summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2017-02-10 17:40:25 +0100
committerLudovic Courtès <ludo@gnu.org>2017-02-10 17:40:25 +0100
commit768f0ac9dd9993827430d62d0f72a5020f476892 (patch)
tree600f7ca7cedb221147edfc92356e11bc6c56f311 /gnu
parent955ba55c6bf3a22264b56274ec22cad1551c1ce6 (diff)
parent49dbae548e92e0521ae125239282a04d8ea924cf (diff)
downloadguix-768f0ac9dd9993827430d62d0f72a5020f476892.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu')
-rw-r--r--gnu/build/activation.scm49
-rw-r--r--gnu/build/linux-container.scm40
-rw-r--r--gnu/build/shepherd.scm177
-rw-r--r--gnu/local.mk14
-rw-r--r--gnu/packages/admin.scm20
-rw-r--r--gnu/packages/bash.scm42
-rw-r--r--gnu/packages/bioinformatics.scm29
-rw-r--r--gnu/packages/bootloaders.scm332
-rw-r--r--gnu/packages/cdrom.scm6
-rw-r--r--gnu/packages/compression.scm76
-rw-r--r--gnu/packages/databases.scm106
-rw-r--r--gnu/packages/disk.scm18
-rw-r--r--gnu/packages/dns.scm4
-rw-r--r--gnu/packages/emacs.scm13
-rw-r--r--gnu/packages/firmware.scm136
-rw-r--r--gnu/packages/fonts.scm122
-rw-r--r--gnu/packages/games.scm70
-rw-r--r--gnu/packages/glib.scm46
-rw-r--r--gnu/packages/gnome.scm118
-rw-r--r--gnu/packages/gnunet.scm36
-rw-r--r--gnu/packages/grub.scm161
-rw-r--r--gnu/packages/gstreamer.scm4
-rw-r--r--gnu/packages/guile.scm15
-rw-r--r--gnu/packages/imagemagick.scm4
-rw-r--r--gnu/packages/irc.scm16
-rw-r--r--gnu/packages/ldc.scm89
-rw-r--r--gnu/packages/libidn.scm7
-rw-r--r--gnu/packages/linux.scm151
-rw-r--r--gnu/packages/lua.scm4
-rw-r--r--gnu/packages/mail.scm53
-rw-r--r--gnu/packages/maths.scm17
-rw-r--r--gnu/packages/music.scm49
-rw-r--r--gnu/packages/package-management.scm41
-rw-r--r--gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch32
-rw-r--r--gnu/packages/patches/libvpx-CVE-2016-2818.patch21
-rw-r--r--gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch42
-rw-r--r--gnu/packages/patches/p7zip-CVE-2016-9296.patch24
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-2615.patch52
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5578.patch39
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5579.patch44
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5856.patch68
-rw-r--r--gnu/packages/patches/vsearch-unbundle-cityhash.patch73
-rw-r--r--gnu/packages/python.scm137
-rw-r--r--gnu/packages/qemu.scm6
-rw-r--r--gnu/packages/rdesktop.scm73
-rw-r--r--gnu/packages/re2c.scm47
-rw-r--r--gnu/packages/rust.scm3
-rw-r--r--gnu/packages/shells.scm20
-rw-r--r--gnu/packages/statistics.scm58
-rw-r--r--gnu/packages/tls.scm11
-rw-r--r--gnu/packages/u-boot.scm137
-rw-r--r--gnu/packages/version-control.scm63
-rw-r--r--gnu/packages/video.scm79
-rw-r--r--gnu/packages/vim.scm4
-rw-r--r--gnu/packages/web.scm50
-rw-r--r--gnu/packages/webkit.scm4
-rw-r--r--gnu/packages/wget.scm8
-rw-r--r--gnu/packages/xdisorg.scm3
-rw-r--r--gnu/packages/xorg.scm10
-rw-r--r--gnu/services.scm25
-rw-r--r--gnu/services/base.scm7
-rw-r--r--gnu/services/networking.scm31
-rw-r--r--gnu/services/shepherd.scm2
-rw-r--r--gnu/system/file-systems.scm56
-rw-r--r--gnu/system/grub.scm4
-rw-r--r--gnu/system/install.scm4
-rw-r--r--gnu/system/linux-container.scm21
-rw-r--r--gnu/system/vm.scm2
-rw-r--r--gnu/tests/base.scm53
69 files changed, 2674 insertions, 704 deletions
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index d36eeafe47..beee56d437 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -28,7 +28,7 @@
             activate-user-home
             activate-etc
             activate-setuid-programs
-            activate-/bin/sh
+            activate-special-files
             activate-modprobe
             activate-firmware
             activate-ptrace-attach
@@ -80,16 +80,27 @@
   (member file '("." "..")))
 
 (define* (copy-account-skeletons home
-                                 #:optional (directory %skeleton-directory))
-  "Copy the account skeletons from DIRECTORY to HOME."
+                                 #:key
+                                 (directory %skeleton-directory)
+                                 uid gid)
+  "Copy the account skeletons from DIRECTORY to HOME.  When UID is an integer,
+make it the owner of all the files created; likewise for GID."
+  (define (set-owner file)
+    (when (or uid gid)
+      (chown file (or uid -1) (or gid -1))))
+
   (let ((files (scandir directory (negate dot-or-dot-dot?)
                         string<?)))
     (mkdir-p home)
+    (set-owner home)
     (for-each (lambda (file)
                 (let ((target (string-append home "/" file)))
                   (copy-recursively (string-append directory "/" file)
                                     target
                                     #:log (%make-void-port "w"))
+                  (for-each set-owner
+                            (find-files target (const #t)
+                                        #:directories? #t))
                   (make-file-writable target)))
               files)))
 
@@ -272,9 +283,14 @@ they already exist."
       ((name uid group supplementary-groups comment home create-home?
              shell password system?)
        (unless (or (not home) (directory-exists? home))
-         (mkdir-p home)
-         (unless system?
-           (copy-account-skeletons home))))))
+         (let* ((pw  (getpwnam name))
+                (uid (passwd:uid pw))
+                (gid (passwd:gid pw)))
+           (mkdir-p home)
+           (chown home uid gid)
+           (unless system?
+             (copy-account-skeletons home
+                                     #:uid uid #:gid gid)))))))
 
   (for-each ensure-user-home users))
 
@@ -362,10 +378,23 @@ copy SOURCE to TARGET."
 
   (for-each make-setuid-program programs))
 
-(define (activate-/bin/sh shell)
-  "Change /bin/sh to point to SHELL."
-  (symlink shell "/bin/sh.new")
-  (rename-file "/bin/sh.new" "/bin/sh"))
+(define (activate-special-files special-files)
+  "Install the files listed in SPECIAL-FILES.  Each element of SPECIAL-FILES
+is a pair where the first element is the name of the special file and the
+second element is the name it should appear at, such as:
+
+  ((\"/bin/sh\" \"/gnu/store/…-bash/bin/sh\")
+   (\"/usr/bin/env\" \"/gnu/store/…-coreutils/bin/env\"))
+"
+  (define install-special-file
+    (match-lambda
+      ((target file)
+       (let ((pivot (string-append target ".new")))
+         (mkdir-p (dirname target))
+         (symlink file pivot)
+         (rename-file pivot target)))))
+
+  (for-each install-special-file special-files))
 
 (define (activate-modprobe modprobe)
   "Tell the kernel to use MODPROBE to load modules."
diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm
index b71d6a5f88..95bfd92dde 100644
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
+;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -32,7 +33,8 @@
             %namespaces
             run-container
             call-with-container
-            container-excursion))
+            container-excursion
+            container-excursion*))
 
 (define (user-namespace-supported?)
   "Return #t if user namespaces are supported on this system."
@@ -128,13 +130,19 @@ for the process."
               "/dev/fuse"))
 
   ;; Setup the container's /dev/console by bind mounting the pseudo-terminal
-  ;; associated with standard input.
-  (let ((in      (current-input-port))
-        (console (scope "/dev/console")))
-    (when (isatty? in)
+  ;; associated with standard input when there is one.
+  (let* ((in      (current-input-port))
+         (tty     (catch 'system-error
+                    (lambda ()
+                      ;; This call throws if IN does not correspond to a tty.
+                      ;; This is more reliable than 'isatty?'.
+                      (ttyname in))
+                    (const #f)))
+         (console (scope "/dev/console")))
+    (when tty
       (touch console)
       (chmod console #o600)
-      (bind-mount (ttyname in) console)))
+      (bind-mount tty console)))
 
   ;; Setup standard input/output/error.
   (symlink "/proc/self/fd"   (scope "/dev/fd"))
@@ -229,6 +237,8 @@ host user identifiers to map into the user namespace."
                                                                namespaces)))
                     (lambda args
                       ;; Forward the exception to the parent process.
+                      ;; FIXME: SRFI-35 conditions and non-trivial objects
+                      ;; cannot be 'read' so they shouldn't be written as is.
                       (write args child)
                       (primitive-exit 3))))
                 ;; TODO: Manage capabilities.
@@ -318,3 +328,21 @@ return the exit status."
      (match (waitpid pid)
        ((_ . status)
         (status:exit-val status))))))
+
+(define (container-excursion* pid thunk)
+  "Like 'container-excursion', but return the return value of THUNK."
+  (match (pipe)
+    ((in . out)
+     (match (container-excursion pid
+              (lambda ()
+                (close-port in)
+                (write (thunk) out)))
+       (0
+        (close-port out)
+        (let ((result (read in)))
+          (close-port in)
+          result))
+       (_                                         ;maybe PID died already
+        (close-port out)
+        (close-port in)
+        #f)))))
diff --git a/gnu/build/shepherd.scm b/gnu/build/shepherd.scm
new file mode 100644
index 0000000000..8fc74bc482
--- /dev/null
+++ b/gnu/build/shepherd.scm
@@ -0,0 +1,177 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu build shepherd)
+  #:use-module (gnu system file-systems)
+  #:use-module (gnu build linux-container)
+  #:use-module (guix build utils)
+  #:use-module (srfi srfi-1)
+  #:use-module (ice-9 match)
+  #:export (make-forkexec-constructor/container))
+
+;;; Commentary:
+;;;
+;;; This module provides extensions to the GNU Shepherd.  In particular, it
+;;; provides a helper to start services in a container.
+;;;
+;;; Code:
+
+(define (clean-up file)
+  (when file
+    (catch 'system-error
+      (lambda ()
+        (delete-file file))
+      (lambda args
+        (unless (= ENOENT (system-error-errno args))
+          (apply throw args))))))
+
+(define-syntax-rule (catch-system-error exp)
+  (catch 'system-error
+    (lambda ()
+      exp)
+    (const #f)))
+
+(define (default-namespaces args)
+  ;; Most daemons are here to talk to the network, and most of them expect to
+  ;; run under a non-zero UID.
+  (fold delq %namespaces '(net user)))
+
+(define* (default-mounts #:key (namespaces (default-namespaces '())))
+  (define (tmpfs directory)
+    (file-system
+      (device "none")
+      (title 'device)
+      (mount-point directory)
+      (type "tmpfs")
+      (check? #f)))
+
+  (define passwd
+    ;; This is for processes in the default user namespace but living in a
+    ;; different mount namespace, so that they can lookup users.
+    (file-system-mapping
+     (source "/etc/passwd") (target source)))
+
+  (define nscd-socket
+    (file-system-mapping
+     (source "/var/run/nscd") (target source)
+     (writable? #t)))
+
+  (append (cons (tmpfs "/tmp") %container-file-systems)
+          (let ((mappings `(,@(if (memq 'net namespaces)
+                                  '()
+                                  (cons nscd-socket
+                                        %network-file-mappings))
+                            ,@(if (and (memq 'mnt namespaces)
+                                       (not (memq 'user namespaces)))
+                                  (list passwd)
+                                  '())
+                            ,%store-mapping)))    ;XXX: coarse-grain
+            (map file-system-mapping->bind-mount
+                 (filter (lambda (mapping)
+                           (file-exists? (file-system-mapping-source mapping)))
+                         mappings)))))
+
+;; XXX: Lazy-bind the Shepherd to avoid a compile-time dependency.
+(module-autoload! (current-module)
+                  '(shepherd service) '(read-pid-file exec-command))
+
+(define* (read-pid-file/container pid pid-file #:key (max-delay 5))
+  "Read PID-FILE in the container namespaces of PID, which exists in a
+separate mount and PID name space.  Return the \"outer\" PID. "
+  (match (container-excursion* pid
+           (lambda ()
+             (read-pid-file pid-file
+                            #:max-delay max-delay)))
+    (#f
+     (catch-system-error (kill pid SIGTERM))
+     #f)
+    ((? integer? container-pid)
+     ;; XXX: When COMMAND is started in a separate PID namespace, its
+     ;; PID is always 1, but that's not what Shepherd needs to know.
+     pid)))
+
+(define* (make-forkexec-constructor/container command
+                                              #:key
+                                              (namespaces
+                                               (default-namespaces args))
+                                              (mappings '())
+                                              (user #f)
+                                              (group #f)
+                                              (log-file #f)
+                                              pid-file
+                                              (pid-file-timeout 5)
+                                              (directory "/")
+                                              (environment-variables
+                                               (environ))
+                                              #:rest args)
+  "This is a variant of 'make-forkexec-constructor' that starts COMMAND in
+NAMESPACES, a list of Linux namespaces such as '(mnt ipc).  MAPPINGS is the
+list of <file-system-mapping> to make in the case of a separate mount
+namespace, in addition to essential bind-mounts such /proc."
+  (define container-directory
+    (match command
+      ((program _  ...)
+       (string-append "/var/run/containers/" (basename program)))))
+
+  (define auto-mappings
+    `(,@(if log-file
+            (list (file-system-mapping
+                   (source log-file)
+                   (target source)
+                   (writable? #t)))
+            '())))
+
+  (define mounts
+    (append (map file-system-mapping->bind-mount
+                 (append auto-mappings mappings))
+            (default-mounts #:namespaces namespaces)))
+
+  (lambda args
+    (mkdir-p container-directory)
+
+    (when log-file
+      ;; Create LOG-FILE so we can map it in the container.
+      (unless (file-exists? log-file)
+        (call-with-output-file log-file (const #t))))
+
+    (let ((pid (run-container container-directory
+                              mounts namespaces 1
+                              (lambda ()
+                                (mkdir-p "/var/run")
+                                (clean-up pid-file)
+                                (clean-up log-file)
+
+                                (exec-command command
+                                              #:user user
+                                              #:group group
+                                              #:log-file log-file
+                                              #:directory directory
+                                              #:environment-variables
+                                              environment-variables)))))
+      (if pid-file
+          (if (or (memq 'mnt namespaces) (memq 'pid namespaces))
+              (read-pid-file/container pid pid-file
+                                       #:max-delay pid-file-timeout)
+              (read-pid-file pid-file #:max-delay pid-file-timeout))
+          pid))))
+
+;; Local Variables:
+;; eval: (put 'container-excursion* 'scheme-indent-function 1)
+;; End:
+
+;;; shepherd.scm ends here
diff --git a/gnu/local.mk b/gnu/local.mk
index ad3be4b135..753c0ef053 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -4,7 +4,7 @@
 # Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
 # Copyright © 2013, 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 # Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
-# Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+# Copyright © 2016, 2017 Kei Kebreau <kei@openmailbox.org>
 # Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
 # Copyright © 2016 Adonay "adfeno" Felipe Nogueira <https://libreplanet.org/wiki/User:Adfeno> <adfeno@openmailbox.org>
 # Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
@@ -64,6 +64,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/bittorrent.scm			\
   %D%/packages/bison.scm			\
   %D%/packages/boost.scm			\
+  %D%/packages/bootloaders.scm			\
   %D%/packages/bootstrap.scm			\
   %D%/packages/busybox.scm			\
   %D%/packages/c.scm				\
@@ -170,7 +171,6 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/graphics.scm			\
   %D%/packages/graphviz.scm			\
   %D%/packages/groff.scm			\
-  %D%/packages/grub.scm				\
   %D%/packages/gsasl.scm			\
   %D%/packages/gstreamer.scm			\
   %D%/packages/gtk.scm				\
@@ -318,6 +318,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/ratpoison.scm			\
   %D%/packages/rdesktop.scm			\
   %D%/packages/rdf.scm				\
+  %D%/packages/re2c.scm				\
   %D%/packages/readline.scm			\
   %D%/packages/regex.scm				\
   %D%/packages/rrdtool.scm			\
@@ -372,7 +373,6 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/unrtf.scm			\
   %D%/packages/upnp.scm				\
   %D%/packages/uucp.scm				\
-  %D%/packages/u-boot.scm			\
   %D%/packages/valgrind.scm			\
   %D%/packages/version-control.scm		\
   %D%/packages/video.scm			\
@@ -450,6 +450,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/build/linux-initrd.scm			\
   %D%/build/linux-modules.scm			\
   %D%/build/marionette.scm			\
+  %D%/build/shepherd.scm			\
   %D%/build/svg.scm				\
   %D%/build/vm.scm				\
 						\
@@ -603,6 +604,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/grub-gets-undeclared.patch		\
   %D%/packages/patches/grub-freetype.patch			\
   %D%/packages/patches/gsl-test-i686.patch			\
+  %D%/packages/patches/gst-plugins-base-fix-test-on-32bit.patch	\
   %D%/packages/patches/guile-1.8-cpp-4.5.patch			\
   %D%/packages/patches/guile-arm-fixes.patch			\
   %D%/packages/patches/guile-default-utf8.patch			\
@@ -771,6 +773,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/ninja-zero-mtime.patch			\
   %D%/packages/patches/node-9077.patch				\
   %D%/packages/patches/nss-pkgconfig.patch			\
+  %D%/packages/patches/ntfs-3g-CVE-2017-0358.patch		\
   %D%/packages/patches/nvi-assume-preserve-path.patch		\
   %D%/packages/patches/nvi-dbpagesize-binpower.patch		\
   %D%/packages/patches/nvi-db4.patch				\
@@ -793,6 +796,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/openssl-c-rehash-in.patch		\
   %D%/packages/patches/orpheus-cast-errors-and-includes.patch	\
   %D%/packages/patches/ots-no-include-missing-file.patch	\
+  %D%/packages/patches/p7zip-CVE-2016-9296.patch			\
   %D%/packages/patches/p7zip-remove-unused-code.patch		\
   %D%/packages/patches/patchelf-page-size.patch			\
   %D%/packages/patches/patchelf-rework-for-arm.patch		\
@@ -855,9 +859,13 @@ dist_patch_DATA =						\
   %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \
   %D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch	\
   %D%/packages/patches/qemu-CVE-2016-10155.patch			\
+  %D%/packages/patches/qemu-CVE-2017-2615.patch			\
   %D%/packages/patches/qemu-CVE-2017-5525.patch			\
   %D%/packages/patches/qemu-CVE-2017-5526.patch			\
   %D%/packages/patches/qemu-CVE-2017-5552.patch			\
+  %D%/packages/patches/qemu-CVE-2017-5578.patch			\
+  %D%/packages/patches/qemu-CVE-2017-5579.patch			\
+  %D%/packages/patches/qemu-CVE-2017-5856.patch			\
   %D%/packages/patches/qt4-ldflags.patch			\
   %D%/packages/patches/quickswitch-fix-dmenu-check.patch	\
   %D%/packages/patches/rapicorn-isnan.patch			\
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index f286a8a34f..dabb6cae74 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -474,7 +474,7 @@ connection alive.")
          (bind-minor-version "9")
          (bind-patch-version "9")
          (bind-release-type "-P")         ; for patch release, use "-P"
-         (bind-release-version "5")      ; for patch release, e.g. "4"
+         (bind-release-version "6")      ; for patch release, e.g. "6"
          (bind-version (string-append bind-major-version
                                       "."
                                       bind-minor-version
@@ -590,7 +590,7 @@ connection alive.")
                                         "/bind-" bind-version ".tar.gz"))
                     (sha256
                      (base32
-                      "1yn15chkfqf4d7961ip2x10jm27a9wqymz2xqh0a2g89arrirkaw"))))
+                      "1qf9j0nyqx0qy871mj22xh4dg0n1pqlv94lpiijb8vr7n7m3svhr"))))
 
                 ;; When cross-compiling, we need the cross Coreutils and sed.
                 ;; Otherwise just use those from %FINAL-INPUTS.
@@ -639,18 +639,8 @@ network statistics collection, security monitoring, network debugging, etc.")
     (version "4.9.0")
     (source (origin
               (method url-fetch)
-              ;; We use this Debian URL while the upstream URL is still
-              ;; officially private. This is the result of a botched
-              ;; coordinated release of tcpdump 4.9.0. I verified with
-              ;; the tcpdump maintainers that the upstream URL provides
-              ;; the same data as this Debian URL.
-              (uri
-                (list
-                  (string-append "http://http.debian.net/debian/pool/main/t/"
-                                  name "/" name "_" version ".orig.tar.gz")
-                  (string-append "http://www.tcpdump.org/release/tcpdump-"
-                                 version ".tar.gz")))
-              (file-name (string-append name "-" version ".tar.gz"))
+              (uri (string-append "http://www.tcpdump.org/release/tcpdump-"
+                                  version ".tar.gz"))
               (sha256
                (base32
                 "0pjsxsy8l71i813sa934cwf1ryp9xbr7nxwsvnzavjdirchq3sga"))))
@@ -1715,7 +1705,7 @@ throughput (in the same interval).")
        ("python-decorator" ,python-decorator)
        ("python-psutil" ,python-psutil)
        ("python-six" ,python-six)))
-    (inputs
+    (native-inputs
      ;; Requires setuptools >= 17.1 due to some features used, while our
      ;; python currently only includes 12.0. TODO: Remove this input.
      `(("python-setuptools" ,python-setuptools)))
diff --git a/gnu/packages/bash.scm b/gnu/packages/bash.scm
index d5e3549573..ec9f83519f 100644
--- a/gnu/packages/bash.scm
+++ b/gnu/packages/bash.scm
@@ -29,6 +29,9 @@
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix utils)
+  #:use-module (guix gexp)
+  #:use-module (guix monads)
+  #:use-module (guix store)
   #:use-module (guix build-system gnu)
   #:autoload   (guix gnupg) (gnupg-verify*)
   #:autoload   (guix hash) (port-sha256)
@@ -107,6 +110,7 @@ number/base32-hash tuples, directly usable in the 'patch-series' form."
          (version "4.4"))
     (package
      (name "bash")
+     (replacement bash/fixed)
      (source (origin
               (method url-fetch)
               (uri (string-append
@@ -200,6 +204,7 @@ without modification.")
   ;; A stripped-down Bash for non-interactive use.
   (package (inherit bash)
     (name "bash-minimal")
+    (replacement #f) ;not vulnerable to CVE-2017-5932 since it lacks completion
     (inputs '())                                ; no readline, no curses
 
     ;; No "include" output because there's no support for loadable modules.
@@ -255,6 +260,43 @@ without modification.")
                    (delete-file-recursively (string-append out "/share"))
                    #t))))))))))
 
