq73jqacb7wzm0wfkiq5m9dqdzq8mppgiqs"))))
+    (build-system emacs-build-system)
+    (arguments
+     '(#:include (cons "^snippets\\/minitest-mode\\/" %default-include)
+       #:exclude (delete "^[^/]*tests?\\.el$" %default-exclude)))
+    (propagated-inputs
+     `(("emacs-dash" ,emacs-dash)
+       ("emacs-f" ,emacs-f)))
+    (home-page "https://github.com/arthurnn/minitest-emacs")
+    (synopsis "Emacs minitest mode")
+    (description
+     "The minitest mode provides commands to run the tests for the current
+file or line, as well as rerunning the previous tests, or all the tests for a
+project.
+
+This package also includes relevant snippets for yasnippet.")
+    (license license:expat)))
+
 (define-public emacs-el-mock
   (package
     (name "emacs-el-mock")
@@ -1916,6 +2020,7 @@ serve files and directory listings.")
     (propagated-inputs
      `(("emacs-simple-httpd" ,emacs-simple-httpd)
        ("emacs-js2-mode" ,emacs-js2-mode)))
+    (arguments '(#:include '("\\.el$" "\\.js$" "\\.html$")))
     (home-page "https://github.com/skeeto/skewer-mode")
     (synopsis "Live web development in Emacs")
     (description
@@ -1967,6 +2072,31 @@ tables.")
 mode-line.")
     (license license:gpl2+)))
 
+(define-public emacs-rspec
+  (package
+    (name "emacs-rspec")
+    (version "1.11")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/pezra/rspec-mode/"
+                           "archive/v" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1j0a7ms5516nlg60qfyn730pfxys6acm0rgyxh5xfkpi6jafgpvw"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/pezra/rspec-mode")
+    (synopsis "Provides a rspec mode for working with RSpec")
+    (description
+     "The Emacs RSpec mode provides keybindings for Ruby source files, e.g. to
+verify the spec associated with the current buffer, or entire project, as well
+as moving between the spec files, and coresponding code files.
+
+Also included are keybindings for spec files and Dired buffers, as well as
+snippets for yasnippet.")
+    (license license:gpl3+)))
+
 (define-public emacs-smart-mode-line
   (package
     (name "emacs-smart-mode-line")
@@ -1991,6 +2121,29 @@ read from small to large monitors by using colors, a prefix feature, and smart
 truncation.")
     (license license:gpl2+)))
 
+(define-public emacs-sr-speedbar
+  (package
+    (name "emacs-sr-speedbar")
+    (version "20140914.2339")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://github.com/emacsorphanage/sr-speedbar/archive/"
+             version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "15xwwc6kgvmk4wdhx1j8w6m6ivxvc94028ppgdpa2m51a8c9vjm9"))))
+    (build-system emacs-build-system)
+    (home-page "https://www.emacswiki.org/emacs/SrSpeedbar")
+    (synopsis "Same frame Emacs @code{speedbar}")
+    (description
+     "This Emacs package allows you to show @code{M-x speedbar} in the
+same frame (in an extra window).  You can customize the initial width of
+the speedbar window.")
+    (license license:gpl3+)))
+
 (define-public emacs-shell-switcher
   (package
     (name "emacs-shell-switcher")
@@ -2416,6 +2569,27 @@ insertion mode.  When enabled all keys are implicitly prefixed with
 @samp{C-} (among other helpful shortcuts).")
       (license license:gpl3+))))
 
+(define-public emacs-jinja2-mode
+  (package
+    (name "emacs-jinja2-mode")
+    (version "0.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/paradoxxxzero/jinja2-mode/"
+                           "archive/v" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0cgxjab1kla2zc2fj7bzib6i7snp08zshandmp9kqcm85l262xpn"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/paradoxxxzero/jinja2-mode")
+    (synopsis "Major mode for jinja2")
+    (description
+     "Emacs major mode for jinja2 with: syntax highlighting,
+sgml/html integration, and indentation (working with sgml).")
+    (license license:gpl3+)))
+
 (define-public emacs-rfcview
   (package
     (name "emacs-rfcview")
@@ -2603,6 +2777,48 @@ transparent background.  If you load it from a GUI, it will default to a
 dark background.")
     (license license:gpl3+)))
 
+(define-public emacs-2048-game
+  (package
+    (name "emacs-2048-game")
+    (version "20151026.1233")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://melpa.org/packages/2048-game-"
+                           version ".el"))
+       (sha256
+        (base32
+         "0gy2pvz79whpavp4jmz8h9krzn7brmvv3diixi1d4w51pcdvaldd"))))
+    (build-system emacs-build-system)
+    (home-page "https://bitbucket.org/zck/2048.el")
+    (synopsis "Implementation of the game 2048 in Emacs Lisp")
+    (description
+     "This program is an implementation of 2048 for Emacs.
+The goal of this game is to create a tile with value 2048.  The size of the
+board and goal value can be customized.")
+  (license license:gpl3+)))
+
+(define-public emacs-base16-theme
+  (package
+    (name "emacs-base16-theme")
+    (version "2.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://stable.melpa.org/packages/base16-theme-"
+                           version ".tar"))
+       (sha256
+        (base32
+         "0z6hrwz2jlz6jbr381rcqcqvx6hss5cad352klx07rark7zccacj"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/belak/base16-emacs")
+    (synopsis "Base16 color themes for Emacs")
+    (description
+     "Base16 provides carefully chosen syntax highlighting and a default set
+of sixteen colors suitable for a wide range of applications.  Base16 is not a
+single theme but a set of guidelines with numerous implementations.")
+    (license license:expat)))
+
 (define-public emacs-smartparens
   (package
     (name "emacs-smartparens")
@@ -3116,22 +3332,25 @@ E-Prime forbids the use of the \"to be\" form to strengthen your writing.")
                 "0w7mbbajn377gdmvnd21mpyr368b2ia46gq6cb99y4y5rspf9pcg"))))
     (build-system gnu-build-system)
     (arguments
-     `(#:tests? #f ; There is no test suite.
-       #:make-flags (list (string-append "PREFIX=" %output)
-                          (string-append "LISPDIR=" %output
-                                         "/share/emacs/site-lisp/guix.d/ess"))
-       #:phases
-       (modify-phases %standard-phases
-         (delete 'configure)
-         (add-before 'build 'more-shebang-patching
-           (lambda* (#:key inputs #:allow-other-keys)
-             (substitute* "Makeconf"
-               (("SHELL = /bin/sh")
-                (string-append "SHELL = " (which "sh"))))))
-         ;; FIXME: the texlive-union insists on regenerating fonts.  It stores
-         ;; them in HOME, so it needs to be writeable.
-         (add-before 'build 'set-HOME
-           (lambda _ (setenv "HOME" "/tmp") #t)))))
+     (let ((base-directory "/share/emacs/site-lisp/guix.d/ess"))
+       `(#:tests? #f ; There is no test suite.
+         #:make-flags (list (string-append "PREFIX=" %output)
+                            (string-append "ETCDIR=" %output "/"
+                                           ,base-directory "/etc")
+                            (string-append "LISPDIR=" %output "/"
+                                           ,base-directory))
+         #:phases
+         (modify-phases %standard-phases
+           (delete 'configure)
+           (add-before 'build 'more-shebang-patching
+             (lambda* (#:key inputs #:allow-other-keys)
+               (substitute* "Makeconf"
+                 (("SHELL = /bin/sh")
+                  (string-append "SHELL = " (which "sh"))))))
+           ;; FIXME: the texlive-union insists on regenerating fonts.  It stores
+           ;; them in HOME, so it needs to be writeable.
+           (add-before 'build 'set-HOME
+             (lambda _ (setenv "HOME" "/tmp") #t))))))
     (inputs
      `(("emacs" ,emacs-minimal)
        ("r-minimal" ,r-minimal)))
@@ -3196,7 +3415,7 @@ strings, and code folding.")
 (define-public emacs-markdown-mode
   (package
     (name "emacs-markdown-mode")
-    (version "2.2")
+    (version "2.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://raw.githubusercontent.com/jrblevin"
@@ -3205,7 +3424,7 @@ strings, and code folding.")
               (file-name (string-append "markdown-mode-" version ".el"))
               (sha256
                (base32
-                "04isd2sdnms9acpmkd6n7b7y7j0x2kank2kry0zwbxs3bwdavgav"))))
+                "152whyrq3dqlqy5wv4mdd94kmal19hs5kwaxjcp2gp2r97lsmdmi"))))
     (build-system emacs-build-system)
     (home-page "http://jblevins.org/projects/markdown-mode/")
     (synopsis "Emacs Major mode for Markdown files")
@@ -3334,7 +3553,7 @@ names, e.g. #0000ff is displayed in white with a blue background.")
 (define-public emacs-visual-fill-column
   (package
     (name "emacs-visual-fill-column")
-    (version "1.7")
+    (version "1.11")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://codeload.github.com/joostkremers/"
@@ -3342,7 +3561,7 @@ names, e.g. #0000ff is displayed in white with a blue background.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "12vn7kdq2mpz9hgibbn1vhpf23lcm7c26k3fkz8nidhygwl5x5lq"))))
+                "13jnviakp607zcms7f8ams56mr8wffnq1pghlc6fvqs39663pgwh"))))
     (build-system emacs-build-system)
     (home-page "https://github.com/joostkremers/visual-fill-column")
     (synopsis "Fill-column for visual-line-mode")
@@ -3355,6 +3574,31 @@ wrapping lines at the window edge, which is the standard behaviour of
 window edge.")
     (license license:gpl3+)))
 
+(define-public emacs-writeroom
+  (package
+    (name "emacs-writeroom")
+    (version "3.7")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/joostkremers/writeroom-mode/archive/"
+                    version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0yqgp5h3kvvpgva4azakb2wnjl7gsyh45glf75crspv3xyq57f2r"))))
+    (build-system emacs-build-system)
+    (propagated-inputs
+     `(("emacs-visual-fill-column" ,emacs-visual-fill-column)))
+    (home-page "https://github.com/joostkremers/writeroom-mode")
+    (synopsis "Distraction-free writing for Emacs")
+    (description
+     "This package defines a minor mode for distraction-free writing.  Some of
+the default effects include entering fullscreen, deleting other windows of the
+current frame, disabling the mode line, and adding margins to the buffer that
+restrict the text width to 80 characters.")
+    (license license:bsd-3)))
+
 (define-public emacs-ido-completing-read+
   (package
     (name "emacs-ido-completing-read+")
@@ -3447,6 +3691,27 @@ Dust.js, React/JSX, Angularjs, ejs, etc.")
     (home-page "http://web-mode.org/")
     (license license:gpl3+)))
 
+(define-public emacs-wgrep
+  (package
+    (name "emacs-wgrep")
+    (version "2.1.10")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/mhayashi1120/Emacs-wgrep/archive/"
+                    version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1r2bpypar70xg6dsx12x1k74f39ww930rday7rgqpyknzsx1k4l1"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/mhayashi1120/Emacs-wgrep")
+    (synopsis "Edit a grep buffer and apply those changes to the files")
+    (description
+     "Emacs wgrep allows you to edit a grep buffer and apply those changes to
+the file buffer.")
+    (license license:gpl3+)))
+
 (define-public emacs-helm
   (package
     (name "emacs-helm")
@@ -3528,7 +3793,7 @@ for search-based navigation of buffers.")
 (define-public emacs-cider
   (package
     (name "emacs-cider")
-    (version "0.12.0")
+    (version "0.15.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -3537,8 +3802,11 @@ for search-based navigation of buffers.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "00qzbfjy3w6bcnki7gw0clmi0cc5yqjdrcyhgv4ymijjs79h9p5s"))))
+                "0j7qjcslh8mnxrr2m8qrscyq9ry240j5jd9dysbvih126lxisf12"))))
     (build-system emacs-build-system)
+    (arguments
+     '(#:exclude                        ; Don't exclude 'cider-test.el'.
+       '("^\\.dir-locals\\.el$" "^test/")))
     (propagated-inputs
      `(("emacs-clojure-mode" ,emacs-clojure-mode)
        ("emacs-spinner" ,emacs-spinner)
@@ -3561,30 +3829,32 @@ CIDER).")
     (license license:gpl3+)))
 
 (define-public emacs-lua-mode
-  (package
-    (name "emacs-lua-mode")
-    (version "20151025")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append
-                    "https://github.com/immerrr/lua-mode/archive/v"
-                    version ".tar.gz"))
-              (file-name (string-append name "-" version ".tar.gz"))
-              (sha256
-               (base32
-                "0sbhfny5ib65cnx6xcy6h9bbw27mw034s8m9cca00bhxqaqi6p4v"))))
-    (build-system emacs-build-system)
-    (home-page "https://github.com/immerrr/lua-mode/")
-    (synopsis "Major mode for lua")
-    (description
-     "This Emacs package provides a mode for @uref{https://www.lua.org/,
+  (let ((commit "652e299cb967fccca827dda381d61a9c144d97de")
+        (revision "1"))
+    (package
+      (name "emacs-lua-mode")
+      (version (string-append "20151025." revision "-" (string-take commit 9)))
+      (home-page "https://github.com/immerrr/lua-mode/")
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url home-page)
+                      (commit commit)))
+                (file-name (string-append name "-" version ".checkout"))
+                (sha256
+                 (base32
+                  "053025k930wh0lak6rc1973ynfrmm8zsyzfqhhd39x7abkl41hc9"))))
+      (build-system emacs-build-system)
+      (synopsis "Major mode for lua")
+      (description
+       "This Emacs package provides a mode for @uref{https://www.lua.org/,
 Lua programing language}.")
-    (license license:gpl2+)))
+      (license license:gpl2+))))
 
 (define-public emacs-ebuild-mode
   (package
     (name "emacs-ebuild-mode")
-    (version "1.30")
+    (version "1.37")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -3593,7 +3863,7 @@ Lua programing language}.")
               (file-name (string-append name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0vp7lq1kvmh1b2bms2x1kf2k76dy9m02d7cirkxpiglwaxa0h9vz"))))
+                "07dzrdjjczkxdfdgi60h4jjkvzi4p0k9rij2wpfp8s03ay3qldpp"))))
     (build-system emacs-build-system)
     (home-page "https://devmanual.gentoo.org")
     (synopsis "Major modes for Gentoo package files")
@@ -3716,14 +3986,14 @@ passive voice.")
 (define-public emacs-org
   (package
     (name "emacs-org")
-    (version "20170622")
+    (version "20170917")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://elpa.gnu.org/packages/org-"
                                   version ".tar"))
               (sha256
                (base32
-                "0922lcbr2r7bkswljqzbm5y3ny1n67qfrmf7h7z9hsw2wy0505dp"))))
+                "0qyis5ph3h99zn9kx7sgraddz41c1cf6yjkwi4im6ikwxk9x8cgc"))))
     (build-system emacs-build-system)
     (home-page "http://orgmode.org/")
     (synopsis "Outline-based notes management and organizer")
@@ -3760,7 +4030,7 @@ Flx has support for ido (interactively do things) through flx-ido.")
 (define-public emacs-cyberpunk-theme
   (package
     (name "emacs-cyberpunk-theme")
-    (version "1.18")
+    (version "1.19")
     (source
      (origin
        (method url-fetch)
@@ -3768,7 +4038,7 @@ Flx has support for ido (interactively do things) through flx-ido.")
                            "archive/" version ".tar.gz"))
        (sha256
         (base32
-         "0pxzbw0qjxgkhhs3gn3k9qy41kl1a4pfzbw83dk24l4b3nxd24wg"))
+         "05l5fxw1mn5py6mfhxrzyqjq0d8m5m1akfi46vrgh13r414jffvv"))
        (file-name (string-append name "-" version ".tar.gz"))))
     (build-system emacs-build-system)
     (home-page "https://github.com/n3mo/cyberpunk-theme.el")
@@ -4621,6 +4891,97 @@ the same - CDLaTeX focuses on speediness for inserting LaTeX
 constructs.")
     (license license:gpl3+)))
 
+(define-public emacs-cnfonts
+  (package
+    (name "emacs-cnfonts")
+    (version "0.9.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/tumashu/cnfonts/archive/v"
+                    version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1l6cgcvc6md1zq97ccczankpyi0k4vjx6apflny6kjq3p33lyhf4"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/tumashu/cnfonts")
+    (synopsis "Emacs Chinese fonts setup tool")
+    (description "cnfonts is a Chinese fonts setup tool, allowing for easy
+configuration of Chinese fonts.")
+    (license license:gpl2+)))
+
+(define-public emacs-pos-tip
+  (package
+    (name "emacs-pos-tip")
+    (version "0.4.6")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/pitkali/pos-tip/archive/"
+                    version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "12jqfy26vjk7lq0aa8yn8zqj8c85fkvx7y9prj0pcn4wqiz2ad2r"))))
+    (build-system emacs-build-system)
+    ;; The following functions and variables needed by emacs-pos-tip are
+    ;; not included in emacs-minimal:
+    ;; x-display-pixel-width, x-display-pixel-height, x-show-tip
+    (arguments `(#:emacs ,emacs))
+    (home-page "https://github.com/pitkali/pos-tip")
+    (synopsis "Show tooltip at point")
+    (description "The standard library tooltip.el provides a function for
+displaying a tooltip at the mouse position.  However, locating a tooltip at an
+arbitrary buffer position in a window is not easy.  Pos-tip provides such a
+function to be used by other frontend programs.")
+    (license license:gpl2+)))
+
+(define-public emacs-pyim-basedict
+  (package
+    (name "emacs-pyim-basedict")
+    (version "0.3.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/tumashu/pyim-basedict/archive/v"
+                    version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0nfgxviavkgrpyfsw60xsws4fk51fcmgl8fp6zf4ibqjjbp53n3n"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/tumashu/pyim-basedict")
+    (synopsis "Input method dictionary of pyim")
+    (description "Pyim-basedict is the default pinyin input method dictionary,
+containing words from the rime project.")
+    (license license:gpl2+)))
+
+(define-public emacs-pyim
+  (package
+    (name "emacs-pyim")
+    (version "1.6.4")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/tumashu/pyim/archive/v"
+                    version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0hfg8q9hcjifvnlghw2g94dfxfirms2psq2ghqb28fhkf0lks13r"))))
+    (build-system emacs-build-system)
+    (propagated-inputs
+     `(("emacs-async" ,emacs-async)
+       ("emacs-exwm" ,emacs-pyim-basedict)
+       ("emacs-popup" ,emacs-popup)
+       ("emacs-pos-tip" ,emacs-pos-tip)))
+    (home-page "https://github.com/tumashu/pyim")
+    (synopsis "Chinese input method")
+    (description "Chinese input method which supports quanpin, shuangpin, wubi
+and cangjie.")
+    (license license:gpl2+)))
+
 (define-public emacs-xelb
   (package
     (name "emacs-xelb")
@@ -5363,3 +5724,149 @@ enables you to easily define search engines, bind them to keybindings, and
 query them from the comfort of your editor.")
     (home-page "https://github.com/hrs/engine-mode")
     (license license:gpl3+)))
+
+(define-public emacs-prop-menu
+  (package
+    (name "emacs-prop-menu")
+    (version "0.1.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "http://stable.melpa.org/packages/prop-menu-"
+             version ".el"))
+       (sha256
+        (base32
+         "01bk4sjafzz7gqrkv9jg0pa85qr34vbk3q8ga2b0m61bndywzgpr"))))
+    (build-system emacs-build-system)
+    (home-page
+     "https://github.com/david-christiansen/prop-menu-el")
+    (synopsis
+     "Create and display a context menu based on text and overlay properties")
+    (description
+     "This is a library for computing context menus based on text
+properties and overlays.  The intended use is to have tools that
+annotate source code and others that use these annotations, without
+requiring a direct coupling between them, but maintaining
+discoverability.
+
+Major modes that wish to use this library should first define an
+appropriate value for @code{prop-menu-item-functions}.  Then, they should
+bind @code{prop-menu-by-completing-read} to an appropriate
+key.  Optionally, a mouse pop-up can be added by binding
+@code{prop-menu-show-menu} to a mouse event.")
+    (license license:gpl3+)))
+
+(define-public emacs-idris-mode
+  (package
+    (name "emacs-idris-mode")
+    (version "0.9.19")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "http://stable.melpa.org/packages/idris-mode-"
+             version ".tar"))
+       (sha256
+        (base32
+         "0ld4kfwnyyhlsnj5f6cbn4is4mpxdqalk2aifkw02r00mbr9n294"))))
+    (build-system emacs-build-system)
+    (propagated-inputs
+     `(("emacs-prop-menu" ,emacs-prop-menu)))
+    (home-page
+     "https://github.com/idris-hackers/idris-mode")
+    (synopsis "Major mode for editing Idris code")
+    (description
+     "This is an Emacs mode for editing Idris code.  It requires the latest
+version of Idris, and some features may rely on the latest Git version of
+Idris.")
+    (license license:gpl3+)))
+
+(define-public emacs-browse-at-remote
+  (let ((commit "b5cff7971ca8bbb966e3acd9b7e5c4c007f94215")
+        (revision "1"))
+    (package
+      (name "emacs-browse-at-remote")
+      (version (string-append "0.9.0-" revision "."
+                              (string-take commit 7)))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/rmuslimov/browse-at-remote.git")
+                      (commit commit)))
+                (file-name (string-append name "-" version "-checkout"))
+                (sha256
+                 (base32
+                  "16ms9703m15dfxg6ap4mdw7msf8z5rzsdhba51dwivfpjxg7n52c"))))
+      (build-system emacs-build-system)
+      (propagated-inputs
+       `(("emacs-f" ,emacs-f)
+         ("emacs-s" ,emacs-s)))
+      (native-inputs
+       `(("ert-runner" ,ert-runner)))
+      (arguments
+       `(#:phases
+         (modify-phases %standard-phases
+           (add-before 'install 'check
+             (lambda _
+               (zero? (system* "ert-runner")))))))
+      (home-page "https://github.com/rmuslimov/browse-at-remote")
+      (synopsis "Open github/gitlab/bitbucket/stash page from Emacs")
+      (description
+       "This Emacs package allows you to open a target page on
+github/gitlab (or bitbucket) by calling @code{browse-at-remote} command.
+It supports dired buffers and opens them in tree mode at destination.")
+      (license license:gpl3+))))
+
+(define-public emacs-tiny
+  (package
+    (name "emacs-tiny")
+    (version "0.1.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://elpa.gnu.org/packages/tiny-" version ".tar"))
+       (sha256
+        (base32
+         "1nhg8375qdn457wj0xmfaj72s87xbabk2w1nl6q7rjvwxv08yyn7"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/abo-abo/tiny")
+    (synopsis "Quickly generate linear ranges in Emacs")
+    (description
+     "The main command of the @code{tiny} extension for Emacs is @code{tiny-expand}.
+It is meant to quickly generate linear ranges, e.g. 5, 6, 7, 8.  Some elisp
+proficiency is an advantage, since you can transform your numeric range with
+an elisp expression.")
+  (license license:gpl3+)))
+
+(define-public emacs-bash-completion
+  (package
+   (name "emacs-bash-completion")
+   (version "2.0.0")
+   (source
+    (origin
+      (method url-fetch)
+      (uri (string-append
+            "https://github.com/szermatt/emacs-bash-completion/archive/v"
+            version ".tar.gz"))
+      (file-name (string-append name "-" version ".tar.gz"))
+      (sha256
+       (base32
+        "0mkci4a1fy8z4cmry8mx5vsx4f16a8r454slnh7lqzidnhfi63hj"))))
+   (inputs `(("bash" ,bash)))
+   (build-system emacs-build-system)
+   (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-before 'install 'configure
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let ((bash (assoc-ref inputs "bash")))
+               (emacs-substitute-variables "bash-completion.el"
+                 ("bash-completion-prog" (string-append bash "/bin/bash"))))
+             #t)))))
+   (home-page "https://github.com/szermatt/emacs-bash-completion")
+   (synopsis "BASH completion for the shell buffer")
+   (description
+    "@code{bash-completion} defines dynamic completion hooks for shell-mode
+and shell-command prompts that are based on bash completion.")
+   (license license:gpl2+)))
diff --git a/gnu/packages/embedded.scm b/gnu/packages/embedded.scm
index 5e51fe2d01..91c600353a 100644
--- a/gnu/packages/embedded.scm
+++ b/gnu/packages/embedded.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2016 Theodoros Foradis <theodoros.for@openmailbox.org>
+;;; Copyright © 2016, 2017 Theodoros Foradis <theodoros@foradis.org>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -290,8 +290,8 @@ languages are C and C++.")
 
 (define-public libjaylink
   ;; No release tarballs available.
-  (let ((commit "faa2a433fdd3de211728f3da5921133214af9dd3")
-        (revision "1"))
+  (let ((commit "699b7001d34a79c8e7064503dde1bede786fd7f0")
+        (revision "2"))
     (package
       (name "libjaylink")
       (version (string-append "0.1.0-" revision "."
@@ -304,7 +304,7 @@ languages are C and C++.")
                 (file-name (string-append name "-" version "-checkout"))
                 (sha256
                  (base32
-                  "02crr56csz8whq3q4mrmdzzgwp5b0qvxm0fb18drclc3zj44yxl2"))))
+                  "034872d44myycnzn67v5b8ixrgmg8sk32aqalvm5x7108w2byww1"))))
       (build-system gnu-build-system)
       (native-inputs
        `(("autoconf" ,autoconf)
@@ -316,7 +316,7 @@ languages are C and C++.")
       (arguments
        `(#:phases
          (modify-phases %standard-phases
-           (add-before 'configure 'autoreconf
+           (add-after 'unpack 'autoreconf
              (lambda _
                (zero? (system* "autoreconf" "-vfi")))))))
       (home-page "http://repo.or.cz/w/libjaylink.git")
@@ -355,59 +355,66 @@ language.")
     (license license:bsd-2)))
 
 (define-public openocd
-  ;; FIXME: Use tarball release after nrf52 patch is merged.
-  (let ((commit "674141e8a7a6413cb803d90c2a20150260015f81")
-        (revision "1"))
-    (package
-      (name "openocd")
-      (version (string-append "0.9.0-" revision "."
-                              (string-take commit 7)))
-      (source (origin
-                (method git-fetch)
-                (uri (git-reference
-                      (url "https://git.code.sf.net/p/openocd/code.git")
-                      (commit commit)))
-                (sha256
-                 (base32
-                  "1i86jp0wawq78d73z8hp7q1pn7lmlvhjjr19f7299h4w40a5jf8j"))
-                (file-name (string-append name "-" version "-checkout"))
-                (patches
-                 (search-patches "openocd-nrf52.patch"))))
-      (build-system gnu-build-system)
-      (native-inputs
-       `(("autoconf" ,autoconf)
-         ("automake" ,automake)
-         ("libtool" ,libtool)
-         ("pkg-config" ,pkg-config)))
-      (inputs
-       `(("hidapi" ,hidapi)
-         ("jimtcl" ,jimtcl)
-         ("libftdi" ,libftdi)
-         ("libjaylink" ,libjaylink)
-         ("libusb-compat" ,libusb-compat)))
-      (arguments
-       '(#:configure-flags
-         (append (list "--disable-werror"
-                       "--disable-internal-jimtcl"
-                       "--disable-internal-libjaylink")
-                 (map (lambda (programmer)
-                        (string-append "--enable-" programmer))
-                      '("amtjtagaccel" "armjtagew" "buspirate" "ftdi"
-                        "gw16012" "jlink" "oocd_trace" "opendous" "osbdm"
-                        "parport" "aice" "cmsis-dap" "dummy" "jtag_vpi"
-                        "remote-bitbang" "rlink" "stlink" "ti-icdi" "ulink"
-                        "usbprog" "vsllink" "usb-blaster-2" "usb_blaster"
-                        "presto" "openjtag")))
-         #:phases
-         (modify-phases %standard-phases
-           (add-before 'configure 'autoreconf
-             (lambda _
-               (zero? (system* "autoreconf" "-vfi")))))))
-      (home-page "http://openocd.org")
-      (synopsis "On-Chip Debugger")
-      (description "OpenOCD provides on-chip programming and debugging support
+  (package
+    (name "openocd")
+    (version "0.10.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://sourceforge/openocd/openocd/"
+                                  version "/openocd-" version ".tar.gz"))
+              (sha256
+               (base32
+                "09p57y3c2spqx4vjjlz1ljm1lcd0j9q8g76ywxqgn3yc34wv18zd"))
+              ;; FIXME: Remove after nrf52 patch is merged.
+              (patches
+               (search-patches "openocd-nrf52.patch"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("libtool" ,libtool)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("hidapi" ,hidapi)
+       ("jimtcl" ,jimtcl)
+       ("libftdi" ,libftdi)
+       ("libjaylink" ,libjaylink)
+       ("libusb-compat" ,libusb-compat)))
+    (arguments
+     '(#:configure-flags
+       (append (list "--disable-werror"
+                     "--enable-sysfsgpio"
+                     "--disable-internal-jimtcl"
+                     "--disable-internal-libjaylink")
+               (map (lambda (programmer)
+                      (string-append "--enable-" programmer))
+                    '("amtjtagaccel" "armjtagew" "buspirate" "ftdi"
+                      "gw16012" "jlink" "opendous" "osbdm"
+                      "parport" "aice" "cmsis-dap" "dummy" "jtag_vpi"
+                      "remote-bitbang" "rlink" "stlink" "ti-icdi" "ulink"
+                      "usbprog" "vsllink" "usb-blaster-2" "usb_blaster"
+                      "presto" "openjtag")))
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'autoreconf
+           (lambda _
+             (zero? (system* "autoreconf" "-vfi"))))
+         (add-after 'autoreconf 'change-udev-group
+           (lambda _
+             (substitute* "contrib/60-openocd.rules"
+               (("plugdev") "dialout"))
+             #t))
+         (add-after 'install 'install-udev-rules
+           (lambda* (#:key outputs #:allow-other-keys)
+             (install-file "contrib/60-openocd.rules"
+                           (string-append
+                            (assoc-ref outputs "out")
+                            "/lib/udev/rules.d/")))))))
+    (home-page "http://openocd.org")
+    (synopsis "On-Chip Debugger")
+    (description "OpenOCD provides on-chip programming and debugging support
 with a layered architecture of JTAG interface and TAP support.")
-      (license license:gpl2+))))
+    (license license:gpl2+)))
 
 ;; The commits for all propeller tools are the latest versions as published
 ;; here: https://github.com/dbetz/propeller-gcc
diff --git a/gnu/packages/engineering.scm b/gnu/packages/engineering.scm
index c4afe5ff95..5492f1c629 100644
--- a/gnu/packages/engineering.scm
+++ b/gnu/packages/engineering.scm
@@ -61,6 +61,7 @@
   #:use-module (gnu packages m4)
   #:use-module (gnu packages maths)
   #:use-module (gnu packages multiprecision)
+  #:use-module (gnu packages mpi)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
@@ -485,16 +486,16 @@ ready for production.")
     (arguments
      `(#:phases
        (modify-phases %standard-phases
-         (add-before 'configure 'autoconf
-          (lambda _
-            ;; Build rules contain references to Russian translation, but the
-            ;; needed files are missing; see
-            ;; http://sourceforge.net/p/gerbv/bugs/174/
-            (delete-file "po/LINGUAS")
-            (substitute* "man/Makefile.am"
-              (("PO_FILES= gerbv.ru.1.in.po") "")
-              (("man_MANS = gerbv.1 gerbv.ru.1") "man_MANS = gerbv.1"))
-            (zero? (system* "autoreconf" "-vfi")))))))
+         (add-after 'unpack 'autoconf
+           (lambda _
+             ;; Build rules contain references to Russian translation, but the
+             ;; needed files are missing; see
+             ;; http://sourceforge.net/p/gerbv/bugs/174/
+             (delete-file "po/LINGUAS")
+             (substitute* "man/Makefile.am"
+               (("PO_FILES= gerbv.ru.1.in.po") "")
+               (("man_MANS = gerbv.1 gerbv.ru.1") "man_MANS = gerbv.1"))
+             (zero? (system* "autoreconf" "-vfi")))))))
     (native-inputs
      `(("autoconf" ,autoconf)
        ("automake" ,automake)
@@ -1128,3 +1129,52 @@ hexadecimal editor able to open disk files, but later support for analyzing
 binaries, disassembling code, debugging programs, attaching to remote gdb
 servers, ...")
     (license license:lgpl3)))
+
+(define-public asco
+  (package
+    (name "asco")
+    (version "0.4.10")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://sourceforge/asco/asco/" version "/ASCO-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "119rbc2dc8xzwxvykgji0v0nrzvymjmlizr1bc2mihspj686kxsl"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f                                ; no tests
+       #:make-flags '("all" "asco-mpi")
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (add-before 'build 'fix-paths
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let ((coreutils (assoc-ref inputs "coreutils-minimal")))
+               (substitute* '("errfunc.c" "asco.c")
+                 (("cp ")
+                  (string-append coreutils "/bin/cp "))
+                 (("nice")
+                  (string-append coreutils "/bin/nice")))
+               (substitute* "Makefile"
+                 (("<FULL_PATH_TO_MPICH>/bin/mpicc") (which "mpicc")))
+               #t)))
+         (replace 'install                        ; no install target
+           (lambda* (#:key outputs #:allow-other-keys)
+             (for-each (lambda (file)
+                         (install-file file (string-append
+                                             (assoc-ref outputs "out")
+                                             "/bin")))
+                       '("asco" "asco-mpi" "asco-test"
+                         "tools/alter/alter" "tools/log/log"))
+             #t)))))
+    (native-inputs
+     `(("mpi" ,openmpi)))
+    (inputs
+     `(("coreutils-minimal" ,coreutils-minimal)))
+    (home-page "http://asco.sourceforge.net/")
+    (synopsis "SPICE circuit optimizer")
+    (description
+     "ASCO brings circuit optimization capabilities to existing SPICE simulators using a
+high-performance parallel differential evolution (DE) optimization algorithm.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm
index 56e6bed97b..e1265cfcf7 100644
--- a/gnu/packages/enlightenment.scm
+++ b/gnu/packages/enlightenment.scm
@@ -59,7 +59,7 @@
 (define-public efl
   (package
     (name "efl")
-    (version "1.20.2")
+    (version "1.20.4")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -67,7 +67,7 @@
                     version ".tar.xz"))
               (sha256
                (base32
-                "0zll6k4xbbdsxqg53g8jddgv889g5m1xh20i03iz5a52y2bcnh55"))))
+                "1jxha61gsil6hs9zb72zsyh3gmdipvfnlc9v3palb2bm0b23aq9i"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -149,6 +149,16 @@
                            "--enable-drm")
        #:phases
        (modify-phases %standard-phases
+         ;; If we don't hardcode the location of libcurl.so then we
+         ;; have to wrap the outputs of efl's dependencies in curl.
+         (add-after 'unpack 'hardcode-libcurl-location
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let* ((curl (assoc-ref inputs "curl"))
+                    (lib  (string-append curl "/lib/")))
+               (substitute* "src/lib/ecore_con/ecore_con_url_curl.c"
+                 (("libcurl.so.?" libcurl) ; libcurl.so.[45]
+                  (string-append lib libcurl)))
+               #t)))
          (add-after 'unpack 'set-home-directory
            ;; FATAL: Cannot create run dir '/homeless-shelter/.run' - errno=2
            (lambda _ (setenv "HOME" "/tmp") #t)))))
@@ -165,7 +175,7 @@ removable devices or support for multimedia.")
 (define-public terminology
   (package
     (name "terminology")
-    (version "1.1.0")
+    (version "1.1.1")
     (source (origin
               (method url-fetch)
               (uri
@@ -173,7 +183,7 @@ removable devices or support for multimedia.")
                               "terminology/terminology-" version ".tar.xz"))
               (sha256
                (base32
-                "13rl1k22yf8qrpzdm5nh6ij641fibadr2ww1r7rnz7mbhzj3d4gb"))
+                "05ncxvzb9rzkyjvd95hzn8lswqdwr8cix6rd54nqn9559jibh4ns"))
               (modules '((guix build utils)))
               ;; Remove the bundled fonts.
               ;; TODO: Remove bundled lz4.
diff --git a/gnu/packages/erlang.scm b/gnu/packages/erlang.scm
index a400e712d5..cf4d7a5955 100644
--- a/gnu/packages/erlang.scm
+++ b/gnu/packages/erlang.scm
@@ -143,7 +143,7 @@
          (add-before 'configure 'set-erl-top
            (lambda _
              (setenv "ERL_TOP" (getcwd))))
-         (add-before 'configure 'autoconf
+         (add-after 'patch-source-env 'autoconf
            (lambda _ (zero? (system* "./otp_build" "autoconf"))))
          (add-after 'install 'patch-erl
            ;; This only works after install.
diff --git a/gnu/packages/fabric-management.scm b/gnu/packages/fabric-management.scm
new file mode 100644
index 0000000000..76ef9eef2e
--- /dev/null
+++ b/gnu/packages/fabric-management.scm
@@ -0,0 +1,173 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Dave Love <fx@gnu.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages fabric-management)
+  #:use-module (guix packages)
+  #:use-module (guix licenses)
+  #:use-module (guix download)
+  #:use-module (guix utils)
+  #:use-module (guix build-system gnu)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages autotools)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages flex)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages graphviz)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages swig)
+  #:use-module (gnu packages tcl))
+
+;; Fixme: Done for the library, but needs support for running the daemon
+;;        (shepherd definition).
+;;        We should probably have a lib output, but that currently generates
+;;        a cycle.
+(define-public opensm
+  (package
+    (name "opensm")
+    (version "3.3.20")
+    (source
+     (origin
+       (method url-fetch)
+       (uri
+        (string-append "https://www.openfabrics.org/downloads/management/opensm-"
+                       version ".tar.gz"))
+       (sha256 (base32 "162sg1w7kgy8ayl8a4dcbrfacmnfy2lr9a2yjyq0k65rmd378zg1"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("flex" ,flex)
+       ("bison" ,bison)))
+    (inputs
+     `(("rdma-core" ,rdma-core)))
+    (arguments
+     `(#:configure-flags '("--disable-static")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'doc
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((base (assoc-ref outputs "out"))
+                    (doc  (string-append base "/share/doc/"
+                                         ,name "-" ,version)))
+               (for-each (lambda (file)
+                           (install-file file doc))
+                         (append (list "AUTHORS" "COPYING" "ChangeLog")
+                                 (find-files "doc")))
+               #t))))))
+    (home-page "https://www.openfabrics.org/")
+    (synopsis "OpenIB InfiniBand Subnet Manager and management utilities")
+    (description "\
+OpenSM is the OpenIB project's Subnet Manager for Infiniband networks.
+The subnet manager is run as a system daemon on one of the machines in
+the infiniband fabric to manage the fabric's routing state.  This package
+also contains various tools for diagnosing and testing Infiniband networks
+that can be used from any machine and do not need to be run on a machine
+running the opensm daemon.")
+    (license (list gpl2 bsd-2))))
+
+(define-public infiniband-diags
+  (package
+    (name "infiniband-diags")
+    (version "2.0.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/linux-rdma/infiniband-diags/archive/"
+                           version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1ns9sjwvxnklhi47d6k5x8kxdk1n7f5362y45xwxqmr7gwfvpmwa"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("rdma-core" ,rdma-core)
+       ("opensm" ,opensm)
+       ("glib" ,glib)))
+    (outputs '("out" "lib"))
+    (native-inputs
+     ;; FIXME: needs rst2man for man pages
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("libtool" ,libtool)
+       ("perl" ,perl)
+       ("pkg-config" ,pkg-config)))
+    (arguments
+     '(#:configure-flags
+       (list (string-append "CPPFLAGS=-I" (assoc-ref %build-inputs "opensm")
+                            "/include/infiniband")
+             (string-append "--with-perl-installdir=" (assoc-ref %outputs "lib")
+                            "/lib/perl5/vendor_perl")
+             "--disable-static")
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'autotools
+           (lambda _
+             (zero? (system "./autogen.sh"))))
+         (add-after 'install 'licence
+           (lambda _
+             (let ((doc (string-append (assoc-ref %outputs "lib") "/share/doc")))
+               (mkdir-p doc)
+               (install-file "COPYING" doc))))
+         (add-after 'install-file 'move-perl
+           ;; Avoid perl in lib closure
+           (lambda _
+             (let ((perlout (string-append (assoc-ref %outputs "out") "/lib"))
+                   (perlin (string-append (assoc-ref %outputs "lib")
+                                          "/lib/perl5")))
+               (mkdir-p perlout)
+               (rename-file perlin perlout)
+               #t))))))
+    (home-page "https://github.com/linux-rdma/infiniband-diags")
+    (synopsis "Infiniband diagnotic tools")
+    (description "This is a set of command-line utilities to help configure,
+debug, and maintain Infiniband (IB) fabrics.
+
+In addition to the utilities, a sub-library, @file{libibnetdisc}, is provided
+to scan an entire IB fabric and return data structures representing it.  The
+interface to this library is not guaranteed to be stable.")
+    (license (list gpl2 bsd-2)))) ; dual
+
+(define-public ibutils
+  (package
+    (name "ibutils")
+    (version "1.5.7-0.2.gbd7e502")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://www.openfabrics.org/downloads/ibutils/ibutils-"
+                           version ".tar.gz"))
+       (sha256
+        (base32 "00x7v6cf8l5y6g9xwh1sg738ch42fhv19msx0h0090nhr0bv98v7"))))
+    (build-system gnu-build-system)
+    (inputs `(("graphviz" ,graphviz)
+              ("tcl" ,tcl)
+              ("tk" ,tk)
+              ("infiniband-diags" ,infiniband-diags)
+              ("rdma-core" ,rdma-core)
+              ("opensm" ,opensm)
+              ("perl" ,perl)))
+    (native-inputs `(("swig" ,swig)))
+    (arguments
+     `(#:configure-flags
+       (list (string-append "--with-osm="  (assoc-ref %build-inputs "opensm"))
+             (string-append "--with-tk-lib=" (assoc-ref %build-inputs "tk") "/lib")
+             "--disable-static")))
+    (synopsis "InfiniBand network utilities")
+    (description "These command-line utilities allow for diagnosing and
+testing InfiniBand networks.")
+    (home-page "https://www.openfabrics.org/downloads/ibutils/")
+    (license bsd-2)))
diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm
index 9085ecfeac..63aa3fac49 100644
--- a/gnu/packages/file.scm
+++ b/gnu/packages/file.scm
@@ -50,4 +50,3 @@ extensions to tell you the type of a file, but looks at the actual contents
 of the file.")
    (license bsd-2)
    (home-page "https://www.darwinsys.com/file/")))
-
diff --git a/gnu/packages/finance.scm b/gnu/packages/finance.scm
index 748b59c9e1..9e346a6625 100644
--- a/gnu/packages/finance.scm
+++ b/gnu/packages/finance.scm
@@ -1,9 +1,10 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015, 2016 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 Carlo Zancanaro <carlo@zancanaro.id.au>
+;;; Copyright © 2017 Theodoros Foradis <theodoros@foradis.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -29,11 +30,16 @@
  #:use-module (guix build-system python)
  #:use-module (gnu packages base)
  #:use-module (gnu packages boost)
+ #:use-module (gnu packages check)
  #:use-module (gnu packages databases)
+ #:use-module (gnu packages documentation)
+ #:use-module (gnu packages dns)
  #:use-module (gnu packages emacs)
+ #:use-module (gnu packages graphviz)
  #:use-module (gnu packages groff)
  #:use-module (gnu packages libedit)
  #:use-module (gnu packages libevent)
+ #:use-module (gnu packages libunwind)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages multiprecision)
  #:use-module (gnu packages pkg-config)
@@ -44,12 +50,14 @@
  #:use-module (gnu packages textutils)
  #:use-module (gnu packages tls)
  #:use-module (gnu packages upnp)
+ #:use-module (gnu packages web)
+ #:use-module (gnu packages xml)
  #:use-module (gnu packages gnuzilla))
 
 (define-public bitcoin-core
   (package
     (name "bitcoin-core")
-    (version "0.14.2")
+    (version "0.15.0.1")
     (source (origin
              (method url-fetch)
              (uri
@@ -57,12 +65,13 @@
                              version "/bitcoin-" version ".tar.gz"))
              (sha256
               (base32
-               "1jp8vdc25gs46gj1d9mraqa1xnampffpa7mdy0fw80xca77fbi0s"))))
+               "16si3skhm6jhw1pkniv2b9y1kkdhjmhj392palphir0qc1srwzmm"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("python" ,python) ; for the tests
-       ("util-linux" ,util-linux))) ; provides the hexdump command for tests
+       ("util-linux" ,util-linux)   ; provides the hexdump command for tests
+       ("qttools" ,qttools)))
     (inputs
      `(("bdb" ,bdb-5.3) ; with 6.2.23, there is an error: ambiguous overload
        ("boost" ,boost)
@@ -70,8 +79,7 @@
        ("miniupnpc" ,miniupnpc)
        ("openssl" ,openssl)
        ("protobuf" ,protobuf)
-       ;; TODO Build with the modular Qt.
-       ("qt" ,qt)))
+       ("qtbase" ,qtbase)))
     (arguments
      `(#:configure-flags
         (list
@@ -79,7 +87,16 @@
           "--with-incompatible-bdb"
           ;; Boost is not found unless specified manually.
           (string-append "--with-boost="
-                         (assoc-ref %build-inputs "boost")))
+                         (assoc-ref %build-inputs "boost"))
+          ;; XXX: The configure script looks up Qt paths by
+          ;; `pkg-config --variable=host_bins Qt5Core`, which fails to pick
+          ;; up executables residing in 'qttools', so we specify them here.
+          (string-append "ac_cv_path_LRELEASE="
+                         (assoc-ref %build-inputs "qttools")
+                         "/bin/lrelease")
+          (string-append "ac_cv_path_LUPDATE="
+                         (assoc-ref %build-inputs "qttools")
+                         "/bin/lupdate"))
        #:phases
         (modify-phases %standard-phases
           (add-before 'check 'set-home
@@ -246,7 +263,7 @@ do so.")
 (define-public electrum
   (package
     (name "electrum")
-    (version "2.7.12")
+    (version "2.9.3")
     (source
      (origin
        (method url-fetch)
@@ -255,7 +272,7 @@ do so.")
                            version ".tar.gz"))
        (sha256
         (base32
-         "0vxdfl208if7mdsnva1jg37bnay2dsz3ww157aqwcv1j6512fi1n"))
+         "0d0fzb653g7b8ka3x90nl21md4g3n1fv11czdxpdq3s9yr6js6f2"))
        (modules '((guix build utils)))
        (snippet
         '(begin
@@ -264,7 +281,8 @@ do so.")
            #t))))
     (build-system python-build-system)
     (inputs
-     `(("python-slowaes" ,python2-slowaes)
+     `(("python-pyaes" ,python2-pyaes)
+       ("python-pysocks" ,python2-pysocks)
        ("python-sip" ,python2-sip)
        ("python-pyqt" ,python2-pyqt-4)
        ("python-ecdsa" ,python2-ecdsa)
@@ -291,3 +309,181 @@ protocol.  It supports Simple Payment Verification (SPV) and deterministic key
 generation from a seed.  Your secret keys are encrypted and are never sent to
 other machines/servers.  Electrum does not download the Bitcoin blockchain.")
     (license license:expat)))
+
+(define-public monero
+  ;; This package bundles easylogging++ and lmdb.
+  ;; The bundled easylogging++ is modified, and the changes will not be upstreamed.
+  ;; The devs deem the lmdb driver too critical a consenus component, to use
+  ;; the system's dynamically linked library.
+  (package
+    (name "monero")
+    (version "0.11.0.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/monero-project/monero/archive/v"
+                           version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (modules '((guix build utils)))
+       (snippet
+        '(begin
+           ;; Delete bundled dependencies.
+           (for-each
+            delete-file-recursively
+            '("external/miniupnpc" "external/rapidjson"
+              "external/unbound"))
+           #t))
+       (sha256
+        (base32
+         "083w40a553c0r3i18020jcrv5s0b64vx3d8xrn9nwkb2237ighlk"))))
+    (build-system cmake-build-system)
+    (native-inputs
+     `(("doxygen" ,doxygen)
+       ("googletest" ,googletest)
+       ("graphviz" ,graphviz)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("bind" ,isc-bind)
+       ("boost" ,boost)
+       ("expat" ,expat)
+       ("libunwind" ,libunwind)
+       ("lmdb" ,lmdb)
+       ("miniupnpc" ,miniupnpc)
+       ("openssl" ,openssl)
+       ("rapidjson" ,rapidjson)
+       ("unbound" ,unbound)))
+    (arguments
+     `(#:out-of-source? #t
+       #:configure-flags '("-DBUILD_TESTS=ON"
+                           ,@(if (string=? "aarch64-linux" (%current-system))
+                                 '("-DARCH=armv8-a")
+                                 '())
+                           "-DBUILD_GUI_DEPS=ON")
+       #:phases
+       (modify-phases %standard-phases
+         ;; tests/core_tests need a valid HOME
+         (add-before 'configure 'set-home
+           (lambda _
+             (setenv "HOME" (getcwd))
+             #t))
+         (add-after 'set-home 'fix-wallet-path-for-unit-tests
+           (lambda _
+             (substitute* "tests/unit_tests/serialization.cpp"
+               (("\\.\\./\\.\\./\\.\\./\\.\\./") "../../"))
+             #t))
+         (add-after 'fix-wallet-path-for-unit-tests 'change-log-path
+           (lambda _
+             (substitute* "contrib/epee/src/mlog.cpp"
+               (("epee::string_tools::get_current_module_folder\\(\\)")
+                "\".bitmonero\""))
+             (substitute* "contrib/epee/src/mlog.cpp"
+               (("return \\(") "return ((std::string(getenv(\"HOME\"))) / "))
+             #t))
+         (replace 'check
+           (lambda _
+             (zero?
+              (system* "make" "ARGS=-E 'unit_tests|libwallet_api_tests'"
+                       "test"))))
+         ;; The excluded unit tests need network access
+         (add-after 'check 'unit-tests
+           (lambda _
+             (let ((excluded-unit-tests
+                    (string-join
+                     '("AddressFromURL.Success"
+                       "AddressFromURL.Failure"
+                       "DNSResolver.IPv4Success"
+                       "DNSResolver.DNSSECSuccess"
+                       "DNSResolver.DNSSECFailure"
+                       "DNSResolver.GetTXTRecord")
+                     ":")))
+               (zero?
+                (system* "tests/unit_tests/unit_tests"
+                         (string-append "--gtest_filter=-"
+                                        excluded-unit-tests))))))
+         (add-after 'install 'install-blockchain-import-export
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin")))
+               (install-file "bin/monero-blockchain-import" bin)
+               (install-file "bin/monero-blockchain-export" bin)))))))
+    (home-page "https://getmonero.org/")
+    (synopsis "Command-line interface to the Monero currency")
+    (description
+     "Monero is a secure, private, untraceable currency.  This package provides the
+Monero command line client and daemon.")
+    (license license:bsd-3)))
+
+(define-public monero-core
+  (package
+    (name "monero-core")
+    (version "0.11.0.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/monero-project/monero-core/archive/v"
+                           version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0hnrkgwb1sva67pcjym2gvb4zifp2s849dfbnjzbxk3yczpcyqzg"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("doxygen" ,doxygen)
+       ("graphviz" ,graphviz)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("boost" ,boost)
+       ("libunwind" ,libunwind)
+       ("openssl" ,openssl)
+       ("qt" ,qt)
+       ("unbound" ,unbound)))
+    (propagated-inputs
+     `(("monero" ,monero)))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (delete 'check)
+         (add-before 'build 'fix-makefile-vars
+           (lambda _
+             (substitute* "src/zxcvbn-c/makefile"
+               (("\\?=") "="))
+             #t))
+         (add-after 'fix-makefile-vars 'fix-library-paths
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "monero-wallet-gui.pro"
+               (("-L/usr/local/lib") "")
+               (("-L/usr/local/opt/openssl/lib")
+                (string-append "-L"
+                               (assoc-ref inputs "openssl")
+                               "/lib"))
+               (("-L/usr/local/opt/boost/lib")
+                (string-append "-L"
+                               (assoc-ref inputs "boost")
+                               "/lib")))
+             #t))
+         (add-after 'fix-library-paths 'fix-monerod-path
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "src/daemon/DaemonManager.cpp"
+               (("QApplication::applicationDirPath\\(\\) \\+ \"/monerod")
+                (string-append "\""(assoc-ref inputs "monero")
+                               "/bin/monerod")))
+             #t))
+         (replace 'build
+           (lambda _
+             (zero? (system* "./build.sh"))))
+         (add-after 'build 'fix-install-path
+           (lambda* (#:key outputs #:allow-other-keys)
+             (substitute* "build/Makefile"
+               (("/opt/monero-wallet-gui")
+                (assoc-ref outputs "out")))
+             #t))
+         (add-before 'install 'change-dir
+           (lambda _
+             (chdir "build"))))))
+    (home-page "https://getmonero.org/")
+    (synopsis "Graphical user interface for the Monero currency")
+    (description
+     "Monero is a secure, private, untraceable currency.  This package provides the
+Monero GUI client.")
+    (license license:bsd-3)))
diff --git a/gnu/packages/fltk.scm b/gnu/packages/fltk.scm
index 27d2f62ca7..0ca77cfa40 100644
--- a/gnu/packages/fltk.scm
+++ b/gnu/packages/fltk.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2014 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm
index 69ef743cba..b65d3a9e94 100644
--- a/gnu/packages/fonts.scm
+++ b/gnu/packages/fonts.scm
@@ -20,6 +20,7 @@
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2017 Brendan Tildesley <brendan.tildesley@openmailbox.org>
 ;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
+;;; Copyright © 2017 Mohammed Sadiq <sadiq@sadiqpk.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -514,6 +515,32 @@ fonts.")
     ;; exceptions.
     (license license:gpl3)))
 
+(define-public font-rachana
+  (package
+    (name "font-rachana")
+    (version "7.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://gitlab.com/smc/rachana/repository/archive.tar.gz?ref=Version"
+             version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0jc091gshna6p1dd6lf507jxkgk6rsja835fc9dm71mcplq53bm1"))))
+    (build-system font-build-system)
+    (home-page "https://smc.org.in")
+    (synopsis "Malayalam font")
+    (description
+     "Rachana is a Malayalam font designed by Hussain K H.  The project was
+part of Rachana Aksharavedi for the original script of Malayalam in computing.
+Rachana has about 1,200+ glyphs for Malayalam and contains glyphs required for
+printing old Malayalam books without compromising the writing style.")
+    ;; This font is licensed under SIL 1.1 or GPLv3+ with font embedding
+    ;; exceptions.
+    (license (list license:silofl1.1 license:gpl3+))))
+
 (define-public font-tex-gyre
   (package
     (name "font-tex-gyre")
@@ -560,7 +587,7 @@ languages, plus Greek and Cyrillic.")
 (define-public font-gnu-unifont
   (package
     (name "font-gnu-unifont")
-    (version "10.0.05")
+    (version "10.0.06")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -568,7 +595,7 @@ languages, plus Greek and Cyrillic.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "07sajc32l2knnz6gmd81zxjhcxq8xr6r2kf42wig56vj05s3d1cb"))))
+                "0z8lglzwbkmya0gmhxd9m1x3nsd7flfsbsh0qy34dzqqdwjpyy2p"))))
     (build-system gnu-build-system)
     (outputs '("out" ; TrueType version
                "pcf" ; PCF (bitmap) version
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index bd74c4d6aa..15401f652b 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -405,7 +405,7 @@ and returns a sequence of positioned glyphids from the font.")
 (define-public potrace
   (package
     (name "potrace")
-    (version "1.14")
+    (version "1.15")
     (source
      (origin
       (method url-fetch)
@@ -413,7 +413,7 @@ and returns a sequence of positioned glyphids from the font.")
                           "/potrace-" version ".tar.gz"))
       (sha256
        (base32
-        "0znr9i0ljb818qiwm22zw63g11a4v08gc5xkh0wbdp6g259vcwnv"))))
+        "17ajildjp14shsy339xarh1lw1p0k60la08ahl638a73mh23kcx9"))))
     (build-system gnu-build-system)
     (native-inputs `(("ghostscript" ,ghostscript))) ;for tests
     (inputs `(("zlib" ,zlib)))
@@ -507,26 +507,14 @@ definitions.")
 (define-public fontforge
   (package
    (name "fontforge")
-   (version "20160404")
+   (version "20170731")
    (source (origin
             (method url-fetch)
             (uri (string-append
                   "https://github.com/fontforge/fontforge/releases/download/"
-                  version "/fontforge-dist-" version ".tar.gz"))
+                  version "/fontforge-dist-" version ".tar.xz"))
             (sha256 (base32
-                     "1kavnhbkzc1hk6f39fynq9s0haama81ddrbld4b5x60d0dbaawvc"))
-            (modules '((guix build utils)))
-            (snippet
-             '(begin
-               ;; Make builds bit-reproducible by using fixed date strings.
-               (substitute* "configure"
-                 (("^FONTFORGE_MODTIME=.*$")
-                  "FONTFORGE_MODTIME=\"1459819518L\"\n")
-                 (("^FONTFORGE_MODTIME_STR=.*$")
-                  "FONTFORGE_MODTIME_STR=\"20:25 CDT  4-Apr-2016\"\n")
-                 (("^FONTFORGE_VERSIONDATE=.*$")
-                  "FONTFORGE_VERSIONDATE=\"20160404\"\n"))))
-            (patches (list (search-patch "fontforge-svg-modtime.patch")))))
+                     "08l8h3yvk4v7652jvmd3ls7nf5miybkx2fmkf1mpwwfixpxxw2l4"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("pkg-config" ,pkg-config)))
@@ -550,20 +538,11 @@ definitions.")
              ("libxml2"         ,libxml2)
              ("pango"           ,pango)
              ("potrace"         ,potrace)
-             ("python"          ,python)
+             ("python"          ,python-wrapper)
              ("zlib"            ,zlib)))
    (arguments
-    '(#:tests? #f
-      #:phases
+    '(#:phases
       (modify-phases %standard-phases
-        (add-after 'build 'build-contrib
-          (lambda* (#:key outputs #:allow-other-keys)
-            (let* ((out (assoc-ref outputs "out"))
-                   (bin (string-append out "/bin")))
-              (and (zero? (system* "make" "-Ccontrib/fonttools"
-                                   "CC=gcc" "showttf"))
-                   (begin (install-file "contrib/fonttools/showttf" bin)
-                          #t)))))
         (add-after 'install 'set-library-path
           (lambda* (#:key inputs outputs #:allow-other-keys)
             (let ((out (assoc-ref outputs "out"))
@@ -585,4 +564,4 @@ definitions.")
 opentype fonts.  You can save fonts in many different outline formats, and
 generate bitmaps.")
    (license license:gpl3+)
-   (home-page "http://fontforge.org/")))
+   (home-page "https://fontforge.github.io/en-US/")))
diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm
index 29f98a2356..e822f390c5 100644
--- a/gnu/packages/freedesktop.scm
+++ b/gnu/packages/freedesktop.scm
@@ -3,10 +3,10 @@
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2015, 2017 Andy Wingo <wingo@pobox.com>
 ;;; Copyright © 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
@@ -204,14 +204,14 @@ the freedesktop.org XDG Base Directory specification.")
 (define-public elogind
   (package
     (name "elogind")
-    (version "219.14")
+    (version "232.4")
     (source (origin
               (method url-fetch)
-              (uri (string-append "https://wingolog.org/pub/" name "/"
-                                  name "-" version ".tar.xz"))
+              (uri (string-append "https://github.com/elogind/elogind/"
+                                  "archive/v" version ".tar.gz"))
               (sha256
                (base32
-                "1jckc4wx199n1q4r4fv43ibjs6nlq91s39w9r78ilk1z383m1hcx"))
+                "1qcxian48z2dj5gfmp7brrngdydqf2jm00f4rjr5sy1myh8fy931"))
               (modules '((guix build utils)))
               (snippet
                '(begin
@@ -222,25 +222,58 @@ the freedesktop.org XDG Base Directory specification.")
                     (("XSLTPROC_FLAGS = ") "XSLTPROC_FLAGS = --novalid"))))))
     (build-system gnu-build-system)
     (arguments
-     `(#:configure-flags
-       (list (string-append "--with-libcap="
-                            (assoc-ref %build-inputs "libcap"))
-             (string-append "--with-udevrulesdir="
+     `(#:tests? #f ;FIXME: "make check" in the "po" directory fails.
+       #:configure-flags
+       (list (string-append "--with-udevrulesdir="
+                            (assoc-ref %outputs "out")
+                            "/lib/udev/rules.d")
+
+             ;; Let elogind be its own cgroup controller, rather than relying
+             ;; on systemd or OpenRC.  By default, 'configure' makes an
+             ;; incorrect guess.
+             "--with-cgroup-controller=elogind"
+
+             (string-append "--with-rootprefix="
+                            (assoc-ref %outputs "out"))
+             (string-append "--with-rootlibexecdir="
                             (assoc-ref %outputs "out")
-                            "/lib/udev/rules.d"))
+                            "/libexec/elogind")
+             ;; These are needed to ensure that lto linking works.
+             "RANLIB=gcc-ranlib"
+             "AR=gcc-ar"
+             "NM=gcc-nm")
        #:make-flags '("PKTTYAGENT=/run/current-system/profile/bin/pkttyagent")
-       #:phases (modify-phases %standard-phases
-                  (add-before 'build 'fix-service-file
-                    (lambda* (#:key outputs #:allow-other-keys)
-                      ;; Fix the file name of the 'elogind' binary in the D-Bus
-                      ;; '.service' file.
-                      (substitute* "src/login/org.freedesktop.login1.service"
-                        (("^Exec=.*")
-                         (string-append "Exec=" (assoc-ref %outputs "out")
-                                        "/libexec/elogind/elogind\n"))))))))
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'autogen
+           (lambda _
+             (and (zero? (system* "intltoolize" "--force" "--automake"))
+                  (zero? (system* "autoreconf" "-vif")))))
+         (add-before 'build 'fix-service-file
+           (lambda* (#:key outputs #:allow-other-keys)
+             ;; Fix the file name of the 'elogind' binary in the D-Bus
+             ;; '.service' file.
+             (substitute* "src/login/org.freedesktop.login1.service"
+               (("^Exec=.*")
+                (string-append "Exec=" (assoc-ref %outputs "out")
+                               "/libexec/elogind/elogind\n")))))
+         (add-after 'install 'add-libcap-to-search-path
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             ;; Add a missing '-L' for libcap in libelogind.la.  See
+             ;; <https://lists.gnu.org/archive/html/guix-devel/2017-09/msg00084.html>.
+             (let ((libcap (assoc-ref inputs "libcap"))
+                   (out    (assoc-ref outputs "out")))
+               (substitute* (string-append out "/lib/libelogind.la")
+                 (("-lcap")
+                  (string-append "-L" libcap "/lib -lcap")))
+               #t))))))
     (native-inputs
-     `(("intltool" ,intltool)
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("libtool" ,libtool)
+       ("intltool" ,intltool)
        ("gettext" ,gettext-minimal)
+       ("python" ,python)
        ("docbook-xsl" ,docbook-xsl)
        ("docbook-xml" ,docbook-xml)
        ("xsltproc" ,libxslt)
@@ -260,7 +293,7 @@ the freedesktop.org XDG Base Directory specification.")
        ("dbus" ,dbus)
        ("eudev" ,eudev)
        ("acl" ,acl)))           ;to add individual users to ACLs on /dev nodes
-    (home-page "https://github.com/wingo/elogind")
+    (home-page "https://github.com/elogind/elogind")
     (synopsis "User, seat, and session management service")
     (description "Elogind is the systemd project's \"logind\" service,
 extracted out as a separate project.  Elogind integrates with PAM to provide
@@ -333,7 +366,10 @@ manager for the current system.")
           (substitute* "test/test-icon.py"
             (("/usr/share/icons/hicolor/index.theme")
              (string-append (assoc-ref inputs "hicolor-icon-theme")
-                            "/share/icons/hicolor/index.theme")))
+                            "/share/icons/hicolor/index.theme"))
+            ;; FIXME: This test fails because the theme contains the unknown
+            ;; key "Scale".
+            (("theme.validate\\(\\)") "#"))
 
           ;; One test fails with:
           ;; AssertionError: 'x-apple-ios-png' != 'png'
diff --git a/gnu/packages/ftp.scm b/gnu/packages/ftp.scm
index bbdb4e410b..f3f2b5ea71 100644
--- a/gnu/packages/ftp.scm
+++ b/gnu/packages/ftp.scm
@@ -46,7 +46,7 @@
 (define-public lftp
   (package
     (name "lftp")
-    (version "4.7.8")
+    (version "4.8.2")
     (source (origin
               (method url-fetch)
               ;; See https://lftp.tech/get.html for mirrors.
@@ -58,7 +58,7 @@
                                         "ftp/lftp/lftp-" version ".tar.xz")))
               (sha256
                (base32
-                "19ijsmbb5589vg5ga355ys3075z6s2x2h0bdbga343hfqmnid2pi"))))
+                "176d90amkm1klwjpfpzdsvmjnyri8f74bv4fpip8app0fs25p1sw"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -159,7 +159,7 @@ FTP browser, as well as non-interactive commands such as 'ncftpput' and
     (arguments
      `(#:phases
        (modify-phases %standard-phases
-         (add-before 'configure 'bootstrap
+         (add-after 'unpack 'bootstrap
            (lambda _ (zero? (system* "autoreconf" "-vfi")))))))
     (home-page "http://weex.sourceforge.net/")
     (synopsis "Non-interactive client for FTP synchronization")
@@ -173,7 +173,7 @@ as required.")
 (define-public libfilezilla
   (package
     (name "libfilezilla")
-    (version "0.10.1")
+    (version "0.11.0")
     (source
      (origin
        (method url-fetch)
@@ -181,7 +181,7 @@ as required.")
                            name "/" name "-" version ".tar.bz2"))
        (sha256
         (base32
-         "1yi9db0hpxh3giyjhkbz7ajmf95qw27xdvh3xvw208zri5k575x0"))))
+         "1l4yhw269dyarqb2spqhycxzzyfn8pj4qh9vfycdw1c93hj6fx6c"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("cppunit" ,cppunit)
diff --git a/gnu/packages/game-development.scm b/gnu/packages/game-development.scm
index 95f8697b42..9916a1cb3e 100644
--- a/gnu/packages/game-development.scm
+++ b/gnu/packages/game-development.scm
@@ -5,11 +5,13 @@
 ;;; Copyright © 2015 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2015, 2016, 2017 David Thompson <davet@gnu.org>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016, 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016, 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016, 2017 Julian Graham <joolean@gmail.com>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
+;;; Copyright © 2017 Peter Mikkelsen <petermikkelsen10@gmail.com>
+;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -73,7 +75,8 @@
   #:use-module (gnu packages xiph)
   #:use-module (gnu packages lua)
   #:use-module (gnu packages mp3)
-  #:use-module (gnu packages xml))
+  #:use-module (gnu packages xml)
+  #:use-module (gnu packages tls))
 
 (define-public bullet
   (package
@@ -190,6 +193,31 @@ necessary.
     ;; The MD5 implementation contained in GRFID is under the zlib license.
     (license (list license:gpl2 license:gpl2+ license:zlib))))
 
+(define-public catcodec
+  (package
+    (name "catcodec")
+    (version "1.0.5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://binaries.openttd.org/extra/catcodec/"
+                           version "/catcodec-" version "-source.tar.xz"))
+       (sha256
+        (base32
+         "1qg0c2i4p29sxj0q6qp2jynlrzm5pphz2xhcjqlxa69ycrnlxzs7"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; no tests
+       #:make-flags (list (string-append "prefix=" %output))
+       #:phases (modify-phases %standard-phases
+                  (delete 'configure))))
+    (home-page "http://dev.openttdcoop.org/projects/catcodec")
+    (synopsis "Encode/decode OpenTTD sounds")
+    (description "catcodec encodes and decodes sounds for OpenTTD.  These
+sounds are not much more than some metadata (description and filename) and raw
+PCM data.")
+    (license license:gpl2)))
+
 (define-public gzochi
   (package
     (name "gzochi")
@@ -248,14 +276,14 @@ files) into @file{.grf} and/or @file{.nfo} files.")
 (define-public python-sge-pygame
   (package
     (name "python-sge-pygame")
-    (version "1.5")
+    (version "1.5.1")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "sge-pygame" version))
        (sha256
         (base32
-         "0g0n722md6nfayiqzadwf0dh821hzqv0alp4by0vjfwr1xzv49mc"))))
+         "1rl3xjzh78sl0sq3xl8rl7cgp9v9v3h7s2pfwn7nj1vrmffzkcpd"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-pygame" ,python-pygame)
@@ -276,7 +304,7 @@ possible, and it also makes the SGE easy to learn.")
 (define-public python-tmx
   (package
     (name "python-tmx")
-    (version "1.9.1")
+    (version "1.10")
     (source
      (origin
        (method url-fetch)
@@ -285,7 +313,7 @@ possible, and it also makes the SGE easy to learn.")
                            version ".tar.gz"))
        (sha256
         (base32
-         "1is107sx3lr09dqjiyn10xqhyv5x54c2ryhys9mb9j3mxjbm227l"))))
+         "073q0prg1nzlkga2b45vhscz374206qh4x68ccg00mxxwagn64z0"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-six" ,python-six)))
@@ -353,7 +381,7 @@ support.")
 (define-public tiled
   (package
     (name "tiled")
-    (version "1.0.2")
+    (version "1.0.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/bjorn/tiled/archive/v"
@@ -361,7 +389,7 @@ support.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "134xi74xajh38rj1qhmc4x1zmncfdmqb01axnkxh6zs3qz0rxp93"))))
+                "1qj7l34y5zv2iazmwbix8wdpp88zv7fswbc4arqpp1wak2yna1ix"))))
     (build-system gnu-build-system)
     (inputs
      `(("qtbase" ,qtbase)
@@ -1019,3 +1047,107 @@ with its own editor, called OpenMW-CS which allows the user to edit or create
 their own original games.")
     (home-page "https://openmw.org")
     (license license:gpl3)))
+
+(define-public godot
+  (package
+    (name "godot")
+    (version "2.1.4")
+    (source (origin
+              (method url-fetch)
+              (uri
+               (string-append "https://github.com/godotengine/godot/archive/"
+                              version "-stable.tar.gz"))
+              (file-name (string-append name "-" version))
+              (sha256
+               (base32 "1mz89nafc1m7srbqvy7iagxrxmqvf5hbqi7i0lwaapkx6q0kpkq7"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; There are no tests
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (add-after 'unpack 'scons-use-env
+           (lambda _
+             ;; Scons does not use the environment variables by default,
+             ;; but this substitution makes it do so.
+             (substitute* "SConstruct"
+               (("env_base = Environment\\(tools=custom_tools\\)")
+                (string-append
+                 "env_base = Environment(tools=custom_tools)\n"
+                 "env_base = Environment(ENV=os.environ)")))
+             #t))
+         (replace 'build
+           (lambda _
+             (zero? (system*
+                     "scons"
+                     "platform=x11"
+                     ;; Avoid using many of the bundled libs.
+                     ;; Note: These options can be found in the SConstruct file.
+                     "builtin_freetype=no"
+                     "builtin_glew=no"
+                     "builtin_libmpdec=no"
+                     "builtin_libogg=no"
+                     "builtin_libpng=no"
+                     "builtin_libtheora=no"
+                     "builtin_libvorbis=no"
+                     "builtin_libwebp=no"
+                     "builtin_openssl=no"
+                     "builtin_opus=no"
+                     "builtin_zlib=no"))))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin")))
+               (with-directory-excursion "bin"
+                 (if (file-exists? "godot.x11.tools.64")
+                     (rename-file "godot.x11.tools.64" "godot")
+                     (rename-file "godot.x11.tools.32" "godot"))
+                 (install-file "godot" bin)))))
+         (add-after 'install 'install-godot-desktop
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (desktop (string-append out "/share/applications"))
+                    (icon-dir (string-append out "/share/pixmaps")))
+               (mkdir-p desktop)
+               (mkdir-p icon-dir)
+               (rename-file "icon.png" "godot.png")
+               (install-file "godot.png" icon-dir)
+               (with-output-to-file
+                   (string-append desktop "/godot.desktop")
+                 (lambda _
+                   (format #t
+                           "[Desktop Entry]~@
+                           Name=godot~@
+                           Comment=The godot game engine~@
+                           Exec=~a/bin/godot~@
+                           TryExec=~@*~a/bin/godot~@
+                           Icon=godot~@
+                           Type=Application~%"
+                           out)))
+               #t))))))
+    (native-inputs `(("pkg-config" ,pkg-config)
+                     ("scons" ,scons)))
+    (inputs `(("alsa-lib" ,alsa-lib)
+              ("freetype" ,freetype)
+              ("glew" ,glew)
+              ("glu" ,glu)
+              ("libtheora" ,libtheora)
+              ("libvorbis" ,libvorbis)
+              ("libwebp" ,libwebp)
+              ("libx11" ,libx11)
+              ("libxcursor" ,libxcursor)
+              ("libxinerama" ,libxinerama)
+              ("libxrandr" ,libxrandr)
+              ("mesa" ,mesa)
+              ("openssl" ,openssl)
+              ("opusfile" ,opusfile)
+              ("pulseaudio" ,pulseaudio)
+              ("python2" ,python-2)))
+    (home-page "https://godotengine.org/")
+    (synopsis "Advanced 2D and 3D game engine")
+    (description
+     "Godot is an advanced multi-platform game engine written in C++.  If
+features design tools such as a visual editor, can import 3D models and
+provide high-quality 3D rendering, it contains an animation editor, and can be
+scripted in a Python-like language.")
+    (license license:expat)))
diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index 9e7b579907..aef6f01215 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -19,7 +19,7 @@
 ;;; Copyright © 2016 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
 ;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2016 Albin Söderqvist <albin@fripost.org>
-;;; Copyright © 2016, 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016, 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
@@ -522,7 +522,7 @@ watch your CPU playing while enjoying a cup of tea!")
 (define-public retux
   (package
     (name "retux")
-    (version "1.3.4")
+    (version "1.3.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://savannah/retux/"
@@ -530,7 +530,7 @@ watch your CPU playing while enjoying a cup of tea!")
                                   version "-src.tar.gz"))
               (sha256
                (base32
-                "1wgvh3q96kfgymb2jpd58xsms9hmckhhc4fq7v2k61gh2l11cvdj"))))
+                "1pcrh3z16fl412r3k7xccrgika19ahb1xh90jihgl8yy7zza2i6p"))))
     (build-system python-build-system)
     (arguments
      `(#:tests? #f ; no check target
@@ -2427,17 +2427,19 @@ and a game metadata scraper.")
          ;; The build process fails if the configure script is passed the
          ;; option "--enable-fast-install".
          (replace 'configure
-           (lambda* (#:key inputs outputs #:allow-other-keys)
+           (lambda* (#:key inputs outputs (configure-flags '())
+                     #:allow-other-keys)
              (let ((out (assoc-ref outputs "out"))
                    (lzo (assoc-ref inputs "lzo")))
                (zero?
-                (system* "./configure"
-                         (string-append "--prefix=" out)
-                         ;; Provide the "lzo" path.
-                         (string-append "--with-liblzo2="
-                                        lzo "/lib/liblzo2.a")
-                         ;; Put the binary in 'bin' instead of 'games'.
-                         "--binary-dir=bin"))))))))
+                (apply system* "./configure"
+                       (string-append "--prefix=" out)
+                       ;; Provide the "lzo" path.
+                       (string-append "--with-liblzo2="
+                                      lzo "/lib/liblzo2.a")
+                       ;; Put the binary in 'bin' instead of 'games'.
+                       "--binary-dir=bin"
+                       configure-flags))))))))
     (native-inputs `(("pkg-config" ,pkg-config)))
     (inputs
      `(("allegro" ,allegro-4)
@@ -2464,10 +2466,6 @@ engine.  When you start it you will be prompted to download a graphics set.")
     ;; different terms.
     (license (list license:bsd-3 license:gpl2 license:lgpl2.1+ license:zlib))))
 
-;; TODO Add 'openttd-opengfx' and 'openttd-openmsx' packages and make
-;; 'openttd' a wrapper around them.  The engine is playable by itself,
-;; but it asks a user to download graphics if it's not found.
-
 (define openttd-opengfx
   (package
     (name "openttd-opengfx")
@@ -2485,7 +2483,7 @@ engine.  When you start it you will be prompted to download a graphics set.")
      '(#:make-flags (list "CC=gcc"
                           (string-append "INSTALL_DIR="
                                          (assoc-ref %outputs "out")
-                                         "/share/openttd/baseset"))
+                                         "/share/games/openttd/baseset/opengfx"))
        #:phases
        (modify-phases %standard-phases
          (replace 'configure
@@ -2503,7 +2501,8 @@ engine.  When you start it you will be prompted to download a graphics set.")
        ;; different software versions than upstream does, some of the md5sums
        ;; are different. However, the package is still reproducible, it's safe
        ;; to disable this test.
-       #:tests? #f))
+       #:tests? #f
+       #:parallel-build? #f))
     (native-inputs `(("dos2unix" ,dos2unix)
                      ("gimp" ,gimp)
                      ("grfcodec" ,grfcodec)
@@ -2525,27 +2524,108 @@ OpenGFX provides you with...
 @end enumerate")
     (license license:gpl2)))
 
+(define openttd-opensfx
+  (package
+    (name "openttd-opensfx")
+    (version "0.2.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://binaries.openttd.org/extra/opensfx/"
+             version "/opensfx-" version "-source.tar.gz"))
+       (sha256
+        (base32
+         "03jxgp02ks31hmsdh4xh0xcpkb70ds8jakc9pfc1y9vdrdavh4p5"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("catcodec" ,catcodec)
+       ("python" ,python2-minimal)))
+    (arguments
+     `(#:make-flags
+       (list (string-append "INSTALL_DIR=" %output
+                            "/share/games/openttd/baseset/opensfx"))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'make-reproducible
+           (lambda _
+             ;; Remove the time dependency of the installed tarball by setting
+             ;; the modification times if its members to 0.
+             (substitute* "scripts/Makefile.def"
+               (("-cf") " --mtime=@0 -cf"))
+             #t))
+         (delete 'configure))))
+    (home-page "http://dev.openttdcoop.org/projects/opensfx")
+    (synopsis "Base sounds for OpenTTD")
+    (description "OpenSFX is a set of free base sounds for OpenTTD which make
+it possible to play OpenTTD without requiring the proprietary sound files from
+the original Transport Tycoon Deluxe.")
+    (license license:cc-sampling-plus-1.0)))
+
+(define openttd-openmsx
+  (package
+    (name "openttd-openmsx")
+    (version "0.3.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://binaries.openttd.org/extra/openmsx/"
+             version "/openmsx-" version "-source.tar.gz"))
+       (sha256
+        (base32
+         "0nskq97a6fsv1v6d62zf3yb8whzhqnlh3lap3va3nzvj7csjgf7c"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("python" ,python2-minimal)))
+    (arguments
+     `(#:make-flags
+       (list (string-append "INSTALL_DIR=" %output
+                            "/share/games/openttd/baseset"))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (add-after 'install 'post-install
+           ;; Rename openmsx-version to openmsx
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((install-directory (string-append (assoc-ref outputs "out")
+                                                     "/share/games/openttd/baseset")))
+               (rename-file (string-append install-directory "/openmsx-" ,version)
+                            (string-append install-directory "/openmsx"))
+               #t))))))
+    (home-page "http://dev.openttdcoop.org/projects/openmsx")
+    (synopsis "Music set for OpenTTD")
+    (description "OpenMSX is a music set for OpenTTD which makes it possible
+to play OpenTTD without requiring the proprietary music from the original
+Transport Tycoon Deluxe.")
+    (license license:gpl2)))
+
 (define-public openttd
   (package
     (inherit openttd-engine)
     (name "openttd")
     (arguments
-     (substitute-keyword-arguments (package-arguments openttd-engine)
-       ((#:phases phases)
-        `(modify-phases ,phases
-           (add-after 'install 'install-data
-             (lambda* (#:key inputs outputs #:allow-other-keys)
-               (let*
-                   ((opengfx (assoc-ref inputs "opengfx"))
-                    (out (assoc-ref outputs "out"))
-                    (gfx-dir
-                     (string-append out
-                                    "/share/games/openttd/baseset/opengfx")))
-                 (mkdir-p gfx-dir)
-                 (copy-recursively opengfx gfx-dir))
-               #t))))))
+     `(#:configure-flags
+       (list (string-append "--with-midi=" (assoc-ref %build-inputs "timidity++")
+                            "/bin/timidity"))
+       ,@(substitute-keyword-arguments (package-arguments openttd-engine)
+           ((#:phases phases)
+            `(modify-phases ,phases
+               (add-after 'install 'install-data
+                 (lambda* (#:key inputs outputs #:allow-other-keys)
+                   (for-each
+                    (lambda (input)
+                      (copy-recursively (assoc-ref inputs input)
+                                        (assoc-ref outputs "out")))
+                    (list "opengfx" "openmsx" "opensfx"))
+                   #t)))))))
+    (inputs
+     `(("timidity++" ,timidity++)
+       ,@(package-inputs openttd-engine)))
     (native-inputs
      `(("opengfx" ,openttd-opengfx)
+       ("openmsx" ,openttd-openmsx)
+       ("opensfx" ,openttd-opensfx)
        ,@(package-native-inputs openttd-engine)))))
 
 (define-public pinball
@@ -3632,7 +3712,7 @@ throwing people around in pseudo-randomly generated buildings.")
 (define-public hyperrogue
   (package
     (name "hyperrogue")
-    (version "10.0e")
+    (version "10.0g")
     ;; When updating this package, be sure to update the "hyperrogue-data"
     ;; origin in native-inputs.
     (source (origin
@@ -3643,7 +3723,7 @@ throwing people around in pseudo-randomly generated buildings.")
                     "-src.tgz"))
               (sha256
                (base32
-                "1p6fam73khhys54098qsgmp52d0rnqc3k5hknjig0znvfb2kwi38"))))
+                "0f68pcnsgl406dhm91ckn3f364bar9m9i5njp9vrmvhvv9p2icy0"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; no check target
@@ -3718,7 +3798,7 @@ throwing people around in pseudo-randomly generated buildings.")
              "-win.zip"))
            (sha256
             (base32
-             "1z9w3nd57ybnf4w7ckhhp5vfws2hwd8x26fx6h496f6160fgcj6m"))))
+             "0bnp077qvlmxjlz1jjd6kpghlv9flxc19ac1xq3m3wyq1w9p3pab"))))
        ("unzip" ,unzip)))
     (inputs
      `(("font-dejavu" ,font-dejavu)
diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index da4d66ce36..7870d4513f 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -150,8 +150,6 @@ where the OS part is overloaded to denote a specific ABI---into GCC
       (inputs `(("gmp" ,gmp)
                 ("mpfr" ,mpfr)
                 ("mpc" ,mpc)
-                ("isl" ,isl)
-                ("cloog" ,cloog)
                 ("libelf" ,libelf)
                 ("zlib" ,zlib)))
 
@@ -354,10 +352,14 @@ Go.  It also includes runtime support libraries for these languages.")
                (base32
                 "08yggr18v373a1ihj0rg2vd6psnic42b518xcgp3r9k81xz1xyr2"))
               (patches (search-patches "gcc-arm-link-spec-fix.patch"))))
-    (supported-systems %supported-systems)))
+    (supported-systems %supported-systems)
+    (inputs
+     `(("isl" ,isl-0.11)
+       ("cloog" ,cloog)
+       ,@(package-inputs gcc-4.7)))))
 
 (define-public gcc-4.9
-  (package (inherit gcc-4.7)
+  (package (inherit gcc-4.8)
     (version "4.9.4")
     (source (origin
               (method url-fetch)
@@ -368,8 +370,7 @@ Go.  It also includes runtime support libraries for these languages.")
                 "14l06m7nvcvb0igkbip58x59w3nq6315k6jcz3wr9ch1rn9d44bc"))
               (patches (search-patches "gcc-arm-bug-71399.patch"
                                        "gcc-libvtv-runpath.patch"))))
-    (native-inputs `(("texinfo" ,texinfo)))
-    (supported-systems %supported-systems)))
+    (native-inputs `(("texinfo" ,texinfo)))))
 
 (define-public gcc-5
   ;; Note: GCC >= 5 ships with .info files but 'make install' fails to install
@@ -389,6 +390,10 @@ Go.  It also includes runtime support libraries for these languages.")
                                        "gcc-5.0-libvtv-runpath.patch"
                                        "gcc-5-source-date-epoch-1.patch"
                                        "gcc-5-source-date-epoch-2.patch"))))))
+    ;; TODO: gcc-5 doesn't need cloog.
+    ;;(inputs
+    ;; `(("isl" ,isl)
+    ;;   ,@(package-inputs gcc-4.7)))))
 
 (define-public gcc-6
   (package
@@ -402,7 +407,11 @@ Go.  It also includes runtime support libraries for these languages.")
                (base32
                 "1m0lr7938lw5d773dkvwld90hjlcq2282517d1gwvrfzmwgg42w5"))
               (patches (search-patches "gcc-strmov-store-file-names.patch"
-                                       "gcc-5.0-libvtv-runpath.patch"))))))
+                                       "gcc-5.0-libvtv-runpath.patch"))))
+    (inputs
+     `(("isl" ,isl)
+       ,@(package-inputs gcc-4.7)))))
+
 (define-public gcc-7
   (package
     (inherit gcc-6)
@@ -415,7 +424,11 @@ Go.  It also includes runtime support libraries for these languages.")
                (base32
                 "16j7i0888j2f1yp9l0nhji6cq65dy6y4nwy8868a8njbzzwavxqw"))
               (patches (search-patches "gcc-strmov-store-file-names.patch"
-                                       "gcc-5.0-libvtv-runpath.patch"))))))
+                                       "gcc-5.0-libvtv-runpath.patch"))))
+    (description
+     "GCC is the GNU Compiler Collection.  It provides compiler front-ends
+for several languages, including C, C++, Objective-C, Fortran, Ada, and Go.
+It also includes runtime support libraries for these languages.")))
 
