summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-01-25 12:42:39 -0500
committerLeo Famulari <leo@famulari.name>2017-01-25 12:42:39 -0500
commitd123f2f991e0bf6f51e5f207d291fb4c1ceb1245 (patch)
tree8ca3cbeff8a08ab9e11a0324fd9ec0bae7614f4c /gnu
parenta282d7ff174ccc13b3645359449af6052451c2a1 (diff)
parent864042c5c5f845fd3c1ae37c64dc1a672fedef28 (diff)
downloadguix-d123f2f991e0bf6f51e5f207d291fb4c1ceb1245.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu')
-rw-r--r--gnu/local.mk5
-rw-r--r--gnu/packages/calendar.scm5
-rw-r--r--gnu/packages/code.scm32
-rw-r--r--gnu/packages/databases.scm32
-rw-r--r--gnu/packages/emacs.scm12
-rw-r--r--gnu/packages/finance.scm51
-rw-r--r--gnu/packages/gimp.scm2
-rw-r--r--gnu/packages/gnupg.scm14
-rw-r--r--gnu/packages/gnuzilla.scm38
-rw-r--r--gnu/packages/guile.scm7
-rw-r--r--gnu/packages/image.scm3
-rw-r--r--gnu/packages/java.scm8
-rw-r--r--gnu/packages/libupnp.scm6
-rw-r--r--gnu/packages/mail.scm27
-rw-r--r--gnu/packages/messaging.scm2
-rw-r--r--gnu/packages/node.scm2
-rw-r--r--gnu/packages/orpheus.scm2
-rw-r--r--gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch40
-rw-r--r--gnu/packages/patches/khal-disable-failing-tests.patch33
-rw-r--r--gnu/packages/patches/libupnp-CVE-2016-6255.patch50
-rw-r--r--gnu/packages/patches/libupnp-CVE-2016-8863.patch72
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch233
-rw-r--r--gnu/packages/python.scm75
-rw-r--r--gnu/packages/search.scm30
-rw-r--r--gnu/packages/shellutils.scm4
-rw-r--r--gnu/packages/sync.scm48
-rw-r--r--gnu/packages/terminals.scm68
-rw-r--r--gnu/packages/tor.scm6
-rw-r--r--gnu/packages/video.scm10
-rw-r--r--gnu/packages/web.scm27
-rw-r--r--gnu/packages/xdisorg.scm11
-rw-r--r--gnu/packages/xiph.scm4
-rw-r--r--gnu/services.scm4
-rw-r--r--gnu/services/cups.scm2
-rw-r--r--gnu/services/mail.scm2
-rw-r--r--gnu/services/networking.scm2
-rw-r--r--gnu/services/spice.scm5
-rw-r--r--gnu/services/ssh.scm3
-rw-r--r--gnu/services/vpn.scm5
-rw-r--r--gnu/system/mapped-devices.scm2
-rw-r--r--gnu/tests/base.scm23
41 files changed, 670 insertions, 337 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 532ea51dd2..9d835a8250 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -595,7 +595,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/gmp-faulty-test.patch			\
   %D%/packages/patches/gnome-tweak-tool-search-paths.patch	\
   %D%/packages/patches/gnucash-price-quotes-perl.patch		\
-  %D%/packages/patches/gnupg-test-segfault-on-32bit-arch.patch	\
   %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
   %D%/packages/patches/gobject-introspection-cc.patch		\
   %D%/packages/patches/gobject-introspection-girepository.patch	\
@@ -647,7 +646,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/jbig2dec-ignore-testtest.patch		\
   %D%/packages/patches/jq-CVE-2015-8863.patch			\
   %D%/packages/patches/kdbusaddons-kinit-file-name.patch	\
-  %D%/packages/patches/khal-disable-failing-tests.patch		\
   %D%/packages/patches/khmer-use-libraries.patch                \
   %D%/packages/patches/kmod-module-directory.patch		\
   %D%/packages/patches/kobodeluxe-paths.patch			\
@@ -701,8 +699,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/libtiff-tiffcp-underflow.patch		\
   %D%/packages/patches/libtool-skip-tests2.patch		\
   %D%/packages/patches/libunwind-CVE-2015-3239.patch		\
-  %D%/packages/patches/libupnp-CVE-2016-6255.patch		\
-  %D%/packages/patches/libupnp-CVE-2016-8863.patch		\
   %D%/packages/patches/libvpx-CVE-2016-2818.patch		\
   %D%/packages/patches/libwebp-CVE-2016-9085.patch		\
   %D%/packages/patches/libwmf-CAN-2004-0941.patch		\
@@ -782,6 +778,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/openjpeg-CVE-2016-5157.patch		\
   %D%/packages/patches/openjpeg-CVE-2016-7163.patch		\
   %D%/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch		\
+  %D%/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch		\
   %D%/packages/patches/openjpeg-use-after-free-fix.patch	\
   %D%/packages/patches/openocd-nrf52.patch			\
   %D%/packages/patches/openssl-runpath.patch			\
diff --git a/gnu/packages/calendar.scm b/gnu/packages/calendar.scm
index 70bf8f9573..03898dd263 100644
--- a/gnu/packages/calendar.scm
+++ b/gnu/packages/calendar.scm
@@ -84,14 +84,13 @@ data units.")
 (define-public khal
   (package
     (name "khal")
-    (version "0.8.4")
+    (version "0.9.0")
     (source (origin
              (method url-fetch)
              (uri (pypi-uri "khal" version))
-             (patches (search-patches "khal-disable-failing-tests.patch"))
              (sha256
               (base32
-               "03vy4dp9n43w51mwqjjy08dr5nj7wxqnb085visz3j43vzm42p1f"))))
+               "138gxynw7zavwqqaw5nzmj8sbpkymmb95xzgxqbdi9fiiqm9kamr"))))
     (build-system python-build-system)
     (arguments
      `(#:phases (modify-phases %standard-phases
diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index f5aa7f4faf..f91fdab153 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -190,43 +191,30 @@ COCOMO model or user-provided parameters.")
 (define-public the-silver-searcher
   (package
     (name "the-silver-searcher")
-    (version "0.32.0")
+    (version "1.0.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                    "https://github.com/ggreer/the_silver_searcher/archive/"
+                    "http://geoff.greer.fm/ag/releases/the_silver_searcher-"
                     version ".tar.gz"))
               (sha256
                (base32
-                "1k543cjpignwvy8avhchz8pkqrqcgcryps36ycy8mz2w5rbhicn5"))
-              (file-name (string-append name "-" version ".tar.gz"))))
+                "0v54himv65w294l0k4lhdyc6kvpgijn8b9g5356479fzy7hphjkg"))))
     (build-system gnu-build-system)
     (native-inputs
-     `(("autoconf" ,autoconf)
-       ("automake" ,automake)
-       ("libtool" ,libtool)
-       ("pkg-config" ,pkg-config)))
+     `(("pkg-config" ,pkg-config)))
     (inputs
      `(("pcre" ,pcre)
        ("xz" ,xz)
        ("zlib" ,zlib)))
-    (arguments
-     `(#:phases
-       ;; There is no configure yet, so let's create it, but let configure and
-       ;; make do the work in later phases.
-       (alist-cons-before 'configure 'autoconf
-                          (lambda _
-                            (substitute* "build.sh"
-                              (("./configure") "true")
-                              (("make -j4") "true"))
-                            (zero? (system* "sh" "build.sh")))
-                          %standard-phases)))
     (home-page "http://geoff.greer.fm/ag/")
     (synopsis "Fast code searching tool")
     (description
-     "The silver searcher, or 'ag', is tool for quickly searching through
-files, but compared to grep is much faster and respects files like .gitignore,
-.hgignore, etc.")
+     "The Silver Searcher (@command{ag}) is a tool for quickly searching large
+numbers of files.  It's intended primarily for source code repositories, and
+respects files like @file{.gitignore} and @file{.hgignore}.  It's also an order
+of magnitude faster than its inspiration, @command{ack}, and less specialised
+tools such as @command{grep}.")
     (license license:asl2.0)))
 
 (define-public trio
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index c2efc072bf..2638b229df 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -14,6 +14,7 @@
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;; Copyright © 2016 Andy Patterson <ajpatter@uwaterloo.ca>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -425,6 +426,33 @@ TIMESTAMP.  It also supports storage of binary large objects, including
 pictures, sounds, or video.")
     (license (x11-style "file://COPYRIGHT"))))
 
+(define-public qdbm
+  (package
+    (name "qdbm")
+    (version "1.8.78")
+    (source
+      (origin
+       (method url-fetch)
+       (uri (string-append "http://fallabs.com/" name "/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0gmpvhn02pkq280ffmn4da1g4mdr1xxz7l80b7y4n7km1mrzwrml"))))
+    (build-system gnu-build-system)
+    (arguments
+     `( #:configure-flags (list (string-append "LDFLAGS=-Wl,-rpath="
+                                               (assoc-ref %outputs "out")
+                                               "/lib"))))
+    (home-page "http://fallabs.com/qdbm")
+    (synopsis "Key-value database")
+    (description "QDBM is a library of routines for managing a
+database.  The database is a simple data file containing key-value
+pairs.  Every key and value is serial bytes with variable length.
+Binary data as well as character strings can be used as a key or a
+value.  There is no concept of data tables or data types.  Records are
+organized in a hash table or B+ tree.")