+(define* (url-fetch/reset-patch-level url hash-algo hash
+                                      #:optional name
+                                      #:key (system (%current-system)) guile)
+  "Fetch the Bash patch from URL and reset its 'PATCHLEVEL' definition so it
+can apply to a patch-level 0 Bash."
+  (mlet* %store-monad ((name -> (or name (basename url)))
+                       (patch (url-fetch url hash-algo hash
+                                         (string-append name ".orig")
+                                         #:system system
+                                         #:guile guile)))
+    (gexp->derivation name
+                      (with-imported-modules '((guix build utils))
+                        #~(begin
+                            (use-modules (guix build utils))
+                            (copy-file #$patch #$output)
+                            (substitute* #$output
+                              (("PATCHLEVEL [0-6]+")
+                               "PATCHLEVEL 0"))))
+                      #:guile-for-build guile
+                      #:system system)))
+
+(define bash/fixed                        ;CVE-2017-5932 (RCE with completion)
+  (package
+    (inherit bash)
+    (version "4.4.A")                             ;4.4.0 + patch #7
+    (replacement #f)
+    (source
+     (origin
+       (inherit (package-source bash))
+       (patches (cons (origin
+                        (method url-fetch/reset-patch-level)
+                        (uri (patch-url 7))
+                        (sha256
+                         (base32
+                          "1bzdsnqaf05gdbqpsixhan8vygjxpcxlz1dd8d9f5jdznw3wq76y")))
+                      (origin-patches (package-source bash))))))))
+
 (define-public bash-completion
   (package
     (name "bash-completion")
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index d7089959ea..a448b51c6c 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -5748,7 +5748,7 @@ track.  The database is exposed as a @code{TxDb} object.")
 (define-public vsearch
   (package
     (name "vsearch")
-    (version "2.3.4")
+    (version "2.4.0")
     (source
      (origin
        (method url-fetch)
@@ -5758,31 +5758,12 @@ track.  The database is exposed as a @code{TxDb} object.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1xyraxmhyx62mxx8z7c8waygvcijwkh48ms1ar60w2cv2y2sn4al"))
-       (modules '((guix build utils)))
+         "007q9a50hdw4vs2iajabvbw7qccml4r8cbqzyi5ipkkf42jk3vnr"))
+       (patches (search-patches "vsearch-unbundle-cityhash.patch"))
        (snippet
         '(begin
-           ;; Remove bundled cityhash and '-mtune=native'.
-           (substitute* "src/Makefile.am"
-             (("^AM_CXXFLAGS=-I\\$\\{srcdir\\}/cityhash \
--O3 -mtune=native -Wall -Wsign-compare")
-              (string-append "AM_CXXFLAGS=-lcityhash"
-                             " -O3 -Wall -Wsign-compare"))
-             (("^__top_builddir__bin_vsearch_SOURCES = city.h \\\\")
-              "__top_builddir__bin_vsearch_SOURCES = \\")
-             (("^city.h \\\\") "\\")
-             (("^citycrc.h \\\\") "\\")
-             (("^libcityhash_a.*") "")
-             (("noinst_LIBRARIES = libcpu_sse2.a libcpu_ssse3.a \
-libcityhash.a")
-              "noinst_LIBRARIES = libcpu_sse2.a libcpu_ssse3.a")
-             (("__top_builddir__bin_vsearch_LDADD = libcpu_ssse3.a \
-libcpu_sse2.a libcityhash.a")
-              "__top_builddir__bin_vsearch_LDADD = libcpu_ssse3.a \
-libcpu_sse2.a -lcityhash"))
-           (substitute* "src/vsearch.h"
-             (("^\\#include \"city.h\"") "#include <city.h>")
-             (("^\\#include \"citycrc.h\"") "#include <citycrc.h>"))
+           ;; Remove bundled cityhash sources.  The vsearch source is adjusted
+           ;; for this in the patch.
            (delete-file "src/city.h")
            (delete-file "src/citycrc.h")
            (delete-file "src/city.cc")
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
new file mode 100644
index 0000000000..16cb7b4c0b
--- /dev/null
+++ b/gnu/packages/bootloaders.scm
@@ -0,0 +1,332 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2016, 2017 Danny Milosavljevic <dannym@scratchpost.org>
+;;; Copyright © 2016, 2017 David Craven <david@craven.ch>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages bootloaders)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages admin)
+  #:use-module ((gnu packages algebra) #:select (bc))
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages flex)
+  #:use-module (gnu packages disk)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages cdrom)
+  #:use-module (gnu packages cross-base)
+  #:use-module (gnu packages disk)
+  #:use-module (gnu packages flex)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages gettext)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages man)
+  #:use-module (gnu packages ncurses)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages qemu)
+  #:use-module (gnu packages texinfo)
+  #:use-module (guix build-system gnu)
+  #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix utils))
+
+(define unifont
+  ;; GNU Unifont, <http://gnu.org/s/unifont>.
+  ;; GRUB needs it for its graphical terminal, gfxterm.
+  (origin
+    (method url-fetch)
+    (uri
+     "http://unifoundry.com/pub/unifont-7.0.06/font-builds/unifont-7.0.06.bdf.gz")
+    (sha256
+     (base32
+      "0p2vhnc18cnbmb39vq4m7hzv4mhnm2l0a2s7gx3ar277fwng3hys"))))
+
+(define-public grub
+  (package
+    (name "grub")
+    (version "2.02rc1")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append
+                   "ftp://alpha.gnu.org/gnu/grub/grub-"
+                   "2.02~rc1"
+                   ".tar.xz"))
+             (file-name (string-append name "-" version ".tar.xz"))
+             (sha256
+              (base32
+               "0y02v19x9sb5jvj740f604vvi5j1rx8pily1jk0l64bdp7lkjlj4"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (add-after 'unpack 'patch-stuff
+                   (lambda* (#:key inputs #:allow-other-keys)
+                     (substitute* "grub-core/Makefile.in"
+                       (("/bin/sh") (which "sh")))
+
+                     ;; Give the absolute file name of 'mdadm', used to
+                     ;; determine the root file system when it's a RAID
+                     ;; device.  Failing to do that, 'grub-probe' silently
+                     ;; fails if 'mdadm' is not in $PATH.
+                     (substitute* "grub-core/osdep/linux/getroot.c"
+                       (("argv\\[0\\] = \"mdadm\"")
+                        (string-append "argv[0] = \""
+                                       (assoc-ref inputs "mdadm")
+                                       "/sbin/mdadm\"")))
+
+                     ;; Make the font visible.
+                     (copy-file (assoc-ref inputs "unifont") "unifont.bdf.gz")
+                     (system* "gunzip" "unifont.bdf.gz")
+                     #t)))))
+    (inputs
+     `(("gettext" ,gettext-minimal)
+
+       ;; Depend on LVM2 for libdevmapper, used by 'grub-probe' and
+       ;; 'grub-install' to recognize mapped devices (LUKS, etc.)
+       ("lvm2" ,lvm2)
+
+       ;; Depend on mdadm, which is invoked by 'grub-probe' and 'grub-install'
+       ;; to determine whether the root file system is RAID.
+       ("mdadm" ,mdadm)
+
+       ("freetype" ,freetype)
+       ;; ("libusb" ,libusb)
+       ;; ("fuse" ,fuse)
+       ("ncurses" ,ncurses)))
+    (native-inputs
+     `(("unifont" ,unifont)
+       ("bison" ,bison)
+       ("flex" ,flex)
+       ("texinfo" ,texinfo)
+       ("help2man" ,help2man)
+
+       ;; Dependencies for the test suite.  The "real" QEMU is needed here,
+       ;; because several targets are used.
+       ("parted" ,parted)
+       ("qemu" ,qemu-minimal)
+       ("xorriso" ,xorriso)))
+    (home-page "https://www.gnu.org/software/grub/")
+    (synopsis "GRand Unified Boot loader")
+    (description
+     "GRUB is a multiboot bootloader.  It is used for initially loading the
+kernel of an operating system and then transferring control to it.  The kernel
+then goes on to load the rest of the operating system.  As a multiboot
+bootloader, GRUB handles the presence of multiple operating systems installed
+on the same computer; upon booting the computer, the user is presented with a
+menu to select one of the installed operating systems.")
+    (license license:gpl3+)
+    (properties '((cpe-name . "grub2")))))
+
+(define-public grub-efi
+  (package
+    (inherit grub)
+    (name "grub-efi")
+    (synopsis "GRand Unified Boot loader (UEFI version)")
+    (inputs
+     `(("efibootmgr" ,efibootmgr)
+       ,@(package-inputs grub)))
+    (arguments
+     `(;; TODO: Tests need a UEFI firmware for qemu. There is one at
+       ;; https://github.com/tianocore/edk2/tree/master/OvmfPkg .
+       ;; Search for 'OVMF' in "tests/util/grub-shell.in".
+       #:tests? #f
+       ,@(substitute-keyword-arguments (package-arguments grub)
+           ((#:configure-flags flags ''())
+            `(cons "--with-platform=efi" ,flags))
+           ((#:phases phases)
+            `(modify-phases ,phases
+               (add-after 'patch-stuff 'use-absolute-efibootmgr-path
+                 (lambda* (#:key inputs #:allow-other-keys)
+                   (substitute* "grub-core/osdep/unix/platform.c"
+                     (("efibootmgr")
+                      (string-append (assoc-ref inputs "efibootmgr")
+                                     "/sbin/efibootmgr")))
+                   #t)))))))))
+
+(define-public syslinux
+  (let ((commit "bb41e935cc83c6242de24d2271e067d76af3585c"))
+    (package
+      (name "syslinux")
+      (version (git-version "6.04-pre" "1" commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/geneC/syslinux")
+                      (commit commit)))
+                (file-name (git-file-name name version))
+                (sha256
+                 (base32
+                  "0k8dvafd6410kqxf3kyr4y8jzmpmrih6wbjqg6gklak7945yflrc"))))
+      (build-system gnu-build-system)
+      (native-inputs
+       `(("nasm" ,nasm)
+         ("perl" ,perl)
+         ("python-2" ,python-2)))
+      (inputs
+       `(("libuuid" ,util-linux)))
+      (arguments
+       `(#:parallel-build? #f
+         #:make-flags
+         (list (string-append "BINDIR=" %output "/bin")
+               (string-append "SBINDIR=" %output "/sbin")
+               (string-append "LIBDIR=" %output "/lib")
+               (string-append "INCDIR=" %output "/include")
+               (string-append "DATADIR=" %output "/share")
+               (string-append "MANDIR=" %output "/share/man")
+               "PERL=perl"
+               "bios")
+         #:phases
+         (modify-phases %standard-phases
+           (add-after 'unpack 'patch-files
+             (lambda _
+               (substitute* (find-files "." "Makefile.*|ppmtolss16")
+                 (("/bin/pwd") (which "pwd"))
+                 (("/bin/echo") (which "echo"))
+                 (("/usr/bin/perl") (which "perl")))
+               #t))
+           (delete 'configure)
+           (add-before 'build 'set-permissions
+             (lambda _
+               (zero? (system* "chmod" "a+w" "utils/isohybrid.in"))))
+           (replace 'check
+             (lambda _
+               (setenv "CC" "gcc")
+               (substitute* "tests/unittest/include/unittest/unittest.h"
+                 ;; Don't look up headers under /usr.
+                 (("/usr/include/") ""))
+               (zero? (system* "make" "unittest")))))))
+      (home-page "http://www.syslinux.org")
+      (synopsis "Lightweight Linux bootloader")
+      (description "Syslinux is a lightweight Linux bootloader.")
+      (license (list license:gpl2+
+                     license:bsd-3 ; gnu-efi/*
+                     license:bsd-4 ; gnu-efi/inc/* gnu-efi/lib/*
+                     ;; Also contains:
+                     license:expat license:isc license:zlib)))))
+
+(define-public dtc
+  (package
+    (name "dtc")
+    (version "1.4.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://www.kernel.org/pub/software/utils/dtc/"
+                    "dtc-" version ".tar.xz"))
+              (sha256
+               (base32
+                "1b7si8niyca4wxbfah3qw4p4wli81mc1qwfhaswvrfqahklnwi8k"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("bison" ,bison)
+       ("flex" ,flex)))
+    (arguments
+     `(#:make-flags
+       (list "CC=gcc"
+             (string-append "PREFIX=" (assoc-ref %outputs "out"))
+             "INSTALL=install")
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure))))
+    (home-page "https://www.devicetree.org")
+    (synopsis "Compiles device tree source files")
+    (description "@command{dtc} compiles
+@uref{http://elinux.org/Device_Tree_Usage, device tree source files} to device
+tree binary files.  These are board description files used by Linux and BSD.")
+    (license license:gpl2+)))
+
+(define u-boot
+  (package
+    (name "u-boot")
+    (version "2017.01")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "ftp://ftp.denx.de/pub/u-boot/"
+                    "u-boot-" version ".tar.bz2"))
+              (sha256
+               (base32
+                "1wpc51jm3zyibgcr78jng2yksqvrya76bxgsr4pcyjrsz5sm2hkc"))))
+    (native-inputs
+     `(("bc" ,bc)
+       ("dtc" ,dtc)
+       ("python-2" ,python-2)))
+    (build-system  gnu-build-system)
+    (home-page "http://www.denx.de/wiki/U-Boot/")
+    (synopsis "ARM bootloader")
+    (description "U-Boot is a bootloader used mostly for ARM boards. It
+also initializes the boards (RAM etc).")
+    (license license:gpl2+)))
+
+(define (make-u-boot-package board triplet)
+  "Returns a u-boot package for BOARD cross-compiled for TRIPLET."
+  (package
+    (inherit u-boot)
+    (name (string-append "u-boot-" (string-downcase board)))
+    (native-inputs
+     `(("cross-gcc" ,(cross-gcc triplet))
+       ("cross-binutils" ,(cross-binutils triplet))
+       ,@(package-native-inputs u-boot)))
+    (arguments
+     `(#:modules ((ice-9 ftw) (guix build utils) (guix build gnu-build-system))
+       #:test-target "test"
+       #:make-flags
+       (list "HOSTCC=gcc" (string-append "CROSS_COMPILE=" ,triplet "-"))
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda* (#:key outputs make-flags #:allow-other-keys)
+             (let ((config-name (string-append ,board "_defconfig")))
+               (if (file-exists? (string-append "configs/" config-name))
+                   (zero? (apply system* "make" `(,@make-flags ,config-name)))
+                   (begin
+                     (display "Invalid board name. Valid board names are:")
+                     (let ((suffix-len (string-length "_defconfig")))
+                       (scandir "configs"
+                                (lambda (file-name)
+                                  (when (string-suffix? "_defconfig" file-name)
+                                    (format #t
+                                            "- ~A\n"
+                                            (string-drop-right file-name
+                                                               suffix-len))))))
+                     #f)))))
+         (replace 'install
+           (lambda* (#:key outputs make-flags #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (libexec (string-append out "/libexec"))
+                    (uboot-files (find-files "." ".*\\.(bin|efi|spl)$")))
+               (mkdir-p libexec)
+               (for-each
+                (lambda (file)
+                  (let ((target-file (string-append libexec "/" file)))
+                    (mkdir-p (dirname target-file))
+                    (copy-file file target-file)))
+                uboot-files)))))))))
+
+(define-public u-boot-vexpress
+  (make-u-boot-package "vexpress_ca9x4" "arm-linux-gnueabihf"))
+
+(define-public u-boot-malta
+  (make-u-boot-package "malta" "mips64el-linux-gnuabi64"))
+
+(define-public u-boot-beagle-bone-black
+  (make-u-boot-package "am335x_boneblack" "arm-linux-gnueabihf"))
diff --git a/gnu/packages/cdrom.scm b/gnu/packages/cdrom.scm
index 44f4eb035a..293bf16ade 100644
--- a/gnu/packages/cdrom.scm
+++ b/gnu/packages/cdrom.scm
@@ -3,7 +3,7 @@
 ;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
 ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
-;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
 ;;;
@@ -294,7 +294,7 @@ from an audio CD.")
 (define-public abcde
   (package
     (name "abcde")
-    (version "2.7.2")
+    (version "2.8.1")
     (home-page "https://abcde.einval.com/")
     (source (origin
               (method url-fetch)
@@ -302,7 +302,7 @@ from an audio CD.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1pakpi41k8yd780mfp0snhia6mmwjwxk9lcrq6gynimch8b8hfda"))
+                "0f9bjs0phk23vry7gvh0cll9vl6kmc1y4fwwh762scfdvpbp3774"))
               (modules '((guix build utils)))
               (snippet
                '(substitute* "Makefile"
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index e0eca4ef9f..81e95c70e5 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -14,6 +14,7 @@
 ;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
 ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -38,6 +39,7 @@
   #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system perl)
+  #:use-module (guix build-system python)
   #:use-module (gnu packages)
   #:use-module (gnu packages assembly)
   #:use-module (gnu packages autotools)
@@ -45,6 +47,7 @@
   #:use-module (gnu packages base)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages python)
   #:use-module (gnu packages valgrind)
   #:use-module (ice-9 match)
   #:use-module ((srfi srfi-1) #:select (last)))
@@ -362,6 +365,44 @@ LZO is written in ANSI C.  Both the source code and the compressed data
 format are designed to be portable across platforms.")
     (license license:gpl2+)))
 
+(define-public python-lzo
+  (package
+    (name "python-lzo")
+    (version "1.11")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "python-lzo" version))
+       (sha256
+        (base32
+         "11p3ifg14p086byhhin6azx5svlkg8dzw2b5abixik97xd6fm81q"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:test-target "check"
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-setuppy
+           (lambda _
+             (substitute* "setup.py"
+               (("include_dirs.append\\(.*\\)")
+                (string-append "include_dirs.append('"
+                               (assoc-ref %build-inputs "lzo")
+                               "/include/lzo"
+                               "')")))
+             #t)))))
+    (inputs
+     `(("lzo" ,lzo)))
+    (home-page "https://github.com/jd-boyd/python-lzo")
+    (synopsis "Python bindings for the LZO data compression library")
+    (description
+     "Python-LZO provides Python bindings for LZO, i.e. you can access
+the LZO library from your Python scripts thereby compressing ordinary
+Python strings.")
+    (license license:gpl2+)))
+
+(define-public python2-lzo
+  (package-with-python2 python-lzo))
+
 (define-public lzop
   (package
     (name "lzop")
@@ -633,6 +674,31 @@ time for compression ratio.")
     ;; line interface programs (lz4, fullbench, fuzzer, datagen) are GPL2+.
     (license (list license:bsd-2 license:gpl2+))))
 
+(define-public python-lz4
+  (package
+    (name "python-lz4")
+    (version "0.8.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "lz4" version))
+       (sha256
+        (base32
+         "1irad4sq4hdr30fr53smvv3zzk4rddcf9b4jx19w8s9xsxhr1x3b"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-nose" ,python-nose)))
+    (home-page "https://github.com/python-lz4/python-lz4")
+    (synopsis "LZ4 Bindings for Python")
+    (description
+     "This package provides python bindings for the lz4 compression library
+by Yann Collet.  The project contains bindings for the LZ4 block format and
+the LZ4 frame format.")
+    (license license:bsd-3)))
+
+(define-public python2-lz4
+  (package-with-python2 python-lz4))
+
 (define-public squashfs-tools
   (package
     (name "squashfs-tools")
@@ -924,7 +990,8 @@ for most inputs, but the resulting compressed files are anywhere from 20% to
                   (delete-file-recursively "CPP/7zip/Archive/Rar")
                   (delete-file-recursively "CPP/7zip/Compress/Rar")
                   #t))
-              (patches (search-patches "p7zip-remove-unused-code.patch"))))
+              (patches (search-patches "p7zip-CVE-2016-9296.patch"
+                                       "p7zip-remove-unused-code.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:make-flags
@@ -1034,11 +1101,12 @@ functionality in a C++ iostream.")
                                (_               " -DNOJIT")))
         ;; These should be safe, lowest-common-denominator instruction sets,
         ;; allowing for some optimisation while remaining reproducible.
-        (string-append "CXXFLAGS=-O3 -mtune=generic -DNDEBUG"
+        (string-append "CXXFLAGS=-O3 -DNDEBUG"
                        ,(match (or (%current-target-system)
                                    (%current-system))
-                               ("x86_64-linux"  " -march=nocona")
-                               ("i686-linux"    " -march=i686")
+                               ("x86_64-linux"  " -march=nocona -mtune=generic")
+                               ("i686-linux"    " -march=i686 -mtune=generic")
+                               ("armhf-linux"   " -mtune=generic-armv7-a")
                                (_               "")))
         (string-append "PREFIX="
                        (assoc-ref %outputs "out")))))
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 050ed0e19b..477f806734 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -33,39 +33,37 @@
 
 (define-module (gnu packages databases)
   #:use-module (gnu packages)
+  #:use-module (gnu packages algebra)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages avahi)
+  #:use-module (gnu packages base)
   #:use-module (gnu packages bash)
+  #:use-module (gnu packages bison)
   #:use-module (gnu packages boost)
+  #:use-module (gnu packages check)
+  #:use-module (gnu packages compression)
   #:use-module (gnu packages crypto)
+  #:use-module (gnu packages curl)
+  #:use-module (gnu packages cyrus-sasl)
+  #:use-module (gnu packages emacs)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages glib)
-  #:use-module (gnu packages perl)
+  #:use-module (gnu packages gnupg)
+  #:use-module (gnu packages jemalloc)
   #:use-module (gnu packages language)
   #:use-module (gnu packages linux)
-  #:use-module (gnu packages tcl)
-  #:use-module (gnu packages tls)
-  #:use-module (gnu packages compression)
   #:use-module (gnu packages ncurses)
-  #:use-module (gnu packages readline)
-  #:use-module (gnu packages emacs)
-  #:use-module (gnu packages check)
-  #:use-module (gnu packages algebra)
-  #:use-module (gnu packages curl)
-  #:use-module (gnu packages cyrus-sasl)
-  #:use-module (gnu packages gnupg)
-  #:use-module (gnu packages python)
   #:use-module (gnu packages parallel)
   #:use-module (gnu packages pcre)
+  #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages popt)
+  #:use-module (gnu packages python)
   #:use-module (gnu packages rdf)
+  #:use-module (gnu packages readline)
+  #:use-module (gnu packages tcl)
+  #:use-module (gnu packages tls)
   #:use-module (gnu packages xml)
-  #:use-module (gnu packages bison)
-  #:use-module (gnu packages jemalloc)
-  #:use-module ((guix licenses)
-                #:select (gpl2 gpl3 gpl3+ lgpl2.1+ lgpl3+ x11-style non-copyleft
-                          bsd-2 bsd-3 public-domain asl2.0))
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
@@ -120,7 +118,7 @@
     (synopsis "Clustered RDF storage and query engine")
     (description "4store is a RDF/SPARQL store written in C, supporting
 either single machines or networked clusters.")
-      (license gpl3+)))
+    (license license:gpl3+)))
 
 (define-public gdbm
   (package
@@ -142,7 +140,7 @@ either single machines or networked clusters.")
      "GDBM is a library for manipulating hashed databases.  It is used to
 store key/value pairs in a file in a manner similar to the Unix dbm library
 and provides interfaces to the traditional file format.")
-    (license gpl3+)))
+    (license license:gpl3+)))
 
 (define-public bdb
   (package
@@ -194,8 +192,9 @@ and provides interfaces to the traditional file format.")
     (description
      "Berkeley DB is an embeddable database allowing developers the choice of
 SQL, Key/Value, XML/XQuery or Java Object storage for their data model.")
-    (license (non-copyleft "file://LICENSE"
-                           "See LICENSE in the distribution."))
+    ;; Starting with version 6, BDB is distributed under AGPL3. Many individual
+    ;; files are covered by the 3-clause BSD license.
+    (license (list license:agpl3+ license:bsd-3))
     (home-page
      "http://www.oracle.com/us/products/database/berkeley-db/overview/index.html")))
 
@@ -203,6 +202,8 @@ SQL, Key/Value, XML/XQuery or Java Object storage for their data model.")
   (package (inherit bdb)
     (name "bdb")
     (version "5.3.28")
+    (license (license:non-copyleft "file://LICENSE"
+                                   "See LICENSE in the distribution."))
     (source (origin
               (method url-fetch)
               (uri (string-append "http://download.oracle.com/berkeley-db/db-"
@@ -247,7 +248,7 @@ SQL, Key/Value, XML/XQuery or Java Object storage for their data model.")
     (description
      "LevelDB is a fast key-value storage library that provides an ordered
 mapping from string keys to string values.")
-    (license bsd-3)))
+    (license license:bsd-3)))
 
 (define-public mysql
   (package
@@ -322,7 +323,7 @@ mapping from string keys to string values.")
      "MySQL is a fast, reliable, and easy to use relational database
 management system that supports the standardized Structured Query
 Language.")
-    (license gpl2)))
+    (license license:gpl2)))
 
 (define-public mariadb
   (package
@@ -390,7 +391,7 @@ Language.")
     (description
      "MariaDB is a multi-user and multi-threaded SQL database server, designed
 as a drop-in replacement of MySQL.")
-    (license gpl2)))
+    (license license:gpl2)))
 
 (define-public postgresql
   (package
@@ -426,7 +427,7 @@ stored procedures (in multiple languages).  It includes most SQL:2008 data
 types, including INTEGER, NUMERIC, BOOLEAN, CHAR, VARCHAR, DATE, INTERVAL, and
 TIMESTAMP.  It also supports storage of binary large objects, including
 pictures, sounds, or video.")
-    (license (x11-style "file://COPYRIGHT"))))
+    (license (license:x11-style "file://COPYRIGHT"))))
 
 (define-public qdbm
   (package
@@ -509,13 +510,13 @@ manipulating text-based, human-editable databases.  Despite being text-based,
 databases created with Recutils carry all of the expected features such as
 unique fields, primary keys, time stamps and more.  Many different field
 types are supported, as is encryption.")
-    (license gpl3+)
+    (license license:gpl3+)
     (home-page "http://www.gnu.org/software/recutils/")))
 
 (define-public rocksdb
   (package
     (name "rocksdb")
-    (version "5.0.2")
+    (version "5.1.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/facebook/rocksdb"
@@ -523,7 +524,7 @@ types are supported, as is encryption.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1jj8b50w8jr3bnyjzk2hmlzq9x49yihjilx3xlq2rfdx3q9x4fay"))
+                "1qdbs13al7g45xc2j44wzx0ywrg32q1gsdhk5j6j4952xg91rfmh"))
               (modules '((guix build utils)))
               (snippet
                '(begin
@@ -578,7 +579,8 @@ types are supported, as is encryption.")
      `(("parallel" ,parallel)
        ("perl" ,perl)
        ("procps" ,procps)
-       ("python" ,python-2)))
+       ("python" ,python-2)
+       ("which" ,which)))
     (inputs
      `(("bzip2" ,bzip2)
        ("gflags" ,gflags)
@@ -597,7 +599,7 @@ between @dfn{Write-Amplification-Factor} (WAF), @dfn{Read-Amplification-Factor}
 compactions, making it specially suitable for storing multiple terabytes of
 data in a single database.  RocksDB is partially based on @code{LevelDB}.")
     ;; RocksDB is BSD-3 and the JNI adapter is Apache 2.0.
-    (license (list bsd-3 asl2.0))))
+    (license (list license:bsd-3 license:asl2.0))))
 
 (define-public sparql-query
   (package
@@ -658,7 +660,7 @@ edit previous queries, even across sessions.  It can be used non-interactively,
 for example from a shell script.")
     ;; Some files (like scan-sparql.c) contain a GPLv3+ license header, while
     ;; others (like sparql-query.c) contain a GPLv2+ license header.
-    (license (list gpl3+))))
+    (license (list license:gpl3+))))
 