 ;; Note: When changing the default gcc version, update
 ;;       the gcc-toolchain-* definitions and the gfortran definition
@@ -581,7 +594,34 @@ as the 'native-search-paths' field."
                      (variable "LIBRARY_PATH")
                      (files '("lib" "lib64"))))))
 
-(define-public gcc-objc gcc-objc-4.9)
+(define-public gcc-objc-5
+  (custom-gcc gcc-5 "gcc-objc" '("objc")
+              (list (search-path-specification
+                     (variable "OBJC_INCLUDE_PATH")
+                     (files '("include")))
+                    (search-path-specification
+                     (variable "LIBRARY_PATH")
+                     (files '("lib" "lib64"))))))
+
+(define-public gcc-objc-6
+  (custom-gcc gcc-6 "gcc-objc" '("objc")
+              (list (search-path-specification
+                     (variable "OBJC_INCLUDE_PATH")
+                     (files '("include")))
+                    (search-path-specification
+                     (variable "LIBRARY_PATH")
+                     (files '("lib" "lib64"))))))
+
+(define-public gcc-objc-7
+  (custom-gcc gcc-7 "gcc-objc" '("objc")
+              (list (search-path-specification
+                     (variable "OBJC_INCLUDE_PATH")
+                     (files '("include")))
+                    (search-path-specification
+                     (variable "LIBRARY_PATH")
+                     (files '("lib" "lib64"))))))
+
+(define-public gcc-objc gcc-objc-5)
 
 (define-public gcc-objc++-4.8
   (custom-gcc gcc-4.8 "gcc-objc++" '("obj-c++")
@@ -601,7 +641,34 @@ as the 'native-search-paths' field."
                      (variable "LIBRARY_PATH")
                      (files '("lib" "lib64"))))))
 
-(define-public gcc-objc++ gcc-objc++-4.9)
+(define-public gcc-objc++-5
+  (custom-gcc gcc-5 "gcc-objc++" '("obj-c++")
+              (list (search-path-specification
+                     (variable "OBJCPLUS_INCLUDE_PATH")
+                     (files '("include")))
+                    (search-path-specification
+                     (variable "LIBRARY_PATH")
+                     (files '("lib" "lib64"))))))
+
+(define-public gcc-objc++-6
+  (custom-gcc gcc-6 "gcc-objc++" '("obj-c++")
+              (list (search-path-specification
+                     (variable "OBJCPLUS_INCLUDE_PATH")
+                     (files '("include")))
+                    (search-path-specification
+                     (variable "LIBRARY_PATH")
+                     (files '("lib" "lib64"))))))
+
+(define-public gcc-objc++-7
+  (custom-gcc gcc-7 "gcc-objc++" '("obj-c++")
+              (list (search-path-specification
+                     (variable "OBJCPLUS_INCLUDE_PATH")
+                     (files '("include")))
+                    (search-path-specification
+                     (variable "LIBRARY_PATH")
+                     (files '("lib" "lib64"))))))
+
+(define-public gcc-objc++ gcc-objc++-5)
 
 (define (make-libstdc++-doc gcc)
   "Return a package with the libstdc++ documentation for GCC."
@@ -661,7 +728,7 @@ as the 'native-search-paths' field."
 (define-public isl
   (package
     (name "isl")
-    (version "0.11.1")
+    (version "0.18")
     (source (origin
              (method url-fetch)
              (uri (list (string-append
@@ -672,8 +739,7 @@ as the 'native-search-paths' field."
                                        name "-" version ".tar.gz")))
              (sha256
               (base32
-               "13d9cqa5rzhbjq0xf0b2dyxag7pqa72xj9dhsa03m8ccr1a4npq9"))
-             (patches (search-patches "isl-0.11.1-aarch64-support.patch"))))
+               "06ybml6llhi4i56q90jnimbcgk1lpcdwhy9nxdxra2hxz3bhz2vb"))))
     (build-system gnu-build-system)
     (inputs `(("gmp" ,gmp)))
     (home-page "http://isl.gforge.inria.fr/")
@@ -691,6 +757,24 @@ reduction, transitive closures on maps (which may encode infinite graphs),
 dependence analysis and bounds on piecewise step-polynomials.")
     (license lgpl2.1+)))
 
+(define-public isl-0.11
+  (package
+    (inherit isl)
+    (name "isl")
+    (version "0.11.1")
+    (source (origin
+             (method url-fetch)
+             (uri (list (string-append
+                         "http://isl.gforge.inria.fr/isl-"
+                         version
+                         ".tar.bz2")
+                        (string-append %gcc-infrastructure
+                                       name "-" version ".tar.gz")))
+             (sha256
+              (base32
+               "13d9cqa5rzhbjq0xf0b2dyxag7pqa72xj9dhsa03m8ccr1a4npq9"))
+             (patches (search-patches "isl-0.11.1-aarch64-support.patch"))))))
+
 (define-public cloog
   (package
     (name "cloog")
@@ -710,7 +794,7 @@ dependence analysis and bounds on piecewise step-polynomials.")
       (file-name (string-append name "-" version ".tar.gz"))))
     (build-system gnu-build-system)
     (inputs `(("gmp" ,gmp)
-              ("isl" ,isl)))
+              ("isl" ,isl-0.11)))
     (arguments '(#:configure-flags '("--with-isl=system")))
     (home-page "http://www.cloog.org/")
     (synopsis "Library to generate code for scanning Z-polyhedra")
diff --git a/gnu/packages/gd.scm b/gnu/packages/gd.scm
index b4e6ce435b..169f040ee4 100644
--- a/gnu/packages/gd.scm
+++ b/gnu/packages/gd.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -37,12 +38,11 @@
 (define-public gd
   (package
     (name "gd")
-
+    (replacement gd-2.2.5)
     ;; Note: With libgd.org now pointing to github.com, genuine old
     ;; tarballs are no longer available.  Notably, versions 2.0.x are
     ;; missing.
     (version "2.2.4")
-
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -93,6 +93,22 @@ most common applications of GD involve website development.")
                            "See COPYING file in the distribution."))
     (properties '((cpe-name . "libgd")))))
 
+;; For CVE-2017-6362 and CVE-2017-7890.
+(define-public gd-2.2.5
+  (package
+    (inherit gd)
+    (version "2.2.5")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/libgd/libgd/releases/download/gd-"
+                    version "/libgd-" version ".tar.xz"))
+              (patches (search-patches "gd-fix-tests-on-i686.patch"
+                                       "gd-freetype-test-failure.patch"))
+              (sha256
+               (base32
+                "0lfy5f241sbv8s3splm2zqiaxv7lxrcshh875xryryk7yk5jqc4c"))))))
+
 (define-public perl-gd
   (package
     (name "perl-gd")
diff --git a/gnu/packages/gdb.scm b/gnu/packages/gdb.scm
index 77a3376a02..e09b55eb2b 100644
--- a/gnu/packages/gdb.scm
+++ b/gnu/packages/gdb.scm
@@ -37,14 +37,14 @@
 (define-public gdb
   (package
     (name "gdb")
-    (version "8.0")
+    (version "8.0.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/gdb/gdb-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1vplyf8v70yn0rdqjx6awl9nmfbwaj5ynwwjxwa71rhp97z4z8pn"))))
+               "1qwmcbaxf0jc7yjl0fimgcfj2yqcrl6h7azgs1d838kbwf9mzg9x"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; FIXME "make check" fails on single-processor systems.
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index f50bcfc105..84c98b0ff8 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -14,18 +14,19 @@
 ;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016, 2017 Rene Saavedra <rennes@openmailbox.org>
 ;;; Copyright © 2016 Jochem Raat <jchmrt@riseup.net>
-;;; Copyright © 2016, 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016, 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;; Copyright © 2017 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 nee <nee-git@hidamari.blue>
 ;;; Copyright © 2017 Chris Marusich <cmmarusich@gmail.com>
+;;; Copyright © 2017 Mohammed Sadiq <sadiq@sadiqpk.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -51,6 +52,7 @@
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system glib-or-gtk)
+  #:use-module (guix build-system meson)
   #:use-module (guix build-system trivial)
   #:use-module (gnu packages)
   #:use-module (gnu packages admin)
@@ -138,6 +140,7 @@
   #:use-module (gnu packages fonts)
   #:use-module (gnu packages speech)
   #:use-module (gnu packages virtualization)
+  #:use-module (gnu packages vpn)
   #:use-module (srfi srfi-1))
 
 (define-public brasero
@@ -312,7 +315,7 @@ either on a local, or remote machine via a number of methods.")
       (arguments
        `(#:phases
          (modify-phases %standard-phases
-           (add-before 'configure 'run-autogen
+           (add-after 'unpack 'run-autogen
              (lambda _
                (system* "sh" "autogen.sh"))))))
       (home-page "https://wiki.gnome.org/Apps/Dia")
@@ -765,7 +768,7 @@ on the GNOME Desktop with a single simple application.")
 (define-public gsettings-desktop-schemas
   (package
     (name "gsettings-desktop-schemas")
-    (version "3.24.0")
+    (version "3.24.1")
     (source
      (origin
       (method url-fetch)
@@ -774,7 +777,7 @@ on the GNOME Desktop with a single simple application.")
                           name "-" version ".tar.xz"))
       (sha256
        (base32
-        "145vpcljy4660cnk8zk91qf7ywa7hqfl5hhw025gy8hxcqzklmzn"))))
+        "19zfqy58missq5cck13ip8j824hb9whqg2c4cr6hgrlxkwqgm8vn"))))
     (build-system gnu-build-system)
     (inputs
      `(("glib" ,glib)))
@@ -932,7 +935,7 @@ database is translated at Transifex.")
 (define-public hicolor-icon-theme
   (package
     (name "hicolor-icon-theme")
-    (version "0.15")
+    (version "0.17")
     (source
      (origin
       (method url-fetch)
@@ -940,7 +943,7 @@ database is translated at Transifex.")
                           "hicolor-icon-theme-" version ".tar.xz"))
       (sha256
        (base32
-        "1k1kf2c5zbqh31nglc3nxs9j6wr083k9kjyql8p22ccc671mmi4w"))))
+        "1n59i3al3zx6p90ff0l43gzpzmlqnzm6hf5cryxqrlbi48sq8x1i"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f)) ; no check target
@@ -987,7 +990,7 @@ some form of information without getting in the user's way.")
 (define-public libpeas
   (package
     (name "libpeas")
-    (version "1.20.0")
+    (version "1.22.0")
     (source
      (origin
       (method url-fetch)
@@ -996,12 +999,11 @@ some form of information without getting in the user's way.")
                           name "-" version ".tar.xz"))
       (sha256
        (base32
-        "0m6k6fcrx40n92nc1cy3z72vs1ja49sb58dj3fjp40605pzgz4pk"))))
+        "0qm908kisyjzjxvygdl18hjqxvvgkq9w0phs2g55pck277sw0bsv"))))
     (build-system gnu-build-system)
     (inputs
      `(("gtk+" ,gtk+)
        ("glade" ,glade3)
-       ("libxml2" ,libxml2) ; XXX: required by gladeui-2.0.pc
        ("python" ,python)
        ("python-pygobject" ,python-pygobject)))
     (native-inputs
@@ -2647,7 +2649,7 @@ floating in an ocean using only your brain and a little bit of luck.")
 (define-public gnome-sudoku
   (package
     (name "gnome-sudoku")
-    (version "3.24.0")
+    (version "3.26.0")
     (source
      (origin
        (method url-fetch)
@@ -2656,7 +2658,7 @@ floating in an ocean using only your brain and a little bit of luck.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "1mw5ykk7wr0r9770jj5270f07rjws0pmpjs0b1fywj4li13r98h4"))))
+         "186k2axryn3ic8blc9ddnvyrqqf88khg2hlisfa1n4wp784wfx47"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
@@ -2963,11 +2965,20 @@ service via the system message bus.")
              (substitute* "data/Locations.xml"
                (("Asia/Rangoon")
                 "Asia/Yangon"))
-            #t)))))
+             #t))
+         (replace 'install
+           (lambda _
+             (zero?
+              (system* "make"
+                       ;; Install vala bindings into $out.
+                       (string-append "vapidir=" %output
+                                      "/share/vala/vapi")
+                       "install")))))))
     (native-inputs
      `(("glib:bin" ,glib "bin") ; for glib-mkenums
        ("gobject-introspection" ,gobject-introspection)
        ("pkg-config" ,pkg-config)
+       ("vala" ,vala)
        ("intltool" ,intltool)))
     (propagated-inputs
      ;; gweather-3.0.pc refers to GTK+, GDK-Pixbuf, GLib/GObject, libxml, and
@@ -2989,7 +3000,7 @@ services for numerous locations.")
 (define-public gnome-settings-daemon
   (package
     (name "gnome-settings-daemon")
-    (version "3.24.2")
+    (version "3.24.3")
     (source
      (origin
        (method url-fetch)
@@ -2998,7 +3009,7 @@ services for numerous locations.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "1jnw920zn4cadhgmcv2q5ylzqhwm1rmrhf3a14q8mvp38hkdgaaa"))))
+         "14w5jhpq02mbcxvn41qcj3cjfqdr3sgzl96c6glwpdrjphw61i38"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(;; Color management test can't reach the colord system service.
@@ -3331,7 +3342,7 @@ GL based interactive canvas library.")
 (define-public libchamplain
   (package
     (name "libchamplain")
-    (version "0.12.15")
+    (version "0.12.16")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -3339,7 +3350,7 @@ GL based interactive canvas library.")
                     version ".tar.xz"))
               (sha256
                (base32
-                "0x5qa1aw1y59lzkmf4j4szspn49341a87vcja4ydgxny1chilwjl"))))
+                "13chvc2n074i0jw5jlb8i7cysda4yqx58ca6y3mrlrl9g37k2zja"))))
     (build-system gnu-build-system)
     (arguments '(#:configure-flags '("--enable-vala")))
     (native-inputs
@@ -3399,7 +3410,7 @@ queries upon that data.")
 (define-public libgnome-games-support
   (package
     (name "libgnome-games-support")
-    (version "1.2.2")
+    (version "1.2.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3407,7 +3418,7 @@ queries upon that data.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "04qbgcgmc01sinhbqdljiny8q868l01nkdawj8wrnqnd1i8czvsg"))))
+                "1vwad7kqy7yd6wqyr71nq0blh7m53r3lz6ya16dmh942kd0w48v1"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -3435,7 +3446,7 @@ GNOME Games, but it may be used by others.")
 (define-public gnome-klotski
   (package
     (name "gnome-klotski")
-    (version "3.22.1")
+    (version "3.22.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3443,7 +3454,7 @@ GNOME Games, but it may be used by others.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "04ragvrz29sydi2kf1zk2aimi3b3hn34jrndfd2lx6h8l45anq3q"))))
+                "16hd6yk01rhb4pj8m01fyn72wykf41d72gsms81q0n4zm5bm1a4h"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("desktop-file-utils" ,desktop-file-utils)
@@ -4087,7 +4098,7 @@ a secret password store, an adblocker, and a modern UI.")
 (define-public epiphany
   (package
     (name "epiphany")
-    (version "3.24.3")
+    (version "3.24.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4095,7 +4106,7 @@ a secret password store, an adblocker, and a modern UI.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0m51cclpnb7lxk8w526rriyb2bi3aj17fbcvikhkg7qd65v1dxgy"))))
+                "1jg59s98aljf603w24r5a3cr4fw6z88gc0warqy1946iprjgdw0m"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      ;; FIXME: tests run under Xvfb, but fail with:
@@ -4719,7 +4730,6 @@ to display dialog boxes from the commandline and shell scripts.")
        ("cairo" ,cairo)
        ("gdk-pixbuf" ,gdk-pixbuf)
        ("glib" ,glib)
-       ("glib" ,glib)
        ("gtk+" ,gtk+)
        ("json-glib" ,json-glib)
        ("libinput" ,libinput)
@@ -4760,7 +4770,7 @@ window manager.")
 (define-public gnome-online-accounts
   (package
     (name "gnome-online-accounts")
-    (version "3.24.2")
+    (version "3.24.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4768,7 +4778,7 @@ window manager.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1fmgywfcvlb5sa0slxxlg80gafiaal8vnq6h5lcybqa12lnxa2mp"))))
+                "0m1qf2ffxzmwxa157lrvh3507d5gr3lg4kvj653zhcihjpmmhbi5"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin") ; for glib-compile-schemas, etc.
@@ -4923,7 +4933,7 @@ users.")
 (define-public network-manager
   (package
     (name "network-manager")
-    (version "1.8.0")
+    (version "1.8.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/NetworkManager/"
@@ -4931,7 +4941,7 @@ users.")
                                   "NetworkManager-" version ".tar.xz"))
               (sha256
                (base32
-                "17pn7kzilyl0qk525gp9xnbz4x0ssrdmgk1lvw95pyfd6rm5qnps"))
+                "1x0vzxvrck0snga2n3pc7g74m20zz74cr4r8gfspl8sckv6yz9bi"))
               (snippet
               '(begin
                  (use-modules (guix build utils))
@@ -5044,6 +5054,39 @@ services.")
     (license license:gpl2+)
     (properties '((upstream-name . "NetworkManager")))))
 
+(define-public network-manager-openvpn
+  (package
+    (name "network-manager-openvpn")
+    (version "1.2.10")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "mirror://gnome/sources/NetworkManager-openvpn/"
+                    (version-major+minor version)
+                    "/NetworkManager-openvpn-" version ".tar.xz"))
+              (sha256
+               (base32
+                "0q9x61fq509gybz3ljzyvf9zn8nlya1r2vk7jl0gk3fp76jsg1mc"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:configure-flags '("--enable-absolute-paths")))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("intltool" ,intltool)))
+    (inputs
+     `(("gtk+" ,gtk+)
+       ("openvpn" ,openvpn)
+       ("network-manager" ,network-manager)
+       ("network-manager-applet" ,network-manager-applet) ;for libnma
+       ("libsecret" ,libsecret)))
+    (home-page "https://wiki.gnome.org/Projects/NetworkManager/VPN")
+    (synopsis "OpenVPN plug-in for NetworkManager")
+    (description
+     "This extension of NetworkManager allows it to take care of connections
+to virtual private networks (VPNs) via OpenVPN.")
+    (license license:gpl2+)
+    (properties `((upstream-name . "NetworkManager-openvpn")))))
+
 (define-public mobile-broadband-provider-info
   (package
     (name "mobile-broadband-provider-info")
@@ -5262,7 +5305,7 @@ providing graphical log-ins and managing local and remote displays.")
 (define-public libgtop
   (package
     (name "libgtop")
-    (version "2.36.0")
+    (version "2.38.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -5270,7 +5313,7 @@ providing graphical log-ins and managing local and remote displays.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0ax17c7nplghxgsf8zl92nmhkbnggj62wwzl7nq00aqb2m6f7gqk"))))
+                "04mnxgzyb26wqk6qij4iw8cxwl82r8pcsna5dg8vz2j3pdi0wv2g"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("gobject-introspection" ,gobject-introspection)
@@ -5546,7 +5589,7 @@ easy, safe, and automatic.")
 (define-public tracker
   (package
     (name "tracker")
-    (version "1.12.2")
+    (version "1.12.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -5554,7 +5597,7 @@ easy, safe, and automatic.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1zdzh8l5ahi906i40i4pqw2cs1hwrl6l9a7fp344a3idk3pl5szb"))))
+                "1mpq418lzba7fad0w0m3bnxvz3khf461b5zya8zmq5n1g0w99ki3"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("gnome-common" ,gnome-common)
@@ -5925,6 +5968,34 @@ specified duration and save it as a GIF encoded animated image file.")
       (home-page "https://git.gnome.org/browse/byzanz")
       (license license:gpl2+))))
 
+(define-public gsound
+  (package
+    (name "gsound")
+    (version "1.0.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnome/sources/" name "/"
+                                  (version-major+minor version) "/"
+                                  name "-" version ".tar.xz"))
+              (sha256
+               (base32
+                "0lwfwx2c99qrp08pfaj59pks5dphsnxjgrxyadz065d8xqqgza5v"))))
+    (build-system glib-or-gtk-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("gobject-introspection" ,gobject-introspection)
+       ("vala" ,vala)))
+    (inputs
+     `(("glib" ,glib)
+       ("libcanberra" ,libcanberra)))
+    (home-page "https://wiki.gnome.org/Projects/GSound")
+    (synopsis "GObject wrapper for libcanberra")
+    (description
+     "GSound is a small library for playing system sounds.  It's designed to be
+used via GObject Introspection, and is a thin wrapper around the libcanberra C
+library.")
+    (license license:lgpl2.1+)))
+
 (define-public libzapojit
   (package
     (name "libzapojit")
@@ -5953,6 +6024,44 @@ specified duration and save it as a GIF encoded animated image file.")
 Microsoft SkyDrive and Hotmail, using their REST protocols.")
     (license license:lgpl2.1+)))
 
+(define-public gnome-clocks
+  (package
+    (name "gnome-clocks")
+    (version "3.26.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnome/sources/" name "/"
+                                  (version-major+minor version) "/"
+                                  name "-" version ".tar.xz"))
+              (sha256
+               (base32
+                "00a5bqi1hbyb9kbl4p393l1g6rddl2y6ljxjby9c5j3k1qka0c0g"))))
+    (build-system meson-build-system)
+    (arguments
+     '(#:glib-or-gtk? #t))
+    (native-inputs
+     `(("vala" ,vala)
+       ("pkg-config" ,pkg-config)
+       ("glib" ,glib "bin")             ; for glib-compile-resources
+       ("gtk+-bin" ,gtk+ "bin")         ; for gtk-update-icon-cache
+       ("desktop-file-utils" ,desktop-file-utils)
+       ("gettext" ,gettext-minimal)
+       ("itstool" ,itstool)))
+    (inputs
+     `(("glib" ,glib)
+       ("gtk+" ,gtk+)
+       ("gsound" ,gsound)
+       ("geoclue" ,geoclue)
+       ("geocode-glib" ,geocode-glib)
+       ("libgweather" ,libgweather)
+       ("gnome-desktop" ,gnome-desktop)))
+    (home-page "https://wiki.gnome.org/Apps/Clocks")
+    (synopsis "GNOME's clock application")
+    (description
+     "GNOME Clocks is a simple clocks application designed to fit the GNOME
+desktop.  It supports world clock, stop watch, alarms, and count down timer.")
+    (license license:gpl3+)))
+
 (define-public gnome-calendar
   (package
     (name "gnome-calendar")
@@ -5982,6 +6091,57 @@ Microsoft SkyDrive and Hotmail, using their REST protocols.")
 desktop.  It supports multiple calendars, monthly view and yearly view.")
     (license license:gpl3+)))
 
+(define-public gnome-todo
+  (package
+    (name "gnome-todo")
+    (version "3.26.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnome/sources/" name "/"
+                                  (version-major+minor version) "/"
+                                  name "-" version ".tar.xz"))
+              (sha256
+               (base32
+                "13if2lg4r65v3z7h5y57qv4iqz9ihjaml8bzvvihha7dffyr1lz4"))))
+    (build-system meson-build-system)
+    (arguments
+     '(#:glib-or-gtk? #t
+       #:phases (modify-phases %standard-phases
+                  (add-after
+                      'install 'wrap-gnome-todo
+                    (lambda* (#:key inputs outputs #:allow-other-keys)
+                      (let ((out               (assoc-ref outputs "out"))
+                            (gi-typelib-path   (getenv "GI_TYPELIB_PATH"))
+                            (python-path       (getenv "PYTHONPATH")))
+                        (wrap-program (string-append out "/bin/gnome-todo")
+                          ;; XXX: gi plugins are broken.
+                          ;; See https://bugzilla.gnome.org/show_bug.cgi?id=787212
+                          ;; For plugins.
+                          `("GI_TYPELIB_PATH" ":" prefix (,gi-typelib-path))
+                          `("PYTHONPATH" ":" prefix (,python-path))))
+                      #t)))))
+    (native-inputs
+     `(("gettext" ,gettext-minimal)
+       ("gobject-introspection" ,gobject-introspection)
+       ("glib:bin" ,glib "bin")         ; For glib-compile-resources
+       ("gtk+-bin" ,gtk+ "bin")         ; For gtk-update-icon-cache
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("rest" ,rest)                   ; For Todoist plugin
+       ("json-glib" ,json-glib)         ; For Todoist plugin
+       ("libical" ,libical)
+       ("libpeas" ,libpeas)
+       ("python-pygobject" ,python-pygobject)
+       ("evolution-data-server" ,evolution-data-server)
+       ("gnome-online-accounts" ,gnome-online-accounts)
+       ("gsettings-desktop-schemas" ,gsettings-desktop-schemas)))
+    (home-page "https://wiki.gnome.org/Apps/Todo")
+    (synopsis "GNOME's ToDo Application")
+    (description
+     "GNOME To Do is a simplistic personal task manager designed to perfectly
+fit the GNOME desktop.")
+    (license license:gpl3+)))
+
 (define-public gnome-dictionary
   (package
     (name "gnome-dictionary")
@@ -6066,7 +6226,7 @@ GNOME Shell appearance and extension, etc.")
 (define-public gnome-shell-extensions
   (package
     (name "gnome-shell-extensions")
-    (version "3.24.2")
+    (version "3.24.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -6074,7 +6234,7 @@ GNOME Shell appearance and extension, etc.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "10sg87wml5cmyk90pybnr6r942ba7173sl7yplhj2sfggp0wc74s"))))
+                "0y8anpp9ymp0lxn15w63ra6zxxf8nvbl48xqkvqdjzida73fyz9w"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--enable-extensions=all")))
@@ -6422,7 +6582,7 @@ only know by its Unicode name or code point.")
 (define-public bluefish
   (package
     (name "bluefish")
-    (version "2.2.9")
+    (version "2.2.10")
     (source
      (origin
        (method url-fetch)
@@ -6430,7 +6590,7 @@ only know by its Unicode name or code point.")
                            name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1vnl6raxbvc4hacg3pr6sqyjh707d304dhk5nyhlp7m0m1y3j756"))))
+         "1jw4has7lbp77lqmzvnnjmqcf0lacjfnka873lkkwdyrpzc4c1q4"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("desktop-file-utils" ,desktop-file-utils)
@@ -6754,3 +6914,92 @@ Lollypop plays audio formats such as mp3, mp4, ogg and flac and gets information
 from artists and tracks from the web.  It also fetches cover artworks
 automatically and it can stream songs from online music services and charts.")
     (license license:gpl3+)))
+
+(define-public gnome-video-effects
+  (package
+    (name "gnome-video-effects")
+    (version "0.4.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnome/sources/" name "/"
+                                  (version-major+minor version) "/" name "-"
+                                  version ".tar.xz"))
+              (sha256
+               (base32
+                "06c2f1kihyhawap1s3zg5w7q7fypsybkp7xry4hxkdz4mpsy0zjs"))))
+    (build-system glib-or-gtk-build-system)
+    (arguments
+     `(#:out-of-source? #f))
+    (native-inputs
+     `(("glib:bin" ,glib "bin")
+       ("intltool" ,intltool)
+       ("gettext" ,gettext-minimal)
+       ("pkg-config" ,pkg-config)))
+    (home-page "https://wiki.gnome.org/Projects/GnomeVideoEffects")
+    (synopsis "Video effects for Cheese and other GNOME applications")
+    (description
+     "A collection of GStreamer video filters and effects to be used in
+photo-booth-like software, such as Cheese.")
+    (license license:gpl2+)))
+
+(define-public cheese
+  (package
+    (name "cheese")
+    (version "3.24.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnome/sources/" name "/"
+                                  (version-major+minor version) "/" name "-"
+                                  version ".tar.xz"))
+              (sha256
+               (base32
+                "0wpks2lnr8va9wxgmj26dwmhlcb3vamhpxkqi8xaan6q25635l16"))))
+    (arguments
+     ;; Tests require GDK.
+     `(#:tests? #f
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'install 'skip-gtk-update-icon-cache
+           (lambda _
+             ;; Don't create 'icon-theme.cache'
+             (substitute* "Makefile"
+               (("gtk-update-icon-cache") (which "true")))
+             #t))
+         (add-after 'install 'wrap-cheese
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((out             (assoc-ref outputs "out"))
+                   (gst-plugin-path (getenv "GST_PLUGIN_SYSTEM_PATH")))
+               (wrap-program (string-append out "/bin/cheese")
+                 `("GST_PLUGIN_SYSTEM_PATH" ":" prefix (,gst-plugin-path))))
+             #t)))))
+    (build-system glib-or-gtk-build-system)
+    (native-inputs
+     `(("glib:bin" ,glib "bin")
+       ("intltool" ,intltool)
+       ("itstool" ,itstool)
+       ("libxml2" ,libxml2)
+       ("pkg-config" ,pkg-config)
+       ("vala" ,vala)))
+    (propagated-inputs
+     `(("gnome-video-effects" ,gnome-video-effects)))
+    (inputs
+     `(("clutter" ,clutter)
+       ("clutter-gst" ,clutter-gst)
+       ("clutter-gtk" ,clutter-gtk)
+       ("gdk-pixbuf" ,gdk-pixbuf)
+       ("glib" ,glib)
+       ("gnome-desktop" ,gnome-desktop)
+       ("gobject-introspection" ,gobject-introspection)
+       ("gstreamer" ,gstreamer)
+       ("gst-plugins-base" ,gst-plugins-base)
+       ("gst-plugins-bad" ,gst-plugins-bad)
+       ("gtk+" ,gtk+)
+       ("libcanberra" ,libcanberra)
+       ("libx11" ,libx11)
+       ("libxtst" ,libxtst)))
+    (home-page "https://wiki.gnome.org/Apps/Cheese")
+    (synopsis "Webcam photo booth software for GNOME")
+    (description
+     "Cheese uses your webcam to take photos and videos.  Cheese can also
+apply fancy special effects and lets you share the fun with others.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 837f9a21b6..9a2713e66a 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -155,7 +155,7 @@ tool to extract metadata from a file and print the results.")
    (build-system gnu-build-system)
    (inputs
     `(("curl" ,curl)
-      ("gnutls" ,gnutls)
+      ("gnutls" ,gnutls/dane)
       ("libgcrypt" ,libgcrypt)
       ("openssl" ,openssl)
       ("zlib" ,zlib)))
@@ -186,24 +186,22 @@ and support for SSL3 and TLS.")
 (define-public gnurl
   (package
    (name "gnurl")
-   (version "7.55.1-3")
+   (version "7.55.1-4")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://gnunet.org/sites/default/files/"
                                 name "-" version ".tar.bz2"))
             (sha256
              (base32
-              "1p2qdh44hgsxjlzh4d3n51xr66cg2z517vpr818flvcrmpq2vxpq"))))
+              "09c1bfwiwxqlh0dl839lslwhvkf98bvpyg9x4pcn3sagz0i8hxfl"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"))                             ; 1.5 MiB of man3 pages
-   (inputs `(("gnutls" ,gnutls)
+   (inputs `(("gnutls" ,gnutls/dane)
              ("libidn" ,libidn)
              ("zlib" ,zlib)))
    (native-inputs
-    `(("autoconf" ,autoconf)
-      ("automake" ,automake)
-      ("libtool" ,libtool)
+    `(("libtool" ,libtool)
       ("groff" ,groff)
       ("perl" ,perl)
       ("pkg-config" ,pkg-config)
@@ -234,10 +232,6 @@ and support for SSL3 and TLS.")
               (rename-file (string-append out "/share/man/man3")
                            (string-append doc "/share/man/man3"))
               #t)))
-        (add-before 'configure 'autoconf
-          ;; Clear artifacts left (shebangs) from release preparation.
-          (lambda _
-            (zero? (system* "./buildconf"))))
         (replace 'check
           (lambda _
             ;; It is unclear why test1026 fails, however the content of it
@@ -277,7 +271,7 @@ supports HTTP, HTTPS and GnuTLS.")
       ("gnurl" ,gnurl)
       ("gstreamer" ,gstreamer)
       ("gst-plugins-base" ,gst-plugins-base)
-      ("gnutls" ,gnutls)
+      ("gnutls" ,gnutls/dane)
       ("libextractor" ,libextractor)
       ("libgcrypt" ,libgcrypt)
       ("libidn" ,libidn)
@@ -345,7 +339,7 @@ kinds of basic applications for the foundation of a GNU internet.")
       (build-system gnu-build-system)
       (arguments
        '(#:phases (modify-phases %standard-phases
-                    (add-before 'configure 'bootstrap
+                    (add-after 'unpack 'bootstrap
                       (lambda _
                         (zero? (system* "autoreconf" "-vfi")))))))
       (native-inputs `(("pkg-config" ,pkg-config)
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index fd850c0469..ffad57ef5e 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -7,7 +7,7 @@
 ;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2016 Christopher Baines <mail@cbaines.net>
 ;;; Copyright © 2016 Mike Gerwitz <mtg@gnu.org>
 ;;; Copyright © 2016 Troy Sankey <sankeytms@gmail.com>
@@ -32,7 +32,10 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (gnu packages)
   #:use-module (gnu packages adns)
+  #:use-module (gnu packages autotools)
+  #:use-module (gnu packages base)
   #:use-module (gnu packages curl)
+  #:use-module (gnu packages crypto)
   #:use-module (gnu packages openldap)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pth)
@@ -53,6 +56,7 @@
   #:use-module (guix download)
   #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
+  #:use-module (guix build-system perl)
   #:use-module (guix build-system python))
 
 (define-public libgpg-error
@@ -81,6 +85,7 @@ Daemon and possibly more in the future.")
 
 (define-public libgcrypt
   (package
+    (replacement libgcrypt/fixed)
     (name "libgcrypt")
     (version "1.7.8")
     (source (origin
@@ -115,6 +120,18 @@ generation.")
     (properties '((ftp-server . "ftp.gnupg.org")
                   (ftp-directory . "/gcrypt/libgcrypt")))))
 
+(define libgcrypt/fixed
+  (package
+    (inherit libgcrypt)
+    (version "1.8.1")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
+                                 version ".tar.bz2"))
+             (sha256
+              (base32
+               "1cvqd9jk5qshbh48yh3ixw4zyr4n5k50r3475rrh20xfn7w7aa3s"))))))
+
 (define-public libassuan
   (package
     (name "libassuan")
@@ -203,14 +220,14 @@ compatible to GNU Pth.")
 (define-public gnupg
   (package
     (name "gnupg")
-    (version "2.1.23")
+    (version "2.2.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
                                   ".tar.bz2"))
               (sha256
                (base32
-                "0xqd5nm4j3w9lwk35vg57gl2i8bfkmx7d24i44gkbscm2lwpci59"))))
+                "1yv2pwf3vhv9dpbf51fnm0wy03va1cg5r7qaz7rg75cwbgb0rmrl"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -232,7 +249,8 @@ compatible to GNU Pth.")
     `(#:configure-flags '(;; Otherwise, the test suite looks for the `gpg`
                           ;; executable in its installation directory in
                           ;; /gnu/store before it has been installed.
-                          "--enable-gnupg-builddir-envvar")
+                          "--enable-gnupg-builddir-envvar"
+                          "--enable-all-tests")
       #:phases
       (modify-phases %standard-phases
         (add-before 'configure 'patch-paths
@@ -249,26 +267,18 @@ compatible to GNU Pth.")
                (string-append (getcwd) "/tests/gpgscm/gpgscm")))
             #t))
         (add-before 'build 'patch-test-paths
-          (lambda* (#:key inputs #:allow-other-keys)
-            (let* ((coreutils (assoc-ref inputs "coreutils"))
-                   (cat (string-append coreutils "/bin/cat"))
-                   (pwd (string-append coreutils "/bin/pwd"))
-                   (true (string-append coreutils "/bin/true"))
-                   (false (string-append coreutils "/bin/false")))
-              (substitute* '("tests/inittests"
-                             "tests/pkits/inittests"
-                             "tests/Makefile"
-                             "tests/pkits/common.sh"
-                             "tests/pkits/Makefile"
-                            )
-               (("/bin/pwd") pwd))
-              (substitute* "common/t-exectool.c"
-                (("/bin/cat") cat))
-              (substitute* "common/t-exectool.c"
-                (("/bin/true") true))
-              (substitute* "common/t-exectool.c"
-                (("/bin/false") false))
-              #t))))))
+          (lambda _
+            (substitute* '("tests/inittests"
+                           "tests/pkits/inittests"
+                           "tests/Makefile"
+                           "tests/pkits/common.sh"
+                           "tests/pkits/Makefile")
+             (("/bin/pwd") (which "pwd")))
+            (substitute* "common/t-exectool.c"
+              (("/bin/cat") (which "cat"))
+              (("/bin/true") (which "true"))
+              (("/bin/false") (which "false")))
+            #t)))))
     (home-page "https://gnupg.org/")
     (synopsis "GNU Privacy Guard")
     (description
@@ -529,6 +539,43 @@ and signature functionality from Python programs.")
 (define-public python2-gnupg
   (package-with-python2 python-gnupg))
 
+(define-public perl-gnupg-interface
+  (package
+    (name "perl-gnupg-interface")
+    (version "0.52")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/A/AL/ALEXMV/GnuPG-Interface-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "0dgx8yhdsmhkazcrz14n4flrk1afv7azgl003hl4arxvi1d9yyi4"))))
+    (build-system perl-build-system)
+    (arguments
+     '(;; Result: FAIL
+       ;; Failed 10/20 test programs. 21/52 subtests failed.
+       #:tests? #f))
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)
+       ("which" ,which)))
+    (inputs
+     `(("gnupg" ,gnupg)))
+    (propagated-inputs
+     `(("perl-moo" ,perl-moo)
+       ("perl-moox-late" ,perl-moox-late)
+       ("perl-moox-handlesvia" ,perl-moox-handlesvia)))
+    (home-page "http://search.cpan.org/~alexmv/GnuPG-Interface/")
+    (synopsis "Perl interface to GnuPG")
+    (description
+     "@code{GnuPG::Interface} and its associated modules are designed to
+provide an object-oriented method for interacting with GnuPG, being able to
+perform functions such as but not limited to encrypting, signing, decryption,
+verification, and key-listing parsing.")
+    (license license:perl-license)))
+
 (define-public pius
   (package
    (name "pius")
@@ -573,38 +620,48 @@ PGP keysigning parties.")
 (define-public signing-party
   (package
    (name "signing-party")
-   (version "1.1.4")
+   (version "2.6")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://debian/pool/main/s/signing-party/"
                                 "signing-party_" version ".orig.tar.gz"))
             (sha256 (base32
-                     "188gp0prbh8qs29lq3pbf0qibfd6jq4fk7i0pfrybl8aahvm84rx"))))
+                     "1n5bpcfpl9vg1xp6r1jhbyahrgdyxp05b5pria1rh4m0qnv8sifr"))))
    (build-system gnu-build-system)
-   (inputs `(("perl" ,perl)))
+   (native-inputs
+    `(("autoconf" ,(autoconf-wrapper))
+      ("automake" ,automake)))
+   (inputs `(("perl" ,perl)
+             ("perl-text-template" ,perl-text-template)
+             ("perl-mime-tools" ,perl-mime-tools)
+             ("perl-gnupg-interface" ,perl-gnupg-interface)
+             ("perl-net-idn-encode" ,perl-net-idn-encode)
+             ("libmd" ,libmd)))
    (arguments
     `(#:tests? #f
       #:phases
       (modify-phases %standard-phases
-        (add-after 'unpack 'remove-spurious-links
-          (lambda _ (delete-file "keyanalyze/pgpring/depcomp")))
+        (add-before 'configure 'change-directory
+          (lambda _
+            ;; The build system in the unpack phase changes to a less useful
+            ;; subdirectory, so move up one level
+            (chdir (dirname (getcwd)))))
         (replace 'configure
           (lambda* (#:key outputs #:allow-other-keys)
             (let ((out (assoc-ref outputs "out")))
               (substitute* "keyanalyze/Makefile"
                 (("LDLIBS") (string-append "CC=" (which "gcc") "\nLDLIBS")))
               (substitute* "keyanalyze/Makefile"
-                (("./configure") (string-append "./configure --prefix=" out)))
-              (substitute* "keyanalyze/pgpring/configure"
-                (("/bin/sh") (which "sh")))
-              (substitute* "gpgwrap/Makefile"
+                (("\\./configure") (string-append "./configure --prefix=" out)))
+              (substitute* "gpgwrap/src/Makefile"
                 (("\\} clean")
                  (string-append "} clean\ninstall:\n\tinstall -D bin/gpgwrap "
                                 out "/bin/gpgwrap\n")))
               (substitute* '("gpgsigs/Makefile" "keyanalyze/Makefile"
                              "keylookup/Makefile" "sig2dot/Makefile"
                              "springgraph/Makefile")
-                           (("/usr") out)))))
+                (("/usr") out))
+              (setenv "CONFIG_SHELL" (which "sh")))))
         (replace 'install
           (lambda* (#:key outputs #:allow-other-keys #:rest args)
             (let ((out (assoc-ref outputs "out"))
@@ -629,7 +686,13 @@ PGP keysigning parties.")
                 '("caff.1" "pgp-clean.1" "pgp-fixkey.1" "gpgdir.1"
                   "gpg-key2ps.1" "gpglist.1" "gpg-mailkeys.1"
                   "gpgparticipants.1" "gpgsigs.1" "gpgwrap.1"
-                  "process_keys.1" "pgpring.1" "keyanalyze.1"))))))))
+                  "process_keys.1" "pgpring.1" "keyanalyze.1")))))
+        (add-after 'install 'wrap-programs
+          (lambda* (#:key outputs #:allow-other-keys)
+            (let* ((out (assoc-ref outputs "out")))
+              (wrap-program
+                  (string-append out "/bin/caff")
+                `("PERL5LIB" ":" prefix (,(getenv "PERL5LIB"))))))))))
    (synopsis "Collection of scripts for simplifying gnupg key signing")
    (description
     "Signing-party is a collection for all kinds of PGP/GnuPG related things,
@@ -759,3 +822,31 @@ qualities.  To reconstruct a secret key, you re-enter those
 bytes (whether by hand, OCR, QR code, or the like) and paperkey can use
 them to transform your existing public key into a secret key.")
     (license license:gpl2+)))
+
+(define-public gpa
+  (package
+    (name "gpa")
+    (version "0.9.10")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnupg/gpa/"
+                                  name "-" version ".tar.bz2"))
+              (sha256
+               (base32
+                "09xphbi2456qynwqq5n0yh0zdmdi2ggrj3wk4hsyh5lrzlvcrff3"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("gnupg" ,gnupg)
+       ("gpgme" ,gpgme)
+       ("libassuan" ,libassuan)
+       ("libgpg-error" ,libgpg-error)
+       ("gtk+-2" ,gtk+-2)))
+    (home-page "https://gnupg.org/software/gpa/")
+    (synopsis "Graphical user interface for GnuPG")
+    (description
+     "GPA, the GNU Privacy Assistant, is a graphical user interface for
+@uref{https://gnupg.org, GnuPG}.  It can be used to encrypt, decrypt, and sign
+files, to verify signatures, and to manage the private and public keys.")
+    (license license:gpl3+)))
diff --git a/gnu/packages/gnustep.scm b/gnu/packages/gnustep.scm
index 51541170ae..195249c435 100644
--- a/gnu/packages/gnustep.scm
+++ b/gnu/packages/gnustep.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2016, 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016, 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 1daaa79c73..da74a8dd95 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -249,7 +249,7 @@ in C/C++.")
 (define-public nspr
   (package
     (name "nspr")
-    (version "4.16")
+    (version "4.17")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -257,7 +257,7 @@ in C/C++.")
                    version "/src/nspr-" version ".tar.gz"))
              (sha256
               (base32
-               "1l9wlnb9y0bzicv448jjl9kssqn044dc2qrkwzp4ll35fvch4ccv"))))
+               "158hdn285dsb5rys8wl1wi32dd1axwhqq0r8fwny4aj157m0l2jr"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("perl" ,perl)))
@@ -281,7 +281,7 @@ in the Mozilla clients.")
 (define-public nss
   (package
     (name "nss")
-    (version "3.32")
+    (version "3.33")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -292,7 +292,7 @@ in the Mozilla clients.")
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "0dfkgvah0ji8b8lpxyy2w0b3lyz5ldmryii4z7j2bfwnrj0z7iim"))
+                "1r44qa4j7sri50mxxbnrpm6fxprwrhv76whi7bfq73j06syxmw4q"))
               ;; Create nss.pc and nss-config.
               (patches (search-patches "nss-pkgconfig.patch"
                                        "nss-increase-test-timeout.patch"))))
@@ -400,7 +400,7 @@ standards.")
 (define-public icecat
   (package
     (name "icecat")
-    (version "52.1.0-gnu1")
+    (version "52.3.0-gnu1")
     (source
      (origin
       (method url-fetch)
@@ -409,186 +409,39 @@ standards.")
                           "/" name "-" version ".tar.bz2"))
       (sha256
        (base32
-        "1wr4bc5806xzyqpi6m4rjaf61za6ylpx4g0kfk95c6yw9yhg5vqb"))
+        "00jki754d6310fxj1b7dbhqj69y5igck6gqg6rgfya243nsb56k9"))
       (patches
        (list
         (search-patch "icecat-avoid-bundled-libraries.patch")
-        (mozilla-patch "icecat-bug-1342366.patch"        "fb43f6690a26" "1vnkjpq2bcqwzmjkgyqv8wj0ndrrsyix3qy1rsb5is6pjmi9sbaa")
-        (mozilla-patch "icecat-bug-1343818.patch"        "90f870bbec29" "0mbki955f71n4yr9p0yc7kh5jwq7vs4bs4rhaazdncirbr564hm6")
-        (mozilla-patch "icecat-bug-1348454.patch"        "c1cd8a02669f" "1wf0107763rw45kxkak7478vlax06ay7076cbm7ysxl7vijbr52w")
-        (mozilla-patch "icecat-CVE-2017-5470-pt01.patch" "2553531f83b9" "0ibf59pa8czdyhc25sas6zhh2gf1k8vr8fklis2b1ms3n1qnzrha")
-        (mozilla-patch "icecat-bug-1355873.patch"        "9ee455ddcd68" "0d38hi4556635g9ag805vfyffdgfsp4a8v3d9ldffdp99ypv2ixj")
-        (mozilla-patch "icecat-CVE-2017-5470-pt02.patch" "6472c7006a73" "1fgydas23fzj49n4g43133bgjn98b2h38bii4knl7z7pm3fs2wws")
-        (mozilla-patch "icecat-CVE-2017-5470-pt03.patch" "0d5a26b29816" "03mkghl9i83jk1axr8bvw8la6shbggkabf23if8a9vi5jdv8182x")
-        (mozilla-patch "icecat-bug-1357092.patch"        "e78c943af07f" "0r830k6hja8z9rjk2nqjg8zfzr0wjcnic8rddh7jmc1inr1w3crm")
-        (mozilla-patch "icecat-CVE-2017-5470-pt04.patch" "d7c06f2d0d13" "1ahyns5v37w91bilvb3pa8kkdzkkn3fcxmi49jr5bycjlawljrm4")
-        (mozilla-patch "icecat-CVE-2017-5470-pt05.patch" "9071c7d4cc9c" "12128sf8s3zwv2w16kfl5jry9d6ky7hvps2006184rg23p32aj6n")
-        (mozilla-patch "icecat-bug-1336979.patch"        "8bbc7b586d68" "0c13imyp1nq18in3yb1zcyi41b69svh4fn8msyj0c2lhbf8qnqcw")
-        (mozilla-patch "icecat-CVE-2017-5470-pt06.patch" "6d80ca63ff8b" "0s893fn6v0p323lcnl4cbkg1zd7gs1p0bw76ki6cmiapkn63gs13")
-        (mozilla-patch "icecat-CVE-2017-7752.patch"      "43d7b98d8743" "1dhgy1jkvn3c4k27hbv8p16w7l09b8hd4w9zzpk8dpn4h78ncs3h")
-        (mozilla-patch "icecat-CVE-2017-5031.patch"      "bd4fcdee9a06" "0xz1r342023a0bsllhjbzn6v75lpqznwacqyikb7q8i4hxkxh78a")
-        (mozilla-patch "icecat-bug-1346499.patch"        "747fd6c81983" "00iscyn4wr69205ppiaghlnd32845f5lcsl303v0fcdd4d1v04vc")
-        (mozilla-patch "icecat-bug-1334443-pt1.patch"    "16201e8478df" "1k91xaai25vn1svkaldnsd2s8br3fgvnk5l54k3n3lk3m5vj55hv")
-        (mozilla-patch "icecat-bug-1334443-pt2.patch"    "f100e5cf3bcb" "1cgbbbnkrd3ydfw99rhnpqdp5zq65537mg8sa1s9ajxkjjd1dkwj")
-        (mozilla-patch "icecat-bug-1354810.patch"        "e579ef6e8d11" "0cmrh8dl85lzjxpbni08xbs8qq15sljnpg70a7rsl0jdbgih3mdx")
-        (mozilla-patch "icecat-bug-1356755.patch"        "4a3fce67b52d" "126i9nwxsb3sjwb7dvhafacq86glnhx7r7jjv0h9v21s1w0kx4wj")
-        (mozilla-patch "icecat-CVE-2017-7765.patch"      "7902fea300b8" "1jkrl8hdycsi17dd1m1vvl6gm1skhpf10q2m29zwfr8l40fd6a3q")
-        (mozilla-patch "icecat-bug-1353204.patch"        "b5a21502aeff" "13rbrhvr37w95av9d4hkgi913nq0j6k2iijydylvprcn18cwibp0")
-        (mozilla-patch "icecat-bug-1028195.patch"        "69a5ca2bf867" "0q8cgi6837ikpg7gsvywmzhq0i102845apcbrd6mw0205qqsnw5c")
-        (mozilla-patch "icecat-bug-1347835.patch"        "bc635f45af37" "1fny422l6yc80901x6swybr8nk0in1wxfgy97ky4bdkcqlnmzpqv")
-        (mozilla-patch "icecat-bug-1241066.patch"        "b922ca70cce5" "09hcf9rm7ng3vj5y267w0c9h6pqinnz8gjlkwx1337xh43mdvqjv")
-        (mozilla-patch "icecat-CVE-2017-5470-pt07.patch" "1ce6d0652921" "163ji64a86h682frh1jq016w1mjf8g24r8cni0irsdmiihis7zxc")
-        (mozilla-patch "icecat-bug-1324140.patch"        "8886f9cd5dd3" "0byabs9md8r3pc4r67sv2759427n1za0gfayln40nx47n2p52kmg")
-        (mozilla-patch "icecat-CVE-2017-5470-pt08.patch" "ad995e90916b" "02nq9sg675p26z99nr2pykbz51hi2phf0gmrb1bjpq9pjbll7gsa")
-        (mozilla-patch "icecat-CVE-2017-7749.patch"      "4ae71415fecf" "0yfkkdkkimad9a3w734xx85lb7hrl870c8k8an7w78fq3vl3fjnd")
-        (mozilla-patch "icecat-CVE-2017-7751.patch"      "24cbb7f2e0ff" "006f0zhz5nxs72q9plwzhq4l79b47svzizvv510m5g2krsfrccza")
-        (mozilla-patch "icecat-CVE-2017-7750.patch"      "89c7fb6c5be3" "19650nmc4vn1prbpn5h06kz9d1al279xkc23v39577h4zhdrknkj")
-        (mozilla-patch "icecat-bug-1337810.patch"        "0f6dd3564c76" "1sxajqh6r7fjs45xhvjwg94smpvyvplh3rdvq11d3q5m9v4kg7mz")
-        (mozilla-patch "icecat-CVE-2017-5470-pt09.patch" "145905da25d3" "0c2q9f000snpm9x0qda2y0awrsm313iwxbv0kh33ca0kpza49a76")
-        (mozilla-patch "icecat-bug-1345355.patch"        "c5012009a0b2" "0m772bgrwb8iwv2bdgx694ybg5wgbf58xg5v245x0p7gwhgwiwmr")
-        (mozilla-patch "icecat-bug-1351340.patch"        "047f19a1b9a0" "0qjnhybibs3cpcba3ga4g7d4c0w716xa9jf87y2ir8yz7dw1f9vl")
-        (mozilla-patch "icecat-bug-1056322.patch"        "f076a30f6c29" "0xgskjl6zmxi3v4l0f3wlas0qb2403fin5lv1hi3jf2142ihpaml")
-        (mozilla-patch "icecat-bug-1355414.patch"        "28e09d4ac3e9" "06clr2kwz28nyjlj13y036x6rxwh6frdh11aq6kbm1nj6s01i9zl")
-        (mozilla-patch "icecat-bug-1313977.patch"        "4c0b09f70aea" "04jq1xrlhj04n5bgh93xkbqwnh01pswfjhv81zk7i87c7xz6h92q")
-        (mozilla-patch "icecat-bug-1357366.patch"        "0b855945ce34" "0va8kqlgx6qhq2qrawkcm66kqrwwpmxblyjp3c7ifplxd0j0ijaf")
-        (mozilla-patch "icecat-bug-1338574-pt0.patch"    "243d7bffa4f1" "1d1v68amhnygc0g4w1afs374pjs7z5fx5inyq8idawbh4kxfncq7")
-        (mozilla-patch "icecat-bug-1338574-pt1.patch"    "337398a83aa5" "1141n7dhy9rh70sww8v58cbkba74xm5i75j1sgm5qwvkhh69qr5h")
-        (mozilla-patch "icecat-bug-1338574-pt2.patch"    "50e120d7ac64" "0dbcaq27vsjlh7vm30c88rlhkx8c1195rnr01six40mymh09rhym")
-        (mozilla-patch "icecat-bug-1338574-pt3.patch"    "2d4da5a366e8" "1761npkpw5zsm4q8rzfrg8m1ayrf8c857iq3vdd8rbqcswzv6xq0")
-        (mozilla-patch "icecat-bug-1338574-pt4.patch"    "b10d9b0c187f" "044zq9gzw4v5r3ki8dwfjg9dznai0jch29y0xrxzb2rfr6yvx0sb")
-        (mozilla-patch "icecat-bug-1338574-pt5.patch"    "697713a6841c" "1m9q4rh4ny945xsx3p3f5bg1izs9q58d71la5drj31z6kvbhnsi2")
-        (mozilla-patch "icecat-bug-1338574-pt6.patch"    "1d14abf37cf8" "1xyja9hjb7qfqi7kh85bw5nxkhyzw1rijjhnh5pgr5z0v718kjyc")
-        (mozilla-patch "icecat-bug-1338574-pt7.patch"    "5e85bc599d0c" "1pmhs3hmhkgj6q19padcbpi5qvgnhx6ib09zpcwxr8ll6lllxhig")
-        (mozilla-patch "icecat-bug-1152353.patch"        "d893dea8e7b4" "1pbayv7np6z7hlkk1dhvx3ppkni7f8n3cz8hs67l3nssw214c1ih")
-        (mozilla-patch "icecat-bug-1345893.patch"        "3a747480ead1" "0sxd23y9g77mx5indjs9isxnnrkin835qrh6dn62dlvbll8lgqi2")
-        (mozilla-patch "icecat-bug-1343172.patch"        "c7b064f6b93a" "1sh10j3h8cnqi3rpr70lv2yz14zhy1v9ms4f64fmrbjlz7q09j6q")
-        (mozilla-patch "icecat-bug-1352348.patch"        "1d86e96610a1" "02ybn2608v57pjh8kjgnhkg157asawjk5xia59qb63m5vfvrinwv")
-        (mozilla-patch "icecat-bug-1354308.patch"        "c8ba3f911eb1" "0w70b8dmvqjn1d8sphfkwnbwii8nh2q5k48clkvbhn7kpc2890mi")
-        (mozilla-patch "icecat-bug-1335904.patch"        "366cdd623cfb" "0gcmld4bplaakx6d50gw223lg1jjcni7866q1f2hxm0h1r9wwd3k")
-        (mozilla-patch "icecat-bug-1355340.patch"        "6b174b41fa44" "0zdgfy0zsrs3cvfkmrhxw0mrfibpnb58xp3z8fapx5ja59wmcabs")
-        (mozilla-patch "icecat-bug-1360574-pt1.patch"    "237eee780619" "1iw6z762zdc42kwjvv58a2cjc0s4kzwwy7838apl7y7cq85g0jg2")
-        (mozilla-patch "icecat-bug-1360574-pt2.patch"    "46a5a4aac189" "1i553f9qvav0fn5avbp8912995pqbhzbzamxxfz8gn2ik17y3xly")
-        (mozilla-patch "icecat-bug-1358776.patch"        "bd35fa23f79a" "12nicgwhcn63knmlcl0c2askn9sj35bfclaab3826pkd9yq5g4p5")
-        (mozilla-patch "icecat-CVE-2017-5470-pt10.patch" "c1314a709b41" "0klgrcyc20fig6rbm9znjpcnfsz6xnlp1v03fbvaww0riy2qm42k")
-        (mozilla-patch "icecat-bug-1359859.patch"        "e38948fb79d6" "1sfyc5s9ndv6q72k8n9x0rvj4sz40k51iljrs42gwykzkjm2fx5m")
-        (mozilla-patch "icecat-bug-1342057.patch"        "278bef1d7a64" "0zk18s9pnbwz9ankmc9mj4197s55j1jvax04ansqymmmc3a5ciif")
-        (mozilla-patch "icecat-CVE-2017-5470-pt11.patch" "218e0963406f" "0wqms5nany4sx2g4p01lbam7la2dyazz87dhv5hcsf8ifxrfww11")
-        (mozilla-patch "icecat-bug-1304566.patch"        "188e39630fcd" "1bfxfgj5ywx4bcf91kwyrjh5ppiv59gadx4445achyabdi639l8d")
-        (mozilla-patch "icecat-bug-1356601.patch"        "8191e403fedf" "1k4zmq0923f5dc3dwbz1q0bkcbm90ldwkczym366hgwadb2305nd")
-        (mozilla-patch "icecat-bug-1334097.patch"        "fe2a2c7e88cb" "1rppaivaddigwk65krn8m9f9mcdkiiv28ws9n9zj62n0rc1shyvc")
-        (mozilla-patch "icecat-bug-1359051.patch"        "8d7dbe5c6587" "14zh74bbld4s0jy0a48fi9acxkc236mh9wjid3vrf72yj6bi5xnp")
-        (mozilla-patch "icecat-bug-1359697.patch"        "ca2b5274549f" "1ns7v70i1hfkxqnjhf9fp0lk9095hdcllg94j3dl1nfaif4w6vbf")
-        (mozilla-patch "icecat-bug-1343256.patch"        "a30dd7dd6617" "1k078176fp8vz871wirjz9d3yx9l2lfl8p75c4905n3j3zv2297q")
-        (mozilla-patch "icecat-CVE-2017-7778.patch"      "81b3ce7d37b3" "0ad0wqczy4kpggj6m3b8bzxi6ax340mik1mfawhkq89a1h2sfpxv")
-        (mozilla-patch "icecat-bug-1356179.patch"        "66d8893f37f0" "0izl31lagvdv4qpb9gkjxvgpmxzw50x5bviap4l7bbnb56cv7d8p")
-        (mozilla-patch "icecat-CVE-2017-5472.patch"      "aad883966edd" "058axnrwrbvy2h9r9pb766lyky45hb92rap142sbp17yz0sxfmww")
-        (mozilla-patch "icecat-bug-1355520.patch"        "7ca2d8839f7a" "1xbmpvr2x720x9ghd5wgbg6lknbnhcyqmkkfamdf97mqcyizyr21")
-        (mozilla-patch "icecat-bug-1358469.patch"        "4d432638c0f9" "0qpjmwik3dryjwmgfwmkqk0rs9rb2lafb2k9fc3pkjnrq5y0l9xg")
-        (mozilla-patch "icecat-CVE-2017-5470-pt12.patch" "f5967db0a0f3" "045wbvkm21kbm314dd6lbq2disiaf26kmsxi6brf442fd0028gwq")
-        (mozilla-patch "icecat-bug-1345910.patch"        "ec6b6720e54e" "0lm15jl46mdlsds6947jsiyvhf9agb8hcdrqj2svc3kn9kzvyr2n")
-        (mozilla-patch "icecat-CVE-2017-5470-pt13.patch" "a4f8d8a12afa" "0d7sjc21af074rvgvijj42gmpjvcb1v1zlpgb3s7ky7w6wjr35vx")
-        (mozilla-patch "icecat-CVE-2017-7754.patch"      "d07f24a72ce4" "1qbwska76b2zslb95wnx9v04znb6k9fqylr4ajyfqpwk1sr363hg")
-        (mozilla-patch "icecat-CVE-2017-7764.patch"      "a6caa7628e36" "1yv5f4h8js9bry9krcx130w6ic8rdmmq4fap6va24kfx8qflg70h")
-        (mozilla-patch "icecat-bug-1237868.patch"        "41138235d4ea" "0mcj4x2kmagwf5hp8xhczf04sxm995pk1zarc9yffk84z7fcrxkj")
-        (mozilla-patch "icecat-bug-1331335.patch"        "b724283e3b31" "1xbb1vcdzfpcmrmxm8ihwzslh2vz15k0k601nvyhh6vgx270h1wn")
-        (mozilla-patch "icecat-bug-1367267.patch"        "4c2f4d8b693e" "1hrndhfnz0vnjnspwh5mbvgl2j8d1cs62awp04wx2w6z4l4wrmbv")
-        (mozilla-patch "icecat-CVE-2017-7756.patch"      "cce3fd607206" "1z97jw8jpfyx61jxf0j8nsplnna2c5bwihwnl9cvlc2cspp3kgp5")
-        (mozilla-patch "icecat-CVE-2017-5470-pt14.patch" "dc4e3c64d781" "1zd666k4qpdamly3av09k602pmirjcs9l6la6ba0qq9w9vfan3g5")
-        (mozilla-patch "icecat-CVE-2017-5470-pt15.patch" "379c348250e8" "0kvsyhi9j3bjx14ffr13dslqp8ghcgrz6ds2fikdkrrrk4syskd5")
-        (mozilla-patch "icecat-bug-1349531.patch"        "70cd711c6ae8" "07hlby5xdvqy6jdqxydv5pwap8hhsycb19fgw5fan2xf9dhrfpb8")
-        (mozilla-patch "icecat-CVE-2017-5470-pt16.patch" "6e644bc1a57f" "1xp8b74wijfz198q4hdybldnwh3hh0vh33dc5s7489abmz4s5zjg")
-        (mozilla-patch "icecat-CVE-2017-7758.patch"      "279bffa85beb" "0shf77l9id6s8cs8xbc0ii0ccd7n09jv20410kkqqz11m296dcjr")
-        (mozilla-patch "icecat-CVE-2017-7757.patch"      "0abcbc6ef8f3" "045arb1b83a3yv358naznl15bnr4wgxxayv8d5gcxarcbrrvm5q4")
-        (mozilla-patch "icecat-CVE-2017-5470-pt17.patch" "e0261afd69b9" "0a19b24iq57430kpbsdvka9vyg6kwhnnqis1xsd6wh8gz0bw5l79")
-        (mozilla-patch "icecat-CVE-2017-5470-pt18.patch" "4ec931d4bf29" "0bq0hq41xhy9aqjra5m0flmpilinlkb088r6w1kly561ckjl1f9f")
-        (mozilla-patch "icecat-bug-1339826-pt1.patch"    "9c29579fffe2" "0yfc764qrynh441wwim18cr6k0sazgrm77frcdnyks0hzf0y44d1")
-        (mozilla-patch "icecat-bug-1339826-pt2.patch"    "be946ea1a75a" "0pw0y1sdckn5brm39sdg47hbda5432aw32c3xq26ism23im85191")
-        (mozilla-patch "icecat-bug-1339826-pt2.patch"    "44b2fe592a90" "1v8mz3b40dp6l5qrgha4yibmrnx80pxsvdll6ky1k937yhbzjk4a")
-        (mozilla-patch "icecat-CVE-2017-5470-pt19.patch" "f68e0d98a22a" "063z4a7gyhzy85fc2j2yr7kmk2zf7v875hjw4485civazydysw4j")
-        (mozilla-patch "icecat-bug-1353625.patch"        "c41f37d913e2" "1s997c1hj4ywnlfbhvi1y96vd6bxl74wcrb0nly611h51h8xnyxm")
-        (mozilla-patch "icecat-CVE-2017-5470-pt20.patch" "38273203b827" "12p9r4spdp09d6ic9sqspvdr50lmc1p86ydz2fxdifb1f95njhx0")
-        (mozilla-patch "icecat-bug-1357022.patch"        "5bd51bc3f587" "0z5drxpfjvb7s43qgcr404h8ckchgakwwwi4nxpx2i653w22a743")
-        (mozilla-patch "icecat-bug-1318845.patch"        "512efd480dac" "13cmqap795ayh6gh3b5bc6002pz0wp92qngs7fh5qqklc7a0gkzv")
-        (mozilla-patch "icecat-CVE-2017-7798-pt1.patch"  "d0c92199b9ed" "0qmsm7d4h6ysx3an247kpx9qpksfms7hrjgpdrghdbxla1hc4nc9")
-        (mozilla-patch "icecat-bug-1364513.patch"        "88e9c2137640" "1mh4l745q1wlabn9sz47n0vy3h7c66fcay2b9dwa16iqwvh3lpiw")
-        (mozilla-patch "icecat-bug-1366203.patch"        "08dd87b6bb8f" "15bfwfwwd978mlcpk1d6m7506k8c2y402md7wzf6piabxl5kk6cf")
-        (mozilla-patch "icecat-CVE-2017-7779-pt01.patch" "5a51a9ef8149" "0j0f9j0pryv3ik4bizhv8s6rr4dl1mjm01c23msayr0vbnpcagcs")
-        (mozilla-patch "icecat-CVE-2017-7779-pt02.patch" "f47eaebc0c5c" "1b52xm3awpigasaz0hk5b13l7v4ry9vrawf571lzy2wwhphs4nxx")
-        (mozilla-patch "icecat-CVE-2017-7779-pt03.patch" "40ce248a8c15" "1b722fiifr999ga0991cg5mlhidcnvf3zx2aiq5zjaabqn0f4dzk")
-        (mozilla-patch "icecat-CVE-2017-7798-pt2.patch"  "0c8359ac6718" "1w0v2p5jnhzvcsx8h1bglwjhp5y5bg1g8pzpvjw7pg1wlq2frccr")
-        (mozilla-patch "icecat-CVE-2017-7779-pt04.patch" "8c27a68ee87e" "0kn05q8nvp26w5rnj8r0byw89h2awmwn04l9l3xv2i5w2a7zmjzf")
-        (mozilla-patch "icecat-CVE-2017-7779-pt05.patch" "b2ee0c5466da" "0jgwsppq0606lwg5jk9q69lqa14q3j7h3c7q6mxbz7zqrcg7d0zg")
-        (mozilla-patch "icecat-CVE-2017-7779-pt06.patch" "25f6ec16e501" "1yqd5ndwgd8x2pj9k2bnaq3rb1g7wikq0ii7l4dm6bqwabi2rdsg")
-        (mozilla-patch "icecat-CVE-2017-7779-pt07.patch" "30443b4f758e" "0riszl3xnpfq5ffywygrc12nsvx0ffd36d5rf4vp87r8lj3fr55r")
-        (mozilla-patch "icecat-CVE-2017-7779-pt08.patch" "1b934ab92c59" "114cvfzfxgkwwd4zpnrmm2kx6m94k0b3xcraba9aawwwhdxj6a1d")
-        (mozilla-patch "icecat-CVE-2017-7779-pt09.patch" "830a345dc0e7" "01riivv033w3mr8b2myaw38rz2za1bdlhybny737ly68hhc67xdz")
-        (mozilla-patch "icecat-CVE-2017-7786.patch"      "5c26df489768" "1fdw4zbn0ilfghanxky4y7qcmkpkks2q1aqkzv26dnhhrr8350a1")
-        (mozilla-patch "icecat-CVE-2017-7791.patch"      "f21e4d78a0a8" "0szsc3zm3wgrw8pxm0rz54whkrc14yy4d8vwmxgqsdns43qjgkpk")
-        (mozilla-patch "icecat-CVE-2017-7779-pt10.patch" "f19b6c6a0c6c" "0wkr010qnh4127z1j7fp45sqdk2da9x7j2k405r0x5bgqdd09qzp")
-        (mozilla-patch "icecat-CVE-2017-7784.patch"      "8353a3fa4106" "0kzs8pl6spjwgdsmiw702zvbvz73ng9zf184clsfr82l8kmggbgw")
-        (mozilla-patch "icecat-bug-1371889.patch"        "b38fed9a9772" "14vzsldlv4hjpxgnl6fjjbzhgcwsmd52v06cgmv0a7y3lnggj3hp"); XXX backed out upstream
-        (mozilla-patch "icecat-CVE-2017-7787.patch"      "c254d3cc826c" "0pixwr18qik87c8qf4irg6hdffd8rbwpng73jxg05h7s827nfw3g")
-        (mozilla-patch "icecat-CVE-2017-7792.patch"      "6356dbf20658" "0a0hsxkik7ysfa48w8k21lidaabwpmxi1d3214r5zqkqqfhn9qjm")
-        (mozilla-patch "icecat-bug-1358073.patch"        "8d6e685d061b" "0430gwg7zzbg0q9w2m04s5ljh47bc8x1gxvmkzbn23bh1wy4d4sq")
-        (mozilla-patch "icecat-bug-1370869.patch"        "3b8fde840188" "0vkymvzkfpzpg86npa5vpvvf564k18hkfdz8857rl0z4dp4rybzx")
-        (mozilla-patch "icecat-CVE-2017-7779-pt11.patch" "267b649087ff" "04wzazdm0kvbfcgmlhx8qs1ibqn8sbvqdsd237rja5wpr761xxf1")
-        (mozilla-patch "icecat-bug-1354796.patch"        "69d1a9de76b9" "1q0p4kf8pvnkwwff3lz526pjj15a25pf724awblkcnzamwbib5ns")
-        (mozilla-patch "icecat-bug-1363027.patch"        "c5eaa2d51b9f" "1xyj5n1vqhscc369q6wxibs2igbilaiwyc0q9cq64j2qx8q0yqah")
-        (mozilla-patch "icecat-bug-1364189.patch"        "852a7781259e" "12y344p54avz5mrqirq14zp4csx8ydilnjv9nsw48kpa9y0l5xsg")
-        (mozilla-patch "icecat-bug-1342417.patch"        "37ccdc5fff2b" "1acywg8girplbs7wjrjbvkximhiyizddmnkkq1ldd0l3qbx9nihc")
-        (mozilla-patch "icecat-CVE-2017-7779-pt12.patch" "057ed884ecb0" "1m49bqkq5lzc2j59wgwy0gbzvqj50p9lfn7cbc2n01v6d7m8rc2j")
-        (mozilla-patch "icecat-CVE-2017-7779-pt13.patch" "dd7ed649b82f" "1fama1l2vx4p6ahhrsrpysfbk9nh5gwbi4pdnclpyxd42idsdqxs")
-        (mozilla-patch "icecat-CVE-2017-7753.patch"      "731958f7ff4d" "0l3i3mkb6rslnjag3caf4xyhjzxn91wfs0g6dbika4sxnhfs5d4i")
-        (mozilla-patch "icecat-bug-1364870.patch"        "de8deecbcb02" "048ic1vk7fd7wxqjgjqlnb7kv03ynaa4wkrk0ka8m39pkjh3yyxj")
-        (mozilla-patch "icecat-bug-1365333.patch"        "e3d13b270f45" "0jr8hpxpmfgrbh09xd9nj597cdnc6kl6gs5nir4zlzbbn8kp3429")
-        (mozilla-patch "icecat-bug-1372063.patch"        "58a144bf9677" "12y8vikbzcfcfiidjdq67dvdhhvylx68wdgnypsafrd1q8dx9jza")
-        (mozilla-patch "icecat-bug-1373970.patch"        "8321ef71adb5" "1wk8kq9n2vhqlinvvw01avv3c7qj0k3qnn7dj0whnl08a5yrqhpl")
-        (mozilla-patch "icecat-bug-1338646.patch"        "322c18d011af" "1yqb7zmjz211ryb98pjj7axbj6bwkj63rmfyifsybdy3zpb4nf48")
-        (mozilla-patch "icecat-CVE-2017-7779-pt14.patch" "f9bc084fbb8a" "1ssml15yzx9s0wraq4n0xvq5bw7j8xq0p2y39h8j3f1c448n0j50")
-        (mozilla-patch "icecat-bug-1359477.patch"        "9b70b5b852e4" "0z2bi7w46g7mm8msav8vz28mgvnv21z3a5876n9gpw317gns4d6a")
-        (mozilla-patch "icecat-CVE-2017-7779-pt15.patch" "6785c2a852da" "0p9jr171qi59scr5lrj6g0mv8mgm1i1wglr3jd16xywb0ymynnn5")
-        (mozilla-patch "icecat-CVE-2017-7779-pt16.patch" "11c8e23f0fd7" "0zcikv6dn7biii4gspv2kfvma5hc76hk86jahm3zl2zlkk8ikfm9")
-        (mozilla-patch "icecat-bug-1355168.patch"        "f45ba43512ad" "0p28q5acns5zjj7ks2x5lrmwzzps741507sq31xvrpzan5yav37x")
-        (mozilla-patch "icecat-bug-1308820.patch"        "e9a10fac6aae" "1s2zaka6ik1rmylamyh38vsqnqlblbqdhjpp0cv08fjb9flh5sbw")
-        (mozilla-patch "icecat-bug-1305036.patch"        "c42a348f2ed0" "1pz7qbdv9xvyd1dy7g9h047c0gmrgp5qdy2360qjk6879n74h1zb")
-        (mozilla-patch "icecat-bug-1342913.patch"        "f02db36497d2" "0g1kg418l1cibh5k1sjqj2vs2jcblpbn7b06qazk2kzcg70vf5gv")
-        (mozilla-patch "icecat-CVE-2017-7800.patch"      "0a44ed156da5" "1y8z1czm7f91p9bpd32b9k43nl0b9g4fzwv4w0khby9y38xgvcbs")
-        (mozilla-patch "icecat-CVE-2017-7801.patch"      "0a86729d653e" "0wyh7qskjwq9274d25p2ajylaab5mj5h8by58rz9lxsz06zrnz9f")
-        (mozilla-patch "icecat-CVE-2017-7779-pt17.patch" "98ff43fb228a" "0ih0nsmk8rzdrajzlnryqiqb71jg7v4p71hfla2hrlvn41r3709m")
-        (mozilla-patch "icecat-CVE-2017-7802.patch"      "09f62bfc5800" "07q18qzxja1cywihr5vhhws328zghrwc6ldx8kcsawia1r1i5gp7")
-        (mozilla-patch "icecat-bug-1321803-pt1.patch"    "cfb75012cfbd" "1bwwfm1vhr7ddsvmi1cinwdq6f4nd71fkd9lbnlhmh4ix63gz2yl")
-        (mozilla-patch "icecat-bug-1321803-pt2.patch"    "0f3f951461d7" "1rp1cj4c0dkhd4pda88kx499h7ycw3037yh2khff78y61ckg2a85")
-        (mozilla-patch "icecat-bug-1321803-pt3.patch"    "b654a39db998" "1v79mh8lrnn7q40c8zj24byrqyw3x8fwcw25w90wqajnbf0ixskx")
-        (mozilla-patch "icecat-bug-1334338.patch"        "1be1fe3c9622" "1mhd9nyp8map76hgwrhm1k955fz8y5iszdvvgrv3z1r1h77k0nz0")
-        (mozilla-patch "icecat-bug-1379538.patch"        "8fa66bc91b07" "1l44rwkdrv9y41nfb9h3fkykk3ci7xclp6rfwbbzm4293l00adrd")
-        (mozilla-patch "icecat-CVE-2017-7779-pt18.patch" "7c095249ef8a" "05dbvxlmh7jljjmis540nfgk2nn968prmxrm96674avn33989sqy")
-        (mozilla-patch "icecat-bug-1073952.patch"        "06db7fb30689" "19qf9lrwy48fjzz3wpjfxsgqab68dnlci8jrwsljhpy6787xwxg2")
-        (mozilla-patch "icecat-CVE-2017-7803.patch"      "c52d8ce8d5df" "03l9hk278b9mw75rxpn2ay1slyz21axa2l7dfxwkvj5vdn7ykdbj")
-        (mozilla-patch "icecat-CVE-2017-7779-pt19.patch" "d68c9edf056f" "0zfz0l9m675n4vvm87n8g3bdhhysla4qnywli5kwjy4krj9kq6qa")
-        (mozilla-patch "icecat-CVE-2017-7779-pt20.patch" "5dd82ab194b9" "10mdzwxibnmqs7y5arf8sjnva31i5vhbprlc63n74h8gh8k5kdlp")
-        (mozilla-patch "icecat-CVE-2017-7779-pt21.patch" "8fc70b2b57a8" "0yszfmb47x3rrzn5wncv112c1b7xw11j62adx4f7950fdj7zqr32")
-        (mozilla-patch "icecat-bug-1379444.patch"        "47dd26630291" "0r2rc634sr4a5mfc53p1wx8d0zm6dsxiw2vzc7l89mac0d0cmi5n")
-        (mozilla-patch "icecat-bug-1372467.patch"        "0f906e04a41d" "0f2zdpnb23yg3v5f1ha24cmagcwa01kf2xz1l2lcws4ss1w5b4a9")
-        (mozilla-patch "icecat-bug-1372383.patch"        "56349462ff47" "17gc7kf0i367c1yh2w1701k8snvdm04nznc3q3yxdl3wxkh3c3sb")
-        (mozilla-patch "icecat-CVE-2017-7779-pt22.patch" "7b79969a18ee" "0ixycxbjh0wmihrhzpyjbkcnvwwrzs3ffb0lymzvqnr90yxvxhyy")
-        (mozilla-patch "icecat-CVE-2017-7779-pt23.patch" "f0ab032fd674" "04wc4i94cfj2vcawrv7hgbb70fkxggi7s6srk3i184686rczzpyw")
-        (mozilla-patch "icecat-bug-1308908.patch"        "48a89721d076" "01gvdzy6whp2dqmjvx49f4mvl75dhjgr8dvx71pg4sx3xmdbkzyq")
-        (mozilla-patch "icecat-bug-1347667.patch"        "ef1d17821945" "0s6gaarnvnibgf9x0xqcymaqc63lnbh9fm2g33i8cpp1xjhmywcv")
-        (mozilla-patch "icecat-bug-1367128-pt1.patch"    "5a0f69630b03" "1vqbwmy58qxwfaisq0dxvvbsd5w5i4yb691i78gw1dv7kgf523qy")
-        (mozilla-patch "icecat-bug-1367128-pt2.patch"    "7db52eca97b2" "081p8izjxscylfs090c9mzlmfvpdfvg1qsf5rik30hvifcpxp6lq")
-        (mozilla-patch "icecat-bug-1367128-pt3.patch"    "c448439eb5dc" "18gp7mg3zh9dxi1300mcm0zk67nlmvp5q50gnyc1v2sv0gs6fdfb")
-        (mozilla-patch "icecat-bug-1377016.patch"        "319a986ae1f4" "1dlmrklkpx42c72pblpw1fi91dhqarqyl3ldnd4943x2hsy3am8k")
-        (mozilla-patch "icecat-bug-1342433.patch"        "09f5bd33efb8" "0dky981ggyc0237mbbyy1chndk0aznkhw00d3lrafiyxsyk6vg3z")
-        (mozilla-patch "icecat-bug-1359058-pt1.patch"    "7ccb26caa02f" "1q97f4qbwjnz6f3g5dcy2v0av9jgbaplaz9pnm5yqdc250f5bhjz")
-        (mozilla-patch "icecat-bug-1359058-pt2.patch"    "a93c1a40f0d8" "0gafbwv2npdjqh41fpvzmzdw3kcw1b41gm3jg9biwqxxwnvqqmfj")
-        (mozilla-patch "icecat-bug-1382303-pt1.patch"    "688c9284fb12" "1rqimwkh8krihabsx7x2awvxls8n9dm2bmbl133fnkp2sjya979w")
-        (mozilla-patch "icecat-bug-1382303-pt2.patch"    "7f969ba7b6e8" "036n1yrmmb6gydxcgyps89g63kj1w2rihk1zsmk7yw3crln226ai")
-        (mozilla-patch "icecat-bug-1382303-pt3.patch"    "7e7b4f104462" "0wkw72qqyql528hvssrqyq72f5csfxa5fgv5s903csh97vawfl7i")
-        (mozilla-patch "icecat-bug-1383000.patch"        "ce65d0641c07" "08bxn3b8rgjhkvdndc7mrd0k1715wbpa5qaxhslxlgj6lpkgk0b1")
-        (mozilla-patch "icecat-CVE-2017-7807.patch"      "a86c77d533ee" "0mzfxpyk4484dk3j1sgplakx39ya0jnp3plxvcmvlc47ry60yq93")
-        (mozilla-patch "icecat-bug-1346620.patch"        "d71000abc9bf" "10d632nq5zbhndrsx2vpkl7jprlnas361n1yh9s9szn8k4mj01rf")
-        (mozilla-patch "icecat-bug-1381016.patch"        "c74486f87dc3" "1l938a2lhrlqfhmgrpypx13v6jw08528m4gnllr2h5sk2x65czip")
-        (mozilla-patch "icecat-bug-1371657.patch"        "20a1a6ad46d5" "17yn5dpymrymgdywah403fzw0p2y9bjkccg0h4d221i3pwns4bcz")))
+        (mozilla-patch "icecat-bug-546387.patch"         "d13e3fefb76e" "1b760r0bg2ydbl585wlmajljh1nlisrwxvjws5b28a3sgjy01i6k")
+        (mozilla-patch "icecat-bug-1350152.patch"        "f822bda79c28" "1wf56169ca874shr6r7qx40s17h2gwj7ngmpyylrpmd1c6hipvsj")
+        (mozilla-patch "icecat-bug-1388166.patch"        "fbb0bdb191d5" "1y8wpj38vw1dd6f375s9i0mrk9bd8z8gz5g70p4qynfllpkn072d")
+        (mozilla-patch "icecat-CVE-2017-7810-pt1.patch"  "fbddb5cdd3c7" "0k5nyl2z1y2rx9fwqyfj64678yv6v3pnmshgk552pbzqmaf8i1hq")
+        (mozilla-patch "icecat-CVE-2017-7810-pt2.patch"  "76c25987a275" "095b9vwsiza9ikbnnppfcld16h75x5bxjfxc73913y04n0i42ifh")
+        (mozilla-patch "icecat-CVE-2017-7810-pt3.patch"  "32eec29a85a5" "057simakqg56jvas1wkskg5kszn96m74nca26x08d5w7rzmbv1q2")
+        (mozilla-patch "icecat-bug-1373222.patch"        "ecef71fa933f" "0vsymgy5j702lamvh2riahni7rdj9ba3bd6i4a2m22d638rwp1i2")
+        (mozilla-patch "icecat-CVE-2017-7814.patch"      "68a444daf85b" "1faaadaajidzb9i00710zxdyv370hlrdg1l5rw2ymfmzbjj4jqyd")
+        (mozilla-patch "icecat-bug-1376825.patch"        "eeeec9cafc4e" "188qf6zi9kyxb33330yia6wmrd5mdyqn5hr1cl38zy7m3akv8srh")
+        (mozilla-patch "icecat-bug-1385272.patch"        "d68fa12fbffc" "13gh97vz9n2b7303jcvr1072iy8bghy9chvbmxzvw82prvkscavw")
+        (mozilla-patch "icecat-bug-1390002.patch"        "c24e6fc9f689" "0aswhy5fz2f6wzd5j5gg3nqvz707ip344089h2z2chcp146vxmf4")
+        (mozilla-patch "icecat-CVE-2017-7810-pt4.patch"  "ae110cf77596" "0gdrkfq9wy9cfcdgbj14ci86xgh2prkbz69pfy97r9igd8059syw")
+        (mozilla-patch "icecat-CVE-2017-7810-pt5.patch"  "b8417112486d" "1hya6lccz7vm51v4f6ww072794cwzmfn9xhxmvrnqbiyspxx5fz4")
+        (mozilla-patch "icecat-bug-1386905.patch"        "badbf4308211" "0fj1pyjqfdsbrlfykwmkzav2nvdj1f4grwq3cal9f7ay6wjnfs9b")
+        (mozilla-patch "icecat-CVE-2017-7810-pt6.patch"  "d78675515c78" "03w5hqy40xkckbaf5bm9kdbdqvp9ffvpk9mlrc9lja6b7qa4pjhg")
+        (mozilla-patch "icecat-bug-1382303.patch"        "f01155fe4d54" "0hnz1kvmvspg6453kydsklbvrjgzn8x3djvrym3f2xl2yinaf90d")
+        (mozilla-patch "icecat-bug-1393467.patch"        "4eec2a60622c" "1h006mwcsagq7mz7haymwgr7fn4zj14n5lxbjcmhdqrxdvma2hjj")
+        (mozilla-patch "icecat-bug-1384801.patch"        "9556e792f905" "0i74r807189s8i78483caiifw68cn7fs543i4cys6k3gn12dhhjy")
+        (mozilla-patch "icecat-CVE-2017-7823.patch"      "bd284765b5bc" "1c4hss87kc4qwx30magbqczm9h7zmwirjfc8zimqbrnwv9bbsfh3")
+        (mozilla-patch "icecat-CVE-2017-7805.patch"      "113da8d46aa4" "1vy0lw659mwixmb57mgybga152rdwqd5zj1g7nfw1zgp15pfwr75")
+        (mozilla-patch "icecat-bug-1376399.patch"        "58a574502ca9" "1zmg91pg0s5nwngc32a4fywidvxyaayvx1h052fsv0i4cfm16l9v")
+        (mozilla-patch "icecat-bug-1396570.patch"        "24db61862c54" "0af1jjfma042xvn0xhgims1yvb2b51nhn4m0pcfwg3fn0llmka03")
+        (mozilla-patch "icecat-CVE-2017-7819.patch"      "1a02f11c6efe" "18a9qvdvrqw34qw3lljg6gkn358jl23lyimhmbc964023rhs36sz")
+        (mozilla-patch "icecat-CVE-2017-7810-pt7.patch"  "002686d9536f" "065g0d759wfiaj69b1sqg7l08p2knc0q9m9hvkgwwsf0r78xcbjj")
+        (mozilla-patch "icecat-CVE-2017-7810-pt8.patch"  "eaadb31758d8" "0b3k3la6ykac5mbp9gyqqgjbmj19vx9sl1b0wp387qar0p12nyaz")
+        (mozilla-patch "icecat-bug-1368269.patch"        "0cff5e66e0f4" "0jb0wqi7c0ih4441s1908j6gv18v4inh7k2w47h3c9nhz4rgyrw7")
+        (mozilla-patch "icecat-CVE-2017-7793.patch"      "6ff3c82962f0" "0bw82034kdmrpznigbavzzsiybzrw8giyf8v0z2cxf6mwl72bf9k")
+        (mozilla-patch "icecat-bug-1400399.patch"        "d6f78b1349b7" "0i3gwr2al3xl65yfa3nimvy8dp0jzpx21f6bjw18xwn7zkkh9j54")
+        (mozilla-patch "icecat-bug-1400721.patch"        "285cde398833" "0a1i32zl30wfyw7zkqj595s94n6wdlg5c495m0910pd05pjg3qam")))
       (modules '((guix build utils)))
       (snippet
        '(begin
diff --git a/gnu/packages/graphics.scm b/gnu/packages/graphics.scm
index f84cc27836..2a52c4c697 100644
--- a/gnu/packages/graphics.scm
+++ b/gnu/packages/graphics.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2017 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
+;;; Copyright © 2017 Ben Woodcroft <donttrustben@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -28,6 +29,7 @@
   #:use-module (guix packages)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system cmake)
+  #:use-module (guix build-system python)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (gnu packages)
   #:use-module (gnu packages algebra)
@@ -70,14 +72,14 @@
 (define-public blender
   (package
     (name "blender")
-    (version "2.78a")
+    (version "2.79")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://download.blender.org/source/"
+              (uri (string-append "https://download.blender.org/source/"
                                   "blender-" version ".tar.gz"))
               (sha256
                (base32
-                "1byf1klrvm8fdw2libx7wldz2i6lblp9nih6y58ydh00paqi8jh1"))))
+                "16f84mdzkmwjmqahjj64kbyk4kagdj4mcr8qjazs1952d7kh7pm9"))))
     (build-system cmake-build-system)
     (arguments
      `(;; Test files are very large and not included in the release tarball.
@@ -134,7 +136,7 @@
        ("openal" ,openal)
        ("python" ,python-wrapper)
        ("zlib" ,zlib)))
-    (home-page "http://blender.org/")
+    (home-page "https://blender.org/")
     (synopsis "3D graphics creation suite")
     (description
      "Blender is a 3D graphics creation suite.  It supports the entirety of
@@ -654,3 +656,33 @@ and understanding different BRDFs (and other component functions).")
 It supports sub-pixel resolutions and anti-aliasing.  It is also library for
 rendering SVG graphics.")
     (license license:gpl2+)))
+
+(define-public python-pastel
+  (package
+    (name "python-pastel")
+    (version "0.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "pastel" version))
+       (sha256
+        (base32
+         "1hqbm934n5yjwn31aq8h7shrr0rcy326wrqfc856vyn0gr0sy21i"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-pytest" ,python-pytest)))
+    (home-page "https://github.com/sdispater/pastel")
+    (synopsis "Library to colorize strings in your terminal")
+    (description "Pastel is a simple library to help you colorize strings in
+your terminal.  It comes bundled with predefined styles:
+@enumerate
+@item info: green
+@item comment: yellow
+@item question: black on cyan
+@item error: white on red
+@end enumerate
+")
+    (license license:expat)))
+
+(define-public python2-pastel
+  (package-with-python2 python-pastel))
diff --git a/gnu/packages/gstreamer.scm b/gnu/packages/gstreamer.scm
index 6e43dc9918..bc8f75ba12 100644
--- a/gnu/packages/gstreamer.scm
+++ b/gnu/packages/gstreamer.scm
@@ -98,7 +98,7 @@ arrays of data.")
 (define-public gstreamer
   (package
     (name "gstreamer")
-    (version "1.12.2")
+    (version "1.12.3")
     (source
      (origin
       (method url-fetch)
@@ -107,7 +107,7 @@ arrays of data.")
             version ".tar.xz"))
       (sha256
        (base32
-        "1fllz7n58lavyy4nh64xc7izd4ffhl12a2ff0yg4z67al8wkzplz"))))
+        "0vi1g8rmmsnd630ds3jwv2iph46ll8y07fzf04mz15q88j9g926k"))))
     (build-system gnu-build-system)
     (outputs '("out" "doc"))
     (arguments
@@ -146,7 +146,7 @@ This package provides the core library and elements.")
 (define-public gst-plugins-base
   (package
     (name "gst-plugins-base")
-    (version "1.12.2")
+    (version "1.12.3")
     (source
      (origin
       (method url-fetch)
@@ -154,7 +154,7 @@ This package provides the core library and elements.")
                           name "-" version ".tar.xz"))
       (sha256
        (base32
-        "0x86a7aph0y6gyq178plvwvbbyhkfb3hf0gadx9sk5z1mzixqrsh"))))
+        "19ffwdch7m777ragmwpy6prqmfb742ym1n3ki40s0zyki627plyk"))))
     (build-system gnu-build-system)
     (outputs '("out" "doc"))
     (propagated-inputs
@@ -201,7 +201,7 @@ for the GStreamer multimedia library.")
 (define-public gst-plugins-good
   (package
     (name "gst-plugins-good")
-    (version "1.12.2")
+    (version "1.12.3")
     (source
      (origin
       (method url-fetch)
@@ -210,7 +210,7 @@ for the GStreamer multimedia library.")
             name "-" version ".tar.xz"))
       (sha256
        (base32
-        "15pfw54fsh9s9xwrnbap4z4njwgqdfvq52k562d2hc5b11rfx4am"))))
+        "00sznj1sl97fqpn6j8ngps04clvxp8h8yhw6lvszx4b855wz9rqk"))))
     (build-system gnu-build-system)
     (inputs
      `(("aalib" ,aalib)
@@ -260,14 +260,14 @@ developers consider to have good quality code and correct functionality.")
 (define-public gst-plugins-bad
   (package
     (name "gst-plugins-bad")
-    (version "1.12.2")
+    (version "1.12.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://gstreamer.freedesktop.org/src/"
                                   name "/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0dwyq03g2m0p16dwx8q5qvjn5x9ia72h21sf87mp97gmwkfpwb4w"))))
+                "1v5z3i5ha20gmbb3r9dwsaaspv5fm1jfzlzwlzqx1gjj31v5kl1n"))))
     (outputs '("out" "doc"))
     (build-system gnu-build-system)
     (arguments
@@ -345,7 +345,7 @@ par compared to the rest.")
 (define-public gst-plugins-ugly
   (package
     (name "gst-plugins-ugly")
-    (version "1.12.2")
+    (version "1.12.3")
     (source
      (origin
        (method url-fetch)
@@ -353,7 +353,7 @@ par compared to the rest.")
                            name "/" name "-" version ".tar.xz"))
        (sha256
         (base32
-         "0rplyp1qk359c97ig9i2vc1v34g92khd8dslwfipva1ypwmr9hqw"))))
+         "0lh00rg26iy5lr5al23lxsyncjqkgzph1bzkrgp8x9sfr62ab378"))))
     (build-system gnu-build-system)
     (inputs
      `(("gst-plugins-base" ,gst-plugins-base)
@@ -384,7 +384,7 @@ distribution problems in some jurisdictions, e.g. due to patent threats.")
 (define-public gst-libav
   (package
     (name "gst-libav")
-    (version "1.12.2")
+    (version "1.12.3")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -392,7 +392,7 @@ distribution problems in some jurisdictions, e.g. due to patent threats.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1crdahkjm23byg1awcrjkmgfbalfpvvac7h7whm6b2r1pfwkbdsv"))))
+                "0l4nc6ikdx49l7bdrk3bd9p3pzry8a328r22zg48gyzpnv5ghph1"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--with-system-libav")
@@ -422,7 +422,7 @@ compression formats through the use of the libav library.")
 (define-public python-gst
   (package
     (name "python-gst")
-    (version "1.12.2")
+    (version "1.12.3")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -430,7 +430,7 @@ compression formats through the use of the libav library.")
                     "gst-python-" version ".tar.xz"))
               (sha256
                (base32
-                "0iwy0v2k27wd3957ich6j5f0f04b0wb2mb175ypf2lx68snk5k7l"))))
+                "19rb06x2m7103zwfm0plxx95gb8bp01ng04h4q9k6ii9q7g2kxf3"))))
     (build-system gnu-build-system)
     (arguments
      ;; XXX: Factorize python-sitedir with python-build-system.
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index e942f51719..d7c18f90e1 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -11,7 +11,7 @@
 ;;; Coypright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Fabian Harfert <fhmgufs@web.de>
-;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2016 Patrick Hetu <patrick.hetu@auf.org>
 ;;; Coypright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Coypright © 2017 Roel Janssen <roel@gnu.org>
@@ -379,7 +379,7 @@ printing and other features typical of a source code editor.")
 (define-public gtksourceview
  (package
    (name "gtksourceview")
-   (version "3.24.2")
+   (version "3.24.4")
    (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnome/sources/" name "/"
@@ -387,7 +387,7 @@ printing and other features typical of a source code editor.")
                                  name "-" version ".tar.xz"))
              (sha256
               (base32
-               "17xqrnh2v9gba57ij2m9kngxwh19fzsqkx1rfasnv4zaqvqqhv69"))))
+               "14x738xrz9q8qz13xd7dys748ryxyq2srbqyaa9r7n47h2av2zr0"))))
    (build-system gnu-build-system)
    (arguments
     '(#:phases
@@ -427,6 +427,7 @@ highlighting and other features typical of a source code editor.")
 (define-public gdk-pixbuf
   (package
    (name "gdk-pixbuf")
+   (replacement gdk-pixbuf-2.36.10)
    (version "2.36.6")
    (source (origin
             (method url-fetch)
@@ -483,6 +484,7 @@ in the GNOME project.")
 (define-public gdk-pixbuf+svg
   (package (inherit gdk-pixbuf)
     (name "gdk-pixbuf+svg")
+    (replacement gdk-pixbuf+svg-2.36.10)
     (inputs
      `(("librsvg" ,librsvg)
        ,@(package-inputs gdk-pixbuf)))
@@ -506,6 +508,26 @@ in the GNOME project.")
     (synopsis
      "GNOME image loading and manipulation library, with SVG support")))
 