+    (license license:lgpl2.1+)))
+
 (define-public recutils
   (package
     (name "recutils")
@@ -1050,7 +1078,7 @@ database and supports many programming languages.  It is a NoSQL database.")
 (define-public wiredtiger
   (package
     (name "wiredtiger")
-    (version "2.8.0")
+    (version "2.9.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1058,7 +1086,7 @@ database and supports many programming languages.  It is a NoSQL database.")
                     version ".tar.bz2"))
               (sha256
                (base32
-                "1qh7y5paisdxq19jgg81ld7i32lz920n5k30hdpxnr8ll9c4hgjr"))))
+                "0krwnb2zfbhvjaskwl875qzd3y626s84zcciq2mxr5c5riw3yh6s"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--enable-lz4" "--enable-zlib")
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index e44dae784d..d3e64c04f6 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -1130,7 +1130,7 @@ as a library for other Emacs packages.")
 (define-public emacs-auctex
   (package
     (name "emacs-auctex")
-    (version "11.88.6")
+    (version "11.90.0")
     (source
      (origin
        (method url-fetch)
@@ -1140,7 +1140,7 @@ as a library for other Emacs packages.")
              ".tar"))
        (sha256
         (base32
-         "1pmki8hdjjikxlvip3pzi350bln3gcimr27yjf0xfwjvnp5hh9nc"))))
+         "04nsndwcf0dimgc2p1yzzrymc36amzdnjg0158nxplmjkzdp28gy"))))
     (build-system emacs-build-system)
     ;; We use 'emacs' because AUCTeX requires dbus at compile time
     ;; ('emacs-minimal' does not provide dbus).
@@ -2807,14 +2807,14 @@ be removed from the front.  This type of data structure is sometimes called an
 (define-public emacs-spinner
   (package
     (name "emacs-spinner")
-    (version "1.7.1")
+    (version "1.7.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://elpa.gnu.org/packages/spinner-"
                                   version ".el"))
               (sha256
                (base32
-                "1fmwzdih0kbyvs8bn38mpm4sbs2mikqy2vdykfy9g20wpa8vb681"))))
+                "19kp1mmndbmw11sgvv2ggfjl4pyf5zrsbh3871f0965pw9z8vahd"))))
     (build-system emacs-build-system)
     (home-page "https://github.com/Malabarba/spinner.el")
     (synopsis "Emacs mode-line spinner for operations in progress")
@@ -2826,14 +2826,14 @@ ongoing operations.")
 (define-public emacs-seq
   (package
     (name "emacs-seq")
-    (version "2.15")
+    (version "2.19")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://elpa.gnu.org/packages/seq-"
                                   version ".tar"))
               (sha256
                (base32
-                "09wi1765bmn7i8fg6ajjfaxgs4ipc42d58zx2fdqpidrdg9c7q73"))))
+                "11hb7is6a4h1lscjcfrzh576j0g3m5yjydn16s6x5bxp5gsr6zha"))))
     (build-system emacs-build-system)
     (home-page "https://elpa.gnu.org/packages/seq.html")
     (synopsis "Sequence manipulation functions for Emacs")
diff --git a/gnu/packages/finance.scm b/gnu/packages/finance.scm
index 7924827822..ee90c38eb7 100644
--- a/gnu/packages/finance.scm
+++ b/gnu/packages/finance.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
+;;; Copyright © 2017 Carlo Zancanaro <carlo@zancanaro.id.au>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -26,6 +27,7 @@
  #:use-module (guix build utils)
  #:use-module (guix build-system gnu)
  #:use-module (guix build-system cmake)
+ #:use-module (guix build-system python)
  #:use-module (gnu packages base)
  #:use-module (gnu packages boost)
  #:use-module (gnu packages databases)
@@ -240,3 +242,52 @@ allow to do that off the ERiC library (which is proprietary however).
 It's not clear at the moment whether one day it will be possible to
 do so.")
     (license license:agpl3+)))
+
+(define-public electrum
+  (package
+    (name "electrum")
+    (version "2.7.12")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://download.electrum.org/"
+                           version "/Electrum-"
+                           version ".tar.gz"))
+       (sha256
+        (base32
+         "0vxdfl208if7mdsnva1jg37bnay2dsz3ww157aqwcv1j6512fi1n"))
+       (modules '((guix build utils)))
+       (snippet
+        '(begin
+           ;; Delete the bundled dependencies.
+           (delete-file-recursively "packages")
+           #t))))
+    (build-system python-build-system)
+    (inputs
+     `(("python-slowaes" ,python2-slowaes)
+       ("python-sip" ,python2-sip)
+       ("python-pyqt" ,python2-pyqt-4)
+       ("python-ecdsa" ,python2-ecdsa)
+       ("python-pbkdf2" ,python2-pbkdf2)
+       ("python-requests" ,python2-requests)
+       ("python-qrcode" ,python2-qrcode)
+       ("python-protobuf" ,python2-protobuf)
+       ("python-dnspython" ,python2-dnspython)
+       ("python-jsonrpclib" ,python2-jsonrpclib)))
+    (arguments
+     `(#:python ,python-2
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'patch-home
+           (lambda* (#:key outputs #:allow-other-keys)
+             (substitute* "setup.py"
+               (("~/.local/share")
+                (string-append (assoc-ref outputs "out") "/local/share"))))))))
+    (home-page "https://electrum.org/")
+    (synopsis "Bitcoin wallet")
+    (description
+     "Electrum is a lightweight Bitcoin client, based on a client-server
+protocol.  It supports Simple Payment Verification (SPV) and deterministic key
+generation from a seed.  Your secret keys are encrypted and are never sent to
+other machines/servers.  Electrum does not download the Bitcoin blockchain.")
+    (license license:expat)))
diff --git a/gnu/packages/gimp.scm b/gnu/packages/gimp.scm
index 904d7d9766..15eb5bc084 100644
--- a/gnu/packages/gimp.scm
+++ b/gnu/packages/gimp.scm
@@ -101,7 +101,7 @@ provided as well as the framework to add new color models and data types.")
             (("g_object_unref \\(buffer.\\);") ""))
 
           (substitute* "tests/compositions/Makefile"
-            (("/bin/sh") (which "bash"))))
+            (("/bin/sh") (which "sh"))))
         %standard-phases)))
     (inputs
      `(("babl" ,babl)
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index b0e0c261bc..cac6f02a30 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -217,18 +217,14 @@ compatible to GNU Pth.")
 (define-public gnupg
   (package
     (name "gnupg")
-    (version "2.1.17")
+    (version "2.1.18")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
                                   ".tar.bz2"))
               (sha256
                (base32
-                "1js308b46ifx1gim0c9nivr5yxhans7iq1yvkf7zl2928gdm9p65"))
-              (patches
-               ;; This fixes a test failure on 32bit. Remove for next version.
-               ;; https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00869.html
-               (search-patches "gnupg-test-segfault-on-32bit-arch.patch"))))
+                "157rrv3ly9j2k0acz43nhiba5hfl6h7048jvj55wwqjmgsmnyk6h"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -310,7 +306,7 @@ libskba (working with X.509 certificates and CMS data).")
         (add-before 'configure 'patch-config-files
           (lambda _
             (substitute* "tests/openpgp/Makefile.in"
-              (("/bin/sh") (which "bash")))
+              (("/bin/sh") (which "sh")))
             #t))
         (add-after 'install 'rename-v2-commands
           (lambda* (#:key outputs #:allow-other-keys)
@@ -349,7 +345,7 @@ libskba (working with X.509 certificates and CMS data).")
          (add-after 'unpack 'patch-check-sh
            (lambda _
              (substitute* "checks/Makefile.in"
-               (("/bin/sh") (which "bash"))))))))))
+               (("/bin/sh") (which "sh"))))))))))
 
 (define-public gpgme
   (package
@@ -573,7 +569,7 @@ PGP keysigning parties.")
               (substitute* "keyanalyze/Makefile"
                 (("./configure") (string-append "./configure --prefix=" out)))
               (substitute* "keyanalyze/pgpring/configure"
-                (("/bin/sh") (which "bash")))
+                (("/bin/sh") (which "sh")))
               (substitute* "gpgwrap/Makefile"
                 (("\\} clean")
                  (string-append "} clean\ninstall:\n\tinstall -D bin/gpgwrap "
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 678dc4e27f..7758f27f8b 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -342,28 +342,38 @@ standards.")