 (define-public sqlite
   (package
@@ -697,7 +699,7 @@ for example from a shell script.")
 zero-configuration, transactional SQL database engine.  SQLite is the most
 widely deployed SQL database engine in the world.  The source code for SQLite
 is in the public domain.")
-   (license public-domain)))
+   (license license:public-domain)))
 
 (define-public tdb
   (package
@@ -734,7 +736,7 @@ is in the public domain.")
 and BSD's DB except that it allows multiple simultaneous writers and uses
 locking internally to keep writers from trampling on each other.  TDB is also
 extremely small.")
-    (license lgpl3+)))
+    (license license:lgpl3+)))
 
 (define-public perl-dbi
   (package
@@ -1079,7 +1081,7 @@ valid SQL query.")
    (description "Unixodbc is a library providing an API with which to access
 data sources.  Data sources include SQL Servers and any software with an ODBC
 Driver.")
-   (license lgpl2.1+)
+   (license license:lgpl2.1+)
    ;; COPYING contains copy of lgpl2.1 - but copyright notices just say "LGPL"
    (home-page "http://www.unixodbc.org")))
 
@@ -1107,7 +1109,7 @@ self-contained, serverless, zero-configuration, transactional NoSQL
 database engine.  UnQLite is a document store database similar to
 MongoDB, Redis, CouchDB, etc. as well as a standard Key/Value store
 similar to BerkeleyDB, LevelDB, etc.")
-    (license bsd-2)))
+    (license license:bsd-2)))
 
 (define-public redis
   (package
@@ -1135,7 +1137,7 @@ similar to BerkeleyDB, LevelDB, etc.")
 supports many data structures including strings, hashes, lists, sets, sorted
 sets, bitmaps and hyperloglogs.")
     (home-page "http://redis.io/")
-    (license bsd-3)))
+    (license license:bsd-3)))
 
 (define-public kyotocabinet
   (package
@@ -1162,7 +1164,7 @@ sets, bitmaps and hyperloglogs.")
      "Kyoto Cabinet is a standalone file-based database that supports Hash
 and B+ Tree data storage models.  It is a fast key-value lightweight
 database and supports many programming languages.  It is a NoSQL database.")
-    (license gpl3+)))
+    (license license:gpl3+)))
 
 (define-public wiredtiger
   (package
@@ -1198,7 +1200,7 @@ row-oriented storage (where all columns of a row are stored together),
 column-oriented storage (where columns are stored in groups, allowing for
 more efficient access and storage of column subsets) and log-structured merge
 trees (LSM), for sustained throughput under random insert workloads.")
-    (license gpl3) ; or GPL-2
+    (license license:gpl3) ; or GPL-2
     ;; configure.ac: WiredTiger requires a 64-bit build.
     (supported-systems '("x86_64-linux" "mips64el-linux"))))
 
@@ -1366,3 +1368,31 @@ development.")
     ;; test/crypto.test are licensed under a 3-clause BSD license. All other
     ;; source files are in the public domain.
     (license (list license:public-domain license:bsd-3))))
+
+(define-public python-pyodbc-c
+  (package
+    (name "python-pyodbc-c")
+    (version "3.1.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://gitlab.com/daym/pyodbc-c/repository/"
+                           "archive.tar.gz?ref=v" version))
+       (sha256
+        (base32
+         "0nl11n3mgrcfnhimjqgv48rxqnb21l5m6s7p8ps2fa4nn4z6rzy0"))
+       (file-name (string-append name "-" version ".tar.gz"))))
+    (build-system python-build-system)
+    (inputs
+     `(("unixodbc" ,unixodbc)))
+    (arguments
+     `(;; No unit tests exist.
+       #:tests? #f))
+    (home-page "https://github.com/mkleehammer/pyodbc")
+    (synopsis "Python ODBC Library")
+    (description "@code{python-pyodbc-c} provides a Python DB-API driver
+for ODBC.")
+    (license (license:x11-style "file://LICENSE.TXT"))))
+
+(define-public python2-pyodbc-c
+  (package-with-python2 python-pyodbc-c))
diff --git a/gnu/packages/disk.scm b/gnu/packages/disk.scm
index a4bb0be134..4cf9607a43 100644
--- a/gnu/packages/disk.scm
+++ b/gnu/packages/disk.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
-;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -45,6 +45,7 @@
   #:use-module (gnu packages readline)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages vim)
   #:use-module (gnu packages xml))
 
 (define-public parted
@@ -154,7 +155,7 @@ tables.")
 (define-public ddrescue
   (package
     (name "ddrescue")
-    (version "1.21")
+    (version "1.22")
     (source
      (origin
       (method url-fetch)
@@ -162,9 +163,9 @@ tables.")
                           version ".tar.lz"))
       (sha256
        (base32
-        "1b71hb42lh33y9843nd1mxlwkk9qh9ajvnz6ivzd1jq9lav4x7ph"))))
+        "19qhx9ggkkjl0g3a88g501wmybkj1y4n5lm5kp0km0blh0p7p189"))))
     (build-system gnu-build-system)
-    (home-page "http://www.gnu.org/software/ddrescue/ddrescue.html")
+    (home-page "https://www.gnu.org/software/ddrescue/ddrescue.html")
     (synopsis "Data recovery utility")
     (native-inputs `(("lzip" ,lzip)))
     (description
@@ -177,7 +178,7 @@ to recover data more efficiently by only reading the necessary blocks.")
 (define-public dosfstools
   (package
     (name "dosfstools")
-    (version "4.0")
+    (version "4.1")
     (source
      (origin
        (method url-fetch)
@@ -186,12 +187,13 @@ to recover data more efficiently by only reading the necessary blocks.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "1bvxbv1w6vhbx0nx7ygp700wq5k2hjv0hm7w0kz1x7amaf4p6dwh"))))
+         "0wy13i3i4x2bw1hf5m4fd0myh61f9bcrs035fdlf6gyc1jksrcp6"))))
     (build-system gnu-build-system)
     (arguments
      `(#:make-flags (list (string-append "PREFIX=" %output)
-                          "CC=gcc")
-       #:tests? #f))  ;no tests
+                          "CC=gcc")))
+    (native-inputs
+     `(("xxd" ,vim))) ; for tests
     (home-page "https://github.com/dosfstools/dosfstools")
     (synopsis "Utilities for making and checking MS-DOS FAT file systems")
     (description
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index 643b5fe1e8..541979f587 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -82,7 +82,7 @@ and BOOTP/TFTP for network booting of diskless machines.")
 (define-public bind
   (package
     (name "bind")
-    (version "9.10.4-P5")
+    (version "9.10.4-P6")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -90,7 +90,7 @@ and BOOTP/TFTP for network booting of diskless machines.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "1sqg7wg05h66vdjc8j215r04f8pg7lphkb93nsqxvzhk6r0ppi49"))))
+                "0rgffdm0h6dks0np4h9q4kd8nyb3azrdxw2skqnjzd8ws78vzpx1"))))
     (build-system gnu-build-system)
     (outputs `("out" "utils"))
     (inputs
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index dfdf324960..b361fcc4a5 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -110,7 +110,18 @@
                                    (find-files "." "loaddefs\\.el$")
                                    ;; This is the only "autoloads" file that
                                    ;; does not have "*loaddefs.el" name.
-                                   '("eshell/esh-groups.el")))))))
+                                   '("eshell/esh-groups.el")))
+
+                 ;; Make sure Tramp looks for binaries in the right places on
+                 ;; remote GuixSD machines, where 'getconf PATH' returns
+                 ;; something bogus.
+                 (substitute* "net/tramp-sh.el"
+                   ;; Patch the line after "(defcustom tramp-remote-path".
+                   (("\\(tramp-default-remote-path")
+                    (format #f "(tramp-default-remote-path ~s ~s ~s ~s "
+                            "~/.guix-profile/bin" "~/.guix-profile/sbin"
+                            "/run/current-system/profile/bin"
+                            "/run/current-system/profile/sbin")))))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/firmware.scm b/gnu/packages/firmware.scm
index 443c38e944..9106eec4ab 100644
--- a/gnu/packages/firmware.scm
+++ b/gnu/packages/firmware.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2017 David Craven <david@craven.ch>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -18,17 +19,21 @@
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
 (define-module (gnu packages firmware)
-  #:use-module (guix licenses)
+  #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages)
+  #:use-module (gnu packages admin)
+  #:use-module (gnu packages assembly)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages cmake)
   #:use-module (gnu packages cross-base)
   #:use-module (gnu packages flex)
-  #:use-module (gnu packages perl))
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages python))
 
 (define-public ath9k-htc-firmware
   (package
@@ -85,7 +90,7 @@
      "This is the firmware for the Qualcomm Atheros AR7010 and AR9271 USB
 802.11n NICs (aka Wi-Fi USB dongles).  It is used by the ath9k driver of
 Linux-libre.")
-    (license (non-copyleft "http://directory.fsf.org/wiki/License:ClearBSD"))))
+    (license (license:non-copyleft "http://directory.fsf.org/wiki/License:ClearBSD"))))
 
 (define-public b43-tools
   (let ((commit "8dce53297966b31b6c70a7a03c2433978dd9f288")
@@ -143,7 +148,7 @@ Linux-libre.")
        "The b43 firmware tools is a collection of firmware extractor,
 assembler, disassembler, and debugging tools for the Linux kernel b43 wireless
 driver.")
-      (license gpl2))))
+      (license license:gpl2))))
 
 (define-public openfwwf-firmware
   (package
@@ -173,4 +178,125 @@ driver.")
      "This is firmware from Open FirmWare for WiFi networks (OpenFWWF) for the
 Broadcom/AirForce chipset BCM43xx with Wireless-Core Revision 5.  It is used
 by the b43-open driver of Linux-libre.")
-    (license gpl2)))
+    (license license:gpl2)))
+
+(define-public seabios
+  (package
+    (name "seabios")
+    (version "1.10.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://code.coreboot.org/p/seabios/downloads/get/"
+                                  "seabios-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1jyjl719drnl1v0gf0l5q6qjjmkyqcqkka6s28dfdi0yqsxdsqsh"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("python-2" ,python-2)))
+    (arguments
+     `(#:tests? #f ; No check target.
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda _
+             (setenv "CC" "gcc")
+             #t))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (fmw (string-append out "/share/firmware")))
+               (mkdir-p fmw)
+               (copy-file "out/bios.bin" (string-append fmw "/bios.bin"))))))))
+    (home-page "https://www.seabios.org/SeaBIOS")
+    (synopsis "x86 BIOS implementation")
+    (description "SeaBIOS is an open source implementation of a 16bit x86 BIOS.
+SeaBIOS can run in an emulator or it can run natively on X86 hardware with the
+use of coreboot.")
+    ;; Dual licensed.
+    (license (list license:gpl3+ license:lgpl3+
+                   ;; src/fw/acpi-dsdt.dsl is lgpl2
+                   license:lgpl2.1
+                   ;; src/fw/lzmadecode.c and src/fw/lzmadecode.h are lgpl3+ and
+                   ;; cpl with a linking exception.
+                   license:cpl1.0))))
+
+;; OVMF is part of the edk2 source tree.
+(define edk2-commit "13a50a6fe1dcfa6600c38456ee24e0f9ecf51b5f")
+(define edk2-version (git-version "20170116" "1" edk2-commit))
+(define edk2-origin
+  (origin
+    (method git-fetch)
+    (uri (git-reference
+          (url "https://github.com/tianocore/edk2")
+          (commit edk2-commit)))
+    (file-name (git-file-name "edk2" edk2-version))
+    (sha256
+     (base32
+      "1gy2332kdqk8bjzpcsripx10896rbvgl0ic7r344kmpiwdgm948b"))))
+
+(define-public ovmf
+  (package
+    (name "ovmf")
+    (version edk2-version)
+    (source edk2-origin)
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("acpica" ,acpica)
+       ("nasm" ,nasm)
+       ("python-2" ,python-2)
+       ("util-linux" ,util-linux)))
+    (arguments
+     `(#:tests? #f ; No check target.
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda _
+             (let* ((cwd (getcwd))
+                    (tools (string-append cwd "/BaseTools"))
+                    (bin (string-append tools "/BinWrappers/PosixLike")))
+               (setenv "WORKSPACE" cwd)
+               (setenv "EDK_TOOLS_PATH" tools)
+               (setenv "PATH" (string-append (getenv "PATH") ":" bin))
+               (system* "bash" "edksetup.sh" "BaseTools")
+               (substitute* "Conf/target.txt"
+                 (("^TARGET[ ]*=.*$") "TARGET = RELEASE\n")
+                 (("^TOOL_CHAIN_TAG[ ]*=.*$") "TOOL_CHAIN_TAG = GCC49\n")
+                 (("^MAX_CONCURRENT_THREAD_NUMBER[ ]*=.*$")
+                  (format #f "MAX_CONCURRENT_THREAD_NUMBER = ~a~%"
+                          (number->string (parallel-job-count)))))
+               ;; Build build support.
+               (setenv "BUILD_CC" "gcc")
+               (zero? (system* "make" "-C" (string-append tools "/Source/C"))))))
+         (add-after 'build 'build-ia32
+           (lambda _
+             (substitute* "Conf/target.txt"
+               (("^TARGET_ARCH[ ]*=.*$") "TARGET_ARCH = IA32\n")
+               (("^ACTIVE_PLATFORM[ ]*=.*$")
+                "ACTIVE_PLATFORM = OvmfPkg/OvmfPkgIa32.dsc\n"))
+             (zero? (system* "build"))))
+         (add-after 'build 'build-x64
+           (lambda _
+             (substitute* "Conf/target.txt"
+               (("^TARGET_ARCH[ ]*=.*$") "TARGET_ARCH = X64\n")
+               (("^ACTIVE_PLATFORM[ ]*=.*$")
+                "ACTIVE_PLATFORM = OvmfPkg/OvmfPkgX64.dsc\n"))
+             (zero? (system* "build"))))
+         (delete 'build)
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (fmw (string-append out "/share/firmware")))
+               (mkdir-p fmw)
+               (copy-file "Build/OvmfIa32/RELEASE_GCC49/FV/OVMF.fd"
+                          (string-append fmw "/ovmf_ia32.bin"))
+               (copy-file "Build/OvmfX64/RELEASE_GCC49/FV/OVMF.fd"
+                          (string-append fmw "/ovmf_x64.bin")))
+             #t)))))
+    (supported-systems '("x86_64-linux" "i686-linux"))
+    (home-page "http://www.tianocore.org")
+    (synopsis "UEFI firmware for QEMU")
+    (description "OVMF is an EDK II based project to enable UEFI support for
+Virtual Machines.  OVMF contains a sample UEFI firmware for QEMU and KVM.")
+    (license (list license:expat
+                   license:bsd-2 license:bsd-3 license:bsd-4))))
diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm
index 1f6d1d0c36..4105449c89 100644
--- a/gnu/packages/fonts.scm
+++ b/gnu/packages/fonts.scm
@@ -16,6 +16,7 @@
 ;;; Copyright © 2016 Toni Reina <areina@riseup.net>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 José Miguel Sánchez García <jmi2k@openmailbox.com>
+;;; Copyright © 2017 Alex Griffin <a@ajgrf.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -38,11 +39,13 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system trivial)
   #:use-module (gnu packages base)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages golang)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
@@ -525,13 +528,11 @@ ko (Korean) locales for @code{fontconfig}.")
          (let ((PATH (string-append (assoc-ref %build-inputs "tar")  "/bin:"
                                     (assoc-ref %build-inputs "gzip") "/bin"))
                (font-dir (string-append (assoc-ref %outputs "out")
-                                        "/share/fonts/wenquanyi/")))
-           (setenv "PATH" PATH)
+                                        "/share/fonts/wenquanyi")))
            (mkdir-p font-dir)
+           (setenv "PATH" PATH)
            (system* "tar" "xvf" (assoc-ref %build-inputs "source"))
-           (chdir "wqy-microhei")
-           (copy-file "wqy-microhei.ttc"
-                      (string-append font-dir "wqy-microhei.ttc"))))))
+           (install-file "wqy-microhei/wqy-microhei.ttc" font-dir)))))
     (native-inputs
      `(("gzip" ,gzip)
        ("tar" ,tar)))
@@ -760,8 +761,7 @@ display all Unicode symbols.")
                      (mkdir-p font-dir)
                      (chdir "roboto-hinted")
                      (for-each (lambda (ttf)
-                                 (copy-file ttf
-                                            (string-append font-dir "/" ttf)))
+                                 (install-file ttf font-dir))
                                (find-files "." "\\.ttf$"))))))
     (home-page "https://github.com/google/roboto")
     (synopsis "The Roboto family of fonts")
@@ -1034,3 +1034,111 @@ designed to work well in user interface environments.")
     "Font Awesome is a full suite of pictographic icons for easy scalable
 vector graphics.")
    (license license:silofl1.1)))
+
+(define-public font-comic-neue
+  (package
+   (name "font-comic-neue")
+   (version "2.3")
+   (source (origin
+            (method url-fetch)
+            (uri (string-append
+                  "http://www.comicneue.com/comic-neue-" version ".zip"))
+            (sha256
+             (base32
+              "1695hkpd8kqnr2a88p8xs496slgzxjjkzpa9aa33ml3pnh7519zk"))))
+   (build-system trivial-build-system)
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder (begin
+                  (use-modules (guix build utils))
+                  (let ((font-dir (string-append %output
+                                                 "/share/fonts/truetype"))
+                        (source (assoc-ref %build-inputs "source"))
+                        (unzip  (string-append (assoc-ref %build-inputs "unzip")
+                                               "/bin/unzip")))
+                    (mkdir-p font-dir)
+                    (system* unzip source)
+                    (with-directory-excursion
+                     (string-append "Web")
+                     (for-each (lambda (ttf)
+                                 (install-file ttf font-dir))
+                               (find-files "." "\\.ttf$")))))))
+   (native-inputs `(("unzip" ,unzip)))
+   (home-page "http://www.comicneue.com/")
+   (synopsis "Font that fixes the shortcomings of Comic Sans")
+   (description
+    "Comic Neue is a font that attempts to create a respectable casual
+typeface, by mimicking Comic Sans while fixing its most obvious shortcomings.")
+   (license license:silofl1.1)))
+
+(define-public font-iosevka
+  (package
+   (name "font-iosevka")
+   (version "1.11.0")
+   (source (origin
+            (method url-fetch)
+            (uri (string-append
+                  "https://github.com/be5invis/Iosevka/releases/download/v"
+                  version "/iosevka-pack-" version ".zip"))
+            (sha256
+             (base32
+              "0d8prdk7s5z94sdfd0y92cvqq531yqrlg7hnadbnhd7fs9jqr5hj"))))
+   (build-system trivial-build-system)
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder (begin
+                  (use-modules (guix build utils))
+                  (let ((font-dir (string-append %output
+                                                 "/share/fonts/truetype"))
+                        (source (assoc-ref %build-inputs "source"))
+                        (unzip  (string-append (assoc-ref %build-inputs "unzip")
+                                               "/bin/unzip")))
+                    (mkdir-p font-dir)
+                    (system* unzip "-d" font-dir source)))))
+   (native-inputs `(("unzip" ,unzip)))
+   (home-page "https://be5invis.github.io/Iosevka/")
+   (synopsis "Coders' typeface, built from code")
+   (description
+    "Iosevka is a slender monospace sans-serif or slab-serif typeface inspired
+by Pragmata Pro, M+, and PF DIN Mono, designed to be the ideal font for
+programming.  Iosevka is completely generated from its source code.")
+   (license (list license:silofl1.1  ; build artifacts (i.e. the fonts)
+                  license:bsd-3))))  ; supporting code
+
+(define-public font-go
+  (let ((commit "b7f8df6bc082334698d4505fb85fa05e99156b72")
+        (revision "1"))
+    (package
+     (name "font-go")
+     (version (string-append "20161115-" revision "." (string-take commit 7)))
+     (source (origin
+              (file-name (string-append "go-image-" version "-checkout"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://go.googlesource.com/image")
+                    (commit commit)))
+              (sha256
+               (base32
+                "1ywxs6dmcyzwwsmnan3qqza7znprnbvmdi260x6sjmydz6dyq2zs"))))
+     (build-system trivial-build-system)
+     (arguments
+      `(#:modules ((guix build utils))
+        #:builder (begin
+                    (use-modules (guix build utils))
+                    (let ((font-dir (string-append %output
+                                                   "/share/fonts/truetype"))
+                          (source (assoc-ref %build-inputs "source")))
+                      (mkdir-p font-dir)
+                      (with-directory-excursion
+                       (string-append source "/font/gofont/ttfs")
+                       (for-each (lambda (ttf)
+                                   (install-file ttf font-dir))
+                                 (find-files "." "\\.ttf$")))))))
+     (home-page "https://blog.golang.org/go-fonts")
+     (synopsis "The Go font family")
+     (description
+      "The Go font family is a set of WGL4 TrueType fonts from the Bigelow &
+Holmes type foundry, released under the same license as the Go programming
+language.  It includes a set of proportional, sans-serif fonts, and a set of
+monospace, slab-serif fonts.")
+     (license (package-license go-1.4)))))
diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index 98a4d69013..0867089d5a 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -17,13 +17,14 @@
 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
 ;;; Copyright © 2016 Rodger Fox <thylakoid@openmailbox.org>
 ;;; Copyright © 2016 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2016 Albin Söderqvist <albin@fripost.org>
 ;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;; Copyright © 2016 Steve Webber <webber.sl@gmail.com>
+;;; Copyright © 2017 Adonay "adfeno" Felipe Nogueira <https://libreplanet.org/wiki/User:Adfeno> <adfeno@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -177,22 +178,23 @@ scriptable with Guile.")
 (define-public abbaye
   (package
     (name "abbaye")
-    (version "1.13")
+    (version "2.0.1")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "https://storage.googleapis.com/"
-                           "google-code-archive-downloads/v2/code.google.com/"
-                           "abbaye-for-linux/abbaye-for-linux-src-"
-                           version ".tar.gz"))
+       (uri (string-append "https://github.com/nevat/abbayedesmorts-gpl/"
+                           "archive/v" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1wgvckgqa2084rbskxif58wbb83xbas8s1i8s7d57xbj08ryq8rk"))))
+         "1a67b0hq6271dd7pvwndjq29cwn2n8gawwz17xafa3k1hrhf8vw3"))
+       (modules '((guix build utils)))
+       (snippet
+        ;; Unbundle fonts.
+        '(delete-file-recursively "fonts"))))
     (build-system gnu-build-system)
     (arguments
-     '(#:modules ((ice-9 match)
-                  (guix build gnu-build-system)
-                  (guix build utils))
+     '(#:make-flags '("CC=gcc")
        #:phases (modify-phases %standard-phases
                   (add-after 'set-paths 'set-sdl-paths
                     (lambda* (#:key inputs #:allow-other-keys)
@@ -202,10 +204,8 @@ scriptable with Guile.")
                   (add-after 'patch-source-shebangs 'patch-makefile
                     (lambda* (#:key outputs #:allow-other-keys)
                       ;; Replace /usr with package output directory.
-                      (for-each (lambda (file)
-                                  (substitute* file
-                                    (("/usr") (assoc-ref outputs "out"))))
-                                '("makefile" "src/pantallas.c" "src/comun.h"))))
+                      (substitute* "Makefile"
+                        (("/usr") (assoc-ref outputs "out")))))
                   (add-before 'install 'make-install-dirs
                     (lambda* (#:key outputs #:allow-other-keys)
                       (let ((prefix (assoc-ref outputs "out")))
@@ -217,15 +217,15 @@ scriptable with Guile.")
                   (delete 'configure))
        #:tests? #f)) ;; No check target.
     (native-inputs `(("pkg-config" ,pkg-config)))
-    (inputs `(("sdl-union" ,(sdl-union))))
-    (home-page "http://code.google.com/p/abbaye-for-linux/")
+    (inputs `(("sdl-union" ,(sdl-union (list sdl2 sdl2-image sdl2-mixer)))))
+    (home-page "https://github.com/nevat/abbayedesmorts-gpl")
     (synopsis "GNU/Linux port of the indie game \"l'Abbaye des Morts\"")
     (description "L'Abbaye des Morts is a 2D platform game set in 13th century
 France.  The Cathars, who preach about good Christian beliefs, were being
 expelled by the Catholic Church out of the Languedoc region in France.  One of
 them, called Jean Raymond, found an old church in which to hide, not knowing
 that beneath its ruins lay buried an ancient evil.")
-    (license license:gpl3+)))
+    (license license:gpl3)))
 
 (define-public pingus
   (package
@@ -3102,3 +3102,39 @@ inspired by the history of human civilization.  The game commences in
 prehistory and your mission is to lead your tribe from the Stone Age
 to the Space Age.")
    (license license:gpl2+)))
+
+(define-public no-more-secrets
+  (package
+    (name "no-more-secrets")
+    (version "0.3.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/bartobri/no-more-secrets/"
+                           "archive/v" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "038flwqr0kqv55im2v76xjn01zbvvkb3nzb5ridwm2kbnk9cgg4v"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f
+       #:make-flags (list "CC=gcc" "all-ncurses"
+                          (string-append "prefix="
+                                         (assoc-ref %outputs "out")))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure))))
+    (inputs
+     `(("ncurses" ,ncurses)))
+    (home-page "https://github.com/bartobri/no-more-secrets")
+    (synopsis "Recreation of data decryption effect in \"Sneakers\"")
+    (description
+     "@code{No More Secrets} provides a command line tool called \"nms\"
+that recreates the famous data decryption effect seen on screen in the 1992
+movie \"Sneakers\".
+
+This command works on piped data.  Pipe any ASCII or UTF-8 text to nms, and
+it will apply the hollywood effect, initially showing encrypted data, then
+starting a decryption sequence to reveal the original plaintext characters.")
+    (license license:expat)))
diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm
index 7c61ab3d21..9dd46d60b1 100644
--- a/gnu/packages/glib.scm
+++ b/gnu/packages/glib.scm
@@ -30,6 +30,7 @@
   #:use-module (guix build-system python)
   #:use-module (gnu packages)
   #:use-module (gnu packages base)
+  #:use-module (gnu packages backup)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages enlightenment)
@@ -39,6 +40,7 @@
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages libffi)
   #:use-module (gnu packages linux)
+  #:use-module (gnu packages nettle)
   #:use-module (gnu packages pcre)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
@@ -665,7 +667,6 @@ many applications simultaneously.
 This package provides the library for GLib applications.")
     (license license:lgpl2.1+)))
 