+;; Graft replacement packages to fix these vulnerabilities.
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2862
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2870
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6311
+(define-public gdk-pixbuf-2.36.10
+  (package (inherit gdk-pixbuf)
+           (version "2.36.A")
+           (source (origin
+                     (method url-fetch)
+                     (uri (string-append "mirror://gnome/sources/gdk-pixbuf/2.36/"
+                                         "gdk-pixbuf-2.36.10.tar.xz"))
+                     (sha256
+                      (base32
+                       "1klsjkdbashd8yb8xjsc9ff3bz32n2id5s79nrrmqiw9df4zmxpq"))))))
+
+(define-public gdk-pixbuf+svg-2.36.10
+  (package (inherit gdk-pixbuf+svg)
+           (version "2.36.A")
+           (source (origin (inherit (package-source gdk-pixbuf-2.36.10))))))
+
 (define-public at-spi2-core
   (package
    (name "at-spi2-core")
@@ -838,7 +860,7 @@ exceptions, macros, and a dynamic programming environment.")
       (build-system gnu-build-system)
       (arguments
        `(#:phases (modify-phases %standard-phases
-                    (add-before 'configure 'bootstrap
+                    (add-after 'unpack 'bootstrap
                       (lambda _
                         (zero? (system* "autoreconf" "-vfi")))))))
       (native-inputs `(("pkg-config" ,pkg-config)
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index 6dacc472a8..0bcc524ed7 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -365,7 +365,7 @@ AM_SCM_LOG_FLAGS =  --no-auto-compile -s")
                  ;; reasons.  It does not fail when run outside of Guix.
                  (("tests/database.scm") ""))
                #t))
-           (add-before 'configure 'autogen
+           (add-after 'fix-bug-22 'autogen
              (lambda _
                (zero? (system* "sh" "autogen.sh")))))))
       (inputs
@@ -654,12 +654,12 @@ format is also supported.")
     (build-system gnu-build-system)
     (arguments
      '(#:phases (modify-phases %standard-phases
-                  (add-before 'configure 'autoreconf
-                              (lambda _
-                                ;; Repository comes with a broken symlink
-                                (delete-file "README")
-                                (symlink "README.org" "README")
-                                (zero? (system* "autoreconf" "-fi")))))))
+                  (add-after 'unpack 'autoreconf
+                    (lambda _
+                      ;; Repository comes with a broken symlink
+                      (delete-file "README")
+                      (symlink "README.org" "README")
+                      (zero? (system* "autoreconf" "-fi")))))))
     (native-inputs
      `(("autoconf" ,(autoconf-wrapper))
        ("automake" ,automake)
@@ -1126,7 +1126,7 @@ Guile's foreign function interface.")
          ("sqlite" ,sqlite)))
       (arguments
        '(#:phases (modify-phases %standard-phases
-                    (add-before 'configure 'autoreconf
+                    (add-after 'unpack 'autoreconf
                       (lambda _
                         (zero? (system* "autoreconf" "-vfi"))))
                     (add-before 'build 'set-sqlite3-file-name
diff --git a/gnu/packages/haskell.scm b/gnu/packages/haskell.scm
index 4f9e90e552..7e879f4ad5 100644
--- a/gnu/packages/haskell.scm
+++ b/gnu/packages/haskell.scm
@@ -36,6 +36,7 @@
   #:use-module (gnu packages ghostscript)
   #:use-module (gnu packages gl)
   #:use-module (gnu packages libffi)
+  #:use-module (gnu packages lisp)
   #:use-module (gnu packages lua)
   #:use-module (gnu packages maths)
   #:use-module (gnu packages multiprecision)
@@ -56,6 +57,45 @@
   #:use-module (guix utils)
   #:use-module (ice-9 regex))
 
+(define-public cl-yale-haskell
+  (let ((commit "85f94c72a16c5f70301dd8db04cde9de2d7dd270")
+        (revision "1"))
+    (package
+      (name "cl-yale-haskell")
+      (version (string-append "2.0.5-" revision "." (string-take commit 9)))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "http://git.elephly.net/software/yale-haskell.git")
+                      (commit commit)))
+                (file-name (string-append "yale-haskell-" commit "-checkout"))
+                (sha256
+                 (base32
+                  "0bal3m6ryrjamz5p93bhs9rp5msk8k7lpcqr44wd7xs9b9k8w74g"))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:tests? #f                    ; no tests
+         ;; Stripping binaries leads to a broken executable lisp system image.
+         #:strip-binaries? #f
+         #:make-flags
+         (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
+         #:phases
+         (modify-phases %standard-phases
+           (replace 'configure
+             (lambda _
+               (setenv "PRELUDE" "./progs/prelude")
+               (setenv "HASKELL_LIBRARY" "./progs/lib")
+               (setenv "PRELUDEBIN" "./progs/prelude/clisp")
+               (setenv "HASKELLPROG" "./bin/clisp-haskell")
+               #t)))))
+      (inputs
+       `(("clisp" ,clisp)))
+      (home-page "http://git.elephly.net/software/yale-haskell.git")
+      (synopsis "Port of the Yale Haskell system to CLISP")
+      (description "This package provides the Yale Haskell system running on
+top of CLISP.")
+      (license license:bsd-4))))
+
 (define ghc-bootstrap-x86_64-7.8.4
   (origin
     (method url-fetch)
diff --git a/gnu/packages/hexedit.scm b/gnu/packages/hexedit.scm
index 8ddc0ffd4f..88dbfb234d 100644
--- a/gnu/packages/hexedit.scm
+++ b/gnu/packages/hexedit.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2017 Gábor Boskovits <boskovits@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
diff --git a/gnu/packages/ibus.scm b/gnu/packages/ibus.scm
index 2200b6663d..a74c321a5e 100644
--- a/gnu/packages/ibus.scm
+++ b/gnu/packages/ibus.scm
@@ -135,7 +135,7 @@ may also simplify input method development.")
 (define-public ibus-libpinyin
   (package
    (name "ibus-libpinyin")
-   (version "1.9.0")
+   (version "1.9.2")
    (source (origin
              (method url-fetch)
              (uri (string-append "https://github.com/libpinyin/"
@@ -143,15 +143,15 @@ may also simplify input method development.")
              (file-name (string-append name "-" version ".tar.gz"))
              (sha256
               (base32
-               "0gly314z6zn2fv52jw0764k66ry97llk009bk1q1iwf6rr829v68"))))
+               "0wpgs0m62l4zlis9f11b7xknhgnw2xw485nc2xrzk880s17pp1mr"))))
    (build-system glib-or-gtk-build-system)
    (arguments
-     `(#:phases
-       (modify-phases %standard-phases
-         (add-before 'configure 'autogen
+    `(#:phases
+      (modify-phases %standard-phases
+        (add-after 'unpack 'autogen
           (lambda _ (and (zero? (system* "intltoolize"))
                          (zero? (system* "autoreconf" "-vif")))))
-         (add-after 'wrap-program 'wrap-with-additional-paths
+        (add-after 'wrap-program 'wrap-with-additional-paths
           (lambda* (#:key inputs outputs #:allow-other-keys)
             ;; Make sure 'ibus-setup-libpinyin' runs with the correct
             ;; PYTHONPATH and GI_TYPELIB_PATH.
@@ -170,8 +170,8 @@ may also simplify input method development.")
       ("libpinyin" ,libpinyin)
       ("bdb" ,bdb)
       ("sqlite" ,sqlite)
-      ("python" ,python-2)
-      ("pyxdg" ,python2-pyxdg)
+      ("python" ,python)
+      ("pyxdg" ,python-pyxdg)
       ("gtk+" ,gtk+)))
    (native-inputs
     `(("pkg-config" ,pkg-config)
@@ -190,7 +190,7 @@ ZhuYin (Bopomofo) input method based on libpinyin for IBus.")
 (define-public libpinyin
   (package
     (name "libpinyin")
-    (version "2.0.0")
+    (version "2.1.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -199,7 +199,7 @@ ZhuYin (Bopomofo) input method based on libpinyin for IBus.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "17fibx9psrxfiznm4yw8klgbnh3ksyisx0pm1n59kxkrq61v8y0b"))))
+                "1iijpin65cmgawfx7sfdw1anmabljva0af1f9gx8ad6b4slhvknn"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/image-viewers.scm b/gnu/packages/image-viewers.scm
index f82d4baf24..dfb68488ee 100644
--- a/gnu/packages/image-viewers.scm
+++ b/gnu/packages/image-viewers.scm
@@ -54,7 +54,7 @@
 (define-public feh
   (package
     (name "feh")
-    (version "2.19.3")
+    (version "2.20")
     (home-page "https://feh.finalrewind.org/")
     (source (origin
               (method url-fetch)
@@ -62,7 +62,7 @@
                                   name "-" version ".tar.bz2"))
               (sha256
                (base32
-                "1l3yvv0l0ggwlfyhk84p2g9mrqvzqrg1fgalf88kzppvb9jppjay"))))
+                "02vhdv16nf4kjna4inpbfy4k3p40bhl7xpc4kh4xvily14146l2b"))))
     (build-system gnu-build-system)
     (arguments
       '(#:phases (alist-delete 'configure %standard-phases)
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 94c683aa9e..e525c75693 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -13,7 +13,7 @@
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2016 Arun Isaac <arunisaac@systemreboot.net>
-;;; Copyright © 2016, 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016, 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2017 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
@@ -520,7 +520,12 @@ work.")
         (sha256
          (base32
           "0yvfghxwfm3dcqr9krkw63pcd76hzkknc3fh7bh11s8qlvjvrpbg"))
-        (patches (search-patches "openjpeg-CVE-2017-12982.patch"))))
+        (patches (search-patches "openjpeg-CVE-2017-12982.patch"
+                                 "openjpeg-CVE-2017-14040.patch"
+                                 "openjpeg-CVE-2017-14041.patch"
+                                 "openjpeg-CVE-2017-14151.patch"
+                                 "openjpeg-CVE-2017-14152.patch"
+                                 "openjpeg-CVE-2017-14164.patch"))))
     (build-system cmake-build-system)
     (arguments
       ;; Trying to run `$ make check' results in a no rule fault.
@@ -868,7 +873,7 @@ channels.")
                                        version ".tar.gz")))
              (sha256
               (base32
-               "1hsdzlzgkipprqh93yj81mrckl2l7c2mn2i84691pallnjz5qqhc"))))
+               "1yza317qxd8yshvqnay164imm0ks7cvij8y8j86p1gqi1153qpn7"))))
     (build-system gnu-build-system)
     (arguments '(#:tests? #f))                    ; no `check' target
     (propagated-inputs
@@ -929,7 +934,7 @@ convert, manipulate, filter and display a wide variety of image formats.")
 (define-public jasper
   (package
     (name "jasper")
-    (version "2.0.13")
+    (version "2.0.14")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/mdadams/jasper/archive/"
@@ -937,7 +942,7 @@ convert, manipulate, filter and display a wide variety of image formats.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "090cyqcvqp4y12nc57gvcbrk3ap1rnnixd4qj90sx0pw3fs1615m"))))
+                "0yx9y5y0g6jv142vnqp50j3k8k5yqznz3smrblv192wgfbm6w9l5"))))
     (build-system cmake-build-system)
     (inputs `(("libjpeg" ,libjpeg)))
     (synopsis "JPEG-2000 library")
diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm
index 4056d486fb..7599f87311 100644
--- a/gnu/packages/imagemagick.scm
+++ b/gnu/packages/imagemagick.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -45,14 +46,14 @@
     ;; The 7 release series has an incompatible API, while the 6 series is still
     ;; maintained. Don't update to 7 until we've made sure that the ImageMagick
     ;; users are ready for the 7-series API.
-    (version "6.9.9-9")
+    (version "6.9.9-15")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://imagemagick/ImageMagick-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "0p7jz55zry5r1lv34ymx536fqymvy3iwzwy0kvj53mlmsaad7vjr"))))
+               "0bxgdc1qiyvag6a2iiqcbwp4ak0m1mzi9qhs51fbrvv6syy12m6c"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags '("--with-frozenpaths" "--without-gcc-arch")
@@ -177,9 +178,14 @@ script.")
                (base32
                 "122zgs96dqrys62mnh8x5yvfff6km4d3yrnvaxzg3mg5sprib87v"))
               (patches
-               (search-patches "graphicsmagick-CVE-2017-12935.patch"
+               (search-patches "graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch"
+                               "graphicsmagick-CVE-2017-12935.patch"
                                "graphicsmagick-CVE-2017-12936.patch"
-                               "graphicsmagick-CVE-2017-12937.patch"))))
+                               "graphicsmagick-CVE-2017-12937.patch"
+                               "graphicsmagick-CVE-2017-13775.patch"
+                               "graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch"
+                               "graphicsmagick-CVE-2017-14042.patch"
+                               "graphicsmagick-CVE-2017-14165.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
diff --git a/gnu/packages/irc.scm b/gnu/packages/irc.scm
index 0f68cc532a..552349247f 100644
--- a/gnu/packages/irc.scm
+++ b/gnu/packages/irc.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2013 Cyril Roelandt <tipecaml@gmail.com>
 ;;; Copyright © 2014 Kevin Lemonnier <lemonnierk@ulrar.net>
 ;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 ng0 <ng0@libertad.pw>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
@@ -69,26 +69,33 @@
         (patches (search-patches "quassel-fix-tls-check.patch"))
         (sha256
          (base32
-          "0ka456fb8ha3w7g74xlzfg6w4azxjjxgrhl4aqpbwg3lnd6fbr4k"))))
+          "0ka456fb8ha3w7g74xlzfg6w4azxjjxgrhl4aqpbwg3lnd6fbr4k"))
+        (modules '((guix build utils)))
+        ;; We don't want to install the bundles scripts
+        (snippet
+         '(begin
+            (delete-file-recursively "data/scripts")
+            (substitute* "data/CMakeLists.txt"
+              (("NOT WIN32") "WIN32"))))))
     (build-system cmake-build-system)
     (arguments
       ;; The three binaries are not mutually exlusive, and are all built
       ;; by default.
-     `(#:configure-flags '(;;"-DWANT_QTCLIENT=OFF" ; 5.0 MiB
-                           ;;"-DWANT_CORE=OFF" ; 2.3 MiB
-                           ;;"-DWANT_MONO=OFF" ; 6.3 MiB
+     '(#:configure-flags '(;;"-DWANT_QTCLIENT=OFF" ; 5.2 MiB
+                           ;;"-DWANT_CORE=OFF" ; 2.4 MiB
+                           ;;"-DWANT_MONO=OFF" ; 6.4 MiB
                            "-DUSE_QT5=ON" ; default is qt4
-                           "-DWITH_KDE=OFF" ; no to integration
-                           "-DWITH_OXYGEN=ON" ; on=embed icons
+                           "-DWITH_KDE=OFF" ; no to kde integration ...
+                           "-DWITH_OXYGEN=ON" ; therefore we install bundled icons
                            "-DWITH_WEBKIT=OFF") ; qtwebkit isn't packaged
        #:tests? #f)) ; no test target
-    (native-inputs `(("pkg-config" ,pkg-config)))
-    (inputs
+    (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
-       ("oxygen-icons" ,oxygen-icons)
-       ("qca" ,qca)
+       ("pkg-config" ,pkg-config)
+       ("qttools" ,qttools)))
+    (inputs
+     `(("qca" ,qca)
        ("qtbase", qtbase)
-       ("qttools" ,qttools)
        ("qtscript" ,qtscript)
        ("snorenotify" ,snorenotify)
        ("zlib" ,zlib)))
@@ -143,46 +150,32 @@ SILC and ICB protocols via plugins.")
 (define-public weechat
   (package
     (name "weechat")
-    (version "1.9")
+    (version "1.9.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://weechat.org/files/src/weechat-"
                                   version ".tar.xz"))
               (sha256
                (base32
-                "1zvxz98krq98y7jh3yrjbardg3yxp6y2031rvb7rp5ssk8lyp1fc"))
+                "1z92hprvgp128svfbr25x8j9kd114j9929bzbqasrcd92v31z6f2"))
               (patches (search-patches "weechat-python.patch"))))
-    (build-system gnu-build-system)
-    (native-inputs `(("autoconf" ,autoconf)
-                     ("pkg-config" ,pkg-config)
-                     ("file" ,file)
-                     ("autogen" ,autogen)
-                     ("automake" ,automake)
-                     ("libtool" ,libtool)))
+    (build-system cmake-build-system)
+    (native-inputs `(("gettext" ,gettext-minimal)
+                     ("pkg-config" ,pkg-config)))
     (inputs `(("ncurses" ,ncurses)
-              ("diffutils" ,diffutils)
-              ("gettext" ,gettext-minimal)
-              ("libltdl" ,libltdl)
               ("libgcrypt" ,libgcrypt "out")
               ("zlib" ,zlib)
               ("aspell" ,aspell)
               ("curl" ,curl)
               ("gnutls" ,gnutls)
               ("guile" ,guile-2.0)
-              ("openssl" ,openssl)
-              ("cyrus-sasl" ,cyrus-sasl)
               ("lua" ,lua-5.1)
               ("python" ,python-2)
               ("perl" ,perl)
               ("tcl" ,tcl)))
     (arguments
-     `(#:configure-flags (list (string-append
-                                "--with-tclconfig="
-                                (assoc-ref %build-inputs "tcl") "/lib"))
+     `(#:tests? #f ; tests require cpputime
        #:phases (modify-phases %standard-phases
-                  (add-before 'configure 'autogen
-                    (lambda _
-                      (zero? (system* "./autogen.sh"))))
                   (add-after 'install 'wrap
                     (lambda* (#:key inputs outputs #:allow-other-keys)
                       (let ((out (assoc-ref outputs "out"))
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index 947598c7b3..806f13ab89 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -685,7 +685,7 @@ the standard javac executable.  The tool runs on JamVM instead of SableVM.")))
                "--disable-gjdoc")
          #:phases
          (modify-phases %standard-phases
-           (add-before 'configure 'bootstrap
+           (add-after 'unpack 'bootstrap
              (lambda _
                (zero? (system* "autoreconf" "-vif"))))
            (add-after 'unpack 'remove-unsupported-annotations
@@ -1628,6 +1628,10 @@ IcedTea build harness.")
                    (copy-recursively "openjdk.build/docs" doc)
                    (copy-recursively "openjdk.build/images/j2re-image" jre)
                    (copy-recursively "openjdk.build/images/j2sdk-image" jdk)
+                   ;; Install the nss.cfg file to JRE to enable SSL/TLS
+                   ;; support via NSS.
+                   (copy-file (string-append jdk "/jre/lib/security/nss.cfg")
+                              (string-append jre "/lib/security/nss.cfg"))
                    #t)))))))
       (native-inputs
        `(("jdk" ,icedtea-7 "jdk")
@@ -4171,12 +4175,26 @@ more efficient storage-wise than an uncompressed bitmap (as implemented in the
                   #t))))
     (build-system ant-build-system)
     (arguments
-     ;; FIXME: org.slf4j.NoBindingTest fails with the ominous "This code
-     ;; should have never made it into slf4j-api.jar".
-     `(#:tests? #f
-       #:jar-name "slf4j-api.jar"
+     `(#:jar-name "slf4j-api.jar"
        #:source-dir "slf4j-api/src/main"
-       #:test-dir "slf4j-api/src/test"))
+       #:test-dir "slf4j-api/src/test"
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'build 'regenerate-jar
+           (lambda _
+             ;; pom.xml ignores these files in the jar creation process. If we don't,
+             ;; we get the error "This code should have never made it into slf4j-api.jar"
+             (delete-file-recursively "build/classes/org/slf4j/impl")
+             (zero? (system* "jar" "-cf" "build/jar/slf4j-api.jar" "-C"
+                             "build/classes" "."))))
+         (add-before 'check 'dont-test-abstract-classes
+           (lambda _
+             ;; abstract classes are not meant to be run with junit
+             (substitute* "build.xml"
+               (("<include name=\"\\*\\*/\\*Test.java\" />")
+                (string-append "<include name=\"**/*Test.java\" />"
+                               "<exclude name=\"**/MultithreadedInitializationTest"
+                               ".java\" />"))))))))
     (inputs
      `(("java-junit" ,java-junit)
        ("java-hamcrest-core" ,java-hamcrest-core)))
diff --git a/gnu/packages/javascript.scm b/gnu/packages/javascript.scm
index 85017453ff..2d1f6acfb9 100644
--- a/gnu/packages/javascript.scm
+++ b/gnu/packages/javascript.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -32,7 +33,7 @@
 (define-public font-mathjax
   (package
     (name "font-mathjax")
-    (version "2.7.1")
+    (version "2.7.2")
     (source
      (origin
        (method url-fetch)
@@ -42,7 +43,7 @@
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "0sbib5lk0jrvbq6s72ag6ss3wjlz5wnk07ddxij1kp96yg3c1d1b"))))
+         "1r72di4pg4i6pfhcskkxqmf1158m81ki6a7lbw6nz4zh7xw23hy4"))))
     (build-system trivial-build-system)
     (arguments
      `(#:modules ((guix build utils))
@@ -59,7 +60,8 @@
            (mkdir-p install-directory)
            (zero? (system* "tar" "-C" install-directory "-xvf"
                            (assoc-ref %build-inputs "source")
-                           "MathJax-2.7.1/fonts" "--strip" "2"))))))
+                           ,(string-append "MathJax-" version "/fonts")
+                           "--strip" "2"))))))
     (native-inputs
      `(("gzip" ,gzip)
        ("tar" ,tar)))
@@ -91,7 +93,9 @@
          (setenv "LANG" "en_US.UTF-8")
          (let ((install-directory (string-append %output "/share/javascript/mathjax")))
            (system* "tar" "xvf" (assoc-ref %build-inputs "source")
-                    "MathJax-2.7.1/unpacked" "--strip" "2")
+                    ,(string-append "MathJax-" (package-version font-mathjax)
+                                    "/unpacked")
+                    "--strip" "2")
            (mkdir-p install-directory)
            (symlink (string-append (assoc-ref %build-inputs "font-mathjax")
                                    "/share/fonts/mathjax")
diff --git a/gnu/packages/jemalloc.scm b/gnu/packages/jemalloc.scm
index 27fb46e59d..a3bd2c93a4 100644
--- a/gnu/packages/jemalloc.scm
+++ b/gnu/packages/jemalloc.scm
@@ -23,14 +23,13 @@
   #:use-module ((guix licenses) #:select (bsd-2))
   #:use-module (guix packages)
   #:use-module (guix download)
-  #:use-module (gnu packages base)
-  #:use-module (gnu packages gcc)
+  #:use-module (gnu packages perl)
   #:use-module (guix build-system gnu))
 
 (define-public jemalloc
   (package
     (name "jemalloc")
-    (version "4.5.0")
+    (version "5.0.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -38,7 +37,7 @@
                     version "/jemalloc-" version ".tar.bz2"))
               (sha256
                (base32
-                "10373xhpc10pgmai9fkc1z0rs029qlcb3c0qfnvkbwdlcibdh2cl"))))
+                "1sf3lzgb0y8nnyzmp4zrca3sngdxw3kfh20sna9z03jv74fph528"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -56,6 +55,7 @@
            ;; Transparent huge pages are only enabled by default on Intel processors
            '()
            '(#:configure-flags (list "--disable-thp")))))
+    (inputs `(("perl" ,perl)))
     (home-page "http://jemalloc.net/")
     (synopsis "General-purpose scalable concurrent malloc implementation")
     (description
diff --git a/gnu/packages/kde-frameworks.scm b/gnu/packages/kde-frameworks.scm
index 292b537a12..58bc742365 100644
--- a/gnu/packages/kde-frameworks.scm
+++ b/gnu/packages/kde-frameworks.scm
@@ -29,6 +29,7 @@
   #:use-module (gnu packages)
   #:use-module (gnu packages acl)
   #:use-module (gnu packages admin)
+  #:use-module (gnu packages aidc)
   #:use-module (gnu packages attr)
   #:use-module (gnu packages base)
   #:use-module (gnu packages boost)
@@ -1209,6 +1210,31 @@ querying and interacting with hardware independently of the underlying operating
 system.")
     (license license:lgpl2.1+)))
 
+(define-public prison
+  (package
+    (name "prison")
+    (version "5.34.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://kde/stable/frameworks/"
+                           (version-major+minor version) "/"
+                           name "-" version ".tar.xz"))
+       (sha256
+        (base32 "00wj4yyfhhcq9b54civ5hy1grz70mmi676x50y12crcbbgkxm1lx"))))
+    (build-system cmake-build-system)
+    (native-inputs
+     `(("extra-cmake-modules" ,extra-cmake-modules)))
+    (inputs
+     `(("libdmtx", libdmtx)
+       ("qrencode" ,qrencode)
+       ("qtbase" ,qtbase))) ;; TODO: rethink: nix propagates this
+    (home-page "https://api.kde.org/frameworks/prison/html/index.html")
+    (synopsis "Barcode generation abstraction layer")
+    (description "Prison is a Qt-based barcode abstraction layer/library and
+provides uniform access to generation of barcodes with data.")
+    (license license:lgpl2.1+)))
+
 (define-public sonnet
   (package
     (name "sonnet")
diff --git a/gnu/packages/kde.scm b/gnu/packages/kde.scm
index 2e46a3c924..91a7b6208c 100644
--- a/gnu/packages/kde.scm
+++ b/gnu/packages/kde.scm
@@ -39,7 +39,7 @@
 (define-public kdevelop
   (package
     (name "kdevelop")
-    (version "5.1.1")
+    (version "5.1.2")
     (source
       (origin
         (method url-fetch)
@@ -48,7 +48,7 @@
                             version ".tar.xz"))
         (sha256
          (base32
-          "0m6pnmylp1gij5cr75waz8hjry5894qillj5977h467hnbzs808a"))))
+          "1iqaq0ilijjigqb34v5wq9in6bnjs0p9cmgbygjmy53xhh3yhm5g"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -151,7 +151,7 @@ for some KDevelop language plugins (Ruby, PHP, CSS...).")
 (define-public kdevplatform
   (package
     (name "kdevplatform")
-    (version "5.1.1")
+    (version "5.1.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://kde/stable/kdevelop"
@@ -159,7 +159,7 @@ for some KDevelop language plugins (Ruby, PHP, CSS...).")
                                   version ".tar.xz"))
               (sha256
                (base32
-                "09p7lvniw55g6x8v8wl3azlps8c13yx03x1m9cd3qdxi282l8n9i"))))
+                "0jk6g1kiqpyjy8pca0236b9944gxqnymqv8ny6m8nrraannxs8p6"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
diff --git a/gnu/packages/ldc.scm b/gnu/packages/ldc.scm
index 25fcb514d0..d2aee9c7c0 100644
--- a/gnu/packages/ldc.scm
+++ b/gnu/packages/ldc.scm
@@ -279,7 +279,7 @@ latest DMD frontend and uses LLVM as backend.")
 (define-public dub
   (package
     (name "dub")
-    (version "1.4.1")
+    (version "1.5.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/dlang/dub/archive/"
@@ -287,7 +287,7 @@ latest DMD frontend and uses LLVM as backend.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0hpl5srbrzwzv8abc96j4cgbmvm1zhr109ljbl7hrphzzc39zyan"))))
+                "1p9pmzjsmd7v3jpilv0z0c8ar1ykvri6nn5fv95f8d2vriczj29m"))))
    (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; it would have tested itself by installing some packages (vibe etc)
diff --git a/gnu/packages/libffcall.scm b/gnu/packages/libffcall.scm
index a8b4135caf..84fd1a833f 100644
--- a/gnu/packages/libffcall.scm
+++ b/gnu/packages/libffcall.scm
@@ -27,7 +27,7 @@
 (define-public libffcall
    (package
     (name "libffcall")
-    (version "1.13")
+    (version "2.0")
     (source
      (origin
        (method url-fetch)
@@ -35,7 +35,7 @@
              "mirror://gnu/libffcall/libffcall-" version ".tar.gz"))
        (sha256
         (base32
-         "1rxwkfr0p7vdv6q6x8nmn13611nsq0lnk9cspqdpzxdvgmqcw1qp"))))
+         "0v0rh3vawb8z5q40fs3kr2f9zp06n2fq4rr2ww4562nr96sd5aj1"))))
     (build-system gnu-build-system)
     (arguments `(#:parallel-build? #f))
     (synopsis "Foreign function calls from interpreters")
diff --git a/gnu/packages/libidn.scm b/gnu/packages/libidn.scm
index afd0b8dfe9..ff0c05bad0 100644
--- a/gnu/packages/libidn.scm
+++ b/gnu/packages/libidn.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2012 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017 Mark H Weaver <mhw@netris.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
diff --git a/gnu/packages/libreoffice.scm b/gnu/packages/libreoffice.scm
index cca222b1f8..77c9ae108f 100644
--- a/gnu/packages/libreoffice.scm
+++ b/gnu/packages/libreoffice.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Andy Wingo <wingo@igalia.com>
+;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -24,12 +25,14 @@
 
 (define-module (gnu packages libreoffice)
   #:use-module (guix build-system gnu)
+  #:use-module (guix build-system trivial)
   #:use-module (guix download)
   #:use-module ((guix licenses)
                 #:select (gpl2+ lgpl2.1+ lgpl3+ mpl1.1 mpl2.0
                           non-copyleft x11-style))
   #:use-module (guix packages)
   #:use-module (guix utils)
+  #:use-module (ice-9 match)
   #:use-module (gnu packages)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages base)
@@ -364,8 +367,8 @@ CorelDRAW documents of all versions.")
     (arguments
      `(#:configure-flags '("--with-mdds=1.2")
        #:phases (modify-phases %standard-phases
-                  (add-before 'configure 'autoreconf
-                              (lambda _ (system* "autoreconf"))))))
+                  (add-after 'unpack 'autoreconf
+                    (lambda _ (system* "autoreconf"))))))
     (native-inputs
      `(("cppunit" ,cppunit)
        ("doxygen" ,doxygen)
@@ -719,6 +722,9 @@ Zoner Draw version 4 and 5.")
          (add-after 'unpack 'bootstrap
            (lambda _
              (zero? (system* "autoreconf" "-vfi")))))))
+    (native-search-paths (list (search-path-specification
+                                (variable "DICPATH")
+                                (files '("share/hunspell")))))
     (home-page "https://hunspell.github.io/")
     (synopsis "Spell checker")
     (description "Hunspell is a spell checker and morphological analyzer
@@ -727,6 +733,78 @@ word compounding or character encoding.")
     ;; Triple license, including "mpl1.1 or later".
     (license (list mpl1.1 gpl2+ lgpl2.1+))))
 
+(define (dicollecte-french-dictionary variant synopsis)
+  ;; Return a French dictionary package from dicollecte.org, for the given
+  ;; VARIANT.
+  (package
+    (name (match variant
+            ("classique" "hunspell-dict-fr")
+            (_ (string-append "hunspell-dict-fr-" variant))))
+    (version "6.1")
+    (source (origin
+              (uri (string-append
+                    "http://www.dicollecte.org/download/fr/hunspell-french-dictionaries-v"
+                    version ".zip"))
+              (method url-fetch)
+              (sha256
+               (base32
+                "0w2hzh36wj3lsj2yd4mh7z7547dg452sywj79vnzx27csclwqshc"))))
+    (build-system trivial-build-system)
+    (native-inputs `(("unzip" ,unzip)))
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder (begin
+                   (use-modules (guix build utils)
+                                (srfi srfi-26))
+
+                   (let* ((out      (assoc-ref %outputs "out"))
+                          (hunspell (string-append out "/share/hunspell"))
+                          (myspell  (string-append out "/share/myspell"))
+                          (doc      (string-append out "/share/doc/"
+                                                   ,name))
+                          (unzip    (assoc-ref %build-inputs "unzip")))
+                     (system* (string-append unzip "/bin/unzip")
+                              (assoc-ref %build-inputs "source"))
+                     (for-each (cut install-file <> hunspell)
+                               (find-files "."
+                                           ,(string-append variant
+                                                           "\\.(dic|aff)$")))
+                     (mkdir-p myspell)
+                     (symlink hunspell (string-append myspell "/dicts"))
+                     (for-each (cut install-file <> doc)
+                               (find-files "." "\\.(txt|org|md)$"))
+                     #t))))
+    (synopsis synopsis)
+    (description
+     "This package provides a dictionary for the Hunspell spell-checking
+library.")
+    (home-page "https://www.dicollecte.org/home.php?prj=fr")
+    (license mpl2.0)))
+
+(define-syntax define-french-dictionary
+  (syntax-rules (synopsis)
+    ((_ name variant (synopsis text))
+     (define-public name
+       (dicollecte-french-dictionary variant text)))))
+
+(define-french-dictionary hunspell-dict-fr-classique
+  "classique"
+  ;; TRANSLATORS: In French, this is "Français classique".
+  (synopsis "Hunspell dictionary for ``classic'' French (recommended)"))
+
+(define-french-dictionary hunspell-dict-fr-moderne
+  "moderne"
+  ;; TRANSLATORS: In French, this is "Français moderne".
+  (synopsis "Hunspell dictionary for ``modern'' French"))
+
+(define-french-dictionary hunspell-dict-fr-réforme-1990
+  "reforme1990"
+  (synopsis "Hunspell dictionary for the post @dfn{1990 réforme} French"))
+
+(define-french-dictionary hunspell-dict-fr-toutes-variantes
+  "toutesvariantes"
+  (synopsis "Hunspell dictionary for all variants of French"))
+
 (define-public hyphen
   (package
     (name "hyphen")
@@ -789,7 +867,7 @@ and to return information on pronunciations, meanings and synonyms.")
 (define-public libreoffice
   (package
     (name "libreoffice")
-    (version "5.3.5.2")
+    (version "5.3.6.1")
     (source
      (origin
       (method url-fetch)
@@ -798,7 +876,7 @@ and to return information on pronunciations, meanings and synonyms.")
           "http://download.documentfoundation.org/libreoffice/src/"
           (version-prefix version 3) "/libreoffice-" version ".tar.xz"))
       (sha256 (base32
-               "1sknmb9bhm8mxyfycqbwng1jqs4avyp1ffcla7dhlpwqs1aqxvx5"))))
+               "023a7hr7v5cf0ipga4ijhyl58ncgbjrp500qq5fwf65j8g2c3apz"))))
     (build-system gnu-build-system)
     (native-inputs
      `(;; autoreconf is run by the LibreOffice build system, since after
diff --git a/gnu/packages/libunwind.scm b/gnu/packages/libunwind.scm
index cda83b2bc0..e747d37787 100644
--- a/gnu/packages/libunwind.scm
+++ b/gnu/packages/libunwind.scm
@@ -27,18 +27,18 @@
 (define-public libunwind
   (package
     (name "libunwind")
-    (version "1.1")
+    (version "1.2.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://savannah/libunwind/libunwind-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "16nhx2pahh9d62mvszc88q226q5lwjankij276fxwrm8wb50zzlx"))
-             (patches (search-patches "libunwind-CVE-2015-3239.patch"))))
+               "1jsslwkilwrsj959dc8b479qildawz67r8m4lzxm7glcwa8cngiz"))))
     (build-system gnu-build-system)
     (arguments
-     ;; FIXME: As of glibc 2.17, we get 3 out of 34 test failures.
+     ;; FIXME: As of glibc 2.25, we get 1 out of 34 test failures (2 are
+     ;; expected to fail).
      ;; Report them upstream.
      '(#:tests? #f))
     (home-page "http://www.nongnu.org/libunwind")
diff --git a/gnu/packages/libusb.scm b/gnu/packages/libusb.scm
index ed97ed9de7..f1d75220a9 100644
--- a/gnu/packages/libusb.scm
+++ b/gnu/packages/libusb.scm
@@ -332,7 +332,7 @@ devices.")
     (arguments
      '(#:phases
        (modify-phases %standard-phases
-         (add-before 'configure 'bootstrap
+         (add-after 'unpack 'bootstrap
            (lambda _
              (zero? (system* "autoreconf" "-vfi")))))))
     (inputs
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index d454b08029..8ef7a105d3 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -367,8 +367,8 @@ It has been modified to remove all non-free binary blobs.")
 
 (define %intel-compatible-systems '("x86_64-linux" "i686-linux"))
 
-(define %linux-libre-version "4.12.9")
-(define %linux-libre-hash "1wpsqhaab91l1wdbsxq8pdwrdx3a603zr5zjxbzdsx99pr6iypra")
+(define %linux-libre-version "4.13.4")
+(define %linux-libre-hash "028dww9c6x22mvd0jd87bmibqiz5lrsyynrbzka18gh39sk0v8j7")
 
 (define-public linux-libre
   (make-linux-libre %linux-libre-version
@@ -377,22 +377,32 @@ It has been modified to remove all non-free binary blobs.")
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.9
-  (make-linux-libre "4.9.45"
-                    "0qdwn2m3iynbjyszkq4hlx891s1b83p9nr1v7vdb20fs4n2cbl9s"
+  (make-linux-libre "4.9.52"
+                    "0zl1z13r4gg6r2sbx8mrif2cnjkjlfrswiap7wzb22jyfnlyj5nb"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.4
-  (make-linux-libre "4.4.84"
-                    "00lp3471mvwpq5062cynaakjn7bjpylmg1d1wwmhh6fdknd2h1kz"
+  (make-linux-libre "4.4.89"
+                    "1bw1cma8hxcj6wi8znc4nvw1p6dlc1lgciqak6n6ijn53xdd242h"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.1
-  (make-linux-libre "4.1.43"
-                    "0ycqmvczj7lm7czilnwpyp14n2lzilyx7m43rsq1qdm2m5rp4q2w"
+  (make-linux-libre "4.1.44"
+                    "1h1v2n8fxnn98y0jz9pnr4xdmc0v4l5d3hfxa5n5r3xmjksf1xs3"
                     %intel-compatible-systems
-                    #:configuration-file kernel-config))
+                    #:configuration-file kernel-config
+                    #:patches
+                    (list %boot-logo-patch
+                          (origin
+                            (method url-fetch)
+                            (uri "\
+https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=4a01092a5fa819397484fe2b50e9518356858156")
+                            (file-name "linux-libre-4.4-CVE-2017-1000251.patch")
+                            (sha256
+                             (base32
+                              "0zmkw9zvzpwy2ihiyfrw6mrf8qzv77cm23lxadr20qvzqlc1xzb3"))))))
 
 (define-public linux-libre-arm-generic
   (make-linux-libre %linux-libre-version
@@ -683,17 +693,16 @@ slabtop, and skill.")
 (define-public e2fsprogs
   (package
     (name "e2fsprogs")
-    (version "1.43.5")
+    (version "1.43.6")
     (source (origin
              (method url-fetch)
              (uri (string-append
                    "mirror://kernel.org/linux/kernel/people/tytso/"
                    name "/v" version "/"
                    name "-" version ".tar.xz"))
-             (patches (search-patches "e2fsprogs-32bit-quota-warnings.patch"))
              (sha256
               (base32
-               "05ssjpmy0fpv2ik6ibm1f47wr6794nf0q50r581vygrqvsd3s7r6"))))
+               "00ilv65dzcgiap435j89xk86shf7rrav3wsik7cahy789qijdcn9"))))
     (build-system gnu-build-system)
     (inputs `(("util-linux" ,util-linux)))
     (native-inputs `(("pkg-config" ,pkg-config)
@@ -861,14 +870,14 @@ Zerofree requires the file system to be unmounted or mounted read-only.")
 (define-public strace
   (package
     (name "strace")
-    (version "4.18")
+    (version "4.19")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://sourceforge/strace/strace/" version
                                  "/strace-" version ".tar.xz"))
              (sha256
               (base32
-               "026agy9nq238nx3ynhmi8h3vx96yra4xacfsm2ybs9k23ry8ibc9"))))
+               "10bjh2mrkvx41fk60b2iqv5b5k4r7a3qdsx04iyg904jqb3fp4vw"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -1132,7 +1141,7 @@ that the Ethernet protocol is much simpler than the IP protocol.")
 (define-public iproute
   (package
     (name "iproute2")
-    (version "4.12.0")
+    (version "4.13.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1140,7 +1149,7 @@ that the Ethernet protocol is much simpler than the IP protocol.")
                     version ".tar.xz"))
               (sha256
                (base32
-                "0zdxdsxyaazl85xhwskvsmpyzwf5qp21cvjsi1lw3xnrc914q2if"))))
+                "0l2w84cwr54gaw3cbxijf614l76hx8mgcz57v81rwl68z3nq3yww"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f                                ; no test suite
@@ -1173,23 +1182,14 @@ that the Ethernet protocol is much simpler than the IP protocol.")
     (synopsis
      "Utilities for controlling TCP/IP networking and traffic in Linux")
     (description
-     "Iproute2 is a collection of utilities for controlling TCP/IP
-networking and traffic with the Linux kernel.
+     "Iproute2 is a collection of utilities for controlling TCP/IP networking
+and traffic with the Linux kernel.  The most important of these are
+@command{ip}, which configures IPv4 and IPv6, and @command{tc} for traffic
+control.
 
 Most network configuration manuals still refer to ifconfig and route as the
 primary network configuration tools, but ifconfig is known to behave
-inadequately in modern network environments.  They should be deprecated, but
-most distros still include them.  Most network configuration systems make use
-of ifconfig and thus provide a limited feature set.  The /etc/net project aims
-to support most modern network technologies, as it doesn't use ifconfig and
-allows a system administrator to make use of all iproute2 features, including
-traffic control.
-
-iproute2 is usually shipped in a package called iproute or iproute2 and
-consists of several tools, of which the most important are @command{ip} and
-@command{tc}.  @command{ip} controls IPv4 and IPv6 configuration and
-@command{tc} stands for traffic control.  Both tools print detailed usage
-messages and are accompanied by a set of manpages.")
+inadequately in modern network environments, and both should be deprecated.")
     (license license:gpl2+)))
 
 ;; There are two packages for net-tools. The first, net-tools, is more recent
@@ -1212,14 +1212,14 @@ messages and are accompanied by a set of manpages.")
       (name "net-tools")
       (version (string-append "1.60-" revision "." (string-take commit 7)))
       (source (origin
-               (method git-fetch)
-               (uri (git-reference
-                      (url "https://git.code.sf.net/p/net-tools/code")
-                      (commit commit)))
-               (file-name (string-append name "-" version "-checkout"))
+               (method url-fetch)
+               (uri (string-append "https://sourceforge.net/code-snapshots/git/"
+                                   "n/ne/net-tools/code.git/net-tools-code-"
+                                   commit ".zip"))
+               (file-name (string-append name "-" version ".zip"))
                (sha256
                 (base32
-                 "189mdjfbd7j7j0jysy34nqn5byy9g5f6ylip1sikk7kz08vjml4s"))))
+                 "0hz9fda9d78spp774b6rr5xaxav7cm4h0qcpxf70rvdbrf6qx7vy"))))
       (home-page "http://net-tools.sourceforge.net/")
       (build-system gnu-build-system)
       (arguments
@@ -1266,7 +1266,8 @@ messages and are accompanied by a set of manpages.")
                               (string-append "BASEDIR=" out)
                               (string-append "INSTALLNLSDIR=" out "/share/locale")
                               (string-append "mandir=/share/man")))))
-      (native-inputs `(("gettext" ,gettext-minimal)))
+      (native-inputs `(("gettext" ,gettext-minimal)
+                       ("unzip" ,unzip)))
       (synopsis "Tools for controlling the network subsystem in Linux")
       (description
        "This package includes the important tools for controlling the network
@@ -1355,6 +1356,15 @@ configuration (iptunnel, ipmaddr).")
                             (string-append "INSTALLNLSDIR=" out "/share/locale")
                             (string-append "mandir=/share/man")))))
 
+    ;; We added unzip to the net-tools package's native-inputs when
+    ;; switching its source from a Git checkout to a zip archive.  We
+    ;; need to specify the native-inputs here to keep unzip out of the
+    ;; build of net-tools-for-tests, so that we don't have to rebuild
+    ;; many packages on the master branch.  We can make
+    ;; net-tools-for-tests inherit directly from net-tools in the next
+    ;; core-updates cycle.
+    (native-inputs `(("gettext" ,gettext-minimal)))
+
     ;; Use the big Debian patch set (the thing does not even compile out of
     ;; the box.)
     ;; XXX The patch is not actually applied, due to a bug in the 'patch' phase
@@ -1555,16 +1565,16 @@ devices.  It replaces @code{iwconfig}, which is deprecated.")
 (define-public powertop
   (package
     (name "powertop")
-    (version "2.8")
+    (version "2.9")
     (source
      (origin
        (method url-fetch)
        (uri (string-append
-             "https://01.org/sites/default/files/downloads/powertop/powertop-"
+             "https://01.org/sites/default/files/downloads/powertop/powertop-v"
              version ".tar.gz"))
        (sha256
         (base32
-         "0nlwazxbnn0k6q5f5b09wdhw0f194lpzkp3l7vxansqhfczmcyx8"))))
+         "0l4jjlf05li2mc6g8nrss3h435wjhmnqd8m7v3kha3x0x7cbfzxa"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -2087,14 +2097,14 @@ time.")
 (define-public lvm2
   (package
     (name "lvm2")
-    (version "2.02.171")
+    (version "2.02.174")
     (source (origin
               (method url-fetch)
               (uri (string-append "ftp://sources.redhat.com/pub/lvm2/releases/LVM2."
                                   version ".tgz"))
               (sha256
                (base32
-                "0r4r9fsvpj9hjmf0zz7h4prz12r6y16jhjhsvk1sbfpsl88sf5dq"))
+                "12qa2yfxnbjdx7kgxqqaglni50b46l5cp1rwjb24mccc830cwvpv"))
               (modules '((guix build utils)))
               (snippet
                '(begin
@@ -2357,11 +2367,16 @@ country-specific regulations for the wireless spectrum.")
                      ("flex" ,flex)
                      ("bison" ,bison)
                      ("which" ,which)))
+    (outputs '("lib"              ;avoid perl in closure
+               "out"))
     (arguments
      `(#:tests? #f  ; no 'check' target
        #:make-flags (list (string-append "PREFIX=" %output)
-                          (string-append "ETCDIR=" %output "/etc")
-                          (string-append "MANDIR=" %output "/share/man"))
+                          (string-append "ETCDIR=" (assoc-ref %outputs "lib") "/etc")
+                          (string-append "INCLUDEDIR="
+                                         (assoc-ref %outputs "lib") "/include")
+                          (string-append "MANDIR=" %output "/share/man")
+                          (string-append "LIBDIR=" (assoc-ref %outputs "lib") "/lib"))
        #:phases
        (alist-delete
         'configure
@@ -2451,7 +2466,7 @@ SMBus access.")
                (base32
                 "1siplsfgvcxamyqf44h71jx6jdfmvhfm7mh0y1q8ps4zs6pj2zwh"))))
     (build-system gnu-build-system)
-    (inputs `(("lm-sensors" ,lm-sensors)
+    (inputs `(("lm-sensors" ,lm-sensors "lib")
               ("gtk" ,gtk+-2)))
     (native-inputs `(("pkg-config" ,pkg-config)))
     (arguments
@@ -3012,6 +3027,7 @@ Bluetooth audio output devices like headphones or loudspeakers.")
   (package
     (name "bluez")
     (version "5.45")
+    (replacement bluez/fixed)
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -3073,6 +3089,20 @@ Bluetooth audio output devices like headphones or loudspeakers.")
 is flexible, efficient and uses a modular implementation.")
     (license license:gpl2+)))
 
+(define bluez/fixed
+  (package
+    (inherit bluez)
+    (version "5.45")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "mirror://kernel.org/linux/bluetooth/bluez-"
+                    version ".tar.xz"))
+              (sha256
+               (base32
+                "1sb4aflgyrl7apricjipa8wx95qm69yja0lmn2f19g560c3v1b2c"))
+              (patches (search-patches "bluez-CVE-2017-1000250.patch"))))))
+
 (define-public fuse-exfat
   (package
     (name "fuse-exfat")
@@ -3112,10 +3142,12 @@ write access to exFAT devices.")
     (build-system gnu-build-system)
     (arguments
      '(#:phases (modify-phases %standard-phases
-                  (add-before 'configure 'bootstrap
+                  (add-after 'unpack 'bootstrap
                     (lambda _
                       ;; The tarball was not generated with 'make dist' so we
                       ;; need to bootstrap things ourselves.
+                      (substitute* "autogen.sh"
+                        (("/bin/sh") (which "sh")))
                       (and (zero? (system* "./autogen.sh"))
                            (begin
                              (patch-makefile-SHELL "Makefile.include.in")
@@ -3143,7 +3175,7 @@ and copy/paste text in the console and in xterm.")
 (define-public btrfs-progs
   (package
     (name "btrfs-progs")
-    (version "4.12")
+    (version "4.13.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://kernel.org/linux/kernel/"
@@ -3151,7 +3183,7 @@ and copy/paste text in the console and in xterm.")
                                   "btrfs-progs-v" version ".tar.xz"))
               (sha256
                (base32
-                "1kif8xw2dbyc70ygkp0wyq4x96p1mkwdv4430f99qllx9b410xwi"))))
+                "1clavvrlkswgicqsm2yfsxqw04lsn8dra0db84jqm6j2apz80kz0"))))
     (build-system gnu-build-system)
     (outputs '("out"
                "static"))      ; static versions of the binaries in "out"
@@ -3159,6 +3191,12 @@ and copy/paste text in the console and in xterm.")
      '(#:phases (modify-phases %standard-phases
                  (add-after 'build 'build-static
                    (lambda _ (zero? (system* "make" "static"))))
+                 (add-after 'install 'install-bash-completion
+                   (lambda* (#:key outputs #:allow-other-keys)
+                     (install-file "btrfs-completion"
+                                   (string-append (assoc-ref outputs "out")
+                                                  "/etc/bash_completion.d"))
+                     #t))
                  (add-after 'install 'install-static
                    (let ((staticbin (string-append (assoc-ref %outputs "static")
                                                   "/bin")))
@@ -3173,8 +3211,9 @@ and copy/paste text in the console and in xterm.")
               ("libblkid:static" ,util-linux "static")
               ("libuuid" ,util-linux)
               ("libuuid:static" ,util-linux "static")
+              ("lzo" ,lzo)
               ("zlib" ,zlib)
-              ("lzo" ,lzo)))
+              ("zstd" ,zstd)))
     (native-inputs `(("pkg-config" ,pkg-config)
                      ("asciidoc" ,asciidoc)
                      ("xmlto" ,xmlto)
@@ -3182,6 +3221,7 @@ and copy/paste text in the console and in xterm.")
                      ("libxml2" ,libxml2)
                      ("docbook-xsl" ,docbook-xsl)
                      ;; For tests.
+                     ("acl" ,acl)
                      ("which" ,which)))
     (home-page "https://btrfs.wiki.kernel.org/")
     (synopsis "Create and manage btrfs copy-on-write file systems")
diff --git a/gnu/packages/lirc.scm b/gnu/packages/lirc.scm
index cd9e06d394..860822ce49 100644
--- a/gnu/packages/lirc.scm
+++ b/gnu/packages/lirc.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com>
+;;; Copyright © 2015, 2016, 2017 Alex Kost <alezost@gmail.com>
+;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -34,18 +35,23 @@
 (define-public lirc
   (package
     (name "lirc")
-    (version "0.9.4")
+    (version "0.10.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/lirc/LIRC/" version
                                   "/lirc-" version ".tar.bz2"))
               (sha256
                (base32
-                "1l2xzhnm4hrla51ik09hcafki0y8wnww7svfm7j63zbl2rssc66x"))
+                "1whlyifvvc7w04ahq07nnk1h18wc8j7c6wnvlb6mszravxh3qxcb"))
               (patches (search-patches "lirc-localstatedir.patch"))))
     (build-system gnu-build-system)
     (arguments
-     '(#:configure-flags '("--localstatedir=/var")
+     '(#:configure-flags
+       '("--localstatedir=/var"
+         ;; "configure" script fails to enable "devinput" driver as it
+         ;; checks for "/dev/input" directory (which is not available),
+         ;; so enable it explicitly.
+         "--enable-devinput")
        #:phases
        (modify-phases %standard-phases
          (add-after 'unpack 'disable-kernel-sniffing
diff --git a/gnu/packages/logging.scm b/gnu/packages/logging.scm
index b4f7caf56a..648a07e4c4 100644
--- a/gnu/packages/logging.scm
+++ b/gnu/packages/logging.scm
@@ -75,7 +75,7 @@ staying as close to their API as is reasonable.")
        ("libtool" ,libtool)))
     (arguments
      '(#:phases (modify-phases %standard-phases
-                  (add-before 'configure 'add-automake-files
+                  (add-after 'unpack 'add-automake-files
                     (lambda _
                       ;; The 'test-driver' file is a dangling symlink to
                       ;; /usr/share/automake; replace it.  We can't just run
diff --git a/gnu/packages/lxqt.scm b/gnu/packages/lxqt.scm
index a2c95674d9..a73a875594 100644
--- a/gnu/packages/lxqt.scm
+++ b/gnu/packages/lxqt.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 ng0 <ng0@infotropique.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -26,6 +27,7 @@
   #:use-module (guix utils)
   #:use-module (guix build-system cmake)
   #:use-module (gnu packages)
+  #:use-module (gnu packages glib)
   #:use-module (gnu packages kde-frameworks)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages qt))
@@ -188,3 +190,31 @@ desktop environment.")
     (description "lxqt-session provides the standard session manager
 for the LXQt desktop environment.")
     (license lgpl2.1+)))
+
+(define-public lxqt-build-tools
+  (package
+    (name "lxqt-build-tools")
+    (version "0.4.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/lxde/lxqt-build-tools/releases/"
+                           "download/" version "/" name "-" version ".tar.xz"))
+       (file-name (string-append name "-" version ".tar.xz"))
+       (sha256
+        (base32
+         "1llbrjbgabxlq933a8cpg03b3mdmvd8983csnd4f7vrcj51nv0xh"))))
+    (build-system cmake-build-system)
+    (arguments
+     `(#:tests? #f)) ;No tests
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("glib" ,glib)))
+    (inputs
+     `(("qtbase" ,qtbase)))
+    (synopsis "LXQt Build tools")
+    (description
+     "Lxqt-build-tools is providing several tools needed to build LXQt
+itself as well as other components maintained by the LXQt project.")
+    (home-page "http://lxqt.org")
+    (license lgpl2.1+)))
diff --git a/gnu/packages/machine-learning.scm b/gnu/packages/machine-learning.scm
index c5132faf58..77f64d5a41 100644
--- a/gnu/packages/machine-learning.scm
+++ b/gnu/packages/machine-learning.scm
@@ -190,9 +190,9 @@ classification.")
                                  "@unittest.skip(\"Disabled by Guix\")\n"
                                  line)))
                #t))
-           (add-before 'configure 'autogen
+           (add-after 'disable-broken-tests 'autogen
              (lambda _
-               (zero? (system* "bash" "./autogen.sh")))))))
+               (zero? (system* "bash" "autogen.sh")))))))
       (inputs
        `(("python" ,python-2) ; only Python 2 is supported
          ("libxml2" ,libxml2)))
@@ -491,6 +491,8 @@ in terms of new algorithms.")
     (propagated-inputs
      `(("r-rcpp" ,r-rcpp)
        ("r-rcpparmadillo" ,r-rcpparmadillo)))
+    (inputs
+     `(("armadillo" ,armadillo)))
     (home-page "http://cran.r-project.org/web/packages/AdaptiveSparsity")
     (synopsis "Adaptive sparsity models")
     (description
@@ -524,14 +526,14 @@ and a QP solver.")
 (define-public dlib
   (package
     (name "dlib")
-    (version "19.3")
+    (version "19.7")
     (source (origin
               (method url-fetch)
               (uri (string-append
                     "http://dlib.net/files/dlib-" version ".tar.bz2"))
               (sha256
                (base32
-                "0gfy83av717qymv53yv7ki6mgh6mdw4xcxxbjk8lrs72f8qvnrcw"))
+                "1mljz02kwkrbggyncxv5fpnyjdybw2qihaacb3js8yfkw12vwpc2"))
               (modules '((guix build utils)))
               (snippet
                '(begin
@@ -541,7 +543,11 @@ and a QP solver.")
                   #t))))
     (build-system cmake-build-system)
     (arguments
-     `(#:phases
+     ;; Recent releases defaults to "lib64" on 64bit.
+     `(#:configure-flags (list (string-append "-DCMAKE_INSTALL_LIBDIR="
+                                              (assoc-ref %outputs "out")
+                                              "/lib"))
+       #:phases
        (modify-phases %standard-phases
          (add-after 'unpack 'disable-asserts
            (lambda _
@@ -576,7 +582,6 @@ and a QP solver.")
              ;; No test target, so we build and run the unit tests here.
              (let ((test-dir (string-append "../dlib-" ,version "/dlib/test")))
                (with-directory-excursion test-dir
-                 (setenv "CXXFLAGS" "-std=gnu++11")
                  (and (zero? (system* "make" "-j" (number->string (parallel-job-count))))
                       (zero? (system* "./dtest" "--runall")))))))
          (add-after 'install 'delete-static-library
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 3b0f12b764..8c376b1e45 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -265,7 +265,7 @@ operating systems.")
   (package
     (inherit mutt)
     (name "neomutt")
-    (version "20170714")
+    (version "20170912")
     (source
      (origin
        (method url-fetch)
@@ -273,7 +273,7 @@ operating systems.")
                            "/archive/" name "-" version ".tar.gz"))
        (sha256
         (base32
-         "10x3sxai773n0gfqpi904ci1qvngymcbc2didswrm92wz4h8km20"))))
+         "0mv60kii933hq52mhwrcz29diaajbs5ryqibgsvdvfyvx27i43cz"))))
     (inputs
      `(("cyrus-sasl" ,cyrus-sasl)
        ("gdbm" ,gdbm)
@@ -667,14 +667,14 @@ invoking @command{notifymuch} from the post-new hook.")
 (define-public notmuch
   (package
     (name "notmuch")
-    (version "0.25")
+    (version "0.25.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://notmuchmail.org/releases/notmuch-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "02z6d87ip1hkipz8d7w0sfklg8dd5fd5vlgp768640ixg0gqvlk5"))))
+                "0c98hzwc60nb6kd15y0fl2ji3yfmr9k6v8ps0h3ihr3vkgn0kgxl"))))
     (build-system gnu-build-system)
     (arguments
      '(#:make-flags (list "V=1") ; Verbose test output.
@@ -727,45 +727,51 @@ ing, and tagging large collections of email messages.")
     (license gpl3+)))
 
 (define-public notmuch-addrlookup-c
-  (package
-    (name "notmuch-addrlookup-c")
-    (version "7")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append
-                    "https://github.com/aperezdc/" name "/archive/v"
-                    version ".tar.gz"))
-              (file-name (string-append name "-" version ".tar.gz"))
-              (sha256
-               (base32
-                "0rslg2ifgyhl6asv3yr1f62m9xjfcinv7i6qb07h2k217jqlmrri"))))
-    (build-system gnu-build-system)
-    (arguments
-     '(#:tests? #f ; no tests
-       #:make-flags (list "CC=gcc"
-                          (string-append "PREFIX="
-                                         (assoc-ref %outputs "out")))
-       #:phases (modify-phases %standard-phases
-                  (delete 'configure)
-                  ;; Remove vim code completion config, it's not needed to
-                  ;; build (or be patched).
-                  (add-before 'patch-source-shebangs 'delete-ycm-file
-                              (lambda _ (delete-file ".ycm_extra_conf.py")))
-                  (replace 'install
-                           (lambda* (#:key outputs #:allow-other-keys)
-                             (let ((bin (string-append
-                                         (assoc-ref outputs "out") "/bin")))
-                               (install-file "notmuch-addrlookup" bin)))))))
-    (native-inputs
-     `(("pkg-config" ,pkg-config)))
-    (inputs
-     `(("glib" ,glib)
-       ("notmuch" ,notmuch)))
-    (home-page "https://github.com/aperezdc/notmuch-addrlookup-c")
-    (synopsis "Address lookup tool for Notmuch")
-    (description "This is an address lookup tool using a Notmuch database,
+  ;; This commit includes a compatibility fix for notmuch-0.25, and is not
+  ;; currently part of any release.  Please update this package when
+  ;; notmuch-addrlookup-c-9 is released.
+  (let ((commit "88f156d04990a71c6ad6fc2757b537b44e3c4d00")
+        (revision "1"))          ;Guix package revision
+    (package
+      (name "notmuch-addrlookup-c")
+      (version (string-append "8-" revision "."
+                              (string-take commit 7)))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/aperezdc/notmuch-addrlookup-c.git")
+                      (commit commit)))
+                (file-name (string-append name "-" version "-checkout"))
+                (sha256
+                 (base32
+                  "0v0wzs7qzy4n1hbql8s10qrwgalcxdzbxf8pj6cii1pv2jwmkxbm"))))
+      (build-system gnu-build-system)
+      (arguments
+       '(#:tests? #f ; no tests
+         #:make-flags (list "CC=gcc"
+                            (string-append "PREFIX="
+                                           (assoc-ref %outputs "out")))
+         #:phases (modify-phases %standard-phases
+                    (delete 'configure)
+                    ;; Remove vim code completion config, it's not needed to
+                    ;; build (or be patched).
+                    (add-before 'patch-source-shebangs 'delete-ycm-file
+                                (lambda _ (delete-file ".ycm_extra_conf.py")))
+                    (replace 'install
+                             (lambda* (#:key outputs #:allow-other-keys)
+                               (let ((bin (string-append
+                                           (assoc-ref outputs "out") "/bin")))
+                                 (install-file "notmuch-addrlookup" bin)))))))
+      (native-inputs
+       `(("pkg-config" ,pkg-config)))
+      (inputs
+       `(("glib" ,glib)
+         ("notmuch" ,notmuch)))
+      (home-page "https://github.com/aperezdc/notmuch-addrlookup-c")
+      (synopsis "Address lookup tool for Notmuch")
+      (description "This is an address lookup tool using a Notmuch database,
 useful for email address completion.")
-    (license license:expat)))
+      (license license:expat))))
 
 (define-public python-notmuch
   (package
@@ -896,7 +902,7 @@ compresses it.")
 (define-public claws-mail
   (package
     (name "claws-mail")
-    (version "3.15.0")
+    (version "3.15.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -904,7 +910,7 @@ compresses it.")
                     ".tar.xz"))
               (sha256
                (base32
-                "0bnwd3l04y6j1nw3h861rdy6k6lyjzsi51j04d33vbpq8c6jskaf"))))
+                "0hlm2jipyr4z6izlrpvabpz4ivh49i13avnm848kr1nv68pkq2cd"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)))
     (inputs `(("bogofilter" ,bogofilter)
@@ -1169,9 +1175,9 @@ It supports mbox/Maildir and its own dbox/mdbox formats.")
                                               "/lib/dovecot"))
        #:phases
        (modify-phases %standard-phases
-         (add-before 'configure 'autogen
+         (add-after 'unpack 'autogen
            (lambda _
-             (zero? (system* "./autogen.sh")))))))
+             (zero? (system* "sh" "autogen.sh")))))))
     (home-page "https://0xacab.org/riseuplabs/trees")
     (synopsis "NaCL-based Dovecot email storage encryption plugin")
     (description
@@ -1225,9 +1231,9 @@ using lidsodium sealed boxes.
                                                 "/lib/dovecot"))
          #:phases
          (modify-phases %standard-phases
-           (add-before 'configure 'autogen
+           (add-after 'unpack 'autogen
              (lambda _
-               (zero? (system* "./autogen.sh")))))))
+               (zero? (system* "sh" "autogen.sh")))))))
       (home-page "https://github.com/LuckyFellow/dovecot-libsodium-plugin")
       (synopsis "Libsodium password hashing schemes plugin for Dovecot")
       (description
diff --git a/gnu/packages/man.scm b/gnu/packages/man.scm
index 4eefafbe12..60076f0f1a 100644
--- a/gnu/packages/man.scm
+++ b/gnu/packages/man.scm
@@ -138,7 +138,7 @@ the traditional flat-text whatis databases.")
 (define-public man-pages
   (package
     (name "man-pages")
-    (version "4.12")
+    (version "4.13")
     (source (origin
               (method url-fetch)
               (uri
@@ -151,7 +151,7 @@ the traditional flat-text whatis databases.")
                     "man-pages-" version ".tar.xz")))
               (sha256
                (base32
-                "14z0zcwm0m98fk2m2b3pvr8rs2sb602mg8f7wwb4xl7yj7cpjvbg"))))
+                "1gri0rm9i3a6w5dvsmwawhwzywl5x80dwq05d2v8l92knv2hbh6m"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases (alist-delete 'configure %standard-phases)
diff --git a/gnu/packages/markup.scm b/gnu/packages/markup.scm
index 121e6cdbf4..667f8b0a94 100644
--- a/gnu/packages/markup.scm
+++ b/gnu/packages/markup.scm
@@ -26,7 +26,9 @@
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system trivial)
   #:use-module (guix build-system cmake)
+  #:use-module (guix build-system perl)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages python)
   #:use-module (gnu packages web))
@@ -102,6 +104,92 @@ convert it to structurally valid XHTML (or HTML).")
     (license (non-copyleft "file://License.text"
                            "See License.text in the distribution."))))
 