         (mozilla-patch "icecat-CVE-2016-9893-pt7.patch"  "9b78ab1e6d07" "19ib6bp96xk000ll40b8qxvizkncyzclz2rsb9w5fa42qs9978ff")
         (mozilla-patch "icecat-CVE-2016-9893-pt8.patch"  "78ebf9c9dfb0" "1shgr4rk6r2zxr1qqk1j3qnnqzqxnbi093qhlrfh8q5q1ivqf6k1")
         (mozilla-patch "icecat-CVE-2016-9893-pt9.patch"  "a46a9f16823c" "0dwkyz3kcqnfcbhbfh2lss7s0yh87rgzb871qxx3x4ynyqph9mnz")
-        (mozilla-patch "icecat-bug-1311687.patch"        "6bc7cc7a33a6" "1wggcqv84n8mp7xps7hy4rwy61fkh45imfqzc0b46s3w5hyhypn2")
+        (mozilla-patch "icecat-CVE-2017-5376.patch"      "6bc7cc7a33a6" "1wggcqv84n8mp7xps7hy4rwy61fkh45imfqzc0b46s3w5hyhypn2")
         (mozilla-patch "icecat-CVE-2016-9893-pt10.patch" "778f65148b40" "0j2a153sk0654vv2lnxjib4lwml3mlqn6vs46c2pp82iba8nyfrm")
         (mozilla-patch "icecat-CVE-2016-9895.patch"      "94bd2b43c766" "10h0qpr6m9cqyqxxnkbb6mzb3cagavzlynkxgd7a4izyq1bv28rk")
         (mozilla-patch "icecat-CVE-2016-9893-pt11.patch" "893de7431d51" "11gyik8mwipl6ipypkvdq519pw7ccbg0g0bnvxb7271n44cqqcq5")
-        (mozilla-patch "icecat-bug-1323338.patch"        "b21dee058b2c" "005khpimffqzas7slajid4dd2c15nyk7rjk6fsps87bgnx0gx0s4")
+        (mozilla-patch "icecat-CVE-2017-5383-pt1.patch"  "b21dee058b2c" "005khpimffqzas7slajid4dd2c15nyk7rjk6fsps87bgnx0gx0s4")
         (mozilla-patch "icecat-bug-1258410-pt1.patch"    "cd23c5d74be8" "1myzkpzg6pmjacjz8az06m9kz84in1mwsiaw5sgx47pm02598wm5")
         (mozilla-patch "icecat-bug-1258410-pt2.patch"    "b83594617d15" "171cqflc9jh47az96im1whwhyq4ayicspqsczsmn2x5ll9lqw5fq")
-        (mozilla-patch "icecat-bug-1322107.patch"        "d6c6f5e4e641" "10x9f46ylm2q3i669hj1csd6agdm8w7xa0iln691z8ayg2hcrxdz")
-        (mozilla-patch "icecat-bug-1285833.patch"        "122f5fbfc563" "05pp2f4pg4j8a8pdgjhfrc8g2chhkhsarn9n8sbyag0fy3ig1cvd")
-        (mozilla-patch "icecat-bug-1297361.patch"        "297c675ddadc" "1jc1b5i69vq1fvz3qfnnv52c9cj17bjbmfyzmqlw5ywna0wfvabz")
-        (mozilla-patch "icecat-bug-1325877.patch"        "3cff736e3bb6" "1nxqwnl9zksvkfkmis7zica4xrhwfndjyy2sxc1dvrh9rshk1swq")
-        (mozilla-patch "icecat-bug-1285960.patch"        "2732280adabc" "0zrpq3aybaw2yy38vs6883a4nw01x4kxn3lfqn9yhcgjvngmmyia")
-        (mozilla-patch "icecat-bug-1325938.patch"        "81c9fdbd96e8" "0scv1zyi4vbsjdsyj4w70n5jd50baq0dzw3qpxqf1n69nfb9k214")
-        (mozilla-patch "icecat-bug-1322420.patch"        "a386ca6a3013" "1m1scz2pxzmg9wya8is5dcr3mgvkx3g1xlykgigmw2mqs5zcdg9s")
-        (mozilla-patch "icecat-bug-1328834.patch"        "0521b0e4707c" "1mv057p4hcvapibpbd9apryag19aiqdzafc6df2angl97m4mcbjx")
+        (mozilla-patch "icecat-CVE-2017-5380.patch"      "d6c6f5e4e641" "10x9f46ylm2q3i669hj1csd6agdm8w7xa0iln691z8ayg2hcrxdz")
+        (mozilla-patch "icecat-CVE-2017-5373-pt1.patch"  "122f5fbfc563" "05pp2f4pg4j8a8pdgjhfrc8g2chhkhsarn9n8sbyag0fy3ig1cvd")
+        (mozilla-patch "icecat-CVE-2017-5390.patch"      "297c675ddadc" "1jc1b5i69vq1fvz3qfnnv52c9cj17bjbmfyzmqlw5ywna0wfvabz")
+        (mozilla-patch "icecat-CVE-2017-5373-pt2.patch"  "3cff736e3bb6" "1nxqwnl9zksvkfkmis7zica4xrhwfndjyy2sxc1dvrh9rshk1swq")
+        (mozilla-patch "icecat-CVE-2017-5373-pt3.patch"  "2732280adabc" "0zrpq3aybaw2yy38vs6883a4nw01x4kxn3lfqn9yhcgjvngmmyia")
+        (mozilla-patch "icecat-CVE-2017-5373-pt4.patch"  "81c9fdbd96e8" "0scv1zyi4vbsjdsyj4w70n5jd50baq0dzw3qpxqf1n69nfb9k214")
+        (mozilla-patch "icecat-CVE-2017-5373-pt5.patch"  "a386ca6a3013" "1m1scz2pxzmg9wya8is5dcr3mgvkx3g1xlykgigmw2mqs5zcdg9s")
+        (mozilla-patch "icecat-CVE-2017-5373-pt6.patch"  "0521b0e4707c" "1mv057p4hcvapibpbd9apryag19aiqdzafc6df2angl97m4mcbjx")
         (mozilla-patch "icecat-bug-1290037.patch"        "bf0dd9ae6807" "02iw5ngsvvij95arnn69a744d6si27g1x41ixg16l51dbn900b3r")
         (mozilla-patch "icecat-bug-1322666.patch"        "576f03e362c5" "0m88xs0jwhzx2lg12cvimxjknp7rpsvvhxxblhiqqjwnqip0pyc0")
         (mozilla-patch "icecat-bug-1304266.patch"        "4d82e7314a72" "1rrrw4rw0xv7c2myiypcqh1fk47rk3fvic79zh6m04bl3knclr1r")
-        (mozilla-patch "icecat-bug-1322315.patch"        "0617dd4b444d" "1ipags2cl2p521pm0qx110h5di2mgif6h1r3g8l9b0rc5m9b1y2j")
-        (mozilla-patch "icecat-bug-1325200.patch"        "ead08c2a6c57" "1nnnwdr7411xpz6n9j869g6sz447cq6xsmds9cw6d24iprcinp5m")
-        (mozilla-patch "icecat-bug-1312001.patch"        "c5e67d41bdd0" "05kwn5zv381lsiw9vbzm8fh6s1lddx47l8f4pwg487h9dj7vbdfq")
-        (mozilla-patch "icecat-bug-1331058.patch"        "2ce94f2ea797" "1yrnjqpafjns68z99s1m6jins3agid7c1z3v9qgk5xzfcddl31pn")))
+        (mozilla-patch "icecat-CVE-2017-5373-pt7.patch"  "0617dd4b444d" "1ipags2cl2p521pm0qx110h5di2mgif6h1r3g8l9b0rc5m9b1y2j")
+        (mozilla-patch "icecat-CVE-2017-5375.patch"      "ead08c2a6c57" "1nnnwdr7411xpz6n9j869g6sz447cq6xsmds9cw6d24iprcinp5m")
+        (mozilla-patch "icecat-CVE-2017-5378-pt1.patch"  "c5e67d41bdd0" "05kwn5zv381lsiw9vbzm8fh6s1lddx47l8f4pwg487h9dj7vbdfq")
+        (mozilla-patch "icecat-CVE-2017-5373-pt8.patch"  "2ce94f2ea797" "1yrnjqpafjns68z99s1m6jins3agid7c1z3v9qgk5xzfcddl31pn")
+        (mozilla-patch "icecat-CVE-2017-5373-pt9.patch"  "e4ac8a66d3db" "1ggbh6nk005plm7kvp7qznbnlpidqkipxc5hlaqbjc3m0z9mypzl")
+        (mozilla-patch "icecat-CVE-2017-5386.patch"      "8c171b75a0c6" "1cplkgwkhqvb62q7s8cya2drjdswnlicv5d9a60fxvnp6m7a3z02")
+        (mozilla-patch "icecat-CVE-2017-5383-pt2.patch"  "79a31d8153bf" "0dzwk2hc741c0jr8xya4y8q59lk8mcgnvfdrdk0vzq1gby16b9zi")
+        (mozilla-patch "icecat-CVE-2017-5378-pt2.patch"  "747085a1cd93" "0rpc8hl0jka4akdjnlwya4x9v4pqa1r5vc4pkmxsgvqpp2vkq4m2")
+        (mozilla-patch "icecat-bug-1331606.patch"        "f0329536734b" "1br5shyfwp009y623wgjq60vhcp5k5zpzkgy4r3s5yrm5xyfcprf")
+        (mozilla-patch "icecat-bug-1328642.patch"        "237c1ca6e035" "0808g5j17var6wv6ivj08i43fwkga9abmmgmz5w3hb8mhajkjw58")
+        (mozilla-patch "icecat-CVE-2017-5396.patch"      "910ad552cbf5" "1qss3gc6n4myzwvwanc09xvyiq3hwhixn2xvpbk9xkfz2apdlfa6")
+        (mozilla-patch "icecat-bug-1312827.patch"        "5c894801eb1e" "03xyjwx9rfx5w7q6wq9if83fcfgrlvvbyxpsawzxxgybnizyy7g8")
+        (mozilla-patch "icecat-bug-1191841.patch"        "83ee87b301bd" "1kd9z4py372a2f1jg7jwvwri43vipf0k7lcvsg7b0cqr5p70zwcg")
+        (mozilla-patch "icecat-bug-1234317.patch"        "eb6f18dbfe8d" "1dh3263fvg3dxav09g6fn41ax4q1jmwp5fk6pl6shn16mrfha1qq")))
       (modules '((guix build utils)))
       (snippet
        '(begin
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index 917f1357c7..393ee886db 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -925,14 +925,14 @@ Guile's foreign function interface.")