-
 (define-public dbus-c++
   (package
     (name "dbus-c++")
@@ -705,3 +706,46 @@ programming langauage.  It also contains the utility
 @command{dbuscxx-xml2cpp}.")
     (home-page "https://sourceforge.net/projects/dbus-cplusplus/")
     (license license:lgpl2.1+)))
+
+(define-public appstream-glib
+  (package
+    (name "appstream-glib")
+    (version "0.6.7")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://people.freedesktop.org/~hughsient/"
+                                  "appstream-glib/releases/"
+                                  "appstream-glib-" version ".tar.xz"))
+              (sha256
+               (base32
+                "08mrf4k0jhnpdd4fig2grmi2vbxkgdhrwk0d0zq0j1wp5ip7arwp"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("gdk-pixbuf" ,gdk-pixbuf)
+       ("glib" ,glib)
+       ("gtk+" ,gtk+)
+       ("json-glib" ,json-glib)
+       ("libarchive" ,libarchive)
+       ("libsoup" ,libsoup)
+       ("nettle" ,nettle)
+       ("util-linux" ,util-linux)))
+    (arguments
+     `(#:configure-flags
+       '("--disable-firmware" "--disable-dep11")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-tests
+           (lambda _
+             (substitute* "libappstream-glib/as-self-test.c"
+               (("g_test_add_func.*as_test_store_local_appdata_func);") "")
+               (("g_test_add_func.*as_test_store_speed_appdata_func);") "")
+               (("g_test_add_func.*as_test_store_speed_desktop_func);") ""))
+             #t)))))
+    (home-page "https://github.com/hughsie/appstream-glib")
+    (synopsis "Library for reading and writing AppStream metadata")
+    (description "This library provides objects and helper methods to help
+reading and writing @uref{https://www.freedesktop.org/wiki/Distributions/AppStream,AppStream}
+metadata.")
+    (license license:lgpl2.1+)))
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index f6f7aae696..8c099ee0df 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -22,6 +22,7 @@
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -96,11 +97,13 @@
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages python)
+  #:use-module (gnu packages rdesktop)
   #:use-module (gnu packages scanner)
   #:use-module (gnu packages ssh)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages gl)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages spice)
   #:use-module (gnu packages tex)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages web)
@@ -321,6 +324,43 @@ Gnome project.  It includes xml2po tool which makes it easier to translate
 and keep up to date translations of documentation.")
     (license license:gpl2+))) ; xslt under lgpl
 
+(define-public gnome-disk-utility
+  (package
+    (name "gnome-disk-utility")
+    (version "3.22.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnome/sources/" name "/"
+                                  (version-major+minor version) "/"
+                                  name "-" version ".tar.xz"))
+              (sha256
+               (base32
+                "1hqynlcgwm72il2rdml98gcarz0alsgxs5xf6ww2x0czaj3s3953"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("glib:bin" ,glib "bin")
+       ("intltool" ,intltool)
+       ("pkg-config" ,pkg-config)
+       ("docbook-xml" ,docbook-xml)
+       ("docbook-xsl" ,docbook-xsl)
+       ("libxml2" ,libxml2)
+       ("libxslt" ,libxslt)))
+    (inputs
+     `(("glib" ,glib)
+       ("appstream-glib" ,appstream-glib)
+       ("gnome-settings-daemon" ,gnome-settings-daemon)
+       ("gtk+" ,gtk+)
+       ("libcanberra" ,libcanberra)
+       ("libdvdread" ,libdvdread)
+       ("libnotify" ,libnotify)
+       ("libpwquality" ,libpwquality)
+       ("libsecret" ,libsecret)
+       ("udisks" ,udisks)))
+    (home-page "https://git.gnome.org/browse/gnome-disk-utility")
+    (synopsis "Disk management utility for GNOME")
+    (description "Disk management utility for GNOME.")
+    (license license:gpl2+)))
+
 (define-public gcr
   (package
     (name "gcr")
@@ -1824,7 +1864,7 @@ editors, IDEs, etc.")
   (package
     (inherit vte)
     (name "vte-ng")
-    (version "0.44.1.b")
+    (version "0.46.1.a")
     (native-inputs
      `(("gtk-doc" ,gtk-doc)
        ("gperf" ,gperf)
@@ -1839,7 +1879,7 @@ editors, IDEs, etc.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1mhz4i1qkdlrs49vgm7nsrb60lry9v6wsgwsmji7fln1nyrp1pag"))))
+                "1c0czhsn28b5h4pk3kx89jjbdc5d2qkxhl4ywqvxfivphf2nicbp"))))
     (arguments
       `(#:configure-flags '("CXXFLAGS=-Wformat=0")
         #:phases (modify-phases %standard-phases
@@ -1900,6 +1940,43 @@ selection and URL hints.")))
      `(("gtk+" ,gtk+-2)         ; required by libvte.pc
        ("ncurses" ,ncurses))))) ; required by libvte.la
 
+(define-public vinagre
+  (package
+    (name "vinagre")
+    (version "3.22.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnome/sources/" name "/"
+                                  (version-major+minor version) "/"
+                                  name "-" version ".tar.xz"))
+              (sha256
+               (base32
+                "10jya3jyrm18nbw3v410gbkc7677bqamax44pzgd3j15randn76d"))))
+    (build-system glib-or-gtk-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("intltool" ,intltool)
+       ("itstool" ,itstool)
+       ("glib-bin" ,glib "bin")                   ;for glib-compile-schemas
+       ("gtk+-bin" ,gtk+ "bin")))                 ;for gtk-update-icon-cache
+    (inputs
+     `(("libxml2" ,libxml2)
+       ("gtk-vnc" ,gtk-vnc)
+       ("gnome-keyring" ,gnome-keyring)
+       ("libsecret" ,libsecret)
+       ("freerdp" ,freerdp)
+       ("spice" ,spice)
+       ("spice-gtk" ,spice-gtk)
+       ("telepathy-glib" ,telepathy-glib)
+       ("vte" ,vte)))
+    (arguments
+     `(#:configure-flags '("--enable-rdp")))
+    (home-page "https://wiki.gnome.org/Apps/Vinagre")
+    (synopsis "Remote desktop viewer for GNOME")
+    (description "Vinagre is a remote display client supporting the VNC, SPICE
+and RDP protocols.")
+    (license license:gpl3+)))
+
 (define-public dconf
   (package
     (name "dconf")
@@ -3634,7 +3711,7 @@ work and the interface is well tested.")
 (define-public epiphany
   (package
     (name "epiphany")
-    (version "3.22.4")
+    (version "3.22.6")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3642,7 +3719,7 @@ work and the interface is well tested.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0skdsma9rmq01703andigmpbdn2rl34y3lqny19a93v1ph3jb9qk"))))
+                "1hpwjwiviwh9dgc9cwq0gmr5jy40rvigjcq0cbg2nw2hqiyshzny"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      ;; FIXME: tests run under Xvfb, but fail with:
@@ -3650,7 +3727,8 @@ work and the interface is well tested.")
      ;;   ** (test-ephy-bookmarks:19591): WARNING **: Unable to start Zeroconf
      ;;      subsystem
      ;;   FAIL
-     '(#:tests? #f))
+     '(#:tests? #f
+       #:configure-flags '("CFLAGS=-std=gnu99")))
     (propagated-inputs
      `(("dconf" ,dconf)))
     (native-inputs
@@ -4203,17 +4281,20 @@ to display dialog boxes from the commandline and shell scripts.")
     (license license:lgpl2.0+)))
 
 (define-public mutter
+  ;; Uses the gnome 3.22 branch that only contains bug fixes.
+  (let ((commit "23c315ea7121e9bd108e2837d0b4beeba53c5e18"))
   (package
     (name "mutter")
-    (version "3.22.2")
+    (version (git-version "3.22.2" "1" commit))
     (source (origin
-              (method url-fetch)
-              (uri (string-append "mirror://gnome/sources/" name "/"
-                                  (version-major+minor version) "/"
-                                  name "-" version ".tar.xz"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "git://git.gnome.org/mutter")
+                    (commit commit)))
+              (file-name (git-file-name name version))
               (sha256
                (base32
-                "18lj80klfnkwh0cb3ab0i1vfvzbp0zjl73x9d7pna4dsdhsmi6ym"))))
+                "1v1f9xyzjr1ihmfwpq9kzlv2lyr9qn63ck8zny699mbp5hsi11mb"))))
      ;; NOTE: Since version 3.21.x, mutter now bundles and exports forked
      ;; versions of cogl and clutter.  As a result, many of the inputs,
      ;; propagated-inputs, and configure flags used in cogl and clutter are
@@ -4236,12 +4317,21 @@ to display dialog boxes from the commandline and shell scripts.")
              "--enable-cogl-gst"
              (string-append "--with-gl-libname="
                             (assoc-ref %build-inputs "mesa")
-                            "/lib/libGL.so"))))
+                            "/lib/libGL.so"))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'autoreconf
+                    (lambda _
+                      (zero? (system* "autoreconf" "-vfi")))))))
     (native-inputs
      `(("glib:bin" ,glib "bin") ; for glib-compile-schemas, etc.
        ("gobject-introspection" ,gobject-introspection)
        ("intltool" ,intltool)
-       ("pkg-config" ,pkg-config)))
+       ("pkg-config" ,pkg-config)
+       ;; For git build
+       ("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("libtool" ,libtool)))
     (propagated-inputs
      `(;; libmutter.pc refers to these:
        ("gsettings-desktop-schemas" ,gsettings-desktop-schemas)
@@ -4287,7 +4377,7 @@ to display dialog boxes from the commandline and shell scripts.")
 desktop via OpenGL.  Mutter combines a sophisticated display engine using the
 Clutter toolkit with solid window-management logic inherited from the Metacity
 window manager.")
-    (license license:gpl2+)))
+    (license license:gpl2+))))
 
 (define-public gnome-online-accounts
   (package
diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 27e1ffb4e0..a4514a7f41 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -5,7 +5,7 @@
 ;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2016 ng0 <ng0@libertad.pw>
+;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -44,7 +44,9 @@
   #:use-module (gnu packages libunistring)
   #:use-module (gnu packages maths)
   #:use-module (gnu packages multiprecision)
+  #:use-module (gnu packages music)
   #:use-module (gnu packages ncurses)
+  #:use-module (gnu packages package-management)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pulseaudio)
@@ -87,13 +89,11 @@
    ;; The following dependencies are all optional, but should be
    ;; available for maximum coverage:
    ;; * libmagic (file)
-   ;; * libmp4v2        ; package it
-   ;; * librpm          ; package it
-   ;; * libsmf          ; package it
-   ;; * libtidy         ; package it
+   ;; * librpm (rpm)    ; investigate failure
    ;; * libgif (giflib) ; investigate failure
    (inputs
     `(("exiv2" ,exiv2)
+      ("bzip2" ,bzip2)
       ("flac" ,flac)
       ("ffmpeg" ,ffmpeg)
       ("file" ,file)                           ;libmagic, for the MIME plug-in
@@ -106,17 +106,39 @@
       ("libjpeg" ,libjpeg)
       ("libltdl" ,libltdl)
       ("libmpeg2" ,libmpeg2)
+      ("libmp4v2" ,libmp4v2)
+      ("libsmf" ,libsmf)
+      ("tidy-html" ,tidy-html)
       ("libogg" ,libogg)
       ("libtiff" ,libtiff)
       ("libvorbis" ,libvorbis)
       ("zlib" ,zlib)))
    (native-inputs
     `(("pkg-config" ,pkg-config)))
+   (outputs '("out"
+              "static")) ; 396 KiB .a files
    (arguments
     `(#:configure-flags
       (list (string-append "--with-ltdl="
-                           (assoc-ref %build-inputs "libltdl")))
-      #:parallel-tests? #f))
+                           (assoc-ref %build-inputs "libltdl"))
+            (string-append "--with-tidy="
+                           (assoc-ref %build-inputs "tidy-html")))
+      #:parallel-tests? #f
+      #:phases
+      (modify-phases %standard-phases
+        (add-after 'install 'move-static-libraries
+          (lambda* (#:key outputs #:allow-other-keys)
+            ;; Move static libraries to the "static" output.
+            (let* ((out    (assoc-ref outputs "out"))
+                   (lib    (string-append out "/lib"))
+                   (static (assoc-ref outputs "static"))
+                   (slib   (string-append static "/lib")))
+              (mkdir-p slib)
+              (for-each (lambda (file)
+                          (install-file file slib)
+                          (delete-file file))
+                        (find-files lib "\\.a$"))
+              #t))))))
    (synopsis "Library to extract meta-data from media files")
    (description
     "GNU libextractor is a library for extracting metadata from files.  It
diff --git a/gnu/packages/grub.scm b/gnu/packages/grub.scm
deleted file mode 100644
index 3658f221ce..0000000000
--- a/gnu/packages/grub.scm
+++ /dev/null
@@ -1,161 +0,0 @@
-;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
-;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
-;;;
-;;; This file is part of GNU Guix.
-;;;
-;;; GNU Guix is free software; you can redistribute it and/or modify it
-;;; under the terms of the GNU General Public License as published by
-;;; the Free Software Foundation; either version 3 of the License, or (at
-;;; your option) any later version.
-;;;
-;;; GNU Guix is distributed in the hope that it will be useful, but
-;;; WITHOUT ANY WARRANTY; without even the implied warranty of
-;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-;;; GNU General Public License for more details.
-;;;
-;;; You should have received a copy of the GNU General Public License
-;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
-
-(define-module (gnu packages grub)
-  #:use-module (guix download)
-  #:use-module (guix packages)
-  #:use-module (guix utils)
-  #:use-module ((guix licenses) #:select (gpl3+))
-  #:use-module (guix build-system gnu)
-  #:use-module (gnu packages)
-  #:use-module (gnu packages flex)
-  #:use-module (gnu packages disk)
-  #:use-module (gnu packages bison)
-  #:use-module (gnu packages gettext)
-  #:use-module (gnu packages fontutils)
-  #:use-module (gnu packages linux)
-  #:use-module (gnu packages qemu)
-  #:use-module (gnu packages man)
-  #:use-module (gnu packages texinfo)
-  #:use-module (gnu packages ncurses)
-  #:use-module (gnu packages cdrom))
-
-(define unifont
-  ;; GNU Unifont, <http://gnu.org/s/unifont>.
-  ;; GRUB needs it for its graphical terminal, gfxterm.
-  (origin
-    (method url-fetch)
-    (uri
-     "http://unifoundry.com/pub/unifont-7.0.06/font-builds/unifont-7.0.06.bdf.gz")
-    (sha256
-     (base32
-      "0p2vhnc18cnbmb39vq4m7hzv4mhnm2l0a2s7gx3ar277fwng3hys"))))
-
-(define-public grub
-  (package
-    (name "grub")
-    (version "2.02beta3")
-    (source (origin
-             (method url-fetch)
-             (uri (string-append
-                   "ftp://alpha.gnu.org/gnu/grub/grub-"
-                   "2.02~beta3"
-                   ".tar.xz"))
-             (file-name (string-append name "-" version ".tar.xz"))
-             (sha256
-              (base32
-               "18ddwnw0vxs7zigvah0g6a5z5vvlz0p8fjglxv1h59sjbrakvv1h"))))
-    (build-system gnu-build-system)
-    (arguments
-     '(;; Two warnings: suggest braces, signed/unsigned comparison.
-       #:configure-flags '("--disable-werror")
-
-       #:phases (modify-phases %standard-phases
-                  (add-after 'unpack 'patch-stuff
-                   (lambda* (#:key inputs #:allow-other-keys)
-                     (substitute* "grub-core/Makefile.in"
-                       (("/bin/sh") (which "sh")))
-
-                     ;; Give the absolute file name of 'mdadm', used to
-                     ;; determine the root file system when it's a RAID
-                     ;; device.  Failing to do that, 'grub-probe' silently
-                     ;; fails if 'mdadm' is not in $PATH.
-                     (substitute* "grub-core/osdep/linux/getroot.c"
-                       (("argv\\[0\\] = \"mdadm\"")
-                        (string-append "argv[0] = \""
-                                       (assoc-ref inputs "mdadm")
-                                       "/sbin/mdadm\"")))
-
-                     ;; Make the font visible.
-                     (copy-file (assoc-ref inputs "unifont") "unifont.bdf.gz")
-                     (system* "gunzip" "unifont.bdf.gz")
-
-                     ;; We hit an assertion failure in
-                     ;; grub-core/tests/video_checksum.c, as reported at
-                     ;; <https://lists.gnu.org/archive/html/grub-devel/2016-07/msg00026.html>.
-                     ;; Disable this test for now.
-                     (substitute* "tests/grub_func_test.in"
-                       (("set -e") "exit 77\nset -e"))
-                     #t)))))
-    (inputs
-     `(("gettext" ,gettext-minimal)
-
-       ;; Depend on LVM2 for libdevmapper, used by 'grub-probe' and
-       ;; 'grub-install' to recognize mapped devices (LUKS, etc.)
-       ("lvm2" ,lvm2)
-
-       ;; Depend on mdadm, which is invoked by 'grub-probe' and 'grub-install'
-       ;; to determine whether the root file system is RAID.
-       ("mdadm" ,mdadm)
-
-       ("freetype" ,freetype)
-       ;; ("libusb" ,libusb)
-       ;; ("fuse" ,fuse)
-       ("ncurses" ,ncurses)))
-    (native-inputs
-     `(("unifont" ,unifont)
-       ("bison" ,bison)
-       ("flex" ,flex)
-       ("texinfo" ,texinfo)
-       ("help2man" ,help2man)
-
-       ;; Dependencies for the test suite.  The "real" QEMU is needed here,
-       ;; because several targets are used.
-       ("parted" ,parted)
-       ("qemu" ,qemu-minimal)
-       ("xorriso" ,xorriso)))
-    (home-page "https://www.gnu.org/software/grub/")
-    (synopsis "GRand Unified Boot loader")
-    (description
-     "GRUB is a multiboot bootloader.  It is used for initially loading the
-kernel of an operating system and then transferring control to it.  The kernel
-then goes on to load the rest of the operating system.  As a multiboot
-bootloader, GRUB handles the presence of multiple operating systems installed
-on the same computer; upon booting the computer, the user is presented with a
-menu to select one of the installed operating systems.")
-    (license gpl3+)
-    (properties '((cpe-name . "grub2")))))
-
-(define-public grub-efi
-  (package
-    (inherit grub)
-    (name "grub-efi")
-    (synopsis "GRand Unified Boot loader (UEFI version)")
-    (inputs
-     `(("efibootmgr" ,efibootmgr)
-       ,@(package-inputs grub)))
-    (arguments
-     `(;; TODO: Tests need a UEFI firmware for qemu. There is one at
-       ;; https://github.com/tianocore/edk2/tree/master/OvmfPkg .
-       ;; Search for 'OVMF' in "tests/util/grub-shell.in".
-       #:tests? #f
-       ,@(substitute-keyword-arguments (package-arguments grub)
-           ((#:configure-flags flags) `(cons* "--with-platform=efi"
-                                              ,flags))
-           ((#:phases phases)
-            `(modify-phases ,phases
-               (add-after 'patch-stuff 'use-absolute-efibootmgr-path
-                 (lambda* (#:key inputs #:allow-other-keys)
-                   (substitute* "grub-core/osdep/unix/platform.c"
-                     (("efibootmgr")
-                      (string-append (assoc-ref inputs "efibootmgr")
-                                     "/sbin/efibootmgr")))
-                   #t)))))))))
diff --git a/gnu/packages/gstreamer.scm b/gnu/packages/gstreamer.scm
index 840892d2ed..e3e009300f 100644
--- a/gnu/packages/gstreamer.scm
+++ b/gnu/packages/gstreamer.scm
@@ -154,7 +154,9 @@ This package provides the core library and elements.")
                           name "-" version ".tar.xz"))
       (sha256
        (base32
-        "040pifl4cgsqqz2si4s1y5khj3zwm39w21siagxwp805swbrcag6"))))
+        "040pifl4cgsqqz2si4s1y5khj3zwm39w21siagxwp805swbrcag6"))
+      (patches
+       (search-patches "gst-plugins-base-fix-test-on-32bit.patch"))))
     (build-system gnu-build-system)
     (outputs '("out" "doc"))
     (propagated-inputs
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index 393ee886db..a9b3fdfcda 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -624,12 +624,15 @@ for Guile\".")
     (home-page "http://savannah.nongnu.org/projects/guile-json/")
     (synopsis "JSON module for Guile")
     (description
-     "Guile-json supports parsing and building JSON documents according to the
-http:://json.org specification.  These are the main features:
-- Strictly complies to http://json.org specification.
-- Build JSON documents programmatically via macros.
-- Unicode support for strings.
-- Allows JSON pretty printing.")
+     "Guile-JSON supports parsing and building JSON documents according to the
+specification.  These are the main features:
+
+@itemize
+@item Strictly complies to @uref{http://json.org, specification}.
+@item Build JSON documents programmatically via macros.
+@item Unicode support for strings.
+@item Allows JSON pretty printing.
+@end itemize\n")
     (license lgpl3+)))
 
 (define-public guile2.2-json
diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm
index f956f9cb36..a58e83d725 100644
--- a/gnu/packages/imagemagick.scm
+++ b/gnu/packages/imagemagick.scm
@@ -46,14 +46,14 @@
     ;; The 7 release series has an incompatible API, while the 6 series is still
     ;; maintained. Don't update to 7 until we've made sure that the ImageMagick
     ;; users are ready for the 7-series API.
-    (version "6.9.7-5")
+    (version "6.9.7-7")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://imagemagick/ImageMagick-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "013f3g9pvvqgxchdkjxx4nr80sfq51nmkc3ij39m2xzyc438bq8c"))))
+               "02x463z31j449pfm8czb7jlpkd3nx4a3yyjxq3bhpjfq13i20d62"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags '("--with-frozenpaths" "--without-gcc-arch")
diff --git a/gnu/packages/irc.scm b/gnu/packages/irc.scm
index 82eb103688..1a1f748b4c 100644
--- a/gnu/packages/irc.scm
+++ b/gnu/packages/irc.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 ng0 <ng0@libertad.pw>
+;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -180,14 +181,13 @@ SILC and ICB protocols via plugins.")
                   (add-before 'configure 'autogen
                     (lambda _
                       (zero? (system* "./autogen.sh"))))
-                  (add-before 'build 'set-python-file-name
-                    (lambda* (#:key inputs #:allow-other-keys)
-                      (substitute* "src/plugins/python/weechat-python.c"
-                        (("python2_bin = weechat_python_get_python2_bin.*;")
-                         (string-append "python2_bin = strdup (\""
-                                        (assoc-ref inputs "python")
-                                        "/bin/python\");\n")))
-                      #t)))))
+                  (add-after 'install 'wrap
+                    (lambda* (#:key inputs outputs #:allow-other-keys)
+                      (let ((out (assoc-ref outputs "out"))
+                            (py2 (assoc-ref inputs "python")))
+                        (wrap-program (string-append out "/bin/weechat")
+                          `("PATH" ":" prefix (,(string-append py2 "/bin"))))
+                        #t))))))
     (synopsis "Extensible chat client")
     (description "WeeChat (Wee Enhanced Environment for Chat) is an
 Internet Relay Chat client, which is designed to be light and fast.
diff --git a/gnu/packages/ldc.scm b/gnu/packages/ldc.scm
index 4b10ac25e0..b7f593712b 100644
--- a/gnu/packages/ldc.scm
+++ b/gnu/packages/ldc.scm
@@ -37,47 +37,44 @@
   #:use-module (gnu packages zip))
 