+(define-public discount
+  (package
+    (name "discount")
+    (version "2.2.2")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append
+                   "http://www.pell.portland.or.us/~orc/Code/"
+                   name "/" name "-" version ".tar.bz2"))
+             (file-name (string-append name "-" version ".tar.gz"))
+             (sha256
+              (base32
+               "0r4gjyk1ngx47zhb25q0gkjm3bz2m5x8ngrk6rim3y1y3rricygc"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:test-target "test"
+       #:make-flags (list
+                     (string-append "LFLAGS=-L. -Wl,-rpath="
+                                    (assoc-ref %outputs "out") "/lib"))
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'set-AC_PATH
+           (lambda _
+             ;; The default value is not suitable, so override using an
+             ;; environment variable. This just affects the build, and not the
+             ;; resulting store item.
+             (setenv "AC_PATH" (getenv "PATH"))
+             #t))
+         (replace 'configure
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (setenv "CC" "gcc")
+             (zero? (system*
+                     "./configure.sh"
+                     (string-append "--prefix=" (assoc-ref outputs "out"))
+                     "--shared")))))))
+    (synopsis "Markdown processing library, written in C")
+    (description
+     "Discount is a markdown implementation, written in C.  It provides a
+@command{markdown} command, and a library.")
+    (home-page "http://www.pell.portland.or.us/~orc/Code/discount/")
+    (license bsd-3)))
+
+(define-public perl-text-markdown-discount
+  (package
+    (name "perl-text-markdown-discount")
+    (version "0.11")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/S/SE/SEKIMURA/Text-Markdown-Discount-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "1xx7v3wnla7m6wa3h33whxw3vvincaicg4yra1b9wbzf2aix9rnw"))
+       (patches
+        (search-patches "perl-text-markdown-discount-use-system-markdown.patch"))))
+    (build-system perl-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'set-ldflags
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "Makefile"
+               (("OTHERLDFLAGS = ")
+                (string-append
+                      "OTHERLDFLAGS = -lmarkdown -Wl,-rpath="
+                      (assoc-ref inputs "discount")
+                      "/lib"))))))))
+    (inputs
+     `(("discount" ,discount)))
+    (home-page
+     "http://search.cpan.org/dist/Text-Markdown-Discount")
+    (synopsis
+     "Fast function for converting Markdown to HTML using Discount")
+    (description
+     "Text::Markdown::Discount is a Perl extension to the Discount markdown
+implementation.
+
+@example
+  use Text::Markdown::Discount;
+  my $html = markdown($text)
+@end example")
+    (license perl-license)))
+
 (define-public cmark
   (package
     (name "cmark")
diff --git a/gnu/packages/mate.scm b/gnu/packages/mate.scm
index 316385a6f8..91489ba91b 100644
--- a/gnu/packages/mate.scm
+++ b/gnu/packages/mate.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Fabian Harfert <fhmgufs@web.de>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 ng0 <ng0@infotropique.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -23,15 +24,30 @@
   #:use-module (guix download)
   #:use-module (guix utils)
   #:use-module (guix build-system gnu)
+  #:use-module (guix build-system glib-or-gtk)
+  #:use-module (guix build-system trivial)
   #:use-module (gnu packages)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages freedesktop)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages fonts)
+  #:use-module (gnu packages libcanberra)
+  #:use-module (gnu packages linux)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gtk)
+  #:use-module (gnu packages gettext)
   #:use-module (gnu packages gnome)
+  #:use-module (gnu packages docbook)
+  #:use-module (gnu packages gnupg)
+  #:use-module (gnu packages gnuzilla)
   #:use-module (gnu packages xorg)
+  #:use-module (gnu packages documentation)
   #:use-module (gnu packages xdisorg)
   #:use-module (gnu packages base)
   #:use-module (gnu packages xml)
+  #:use-module (gnu packages photo)
+  #:use-module (gnu packages polkit)
+  #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages python))
 
 (define-public mate-icon-theme
@@ -40,7 +56,7 @@
     (version "1.18.2")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://pub.mate-desktop.org/releases/"
+              (uri (string-append "https://pub.mate-desktop.org/releases/"
                                   (version-major+minor version) "/"
                                   name "-" version ".tar.xz"))
               (sha256
@@ -50,9 +66,8 @@
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("intltool" ,intltool)
-       ("gtk+" ,gtk+)
        ("icon-naming-utils" ,icon-naming-utils)))
-    (home-page "http://mate-desktop.org/")
+    (home-page "https://mate-desktop.org/")
     (synopsis "The MATE desktop environment icon theme")
     (description
      "This package contains the default icon theme used by the MATE desktop.")
@@ -61,25 +76,22 @@
 (define-public mate-themes
   (package
     (name "mate-themes")
-    (version "3.22.11")
+    (version "3.22.13")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://pub.mate-desktop.org/releases/themes/"
+              (uri (string-append "https://pub.mate-desktop.org/releases/themes/"
                                   (version-major+minor version) "/mate-themes-"
                                   version ".tar.xz"))
               (sha256
                (base32
-                "1gfa1cny3q68y139m96iz8haiik6ygad5613gx0m4wd9hi5scafm"))))
+                "1p7w63an8qs15hkj79nppy7471glv0rm1b0himn3c4w69q8qdc9i"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
-       ("intltool" ,intltool)))
-    (inputs
-     `(("gtk+" ,gtk+)
-       ("gdk-pixbuf" ,gdk-pixbuf)
-       ("gtk-engines" ,gtk-engines)
-       ("murrine" ,murrine)))
-    (home-page "http://mate-desktop.org/")
+       ("intltool" ,intltool)
+       ("gdk-pixbuf" ,gdk-pixbuf) ; gdk-pixbuf+svg isn't needed
+       ("gtk" ,gtk+-2)))
+    (home-page "https://mate-desktop.org/")
     (synopsis
      "Official themes for the MATE desktop")
     (description
@@ -95,7 +107,7 @@ themes for both gtk+-2 and gtk+-3.")
     (version "1.18.0")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://pub.mate-desktop.org/releases/"
+              (uri (string-append "https://pub.mate-desktop.org/releases/"
                                   (version-major+minor version) "/"
                                   name "-" version ".tar.xz"))
               (sha256
@@ -107,15 +119,15 @@ themes for both gtk+-2 and gtk+-3.")
        ("intltool" ,intltool)
        ("glib:bin" ,glib "bin")
        ("gobject-introspection" ,gobject-introspection)
-       ("yelp-tools" ,yelp-tools)))
-       ;;("gtk-doc" ,gtk-doc))) ; add back in when gtk-doc builds
+       ("yelp-tools" ,yelp-tools)
+       ("gtk-doc" ,gtk-doc)))
     (inputs
      `(("gtk+" ,gtk+)
        ("libxrandr" ,libxrandr)
        ("startup-notification" ,startup-notification)))
     (propagated-inputs
      `(("dconf" ,dconf))) ; mate-desktop-2.0.pc
-    (home-page "http://mate-desktop.org/")
+    (home-page "https://mate-desktop.org/")
     (synopsis "Library with common API for various MATE modules")
     (description
      "This package contains a public API shared by several applications on the
@@ -128,7 +140,7 @@ desktop and the mate-about program.")
     (version "1.18.1")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://pub.mate-desktop.org/releases/"
+              (uri (string-append "https://pub.mate-desktop.org/releases/"
                                   (version-major+minor version) "/"
                                   name "-" version ".tar.xz"))
               (sha256
@@ -136,14 +148,13 @@ desktop and the mate-about program.")
                 "0z6vfh42fv9rqjrraqfpf6h9nd9h662bxy3l3r48j19xvxrwmx3a"))))
     (build-system gnu-build-system)
     (arguments
-     `(#:configure-flags
+     '(#:configure-flags
        (list (string-append "--with-zoneinfo-dir="
                             (assoc-ref %build-inputs "tzdata")
                             "/share/zoneinfo"))
        #:phases
        (modify-phases %standard-phases
-         (add-before
-          'check 'pre-check
+         (add-before 'check 'fix-tzdata-location
           (lambda* (#:key inputs #:allow-other-keys)
             (substitute* "data/check-timezones.sh"
               (("/usr/share/zoneinfo/zone.tab")
@@ -153,30 +164,206 @@ desktop and the mate-about program.")
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("intltool" ,intltool)
+       ("dconf" ,dconf)
        ("glib:bin" ,glib "bin")))
     (inputs
-     `(("dconf" ,dconf)
-       ("gdk-pixbuf" ,gdk-pixbuf)
-       ("gtk+" ,gtk+)
+     `(("gtk+" ,gtk+)
        ("tzdata" ,tzdata)))
     (propagated-inputs
       ;; both of these are requires.private in mateweather.pc
      `(("libsoup" ,libsoup)
        ("libxml2" ,libxml2)))
-    (home-page "http://mate-desktop.org/")
+    (home-page "https://mate-desktop.org/")
     (synopsis "MATE library for weather information from the Internet")
     (description
      "This library provides access to weather information from the internet for
 the MATE desktop environment.")
     (license license:lgpl2.1+)))
 
+(define-public mate-terminal
+  (package
+    (name "mate-terminal")
+    (version "1.18.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://pub.mate-desktop.org/releases/"
+                           (version-major+minor version) "/"
+                           name "-" version ".tar.xz"))
+       (sha256
+        (base32
+         "1zihm609d2d9cw53ry385whshjl1dnkifpk41g1ddm9f58hv4da1"))))
+    (build-system glib-or-gtk-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("intltool" ,intltool)
+       ("itstool" ,itstool)
+       ("gobject-introspection" ,gobject-introspection)
+       ("libxml2" ,libxml2)
+       ("yelp-tools" ,yelp-tools)))
+    (inputs
+     `(("dconf" ,dconf)
+       ("gtk+" ,gtk+)
+       ("libice" ,libice)
+       ("libsm" ,libsm)
+       ("libx11" ,libx11)
+       ("mate-desktop" ,mate-desktop)
+       ("pango" ,pango)
+       ("vte" ,vte)))
+    (home-page "https://mate-desktop.org/")
+    (synopsis "MATE Terminal Emulator")
+    (description
+     "MATE Terminal is a terminal emulation application that you can
+use to access a shell.  With it, you can run any application that
+is designed to run on VT102, VT220, and xterm terminals.
+MATE Terminal also has the ability to use multiple terminals
+in a single window (tabs) and supports management of different
+configurations (profiles).")
+    (license license:gpl3)))
+
+(define-public mate-session-manager
+  (package
+    (name "mate-session-manager")
+    (version "1.18.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://pub.mate-desktop.org/releases/"
+                           (version-major+minor version) "/"
+                           name "-" version ".tar.xz"))
+       (sha256
+        (base32
+         "0i0xq6041x2qmb26x9bawx0qpfkgjn6x9w3phnm9s7rc4s0z20ll"))))
+    (build-system glib-or-gtk-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("intltool" ,intltool)
+       ("xtrans" ,xtrans)
+       ("gobject-introspection" ,gobject-introspection)))
+    (inputs
+     `(("gtk+" ,gtk+)
+       ("dbus-glib" ,dbus-glib)
+       ("libsm" ,libsm)
+       ("mate-desktop" ,mate-desktop)))
+    (home-page "https://mate-desktop.org/")
+    (synopsis "Session manager for MATE")
+    (description
+     "Mate-session contains the MATE session manager, as well as a
+configuration program to choose applications starting on login.")
+    (license license:gpl2)))
+
+(define-public mate-settings-daemon
+  (package
+    (name "mate-settings-daemon")
+    (version "1.18.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://pub.mate-desktop.org/releases/"
+                           (version-major+minor version) "/"
+                           name "-" version ".tar.xz"))
+       (sha256
+        (base32
+         "07b2jkxqv07njdrgkdck93d872p6lch1lrvi7ydnpicspg3rfid6"))))
+    (build-system glib-or-gtk-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("intltool" ,intltool)
+       ("gobject-introspection" ,gobject-introspection)))
+    (inputs
+     `(("cairo" ,cairo)
+       ("dbus" ,dbus)
+       ("dbus-glib" ,dbus-glib)
+       ("dconf" ,dconf)
+       ("fontconfig" ,fontconfig)
+       ("gtk+" ,gtk+)
+       ("libcanberra" ,libcanberra)
+       ("libmatekbd" ,libmatekbd)
+       ("libmatemixer" ,libmatemixer)
+       ("libnotify" ,libnotify)
+       ("libx11" ,libx11)
+       ("libxext" ,libxext)
+       ("libxi" ,libxi)
+       ("libxklavier" ,libxklavier)
+       ("mate-desktop" ,mate-desktop)
+       ("nss" ,nss)
+       ("polkit" ,polkit)
+       ("startup-notification" ,startup-notification)))
+    (home-page "https://mate-desktop.org/")
+    (synopsis "Settings Daemon for MATE")
+    (description
+     "Mate-settings-daemon is a fork of gnome-settings-daemon.")
+    (license (list license:lgpl2.1 license:gpl2))))
+
+(define-public libmatemixer
+  (package
+    (name "libmatemixer")
+    (version "1.18.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://pub.mate-desktop.org/releases/"
+                           (version-major+minor version) "/"
+                           name "-" version ".tar.xz"))
+       (sha256
+        (base32
+         "09vyxnlnalws318gsafdfi5c6jwpp92pbafn1ddlqqds23ihk4mr"))))
+    (build-system glib-or-gtk-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("intltool" ,intltool)
+       ("gobject-introspection" ,gobject-introspection)))
+    (inputs
+     `(("glib" ,glib)
+       ("pulseaudio" ,pulseaudio)
+       ("alsa-lib" ,alsa-lib)))
+    (home-page "https://mate-desktop.org/")
+    (synopsis "Mixer library for the MATE desktop")
+    (description
+     "Libmatemixer is a mixer library for MATE desktop.  It provides an abstract
+API allowing access to mixer functionality available in the PulseAudio and ALSA
+sound systems.")
+    (license license:lgpl2.1)))
+
+(define-public libmatekbd
+  (package
+    (name "libmatekbd")
+    (version "1.18.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://pub.mate-desktop.org/releases/"
+                           (version-major+minor version) "/"
+                           name "-" version ".tar.xz"))
+       (sha256
+        (base32
+         "030bl18qbjm7l92bp1bhs7v82bp8j3mv7c1j1a4gd89iz4611pq3"))))
+    (build-system glib-or-gtk-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("intltool" ,intltool)
+       ("gobject-introspection" ,gobject-introspection)))
+    (inputs
+     `(("cairo" ,cairo)
+       ("gdk-pixbuf" ,gdk-pixbuf+svg)
+       ("glib" ,glib)
+       ("gtk+" ,gtk+)
+       ("libx11" ,libx11)
+       ("libxklavier" ,libxklavier)))
+    (home-page "https://mate-desktop.org/")
+    (synopsis "MATE keyboard configuration library")
+    (description
+     "Libmatekbd is a keyboard configuration library for the
+MATE desktop environment.")
+    (license license:lgpl2.1)))
+
 (define-public mate-menus
   (package
     (name "mate-menus")
     (version "1.18.0")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://pub.mate-desktop.org/releases/"
+              (uri (string-append "https://pub.mate-desktop.org/releases/"
                                   (version-major+minor version) "/"
                                   name "-" version ".tar.xz"))
               (sha256
@@ -203,10 +390,422 @@ the MATE desktop environment.")
     (inputs
      `(("glib" ,glib)
        ("python" ,python-2)))
-    (home-page "http://mate-desktop.org/")
+    (home-page "https://mate-desktop.org/")
     (synopsis "Freedesktop menu specification implementation for MATE")
     (description
      "The package contains an implementation of the freedesktop menu
 specification, the MATE menu layout configuration files, .directory files and
 assorted menu related utility programs.")
     (license (list license:gpl2+ license:lgpl2.0+))))
+
+(define-public mate-applets
+  (package
+    (name "mate-applets")
+    (version "1.18.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://pub.mate-desktop.org/releases/"
+                           (version-major+minor version) "/"
+                           name "-" version ".tar.xz"))
+       (sha256
+        (base32
+         "1nplr8i1mxbxd7pqhcy8j69v25nsp5dk9fq7ffrmjmp39lrf3fh5"))))
+    (build-system glib-or-gtk-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("intltool" ,intltool)
+       ("libxslt" ,libxslt)
+       ("yelp-tools" ,yelp-tools)
+       ("scrollkeeper" ,scrollkeeper)
+       ("gettext" ,gettext-minimal)
+       ("docbook-xml" ,docbook-xml)
+       ("gobject-introspection" ,gobject-introspection)))
+    (inputs
+     `(("atk" ,atk)
+       ("dbus" ,dbus)
+       ("dbus-glib" ,dbus-glib)
+       ("glib" ,glib)
+       ("gucharmap" ,gucharmap)
+       ("gtk+" ,gtk+)
+       ("gtksourceview" ,gtksourceview)
+       ("libgtop" ,libgtop)
+       ("libmateweather" ,libmateweather)
+       ("libnotify" ,libnotify)
+       ("libx11" ,libx11)
+       ("libxml2" ,libxml2)
+       ("libwnck" ,libwnck)
+       ("mate-panel" ,mate-panel)
+       ("pango" ,pango)
+       ("polkit" ,polkit) ; either polkit or setuid
+       ("python" ,python-2)
+       ("upower" ,upower)
+       ("wireless-tools" ,wireless-tools)))
+    (propagated-inputs
+     `(("python-pygobject" ,python-pygobject)))
+    (home-page "https://mate-desktop.org/")
+    (synopsis "Various applets for the MATE Panel")
+    (description
+     "Mate-applets includes various small applications for Mate-panel:
+
+@enumerate
+@item accessx-status: indicates keyboard accessibility settings,
+including the current state of the keyboard, if those features are in use.
+@item Battstat: monitors the power subsystem on a laptop.
+@item Character palette: provides a convenient way to access
+non-standard characters, such as accented characters,
+mathematical symbols, special symbols, and punctuation marks.
+@item MATE CPUFreq Applet: CPU frequency scaling monitor
+@item Drivemount: lets you mount and unmount drives and file systems.
+@item Geyes: pair of eyes which follow the mouse pointer around the screen.
+@item Keyboard layout switcher: lets you assign different keyboard
+layouts for different locales.
+@item Modem Monitor: monitors the modem.
+@item Invest: downloads current stock quotes from the Internet and
+displays the quotes in a scrolling display in the applet. The
+applet downloads the stock information from Yahoo! Finance.
+@item System monitor: CPU, memory, network, swap file and resource.
+@item Trash: lets you drag items to the trash folder.
+@item Weather report: downloads weather information from the
+U.S National Weather Service (NWS) servers, including the
+Interactive Weather Information Network (IWIN).
+@end enumerate\n")
+    (license (list license:gpl2+ license:lgpl2.0+ license:gpl3+))))
+
+(define-public mate-media
+  (package
+    (name "mate-media")
+    (version "1.18.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://pub.mate-desktop.org/releases/"
+                           (version-major+minor version) "/"
+                           name "-" version ".tar.xz"))
+       (sha256
+        (base32
+         "1l0j71d07898wb6ily09sj1xczwrmcw13wyhxwns7sxw592nwi04"))))
+    (build-system glib-or-gtk-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("intltool" ,intltool)
+       ("gettext" ,gettext-minimal)
+       ("gobject-introspection" ,gobject-introspection)))
+    (inputs
+     `(("cairo" ,cairo)
+       ("gtk+" ,gtk+)
+       ("libcanberra" ,libcanberra)
+       ("libmatemixer" ,libmatemixer)
+       ("libxml2" ,libxml2)
+       ("mate-applets" ,mate-applets)
+       ("mate-desktop" ,mate-desktop)
+       ("mate-panel" ,mate-panel)
+       ("pango" ,pango)
+       ("startup-notification" ,startup-notification)))
+    (home-page "https://mate-desktop.org/")
+    (synopsis "Multimedia related programs for the MATE desktop")
+    (description
+     "Mate-media includes the MATE media tools for MATE, including
+mate-volume-control, a MATE volume control application and applet.")
+    (license (list license:gpl2+ license:lgpl2.0+ license:fdl1.1+))))
+
+(define-public mate-panel
+  (package
+    (name "mate-panel")
+    (version "1.18.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://pub.mate-desktop.org/releases/"
+                           (version-major+minor version) "/"
+                           name "-" version ".tar.xz"))
+       (sha256
+        (base32
+         "1n565ff1n7jrfx223i3cl3m69wjda506nvbn8gra7m1jwdfzpbw1"))))
+    (build-system glib-or-gtk-build-system)
+    (arguments
+     `(#:configure-flags
+       (list (string-append "--with-zoneinfo-dir="
+                            (assoc-ref %build-inputs "tzdata")
+                            "/share/zoneinfo")
+             "--with-in-process-applets=all")
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'fix-timezone-path
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let* ((tzdata (assoc-ref inputs "tzdata")))
+               (substitute* "applets/clock/system-timezone.h"
+                 (("/usr/share/lib/zoneinfo/tab")
+                  (string-append tzdata "/share/zoneinfo/zone.tab"))
+                 (("/usr/share/zoneinfo")
+                  (string-append tzdata "/share/zoneinfo"))))
+             #t))
+         (add-after 'unpack 'fix-introspection-install-dir
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (substitute* '("configure")
+                 (("`\\$PKG_CONFIG --variable=girdir gobject-introspection-1.0`")
+                  (string-append "\"" out "/share/gir-1.0/\""))
+                 (("\\$\\(\\$PKG_CONFIG --variable=typelibdir gobject-introspection-1.0\\)")
+                  (string-append out "/lib/girepository-1.0/")))
+               #t))))))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("intltool" ,intltool)
+       ("itstool" ,itstool)
+       ("xtrans" ,xtrans)
+       ("gobject-introspection" ,gobject-introspection)))
+    (inputs
+     `(("dconf" ,dconf)
+       ("cairo" ,cairo)
+       ("dbus-glib" ,dbus-glib)
+       ("gtk+" ,gtk+)
+       ("libcanberra" ,libcanberra)
+       ("libice" ,libice)
+       ("libmateweather" ,libmateweather)
+       ("librsvg" ,librsvg)
+       ("libsm" ,libsm)
+       ("libx11" ,libx11)
+       ("libxau" ,libxau)
+       ("libxml2" ,libxml2)
+       ("libxrandr" ,libxrandr)
+       ("libwnck" ,libwnck)
+       ("mate-desktop" ,mate-desktop)
+       ("mate-menus" ,mate-menus)
+       ("pango" ,pango)
+       ("tzdata" ,tzdata)))
+    (home-page "https://mate-desktop.org/")
+    (synopsis "Panel for MATE")
+    (description
+     "Mate-panel contains the MATE panel, the libmate-panel-applet library and
+several applets.  The applets supplied here include the Workspace Switcher,
+the Window List, the Window Selector, the Notification Area, the Clock and the
+infamous 'Wanda the Fish'.")
+    (license (list license:gpl2+ license:lgpl2.0+))))
+
+(define-public caja
+  (package
+    (name "caja")
+    (version "1.18.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://pub.mate-desktop.org/releases/"
+                           (version-major+minor version) "/"
+                           name "-" version ".tar.xz"))
+       (sha256
+        (base32
+         "0mljqcx7k8p27854zm7qzzn8ca6hs7hva9p43hp4p507z52caqmm"))))
+    (build-system glib-or-gtk-build-system)
+    (arguments
+     `(#:configure-flags '("--disable-update-mimedb")
+       #:tests? #f ; tests fail even with display set
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'check 'pre-check
+           (lambda _
+             ;; Tests require a running X server.
+             (system "Xvfb :1 &")
+             (setenv "DISPLAY" ":1")
+             ;; For the missing /etc/machine-id.
+             (setenv "DBUS_FATAL_WARNINGS" "0")
+             #t)))))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("intltool" ,intltool)
+       ("glib:bin" ,glib "bin")
+       ("xorg-server" ,xorg-server)
+       ("gobject-introspection" ,gobject-introspection)))
+    (inputs
+     `(("exempi" ,exempi)
+       ("gtk+" ,gtk+)
+       ("gvfs" ,gvfs)
+       ("libexif" ,libexif)
+       ("libnotify" ,libnotify)
+       ("libsm" ,libsm)
+       ("libxml2" ,libxml2)
+       ("mate-desktop" ,mate-desktop)
+       ("startup-notification" ,startup-notification)))
+    (home-page "https://mate-desktop.org/")
+    (synopsis "File manager for the MATE desktop")
+    (description
+     "Caja is the official file manager for the MATE desktop.
+It allows for browsing directories, as well as previewing files and launching
+applications associated with them.  Caja is also responsible for handling the
+icons on the MATE desktop.  It works on local and remote filesystems.")
+    ;; There is a note about a TRADEMARKS_NOTICE file in COPYING which
+    ;; does not exist. It is safe to assume that this is of no concern
+    ;; for us.
+    (license license:gpl2+)))
+
+(define-public mate-control-center
+  (package
+    (name "mate-control-center")
+    (version "1.18.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://pub.mate-desktop.org/releases/"
+                           (version-major+minor version) "/"
+                           name "-" version ".tar.xz"))
+       (sha256
+        (base32
+         "0flnn0h8f5aqyccwrlv7qxchvr3kqmlfdga6wq28d55zkpv5m7dl"))))
+    (build-system glib-or-gtk-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("intltool" ,intltool)
+       ("yelp-tools" ,yelp-tools)
+       ("desktop-file-utils" ,desktop-file-utils)
+       ("kbproto" ,kbproto)
+       ("randrproto" ,randrproto)
+       ("renderproto" ,renderproto)
+       ("scrnsaverproto" ,scrnsaverproto)
+       ("xextpro" ,xextproto)
+       ("xproto" ,xproto)
+       ("xmodmap" ,xmodmap)
+       ("gobject-introspection" ,gobject-introspection)))
+    (inputs
+     `(("atk" ,atk)
+       ("cairo" ,cairo)
+       ("caja" ,caja)
+       ("dconf" ,dconf)
+       ("dbus" ,dbus)
+       ("dbus-glib" ,dbus-glib)
+       ("fontconfig" ,fontconfig)
+       ("freetype" ,freetype)
+       ("glib" ,glib)
+       ("gtk+" ,gtk+)
+       ("libcanberra" ,libcanberra)
+       ("libmatekbd" ,libmatekbd)
+       ("libx11" ,libx11)
+       ("libxcursor" ,libxcursor)
+       ("libxext" ,libxext)
+       ("libxi" ,libxi)
+       ("libxklavier" ,libxklavier)
+       ("libxml2" ,libxml2)
+       ("libxrandr" ,libxrandr)
+       ("libxrender" ,libxrender)
+       ("libxscrnsaver" ,libxscrnsaver)
+       ("marco" ,marco)
+       ("mate-desktop" ,mate-desktop)
+       ("mate-menus" ,mate-menus)
+       ("mate-settings-daemon" ,mate-settings-daemon)
+       ("pango" ,pango)
+       ("startup-notification" ,startup-notification)))
+    (propagated-inputs
+     `(("gdk-pixbuf" ,gdk-pixbuf+svg) ; mate-slab.pc
+       ("librsvg" ,librsvg))) ; mate-slab.pc
+    (home-page "https://mate-desktop.org/")
+    (synopsis "MATE Desktop configuration tool")
+    (description
+     "MATE control center is MATE's main interface for configuration
+of various aspects of your desktop.")
+    (license license:gpl2+)))
+
+(define-public marco
+  (package
+    (name "marco")
+    (version "1.18.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://pub.mate-desktop.org/releases/"
+                           (version-major+minor version) "/"
+                           name "-" version ".tar.xz"))
+       (sha256
+        (base32
+         "0lwbp9wyd66hl5d7g272l8g3k1pb9s4s2p9fb04750a58w87d8k5"))))
+    (build-system glib-or-gtk-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("intltool" ,intltool)
+       ("itstool" ,itstool)
+       ("glib" ,glib)
+       ("gobject-introspection" ,gobject-introspection)
+       ("libxft" ,libxft)
+       ("libxml2" ,libxml2)
+       ("zenity" ,zenity)))
+    (inputs
+     `(("gtk+" ,gtk+)
+       ("libcanberra" ,libcanberra)
+       ("libgtop" ,libgtop)
+       ("libice" ,libice)
+       ("libsm" ,libsm)
+       ("libx11" ,libx11)
+       ("libxcomposite" ,libxcomposite)
+       ("libxcursor" ,libxcursor)
+       ("libxdamage" ,libxdamage)
+       ("libxext" ,libxext)
+       ("libxfixes" ,libxfixes)
+       ("libxinerama" ,libxinerama)
+       ("libxrandr" ,libxrandr)
+       ("libxrender" ,libxrender)
+       ("mate-desktop" ,mate-desktop)
+       ("pango" ,pango)
+       ("startup-notification" ,startup-notification)))
+    (home-page "https://mate-desktop.org/")
+    (synopsis "Window manager for the MATE desktop")
+    (description
+     "Marco is a minimal X window manager that uses GTK+ for drawing
+window frames.  It is aimed at non-technical users and is designed to integrate
+well with the MATE desktop.  It lacks some features that may be expected by
+some users; these users may want to investigate other available window managers
+for use with MATE or as a standalone window manager.")
+    (license license:gpl2+)))
+
+(define-public mate
+  (package
+    (name "mate")
+    (version (package-version mate-desktop))
+    (source #f)
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build union))
+       #:builder
+       (begin
+         (use-modules (ice-9 match)
+                      (guix build union))
+         (match %build-inputs
+           (((names . directories) ...)
+            (union-build (assoc-ref %outputs "out")
+                         directories))))))
+    (inputs
+     ;; TODO: Add more packages
+     `(("at-spi2-core"              ,at-spi2-core)
+       ("caja"                      ,caja)
+       ("dbus"                      ,dbus)
+       ("dconf"                     ,dconf)
+       ("desktop-file-utils"        ,desktop-file-utils)
+       ("font-cantarell"            ,font-cantarell)
+       ("glib-networking"           ,glib-networking)
+       ("gnome-keyring"             ,gnome-keyring)
+       ("gvfs"                      ,gvfs)
+       ("libmatekbd"                ,libmatekbd)
+       ("libmateweather"            ,libmateweather)
+       ("libmatemixer"              ,libmatemixer)
+       ("marco"                     ,marco)
+       ("mate-session-manager"      ,mate-session-manager)
+       ("mate-settings-daemon"      ,mate-settings-daemon)
+       ("mate-desktop"              ,mate-desktop)
+       ("mate-terminal"             ,mate-terminal)
+       ("mate-themes"               ,mate-themes)
+       ("mate-icon-theme"           ,mate-icon-theme)
+       ("mate-menu"                 ,mate-menus)
+       ("mate-panel"                ,mate-panel)
+       ("mate-control-center"       ,mate-control-center)
+       ("mate-media"                ,mate-media)
+       ("mate-applets"              ,mate-applets)
+       ("pinentry-gnome3"           ,pinentry-gnome3)
+       ("pulseaudio"                ,pulseaudio)
+       ("shared-mime-info"          ,shared-mime-info)
+       ("yelp"                      ,yelp)
+       ("zenity"                    ,zenity)))
+    (synopsis "The MATE desktop environment")
+    (home-page "https://mate-desktop.org/")
+    (description
+     "The MATE Desktop Environment is the continuation of GNOME 2.  It provides
+an intuitive and attractive desktop environment using traditional metaphors for
+GNU/Linux systems.  MATE is under active development to add support for new
+technologies while preserving a traditional desktop experience.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 1d9cadf044..962bcd8278 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -11,7 +11,7 @@
 ;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2015 Fabian Harfert <fhmgufs@web.de>
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
-;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Thomas Danckaert <post@thomasdanckaert.be>
@@ -149,14 +149,14 @@ interactive dialogs to guide them.")
 (define-public coda
   (package
     (name "coda")
-    (version "2.18")
+    (version "2.18.2")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://github.com/stcorp/coda/releases/download/"
                            version "/coda-" version ".tar.gz"))
        (sha256
-        (base32 "11asla1ap8vd73farqjlpb179sfiy0biydcwxjfcakrp9sf8v9bs"))
+        (base32 "01fnqcby9jijvf3jxr1fk4bny059lvvq5wbqm7ns60ilykfdnm6a"))
        (patches (search-patches "coda-use-system-libs.patch"))
        (modules '((guix build utils)))
        (snippet
@@ -605,7 +605,18 @@ computations.")
                (("@HDF_BUILD_SHARED_TRUE@AM_LDFLAGS = \
 -R\\$\\(abs_top_builddir\\)/mfhdf/libsrc/\\.libs \
 -R\\$\\(abs_top_builddir\\)/hdf/src/\\.libs \\$\\(XDR_ADD\\)") ""))
-             #t)))))
+             #t))
+         (add-after 'configure 'patch-settings
+           (lambda _
+             ;; libhdf4.settings contains the full path of the
+             ;; compilers used, and its contents are included in
+             ;; .so-files.  We truncate the hashes to avoid
+             ;; unnecessary store references to those compilers:
+             (substitute* "libhdf4.settings"
+               (("(/gnu/store/)([a-Z0-9]*)" all prefix hash)
+                (string-append prefix (string-take hash 10) "...")))
+             #t))
+         )))
     (home-page "https://www.hdfgroup.org/products/hdf4/")
     (synopsis
      "Library and multi-object file format for storing and managing data")
@@ -648,16 +659,40 @@ incompatible with HDF5.")
     (build-system gnu-build-system)
     (inputs
      `(("zlib" ,zlib)))
+    (native-inputs
+     `(("gfortran" ,gfortran)))
+    (outputs '("out"       ; core library
+               "fortran")) ; fortran interface
     (arguments
      `(;; Some of the users, notably Flann, need the C++ interface.
-       #:configure-flags '("--enable-cxx")
+       #:configure-flags '("--enable-cxx"
+                           "--enable-fortran"
+                           "--enable-fortran2003")
 
        #:phases
        (modify-phases %standard-phases
          (add-before 'configure 'patch-configure
-           (lambda _
+           (lambda* (#:key outputs #:allow-other-keys)
              (substitute* "configure"
                (("/bin/mv") "mv"))
+             (substitute* "fortran/src/Makefile.in"
+               (("libhdf5_fortran_la_LDFLAGS =")
+                (string-append "libhdf5_fortran_la_LDFLAGS = -Wl-rpath="
+                               (assoc-ref outputs "fortran") "/lib")))
+             (substitute* "hl/fortran/src/Makefile.in"
+               (("libhdf5hl_fortran_la_LDFLAGS =")
+                (string-append "libhdf5hl_fortran_la_LDFLAGS = -Wl,-rpath="
+                               (assoc-ref outputs "fortran") "/lib")))
+             #t))
+         (add-after 'configure 'patch-settings
+           (lambda _
+             ;; libhdf5.settings contains the full path of the
+             ;; compilers used, and its contents are included in
+             ;; libhdf5.so.  We truncate the hashes to avoid
+             ;; unnecessary store references to those compilers:
+             (substitute* "src/libhdf5.settings"
+              (("(/gnu/store/)([a-Z0-9]*)" all prefix hash)
+               (string-append prefix (string-take hash 10) "...")))
              #t))
          (add-after 'install 'patch-references
            (lambda* (#:key inputs outputs #:allow-other-keys)
@@ -666,7 +701,40 @@ incompatible with HDF5.")
                (substitute* (find-files bin "h5p?cc")
                  (("-lz" lib)
                   (string-append "-L" zlib "/lib " lib)))
-               #t))))))
+               #t)))
+         (add-after 'install 'split
+            (lambda* (#:key inputs outputs #:allow-other-keys)
+              ;; Move all fortran-related files
+              (let* ((out (assoc-ref outputs "out"))
+                     (bin (string-append out "/bin"))
+                     (lib (string-append out "/lib"))
+                     (inc (string-append out "/include"))
+                     (ex (string-append out "/share/hdf5_examples/fortran"))
+                     (fort (assoc-ref outputs "fortran"))
+                     (fbin (string-append fort "/bin"))
+                     (flib (string-append fort "/lib"))
+                     (finc (string-append fort "/include"))
+                     (fex (string-append fort "/share/hdf5_examples/fortran")))
+                (mkdir-p fbin)
+                (mkdir-p flib)
+                (mkdir-p finc)
+                (mkdir-p fex)
+                (rename-file (string-append bin "/h5fc")
+                             (string-append fbin "/h5fc"))
+                (for-each (lambda (file)
+                            (rename-file file
+                                         (string-append flib "/" (basename file))))
+                          (find-files lib ".*fortran.*"))
+                (for-each (lambda (file)
+                            (rename-file file
+                                         (string-append finc "/" (basename file))))
+                          (find-files inc ".*mod"))
+                (for-each (lambda (file)
+                            (rename-file file
+                                         (string-append fex "/" (basename file))))
+                          (find-files ex ".*"))
+                (delete-file-recursively ex))
+              #t)))))
     (home-page "http://www.hdfgroup.org")
     (synopsis "Management suite for extremely large and complex data")
     (description "HDF5 is a suite that makes possible the management of
@@ -850,6 +918,29 @@ similar to MATLAB, GNU Octave or SciPy.")
        ("libjpeg" ,libjpeg)))
     (arguments
      `(#:configure-flags '("--enable-doxygen" "--enable-dot" "--enable-hdf4")
+
+       #:phases (modify-phases %standard-phases
+         (add-before 'configure 'fix-source-date
+           (lambda _
+             ;; As we ${SOURCE_DATE_EPOCH} evaluates to "1" in the build
+             ;; environment, `date -u -d ${SOURCE_DATE_EPOCH}` will evaluate
+             ;; to '1st hour of the current day', and therefore makes the
+             ;; package not reproducible.
+             (substitute* "./configure"
+               (("date -u -d \"\\$\\{SOURCE_DATE_EPOCH\\}\"")
+                "date --date='@0'"))
+             #t))
+         (add-after 'configure 'patch-settings
+           (lambda _
+             ;; libnetcdf.settings contains the full filename of the compilers
+             ;; used to build the library.  We truncate the hashes of those
+             ;; filenames to avoid unnecessary references to the corresponding
+             ;; store items.
+             (substitute* "libnetcdf.settings"
+               (("(/gnu/store/)([a-Z0-9]*)" all prefix hash)
+                (string-append prefix (string-take hash 10) "...")))
+             #t)))
+
        #:parallel-tests? #f))           ;various race conditions
     (home-page "http://www.unidata.ucar.edu/software/netcdf/")
     (synopsis "Library for scientific data")
@@ -1946,6 +2037,55 @@ bio-chemistry.")
     ;; See LICENSE_en.txt
     (license license:cecill-c)))
 
+(define-public scotch32
+  ;; This is the 'INTSIZE32' variant, which uses 32-bit integers, as needed by
+  ;; some applications.
+  (package (inherit scotch)
+    (name "scotch32")
+    (arguments
+     (substitute-keyword-arguments (package-arguments scotch)
+       ((#:phases scotch-phases)
+        `(modify-phases ,scotch-phases
+          (replace
+           'configure
+           (lambda _
+             (call-with-output-file "Makefile.inc"
+               (lambda (port)
+                 (format port "
+EXE =
+LIB = .a
+OBJ = .o
+MAKE = make
+AR = ar
+ARFLAGS = -ruv
+CAT = cat
+CCS = gcc
+CCP = mpicc
+CCD = gcc
+CPPFLAGS =~{ -D~a~}
+CFLAGS = -O2 -g -fPIC $(CPPFLAGS)
+LDFLAGS = -lz -lm -lrt -lpthread
+CP = cp
+LEX = flex -Pscotchyy -olex.yy.c
+LN = ln
+MKDIR = mkdir
+MV = mv
+RANLIB = ranlib
+YACC = bison -pscotchyy -y -b y
+"
+                        '("COMMON_FILE_COMPRESS_GZ"
+                          "COMMON_PTHREAD"
+                          "COMMON_RANDOM_FIXED_SEED"
+                          "INTSIZE32"   ;use 32-bit integers.  See INSTALL.txt
+                          ;; Prevents symbolc clashes with libesmumps
+                          "SCOTCH_RENAME"
+                          ;; XXX: Causes invalid frees in superlu-dist tests
+                          ;; "SCOTCH_PTHREAD"
+                          ;; "SCOTCH_PTHREAD_NUMBER=2"
+                          "restrict=__restrict"))))))))))
+    (synopsis
+     "Programs and libraries for graph algorithms (32-bit integers)")))
+
 (define-public pt-scotch
   (package (inherit scotch)
     (name "pt-scotch")
@@ -1969,6 +2109,29 @@ bio-chemistry.")
             (lambda _ (zero? (system* "make" "ptcheck"))))))))
     (synopsis "Programs and libraries for graph algorithms (with MPI)")))
 
+(define-public pt-scotch32
+  (package (inherit scotch32)
+    (name "pt-scotch32")
+    (propagated-inputs
+     `(("openmpi" ,openmpi)))                     ;headers include MPI headers
+    (arguments
+     (substitute-keyword-arguments (package-arguments scotch32)
+       ((#:phases scotch32-phases)
+        `(modify-phases ,scotch32-phases
+           (replace 'build
+             (lambda _
+               (and
+                (zero? (system* "make"
+                                (format #f "-j~a" (parallel-job-count))
+                                "ptscotch" "ptesmumps"))
+                ;; Install the serial metis compatibility library
+                (zero? (system* "make" "-C" "libscotchmetis" "install")))))
+           (replace 'check
+             (lambda _
+               (zero? (system* "make" "ptcheck"))))))))
+    (synopsis
+     "Programs and libraries for graph algorithms (with MPI and 32-bit integers)")))
+
 (define-public metis
   (package
     (name "metis")
@@ -2353,6 +2516,92 @@ parts of it.")
      "OpenBLAS is a BLAS library forked from the GotoBLAS2-1.13 BSD version.")
     (license license:bsd-3)))
 
+(define* (make-blis implementation #:optional substitutable?)
+  "Return a BLIS package with the given IMPLEMENTATION (see config/ in the
+source tree for a list of implementations.)
+
+SUBSTITUTABLE? determines whether the package is made available as a
+substitute.
+
+Currently the specialization must be selected at configure-time, but work is
+underway to allow BLIS to select the right optimized kernels at run time:
+<https://github.com/flame/blis/issues/129>."
+  (package
+    (name (if (string=? implementation "reference")
+              "blis"
+              (string-append "blis-" implementation)))
+    (version "0.2.2")
+    (home-page "https://github.com/flame/blis")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference (url home-page) (commit version)))
+              (sha256
+               (base32
+                "1wr79a50nm4abhw8w3sn96nmwp5mrzifcigk7khw9qcgyyyqayfh"))
+              (file-name (git-file-name "blis" version))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:test-target "test"
+
+       #:substitutable? ,substitutable?
+
+       #:phases (modify-phases %standard-phases
+                  (replace 'configure
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      ;; This is a home-made 'configure' script.
+                      (let ((out (assoc-ref outputs "out")))
+                        (zero? (system* "./configure" "-p" out
+                                        "-d" "opt"
+                                        "--disable-static"
+                                        "--enable-shared"
+                                        "--enable-threading=openmp"
+
+                                        ,implementation)))))
+                  (add-before 'check 'show-test-output
+                    (lambda _
+                      ;; By default "make check" is silent.  Make it verbose.
+                      (system "tail -F output.testsuite &")
+                      #t)))))
+    (synopsis "High-performance basic linear algebra (BLAS) routines")
+    (description
+     "BLIS is a portable software framework for instantiating high-performance
+BLAS-like dense linear algebra libraries.  The framework was designed to
+isolate essential kernels of computation that, when optimized, immediately
+enable optimized implementations of most of its commonly used and
+computationally intensive operations.  While BLIS exports a new BLAS-like API,
+it also includes a BLAS compatibility layer which gives application developers
+access to BLIS implementations via traditional BLAS routine calls.")
+    (license license:bsd-3)))
+
+(define-public blis
+  ;; This is the "reference" implementation, which is the non-optimized but
+  ;; portable variant (no assembly).
+  (make-blis "reference" #t))
+
+(define ignorance blis)
+
+(define-syntax-rule (blis/x86_64 processor)
+  "Expand to a package specialized for PROCESSOR."
+  (package
+    (inherit (make-blis processor))
+    (supported-systems '("x86_64-linux"))))
+
+(define-public blis-sandybridge
+  ;; BLIS specialized for Sandy Bridge processors (launched 2011):
+  ;; <http://ark.intel.com/products/codename/29900/Sandy-Bridge>.
+  (blis/x86_64 "sandybridge"))
+
+(define-public blis-haswell
+  ;; BLIS specialized for Haswell processors (launched 2013):
+  ;; <http://ark.intel.com/products/codename/42174/Haswell>.
+  (blis/x86_64 "haswell"))
+
+(define-public blis-knl
+  ;; BLIS specialized for Knights Landing processor (launched 2016):
+  ;; <http://ark.intel.com/products/series/92650/Intel-Xeon-Phi-x200-Product-Family>.
+  (blis/x86_64 "knl"))
+
+
 (define-public openlibm
   (package
     (name "openlibm")
diff --git a/gnu/packages/mes.scm b/gnu/packages/mes.scm
index 39f9765320..f71339da23 100644
--- a/gnu/packages/mes.scm
+++ b/gnu/packages/mes.scm
@@ -34,14 +34,15 @@
 (define-public nyacc
   (package
     (name "nyacc")
-    (version "0.80.3")
+    (version "0.82.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://savannah/nyacc/"
                                   name "-" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0sdvkahnz6k9i4kf1i1ljl20220n3wk3gy6zmz0ggbbdgg4mfka0"))))
+                "1ll0mjivhxpj3r81w4a8p4bclr3byzp38ig1j11jvwnbl6lawgj7"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("guile" ,guile-2.2)))
@@ -57,7 +58,7 @@ extensive examples, including parsers for the Javascript and C99 languages.")
   (let ((triplet "i686-unknown-linux-gnu"))
     (package
       (name "mes")
-      (version "0.9")
+      (version "0.10")
       (source (origin
                 (method url-fetch)
                 (uri (string-append "https://gitlab.com/janneke/mes"
@@ -66,7 +67,7 @@ extensive examples, including parsers for the Javascript and C99 languages.")
                 (file-name (string-append name "-" version ".tar.gz"))
                 (sha256
                  (base32
-                  "0ph0fvabpb7zhbk4zpacbp7m4b142ds17dq5dzn00m7dz8farw9r"))))
+                  "0djmhnvha8phxgb4msysnjmy1nnllb08bnw4xhdayq8ppi4zdmcv"))))
       (build-system gnu-build-system)
       (supported-systems '("i686-linux" "x86_64-linux"))
       (propagated-inputs
diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
index eb9e869152..8e4b43aaf4 100644
--- a/gnu/packages/messaging.scm
+++ b/gnu/packages/messaging.scm
@@ -5,7 +5,7 @@
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016, 2017 <contact.ng0@cryptolab.net>
+;;; Copyright © 2016, 2017 <ng0@infotropique.org>
 ;;; Copyright © 2016 Andy Patterson <ajpatter@uwaterloo.ca>
 ;;; Copyright © 2016, 2017 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2017 Mekeor Melire <mekeor.melire@gmail.com>
@@ -533,6 +533,60 @@ transformation; audio and video conferences; file transfer; TLS, GPG and
 end-to-end encryption support; XML console.")
     (license license:gpl3)))
 
+(define-public dino
+  ;; The only release tarball is for version 0.0, but it is very old and fails
+  ;; to build.
+  (let ((commit "54a25fd926070a977138cec94908c55806e22f4a")
+        (revision "1"))
+    (package
+      (name "dino")
+      (version (string-append "0.0-" revision "." (string-take commit 9)))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/dino/dino.git")
+                      (commit commit)))
+                (file-name (string-append name "-" version "-checkout"))
+                (sha256
+                 (base32
+                  "1m100wzr5xqaj3r4vprxj0961833wqk0p7z94nmjsf2f0s67v5r3"))))
+      (build-system cmake-build-system)
+      (arguments
+       `(#:tests? #f ; there are no tests
+         #:parallel-build? #f ; not supported
+         #:configure-flags
+         ;; FIXME: we disable the omemo plugin because it needs
+         ;; libsignal-protocol, for which we don't have a package yet.
+         '("-DDISABLED_PLUGINS=omemo")
+         #:modules ((guix build cmake-build-system)
+                    ((guix build glib-or-gtk-build-system) #:prefix glib-or-gtk:)
+                    (guix build utils))
+         #:imported-modules (,@%gnu-build-system-modules
+                             (guix build cmake-build-system)
+                             (guix build glib-or-gtk-build-system))
+         #:phases
+         (modify-phases %standard-phases
+           (add-after 'install 'glib-or-gtk-wrap
+             (assoc-ref glib-or-gtk:%standard-phases 'glib-or-gtk-wrap)))))
+      (inputs
+       `(("libgee" ,libgee)
+         ("libsoup" ,libsoup)
+         ("sqlite" ,sqlite)
+         ("gpgme" ,gpgme)
+         ("gtk+" ,gtk+)
+         ("glib-networking" ,glib-networking)
+         ("gsettings-desktop-schemas" ,gsettings-desktop-schemas)))
+      (native-inputs
+       `(("pkg-config" ,pkg-config)
+         ("glib" ,glib "bin")
+         ("vala" ,vala)
+         ("gettext" ,gettext-minimal)))
+      (home-page "https://dino.im")
+      (synopsis "Graphical Jabber (XMPP) client")
+      (description "Dino is a Jabber (XMPP) client which aims to fit well into
+a graphical desktop environment like GNOME.")
+      (license license:gpl3+))))
+
 (define-public prosody
   (package
     (name "prosody")
@@ -747,14 +801,14 @@ instant messenger with audio and video chat capabilities.")
 (define-public qtox
   (package
     (name "qtox")
-    (version "1.10.1")
+    (version "1.11.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/qTox/qTox/archive/v"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0b37an611i2jdri59vsspyl3yf6cn4h0bn9d2jdrkw8d2rfqc8qy"))
+                "1m1ca1ybgj4yfm6a61yyj21f5jpip8dsbliwkfypswhmv5y52f5y"))
               (file-name (string-append name "-" version ".tar.gz"))))
     (build-system cmake-build-system)
     (arguments
@@ -794,7 +848,7 @@ connect with friends and family without anyone else listening in.")
 (define-public pybitmessage
   (package
     (name "pybitmessage")
-    (version "0.6.1")
+    (version "0.6.2")
     (source
      (origin
        (method url-fetch)
@@ -803,39 +857,28 @@ connect with friends and family without anyone else listening in.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1ffj7raxpp277kphj98190fxrwfx16vmbspk7k3azg3bh5f5idnf"))))
-    (inputs
-     `(("python" ,python-2)
-       ("python:tk" ,python-2 "tk")
-       ("openssl" ,openssl)
-       ("sqlite" ,sqlite)
-       ("qt" ,qt-4)
+         "1in2mhaxkp2sx8pgvifq9dk1z8b2x3imf1anr0z926vwxwjrf85w"))))
+    (propagated-inputs
+     ;; TODO:
+     ;; Package "pyopencl", required in addition to numpy for OpenCL support.
+     ;; Package "gst123", required in addition to alsa-utils and
+     ;; mpg123 for sound support.
+     `(("python2-msgpack" ,python2-msgpack)
+       ("python2-pythondialog" ,python2-pythondialog)
        ("python2-pyqt-4" ,python2-pyqt-4)
        ("python2-sip" ,python2-sip)
        ("python2-pysqlite" ,python2-pysqlite)
        ("python2-pyopenssl" ,python2-pyopenssl)))
     (native-inputs
-     `(("pkg-config" ,pkg-config)))
-    (build-system gnu-build-system)
+     `(("openssl" ,openssl)))
+    (build-system python-build-system)
     (arguments
-     `(#:imported-modules ((guix build python-build-system)
-                           ,@%gnu-build-system-modules)
-       #:make-flags (list (string-append "PREFIX="
-                                         (assoc-ref %outputs "out")))
-       #:tests? #f ; no test target
+     `(#:modules ((guix build python-build-system)
+                  (guix build utils))
+       #:tests? #f ;no test target
+       #:python ,python-2
        #:phases
        (modify-phases %standard-phases
-         (add-before 'build 'fix-makefile
-           (lambda* (#:key inputs #:allow-other-keys)
-             (substitute* "Makefile"
-               (("mkdir -p \\$\\{DESTDIR\\}/usr") "")
-               (("/usr/local") "")
-               (("/usr") "")
-               (("#!/bin/sh") (string-append "#!" (which "sh")))
-               (("python2") (which "python"))
-               (("/opt/openssl-compat-bitcoin/lib/")
-                (string-append (assoc-ref inputs "openssl") "/lib/")))
-             #t))
          (add-after 'unpack 'fix-unmatched-python-shebangs
            (lambda* (#:key inputs #:allow-other-keys)
              (substitute* "src/bitmessagemain.py"
@@ -869,18 +912,24 @@ connect with friends and family without anyone else listening in.")
                 (string-append (assoc-ref inputs "openssl")
                                "/lib/libssl.so")))
              #t))
-         ;; XXX: Make does not build and install bitmsghash, do it
+         (add-after 'unpack 'noninteractive-build
+           ;; This applies upstream commit 4c597d3f7cf9f83a763472aa165a1a4292019f20
+           (lambda _
+             (substitute* "setup.py"
+               (("except NameError")
+                "except EOFError, NameError"))
+             #t))
+         ;; XXX: python setup.py does not build and install bitmsghash,
+         ;; without it PyBitmessage tries to compile it at first run
+         ;; in the store, which due to obvious reasons fails. Do it
          ;; and place it in /lib.
-         (add-before 'build 'build-and-install-bitmsghash
+         (add-after 'unpack 'build-and-install-bitmsghash
            (lambda* (#:key outputs #:allow-other-keys)
-             (chdir "src/bitmsghash")
-             (system* "make")
-             (chdir "../..")
-             (install-file "src/bitmsghash/bitmsghash.so"
-                           (string-append (assoc-ref outputs "out") "/lib"))
-             #t))
-         (add-after 'install 'wrap
-           (@@ (guix build python-build-system) wrap)))))
+             (with-directory-excursion "src/bitmsghash"
+               (system* "make")
+               (install-file "bitmsghash.so"
+                             (string-append (assoc-ref outputs "out") "/lib")))
+             #t)))))
     (license license:expat)
     (description
      "Distributed and trustless peer-to-peer communications protocol
@@ -1209,7 +1258,7 @@ support, and more.")
     (arguments
      `(#:phases
        (modify-phases %standard-phases
-         (add-before 'configure 'autogen
+         (add-after 'unpack 'autogen
            (lambda _
              (zero? (system* "sh" "autogen.sh"))))
          ;; For 'system' commands in Scheme code.
diff --git a/gnu/packages/microcom.scm b/gnu/packages/microcom.scm
index aa42e99213..dcb864808f 100644
--- a/gnu/packages/microcom.scm
+++ b/gnu/packages/microcom.scm
@@ -42,7 +42,7 @@
     (arguments
      `(#:phases
        (modify-phases %standard-phases
-         (add-before 'configure 'bootstrap
+         (add-after 'unpack 'bootstrap
            (lambda _
              (zero? (system* "autoreconf" "-i")))))))
     (inputs `(("readline" ,readline)))
diff --git a/gnu/packages/mp3.scm b/gnu/packages/mp3.scm
index 9330179f96..f030e5b18e 100644
--- a/gnu/packages/mp3.scm
+++ b/gnu/packages/mp3.scm
@@ -295,7 +295,7 @@ This package contains the binary.")
 (define-public mpg123
   (package
     (name "mpg123")
-    (version "1.25.4")
+    (version "1.25.6")
     (source (origin
               (method url-fetch)
               (uri (list (string-append "mirror://sourceforge/mpg123/mpg123/"
@@ -305,7 +305,7 @@ This package contains the binary.")
                           version ".tar.bz2")))
               (sha256
                (base32
-                "1rxknrnl3ji5hi5rbckpzhbl1k5r8i53kcys4xdgg0xbi8765dfd"))))
+                "13jsbh1gwypjksim2fxlblj5wc2driwm4igrkcnbr6bpp34mh10g"))))
     (build-system gnu-build-system)
     (arguments '(#:configure-flags '("--with-default-audio=pulse")))
     (native-inputs `(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/mpd.scm b/gnu/packages/mpd.scm
index eb45974f6c..4ed0303be1 100644
--- a/gnu/packages/mpd.scm
+++ b/gnu/packages/mpd.scm
@@ -75,7 +75,7 @@ interfacing MPD in the C, C++ & Objective C languages.")
 (define-public mpd
   (package
     (name "mpd")
-    (version "0.20.9")
+    (version "0.20.10")
     (source (origin
               (method url-fetch)
               (uri
@@ -84,7 +84,7 @@ interfacing MPD in the C, C++ & Objective C languages.")
                               "/mpd-" version ".tar.xz"))
               (sha256
                (base32
-                "1dsfwd0i81x8m9idi7idm9612mpf1g5lzcy69h04nd9jks3a4xyd"))))
+                "089i9lh3fa8bix6v0sq0jgs7rkpk8l6q5lmdk6lip96vbh9c3ysj"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/mpi.scm b/gnu/packages/mpi.scm
index 93157e2692..517f912417 100644
--- a/gnu/packages/mpi.scm
+++ b/gnu/packages/mpi.scm
@@ -42,7 +42,7 @@
 (define-public hwloc
   (package
     (name "hwloc")
-    (version "1.11.7")
+    (version "1.11.8")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.open-mpi.org/software/hwloc/v"
@@ -50,7 +50,7 @@
                                   "/downloads/hwloc-" version ".tar.bz2"))
               (sha256
                (base32
-                "0acph1mf7588hfx8ds26ncr6nw5fd9x92adm11fwin7f93i10sdb"))))
+                "0karxv4r1r8sa7ki5aamlxdvyvz0bvzq4gdhq0yi5nc4a0k11vzc"))))
     (build-system gnu-build-system)
     (outputs '("out"           ;'lstopo' & co., depends on Cairo, libx11, etc.
                "lib"           ;small closure
@@ -132,9 +132,7 @@ bind processes, and much more.")
      `(("pkg-config" ,pkg-config)
        ("perl" ,perl)))
     (arguments
-     `(#:configure-flags `("--enable-builtin-atomics"
-
-                           "--enable-mpi-ext=affinity" ;cr doesn't work
+     `(#:configure-flags `("--enable-mpi-ext=affinity" ;cr doesn't work
                            "--enable-memchecker"
                            "--with-sge"
 
@@ -148,16 +146,21 @@ bind processes, and much more.")
                                            (assoc-ref %build-inputs "hwloc")))
        #:phases (modify-phases %standard-phases
                   (add-before 'build 'remove-absolute
-                    ;; Remove compiler absolute file names (OPAL_FC_ABSOLUTE
-                    ;; etc.) to reduce the closure size.  See
-                    ;; <https://lists.gnu.org/archive/html/guix-devel/2017-07/msg00388.html>
-                    ;; and
-                    ;; <https://www.mail-archive.com/users@lists.open-mpi.org//msg31397.html>.
                     (lambda _
+                      ;; Remove compiler absolute file names (OPAL_FC_ABSOLUTE
+                      ;; etc.) to reduce the closure size.  See
+                      ;; <https://lists.gnu.org/archive/html/guix-devel/2017-07/msg00388.html>
+                      ;; and
+                      ;; <https://www.mail-archive.com/users@lists.open-mpi.org//msg31397.html>.
                       (substitute* '("orte/tools/orte-info/param.c"
                                      "oshmem/tools/oshmem_info/param.c"
                                      "ompi/tools/ompi_info/param.c")
                         (("_ABSOLUTE") ""))
+                      ;; Avoid valgrind (which pulls in gdb etc.).
+                      (substitute*
+                          '("./ompi/mca/io/romio/src/io_romio_component.c")
+                        (("MCA_io_romio_COMPLETE_CONFIGURE_FLAGS")
+                         "\"[elided to reduce closure]\""))
                       #t))
                   (add-before 'build 'scrub-timestamps ;reproducibility
                     (lambda _
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index 56e6d26493..c01bbc6e71 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -5,7 +5,7 @@
 ;;; Copyright © 2016 Al McElrath <hello@yrns.org>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
-;;; Copyright © 2016, 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016, 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2016 John J. Foerch <jjfoerch@earthlink.net>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
@@ -45,6 +45,7 @@
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages backup)
   #:use-module (gnu packages base) ;libbdf
+  #:use-module (gnu packages bash)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages boost)
   #:use-module (gnu packages cdrom)
@@ -76,8 +77,9 @@
   #:use-module (gnu packages image)
   #:use-module (gnu packages imagemagick)
   #:use-module (gnu packages java)
-  #:use-module (gnu packages linux) ; for alsa-utils
   #:use-module (gnu packages libffi)
+  #:use-module (gnu packages linux) ; for alsa-utils
+  #:use-module (gnu packages lirc)
   #:use-module (gnu packages llvm)
   #:use-module (gnu packages man)
   #:use-module (gnu packages mp3)
@@ -675,7 +677,9 @@ Sega Master System/Mark III, Sega Genesis/Mega Drive, BBC Micro
               (("SHELL=/bin/sh") "SHELL=sh")
               ;; When checking the fontforge version do not consider the
               ;; version string that's part of the directory.
-              (("head -n") "tail -n"))
+              (("head -n") "tail -n")
+              ;; Also allow for SOURCE_DATE_EPOCH = 0 in fontforge.
+              (("20110222") "19700101"))
             (setenv "out" "www")
             (setenv "conf" "www")
             #t))
@@ -1084,7 +1088,7 @@ users to select LV2 plugins and run them with jalv.")
 (define-public synthv1
   (package
     (name "synthv1")
-    (version "0.8.3")
+    (version "0.8.4")
     (source (origin
               (method url-fetch)
               (uri
@@ -1092,7 +1096,7 @@ users to select LV2 plugins and run them with jalv.")
                               "/synthv1-" version ".tar.gz"))
               (sha256
                (base32
-                "1yqh7jx431q01f15b3h4dh038yvmc4jcsr3vn2175kqgwfj9jqcg"))))
+                "0awk2zx0xa6vl6ah24zz0k2mwsx50hh5g1rh32mp790fp4x7l5s8"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; There are no tests.
@@ -1118,7 +1122,7 @@ oscillators and stereo effects.")
 (define-public drumkv1
   (package
     (name "drumkv1")
-    (version "0.8.3")
+    (version "0.8.4")
     (source (origin
               (method url-fetch)
               (uri
@@ -1126,7 +1130,7 @@ oscillators and stereo effects.")
                               "/drumkv1-" version ".tar.gz"))
               (sha256
                (base32
-                "0rvdvc81j4b4n64i7jmk58khry28al8p73g71srdv1kw7j65f2zv"))))
+                "0qqpklzy4wgw9jy0v2810j06712q90bwc69fp7da82536ba058a9"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; There are no tests.
@@ -1153,7 +1157,7 @@ effects.")
 (define-public samplv1
   (package
     (name "samplv1")
-    (version "0.8.3")
+    (version "0.8.4")
     (source (origin
               (method url-fetch)
               (uri
@@ -1161,7 +1165,7 @@ effects.")
                               "/samplv1-" version ".tar.gz"))
               (sha256
                (base32
-                "1lbxrn24fg1z659zbaakzq6z8gbax6z16di9v9bhhslk8w2mndik"))))
+                "107p2xsj066q2bil0xcgqrrn7lawp02wzf7qmlajcbnd79jhsi6i"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; There are no tests.
@@ -1892,14 +1896,14 @@ computer's keyboard.")
 (define-public qtractor
   (package
     (name "qtractor")
-    (version "0.8.3")
+    (version "0.8.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://downloads.sourceforge.net/qtractor/"
                                   "qtractor-" version ".tar.gz"))
               (sha256
                (base32
-                "0ggqp2pz6r0pvapbbil51fh5185rn0i9kgzm9ff8r8y1135zllk8"))))
+                "17bbjfn94843g5q1h7xh23fwyazpfgg4fw6drrn5wgk2vx7qpkis"))))
     (build-system gnu-build-system)
     (arguments `(#:tests? #f)) ; no "check" target
     (inputs
@@ -3198,3 +3202,97 @@ specification and header.")
     ;; The DSSI interface is LGPL2.1+, some tests and examples are GPL2+.
     ;; The vast majority of examples are in the public domain.
     (license (list license:lgpl2.1+ license:gpl2+))))
+
+(define-public rosegarden
+  (package
+    (name "rosegarden")
+    (version "17.04")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "mirror://sourceforge/rosegarden/rosegarden/"
+                    version "/rosegarden-" version ".tar.bz2"))
+              (sha256
+               (base32
+                "1khfcj22asdhjh0jvhkqsz200wgmigkhsrcz09ffia5hqm0n32lq"))))
+    (build-system cmake-build-system)
+    (arguments
+     `(#:configure-flags '("-DUSE_QT5=1") ; "-DCMAKE_BUILD_TYPE=Release"
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-tests
+           (lambda _
+             (substitute* "CMakeLists.txt"
+               (("BUILD_TESTING OFF") "BUILD_TESTING ON")
+               ;; Make tests work.
+               ((" -fvisibility=hidden") ""))
+             #t))
+         (add-after 'unpack 'fix-references
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "src/gui/general/ProjectPackager.cpp"
+               (("\"flac\\>")
+                (string-append "\"" (assoc-ref inputs "flac") "/bin/flac"))
+               (("\"wavpack\\>")
+                (string-append "\"" (assoc-ref inputs "wavpack") "/bin/wavpack"))
+               (("\"wvunpack\\>")
+                (string-append "\"" (assoc-ref inputs "wavpack") "/bin/wvunpack"))
+               (("\"bash\\>")
+                (string-append "\"" (assoc-ref inputs "bash") "/bin/bash"))
+               (("\"tar\\>")
+                (string-append "\"" (assoc-ref inputs "tar") "/bin/tar")))
+             (substitute* "src/gui/general/LilyPondProcessor.cpp"
+               (("\"convert-ly\\>")
+                (string-append "\"" (assoc-ref inputs "lilypond") "/bin/convert-ly"))
+               (("\"lilypond\\>")
+                (string-append "\"" (assoc-ref inputs "lilypond") "/bin/lilypond")))
+             #t))
+         (add-after 'unpack 'make-reproducible
+           (lambda _
+             ;; Prevent Last-Modified from being written.
+             ;; The "*.qm" files that are used in locale.qrc would have a new
+             ;; mtime otherwise that is written into qrc_locale.cpp in the
+             ;; end - except when we disable it.
+             (substitute* "src/CMakeLists.txt"
+               (("COMMAND [$][{]QT_RCC_EXECUTABLE[}]")
+                "COMMAND ${QT_RCC_EXECUTABLE} --format-version 1")
+               ;; Extraneous.
+               ;(("qt5_add_resources[(]rg_SOURCES ../data/data.qrc[)]")
+               ; "qt5_add_resources(rg_SOURCES ../data/data.qrc OPTIONS --format-version 1)")
+                )
+             ;; Make hashtable traversal order predicable.
+             (setenv "QT_RCC_TEST" "1") ; important
+             #t))
+         (add-before 'check 'prepare-check
+           (lambda _
+             (setenv "QT_QPA_PLATFORM" "offscreen")
+             ;; Tests create files in $HOME/.local/share/rosegarden .
+             (mkdir-p "/tmp/foo")
+             (setenv "HOME" "/tmp/foo")
+             #t)))))
+    (inputs
+     `(("alsa-lib" ,alsa-lib)
+       ("bash" ,bash)
+       ("dssi" ,dssi)
+       ("flac" ,flac)
+       ("fftwf" ,fftwf)
+       ("jack-2" ,jack-2)
+       ("ladspa" ,ladspa)
+       ("liblo" ,liblo)
+       ("libsamplerate" ,libsamplerate)
+       ("lilypond" ,lilypond)
+       ("lrdf" ,lrdf)
+       ("qtbase" ,qtbase)
+       ("tar" ,tar)
+       ("lirc" ,lirc)
+       ("wavpack" ,wavpack)
+       ("zlib" ,zlib)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("qtlinguist" ,qttools)))
+    (synopsis "Music composition and editing environment based around a MIDI
+sequencer")
+    (description "Rosegarden is a music composition and editing environment
+based around a MIDI sequencer that features a rich understanding of music
+notation and includes basic support for digital audio.")
+    (home-page "http://www.rosegardenmusic.com/")
+    (license license:gpl2)))
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 2730f0c02e..418d11ad07 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -483,7 +483,7 @@ which can be used to encrypt a password with @code{crypt(3)}.")
 (define-public wireshark
   (package
     (name "wireshark")
-    (version "2.4.0")
+    (version "2.4.1")
     (source
      (origin
        (method url-fetch)
@@ -491,7 +491,7 @@ which can be used to encrypt a password with @code{crypt(3)}.")
                            version ".tar.xz"))
        (sha256
         (base32
-         "011vvrj76z1azkpvyy2j40b1x1z56ymld508zfc4xw3gh8dv82w9"))))
+         "1k8zj44pkb2ny2x46f100y7cxddm1kh0zh7f6qggm78gn7wvrp82"))))
     (build-system gnu-build-system)
     (inputs `(("c-ares" ,c-ares)
               ("glib" ,glib)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 2cebabbcaf..805b81bd2e 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -40,16 +40,14 @@
 (define-public node
   (package
     (name "node")
-    (version "8.1.2")
+    (version "8.4.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://nodejs.org/dist/v" version
                                   "/node-v" version ".tar.gz"))
               (sha256
                (base32
-                "0l92gar1pivzaiwffiiiz2f2m5k39sl5fphlfnvy0ml9hrjb65yp"))
-              ;; https://github.com/nodejs/node/pull/9077
-              (patches (search-patches "node-9077.patch"))))
+                "1vrpc4lspm33hmb8c2q4w1fzg3iaip2gx4wpr4nyy417hbx1a6k4"))))
     (build-system gnu-build-system)
     (arguments
      ;; TODO: Purge the bundled copies from the source.
@@ -78,10 +76,9 @@
                (("'/usr/bin/env'")
                 (string-append "'" (which "env") "'")))
 
-             ;; Having the build fail because of linter errors is insane!
+             ;; Linting is no longer supported in the release tarball
              (substitute* '("Makefile")
-               (("	\\$\\(MAKE\\) jslint") "")
-               (("	\\$\\(MAKE\\) cpplint\n") ""))
+               (("	\\$\\(MAKE\\) lint") ""))
 
              ;; FIXME: This test seems to depends on files that are not
              ;; available in the bundled v8. See
@@ -95,6 +92,7 @@
                          "test/parallel/test-util-inspect.js"
                          "test/parallel/test-v8-serdes.js"
                          "test/parallel/test-dgram-membership.js"
+                         "test/parallel/test-dns-resolveany.js"
                          "test/parallel/test-cluster-master-error.js"
                          "test/parallel/test-cluster-master-kill.js"
                          "test/parallel/test-npm-install.js"
diff --git a/gnu/packages/ntp.scm b/gnu/packages/ntp.scm
index 959aa55a76..f77eab4799 100644
--- a/gnu/packages/ntp.scm
+++ b/gnu/packages/ntp.scm
@@ -3,7 +3,7 @@
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
 ;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -98,14 +98,14 @@ computers over a network.")
 (define-public openntpd
   (package
     (name "openntpd")
-    (version "6.1p1")
+    (version "6.2p2")
     (source (origin
               (method url-fetch)
               (uri (string-append
                     "mirror://openbsd/OpenNTPD/" name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1ykx9ga76k5m54h7k5x4ds2clxsyfniss5vmf88pxnrip5bx6if8"))))
+                "1chghbh1bnwhxdgkqki51w94nwvlyj1a9q8716r4v2h0gc9s822q"))))
     (build-system gnu-build-system)
     (home-page "http://www.openntpd.org/")
     (synopsis "NTP client and server by the OpenBSD Project")
diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm
index 43bbdcd6e2..aa2f006674 100644
--- a/gnu/packages/ocaml.scm
+++ b/gnu/packages/ocaml.scm
@@ -41,12 +41,14 @@
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages libevent)
+  #:use-module (gnu packages llvm)
   #:use-module (gnu packages m4)
   #:use-module (gnu packages multiprecision)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages pcre)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages protobuf)
   #:use-module (gnu packages python)
   #:use-module (gnu packages tex)
   #:use-module (gnu packages texinfo)
@@ -575,6 +577,46 @@ assistant to write formal mathematical proofs using a variety of theorem
 provers.")
     (license license:gpl2+)))
 
+(define-public emacs-tuareg
+  (package
+    (name "emacs-tuareg")
+    (version "2.0.10")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/ocaml/tuareg/archive/"
+                                  version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1r2smclcs63n74lcyckbp90j09wyjdngn816cqzfkw54iwh3hd7q"))))
+    (build-system gnu-build-system)
+    (native-inputs `(("emacs" ,emacs-minimal)
+                     ("opam" ,opam)))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (add-before 'install 'fix-install-path
+           (lambda* (#:key outputs #:allow-other-keys)
+             (substitute* "Makefile"
+               (("/emacs/site-lisp")
+                (string-append (assoc-ref %outputs "out")
+                               "/share/emacs/site-lisp/")))
+             #t))
+         (add-after 'install 'post-install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (symlink "tuareg.el"
+                      (string-append (assoc-ref outputs "out")
+                                     "/share/emacs/site-lisp/"
+                                     "tuareg-autoloads.el"))
+             #t)))))
+    (home-page "https://github.com/ocaml/tuareg")
+    (synopsis "OCaml programming mode, REPL, debugger for Emacs")
+    (description "Tuareg helps editing OCaml code, to highlight important
+parts of the code, to run an OCaml REPL, and to run the OCaml debugger within
+Emacs.")
+    (license license:gpl2+)))
+
 (define-public ocaml-menhir
   (package
     (name "ocaml-menhir")
@@ -1591,9 +1633,9 @@ lets the client choose the concrete timeline.")
                  #:make-flags (list "OCAMLFIND_LDCONF=ignore")
                  #:phases
                  (modify-phases %standard-phases
-                   (add-before 'configure 'bootstrap
+                   (add-after 'unpack 'bootstrap
                      (lambda* (#:key #:allow-other-keys)
-                       (system* "./bootstrap")
+                       (system* "sh" "bootstrap")
                        (substitute* "src/OCamlMakefile"
                          (("/bin/sh") (which "bash")))
                        (substitute* "configure"
@@ -3157,6 +3199,355 @@ writing to these structures, and they are accessed via the Bigarray module.")
     (description "Hex is a minimal library providing hexadecimal converters.")
     (license license:isc)))
 
+(define-public ocaml-ezjsonm
+  (package
+    (name "ocaml-ezjsonm")
+    (version "0.4.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/mirage/ezjsonm/archive/"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "1kag0z2xlk4rw73a240dmkxh9rj6psxxcxkm7d7z0rrj6hzjajgq"))
+              (file-name (string-append name "-" version ".tar.gz"))))
+    (build-system ocaml-build-system)
+    (native-inputs
+     `(("alcotest" ,ocaml-alcotest)))
+    (propagated-inputs
+     `(("hex" ,ocaml-hex)
+       ("jsonm" ,ocaml-jsonm)
+       ("lwt" ,ocaml-lwt)
+       ("sexplib" ,ocaml-sexplib)))
+    (arguments
+     `(#:configure-flags (list "--enable-lwt")))
+    (home-page "https://github.com/mirage/ezjsonm/")
+    (synopsis "Read and write JSON data")
+    (description "Ezjsonm provides more convenient (but far less flexible) input
+and output functions that go to and from [string] values than jsonm.  This avoids
+the need to write signal code, which is useful for quick scripts that manipulate
+JSON.")
+    (license license:isc)))
+
+(define-public ocaml-uri
+  (package
+    (name "ocaml-uri")
+    (version "1.9.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/mirage/ocaml-uri/archive/v"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "02bzrag79prx261rxf9mlak749pwf4flpfl8p012x1xznv9m0clc"))
+              (file-name (string-append name "-" version ".tar.gz"))))
+    (build-system ocaml-build-system)
+    (native-inputs
+     `(("ounit" ,ocaml-ounit)))
+    (propagated-inputs
+     `(("ppx-sexp-conv" ,ocaml-ppx-sexp-conv)
+       ("re" ,ocaml-re)
+       ("ppx-deriving" ,ocaml-ppx-deriving)
+       ("sexplib" ,ocaml-sexplib)
+       ("stringext" ,ocaml-stringext)))
+    (home-page "https://github.com/mirage/ocaml-uri")
+    (synopsis "RFC3986 URI/URL parsing library")
+    (description "OCaml-uri is a library for parsing URI/URL in the RFC3986 format.")
+    (license license:isc)))
+
+(define-public ocaml-easy-format
+  (package
+    (name "ocaml-easy-format")
+    (version "1.2.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/mjambon/easy-format/"
+                                  "archive/v" version ".tar.gz"))
+              (sha256
+               (base32
+                "1zcz682y9figa84k7lgdjcab5qbzk3yy14ygfqp2dhhrvjygm252"))
+              (file-name (string-append name "-" version ".tar.gz"))))
+    (build-system ocaml-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (delete 'configure))))
+    (home-page "https://github.com/mjambon/easy-format")
+    (synopsis "Interface to the Format module")
+    (description "Easy-format is a high-level and functional interface to the
+Format module of the OCaml standard library.")
+    (license license:bsd-3)))
+
+(define-public optcomp
+  (package
+    (name "optcomp")
+    (version "1.6")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/diml/optcomp/archive/"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "0hhhb2gisah1h22zlg5iszbgqxdd7x85cwd57bd4mfkx9l7dh8jh"))
+              (file-name (string-append name "-" version ".tar.gz"))))
+    (build-system ocaml-build-system)
+    (arguments
+     `(#:use-make? #t
+       #:make-flags
+       (list (string-append "BUILDFLAGS=\"-cflags -I,"
+                            (assoc-ref %build-inputs "camlp4")
+                            "/lib/ocaml/site-lib/camlp4/Camlp4Parsers\""))))
+    (native-inputs `(("camlp4" ,camlp4)))
+    (propagated-inputs `(("camlp4" ,camlp4)))
+    (home-page "https://github.com/diml/optcomp")
+    (synopsis "Optional compilation for OCaml")
+    (description "Optcomp provides an optional compilation facility with
+cpp-like directives.")
+    (license license:bsd-3)))
+
+(define-public ocaml-piqilib
+  (package
+    (name "ocaml-piqilib")
+    (version "0.6.13")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/alavrik/piqi/archive/v"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "1whqr2bb3gds2zmrzqnv8vqka9928w4lx6mi6g244kmbwb2h8d8l"))
+              (file-name (string-append name "-" version ".tar.gz"))))
+    (build-system ocaml-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'fix-ocamlpath
+           (lambda _
+             (substitute* '("Makefile" "make/Makefile.ocaml")
+               (("OCAMLPATH := ") "OCAMLPATH := $(OCAMLPATH):"))
+             #t))
+         (replace 'configure
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (substitute* "make/OCamlMakefile"
+                 (("/bin/sh") (which "bash")))
+               (zero? (system* "./configure" "--prefix" out "--ocaml-libdir"
+                               (string-append out "/lib/ocaml/site-lib"))))))
+       (add-after 'build 'build-ocaml
+         (lambda* (#:key outputs #:allow-other-keys)
+           (zero? (system* "make" "ocaml")))) 
+       (add-after 'install 'install-ocaml
+         (lambda* (#:key outputs #:allow-other-keys)
+           (zero? (system* "make" "ocaml-install"))))
+       (add-after 'install-ocaml 'link-stubs
+         (lambda* (#:key outputs #:allow-other-keys)
+           (let* ((out (assoc-ref outputs "out"))
+                  (stubs (string-append out "/lib/ocaml/site-lib/stubslibs"))
+                  (lib (string-append out "/lib/ocaml/site-lib/piqilib")))
+             (mkdir-p stubs)
+             (symlink (string-append lib "/dllpiqilib_stubs.so")
+                      (string-append stubs "/dllpiqilib_stubs.so"))
+             #t))))))
+    (native-inputs
+     `(("which" ,which)
+       ("camlp4" ,camlp4)))
+    (propagated-inputs
+     `(("xmlm" ,ocaml-xmlm)
+       ("ulex" ,ocaml-ulex)
+       ("optcomp" ,optcomp)
+       ("easy-format" ,ocaml-easy-format)
+       ("base64" ,ocaml-base64)))
+    (home-page "http://piqi.org")
+    (synopsis "Data serialization and conversion library")
+    (description "Piqilib is the common library used by the piqi command-line
+tool and piqi-ocaml.")
+    (license license:asl2.0)))
+
+(define-public ocaml-uuidm
+  (package
+    (name "ocaml-uuidm")
+    (version "0.9.6")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://erratique.ch/software/uuidm/"
+                                  "releases/uuidm-" version ".tbz"))
+              (sha256
+               (base32
+                "0hz4fdx0x16k0pw9995vkz5d1hmzz6b16wck9li399rcbfnv5jlc"))))
+    (build-system ocaml-build-system)
+    (arguments
+     `(#:build-flags
+       (list "build" "--tests" "true" "--with-cmdliner" "true")
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure))))
+    (native-inputs
+     `(("opam" ,opam)))
+    (propagated-inputs
+     `(("cmdliner" ,ocaml-cmdliner)
+       ("topkg" ,ocaml-topkg)))
+    (home-page "http://erratique.ch/software/uuidm")
+    (synopsis "Universally unique identifiers for OCaml")
+    (description "Uuidm is an OCaml module implementing 128 bits universally
+unique identifiers (UUIDs) version 3, 5 (named based with MD5, SHA-1 hashing)
+and 4 (random based) according to RFC 4122.")
+    (license license:isc)))
+
+(define-public ocaml-graph
+  (package
+    (name "ocaml-graph")
+    (version "1.8.7")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://ocamlgraph.lri.fr/download/"
+                                  "ocamlgraph-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1845r537swjil2fcj7lgbibc2zybfwqqasrd2s7bncajs83cl1nz"))
+              (patches (search-patches "ocaml-graph-honor-source-date-epoch.patch"))))
+    (build-system ocaml-build-system)
+    (arguments
+     `(#:install-target "install-findlib"
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'set-shell
+           (lambda* (#:key inputs #:allow-other-keys)
+             (setenv "CONFIG_SHELL" (string-append (assoc-ref inputs "bash")
+                                                   "/bin/sh")))))))
+    (inputs `(("lablgtk" ,lablgtk)))
+    (home-page "http://ocamlgraph.lri.fr/")
+    (synopsis "Graph library for OCaml")
+    (description "OCamlgraph is a generic graph library for OCaml.")
+    (license license:lgpl2.1)))
+
+(define-public ocaml-piqi
+  (package
+    (name "ocaml-piqi")
+    (version "0.7.5")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/alavrik/piqi-ocaml/"
+                                  "archive/v" version ".tar.gz"))
+              (sha256
+               (base32
+                "0ngz6y8i98i5v2ma8nk6mc83pdsmf2z0ks7m3xi6clfg3zqbddrv"))))
+    (build-system ocaml-build-system)
+    (arguments
+     `(#:make-flags
+       (list (string-append "DESTDIR=" (assoc-ref %outputs "out"))
+             (string-append "SHELL=" (assoc-ref %build-inputs "bash")
+                            "/bin/sh"))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure))))
+    (native-inputs
+     `(("which" ,which)
+       ("protobuf" ,protobuf))) ; for tests
+    (propagated-inputs
+     `(("piqilib" ,ocaml-piqilib)))
+    (home-page "https://github.com/alavrik/piqi-ocaml")
+    (synopsis "Protocol serialization system for OCaml")
+    (description "Piqi is a multi-format data serialization system for OCaml.
+It provides a uniform interface for serializing OCaml data structures to JSON,
+XML and Protocol Buffers formats.")
+    (license license:asl2.0)))
+
+(define-public bap
+  (package
+    (name "bap")
+    (version "1.1.0")
+    (home-page "https://github.com/BinaryAnalysisPlatform/bap")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append home-page "/archive/v" version ".tar.gz"))
+              (sha256
+               (base32
+                "1ms95m4j1qrmy7zqmsn2izh7gq68lnmssl7chyhk977kd3sxj66m"))
+              (file-name (string-append name "-" version ".tar.gz"))))
+   (build-system ocaml-build-system)
+   (native-inputs
+    `(("oasis" ,ocaml-oasis)
+      ("clang" ,clang)
+      ("ounit" ,ocaml-ounit)))
+   (propagated-inputs
+    `(("core-kernel" ,ocaml-core-kernel)
+      ("ppx-driver" ,ocaml-ppx-driver)
+      ("uri" ,ocaml-uri)
+      ("llvm" ,llvm)
+      ("gmp" ,gmp)
+      ("clang-runtime" ,clang-runtime)
+      ("fileutils" ,ocaml-fileutils)
+      ("cmdliner" ,ocaml-cmdliner)
+      ("zarith" ,ocaml-zarith)
+      ("uuidm" ,ocaml-uuidm)
+      ("camlzip" ,camlzip)
+      ("frontc" ,ocaml-frontc)
+      ("ezjsonm" ,ocaml-ezjsonm)
+      ("ocurl" ,ocaml-ocurl)
+      ("piqi" ,ocaml-piqi)
+      ("ocamlgraph" ,ocaml-graph)
+      ("bitstring" ,ocaml-bitstring)
+      ("ppx-jane" ,ocaml-ppx-jane)
+      ("re" ,ocaml-re)))
+   (inputs `(("llvm" ,llvm)))
+   (arguments
+    `(#:use-make? #t
+      #:phases
+      (modify-phases %standard-phases
+        (replace 'configure
+          (lambda* (#:key outputs #:allow-other-keys)
+            (zero? (system* "./configure" "--prefix"
+                            (assoc-ref outputs "out")
+                            "--libdir"
+                            (string-append
+                              (assoc-ref outputs "out")
+                              "/lib/ocaml/site-lib")
+                            "--with-llvm-version=3.8"
+                            "--with-llvm-config=llvm-config"
+                            "--enable-everything"))))
+        (add-after 'install 'link-stubs
+          (lambda* (#:key outputs #:allow-other-keys)
+            (let* ((out (assoc-ref outputs "out"))
+                   (stubs (string-append out "/lib/ocaml/site-lib/stubslibs"))
+                   (lib (string-append out "/lib/ocaml/site-lib/bap-plugin-llvm")))
+              (mkdir-p stubs)
+              (symlink (string-append lib "/dllllvm_plugin_stubs.so")
+                       (string-append stubs "/dllllvm_plugin_stubs.so"))))))))
+   (synopsis "Binary Analysis Platform")
+   (description "Binary Analysis Platform is a framework for writing program
+analysis tools, that target binary files.  The framework consists of a plethora
+of libraries, plugins, and frontends.  The libraries provide code reusability,
+the plugins facilitate extensibility, and the frontends serve as entry points.")
+   (license license:expat)))
+
+(define-public ocaml-camomile
+  (package
+    (name "ocaml-camomile")
+    (version "0.8.5")
+    (home-page "https://github.com/yoriyuki/Camomile")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append home-page "/releases/download/rel-" version
+                                  "/camomile-" version ".tar.bz2"))
+              (sha256
+               (base32
+                "003ikpvpaliy5hblhckfmln34zqz0mk3y2m1fqvbjngh3h2np045"))))
+    (build-system ocaml-build-system)
+    (native-inputs `(("camlp4" ,camlp4)))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'fix-bin/sh
+           (lambda _
+             (setenv "CONFIG_SHELL" (which "bash")))))))
+    (synopsis "Comprehensive Unicode library")
+    (description "Camomile is a Unicode library for OCaml.  Camomile provides
+Unicode character type, UTF-8, UTF-16, UTF-32 strings, conversion to/from about
+200 encodings, collation and locale-sensitive case mappings, and more.  The
+library is currently designed for Unicode Standard 3.2.")
+    ;; with an exception for linked libraries to use a different license
+    (license license:lgpl2.0+)))
+
 (define-public coq-flocq
   (package
     (name "coq-flocq")
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 9a510fc9ef..1efb30e800 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -79,8 +79,8 @@
   ;; Note: the 'update-guix-package.scm' script expects this definition to
   ;; start precisely like this.
   (let ((version "0.13.0")
-        (commit "228a3982df157847554abc9d0831d687264d8ebd")
-        (revision 5))
+        (commit "a9468b422b6df2349a3f4d1451c9302c3d77011b")
+        (revision 6))
     (package
       (name "guix")
 
@@ -96,7 +96,7 @@
                       (commit commit)))
                 (sha256
                  (base32
-                  "1gnc1w9kby7db9jih4xwrhrv0j57zy09lmr85gbmcqna6bx3wypw"))
+                  "0bv323yp657x0a2aa2z5pp5541hjqmn908kh9jqlbdw5gpx9vg3d"))
                 (file-name (string-append "guix-" version "-checkout"))))
       (build-system gnu-build-system)
       (arguments
@@ -293,10 +293,11 @@ generated file."
      #t)))
 
 (define-public current-guix
-  (let ((select? (delay (or (git-predicate
-                             (string-append (current-source-directory)
-                                            "/../.."))
-                            source-file?))))
+  (let* ((repository-root (canonicalize-path
+                           (string-append (current-source-directory)
+                                          "/../..")))
+         (select? (delay (or (git-predicate repository-root)
+                             source-file?))))
     (lambda ()
       "Return a package representing Guix built from the current source tree.
 This works by adding the current source tree to the store (after filtering it
@@ -304,7 +305,7 @@ out) and returning a package that uses that as its 'source'."
       (package
         (inherit guix)
         (version (string-append (package-version guix) "+"))
-        (source (local-file "../.." "guix-current"
+        (source (local-file repository-root "guix-current"
                             #:recursive? #t
                             #:select? (force select?)))))))
 