 (define-public haunt
   (package
     (name "haunt")
-    (version "0.2")
+    (version "0.2.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://files.dthompson.us/haunt/haunt-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1id83n8fs7jxys1d8jy70vylg8gzcvlw1y7hb41y3qxv5zi4671m"))))
+                "1fpaf1vm6s7j13fs35barjh5yajcc2rc3pi8r7278wpgp4i2vs3w"))))
     (build-system gnu-build-system)
     (arguments
      `(#:modules ((ice-9 match) (ice-9 ftw)
@@ -962,7 +962,8 @@ Guile's foreign function interface.")
     (inputs
      `(("guile" ,guile-2.0)))
     (propagated-inputs
-     `(("guile-reader" ,guile-reader)))
+     `(("guile-reader" ,guile-reader)
+       ("guile-commonmark" ,guile-commonmark)))
     (synopsis "Functional static site generator")
     (description "Haunt is a static site generator written in Guile
 Scheme.  Haunt features a functional build system and an extensible
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 637819947c..54b7dd6e22 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -498,7 +498,8 @@ error-resilience, a Java-viewer for j2k-images, ...")
          (base32
           "19yz4g0c45sm8y1z01j9djsrl1mkz3pmw7fykc6hkvrqymp7prsc"))
         (patches
-          (search-patches "openjpeg-CVE-2016-9850-CVE-2016-9851.patch"))))))
+          (search-patches "openjpeg-CVE-2016-9850-CVE-2016-9851.patch"
+                          "openjpeg-CVE-2016-9572-CVE-2016-9573.patch"))))))
 
 (define-public openjpeg-1
   (package (inherit openjpeg)
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index d7df4f6bad..5d53dffeec 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -337,7 +337,7 @@ build process and its dependencies, whereas Make uses Makefile format.")
 (define-public icedtea-6
   (package
     (name "icedtea")
-    (version "1.13.12")
+    (version "1.13.13")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -345,7 +345,7 @@ build process and its dependencies, whereas Make uses Makefile format.")
                     version ".tar.xz"))
               (sha256
                (base32
-                "1q5iqm3dzqj8w3dwj6qqhczkkrslrfhmn3110klfwq9kyi2nimj8"))
+                "0bg9sb4f7qbq77c0zf9m17p47ga0kf0r9622g9p12ysg26jd1ksg"))
               (modules '((guix build utils)))
               (snippet
                '(substitute* "Makefile.in"
@@ -764,10 +764,10 @@ build process and its dependencies, whereas Make uses Makefile format.")
        ("openjdk6-src"
         ,(origin
            (method url-fetch)
-           (uri "https://java.net/downloads/openjdk6/openjdk-6-src-b40-22_aug_2016.tar.gz")
+           (uri "https://java.net/downloads/openjdk6/openjdk-6-src-b41-04_jan_2017.tar.xz")
            (sha256
             (base32
-             "01v4q7g9pa6w7m6yxply5yrin08jgv12fck665xnmp09bpxy8sa5"))))
+             "058szix0j280g14jzajvsixx1j2dxmc10r848f5swpy6rr8x8d4f"))))
        ("lcms" ,lcms)
        ("zlib" ,zlib)
        ("gtk" ,gtk+-2)
diff --git a/gnu/packages/libupnp.scm b/gnu/packages/libupnp.scm
index ea4d1bd25e..330ae6deb6 100644
--- a/gnu/packages/libupnp.scm
+++ b/gnu/packages/libupnp.scm
@@ -26,17 +26,15 @@
 (define-public libupnp
   (package
     (name "libupnp")
-    (version "1.6.20")
+    (version "1.6.21")
     (source
      (origin
       (method url-fetch)
       (uri (string-append "mirror://sourceforge/pupnp/pupnp/libUPnP%20"
                           version "/" name "-" version ".tar.bz2"))
-      (patches (search-patches "libupnp-CVE-2016-6255.patch"
-                               "libupnp-CVE-2016-8863.patch"))
       (sha256
        (base32
-        "0qrsdsb1qm85hc4jy04qph895613d148f0x1mmk6z99y3q43fdgf"))))
+        "16x3z6jg1krwyydmbd0z59z5c9x4pniaajmfmnp5pmx18q43qgxg"))))
     (build-system gnu-build-system)
     (arguments
      ;; The tests require a network device capable of multicasting which is
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index dbbe629bca..2318ae9b64 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -90,7 +90,7 @@
                 #:select (gpl2 gpl2+ gpl3 gpl3+ lgpl2.1 lgpl2.1+ lgpl3+
                            non-copyleft (expat . license:expat) bsd-3
                            public-domain bsd-4 isc (openssl . license:openssl)
-                           bsd-2))
+                           bsd-2 x11-style))
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix git-download)
@@ -733,6 +733,27 @@ provides an API for C language.  It's the low-level API used by MailCore and
 MailCore 2.")
     (license (non-copyleft "file://COPYING"))))
 
+(define-public compface
+  (package
+    (name "compface")
+    (version "1.5.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://ftp.heanet.ie/mirrors/"
+                                  "ftp.xemacs.org/aux/"
+                                  name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "09b89wg63hg502hsz592cd2h87wdprb1dq1k1y07n89hym2q56d6"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f))
+    (synopsis "Portrait image compressor")
+    (description "This packages takes your 48x48x1 portrait image and
+compresses it.")
+    (home-page "http://www.cs.indiana.edu/pub/faces/")
+    (license (x11-style "file://README"))))
+
 (define-public claws-mail
   (package
     (name "claws-mail")
@@ -1536,10 +1557,10 @@ powerful user customization features.")
                         "contrib/mmuegel" "devtools/bin/configure.sh")
                   (find-files "." ".*\\.m4")
                   (find-files "." ".*\\.cf"))
-               (("/bin/sh") (which "bash")))
+               (("/bin/sh") (which "sh")))
 
              (substitute* "devtools/bin/Build"
-               (("SHELL=/bin/sh") (string-append "SHELL=" (which "bash"))))
+               (("SHELL=/bin/sh") (string-append "SHELL=" (which "sh"))))
              #t))
          (replace 'configure
            (lambda _
diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
index 0c88059dca..5b3ed740d9 100644
--- a/gnu/packages/messaging.scm
+++ b/gnu/packages/messaging.scm
@@ -825,7 +825,7 @@ connect with friends and family without anyone else listening in.")
                (("mkdir -p \\$\\{DESTDIR\\}/usr") "")
                (("/usr/local") "")
                (("/usr") "")
-               (("#!/bin/sh") (string-append "#!" (which "bash")))
+               (("#!/bin/sh") (string-append "#!" (which "sh")))
                (("python2") (which "python"))
                (("/opt/openssl-compat-bitcoin/lib/")
                 (string-append (assoc-ref inputs "openssl") "/lib/")))
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 617dffc937..2df7816b59 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -64,7 +64,7 @@
                             "lib/internal/v8_prof_polyfill.js"
                             "test/parallel/test-stdio-closed.js")
                (("'/bin/sh'")
-                (string-append "'" (which "bash") "'")))
+                (string-append "'" (which "sh") "'")))
 
              ;; Fix hardcoded /usr/bin/env references.
              (substitute* '("test/parallel/test-child-process-default-options.js"
diff --git a/gnu/packages/orpheus.scm b/gnu/packages/orpheus.scm
index 39118c9abc..d672ebce75 100644
--- a/gnu/packages/orpheus.scm
+++ b/gnu/packages/orpheus.scm
@@ -90,7 +90,7 @@
              (substitute* '("src/mp3track.cc"
                             "src/streamtrack.cc"
                             "src/oggtrack.cc")
-               (("/bin/sh") (which "bash")))
+               (("/bin/sh") (which "sh")))
              #t)))))
     (home-page "http://thekonst.net/en/orpheus")
     (synopsis "Text-mode audio player")
diff --git a/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch b/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch
deleted file mode 100644
index 79bb41caaa..0000000000
--- a/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-This fixes a segfault on 32-bit architectures. Upstream discussion:
-
-https://lists.gnupg.org/pipermail/gnupg-devel/2016-December/032364.html
-
-Guix thread: https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00631.html
-
-Patch copied from upstream source repository:
-
-https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=6e96cdd41a0e55b672309431062f37c4a4a9f485
-
-From 6e96cdd41a0e55b672309431062f37c4a4a9f485 Mon Sep 17 00:00:00 2001
-From: Justus Winter <justus@g10code.com>
-Date: Wed, 21 Dec 2016 16:14:45 +0100
-Subject: [PATCH] gpgscm: Guard use of union member.
-
-* tests/gpgscm/scheme.c (opexe_5): Check that we have a file port
-before accessing filename.  Fixes a crash on 32-bit architectures.