 (define-public rdmd
-  (let ((commit "da0a2e0a379b08294015eec9d531f1e5dd4226f0"))
-    (package
-      (name "rdmd")
-      (version (string-append "v2.070.0-1." (string-take commit 7)))
-      (source (origin
-        (method git-fetch)
-        (uri (git-reference
-              (url "https://github.com/D-Programming-Language/tools.git")
-              (commit commit)))
-        (file-name (string-append name "-" version "-checkout"))
-        (sha256
-         (base32
-          "1pcx5lyqzrip86f4vv60x292rpvnwsq2hvl1znm9x9rn68f34m45"))))
-      (build-system gnu-build-system)
-      (arguments
-       '(#:phases
-         (modify-phases %standard-phases
-           (delete 'configure)
-           (delete 'check) ; There is no Makefile, so there's no 'make check'.
-           (replace
-            'build
-            (lambda _
-              (zero? (system* "ldc2" "rdmd.d"))))
-           (replace
-            'install
-            (lambda* (#:key outputs #:allow-other-keys)
-              (let ((bin (string-append (assoc-ref outputs "out") "/bin")))
-                (install-file "rdmd" bin)))))))
-      (native-inputs
-       `(("ldc" ,ldc)))
-      (home-page "https://github.com/D-Programming-Language/tools/")
-      (synopsis "Specialized equivalent to 'make' for the D language")
-      (description
-       "rdmd is a companion to the dmd compiler that simplifies the typical
+  (package
+    (name "rdmd")
+    (version "2.073.0")
+    (source (origin
+      (method url-fetch)
+      (uri (string-append "https://github.com/dlang/tools/archive/v" version ".tar.gz"))
+      (file-name (string-append name "-" version ".tar.gz"))
+      (sha256
+       (base32
+        "01if3ivnb7g2myfhymp4d9346s4vmvcl82i1kxfs5iza45almh7v"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (delete 'check) ; There is no Makefile, so there's no 'make check'.
+         (replace
+          'build
+          (lambda _
+            (zero? (system* "ldc2" "rdmd.d"))))
+         (replace
+          'install
+          (lambda* (#:key outputs #:allow-other-keys)
+            (let ((bin (string-append (assoc-ref outputs "out") "/bin")))
+              (install-file "rdmd" bin)))))))
+    (native-inputs
+     `(("ldc" ,ldc)))
+    (home-page "https://github.com/D-Programming-Language/tools/")
+    (synopsis "Specialized equivalent to 'make' for the D language")
+    (description
+     "rdmd is a companion to the dmd compiler that simplifies the typical
 edit-compile-link-run or edit-make-run cycle to a rapid edit-run cycle.  Like
 make and other tools, rdmd uses the relative dates of the files involved to
 minimize the amount of work necessary.  Unlike make, rdmd tracks dependencies
 and freshness without requiring additional information from the user.")
-      (license license:boost1.0))))
+    (license license:boost1.0)))
 
-(define-public ldc
+(define-public ldc-bootstrap
   (package
     (name "ldc")
     (version "0.17.2")
@@ -176,15 +173,15 @@ latest DMD frontend and uses LLVM as backend.")
                    license:boost1.0))))
 
 
-(define-public ldc-1.1.0-beta6
+(define-public ldc
   ;; The phobos, druntime and dmd-testsuite dependencies do not have a newer
   ;; release than 1.1.0-beta4, hence the need to make use of the older-version
   ;; variable to hold this variable.
-  (let ((older-version "1.1.0-beta4"))
+  (let ((older-version "1.1.0"))
     (package
-      (inherit ldc)
+      (inherit ldc-bootstrap)
       (name "ldc")
-      (version "1.1.0-beta6")
+      (version "1.1.0")
       ;; Beta version needed to compile various scientific tools that require
       ;; the newer beta versions, and won't compile successfully with the
       ;; older stable version.
@@ -196,7 +193,7 @@ latest DMD frontend and uses LLVM as backend.")
                 (file-name (string-append name "-" version ".tar.gz"))
                 (sha256
                  (base32
-                  "0n53brlkm86jjkppy9xmzx7nyxykzj68kcxgv8q7d10s5hfscxs8"))))
+                  "10zkrmx9bcmhfxvgykm3fkjamzc8js96wm032bv0fyil5c9ja2y1"))))
       (arguments
        `(#:phases
          (modify-phases %standard-phases
@@ -227,7 +224,7 @@ latest DMD frontend and uses LLVM as backend.")
       (native-inputs
        `(("llvm" ,llvm)
          ("clang" ,clang)
-         ("ldc" ,ldc)
+         ("ldc" ,ldc-bootstrap)
          ("python-lit" ,python-lit)
          ("python-wrapper" ,python-wrapper)
          ("unzip" ,unzip)
@@ -240,7 +237,7 @@ latest DMD frontend and uses LLVM as backend.")
                    older-version ".tar.gz"))
              (sha256
               (base32
-               "1iwy5rs0rqkicj1zfsa5yqvk8ard99bfr8g69qmhlbzb98q0kpks"))
+               "0z5v55b9s1ppf0c2ivjq7sbmq688c37c92ihc3qwrbxnqvkkvrlk"))
              ;; This patch deactivates some tests that depend on network access
              ;; to pass.  It also deactivates some tests that have some reliance
              ;; on timezone.
@@ -259,7 +256,7 @@ latest DMD frontend and uses LLVM as backend.")
                    older-version ".tar.gz"))
              (sha256
               (base32
-               "1qsiw5lz1pr8ms9myjf8b94nqi7f1781k226jvxwnhkjg11d0s63"))))
+               "07qvrqj6vgakd6qr4x5f70w6zwkzd1li5x8i1b5ywnds1z5lnfp6"))))
          ("dmd-testsuite-src"
           ,(origin
              (method url-fetch)
@@ -268,13 +265,13 @@ latest DMD frontend and uses LLVM as backend.")
                    older-version ".tar.gz"))
              (sha256
               (base32
-               "0jp54hyi75i9g41rvgmm3zg21yzv57q8dghrhb432rb0n9j15mbp"))
+               "12cak7yqmsgjlflx0dp6fwmwb9dac25amgi86n0bb95ard3547wy"))
              ;; Remove the gdb tests that fails with a "Error: No such file or
              ;; directory" error, despite the files being present in the debug
              ;; files left with the --keep-failed flag to guix build.
              (patches (search-patches "ldc-1.1.0-disable-dmd-tests.patch")))))))))
 
-(define-public ldc-beta ldc-1.1.0-beta6)
+(define-public ldc-beta ldc)
 
 (define-public dub
   (package
diff --git a/gnu/packages/libidn.scm b/gnu/packages/libidn.scm
index bc67387b29..3af19b1c70 100644
--- a/gnu/packages/libidn.scm
+++ b/gnu/packages/libidn.scm
@@ -19,6 +19,7 @@
 
 (define-module (gnu packages libidn)
   #:use-module (gnu packages)
+  #:use-module (gnu packages libunistring)
   #:use-module (guix licenses)
   #:use-module (guix packages)
   #:use-module (guix download)
@@ -51,14 +52,16 @@ Java libraries.")
 (define-public libidn2
   (package
     (name "libidn2")
-    (version "0.11")
+    (version "0.16")
     (source (origin
               (method url-fetch)
               (uri (string-append "ftp://alpha.gnu.org/gnu/libidn/libidn2-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1zxzhzx14q2b1xkx746pz4lawvqd8d055yy84n52ndwb4pf7nfax"))))
+                "13v8kh4d5nfkymai88zlw3h7k4x9khrpdpv97waf4ah8ykzrxb9g"))))
+    (inputs
+     `(("libunistring" ,libunistring)))
     (build-system gnu-build-system)
     (synopsis "Internationalized domain name library for IDNA2008")
     (description "Libidn2 is an internationalized domain library implementing
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index e6ac5121fb..95e8a0a151 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -21,6 +21,8 @@
 ;;; Copyright © 2016 ng0 <ng0@libertad.pw>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017 José Miguel Sánchez García <jmi2k@openmailbox.com>
+;;; Copyright © 2017 Gábor Boskovits <boskovits@gmail.com>
+;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -45,6 +47,7 @@
   #:use-module (gnu packages attr)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages base)
+  #:use-module (gnu packages bash)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages calendar)
   #:use-module (gnu packages check)
@@ -66,6 +69,7 @@
   #:use-module (gnu packages man)
   #:use-module (gnu packages maths)
   #:use-module (gnu packages ncurses)
+  #:use-module (gnu packages networking)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pciutils)
   #:use-module (gnu packages pkg-config)
@@ -344,15 +348,18 @@ It has been modified to remove all non-free binary blobs.")
 
 (define %intel-compatible-systems '("x86_64-linux" "i686-linux"))
 
+(define %linux-libre-version "4.9.9")
+(define %linux-libre-hash "0grk94jym0wz581c7pimia0rszq4h2xqjmf818i4l4qrjd0bnqvk")
+
 (define-public linux-libre
-  (make-linux-libre "4.9.6"
-                    "0mafa628la5qj26rff014mmih2widl5k2sjxg152lmpgijmf6qhd"
+  (make-linux-libre %linux-libre-version
+                    %linux-libre-hash
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.4
-  (make-linux-libre "4.4.45"
-                    "1c6nigbl8yrqpaz89954la956lshr3p0llm52phxq2h06zblsp87"
+  (make-linux-libre "4.4.48"
+                    "0g7ram0b5b7p0c6v5m5im6m5pwa348mhkhf67rs036lzvcw1bvyk"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
@@ -362,10 +369,6 @@ It has been modified to remove all non-free binary blobs.")
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
-;; Avoid rebuilding kernel variants when there is a minor version bump.
-(define %linux-libre-version "4.9.6")
-(define %linux-libre-hash "0mafa628la5qj26rff014mmih2widl5k2sjxg152lmpgijmf6qhd")
-
 (define-public linux-libre-arm-generic
   (make-linux-libre %linux-libre-version
                     %linux-libre-hash
@@ -1770,14 +1773,14 @@ time.")
 (define-public lvm2
   (package
     (name "lvm2")
-    (version "2.02.166")
+    (version "2.02.168")
     (source (origin
               (method url-fetch)
               (uri (string-append "ftp://sources.redhat.com/pub/lvm2/releases/LVM2."
                                   version ".tgz"))
               (sha256
                (base32
-                "150v0mawd2swdvypcmkjd3h3s4n5i1220h6sxx94a8jvp1kb0871"))
+                "03b62hcsj9z37ckd8c21wwpm07s9zblq7grfh58yzcs1vp6x38r3"))
               (modules '((guix build utils)))
               (snippet
                '(begin
@@ -2915,6 +2918,7 @@ from userspace.")
                (base32
                 "180y5y09h30ryf2vim8j30a2npwz1iv9ly5yjmh3wjdkwh2jrdyp"))
               (modules '((guix build utils)))
+              (patches (search-patches "ntfs-3g-CVE-2017-0358.patch"))
               (snippet
                ;; Install under $prefix.
                '(substitute* '("src/Makefile.in" "ntfsprogs/Makefile.in")
@@ -3129,14 +3133,14 @@ the default @code{nsswitch} and the experimental @code{umich_ldap}.")
 (define-public mcelog
   (package
     (name "mcelog")
-    (version "147")
+    (version "148")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://git.kernel.org/cgit/utils/cpu/mce/"
                                   "mcelog.git/snapshot/v" version ".tar.gz"))
               (sha256
                (base32
-                "10xxmqpd348ifbs7w8j0m53agp28r6imv237ha3kmhp632hmyf1d"))
+                "1d5g09ndfsnl56vyhb5xw0zxspnh0f937biw3agqhdfbvw40j9jr"))
               (file-name (string-append name "-" version ".tar.gz"))
               (modules '((guix build utils)))
               (snippet
@@ -3417,3 +3421,126 @@ set the screen to be pitch black at a vaĺue of 0 (or higher).
 
 Light is the successor of lightscript.")
     (license license:gpl3+)))
+
+(define-public tlp
+  (package
+    (name "tlp")
+    (version "0.9")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/linrunner/"
+                    (string-upcase name)
+                    "/archive/" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0xksm8ar6dbq0azbfz8qs9yyzqg1j333lyd5znc074rz8inj4yw8"))))
+    (inputs `(("bash" ,bash)
+              ("dbus" ,dbus)
+              ("ethtool" ,ethtool)
+              ("eudev" ,eudev)
+              ("grep" ,grep)
+              ("hdparm" ,hdparm)
+              ("inetutils" ,inetutils)
+              ("iw" ,iw)
+              ("kmod" ,kmod)
+              ("pciutils" ,pciutils)
+              ("perl" ,perl)
+              ("rfkill" ,rfkill)
+              ("sed" ,sed)
+              ("usbutils" ,usbutils)
+              ("util-linux" ,util-linux)
+              ("wireless-tools" ,wireless-tools)))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (add-before 'build 'setenv
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (setenv "TLP_WITH_SYSTEMD" "0")
+               (setenv "TLP_NO_INIT" "1")
+               (setenv "TLP_NO_PMUTILS" "1")
+               (setenv "TLP_SBIN" (string-append out "/bin"))
+               (setenv "TLP_BIN" (string-append out "/bin"))
+               (setenv "TLP_TLIB" (string-append out "/share/tlp-pm"))
+               (setenv "TLP_ULIB" (string-append out "/lib/udev"))
+               (setenv "TLP_CONF" (string-append out "/etc/tlp"))
+               (setenv "TLP_SHCPL"
+                       (string-append out "/share/bash-completion/completions"))
+               (setenv "TLP_MAN" (string-append out "/share/man")))))
+         (delete 'check)
+         (replace 'install
+           (lambda _
+             (system "make install-tlp install-man")))
+         (add-after 'install 'wrap
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((bin (string-append (assoc-ref outputs "out") "/bin"))
+                    (bin-files (find-files bin ".*")))
+               (define (bin-directory input-name)
+                 (string-append (assoc-ref inputs input-name) "/bin"))
+               (define (sbin-directory input-name)
+                 (string-append (assoc-ref inputs input-name) "/sbin"))
+               (for-each (lambda (program)
+                           (wrap-program program
+                             `("PATH" ":" prefix
+                               ,(append
+                                 (map bin-directory '("bash"
+                                                      "coreutils"
+                                                      "dbus"
+                                                      "eudev"
+                                                      "grep"
+                                                      "inetutils"
+                                                      "kmod"
+                                                      "perl"
+                                                      "sed"
+                                                      "usbutils"
+                                                      "util-linux"))
+                                 (map sbin-directory '("ethtool"
+                                                       "hdparm"
+                                                       "iw"
+                                                       "pciutils"
+                                                       "rfkill"
+                                                       "wireless-tools"))))))
+                         bin-files)))))))
+    (home-page "http://linrunner.de/en/tlp/tlp.html")
+    (synopsis "Power management tool for Linux")
+    (description "TLP is a power management tool for Linux.  It comes with
+a default configuration already optimized for battery life.  Nevertheless,
+TLP is customizable to fulfil system requirements.  TLP settings are applied
+every time the power supply source is changed.")
+
+    ;; 'COPYING' is a custom version that says that one file is GPLv3+ and the
+    ;; rest is GPLv2+.
+    (license (list license:gpl2+ license:gpl3+))))
+
+(define-public lshw
+  (package
+    (name "lshw")
+    (version "B.02.18")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://www.ezix.org/software/"
+                                  "files/lshw-" version
+                                  ".tar.gz"))
+              (sha256
+               (base32
+                "0brwra4jld0d53d7jsgca415ljglmmx1l2iazpj4ndilr48yy8mf"))))
+    (build-system gnu-build-system)
+    (arguments
+      `(#:phases (modify-phases %standard-phases (delete 'configure))
+        #:tests? #f ; no tests
+        #:make-flags
+          (list (string-append "PREFIX=" (assoc-ref %outputs "out")))))
+    (synopsis "List hardware information")
+    (description
+     "@command{lshw} (Hardware Lister) is a small tool to provide
+detailed information on the hardware configuration of the machine.
+It can report exact memory configuration, firmware version, mainboard
+configuration, CPU version and speed, cache configuration, bus speed,
+and more on DMI-capable x86 or EFI (IA-64) systems and on some PowerPC
+machines (PowerMac G4 is known to work).")
+    (home-page "https://www.ezix.org/project/wiki/HardwareLiSter")
+    (license license:gpl2+)))
diff --git a/gnu/packages/lua.scm b/gnu/packages/lua.scm
index 8bb9a401a6..5016732b7a 100644
--- a/gnu/packages/lua.scm
+++ b/gnu/packages/lua.scm
@@ -43,13 +43,13 @@
 (define-public lua
   (package
     (name "lua")
-    (version "5.3.3")
+    (version "5.3.4")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://www.lua.org/ftp/lua-"
                                  version ".tar.gz"))
              (sha256
-              (base32 "18mcfbbmjyp8f2l9yy7n6dzk066nq6man0kpwly4bppphilc04si"))
+              (base32 "0320a8dg3aci4hxla380dx1ifkw8gj4gbw5c4dz41g1kh98sm0gn"))
              (patches (search-patches "lua-pkgconfig.patch"
                                       "lua-liblua-so.patch"))))
     (build-system gnu-build-system)
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 5434687749..a9b2cb3ec9 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -20,6 +20,7 @@
 ;;; Copyright © 2016 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -79,6 +80,7 @@
   #:use-module (gnu packages flex)
   #:use-module (gnu packages gdb)
   #:use-module (gnu packages man)
+  #:use-module (gnu packages ruby)
   #:use-module (gnu packages samba)
   #:use-module (gnu packages screen)
   #:use-module (gnu packages tls)
@@ -455,6 +457,57 @@ can read the same mailbox from multiple computers.  It supports IMAP as REMOTE
 repository and Maildir/IMAP as LOCAL repository.")
     (license gpl2+)))
 
+(define-public emacs-mew
+  (package
+    (name "emacs-mew")
+    (version "6.7")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://mew.org/Release/mew-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "03fzky2kz73vgx4cbps2psbbnrgqgkk5q7jwfldisymkzr9iz03y"))))
+    (native-inputs
+     `(("emacs" ,emacs)))
+    (propagated-inputs
+     `(("ruby-sqlite3" ,ruby-sqlite3) ; optional for the database of messages
+       ("ruby" ,ruby))) ; to set GEM_PATH so ruby-sqlite3 is found at runtime
+    (build-system gnu-build-system)
+    (arguments
+     (let ((elisp-dir "/share/emacs/site-lisp/guix.d/mew")
+           (icon-dir  "/share/mew"))
+       `(#:modules ((guix build gnu-build-system)
+                    (guix build utils)
+                    (guix build emacs-utils))
+         #:imported-modules (,@%gnu-build-system-modules
+                             (guix build emacs-utils))
+         #:configure-flags
+         (list (string-append "--with-elispdir=" %output ,elisp-dir)
+               (string-append "--with-etcdir=" %output ,icon-dir))
+         #:phases
+         (modify-phases %standard-phases
+           (add-after 'configure 'patch-mew-icon-directory
+             (lambda* (#:key outputs #:allow-other-keys)
+               (emacs-substitute-sexps "mew-key.el"
+                 ("(def.* mew-icon-directory"
+                  `(progn
+                    (add-to-list 'image-load-path 'mew-icon-directory)
+                    ,(string-append (assoc-ref outputs "out") ,icon-dir))))
+               #t))
+           (add-after 'install 'generate-autoloads
+             (lambda* (#:key outputs #:allow-other-keys)
+               (emacs-generate-autoloads
+                "mew" (string-append (assoc-ref outputs "out") ,elisp-dir))
+               #t)))
+         #:tests? #f)))
+    (home-page "http://www.mew.org")
+    (synopsis "Emacs e-mail client")
+    (description "Mew (Messaging in the Emacs World) is a user interface
+for text messages, multimedia messages (MIME), news articles and
+security functionality including PGP, S/MIME, SSH, and SSL.")
+    (license bsd-3)))
+
 (define-public mu
   (package
     (name "mu")
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 8892ab0c56..43b0d0a72a 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -313,7 +313,7 @@ integer programming problems and computes Markov bases for statistics.")
     (source
      (origin
       (method url-fetch)
-      (uri (string-append "ftp://ftp.ifor.math.ethz.ch/pub/fukuda/cdd/cddlib-"
+      (uri (string-append "ftp://ftp.math.ethz.ch/users/fukudak/cdd/cddlib-"
                           (string-delete #\. version) ".tar.gz"))
       (sha256
        (base32
@@ -1035,6 +1035,7 @@ Open CASCADE library.")
        ("lapack" ,lapack)
        ("mesa" ,mesa)
        ("glu" ,glu)
+       ("opencascade-oce" ,opencascade-oce)
        ("libx11" ,libx11)
        ("libxext" ,libxext)))
     (inputs
@@ -1043,15 +1044,7 @@ Open CASCADE library.")
     (arguments
      `(#:configure-flags `("-DENABLE_METIS:BOOL=OFF"
                            "-DENABLE_BUILD_SHARED:BOOL=ON"
-                           "-DENABLE_BUILD_DYNAMIC:BOOL=ON")
-       #:phases (modify-phases %standard-phases
-                  (replace
-                   'check
-                   (lambda _
-                     (zero? (system* "make" "test"
-                                     ;; Disable this test.  See
-                                     ;; https://geuz.org/trac/gmsh/ticket/271
-                                     "ARGS=-E component8_in_a_box")))))))
+                           "-DENABLE_BUILD_DYNAMIC:BOOL=ON")))
     (home-page "http://www.geuz.org/gmsh/")
     (synopsis "3D finite element grid generator")
     (description "Gmsh is a 3D finite element grid generator with a built-in
@@ -1992,7 +1985,7 @@ point numbers.")
 (define-public wxmaxima
   (package
     (name "wxmaxima")
-    (version "16.12.0")
+    (version "16.12.2")
     (source
      (origin
        (method url-fetch)
@@ -2000,7 +1993,7 @@ point numbers.")
                            version "/" name "-" version ".tar.gz"))
        (sha256
         (base32
-         "01kas9viqabw5id6crbhz8ahjimmv78gqzizs5hgnj9kngrgrm1h"))))
+         "0y22zhyhyxj2cbhzvs9c4pxr44i55ryfy5xi96d39bg2nbgs9h22"))))
     (build-system gnu-build-system)
     (inputs
      `(("wxwidgets" ,wxwidgets)
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index b8b97eb141..ce874ac436 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -8,6 +8,7 @@
 ;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
 ;;; Copyright © 2016 John J. Foerch <jjfoerch@earthlink.net>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
+;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -2769,3 +2770,51 @@ collections and wantlists, inventory, and orders.")
 
 (define-public python2-discogs-client
   (package-with-python2 python-discogs-client))
+
+(define-public libsmf
+  (package
+    (name "libsmf")
+    (version "1.3")
+    (source
+     (origin
+       (method url-fetch)
+       ;; SF download page says development moved, but the link it points to
+       ;; is gone (https://github.com/nilsgey/libsmf).  Someone else adopted
+       ;; it but made no release so far (https://github.com/stump/libsmf).
+       (uri (string-append "mirror://sourceforge/libsmf/libsmf/"
+                           version "/libsmf-" version ".tar.gz"))
+       (sha256
+        (base32
+         "16c0n40h0r56gzbh5ypxa4dwp296dan3jminml2qkb4lvqarym6k"))))
+    (build-system gnu-build-system)
+    (outputs '("out"
+               "static")) ; 88KiB of .a files
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'move-static-libraries
+           (lambda* (#:key outputs #:allow-other-keys)
+             ;; Move static libraries to the "static" output.
+             (let* ((out    (assoc-ref outputs "out"))
+                    (lib    (string-append out "/lib"))
+                    (static (assoc-ref outputs "static"))
+                    (slib   (string-append static "/lib")))
+               (mkdir-p slib)
+               (for-each (lambda (file)
+                           (install-file file slib)
+                           (delete-file file))
+                         (find-files lib "\\.a$"))
+               #t))))))
+    (inputs
+     `(("readline" ,readline)
+       ("glib" ,glib)))
+    (native-inputs
+     `(("doxygen" ,doxygen)
+       ("pkg-config" ,pkg-config)))
+    (home-page "http://libsmf.sourceforge.net/")
+    (synopsis "Standard MIDI File format library")
+    (description
+     "LibSMF is a C library for handling SMF (\"*.mid\") files.  It transparently handles
+conversions between time and pulses, tempo map handling and more.  The only dependencies
+are a C compiler and glib.  Full API documentation and examples are included.")
+    (license license:bsd-2)))
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 92787d76cc..8291740998 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -25,7 +25,6 @@
   #:use-module (guix utils)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system python)
-  #:use-module ((guix build utils) #:select (with-directory-excursion))
   #:use-module ((guix licenses) #:select (gpl2+ gpl3+ lgpl2.1+ asl2.0))
   #:use-module (gnu packages)
   #:use-module (gnu packages guile)
@@ -53,10 +52,6 @@
   #:use-module (gnu packages tls)
   #:use-module (gnu packages ssh)
   #:use-module (gnu packages vim)
-  #:use-module (srfi srfi-1)
-  #:use-module (srfi srfi-26)
-  #:use-module (ice-9 popen)
-  #:use-module (ice-9 rdelim)
   #:use-module (ice-9 match))
 
 (define (boot-guile-uri arch)
@@ -275,38 +270,8 @@ generated file."
     (_
      #t)))
 