@@ -518,7 +519,7 @@ transactions from C or Python.")
               ("python-libarchive-c" ,python-libarchive-c)
               ("python-tlsh" ,python-tlsh)
               ("colordiff" ,colordiff)
-              ("xxd" ,vim)
+              ("xxd" ,xxd)
 
               ;; Below are modules used for tests.
               ("python-pytest" ,python-pytest)
diff --git a/gnu/packages/parallel.scm b/gnu/packages/parallel.scm
index db04a5704e..739c51e396 100644
--- a/gnu/packages/parallel.scm
+++ b/gnu/packages/parallel.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Pjotr Prins <pjotr.guix@thebird.nl>
 ;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
@@ -45,7 +45,7 @@
 (define-public parallel
   (package
     (name "parallel")
-    (version "20170822")
+    (version "20170922")
     (source
      (origin
       (method url-fetch)
@@ -53,7 +53,7 @@
                           version ".tar.bz2"))
       (sha256
        (base32
-        "0j4i0dfbk1i37mcdl7l5ynsldp8biqnbm32sm0cl26by0nivyjc9"))))
+        "0r8mdnmimdf4n6q5k0l8zdql83ka5plrb5qm3rcgkcfwmnk0p0k1"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -136,9 +136,8 @@ and they are executed on lists of files, hosts, users or other items.")
             (string-append "--with-ssl=" (assoc-ref %build-inputs "openssl")))
       #:phases
       (modify-phases %standard-phases
-       (add-before
-        'configure 'autogen
-        (lambda _ (zero? (system* "autoconf"))))))) ; configure.ac was patched
+        (add-after 'unpack 'autogen
+          (lambda _ (zero? (system* "autoconf"))))))) ; configure.ac was patched
    (home-page "http://slurm.schedmd.com/")
    (synopsis "Workload manager for cluster computing")
    (description
diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm
index bde1ea8544..52689a71d5 100644
--- a/gnu/packages/password-utils.scm
+++ b/gnu/packages/password-utils.scm
@@ -11,6 +11,7 @@
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Jelle Licht <jlicht@fsfe.org>
+;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -41,10 +42,13 @@
   #:use-module (gnu packages freedesktop)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnupg)
+  #:use-module (gnu packages gnuzilla)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages guile)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages man)
+  #:use-module (gnu packages multiprecision)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
@@ -480,3 +484,97 @@ use pass, the standard unix password manager, as the credential backend for
 your git repositories.  This is achieved by explicitly defining mappings
 between hosts and entries in the password store.")
     (license license:lgpl3+)))
+
+(define-public john-the-ripper-jumbo
+  (let ((official-version "1.8.0")
+        (jumbo-version "1"))
+    (package
+      (name "john-the-ripper-jumbo")
+      (version (string-append official-version "-" jumbo-version))
+      (source
+       (origin
+         (method url-fetch)
+         (uri (string-append "http://www.openwall.com/john/j/john-"
+                             official-version "-jumbo-" jumbo-version ".tar.xz"))
+         (sha256
+          (base32
+           "08q92sfdvkz47rx6qjn7qv57cmlpy7i7rgddapq5384mb413vjds"))
+         (patches
+          (list (origin
+                  (method url-fetch)
+                  (uri (string-append "https://github.com/magnumripper/"
+                                      "JohnTheRipper/commit/"
+                                      "e2e868db3e153b3f959e119a51703d4afb99c624.patch"))
+                  (file-name "john-the-ripper-jumbo-gcc5-inline.patch")
+                  (sha256
+                   (base32
+                    "1shvcf1y2097115mxhzdkm64dr106a8zr6pqjqyh171q5ng5vfra")))
+                (origin
+                  (method url-fetch)
+                  (uri (string-append "https://github.com/magnumripper/"
+                                      "JohnTheRipper/commit/"
+                                      "480e95b0e449863be3e1a5b0bc634a67df28b618.patch"))
+                  (file-name "john-the-ripper-jumbo-non-x86.patch")
+                  (sha256
+                   (base32
+                    "1ffd9dvhk0sb6ss8dv5yalh01lz30i7rilqilf2xv68gax2hyjqx")))))))
+      (build-system gnu-build-system)
+      (inputs
+       `(("gmp" ,gmp)
+         ("krb5" ,mit-krb5)
+         ("libpcap" ,libpcap)
+         ("nss" ,nss)
+         ("openssl" ,openssl)
+         ("zlib" ,zlib)))
+      (arguments
+       `(#:configure-flags
+         (list (string-append
+                "CFLAGS=-O2 -g "
+                "-DJOHN_SYSTEMWIDE=1 "
+                "-DJOHN_SYSTEMWIDE_EXEC='\"" %output "/libexec/john\"' "
+                "-DJOHN_SYSTEMWIDE_HOME='\"" %output "/share/john\"'")
+               ;; For now, do not test for instruction set in configure, and
+               ;; do not pass '-march=native' to gcc:
+               "--disable-native-tests"
+               "--disable-native-macro")
+         #:tests? #f ;tests try to create '.john' in the build user's $HOME
+         #:phases
+         (modify-phases %standard-phases
+           (add-before 'configure 'chdir-src
+             (lambda _ (chdir "src")))
+           (replace 'install
+             (lambda _
+               (let ((bindir (string-append %output "/bin"))
+                     (docdir (string-append %output "/share/doc/john"))
+                     (execdir (string-append %output "/libexec/john"))
+                     (homedir (string-append %output "/share/john"))
+                     (install-file-to (lambda (dir)
+                                        (lambda (f) (install-file f dir))))
+                     (symlink? (lambda (_ s) (eq? (stat:type s) 'symlink))))
+                 (with-directory-excursion "../run"
+                   (for-each (install-file-to execdir)
+                             (cons* "mailer" "benchmark-unify"
+                                    (find-files "." ".*\\.(py|rb|pl)")))
+                   (for-each (install-file-to homedir)
+                             (append (find-files "." "(stats|dictionary.*)")
+                                     (find-files "." "(.*\\.chr|.*\\.lst)")
+                                     (find-files "." ".*\\.conf")))
+                   (for-each (install-file-to bindir)
+                             '("tgtsnarf" "genmkvpwd" "mkvcalcproba"
+                               "raw2dyna" "luks2john" "vncpcap2john"
+                               "uaf2john" "calc_stat" "wpapcap2john"
+                               "cprepair" "relbench"  "SIPdump" "john"))
+                   (for-each (lambda (f) ;install symlinked aliases
+                               (symlink "john"
+                                        (string-append bindir "/" (basename f))))
+                             (find-files "." symlink?)))
+                 (copy-recursively "../doc" docdir)
+                 #t))))))
+      (home-page "http://www.openwall.com/john/")
+      (synopsis "Password cracker")
+      (description "John the Ripper is a fast password cracker.  Its primary
+purpose is to detect weak Unix passwords.  Besides several @code{crypt}
+password hash types most commonly found on various Unix systems, supported out
+of the box are Windows LM hashes, plus lots of other hashes and ciphers.  This
+is the community-enhanced, \"jumbo\" version of John the Ripper.")
+      (license license:gpl2+))))
diff --git a/gnu/packages/patches/bluez-CVE-2017-1000250.patch b/gnu/packages/patches/bluez-CVE-2017-1000250.patch
new file mode 100644
index 0000000000..81f209d7b2
--- /dev/null
+++ b/gnu/packages/patches/bluez-CVE-2017-1000250.patch
@@ -0,0 +1,42 @@
+Description: CVE-2017-1000250: information disclosure vulnerability in service_search_attr_req
+Origin: vendor
+Bug-Debian: https://bugs.debian.org/875633
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1489446
+Bug-SuSE: https://bugzilla.suse.com/show_bug.cgi?id=1057342
+Forwarded: no
+Author: Armis Security <security@armis.com>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2017-09-13
+
+--- a/src/sdpd-request.c
++++ b/src/sdpd-request.c
+@@ -918,15 +918,20 @@ static int service_search_attr_req(sdp_r
+ 		/* continuation State exists -> get from cache */
+ 		sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);
+ 		if (pCache) {
+-			uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
+-			pResponse = pCache->data;
+-			memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
+-			buf->data_size += sent;
+-			cstate->cStateValue.maxBytesSent += sent;
+-			if (cstate->cStateValue.maxBytesSent == pCache->data_size)
+-				cstate_size = sdp_set_cstate_pdu(buf, NULL);
+-			else
+-				cstate_size = sdp_set_cstate_pdu(buf, cstate);
++			if (cstate->cStateValue.maxBytesSent >= pCache->data_size) {
++				status = SDP_INVALID_CSTATE;
++				SDPDBG("Got bad cstate with invalid size");
++			} else {
++				uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
++				pResponse = pCache->data;
++				memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
++				buf->data_size += sent;
++				cstate->cStateValue.maxBytesSent += sent;
++				if (cstate->cStateValue.maxBytesSent == pCache->data_size)
++					cstate_size = sdp_set_cstate_pdu(buf, NULL);
++				else
++					cstate_size = sdp_set_cstate_pdu(buf, cstate);
++			}
+ 		} else {
+ 			status = SDP_INVALID_CSTATE;
+ 			SDPDBG("Non-null continuation state, but null cache buffer");
diff --git a/gnu/packages/patches/calibre-drop-unrar.patch b/gnu/packages/patches/calibre-drop-unrar.patch
deleted file mode 100644
index adf977b183..0000000000
--- a/gnu/packages/patches/calibre-drop-unrar.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-Recreated old debian patch on the latest calibre version
-
-From 6764e4c211e50d4f4633dbabfba7cbc3089c51dc Mon Sep 17 00:00:00 2001
-From: Brendan Tildesley <brendan.tildesley@openmailbox.org>
-Date: Sat, 13 May 2017 21:12:12 +1000
-Subject: [PATCH] Remove unrar extension
-
----
- setup/extensions.json                  | 11 -----------
- src/calibre/ebooks/metadata/archive.py |  2 +-
- 2 files changed, 1 insertion(+), 12 deletions(-)
-
-diff --git a/setup/extensions.json b/setup/extensions.json
-index 1f6d1fb5fd..127390450f 100644
---- a/setup/extensions.json
-+++ b/setup/extensions.json
-@@ -211,16 +211,5 @@
-         "sources": "calibre/devices/mtp/unix/devices.c calibre/devices/mtp/unix/libmtp.c",
-         "headers": "calibre/devices/mtp/unix/devices.h calibre/devices/mtp/unix/upstream/music-players.h calibre/devices/mtp/unix/upstream/device-flags.h",
-         "libraries": "mtp"
--    },
--    {
--        "name": "unrar",
--        "sources": "unrar/rar.cpp unrar/strlist.cpp unrar/strfn.cpp unrar/pathfn.cpp unrar/savepos.cpp unrar/smallfn.cpp unrar/global.cpp unrar/file.cpp unrar/filefn.cpp unrar/filcreat.cpp unrar/archive.cpp unrar/arcread.cpp unrar/unicode.cpp unrar/system.cpp unrar/isnt.cpp unrar/crypt.cpp unrar/crc.cpp unrar/rawread.cpp unrar/encname.cpp unrar/resource.cpp unrar/match.cpp unrar/timefn.cpp unrar/rdwrfn.cpp unrar/consio.cpp unrar/options.cpp unrar/ulinks.cpp unrar/errhnd.cpp unrar/rarvm.cpp unrar/secpassword.cpp unrar/rijndael.cpp unrar/getbits.cpp unrar/sha1.cpp unrar/extinfo.cpp unrar/extract.cpp unrar/volume.cpp unrar/list.cpp unrar/find.cpp unrar/unpack.cpp unrar/cmddata.cpp unrar/filestr.cpp unrar/scantree.cpp calibre/utils/unrar.cpp",
--        "inc_dirs": "unrar",
--        "defines": "SILENT RARDLL UNRAR _FILE_OFFSET_BITS=64 _LARGEFILE_SOURCE",
--        "windows_defines": "SILENT RARDLL UNRAR",
--        "haiku_defines": "LITTLE_ENDIAN SILENT RARDLL UNRAR _FILE_OFFSET_BITS=64 _LARGEFILE_SOURCE _BSD_SOURCE",
--        "haiku_libraries": "bsd",
--        "optimize_level": 2,
--        "windows_libraries": "User32 Advapi32 kernel32 Shell32"
-     }
- ]
-diff --git a/src/calibre/ebooks/metadata/archive.py b/src/calibre/ebooks/metadata/archive.py
-index f5c0b7bed3..32257dcdae 100644
---- a/src/calibre/ebooks/metadata/archive.py
-+++ b/src/calibre/ebooks/metadata/archive.py
-@@ -44,7 +44,7 @@ class ArchiveExtract(FileTypePlugin):
-     description = _('Extract common e-book formats from archive files '
-         '(ZIP/RAR). Also try to autodetect if they are actually '
-         'CBZ/CBR files.')
--    file_types = set(['zip', 'rar'])
-+    file_types = set(['zip'])
-     supported_platforms = ['windows', 'osx', 'linux']
-     on_import = True
- 
--- 
-2.12.2
-
diff --git a/gnu/packages/patches/csound-header-ordering.patch b/gnu/packages/patches/csound-header-ordering.patch
deleted file mode 100644
index 3640d123dd..0000000000
--- a/gnu/packages/patches/csound-header-ordering.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Prevent compilation issues with boost-1.60.0.
-
-Reported upstream at https://github.com/csound/csound/issues/570
-
---- Csound6.05/Opcodes/chua/ChuaOscillator.cpp	2015-04-25 14:06:22.995646234 -0500
-+++ Csound6.05/Opcodes/chua/ChuaOscillator.cpp	2015-12-21 10:31:58.182362640 -0600
-@@ -117,11 +117,12 @@
- //     d = sys_variables(12);
- //     gnor = a*(x.^3) + b*(x.^2) + c*x + d;
- 
--#include <OpcodeBase.hpp>
- #include <boost/numeric/ublas/vector.hpp>
- using namespace boost::numeric;
- #include <cmath>
- 
-+#include <OpcodeBase.hpp>
-+
- #undef CS_KSMPS
- #define CS_KSMPS     (opds.insdshead->ksmps)
- 
diff --git a/gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch b/gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch
deleted file mode 100644
index e7a96a2ac0..0000000000
--- a/gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-Fix a test failure on 32-bit platforms.
-
-Patch copied from upstream source repository:
-
-https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=9e31a5696c4b699bf000a07b86601c1fb91c0493
-
-diff --git a/lib/support/mkquota.c b/lib/support/mkquota.c
-index 00f3a40..931a839 100644
---- a/lib/support/mkquota.c
-+++ b/lib/support/mkquota.c
-@@ -50,11 +50,13 @@ static void print_dquot(const char *desc, struct dquot *dq)
- {
- 	if (desc)
- 		fprintf(stderr, "%s: ", desc);
--	fprintf(stderr, "%u %ld:%ld:%ld %ld:%ld:%ld\n",
--		dq->dq_id, dq->dq_dqb.dqb_curspace,
--		dq->dq_dqb.dqb_bsoftlimit, dq->dq_dqb.dqb_bhardlimit,
--		dq->dq_dqb.dqb_curinodes,
--		dq->dq_dqb.dqb_isoftlimit, dq->dq_dqb.dqb_ihardlimit);
-+	fprintf(stderr, "%u %lld:%lld:%lld %lld:%lld:%lld\n",
-+		dq->dq_id, (long long) dq->dq_dqb.dqb_curspace,
-+		(long long) dq->dq_dqb.dqb_bsoftlimit,
-+		(long long) dq->dq_dqb.dqb_bhardlimit,
-+		(long long) dq->dq_dqb.dqb_curinodes,
-+		(long long) dq->dq_dqb.dqb_isoftlimit,
-+		(long long) dq->dq_dqb.dqb_ihardlimit);
- }
- #else
- static void print_dquot(const char *desc EXT2FS_ATTR((unused)),
-@@ -524,11 +526,11 @@ static int scan_dquots_callback(struct dquot *dquot, void *cb_data)
- 	    dq->dq_dqb.dqb_curinodes != dquot->dq_dqb.dqb_curinodes) {
- 		scan_data->usage_is_inconsistent = 1;
- 		fprintf(stderr, "[QUOTA WARNING] Usage inconsistent for ID %u:"
--			"actual (%ld, %ld) != expected (%ld, %ld)\n",
--			dq->dq_id, dq->dq_dqb.dqb_curspace,
--			dq->dq_dqb.dqb_curinodes,
--			dquot->dq_dqb.dqb_curspace,
--			dquot->dq_dqb.dqb_curinodes);
-+			"actual (%lld, %lld) != expected (%lld, %lld)\n",
-+			dq->dq_id, (long long) dq->dq_dqb.dqb_curspace,
-+			(long long) dq->dq_dqb.dqb_curinodes,
-+			(long long) dquot->dq_dqb.dqb_curspace,
-+			(long long) dquot->dq_dqb.dqb_curinodes);
- 	}
- 
- 	if (scan_data->update_limits) {
diff --git a/gnu/packages/patches/file-CVE-2017-1000249.patch b/gnu/packages/patches/file-CVE-2017-1000249.patch
new file mode 100644
index 0000000000..505acf1592
--- /dev/null
+++ b/gnu/packages/patches/file-CVE-2017-1000249.patch
@@ -0,0 +1,27 @@
+https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793.patch
+http://openwall.com/lists/oss-security/2017/09/05/3
+
+The patch is minorly modified to apply to file-5.30
+
+From 35c94dc6acc418f1ad7f6241a6680e5327495793 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Sun, 27 Aug 2017 07:55:02 +0000
+Subject: [PATCH] Fix always true condition (Thomas Jarosch)
+
+---
+ src/readelf.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/readelf.c b/src/readelf.c
+index 81451827..5f425c97 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -511,7 +511,7 @@ do_bid_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
+     size_t noff, size_t doff, int *flags)
+ {
+ 	if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 &&
+-	    type == NT_GNU_BUILD_ID && (descsz >= 4 || descsz <= 20)) {
++	    type == NT_GNU_BUILD_ID && (descsz >= 4 && descsz <= 20)) {
+ 		uint8_t desc[20];
+ 		const char *btype;
+ 		uint32_t i;
diff --git a/gnu/packages/patches/fontforge-svg-modtime.patch b/gnu/packages/patches/fontforge-svg-modtime.patch
deleted file mode 100644
index fd960ae610..0000000000
--- a/gnu/packages/patches/fontforge-svg-modtime.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Propagate source font modification time to svg during conversion.  Similar to
-what upstream commit 95a470e941d9a20fbdaca51334e8b6b9d93cfae4 did for TTF
-files.
-
-Submitted upstream at http://github.com/fontforge/fontforge/pull/2696
-
---- a/fontforge/svg.c
-+++ b/fontforge/svg.c
-@@ -27,7 +27,6 @@
- #include "fontforgevw.h"
- #include <unistd.h>
- #include <math.h>
--#include <time.h>
- #include <locale.h>
- #include <utype.h>
- #include <chardata.h>
-@@ -62,7 +61,6 @@ static int svg_outfontheader(FILE *file, SplineFont *sf,int layer) {
-     BlueData bd;
-     char *hash, *hasv, ch;
-     int minu, maxu, i;
--    time_t now;
-     const char *author = GetAuthor();
- 
-     memset(&info,0,sizeof(info));
-@@ -78,9 +76,8 @@ static int svg_outfontheader(FILE *file, SplineFont *sf,int layer) {
- 	fprintf( file, "\n-->\n" );
-     }
-     fprintf( file, "<svg xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" version=\"1.1\">\n" );
--    time(&now);
-     fprintf( file, "<metadata>\nCreated by FontForge %d at %s",
--	    FONTFORGE_VERSIONDATE_RAW, ctime(&now) );
-+	    FONTFORGE_VERSIONDATE_RAW, ctime((time_t*)&sf->modificationtime) );
-     if ( author!=NULL )
- 	fprintf(file," By %s\n", author);
-     else
diff --git a/gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch b/gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch
new file mode 100644
index 0000000000..d9f0cc1212
--- /dev/null
+++ b/gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch
@@ -0,0 +1,14 @@
+Fix for <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2015-8327>.
+
+--- a/util.c	2014-06-20 19:26:18 +0000
++++ b/util.c	2015-10-30 15:45:03 +0000
+@@ -31,7 +31,7 @@
+ #include <assert.h>
+ 
+ 
+-const char* shellescapes = "|<>&!$\'\"#*?()[]{}";
++const char* shellescapes = "|<>&!$\'\"`#*?()[]{}";
+ 
+ const char * temp_dir()
+ {
+
diff --git a/gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch b/gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch
new file mode 100644
index 0000000000..d3c3024220
--- /dev/null
+++ b/gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch
@@ -0,0 +1,13 @@
+Fix for <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2015-8560>.
+
+--- a/util.c	2015-10-30 15:45:03 +0000
++++ b/util.c	2015-12-12 23:27:21 +0000
+@@ -31,7 +31,7 @@
+ #include <assert.h>
+ 
+ 
+-const char* shellescapes = "|<>&!$\'\"`#*?()[]{}";
++const char* shellescapes = "|;<>&!$\'\"`#*?()[]{}";
+ 
+ const char * temp_dir()
+ {
diff --git a/gnu/packages/patches/gd-CVE-2017-7890.patch b/gnu/packages/patches/gd-CVE-2017-7890.patch
deleted file mode 100644
index 66034c5703..0000000000
--- a/gnu/packages/patches/gd-CVE-2017-7890.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 99ba5c353373ed198f54af66fe4e355ebb96e363 Mon Sep 17 00:00:00 2001
-From: LEPILLER Julien <julien@lepiller.eu>
-Date: Thu, 3 Aug 2017 17:04:17 +0200
-Subject: [PATCH] Fix #399: Buffer over-read into uninitialized memory.
-
-The stack allocated color map buffers were not zeroed before usage, and
-so undefined palette indexes could cause information leakage.
-
-This is CVE-2017-7890.
----
- src/gd_gif_in.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c
-index 008d1ec..c195448 100644
---- a/src/gd_gif_in.c
-+++ b/src/gd_gif_in.c
-@@ -216,6 +216,9 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd)
- 
- 	gdImagePtr im = 0;
- 
-+	memset(ColorMap, 0, 3 * MAXCOLORMAPSIZE);
-+	memset(localColorMap, 0, 3 * MAXCOLORMAPSIZE);
-+
- 	if(!ReadOK(fd, buf, 6)) {
- 		return 0;
- 	}
--- 
-2.13.3
-
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch
new file mode 100644
index 0000000000..dbcaea1343
--- /dev/null
+++ b/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch
@@ -0,0 +1,137 @@
+http://www.openwall.com/lists/oss-security/2017/09/01/6
+
+CVE-2017-11403:
+http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37
+
+CVE-2017-14103:
+http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f
+
+some changes were made to make the patch apply
+
+# HG changeset patch
+# User Glenn Randers-Pehrson <glennrp+bmo@gmail.com>
+# Date 1503875721 14400
+# Node ID 98721124e51fd5ec0c6fba64bce2e218869632d2
+# Parent  f0f2ea85a2930f3b6dcd72352719adb9660f2aad
+Attempt to fix Issue 440.
+
+diff -ru a/coders/png.c b/coders/png.c
+--- a/coders/png.c	1969-12-31 19:00:00.000000000 -0500
++++ b/coders/png.c	2017-09-10 11:31:56.543194173 -0400
+@@ -3106,7 +3106,9 @@
+       if (length > PNG_MAX_UINT || count == 0)
+         {
+           DestroyJNGInfo(color_image_info,alpha_image_info);
+-          ThrowReaderException(CorruptImageError,CorruptImage,image);
++          (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++              "chunk length (%lu) > PNG_MAX_UINT",length);
++          return ((Image*)NULL);
+         }
+
+       chunk=(unsigned char *) NULL;
+@@ -3117,13 +3119,16 @@
+           if (chunk == (unsigned char *) NULL)
+             {
+               DestroyJNGInfo(color_image_info,alpha_image_info);
+-              ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,
+-                                   image);
++              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                  "    Could not allocate chunk memory");
++              return ((Image*)NULL);
+             }
+           if (ReadBlob(image,length,chunk) < length)
+             {
+               DestroyJNGInfo(color_image_info,alpha_image_info);
+-              ThrowReaderException(CorruptImageError,CorruptImage,image);
++              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                  "    chunk reading was incomplete");
++              return ((Image*)NULL);
+             }
+           p=chunk;
+         }
+@@ -3198,7 +3203,7 @@
+                   jng_width, jng_height);
+               MagickFreeMemory(chunk);
+               DestroyJNGInfo(color_image_info,alpha_image_info);
+-              ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
++              return ((Image *)NULL);
+             }
+
+           /* Temporarily set width and height resources to match JHDR */
+@@ -3233,8 +3238,9 @@
+           if (color_image == (Image *) NULL)
+             {
+               DestroyJNGInfo(color_image_info,alpha_image_info);
+-              ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,
+-                                   image);
++              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                  "    could not open color_image blob");
++              return ((Image *)NULL);
+             }
+           if (logging)
+             (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+@@ -3245,7 +3251,9 @@
+           if (status == MagickFalse)
+             {
+               DestroyJNGInfo(color_image_info,alpha_image_info);
+-              ThrowReaderException(CoderError,UnableToOpenBlob,color_image);
++              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                  "    could not open color_image blob");
++              return ((Image *)NULL);
+             }
+
+           if (!image_info->ping && jng_color_type >= 12)
+@@ -3255,17 +3263,18 @@
+               if (alpha_image_info == (ImageInfo *) NULL)
+                 {
+                   DestroyJNGInfo(color_image_info,alpha_image_info);
+-                  ThrowReaderException(ResourceLimitError,
+-                                       MemoryAllocationFailed, image);
++                  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                      "    could not allocate alpha_image_info",length);
++                  return ((Image *)NULL);
+                 }
+               GetImageInfo(alpha_image_info);
+               alpha_image=AllocateImage(alpha_image_info);
+               if (alpha_image == (Image *) NULL)
+                 {
+                   DestroyJNGInfo(color_image_info,alpha_image_info);
+-                  ThrowReaderException(ResourceLimitError,
+-                                       MemoryAllocationFailed,
+-                                       alpha_image);
++                  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                      "    could not allocate alpha_image");
++                  return ((Image *)NULL);
+                 }
+               if (logging)
+                 (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+@@ -3277,7 +3286,9 @@
+                 {
+                   DestroyJNGInfo(color_image_info,alpha_image_info);
+                   DestroyImage(alpha_image);
+-                  ThrowReaderException(CoderError,UnableToOpenBlob,image);
++                  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                      "    could not allocate alpha_image blob");
++                  return ((Image *)NULL);
+                 }
+               if (jng_alpha_compression_method == 0)
+                 {
+@@ -3613,6 +3624,8 @@
+               alpha_image = (Image *)NULL;
+               DestroyImageInfo(alpha_image_info);
+               alpha_image_info = (ImageInfo *)NULL;
++              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                  " Destroy the JNG image");
+               DestroyImage(jng_image);
+               jng_image = (Image *)NULL;
+             }
+@@ -5146,8 +5159,8 @@
+
+       if (image == (Image *) NULL)
+         {
+-          DestroyImageList(previous);
+           CloseBlob(previous);
++          DestroyImageList(previous);
+           MngInfoFreeStruct(mng_info,&have_mng_structure);
+           return((Image *) NULL);
+         }
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-13775.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-13775.patch
new file mode 100644
index 0000000000..83478c13b3
--- /dev/null
+++ b/gnu/packages/patches/graphicsmagick-CVE-2017-13775.patch
@@ -0,0 +1,195 @@
+http://openwall.com/lists/oss-security/2017/08/31/3
+http://hg.code.sf.net/p/graphicsmagick/code/raw-rev/b037d79b6ccd
+
+some changes were made to make the patch apply
+
+# HG changeset patch
+# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
+# Date 1503774853 18000
+# Node ID b037d79b6ccd0cfba7ba9ce09b454ed46d688036
+# Parent  198ea602ea7cc767dc3022bbcf887bcd4534158d
+JNX: Fix DOS issues
+
+diff -r 198ea602ea7c -r b037d79b6ccd coders/jnx.c
+--- a/coders/jnx.c	Tue Aug 22 08:08:30 2017 -0500
++++ b/coders/jnx.c	Sat Aug 26 14:14:13 2017 -0500
+@@ -1,5 +1,5 @@
+ /*
+-% Copyright (C) 2012-2015 GraphicsMagick Group
++% Copyright (C) 2012-2017 GraphicsMagick Group
+ %
+ % This program is covered by multiple licenses, which are described in
+ % Copyright.txt. You should have received a copy of Copyright.txt with this
+@@ -100,6 +100,7 @@
+ 
+   char img_label_str[MaxTextExtent];
+ 
++
+   alloc_size = TileInfo->PicSize + 2;
+ 
+   if (image->logging)
+@@ -242,6 +243,9 @@
+     total_tiles,
+     current_tile;
+ 
++  magick_off_t
++    file_size;
++
+   /* Open image file. */
+   assert(image_info != (const ImageInfo *) NULL);
+   assert(image_info->signature == MagickSignature);
+@@ -254,9 +258,8 @@
+   if (status == False)
+     ThrowReaderException(FileOpenError, UnableToOpenFile, image);
+ 
+-  memset(JNXLevelInfo, 0, sizeof(JNXLevelInfo));
+-
+   /* Read JNX image header. */
++  (void) memset(&JNXHeader, 0, sizeof(JNXHeader));
+   JNXHeader.Version = ReadBlobLSBLong(image);
+   if (JNXHeader.Version > 4)
+     ThrowReaderException(CorruptImageError, ImproperImageHeader, image);
+@@ -266,8 +269,6 @@
+   JNXHeader.MapBounds.SouthWest.lat = ReadBlobLSBLong(image);
+   JNXHeader.MapBounds.SouthWest.lon = ReadBlobLSBLong(image);
+   JNXHeader.Levels = ReadBlobLSBLong(image);
+-  if (JNXHeader.Levels > 20)
+-    ThrowReaderException(CorruptImageError, ImproperImageHeader, image);
+   JNXHeader.Expiration = ReadBlobLSBLong(image);
+   JNXHeader.ProductID = ReadBlobLSBLong(image);
+   JNXHeader.CRC = ReadBlobLSBLong(image);
+@@ -279,7 +280,41 @@
+   if (EOFBlob(image))
+     ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
+ 
++  file_size = GetBlobSize(image);
++
++  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                        "JNX Header:\n"
++                        "    Version:    %u\n"
++                        "    DeviceSN:   %u\n"
++                        "    MapBounds:\n"
++                        "      NorthEast: lat = %u, lon = %u\n"
++                        "      SouthWest: lat = %u, lon = %u\n"
++                        "    Levels:     %u\n"
++                        "    Expiration: %u\n"
++                        "    ProductID:  %u\n"
++                        "    CRC:        %u\n"
++                        "    SigVersion: %u\n"
++                        "    SigOffset:  %u\n"
++                        "    ZOrder:     %u",
++                        JNXHeader.Version,
++                        JNXHeader.DeviceSN,
++                        JNXHeader.MapBounds.NorthEast.lat,
++                        JNXHeader.MapBounds.NorthEast.lon,
++                        JNXHeader.MapBounds.SouthWest.lat,
++                        JNXHeader.MapBounds.SouthWest.lon,
++                        JNXHeader.Levels,
++                        JNXHeader.Expiration,
++                        JNXHeader.ProductID,
++                        JNXHeader.CRC,
++                        JNXHeader.SigVersion,
++                        JNXHeader.SigOffset,
++                        JNXHeader.ZOrder);
++
++  if (JNXHeader.Levels > 20)
++    ThrowReaderException(CorruptImageError, ImproperImageHeader, image);
++
+   /* Read JNX image level info. */
++  memset(JNXLevelInfo, 0, sizeof(JNXLevelInfo));
+   total_tiles = 0;
+   current_tile = 0;
+   for (i = 0; i < JNXHeader.Levels; i++)
+@@ -302,11 +337,23 @@
+         {
+           JNXLevelInfo[i].Copyright = NULL;
+         }
++
++      if (EOFBlob(image))
++        ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
++
++      if (image->logging)
++        (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                              "Level[%u] Info:"
++                              "  TileCount: %4u"
++                              "  TilesOffset: %6u"
++                              "  Scale: %04u",
++                              i,
++                              JNXLevelInfo[i].TileCount,
++                              JNXLevelInfo[i].TilesOffset,
++                              JNXLevelInfo[i].Scale
++                              );
+     }
+ 
+-  if (EOFBlob(image))
+-    ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
+-
+   /* Get the current limit */
+   SaveLimit = GetMagickResourceLimit(MapResource);
+ 
+@@ -316,11 +363,32 @@
+   /* Read JNX image data. */
+   for (i = 0; i < JNXHeader.Levels; i++)
+     {
++      /*
++        Validate TileCount against remaining file data
++      */
++      const magick_off_t current_offset = TellBlob(image);
++      const size_t pos_list_entry_size =
++        sizeof(magick_uint32_t) + sizeof(magick_uint32_t) + sizeof(magick_uint32_t) +
++        sizeof(magick_uint32_t) + sizeof(magick_uint16_t) + sizeof(magick_uint16_t) +
++        sizeof(magick_uint32_t) + sizeof(magick_uint32_t);
++      const magick_off_t remaining = file_size-current_offset;
++      const size_t needed = MagickArraySize(pos_list_entry_size,JNXLevelInfo[i].TileCount);
++
++      if ((needed == 0U) || (remaining <= 0) || (remaining < (magick_off_t) needed))
++        {
++          (void) SetMagickResourceLimit(MapResource, SaveLimit);
++          ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
++        }
++
+       PositionList = MagickAllocateArray(TJNXTileInfo *,
+                                          JNXLevelInfo[i].TileCount,
+                                          sizeof(TJNXTileInfo));
+       if (PositionList == NULL)
+-        continue;
++        {
++          (void) SetMagickResourceLimit(MapResource, SaveLimit);
++          ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,
++                               image);
++        }
+ 
+       (void) SeekBlob(image, JNXLevelInfo[i].TilesOffset, SEEK_SET);
+       for (j = 0; j < JNXLevelInfo[i].TileCount; j++)
+@@ -333,12 +401,15 @@
+           PositionList[j].PicHeight = ReadBlobLSBShort(image);
+           PositionList[j].PicSize = ReadBlobLSBLong(image);
+           PositionList[j].PicOffset = ReadBlobLSBLong(image);
+-        }
+ 
+-      if (EOFBlob(image))
+-        {
+-          MagickFreeMemory(PositionList);
+-          ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
++          if (EOFBlob(image) ||
++              ((magick_off_t) PositionList[j].PicOffset +
++               PositionList[j].PicSize > file_size))
++            {
++              (void) SetMagickResourceLimit(MapResource, SaveLimit);
++              MagickFreeMemory(PositionList);
++              ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
++            }
+         }
+ 
+       for (j = 0; j < JNXLevelInfo[i].TileCount; j++)
+@@ -351,6 +422,9 @@
+           image = ExtractTileJPG(image, image_info, PositionList+j, exception);
+           (void) SetMonitorHandler(previous_handler);
+ 
++          if (exception->severity >= ErrorException)
++            break;
++
+           current_tile++;
+           if (QuantumTick(current_tile,total_tiles))
+             if (!MagickMonitorFormatted(current_tile,total_tiles,exception,
+
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch
new file mode 100644
index 0000000000..e129fd58fc
--- /dev/null
+++ b/gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch
@@ -0,0 +1,179 @@
+http://openwall.com/lists/oss-security/2017/08/31/1
+http://openwall.com/lists/oss-security/2017/08/31/2
+http://hg.code.sf.net/p/graphicsmagick/code/raw-rev/233a720bfd5e
+
+some changes were made to make the patch apply
+
+# HG changeset patch
+# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
+# Date 1503779175 18000
+# Node ID 233a720bfd5efd378f133a776507ed41230da617
+# Parent  b037d79b6ccd0cfba7ba9ce09b454ed46d688036
+XBM: Fix DOS issues.
+
+diff -r b037d79b6ccd -r 233a720bfd5e coders/xbm.c
+--- a/coders/xbm.c	Sat Aug 26 14:14:13 2017 -0500
++++ b/coders/xbm.c	Sat Aug 26 15:26:15 2017 -0500
+@@ -1,5 +1,5 @@
+ /*
+-% Copyright (C) 2003 -2012 GraphicsMagick Group
++% Copyright (C) 2003-2017 GraphicsMagick Group
+ % Copyright (C) 2002 ImageMagick Studio
+ % Copyright 1991-1999 E. I. du Pont de Nemours and Company
+ %
+@@ -121,13 +121,15 @@
+ 
+ static int XBMInteger(Image *image,short int *hex_digits)
+ {
++  unsigned int
++    flag;
++
+   int
+     c,
+-    flag,
+     value;
+ 
+   value=0;
+-  flag=0;
++  flag=0U;
+   for ( ; ; )
+   {
+     c=ReadBlobByte(image);
+@@ -158,18 +160,14 @@
+   Image
+     *image;
+ 
+-  int
+-    bit;
+-
+-  long
+-    y;
+-
+   register IndexPacket
+     *indexes;
+ 
+-  register long
++  register size_t
++    bytes_per_line,
+     i,
+-    x;
++    x,
++    y;
+ 
+   register PixelPacket
+     *q;
+@@ -177,22 +175,24 @@
+   register unsigned char
+     *p;
+ 
+-  short int
+-    hex_digits[256];
+-
+   unsigned char
+     *data;
+ 
+   unsigned int
++    bit,
++    byte,
++    padding,
++    version;
++
++  int
++    value;
++
++  short int
++    hex_digits[256];
++
++  MagickPassFail
+     status;
+ 
+-  unsigned long
+-    byte,
+-    bytes_per_line,
+-    padding,
+-    value,
+-    version;
+-
+   /*
+     Open image file.
+   */
+@@ -207,6 +207,8 @@
+   /*
+     Read X bitmap header.
+   */
++  (void) memset(buffer,0,sizeof(buffer));
++  name[0]='\0';
+   while (ReadBlobString(image,buffer) != (char *) NULL)
+     if (sscanf(buffer,"#define %s %lu",name,&image->columns) == 2)
+       if ((strlen(name) >= 6) &&
+@@ -278,6 +280,8 @@
+   /*
+     Initialize hex values.
+   */
++  for (i = 0; i < sizeof(hex_digits)/sizeof(hex_digits[0]); i++)
++    hex_digits[i]=(-1);
+   hex_digits['0']=0;
+   hex_digits['1']=1;
+   hex_digits['2']=2;
+@@ -311,40 +315,50 @@
+   */
+   p=data;
+   if (version == 10)
+-    for (i=0; i < (long) (bytes_per_line*image->rows); (i+=2))
++    for (i=0; i < (bytes_per_line*image->rows); (i+=2))
+     {
+       value=XBMInteger(image,hex_digits);
++      if (value < 0)
++        {
++          MagickFreeMemory(data);
++          ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
++        }
+       *p++=(unsigned char) value;
+       if (!padding || ((i+2) % bytes_per_line))
+         *p++=(unsigned char) (value >> 8);
+     }
+   else
+-    for (i=0; i < (long) (bytes_per_line*image->rows); i++)
++    for (i=0; i < (bytes_per_line*image->rows); i++)
+     {
+       value=XBMInteger(image,hex_digits);
++      if (value < 0)
++        {
++          MagickFreeMemory(data);
++          ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
++        }
+       *p++=(unsigned char) value;
+     }
+   /*
+     Convert X bitmap image to pixel packets.
+   */
+   p=data;
+-  for (y=0; y < (long) image->rows; y++)
++  for (y=0; y < image->rows; y++)
+   {
+     q=SetImagePixels(image,0,y,image->columns,1);
+     if (q == (PixelPacket *) NULL)
+       break;
+     indexes=AccessMutableIndexes(image);
+-    bit=0;
+-    byte=0;
+-    for (x=0; x < (long) image->columns; x++)
++    bit=0U;
++    byte=0U;
++    for (x=0; x < image->columns; x++)
+     {
+-      if (bit == 0)
++      if (bit == 0U)
+         byte=(*p++);
+       indexes[x]=byte & 0x01 ? 0x01 : 0x00;
+       bit++;
+-      byte>>=1;
+-      if (bit == 8)
+-        bit=0;
++      byte>>=1U;
++      if (bit == 8U)
++        bit=0U;
+     }
+     if (!SyncImagePixels(image))
+       break;
+
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch
new file mode 100644
index 0000000000..46f6b032c7
--- /dev/null
+++ b/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch
@@ -0,0 +1,80 @@
+http://openwall.com/lists/oss-security/2017/08/28/5
+http://hg.code.sf.net/p/graphicsmagick/code/rev/3bbf7a13643d
+
+some changes were made to make the patch apply
+
+# HG changeset patch
+# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
+# Date 1503268616 18000
+# Node ID 3bbf7a13643df3be76b0e19088a6cc632eea2072
+# Parent  83a5b946180835f260bcb91e3d06327a8e2577e3
+PNM: For binary formats, verify sufficient backing file data before memory request.
+
+diff -r 83a5b9461808 -r 3bbf7a13643d coders/pnm.c
+--- a/coders/pnm.c	Sun Aug 20 17:31:35 2017 -0500
++++ b/coders/pnm.c	Sun Aug 20 17:36:56 2017 -0500
+@@ -569,7 +569,7 @@
+           (void) LogMagickEvent(CoderEvent,GetMagickModule(),"Colors: %u",
+                                 image->colors);
+         }
+-      number_pixels=image->columns*image->rows;
++      number_pixels=MagickArraySize(image->columns,image->rows);
+       if (number_pixels == 0)
+         ThrowReaderException(CorruptImageError,NegativeOrZeroImageSize,image);
+       if (image->storage_class == PseudoClass)
+@@ -858,14 +858,14 @@
+		if (1 == bits_per_sample)
+		  {
+		    /* PBM */
+-		    bytes_per_row=((image->columns+7) >> 3);
++		    bytes_per_row=((image->columns+7U) >> 3);
+		    import_options.grayscale_miniswhite=MagickTrue;
+		    quantum_type=GrayQuantum;
+		  }
+		else
+		  {
+		    /* PGM & XV_332 */
+-		    bytes_per_row=((bits_per_sample+7)/8)*image->columns;
++		    bytes_per_row=MagickArraySize(((bits_per_sample+7U)/8U),image->columns);
+		    if (XV_332_Format == format)
+		      {
+			quantum_type=IndexQuantum;
+@@ -878,7 +878,8 @@
+	      }
+	    else
+	      {
+-		bytes_per_row=(((bits_per_sample+7)/8)*samples_per_pixel)*image->columns;
++		bytes_per_row=MagickArraySize((((bits_per_sample+7)/8)*samples_per_pixel),
++                                              image->columns);
+		if (3 == samples_per_pixel)
+		  {
+		    /* PPM */
+@@ -915,6 +916,28 @@
+		    is_monochrome=MagickFalse;
+		  }
+	      }
++
++            /* Validate file size before allocating memory */
++            if (BlobIsSeekable(image))
++              {
++                const magick_off_t file_size = GetBlobSize(image);
++                const magick_off_t current_offset = TellBlob(image);
++                if ((file_size > 0) &&
++                    (current_offset > 0) &&
++                    (file_size > current_offset))
++                  {
++                    const magick_off_t remaining = file_size-current_offset;
++                    const magick_off_t needed = (magick_off_t) image->rows *
++                      (magick_off_t) bytes_per_row;
++                    if ((remaining < (magick_off_t) bytes_per_row) ||
++                        (remaining < needed))
++                      {
++                        ThrowException(exception,CorruptImageError,UnexpectedEndOfFile,
++                                       image->filename);
++                        break;
++                      }
++                  }
++              }
+
+             scanline_set=AllocateThreadViewDataArray(image,exception,bytes_per_row,1);
+             if (scanline_set == (ThreadViewDataSet *) NULL)
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch
new file mode 100644
index 0000000000..1f55d90d38
--- /dev/null
+++ b/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch
@@ -0,0 +1,72 @@
+http://hg.code.sf.net/p/graphicsmagick/code/raw-rev/493da54370aa
+http://openwall.com/lists/oss-security/2017/09/06/4
+
+some changes were made to make the patch apply
+
+# HG changeset patch
+# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
+# Date 1503257388 18000
+# Node ID 493da54370aa42cb430c52a69eb75db0001a5589
+# Parent  f8724674907902b7bc37c04f252fe30fbdd88e6f
+SUN: Verify that file header data length, and file length are sufficient for claimed image dimensions.
+
+diff -r f87246749079 -r 493da54370aa coders/sun.c
+--- a/coders/sun.c	Sun Aug 20 12:21:03 2017 +0200
++++ b/coders/sun.c	Sun Aug 20 14:29:48 2017 -0500
+@@ -498,6 +498,12 @@
+     if (sun_info.depth < 8)
+       image->depth=sun_info.depth;
+ 
++    if (image_info->ping)
++      {
++        CloseBlob(image);
++        return(image);
++      }
++
+     /*
+       Compute bytes per line and bytes per image for an unencoded
+       image.
+@@ -522,15 +528,37 @@
+       if (bytes_per_image > sun_info.length)
+         ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
+ 
+-    if (image_info->ping)
+-      {
+-        CloseBlob(image);
+-        return(image);
+-      }
+     if (sun_info.type == RT_ENCODED)
+       sun_data_length=(size_t) sun_info.length;
+     else
+       sun_data_length=bytes_per_image;
++
++    /*
++      Verify that data length claimed by header is supported by file size
++    */
++    if (sun_info.type == RT_ENCODED)
++      {
++        if (sun_data_length < bytes_per_image/255U)
++          {
++            ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
++          }
++      }
++    if (BlobIsSeekable(image))
++      {
++        const magick_off_t file_size = GetBlobSize(image);
++        const magick_off_t current_offset = TellBlob(image);
++        if ((file_size > 0) &&
++            (current_offset > 0) &&
++            (file_size > current_offset))
++        {
++          const magick_off_t remaining = file_size-current_offset;
++          if (remaining < (magick_off_t) sun_data_length)
++            {
++              ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
++            }
++        }
++      }
++
+     sun_data=MagickAllocateMemory(unsigned char *,sun_data_length);
+     if (sun_data == (unsigned char *) NULL)
+       ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,image);
+
diff --git a/gnu/packages/patches/httpd-CVE-2017-9798.patch b/gnu/packages/patches/httpd-CVE-2017-9798.patch
new file mode 100644
index 0000000000..8391a3db4a
--- /dev/null
+++ b/gnu/packages/patches/httpd-CVE-2017-9798.patch
@@ -0,0 +1,22 @@
+Fixes "options bleed", aka. CVE-2017-9798:
+
+  https://nvd.nist.gov/vuln/detail/CVE-2017-9798
+  https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
+
+From <https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch>.
+
+--- a/server/core.c	2017/08/16 16:50:29	1805223
++++ b/server/core.c	2017/09/08 13:13:11	1807754
+@@ -2266,6 +2266,12 @@
+             /* method has not been registered yet, but resource restriction
+              * is always checked before method handling, so register it.
+              */
++            if (cmd->pool == cmd->temp_pool) {
++                /* In .htaccess, we can't globally register new methods. */
++                return apr_psprintf(cmd->pool, "Could not register method '%s' "
++                                   "for %s from .htaccess configuration",
++                                    method, cmd->cmd->name);
++            }
+             methnum = ap_method_register(cmd->pool,
+                                          apr_pstrdup(cmd->pool, method));
+         }
diff --git a/gnu/packages/patches/libarchive-CVE-2017-14166.patch b/gnu/packages/patches/libarchive-CVE-2017-14166.patch
new file mode 100644
index 0000000000..a122848440
--- /dev/null
+++ b/gnu/packages/patches/libarchive-CVE-2017-14166.patch
@@ -0,0 +1,45 @@
+Fix CVE-2017-14166:
+
+https://github.com/libarchive/libarchive/issues/935
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166
+
+Patch copied from upstream source repository:
+
+https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71
+
+From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001
+From: Joerg Sonnenberger <joerg@bec.de>
+Date: Tue, 5 Sep 2017 18:12:19 +0200
+Subject: [PATCH] Do something sensible for empty strings to make fuzzers
+ happy.
+
+---
+ libarchive/archive_read_support_format_xar.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
+index 7a22beb9d..93eeacc5e 100644
+--- a/libarchive/archive_read_support_format_xar.c
++++ b/libarchive/archive_read_support_format_xar.c
+@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
+ 	uint64_t l;
+ 	int digit;
+ 
++	if (char_cnt == 0)
++		return (0);
++
+ 	l = 0;
+ 	digit = *p - '0';
+ 	while (digit >= 0 && digit < 10  && char_cnt-- > 0) {
+@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
+ {
+ 	int64_t l;
+ 	int digit;
+-        
++
++	if (char_cnt == 0)
++		return (0);
++
+ 	l = 0;
+ 	while (char_cnt-- > 0) {
+ 		if (*p >= '0' && *p <= '7')
diff --git a/gnu/packages/patches/libunwind-CVE-2015-3239.patch b/gnu/packages/patches/libunwind-CVE-2015-3239.patch
deleted file mode 100644
index 3f11ac7337..0000000000
--- a/gnu/packages/patches/libunwind-CVE-2015-3239.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Copied from Fedora.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1232265
-http://pkgs.fedoraproject.org/cgit/libunwind.git/tree/libunwind-1.1-fix-CVE-2015-3239.patch
-
-diff -up libunwind-1.1/include/dwarf_i.h.CVE20153239 libunwind-1.1/include/dwarf_i.h
---- libunwind-1.1/include/dwarf_i.h.CVE20153239	2015-07-10 13:38:36.404996748 -0400
-+++ libunwind-1.1/include/dwarf_i.h	2015-07-10 13:39:25.050707613 -0400
-@@ -20,7 +20,7 @@
- extern const uint8_t dwarf_to_unw_regnum_map[DWARF_REGNUM_MAP_LENGTH];
- /* REG is evaluated multiple times; it better be side-effects free!  */
- # define dwarf_to_unw_regnum(reg)					  \
--  (((reg) <= DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0)
-+  (((reg) < DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0)
- #endif
- 
- #ifdef UNW_LOCAL_ONLY
diff --git a/gnu/packages/patches/libxml2-CVE-2017-0663.patch b/gnu/packages/patches/libxml2-CVE-2017-0663.patch
new file mode 100644
index 0000000000..b0277a2d23
--- /dev/null
+++ b/gnu/packages/patches/libxml2-CVE-2017-0663.patch
@@ -0,0 +1,53 @@
+Fix CVE-2017-0663:
+
+https://bugzilla.gnome.org/show_bug.cgi?id=780228 (not yet public)
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
+https://security-tracker.debian.org/tracker/CVE-2017-0663
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66
+
+From 92b9e8c8b3787068565a1820ba575d042f9eec66 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 6 Jun 2017 12:56:28 +0200
+Subject: [PATCH] Fix type confusion in xmlValidateOneNamespace
+
+Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on
+namespace declarations make no practical sense anyway.
+
+Fixes bug 780228.
+
+Found with libFuzzer and ASan.
+---
+ valid.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/valid.c b/valid.c
+index 8075d3a0..c51ea290 100644
+--- a/valid.c
++++ b/valid.c
+@@ -4627,6 +4627,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
+ 	}
+     }
+ 
++    /*
++     * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
++     * xmlAddID and xmlAddRef for namespace declarations, but it makes
++     * no practical sense to use ID types anyway.
++     */
++#if 0
+     /* Validity Constraint: ID uniqueness */
+     if (attrDecl->atype == XML_ATTRIBUTE_ID) {
+         if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
+@@ -4638,6 +4644,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
+         if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
+ 	    ret = 0;
+     }
++#endif
+ 
+     /* Validity Constraint: Notation Attributes */
+     if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
+-- 
+2.14.1
+
diff --git a/gnu/packages/patches/libxml2-CVE-2017-7375.patch b/gnu/packages/patches/libxml2-CVE-2017-7375.patch
new file mode 100644
index 0000000000..32af1ff6ba
--- /dev/null
+++ b/gnu/packages/patches/libxml2-CVE-2017-7375.patch
@@ -0,0 +1,45 @@
+Fix CVE-2017-7375:
+
+https://bugzilla.gnome.org/show_bug.cgi?id=780691 (not yet public)
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
+https://security-tracker.debian.org/tracker/CVE-2017-7375
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e
+
+From 90ccb58242866b0ba3edbef8fe44214a101c2b3e Mon Sep 17 00:00:00 2001
+From: Neel Mehta <nmehta@google.com>
+Date: Fri, 7 Apr 2017 17:43:02 +0200
+Subject: [PATCH] Prevent unwanted external entity reference
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=780691
+
+* parser.c: add a specific check to avoid PE reference
+---
+ parser.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index 609a2703..c2c812de 100644
+--- a/parser.c
++++ b/parser.c
+@@ -8123,6 +8123,15 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt)
+ 	    if (xmlPushInput(ctxt, input) < 0)
+ 		return;
+ 	} else {
++	    if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
++	        ((ctxt->options & XML_PARSE_NOENT) == 0) &&
++		((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
++		((ctxt->options & XML_PARSE_DTDLOAD) == 0) &&
++		((ctxt->options & XML_PARSE_DTDATTR) == 0) &&
++		(ctxt->replaceEntities == 0) &&
++		(ctxt->validate == 0))
++		return;
++
+ 	    /*
+ 	     * TODO !!!
+ 	     * handle the extra spaces added before and after
+-- 
+2.14.1
+
diff --git a/gnu/packages/patches/libxml2-CVE-2017-7376.patch b/gnu/packages/patches/libxml2-CVE-2017-7376.patch
new file mode 100644
index 0000000000..5b9e45bd83
--- /dev/null
+++ b/gnu/packages/patches/libxml2-CVE-2017-7376.patch
@@ -0,0 +1,41 @@
+Fix CVE-2017-7376:
+
+https://bugzilla.gnome.org/show_bug.cgi?id=780690 (not yet public)
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
+https://security-tracker.debian.org/tracker/CVE-2017-7376
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e
+
+From 5dca9eea1bd4263bfa4d037ab2443de1cd730f7e Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Fri, 7 Apr 2017 17:13:28 +0200
+Subject: [PATCH] Increase buffer space for port in HTTP redirect support
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=780690
+
+nanohttp.c: the code wrongly assumed a short int port value.
+---
+ nanohttp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/nanohttp.c b/nanohttp.c
+index e109ad75..373425de 100644
+--- a/nanohttp.c
++++ b/nanohttp.c
+@@ -1423,9 +1423,9 @@ retry:
+     if (ctxt->port != 80) {
+ 	/* reserve space for ':xxxxx', incl. potential proxy */
+ 	if (proxy)
+-	    blen += 12;
++	    blen += 17;
+ 	else
+-	    blen += 6;
++	    blen += 11;
+     }
+     bp = (char*)xmlMallocAtomic(blen);
+     if ( bp == NULL ) {
+-- 
+2.14.1
+
diff --git a/gnu/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch b/gnu/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch
new file mode 100644
index 0000000000..0a0e6d34cf
--- /dev/null
+++ b/gnu/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch
@@ -0,0 +1,130 @@
+Fix CVE-2017-{9047,9048}:
+
+https://bugzilla.gnome.org/show_bug.cgi?id=781333 (not yet public)
+https://bugzilla.gnome.org/show_bug.cgi?id=781701 (not yet public)
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
+http://www.openwall.com/lists/oss-security/2017/05/15/1
+https://security-tracker.debian.org/tracker/CVE-2017-9047
+https://security-tracker.debian.org/tracker/CVE-2017-9048
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74
+
+From 932cc9896ab41475d4aa429c27d9afd175959d74 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 3 Jun 2017 02:01:29 +0200
+Subject: [PATCH] Fix buffer size checks in xmlSnprintfElementContent
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+xmlSnprintfElementContent failed to correctly check the available
+buffer space in two locations.
+
+Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048).
+
+Thanks to Marcel Böhme and Thuan Pham for the report.
+---
+ result/valid/781333.xml         |  5 +++++
+ result/valid/781333.xml.err     |  3 +++
+ result/valid/781333.xml.err.rdr |  6 ++++++
+ test/valid/781333.xml           |  4 ++++
+ valid.c                         | 20 +++++++++++---------
+ 5 files changed, 29 insertions(+), 9 deletions(-)
+ create mode 100644 result/valid/781333.xml
+ create mode 100644 result/valid/781333.xml.err
+ create mode 100644 result/valid/781333.xml.err.rdr
+ create mode 100644 test/valid/781333.xml
+
+diff --git a/result/valid/781333.xml b/result/valid/781333.xml
+new file mode 100644
+index 00000000..45dc451d
+--- /dev/null
++++ b/result/valid/781333.xml
+@@ -0,0 +1,5 @@
++<?xml version="1.0"?>
++<!DOCTYPE a [
++<!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll)>
++]>
++<a/>
+diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err
+new file mode 100644
+index 00000000..b401b49a
+--- /dev/null
++++ b/result/valid/781333.xml.err
+@@ -0,0 +1,3 @@
++./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got 
++<a/>
++    ^
+diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr
+new file mode 100644
+index 00000000..5ff56992
+--- /dev/null
++++ b/result/valid/781333.xml.err.rdr
+@@ -0,0 +1,6 @@
++./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got 
++<a/>
++    ^
++./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child
++
++^
+diff --git a/test/valid/781333.xml b/test/valid/781333.xml
+new file mode 100644
+index 00000000..b29e5a68
+--- /dev/null
++++ b/test/valid/781333.xml
+@@ -0,0 +1,4 @@
++<!DOCTYPE a [
++    <!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll)>
++]>
++<a/>
+diff --git a/valid.c b/valid.c
+index 19f84b82..9b2df56a 100644
+--- a/valid.c
++++ b/valid.c
+@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
+         case XML_ELEMENT_CONTENT_PCDATA:
+             strcat(buf, "#PCDATA");
+ 	    break;
+-	case XML_ELEMENT_CONTENT_ELEMENT:
++	case XML_ELEMENT_CONTENT_ELEMENT: {
++            int qnameLen = xmlStrlen(content->name);
++
++	    if (content->prefix != NULL)
++                qnameLen += xmlStrlen(content->prefix) + 1;
++	    if (size - len < qnameLen + 10) {
++		strcat(buf, " ...");
++		return;
++	    }
+ 	    if (content->prefix != NULL) {
+-		if (size - len < xmlStrlen(content->prefix) + 10) {
+-		    strcat(buf, " ...");
+-		    return;
+-		}
+ 		strcat(buf, (char *) content->prefix);
+ 		strcat(buf, ":");
+ 	    }
+-	    if (size - len < xmlStrlen(content->name) + 10) {
+-		strcat(buf, " ...");
+-		return;
+-	    }
+ 	    if (content->name != NULL)
+ 		strcat(buf, (char *) content->name);
+ 	    break;
++        }
+ 	case XML_ELEMENT_CONTENT_SEQ:
+ 	    if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
+ 	        (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
+@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
+ 		xmlSnprintfElementContent(buf, size, content->c2, 0);
+ 	    break;
+     }
++    if (size - strlen(buf) <= 2) return;
+     if (englob)
+         strcat(buf, ")");
+     switch (content->ocur) {
+-- 
+2.14.1
+
diff --git a/gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch b/gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch
new file mode 100644
index 0000000000..890e9c2284
--- /dev/null
+++ b/gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch
@@ -0,0 +1,319 @@
+Fix CVE-2017-{9049,9050}:
+
+https://bugzilla.gnome.org/show_bug.cgi?id=781205 (not yet public)
+https://bugzilla.gnome.org/show_bug.cgi?id=781361 (not yet public)
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
+http://www.openwall.com/lists/oss-security/2017/05/15/1
+https://security-tracker.debian.org/tracker/CVE-2017-9049
+https://security-tracker.debian.org/tracker/CVE-2017-9050
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3
+
+Changes to 'runtest.c' are removed since they introduce test failure
+when applying to libxml2 2.9.4 release tarball.
+
+From e26630548e7d138d2c560844c43820b6767251e3 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon, 5 Jun 2017 15:37:17 +0200
+Subject: [PATCH] Fix handling of parameter-entity references
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+There were two bugs where parameter-entity references could lead to an
+unexpected change of the input buffer in xmlParseNameComplex and
+xmlDictLookup being called with an invalid pointer.
+
+Percent sign in DTD Names
+=========================
+
+The NEXTL macro used to call xmlParserHandlePEReference. When parsing
+"complex" names inside the DTD, this could result in entity expansion
+which created a new input buffer. The fix is to simply remove the call
+to xmlParserHandlePEReference from the NEXTL macro. This is safe because
+no users of the macro require expansion of parameter entities.
+
+- xmlParseNameComplex
+- xmlParseNCNameComplex
+- xmlParseNmtoken
+
+The percent sign is not allowed in names, which are grammatical tokens.
+
+- xmlParseEntityValue
+
+Parameter-entity references in entity values are expanded but this
+happens in a separate step in this function.
+
+- xmlParseSystemLiteral
+
+Parameter-entity references are ignored in the system literal.
+
+- xmlParseAttValueComplex
+- xmlParseCharDataComplex
+- xmlParseCommentComplex
+- xmlParsePI
+- xmlParseCDSect
+
+Parameter-entity references are ignored outside the DTD.
+
+- xmlLoadEntityContent
+
+This function is only called from xmlStringLenDecodeEntities and
+entities are replaced in a separate step immediately after the function
+call.
+
+This bug could also be triggered with an internal subset and double
+entity expansion.
+
+This fixes bug 766956 initially reported by Wei Lei and independently by
+Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
+involved.
+
+xmlParseNameComplex with XML_PARSE_OLD10
+========================================
+
+When parsing Names inside an expanded parameter entity with the
+XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the
+GROW macro if the input buffer was exhausted. At the end of the
+parameter entity's replacement text, this function would then call
+xmlPopInput which invalidated the input buffer.
+
+There should be no need to invoke GROW in this situation because the
+buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and,
+at least for UTF-8, in xmlCurrentChar. This also matches the code path
+executed when XML_PARSE_OLD10 is not set.
+
+This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
+Thanks to Marcel Böhme and Thuan Pham for the report.
+
+Additional hardening
+====================
+
+A separate check was added in xmlParseNameComplex to validate the
+buffer size.
+---
+ Makefile.am                     | 18 ++++++++++++++++++
+ parser.c                        | 18 ++++++++++--------
+ result/errors10/781205.xml      |  0
+ result/errors10/781205.xml.err  | 21 +++++++++++++++++++++
+ result/errors10/781361.xml      |  0
+ result/errors10/781361.xml.err  | 13 +++++++++++++
+ result/valid/766956.xml         |  0
+ result/valid/766956.xml.err     |  9 +++++++++
+ result/valid/766956.xml.err.rdr | 10 ++++++++++
+ runtest.c                       |  3 +++
+ test/errors10/781205.xml        |  3 +++
+ test/errors10/781361.xml        |  3 +++
+ test/valid/766956.xml           |  2 ++
+ test/valid/dtds/766956.dtd      |  2 ++
+ 14 files changed, 94 insertions(+), 8 deletions(-)
+ create mode 100644 result/errors10/781205.xml
+ create mode 100644 result/errors10/781205.xml.err
+ create mode 100644 result/errors10/781361.xml
+ create mode 100644 result/errors10/781361.xml.err
+ create mode 100644 result/valid/766956.xml
+ create mode 100644 result/valid/766956.xml.err
+ create mode 100644 result/valid/766956.xml.err.rdr
+ create mode 100644 test/errors10/781205.xml
+ create mode 100644 test/errors10/781361.xml
+ create mode 100644 test/valid/766956.xml
+ create mode 100644 test/valid/dtds/766956.dtd
+
+diff --git a/Makefile.am b/Makefile.am
+index 6fc8ffa9..10e716a5 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -427,6 +427,24 @@ Errtests : xmllint$(EXEEXT)
+ 	      if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
+ 	      rm result.$$name error.$$name ; \
+ 	  fi ; fi ; done)
++	@echo "## Error cases regression tests (old 1.0)"
++	-@(for i in $(srcdir)/test/errors10/*.xml ; do \
++	  name=`basename $$i`; \
++	  if [ ! -d $$i ] ; then \
++	  if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \
++	      echo New test file $$name ; \
++	      $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \
++	         2> $(srcdir)/result/errors10/$$name.err \
++		 > $(srcdir)/result/errors10/$$name ; \
++	      grep "MORY ALLO" .memdump  | grep -v "MEMORY ALLOCATED : 0"; \
++	  else \
++	      log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \
++	      grep "MORY ALLO" .memdump  | grep -v "MEMORY ALLOCATED : 0"; \
++	      diff $(srcdir)/result/errors10/$$name result.$$name ; \
++	      diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \
++	      if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
++	      rm result.$$name error.$$name ; \
++	  fi ; fi ; done)
+ 	@echo "## Error cases stream regression tests"
+ 	-@(for i in $(srcdir)/test/errors/*.xml ; do \
+ 	  name=`basename $$i`; \
+diff --git a/parser.c b/parser.c
+index df2efa55..a175ac4e 100644
+--- a/parser.c
++++ b/parser.c
+@@ -2121,7 +2121,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) {
+ 	ctxt->input->line++; ctxt->input->col = 1;			\
+     } else ctxt->input->col++;						\
+     ctxt->input->cur += l;				\
+-    if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt);	\
+   } while (0)
+ 
+ #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l)
+@@ -3412,13 +3411,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+ 	    len += l;
+ 	    NEXTL(l);
+ 	    c = CUR_CHAR(l);
+-	    if (c == 0) {
+-		count = 0;
+-		GROW;
+-                if (ctxt->instate == XML_PARSER_EOF)
+-                    return(NULL);
+-		c = CUR_CHAR(l);
+-	    }
+ 	}
+     }
+     if ((len > XML_MAX_NAME_LENGTH) &&
+@@ -3426,6 +3418,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+         xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
+         return(NULL);
+     }
++    if (ctxt->input->cur - ctxt->input->base < len) {
++        /*
++         * There were a couple of bugs where PERefs lead to to a change
++         * of the buffer. Check the buffer size to avoid passing an invalid
++         * pointer to xmlDictLookup.
++         */
++        xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
++                    "unexpected change of input buffer");
++        return (NULL);
++    }
+     if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r'))
+         return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len));
+     return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
+diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml
+new file mode 100644
+index 00000000..e69de29b
+diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err
+new file mode 100644
+index 00000000..da15c3f7
+--- /dev/null
++++ b/result/errors10/781205.xml.err
+@@ -0,0 +1,21 @@
++Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
++
++ %a; 
++    ^
++Entity: line 1: 
++<:0000
++^
++Entity: line 1: parser error : DOCTYPE improperly terminated
++ %a; 
++    ^
++Entity: line 1: 
++<:0000
++^
++namespace error : Failed to parse QName ':0000'
++ %a; 
++    ^
++<:0000
++      ^
++./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1
++
++^
+diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml
+new file mode 100644
+index 00000000..e69de29b
+diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err
+new file mode 100644
+index 00000000..655f41a2
+--- /dev/null
++++ b/result/errors10/781361.xml.err
+@@ -0,0 +1,13 @@
++./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected
++
++^
++./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
++
++
++^
++./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated
++
++^
++./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found
++
++^
+diff --git a/result/valid/766956.xml b/result/valid/766956.xml
+new file mode 100644
+index 00000000..e69de29b
+diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err
+new file mode 100644
+index 00000000..34b1dae6
+--- /dev/null
++++ b/result/valid/766956.xml.err
+@@ -0,0 +1,9 @@
++test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
++%ä%ent;
++   ^
++Entity: line 1: parser error : Content error in the external subset
++ %ent; 
++      ^
++Entity: line 1: 
++value
++^
+diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr
+new file mode 100644
+index 00000000..77603462
+--- /dev/null
++++ b/result/valid/766956.xml.err.rdr
+@@ -0,0 +1,10 @@
++test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
++%ä%ent;
++   ^
++Entity: line 1: parser error : Content error in the external subset
++ %ent; 
++      ^
++Entity: line 1: 
++value
++^
++./test/valid/766956.xml : failed to parse
+diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml
+new file mode 100644
+index 00000000..d9e9e839
+--- /dev/null
++++ b/test/errors10/781205.xml
+@@ -0,0 +1,3 @@
++<!DOCTYPE D [
++  <!ENTITY % a "<:0000">
++  %a;
+diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml
+new file mode 100644
+index 00000000..67476bcb
+--- /dev/null
++++ b/test/errors10/781361.xml
+@@ -0,0 +1,3 @@
++<!DOCTYPE doc [
++  <!ENTITY % elem "<!ELEMENT e0000000000">
++  %elem;
+diff --git a/test/valid/766956.xml b/test/valid/766956.xml
+new file mode 100644
+index 00000000..19a95a0e
+--- /dev/null
++++ b/test/valid/766956.xml
+@@ -0,0 +1,2 @@
++<!DOCTYPE test SYSTEM "dtds/766956.dtd">
++<test/>
+diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd
+new file mode 100644
+index 00000000..dddde68b
+--- /dev/null
++++ b/test/valid/dtds/766956.dtd
+@@ -0,0 +1,2 @@
++<!ENTITY % ent "value">
++%ä%ent;
+-- 
+2.14.1
+
diff --git a/gnu/packages/patches/libzip-CVE-2017-12858.patch b/gnu/packages/patches/libzip-CVE-2017-12858.patch
deleted file mode 100644
index 8125173f95..0000000000
--- a/gnu/packages/patches/libzip-CVE-2017-12858.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-Fix CVE-2017-12858:
-
-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12858
-
-Patch copied from upstream source repository:
-
-https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796
-
-From 2217022b7d1142738656d891e00b3d2d9179b796 Mon Sep 17 00:00:00 2001
-From: Thomas Klausner <tk@giga.or.at>
-Date: Mon, 14 Aug 2017 10:55:44 +0200
-Subject: [PATCH] Fix double free().
-
-Found by Brian 'geeknik' Carpenter using AFL.
----
- THANKS           | 1 +
- lib/zip_dirent.c | 3 ---
- 2 files changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/THANKS b/THANKS
-index be0cca9..a80ee1d 100644
---- a/THANKS
-+++ b/THANKS
-@@ -12,6 +12,7 @@ BALATON Zoltan <balaton@eik.bme.hu>
- Benjamin Gilbert <bgilbert@backtick.net>
- Boaz Stolk <bstolk@aweta.nl>
- Bogdan <bogiebog@gmail.com>
-+Brian 'geeknik' Carpenter <geeknik@protonmail.ch>
- Chris Nehren <cnehren+libzip@pobox.com>
- Coverity <info@coverity.com>
- Dane Springmeyer <dane.springmeyer@gmail.com>
-diff --git a/lib/zip_dirent.c b/lib/zip_dirent.c
-index a369900..e5a7cc9 100644
---- a/lib/zip_dirent.c
-+++ b/lib/zip_dirent.c
-@@ -579,9 +579,6 @@ _zip_dirent_read(zip_dirent_t *zde, zip_source_t *src, zip_buffer_t *buffer, boo
-     }
- 
-     if (!_zip_dirent_process_winzip_aes(zde, error)) {
--	if (!from_buffer) {
--	    _zip_buffer_free(buffer);
--	}
- 	return -1;
-     }
- 
diff --git a/gnu/packages/patches/meson-for-build-rpath.patch b/gnu/packages/patches/meson-for-build-rpath.patch
new file mode 100644
index 0000000000..4e20c9aed3
--- /dev/null
+++ b/gnu/packages/patches/meson-for-build-rpath.patch
@@ -0,0 +1,24 @@
+This patch removes a part of meson that clears the rpath upon installation.
+This will only be applied to a special version of meson, used for the
+meson-build-system.
+
+Patch by Peter Mikkelsen <petermikkelsen10@gmail.com>
+
+--- meson-0.42.0/mesonbuild/scripts/meson_install.py.orig	2017-09-09 01:49:39.147374148 +0200
++++ meson-0.42.0/mesonbuild/scripts/meson_install.py	2017-09-09 01:51:01.209134717 +0200
+@@ -345,15 +345,6 @@
+                     print("Symlink creation does not work on this platform. "
+                           "Skipping all symlinking.")
+                     printed_symlink_error = True
+-        if is_elf_platform() and os.path.isfile(outname):
+-            try:
+-                e = depfixer.Elf(outname, False)
+-                e.fix_rpath(install_rpath)
+-            except SystemExit as e:
+-                if isinstance(e.code, int) and e.code == 0:
+-                    pass
+-                else:
+-                    raise
+
+ def run(args):
+     global install_log_file
diff --git a/gnu/packages/patches/metabat-fix-boost-issue.patch b/gnu/packages/patches/metabat-fix-boost-issue.patch
deleted file mode 100644
index 3382d84d66..0000000000
--- a/gnu/packages/patches/metabat-fix-boost-issue.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-This patch fixes the issue described at
-https://bitbucket.org/berkeleylab/metabat/issues/28/compilation-fail-with-boost-164
-
-diff --git a/src/metabat.h b/src/metabat.h
-index 32ae94c..2292c04 100644
---- a/src/metabat.h
-+++ b/src/metabat.h
-@@ -35,6 +35,7 @@ KSEQ_INIT(gzFile, gzread)
- 
- #include <boost/program_options.hpp>
- #include <boost/algorithm/string.hpp>
-+#include <boost/serialization/array_wrapper.hpp>
- #include <boost/numeric/ublas/matrix.hpp>
- #include <boost/math/distributions.hpp>
- #include <boost/serialization/serialization.hpp>
-diff --git a/src/metabat2.h b/src/metabat2.h
-index 60a9998..19fa815 100644
---- a/src/metabat2.h
-+++ b/src/metabat2.h
-@@ -41,6 +41,7 @@ KSEQ_INIT(gzFile, gzread)
- 
- #include <boost/program_options.hpp>
- #include <boost/algorithm/string.hpp>
-+#include <boost/serialization/array_wrapper.hpp>
- #include <boost/numeric/ublas/matrix.hpp>
- #include <boost/numeric/ublas/matrix_sparse.hpp>
- #include <boost/numeric/ublas/matrix_proxy.hpp>
diff --git a/gnu/packages/patches/metabat-remove-compilation-date.patch b/gnu/packages/patches/metabat-remove-compilation-date.patch
deleted file mode 100644
index 7672205b22..0000000000
--- a/gnu/packages/patches/metabat-remove-compilation-date.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Remove the reference to the compilation date so that the build is
-reproducible.
-
-diff --git a/src/metabat.cpp b/src/metabat.cpp
-index 88e06de..c95cb1a 100644
---- a/src/metabat.cpp
-+++ b/src/metabat.cpp
-@@ -49,7 +49,7 @@ int main(int ac, char* av[]) {
- 	po::notify(vm);
- 
- 	if (vm.count("help") || inFile.length() == 0 || outFile.length() == 0) {
--		cerr << "\nMetaBAT: Metagenome Binning based on Abundance and Tetranucleotide frequency (version " << version << "; " << __DATE__ << " " << __TIME__ << ")" << endl;
-+		cerr << "\nMetaBAT: Metagenome Binning based on Abundance and Tetranucleotide frequency (version " << version << "; unknown compilation date)" << endl;
- 		cerr << "by Don Kang (ddkang@lbl.gov), Jeff Froula, Rob Egan, and Zhong Wang (zhongwang@lbl.gov) \n" << endl;
- 		cerr << desc << endl << endl;
- 
diff --git a/gnu/packages/patches/multiqc-fix-git-subprocess-error.patch b/gnu/packages/patches/multiqc-fix-git-subprocess-error.patch
deleted file mode 100644
index 87be6142f4..0000000000
--- a/gnu/packages/patches/multiqc-fix-git-subprocess-error.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Without this patch, the incorrect exception is caught when 'git' is not in
-PATH.  See https://github.com/ewels/MultiQC/pull/377.
-
-diff --git a/multiqc/utils/config.py b/multiqc/utils/config.py
-index 01fa554..4a11793 100755
---- a/multiqc/utils/config.py
-+++ b/multiqc/utils/config.py
-@@ -28,7 +28,7 @@ try:
-     git_hash = subprocess.check_output(['git', 'rev-parse', 'HEAD'], stderr=subprocess.STDOUT)
-     git_hash_short = git_hash[:7]
-     version = '{} ({})'.format(version, git_hash_short)
--except subprocess.CalledProcessError:
-+except (subprocess.CalledProcessError, FileNotFoundError):
-     pass
- os.chdir(cwd)
- 
diff --git a/gnu/packages/patches/newsbeuter-CVE-2017-14500.patch b/gnu/packages/patches/newsbeuter-CVE-2017-14500.patch
new file mode 100644
index 0000000000..449105e42a
--- /dev/null
+++ b/gnu/packages/patches/newsbeuter-CVE-2017-14500.patch
@@ -0,0 +1,43 @@
+https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333.patch
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14500
+
+From 26f5a4350f3ab5507bb8727051c87bb04660f333 Mon Sep 17 00:00:00 2001
+From: Alexander Batischev <eual.jp@gmail.com>
+Date: Sat, 16 Sep 2017 19:31:43 +0300
+Subject: [PATCH] Work around shell code in podcast names (#598)
+
+---
+ src/pb_controller.cpp | 6 +++---
+ src/queueloader.cpp   | 2 +-
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/pb_controller.cpp b/src/pb_controller.cpp
+index 09b5e897..213216cd 100644
+--- a/src/pb_controller.cpp
++++ b/src/pb_controller.cpp
+@@ -306,9 +306,9 @@ void pb_controller::play_file(const std::string& file) {
+ 	if (player == "")
+ 		return;
+ 	cmdline.append(player);
+-	cmdline.append(" \"");
+-	cmdline.append(utils::replace_all(file,"\"", "\\\""));
+-	cmdline.append("\"");
++	cmdline.append(" \'");
++	cmdline.append(utils::replace_all(file,"'", "%27"));
++	cmdline.append("\'");
+ 	stfl::reset();
+ 	LOG(LOG_DEBUG, "pb_controller::play_file: running `%s'", cmdline.c_str());
+ 	::system(cmdline.c_str());
+diff --git a/src/queueloader.cpp b/src/queueloader.cpp
+index c1dabdd8..ae725e04 100644
+--- a/src/queueloader.cpp
++++ b/src/queueloader.cpp
+@@ -130,7 +130,7 @@ std::string queueloader::get_filename(const std::string& str) {
+ 		strftime(lbuf, sizeof(lbuf), "%Y-%b-%d-%H%M%S.unknown", localtime(&t));
+ 		fn.append(lbuf);
+ 	} else {
+-		fn.append(base);
++		fn.append(utils::replace_all(base, "'", "%27"));
+ 	}
+ 	return fn;
+ }
diff --git a/gnu/packages/patches/node-9077.patch b/gnu/packages/patches/node-9077.patch
deleted file mode 100644
index 6b71d48c0e..0000000000
--- a/gnu/packages/patches/node-9077.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From fc164acbbb700fd50ab9c04b47fc1b2687e9c0f4 Mon Sep 17 00:00:00 2001
-From: "Bradley T. Hughes" <bradleythughes@fastmail.fm>
-Date: Thu, 13 Oct 2016 07:38:38 +0000
-Subject: [PATCH] build: add -DZLIB_CONST when building with --shared-zlib
-
-Commit 782620f added the define only when building with the bundled
-zlib. Using a shared zlib results in build breakage:
-
-../src/inspector_agent.cc:179:16: error: assigning to 'Bytef *' (aka 'unsigned char *') from incompatible type
-      'const uint8_t *' (aka 'const unsigned char *')
-  strm.next_in = PROTOCOL_JSON + 3;
-               ^ ~~~~~~~~~~~~~~~~~
-1 error generated.
----
- node.gyp | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/node.gyp b/node.gyp
-index 272dc98..667c260 100644
---- a/node.gyp
-+++ b/node.gyp
-@@ -653,7 +653,8 @@
-             [ 'node_shared_zlib=="false"', {
-               'dependencies': [
-                 'deps/zlib/zlib.gyp:zlib',
--              ]
-+              ]}, {
-+              'defines': [ 'ZLIB_CONST' ],
-             }],
-             [ 'node_shared_openssl=="false"', {
-               'dependencies': [
diff --git a/gnu/packages/patches/ocaml-graph-honor-source-date-epoch.patch b/gnu/packages/patches/ocaml-graph-honor-source-date-epoch.patch
new file mode 100644
index 0000000000..9f8713e3d3
--- /dev/null
+++ b/gnu/packages/patches/ocaml-graph-honor-source-date-epoch.patch
@@ -0,0 +1,34 @@
+From 354ef78aac0b887fae3c10b28eb2b0d83f66bdfe Mon Sep 17 00:00:00 2001
+From: Julien Lepiller <julien@lepiller.eu>
+Date: Mon, 2 Jan 2017 17:05:24 +0100
+Subject: [PATCH] Honor SOURCE_DATE_EPOCH
+
+---
+ Makefile.in | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index a32b4b8..ef4c174 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -113,11 +113,16 @@ graph.cmx: $(CMI) $(CMX)
+	$(OCAMLOPT) $(INCLUDES) -pack -o $@ $^
+ 
+ VERSION=1.8.7
++ifdef SOURCE_DATE_EPOCH
++BUILD_DATE=$(shell date -u -d "@$(SOURCE_DATE_EPOCH)" 2>/dev/null || date -u -r "$(SOURCE_DATE_EPOCH)" 2>/dev/null || date)
++else
++BUILD_DATE=$(shell date)
++endif
+ 
+ src/version.ml: Makefile
+	rm -f $@
+	echo "let version = \""$(VERSION)"\"" > $@
+-	echo "let date = \""`date`"\"" >> $@
++	echo "let date = \""$(BUILD_DATE)"\"" >> $@
+ 
+ # gtk2 graph editor
+ ###################
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/openfoam-4.1-cleanup.patch b/gnu/packages/patches/openfoam-4.1-cleanup.patch
new file mode 100644
index 0000000000..37effa5c9c
--- /dev/null
+++ b/gnu/packages/patches/openfoam-4.1-cleanup.patch
@@ -0,0 +1,243 @@
+# This patch removes all need for the ThirdParty files of OpenFOAM.
+
+# Derived from EasyBuild patch by Ward Poelmans <wpoely86@gmail.com>.
+# Modified for GNU Guix by Paul Garlick <pgarlick@tourbillion-technology.com>.
+
+diff -ur OpenFOAM-4.x-version-4.1.org/applications/utilities/mesh/manipulation/setSet/Allwmake OpenFOAM-4.x-version-4.1/applications/utilities/mesh/manipulation/setSet/Allwmake
+--- OpenFOAM-4.x-version-4.1.org/applications/utilities/mesh/manipulation/setSet/Allwmake
++++ OpenFOAM-4.x-version-4.1/applications/utilities/mesh/manipulation/setSet/Allwmake
+@@ -9,7 +9,7 @@
+ #
+ # use readline if available
+ #
+-if [ -f /usr/include/readline/readline.h ]
++if true
+ then
+     echo "Found <readline/readline.h>  --  enabling readline support."
+     export COMP_FLAGS="-DHAS_READLINE"
+diff -ur OpenFOAM-4.x-version-4.1.org/etc/bashrc OpenFOAM-4.x-version-4.1/etc/bashrc
+--- OpenFOAM-4.x-version-4.1.org/etc/bashrc
++++ OpenFOAM-4.x-version-4.1/etc/bashrc
+@@ -43,8 +43,10 @@
+ # Please set to the appropriate path if the default is not correct.
+ #
+ [ $BASH_SOURCE ] && \
+-export FOAM_INST_DIR=$(cd ${BASH_SOURCE%/*/*/*} && pwd -P) || \
++export FOAM_INST_DIR=$(cd $(dirname $BASH_SOURCE)/../.. && pwd -P) || \
+ export FOAM_INST_DIR=$HOME/$WM_PROJECT
++# For GNU Guix: set initially for build then re-set at runtime
++#
+ # export FOAM_INST_DIR=~$WM_PROJECT
+ # export FOAM_INST_DIR=/opt/$WM_PROJECT
+ # export FOAM_INST_DIR=/usr/local/$WM_PROJECT
+diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/CGAL OpenFOAM-4.x-version-4.1/etc/config.sh/CGAL
+--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/CGAL
++++ OpenFOAM-4.x-version-4.1/etc/config.sh/CGAL
+@@ -36,37 +36,7 @@
+ #
+ #------------------------------------------------------------------------------
+
+-boost_version=boost-system
+-cgal_version=cgal-system
+-#cgal_version=CGAL-4.8
+-
+-if [ -z "$SOURCE_CGAL_VERSIONS_ONLY" ]
+-then
+-
+-    common_path=$WM_THIRD_PARTY_DIR/platforms/$WM_ARCH$WM_COMPILER
+-
+-    export BOOST_ARCH_PATH=$common_path/$boost_version
+-    export CGAL_ARCH_PATH=$common_path/$cgal_version
+-
+-    if [ "$FOAM_VERBOSE" -a "$PS1" ]
+-    then
+-        echo "Using CGAL and boost" 1>&2
+-        echo "    $cgal_version at $CGAL_ARCH_PATH" 1>&2
+-        echo "    $boost_version at $BOOST_ARCH_PATH" 1>&2
+-    fi
+-
+-    if [ -d "$CGAL_ARCH_PATH" -a "$cgal_version" != "cgal-system" ]
+-    then
+-        _foamAddLib $CGAL_ARCH_PATH/lib
+-    fi
+-
+-    if [ -d "$BOOST_ARCH_PATH" -a "$boost_version" != "boost-system" ]
+-    then
+-        _foamAddLib $BOOST_ARCH_PATH/lib
+-    fi
+-
+-    unset boost_version cgal_version common_path
+-
+-fi
++export CGAL_ARCH_PATH=$CGAL_ROOT
++export BOOST_ARCH_PATH=$BOOST_ROOT
+
+ #------------------------------------------------------------------------------
+diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/gperftools OpenFOAM-4.x-version-4.1/etc/config.sh/gperftools
+--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/gperftools
++++ OpenFOAM-4.x-version-4.1/etc/config.sh/gperftools
+@@ -29,13 +29,5 @@
+ #
+ #------------------------------------------------------------------------------
+
+-version=svn
+-gperftools_install=$WM_THIRD_PARTY_DIR/platforms/$WM_ARCH$WM_COMPILER
+-
+-GPERFTOOLS_VERSION=gperftools-$version
+-GPERFTOOLS_ARCH_PATH=$gperftools_install/$GPERFTOOLS_VERSION
+-
+-export PATH=$GPERFTOOLS_ARCH_PATH/bin:$PATH
+-export LD_LIBRARY_PATH=$GPERFTOOLS_ARCH_PATH/lib:$LD_LIBRARY_PATH
+
+ #------------------------------------------------------------------------------
+diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/metis OpenFOAM-4.x-version-4.1/etc/config.sh/metis
+--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/metis
++++ OpenFOAM-4.x-version-4.1/etc/config.sh/metis
+@@ -34,7 +34,7 @@
+ #
+ #------------------------------------------------------------------------------
+
+-export METIS_VERSION=metis-5.1.0
+-export METIS_ARCH_PATH=$WM_THIRD_PARTY_DIR/platforms/$WM_ARCH$WM_COMPILER$WM_PRECISION_OPTION$WM_LABEL_OPTION/$METIS_VERSION
++export METIS_VERSION=metis-$METISVERSION
++export METIS_ARCH_PATH=$METIS_ROOT
+
+ #------------------------------------------------------------------------------
+diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/scotch OpenFOAM-4.x-version-4.1/etc/config.sh/scotch
+--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/scotch
++++ OpenFOAM-4.x-version-4.1/etc/config.sh/scotch
+@@ -37,7 +37,7 @@
+ #
+ #------------------------------------------------------------------------------
+
+-export SCOTCH_VERSION=scotch_6.0.3
+-export SCOTCH_ARCH_PATH=$WM_THIRD_PARTY_DIR/platforms/$WM_ARCH$WM_COMPILER$WM_PRECISION_OPTION$WM_LABEL_OPTION/$SCOTCH_VERSION
++export SCOTCH_VERSION=scotch_$SCOTCHVERSION
++export SCOTCH_ARCH_PATH=$SCOTCH_ROOT
+
+ #------------------------------------------------------------------------------
+diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/settings OpenFOAM-4.x-version-4.1/etc/config.sh/settings
+--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/settings
++++ OpenFOAM-4.x-version-4.1/etc/config.sh/settings
+@@ -279,6 +279,9 @@
+     ;;
+ system)
+     # Use system compiler
++    # Use system GMP and MPFR packages
++    export GMP_ARCH_PATH=$GMP_ROOT
++    export MPFR_ARCH_PATH=$MPFR_ROOT
+     ;;
+ *)
+     echo "Warn: WM_COMPILER_TYPE='$WM_COMPILER_TYPE' is unsupported" 1>&2
+diff -ur OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/ptscotchDecomp/Make/options OpenFOAM-4.x-version-4.1/src/parallel/decompose/ptscotchDecomp/Make/options
+--- OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/ptscotchDecomp/Make/options
++++ OpenFOAM-4.x-version-4.1/src/parallel/decompose/ptscotchDecomp/Make/options
+@@ -5,8 +5,7 @@
+     $(PFLAGS) $(PINC) \
+     -I$(SCOTCH_ROOT)/include \
+     -I$(SCOTCH_ARCH_PATH)/include/$(FOAM_MPI) \
+-    -I/usr/include/scotch \
+     -I../decompositionMethods/lnInclude
+
+ LIB_LIBS = \
+-    -L$(SCOTCH_ROOT)/lib -L$(FOAM_EXT_LIBBIN)/$(FOAM_MPI) -lptscotch -lptscotcherrexit -lscotch ${LINK_FLAGS} -lrt
++    -L$(SCOTCH_ROOT)/lib -L$(MPI_ARCH_PATH)/lib -lptscotch -lptscotcherrexit -lscotch ${LINK_FLAGS} -lrt
+diff -ur OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/scotchDecomp/Make/options OpenFOAM-4.x-version-4.1/src/parallel/decompose/scotchDecomp/Make/options
+--- OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/scotchDecomp/Make/options
++++ OpenFOAM-4.x-version-4.1/src/parallel/decompose/scotchDecomp/Make/options
+@@ -9,8 +9,7 @@
+     $(PFLAGS) $(PINC) \
+     -I$(SCOTCH_ROOT)/include \
+     -I$(SCOTCH_ARCH_PATH)/include \
+-    -I/usr/include/scotch \
+     -I../decompositionMethods/lnInclude
+
+ LIB_LIBS = \
+-    -L$(SCOTCH_ROOT)/lib -L$(FOAM_EXT_LIBBIN) -lscotch -lscotcherrexit -lrt
++    -L$(SCOTCH_ROOT)/lib -lscotch -lscotcherrexit -lrt
+diff -ur OpenFOAM-4.x-version-4.1.org/wmake/makefiles/general OpenFOAM-4.x-version-4.1/wmake/makefiles/general
+--- OpenFOAM-4.x-version-4.1.org/wmake/makefiles/general
++++ OpenFOAM-4.x-version-4.1/wmake/makefiles/general
+@@ -33,7 +33,6 @@
+ # The Makefile uses a POSIX shell
+ #------------------------------------------------------------------------------
+ 
+-SHELL           = /bin/sh
+ 
+ 
+ #------------------------------------------------------------------------------
+diff -ur OpenFOAM-4.x-version-4.1.org/wmake/wmake OpenFOAM-4.x-version-4.1/wmake/wmake
+--- OpenFOAM-4.x-version-4.1.org/wmake/wmake
++++ OpenFOAM-4.x-version-4.1/wmake/wmake
+@@ -163,7 +163,7 @@
+ then
+     if [ "$WM_NCOMPPROCS" -gt 1 -a ! "$MAKEFLAGS" ]
+     then
+-        lockDir=$HOME/.$WM_PROJECT/.wmake
++        lockDir=$(cd $(dirname $BASH_SOURCE)/../.. && pwd -P)/.$WM_PROJECT/.wmake
+ 
+         if [ -d $lockDir ]
+         then
+diff -ur OpenFOAM-4.x-version-4.1.org/wmake/wmakeScheduler OpenFOAM-4.x-version-4.1/wmake/wmakeScheduler
+--- OpenFOAM-4.x-version-4.1.org/wmake/wmakeScheduler
++++ OpenFOAM-4.x-version-4.1/wmake/wmakeScheduler
+@@ -53,7 +53,7 @@
+ # csh sets HOST, bash sets HOSTNAME
+ : ${HOST:=$HOSTNAME}
+ 
+-lockDir=$HOME/.$WM_PROJECT/.wmake
++lockDir=$(cd $(dirname $BASH_SOURCE)/../.. && pwd -P)/.$WM_PROJECT/.wmake
+ 
+ # Fallback - 1 core on current host
+ : ${WM_HOSTS:=$HOST:1}
+diff -ur OpenFOAM-4.x-version-4.1.org/wmake/wmakeSchedulerUptime OpenFOAM-4.x-version-4.1/wmake/wmakeSchedulerUptime
+--- OpenFOAM-4.x-version-4.1.org/wmake/wmakeSchedulerUptime
++++ OpenFOAM-4.x-version-4.1/wmake/wmakeSchedulerUptime
+@@ -53,7 +53,7 @@
+ # csh sets HOST, bash sets HOSTNAME
+ : ${HOST:=$HOSTNAME}
+ 
+-lockDir=$HOME/.$WM_PROJECT/.wmake
++lockDir=$(cd $(dirname $BASH_SOURCE)/../.. && pwd -P)/.$WM_PROJECT/.wmake
+ # Fallback - 1 core on current host
+ : ${WM_HOSTS:=$HOST:1}
+ 
+diff -ur OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/metisDecomp/metisDecomp.C OpenFOAM-4.x-version-4.1/src/parallel/decompose/metisDecomp/metisDecomp.C
+--- OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/metisDecomp/metisDecomp.C
++++ OpenFOAM-4.x-version-4.1/src/parallel/decompose/metisDecomp/metisDecomp.C
+@@ -67,7 +67,7 @@
+ 
+     // Processor weights initialised with no size, only used if specified in
+     // a file
+-    Field<scalar> processorWeights;
++    Field<floatScalar> processorWeights;
+ 
+     // Cell weights (so on the vertices of the dual)
+     List<label> cellWeights;
+diff -ur OpenFOAM-4.x-version-4.1.org/wmake/rules/General/CGAL OpenFOAM-4.x-version-4.1/wmake/rules/General/CGAL
+--- OpenFOAM-4.x-version-4.1.org/wmake/rules/General/CGAL
++++ OpenFOAM-4.x-version-4.1/wmake/rules/General/CGAL
+@@ -6,9 +6,10 @@
+     -I/usr/include
+ 
+ CGAL_LIBS = \
+-    -L$(MPFR_ARCH_PATH)/lib$(WM_COMPILER_LIB_ARCH) \
+-    -L$(GMP_ARCH_PATH)/lib$(WM_COMPILER_LIB_ARCH) \
++    -L$(MPFR_ARCH_PATH)/lib \
++    -L$(GMP_ARCH_PATH)/lib \
+     -L$(BOOST_ARCH_PATH)/lib \
+     -L$(CGAL_ARCH_PATH)/lib \
+     -lCGAL \
++    -lgmp \
+     -lmpfr
+diff -ur OpenFOAM-4.x-version-4.1.org/wmake/rules/linux64Gcc/c++ OpenFOAM-4.x-version-4.1/wmake/rules/linux64Gcc/c++
+--- OpenFOAM-4.x-version-4.1.org/wmake/rules/linux64Gcc/c++
++++ OpenFOAM-4.x-version-4.1/wmake/rules/linux64Gcc/c++
+@@ -20,5 +20,5 @@
+
+ LINK_LIBS   = $(c++DBUG)
+
+-LINKLIBSO   = $(CC) $(c++FLAGS) -shared -Xlinker --add-needed -Xlinker --no-as-needed
+-LINKEXE     = $(CC) $(c++FLAGS) -Xlinker --add-needed -Xlinker --no-as-needed
++LINKLIBSO   = $(CC) $(c++FLAGS) $(LDFLAGS) -shared -Xlinker --add-needed -Xlinker --no-as-needed
++LINKEXE     = $(CC) $(c++FLAGS) $(LDFLAGS) -Xlinker --add-needed -Xlinker --no-as-needed
diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14040.patch b/gnu/packages/patches/openjpeg-CVE-2017-14040.patch
new file mode 100644
index 0000000000..bd7473ba0d
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-CVE-2017-14040.patch
@@ -0,0 +1,83 @@
+http://openwall.com/lists/oss-security/2017/08/28/3
+https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281.patch
+
+From 2cd30c2b06ce332dede81cccad8b334cde997281 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Thu, 17 Aug 2017 11:47:40 +0200
+Subject: [PATCH] tgatoimage(): avoid excessive memory allocation attempt, and
+ fixes unaligned load (#995)
+
+---
+ src/bin/jp2/convert.c | 39 +++++++++++++++++++++++++++------------
+ 1 file changed, 27 insertions(+), 12 deletions(-)
+
+diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
+index a4eb81f6a..73dfc8d5f 100644
+--- a/src/bin/jp2/convert.c
++++ b/src/bin/jp2/convert.c
+@@ -580,13 +580,10 @@ struct tga_header {
+ };
+ #endif /* INFORMATION_ONLY */
+ 
+-static unsigned short get_ushort(const unsigned char *data)
++/* Returns a ushort from a little-endian serialized value */
++static unsigned short get_tga_ushort(const unsigned char *data)
+ {
+-    unsigned short val = *(const unsigned short *)data;
+-#ifdef OPJ_BIG_ENDIAN
+-    val = ((val & 0xffU) << 8) | (val >> 8);
+-#endif
+-    return val;
++    return data[0] | (data[1] << 8);
+ }
+ 
+ #define TGA_HEADER_SIZE 18
+@@ -613,17 +610,17 @@ static int tga_readheader(FILE *fp, unsigned int *bits_per_pixel,
+     id_len = tga[0];
+     /*cmap_type = tga[1];*/
+     image_type = tga[2];
+-    /*cmap_index = get_ushort(&tga[3]);*/
+-    cmap_len = get_ushort(&tga[5]);
++    /*cmap_index = get_tga_ushort(&tga[3]);*/
++    cmap_len = get_tga_ushort(&tga[5]);
+     cmap_entry_size = tga[7];
+ 
+ 
+ #if 0
+-    x_origin = get_ushort(&tga[8]);
+-    y_origin = get_ushort(&tga[10]);
++    x_origin = get_tga_ushort(&tga[8]);
++    y_origin = get_tga_ushort(&tga[10]);
+ #endif
+-    image_w = get_ushort(&tga[12]);
+-    image_h = get_ushort(&tga[14]);
++    image_w = get_tga_ushort(&tga[12]);
++    image_h = get_tga_ushort(&tga[14]);
+     pixel_depth = tga[16];
+     image_desc  = tga[17];
+ 
+@@ -817,6 +814,24 @@ opj_image_t* tgatoimage(const char *filename, opj_cparameters_t *parameters)
+         color_space = OPJ_CLRSPC_SRGB;
+     }
+ 
++    /* If the declared file size is > 10 MB, check that the file is big */
++    /* enough to avoid excessive memory allocations */
++    if (image_height != 0 && image_width > 10000000 / image_height / numcomps) {
++        char ch;
++        OPJ_UINT64 expected_file_size =
++            (OPJ_UINT64)image_width * image_height * numcomps;
++        long curpos = ftell(f);
++        if (expected_file_size > (OPJ_UINT64)INT_MAX) {
++            expected_file_size = (OPJ_UINT64)INT_MAX;
++        }
++        fseek(f, (long)expected_file_size - 1, SEEK_SET);
++        if (fread(&ch, 1, 1, f) != 1) {
++            fclose(f);
++            return NULL;
++        }
++        fseek(f, curpos, SEEK_SET);
++    }
++
+     subsampling_dx = parameters->subsampling_dx;
+     subsampling_dy = parameters->subsampling_dy;
+ 
diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14041.patch b/gnu/packages/patches/openjpeg-CVE-2017-14041.patch
new file mode 100644
index 0000000000..6e3fccf3c0
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-CVE-2017-14041.patch
@@ -0,0 +1,25 @@
+http://openwall.com/lists/oss-security/2017/08/28/4
+https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9.patch
+
+From e5285319229a5d77bf316bb0d3a6cbd3cb8666d9 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Fri, 18 Aug 2017 13:39:20 +0200
+Subject: [PATCH] pgxtoimage(): fix write stack buffer overflow (#997)
+
+---
+ src/bin/jp2/convert.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
+index 5459f7d44..e606c9be7 100644
+--- a/src/bin/jp2/convert.c
++++ b/src/bin/jp2/convert.c
+@@ -1185,7 +1185,7 @@ opj_image_t* pgxtoimage(const char *filename, opj_cparameters_t *parameters)
+     }
+ 
+     fseek(f, 0, SEEK_SET);
+-    if (fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1,
++    if (fscanf(f, "PG%31[ \t]%c%c%31[ \t+-]%d%31[ \t]%d%31[ \t]%d", temp, &endian1,
+                &endian2, signtmp, &prec, temp, &w, temp, &h) != 9) {
+         fclose(f);
+         fprintf(stderr,
diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14151.patch b/gnu/packages/patches/openjpeg-CVE-2017-14151.patch
new file mode 100644
index 0000000000..4fcf6af6db
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-CVE-2017-14151.patch
@@ -0,0 +1,46 @@
+https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9.patch
+http://openwall.com/lists/oss-security/2017/09/06/1
+
+From afb308b9ccbe129608c9205cf3bb39bbefad90b9 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Mon, 14 Aug 2017 17:20:37 +0200
+Subject: [PATCH] Encoder: grow buffer size in
+ opj_tcd_code_block_enc_allocate_data() to avoid write heap buffer overflow in
+ opj_mqc_flush (#982)
+
+---
+ src/lib/openjp2/tcd.c                   | 7 +++++--
+ tests/nonregression/test_suite.ctest.in | 2 ++
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c
+index 301c7213e..53cdcf64d 100644
+--- a/src/lib/openjp2/tcd.c
++++ b/src/lib/openjp2/tcd.c
+@@ -1187,8 +1187,11 @@ static OPJ_BOOL opj_tcd_code_block_enc_allocate_data(opj_tcd_cblk_enc_t *
+ {
+     OPJ_UINT32 l_data_size;
+ 
+-    /* The +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */
+-    l_data_size = 1 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
++    /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */
++    /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */
++    /* TODO: is there a theoretical upper-bound for the compressed code */
++    /* block size ? */
++    l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
+                                    (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32));
+ 
+     if (l_data_size > p_code_block->data_size) {
+diff --git a/tests/nonregression/test_suite.ctest.in b/tests/nonregression/test_suite.ctest.in
+index aaf40d7d0..ffd964c2a 100644
+--- a/tests/nonregression/test_suite.ctest.in
++++ b/tests/nonregression/test_suite.ctest.in
+@@ -169,6 +169,8 @@ opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_ban
+ # Same rate as Bretagne2_4.j2k
+ opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_band_r800.j2k -t 2591,1943 -n 2 -r 800
+ 
++opj_compress -i @INPUT_NR_PATH@/issue982.bmp -o @TEMP_PATH@/issue982.j2k -n 1
++
+ # DECODER TEST SUITE
+ opj_decompress -i  @INPUT_NR_PATH@/Bretagne2.j2k -o @TEMP_PATH@/Bretagne2.j2k.pgx
+ opj_decompress -i  @INPUT_NR_PATH@/_00042.j2k -o @TEMP_PATH@/_00042.j2k.pgx
diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14152.patch b/gnu/packages/patches/openjpeg-CVE-2017-14152.patch
new file mode 100644
index 0000000000..6c083be123
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-CVE-2017-14152.patch
@@ -0,0 +1,38 @@
+https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154.patch
+http://openwall.com/lists/oss-security/2017/09/06/2
+
+From 4241ae6fbbf1de9658764a80944dc8108f2b4154 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Tue, 15 Aug 2017 11:55:58 +0200
+Subject: [PATCH] Fix assertion in debug mode / heap-based buffer overflow in
+ opj_write_bytes_LE for Cinema profiles with numresolutions = 1 (#985)
+
+---
+ src/lib/openjp2/j2k.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
+index a2521ebbc..54b490a8c 100644
+--- a/src/lib/openjp2/j2k.c
++++ b/src/lib/openjp2/j2k.c
+@@ -6573,10 +6573,16 @@ static void opj_j2k_set_cinema_parameters(opj_cparameters_t *parameters,
+ 
+     /* Precincts */
+     parameters->csty |= 0x01;
+-    parameters->res_spec = parameters->numresolution - 1;
+-    for (i = 0; i < parameters->res_spec; i++) {
+-        parameters->prcw_init[i] = 256;
+-        parameters->prch_init[i] = 256;
++    if (parameters->numresolution == 1) {
++        parameters->res_spec = 1;
++        parameters->prcw_init[0] = 128;
++        parameters->prch_init[0] = 128;
++    } else {
++        parameters->res_spec = parameters->numresolution - 1;
++        for (i = 0; i < parameters->res_spec; i++) {
++            parameters->prcw_init[i] = 256;
++            parameters->prch_init[i] = 256;
++        }
+     }
+ 
+     /* The progression order shall be CPRL */
diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14164.patch b/gnu/packages/patches/openjpeg-CVE-2017-14164.patch
new file mode 100644
index 0000000000..2bfc5a6a85
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-CVE-2017-14164.patch
@@ -0,0 +1,89 @@
+https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a.patch
+http://openwall.com/lists/oss-security/2017/09/06/3
+
+From dcac91b8c72f743bda7dbfa9032356bc8110098a Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Wed, 16 Aug 2017 17:09:10 +0200
+Subject: [PATCH] opj_j2k_write_sot(): fix potential write heap buffer overflow
+ (#991)
+
+---
+ src/lib/openjp2/j2k.c | 25 ++++++++++++++++++++-----
+ 1 file changed, 20 insertions(+), 5 deletions(-)
+
+diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
+index 54b490a8c..16915452e 100644
+--- a/src/lib/openjp2/j2k.c
++++ b/src/lib/openjp2/j2k.c
+@@ -832,13 +832,15 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2k_t *p_j2k,
+  * Writes the SOT marker (Start of tile-part)
+  *
+  * @param       p_j2k            J2K codec.
+- * @param       p_data           FIXME DOC
+- * @param       p_data_written   FIXME DOC
++ * @param       p_data           Output buffer
++ * @param       p_total_data_size Output buffer size
++ * @param       p_data_written   Number of bytes written into stream
+  * @param       p_stream         the stream to write data to.
+  * @param       p_manager        the user event manager.
+ */
+ static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k,
+                                   OPJ_BYTE * p_data,
++                                  OPJ_UINT32 p_total_data_size,
+                                   OPJ_UINT32 * p_data_written,
+                                   const opj_stream_private_t *p_stream,
+                                   opj_event_mgr_t * p_manager);
+@@ -4201,6 +4203,7 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2k_t *p_j2k,
+ 
+ static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k,
+                                   OPJ_BYTE * p_data,
++                                  OPJ_UINT32 p_total_data_size,
+                                   OPJ_UINT32 * p_data_written,
+                                   const opj_stream_private_t *p_stream,
+                                   opj_event_mgr_t * p_manager
+@@ -4214,6 +4217,12 @@ static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k,
+     OPJ_UNUSED(p_stream);
+     OPJ_UNUSED(p_manager);
+ 
++    if (p_total_data_size < 12) {
++        opj_event_msg(p_manager, EVT_ERROR,
++                      "Not enough bytes in output buffer to write SOT marker\n");
++        return OPJ_FALSE;
++    }
++
+     opj_write_bytes(p_data, J2K_MS_SOT,
+                     2);                                 /* SOT */
+     p_data += 2;
+@@ -11480,7 +11489,8 @@ static OPJ_BOOL opj_j2k_write_first_tile_part(opj_j2k_t *p_j2k,
+ 
+     l_current_nb_bytes_written = 0;
+     l_begin_data = p_data;
+-    if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream,
++    if (! opj_j2k_write_sot(p_j2k, p_data, p_total_data_size,
++                            &l_current_nb_bytes_written, p_stream,
+                             p_manager)) {
+         return OPJ_FALSE;
+     }
+@@ -11572,7 +11582,10 @@ static OPJ_BOOL opj_j2k_write_all_tile_parts(opj_j2k_t *p_j2k,
+         l_part_tile_size = 0;
+         l_begin_data = p_data;
+ 
+-        if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream,
++        if (! opj_j2k_write_sot(p_j2k, p_data,
++                                p_total_data_size,
++                                &l_current_nb_bytes_written,
++                                p_stream,
+                                 p_manager)) {
+             return OPJ_FALSE;
+         }
+@@ -11615,7 +11628,9 @@ static OPJ_BOOL opj_j2k_write_all_tile_parts(opj_j2k_t *p_j2k,
+             l_part_tile_size = 0;
+             l_begin_data = p_data;
+ 
+-            if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream,
++            if (! opj_j2k_write_sot(p_j2k, p_data,
++                                    p_total_data_size,
++                                    &l_current_nb_bytes_written, p_stream,
+                                     p_manager)) {
+                 return OPJ_FALSE;
+             }
diff --git a/gnu/packages/patches/openocd-nrf52.patch b/gnu/packages/patches/openocd-nrf52.patch
index 792575df78..0ec4348cb4 100644
--- a/gnu/packages/patches/openocd-nrf52.patch
+++ b/gnu/packages/patches/openocd-nrf52.patch
@@ -21,19 +21,19 @@ Signed-off-by: Michael Dietz <mjdietzx@gmail.com>
 ---
 