-
-Fixes-commit: e7429b1ced0c69fa7901f888f8dc25f00fc346a4
-Signed-off-by: Justus Winter <justus@g10code.com>
----
- tests/gpgscm/scheme.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c
-index a5b7691..2844545 100644
---- a/tests/gpgscm/scheme.c
-+++ b/tests/gpgscm/scheme.c
-@@ -4838,7 +4838,7 @@ static pointer opexe_5(scheme *sc, enum scheme_opcodes op) {
-                } else {
-                     sc->nesting_stack[sc->file_i]++;
- #if USE_TAGS && SHOW_ERROR_LINE
--		    {
-+		    if (sc->load_stack[sc->file_i].kind & port_file) {
- 		      const char *filename =
- 			sc->load_stack[sc->file_i].rep.stdio.filename;
- 		      int lineno =
--- 
-2.8.0.rc3
-
diff --git a/gnu/packages/patches/khal-disable-failing-tests.patch b/gnu/packages/patches/khal-disable-failing-tests.patch
deleted file mode 100644
index e2c65df8ce..0000000000
--- a/gnu/packages/patches/khal-disable-failing-tests.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Disable some tests that are known to fail:
-
-https://github.com/pimutils/khal/issues/546
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844081
-
-diff --git a/tests/khalendar_test.py b/tests/khalendar_test.py
-index fd8dcc6..17732bf 100644
---- a/tests/khalendar_test.py
-+++ b/tests/khalendar_test.py
-@@ -65,6 +65,7 @@ class TestCalendar(object):
-                 else:
-                     mtimes[cal] = mtime
- 
-+    @pytest.mark.xfail
-     def test_db_needs_update(self, coll_vdirs):
-         coll, vdirs = coll_vdirs
- 
-@@ -321,6 +322,7 @@ class TestDbCreation(object):
-             CalendarCollection(calendars, dbpath=dbpath, locale=aux.locale)
- 
- 
-+@pytest.mark.xfail
- def test_default_calendar(coll_vdirs):
-     """test if an update to the vdir is detected by the CalendarCollection"""
-     coll, vdirs = coll_vdirs
-@@ -341,6 +343,7 @@ def test_default_calendar(coll_vdirs):
-     assert len(list(coll.get_events_on(today))) == 0
- 
- 
-+@pytest.mark.xfail
- def test_only_update_old_event(coll_vdirs, monkeypatch):
-     coll, vdirs = coll_vdirs
- 
diff --git a/gnu/packages/patches/libupnp-CVE-2016-6255.patch b/gnu/packages/patches/libupnp-CVE-2016-6255.patch
deleted file mode 100644
index c9a3fa284c..0000000000
--- a/gnu/packages/patches/libupnp-CVE-2016-6255.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-Fix CVE-2016-6255:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6255
-http://www.openwall.com/lists/oss-security/2016/07/18/13
-
-Patch adapted from upstream commit:
-
-https://github.com/mrjimenez/pupnp/commit/d64d6a44906b5aa5306bdf1708531d698654dda5
-
-The upstream change is simplified to unconditionally disable the HTTP
-POST feature.
-
-From d64d6a44906b5aa5306bdf1708531d698654dda5 Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <mjg59@srcf.ucam.org>
-Date: Tue, 23 Feb 2016 13:53:20 -0800
-Subject: [PATCH] Don't allow unhandled POSTs to write to the filesystem by
- default
-
-If there's no registered handler for a POST request, the default behaviour
-is to write it to the filesystem. Several million deployed devices appear
-to have this behaviour, making it possible to (at least) store arbitrary
-data on them. Add a configure option that enables this behaviour, and change
-the default to just drop POSTs that aren't directly handled.
-
-Signed-off-by: Marcelo Roberto Jimenez <mroberto@users.sourceforge.net>
-(cherry picked from commit c91a8a3903367e1163765b73eb4d43be7d7927fa)
----
- configure.ac                         | 9 +++++++++
- upnp/inc/upnpconfig.h.in             | 9 +++++++++
- upnp/src/genlib/net/http/webserver.c | 4 ++++
- 3 files changed, 22 insertions(+)
-
-diff --git a/upnp/src/genlib/net/http/webserver.c b/upnp/src/genlib/net/http/webserver.c
-index 26bf0f7..7ae8c1e 100644
---- a/upnp/src/genlib/net/http/webserver.c
-+++ b/upnp/src/genlib/net/http/webserver.c
-@@ -1367,9 +1367,13 @@ static int http_RecvPostMessage(
- 		if (Fp == NULL)
- 			return HTTP_INTERNAL_SERVER_ERROR;
- 	} else {
-+#if 0
- 		Fp = fopen(filename, "wb");
- 		if (Fp == NULL)
- 			return HTTP_UNAUTHORIZED;
-+#else
-+		return HTTP_NOT_FOUND;
-+#endif
- 	}
- 	parser->position = POS_ENTITY;
- 	do {
diff --git a/gnu/packages/patches/libupnp-CVE-2016-8863.patch b/gnu/packages/patches/libupnp-CVE-2016-8863.patch
deleted file mode 100644
index 9978b39487..0000000000
--- a/gnu/packages/patches/libupnp-CVE-2016-8863.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-Fix CVE-2016-8863:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863
-https://sourceforge.net/p/pupnp/bugs/133/
-
-Patch copied from upstream source repository:
-
-https://sourceforge.net/p/pupnp/code/ci/9c099c2923ab4d98530ab5204af1738be5bddba7/
-
-From 9c099c2923ab4d98530ab5204af1738be5bddba7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <ukleinek@debian.org>
-Date: Thu, 8 Dec 2016 17:11:53 +0100
-Subject: [PATCH] Fix out-of-bound access in create_url_list() (CVE-2016-8863)
-
-If there is an invalid URL in URLS->buf after a valid one, uri_parse is
-called with out pointing after the allocated memory. As uri_parse writes
-to *out before returning an error the loop in create_url_list must be
-stopped early to prevent an out-of-bound access
-
-Bug: https://sourceforge.net/p/pupnp/bugs/133/
-Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863
-Bug-Debian: https://bugs.debian.org/842093
-Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=1388771
-(cherry picked from commit a0f6e719bc03c4d2fe6a4a42ef6b8761446f520b)
----
- upnp/src/gena/gena_device.c | 17 ++++++++++++-----
- 1 file changed, 12 insertions(+), 5 deletions(-)
-
-diff --git a/upnp/src/gena/gena_device.c b/upnp/src/gena/gena_device.c
-index fb04a29..245c56b 100644
---- a/upnp/src/gena/gena_device.c
-+++ b/upnp/src/gena/gena_device.c
-@@ -1113,7 +1113,7 @@ static int create_url_list(
- 	/*! [out] . */
- 	URL_list *out)
- {
--    size_t URLcount = 0;
-+    size_t URLcount = 0, URLcount2 = 0;
-     size_t i;
-     int return_code = 0;
-     uri_type temp;
-@@ -1155,16 +1155,23 @@ static int create_url_list(
-         }
-         memcpy( out->URLs, URLS->buff, URLS->size );
-         out->URLs[URLS->size] = 0;
--        URLcount = 0;
-         for( i = 0; i < URLS->size; i++ ) {
-             if( ( URLS->buff[i] == '<' ) && ( i + 1 < URLS->size ) ) {
-                 if( ( ( return_code =
-                         parse_uri( &out->URLs[i + 1], URLS->size - i + 1,
--                                   &out->parsedURLs[URLcount] ) ) ==
-+                                   &out->parsedURLs[URLcount2] ) ) ==
-                       HTTP_SUCCESS )
--                    && ( out->parsedURLs[URLcount].hostport.text.size !=
-+                    && ( out->parsedURLs[URLcount2].hostport.text.size !=
-                          0 ) ) {
--                    URLcount++;
-+                    URLcount2++;
-+                    if (URLcount2 >= URLcount)
-+                        /*
-+                         * break early here in case there is a bogus URL that
-+                         * was skipped above. This prevents to access
-+                         * out->parsedURLs[URLcount] which is beyond the
-+                         * allocation.