-(define (make-git-predicate directory)
-  "Return a predicate that returns true if a file is part of the Git checkout
-living at DIRECTORY.  Upon Git failure, return #f instead of a predicate."
-  (define (parent-directory? thing directory)
-    ;; Return #t if DIRECTORY is the parent of THING.
-    (or (string-suffix? thing directory)
-        (and (string-index thing #\/)
-             (parent-directory? (dirname thing) directory))))
-
-  (let* ((pipe        (with-directory-excursion directory
-                        (open-pipe* OPEN_READ "git" "ls-files")))
-         (files       (let loop ((lines '()))
-                        (match (read-line pipe)
-                          ((? eof-object?)
-                           (reverse lines))
-                          (line
-                           (loop (cons line lines))))))
-         (status      (close-pipe pipe)))
-    (and (zero? status)
-         (lambda (file stat)
-           (match (stat:type stat)
-             ('directory
-              ;; 'git ls-files' does not list directories, only regular files,
-              ;; so we need this special trick.
-              (any (cut parent-directory? <> file) files))
-             ((or 'regular 'symlink)
-              (any (cut string-suffix? <> file) files))
-             (_
-              #f))))))
-
 (define-public current-guix
-  (let ((select? (delay (or (make-git-predicate
+  (let ((select? (delay (or (git-predicate
                              (string-append (current-source-directory)
                                             "/../.."))
                             source-file?))))
@@ -329,14 +294,14 @@ out) and returning a package that uses that as its 'source'."
 (define-public nix
   (package
     (name "nix")
-    (version "1.11.2")
+    (version "1.11.6")
     (source (origin
              (method url-fetch)
              (uri (string-append "http://nixos.org/releases/nix/nix-"
                                  version "/nix-" version ".tar.xz"))
              (sha256
               (base32
-               "1mk9z75gklxcv6kzwwz1h5r2ci5kjy6bh7qwk4m5lf5v9s0k64pw"))))
+               "18xjg7cfvqzhsmvir6xmw95jxvl2w7icphbbll462xbnj9ddaag7"))))
     (build-system gnu-build-system)
     ;; XXX: Should we pass '--with-store-dir=/gnu/store'?  But then we'd also
     ;; need '--localstatedir=/var'.  But then!  The thing would use /var/nix
diff --git a/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch b/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch
new file mode 100644
index 0000000000..4c6c7ed06e
--- /dev/null
+++ b/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch
@@ -0,0 +1,32 @@
+This fixes a test failure on i686.
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=5e2e111627871c566ffc6607eda8f4ef4699d040
+
+From 5e2e111627871c566ffc6607eda8f4ef4699d040 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 2 Feb 2017 14:56:39 +0200
+Subject: [PATCH] multifdsink: Make sure to use a 64 bit integer for the
+ units-max property
+
+---
+ tests/check/elements/multifdsink.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/check/elements/multifdsink.c b/tests/check/elements/multifdsink.c
+index af138cc92..951b1b9fa 100644
+--- a/tests/check/elements/multifdsink.c
++++ b/tests/check/elements/multifdsink.c
+@@ -869,7 +869,7 @@ GST_START_TEST (test_client_kick)
+   gint i, initial_buffers = 3, num_buffers = 0;
+ 
+   sink = setup_multifdsink ();
+-  g_object_set (sink, "units-max", initial_buffers, NULL);
++  g_object_set (sink, "units-max", (gint64) initial_buffers, NULL);
+ 
+   fail_if (pipe (pfd1) == -1);
+   fail_if (pipe (pfd2) == -1);
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/libvpx-CVE-2016-2818.patch b/gnu/packages/patches/libvpx-CVE-2016-2818.patch
index 1fdf01cbca..bef3448b81 100644
--- a/gnu/packages/patches/libvpx-CVE-2016-2818.patch
+++ b/gnu/packages/patches/libvpx-CVE-2016-2818.patch
@@ -9,15 +9,15 @@ Patch contents copied from Mozilla esr45 changeset 312077:7ebfe49f001c
 
 --- libvpx-1.5.0/vp8/vp8_cx_iface.c.orig	2015-11-09 17:12:38.000000000 -0500
 +++ libvpx-1.5.0/vp8/vp8_cx_iface.c	2016-06-08 08:48:46.037213092 -0400
-@@ -925,11 +925,19 @@
-         {
-             res = image2yuvconfig(img, &sd);
+@@ -860,11 +860,20 @@
+     if (img != NULL) {
+       res = image2yuvconfig(img, &sd);
  
--            if (vp8_receive_raw_frame(ctx->cpi, ctx->next_frame_flag | lib_flags,
--                                      &sd, dst_time_stamp, dst_end_time_stamp))
--            {
--                VP8_COMP *cpi = (VP8_COMP *)ctx->cpi;
--                res = update_error_state(ctx, &cpi->common.error);
+-      if (vp8_receive_raw_frame(ctx->cpi, ctx->next_frame_flag | lib_flags, &sd,
+-                                dst_time_stamp, dst_end_time_stamp)) {
+-        VP8_COMP *cpi = (VP8_COMP *)ctx->cpi;
+-        res = update_error_state(ctx, &cpi->common.error);
+-      }
 +            if (sd.y_width != ctx->cfg.g_w || sd.y_height != ctx->cfg.g_h) {
 +                /* from vp8_encoder.h for g_w/g_h:
 +                   "Note that the frames passed as input to the encoder must have this resolution"
@@ -31,6 +31,7 @@ Patch contents copied from Mozilla esr45 changeset 312077:7ebfe49f001c
 +                    VP8_COMP *cpi = (VP8_COMP *)ctx->cpi;
 +                    res = update_error_state(ctx, &cpi->common.error);
 +                }
-             }
++            }
  
-             /* reset for next frame */
+       /* reset for next frame */
+       ctx->next_frame_flag = 0;
diff --git a/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch
new file mode 100644
index 0000000000..6edd676e38
--- /dev/null
+++ b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch
@@ -0,0 +1,42 @@
+Fix CVE-2017-0358:
+http://seclists.org/oss-sec/2017/q1/259
+This patch was copied from the above URL.
+
+diff -ur ntfs-3g.old/src/lowntfs-3g.c ntfs-3g/src/lowntfs-3g.c
+--- ntfs-3g.old/src/lowntfs-3g.c	2017-02-09 15:01:04.074331542 -0500
++++ ntfs-3g/src/lowntfs-3g.c	2017-02-09 15:06:35.757580937 -0500
+@@ -3827,13 +3827,14 @@
+	struct stat st;
+	pid_t pid;
+	const char *cmd = "/sbin/modprobe";
++	char *env = (char*)NULL;
+	struct timespec req = { 0, 100000000 };   /* 100 msec */
+	fuse_fstype fstype;
+        
+	if (!stat(cmd, &st) && !geteuid()) {
+		pid = fork();
+		if (!pid) {
+-			execl(cmd, cmd, "fuse", NULL);
++			execle(cmd, cmd, "fuse", NULL, &env);
+			_exit(1);
+		} else if (pid != -1)
+			waitpid(pid, NULL, 0);
+diff -ur ntfs-3g.old/src/ntfs-3g.c ntfs-3g/src/ntfs-3g.c
+--- ntfs-3g.old/src/ntfs-3g.c	2017-02-09 15:01:04.074331542 -0500
++++ ntfs-3g/src/ntfs-3g.c	2017-02-09 15:06:26.077252571 -0500
+@@ -3612,13 +3612,14 @@
+	struct stat st;
+	pid_t pid;
+	const char *cmd = "/sbin/modprobe";
++	char *env = (char*)NULL;
+	struct timespec req = { 0, 100000000 };   /* 100 msec */
+	fuse_fstype fstype;
+	
+	if (!stat(cmd, &st) && !geteuid()) {
+		pid = fork();
+		if (!pid) {
+-			execl(cmd, cmd, "fuse", NULL);
++			execle(cmd, cmd, "fuse", NULL, &env);
+			_exit(1);
+		} else if (pid != -1)
+			waitpid(pid, NULL, 0);
diff --git a/gnu/packages/patches/p7zip-CVE-2016-9296.patch b/gnu/packages/patches/p7zip-CVE-2016-9296.patch
new file mode 100644
index 0000000000..3fa80377ad
--- /dev/null
+++ b/gnu/packages/patches/p7zip-CVE-2016-9296.patch
@@ -0,0 +1,24 @@
+From: Robert Luberda <robert@debian.org>
+Date: Sat, 19 Nov 2016 08:48:08 +0100
+Subject: Fix nullptr dereference (CVE-2016-9296)
+
+Patch taken from https://sourceforge.net/p/p7zip/bugs/185/
+This patch file taken from Debian's patch set for p7zip
+---
+ CPP/7zip/Archive/7z/7zIn.cpp | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/CPP/7zip/Archive/7z/7zIn.cpp b/CPP/7zip/Archive/7z/7zIn.cpp
+index b0c6b98..7c6dde2 100644
+--- a/CPP/7zip/Archive/7z/7zIn.cpp
++++ b/CPP/7zip/Archive/7z/7zIn.cpp
+@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedStreams(
+       if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
+         ThrowIncorrect();
+   }
+-  HeadersSize += folders.PackPositions[folders.NumPackStreams];
++  if (folders.PackPositions)
++      HeadersSize += folders.PackPositions[folders.NumPackStreams];
+   return S_OK;
+ }
+ 
diff --git a/gnu/packages/patches/qemu-CVE-2017-2615.patch b/gnu/packages/patches/qemu-CVE-2017-2615.patch
new file mode 100644
index 0000000000..ede1f8c89d
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-2615.patch
@@ -0,0 +1,52 @@
+http://git.qemu.org/?p=qemu.git;a=patch;h=62d4c6bd5263bb8413a06c80144fc678df6dfb64
+this patch is from qemu-git.
+
+
+From 62d4c6bd5263bb8413a06c80144fc678df6dfb64 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 1 Feb 2017 09:35:01 +0100
+Subject: [PATCH] cirrus: fix oob access issue (CVE-2017-2615)
+
+When doing bitblt copy in backward mode, we should minus the
+blt width first just like the adding in the forward mode. This
+can avoid the oob access of the front of vga's vram.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+
+{ kraxel: with backward blits (negative pitch) addr is the topmost
+          address, so check it as-is against vram size ]
+
+Cc: qemu-stable@nongnu.org
+Cc: P J P <ppandit@redhat.com>
+Cc: Laszlo Ersek <lersek@redhat.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106)
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Message-id: 1485938101-26602-1-git-send-email-kraxel@redhat.com
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+---
+ hw/display/cirrus_vga.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
+index 7db6409dc5..16f27e8ac5 100644
+--- a/hw/display/cirrus_vga.c
++++ b/hw/display/cirrus_vga.c
+@@ -274,10 +274,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
+ {
+     if (pitch < 0) {
+         int64_t min = addr
+-            + ((int64_t)s->cirrus_blt_height-1) * pitch;
+-        int32_t max = addr
+-            + s->cirrus_blt_width;
+-        if (min < 0 || max > s->vga.vram_size) {
++            + ((int64_t)s->cirrus_blt_height - 1) * pitch
++            - s->cirrus_blt_width;
++        if (min < -1 || addr >= s->vga.vram_size) {
+             return true;
+         }
+     } else {
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5578.patch b/gnu/packages/patches/qemu-CVE-2017-5578.patch
new file mode 100644
index 0000000000..05655bcd98
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5578.patch
@@ -0,0 +1,39 @@
+http://git.qemu.org/?p=qemu.git;a=patch;h=204f01b30975923c64006f8067f0937b91eea68b
+this patch is from qemu-git.
+
+
+From 204f01b30975923c64006f8067f0937b91eea68b Mon Sep 17 00:00:00 2001
+From: Li Qiang <liq3ea@gmail.com>
+Date: Thu, 29 Dec 2016 04:28:41 -0500
+Subject: [PATCH] virtio-gpu: fix memory leak in resource attach backing
+
+In the resource attach backing function, everytime it will
+allocate 'res->iov' thus can leading a memory leak. This
+patch avoid this.
+
+Signed-off-by: Li Qiang <liq3ea@gmail.com>
+Message-id: 1483003721-65360-1-git-send-email-liq3ea@gmail.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/display/virtio-gpu.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
+index 6a26258cac..ca88cf478d 100644
+--- a/hw/display/virtio-gpu.c
++++ b/hw/display/virtio-gpu.c
+@@ -714,6 +714,11 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g,
+         return;
+     }
+ 
++    if (res->iov) {
++        cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
++        return;
++    }
++
+     ret = virtio_gpu_create_mapping_iov(&ab, cmd, &res->addrs, &res->iov);
+     if (ret != 0) {
+         cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5579.patch b/gnu/packages/patches/qemu-CVE-2017-5579.patch
new file mode 100644
index 0000000000..7630012d54
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5579.patch
@@ -0,0 +1,44 @@
+http://git.qemu.org/?p=qemu.git;a=patch;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b
+this patch is from qemu-git.
+
+
+From 8409dc884a201bf74b30a9d232b6bbdd00cb7e2b Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 4 Jan 2017 00:43:16 -0800
+Subject: [PATCH] serial: fix memory leak in serial exit
+
+The serial_exit_core function doesn't free some resources.
+This can lead memory leak when hotplug and unplug. This
+patch avoid this.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Message-Id: <586cb5ab.f31d9d0a.38ac3.acf2@mx.google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/char/serial.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/hw/char/serial.c b/hw/char/serial.c
+index ffbacd8227..67b18eda12 100644
+--- a/hw/char/serial.c
++++ b/hw/char/serial.c
+@@ -906,6 +906,16 @@ void serial_realize_core(SerialState *s, Error **errp)
+ void serial_exit_core(SerialState *s)
+ {
+     qemu_chr_fe_deinit(&s->chr);
++
++    timer_del(s->modem_status_poll);
++    timer_free(s->modem_status_poll);
++
++    timer_del(s->fifo_timeout_timer);
++    timer_free(s->fifo_timeout_timer);
++
++    fifo8_destroy(&s->recv_fifo);
++    fifo8_destroy(&s->xmit_fifo);
++
+     qemu_unregister_reset(serial_reset, s);
+ }
+ 
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5856.patch b/gnu/packages/patches/qemu-CVE-2017-5856.patch
new file mode 100644
index 0000000000..bee0824c0a
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5856.patch
@@ -0,0 +1,68 @@
+http://git.qemu.org/?p=qemu.git;a=patch;h=765a707000e838c30b18d712fe6cb3dd8e0435f3
+this patch is from qemu-git.
+
+
+From 765a707000e838c30b18d712fe6cb3dd8e0435f3 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Mon, 2 Jan 2017 11:03:33 +0100
+Subject: [PATCH] megasas: fix guest-triggered memory leak
+
+If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd
+will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory.
+Avoid this by returning only the status from map_dcmd, and loading
+cmd->iov_size in the caller.
+
+Reported-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/scsi/megasas.c |   11 ++++++-----
+ 1 files changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
+index 67fc1e7..6233865 100644
+--- a/hw/scsi/megasas.c
++++ b/hw/scsi/megasas.c
+@@ -683,14 +683,14 @@ static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd)
+         trace_megasas_dcmd_invalid_sge(cmd->index,
+                                        cmd->frame->header.sge_count);
+         cmd->iov_size = 0;
+-        return -1;
++        return -EINVAL;
+     }
+     iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl);
+     iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl);
+     pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), 1);
+     qemu_sglist_add(&cmd->qsg, iov_pa, iov_size);
+     cmd->iov_size = iov_size;
+-    return cmd->iov_size;
++    return 0;
+ }
+ 
+ static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size)
+@@ -1559,19 +1559,20 @@ static const struct dcmd_cmd_tbl_t {
+ 
+ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
+ {
+-    int opcode, len;
++    int opcode;
+     int retval = 0;
++    size_t len;
+     const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
+ 
+     opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+     trace_megasas_handle_dcmd(cmd->index, opcode);
+-    len = megasas_map_dcmd(s, cmd);
+-    if (len < 0) {
++    if (megasas_map_dcmd(s, cmd) < 0) {
+         return MFI_STAT_MEMORY_NOT_AVAILABLE;
+     }
+     while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
+         cmdptr++;
+     }
++    len = cmd->iov_size;
+     if (cmdptr->opcode == -1) {
+         trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
+         retval = megasas_dcmd_dummy(s, cmd);
+-- 
+1.7.0.4
+
diff --git a/gnu/packages/patches/vsearch-unbundle-cityhash.patch b/gnu/packages/patches/vsearch-unbundle-cityhash.patch
new file mode 100644
index 0000000000..b1ecb1f063
--- /dev/null
+++ b/gnu/packages/patches/vsearch-unbundle-cityhash.patch
@@ -0,0 +1,73 @@
+diff --git a/src/Makefile.am b/src/Makefile.am
+index e56a8a2..4adcc48 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -3,7 +3,7 @@ bin_PROGRAMS = $(top_builddir)/bin/vsearch
+ if TARGET_PPC
+ AM_CXXFLAGS=-Wall -Wsign-compare -O3 -g -mcpu=power8
+ else
+-AM_CXXFLAGS=-Wall -Wsign-compare -O3 -g
++AM_CXXFLAGS=-Wall -Wsign-compare -O3 -g -lcityhash
+ endif
+ 
+ AM_CFLAGS=$(AM_CXXFLAGS)
+@@ -18,8 +18,6 @@ allpairs.h \
+ arch.h \
+ bitmap.h \
+ chimera.h \
+-city.h \
+-citycrc.h \
+ cluster.h \
+ cpu.h \
+ db.h \
+@@ -59,31 +57,26 @@ xstring.h
+ 
+ if TARGET_PPC
+ libcpu_a_SOURCES = cpu.cc $(VSEARCHHEADERS)
+-noinst_LIBRARIES = libcpu.a libcityhash.a
++noinst_LIBRARIES = libcpu.a
+ else
+ libcpu_sse2_a_SOURCES = cpu.cc $(VSEARCHHEADERS)
+ libcpu_sse2_a_CXXFLAGS = $(AM_CXXFLAGS) -msse2
+ libcpu_ssse3_a_SOURCES = cpu.cc $(VSEARCHHEADERS)
+ libcpu_ssse3_a_CXXFLAGS = $(AM_CXXFLAGS) -mssse3 -DSSSE3
+-noinst_LIBRARIES = libcpu_sse2.a libcpu_ssse3.a libcityhash.a
++noinst_LIBRARIES = libcpu_sse2.a libcpu_ssse3.a
+ endif
+ 
+-libcityhash_a_SOURCES = city.cc city.h
+-
+ if TARGET_WIN
+ 
+-libcityhash_a_CXXFLAGS = -Wall -Wno-sign-compare -O3 -g -D_MSC_VER
+-__top_builddir__bin_vsearch_LDFLAGS = -static
+-__top_builddir__bin_vsearch_LDADD = libregex.a libcityhash.a libcpu_ssse3.a libcpu_sse2.a
++__top_builddir__bin_vsearch_LDFLAGS = -static -lcityhash
++__top_builddir__bin_vsearch_LDADD = libregex.a libcpu_ssse3.a libcpu_sse2.a
+ 
+ else
+ 
+-libcityhash_a_CXXFLAGS = -Wall -Wno-sign-compare -O3 -g
+-
+ if TARGET_PPC
+-__top_builddir__bin_vsearch_LDADD = libcityhash.a libcpu.a
++__top_builddir__bin_vsearch_LDADD = libcpu.a
+ else
+-__top_builddir__bin_vsearch_LDADD = libcityhash.a libcpu_ssse3.a libcpu_sse2.a
++__top_builddir__bin_vsearch_LDADD = libcpu_ssse3.a libcpu_sse2.a
+ endif
+ 
+ endif
+diff --git a/src/vsearch.h b/src/vsearch.h
+index f2c244b..5f51bbe 100644
+--- a/src/vsearch.h
++++ b/src/vsearch.h
+@@ -148,7 +148,7 @@
+ #include <bzlib.h>
+ #endif
+ 
+-#include "city.h"
++#include <city.h>
+ #include "md5.h"
+ #include "sha1.h"
+ 
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index b93ab5ee78..c328e9bd15 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -23,7 +23,7 @@
 ;;; Copyright © 2016 Daniel Pimentel <d4n1@d4n1.org>
 ;;; Copyright © 2016 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2016 Troy Sankey <sankeytms@gmail.com>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2016 Dylan Jeffers <sapientech@sapientech@openmailbox.org>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
@@ -35,6 +35,7 @@
 ;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 Thomas Danckaert <post@thomasdanckaert.be>
 ;;; Copyright © 2017 Carlo Zancanaro <carlo@zancanaro.id.au>
+;;; Copyright © 2017 Frederick M. Muriithi <fredmanglis@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1064,14 +1065,14 @@ Python file, so it can be easily copied into your project.")
 (define-public python-dateutil-2
   (package
     (name "python-dateutil")
-    (version "2.5.2")
+    (version "2.5.3")
     (source
      (origin
       (method url-fetch)
       (uri (pypi-uri "python-dateutil" version))
       (sha256
        (base32
-        "0jrfpcgvgya6hs45dhrd9yiqgdgz9qp9aa07zsw8gqgn8zphff86"))))
+        "1v9j9fmf8g911yg6k01xa2db6dx3wv73zkk7fncsj7vagjqgs20l"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-six" ,python-six)))
@@ -5993,6 +5994,28 @@ complexity of Python source code.")
 (define-public python2-flake8-2.2.4
   (package-with-python2 python-flake8-2.2.4))
 
+(define-public python-flake8-polyfill
+  (package
+    (name "python-flake8-polyfill")
+    (version "1.0.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "flake8-polyfill" version))
+       (sha256
+        (base32
+         "02gn2wxvh9vnf7m7dld7ca4l60mg5c370hv3swwppkngwaqmcw67"))))
+    (build-system python-build-system)
+    (home-page "https://gitlab.com/pycqa/flake8-polyfill")
+    (synopsis "Polyfill package for Flake8 plugins")
+    (description
+     "This package that provides some compatibility helpers for Flake8
+plugins that intend to support Flake8 2.x and 3.x simultaneously.")
+    (license license:expat)))
+
+(define-public python2-flake8-polyfill
+  (package-with-python2 python-flake8-polyfill))
+
 (define-public python-mistune
   (package
     (name "python-mistune")
@@ -12537,3 +12560,111 @@ console.")
 This implementation is slow (hence the project name) but still useful when
 faster ones are not available.")
     (license license:asl2.0)))
+
+(define-public python-rst2ansi
+  (package
+    (name "python-rst2ansi")
+    (version "0.1.5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "rst2ansi" version))
+       (sha256
+        (base32
+         "0vzy6gd60l79ff750scl0sz48r1laalkl6md6dwzah4dcadgn5qv"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-docutils" ,python-docutils)))
+    (home-page "https://github.com/Snaipe/python-rst-to-ansi")
+    (synopsis "Convert RST to ANSI-decorated console output")
+    (description
+     "Python module dedicated to rendering RST (reStructuredText) documents
+to ansi-escaped strings suitable for display in a terminal.")
+    (license license:expat)))
+
+(define-public python-ddt
+  (package
+    (name "python-ddt")
+    (version "1.1.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "ddt" version))
+       (sha256
+        (base32
+         "1c00ikkxr7lha97c81k938bzhgd4pbwamkjn0h4nkhr3xk00zp6n"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-mock" ,python-mock)
+       ("python-nose" ,python-nose)))
+    (propagated-inputs
+     `(("python-six" ,python-six)
+       ("python-pyyaml" ,python-pyyaml)))
+    (home-page "https://github.com/txels/ddt")
+    (synopsis "Data-Driven Tests")
+    (description
+     "DDT (Data-Driven Tests) allows you to multiply one test case by running
+it with different test data, and make it appear as multiple test cases.")
+    (license license:expat)))
+
+(define-public python2-ddt
+  (package-with-python2 python-ddt))
+
+(define-public python-pycosat
+  (package
+    (name "python-pycosat")
+    (version "0.6.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "pycosat" version))
+       (sha256
+        (base32
+         "1kl3wh1f47rc712n4bmwplbx3fqz3x9i1b587jrbpmvdva4c8f6l"))))
+    ;; TODO: Unundle picosat. http://fmv.jku.at/picosat/
+    (build-system python-build-system)
+    (home-page "https://github.com/ContinuumIO/pycosat")
+    (synopsis "Bindings to picosat (a SAT solver)")
+    (description
+     "This package provides efficient Python bindings to @code{picosat} on
+the C level.  When importing pycosat, the @code{picosat} solver becomes part
+of the Python process itself.  @code{picosat} is a @dfn{Boolean Satisfiability
+Problem} (SAT) solver.")
+    (license license:expat)))
+
+(define-public python2-pycosat
+  (package-with-python2 python-pycosat))
+
+(define-public python2-ruamel.ordereddict
+  (package
+    (name "python2-ruamel.ordereddict")
+    (version "0.4.9")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "ruamel.ordereddict" version))
+       (sha256
+        (base32
+         "1xmkl8v9l9inm2pyxgc1fm5005yxm7fkd5gv74q7lj1iy5qc8n3h"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:python ,python-2
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'check)
+         (add-after 'install 'check
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (add-installed-pythonpath inputs outputs)
+             (zero? (system* "python" "test/testordereddict.py")))))))
+    (home-page "https://bitbucket.org/ruamel/ordereddict")
+    (synopsis "Version of dict that keeps keys in insertion order")
+    (description
+     "This is an implementation of an ordered dictionary with @dfn{Key
+Insertion Order} (KIO: updates of values do not affect the position of the
+key), @dfn{Key Value Insertion Order} (KVIO, an existing key's position is
+removed and put at the back).  The standard library module @code{OrderedDict},
+implemented later, implements a subset of @code{ordereddict} functionality.
+Sorted dictionaries are also provided.  Currently only with @dfn{Key Sorted
+Order} (KSO, no sorting function can be specified, but a transform can be
+specified to apply on the key before comparison (e.g. @code{string.lower})).")
+    (license license:expat)))
diff --git a/gnu/packages/qemu.scm b/gnu/packages/qemu.scm
index 1c10ab9aee..b4920cfc25 100644
--- a/gnu/packages/qemu.scm
+++ b/gnu/packages/qemu.scm
@@ -78,9 +78,13 @@
               (base32
                "0qjy3rcrn89n42y5iz60kgr0rrl29hpnj8mq2yvbc1wrcizmvzfs"))
              (patches (search-patches "qemu-CVE-2016-10155.patch"
+                                      "qemu-CVE-2017-2615.patch"
                                       "qemu-CVE-2017-5525.patch"
                                       "qemu-CVE-2017-5526.patch"
-                                      "qemu-CVE-2017-5552.patch"))))
+                                      "qemu-CVE-2017-5552.patch"
+                                      "qemu-CVE-2017-5578.patch"
+                                      "qemu-CVE-2017-5579.patch"
+                                      "qemu-CVE-2017-5856.patch"))))
     (build-system gnu-build-system)
     (arguments
      '(;; Running tests in parallel can occasionally lead to failures, like:
diff --git a/gnu/packages/rdesktop.scm b/gnu/packages/rdesktop.scm
index e40852b4ec..3eb82f22f3 100644
--- a/gnu/packages/rdesktop.scm
+++ b/gnu/packages/rdesktop.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -20,9 +21,19 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages gstreamer)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages tls)
-  #:use-module (gnu packages xorg))
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages xorg)
+  #:use-module (gnu packages xml))
 