 diff --git a/src/flash/nor/Makefile.am b/src/flash/nor/Makefile.am
-index c167e8f..b6a2be3 100644
+index 727e4f2..839667c 100644
 --- a/src/flash/nor/Makefile.am
 +++ b/src/flash/nor/Makefile.am
-@@ -37,6 +37,7 @@ NOR_DRIVERS = \
- 	niietcm4.c \
- 	non_cfi.c \
- 	nrf51.c \
-+	nrf52.c \
- 	numicro.c \
- 	ocl.c \
- 	pic32mx.c \
+@@ -36,6 +36,7 @@ NOR_DRIVERS = \
+ 	%D%/niietcm4.c \
+ 	%D%/non_cfi.c \
+ 	%D%/nrf51.c \
++	%D%/nrf52.c \
+ 	%D%/numicro.c \
+ 	%D%/ocl.c \
+ 	%D%/pic32mx.c \
 diff --git a/src/flash/nor/drivers.c b/src/flash/nor/drivers.c
-index 56a5cb2..3e071bd 100644
+index 56a5cb2..071273e 100644
 --- a/src/flash/nor/drivers.c
 +++ b/src/flash/nor/drivers.c
 @@ -48,6 +48,7 @@ extern struct flash_driver mdr_flash;
@@ -48,7 +48,7 @@ index 56a5cb2..3e071bd 100644
  	&mrvlqspi_flash,
  	&niietcm4_flash,
  	&nrf51_flash,
-+	&nrf52_flash,
++       &nrf52_flash,
  	&numicro_flash,
  	&ocl_flash,
  	&pic32mx_flash,
@@ -792,47 +792,31 @@ index 0000000..7f2bd35
 +	.protect_check	= nrf52_protect_check,
 +};
 diff --git a/tcl/target/nrf52.cfg b/tcl/target/nrf52.cfg
-index c1cbf1a..a2567ff 100644
+index c1cbf1a..41a22ff 100644
 --- a/tcl/target/nrf52.cfg
 +++ b/tcl/target/nrf52.cfg
-@@ -5,15 +5,22 @@
- source [find target/swj-dp.tcl]
+@@ -10,6 +10,13 @@ if { [info exists CHIPNAME] } {
+ 	set _CHIPNAME nrf52
+ }
  
- if { [info exists CHIPNAME] } {
--	set _CHIPNAME $CHIPNAME
-+   set _CHIPNAME $CHIPNAME
- } else {
--	set _CHIPNAME nrf52
-+   set _CHIPNAME nrf52
-+}
-+
 +# Work-area is a space in RAM used for flash programming, by default use 16kB.
 +if { [info exists WORKAREASIZE] } {
-+   set _WORKAREASIZE $WORKAREASIZE
++        set _WORKAREASIZE $WORKAREASIZE
 +} else {
-+   set _WORKAREASIZE 0x4000
- }
- 
++        set _WORKAREASIZE 0x4000
++}
++
  if { [info exists CPUTAPID] } {
--	set _CPUTAPID $CPUTAPID
-+   set _CPUTAPID $CPUTAPID
+ 	set _CPUTAPID $CPUTAPID
  } else {
--	set _CPUTAPID 0x2ba01477
-+   set _CPUTAPID 0x2ba01477
- }
- 
- swj_newdap $_CHIPNAME cpu -expected-id $_CPUTAPID
-@@ -21,8 +28,15 @@ swj_newdap $_CHIPNAME cpu -expected-id $_CPUTAPID
- set _TARGETNAME $_CHIPNAME.cpu
+@@ -22,7 +29,15 @@ set _TARGETNAME $_CHIPNAME.cpu
  target create $_TARGETNAME cortex_m -chain-position $_TARGETNAME
  
--adapter_khz 10000
+ adapter_khz 10000
 +$_TARGETNAME configure -work-area-phys 0x20000000 -work-area-size $_WORKAREASIZE -work-area-backup 0
  
--if { ![using_hla] } {
--	cortex_m reset_config sysresetreq
-+if {![using_hla]} {
-+   cortex_m reset_config sysresetreq
+ if { ![using_hla] } {
+ 	cortex_m reset_config sysresetreq
  }
 +
 +flash bank $_CHIPNAME.flash nrf52 0x00000000 0 1 1 $_TARGETNAME
diff --git a/gnu/packages/patches/perl-text-markdown-discount-use-system-markdown.patch b/gnu/packages/patches/perl-text-markdown-discount-use-system-markdown.patch
new file mode 100644
index 0000000000..e0df632a04
--- /dev/null
+++ b/gnu/packages/patches/perl-text-markdown-discount-use-system-markdown.patch
@@ -0,0 +1,32 @@
+Description: Use the markdown library provided by the libmarkdown2 package.
+Author: Alessandro Ghedini <al3xbio@gmail.com>
+Origin: vendor
+Forwarded: not-needed
+Last-Update: 2012-01-01
+
+--- a/Makefile.PL
++++ b/Makefile.PL
+@@ -57,12 +57,6 @@
+ 
+ 
+ 
+-sub MY::postamble {
+-    return sprintf('
+-$(MYEXTLIB):
+-	%s
+-', qq{( cd $extdir; CC='cc -fPIC' sh configure.sh; make )\n});
+-}
+ 
+ WriteMakefile(
+     NAME              => 'Text::Markdown::Discount',
+@@ -71,8 +65,6 @@
+     ($] >= 5.005 ?
+       (ABSTRACT_FROM  => 'lib/Text/Markdown/Discount.pm',
+        AUTHOR         => 'Masayoshi Sekimura <sekimura@cpan.org>') : ()),
+-    LIBS               => '-L' . $extdir,
+-    INC               => '-I. -I' . $extdir,
+-    MYEXTLIB          => $myextlib,
+-    clean             => { FILES => $clean_files },
++    LIBS               => '-lmarkdown',
++    INC               => '-I.',
+ );
diff --git a/gnu/packages/patches/python2-larch-coverage-4.0a6-compatibility.patch b/gnu/packages/patches/python2-larch-coverage-4.0a6-compatibility.patch
new file mode 100644
index 0000000000..f1db5d7c3b
--- /dev/null
+++ b/gnu/packages/patches/python2-larch-coverage-4.0a6-compatibility.patch
@@ -0,0 +1,29 @@
+From ca548da9ba78ddee90779051210e3e89185e4f7d Mon Sep 17 00:00:00 2001
+From: Michel Alexandre Salim <michel@michel-slm.name>
+Date: Mon, 15 Feb 2016 23:03:42 +0700
+Subject: coverage-4.0a6 compatibility
+
+coverage 4.0a6 no longer generates .coverage file, so use -f when
+deleting .coverage to ensure deletion does not fail.
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+(limited to 'Makefile')
+
+diff --git a/Makefile b/Makefile
+index 7818f57..362c07f 100644
+--- a/Makefile
++++ b/Makefile
+@@ -23,7 +23,7 @@ fsck-larch.1: fsck-larch.1.in fsck-larch
+ 
+ check:
+ 	python -m CoverageTestRunner --ignore-missing-from=without-tests
+-	rm .coverage
++	rm -f .coverage
+ 	./insert-remove-test tempdir 100
+ 	rm -r tempdir larch.log
+ 	cmdtest tests
+-- 
+cgit v1.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-10664.patch b/gnu/packages/patches/qemu-CVE-2017-10664.patch
deleted file mode 100644
index 2b60de3dca..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-10664.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Fix CVE-2017-10664:
-
-https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02693.html
-https://bugzilla.redhat.com/show_bug.cgi?id=1466190
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10664
-https://security-tracker.debian.org/tracker/CVE-2017-10664
-
-Patch copied from upstream source repository:
-
-https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commitdiff;h=041e32b8d9d076980b4e35317c0339e57ab888f1
-
-diff --git a/qemu-nbd.c b/qemu-nbd.c
-index 9464a0461c..4dd3fd4732 100644
---- a/qemu-nbd.c
-+++ b/qemu-nbd.c
-@@ -581,6 +581,10 @@ int main(int argc, char **argv)
-     sa_sigterm.sa_handler = termsig_handler;
-     sigaction(SIGTERM, &sa_sigterm, NULL);
- 
-+#ifdef CONFIG_POSIX
-+    signal(SIGPIPE, SIG_IGN);
-+#endif
-+
-     module_call_init(MODULE_INIT_TRACE);
-     qcrypto_init(&error_fatal);
- 
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-10806.patch b/gnu/packages/patches/qemu-CVE-2017-10806.patch
deleted file mode 100644
index ebf782fe7b..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-10806.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-Fix CVE-2017-10806:
-
-https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html
-https://bugzilla.redhat.com/show_bug.cgi?id=1468496
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10806
-https://security-tracker.debian.org/tracker/CVE-2017-10806
-
-Patch copied from upstream source repository:
-
-https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=bd4a683505b27adc1ac809f71e918e58573d851d
-
-diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
-index b001a27f05..ad5ef783a6 100644
---- a/hw/usb/redirect.c
-+++ b/hw/usb/redirect.c
-@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg)
- static void usbredir_log_data(USBRedirDevice *dev, const char *desc,
-     const uint8_t *data, int len)
- {
--    int i, j, n;
--
-     if (dev->debug < usbredirparser_debug_data) {
-         return;
-     }
--
--    for (i = 0; i < len; i += j) {
--        char buf[128];
--
--        n = sprintf(buf, "%s", desc);
--        for (j = 0; j < 8 && i + j < len; j++) {
--            n += sprintf(buf + n, " %02X", data[i + j]);
--        }
--        error_report("%s", buf);
--    }
-+    qemu_hexdump((char *)data, stderr, desc, len);
- }
- 
- /*
diff --git a/gnu/packages/patches/qemu-CVE-2017-10911.patch b/gnu/packages/patches/qemu-CVE-2017-10911.patch
deleted file mode 100644
index 1dcb860a2d..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-10911.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-Fix CVE-2017-10911:
-
-https://xenbits.xen.org/xsa/advisory-216.html
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10911
-https://security-tracker.debian.org/tracker/CVE-2017-10911
-
-Patch copied from Xen Security Advisory:
-
-https://xenbits.xen.org/xsa/xsa216-qemuu.patch
-
---- a/hw/block/xen_blkif.h
-+++ b/hw/block/xen_blkif.h
-@@ -14,9 +14,6 @@
- struct blkif_common_request {
-     char dummy;
- };
--struct blkif_common_response {
--    char dummy;
--};
- 
- /* i386 protocol version */
- #pragma pack(push, 4)
-@@ -36,13 +33,7 @@ struct blkif_x86_32_request_discard {
-     blkif_sector_t sector_number;    /* start sector idx on disk (r/w only)  */
-     uint64_t       nr_sectors;       /* # of contiguous sectors to discard   */
- };
--struct blkif_x86_32_response {
--    uint64_t        id;              /* copied from request */
--    uint8_t         operation;       /* copied from request */
--    int16_t         status;          /* BLKIF_RSP_???       */
--};
- typedef struct blkif_x86_32_request blkif_x86_32_request_t;
--typedef struct blkif_x86_32_response blkif_x86_32_response_t;
- #pragma pack(pop)
- 
- /* x86_64 protocol version */
-@@ -62,20 +53,14 @@ struct blkif_x86_64_request_discard {
-     blkif_sector_t sector_number;    /* start sector idx on disk (r/w only)  */
-     uint64_t       nr_sectors;       /* # of contiguous sectors to discard   */
- };
--struct blkif_x86_64_response {
--    uint64_t       __attribute__((__aligned__(8))) id;
--    uint8_t         operation;       /* copied from request */
--    int16_t         status;          /* BLKIF_RSP_???       */
--};
- typedef struct blkif_x86_64_request blkif_x86_64_request_t;
--typedef struct blkif_x86_64_response blkif_x86_64_response_t;
- 
- DEFINE_RING_TYPES(blkif_common, struct blkif_common_request,
--                  struct blkif_common_response);
-+                  struct blkif_response);
- DEFINE_RING_TYPES(blkif_x86_32, struct blkif_x86_32_request,
--                  struct blkif_x86_32_response);
-+                  struct blkif_response QEMU_PACKED);
- DEFINE_RING_TYPES(blkif_x86_64, struct blkif_x86_64_request,
--                  struct blkif_x86_64_response);
-+                  struct blkif_response);
- 
- union blkif_back_rings {
-     blkif_back_ring_t        native;
---- a/hw/block/xen_disk.c
-+++ b/hw/block/xen_disk.c
-@@ -769,31 +769,30 @@ static int blk_send_response_one(struct
-     struct XenBlkDev  *blkdev = ioreq->blkdev;
-     int               send_notify   = 0;
-     int               have_requests = 0;
--    blkif_response_t  resp;
--    void              *dst;
--
--    resp.id        = ioreq->req.id;
--    resp.operation = ioreq->req.operation;
--    resp.status    = ioreq->status;
-+    blkif_response_t  *resp;
- 
-     /* Place on the response ring for the relevant domain. */
-     switch (blkdev->protocol) {
-     case BLKIF_PROTOCOL_NATIVE:
--        dst = RING_GET_RESPONSE(&blkdev->rings.native, blkdev->rings.native.rsp_prod_pvt);
-+        resp = RING_GET_RESPONSE(&blkdev->rings.native,
-+                                 blkdev->rings.native.rsp_prod_pvt);
-         break;
-     case BLKIF_PROTOCOL_X86_32:
--        dst = RING_GET_RESPONSE(&blkdev->rings.x86_32_part,
--                                blkdev->rings.x86_32_part.rsp_prod_pvt);
-+        resp = RING_GET_RESPONSE(&blkdev->rings.x86_32_part,
-+                                 blkdev->rings.x86_32_part.rsp_prod_pvt);
-         break;
-     case BLKIF_PROTOCOL_X86_64:
--        dst = RING_GET_RESPONSE(&blkdev->rings.x86_64_part,
--                                blkdev->rings.x86_64_part.rsp_prod_pvt);
-+        resp = RING_GET_RESPONSE(&blkdev->rings.x86_64_part,
-+                                 blkdev->rings.x86_64_part.rsp_prod_pvt);
-         break;
-     default:
--        dst = NULL;
-         return 0;
-     }
--    memcpy(dst, &resp, sizeof(resp));
-+
-+    resp->id        = ioreq->req.id;
-+    resp->operation = ioreq->req.operation;
-+    resp->status    = ioreq->status;
-+
-     blkdev->rings.common.rsp_prod_pvt++;
- 
-     RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&blkdev->rings.common, send_notify);
diff --git a/gnu/packages/patches/qemu-CVE-2017-11334.patch b/gnu/packages/patches/qemu-CVE-2017-11334.patch
deleted file mode 100644
index cb68c803aa..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-11334.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-Fix CVE-2017-11334:
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1471638
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11334
-
-Patch copied from upstream source repository:
-
-http://git.qemu.org/?p=qemu.git;a=commitdiff;h=04bf2526ce87f21b32c9acba1c5518708c243ad0
-
-From 04bf2526ce87f21b32c9acba1c5518708c243ad0 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Wed, 12 Jul 2017 18:08:40 +0530
-Subject: [PATCH] exec: use qemu_ram_ptr_length to access guest ram
-
-When accessing guest's ram block during DMA operation, use
-'qemu_ram_ptr_length' to get ram block pointer. It ensures
-that DMA operation of given length is possible; And avoids
-any OOB memory access situations.
-
-Reported-by: Alex <broscutamaker@gmail.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-Id: <20170712123840.29328-1-ppandit@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- exec.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/exec.c b/exec.c
-index a083ff89ad..ad103ce483 100644
---- a/exec.c
-+++ b/exec.c
-@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
-             }
-         } else {
-             /* RAM case */
--            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
-+            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
-             memcpy(ptr, buf, l);
-             invalidate_and_set_dirty(mr, addr1, l);
-         }
-@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
-             }
-         } else {
-             /* RAM case */
--            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
-+            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
-             memcpy(buf, ptr, l);
-         }
- 
--- 
-2.13.3
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-11434.patch b/gnu/packages/patches/qemu-CVE-2017-11434.patch
deleted file mode 100644
index 4da701a73d..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-11434.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Fix CVE-2017-11434:
-
-https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html
-https://bugzilla.redhat.com/show_bug.cgi?id=1472611
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11434
-https://security-tracker.debian.org/tracker/CVE-2017-11434
-
-Patch copied from upstream source repository:
-
-https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=413d463f43fbc4dd3a601e80a5724aa384a265a0
-
-diff --git a/slirp/bootp.c b/slirp/bootp.c
-index 5a4646c182..5dd1a415b5 100644
---- a/slirp/bootp.c
-+++ b/slirp/bootp.c
-@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
-             if (p >= p_end)
-                 break;
-             len = *p++;
-+            if (p + len > p_end) {
-+                break;
-+            }
-             DPRINTF("dhcp: tag=%d len=%d\n", tag, len);
- 
-             switch(tag) {
diff --git a/gnu/packages/patches/qemu-CVE-2017-12809.patch b/gnu/packages/patches/qemu-CVE-2017-12809.patch
deleted file mode 100644
index e40a14b4e0..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-12809.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-http://openwall.com/lists/oss-security/2017/08/21/2
-https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html
-
-The block backend changed in a way that flushing empty CDROM drives now
-crashes.  Amend IDE to avoid doing so until the root problem can be
-addressed for 2.11.
-
-Original patch by John Snow <address@hidden>.
-
-Reported-by: Kieron Shorrock <address@hidden>
-Signed-off-by: Stefan Hajnoczi <address@hidden>
----
- hw/ide/core.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/hw/ide/core.c b/hw/ide/core.c
-index 0b48b64d3a..bea39536b0 100644
---- a/hw/ide/core.c
-+++ b/hw/ide/core.c
-@@ -1063,7 +1063,15 @@ static void ide_flush_cache(IDEState *s)
-     s->status |= BUSY_STAT;
-     ide_set_retry(s);
-     block_acct_start(blk_get_stats(s->blk), &s->acct, 0, BLOCK_ACCT_FLUSH);
--    s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s);
-+
-+    if (blk_bs(s->blk)) {
-+        s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s);
-+    } else {
-+        /* XXX blk_aio_flush() crashes when blk_bs(blk) is NULL, remove this
-+         * temporary workaround when blk_aio_*() functions handle NULL blk_bs.
-+         */
-+        ide_flush_cb(s, 0);
-+    }
- }
-      
- static void ide_cfata_metadata_inquiry(IDEState *s)
--- 
-2.13.3
diff --git a/gnu/packages/patches/qemu-CVE-2017-13711.patch b/gnu/packages/patches/qemu-CVE-2017-13711.patch
new file mode 100644
index 0000000000..4070115419
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-13711.patch
@@ -0,0 +1,89 @@
+Fix CVE-2017-13711:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13711
+
+Patch copied from upstream source repository:
+
+https://git.qemu.org/?p=qemu.git;a=commitdiff;h=1201d308519f1e915866d7583d5136d03cc1d384
+
+From 1201d308519f1e915866d7583d5136d03cc1d384 Mon Sep 17 00:00:00 2001
+From: Samuel Thibault <samuel.thibault@ens-lyon.org>
+Date: Fri, 25 Aug 2017 01:35:53 +0200
+Subject: [PATCH] slirp: fix clearing ifq_so from pending packets
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The if_fastq and if_batchq contain not only packets, but queues of packets
+for the same socket. When sofree frees a socket, it thus has to clear ifq_so
+from all the packets from the queues, not only the first.
+
+Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
+Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ slirp/socket.c | 39 +++++++++++++++++++++++----------------
+ 1 file changed, 23 insertions(+), 16 deletions(-)
+
+diff --git a/slirp/socket.c b/slirp/socket.c
+index ecec0295a9..cb7b5b608d 100644
+--- a/slirp/socket.c
++++ b/slirp/socket.c
+@@ -59,6 +59,27 @@ socreate(Slirp *slirp)
+   return(so);
+ }
+ 
++/*
++ * Remove references to so from the given message queue.
++ */
++static void
++soqfree(struct socket *so, struct quehead *qh)
++{
++    struct mbuf *ifq;
++
++    for (ifq = (struct mbuf *) qh->qh_link;
++             (struct quehead *) ifq != qh;
++             ifq = ifq->ifq_next) {
++        if (ifq->ifq_so == so) {
++            struct mbuf *ifm;
++            ifq->ifq_so = NULL;
++            for (ifm = ifq->ifs_next; ifm != ifq; ifm = ifm->ifs_next) {
++                ifm->ifq_so = NULL;
++            }
++        }
++    }
++}
++
+ /*
+  * remque and free a socket, clobber cache
+  */
+@@ -66,23 +87,9 @@ void
+ sofree(struct socket *so)
+ {
+   Slirp *slirp = so->slirp;
+-  struct mbuf *ifm;
+ 
+-  for (ifm = (struct mbuf *) slirp->if_fastq.qh_link;
+-       (struct quehead *) ifm != &slirp->if_fastq;
+-       ifm = ifm->ifq_next) {
+-    if (ifm->ifq_so == so) {
+-      ifm->ifq_so = NULL;
+-    }
+-  }
+-
+-  for (ifm = (struct mbuf *) slirp->if_batchq.qh_link;
+-       (struct quehead *) ifm != &slirp->if_batchq;
+-       ifm = ifm->ifq_next) {
+-    if (ifm->ifq_so == so) {
+-      ifm->ifq_so = NULL;
+-    }
+-  }
++  soqfree(so, &slirp->if_fastq);
++  soqfree(so, &slirp->if_batchq);
+ 
+   if (so->so_emu==EMU_RSH && so->extra) {
+ 	sofree(so->extra);
+-- 
+2.14.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-14167.patch b/gnu/packages/patches/qemu-CVE-2017-14167.patch
new file mode 100644
index 0000000000..a6007ac082
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-14167.patch
@@ -0,0 +1,69 @@
+Fix CVE-2017-14167:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14167
+http://seclists.org/oss-sec/2017/q3/407
+
+Patch copied from upstream development mailing list:
+
+https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01483.html
+
+From: Prasad J Pandit <address@hidden>
+
+While loading kernel via multiboot-v1 image, (flags & 0x00010000)
+indicates that multiboot header contains valid addresses to load
+the kernel image. These addresses are used to compute kernel
+size and kernel text offset in the OS image. Validate these
+address values to avoid an OOB access issue.
+
+This is CVE-2017-14167.
+
+Reported-by: Thomas Garnier <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/i386/multiboot.c | 19 +++++++++++++++++++
+ 1 file changed, 19 insertions(+)
+
+Update: add CVE-ID to the commit message.
+
+diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c
+index 6001f4caa2..c7b70c91d5 100644
+--- a/hw/i386/multiboot.c
++++ b/hw/i386/multiboot.c
+@@ -221,15 +221,34 @@ int load_multiboot(FWCfgState *fw_cfg,
+         uint32_t mh_header_addr = ldl_p(header+i+12);
+         uint32_t mh_load_end_addr = ldl_p(header+i+20);
+         uint32_t mh_bss_end_addr = ldl_p(header+i+24);
++
+         mh_load_addr = ldl_p(header+i+16);
++        if (mh_header_addr < mh_load_addr) {
++            fprintf(stderr, "invalid mh_load_addr address\n");
++            exit(1);
++        }
++
+         uint32_t mb_kernel_text_offset = i - (mh_header_addr - mh_load_addr);
+         uint32_t mb_load_size = 0;
+         mh_entry_addr = ldl_p(header+i+28);
+ 
+         if (mh_load_end_addr) {
++            if (mh_bss_end_addr < mh_load_addr) {
++                fprintf(stderr, "invalid mh_bss_end_addr address\n");
++                exit(1);
++            }
+             mb_kernel_size = mh_bss_end_addr - mh_load_addr;
++
++            if (mh_load_end_addr < mh_load_addr) {
++                fprintf(stderr, "invalid mh_load_end_addr address\n");
++                exit(1);
++            }
+             mb_load_size = mh_load_end_addr - mh_load_addr;
+         } else {
++            if (kernel_file_size < mb_kernel_text_offset) {
++                fprintf(stderr, "invalid kernel_file_size\n");
++                exit(1);
++            }
+             mb_kernel_size = kernel_file_size - mb_kernel_text_offset;
+             mb_load_size = mb_kernel_size;
+         }
+-- 
+2.13.5
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-7493.patch b/gnu/packages/patches/qemu-CVE-2017-7493.patch
deleted file mode 100644
index 67b26fad81..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-7493.patch
+++ /dev/null
@@ -1,182 +0,0 @@
-Fix CVE-2017-7493:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7493
-
-Patch copied from upstream source repository:
-
-http://git.qemu.org/?p=qemu.git;a=commit;h=7a95434e0ca8a037fd8aa1a2e2461f92585eb77b
-
-From 7a95434e0ca8a037fd8aa1a2e2461f92585eb77b Mon Sep 17 00:00:00 2001
-From: Greg Kurz <groug@kaod.org>
-Date: Fri, 5 May 2017 14:48:08 +0200
-Subject: [PATCH] 9pfs: local: forbid client access to metadata (CVE-2017-7493)
-
-When using the mapped-file security mode, we shouldn't let the client mess
-with the metadata. The current code already tries to hide the metadata dir
-from the client by skipping it in local_readdir(). But the client can still
-access or modify it through several other operations. This can be used to
-escalate privileges in the guest.
-
-Affected backend operations are:
-- local_mknod()
-- local_mkdir()
-- local_open2()
-- local_symlink()
-- local_link()
-- local_unlinkat()
-- local_renameat()
-- local_rename()
-- local_name_to_path()
-
-Other operations are safe because they are only passed a fid path, which
-is computed internally in local_name_to_path().
-
-This patch converts all the functions listed above to fail and return
-EINVAL when being passed the name of the metadata dir. This may look
-like a poor choice for errno, but there's no such thing as an illegal
-path name on Linux and I could not think of anything better.
-
-This fixes CVE-2017-7493.
-
-Reported-by: Leo Gaspard <leo@gaspard.io>
-Signed-off-by: Greg Kurz <groug@kaod.org>
-Reviewed-by: Eric Blake <eblake@redhat.com>
----
- hw/9pfs/9p-local.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 56 insertions(+), 2 deletions(-)
-
-diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
-index f3ebca4f7a..a2486566af 100644
---- a/hw/9pfs/9p-local.c
-+++ b/hw/9pfs/9p-local.c
-@@ -452,6 +452,11 @@ static off_t local_telldir(FsContext *ctx, V9fsFidOpenState *fs)
-     return telldir(fs->dir.stream);
- }
- 
-+static bool local_is_mapped_file_metadata(FsContext *fs_ctx, const char *name)
-+{
-+    return !strcmp(name, VIRTFS_META_DIR);
-+}
-+
- static struct dirent *local_readdir(FsContext *ctx, V9fsFidOpenState *fs)
- {
-     struct dirent *entry;
-@@ -465,8 +470,8 @@ again:
-     if (ctx->export_flags & V9FS_SM_MAPPED) {
-         entry->d_type = DT_UNKNOWN;
-     } else if (ctx->export_flags & V9FS_SM_MAPPED_FILE) {
--        if (!strcmp(entry->d_name, VIRTFS_META_DIR)) {
--            /* skp the meta data directory */
-+        if (local_is_mapped_file_metadata(ctx, entry->d_name)) {
-+            /* skip the meta data directory */
-             goto again;
-         }
-         entry->d_type = DT_UNKNOWN;
-@@ -559,6 +564,12 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
-     int err = -1;
-     int dirfd;
- 
-+    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(fs_ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
-     if (dirfd == -1) {
-         return -1;
-@@ -605,6 +616,12 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
-     int err = -1;
-     int dirfd;
- 
-+    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(fs_ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
-     if (dirfd == -1) {
-         return -1;
-@@ -694,6 +711,12 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
-     int err = -1;
-     int dirfd;
- 
-+    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(fs_ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     /*
-      * Mark all the open to not follow symlinks
-      */
-@@ -752,6 +775,12 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
-     int err = -1;
-     int dirfd;
- 
-+    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(fs_ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
-     if (dirfd == -1) {
-         return -1;
-@@ -826,6 +855,12 @@ static int local_link(FsContext *ctx, V9fsPath *oldpath,
-     int ret = -1;
-     int odirfd, ndirfd;
- 
-+    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     odirfd = local_opendir_nofollow(ctx, odirpath);
-     if (odirfd == -1) {
-         goto out;
-@@ -1096,6 +1131,12 @@ static int local_lremovexattr(FsContext *ctx, V9fsPath *fs_path,
- static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path,
-                               const char *name, V9fsPath *target)
- {
-+    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     if (dir_path) {
-         v9fs_path_sprintf(target, "%s/%s", dir_path->data, name);
-     } else if (strcmp(name, "/")) {
-@@ -1116,6 +1157,13 @@ static int local_renameat(FsContext *ctx, V9fsPath *olddir,
-     int ret;
-     int odirfd, ndirfd;
- 
-+    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        (local_is_mapped_file_metadata(ctx, old_name) ||
-+         local_is_mapped_file_metadata(ctx, new_name))) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     odirfd = local_opendir_nofollow(ctx, olddir->data);
-     if (odirfd == -1) {
-         return -1;
-@@ -1206,6 +1254,12 @@ static int local_unlinkat(FsContext *ctx, V9fsPath *dir,
-     int ret;
-     int dirfd;
- 
-+    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     dirfd = local_opendir_nofollow(ctx, dir->data);
-     if (dirfd == -1) {
-         return -1;
--- 
-2.13.0
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-8112.patch b/gnu/packages/patches/qemu-CVE-2017-8112.patch
deleted file mode 100644
index 88b33aa2f0..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-8112.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-Fix CVE-2017-8112:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8112
-
-Patch copied from upstream source repository:
-
-http://git.qemu.org/?p=qemu.git;a=commitdiff;h=f68826989cd4d1217797251339579c57b3c0934e
-
-From f68826989cd4d1217797251339579c57b3c0934e Mon Sep 17 00:00:00 2001
-From: P J P <ppandit@redhat.com>
-Date: Tue, 25 Apr 2017 18:36:23 +0530
-Subject: [PATCH] vmw_pvscsi: check message ring page count at initialisation
-
-A guest could set the message ring page count to zero, resulting in
-infinite loop. Add check to avoid it.
-
-Reported-by: YY Z <bigbird475958471@gmail.com>
-Signed-off-by: P J P <ppandit@redhat.com>
-Message-Id: <20170425130623.3649-1-ppandit@redhat.com>
-Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/scsi/vmw_pvscsi.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
-index 75575461e2..4a106da856 100644
---- a/hw/scsi/vmw_pvscsi.c
-+++ b/hw/scsi/vmw_pvscsi.c
-@@ -202,7 +202,7 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri)
-     uint32_t len_log2;
-     uint32_t ring_size;
- 
--    if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
-+    if (!ri->numPages || ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
-         return -1;
-     }
-     ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE;
--- 
-2.13.0
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-8309.patch b/gnu/packages/patches/qemu-CVE-2017-8309.patch
deleted file mode 100644
index dc4b4006b7..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-8309.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-Fix CVE-2017-8309:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8309
-
-Patch copied from upstream source repository:
-
-http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3268a845f41253fb55852a8429c32b50f36f349a
-
-From 3268a845f41253fb55852a8429c32b50f36f349a Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Fri, 28 Apr 2017 09:56:12 +0200
-Subject: [PATCH] audio: release capture buffers
-
-AUD_add_capture() allocates two buffers which are never released.
-Add the missing calls to AUD_del_capture().
-
-Impact: Allows vnc clients to exhaust host memory by repeatedly
-starting and stopping audio capture.
-
-Fixes: CVE-2017-8309
-Cc: P J P <ppandit@redhat.com>
-Cc: Huawei PSIRT <PSIRT@huawei.com>
-Reported-by: "Jiangxin (hunter, SCC)" <jiangxin1@huawei.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-id: 20170428075612.9997-1-kraxel@redhat.com
----
- audio/audio.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/audio/audio.c b/audio/audio.c
-index c8898d8422..beafed209b 100644
---- a/audio/audio.c
-+++ b/audio/audio.c
-@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque)
-                     sw = sw1;
-                 }
-                 QLIST_REMOVE (cap, entries);
-+                g_free (cap->hw.mix_buf);
-+                g_free (cap->buf);
-                 g_free (cap);
-             }
-             return;
--- 
-2.13.0
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-8379.patch b/gnu/packages/patches/qemu-CVE-2017-8379.patch
deleted file mode 100644
index 200b133d3e..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-8379.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-Fix CVE-2017-8379:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8379
-
-Patch copied from upstream source repository:
-
-http://git.qemu.org/?p=qemu.git;a=commitdiff;h=fa18f36a461984eae50ab957e47ec78dae3c14fc
-
-From fa18f36a461984eae50ab957e47ec78dae3c14fc Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Fri, 28 Apr 2017 10:42:37 +0200
-Subject: [PATCH] input: limit kbd queue depth
-
-Apply a limit to the number of items we accept into the keyboard queue.
-
-Impact: Without this limit vnc clients can exhaust host memory by
-sending keyboard events faster than qemu feeds them to the guest.
-
-Fixes: CVE-2017-8379
-Cc: P J P <ppandit@redhat.com>
-Cc: Huawei PSIRT <PSIRT@huawei.com>
-Reported-by: jiangxin1@huawei.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Message-id: 20170428084237.23960-1-kraxel@redhat.com
----
- ui/input.c | 14 +++++++++++---
- 1 file changed, 11 insertions(+), 3 deletions(-)
-
-diff --git a/ui/input.c b/ui/input.c
-index ed88cda6d6..fb1f404095 100644
---- a/ui/input.c
-+++ b/ui/input.c
-@@ -41,6 +41,8 @@ static QTAILQ_HEAD(QemuInputEventQueueHead, QemuInputEventQueue) kbd_queue =
-     QTAILQ_HEAD_INITIALIZER(kbd_queue);
- static QEMUTimer *kbd_timer;
- static uint32_t kbd_default_delay_ms = 10;
-+static uint32_t queue_count;
-+static uint32_t queue_limit = 1024;
- 
- QemuInputHandlerState *qemu_input_handler_register(DeviceState *dev,
-                                                    QemuInputHandler *handler)
-@@ -268,6 +270,7 @@ static void qemu_input_queue_process(void *opaque)
-             break;
-         }
-         QTAILQ_REMOVE(queue, item, node);
-+        queue_count--;
-         g_free(item);
-     }
- }
-@@ -282,6 +285,7 @@ static void qemu_input_queue_delay(struct QemuInputEventQueueHead *queue,
-     item->delay_ms = delay_ms;
-     item->timer = timer;
-     QTAILQ_INSERT_TAIL(queue, item, node);
-+    queue_count++;
- 
-     if (start_timer) {
-         timer_mod(item->timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL)
-@@ -298,6 +302,7 @@ static void qemu_input_queue_event(struct QemuInputEventQueueHead *queue,
-     item->src = src;
-     item->evt = evt;
-     QTAILQ_INSERT_TAIL(queue, item, node);
-+    queue_count++;
- }
- 
- static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
-@@ -306,6 +311,7 @@ static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
- 
-     item->type = QEMU_INPUT_QUEUE_SYNC;
-     QTAILQ_INSERT_TAIL(queue, item, node);
-+    queue_count++;
- }
- 
- void qemu_input_event_send_impl(QemuConsole *src, InputEvent *evt)
-@@ -381,7 +387,7 @@ void qemu_input_event_send_key(QemuConsole *src, KeyValue *key, bool down)
-         qemu_input_event_send(src, evt);
-         qemu_input_event_sync();
-         qapi_free_InputEvent(evt);
--    } else {
-+    } else if (queue_count < queue_limit) {
-         qemu_input_queue_event(&kbd_queue, src, evt);
-         qemu_input_queue_sync(&kbd_queue);
-     }
-@@ -409,8 +415,10 @@ void qemu_input_event_send_key_delay(uint32_t delay_ms)
-         kbd_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, qemu_input_queue_process,
-                                  &kbd_queue);
-     }
--    qemu_input_queue_delay(&kbd_queue, kbd_timer,
--                           delay_ms ? delay_ms : kbd_default_delay_ms);
-+    if (queue_count < queue_limit) {
-+        qemu_input_queue_delay(&kbd_queue, kbd_timer,
-+                               delay_ms ? delay_ms : kbd_default_delay_ms);
-+    }
- }
- 
- InputEvent *qemu_input_event_new_btn(InputButton btn, bool down)
--- 
-2.13.0
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-8380.patch b/gnu/packages/patches/qemu-CVE-2017-8380.patch
deleted file mode 100644
index 65e49fc885..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-8380.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-Fix CVE-2017-8380:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8380
-
-Patch copied from upstream source repository:
-
-http://git.qemu.org/?p=qemu.git;a=commitdiff;h=24dfa9fa2f90a95ac33c7372de4f4f2c8a2c141f
-
-From 24dfa9fa2f90a95ac33c7372de4f4f2c8a2c141f Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Mon, 24 Apr 2017 17:36:34 +0530
-Subject: [PATCH] scsi: avoid an off-by-one error in megasas_mmio_write
-
-While reading magic sequence(MFI_SEQ) in megasas_mmio_write,
-an off-by-one error could occur as 's->adp_reset' index is not
-reset after reading the last sequence.
-
-Reported-by: YY Z <bigbird475958471@gmail.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-Id: <20170424120634.12268-1-ppandit@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/scsi/megasas.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
-index 84b8caf901..804122ab05 100644
---- a/hw/scsi/megasas.c
-+++ b/hw/scsi/megasas.c
-@@ -2138,15 +2138,15 @@ static void megasas_mmio_write(void *opaque, hwaddr addr,
-     case MFI_SEQ:
-         trace_megasas_mmio_writel("MFI_SEQ", val);
-         /* Magic sequence to start ADP reset */
--        if (adp_reset_seq[s->adp_reset] == val) {
--            s->adp_reset++;
-+        if (adp_reset_seq[s->adp_reset++] == val) {
-+            if (s->adp_reset == 6) {
-+                s->adp_reset = 0;
-+                s->diag = MFI_DIAG_WRITE_ENABLE;
-+            }
-         } else {
-             s->adp_reset = 0;
-             s->diag = 0;
-         }
--        if (s->adp_reset == 6) {
--            s->diag = MFI_DIAG_WRITE_ENABLE;
--        }
-         break;
-     case MFI_DIAG:
-         trace_megasas_mmio_writel("MFI_DIAG", val);
--- 
-2.13.0
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-9524.patch b/gnu/packages/patches/qemu-CVE-2017-9524.patch
deleted file mode 100644
index 57160055e3..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-9524.patch
+++ /dev/null
@@ -1,287 +0,0 @@
-Fix CVE-2017-9524:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9524
-http://seclists.org/oss-sec/2017/q2/454
-
-Patches copied from upstream source repository:
-
-http://git.qemu.org/?p=qemu.git;a=commitdiff;h=df8ad9f128c15aa0a0ebc7b24e9a22c9775b67af
-http://git.qemu.org/?p=qemu.git;a=commitdiff;h=0c9390d978cbf61e8f16c9f580fa96b305c43568
-
-From df8ad9f128c15aa0a0ebc7b24e9a22c9775b67af Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Fri, 26 May 2017 22:04:21 -0500
-Subject: [PATCH] nbd: Fully initialize client in case of failed negotiation
-
-If a non-NBD client connects to qemu-nbd, we would end up with
-a SIGSEGV in nbd_client_put() because we were trying to
-unregister the client's association to the export, even though
-we skipped inserting the client into that list.  Easy trigger
-in two terminals:
-
-$ qemu-nbd -p 30001 --format=raw file
-$ nmap 127.0.0.1 -p 30001
-
-nmap claims that it thinks it connected to a pago-services1
-server (which probably means nmap could be updated to learn the
-NBD protocol and give a more accurate diagnosis of the open
-port - but that's not our problem), then terminates immediately,
-so our call to nbd_negotiate() fails.  The fix is to reorder
-nbd_co_client_start() to ensure that all initialization occurs
-before we ever try talking to a client in nbd_negotiate(), so
-that the teardown sequence on negotiation failure doesn't fault
-while dereferencing a half-initialized object.
-
-While debugging this, I also noticed that nbd_update_server_watch()
-called by nbd_client_closed() was still adding a channel to accept
-the next client, even when the state was no longer RUNNING.  That
-is fixed by making nbd_can_accept() pay attention to the current
-state.
-
-Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
-
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-Id: <20170527030421.28366-1-eblake@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- nbd/server.c | 8 +++-----
- qemu-nbd.c   | 2 +-
- 2 files changed, 4 insertions(+), 6 deletions(-)
-
-diff --git a/nbd/server.c b/nbd/server.c
-index ee59e5d234..49b55f6ede 100644
---- a/nbd/server.c
-+++ b/nbd/server.c
-@@ -1358,16 +1358,14 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
- 
-     if (exp) {
-         nbd_export_get(exp);
-+        QTAILQ_INSERT_TAIL(&exp->clients, client, next);
-     }
-+    qemu_co_mutex_init(&client->send_lock);
-+
-     if (nbd_negotiate(data)) {
-         client_close(client);
-         goto out;
-     }
--    qemu_co_mutex_init(&client->send_lock);
--
--    if (exp) {
--        QTAILQ_INSERT_TAIL(&exp->clients, client, next);
--    }
- 
-     nbd_client_receive_next_request(client);
- 
-diff --git a/qemu-nbd.c b/qemu-nbd.c
-index f60842fd86..651f85ecc1 100644
---- a/qemu-nbd.c
-+++ b/qemu-nbd.c
-@@ -325,7 +325,7 @@ out:
- 
- static int nbd_can_accept(void)
- {
--    return nb_fds < shared;
-+    return state == RUNNING && nb_fds < shared;
- }
- 
- static void nbd_export_closed(NBDExport *exp)
--- 
-2.13.1
-
-From 0c9390d978cbf61e8f16c9f580fa96b305c43568 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Thu, 8 Jun 2017 17:26:17 -0500
-Subject: [PATCH] nbd: Fix regression on resiliency to port scan
-
-Back in qemu 2.5, qemu-nbd was immune to port probes (a transient
-server would not quit, regardless of how many probe connections
-came and went, until a connection actually negotiated).  But we
-broke that in commit ee7d7aa when removing the return value to
-nbd_client_new(), although that patch also introduced a bug causing
-an assertion failure on a client that fails negotiation.  We then
-made it worse during refactoring in commit 1a6245a (a segfault
-before we could even assert); the (masked) assertion was cleaned
-up in d3780c2 (still in 2.6), and just recently we finally fixed
-the segfault ("nbd: Fully intialize client in case of failed
-negotiation").  But that still means that ever since we added
-TLS support to qemu-nbd, we have been vulnerable to an ill-timed
-port-scan being able to cause a denial of service by taking down
-qemu-nbd before a real client has a chance to connect.
-
-Since negotiation is now handled asynchronously via coroutines,
-we no longer have a synchronous point of return by re-adding a
-return value to nbd_client_new().  So this patch instead wires
-things up to pass the negotiation status through the close_fn
-callback function.
-
-Simple test across two terminals:
-$ qemu-nbd -f raw -p 30001 file
-$ nmap 127.0.0.1 -p 30001 && \
-  qemu-io -c 'r 0 512' -f raw nbd://localhost:30001
-
-Note that this patch does not change what constitutes successful
-negotiation (thus, a client must enter transmission phase before
-that client can be considered as a reason to terminate the server
-when the connection ends).  Perhaps we may want to tweak things
-in a later patch to also treat a client that uses NBD_OPT_ABORT
-as being a 'successful' negotiation (the client correctly talked
-the NBD protocol, and informed us it was not going to use our
-export after all), but that's a discussion for another day.
-
-Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
-
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-Id: <20170608222617.20376-1-eblake@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- blockdev-nbd.c      |  6 +++++-
- include/block/nbd.h |  2 +-
- nbd/server.c        | 24 +++++++++++++++---------
- qemu-nbd.c          |  4 ++--
- 4 files changed, 23 insertions(+), 13 deletions(-)
-
-diff --git a/blockdev-nbd.c b/blockdev-nbd.c
-index dd0860f4a6..28f551a7b0 100644
---- a/blockdev-nbd.c
-+++ b/blockdev-nbd.c
-@@ -27,6 +27,10 @@ typedef struct NBDServerData {
- 
- static NBDServerData *nbd_server;
- 
-+static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
-+{
-+    nbd_client_put(client);
-+}
- 
- static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
-                            gpointer opaque)
-@@ -46,7 +50,7 @@ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
-     qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server");
-     nbd_client_new(NULL, cioc,
-                    nbd_server->tlscreds, NULL,
--                   nbd_client_put);
-+                   nbd_blockdev_client_closed);
-     object_unref(OBJECT(cioc));
-     return TRUE;
- }
-diff --git a/include/block/nbd.h b/include/block/nbd.h
-index 416257abca..8fa5ce51f3 100644
---- a/include/block/nbd.h
-+++ b/include/block/nbd.h
-@@ -162,7 +162,7 @@ void nbd_client_new(NBDExport *exp,
-                     QIOChannelSocket *sioc,
-                     QCryptoTLSCreds *tlscreds,
-                     const char *tlsaclname,
--                    void (*close)(NBDClient *));
-+                    void (*close_fn)(NBDClient *, bool));
- void nbd_client_get(NBDClient *client);
- void nbd_client_put(NBDClient *client);
- 
-diff --git a/nbd/server.c b/nbd/server.c
-index 49b55f6ede..f2b1aa47ce 100644
---- a/nbd/server.c
-+++ b/nbd/server.c
-@@ -81,7 +81,7 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);
- 
- struct NBDClient {
-     int refcount;
--    void (*close)(NBDClient *client);
-+    void (*close_fn)(NBDClient *client, bool negotiated);
- 
-     bool no_zeroes;
-     NBDExport *exp;
-@@ -778,7 +778,7 @@ void nbd_client_put(NBDClient *client)
-     }
- }
- 
--static void client_close(NBDClient *client)
-+static void client_close(NBDClient *client, bool negotiated)
- {
-     if (client->closing) {
-         return;
-@@ -793,8 +793,8 @@ static void client_close(NBDClient *client)
-                          NULL);
- 
-     /* Also tell the client, so that they release their reference.  */
--    if (client->close) {
--        client->close(client);
-+    if (client->close_fn) {
-+        client->close_fn(client, negotiated);
-     }
- }
- 
-@@ -975,7 +975,7 @@ void nbd_export_close(NBDExport *exp)
- 
-     nbd_export_get(exp);
-     QTAILQ_FOREACH_SAFE(client, &exp->clients, next, next) {
--        client_close(client);
-+        client_close(client, true);
-     }
-     nbd_export_set_name(exp, NULL);
-     nbd_export_set_description(exp, NULL);
-@@ -1337,7 +1337,7 @@ done:
- 
- out:
-     nbd_request_put(req);
--    client_close(client);
-+    client_close(client, true);
-     nbd_client_put(client);
- }
- 
-@@ -1363,7 +1363,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
-     qemu_co_mutex_init(&client->send_lock);
- 
-     if (nbd_negotiate(data)) {
--        client_close(client);
-+        client_close(client, false);
-         goto out;
-     }
- 
-@@ -1373,11 +1373,17 @@ out:
-     g_free(data);
- }
- 
-+/*
-+ * Create a new client listener on the given export @exp, using the
-+ * given channel @sioc.  Begin servicing it in a coroutine.  When the
-+ * connection closes, call @close_fn with an indication of whether the
-+ * client completed negotiation.
-+ */
- void nbd_client_new(NBDExport *exp,
-                     QIOChannelSocket *sioc,
-                     QCryptoTLSCreds *tlscreds,
-                     const char *tlsaclname,
--                    void (*close_fn)(NBDClient *))
-+                    void (*close_fn)(NBDClient *, bool))
- {
-     NBDClient *client;
-     NBDClientNewData *data = g_new(NBDClientNewData, 1);
-@@ -1394,7 +1400,7 @@ void nbd_client_new(NBDExport *exp,
-     object_ref(OBJECT(client->sioc));
-     client->ioc = QIO_CHANNEL(sioc);
-     object_ref(OBJECT(client->ioc));
--    client->close = close_fn;
-+    client->close_fn = close_fn;
- 
-     data->client = client;
-     data->co = qemu_coroutine_create(nbd_co_client_start, data);
-diff --git a/qemu-nbd.c b/qemu-nbd.c
-index 651f85ecc1..9464a0461c 100644
---- a/qemu-nbd.c
-+++ b/qemu-nbd.c
-@@ -336,10 +336,10 @@ static void nbd_export_closed(NBDExport *exp)
- 
- static void nbd_update_server_watch(void);
- 
--static void nbd_client_closed(NBDClient *client)
-+static void nbd_client_closed(NBDClient *client, bool negotiated)
- {
-     nb_fds--;
--    if (nb_fds == 0 && !persistent && state == RUNNING) {
-+    if (negotiated && nb_fds == 0 && !persistent && state == RUNNING) {
-         state = TERMINATE;
-     }
-     nbd_update_server_watch();
--- 
-2.13.1
-
diff --git a/gnu/packages/patches/wmfire-update-for-new-gdk-versions.patch b/gnu/packages/patches/wmfire-update-for-new-gdk-versions.patch
index 51d6c3e791..fd12ba4ce1 100644
--- a/gnu/packages/patches/wmfire-update-for-new-gdk-versions.patch
+++ b/gnu/packages/patches/wmfire-update-for-new-gdk-versions.patch
@@ -1,4 +1,4 @@
-This patch comes from Debian and was modified by Kei Kebreau <kei@openmailbox.org>.
+This patch comes from Debian and was modified by Kei Kebreau <kkebreau@posteo.net>.
 Link: https://anonscm.debian.org/cgit/pkg-wmaker/wmfire.git/plain/debian/patches/gdk_updates.patch?h=debian/1.2.4-2&id=a272234fc5eecdbfc469adb12133196bc62f3059
 
 Description: Update for newer versions of GDK.
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index 0993543c20..5e52d87ca5 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -254,7 +254,7 @@ Poppler PDF rendering library.")
                            (assoc-ref %build-inputs "libpng")))
       #:phases
       (modify-phases %standard-phases
-        (add-before 'configure 'autogen
+        (add-after 'unpack 'autogen
           (lambda _ (zero? (system* "autoreconf" "-vif")))))))
    (inputs
     `(("zlib" ,zlib)
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index 93fc4059d8..09d6798177 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -1295,7 +1295,7 @@ and writing of @code{.ini}-style configuration files.")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/J/JR/JROCKWAY/"
+       (uri (string-append "mirror://cpan/authors/id/E/ET/ETHER/"
                            "Context-Preserve-" version ".tar.gz"))
        (sha256
         (base32
@@ -1311,6 +1311,34 @@ the context the subroutine would have seen if it were the last statement in
 the caller.")
     (license (package-license perl))))
 
+(define-public perl-convert-binhex
+  (package
+    (name "perl-convert-binhex")
+    (version "1.125")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/S/ST/STEPHEN/Convert-BinHex-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "15v3489k179cx0fz3lix79ssjid0nhhpf6c33swpxga6pss92dai"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-file-slurp" ,perl-file-slurp)
+       ("perl-test-most" ,perl-test-most)))
+    (home-page
+     "http://search.cpan.org/dist/Convert-BinHex")
+    (synopsis "Extract data from Macintosh BinHex files")
+    (description
+     "BinHex is a format for transporting files safely through electronic
+mail, as short-lined, 7-bit, semi-compressed data streams.  Ths module
+provides a means of converting those data streams back into into binary
+data.")
+    (license perl-license)))
+
 (define-public perl-cpan-meta-check
   (package
     (name "perl-cpan-meta-check")
@@ -1588,6 +1616,49 @@ on one page.  This results in wanting to page through various pages of data.
 The maths behind this is unfortunately fiddly, hence this module.")
     (license (package-license perl))))
 
+(define-public perl-data-perl
+  (package
+    (name "perl-data-perl")
+    (version "0.002009")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/M/MA/MATTP/Data-Perl-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "12vgqdjbfqf2qfg21x22wg88xnwxfbw2ki3qzcb3nb0chwjj4axn"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-test-deep" ,perl-test-deep)
+       ("perl-test-fatal" ,perl-test-fatal)
+       ("perl-test-output" ,perl-test-output)))
+    (inputs
+     `(("perl-class-method-modifiers"
+        ,perl-class-method-modifiers)
+       ("perl-module-runtime" ,perl-module-runtime)
+       ("perl-role-tiny" ,perl-role-tiny)
+       ("perl-strictures" ,perl-strictures)))
+    (propagated-inputs
+     `(("perl-list-moreutils" ,perl-list-moreutils)))
+    (home-page
+     "http://search.cpan.org/dist/Data-Perl")
+    (synopsis "Base classes wrapping fundamental Perl data types")
+    (description
+     "@code{Data::Perl} is a container class for the following classes:
+@itemize
+@item @code{Data::Perl::Collection::Hash}
+@item @code{Data::Perl::Collection::Array}
+@item @code{Data::Perl::String}
+@item @code{Data::Perl::Number}
+@item @code{Data::Perl::Counter}
+@item @code{Data::Perl::Bool}
+@item @code{Data::Perl::Code}
+@end itemize")
+    (license perl-license)))
+
 (define-public perl-data-stag
   (package
     (name "perl-data-stag")
@@ -2260,6 +2331,30 @@ whether a compiler is available.  It can test for a C99 compiler, or
 you can tell it to compile a C source file with optional linker flags.")
   (license (package-license perl))))
 
+(define-public perl-devel-cycle
+  (package
+    (name "perl-devel-cycle")
+    (version "1.12")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/L/LD/LDS/Devel-Cycle-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "1hhb77kz3dys8yaik452j22cm3510zald2mpvfyv5clqv326aczx"))))
+    (build-system perl-build-system)
+    (home-page
+     "http://search.cpan.org/dist/Devel-Cycle")
+    (synopsis "Find memory cycles in objects")
+    (description
+     "@code{Devel::Cycle} This is a tool for finding circular references in
+objects and other types of references.  Because of Perl's reference-count
+based memory management, circular references will cause memory leaks.")
+    (license perl-license)))
+
 (define-public perl-devel-globaldestruction
   (package
     (name "perl-devel-globaldestruction")
@@ -3514,7 +3609,7 @@ that may contain multiple values per key, inspired by MultiDict of WebOb.")
 consume exports.  It is feature-compatible with Exporter, plus some much needed
 extras.  You can use this to import symbols from any exporter that follows
 Exporters specification.  The exporter modules themselves do not need to use or
-inherit from the Exporter module, they just need to set @EXPORT and/or other
+inherit from the Exporter module, they just need to set @@EXPORT and/or other
 variables.")
     (license (package-license perl))))
 
@@ -4134,6 +4229,51 @@ implementation of these functions only serves as a fallback in case the C
 portions of this module couldn't be compiled on this machine.")
     (license (package-license perl))))
 
+(define-public perl-mailtools
+  (package
+    (name "perl-mailtools")
+    (version "2.19")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/M/MA/MARKOV/MailTools-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "06jykkv8mp484vzkmwd6dkicx029rl3ir5ljzrbap3paxw1dfzn1"))))
+    (build-system perl-build-system)
+    (propagated-inputs
+     `(("perl-timedate" ,perl-timedate)))
+    (home-page
+     "http://search.cpan.org/dist/MailTools")
+    (synopsis "Bundle of ancient email modules")
+    (description "MailTools contains the following modules:
+@table @asis
+@item Mail::Address
+Parse email address from a header line.
+@item Mail::Cap
+Interpret mailcap files: mappings of file-types to applications as used by
+many command-line email programs.
+@item Mail::Field
+Simplifies access to (some) email header fields.  Used by Mail::Header.
+@item Mail::Filter
+Process Mail::Internet messages.
+@item Mail::Header
+Collection of Mail::Field objects, representing the header of a Mail::Internet
+object.
+@item Mail::Internet
+Represents a single email message, with header and body.
+@item Mail::Mailer
+Send Mail::Internet emails via direct smtp or local MTA's.
+@item Mail::Send
+Build a Mail::Internet object, and then send it out using Mail::Mailer.
+@item Mail::Util
+\"Smart functions\" you should not depend on.
+@end table")
+    (license perl-license)))
+
 (define-public perl-memoize-expirelru
   (package
     (name "perl-memoize-expirelru")
@@ -4173,6 +4313,36 @@ the argument to the CACHESIZE parameter, will be cached.")
 MIME messages on Internet.")
     (license (package-license perl))))
 
+(define-public perl-mime-tools
+  (package
+    (name "perl-mime-tools")
+    (version "5.509")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/D/DS/DSKOLL/MIME-tools-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "0wv9rzx5j1wjm01c3dg48qk9wlbm6iyf91j536idk09xj869ymv4"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-test-deep" ,perl-test-deep)))
+    (inputs
+     `(("perl-convert-binhex" ,perl-convert-binhex)))
+    (propagated-inputs
+     `(("perl-mailtools" ,perl-mailtools)))
+    (home-page
+     "http://search.cpan.org/dist/MIME-tools")
+    (synopsis "Tools to manipulate MIME messages")
+    (description
+     "MIME-tools is a collection of Perl5 MIME:: modules for parsing,
+decoding, and generating single- or multipart (even nested multipart) MIME
+messages.")
+    (license perl-license)))
+
 (define-public perl-mime-types
   (package
     (name "perl-mime-types")
@@ -5073,6 +5243,109 @@ all coercions and constraints are inherited.")
 constraint with coercion to load the class.")
     (license (package-license perl))))
 