-+                         */
-+                        break;
-                 } else {
-                     if( return_code == UPNP_E_OUTOF_MEMORY ) {
-                         free( out->URLs );
--- 
-2.11.0
-
diff --git a/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch b/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch
new file mode 100644
index 0000000000..545b5d0a71
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch
@@ -0,0 +1,233 @@
+Fix CVE-2016-9572 and CVE-2016-9573:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9572
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573
+
+Patch copied from 3rd-party repository:
+
+https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d
+
+From 7b28bd2b723df6be09fe7791eba33147c1c47d0d Mon Sep 17 00:00:00 2001
+From: szukw000 <szukw000@arcor.de>
+Date: Mon, 28 Nov 2016 21:57:20 +0100
+Subject: [PATCH] Changes for issues #863 and #862
+
+---
+ src/bin/jp2/convert.c        | 59 +++++++++++++++++++++++++++++++++++++++-----
+ src/bin/jp2/convertbmp.c     | 29 +++++++++++++++++++++-
+ src/bin/jp2/opj_decompress.c |  2 +-
+ src/lib/openjp2/j2k.c        | 11 ++++++---
+ 4 files changed, 90 insertions(+), 11 deletions(-)
+
+diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
+index deee4f6..6a3f65b 100644
+--- a/src/bin/jp2/convert.c
++++ b/src/bin/jp2/convert.c
+@@ -906,7 +906,8 @@ int imagetotga(opj_image_t * image, const char *outfile) {
+     for (i = 0; i < image->numcomps-1; i++)	{
+         if ((image->comps[0].dx != image->comps[i+1].dx)
+                 ||(image->comps[0].dy != image->comps[i+1].dy)
+-                ||(image->comps[0].prec != image->comps[i+1].prec))	{
++                ||(image->comps[0].prec != image->comps[i+1].prec)
++				||(image->comps[0].sgnd != image->comps[i+1].sgnd))	{
+             fclose(fdest);
+             fprintf(stderr, "Unable to create a tga file with such J2K image charateristics.");
+             return 1;
+@@ -1743,7 +1744,7 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
+     int *red, *green, *blue, *alpha;
+     int wr, hr, max;
+     int i;
+-    unsigned int compno, ncomp;
++    unsigned int compno, ncomp, ui;
+     int adjustR, adjustG, adjustB, adjustA;
+     int fails, two, want_gray, has_alpha, triple;
+     int prec, v;
+@@ -1768,6 +1769,27 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
+ 
+     if(want_gray) ncomp = 1;
+ 
++    for (ui = 1; ui < ncomp; ++ui) {
++        if (image->comps[0].dx != image->comps[ui].dx) {
++            break;
++        }
++        if (image->comps[0].dy != image->comps[ui].dy) {
++            break;
++        }
++        if (image->comps[0].prec != image->comps[ui].prec) {
++            break;
++        }
++        if (image->comps[0].sgnd != image->comps[ui].sgnd) {
++            break;
++        }
++    }
++    if (ui != ncomp) {
++        fprintf(stderr,"imagetopnm: All components\n    shall have "
++         "the same subsampling, same bit depth, same sign.\n"
++         "    Aborting\n");
++        return 1;
++    }
++
+     if ((force_split == 0) &&
+ 				(ncomp == 2 /* GRAYA */
+             || (ncomp > 2 /* RGB, RGBA */
+@@ -2126,7 +2148,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
+ {
+     FILE *rawFile = NULL;
+     size_t res;
+-    unsigned int compno;
++    unsigned int compno, numcomps;
+     int w, h, fails;
+     int line, row, curr, mask;
+     int *ptr;
+@@ -2139,6 +2161,31 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
+         return 1;
+     }
+ 
++    numcomps = image->numcomps;
++
++    if (numcomps > 4) {
++        numcomps = 4;
++    }
++    for (compno = 1; compno < numcomps; ++compno) {
++        if (image->comps[0].dx != image->comps[compno].dx) {
++            break;
++        }
++        if (image->comps[0].dy != image->comps[compno].dy) {
++            break;
++        }
++        if (image->comps[0].prec != image->comps[compno].prec) {
++            break;
++        }
++        if (image->comps[0].sgnd != image->comps[compno].sgnd) {
++            break;
++        }
++    }
++    if (compno != numcomps) {
++        fprintf(stderr,"imagetoraw_common: All components shall have the same subsampling, same bit depth, same sign.\n");
++        fprintf(stderr,"\tAborting\n");
++        return 1;
++    }
++
+     rawFile = fopen(outfile, "wb");
+     if (!rawFile) {
+         fprintf(stderr, "Failed to open %s for writing !!\n", outfile);
+@@ -2146,9 +2193,9 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
+     }
+ 
+     fails = 1;
+-    fprintf(stdout,"Raw image characteristics: %d components\n", image->numcomps);
++    fprintf(stdout,"Raw image characteristics: %d components\n", numcomps);
+ 
+-    for(compno = 0; compno < image->numcomps; compno++)
++    for(compno = 0; compno < numcomps; compno++)
+     {
+         fprintf(stdout,"Component %u characteristics: %dx%dx%d %s\n", compno, image->comps[compno].w,
+                 image->comps[compno].h, image->comps[compno].prec, image->comps[compno].sgnd==1 ? "signed": "unsigned");
+@@ -2238,7 +2285,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
+         }
+         else if (image->comps[compno].prec <= 32)
+         {
+-            fprintf(stderr,"More than 16 bits per component no handled yet\n");
++            fprintf(stderr,"More than 16 bits per component not handled yet\n");
+             goto fin;
+         }
+         else
+diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
+index ae83077..8017ba8 100644
+--- a/src/bin/jp2/convertbmp.c
++++ b/src/bin/jp2/convertbmp.c
+@@ -806,8 +806,35 @@ int imagetobmp(opj_image_t * image, const char *outfile) {
+     FILE *fdest = NULL;
+     int adjustR, adjustG, adjustB;
+ 
++   {
++    unsigned int ui, ncomp = image->numcomps;
++
++    if (ncomp > 4) { /* RGBA in bmpmask32toimage */
++        ncomp = 4;
++    }
++    for (ui = 1; ui < ncomp; ++ui) {
++        if (image->comps[0].dx != image->comps[ui].dx) {
++            break;
++        }
++        if (image->comps[0].dy != image->comps[ui].dy) {
++            break;
++        }
++        if (image->comps[0].prec != image->comps[ui].prec) {
++            break;
++        }
++        if (image->comps[0].sgnd != image->comps[ui].sgnd) {
++            break;
++        }
++    }
++    if (ui != ncomp) {
++        fprintf(stderr,"imagetobmp: All components shall have the same subsampling, same bit depth, same sign.\n");
++        fprintf(stderr,"\tAborting\n");
++        return 1;
++    }
++
++   }
+     if (image->comps[0].prec < 8) {
+-        fprintf(stderr, "Unsupported number of components: %d\n", image->comps[0].prec);
++        fprintf(stderr, "imagetobmp: Unsupported precision: %d\n", image->comps[0].prec);
+         return 1;
+     }
+     if (image->numcomps >= 3 && image->comps[0].dx == image->comps[1].dx
+diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
+index 83160c3..c30079b 100644
+--- a/src/bin/jp2/opj_decompress.c
++++ b/src/bin/jp2/opj_decompress.c
+@@ -1607,7 +1607,7 @@ int main(int argc, char **argv)
+ 		if(dirptr->filename_buf) free(dirptr->filename_buf);
+ 		free(dirptr);
+ 	}
+-	if (numDecompressedImages) {
++	if (numDecompressedImages && !failed) {
+ 		fprintf(stdout, "decode time: %d ms\n", (int)( (tCumulative * 1000.0) / (OPJ_FLOAT64)numDecompressedImages));
+ 	}
+ 	return failed ? EXIT_FAILURE : EXIT_SUCCESS;
+diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
+index 66802bb..b6daa32 100644
+--- a/src/lib/openjp2/j2k.c
++++ b/src/lib/openjp2/j2k.c
+@@ -2158,7 +2158,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
+                                   i, l_img_comp->dx, l_img_comp->dy);
+                     return OPJ_FALSE;
+                 }
+-                if( l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */
++                if( l_img_comp->prec < 1 || l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */
+                     opj_event_msg(p_manager, EVT_ERROR,
+                                   "Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n",
+                                   i, l_img_comp->prec);
+@@ -10029,7 +10029,11 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k,
+         /* Move data and copy one information from codec to output image*/
+         for (compno = 0; compno < p_image->numcomps; compno++) {
+                 p_image->comps[compno].resno_decoded = p_j2k->m_output_image->comps[compno].resno_decoded;
+-                p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
++		p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
++
++		if(p_image->comps[compno].data == NULL) return OPJ_FALSE;
++
++                p_j2k->m_output_image->comps[compno].data = NULL;
+ #if 0
+                 char fn[256];
+                 sprintf( fn, "/tmp/%d.raw", compno );
+@@ -10037,7 +10041,6 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k,
+                 fwrite( p_image->comps[compno].data, sizeof(OPJ_INT32), p_image->comps[compno].w * p_image->comps[compno].h, debug );
+                 fclose( debug );
+ #endif
+-                p_j2k->m_output_image->comps[compno].data = NULL;
+         }
+ 
+         return OPJ_TRUE;
+@@ -10131,6 +10134,8 @@ OPJ_BOOL opj_j2k_get_tile(      opj_j2k_t *p_j2k,
+ 
+                 p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
+ 
++				if (p_image->comps[compno].data == NULL) return OPJ_FALSE;
++
+                 p_j2k->m_output_image->comps[compno].data = NULL;
+         }
+ 
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 7e086139c9..91e4d5675d 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -1194,14 +1194,14 @@ under several distributions that's hard or impossible to figure out.")
 (define-public python2-pysqlite
   (package
     (name "python2-pysqlite")
-    (version "2.8.1")
+    (version "2.8.3")
     (source
      (origin
       (method url-fetch)
       (uri (pypi-uri "pysqlite" version))
       (sha256
        (base32
-        "0rm0zqyb363y6wljhfmbxs16jjv7p8nk1d8zgq9sdwj6js7y3jkm"))))
+        "1424gwq9sil2ffmnizk60q36vydkv8rxs6m7xs987kz8cdc37lqp"))))
     (build-system python-build-system)
     (inputs
      `(("sqlite" ,sqlite)))
@@ -2242,10 +2242,11 @@ executed.")
     (propagated-inputs
      `(("python-coverage" ,python-coverage)))
     (home-page "https://github.com/schlamar/cov-core")
-    (synopsis "plugin core for use by pytest-cov, nose-cov and nose2-cov")
+    (synopsis "Coverage plugin core for pytest-cov, nose-cov and nose2-cov")
     (description
-     "This is a library package for use by pytest-cov, nose-cov and nose2-cov.
-It is useful for developing coverage plugins for these testing frameworks.")
+     "This is a library package for use by @code{pytest-cov}, @code{nose-cov}
+and @code{nose2-cov}.  It is useful for developing coverage plugins for these
+testing frameworks.")
     (license license:expat)))
 
 (define-public python2-cov-core
@@ -2568,13 +2569,13 @@ cutting and pasting that code over and over.")