 (define-public rdesktop
   (package
@@ -57,3 +68,63 @@
 capable of natively speaking Remote Desktop Protocol (RDP).  It allows users
 to remotely control a user's Windows desktop.")
     (license license:gpl3+)))
+
+(define-public freerdp
+  (package
+    (name "freerdp")
+    (version "1.2.0-beta1+android9")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "git://github.com/FreeRDP/FreeRDP.git")
+                    (commit version)))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32 "1m0lzrr7hkxfvc5f9p8snimv0rmin2463zhg25mv36wig8g5k7l3"))))
+    (build-system cmake-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("xmlto" ,xmlto)))
+    (inputs
+     `(("libx11" ,libx11)
+       ("libxkbfile" ,libxkbfile)
+       ("libxcursor" ,libxcursor)
+       ("libxext" ,libxext)
+       ("libxi" ,libxi)
+       ("libxv" ,libxv)
+       ("libxrandr" ,libxrandr)
+       ("libxrender" ,libxrender)
+       ("libxinerama" ,libxinerama)
+       ("libxshmfence" ,libxshmfence)
+       ("libxml2" ,libxml2)
+       ("libxslt" ,libxslt)
+       ("cups" ,cups)
+       ("ffmpeg" ,ffmpeg)
+       ("pulseaudio" ,pulseaudio)
+       ("alsa-lib" ,alsa-lib)
+       ("gstreamer" ,gstreamer)
+       ("gst-plugins-base" ,gst-plugins-base)
+       ("zlib" ,zlib)
+       ("openssl" ,openssl)))
+    (arguments
+     `(#:configure-flags
+       '("-DCMAKE_INSTALL_LIBDIR=lib"
+         "-DWITH_PULSE=ON"
+         "-DWITH_CUPS=ON")
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'patch-cmakelists
+           (lambda _
+             ;; CMake would return an error on REMOVE_DUPLICATES because this
+             ;; list is empty.
+             (substitute* "channels/client/CMakeLists.txt"
+               (("list\\(REMOVE_DUPLICATES CHANNEL_STATIC_CLIENT_ENTRIES\\)")
+                "")))))
+       #:tests? #f))                              ; no 'test' target
+    (home-page "https://www.freerdp.com")
+    (synopsis "Remote Desktop Protocol implementation")
+    (description "FreeRDP implements Microsoft's Remote Desktop Protocol.  It
+consists of the @code{xfreerdp} client, libraries for client and server
+functionality, and Windows Portable Runtime (WinPR), a portable implementation
+of parts of the Windows API.")
+    (license license:asl2.0)))
diff --git a/gnu/packages/re2c.scm b/gnu/packages/re2c.scm
new file mode 100644
index 0000000000..c7f2966384
--- /dev/null
+++ b/gnu/packages/re2c.scm
@@ -0,0 +1,47 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Sergei Trofimovich <slyfox@inbox.ru>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages re2c)
+  #:use-module (guix licenses)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix build-system gnu))
+
+(define-public re2c
+  (package
+    (name "re2c")
+    (version "0.16")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "https://github.com/skvadrik/" name
+                                 "/releases/download/" version "/"
+                                 name "-" version ".tar.gz"))
+             (sha256
+              (base32
+               "114y0s4vmzip4hkf4cbz4yv8s498gzaylnphbzmwqhbn55j2bha8"))))
+    (build-system gnu-build-system)
+    (home-page "http://re2c.org/")
+    (synopsis "Lexer generator for C/C++")
+    (description
+     "@code{re2c} generates minimalistic hard-coded state machine (as opposed
+to full-featured table-based lexers).  Flexible API allows generated code
+to be wired into virtually any environment.  Instead of exposing traditional
+@code{yylex()} style API, re2c exposes its internals.  Be sure to take a look
+at examples, they cover a lot of real-world cases and shed some light on dark
+corners of re2c API.")
+    (license public-domain)))
diff --git a/gnu/packages/rust.scm b/gnu/packages/rust.scm
index ae04530041..fb284102da 100644
--- a/gnu/packages/rust.scm
+++ b/gnu/packages/rust.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;; Copyright © 2016 Eric Le Bihan <eric.le.bihan.dev@free.fr>
 ;;; Copyright © 2016 ng0 <ng0@libertad.pw>
+;;; Copyright © 2017 Ben Woodcroft <donttrustben@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -272,6 +273,8 @@ rustc-bootstrap and cargo-bootstrap packages.")
                (wrap-program (string-append out "/bin/rustc")
                  `("PATH" ":" prefix (,(string-append ld-wrapper "/bin")))
                  `("LIBRARY_PATH" ":" suffix (,(string-append libc "/lib"))))))))))
+    ;; rustc invokes gcc, so we need to set its search paths accordingly.
+    (native-search-paths (package-native-search-paths gcc))
     (synopsis "Compiler for the Rust progamming language")
     (description "Rust is a systems programming language that provides memory
 safety and thread safety guarantees.")
diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm
index d4a7d8090f..66a8135bbf 100644
--- a/gnu/packages/shells.scm
+++ b/gnu/packages/shells.scm
@@ -83,14 +83,14 @@ direct descendant of NetBSD's Almquist Shell (@command{ash}).")
 (define-public fish
   (package
     (name "fish")
-    (version "2.4.0")
+    (version "2.5.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://fishshell.com/files/"
                                   version "/fish-" version ".tar.gz"))
               (sha256
                (base32
-                "1iggr6ah0siyak073v2w4sx1man19q8jsxns8i09qhv06crb5fq6"))
+                "0kn2n9qr9cksg2cl78f3w0yd24368d35djhi6w5x3gbdxk23ywq3"))
               (modules '((guix build utils)))
               ;; Don't try to install /etc/fish/config.fish.
               (snippet
@@ -98,7 +98,12 @@ direct descendant of NetBSD's Almquist Shell (@command{ash}).")
                   ((".*INSTALL.*sysconfdir.*fish.*") "")))))
     (build-system gnu-build-system)
     (native-inputs
-     `(("doxygen" ,doxygen)))
+     `(("doxygen" ,doxygen)
+       ;; XXX These are needed to bootstrap the 2.5.0 tarball, and can probably
+       ;; be removed along with the ‘bootstrap’ phase on the next update.
+       ("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("libtool" ,libtool)))
     (inputs
      `(("bc" ,bc)
        ("ncurses" ,ncurses)
@@ -119,7 +124,10 @@ direct descendant of NetBSD's Almquist Shell (@command{ash}).")
                                "/bin/bc")))
              (substitute* "share/functions/fish_update_completions.fish"
                (("python") (which "python")))
-             #t)))))
+             #t))
+         (add-before 'configure 'bootstrap
+           (lambda _
+             (zero? (system* "autoreconf" "-vfi")))))))
     (synopsis "The friendly interactive shell")
     (description
      "Fish (friendly interactive shell) is a shell focused on interactive use,
@@ -332,14 +340,14 @@ ksh, and tcsh.")
 (define-public xonsh
   (package
     (name "xonsh")
-    (version "0.5.2")
+    (version "0.5.3")
     (source
       (origin
         (method url-fetch)
         (uri (pypi-uri "xonsh" version))
         (sha256
           (base32
-            "13ndyq9cal2j93qqbjyp2jn3cshiavdxsaj2qjzm6mas0gzywmf0"))
+            "1pb1am26wl21g798lpl091j95900py7jj4g98rs9qkhywiln4z4q"))
         (modules '((guix build utils)))
         (snippet
          `(begin
diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm
index 596c2baf5c..133ce41c43 100644
--- a/gnu/packages/statistics.scm
+++ b/gnu/packages/statistics.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2016 Pjotr Prins <pjotr.guix@thebird.nl>
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
 ;;; Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
-;;; Copyright © 2016 Raoul Bonnal <ilpuccio.febo@gmail.com>
+;;; Copyright © 2016, 2017 Raoul Bonnal <ilpuccio.febo@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -116,7 +116,9 @@ be output in text, PostScript, PDF or HTML.")
      `(#:make-flags
        (list (string-append "LDFLAGS=-Wl,-rpath="
                             (assoc-ref %outputs "out")
-                            "/lib/R/lib"))
+                            "/lib/R/lib")
+             ;; This affects the embedded timestamp of only the core packages.
+             "PKG_BUILT_STAMP=1970-01-01")
        #:phases
        (modify-phases %standard-phases
          (add-before 'configure 'patch-uname
@@ -126,8 +128,13 @@ be output in text, PostScript, PDF or HTML.")
                (substitute* "src/scripts/R.sh.in"
                  (("uname") uname-bin)))
              #t))
-         (add-before
-          'configure 'set-default-pager
+         (add-after 'unpack 'build-recommended-packages-reproducibly
+           (lambda _
+             (substitute* "src/library/Recommended/Makefile.in"
+               (("INSTALL_OPTS =.*" line)
+                (string-append line " --built-timestamp=1970-01-01")))
+             #t))
+         (add-before 'configure 'set-default-pager
           ;; Set default pager to "cat", because otherwise it is "false",
           ;; making "help()" print nothing at all.
           (lambda _ (setenv "PAGER" "cat") #t))
@@ -4006,6 +4013,27 @@ dispersion modeling and Tweedie power-law families.")
     ;; Statmod is distributed under either license
     (license (list license:gpl2 license:gpl3))))
 
+(define-public r-rann
+  (package
+    (name "r-rann")
+    (version "2.5")
+    (source (origin
+              (method url-fetch)
+              (uri (cran-uri "RANN" version))
+              (sha256
+               (base32
+                "007cgqg9bybg2zlljbv5m6cmlm3r6i251018rpgjcn0xnm9sjsj7"))))
+    (properties
+     `((upstream-name . "RANN")))
+    (build-system r-build-system)
+    (home-page "https://github.com/jefferis/RANN")
+    (synopsis "Fast nearest neighbour search")
+    (description
+     "This package finds the k nearest neighbours for every point in a given
+dataset in O(N log N) time using Arya and Mount's ANN library.  Provides
+approximate, exact searches, fixed radius searches, bd and kb trees.")
+    (license license:gpl3+)))
+
 (define-public r-fivethirtyeight
   (package
     (name "r-fivethirtyeight")
@@ -4145,3 +4173,25 @@ regression.")
 perform @dfn{independent component analysis} (ICA) and projection pursuit.")
     ;; Any GPL version.
     (license license:gpl3+)))
+
+(define-public r-randomforest
+  (package
+    (name "r-randomforest")
+    (version "4.6-12")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "randomForest" version))
+       (sha256
+        (base32
+         "1i43idaihhl6nwqw42v9dqpl6f8z3ykcn2in32lh2755i27jylbf"))))
+    (properties `((upstream-name . "randomForest")))
+    (build-system r-build-system)
+    (home-page "https://www.stat.berkeley.edu/~breiman/RandomForests/")
+    (native-inputs
+     `(("gfortran" ,gfortran)))
+    (synopsis "Breiman and Cutler's random forests for classification and regression")
+    (description
+"This package provides the Breiman and Cutler's random forests algorithm, based on a
+forest of trees using random inputs, for classification and regression.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index c004086b83..278d213398 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -489,13 +489,14 @@ security, and applying best practice development processes.")
 (define-public python-acme
   (package
     (name "python-acme")
-    (version "0.10.2")
+    ;; Remember to update the hash of certbot when updating python-acme.
+    (version "0.11.1")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "acme" version))
       (sha256
        (base32
-        "0y6y8d66yvwdcby96g0dlqqwy72b81yh6hws4va8r7w4aribcrb4"))))
+        "0kk95iqxygrg0cd66kq8kbyalg2x5pz9hn1175cgwgf1vy72adfv"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -538,13 +539,15 @@ security, and applying best practice development processes.")
 (define-public certbot
   (package
     (name "certbot")
-    (version "0.10.2")
+    ;; Certbot and python-acme are developed in the same repository, and their
+    ;; versions should remain synchronized.
+    (version (package-version python-acme))
     (source (origin
               (method url-fetch)
               (uri (pypi-uri name version))
               (sha256
                (base32
-                "0c8nidbbq8p4rjhcrw31saw04n5rz4zgr08chbch17gw03hrqwik"))))
+                "1wis5kgqcsrs60kkcmbrbx8z9yasmwa6lg9ir5im232hdm4285vc"))))
     (build-system python-build-system)
     (arguments
      `(#:python ,python-2
diff --git a/gnu/packages/u-boot.scm b/gnu/packages/u-boot.scm
deleted file mode 100644
index 3468fe5a78..0000000000
--- a/gnu/packages/u-boot.scm
+++ /dev/null
@@ -1,137 +0,0 @@
-;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
-;;; Copyright © 2016 David Craven <david@craven.ch>
-;;;
-;;; This file is part of GNU Guix.
-;;;
-;;; GNU Guix is free software; you can redistribute it and/or modify it
-;;; under the terms of the GNU General Public License as published by
-;;; the Free Software Foundation; either version 3 of the License, or (at
-;;; your option) any later version.
-;;;
-;;; GNU Guix is distributed in the hope that it will be useful, but
-;;; WITHOUT ANY WARRANTY; without even the implied warranty of
-;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-;;; GNU General Public License for more details.
-;;;
-;;; You should have received a copy of the GNU General Public License
-;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
-
-(define-module (gnu packages u-boot)
-  #:use-module (guix build-system gnu)
-  #:use-module (guix download)
-  #:use-module (guix packages)
-  #:use-module ((guix licenses) #:prefix license:)
-  #:use-module (gnu packages)
-  #:use-module ((gnu packages algebra) #:select (bc))
-  #:use-module (gnu packages bison)
-  #:use-module (gnu packages cross-base)
-  #:use-module (gnu packages flex)
-  #:use-module (gnu packages python))
-
-(define-public dtc
-  (package
-    (name "dtc")
-    (version "1.4.2")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append
-                    "https://www.kernel.org/pub/software/utils/dtc/"
-                    "dtc-" version ".tar.xz"))
-              (sha256
-               (base32
-                "1b7si8niyca4wxbfah3qw4p4wli81mc1qwfhaswvrfqahklnwi8k"))))
-    (build-system gnu-build-system)
-    (native-inputs
-     `(("bison" ,bison)
-       ("flex" ,flex)))
-    (arguments
-     `(#:make-flags
-       (list "CC=gcc"
-             (string-append "PREFIX=" (assoc-ref %outputs "out"))
-             "INSTALL=install")
-       #:phases
-       (modify-phases %standard-phases
-         (delete 'configure))))
-    (home-page "https://www.devicetree.org")
-    (synopsis "Compiles device tree source files")
-    (description "@command{dtc} compiles
-@uref{http://elinux.org/Device_Tree_Usage, device tree source files} to device
-tree binary files.  These are board description files used by Linux and BSD.")
-    (license license:gpl2+)))
-
-(define u-boot
-  (package
-    (name "u-boot")
-    (version "2016.07")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append
-                    "ftp://ftp.denx.de/pub/u-boot/"
-                    "u-boot-" version ".tar.bz2"))
-              (sha256
-               (base32
-                "0lqj4ckmfqiap8mc6z2d5albs3g2h5mzccbn60hsgxhabhibfkwp"))))
-    (native-inputs
-     `(("bc" ,bc)
-       ("dtc" ,dtc)
-       ("python-2" ,python-2)))
-    (build-system  gnu-build-system)
-    (home-page "http://www.denx.de/wiki/U-Boot/")
-    (synopsis "ARM bootloader")
-    (description "U-Boot is a bootloader used mostly for ARM boards. It
-also initializes the boards (RAM etc).")
-    (license license:gpl2+)))
-
-(define (make-u-boot-package board triplet)
-  "Returns a u-boot package for BOARD cross-compiled for TRIPLET."
-  (package
-    (inherit u-boot)
-    (name (string-append "u-boot-" (string-downcase board)))
-    (native-inputs
-     `(("cross-gcc" ,(cross-gcc triplet))
-       ("cross-binutils" ,(cross-binutils triplet))
-       ,@(package-native-inputs u-boot)))
-    (arguments
-     `(#:test-target "test"
-       #:make-flags
-       (list "HOSTCC=gcc" (string-append "CROSS_COMPILE=" ,triplet "-"))
-       #:phases
-       (modify-phases %standard-phases
-         (replace 'configure
-           (lambda* (#:key outputs make-flags #:allow-other-keys)
-             (let ((config-name (string-append ,board "_defconfig")))
-               (if (file-exists? (string-append "configs/" config-name))
-                   (zero? (apply system* "make" `(,@make-flags ,config-name)))
-                   (begin
-                     (display "Invalid board name. Valid board names are:")
-                     (let ((dir (opendir "configs"))
-                           (suffix-length (string-length "_defconfig")))
-                       (do ((file-name (readdir dir) (readdir dir)))
-                           ((eof-object? file-name))
-                         (when (string-suffix? "_defconfig" file-name)
-                           (format #t "- ~A\n"
-                                   (string-drop-right file-name suffix-length))))
-                       (closedir dir))
-                     #f)))))
-         (replace 'install
-           (lambda* (#:key outputs make-flags #:allow-other-keys)
-             (let* ((out (assoc-ref outputs "out"))
-                    (libexec (string-append out "/libexec"))
-                    (uboot-files (find-files "." ".*\\.(bin|efi|spl)$")))
-               (mkdir-p libexec)
-               (for-each
-                (lambda (file)
-                  (let ((target-file (string-append libexec "/" file)))
-                    (mkdir-p (dirname target-file))
-                    (copy-file file target-file)))
-                uboot-files)))))))))
-
-(define-public u-boot-vexpress
-  (make-u-boot-package "vexpress_ca9x4" "arm-linux-gnueabihf"))
-
-(define-public u-boot-malta
-  (make-u-boot-package "malta" "mips64el-linux-gnuabi64"))
-
-(define-public u-boot-beagle-bone-black
-  (make-u-boot-package "am335x_boneblack" "arm-linux-gnueabihf"))
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 49f95ef9b8..1a9568645f 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -112,14 +112,14 @@ as well as the classic centralized workflow.")
 (define-public git
   (package
    (name "git")
-   (version "2.11.0")
+   (version "2.11.1")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://kernel.org/software/scm/git/git-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "02zx368id8rys0bh2sjrxz0ln2l2wm5nf1vhp1rj72clsilqszky"))))
+              "05b4jw86w77c3pyh3nm6aw31vhxwzvhnx2x0bcfqmm15wg57k9y0"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("native-perl" ,perl)
@@ -132,7 +132,7 @@ as well as the classic centralized workflow.")
                 version ".tar.xz"))
           (sha256
            (base32
-            "1n18jnpi0z3skwc1ckrm7zdld6i3zvn0g95cg9r9pdn0564fglxk"))))))
+            "0cfa3c2r7d86ksswxdl0jqdka9mai3446gg8380921gf779nwj39"))))))
    (inputs
     `(("curl" ,curl)
       ("expat" ,expat)
@@ -275,16 +275,7 @@ as well as the classic centralized workflow.")
               (wrap-program git-sm
                 `("PATH" ":" prefix
                   (,(string-append (assoc-ref inputs "perl")
-                                   "/bin"))))
-
-              ;; Tell 'git' to look for core programs in the user's profile.
-              ;; This allows user to install other outputs of this package and
-              ;; have them transparently taken into account.  There's a
-              ;; 'GIT_EXEC_PATH' environment variable, but it's supposed to
-              ;; specify a single directory, not a search path.
-              (wrap-program (string-append out "/bin/git")
-                `("PATH" ":" prefix
-                  ("$HOME/.guix-profile/libexec/git-core"))))))
+                                   "/bin")))))))
         (add-after 'split 'install-man-pages
           (lambda* (#:key inputs outputs #:allow-other-keys)
             (let* ((out (assoc-ref outputs "out"))
@@ -301,7 +292,10 @@ as well as the classic centralized workflow.")
            (variable "GIT_SSL_CAINFO")
            (file-type 'regular)
            (separator #f)                         ;single entry
-           (files '("etc/ssl/certs/ca-certificates.crt")))))
+           (files '("etc/ssl/certs/ca-certificates.crt")))
+          (search-path-specification
+           (variable "GIT_EXEC_PATH")
+           (files '("libexec/git-core")))))
 
    (synopsis "Distributed version control system")
    (description
@@ -367,6 +361,47 @@ write native speed custom Git applications in any language with bindings.")
     ;; GPLv2 with linking exception
     (license license:gpl2)))
 