+(define-public perl-moox
+  (package
+    (name "perl-moox")
+    (version "0.101")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/G/GE/GETTY/MooX-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "1m9jvrqcidiabdih211byadwnnkygafq54r2ljnf1akqdrjimy9g"))))
+    (build-system perl-build-system)
+    (inputs
+     `(("perl-data-optlist" ,perl-data-optlist)
+       ("perl-import-into" ,perl-import-into)
+       ("perl-module-runtime" ,perl-module-runtime)
+       ("perl-moo" ,perl-moo)))
+    (home-page "http://search.cpan.org/dist/MooX")
+    (synopsis
+     "Using Moo and MooX:: packages the most lazy way")
+    (description "Contains the MooX and MooX::Role packages.")
+    (license perl-license)))
+
+(define-public perl-moox-handlesvia
+  (package
+    (name "perl-moox-handlesvia")
+    (version "0.001008")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/M/MA/MATTP/MooX-HandlesVia-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "137yrjn2jmw4cj0fjdajnkjgqr5arnpq72kbm6w66xskncinz55h"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-moox-types-mooselike"
+        ,perl-moox-types-mooselike)
+       ("perl-test-exception" ,perl-test-exception)
+       ("perl-test-fatal" ,perl-test-fatal)))
+    (inputs
+     `(("perl-class-method-modifiers"
+        ,perl-class-method-modifiers)
+       ("perl-module-runtime" ,perl-module-runtime)
+       ("perl-moo" ,perl-moo)
+       ("perl-role-tiny" ,perl-role-tiny)))
+    (propagated-inputs
+     `(("perl-data-perl" ,perl-data-perl)))
+    (home-page
+     "http://search.cpan.org/dist/MooX-HandlesVia")
+    (synopsis "NativeTrait-like behavior for Moo")
+    (description
+     "@code{MooX::HandlesVia} is an extension of Moo's @code{handles}
+attribute functionality.  It provides a means of proxying functionality from
+an external class to the given atttribute.")
+    (license perl-license)))
+
+(define-public perl-moox-late
+  (package
+    (name "perl-moox-late")
+    (version "0.015")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/T/TO/TOBYINK/MooX-late-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "1gzvd9zws3v09sh0xx6srmw4jwi22fnrya4zcsc8dykn62pjclqp"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-test-fatal" ,perl-test-fatal)
+       ("perl-test-requires" ,perl-test-requires)))
+    (inputs
+     `(("perl-moo" ,perl-moo)
+       ("perl-moox" ,perl-moox)
+       ("perl-moox-handlesvia" ,perl-moox-handlesvia)))
+    (propagated-inputs
+     `(("perl-type-tiny" ,perl-type-tiny)))
+    (home-page
+     "http://search.cpan.org/dist/MooX-late")
+    (synopsis "Easily translate Moose code to Moo")
+    (description
+     "MooX::late does the following:
+@enumerate
+@item Supports isa => $stringytype
+@item Supports does => $rolename
+@item Supports lazy_build => 1
+@item Exports blessed and confess functions to your namespace.
+@item Handles certain attribute traits
+Currently Hash, Array and Code are supported.  This feature requires
+MooX::HandlesVia.
+@end enumerate")
+    (license perl-license)))
+
 (define-public perl-moox-types-mooselike
   (package
     (name "perl-moox-types-mooselike")
@@ -5252,6 +5525,38 @@ cycle.  Functions called in the package itself will still be bound by their
 name, but they won't show up as methods on your class or instances.")
     (license (package-license perl))))
 
+(define-public perl-net-idn-encode
+  (package
+    (name "perl-net-idn-encode")
+    (version "2.400")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/C/CF/CFAERBER/Net-IDN-Encode-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "0a9knav5f9kjldrkxx1k47ivd3p23zkmi8aqgyhnxidhgasz1dlq"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-build" ,perl-module-build)
+       ("perl-test-nowarnings" ,perl-test-nowarnings)))
+    (home-page
+     "http://search.cpan.org/dist/Net-IDN-Encode")
+    (synopsis
+     "Internationalizing Domain Names in Applications (IDNA)")
+    (description
+     "Internationalized Domain Names (IDNs) use characters drawn from a large
+repertoire (Unicode), but IDNA allows the non-ASCII characters to be
+represented using only the ASCII characters already allowed in so-called host
+names today (letter-digit-hyphen, /[A-Z0-9-]/i).
+
+Use this module if you just want to convert domain names (or email addresses),
+using whatever IDNA standard is the best choice at the moment.")
+    (license perl-license)))
+
 (define-public perl-net-statsd
   (package
    (name "perl-net-statsd")
@@ -6775,6 +7080,61 @@ namespace::autoclean or namespace::clean and are therefore available to be
 called as methods, which usually isn't want you want.")
     (license (package-license perl))))
 
+(define-public perl-test-cpan-meta
+  (package
+    (name "perl-test-cpan-meta")
+    (version "0.25")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/B/BA/BARBIE/Test-CPAN-Meta-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "1dcdbbdwdyhpldkhjzc9rvzlmb5jbil6fwh2x07nsfdwysf4ynzm"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-test-cpan-meta-json" ,perl-test-cpan-meta-json)
+       ("perl-test-pod" ,perl-test-pod)
+       ("perl-test-pod-coverage" ,perl-test-pod-coverage)))
+    (home-page
+     "http://search.cpan.org/dist/Test-CPAN-Meta")
+    (synopsis "Validate your CPAN META.yml files")
+    (description
+     "This module was written to ensure that a META.yml file meets the
+specification.")
+    (license artistic2.0)))
+
+(define-public perl-test-cpan-meta-json
+  (package
+    (name "perl-test-cpan-meta-json")
+    (version "0.16")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/B/BA/BARBIE/Test-CPAN-Meta-JSON-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "1jg9ka50ixwq083wd4k12rhdjq87w0ihb34gd8jjn7gvvyd51b37"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-test-pod" ,perl-test-pod)
+       ("perl-test-pod-coverage" ,perl-test-pod-coverage)))
+    (inputs
+     `(("perl-json" ,perl-json)))
+    (home-page
+     "http://search.cpan.org/dist/Test-CPAN-Meta-JSON")
+    (synopsis "Validate your CPAN META.json files")
+    (description
+     "This module was written to ensure that a META.json file meets the
+specification.")
+    (license artistic2.0)))
+
 (define-public perl-test-deep
   (package
     (name "perl-test-deep")
@@ -6848,6 +7208,30 @@ modified or tested with this API, making it simple to test both individual
 files, as well as to verify that there are no missing or unknown files.")
     (license (package-license perl))))
 
+(define-public perl-test-eol
+  (package
+    (name "perl-test-eol")
+    (version "2.00")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/E/ET/ETHER/Test-EOL-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "0l3bxpsw0x7j9nclizcp53mnf9wny25dmg2iglfhzgnk0xfpwzwf"))))
+    (build-system perl-build-system)
+    (home-page
+     "http://search.cpan.org/dist/Test-EOL")
+    (synopsis
+     "Check the correct line endings in your project")
+    (description
+     "@code{Test::EOL} lets you check for the presence of trailing whitespace
+and/or windows line endings in your perl code.")
+    (license perl-license)))
+
 (define-public perl-test-exception
   (package
     (name "perl-test-exception")
@@ -7037,6 +7421,42 @@ file to find out which tests you want to run and the order in which you want to
 It constructs the right value for the build system to do the right thing.")
     (license (package-license perl))))
 
+(define-public perl-test-memory-cycle
+  (package
+    (name "perl-test-memory-cycle")
+    (version "1.06")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/P/PE/PETDANCE/Test-Memory-Cycle-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "00ijmgx1r3cxrcs1qa9rb2s4gbm3nsawd90drda89kb4r7yxslwx"))))
+    (build-system perl-build-system)
+    (inputs
+     `(("perl-padwalker" ,perl-padwalker)))
+    (propagated-inputs
+     `(("perl-devel-cycle" ,perl-devel-cycle)))
+    (home-page
+     "http://search.cpan.org/dist/Test-Memory-Cycle")
+    (synopsis
+     "Verifies code hasn't left circular references")
+    (description
+     "@code{Test::Memory::Cycle} is built on top of @code{Devel::Cycle} to
+give you an easy way to check for these circular references.
+
+@example
+use Test::Memory::Cycle;
+
+my $object = new MyObject;
+# Do stuff with the object.
+memory_cycle_ok( $object );
+@end example")
+    (license artistic2.0)))
+
 (define-public perl-test-mockobject
   (package
     (name "perl-test-mockobject")
@@ -7142,6 +7562,30 @@ with an error rather than skip.
 If used in a subtest, the remainder of the subtest will be skipped.")
     (license (package-license perl))))
 
+(define-public perl-test-notabs
+  (package
+    (name "perl-test-notabs")
+    (version "2.00")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/E/ET/ETHER/Test-NoTabs-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "127kpl1va267qar2ia4c22xb96jby2jqnda3sj5pjgmxg8si26cg"))))
+    (build-system perl-build-system)
+    (home-page
+     "http://search.cpan.org/dist/Test-NoTabs")
+    (synopsis
+     "Check the presence of tabs in your project")
+    (description
+     "@code{Test::NoTabs} lets you check the presence of tabs in your perl
+code.")
+    (license perl-license)))
+
 (define-public perl-test-nowarnings
   (package
     (name "perl-test-nowarnings")
@@ -7732,6 +8176,32 @@ algorism to indicate multiplication by 1000.")
     (description "Text::Table renders plaintext tables.")
     (license x11)))
 
+(define-public perl-text-template
+  (package
+    (name "perl-text-template")
+    (version "1.47")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/M/MS/MSCHOUT/Text-Template-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "1z781cgz7wbn80lf3kqr2ad0pg6g1wlnim0822h8liw28k3l5msh"))))
+    (build-system perl-build-system)
+    (home-page
+     "http://search.cpan.org/dist/Text-Template")
+    (synopsis
+     "Expand template text with embedded Perl")
+    (description
+     "This is a library for generating letters, building HTML pages, or
+filling in templates generally.  A template is a piece of text that has little
+Perl programs embedded in it here and there.  When you fill in a template, you
+evaluate the little programs and replace them with their values.")
+    (license perl-license)))
+
 (define-public perl-text-unidecode
   (package
     (name "perl-text-unidecode")
@@ -8366,6 +8836,30 @@ neither visible nor modifiable from Perl space).")
 on the YAML 1.0 specification.")
     (license (package-license perl))))
 
+(define-public perl-yaml-libyaml
+  (package
+    (name "perl-yaml-libyaml")
+    (version "0.65")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/T/TI/TINITA/YAML-LibYAML-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "0izhvz8f29x1f50hhwfgm0iq1lz7apjjvg77lmky949jr07hnwfv"))))
+    (build-system perl-build-system)
+    (home-page
+     "http://search.cpan.org/dist/YAML-LibYAML")
+    (synopsis
+     "Perl YAML Serialization using XS and libyaml")
+    (description
+     "@code{YAML::XS} is a Perl XS binding to libyaml which offers Perl the
+best YAML support to date.")
+    (license perl-license)))
+
 (define-public perl-yaml-tiny
   (package
     (name "perl-yaml-tiny")
diff --git a/gnu/packages/photo.scm b/gnu/packages/photo.scm
index 2378acd975..410d23a6ab 100644
--- a/gnu/packages/photo.scm
+++ b/gnu/packages/photo.scm
@@ -65,14 +65,14 @@
 (define-public libraw
   (package
     (name "libraw")
-    (version "0.18.2")
+    (version "0.18.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.libraw.org/data/LibRaw-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1imby9x88pjx4ad1frdi3bfb8dw90ccyj5pb6w3i6i0iijrnndnf"))))
+                "0y519nlvl4bfnnxbwry35f6gbcv6jbbpd2lmiwv6pbyzv4a7saps"))))
     (build-system gnu-build-system)
     (home-page "https://www.libraw.org")
     (synopsis "Raw image decoder")
diff --git a/gnu/packages/php.scm b/gnu/packages/php.scm
index d0afab0931..fdea6c6d8f 100644
--- a/gnu/packages/php.scm
+++ b/gnu/packages/php.scm
@@ -49,21 +49,10 @@
   #:use-module (guix build-system gnu)
   #:use-module ((guix licenses) #:prefix license:))
 
-(define gd-for-php
-  (package
-    (inherit gd)
-    (source (origin
-             (inherit (package-source gd))
-             (patches 
-               (append
-                 (origin-patches (package-source gd))
-                 (search-patches "gd-CVE-2017-7890.patch")))))))
-
-
 (define-public php
   (package
     (name "php")
-    (version "7.1.8")
+    (version "7.1.10")
     (home-page "https://secure.php.net/")
     (source (origin
               (method url-fetch)
@@ -71,7 +60,7 @@
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1aramb6dm57pr2iz61id9vzfy7h5qkb6bf7dxhrwnjk0723qahw9"))
+                "02y52ml1svksx6fclg47vim2hnsva3531db7msrhpb9f39vzm3ib"))
               (modules '((guix build utils)))
               (snippet
                '(with-directory-excursion "ext"
@@ -293,7 +282,7 @@
        ("curl" ,curl)
        ("cyrus-sasl" ,cyrus-sasl)
        ("freetype" ,freetype)
-       ("gd" ,gd-for-php)
+       ("gd" ,gd-2.2.5)
        ("gdbm" ,gdbm)
        ("glibc" ,glibc)
        ("gmp" ,gmp)
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 6b9fe0325c..f1dc2da050 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -12,7 +12,7 @@
 ;;; Copyright © 2015 Eric Dvorsak <eric@dvorsak.fr>
 ;;; Copyright © 2015, 2016 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
-;;; Copyright © 2015 Ben Woodcroft <donttrustben@gmail.com>
+;;; Copyright © 2015, 2017 Ben Woodcroft <donttrustben@gmail.com>
 ;;; Copyright © 2015, 2016 Erik Edrosa <erik.edrosa@gmail.com>
 ;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2015 Kyle Meyer <kyle@kyleam.com>
@@ -41,7 +41,7 @@
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;; Copyright © 2017 José Miguel Sánchez García <jmi2k@openmailbox.org>
 ;;; Copyright © 2017 Roel Janssen <roel@gnu.org>
-;;; Copyright © 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
 ;;; Copyright © 2017 Muriithi Frederick Muriuki <fredmanglis@gmail.com>
 ;;;
@@ -68,6 +68,7 @@
   #:use-module (gnu packages attr)
   #:use-module (gnu packages backup)
   #:use-module (gnu packages bash)
+  #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages crypto)
   #:use-module (gnu packages databases)
@@ -79,6 +80,7 @@
   #:use-module (gnu packages gl)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages graphviz)
+  #:use-module (gnu packages graphics)
   #:use-module (gnu packages gstreamer)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages icu4c)
@@ -1248,6 +1250,33 @@ datetime module, available in Python 2.3+.")
 (define-public python2-parsedatetime
   (package-with-python2 python-parsedatetime))
 
+(define-public python-schedule
+  (package
+    (name "python-schedule")
+    (version "0.4.3")
+    (source
+     (origin
+      (method url-fetch)
+      (uri (pypi-uri "schedule" version))
+      (sha256
+       (base32
+        "0vplyjcbfrq50sphlwya749z8p2pcyi2nycw3518i0qpd9a6189i"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-pytest" ,python-pytest)
+       ("python-mock" ,python-mock)))
+    (home-page "https://github.com/dbader/schedule")
+    (synopsis "Schedule periodic function calls in Python")
+    (description
+     "Schedule is an in-process scheduler for periodic jobs that uses the
+builder pattern for configuration.  Schedule lets you run Python functions (or
+any other callable) periodically at pre-determined intervals using a simple,
+human-friendly syntax.")
+    (license license:expat)))
+
+(define-public python2-schedule
+  (package-with-python2 python-schedule))
+
 (define-public python-pandas
   (package
     (name "python-pandas")
@@ -2811,13 +2840,13 @@ cutting and pasting that code over and over.")
 (define-public python-unidecode
   (package
     (name "python-unidecode")
-    (version "0.04.20")
+    (version "0.04.21")
     (source (origin
              (method url-fetch)
              (uri (pypi-uri "Unidecode" version))
              (sha256
               (base32
-               "1q00i8gpsq3d9r0q8wk4b290fxl0kqlsdk7iadvli45in6s1hi7d"))))
+               "0lfhp9c5xrbpjvbpr12ji52g1lx04404bzzdg6pvabhzisw6l2i8"))))
     (build-system python-build-system)
     (home-page "https://pypi.python.org/pypi/Unidecode")
     (synopsis "ASCII transliterations of Unicode text")
@@ -2826,7 +2855,7 @@ cutting and pasting that code over and over.")
 useful when integrating with legacy code that doesn't support Unicode, or for
 ease of entry of non-Roman names on a US keyboard, or when constructing ASCII
 machine identifiers from human-readable Unicode strings that should still be
-somewhat intelligeble.")
+somewhat intelligible.")
     (license license:gpl2+)))
 
 (define-public python2-unidecode
@@ -2835,17 +2864,23 @@ somewhat intelligeble.")
 (define-public python-pyjwt
   (package
     (name "python-pyjwt")
-    (version "1.4.0")
+    (version "1.5.3")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "PyJWT" version))
        (sha256
         (base32
-         "1556v2jppd8mjkkj66pxb5rcazm35jq81r233mdl8hfmz9n3icp1"))))
+         "1rxsg14i33vm2i6lz0my628108c81k43v10n4h3p0gx62xdyf2sh"))
+       (modules '((guix build utils)))
+       (snippet
+        '(begin
+           (for-each delete-file-recursively
+                     (find-files "." "\\.pyc$"))
+           #t))))
     (build-system python-build-system)
     (native-inputs
-     `(("python-pytest" ,python-pytest)
+     `(("python-pytest" ,python-pytest-3.0)
        ("python-pytest-cov" ,python-pytest-cov)
        ("python-pytest-runner" ,python-pytest-runner)))
     (home-page "https://github.com/progrium/pyjwt")
@@ -3030,15 +3065,27 @@ for Python.")
 (define-public python-jinja2
   (package
     (name "python-jinja2")
-    (version "2.8")
+    (version "2.9.6")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "Jinja2" version))
        (sha256
         (base32
-         "1x0v41lp5m1pjix3l46zx02b7lqp2hflgpnxwkywxynvi3zz47xw"))))
+         "1zzrkywhziqffrzks14kzixz7nd4yh2vc0fb04a68vfd2ai03anx"))))
     (build-system python-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         ;; These files cannot be built with Python < 3.6.  See
+         ;; https://github.com/pallets/jinja/issues/655
+         ;; FIXME: Remove this when the "python" package is upgraded.
+         (add-after 'unpack 'delete-incompatible-files
+           (lambda _
+             (for-each delete-file
+                       '("jinja2/asyncsupport.py"
+                         "jinja2/asyncfilters.py"))
+             #t)))))
     (propagated-inputs
      `(("python-markupsafe" ,python-markupsafe)))
     (home-page "http://jinja.pocoo.org/")
@@ -3169,14 +3216,14 @@ reStructuredText.")
 (define-public python-pygments
   (package
     (name "python-pygments")
-    (version "2.1.3")
+    (version "2.2.0")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "Pygments" version))
        (sha256
         (base32
-         "10axnp2wpjnq9g8wg53fx0c70dfxqrz498jyz8mrdx9a3flwir48"))))
+         "1k78qdvir1yb1c634nkv6rbga8wv4289xarghmsbbvzhvr311bnv"))))
     (build-system python-build-system)
     (arguments
      ;; FIXME: Tests require sphinx, which depends on this.
@@ -3611,14 +3658,14 @@ is designed to have a low barrier to entry.")
 (define-public python-cython
   (package
     (name "python-cython")
-    (version "0.26")
+    (version "0.27")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "Cython" version))
        (sha256
         (base32
-         "0riciynnr0r68cvg6r3gbhi9x7h44pdwb7926m6n5vfs5p1f492c"))))
+         "02y0pp1nx77b8s1mpxc6da2dccl6wd31pp4ksi9via479qcvacmr"))))
     (build-system python-build-system)
     ;; we need the full python package and not just the python-wrapper
     ;; because we need libpython3.3m.so
@@ -3673,22 +3720,21 @@ between language specification and implementation aspects.")
 (define-public python-numpy
   (package
     (name "python-numpy")
-    (version "1.12.0")
+    (version "1.13.1")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append
-             "https://github.com/numpy/numpy/archive/v" version ".tar.gz"))
-       (file-name (string-append name "-" version ".tar.gz"))
+       (uri (pypi-uri "numpy" version ".zip"))
        (sha256
         (base32
-         "025d4j4aakcp8w5i5diqh812cbbjgac7jszx1j56ivrbi1i8vv7d"))))
+         "1fsgkhh1vdkhmlz8vmdgxnj9n9yaanckxxzz9s0b4p08fqvjic69"))))
     (build-system python-build-system)
     (inputs
      `(("openblas" ,openblas)
        ("lapack" ,lapack)))
     (native-inputs
-     `(("python-cython" ,python-cython)
+     `(("unzip" ,unzip)
+       ("python-cython" ,python-cython)
        ("python-nose" ,python-nose)
        ("gfortran" ,gfortran)))
     (arguments
@@ -3696,6 +3742,8 @@ between language specification and implementation aspects.")
        (modify-phases %standard-phases
         (add-before 'build 'set-environment-variables
          (lambda* (#:key inputs #:allow-other-keys)
+           ;; numpy's distutils uses $SHELL to run external commands.
+          (setenv "SHELL" "bash")
           (call-with-output-file "site.cfg"
             (lambda (port)
               (format port
@@ -3762,6 +3810,71 @@ objects.")
 (define-public python2-munch
   (package-with-python2 python-munch))
 
+(define-public python-colormath
+  (package
+    (name "python-colormath")
+    (version "2.1.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "colormath" version))
+       (sha256
+        (base32
+         "01wp5xwm0a89wdm1dc9rr1ij90idzdiiipxdj1yslhqzkhnjnfh0"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-networkx" ,python-networkx)
+       ("python-numpy" ,python-numpy)))
+    (home-page "https://github.com/gtaylor/python-colormath")
+    (synopsis "Color math and conversion library")
+    (description
+     "This is a Python library for color math and conversions.")
+    (license license:bsd-3)))
+
+(define-public python2-colormath
+  (package-with-python2 python-colormath))
+
+(define-public python-spectra
+  (package
+    (name "python-spectra")
+    (version "0.0.8")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "spectra" version))
+       (sha256
+        (base32
+         "0n87kzhpkml2s2q91rdkl8wz2kkv5b0bkrgww45lxa5vq34qh6w5"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (replace 'check
+           (lambda _
+             (zero? (system* "nosetests" "-v")))))))
+    (propagated-inputs
+     `(("python-colormath" ,python-colormath)))
+    (native-inputs
+     `(("python-nose" ,python-nose)))
+    (home-page "http://github.com/jsvine/spectra")
+    (synopsis "Color scales and color conversion")
+    (description
+     "This package provides a Python library intended to make color math,
+color scales, and color space conversion easy.  It has support for:
+
+@enumerate
+@item Color scales
+@item Color ranges
+@item Color blending
+@item Brightening/darkening colors
+@item Saturating/desaturating colors
+@item Conversion to/from multiple color spaces.
+@end enumerate\n")
+    (license license:expat)))
+
+(define-public python2-spectra
+  (package-with-python2 python-spectra))
+
 (define-public python2-fastlmm
   (package
     (name "python2-fastlmm")
@@ -4313,33 +4426,56 @@ operators such as union, intersection, and difference.")
 (define-public python-rpy2
   (package
     (name "python-rpy2")
-    (version "2.7.6")
+    (version "2.9.0")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "rpy2" version))
        (sha256
         (base32
-         "0nhan2qvrw7b7gg5zddwa22kybdv3x1g26vkd7q8lvnkgzrs4dga"))))
+         "0bqihjrdqwj5r1h86shvfb1p5hfr4a6klv1v54bzfr9r144w3rni"))))
     (build-system python-build-system)
     (arguments
-     '(#:phases
+     '(#:modules ((ice-9 ftw)
+                  (srfi srfi-1)
+                  (srfi srfi-26)
+                  (guix build utils)
+                  (guix build python-build-system))
+       #:phases
        (modify-phases %standard-phases
-         (delete 'check)
-         (add-after 'install 'check
+         ;; Without this phase the test loader cannot find the directories, in
+         ;; which it is supposed to look for test files.
+         (add-after 'unpack 'fix-tests
+           (lambda* (#:key outputs #:allow-other-keys)
+             (substitute* "rpy/tests.py"
+               (("loader.discover\\(")
+                "loader.discover(rpy_root + '/' +"))
+             #t))
+         (replace 'check
            (lambda* (#:key outputs inputs #:allow-other-keys)
-             ;; It's easier to run tests after install.
-             ;; Make installed package available for running the tests
-             (add-installed-pythonpath inputs outputs)
+             (let ((cwd (getcwd)))
+               (setenv "PYTHONPATH"
+                       (string-append cwd "/build/"
+                                      (find (cut string-prefix? "lib" <>)
+                                            (scandir (string-append cwd "/build")))
+                                      ":"
+                                      (getenv "PYTHONPATH"))))
              (zero? (system* "python" "-m" "rpy2.tests" "-v")))))))
     (propagated-inputs
-     `(("python-six" ,python-six)))
+     `(("python-six" ,python-six)
+       ("python-jinja2" ,python-jinja2)
+       ("python-pytz" ,python-pytz)))
     (inputs
      `(("readline" ,readline)
        ("icu4c" ,icu4c)
        ("pcre" ,pcre)
        ("r-minimal" ,r-minimal)
-       ("r-survival" ,r-survival)))
+       ("r-survival" ,r-survival)
+       ("r-ggplot2" ,r-ggplot2)
+       ("r-rsqlite" ,r-rsqlite)
+       ("r-dplyr" ,r-dplyr)
+       ("r-dbplyr" ,r-dbplyr)
+       ("python-numpy" ,python-numpy)))
     (native-inputs
      `(("zlib" ,zlib)))
     (home-page "http://rpy.sourceforge.net/")
@@ -4348,14 +4484,10 @@ operators such as union, intersection, and difference.")
 low-level interface to R from Python, a proposed high-level interface,
 including wrappers to graphical libraries, as well as R-like structures and
 functions.")
-    (license license:gpl3+)))
-
-(define-public python2-rpy2
-  (let ((rpy2 (package-with-python2 python-rpy2)))
-    (package (inherit rpy2)
-      (propagated-inputs
-       `(("python2-singledispatch" ,python2-singledispatch)
-         ,@(package-propagated-inputs rpy2))))))
+    ;; Any of these licenses can be picked for the R interface.  The whole
+    ;; project is released under GPLv2+ according to the license declaration
+    ;; in "setup.py".
+    (license (list license:mpl2.0 license:gpl2+ license:lgpl2.1+))))
 
 (define-public python-scipy
   (package
@@ -5652,13 +5784,13 @@ tools for mocking system commands and recording calls to those.")
 (define-public python-ipython
   (package
     (name "python-ipython")
-    (version "5.2.2")
+    (version "5.3.0")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "ipython" version ".tar.gz"))
        (sha256
-        (base32 "1qhjwa9cyz1np7rhv3p4ip13lkgbqsad62l24xkwiq1ic2gwiqbf"))))
+        (base32 "079wyjir4a9qx6kvx096b1asm63djbidk65z3ykcbnlngmg62pmz"))))
     (build-system python-build-system)
     (outputs '("out" "doc"))
     (propagated-inputs
@@ -5873,6 +6005,37 @@ and written in Python.")
 (define-public python2-html5lib-0.9
   (package-with-python2 python-html5lib-0.9))
 
+(define-public python-html5-parser
+  (package
+    (name "python-html5-parser")
+    (version "0.4.4")
+    (source (origin
+              (method url-fetch)
+              (uri (pypi-uri "html5-parser" version))
+              (sha256
+               (base32
+                "1d8sxhl41ffh7qlk7wlsy17xw6slzx5v1yna9s72wx5qrpaa3wxr"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("libxml2" ,libxml2)))
+    (propagated-inputs
+     `(("python-lxml" ,python-lxml)
+       ("python-beautifulsoup4" ,python-beautifulsoup4)))
+    (home-page "https://html5-parser.readthedocs.io")
+    (synopsis "Fast C-based HTML5 parsing for Python")
+    (description "This package provides a fast implementation of the HTML5
+parsing spec for Python.  Parsing is done in C using a variant of the gumbo
+parser.  The gumbo parse tree is then transformed into an lxml tree, also in
+C, yielding parse times that can be a thirtieth of the html5lib parse times.")
+    ;; src/as-python-tree.[c|h] are licensed GPL3.  The other files
+    ;; indicate ASL2.0, including the LICENSE file for the whole project.
+    (license (list license:asl2.0 license:gpl3))))
+
+(define-public python2-html5-parser
+  (package-with-python2 python-html5-parser))
+
 (define-public python-webencodings
   (package
     (name "python-webencodings")
@@ -6104,6 +6267,16 @@ implementation of D-Bus.")
     (arguments
      `(#:phases
        (modify-phases %standard-phases
+         (replace 'build
+           (lambda _
+             (zero?
+              (system* "python" "setup.py" "build" "--enable-all-extensions"))))
+         (add-after 'build 'build-test-helper
+           (lambda _
+             (zero?
+              (system
+               (string-append "gcc -fPIC -shared -o ./testextension.sqlext "
+                              "-I. -Isqlite3 src/testextension.c") ))))
          (delete 'check)
          (add-after 'install 'check
            (lambda* (#:key inputs outputs #:allow-other-keys)
@@ -6123,14 +6296,14 @@ translate the complete SQLite API into Python.")
 (define-public python-lxml
   (package
     (name "python-lxml")
-    (version "3.6.0")
+    (version "3.8.0")
     (source
       (origin
         (method url-fetch)
         (uri (pypi-uri "lxml" version))
         (sha256
          (base32
-          "1pvbmiy2m7jwv493kilbghhj2pkh8wy1na3ji350vhzhlwlclx4w"))))
+          "15nvf6n285n282682qyw3wihsncb0x5amdhyi4b83bfa2nz74vvk"))))
     (build-system python-build-system)
     (inputs
       `(("libxml2" ,libxml2)
@@ -7809,14 +7982,14 @@ message digests and key derivation functions.")
 (define-public python-pyopenssl
   (package
     (name "python-pyopenssl")
-    (version "17.2.0")
+    (version "17.3.0")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "pyOpenSSL" version))
        (sha256
         (base32
-         "0d283g4zi0hr9papd24mjl70mi15gyzq6fx618rizi87dgipqqax"))))
+         "0xkc1wfnpg6abzllivg3ylhc63npjdy1v81f4kc08bm8cj80nqr9"))))
     (build-system python-build-system)
     (arguments
      '(#:phases
@@ -9096,16 +9269,13 @@ with python-requests.")
 (define-public python-click-threading
   (package
     (name "python-click-threading")
-    (version "0.2.0")
+    (version "0.4.3")
     (source (origin
              (method url-fetch)
-             (uri (string-append
-                    "https://pypi.python.org/packages/"
-                    "fe/b7/e7f609d18a2a351cb71616adcf54df1acd82f83cb9b5936935a4d20e2c23/"
-                    "click-threading-" version ".tar.gz"))
+             (uri (pypi-uri "click-threading" version))
              (sha256
               (base32
-               "18bcqikxwb3drb8rf60cclxkxw52521b38ax3byah6j8cn8y9p4j"))))
+               "0xs4bg2ws0zgyiplk312l049hi23c2zqf1g771rjhh5vr2msk4cg"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-click" ,python-click)))
@@ -9118,13 +9288,13 @@ applications.")
 (define-public python-click-log
   (package
     (name "python-click-log")
-    (version "0.1.8")
+    (version "0.2.0")
     (source (origin
              (method url-fetch)
              (uri (pypi-uri "click-log" version))
              (sha256
               (base32
-               "14ikfjfgnzf21mjniq9lfk2igzykgzfvwwrk85nw2b9fq44109sp"))))
+               "1bjrfxji1yv4fj0g78ri2yfgn2wbivn8g69fxfinxvxpmighhshp"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-click" ,python-click)))
@@ -9329,13 +9499,13 @@ processes across test runs.")
 (define-public python-icalendar
   (package
     (name "python-icalendar")
-    (version "3.11.6")
+    (version "3.11.7")
     (source (origin
              (method url-fetch)
              (uri (pypi-uri "icalendar" version))
              (sha256
               (base32
-               "1ny9mbm9zgghl612b8wc4ap52bz3kgl486d7f307gxjmlqgz3i64"))))
+               "0ahf1i98wjizhld2qd7v2vmvzsmdw08mmins82bf3fpbnp2sxbgc"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-dateutil" ,python-dateutil)
@@ -9756,14 +9926,14 @@ Pytest but stripped of Pytest specific details.")
 (define-public python-tox
   (package
    (name "python-tox")
-   (version "2.3.1")
+   (version "2.8.0")
    (source
     (origin
      (method url-fetch)
      (uri (pypi-uri "tox" version))
      (sha256
       (base32
-       "1vj73ar4rimq3fwy5r2z3jv4g9qbh8rmpmncsc00g0k310acqzxz"))))
+       "00lrql2cfzhb712v70inac6mrgdv8s8fmvz7qpggkk623hkm2pgc"))))
    (build-system python-build-system)
    (arguments
     ;; FIXME: Tests require pytest-timeout, which itself requires
@@ -9775,7 +9945,8 @@ Pytest but stripped of Pytest specific details.")
       ("python-virtualenv" ,python-virtualenv)))
    (native-inputs
     `(; FIXME: Missing: ("python-pytest-timeout" ,python-pytest-timeout)
-      ("python-pytest" ,python-pytest)))  ; >= 2.3.5
+      ("python-pytest" ,python-pytest)  ; >= 2.3.5
+      ("python-setuptools-scm" ,python-setuptools-scm)))
    (home-page "http://tox.testrun.org/")
    (synopsis "Virtualenv-based automation of test activities")
    (description "Tox is a generic virtualenv management and test command line
@@ -9815,14 +9986,14 @@ document.")
 (define-public python-botocore
   (package
    (name "python-botocore")
-   (version "1.5.26")
+   (version "1.7.9")
    (source
     (origin
      (method url-fetch)
      (uri (pypi-uri "botocore" version))
      (sha256
       (base32
-       "1b7l48hr88galrrc5q6k21z3sdadzxc87ppzs7k9fz4p1w8bfnvb"))))
+       "02b1bw25r1wdjs5yppb1h9igf11wj092biriv2yg8hzp5r0wrkmg"))))
    (build-system python-build-system)
    (arguments
     ;; FIXME: Many tests are failing.
@@ -9849,14 +10020,14 @@ interface to the Amazon Web Services (AWS) API.")
 (define-public awscli
   (package
    (name "awscli")
-   (version "1.11.63")
+   (version "1.11.151")
    (source
     (origin
      (method url-fetch)
      (uri (pypi-uri name version))
      (sha256
       (base32
-       "1r8aqv8w27k76lcsfk83w6qw9lz8gk2ibzwacp5wjhpp2gik911m"))))
+       "0h6rirbfy0f9cxm7ikll0kr720dircfmxf2vslmhn4n325831wsp"))))
    (build-system python-build-system)
    (propagated-inputs
     `(("python-colorama" ,python-colorama)
@@ -11815,20 +11986,22 @@ Wikipedia code samples at
 (define-public python-cleo
   (package
     (name "python-cleo")
-    (version "0.4.1")
+    (version "0.6.1")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "cleo" version))
               (sha256
                (base32
-                "1k2dcl6mqpn5bljyl6w42rqyd9mb3y9kh2mg7m2x3kfjwvg0rpva"))))
+                "0q1cf0szr0d54am4pypzwdnm74zpladdsinad94c2fz5i06fdpf7"))))
     (build-system python-build-system)
     (native-inputs
      `(;; For testing
        ("python-mock" ,python-mock)
+       ("python-pytest-mock" ,python-pytest-mock)
        ("python-pytest" ,python-pytest)))
     (propagated-inputs
-     `(("python-psutil" ,python-psutil)
+     `(("python-backpack" ,python-backpack)
+       ("python-pastel" ,python-pastel)
        ("python-pylev" ,python-pylev)))
     (home-page "https://github.com/sdispater/cleo")
     (synopsis "Command-line arguments library for Python")
@@ -11989,13 +12162,13 @@ addresses, and phone numbers.")
 (define-public python-pyaml
   (package
     (name "python-pyaml")
-    (version "15.8.2")
+    (version "17.7.2")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "pyaml" version))
               (sha256
                (base32
-                "1f5m28vkh4ksq3d80d8mmd2z8wxvc3mgy2pmrv2751dm2xgznm4w"))))
+                "132grrw0ajq4nrappi3ldbkb952k7yn9b6c7csi2rmvzm1g6ppp2"))))
     (build-system python-build-system)
     (native-inputs
      `(("python-unidecode" ,python-unidecode)))
@@ -12011,6 +12184,32 @@ YAML-serialized data.")
 (define-public python2-pyaml
   (package-with-python2 python-pyaml))
 
+(define-public python-backpack
+  (package
+    (name "python-backpack")
+    (version "0.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "backpack" version))
+       (sha256
+        (base32
+         "14rq1mvm0jda90lcx9gyyby9dvq4x3js2cmxvd6vl4686ixwyqh1"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-pytest" ,python-pytest)
+       ("python-nose" ,python-nose)))
+    (propagated-inputs
+     `(("python-simplejson" ,python-simplejson)))
+    (home-page "https://github.com/sdispater/backpack")
+    (synopsis "Utilities for working with Python collections")
+    (description "Backpack provides some useful utilities for working with
+collections of data.")
+    (license license:expat)))
+
+(define-public python2-backpack
+  (package-with-python2 python-backpack))
+
 (define-public python-flexmock
   (package
     (name "python-flexmock")
@@ -12032,44 +12231,6 @@ mocks, stubs and fakes.")
 (define-public python2-flexmock
   (package-with-python2 python-flexmock))
 
-(define-public python-orator
-  (package
-    (name "python-orator")
-    (version "0.8.2")
-    (source (origin
-              (method url-fetch)
-              (uri (pypi-uri "orator" version))
-              (sha256
-               (base32
-                "1li49irsqha17nrda4nsb48biyy0rarp9pphf0jpqwm5zr8hv569"))))
-    (build-system python-build-system)
-    (arguments '(#:tests? #f)) ; no tests
-    (propagated-inputs
-     `(("python-arrow" ,python-arrow)
-       ("python-blinker" ,python-blinker)
-       ("python-cleo" ,python-cleo)
-       ("python-faker" ,python-faker)
-       ("python-inflection" ,python-inflection)
-       ("python-lazy-object-proxy" ,python-lazy-object-proxy)
-       ("python-pyaml" ,python-pyaml)
-       ("python-simplejson" ,python-simplejson)
-       ("python-wrapt" ,python-wrapt)))
-    (home-page "https://orator-orm.com/")
-    (synopsis "ActiveRecord ORM for Python")
-    (description
-     "Orator provides a simple ActiveRecord-like Object Relational Mapping
-implementation for Python.")
-    (license license:expat)
-    (properties `((python2-variant . ,(delay python2-orator))))))
-
-(define-public python2-orator
-  (let ((base (package-with-python2 (strip-python2-variant python-orator))))
-    (package
-      (inherit base)
-      (propagated-inputs
-       `(("python2-ipaddress" ,python2-ipaddress)
-         ,@(package-propagated-inputs base))))))
-
 (define-public python-prompt-toolkit
  (package
   (name "python-prompt-toolkit")
@@ -13070,16 +13231,40 @@ replay them during future tests.  It is designed to work with python-requests.")
 (define-public python2-betamax
   (package-with-python2 python-betamax))
 
+(define-public python-betamax-matchers
+  (package
+    (name "python-betamax-matchers")
+    (version "0.4.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "betamax-matchers" version))
+       (sha256
+        (base32
+         "07qpwjyq2i2aqhz5iwghnj4pqr2ys5n45v1vmpcfx9r5mhwrsq43"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-betamax" ,python-betamax)
+       ("python-requests-toolbelt" ,python-requests-toolbelt)))
+    (home-page "https://github.com/sigmavirus24/betamax_matchers")
+    (synopsis "VCR imitation for python-requests")
+    (description "@code{betamax-matchers} provides a set of Matchers for
+Betamax.")
+    (license license:asl2.0)))
+
+(define-public python2-betamax-matchers
+  (package-with-python2 python-betamax-matchers))
+
 (define-public python-s3transfer
   (package
     (name "python-s3transfer")
-    (version "0.1.10")
+    (version "0.1.11")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "s3transfer" version))
               (sha256
                (base32
-                "1h8g9bknvxflxkpbnxyfxmk8pvgykbbk9ljdvhqh6z4vjc2926ms"))))
+                "0yfrfnf404cxzn3iswibqjxklsl0b1lwgqiml6pwiqj79a7zbwbn"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -13992,7 +14177,22 @@ parse many formal languages.")
          "1i9gik0xrj6jmi95s5w988jl1y265baz5xm5pbqdyvsh8h9ln6yq"))))
     (build-system python-build-system)
     (arguments
-     `(#:python ,python-2))
+     `(#:python ,python-2
+       #:phases
+       (modify-phases %standard-phases
+         ;; check phase needs to be run before the build phase. If not,
+         ;; coverage-test-runner looks for tests for the built source files,
+         ;; and fails.
+         (delete 'check)
+         (add-before 'build 'check
+           (lambda _
+             ;; Disable python3 tests
+             (substitute* "check"
+               (("python3") "# python3"))
+             (zero? (system* "./check")))))))
+    (native-inputs
+     `(("python2-coverage-test-runner" ,python2-coverage-test-runner)
+       ("python2-pep8" ,python2-pep8)))
     (propagated-inputs
      `(("python2-pyaml" ,python2-pyaml)))
     (home-page "https://liw.fi/cliapp/")
@@ -14017,8 +14217,20 @@ iterating over input files.")
         (base32
          "0vivqbw7ddhsq1zj3g9cvvv4f0phl0pis2smsnwcr2szz2fk3hl6"))))
     (build-system python-build-system)
+    (native-inputs
+     `(("python2-coverage-test-runner" ,python2-coverage-test-runner)
+       ("python2-pep8" ,python2-pep8)))
     (arguments
-     `(#:python ,python-2))
+     `(#:python ,python-2
+       #:phases
+       (modify-phases %standard-phases
+         ;; check phase needs to be run before the build phase. If not,
+         ;; coverage-test-runner looks for tests for the built source files,
+         ;; and fails.
+         (delete 'check)
+         (add-before 'build 'check
+           (lambda _
+             (zero? (system* "make" "check")))))))
     (home-page "https://liw.fi/ttystatus/")
     (synopsis "Python library for showing progress reporting and
 status updates on terminals")
@@ -14065,12 +14277,26 @@ happens using the @code{logging} library.")
        (uri (string-append
              "http://git.liw.fi/cgi-bin/cgit/cgit.cgi/larch/snapshot/larch-"
              version ".tar.gz"))
+       (patches (search-patches
+                 "python2-larch-coverage-4.0a6-compatibility.patch"))
        (sha256
         (base32
          "1p4knkkavlqymgciz2wbcnfrdgdbafhg14maplnk4vbw0q8xs663"))))
     (build-system python-build-system)
     (arguments
-     `(#:python ,python-2))
+     `(#:python ,python-2
+       #:phases
+       (modify-phases %standard-phases
+         ;; check phase needs to be run before the build phase. If not,
+         ;; coverage-test-runner looks for tests for the built source files,
+         ;; and fails.
+         (delete 'check)
+         (add-before 'build 'check
+           (lambda _
+             (zero? (system* "make" "check")))))))
+    (native-inputs
+     `(("cmdtest" ,cmdtest)
+       ("python2-coverage-test-runner" ,python2-coverage-test-runner)))
     (propagated-inputs
      `(("python2-tracing" ,python2-tracing)))
     (home-page "https://liw.fi/larch/")
@@ -15917,6 +16143,51 @@ pure Python module.")
 (define-public python2-rencode
   (package-with-python2 python-rencode))
 
+(define-public python-xenon
+  (package
+    (name "python-xenon")
+    (version "0.5.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "xenon" version))
+       (sha256
+        (base32
+         "14kby2y48vp3sgwxqlm5d5789yibqwb1qli5fwcmdqg3iayrbklc"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-pyyaml" ,python-pyyaml)
+       ("python-radon" ,python-radon)
+       ("python-requests" ,python-requests)
+       ("python-flake8" ,python-flake8)
+       ("python-tox" ,python-tox)))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'patch-test-requirements
+           (lambda* (#:key inputs #:allow-other-keys)
+             ;; Update requirements from dependency==version to
+             ;; dependency>=version.
+             (substitute* "requirements.txt"
+               (("==") ">=")
+               ((",<1.5.0") ""))
+             ;; Remove httpretty dependency for tests.
+             (substitute* "setup.py"
+               (("httpretty") ""))
+             #t)))))
+    (home-page "https://xenon.readthedocs.org/")
+    (synopsis "Monitor code metrics for Python on your CI server")
+    (description
+     "Xenon is a monitoring tool based on Radon.  It monitors code complexity.
+Ideally, @code{xenon} is run every time code is committed.  Through command
+line options, various thresholds can be set for the complexity of code.  It
+will fail (i.e.  it will exit with a non-zero exit code) when any of these
+requirements is not met.")
+    (license license:expat)))
+
+(define-public python2-xenon
+  (package-with-python2 python-xenon))
+
 (define-public python-flask-principal
   (package
     (name "python-flask-principal")
@@ -15966,3 +16237,68 @@ authentication for Flask routes.")
 
 (define-public python2-flask-httpauth
   (package-with-python2 python-flask-httpauth))
+
+(define-public python-pysocks
+  (package
+    (name "python-pysocks")
+    (version "1.6.7")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "PySocks" version))
+       (sha256
+        (base32
+         "1krkiss578zqwcg4c8iqz1hwscwhsvy2djp3xyvps5gsgvr2j0yh"))))
+    (build-system python-build-system)
+    (arguments `(#:tests? #f))
+    (home-page "https://github.com/Anorov/PySocks")
+    (synopsis "SOCKS client module")
+    (description "@code{pysocks} is an updated and semi-actively maintained
+version of @code{SocksiPy} with bug fixes and extra features.")
+    (license license:bsd-3)))
+
+(define-public python2-pysocks
+  (package-with-python2 python-pysocks))
+
+(define-public python-pyaes
+  (package
+    (name "python-pyaes")
+    (version "1.6.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "pyaes" version))
+       (sha256
+        (base32
+         "0bp9bjqy1n6ij1zb86wz9lqa1dhla8qr1d7w2kxyn7jbj56sbmcw"))))
+    (build-system python-build-system)
+    (home-page "https://github.com/ricmoo/pyaes")
+    (synopsis "Implementation of AES in Python")
+    (description "This package contains a pure-Python implementation of the
+AES block cipher algorithm and the common modes of operation (CBC, CFB, CTR,
+ECB and OFB).")
+    (license license:expat)))
+
+(define-public python2-pyaes
+  (package-with-python2 python-pyaes))
+
+(define-public python-uritemplate
+  (package
+    (name "python-uritemplate")
+    (version "3.0.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "uritemplate" version))
+       (sha256
+        (base32
+         "0781gm9g34wa0asc19dx81ng0nqq07igzv3bbvdqmz13pv7469n0"))))
+    (build-system python-build-system)
+    (home-page "https://uritemplate.readthedocs.org")
+    (synopsis "Library to deal with URI Templates")
+    (description "@code{uritemplate} provides Python library to deal with URI
+Templates.")
+    (license license:bsd-2)))
+
+(define-public python2-uritemplate
+  (package-with-python2 python-uritemplate))
diff --git a/gnu/packages/qt.scm b/gnu/packages/qt.scm
index 3e3588a505..bc275ebb09 100644
--- a/gnu/packages/qt.scm
+++ b/gnu/packages/qt.scm
@@ -46,6 +46,7 @@
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnuzilla)
   #:use-module (gnu packages gperf)
+  #:use-module (gnu packages gstreamer)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages icu4c)
   #:use-module (gnu packages image)
@@ -776,7 +777,15 @@ developers using C++ or QML, a CSS & JavaScript like language.")
                    (("spectrum") "#"))))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
-       ((#:tests? _ #f) #f))) ; TODO: Enable the tests
+       ((#:phases phases)
+        `(modify-phases ,phases
+           (replace 'configure
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let ((out (assoc-ref outputs "out")))
+                 (zero? (system* "qmake" "QT_BUILD_PARTS = libs tools tests"
+                                 (string-append "QMAKE_LFLAGS_RPATH=-Wl,-rpath," out "/lib -Wl,-rpath,")
+                                 (string-append "PREFIX=" out))))))))
+       ((#:tests? _ #f) #f)))           ; TODO: Enable the tests
     (native-inputs
      `(("perl" ,perl)
        ("pkg-config" ,pkg-config)
@@ -786,7 +795,10 @@ developers using C++ or QML, a CSS & JavaScript like language.")
      `(("alsa-lib" ,alsa-lib)
        ("mesa" ,mesa)
        ("pulseaudio" ,pulseaudio)
-       ("qtbase" ,qtbase)))))
+       ("qtbase" ,qtbase)
+       ;; Gstreamer is needed for the mediaplayer plugin
+       ("gstreamer" ,gstreamer)
+       ("gst-plugins-base" ,gst-plugins-base)))))
 
 (define-public qtwayland
   (package (inherit qtsvg)
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 243ff9e5db..0193076291 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -49,7 +49,7 @@
 (define-public ruby
   (package
     (name "ruby")
-    (replacement ruby-2.4.1)
+    (replacement ruby-2.4.2)
     (version "2.4.0")
     (source
      (origin
@@ -103,11 +103,11 @@ a focus on simplicity and productivity.")
     (home-page "https://ruby-lang.org")
     (license license:ruby)))
 
-(define-public ruby-2.4.1
+(define-public ruby-2.4.2
   (package
     (inherit ruby)
     (name "ruby")
-    (version "2.4.1")
+    (version "2.4.2")
     (source
      (origin
        (method url-fetch)
@@ -116,7 +116,7 @@ a focus on simplicity and productivity.")
                            "/ruby-" version ".tar.xz"))
        (sha256
         (base32
-         "0m763zf2v0jhrha3cx21g4dif6vc9gm714invs8h3sg35ncskj2g"))
+         "0dgp4ypk3smrsbh2c249n5pl6nqhpd2igq9484dbsh81sf08k2kl"))
        (modules '((guix build utils)))
        (snippet `(begin
                    ;; Remove bundled libffi
@@ -126,7 +126,7 @@ a focus on simplicity and productivity.")
 (define-public ruby-2.3
   (package
     (inherit ruby)
-    (version "2.3.4")
+    (version "2.3.5")
     (source
      (origin
        (method url-fetch)
@@ -135,7 +135,7 @@ a focus on simplicity and productivity.")
                            "/ruby-" version ".tar.xz"))
        (sha256
         (base32
-         "132p5kc1sx97svbx04g40pz5pr7p8f6jlmnq5r2prlcz5q1xj71l"))
+         "1npzcnq5kh0f9y88w5gj4v6ln8csr91361k3r43dmhlhn6mpsfkx"))
        (modules '((guix build utils)))
        (snippet `(begin
                    ;; Remove bundled libffi
@@ -144,7 +144,7 @@ a focus on simplicity and productivity.")
 
 (define-public ruby-2.2
   (package (inherit ruby)
-    (version "2.2.7")
+    (version "2.2.8")
     (source
      (origin
        (method url-fetch)
@@ -153,7 +153,7 @@ a focus on simplicity and productivity.")
                            "/ruby-" version ".tar.xz"))
        (sha256
         (base32
-         "0lyb7gnbbhs3a3v9grsjgbaixm20wxz6x3h0czyrxnj3cpp8lk13"))))))
+         "1c31slidv2bdnnir3qfmdjs193b5s2ycb9pnf1lc55kk0cazrsip"))))))
 
 (define-public ruby-2.1
   (package (inherit ruby)
@@ -216,6 +216,32 @@ a focus on simplicity and productivity.")
              (("/bin/sh") (which "sh"))))
          %standard-phases)))))
 
+(define-public ruby-highline
+  (package
+    (name "ruby-highline")
+    (version "1.7.8")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (rubygems-uri "highline" version))
+       (sha256
+        (base32
+         "1nf5lgdn6ni2lpfdn4gk3gi47fmnca2bdirabbjbz1fk9w4p8lkr"))))
+    (build-system ruby-build-system)
+    (arguments
+     `(#:tests? #f)) ;; TODO: NameError: uninitialized constant SPEC
+    (native-inputs
+     `(("bundler" ,bundler)
+       ("ruby-code-statistics" ,ruby-code-statistics)))
+    (synopsis
+     "HighLine helps you build command-line interfaces")
+    (description
+     "HighLine provides a high-level IO library that provides validation,
+type conversion, and more for command-line interfaces.  HighLine also includes
+a menu system for providing multiple options to the user.")
+    (home-page "https://github.com/JEG2/highline")
+    (license (list license:gpl2 license:ruby))))
+
 (define-public ruby-hoe
   (package
     (name "ruby-hoe")
@@ -660,6 +686,34 @@ complexity.")
     (home-page "https://github.com/ThoughtWorksStudios/saikuro_treemap")
     (license license:expat)))
 
+(define-public ruby-options
+  (package
+    (name "ruby-options")
+    (version "2.3.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (rubygems-uri "options" version))
+       (sha256
+        (base32
+         "1s650nwnabx66w584m1cyw82icyym6hv5kzfsbp38cinkr5klh9j"))))
+    (build-system ruby-build-system)
+    (arguments
+     '(#:tests? #f ;; TODO: NameError: uninitialized constant Config
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'check 'set-LIB
+           (lambda _
+             ;; This is used in the Rakefile, and setting it avoids an issue
+             ;; with running the tests.
+             (setenv "LIB" "options"))))))
+    (synopsis "Ruby library to parse options from *args cleanly")
+    (description
+     "The @code{options} library helps with parsing keyword options in Ruby
+functions.")
+    (home-page "https://github.com/ahoward/options")
+    (license license:ruby)))
+
 (define-public ruby-orderedhash
   (package
     (name "ruby-orderedhash")
@@ -947,6 +1001,41 @@ Ruby Gems.")
     (home-page "https://github.com/postmodern/rubygems-tasks")
     (license license:expat)))
 
+(define-public ruby-rubyzip
+  (package
+  (name "ruby-rubyzip")
+  (version "1.2.1")
+  (source
+    (origin
+      (method url-fetch)
+      (uri (rubygems-uri "rubyzip" version))
+      (sha256
+        (base32
+          "06js4gznzgh8ac2ldvmjcmg9v1vg9llm357yckkpylaj6z456zqz"))))
+  (build-system ruby-build-system)
+  (arguments
+   '(#:phases
+     (modify-phases %standard-phases
+       (add-before 'check 'patch-tests
+         (lambda* (#:key inputs #:allow-other-keys)
+           (substitute* "test/gentestfiles.rb"
+             (("/usr/bin/zip")
+              (string-append
+               (assoc-ref inputs "zip") "/bin/zip")))
+           (substitute* "test/input_stream_test.rb"
+             (("/usr/bin/env ruby") (which "ruby")))
+           #t)))))
+  (native-inputs
+   `(("bundler" ,bundler)
+     ("ruby-simplecov" ,ruby-simplecov)
+     ("zip" ,zip)
+     ("unzip" ,unzip)))
+  (synopsis "Ruby module is for reading and writing zip files")
+  (description
+    "The rubyzip module provides ways to read from and create zip files.")
+  (home-page "http://github.com/rubyzip/rubyzip")
+  (license license:bsd-2)))
+
 (define-public ruby-ffi
   (package
     (name "ruby-ffi")
@@ -1865,6 +1954,28 @@ net/http library.")
     (home-page "https://github.com/nicksieger/multipart-post")
     (license license:expat)))
 
+(define-public ruby-multi-json
+  (package
+    (name "ruby-multi-json")
+    (version "1.12.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (rubygems-uri "multi_json" version))
+       (sha256
+        (base32
+         "1raim9ddjh672m32psaa9niw67ywzjbxbdb8iijx3wv9k5b0pk2x"))))
+    (build-system ruby-build-system)
+    (arguments
+     '(#:tests? #f)) ;; No testsuite included in the gem.
+    (synopsis "Common interface to multiple JSON libraries for Ruby")
+    (description
+     "This package provides a common interface to multiple JSON libraries,
+including Oj, Yajl, the JSON gem (with C-extensions), the pure-Ruby JSON gem,
+NSJSONSerialization, gson.rb, JrJackson, and OkJson.")
+    (home-page "http://github.com/intridea/multi_json")
+    (license license:expat)))
+
 (define-public ruby-arel
   (package
     (name "ruby-arel")
@@ -2018,14 +2129,14 @@ extract comments.")
 (define-public ruby-coderay
   (package
     (name "ruby-coderay")
-    (version "1.1.1")
+    (version "1.1.2")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "coderay" version))
        (sha256
         (base32
-         "1x6z923iwr1hi04k6kz5a6llrixflz8h5sskl9mhaaxy9jx2x93r"))))
+         "15vav4bhcc2x3jmi3izb11l4d9f3xv8hp2fszb7iqmpsccv1pz4y"))))
     (build-system ruby-build-system)
     (arguments
      '(#:tests? #f)) ; missing test files
@@ -2035,6 +2146,37 @@ for select languages.")
     (home-page "http://coderay.rubychan.de")
     (license license:expat)))
 
+(define-public ruby-progress_bar
+  (package
+    (name "ruby-progress_bar")
+    (version "1.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (rubygems-uri "progress_bar" version))
+       (sha256
+        (base32
+         "1qc40mr6p1z9a3vlpnsg1zfgk1qswviql2a31y63wpv3vr6b5f48"))))
+    (build-system ruby-build-system)
+    (arguments
+     '(#:test-target "spec"))
+    (propagated-inputs
+     `(("ruby-highline" ,ruby-highline)
+       ("ruby-options" ,ruby-options)))
+    (native-inputs
+     `(("bundler" ,bundler)
+       ("ruby-rspec" ,ruby-rspec)
+       ("ruby-timecop" ,ruby-timecop)))
+    (synopsis
+     "Ruby library for displaying progress bars")
+    (description
+     "ProgressBar is a simple library for displaying progress bars.  The
+maximum value is configurable, and additional information can be displayed
+like the percentage completion, estimated time remaining, elapsed time and
+rate.")
+    (home-page "https://github.com/paul/progress_bar")
+    (license license:wtfpl2)))
+
 (define-public ruby-pry
   (package
     (name "ruby-pry")
@@ -2565,14 +2707,14 @@ you about the changes.")
 (define-public ruby-activesupport
   (package
     (name "ruby-activesupport")
-    (version "5.1.3")
+    (version "5.1.4")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "activesupport" version))
        (sha256
         (base32
-         "16r18n6b1nlky0xx2lw8c1f15gr2vm34xz5g4byjcxf88m1s07xh"))))
+         "0sgf4rsfr7jcaqsx0wwzx4l4k9xsjlwv0mzl08pxiyp1qzyx8scr"))))
     (build-system ruby-build-system)
     (arguments
      `(#:phases
@@ -3579,6 +3721,57 @@ It has built-in support for the legacy @code{cookies.txt} and
     (home-page "https://github.com/sparklemotion/http-cookie")
     (license license:expat)))
 
+(define-public ruby-httpclient
+  (package
+    (name "ruby-httpclient")
+    (version "2.8.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (rubygems-uri "httpclient" version))
+       (sha256
+        (base32
+         "19mxmvghp7ki3klsxwrlwr431li7hm1lczhhj8z4qihl2acy8l99"))))
+    (build-system ruby-build-system)
+    (arguments
+     '(;; TODO: Some tests currently fail
+       ;; ------
+       ;; 211 tests, 729 assertions, 13 failures, 4 errors, 0 pendings,
+       ;; 2 omissions, 0 notifications
+       ;; 91.866% passed
+       ;; ------
+       ;; 6.49 tests/s, 22.41 assertions/s
+       #:tests? #f
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'check
+           (lambda* (#:key tests? #:allow-other-keys)
+             (if tests?
+                 (zero?
+                  (system* "ruby"
+                           "-Ilib"
+                           "test/runner.rb"))
+                 #t)))
+         (add-after 'install 'wrap-bin-httpclient
+           (lambda* (#:key outputs #:allow-other-keys)
+             (wrap-program (string-append (assoc-ref outputs "out")
+                                          "/bin/httpclient")
+               `("GEM_HOME" ":" prefix (,(getenv "GEM_HOME"))))
+             #t)))))
+    (native-inputs
+     `(("ruby-rack" ,ruby-rack)))
+    (synopsis
+     "Make HTTP requests with support for HTTPS, Cookies, authentication and more")
+    (description
+     "The @code{httpclient} ruby library provides functionality related to
+HTTP.  Compared to the @code{net/http} library, @{httpclient} also provides
+Cookie, multithreading and authentication (digest, NTLM) support.
+
+Also provided is a @command{httpclient} command, which can perform HTTP
+requests either using arguments or with an interactive prompt.")
+    (home-page "https://github.com/nahi/httpclient")
+    (license license:ruby)))
+
 (define-public ruby-ansi
   (package
     (name "ruby-ansi")
@@ -4275,3 +4468,24 @@ really opens up the email messages you are parsing, if you know what you
 are doing, you can fiddle with every last bit of your email directly.")
     (home-page "https://github.com/mikel/mail")
     (license license:expat)))
+
+(define-public ruby-code-statistics
+  (package
+    (name "ruby-code-statistics")
+    (version "0.2.13")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (rubygems-uri "code_statistics" version))
+       (sha256
+        (base32
+         "07rdpsbwbmh4vp8nxyh308cj7am2pbrfhv9v5xr2d5gq8hnnsm93"))))
+    (build-system ruby-build-system)
+    (arguments
+     `(#:tests? #f)) ; Not all test code is included in gem.
+    (synopsis "Port of the rails 'rake stats' method")
+    (description
+     "This gem is a port of the rails 'rake stats' method so it can be made
+more robust and work for non rails projects.")
+    (home-page "http://github.com/danmayer/code_statistics")
+    (license license:expat)))
diff --git a/gnu/packages/samba.scm b/gnu/packages/samba.scm
index 116d7f60ec..392f9a3500 100644
--- a/gnu/packages/samba.scm
+++ b/gnu/packages/samba.scm
@@ -34,6 +34,7 @@
   #:use-module (gnu packages crypto)
   #:use-module (gnu packages cups)
   #:use-module (gnu packages databases)
+  #:use-module (gnu packages docbook)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages popt)
   #:use-module (gnu packages pkg-config)
@@ -42,7 +43,8 @@
   #:use-module (gnu packages kerberos)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages perl)
-  #:use-module (gnu packages python))
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages xml))
 
 (define-public cifs-utils
   (package
@@ -71,7 +73,7 @@
      `(#:phases
        (modify-phases %standard-phases
          ;; The 6.7 tarball is missing ‘install.sh’. Create it.
-         (add-before 'configure 'autoreconf
+         (add-after 'unpack 'autoreconf
            (lambda _
              (zero? (system* "autoreconf" "-i"))))
          (add-before 'configure 'set-root-sbin
@@ -149,18 +151,29 @@ anywhere.")
 (define-public samba
   (package
     (name "samba")
-    (version "4.6.7")
+    (version "4.6.8")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.samba.org/pub/samba/stable/"
                                  "samba-" version ".tar.gz"))
              (sha256
               (base32
-               "1ynxndfk45zkkylz3jsrx42a7kmm42jddk5bdhihyf88vs9l7wly"))))
+               "0pap686cl0j5c9v1v09krpqdk416x3851fbcap5ysp1zajrfw7aq"))))
     (build-system gnu-build-system)
     (arguments
-     '(#:phases
+     `(#:phases
        (modify-phases %standard-phases
+         (add-before 'configure 'locate-docbook-stylesheets
+           (lambda* (#:key inputs #:allow-other-keys)
+             ;; XXX for some reason XML_CATALOG_FILES is not respected.
+             (substitute* '("buildtools/wafsamba/samba_conftests.py"
+                            "buildtools/wafsamba/wafsamba.py"
+                            "docs-xml/xslt/man.xsl")
+               (("http://docbook.sourceforge.net/release/xsl/current/")
+                (string-append (assoc-ref inputs "docbook-xsl")
+                               "/xml/xsl/docbook-xsl-"
+                               ,(package-version docbook-xsl) "/")))
+             #t))
          (replace 'configure
            ;; samba uses a custom configuration script that runs waf.
            (lambda* (#:key outputs #:allow-other-keys)
@@ -203,7 +216,9 @@ anywhere.")
        ("tevent" ,tevent)
        ("tdb" ,tdb)))
     (native-inputs
-     `(("perl" ,perl)
+     `(("docbook-xsl" ,docbook-xsl)    ;for generating manpages
+       ("xsltproc" ,libxslt)           ;ditto
+       ("perl" ,perl)
        ("pkg-config" ,pkg-config)
        ("python" ,python-2))) ; incompatible with Python 3
     (home-page "https://www.samba.org/")
diff --git a/gnu/packages/screen.scm b/gnu/packages/screen.scm
index ef67595a89..0a92b73e34 100644
--- a/gnu/packages/screen.scm
+++ b/gnu/packages/screen.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -85,7 +86,8 @@ view to show two terminals at once.")
          (replace 'install
            (lambda* (#:key outputs #:allow-other-keys)
              (let ((out (assoc-ref outputs "out")))
-               (install-file "dtach" (string-append out "/bin"))))))
+               (install-file "dtach" (string-append out "/bin"))
+               (install-file "dtach.1" (string-append out "/share/man/man1"))))))
        ;; No check target.
        #:tests? #f))
     (home-page "http://dtach.sourceforge.net/")
diff --git a/gnu/packages/search.scm b/gnu/packages/search.scm
index cc8c0630bb..62da3be0fd 100644
--- a/gnu/packages/search.scm
+++ b/gnu/packages/search.scm
@@ -264,15 +264,17 @@ conflict with slocate compatibility.")
     ;; building: xpdf, catdoc, MP3::Tag, Spreadsheet::ParseExcel,
     ;; HTML::Entities.
     (inputs
-     `(("libxml" ,libxml2)
-       ("zlib" ,zlib)
-       ("perl" ,perl)
+     `(("perl" ,perl)
        ("perl-uri" ,perl-uri)
        ("perl-html-parser" ,perl-html-parser)
        ("perl-html-tagset" ,perl-html-tagset)
        ("perl-mime-types" ,perl-mime-types)))
     (arguments
-     `(#:phases (modify-phases %standard-phases
+     `(;; XXX: This fails to build with zlib (API mismatch) and tests fail
+       ;; with libxml2, so disable both.
+       #:configure-flags (list (string-append "--without-zlib")
+                               (string-append "--without-libxml2"))
+       #:phases (modify-phases %standard-phases
                   (add-after 'install 'wrap-programs
                     (lambda* (#:key inputs outputs #:allow-other-keys)
                       (let* ((out (assoc-ref outputs "out")))
diff --git a/gnu/packages/serialization.scm b/gnu/packages/serialization.scm
index 8032e3181d..1866926129 100644
--- a/gnu/packages/serialization.scm
+++ b/gnu/packages/serialization.scm
@@ -127,7 +127,7 @@ such as compact binary encodings, XML, or JSON.")
     (arguments
      `(#:phases
        (modify-phases %standard-phases
-         (add-before 'configure 'autoconf
+         (add-after 'unpack 'autoconf
            (lambda _
              (system* "autoreconf" "-vfi"))))))
     (home-page "http://www.msgpack.org")
@@ -263,7 +263,7 @@ that implements both the msgpack and msgpack-rpc specifications.")
 (define-public jsoncpp
   (package
     (name "jsoncpp")
-    (version "1.8.0")
+    (version "1.8.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -272,7 +272,7 @@ that implements both the msgpack and msgpack-rpc specifications.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1g35ci93s03wph4kabi46iz42wgyfbn2763cklf15h7hrdi29ssx"))))
+                "1vwf0yrv5540ygfnxikirbs63awsdzn7dabkia3g0bnz43p5l7w1"))))
     (build-system cmake-build-system)
     (home-page "https://github.com/open-source-parsers/jsoncpp")
     (arguments
@@ -359,14 +359,14 @@ However, “Memory efficiency” and “Speed” have not been primary goals.")
 (define-public python-ruamel.yaml
   (package
     (name "python-ruamel.yaml")
-    (version "0.15.19")
+    (version "0.15.33")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "ruamel.yaml" version))
        (sha256
         (base32
-         "0qx779avw8d1vsjqyi7z21h1g5ykp8paqavgj0lzbp8h7bw9vpgv"))))
+         "1s4b0zwn9pkk4xxjhx77giyfddc738drd6vgraw6n2syvj03s31d"))))
     (build-system python-build-system)
     (native-inputs
      `(("python-pytest" ,python-pytest)))
diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm
index 09a6c3a03f..f03d7c4a9d 100644
--- a/gnu/packages/shells.scm
+++ b/gnu/packages/shells.scm
@@ -430,7 +430,7 @@ use of experts and novices alike.")
                  (delete-file-recursively "rx")
                  (symlink rxpath "rx"))
                #t))
-           (add-before 'configure 'autoreconf
+           (add-after 'unpack 'autoreconf
              (lambda _
                (zero? (system* "autoreconf")))))))
       (inputs
diff --git a/gnu/packages/shellutils.scm b/gnu/packages/shellutils.scm
index 3ecc1ee8ba..2d515ec7a5 100644
--- a/gnu/packages/shellutils.scm
+++ b/gnu/packages/shellutils.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2016 Matthew Jordan <matthewjordandevops@yandex.com>
 ;;; Copyright © 2016, 2017 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2016 Christopher Baines <mail@cbaines.net>
+;;; Copyright © 2017 Stefan Reichör <stefan@xsteve.at>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -122,3 +123,37 @@ Before each prompt, direnv checks for the existence of a .envrc file in the
 current and parent directories.  This file is then used to alter the
 environmental variables of the current shell.")
     (license expat)))
+
+(define-public fzy
+  (package
+    (name "fzy")
+    (version "0.9")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/jhawthorn/fzy/archive/"
+                           version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1xfgxqbkcpi2n4381kj3fq4026qs6by7xhl5gn0fgp3dh232c63j"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:make-flags (list "CC=gcc"
+                          (string-append "PREFIX=" (assoc-ref %outputs "out")))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure))))
+    (home-page "https://github.com/jhawthorn/fzy")
+    (synopsis "Fast fuzzy text selector for the terminal with an advanced
+scoring algorithm")
+    (description
+     "Most other fuzzy matchers sort based on the length of a match.  fzy tries
+to find the result the user intended.  It does this by favouring matches on
+consecutive letters and starts of words.  This allows matching using acronyms
+or different parts of the path.
+
+fzy is designed to be used both as an editor plugin and on the command
+line.  Rather than clearing the screen, fzy displays its interface directly
+below the current cursor position, scrolling the screen if necessary.")
+    (license expat)))
diff --git a/gnu/packages/simulation.scm b/gnu/packages/simulation.scm
new file mode 100644
index 0000000000..de07b68440
--- /dev/null
+++ b/gnu/packages/simulation.scm
@@ -0,0 +1,212 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Paul Garlick <pgarlick@tourbillion-technology.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages simulation)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages bash)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages boost)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages flex)
+  #:use-module (gnu packages gettext)
+  #:use-module (gnu packages gcc)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages graphics)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages m4)
+  #:use-module (gnu packages maths)
+  #:use-module (gnu packages mpi)
+  #:use-module (gnu packages multiprecision)
+  #:use-module (gnu packages ncurses)
+  #:use-module (gnu packages readline)
+  #:use-module (gnu packages tls)
+  #:use-module (gnu packages version-control)
+  #:use-module (gnu packages xml)
+  #:use-module (gnu packages xorg)
+  #:use-module (guix download)
+  #:use-module (guix build utils)
+  #:use-module (guix build-system gnu)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix utils)
+  #:use-module (ice-9 ftw)
+  #:use-module (ice-9 regex)
+  #:use-module (srfi srfi-1))
+
+(define-public openfoam
+  (package
+    (name "openfoam")
+    (version "4.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "http://dl.openfoam.org/source/"
+             (string-map (lambda (x) (if (eq? x #\.) #\- x)) version)))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0cgxh4h2hf50qbvvdg5miwc2nympb0nrv3md96vb3gbs9vk8vq9d"))
+       (patches (search-patches "openfoam-4.1-cleanup.patch"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("boost" ,boost)
+       ("cgal" ,cgal)
+       ("flex" ,flex)
+       ("git" ,git)
+       ("gmp" ,gmp)
+       ("libxt" ,libxt)
+       ("metis" ,metis)
+       ("mpfr" ,mpfr)
+       ("ncurses" ,ncurses)
+       ("readline" ,readline)
+       ("scotch" ,pt-scotch32)
+       ("zlib" ,zlib)))
+    (native-inputs
+     `(("bison" ,bison)))
+    (propagated-inputs
+     `(("gzip" ,gzip)
+       ("gnuplot" ,gnuplot)
+       ("openmpi" ,openmpi)))
+    (arguments
+     `( ;; Executable files and shared libraries are located in the 'platforms'
+       ;; subdirectory.
+       #:strip-directories (list (string-append
+                                  "lib/OpenFOAM-" ,version
+                                  "/platforms/linux64GccDPInt32Opt/bin")
+                                 (string-append
+                                  "lib/OpenFOAM-" ,version
+                                  "/platforms/linux64GccDPInt32Opt/lib"))
+       #:tests? #f                                ; no tests to run
+
+       #:modules ((ice-9 ftw)
+                  (ice-9 regex)
+                  (guix build gnu-build-system)
+                  (guix build utils))
+
+       #:phases (modify-phases %standard-phases
+                  (add-after 'unpack 'rename-build-directory
+                    (lambda _
+                      (chdir "..")
+                      ;; Use 'OpenFOAM-version' convention to match the file
+                      ;; name expectations in the build phase.
+                      (let ((unpack-dir (string-append
+                                         (getcwd) "/"
+                                         (list-ref (scandir (getcwd) (lambda (name)
+                                                                       (string-match "^OpenFOAM" name))) 0)))
+                            (build-dir (string-append
+                                        (getcwd) "/OpenFOAM-" ,version)))
+                        (rename-file unpack-dir build-dir) ; rename build directory
+                        (chdir (basename build-dir))) ; move to build directory
+                      #t))
+                  (delete 'configure)             ; no configure phase
+                  (replace 'build
+                    (lambda _
+                      (let ((libraries '("boost" "cgal" "gmp" "metis" "mpfr" "scotch")))
+                        ;; set variables to define store paths
+                        (for-each (lambda (library)
+                                    (setenv (string-append
+                                             (string-upcase library) "_ROOT")
+                                            (assoc-ref %build-inputs library))) libraries))
+                      ;; set variables to define package versions
+                      (setenv "SCOTCHVERSION" ,(package-version scotch))
+                      (setenv "METISVERSION" ,(package-version metis))
+                      ;; set variable to pass extra 'rpath' arguments to linker
+                      (setenv "LDFLAGS"
+                              (string-append
+                               "-Wl,"
+                               "-rpath=" %output "/lib/OpenFOAM-" ,version
+                               "/platforms/linux64GccDPInt32Opt/lib,"
+                               "-rpath=" %output "/lib/OpenFOAM-" ,version
+                               "/platforms/linux64GccDPInt32Opt/lib/dummy"))
+                      ;; compile OpenFOAM libraries and applications
+                      (zero? (system (format #f
+                                             "source ./etc/bashrc && ./Allwmake -j~a"
+                                             (parallel-job-count))))))
+                  (add-after 'build 'update-configuration-files
+                    (lambda _
+                      ;; record store paths and package versions in
+                      ;; configuration files
+                      (substitute* "etc/config.sh/CGAL"
+                        (("$BOOST_ROOT") (getenv "BOOST_ROOT")))
+                      (substitute* "etc/config.sh/CGAL"
+                        (("$CGAL_ROOT") (getenv "CGAL_ROOT")))
+                      (substitute* "etc/config.sh/metis"
+                        (("$METIS_ROOT") (getenv "METIS_ROOT")))
+                      (substitute* "etc/config.sh/metis"
+                        (("$METISVERSION") (getenv "METISVERSION")))
+                      (substitute* "etc/config.sh/scotch"
+                        (("$SCOTCH_ROOT") (getenv "SCOTCH_ROOT")))
+                      (substitute* "etc/config.sh/scotch"
+                        (("$SCOTCHVERSION") (getenv "SCOTCHVERSION")))
+                      (substitute* "etc/config.sh/settings"
+                        (("$GMP_ROOT") (getenv "GMP_ROOT")))
+                      (substitute* "etc/config.sh/settings"
+                        (("$MPFR_ROOT") (getenv "MPFR_ROOT")))
+                      ;; reset lockDir variable to refer to write-enabled
+                      ;; directory
+                      (substitute* "wmake/wmake"
+                        (("        lockDir=.*$")
+                         "        lockDir=$HOME/.$WM_PROJECT/.wmake\n"))
+                      (substitute* "wmake/wmakeScheduler"
+                        (("lockDir=.*$")
+                         "lockDir=$HOME/.$WM_PROJECT/.wmake\n"))
+                      (substitute* "wmake/wmakeSchedulerUptime"
+                        (("lockDir=.*$")
+                         "lockDir=$HOME/.$WM_PROJECT/.wmake\n"))
+                      #t))
+                  (replace 'install
+                    (lambda _
+                      ;; use 'OpenFOAM-version' convention
+                      (let ((install-dir (string-append
+                                          %output "/lib/OpenFOAM-" ,version)))
+                        (mkdir-p install-dir)     ; create install directory
+                        ;; move contents of build directory to install directory
+                        (copy-recursively "." install-dir))))
+                  (add-after 'install 'add-symbolic-link
+                    (lambda _
+                      ;; add symbolic link for standard 'bin' directory
+                      (symlink
+                       (string-append "./lib/OpenFOAM-" ,version
+                                      "/platforms/linux64GccDPInt32Opt/bin")
+                       (string-append %output "/bin"))
+                      #t)))))
+    ;; Note:
+    ;;  Tutorial files are installed read-only in /gnu/store.
+    ;;  To allow write permissions on files copied from the store a
+    ;;  'chmod' step is needed before running the applications.  For
+    ;;  example, from a user's login:
+    ;;  $ source $GUIX_PROFILE/lib/OpenFOAM-4.1/etc/bashrc
+    ;;  $ mkdir -p $FOAM_RUN
+    ;;  $ cd $FOAM_RUN
+    ;;  $ cp -r $FOAM_TUTORIALS/incompressible/simpleFoam/pitzDaily .
+    ;;  $ cd pitzDaily
+    ;;  $ chmod -R u+w .
+    ;;  $ blockMesh
+    (synopsis "Framework for numerical simulation of fluid flow")
+    (description "OpenFOAM provides a set of solvers and methods for tackling
+problems in the field of Computational Fluid Dynamics (CFD).  It is written in
+C++.  Governing equations such as the Navier-Stokes equations can be solved in
+integral form.  Physical processes such as phase change, droplet transport and
+chemical reaction can be modelled.  Numerical methods are included to deal with
+sharp gradients, such as those encountered in flows with shock waves and flows
+with gas/liquid interfaces.  Large problems may be split into smaller, connected
+problems for efficient solution on parallel systems.")
+    (license license:gpl3+)
+    (home-page "https://openfoam.org")))
diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm
index ad3032e2ec..f0ad6cffb7 100644
--- a/gnu/packages/statistics.scm
+++ b/gnu/packages/statistics.scm
@@ -65,7 +65,7 @@
 (define-public pspp
   (package
     (name "pspp")
-    (version "1.0.0")
+    (version "1.0.1")
     (source
      (origin
       (method url-fetch)
@@ -73,7 +73,7 @@
                           version ".tar.gz"))
       (sha256
        (base32
-        "10yb8nknh33c1y2ji3gww5dcnx9n3nqgsj6yfb4wibdjypa1m68v"))))
+        "1r8smr5057993h90nx0mdnff8nxw9x546zzh6qpy4h3xblp1la5s"))))
     (build-system gnu-build-system)
     (inputs
      `(("cairo" ,cairo)
@@ -106,7 +106,7 @@ be output in text, PostScript, PDF or HTML.")
 (define-public r-minimal
   (package
     (name "r-minimal")
-    (version "3.4.0")
+    (version "3.4.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cran/src/base/R-"
@@ -114,7 +114,7 @@ be output in text, PostScript, PDF or HTML.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "14cb8bwi3akvdb6934kqic2862f2qgav6cq4g0h7gi2p4ka9x3i8"))))
+                "0r0cv2kc3x5z9xycpnxx6fbvv22psw2m342jhpslbxkc8g1307lp"))))
     (build-system gnu-build-system)
     (arguments
      `(#:disallowed-references (,tzdata-2017a)
@@ -185,6 +185,14 @@ be output in text, PostScript, PDF or HTML.")
              (substitute* "src/library/tools/Makefile.in"
                (("(install_package_description\\(.*\"')\\)\"" line prefix)
                 (string-append prefix ", builtStamp='1970-01-01')\"")))
+
+             ;; R bundles an older version of help2man, which does not respect
+             ;; SOURCE_DATE_EPOCH.  We cannot just use the latest help2man,
+             ;; because that breaks a test.
+             (with-fluids ((%default-port-encoding "ISO-8859-1"))
+               (substitute* "tools/help2man.pl"
+                 (("my \\$date = strftime \"%B %Y\", localtime" line)
+                  (string-append line " 1"))))
              #t))
          (add-before 'configure 'set-default-pager
           ;; Set default pager to "cat", because otherwise it is "false",
@@ -447,14 +455,14 @@ also flexible enough to handle most nonstandard requirements.")
 (define-public r-matrix
   (package
     (name "r-matrix")
-    (version "1.2-10")
+    (version "1.2-11")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "Matrix" version))
        (sha256
         (base32
-         "0r3qjcz92xwgdzrfz444mqzwnja5sv9abaf252fh6k48qbyahahh"))))
+         "1yvd6fx3n99j4gvzrng43ji38pr5h8y03kijccgjdalym2hcp36g"))))
     (properties `((upstream-name . "Matrix")))
     (build-system r-build-system)
     (propagated-inputs
@@ -492,14 +500,14 @@ nonlinear mixed-effects models.")
 (define-public r-mgcv
   (package
    (name "r-mgcv")
-   (version "1.8-18")
+   (version "1.8-22")
    (source
     (origin
      (method url-fetch)
      (uri (cran-uri "mgcv" version))
      (sha256
       (base32
-       "011mgcypr56xvm9nizsfsb2285kzql93x0d3lzg849g39vbpp4s2"))))
+       "1546p6aflg3z6xl2mns1n2c3j8q2spr9cjggj9rn33vrrhsv4fss"))))
    (build-system r-build-system)
    (propagated-inputs
     `(("r-matrix" ,r-matrix)
@@ -992,13 +1000,13 @@ using just two functions: melt and dcast (or acast).")
 (define-public r-scales
   (package
     (name "r-scales")
-    (version "0.4.1")
+    (version "0.5.0")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "scales" version))
        (sha256
-        (base32 "1lqccfmqdwrw0cjyqvw2zvgpk2jvnqrfb303l1raqyyf3zxqhav4"))))
+        (base32 "0zg9wfzmsdjxpbld0nzv7hcpq5r0wazqxmn7grvvif2agj0w1z6v"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-dichromat" ,r-dichromat)
@@ -1006,7 +1014,9 @@ using just two functions: melt and dcast (or acast).")
        ("r-munsell" ,r-munsell)
        ("r-plyr" ,r-plyr)
        ("r-rcolorbrewer" ,r-rcolorbrewer)
-       ("r-rcpp" ,r-rcpp)))
+       ("r-rcpp" ,r-rcpp)
+       ("r-r6" ,r-r6)
+       ("r-viridislite" ,r-viridislite)))
     (home-page "https://github.com/hadley/scales")
     (synopsis "Scale functions for visualization")
     (description
@@ -1050,14 +1060,14 @@ aesthetic attributes.")
 (define-public r-gdtools
   (package
     (name "r-gdtools")
-    (version "0.1.5")
+    (version "0.1.6")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "gdtools" version))
        (sha256
         (base32
-         "09y9x09gri33ghhrvjjnj5k5rk0kdpsk3wq02cln8gmywd6728vk"))))
+         "103wnc8sq0iwcnj4j14hd420d2dqdyf13s3f25icsznrlyzdkhf5"))))
     (build-system r-build-system)
     (native-inputs
      `(("r-rcpp" ,r-rcpp)
@@ -1076,14 +1086,14 @@ and to generate base64 encoded string from raster matrix.")
 (define-public r-svglite
   (package
     (name "r-svglite")
-    (version "1.2.0")
+    (version "1.2.1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "svglite" version))
        (sha256
         (base32
-         "1s1gvmlmmna5y4jsn9h6438pg5b86fl4nwfvkgm6n4h6ljfgqyx3"))))
+         "1bws3lc4hlhln11zd7lalhiyc43yk6c6vrzy41fkxk1dkjazfx51"))))
     (build-system r-build-system)
     (native-inputs  `(("r-rcpp" ,r-rcpp)))
     (propagated-inputs
@@ -1159,13 +1169,13 @@ R/DBMS implementations.")
 (define-public r-bh
   (package
     (name "r-bh")
-    (version "1.62.0-1")
+    (version "1.65.0-1")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "BH" version))
               (sha256
                (base32
-                "01vfdpfznd4ynqql33z238xr262mvy3i80lyi8l3a3p3hi0a262p"))))
+                "0n6byzrvl1w4hjdxz479q4a7w1118f9ckqc4gqydq7lgzs5agfl2"))))
     (build-system r-build-system)
     (home-page "https://github.com/eddelbuettel/bh")
     (synopsis "R package providing subset of Boost headers")
@@ -1300,13 +1310,13 @@ emitter (http://pyyaml.org/wiki/LibYAML) for R.")
 (define-public r-knitr
   (package
     (name "r-knitr")
-    (version "1.16")
+    (version "1.17")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "knitr" version))
               (sha256
                (base32
-                "02balmhvc955rkqv4v0wkxbw4vjphydajgcpy4ml0s3b4sziyj0h"))))
+                "00gljbz57n9lkvbd6az4n37gpbs8vg3fxx5p9biamhmhqyra514l"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-evaluate" ,r-evaluate)
@@ -1414,13 +1424,13 @@ you call it again with the same arguments it returns the pre-computed value.")
 (define-public r-crayon
   (package
     (name "r-crayon")
-    (version "1.3.2")
+    (version "1.3.4")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "crayon" version))
               (sha256
                (base32
-                "0s2yam18slph7xsw4pyc9f92gdyf609r5w92yax69zh57kb7asws"))))
+                "0s7s6vc3ww8pzanpjisym4jjvwcc5pi2qg8srx7jqlz9j3wrnvpw"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-memoise" ,r-memoise)))
@@ -1502,13 +1512,13 @@ defined in different packages.")
 (define-public r-rlang
   (package
     (name "r-rlang")
-    (version "0.1.1")
+    (version "0.1.2")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "rlang" version))
               (sha256
                (base32
-                "0grwqy3zkvz96mvpwfbfyqid4jkfrqh3ldy2n6dpv2kjd1fzj0ar"))))
+                "1yc5qyq6h0nrya7m2fqnfv19zh5xwsl28jx6zi2g1zz6ra4cvkwh"))))
     (build-system r-build-system)
     (home-page "http://rlang.tidyverse.org")
     (synopsis "Functions for base types, core R and Tidyverse features")
@@ -1520,14 +1530,14 @@ like tidy evaluation.")
 (define-public r-tibble
   (package
     (name "r-tibble")
-    (version "1.3.3")
+    (version "1.3.4")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "tibble" version))
        (sha256
         (base32
-         "1bhq4pm56l7l6s1k44ajrcr7hz56h37m9ck4zji9f8xfdqschbl0"))))
+         "02vn6yqzcvmazy5jaqar3wwbrmh83a1bfgsqgk0hgz38i80zgvm7"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-rlang" ,r-rlang)
@@ -1542,13 +1552,13 @@ and printing capabilities than traditional data frames.")
 (define-public r-dplyr
   (package
     (name "r-dplyr")
-    (version "0.7.2")
+    (version "0.7.3")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "dplyr" version))
               (sha256
                (base32
-                "0jpb32ca1c0mr660igna4yw4fmzydzfhxshd0g8wgmggkynx2qi2"))))
+                "0wz5vrcsxzmxpxvs1raz9kyfc7mq3591nadq4rb4hx4sc97ysrxf"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-assertthat" ,r-assertthat)
@@ -1575,6 +1585,36 @@ matter where it is stored, whether in a data frame, a data table or
 database.")
     (license license:expat)))
 