 (define-public python-unidecode
   (package
     (name "python-unidecode")
-    (version "0.04.18")
+    (version "0.04.20")
     (source (origin
              (method url-fetch)
              (uri (pypi-uri "Unidecode" version))
              (sha256
               (base32
-               "12hhblqy1ajvidm38im4171x4arg83pfmziyn53nizp29p3m14gi"))))
+               "1q00i8gpsq3d9r0q8wk4b290fxl0kqlsdk7iadvli45in6s1hi7d"))))
     (build-system python-build-system)
     (home-page "https://pypi.python.org/pypi/Unidecode")
     (synopsis "ASCII transliterations of Unicode text")
@@ -4004,14 +4005,14 @@ Python code against some of the style conventions in
 (define-public python-orderedmultidict
   (package
     (name "python-orderedmultidict")
-    (version "0.7.10")
+    (version "0.7.11")
     (source
       (origin
         (method url-fetch)
         (uri (pypi-uri "orderedmultidict" version))
         (sha256
           (base32
-            "1gvqk0jd432wsn88kq4svad68xz3r012jfpnhh9in7bqrkyxidky"))))
+            "0dls862ibm7qbq4fnvwx0xn1v9hwyzywbff8xjjdr42dd75208yw"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -4132,14 +4133,14 @@ You might also want to install the following optional dependencies:
 (define-public python-alembic
   (package
     (name "python-alembic")
-    (version "0.8.7")
+    (version "0.8.10")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "alembic" version))
        (sha256
         (base32
-         "0ias6fdzwr2s220fnjspkdgm9510bd0cnap0hx5y4zy4srba9f3z"))))
+         "06br9sfqypnjlal6fsbnky3zb0askwcn3diz8k3kwa0qcblm0fqf"))))
     (build-system python-build-system)
     (native-inputs
      `(("python-mock" ,python-mock)
@@ -5535,13 +5536,13 @@ Python style, together with a fast and comfortable execution environment.")
 (define-public python-seaborn
   (package
     (name "python-seaborn")
-    (version "0.7.0")
+    (version "0.7.1")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "seaborn" version))
        (sha256
-        (base32 "0ibi3xsfm2kysph61mnfy0pf8d5rkgxgrdb0z9nbizgcgdsb5a0m"))))
+        (base32 "0pawrqc3mxpwd5g9pvi9gba02637bh5c8ldpp8izfwpfn52469zs"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-pandas" ,python-pandas)
@@ -5998,7 +5999,7 @@ complexity of Python source code.")
 (define-public python-mistune
   (package
     (name "python-mistune")
-    (version "0.7")
+    (version "0.7.3")
     (source
      (origin
        (method url-fetch)
@@ -6008,7 +6009,7 @@ complexity of Python source code.")
              ".tar.gz"))
        (sha256
         (base32
-         "17zqjp9m4d1w3jf2rbbq5xshcw24q1vlcv24gkgfqqyyymajxahx"))))
+         "04xpk1zvslhq3xpnf01g3ag0dy9wfv4z28p093r8k49vvxlyil11"))))
     (build-system python-build-system)
     (native-inputs
      `(("python-nose" ,python-nose)
@@ -7022,16 +7023,14 @@ serve the same purpose: provide Python bindings for libmagic.")))
 (define-public python-debian
   (package
     (name "python-debian")
-    (version "0.1.23")
+    (version "0.1.28")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append
-             "https://pypi.python.org/packages/source/p/python-debian/python-debian-"
-             version ".tar.gz"))
+       (uri (pypi-uri name version))
        (sha256
         (base32
-         "193faznwnjc3n5991wyzim6h9gyq1zxifmfrnpm3avgkh7ahyynh"))))
+         "0i15f0xzx679sd0ldq2sls9pnnps9fv6vhqvnv9dzf4qhma42i0y"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-six" ,python-six)))
@@ -8612,16 +8611,16 @@ supports url redirection and retries, and also gzip and deflate decoding.")
 (define-public python-colorama
   (package
    (name "python-colorama")
-   (version "0.3.3")
+   (version "0.3.7")
    (source
     (origin
      (method url-fetch)
      (uri (pypi-uri "colorama" version))
      (sha256
       (base32
-       "1716z9pq1r5ys3nkg7wdrb3h2f9rmd0zdxpxzmx3bgwgf6xg48gb"))))
+       "0avqkn6362v7k2kg3afb35g4sfdvixjgy890clip4q174p9whhz0"))))
    (build-system python-build-system)
-   (synopsis "colored terminal text rendering for Python")
+   (synopsis "Colored terminal text rendering for Python")
    (description "Colorama is a Python library for rendering colored terminal
 text.")
    (home-page "https://pypi.python.org/pypi/colorama")
@@ -9027,14 +9026,14 @@ file.")
 (define-public python-paste
   (package
     (name "python-paste")
-    (version "2.0.2")
+    (version "2.0.3")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "Paste" version))
        (sha256
         (base32
-         "16dsv9qi0r4qsrsb6dilpq2rx0fnglvh36flzywcdnm2jg43mb5d"))
+         "062jk0nlxf6lb2wwj6zc20rlvrwsnikpkh90y0dn8cjch93s6ii3"))
        (patches (search-patches "python-paste-remove-website-test.patch"
                                 "python-paste-remove-timing-test.patch"))))
     (build-system python-build-system)
@@ -9042,12 +9041,6 @@ file.")
      `(("python-nose" ,python-nose)))
     (propagated-inputs
      `(("python-six" ,python-six)))
-    (arguments
-     '(;; Tests don't pass on Python 3, but work fine on Python 2.
-       ;; (As of 2.0.2, Python 3 support in Paste is presently a bit broken,
-       ;; but is usable enough for the minimal amount it's used in MediaGoblin
-       ;; still... things should be better by the next Paste release.)
-       #:tests? #f))
     (home-page "http://pythonpaste.org")
     (synopsis
      "Python web development tools, focusing on WSGI")
@@ -9055,18 +9048,10 @@ file.")
      "Paste provides a variety of web development tools and middleware which
 can be nested together to build web applications.  Paste's design closely
 follows ideas flowing from WSGI (Web Standard Gateway Interface).")
-    (license license:expat)
-    (properties `((python2-variant . ,(delay python2-paste))))))
+    (license license:expat)))
 
 (define-public python2-paste
-  (let ((paste (package-with-python2
-                (strip-python2-variant python-paste))))
-    (package
-      (inherit paste)
-      (arguments
-       ;; Tests are back for Python 2!
-       `(#:tests? #t
-         ,@(package-arguments paste))))))
+  (package-with-python2 python-paste))
 
 (define-public python-pastescript
   (package
@@ -10414,13 +10399,13 @@ It uses LR parsing and does extensive error checking.")
 (define-public python-tabulate
   (package
     (name "python-tabulate")
-    (version "0.7.5")
+    (version "0.7.7")
     (source (origin
              (method url-fetch)
              (uri (pypi-uri "tabulate" version))
              (sha256
               (base32
-               "03l1r7ddd1a0j2snv1yd0hlnghjad3fg1an1jr8936ksv75slwch"))
+               "1inqhspd4frxnp08c32yndr0lc4px1xfkqah184i5w09gkhvi843"))
              ;; Fix tests
              (modules '((guix build utils)))
              (snippet '(substitute* '("test/test_cli.py"
@@ -10720,13 +10705,13 @@ It supports TSIG authenticated messages and EDNS0.")
 (define-public python-email-validator
   (package
     (name "python-email-validator")
-    (version "1.0.1")
+    (version "1.0.2")
     (source
      (origin (method url-fetch)
              (uri (pypi-uri "email_validator" version))
              (sha256
               (base32
-               "0mn8jg5h8ifl8w6a6m0hq8kbk0mzw9vm054qfamkn89b3npz52qw"))))
+               "1ja9149l9ck5n45a72h3is7v476hjny5ybxbcamx1nw6iplsm7k6"))))
     (build-system python-build-system)
     (arguments
      '(#:phases
diff --git a/gnu/packages/search.scm b/gnu/packages/search.scm
index cb8b670757..e2342266d6 100644
--- a/gnu/packages/search.scm
+++ b/gnu/packages/search.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015, 2016 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -19,7 +20,7 @@
 
 (define-module (gnu packages search)
   #:use-module ((guix licenses)
-                #:select (gpl2 gpl2+ gpl3+ bsd-3 x11))
+                #:select (gpl2 gpl2+ gpl3+ lgpl2.1+ bsd-3 x11))
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
@@ -160,6 +161,33 @@ accounting for new lines and paragraph changes.  It also has robust support
 for parsing HTML files.")
     (license gpl3+)))
 
+(define-public hyperestraier
+  (package
+    (name "hyperestraier")
+    (version "1.4.13")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "http://fallabs.com/" name "/"
+                            name "-" version ".tar.gz"))
+        (sha256
+         (base32
+          "1qk3pxgzyrpcz5qfyd5xs2hw9q1cbb7j5zd4kp1diq501wcj2vs9"))))
+    (inputs
+     `(("qdbm" ,qdbm)
+       ("zlib" ,zlib)))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags (list (string-append "LDFLAGS=-Wl,-rpath="
+                                              (assoc-ref %outputs "out")
+                                              "/lib"))))
+    (home-page "http://fallabs.com/hyperestraier")
+    (synopsis "Full-text search system")
+    (description "Hyper Estraier can be used to integrate full-text
+search into applications, using either the provided command line and CGI
+interfaces, or a C API.")