+(define-public git-crypt
+  (package
+    (name "git-crypt")
+    (version "0.5.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/AGWA/git-crypt"
+                                  "/archive/" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0454fdmgm5f3razkn8n03lfqm5zyzvr4r2528zmlxiwba9518l2i"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("git" ,git)
+       ("openssl" ,openssl)))
+    (arguments
+     `(#:tests? #f ; No tests.
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (replace 'build
+           (lambda _
+             (zero? (system* "make"))))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (zero? (system* "make" "install"
+                               (string-append "PREFIX=" out)))))))))
+    (home-page "https://www.agwa.name/projects/git-crypt")
+    (synopsis "Transparent encryption of files in a git repository")
+    (description "git-crypt enables transparent encryption and decryption of
+files in a git repository. Files which you choose to protect are encrypted when
+committed, and decrypted when checked out. git-crypt lets you freely share a
+repository containing a mix of public and private content. git-crypt gracefully
+degrades, so developers without the secret key can still clone and commit to a
+repository with encrypted files. This lets you store your secret material (such
+as keys or passwords) in the same repository as your code, without requiring you
+to lock down your entire repository.")
+    (license license:gpl3+)))
+
 (define-public cgit
   (package
     (name "cgit")
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index ccc5760632..3acd2bf91a 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -11,7 +11,7 @@
 ;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
 ;;; Copyright © 2016 Dmitry Nikolaev <cameltheman@gmail.com>
 ;;; Copyright © 2016 Andy Patterson <ajpatter@uwaterloo.ca>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;;
@@ -57,6 +57,7 @@
   #:use-module (gnu packages compression)
   #:use-module (gnu packages curl)
   #:use-module (gnu packages databases)
+  #:use-module (gnu packages dejagnu)
   #:use-module (gnu packages elf)
   #:use-module (gnu packages flex)
   #:use-module (gnu packages fontutils)
@@ -75,6 +76,7 @@
   #:use-module (gnu packages linux)
   #:use-module (gnu packages lua)
   #:use-module (gnu packages m4)
+  #:use-module (gnu packages man)
   #:use-module (gnu packages mp3)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages ocr)
@@ -442,14 +444,14 @@ standards (MPEG-2, MPEG-4 ASP/H.263, MPEG-4 AVC/H.264, and VC-1/VMW3).")
 (define-public ffmpeg
   (package
     (name "ffmpeg")
-    (version "3.2.2")
+    (version "3.2.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://ffmpeg.org/releases/ffmpeg-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1z7d5y5crhsl5fm74236rdwbkd4jj5frx1l4iizjfym1w4gvs09z"))))
+               "1ifwjh68zw0mwq9swmfjqk2ck84gysi0w8hrkw2yddqhr8m51kjl"))))
     (build-system gnu-build-system)
     (inputs
      `(("fontconfig" ,fontconfig)
@@ -891,7 +893,9 @@ SVCD, DVD, 3ivx, DivX 3/4/5, WMV and H.264 movies.")
           (lambda* (#:key inputs #:allow-other-keys)
             (copy-file (assoc-ref inputs "waf") "waf")
             (setenv "CC" "gcc"))))
-       #:configure-flags (list "--enable-libmpv-shared" "--enable-zsh-comp")
+       #:configure-flags (list "--enable-libmpv-shared"
+                               "--enable-zsh-comp"
+                               "--disable-build-date")
        ;; No check function defined.
        #:tests? #f))
     (home-page "https://mpv.io/")
@@ -932,7 +936,7 @@ access to mpv's powerful playback capabilities.")
 (define-public libvpx
   (package
     (name "libvpx")
-    (version "1.6.0")
+    (version "1.6.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://storage.googleapis.com/"
@@ -940,7 +944,7 @@ access to mpv's powerful playback capabilities.")
                                   name "-" version ".tar.bz2"))
               (sha256
                (base32
-                "1basd6dda5di9p7jhc0f4f52wzm9c3hsravqspw6ibpcn5gbpbyh"))
+                "06d8hqjkfs6wl45qf4pwh1kpbvkx6cwywd5y8d4lgagvjwm0qb0w"))
               (patches (search-patches "libvpx-CVE-2016-2818.patch"))))
     (build-system gnu-build-system)
     (arguments
@@ -970,7 +974,7 @@ access to mpv's powerful playback capabilities.")
 (define-public youtube-dl
   (package
     (name "youtube-dl")
-    (version "2017.01.29")
+    (version "2017.02.07")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://yt-dl.org/downloads/"
@@ -978,7 +982,7 @@ access to mpv's powerful playback capabilities.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0visxc4rb6kw4hjcgcv5llis08z0syhian1m5hr1fdbz4w73hx9l"))))
+                "1grq3aqa1zc0xdq1y6vqnk0y0vcd1j2jjn85696hw98mi0w1am73"))))
     (build-system python-build-system)
     (arguments
      ;; The problem here is that the directory for the man page and completion
@@ -1862,3 +1866,62 @@ of modern, widely supported codecs.")
     (description
      "Openh264 is a library which can decode H264 video streams.")
     (license license:bsd-2)))
+
+(define-public libmp4v2
+  (package
+    (name "libmp4v2")
+    (version "2.0.0")
+    (source
+     (origin
+       (method url-fetch)
+       ;; XXX: The new location of upstream is uncertain and will become relevant the
+       ;; moment when the googlecode archive shuts down. It is past the date it
+       ;; should've been turned off. I tried to communicate with upstream, but this
+       ;; wasn't very responsive and not very helpful. The short summary is, it is
+       ;; chaos when it comes to the amount of forks and only time will tell where
+       ;; the new upstream location is.
+       (uri (string-append "https://storage.googleapis.com/google-"
+                           "code-archive-downloads/v2/"
+                           "code.google.com/mp4v2/mp4v2-" version ".tar.bz2"))
+       (file-name (string-append name "-" version ".tar.bz2"))
+       (sha256
+        (base32
+         "0f438bimimsvxjbdp4vsr8hjw2nwggmhaxgcw07g2z361fkbj683"))))
+    (build-system gnu-build-system)
+    (outputs '("out"
+               "static")) ; 3.7MiB .a file
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'remove-dates
+           (lambda _
+             ;; Make the build reproducible.
+             (substitute* "configure"
+               (("PROJECT_build=\"`date`\"") "PROJECT_build=\"\"")
+               (("ac_abs_top_builddir=$ac_pwd") "ac_abs_top_builddir=\"\""))
+             #t))
+         (add-after 'install 'move-static-libraries
+           (lambda* (#:key outputs #:allow-other-keys)
+             ;; Move static libraries to the "static" output.
+             (let* ((out    (assoc-ref outputs "out"))
+                    (lib    (string-append out "/lib"))
+                    (static (assoc-ref outputs "static"))
+                    (slib   (string-append static "/lib")))
+               (mkdir-p slib)
+               (for-each (lambda (file)
+                           (install-file file slib)
+                           (delete-file file))
+                         (find-files lib "\\.a$"))
+               #t))))))
+    (native-inputs
+     `(("help2man" ,help2man)
+       ("dejagnu" ,dejagnu)))
+    (home-page "https://code.google.com/archive/p/mp4v2/")
+    (synopsis "API to create and modify mp4 files")
+    (description
+     "The MP4v2 library provides an API to create and modify mp4 files as defined by
+ISO-IEC:14496-1:2001 MPEG-4 Systems.  This file format is derived from Apple's QuickTime
+file format that has been used as a multimedia file format in a variety of platforms and
+applications.  It is a very powerful and extensible format that can accommodate
+practically any type of media.")
+    (license license:mpl1.1)))
diff --git a/gnu/packages/vim.scm b/gnu/packages/vim.scm
index 1b8b962d7c..f042aba931 100644
--- a/gnu/packages/vim.scm
+++ b/gnu/packages/vim.scm
@@ -57,7 +57,7 @@
 (define-public vim
   (package
     (name "vim")
-    (version "8.0.0257")
+    (version "8.0.0300")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://github.com/vim/vim/archive/v"
@@ -65,7 +65,7 @@
              (file-name (string-append name "-" version ".tar.gz"))
              (sha256
               (base32
-               "05vz59iw77lmhnywfv9ihd0d895axqf2y81ddpjkn1qdspvw8ijj"))))
+               "04samk2bakyixbxyc3p0g6ypls45105sikibg0wc6lmak9bqjs85"))))
     (build-system gnu-build-system)
     (arguments
      `(#:test-target "test"
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 8cc80a2c45..4d138b79fc 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -13,7 +13,7 @@
 ;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
 ;;; Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
 ;;; Copyright © 2016 Clément Lassieur <clement@lassieur.org>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2016 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 Bake Timmons <b3timmons@speedymail.org>
@@ -4018,3 +4018,51 @@ service for that request.  Requests are made using port numbers as identifiers
 and xinetd usually launches another daemon to handle the request.  It can be
 used to start services with both privileged and non-privileged port numbers.")
     (license (l:fsf-free "file://COPYRIGHT"))))
+
+(define-public tidy-html
+  (package
+    (name "tidy-html")
+    (version "5.2.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/htacg/tidy-html5/archive/"
+                           version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0kbwzh15dlapp3s3vff2qgz0yfcf8hwsnx5q4igwa6pimhak8lw0"))))
+    (build-system cmake-build-system)
+    (outputs '("out"
+               "static")) ; 1.0MiB of .a files
+    (arguments
+     `(#:tests? #f ; No tests available
+       #:configure-flags (list "-DCMAKE_BUILD_TYPE=Release")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'move-static-libraries
+           (lambda* (#:key outputs #:allow-other-keys)
+             ;; Move static libraries to the "static" output.
+             (let* ((out    (assoc-ref outputs "out"))
+                    (lib    (string-append out "/lib"))
+                    (static (assoc-ref outputs "static"))
+                    (slib   (string-append static "/lib")))
+               (mkdir-p slib)
+               (for-each (lambda (file)
+                           (install-file file slib)
+                           (delete-file file))
+                         (find-files lib "\\.a$"))
+               #t))))))
+    (native-inputs
+     `(("libxslt" ,libxslt)))
+    (home-page "http://www.html-tidy.org/")
+    (synopsis "HTML Tidy with HTML5 support")
+    (description
+     "Tidy is a console application which corrects and cleans up
+HTML and XML documents by fixing markup errors and upgrading
+legacy code to modern standards.
+
+Tidy also provides @code{libtidy}, a C static and dynamic library that
+developers can integrate into their applications to make use of the
+functions of Tidy.")
+    (license l:bsd-3)))
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index 4742322360..30dde65631 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -53,14 +53,14 @@
 (define-public webkitgtk
   (package
     (name "webkitgtk")
-    (version "2.14.3")
+    (version "2.14.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.webkitgtk.org/releases/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0v0hkvggxi38cdb3v672qwr0m0y3x2rmnwh8j3q28869li8d9shb"))))
+                "1b73rcyfqjyg5rqw6f4760b2h1kixwva88clp2wl9vnl3psjvbni"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f ; no tests
diff --git a/gnu/packages/wget.scm b/gnu/packages/wget.scm
index 72aab86c14..a1612f5f7d 100644
--- a/gnu/packages/wget.scm
+++ b/gnu/packages/wget.scm
@@ -33,7 +33,7 @@
 (define-public wget
   (package
     (name "wget")
-    (version "1.18")
+    (version "1.19")
     (source
      (origin
       (method url-fetch)
@@ -41,11 +41,11 @@
                           version ".tar.xz"))
       (sha256
        (base32
-        "1hcwx8ww3sxzdskkx3l7q70a7wd6569yrnjkw9pw013cf9smpddm"))))
+        "1133c14g19ysv74j7am66jwgwrr0rdn0rdyxw7rikbnsyjxmf48g"))))
     (build-system gnu-build-system)
     (inputs
      `(("gnutls" ,gnutls)
-       ("libidn" ,libidn)
+       ("libidn2" ,libidn2)
        ("libpsl" ,libpsl)))
     (native-inputs
      `(("pkg-config" ,pkg-config)
@@ -53,7 +53,7 @@
        ("python" ,python)               ;for testenv suite
        ("perl-http-daemon" ,perl-http-daemon)
        ("perl-io-socket-ssl" ,perl-io-socket-ssl)))
-    (home-page "http://www.gnu.org/software/wget/")
+    (home-page "https://www.gnu.org/software/wget/")
     (synopsis "Non-interactive command-line utility for downloading files")
     (description
      "GNU Wget is a non-interactive tool for fetching files using the HTTP,
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index ee83934ca0..510684a6c4 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -844,7 +844,6 @@ the X.Org X Server version 1.7 and later (X11R7.5 or later).")
        ("libx11" ,libx11)
        ("libxcb" ,libxcb)
        ("libxxf86vm" ,libxxf86vm)
-       ("libjpeg" ,libjpeg)
        ("glib" ,glib)))                           ;for Geoclue2 support
     (home-page "https://github.com/jonls/redshift")
     (synopsis "Adjust the color temperature of your screen")
@@ -920,7 +919,7 @@ demos.  It also acts as a nice screen locker.")
     (license (license:non-copyleft
               (string-append
                "http://metadata.ftp-master.debian.org/changelogs/"
-               "/main/x/xscreensaver/xscreensaver_5.34-2_copyright")))))
+               "/main/x/xscreensaver/xscreensaver_5.36-1_copyright")))))
 
 (define-public xdpyprobe
   (package
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index f9719c77fb..d3733f8973 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -2386,7 +2386,7 @@ including most mice, keyboards, tablets and touchscreens.")
 (define-public xf86-input-libinput
   (package
     (name "xf86-input-libinput")
-    (version "0.23.0")
+    (version "0.24.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2394,7 +2394,7 @@ including most mice, keyboards, tablets and touchscreens.")
                     name "-" version ".tar.bz2"))
               (sha256
                (base32
-                "1p596v3kbmjpdz3kz8z19bnd79l860f1pbwjvma7bz7qx3gynlqb"))))
+                "0a1nn65qq71bbfhxq39zdb4b1h6ickzv98cjdacv4ngd18shgjyx"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags
@@ -2805,10 +2805,10 @@ X server.")
 
 
 (define-public xf86-video-intel
-  (let ((commit "9fe04af4bce3057e3e94a6bf36a3d8d2e48d592c"))
+  (let ((commit "e4fe79cf0d9a05ee3f3a027148ef0aeb2b1b34e1"))
     (package
       (name "xf86-video-intel")
-      (version (string-append "2.99.917-2-" (string-take commit 7)))
+      (version (string-append "2.99.917-3-" (string-take commit 7)))
       (source
        (origin
          ;; there's no current tarball
@@ -2818,7 +2818,7 @@ X server.")
                (commit commit)))
          (sha256
           (base32
-           "06nnm9kjvmwxazp2ki0i5x1xv03bysfgpw30nd2jlf71qllybxml"))
+           "0hf3fxv5jchyh820h449c1ld9x19gc8081w1yk98mab6zr89zswp"))
          (file-name (string-append name "-" version))))
       (build-system gnu-build-system)
       (inputs `(("mesa" ,mesa)
diff --git a/gnu/services.scm b/gnu/services.scm
index e645889d30..6ac4f1322d 100644
--- a/gnu/services.scm
+++ b/gnu/services.scm
@@ -72,6 +72,8 @@
             activation-service-type
             activation-service->script
             %linux-bare-metal-service
+            special-files-service-type
+            extra-special-file
             etc-service-type
             etc-directory
             setuid-program-service-type
@@ -336,10 +338,6 @@ ACTIVATION-SCRIPT-TYPE."
                   #~(begin
                       (use-modules (gnu build activation))
 
-                      ;; Make sure /bin/sh is valid and current.
-                      (activate-/bin/sh
-                       (string-append #$(canonical-package bash) "/bin/sh"))
-
                       ;; Make sure the user accounting database exists.  If it
                       ;; does not exist, 'setutxent' does not create it and
                       ;; thus there is no accounting at all.
@@ -413,6 +411,25 @@ ACTIVATION-SCRIPT-TYPE."
   ;; necessary or impossible in a container.
   (service linux-bare-metal-service-type #f))
 
+(define special-files-service-type
+  ;; Service to install "special files" such as /bin/sh and /usr/bin/env.
+  (service-type
+   (name 'special-files)
+   (extensions
+    (list (service-extension activation-service-type
+                             (lambda (files)
+                               #~(activate-special-files '#$files)))))
+   (compose concatenate)
+   (extend append)))
+
+(define (extra-special-file file target)
+  "Use TARGET as the \"special file\" FILE.  For example, TARGET might be
+  (file-append coreutils \"/bin/env\")
+and FILE could be \"/usr/bin/env\"."
+  (simple-service (string->symbol (string-append "special-file-" file))
+                  special-files-service-type
+                  `((,file ,target))))
+
 (define (etc-directory service)
   "Return the directory for SERVICE, a service of type ETC-SERVICE-TYPE."
   (files->etc-directory (service-parameters service)))
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index d9f3a1445e..57601eab85 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -36,6 +36,7 @@
                 #:select (alsa-utils crda eudev e2fsprogs fuse gpm kbd lvm2 rng-tools))
   #:use-module ((gnu packages base)
                 #:select (canonical-package glibc))
+  #:use-module (gnu packages bash)
   #:use-module (gnu packages package-management)
   #:use-module (gnu packages lsof)
   #:use-module (gnu packages terminals)
@@ -1558,6 +1559,10 @@ This service is not part of @var{%base-services}."
         ;; The LVM2 rules are needed as soon as LVM2 or the device-mapper is
         ;; used, so enable them by default.  The FUSE and ALSA rules are
         ;; less critical, but handy.
-        (udev-service #:rules (list lvm2 fuse alsa-utils crda))))
+        (udev-service #:rules (list lvm2 fuse alsa-utils crda))
+
+        (service special-files-service-type
+                 `(("/bin/sh" ,(file-append (canonical-package bash)
+                                            "/bin/sh"))))))
 
 ;;; base.scm ends here
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 766d979f3e..b63888cadb 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -36,6 +36,7 @@
   #:use-module (gnu packages gnome)
   #:use-module (guix gexp)
   #:use-module (guix records)
+  #:use-module (guix modules)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-9)
   #:use-module (srfi srfi-26)
@@ -624,13 +625,29 @@ project's documentation} for more information."
   DaemonPort = " (number->string port) "
 " extra-settings))))
 
-       (list (shepherd-service
-              (provision '(bitlbee))
-              (requirement '(user-processes loopback))
-              (start #~(make-forkexec-constructor
-                        (list (string-append #$bitlbee "/sbin/bitlbee")
-                              "-n" "-F" "-u" "bitlbee" "-c" #$conf)))
-              (stop  #~(make-kill-destructor))))))))
+       (with-imported-modules (source-module-closure
+                               '((gnu build shepherd)
+                                 (gnu system file-systems)))
+         (list (shepherd-service
+                (provision '(bitlbee))
+
+                ;; Note: If networking is not up, then /etc/resolv.conf
+                ;; doesn't get mapped in the container, hence the dependency
+                ;; on 'networking'.
+                (requirement '(user-processes networking))
+
+                (modules '((gnu build shepherd)
+                           (gnu system file-systems)))
+                (start #~(make-forkexec-constructor/container
+                          (list #$(file-append bitlbee "/sbin/bitlbee")
+                                "-n" "-F" "-u" "bitlbee" "-c" #$conf)
+
+                          #:pid-file "/var/run/bitlbee.pid"
+                          #:mappings (list (file-system-mapping
+                                            (source "/var/lib/bitlbee")
+                                            (target source)
+                                            (writable? #t)))))
+                (stop  #~(make-kill-destructor)))))))))
 
 (define %bitlbee-accounts
   ;; User group and account to run BitlBee.
diff --git a/gnu/services/shepherd.scm b/gnu/services/shepherd.scm
index d8d5006abf..5831220541 100644
--- a/gnu/services/shepherd.scm
+++ b/gnu/services/shepherd.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -195,6 +196,7 @@ stored."
     (string-append "shepherd-"
                    (string-map (match-lambda
                                  (#\/ #\-)
+                                 (#\  #\-)
                                  (chr chr))
                                provisions)
                    ".scm")))
diff --git a/gnu/system/file-systems.scm b/gnu/system/file-systems.scm
index fa56853fd1..7011a279d3 100644
--- a/gnu/system/file-systems.scm
+++ b/gnu/system/file-systems.scm
@@ -18,8 +18,8 @@
 
 (define-module (gnu system file-systems)
   #:use-module (ice-9 match)
+  #:use-module (srfi srfi-1)
   #:use-module (guix records)
-  #:use-module (guix store)
   #:use-module ((gnu build file-systems)
                 #:select (string->uuid uuid->string))
   #:re-export (string->uuid
@@ -63,7 +63,11 @@
             file-system-mapping-target
             file-system-mapping-writable?
 
-            %store-mapping))
+            file-system-mapping->bind-mount
+
+            %store-mapping
+            %network-configuration-files
+            %network-file-mappings))
 
 ;;; Commentary:
 ;;;
@@ -95,6 +99,20 @@
   (dependencies     file-system-dependencies      ; list of <file-system>
                     (default '())))               ; or <mapped-device>
 
+;; Note: This module is used both on the build side and on the host side.
+;; Arrange not to pull (guix store) and (guix config) because the latter
+;; differs from user to user.
+(define (%store-prefix)
+  "Return the store prefix."
+  (cond ((resolve-module '(guix store) #:ensure #f)
+         =>
+         (lambda (store)
+           ((module-ref store '%store-prefix))))
+        ((getenv "NIX_STORE")
+         => identity)
+        (else
+         "/gnu/store")))
+
 (define %not-slash
   (char-set-complement (char-set #\/)))
 
@@ -352,6 +370,21 @@ TARGET in the other system."
   (writable? file-system-mapping-writable?        ;Boolean
              (default #f)))
 
+(define (file-system-mapping->bind-mount mapping)
+  "Return a file system that realizes MAPPING, a <file-system-mapping>, using
+a bind mount."
+  (match mapping
+    (($ <file-system-mapping> source target writable?)
+     (file-system
+       (mount-point target)
+       (device source)
+       (type "none")
+       (flags (if writable?
+                  '(bind-mount)
+                  '(bind-mount read-only)))
+       (check? #f)
+       (create-mount-point? #t)))))
+
 (define %store-mapping
   ;; Mapping of the host's store into the guest.
   (file-system-mapping
@@ -359,4 +392,23 @@ TARGET in the other system."
    (target (%store-prefix))
    (writable? #f)))
 
+(define %network-configuration-files
+  ;; List of essential network configuration files.
+  '("/etc/resolv.conf"
+    "/etc/nsswitch.conf"
+    "/etc/services"
+    "/etc/hosts"))
+
+(define %network-file-mappings
+  ;; List of file mappings for essential network files.
+  (filter-map (lambda (file)
+                (file-system-mapping
+                 (source file)
+                 (target file)
+                 ;; XXX: On some GNU/Linux systems, /etc/resolv.conf is a
+                 ;; symlink to a file in a tmpfs which, for an unknown reason,
+                 ;; cannot be bind mounted read-only within the container.
+                 (writable? (string=? file "/etc/resolv.conf"))))
+              %network-configuration-files))
+
 ;;; file-systems.scm ends here
diff --git a/gnu/system/grub.scm b/gnu/system/grub.scm
index 7df7d4615a..b18b8be6d7 100644
--- a/gnu/system/grub.scm
+++ b/gnu/system/grub.scm
@@ -27,7 +27,7 @@
   #:use-module (guix download)
   #:use-module (gnu artwork)
   #:use-module (gnu system file-systems)
-  #:autoload   (gnu packages grub) (grub)
+  #:autoload   (gnu packages bootloaders) (grub)
   #:autoload   (gnu packages compression) (gzip)
   #:autoload   (gnu packages gtk) (guile-cairo guile-rsvg)
   #:use-module (ice-9 match)
@@ -108,7 +108,7 @@ denoting a file name."
   grub-configuration make-grub-configuration
   grub-configuration?
   (grub            grub-configuration-grub           ; package
-                   (default (@ (gnu packages grub) grub)))
+                   (default (@ (gnu packages bootloaders) grub)))
   (device          grub-configuration-device)        ; string
   (menu-entries    grub-configuration-menu-entries   ; list
                    (default '()))
diff --git a/gnu/system/install.scm b/gnu/system/install.scm
index ad234fd9c1..3ec343570a 100644
--- a/gnu/system/install.scm
+++ b/gnu/system/install.scm
@@ -28,11 +28,11 @@
   #:use-module (gnu services shepherd)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages bash)
+  #:use-module (gnu packages bootloaders)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages cryptsetup)
   #:use-module (gnu packages package-management)
   #:use-module (gnu packages disk)
-  #:use-module (gnu packages grub)
   #:use-module (gnu packages texinfo)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages nvi)
@@ -388,7 +388,7 @@ Use Alt-F2 for documentation.
      (base-pam-services #:allow-empty-passwords? #t))
 
     (packages (cons* (canonical-package glibc) ;for 'tzselect' & co.
-                     parted ddrescue
+                     parted gptfdisk ddrescue
                      grub                  ;mostly so xrefs to its manual work
                      cryptsetup
                      mdadm
diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.scm
index 24e61c3ead..bceea41332 100644
--- a/gnu/system/linux-container.scm
+++ b/gnu/system/linux-container.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
-;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -30,25 +30,10 @@
   #:use-module (gnu services)
   #:use-module (gnu system)
   #:use-module (gnu system file-systems)
-  #:export (mapping->file-system
-            system-container
+  #:export (system-container
             containerized-operating-system
             container-script))
 
-(define (mapping->file-system mapping)
-  "Return a file system that realizes MAPPING."
-  (match mapping
-    (($ <file-system-mapping> source target writable?)
-     (file-system
-       (mount-point target)
-       (device source)
-       (type "none")
-       (flags (if writable?
-                  '(bind-mount)
-                  '(bind-mount read-only)))
-       (check? #f)
-       (create-mount-point? #t)))))
-
 (define (containerized-operating-system os mappings)
   "Return an operating system based on OS for use in a Linux container
 environment.  MAPPINGS is a list of <file-system-mapping> to realize in the
@@ -66,7 +51,7 @@ containerized OS."
             (operating-system-file-systems os)))
 
   (define (mapping->fs fs)
-    (file-system (inherit (mapping->file-system fs))
+    (file-system (inherit (file-system-mapping->bind-mount fs))
       (needed-for-boot? #t)))
 
   (operating-system (inherit os)
diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm
index 1e680b85a2..8a35f7fbc5 100644
--- a/gnu/system/vm.scm
+++ b/gnu/system/vm.scm
@@ -31,6 +31,7 @@
   #:use-module ((gnu build vm)
                 #:select (qemu-command))
   #:use-module (gnu packages base)
+  #:use-module (gnu packages bootloaders)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages gawk)
   #:use-module (gnu packages bash)
@@ -38,7 +39,6 @@
   #:use-module (gnu packages qemu)
   #:use-module (gnu packages disk)
   #:use-module (gnu packages zile)
-  #:use-module (gnu packages grub)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages package-management)
   #:use-module ((gnu packages make-bootstrap)
diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm
index 756d3df800..000a4ddecb 100644
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@@ -77,6 +77,11 @@ When INITIALIZATION is true, it must be a one-argument procedure that is
 passed a gexp denoting the marionette, and it must return gexp that is
 inserted before the first test.  This is used to introduce an extra
 initialization step, such as entering a LUKS passphrase."
+  (define special-files
+    (service-parameters
+     (fold-services (operating-system-services os)
+                    #:target-type special-files-service-type)))
+
   (define test
     (with-imported-modules '((gnu build marionette)
                              (guix build syscalls))
@@ -120,6 +125,18 @@ grep --version
 info --version")
                                     marionette)))
 
+          (test-equal "special files"
+            '#$special-files
+            (marionette-eval
+             '(begin
+                (use-modules (ice-9 match))
+
+                (map (match-lambda
+                       ((file target)
+                        (list file (readlink file))))
+                     '#$special-files))
+             marionette))
+
           (test-assert "accounts"
             (let ((users (marionette-eval '(begin
                                              (use-modules (ice-9 match))
@@ -166,21 +183,41 @@ info --version")
                marionette)))
 
           (test-assert "skeletons in home directories"
-            (let ((homes
+            (let ((users+homes
                    '#$(filter-map (lambda (account)
                                     (and (user-account-create-home-directory?
                                           account)
                                          (not (user-account-system? account))
-                                         (user-account-home-directory account)))
+                                         (list (user-account-name account)
+                                               (user-account-home-directory
+                                                account))))
                                   (operating-system-user-accounts os))))
               (marionette-eval
                `(begin
-                  (use-modules (srfi srfi-1) (ice-9 ftw))
-                  (every (lambda (home)
-                           (null? (lset-difference string=?
-                                                   (scandir "/etc/skel/")
-                                                   (scandir home))))
-                         ',homes))
+                  (use-modules (srfi srfi-1) (ice-9 ftw)
+                               (ice-9 match))
+
+                  (every (match-lambda
+                           ((user home)
+                            ;; Make sure HOME has all the skeletons...
+                            (and (null? (lset-difference string=?
+                                                         (scandir "/etc/skel/")
+                                                         (scandir home)))
+
+                                 ;; ... and that everything is user-owned.
+                                 (let* ((pw  (getpwnam user))
+                                        (uid (passwd:uid pw))
+                                        (gid (passwd:gid pw))
+                                        (st  (lstat home)))
+                                   (define (user-owned? file)
+                                     (= uid (stat:uid (lstat file))))
+
+                                   (and (= uid (stat:uid st))
+                                        (eq? 'directory (stat:type st))
+                                        (every user-owned?
+                                               (find-files home
+                                                           #:directories? #t)))))))
+                         ',users+homes))
                marionette)))
 
           (test-equal "login on tty1"