+(define-public r-dbplyr
+  (package
+    (name "r-dbplyr")
+    (version "1.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "dbplyr" version))
+       (sha256
+        (base32
+         "17gn8vr4a6m9ynarjbm9xsrhcvgn5lnxhb2qhiiglmhh5mm4a7kv"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-assertthat" ,r-assertthat)
+       ("r-dbi" ,r-dbi)
+       ("r-dplyr" ,r-dplyr)
+       ("r-glue" ,r-glue)
+       ("r-purrr" ,r-purrr)
+       ("r-r6" ,r-r6)
+       ("r-rlang" ,r-rlang)
+       ("r-tibble" ,r-tibble)))
+    (home-page "https://github.com/tidyverse/dbplyr")
+    (synopsis "Dplyr back end for databases")
+    (description
+     "This package provides a dplyr back end for databases that allows you to
+work with remote database tables as if they are in-memory data frames.  Basic
+features works with any database that has a @code{DBI} back end; more advanced
+features require SQL translation to be provided by the package author.")
+    (license license:expat)))
+
 (define-public r-acepack
   (package
     (name "r-acepack")
@@ -1844,14 +1884,14 @@ chain.")
 (define-public r-ade4
   (package
     (name "r-ade4")
-    (version "1.7-6")
+    (version "1.7-8")
     (source
       (origin
         (method url-fetch)
         (uri (cran-uri "ade4" version))
         (sha256
           (base32
-            "0lnc37d6waajmagy8qvw206pyc4vgrpzl3hk3j9frh6wa0b8x140"))))
+            "1a5p3wf8l9cp1bjp57b1pc5bqs39kw1v21i4waj9j18wawzlmpb6"))))
     (build-system r-build-system)
     (home-page "http://pbil.univ-lyon1.fr/ADE-4")
     (synopsis "Multivariate data analysis and graphical display")
@@ -1953,14 +1993,14 @@ limited to R.")
 (define-public r-backports
   (package
     (name "r-backports")
-    (version "1.1.0")
+    (version "1.1.1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "backports" version))
        (sha256
         (base32
-         "1kcz6j82by28cjk5wi2j6dfqdin1kib4y7d2r4h3zabcxmk6jly5"))))
+         "15w8psmv203wzijrk4hvwaw3i4byh2m5s09yrkqwhfckhaj82kj9"))))
     (build-system r-build-system)
     (home-page "http://cran.r-project.org/web/packages/backports")
     (synopsis "Reimplementations of functions introduced since R 3.0.0")
@@ -1976,14 +2016,14 @@ R version.")
 (define-public r-checkmate
   (package
     (name "r-checkmate")
-    (version "1.8.3")
+    (version "1.8.4")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "checkmate" version))
        (sha256
         (base32
-         "04rxabzamhv6ybynx627sxk02qvq8znkv0y10vmq67xx6pxhqvla"))))
+         "1xpq73myr39i33mwihvy494sam77hb3z15yr172a31d8wn1qi53g"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-backports" ,r-backports)))
@@ -2117,16 +2157,15 @@ other packages.")
 (define-public r-commonmark
   (package
     (name "r-commonmark")
-    (version "1.2")
+    (version "1.4")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "commonmark" version))
        (sha256
         (base32
-         "12q5mncxvkwdxc35is6y5idx8a1h99hyz5x6ri0arni6k25krchk"))))
+         "1vb8r9khpvcf0q7acv8rsplfjjwcll302bg5kp596cvn6aacypl6"))))
     (build-system r-build-system)
-    ;;(inputs `(("zlib" ,zlib)))
     (home-page "http://cran.r-project.org/web/packages/commonmark")
     (synopsis "CommonMark and Github Markdown Rendering in R")
     (description
@@ -2169,17 +2208,17 @@ collation, and NAMESPACE files.")
 (define-public r-openssl
   (package
     (name "r-openssl")
-    (version "0.9.6")
+    (version "0.9.7")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "openssl" version))
        (sha256
         (base32
-         "0ffwllii8xl6sa2v66134g0fwaw1y3zn3mvaa4nrc120vv5d3mkd"))))
+         "178fcp9f245i0k9s2w45kbw0ml0r9pfc73ak8hvicw4jz639wzb9"))))
     (build-system r-build-system)
     (inputs
-     `(("openssl" ,openssl)))
+     `(("libressl" ,libressl)))
     (home-page "https://github.com/jeroenooms/openssl")
     (synopsis "Toolkit for encryption, signatures and certificates")
     (description
@@ -2198,22 +2237,20 @@ integers.")
 (define-public r-httr
   (package
     (name "r-httr")
-    (version "1.2.1")
+    (version "1.3.1")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "httr" version))
               (sha256
                (base32
-                "03kkjlhyvvi5znwaxfm6cmdsg3q7ivwsvkzgabhjdj2jxs80pfg7"))))
+                "0n7jz2digbgv48rbr9vmzv4vmf4rahl9jjy31izs7sxj4rs4s4r2"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-curl" ,r-curl)
-       ("r-digest" ,r-digest)
        ("r-jsonlite" ,r-jsonlite)
        ("r-openssl" ,r-openssl)
        ("r-mime" ,r-mime)
-       ("r-r6" ,r-r6)
-       ("r-stringr" ,r-stringr)))
+       ("r-r6" ,r-r6)))
     (home-page "https://github.com/hadley/httr")
     (synopsis "Tools for working with URLs and HTTP")
     (description
@@ -2252,13 +2289,13 @@ pure C implementation of the Git core methods.")
 (define-public r-rstudioapi
   (package
     (name "r-rstudioapi")
-    (version "0.6")
+    (version "0.7")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "rstudioapi" version))
               (sha256
                (base32
-                "1zkvz72z6nw0xc8bhb21y5x1nk6avijs0w8n4vsbvw9sn76wc96s"))))
+                "133s75q2hr6jg28m1wvs96qrbc9c4vw87migwhkjqb88xxvbqhd5"))))
     (build-system r-build-system)
     (home-page "http://cran.r-project.org/web/packages/rstudioapi")
     (synopsis "Safely access the RStudio API")
@@ -2358,13 +2395,13 @@ disk (or a connection).")
 (define-public r-plotrix
   (package
     (name "r-plotrix")
-    (version "3.6-5")
+    (version "3.6-6")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "plotrix" version))
               (sha256
                (base32
-                "01655y3qzy0283ppc85bi0g42g20zrqzcl0qb30cl6rcbflhymlb"))))
+                "07hywp3ym0gbpqdj3f4vhr0bhmynhby8vh6p1b9cm2hv26pzs9q4"))))
     (build-system r-build-system)
     (home-page "http://cran.r-project.org/web/packages/plotrix")
     (synopsis "Various plotting functions")
@@ -2417,13 +2454,13 @@ well as additional utilities such as panel and axis annotation functions.")
 (define-public r-rcpparmadillo
   (package
     (name "r-rcpparmadillo")
-    (version "0.7.900.2.0")
+    (version "0.7.960.1.2")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "RcppArmadillo" version))
               (sha256
                (base32
-                "01qsff2p1fp5i9lq7rsykrskgr6smz24ddspbl5ad9a8rkmczwyv"))))
+                "0kg8vbamaz3413h283f23hzgqkmfpf6fs0vbklmpj0l3ricvp9cc"))))
     (properties `((upstream-name . "RcppArmadillo")))
     (build-system r-build-system)
     (propagated-inputs
@@ -2558,13 +2595,13 @@ variety of formats.")
 (define-public r-gridextra
   (package
     (name "r-gridextra")
-    (version "2.2.1")
+    (version "2.3")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "gridExtra" version))
               (sha256
                (base32
-                "0638ihwl00j76ivaxxhxvi8z573lwy1jym3srr78mx6dbdd4bzj4"))))
+                "0fwfk3cdwxxim7nd55pn7m31bcaqj48y06j7an2k1v1pybk0rdl1"))))
     (properties `((upstream-name . "gridExtra")))
     (build-system r-build-system)
     (propagated-inputs
@@ -2732,13 +2769,13 @@ plotted and compared with the asymptotic curve.")
 (define-public r-lambda-r
   (package
     (name "r-lambda-r")
-    (version "1.1.9")
+    (version "1.2")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "lambda.r" version))
               (sha256
                (base32
-                "1j6287iqvs3ill6r5g6ksf5809qp0l0nf20ib8266m1r09lc9j14"))))
+                "0vql32np716dpd0kjn7s7wgawd02ysgp2a5il4kb19nlw661ii3x"))))
     (properties `((upstream-name . "lambda.r")))
     (build-system r-build-system)
     (home-page "http://cran.r-project.org/web/packages/lambda.r")
@@ -2799,14 +2836,14 @@ statements.")
 (define-public r-segmented
   (package
     (name "r-segmented")
-    (version "0.5-2.1")
+    (version "0.5-2.2")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "segmented" version))
        (sha256
         (base32
-         "1i576xksc761nyv2dmq86nwbgqvp0plz6bjcn69nkdwq2wbizmw8"))))
+         "1wdjxkgqjqw5q2nywmgkf6y21lb0alhvaqg0m0dr2xyxf1ii79rs"))))
     (build-system r-build-system)
     (home-page "http://cran.r-project.org/web/packages/segmented")
     (synopsis "Regression models with breakpoints estimation")
@@ -2929,14 +2966,14 @@ parallel.")
 (define-public r-doparallel
   (package
     (name "r-doparallel")
-    (version "1.0.10")
+    (version "1.0.11")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "doParallel" version))
        (sha256
         (base32
-         "1mddx25l25pw9d0csnx2q203dbg5hbrhkr1f08kw0p02a1lln0kh"))))
+         "0sppgxk3d8mfsrb3cjdyn0mv0s4i7pcy8g8c3cjzbr6k8vmx5jsc"))))
     (properties `((upstream-name . "doParallel")))
     (build-system r-build-system)
     (propagated-inputs
@@ -3049,14 +3086,14 @@ analysis of large sparse or dense matrices.")
 (define-public r-glmnet
   (package
    (name "r-glmnet")
-   (version "2.0-10")
+   (version "2.0-13")
    (source
     (origin
      (method url-fetch)
      (uri (cran-uri "glmnet" version))
      (sha256
       (base32
-       "07n2hz4fvjyv0siai8z8wqwfj8d58i8n1vzf1ckdfzp4kxa3z08d"))))
+       "1zdqp6wnqxzp5qn2ky47phbkrxv3cpgbwmdp896h3xxjvp58sa7k"))))
    (build-system r-build-system)
    (inputs
     `(("gfortran" ,gfortran)))
@@ -3520,22 +3557,51 @@ perceived by readers with the most common form of color blindness.  This is
 the 'lite' version of the more complete @code{viridis} package.")
     (license license:expat)))
 
+(define-public r-tidyselect
+  (package
+    (name "r-tidyselect")
+    (version "0.2.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "tidyselect" version))
+       (sha256
+        (base32
+         "1h10qc5bxk5v0zhmip3gwnzy50fs2gbdvcg2163is0k9a8rifq9r"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-glue" ,r-glue)
+       ("r-purrr" ,r-purrr)
+       ("r-rcpp" ,r-rcpp)
+       ("r-rlang" ,r-rlang)))
+    (home-page "http://cran.r-project.org/web/packages/tidyselect")
+    (synopsis "Select from a set of strings")
+    (description
+     "This package provides a backend for the selecting functions of the
+tidyverse.  It makes it easy to implement select-like functions in your own
+packages in a way that is consistent with other tidyverse interfaces for
+selection.")
+    (license license:gpl3)))
+
 (define-public r-tidyr
   (package
     (name "r-tidyr")
-    (version "0.6.3")
+    (version "0.7.1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "tidyr" version))
        (sha256
         (base32
-         "14s57zrjm2phiy600z9ivq4az71z0ggmp6nj0js7yrybxf0dlah6"))))
+         "18fii18f967xaw6swn0w744sncx37rfq6gd8d9dccrpyf8647hmr"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-dplyr" ,r-dplyr)
-       ("r-lazyeval" ,r-lazyeval)
        ("r-magrittr" ,r-magrittr)
+       ("r-glue" ,r-glue)
+       ("r-purrr" ,r-purrr)
+       ("r-rlang" ,r-rlang)
+       ("r-tidyselect" ,r-tidyselect)
        ("r-rcpp" ,r-rcpp)
        ("r-stringi" ,r-stringi)
        ("r-tibble" ,r-tibble)))
@@ -3906,14 +3972,14 @@ routines.")
 (define-public r-fastcluster
   (package
     (name "r-fastcluster")
-    (version "1.1.22")
+    (version "1.1.24")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "fastcluster" version))
        (sha256
         (base32
-         "006k9isra5biyavqwci61avladw19mhp6kmkjj3777rl1r4r8b9z"))))
+         "15drhl22wm8whsy6b3vv754skfddiydb068zn1whrw5sknvkkjc2"))))
     (build-system r-build-system)
     (home-page "http://danifold.net/fastcluster.html")
     (synopsis "Fast hierarchical clustering routines")
@@ -4995,14 +5061,14 @@ algorithms.")
 (define-public r-lme4
   (package
     (name "r-lme4")
-    (version "1.1-13")
+    (version "1.1-14")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "lme4" version))
        (sha256
         (base32
-         "13j4a721rx0272pdxrz6nabjv56xb6srklq5w4z1abc82lyvda2z"))))
+         "1vars93604q7kyz6y1f8f886l05jkgj8bs78033l2czypvzki5la"))))
     (build-system r-build-system)
     (native-inputs
      `(("r-rcpp" ,r-rcpp)
@@ -5075,24 +5141,25 @@ to Applied regression, Second Edition, Sage, 2011.")
 (define-public r-caret
   (package
     (name "r-caret")
-    (version "6.0-76")
+    (version "6.0-77")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "caret" version))
        (sha256
         (base32
-         "1w31xzpmj8p6r6s7s1vwnjxainq54bbh4cqm177ba0myv69hh8cc"))))
+         "05c504567s2nppzfgi36mhszbym2pr80nf50dgxcxfx030721v5y"))))
     (build-system r-build-system)
     (propagated-inputs
-     `(("r-car" ,r-car)
-       ("r-foreach" ,r-foreach)
+     `(("r-foreach" ,r-foreach)
        ("r-ggplot2" ,r-ggplot2)
        ("r-lattice" ,r-lattice)
        ("r-modelmetrics" ,r-modelmetrics)
        ("r-nlme" ,r-nlme)
        ("r-plyr" ,r-plyr)
-       ("r-reshape2" ,r-reshape2)))
+       ("r-recipes" ,r-recipes)
+       ("r-reshape2" ,r-reshape2)
+       ("r-withr" ,r-withr)))
     (home-page "https://github.com/topepo/caret")
     (synopsis "Classification and regression training")
     (description
@@ -5194,14 +5261,14 @@ multivariate case.")
 (define-public r-tclust
   (package
     (name "r-tclust")
-    (version "1.2-7")
+    (version "1.3-1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "tclust" version))
        (sha256
         (base32
-         "1mvqr280c6kwpg98byd0r1y0qf238xn2x15y8npqch6lpcszlb3x"))))
+         "1li62wynv81kb17fx7nk63a26qlb78l8fdf63in8yzcl7fkpji7y"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-cluster" ,r-cluster)
diff --git a/gnu/packages/sync.scm b/gnu/packages/sync.scm
index a914d41c43..66e9c4eddb 100644
--- a/gnu/packages/sync.scm
+++ b/gnu/packages/sync.scm
@@ -35,14 +35,14 @@
 (define-public owncloud-client
   (package
     (name "owncloud-client")
-    (version "2.3.1")
+    (version "2.3.3")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://download.owncloud.com/desktop/stable/"
                            "owncloudclient-" version ".tar.xz"))
        (sha256
-        (base32 "051rky4rpm73flxxkhfdxqq23ncnk4ixhscbg74w82sa4d93f54k"))
+        (base32 "1r5ddln1wc9iyjizgqb104i0r6qhzsmm2wdnxfaif119cv0vphda"))
        (modules '((guix build utils)))
        (snippet
         '(begin
diff --git a/gnu/packages/syndication.scm b/gnu/packages/syndication.scm
index 80c45c396c..8ac0524fc6 100644
--- a/gnu/packages/syndication.scm
+++ b/gnu/packages/syndication.scm
@@ -1,4 +1,4 @@
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; GNU Guix is free software; you can redistribute it and/or modify it
 ;;; under the terms of the GNU General Public License as published by
@@ -38,7 +38,8 @@
         (method url-fetch)
         (uri (string-append "https://newsbeuter.org/downloads/newsbeuter-"
                             version ".tar.gz"))
-        (patches (search-patches "newsbeuter-CVE-2017-12904.patch"))
+        (patches (search-patches "newsbeuter-CVE-2017-12904.patch"
+                                 "newsbeuter-CVE-2017-14500.patch"))
         (sha256
          (base32
           "1j1x0hgwxz11dckk81ncalgylj5y5fgw5bcmp9qb5hq9kc0vza3l"))))
diff --git a/gnu/packages/tcl.scm b/gnu/packages/tcl.scm
index de888891c4..0231360aa8 100644
--- a/gnu/packages/tcl.scm
+++ b/gnu/packages/tcl.scm
@@ -4,7 +4,7 @@
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
-;;; Copyright © 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -190,7 +190,7 @@ interfaces (GUIs) in the Tcl language.")
 (define-public perl-tk
   (package
     (name "perl-tk")
-    (version "804.033")
+    (version "804.034")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -198,7 +198,7 @@ interfaces (GUIs) in the Tcl language.")
                    version ".tar.gz"))
              (sha256
               (base32
-               "1bc8bacsf95598yimrxijymb3advrgan73pqxj75qmd20ydnwxc4"))))
+               "1qiz55dmw7hm1wgpjdzf2jffwcj0hisr3kf80qi8lli3qx2b39py"))))
     (build-system perl-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)))
     (inputs `(("libx11" ,libx11)
@@ -247,6 +247,51 @@ interfaces (GUIs) in the Tcl language.")
 utility functions and modules all written in high-level Tcl.")
     (license (package-license tcl))))
 
+(define-public tklib
+  (package
+    (name "tklib")
+    (version "0.6")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://core.tcl.tk/tklib/tarball/tklib-"
+                                  version ".tar.gz?uuid=tklib-0-6"))
+              (sha256
+               (base32
+                "03y0bzgwbh7nnyqkh8n00bbkq2fyblq39s3bdb6mawna0bbn0wwg"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("tcl" ,tcl)))
+    (propagated-inputs
+     `(("tcllib" ,tcllib)
+       ("tk" ,tk))) ; for "wish"
+    (native-search-paths
+     (list (search-path-specification
+            (variable "TCLLIBPATH")
+            (separator " ")
+            (files (list (string-append "lib/tklib" version))))))
+    (home-page "https://www.tcl.tk/software/tklib/")
+    (synopsis "Tk utility modules for Tcl")
+    (description "Tklib is a collection of common utility functions and
+modules for Tk, all written in high-level Tcl.  Examples of provided widgets:
+@enumerate
+@item @code{chatwidget}
+@item @code{datefield}
+@item @code{tooltip}
+@item @code{cursor}
+@item @code{ipentry}
+@item @code{tablelist}
+@item @code{history}
+@item @code{tkpiechart}
+@item @code{ico}
+@item @code{crosshair}
+@item @code{ntext}
+@item @code{plotchart}
+@item @code{ctext}
+@item @code{autosscroll}
+@item @code{canvas}
+@end enumerate")
+    (license (package-license tcl))))
+
 (define-public tclxml
   (package
     (name "tclxml")
@@ -262,9 +307,10 @@ utility functions and modules all written in high-level Tcl.")
     (build-system gnu-build-system)
     (native-inputs
      `(("tcl" ,tcl)
-       ("tcllib" ,tcllib)
        ("libxml2" ,libxml2)
        ("libxslt" ,libxslt)))
+    (propagated-inputs
+     `(("tcllib" ,tcllib))) ; uri
     (native-search-paths
      (list (search-path-specification
             (variable "TCLLIBPATH")
diff --git a/gnu/packages/telephony.scm b/gnu/packages/telephony.scm
index c3bf203602..5751015260 100644
--- a/gnu/packages/telephony.scm
+++ b/gnu/packages/telephony.scm
@@ -272,7 +272,7 @@ and a supporting cryptographic kernel.")
          ("libtool" ,libtool)))
       (arguments
        `(#:phases (modify-phases %standard-phases
-                    (add-before 'configure 'autoconf
+                    (add-after 'unpack 'autoconf
                       (lambda _
                         (zero? (system* "autoreconf" "-vfi")))))))
       (home-page "https://gitlab.savoirfairelinux.com/sflphone/libiax2")
diff --git a/gnu/packages/terminals.scm b/gnu/packages/terminals.scm
index df093c293d..a9682b685c 100644
--- a/gnu/packages/terminals.scm
+++ b/gnu/packages/terminals.scm
@@ -3,7 +3,7 @@
 ;;; Copyright © 2016 Mckinley Olsen <mck.olsen@gmail.com>
 ;;; Copyright © 2016, 2017 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
-;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016, 2017 José Miguel Sánchez García <jmi2k@openmailbox.org>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
diff --git a/gnu/packages/tex.scm b/gnu/packages/tex.scm
index f12746c83f..a38b2afc0c 100644
--- a/gnu/packages/tex.scm
+++ b/gnu/packages/tex.scm
@@ -3589,6 +3589,26 @@ technical illustrations.  Its output is scalable PostScript or SVG, rather
 than the bitmaps Metafont creates.")
     (license license:lppl)))
 
+(define-public texlive-latex-acmart
+  (package
+    (name "texlive-latex-acmart")
+    (version "1.45")
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "acmart"))
+              (sha256
+               (base32
+                "10zs8ga88ksypv1v4p6mynmfa7749q2hgxlr4shnwfjd9wrb421q"))
+              (file-name (string-append name "-" version "-checkout"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "latex/acmart"))
+    (home-page "http://www.ctan.org/pkg/acmart")
+    (synopsis "Class for typesetting publications of ACM")
+    (description
+     "This package provides a class for typesetting publications of the
+Association for Computing Machinery (ACM).")
+    (license license:lppl1.3+)))
+
 (define-public texlive-latex-varwidth
   (package
     (name "texlive-latex-varwidth")
diff --git a/gnu/packages/texinfo.scm b/gnu/packages/texinfo.scm
index 5bf3a97e81..29455b911d 100644
--- a/gnu/packages/texinfo.scm
+++ b/gnu/packages/texinfo.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2016 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
@@ -31,6 +31,7 @@
   #:use-module (gnu packages ncurses))
 
 (define-public texinfo
+  ;; TODO: Merge with 'texinfo-latest' on the next core-updates.
   (package
     (name "texinfo")
     (version "6.4")
@@ -63,6 +64,19 @@ their source and the command-line Info reader.  The emphasis of the language
 is on expressing the content semantically, avoiding physical markup commands.")
     (license gpl3+)))
 
+(define-public texinfo-latest
+  ;; TODO: Turn this into 'texinfo' on the next core-updates cycle.
+  (package (inherit texinfo)
+    (version "6.5")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnu/texinfo/texinfo-"
+                                  version ".tar.xz"))
+              (sha256
+               (base32
+                "0qjzvbvnv9003xdrcpi3jp7y68j4hq2ciw9frh2hghh698zlnxvp"))))
+    (native-inputs '())))
+
 (define-public texinfo-5
   (package (inherit texinfo)
     (version "5.2")
diff --git a/gnu/packages/textutils.scm b/gnu/packages/textutils.scm
index 537d013345..3359ab4845 100644
--- a/gnu/packages/textutils.scm
+++ b/gnu/packages/textutils.scm
@@ -11,7 +11,7 @@
 ;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2017 Rene Saavedra <rennes@openmailbox.org>
 ;;; Copyright © 2017 Hartmut Goebel <h.goebel@crazy-compilers.com>
-;;; Copyright © 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -579,7 +579,7 @@ categories.")
      `(#:tests? #f ; FIXME maketest.sh does not work.
        #:phases
        (modify-phases %standard-phases
-         (add-before 'configure 'autoreconf
+         (add-after 'unpack 'autoreconf
            (lambda _
              (zero? (system* "autoreconf" "-vif")))))))
     (native-inputs
diff --git a/gnu/packages/time.scm b/gnu/packages/time.scm
index ba54d1d00f..4d3da87174 100644
--- a/gnu/packages/time.scm
+++ b/gnu/packages/time.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org>
 ;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Ben Woodcroft <donttrustben@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -21,7 +22,9 @@
   #:use-module (guix licenses)
   #:use-module (guix packages)
   #:use-module (guix download)
-  #:use-module (guix build-system gnu))
+  #:use-module (guix build-system gnu)
+  #:use-module (guix build-system python)
+  #:use-module (gnu packages python))
 
 (define-public time
   (package
@@ -55,3 +58,57 @@
 program uses.  The display output of the program can be customized or saved
 to a file.")
     (license gpl2+)))
+
+(define-public python-pytzdata
+  (package
+    (name "python-pytzdata")
+    (version "2017.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "pytzdata" version))
+       (sha256
+        (base32
+         "1c1az8spm2d3km6qhjy69y4dlj71p6984l48mizr83nh4f0ipld4"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-pytest" ,python-pytest)
+       ("python-nose" ,python-nose)))
+    (home-page "https://github.com/sdispater/pytzdata")
+    (synopsis "Timezone database for Python")
+    (description
+     "This library provides a timezone database for Python.")
+    (license expat)))
+
+(define-public python2-tzdata
+  (package-with-python2 python-pytzdata))
+
+(define-public python-pendulum
+  (package
+    (name "python-pendulum")
+    (version "1.2.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "pendulum" version))
+       (sha256
+        (base32
+         "1fj36yxi2f4lzchzd8ny1qjl67dbypnk0gn8qwad2w78579m8m8z"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-pytest" ,python-pytest)
+       ("python-nose" ,python-nose)))
+    (propagated-inputs
+     `(("python-dateutil" ,python-dateutil)
+       ("python-pytzdata" ,python-pytzdata)
+       ("python-tzlocal" ,python-tzlocal)))
+    (home-page "https://github.com/sdispater/pendulum")
+    (synopsis "Alternate API for Python datetimes")
+    (description "Pendulum is a drop-in replacement for the standard
+@{datetime} class, providing an alternative API.  As it inherits from the
+standard @code{datetime} all @code{datetime} instances can be replaced by
+Pendulum instances.")
+    (license expat)))
+
+(define-public python2-pendulum
+  (package-with-python2 python-pendulum))
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 111a1c3734..0e59d7df10 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
+;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
@@ -37,6 +37,7 @@
   #:use-module (guix build-system cmake)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages)
+  #:use-module (gnu packages dns)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages libbsd)
   #:use-module (gnu packages libffi)
@@ -229,6 +230,17 @@ required structures.")
     (inputs `(("guile" ,guile-2.0)
               ,@(alist-delete "guile" (package-inputs gnutls))))))
 
+(define-public gnutls/dane
+  ;; GnuTLS with build libgnutls-dane, implementing DNS-based
+  ;; Authentication of Named Entities.  This is required for GNS functionality
+  ;; by GNUnet and gnURL.  This is done in an extra package definition
+  ;; to have the choice between GnuTLS with Dane and without Dane.
+  (package
+    (inherit gnutls)
+    (name "gnutls-dane")
+    (inputs `(("unbound" ,unbound)
+              ,@(package-inputs gnutls)))))
+
 (define-public openssl
   (package
    (name "openssl")
@@ -486,13 +498,13 @@ netcat implementation that supports TLS.")
   (package
     (name "python-acme")
     ;; Remember to update the hash of certbot when updating python-acme.
-    (version "0.17.0")
+    (version "0.18.2")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "acme" version))
-      (sha256
-       (base32
-        "0vmnv7qhdhl9qhq03v6zrcj1lsmpmpjb94s0xsc7piwqxfmf9jrw"))))
+              (sha256
+               (base32
+                "1xiy8m7501g5l9kpdmyvyz72nfnl72l19qkrf76fyvby7adzm3ki"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -529,9 +541,6 @@ netcat implementation that supports TLS.")
     (description "ACME protocol implementation in Python")
     (license license:asl2.0)))
 
-(define-public python2-acme
-  (package-with-python2 python-acme))
-
 (define-public certbot
   (package
     (name "certbot")
@@ -543,7 +552,7 @@ netcat implementation that supports TLS.")
               (uri (pypi-uri name version))
               (sha256
                (base32
-                "173619jkq4bg88f6i837z3pcjkrfabrvv8vrpyx18k9i7xnb5xa3"))))
+                "16lw4n7kwnkvh9sz2f97c7ad1wwp33mg5fc332lpy5n17zpfc8h1"))))
     (build-system python-build-system)
     (arguments
      `(,@(substitute-keyword-arguments (package-arguments python-acme)
@@ -763,7 +772,7 @@ then ported to the GNU / Linux environment.")
 (define-public mbedtls-apache
   (package
     (name "mbedtls-apache")
-    (version "2.5.1")
+    (version "2.6.0")
     (source
      (origin
        (method url-fetch)
@@ -773,7 +782,7 @@ then ported to the GNU / Linux environment.")
                            version "-apache.tgz"))
        (sha256
         (base32
-         "1yc1rj0izjihj9hbzvskpa4gjzqf4dm2i84nmmm2s9j1i66fp6jm"))))
+         "11wnj34rfqxjggmdgf042i49lr6civgbqwv2p7p8bn6k2919vg4r"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("perl" ,perl)))
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index 64acb44490..e2123557c1 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -44,14 +44,14 @@
 (define-public tor
   (package
     (name "tor")
-    (version "0.3.0.10")
+    (version "0.3.0.11")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://dist.torproject.org/tor-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "1cas30wk4bhcivi6l9dj7wwlz6pc2jj883x1vijax3b8l54nx3ls"))))
+               "1hjhxkkrx04ydiddhwb3z2xb0vkcwmn1x8jsdcp6kd6i1qa0fp1a"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags (list "--enable-gcc-hardening"
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 36a6b7cd18..38756f06c2 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -16,6 +16,7 @@
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2017 André <eu@euandre.org>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017 Stefan Reichör <stefan@xsteve.at>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -123,14 +124,14 @@ as well as the classic centralized workflow.")
    (name "git")
    ;; XXX When updating Git, check if the special 'git:src' input to cgit needs
    ;; to be updated as well.
-   (version "2.14.1")
+   (version "2.14.2")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://kernel.org/software/scm/git/git-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "1iic3wiihxp3l3k6d4z886v3869c3dzgddjxnd5124wy1rnlqwkg"))))
+              "18f70gfzwqd210806hmf94blcd7yv5h9ka6xqkpd2jhijqwp5sah"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("native-perl" ,perl)
@@ -144,7 +145,7 @@ as well as the classic centralized workflow.")
           (sha256
 
            (base32
-            "1whlsiicayalym4hkf01zdiqpw37gdf7c52gw9ki7bv2x3hf3g3y"))))))
+            "1z05a7hxxndyby3dbj3gaw91sjwmky5d1yph96jmj0fhx78m1lvd"))))))
    (inputs
     `(("curl" ,curl)
       ("expat" ,expat)
@@ -552,6 +553,44 @@ collaboration using typical untrusted file hosts or services.")
 a built-in cache to decrease server I/O pressure.")
     (license license:gpl2)))
 
+(define-public python-ghp-import
+  (package
+    (name "python-ghp-import")
+    (version "0.5.5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://github.com/davisp/ghp-import/archive/"
+             version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0x887v690xsac2hzjkpbvp3a6crh3m08mqbk3nb4xwc9dnk869q7"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:phases (modify-phases %standard-phases
+                  (add-after 'install 'install-documentation
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      (let* ((out (assoc-ref outputs "out"))
+                             (doc (string-append out "/share/doc"))
+                             (licenses (string-append out "/share/licenses")))
+                        (install-file "README.md" doc)
+                        (install-file "LICENSE" licenses)))))))
+    (home-page "https://github.com/davisp/ghp-import")
+    (synopsis "Copy directory to the gh-pages branch")
+    (description "Script that copies a directory to the gh-pages branch (by
+default) of the repository.")
+
+    ;; See <https://bugs.gnu.org/27913>.
+    (license (license:non-copyleft
+              "https://raw.githubusercontent.com/davisp/ghp-import/master/LICENSE"
+              "Tumbolia Public License"))))
+
+(define-public python2-ghp-import
+  (package-with-python2
+   (strip-python2-variant python-ghp-import)))
+
 (define-public shflags
   (package
     (name "shflags")
@@ -639,6 +678,79 @@ subcommands helps automate some parts of the flow to make working with it a
 lot easier.")
     (license license:bsd-2)))
 
+(define-public stgit
+  (package
+    (name "stgit")
+    (version "0.18")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/ctmarinas/stgit/archive/v"
+                                  version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "19fk6vw3pgp2a98wpd4j3kyiyll5dy9bi4921wq1mrky0l53mj00"))))
+    (build-system python-build-system)
+    (inputs
+     `(("git" ,git)))
+    (arguments
+     `(#:python ,python-2
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'check
+           (lambda _
+             ;; two tests will fail -> disable them. TODO: fix the failing tests
+             (delete-file "t/t3300-edit.sh")
+             (delete-file "t/t7504-commit-msg-hook.sh")
+             (zero? (system* "make" "test")))))))
+    (home-page "http://procode.org/stgit/")
+    (synopsis "Stacked Git")
+    (description
+     "StGit is a command-line application that provides functionality similar
+to Quilt (i.e., pushing/popping patches to/from a stack), but using Git
+instead of @command{diff} and @command{patch}.  StGit stores its patches in a
+Git repository as normal Git commits, and provides a number of commands to
+manipulate them in various ways.")
+    (license license:gpl2)))
+
+(define-public vcsh
+  (package
+    (name "vcsh")
+    (version "1.20151229")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/RichiH/vcsh/archive/v"
+                                  version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1ym3swkh738c3vciffvlr96vqzhwmzkb8ajqzap8f0j9n039a1mf"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("which" ,which)))
+    (inputs
+     `(("git" ,git)
+       ("perl" ,perl)
+       ("perl-test-harness" ,perl-test-harness)
+       ("perl-shell-command" ,perl-shell-command)
+       ("perl-test-most" ,perl-test-most)))
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (delete 'configure)
+                  (delete 'build))
+       #:make-flags (list (string-append "PREFIX="
+                                         (assoc-ref %outputs "out")))
+       #:test-target "test"))
+    (home-page "https://github.com/RichiH/vcsh")
+    (synopsis "Version control system for @code{$HOME}")
+    (description
+     "vcsh version-controls configuration files in several Git repositories,
+all in one single directory.  They all maintain their working trees without
+clobbering each other or interfering otherwise.  By default, all Git
+repositories maintained via vcsh store the actual files in @code{$HOME},
+though this can be overridden.")
+    (license license:gpl2+)))
+
 (define-public git-test-sequence
   (let ((commit "48e5a2f5a13a5f30452647237e23362b459b9c76"))
     (package
@@ -1263,7 +1375,7 @@ output of the 'git' command.")
     (build-system gnu-build-system)
     (arguments
      '(#:phases (modify-phases %standard-phases
-                  (add-before 'configure 'bootstrap
+                  (add-after 'unpack 'bootstrap
                     (lambda _
                       (zero? (system* "autoreconf" "-vfi")))))))
     (native-inputs `(("autoconf" ,autoconf)
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 9c728c174a..2b9f5aa06c 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -8,7 +8,7 @@
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015, 2016, 2017 Alex Vong <alexvong1995@gmail.com>
 ;;; Copyright © 2016, 2017 Alex Griffin <a@ajgrf.com>
-;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2016 Dmitry Nikolaev <cameltheman@gmail.com>
 ;;; Copyright © 2016 Andy Patterson <ajpatter@uwaterloo.ca>
 ;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
@@ -580,14 +580,14 @@ standards (MPEG-2, MPEG-4 ASP/H.263, MPEG-4 AVC/H.264, and VC-1/VMW3).")
 (define-public ffmpeg
   (package
     (name "ffmpeg")
-    (version "3.3.3")
+    (version "3.3.4")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://ffmpeg.org/releases/ffmpeg-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "07is8msrhxr1dk6vgwa192k2pl2a0in1h9w8f9cknlvbvhn01afj"))))
+               "0mx9dvad3lkyhvsrblf280x2bz6dxajya1ylnspbdzldj0dpxfcq"))))
     (build-system gnu-build-system)
     (inputs
      `(("fontconfig" ,fontconfig)
@@ -749,14 +749,14 @@ audio/video codec library.")
 (define-public ffmpeg-2.8
   (package
     (inherit ffmpeg)
-    (version "2.8.12")
+    (version "2.8.13")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://ffmpeg.org/releases/ffmpeg-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1gc32akvdms3rywphnap94lqqici8l5898a09ir1ad5rif5g24v2"))))
+               "0hyqr391pika4vgynv90bacz11wdpqcqfgj5h7g5jrmgvz6hgj68"))))
     (arguments
      (substitute-keyword-arguments (package-arguments ffmpeg)
        ((#:configure-flags flags)
@@ -780,10 +780,7 @@ audio/video codec library.")
                "1a22b913p2227ljz89c4fgjlyln5gcz8z58w32r0wh4srnnd60y4"))))
     (build-system gnu-build-system)
     (native-inputs
-     `(("autoconf" ,autoconf)
-       ("automake" ,automake)
-       ("git" ,git) ; needed for a test
-       ("libtool" ,libtool)
+     `(("git" ,git) ; needed for a test
        ("pkg-config" ,pkg-config)))
     ;; FIXME: Add optional inputs once available.
     (inputs
@@ -819,9 +816,8 @@ audio/video codec library.")
        ("perl" ,perl)
        ("pulseaudio" ,pulseaudio)
        ("python" ,python-wrapper)
-       ("qt" ,qt) ; FIXME: reenable modular qt after update - requires building
-       ;("qtbase" ,qtbase) with -std=gnu++11.
-       ;("qtx11extras" ,qtx11extras)
+       ("qtbase" ,qtbase)
+       ("qtx11extras" ,qtx11extras)
        ("sdl" ,sdl)
        ("sdl-image" ,sdl-image)
        ("speex" ,speex)
@@ -829,33 +825,27 @@ audio/video codec library.")
        ("xcb-util-keysyms" ,xcb-util-keysyms)))
     (arguments
      `(#:configure-flags
-       `(;; Gross workaround for <https://trac.videolan.org/vlc/ticket/16907>.
-         ;; In our case, this led to a test failure:
-         ;;   test_libvlc_equalizer: libvlc/equalizer.c:122: test_equalizer: Assertion `isnan(libvlc_audio_equalizer_get_amp_at_index (equalizer, u_bands))' failed.
-         "ac_cv_c_fast_math=no"
-
+       `("CXXFLAGS=-std=gnu++11"
          ,(string-append "LDFLAGS=-Wl,-rpath -Wl,"
                          (assoc-ref %build-inputs "ffmpeg")
                          "/lib"))                 ;needed for the tests
 
        #:phases
        (modify-phases %standard-phases
-         (add-before 'configure 'bootstrap
-           (lambda _ (zero? (system* "sh" "bootstrap"))))
-         (add-before 'bootstrap 'fix-livemedia-utils-prefix
+         (add-after 'unpack 'patch-source
            (lambda* (#:key inputs #:allow-other-keys)
              (let ((livemedia-utils (assoc-ref inputs "livemedia-utils")))
-               (substitute* "configure.ac"
+               (substitute* "configure"
                  (("LIVE555_PREFIX=\\$\\{LIVE555_PREFIX-\"/usr\"\\}")
                   (string-append "LIVE555_PREFIX=" livemedia-utils)))
+               ;; Some of the tests require using the display to test out VLC,
+               ;; which fails in our sandboxed build system
+               (substitute* "test/run_vlc.sh"
+                 (("./vlc --ignore-config") "echo"))
+               ;; XXX Likely not needed for >2.2.6.
+               (substitute* "modules/gui/qt4/components/interface_widgets.cpp"
+                 (("<qx11info_x11.h>") "<QtX11Extras/qx11info_x11.h>"))
                #t)))
-         (add-before 'configure 'remove-visual-tests
-           ;; Some of the tests require using the display to test out VLC,
-           ;; which fails in our sandboxed build system
-           (lambda _
-             (substitute* "test/run_vlc.sh"
-                          (("./vlc --ignore-config") "echo"))
-             #t))
          (add-after 'install 'regenerate-plugin-cache
            (lambda* (#:key outputs #:allow-other-keys)
              ;; The 'install-exec-hook' rule in the top-level Makefile.am
@@ -980,7 +970,7 @@ SVCD, DVD, 3ivx, DivX 3/4/5, WMV and H.264 movies.")
 (define-public mpv
   (package
     (name "mpv")
-    (version "0.26.0")
+    (version "0.27.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -988,7 +978,7 @@ SVCD, DVD, 3ivx, DivX 3/4/5, WMV and H.264 movies.")
                     ".tar.gz"))
               (sha256
                (base32
-                "0ihvnwrp24jjf43k1hvy8n8w4ipl4z7apjppd4i0y9jzilsyzwys"))
+                "1754371fkva8aqxgbm50jxyvij7mnysq0538bf6zghbmigqqn79l"))
               (file-name (string-append name "-" version ".tar.gz"))))
     (build-system waf-build-system)
     (native-inputs
@@ -1121,7 +1111,7 @@ access to mpv's powerful playback capabilities.")
 (define-public youtube-dl
   (package
     (name "youtube-dl")
-    (version "2017.08.27.1")
+    (version "2017.09.24")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://yt-dl.org/downloads/"
@@ -1129,7 +1119,7 @@ access to mpv's powerful playback capabilities.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1b0ad0fkayj6l0cd2rkycn6lbms8ps0y887r407c850pmaw27n1j"))))
+                "0j2m75j0d1n83i7jzpkcj7ir0bkskj024j9b0yi88zipcg740wbx"))))
     (build-system python-build-system)
     (arguments
      ;; The problem here is that the directory for the man page and completion
@@ -1238,7 +1228,7 @@ other site that youtube-dl supports.")
 (define-public you-get
   (package
     (name "you-get")
-    (version "0.4.803")
+    (version "0.4.915")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1247,7 +1237,7 @@ other site that youtube-dl supports.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1rjy809x67dadzvj3midkhcda2kp6rqmbj6rbhjd5f16rvqgn7jp"))))
+                "147qf8kdxjv9003fgx50ws0rmjjq98sv11q6c3sdwd29zylaj1ql"))))
     (build-system python-build-system)
     (arguments
      ;; no tests
@@ -2260,12 +2250,13 @@ practically any type of media.")
        #:phases
        ;; build scripts not in root of archive
        (modify-phases %standard-phases
-         (add-before 'configure 'pre-configure
+         (add-after 'unpack 'change-to-build-dir
            (lambda _
-             (chdir "Project/GNU/Library")))
-         (add-before 'configure 'autogen
+             (chdir "Project/GNU/Library")
+             #t))
+         (add-after 'change-to-build-dir 'autogen
            (lambda _
-             (zero? (system* "./autogen.sh")))))))
+             (zero? (system* "sh" "autogen.sh")))))))
     (home-page "https://mediaarea.net/en/MediaInfo")
     (synopsis "Library for retrieving media metadata")
     (description "MediaInfo is a library used for retrieving technical
@@ -2321,9 +2312,9 @@ MPEG-2, MPEG-4, DVD (VOB)...
          (add-before 'configure 'pre-configure
            (lambda _
              (chdir "Project/GNU/CLI")))
-         (add-before 'configure 'autogen
+         (add-after 'unpack 'autogen
            (lambda _
-             (zero? (system* "./autogen.sh")))))))
+             (zero? (system* "sh" "autogen.sh")))))))
     (home-page "https://mediaarea.net/en/MediaInfo")
     (synopsis "Utility for reading media metadata")
     (description "MediaInfo is a utility used for retrieving technical
diff --git a/gnu/packages/vim.scm b/gnu/packages/vim.scm
index 818d2d207f..dffd6d96c0 100644
--- a/gnu/packages/vim.scm
+++ b/gnu/packages/vim.scm
@@ -60,7 +60,7 @@
 (define-public vim
   (package
     (name "vim")
-    (version "8.0.0808")
+    (version "8.0.1130")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://github.com/vim/vim/archive/v"
@@ -68,7 +68,7 @@
              (file-name (string-append name "-" version ".tar.gz"))
              (sha256
               (base32
-               "0qrn9fhq5wdrrf2qhpygwfm5rynl32l406xhbr7lg69r9wl8cjjn"))))
+               "0zqyk7086crc6q5fil38szppx9sgd14fs3wb9h4ak13jg6s2ir90"))))
     (build-system gnu-build-system)
     (arguments
      `(#:test-target "test"
@@ -102,6 +102,27 @@ Vim is perfect for all kinds of text editing, from composing email to editing
 configuration files.")
     (license license:vim)))
 
+(define-public xxd
+  (package (inherit vim)
+    (name "xxd")
+    (arguments
+     `(#:make-flags '("CC=gcc")
+       #:tests? #f ; there are none
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (add-after 'unpack 'chdir
+           (lambda _
+             (chdir "src/xxd")))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((bin (string-append (assoc-ref outputs "out") "/bin")))
+               (install-file "xxd" bin)
+               #t))))))
+    (synopsis "Hexdump utility from vim")
+    (description "This package provides the Hexdump utility xxd that comes
+with the editor vim.")))
+
 (define-public vim-full
   (package
     ;; This package should share its source with Vim, but it doesn't
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index d06c55bd57..344ffc786b 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -72,26 +72,16 @@
 (define-public qemu
   (package
     (name "qemu")
-    (version "2.9.0")
+    (version "2.10.0")
     (source (origin
              (method url-fetch)
-             (uri (string-append "http://wiki.qemu-project.org/download/qemu-"
+             (uri (string-append "https://download.qemu.org/qemu-"
                                  version ".tar.xz"))
-             (patches (search-patches "qemu-CVE-2017-7493.patch"
-                                      "qemu-CVE-2017-8112.patch"
-                                      "qemu-CVE-2017-8309.patch"
-                                      "qemu-CVE-2017-8379.patch"
-                                      "qemu-CVE-2017-8380.patch"
-                                      "qemu-CVE-2017-9524.patch"
-                                      "qemu-CVE-2017-10664.patch"
-                                      "qemu-CVE-2017-10806.patch"
-                                      "qemu-CVE-2017-10911.patch"
-                                      "qemu-CVE-2017-11334.patch"
-                                      "qemu-CVE-2017-11434.patch"
-                                      "qemu-CVE-2017-12809.patch"))
+             (patches (search-patches "qemu-CVE-2017-13711.patch"
+                                      "qemu-CVE-2017-14167.patch"))
              (sha256
               (base32
-               "08mhfs0ndbkyqgw7fjaa9vjxf4dinrly656f6hjzvmaz7hzc677h"))))
+               "0dgk7zcni41nf1jp84y0m6dk2nb4frnh571m8hkiv0m4hz4imn2m"))))
     (build-system gnu-build-system)
     (arguments
      '(;; Running tests in parallel can occasionally lead to failures, like:
@@ -323,14 +313,14 @@ manage system or application containers.")
 (define-public libvirt
   (package
     (name "libvirt")
-    (version "3.6.0")
+    (version "3.7.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://libvirt.org/sources/libvirt-"
                                   version ".tar.xz"))
               (sha256
                (base32
-                "0gcyql5dp6j370kvik9hjhxirrg89m7l1q52yq0g75h7jpv9fb1s"))))
+                "1fk75cdzg59y9hnfdpdwv83fsc1yffy3lac4ch19zygfkqhcnysf"))))
     (build-system gnu-build-system)
     (arguments
      `(;; FAIL: virshtest
@@ -377,7 +367,6 @@ manage system or application containers.")
        ("gnutls" ,gnutls)
        ("dbus" ,dbus)
        ("qemu" ,qemu)
-       ("polkit" ,polkit)
        ("libpcap" ,libpcap)
        ("libnl" ,libnl)
        ("libuuid" ,util-linux)
@@ -385,8 +374,6 @@ manage system or application containers.")
        ("curl" ,curl)
        ("openssl" ,openssl)
        ("cyrus-sasl" ,cyrus-sasl)
-       ("perl" ,perl)
-       ("python" ,python-2)
        ("libyajl" ,libyajl)
        ("audit" ,audit)
        ("dmidecode" ,dmidecode)
@@ -395,7 +382,11 @@ manage system or application containers.")
        ("iproute" ,iproute)
        ("iptables" ,iptables)))
     (native-inputs
-     `(("pkg-config" ,pkg-config)))
+     `(("xsltproc" ,libxslt)
+       ("perl" ,perl)
+       ("pkg-config" ,pkg-config)
+       ("polkit" ,polkit)
+       ("python" ,python-2)))
     (home-page "https://libvirt.org")
     (synopsis "Simple API for virtualization")
     (description "Libvirt is a C toolkit to interact with the virtualization
@@ -438,7 +429,7 @@ to integrate other virtualization mechanisms if needed.")
        ("intltool" ,intltool)
        ("glib" ,glib "bin")
        ("vala" ,vala)))
-    (home-page "http://libvirt.org")
+    (home-page "https://libvirt.org")
     (synopsis "GLib wrapper around libvirt")
     (description "libvirt-glib wraps the libvirt library to provide a
 high-level object-oriented API better suited for glib-based applications, via
@@ -455,13 +446,13 @@ three libraries:
 (define-public python-libvirt
   (package
     (name "python-libvirt")
-    (version "3.4.0")
+    (version "3.7.0")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "libvirt-python" version))
               (sha256
                (base32
-                "04dma3979171p9yf0cg7m03shk038hc9vyfm9lb8z60qyn0pg9xg"))))
+                "0vy0ai8z88yhzqfk1n08z1gda5flrqxcw9lg1012b3zg125qljhy"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -481,7 +472,7 @@ three libraries:
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("python-nose" ,python-nose)))
-    (home-page "http://libvirt.org")
+    (home-page "https://libvirt.org")
     (synopsis "Python bindings to libvirt")
     (description "This package provides Python bindings to the libvirt
 virtualization library.")
@@ -493,7 +484,7 @@ virtualization library.")
 (define-public virt-manager
   (package
     (name "virt-manager")
-    (version "1.4.2")
+    (version "1.4.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://virt-manager.org/download/sources"
@@ -501,7 +492,7 @@ virtualization library.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0x6mnqw8bng3r69pvmnq9q6yyhicxg22yz62b6dzbb4z16xl1r23"))))
+                "093azs8p4p7y4nf5j25xpsvdxww7gky1g0hs8mkcvmpxl2wjd0jj"))))
     (build-system python-build-system)
     (arguments
      `(#:python ,python-2
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index 61ebf0d5fa..40ee9d139c 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -153,7 +153,7 @@ and probably others.")
 (define-public openvpn
   (package
     (name "openvpn")
-    (version "2.4.3")
+    (version "2.4.4")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -161,14 +161,15 @@ and probably others.")
                     version ".tar.xz"))
               (sha256
                (base32
-                "1yrnvvnap2ghqas10l8jfg3njx57b8swh3n9wyp556qqgz4mzq8m"))))
+                "102an395nv8l7qfx3syydzhmd9xfbycd6gvwy0h2kjz8w67ipkcn"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--enable-iproute2=yes")))
     (native-inputs
      `(("iproute2" ,iproute)))
     (inputs
-     `(("lzo" ,lzo)
+     `(("lz4" ,lz4)
+       ("lzo" ,lzo)
        ("openssl" ,openssl)
        ("linux-pam" ,linux-pam)))
     (home-page "https://openvpn.net/")
diff --git a/gnu/packages/w3m.scm b/gnu/packages/w3m.scm
index 0489212197..a758f2920b 100644
--- a/gnu/packages/w3m.scm
+++ b/gnu/packages/w3m.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
-;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
diff --git a/gnu/packages/web-browsers.scm b/gnu/packages/web-browsers.scm
index b5fb39b95a..3e91b4e89b 100644
--- a/gnu/packages/web-browsers.scm
+++ b/gnu/packages/web-browsers.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2014 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -185,7 +185,7 @@ access.")
 (define-public qutebrowser
   (package
     (name "qutebrowser")
-    (version "0.10.1")
+    (version "0.11.0")
     (source
      (origin
        (method url-fetch)
@@ -194,7 +194,7 @@ access.")
                            "qutebrowser-" version ".tar.gz"))
        (sha256
         (base32
-         "05qryn56w2pbqhir4pl99idx7apx2xqw9f8wmbrhj59b1xgr3x2p"))))
+         "13ihx66jm1dd6vx8px7pm0kbzf2sf9x43hhivc1rp17kahnxxdyv"))))
     (build-system python-build-system)
     (native-inputs
      `(("asciidoc" ,asciidoc)))
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 13a46a5503..a2af98da53 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -13,13 +13,13 @@
 ;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
 ;;; Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
 ;;; Copyright © 2016 Clément Lassieur <clement@lassieur.org>
-;;; Copyright © 2016, 2017 ng0 <ng0@no-reply.pragmatique.xyz>
+;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2016, 2017 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 Bake Timmons <b3timmons@speedymail.org>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
-;;; Copyright © 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -76,9 +76,11 @@
   #:use-module (gnu packages java)
   #:use-module (gnu packages javascript)
   #:use-module (gnu packages image)
+  #:use-module (gnu packages imagemagick)
   #:use-module (gnu packages libidn)
   #:use-module (gnu packages libunistring)
   #:use-module (gnu packages lua)
+  #:use-module (gnu packages markup)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages base)
   #:use-module (gnu packages perl)
@@ -92,7 +94,8 @@
   #:use-module (gnu packages texinfo)
   #:use-module (gnu packages textutils)
   #:use-module (gnu packages tls)
-  #:use-module (gnu packages statistics))
+  #:use-module (gnu packages statistics)
+  #:use-module (gnu packages version-control))
 
 (define-public httpd
   (package
@@ -104,7 +107,8 @@
                                  version ".tar.bz2"))
              (sha256
               (base32
-               "0fn1778mxhf78np2d8qlycg1c2ak18rxax41plahasca4clc3z3i"))))
+               "0fn1778mxhf78np2d8qlycg1c2ak18rxax41plahasca4clc3z3i"))
+             (patches (search-patches "httpd-CVE-2017-9798.patch"))))
     (build-system gnu-build-system)
     (native-inputs `(("pcre" ,pcre "bin")))       ;for 'pcre-config'
     (inputs `(("apr" ,apr)
@@ -157,10 +161,12 @@ and its related documentation.")
                (("/bin/sh") (which "sh")))
              #t))
          (replace 'configure
+           ;; The configure script is hand-written, not from GNU autotools.
            (lambda* (#:key outputs #:allow-other-keys)
              (let ((flags
                     (list (string-append "--prefix=" (assoc-ref outputs "out"))
                           "--with-http_ssl_module"
+                          "--with-http_v2_module"
                           "--with-pcre-jit"
                           "--with-debug"
                           ;; Even when not cross-building, we pass the
@@ -185,6 +191,12 @@ and its related documentation.")
                (format #t "environment variable `CC' set to `gcc'~%")
                (format #t "configure flags: ~s~%" flags)
                (zero? (apply system* "./configure" flags)))))
+         (add-after 'install 'install-man-page
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (man (string-append out "/share/man")))
+               (install-file "objs/nginx.8" (string-append man "/man8"))
+               #t)))
          (add-after 'install 'fix-root-dirs
            (lambda* (#:key outputs #:allow-other-keys)
              ;; 'make install' puts things in strange places, so we need to
@@ -1905,6 +1917,33 @@ string generation and manipulation, and processing and preparing HTTP
 headers.")
     (license l:perl-license)))
 
+(define-public perl-cgi-session
+  (package
+    (name "perl-cgi-session")
+    (version "4.48")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/M/MA/MARKSTOS/CGI-Session-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "1xsl2pz1jrh127pq0b01yffnj4mnp9nvkp88h5mndrscq9hn8xa6"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-build" ,perl-module-build)))
+    (inputs `(("perl-cgi" ,perl-cgi)))
+    (home-page
+     "http://search.cpan.org/dist/CGI-Session")
+    (synopsis
+     "Persistent session data in CGI applications")
+    (description
+     "@code{CGI::Session} provides modular session management system across
+HTTP requests.")
+    (license l:perl-license)))
+
 (define-public perl-cgi-simple
   (package
     (name "perl-cgi-simple")
@@ -2177,6 +2216,37 @@ composed of HTML::Element style components.")
 <form> ... </form> instance.")
     (license l:perl-license)))
 
+(define-public perl-html-scrubber
+  (package
+    (name "perl-html-scrubber")
+    (version "0.15")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/N/NI/NIGELM/HTML-Scrubber-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "1m1f8gm2jry42zxja05dxp2ck7y66m7i8vc38nj6hccnwlby6cvi"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-build" ,perl-module-build)
+       ("perl-test-cpan-meta" ,perl-test-cpan-meta)
+       ("perl-test-eol" ,perl-test-eol)
+       ("perl-test-memory-cycle" ,perl-test-memory-cycle)
+       ("perl-test-notabs" ,perl-test-notabs)))
+    (inputs
+     `(("perl-html-parser" ,perl-html-parser)))
+    (home-page
+     "http://search.cpan.org/dist/HTML-Scrubber")
+    (synopsis
+     "Perl extension for scrubbing/sanitizing html")
+    (description
+     "@code{HTML::Scrubber} Perl extension for scrubbing/sanitizing HTML.")
+    (license l:perl-license)))
+
 (define-public perl-html-lint
   (package
     (name "perl-html-lint")
@@ -2226,7 +2296,7 @@ in tables within an HTML document, either as text or encoded element trees.")
 (define-public perl-html-tree
   (package
     (name "perl-html-tree")
-    (version "5.06")
+    (version "5.07")
     (source
      (origin
        (method url-fetch)
@@ -2234,7 +2304,7 @@ in tables within an HTML document, either as text or encoded element trees.")
                            "HTML-Tree-" version ".tar.gz"))
        (sha256
         (base32
-         "0vjk4xrybjqs511qrh9cymhpbg9m3jjqr52qr035k6nzrccyndlw"))))
+         "1gyvm4qlwm9y6hczkpnrdfl303ggbybr0nqxdjw09hii8yw4sdzh"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-module-build" ,perl-module-build)
@@ -3380,10 +3450,18 @@ web browsing, used for automating interaction with websites.")
                (base32
                 "1yxplx1q1qk2fvnzqrbk01lz26fy1lyhay51a3ky7q3jgh9p01rb"))))
     (build-system perl-build-system)
-    (arguments
-     `(#:tests? #f)) ; Tests require further modules to be packaged
     (native-inputs
-     `(("perl-module-install" ,perl-module-install)))
+     `(("perl-class-errorhandler" ,perl-class-errorhandler)
+       ("perl-datetime" ,perl-datetime)
+       ("perl-datetime-format-mail" ,perl-datetime-format-mail)
+       ("perl-datetime-format-w3cdtf" ,perl-datetime-format-w3cdtf)
+       ("perl-feed-find" ,perl-feed-find)
+       ("perl-module-install" ,perl-module-install)
+       ("perl-module-pluggable" ,perl-module-pluggable)
+       ("perl-uri-fetch" ,perl-uri-fetch)
+       ("perl-test-simple" ,perl-test-simple)
+       ("perl-xml-atom" ,perl-xml-atom)
+       ("perl-xml-rss" ,perl-xml-rss)))
     (inputs
      `(("perl-data-page" ,perl-data-page)
        ("perl-libwww" ,perl-libwww)
@@ -3500,13 +3578,13 @@ in systems and applications.")
 (define-public r-servr
   (package
     (name "r-servr")
-    (version "0.6")
+    (version "0.7")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "servr" version))
               (sha256
                (base32
-                "0sqz3wssxa19g9mpmf9s4gx2a5rvzl8nrd11qkgpz5v3iqsc6ysr"))))
+                "0rxh89csqlpyf9wv5wlymya9kbddj79mlmxz2x0xmls12gbrxaaa"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-httpuv" ,r-httpuv)
@@ -3995,6 +4073,74 @@ parse both valid and invalid web content.  It is developed as part of the
 NetSurf project.")
     (license l:expat)))
 
+(define-public ikiwiki
+  (package
+    (name "ikiwiki")
+    (version "3.20170111")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://snapshot.debian.org/archive/debian/"
+                           "20170111T215449Z/pool/main/i/ikiwiki/ikiwiki_"
+                           version ".tar.xz"))
+       (sha256
+        (base32
+         "00d7yzv426fvqbhvzyafddv7fa6b4j2647b0wi371wd5yjj9j3sz"))))
+    (build-system perl-build-system)
+    (arguments
+     `(;; Image tests fail
+       ;;
+       ;; Test Summary Report
+       ;; -------------------
+       ;; t/img.t                      (Wstat: 2304 Tests: 62 Failed: 9)
+       ;;   Failed tests:  21, 27-28, 30-35
+       ;;   Non-zero exit status: 9
+       #:tests? #f
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'wrap-programs
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out  (assoc-ref outputs "out"))
+                    (bin  (string-append out "/bin/"))
+                    (path (getenv "PERL5LIB")))
+               (for-each (lambda (file)
+                           (wrap-program file
+                             `("PERL5LIB" ":" prefix (,path))))
+                         (find-files bin))
+               #t))))))
+    (native-inputs
+     `(("which" ,which)
+       ("perl-html-tagset" ,perl-html-tagset)
+       ("perl-timedate" ,perl-timedate)
+       ("perl-xml-sax" ,perl-xml-sax)
+       ("perl-xml-simple" ,perl-xml-simple)
+       ("gettext" ,gettext-minimal)
+       ("subversion" ,subversion)
+       ("git" ,git)
+       ("bazaar" ,bazaar)
+       ("cvs" ,cvs)
+       ("mercurial" ,mercurial)))
+    (inputs
+     `(("python" ,python-wrapper)
+       ("perl-cgi-session" ,perl-cgi-session)
+       ("perl-cgi-simple" ,perl-cgi-simple)
+       ("perl-json" ,perl-json)
+       ("perl-image-magick" ,perl-image-magick)
+       ("perl-uri" ,perl-uri)
+       ("perl-html-parser" ,perl-html-parser)
+       ("perl-uri" ,perl-uri)
+       ("perl-text-markdown-discount" ,perl-text-markdown-discount)
+       ("perl-html-scrubber" ,perl-html-scrubber)
+       ("perl-html-template" ,perl-html-template)
+       ("perl-yaml-libyaml" ,perl-yaml-libyaml)))
+    (home-page "https://ikiwiki.info/")
+    (synopsis "Wiki compiler, capable of generating HTML")
+    (description
+     "Ikiwiki is a wiki compiler, capable of generating a static set of web
+pages, but also incorporating dynamic features like a web based editor and
+commenting.")
+    (license l:gpl2+)))
+
 (define-public libwapcaplet
   (package
     (name "libwapcaplet")
@@ -5047,3 +5193,78 @@ websites lacking feeds.  Supported websites include Facebook, Twitter,
 Instagram and YouTube.")
     (license (list l:public-domain
                    l:expat)))) ;; vendor/simplehtmldom/simple_html_dom.php
+
+(define-public linkchecker
+  (package
+    (name "linkchecker")
+    (version "9.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "LinkChecker" version))
+       (sha256
+        (base32
+         "0v8pavf0bx33xnz1kwflv0r7lxxwj7vg3syxhy2wzza0wh6sc2pf"))))
+    (build-system python-build-system)
+    (inputs
+     `(("python2-requests" ,python2-requests)))
+    (arguments
+     `(#:python ,python-2
+       #:phases
+       (modify-phases %standard-phases
+         ;; Remove faulty python-requests version check. This has been fixed
+         ;; upstream, and can be removed in version 9.4.
+         (add-after 'unpack 'remove-python-requests-version
+           (lambda _
+             (substitute* "linkcheck/__init__.py"
+               (("requests.__version__ <= '2.2.0'") "False"))
+             #t)))))
+    (home-page "https://linkcheck.github.io/linkchecker")
+    (synopsis "Check websites for broken links")
+    (description "LinkChecker is a website validator.  It checks for broken
+links in websites.  It is recursive and multithreaded providing output in
+colored or normal text, HTML, SQL, CSV, XML or as a sitemap graph.  It
+supports checking HTTP/1.1, HTTPS, FTP, mailto, news, nntp, telnet and local
+file links.")
+    (license (list l:gpl2+
+                   l:bsd-2 ; linkcheck/better_exchook2.py
+                   l:bsd-3 ; linkcheck/colorama.py
+                   l:psfl  ; linkcheck/gzip2.py
+                   l:expat ; linkcheck/mem.py
+                   ;; FIXME: Unbundle dnspython and miniboa
+                   ;; This issue has been raised upstream
+                   ;; https://github.com/wummel/linkchecker/issues/729
+                   l:isc   ; third_party/dnspython
+                   l:asl2.0)))) ; third_party/miniboa
+
+(define-public cadaver
+  (package
+    (name "cadaver")
+    (version "0.23.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://www.webdav.org/cadaver/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1jizq69ifrjbjvz5y79wh1ny94gsdby4gdxwjad4bfih6a5fck7x"))))
+    (build-system gnu-build-system)
+    ;; TODO: Unbundle libneon and make build succeed with new neon.
+    (arguments
+     `(#:configure-flags (list "--with-ssl=openssl")
+       #:tests? #f)) ;No tests included
+    (native-inputs
+     `(("gettext" ,gnu-gettext)
+       ("pkg-config" ,pkg-config)
+       ("intltool" ,intltool)))
+    (inputs
+     `(("expat" ,expat)
+       ("openssl" ,openssl)))
+    (home-page "http://www.webdav.org/cadaver")
+    (synopsis "Command-line WebDAV client")
+    (description
+     "Cadaver is a command-line WebDAV client for Unix. It supports
+file upload, download, on-screen display, namespace operations (move/copy),
+collection creation and deletion, and locking operations.")
+    (license l:gpl2)))
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index 5ab27b49f5..7b4b306e8f 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -46,6 +46,7 @@
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
   #:use-module (gnu packages ruby)
+  #:use-module (gnu packages tls)
   #:use-module (gnu packages video)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages xorg))
@@ -53,14 +54,14 @@
 (define-public webkitgtk
   (package
     (name "webkitgtk")
-    (version "2.16.6")
+    (version "2.18.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.webkitgtk.org/releases/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "08abxbhi2n1pfby9f2c20z8mpmbvbs2z7vf0p5ckq4jkz46na8zw"))))
+                "1383wlv98l8fwmhzy0fad82a44h5svm89c1kpa03wsp37mmf90xm"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f ; no tests
@@ -69,7 +70,16 @@
                           "-DPORT=GTK"
                           (string-append ; uses lib64 by default
                            "-DLIB_INSTALL_DIR="
-                           (assoc-ref %outputs "out") "/lib"))
+                           (assoc-ref %outputs "out") "/lib")
+
+                          ;; XXX Adding GStreamer GL support would apparently
+                          ;; require adding gst-plugins-bad to the inputs,
+                          ;; which might entail a security risk as a result of
+                          ;; the plugins of dubious code quality that are
+                          ;; included.  More investigation is needed.  For
+                          ;; now, we explicitly disable it to prevent an error
+                          ;; at configuration time.
+                          "-DUSE_GSTREAMER_GL=OFF")
        #:phases
        (modify-phases %standard-phases
          (add-after
@@ -112,6 +122,7 @@
        ("libnotify" ,libnotify)
        ("libpng" ,libpng)
        ("libsecret" ,libsecret)
+       ("libtasn1" ,libtasn1)
        ("libwebp" ,libwebp)
        ("libxcomposite" ,libxcomposite)
        ("libxml2" ,libxml2)
diff --git a/gnu/packages/wine.scm b/gnu/packages/wine.scm
index 513b0eb999..a1637b9d78 100644
--- a/gnu/packages/wine.scm
+++ b/gnu/packages/wine.scm
@@ -55,14 +55,14 @@
 (define-public wine
   (package
     (name "wine")
-    (version "2.0.1")
+    (version "2.0.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://dl.winehq.org/wine/source/2.0"
                                   "/wine-" version ".tar.xz"))
               (sha256
                (base32
-                "10qm0xxqzvl4y3mhvaxcaacrcs8d5kdz5wf0gbxpmp36wnm4xyvc"))))
+                "16iwf48cfi39aqyy8131jz4x7lr551c9yc0mnks7g24j77sq867p"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)
                      ("gettext" ,gettext-minimal)
diff --git a/gnu/packages/wm.scm b/gnu/packages/wm.scm
index 5ba29c3b3d..b7e44cd151 100644
--- a/gnu/packages/wm.scm
+++ b/gnu/packages/wm.scm
@@ -168,14 +168,14 @@ commands would.")
 (define-public i3-wm
   (package
     (name "i3-wm")
-    (version "4.13")
+    (version "4.14.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://i3wm.org/downloads/i3-"
                                   version ".tar.bz2"))
               (sha256
                (base32
-                "12ngz32swh9n85xy0cz1lq16aqi9ys5hq19v589q9a97wn1k3hcl"))))
+                "1cazmfbbx6n8c81h6x6pdayq3mxs2ml3adz165z8vapkc72kl1nh"))))
     (build-system gnu-build-system)
     (arguments
      `(#:make-flags
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index edb70a37a8..7ca4986a0e 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -560,6 +560,41 @@ xedit, for example.  The human factors crowd would agree it should make
 things less distracting.")
     (license license:public-domain)))
 
+(define-public xautomation
+  (package
+    (name "xautomation")
+    (version "1.09")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://www.hoopajoo.net/static/projects/"
+                           "xautomation-" version ".tar.gz"))
+
+       (sha256
+        (base32
+         "03azv5wpg65h40ip2kk1kdh58vix4vy1r9bihgsq59jx2rhjr3zf"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("libpng" ,libpng)
+       ("libx11" ,libx11)
+       ("libxi" ,libxi)
+       ("libxtst" ,libxtst)))
+    (native-inputs
+     `(("inputproto" ,inputproto)
+       ("xextproto" ,xextproto)
+       ("xproto" ,xproto)))
+    (synopsis "Tools to automate tasks in X such as detecting on screen images")
+    (description
+     "Xautomation can control X from the command line for scripts, and
+do visual scraping to find things on the screen.  The control interface
+allows mouse movement, clicking, button up/down, key up/down, etc, and
+uses the XTest extension so you don't have the annoying problems that
+xse has when apps ignore sent events.  The visgrep program can find
+images inside of images and reports the coordinates, allowing progams
+to find buttons, etc, on the screen to click on.")
+    (home-page "https://www.hoopajoo.net/projects/xautomation.html")
+    (license license:gpl2+)))
+
 (define-public xlockmore
   (package
     (name "xlockmore")
diff --git a/gnu/packages/xfce.scm b/gnu/packages/xfce.scm
index 35c425a89c..b936dc45d9 100644
--- a/gnu/packages/xfce.scm
+++ b/gnu/packages/xfce.scm
@@ -3,7 +3,7 @@
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2016 Florian Paul Schmidt <mista.tapas@gmx.net>
-;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Petter <petter@mykolab.ch>
 ;;;
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index f1b515703b..ff9862e4b9 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -16,6 +16,7 @@
 ;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Adriano Peluso <catonano@gmail.com>
 ;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net>
+;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -848,13 +849,13 @@ parsing/saving.")
 (define-public python-pyxb
   (package
     (name "python-pyxb")
-    (version "1.2.5")
+    (version "1.2.6")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "PyXB" version))
               (sha256
                (base32
-                "0rzzwibfqa28gxgcxx4cybx1qcg0g6fand06ykj3gz7z5kp653sf"))))
+                "1d17pyixbfvjyi2lb0cfp0ch8wwdf44mmg3r5pwqhyyqs66z601a"))))
     (build-system python-build-system)
     (home-page "http://pyxb.sourceforge.net/")
     (synopsis "Python XML Schema Bindings")
@@ -1170,14 +1171,14 @@ libxls cannot write Excel files.")
 (define-public freexl
   (package
     (name "freexl")
-    (version "1.0.2")
+    (version "1.0.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://www.gaia-gis.it/gaia-sins/"
                                   name  "-" version ".tar.gz"))
               (sha256
                (base32
-                "17a0yrjb0gln7819j0vp7y25imhvwpil2b0rm44mwgzml0a4i6mk"))))
+                "09bwzqjc41cc8qw8qkw9wq58rg9nax8r3fg19iny5vmw1c0z23sh"))))
     (build-system gnu-build-system)
     (home-page "https://www.gaia-gis.it/fossil/freexl/index")
     (synopsis "Read Excel files")
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index b72153894a..d66cf417f6 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -13,6 +13,7 @@
 ;;; Copyright © 2016, 2017 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
+;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -39,10 +40,12 @@
   #:use-module (guix build-system python)
   #:use-module (guix utils)
   #:use-module (gnu packages)
+  #:use-module (gnu packages anthy)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages emacs)
   #:use-module (gnu packages flex)
   #:use-module (gnu packages fontutils)
   #:use-module (gnu packages freedesktop)
@@ -54,6 +57,7 @@
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages image)
   #:use-module (gnu packages libbsd)
+  #:use-module (gnu packages libedit)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages llvm)
   #:use-module (gnu packages m4)
@@ -62,6 +66,7 @@
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
+  #:use-module (gnu packages qt)
   #:use-module (gnu packages spice)
   #:use-module (gnu packages video)
   #:use-module (gnu packages xiph)
@@ -2418,7 +2423,7 @@ including most mice, keyboards, tablets and touchscreens.")
 (define-public xf86-input-libinput
   (package
     (name "xf86-input-libinput")
-    (version "0.25.1")
+    (version "0.26.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2426,7 +2431,7 @@ including most mice, keyboards, tablets and touchscreens.")
                     name "-" version ".tar.bz2"))
               (sha256
                (base32
-                "1q67hjd67ni1nq7kgxdrrdgkyhzaqvvn2vlnsiiq9w4y3icpv7s8"))))
+                "0yrqs88b7yn9nljwlxzn76jfmvf0sh939kzij5b2jvr2qa7mbjmb"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags
@@ -2646,7 +2651,7 @@ as USB mice.")
 (define-public xf86-video-ati
   (package
     (name "xf86-video-ati")
-    (version "7.9.0")
+    (version "7.10.0")
     (source
       (origin
         (method url-fetch)
@@ -2656,7 +2661,7 @@ as USB mice.")
                ".tar.bz2"))
         (sha256
           (base32
-            "0xcq0lncb5p4sas5866qpkjyp1v8ksalw7m1gmqb3brhccp8gb9w"))))
+            "0yafix56vkqglw243cwb94nv91vbjv12sqh29x1bap0hwd1dclgf"))))
     (build-system gnu-build-system)
     (inputs `(("mesa" ,mesa)
               ("xxf86driproto" ,xf86driproto)
@@ -2885,8 +2890,8 @@ X server.")
 
 
 (define-public xf86-video-intel
-  (let ((commit "2100efa105e8c9615eda867d39471d78e500b1bb")
-        (revision "7"))
+  (let ((commit "c89905754b929f0421db7ea6d60b8942ccdbd8af")
+        (revision "8"))
     (package
       (name "xf86-video-intel")
       (version (string-append "2.99.917-" revision "-"
@@ -2900,7 +2905,7 @@ X server.")
                (commit commit)))
          (sha256
           (base32
-           "15fg844msmixsvlxcd5wm2awmns652sxcxj2wmp6819lr32lc4ir"))
+           "1xiyxhlq88vvgjavhxdkk933b5q7vm4jn6db144a6sqzifwaj672"))
          (file-name (string-append name "-" version))))
       (build-system gnu-build-system)
       (inputs `(("mesa" ,mesa)
@@ -5073,8 +5078,21 @@ over Xlib, including:
          (base32
           "162s1v901djr57gxmmk4airk8hiwcz79dqyz72972x1lw1k82yk7"))
         (patches
-         (search-patches "xorg-server-CVE-2017-10971.patch"
-                         "xorg-server-CVE-2017-10972.patch"))))
+         (cons
+          ;; See:
+          ;;   https://lists.fedoraproject.org/archives/list/devel@lists.
+          ;;      fedoraproject.org/message/JU655YB7AM4OOEQ4MOMCRHJTYJ76VFOK/
+          (origin
+            (method url-fetch)
+            (uri (string-append
+                  "http://pkgs.fedoraproject.org/cgit/rpms/xorg-x11-server.git"
+                  "/plain/06_use-intel-only-on-pre-gen4.diff"))
+            (sha256
+             (base32
+              "0mm70y058r8s9y9jiv7q2myv0ycnaw3iqzm7d274410s0ik38w7q"))
+            (file-name "xorg-server-use-intel-only-on-pre-gen4.diff"))
+          (search-patches "xorg-server-CVE-2017-10971.patch"
+                          "xorg-server-CVE-2017-10972.patch")))))
     (build-system gnu-build-system)
     (propagated-inputs
       `(("dri2proto" ,dri2proto)
@@ -5881,7 +5899,7 @@ basic eye-candy effects.")
 (define-public xpra
   (package
     (name "xpra")
-    (version "2.1.1")
+    (version "2.1.2")
     (source
      (origin
        (method url-fetch)
@@ -5889,7 +5907,7 @@ basic eye-candy effects.")
                            version ".tar.xz"))
        (sha256
         (base32
-         "0fgdddhafxnpjlw5nhfyfyimxp43hdn4yhp1vbsjrz3ypfsfhxq7"))))
+         "0a5ffs6gm7j7vzqdbhfmjn9z8qxm9m9as7a1vjmjx63yxv9jqihn"))))
     (build-system python-build-system)
     (inputs `(("ffmpeg", ffmpeg)
               ("flac", flac)
@@ -5970,3 +5988,96 @@ disconnect from these programs and reconnect from the same or another machine,
 without losing any state.  It can also be used to forward full desktops from
 X11 servers, Windows, or macOS.")
     (license license:gpl2+)))
+
+(define-public uim
+  (package
+    (name "uim")
+    (version "1.8.6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/uim/uim/releases/download/uim-"
+                           version "/uim-" version ".tar.bz2"))
+       (sha256
+        (base32
+         "0pr3rfqpxha8p6cxzdjsxbbmmr76riklzw36f68phd1zqw1sh7kv"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("anthy" ,anthy)
+       ("libedit" ,libedit)
+       ("libxft" ,libxft)
+       ("m17n-lib" ,m17n-lib)))
+    (native-inputs
+     `(("emacs" ,emacs-minimal)
+       ("intltool" ,intltool)
+       ("pkg-config" ,pkg-config)))
+    (arguments
+     `(#:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (guix build emacs-utils))
+       #:imported-modules (,@%gnu-build-system-modules
+                           (guix build emacs-utils))
+       #:configure-flags
+       (list "--with-anthy-utf8"
+             (string-append "--with-lispdir=" %output
+                            "/share/emacs/site-lisp/guix.d")
+             ;; Set proper runpath
+             (string-append "LDFLAGS=-Wl,-rpath=" %output "/lib"))
+       #:phases
+       (modify-phases %standard-phases
+         ;; Set path of uim-el-agent and uim-el-helper-agent executables
+         (add-after 'configure 'configure-uim-el
+           (lambda* (#:key outputs #:allow-other-keys)
+             (substitute* "emacs/uim-var.el"
+               (("\"(uim-el-agent|uim-el-helper-agent)\"" _ executable)
+                (string-append "\"" (assoc-ref outputs "out")
+                               "/bin/" executable "\"")))
+             #t))
+         ;; Generate emacs autoloads for uim.el
+         (add-after 'install 'make-autoloads
+           (lambda* (#:key outputs #:allow-other-keys)
+             (emacs-generate-autoloads
+              ,name (string-append (assoc-ref outputs "out")
+                                   "/share/emacs/site-lisp"))
+             #t)))))
+    (home-page "https://github.com/uim/uim")
+    (synopsis "Multilingual input method framework")
+    (description "Uim is a multilingual input method library and environment.
+It provides a simple, easily extensible and high code-quality input method
+development platform, and useful input method environment for users of desktop
+and embedded platforms.")
+    (license (list license:lgpl2.1+ ; scm/py.scm, pixmaps/*.{svg,png} (see pixmaps/README)
+                   license:gpl2+ ; scm/pinyin-big5.scm
+                   license:gpl3+ ; scm/elatin-rules.cm
+                   license:public-domain ; scm/input-parse.scm, scm/match.scm
+                   ;; gtk2/toolbar/eggtrayicon.{ch},
+                   ;; qt3/chardict/kseparator.{cpp,h},
+                   ;; qt3/pref/kseparator.{cpp,h}
+                   license:lgpl2.0+
+                   ;; pixmaps/*.{svg,png} (see pixmaps/README),
+                   ;; all other files
+                   license:bsd-3))))
+
+(define-public uim-gtk
+  (package
+    (inherit uim)
+    (name "uim-gtk")
+    (inputs
+     `(("gtk" ,gtk+)
+       ("gtk" ,gtk+-2)
+       ,@(package-inputs uim)))
+    (synopsis "Multilingual input method framework (GTK+ support)")))
+
+(define-public uim-qt
+  (package
+    (inherit uim)
+    (name "uim-qt")
+    (inputs
+     `(("qt" ,qt-4)
+       ,@(package-inputs uim)))
+    (arguments
+     (substitute-keyword-arguments (package-arguments uim)
+       ((#:configure-flags configure-flags)
+        (append configure-flags (list "--with-qt4-immodule"
+                                      "--with-qt4")))))
+    (synopsis "Multilingual input method framework (Qt support)")))