+    (license lgpl2.1+)))
+
 (define-public mlocate
   (package
     (name "mlocate")
diff --git a/gnu/packages/shellutils.scm b/gnu/packages/shellutils.scm
index c9a35ca3b6..e69df7d832 100644
--- a/gnu/packages/shellutils.scm
+++ b/gnu/packages/shellutils.scm
@@ -58,14 +58,14 @@ between various shells or commands.")
 (define-public trash-cli
   (package
     (name "trash-cli")
-    (version "0.17.1.1")
+    (version "0.17.1.14")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "trash-cli" version))
        (sha256
         (base32
-         "019sjab29jkps8zkf8icihhf3ng4lx9y4p1lxjd3wbnnynphc4is"))))
+         "01q0cl04ljf214z6s3g256gsxx3pqsgaf6ac1zh0vrq5bnhnr85h"))))
     (build-system python-build-system)
     (arguments
      `(#:python ,python-2
diff --git a/gnu/packages/sync.scm b/gnu/packages/sync.scm
index 429fe196de..4b026b93cb 100644
--- a/gnu/packages/sync.scm
+++ b/gnu/packages/sync.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -25,6 +26,7 @@
   #:use-module (gnu packages compression)
   #:use-module (gnu packages databases)
   #:use-module (gnu packages linux)
+  #:use-module (gnu packages lua)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages qt)
@@ -158,3 +160,49 @@ their folder.
 @item Toggle for monochrome icon.
 @end enumerate\n")
     (license license:lgpl3+)))
+
+(define-public lsyncd
+  (package
+    (name "lsyncd")
+    (version "2.2.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/axkibe/lsyncd/archive/release-"
+                           version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0da7mrq2c578v2dd5x9v75l1fqrm28jvn28qkcd49y8p992nj6gl"))))
+    (build-system cmake-build-system)
+    (arguments
+     `(;; The "tests" target is broken and assumes that tests are run in the
+       ;; root directory.
+       #:tests? #f
+       #:test-target "tests"
+       #:phases
+       (modify-phases %standard-phases
+         ;; No install target.
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin"))
+                    (man (string-append out "/share/man/man1")))
+               (install-file "lsyncd" bin)
+               (install-file (string-append "../lsyncd-release-"
+                                            ,version
+                                            "/doc/manpage/lsyncd.1")
+                             man)
+               #t))))))
+    (native-inputs
+     `(("lua" ,lua-5.2)))
+    (home-page "https://github.com/axkibe/lsyncd")
+    (synopsis "Synchronize local directories with remote targets")
+    (description "Lsyncd watches a local directory trees event monitor
+interface (inotify or fsevents).  It aggregates and combines events for a few
+seconds and then spawns one (or more) process(es) to synchronize the changes.
+By default this is rsync, which must be installed on all source and target
+machines.  Lsyncd is thus a light-weight live mirror solution that is
+comparatively easy to install not requiring new filesystems or block devices
+and does not hamper local filesystem performance.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/terminals.scm b/gnu/packages/terminals.scm
index 20897860d2..e90ee6847f 100644
--- a/gnu/packages/terminals.scm
+++ b/gnu/packages/terminals.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016, 2017 José Miguel Sánchez García <jmi2k@openmailbox.org>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -362,3 +363,70 @@ scripts, notifying the user when something interesting occurs.  Of course, it
 has no notion of what's interesing, but it's very good at that notifying part.")
     (home-page "http://www.johnath.com/beep")
     (license license:gpl2+)))
+
+(define-public unibilium
+  (package
+    (name "unibilium")
+    (version "1.2.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/mauke/unibilium/"
+                           "archive/v" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1n7a0jrlwhn9nnkna76sbnjrr808m0pmzbiwznmp7rhmjl4z2fk2"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:make-flags
+       (list "CC=gcc"
+             (string-append "PREFIX=" (assoc-ref %outputs "out")))
+       #:test-target "test"
+       ;; FIXME: tests require "prove"
+       #:tests? #f
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure))))
+    (native-inputs
+     `(("libtool" ,libtool)))
+    (home-page "https://github.com/mauke/unibilium")
+    (synopsis "Terminfo parsing library")
+    (description "Unibilium is a basic C terminfo library.  It doesn't depend
+on curses or any other library.  It also doesn't use global variables, so it
+should be thread-safe.")
+    (license license:lgpl3+)))
+
+(define-public libvterm
+  (package
+    (name "libvterm")
+    (version "0+bzr681")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://www.leonerd.org.uk/code/libvterm/"
+                           "libvterm-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1s56c8p1qz6frkcri0hg4qyydv2wcccj6n2xmz1dwcdqn38ldsmb"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:make-flags
+       (list "CC=gcc"
+             (string-append "PREFIX=" (assoc-ref %outputs "out")))
+       #:test-target "test"
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure))))
+    (native-inputs
+     `(("libtool" ,libtool)
+       ("perl" ,perl)))
+    (home-page "http://www.leonerd.org.uk/code/libvterm/")
+    (synopsis "VT220/xterm/ECMA-48 terminal emulator library")
+    (description "Libvterm is an abstract C99 library which implements a VT220
+or xterm-like terminal emulator.  It doesn't use any particular graphics
+toolkit or output system, instead it invokes callback function pointers that
+its embedding program should provide it to draw on its behalf.  It avoids
+calling @code{malloc} during normal running state, allowing it to be used in
+embedded kernel situations.")
+    (license license:expat)))
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index 6f26f404be..c7f97ab1b4 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -39,14 +39,14 @@
 (define-public tor
   (package
     (name "tor")
-    (version "0.2.9.8")
+    (version "0.2.9.9")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://dist.torproject.org/tor-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "0sklgmx4nikcfhqd606kvpwy1l8840w24ikli1xjjx25739k7pgv"))))
+               "0hqdk5p6dw4bpn7c8gmhyi8jjkhc37112pfw5nx4gl0g4lmmscik"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("python" ,python-2)))  ; for tests
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index e0de564e14..8ba229e582 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -580,7 +580,7 @@ standards (MPEG-2, MPEG-4 ASP/H.263, MPEG-4 AVC/H.264, and VC-1/VMW3).")
           (lambda* (#:key outputs configure-flags #:allow-other-keys)
             (let ((out (assoc-ref outputs "out")))
               (substitute* "configure"
-                (("#! /bin/sh") (string-append "#!" (which "bash"))))
+                (("#! /bin/sh") (string-append "#!" (which "sh"))))
               (setenv "SHELL" (which "bash"))
               (setenv "CONFIG_SHELL" (which "bash"))
               (zero? (apply system*
@@ -796,7 +796,7 @@ treaming protocols.")
             (let ((out (assoc-ref outputs "out"))
                   (libx11 (assoc-ref inputs "libx11")))
               (substitute* "configure"
-                (("#! /bin/sh") (string-append "#!" (which "bash"))))
+                (("#! /bin/sh") (string-append "#!" (which "sh"))))
               (setenv "SHELL" (which "bash"))
               (setenv "CONFIG_SHELL" (which "bash"))
               (zero? (system*
@@ -970,7 +970,7 @@ access to mpv's powerful playback capabilities.")
 (define-public youtube-dl
   (package
     (name "youtube-dl")
-    (version "2017.01.14")
+    (version "2017.01.24")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://yt-dl.org/downloads/"
@@ -978,7 +978,7 @@ access to mpv's powerful playback capabilities.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1jlwz6p7ryj9ygmwqm4r3pykd9qw21rsiqpifbx0p0kcvdvvvj3n"))))
+                "1n74s6kfs4v1lfg7xls9ymk6yrq09hxwd18sz3lziv5qd1pj14b6"))))
     (build-system python-build-system)
     (arguments
      ;; The problem here is that the directory for the man page and completion
@@ -1228,7 +1228,7 @@ for use with HTML5 video.")
          (lambda _
            (with-directory-excursion "avidemux_core/ffmpeg_package"
              (substitute* "ffmpeg-2.7.6/configure"
-               (("#! /bin/sh") (string-append "#!" (which "bash"))))
+               (("#! /bin/sh") (string-append "#!" (which "sh"))))
              (system* "tar" "cjf" "ffmpeg-2.7.6.tar.bz2" "ffmpeg-2.7.6"
                       ;; avoid non-determinism in the archive
                       "--sort=name" "--mtime=@0"
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index c8f8c63ecf..67b9797bbb 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -17,6 +17,7 @@
 ;;; Copyright © 2016 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 Bake Timmons <b3timmons@speedymail.org>
+;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -3968,3 +3969,29 @@ useful for users behind restrictive firewalls.  As long as Web traffic is
 allowed, even through a HTTP-only proxy, httptunnel can be combined with other
 tools like SSH (Secure Shell) to reach the outside world.")
     (license l:gpl2+)))
+
+(define-public stunnel
+  (package
+  (name "stunnel")
+  (version "5.39")
+  (source
+    (origin
+      (method url-fetch)
+      (uri (string-append "https://www.stunnel.org/downloads/stunnel-"
+                          version ".tar.gz"))
+      (sha256
+       (base32
+        "1vjdn32iw11zqsygwxbjmqgs4644dk3ql1h8ap890ls6a1x0i318"))))
+  (build-system gnu-build-system)
+  (inputs `(("openssl" ,openssl)))
+  (arguments
+   `(#:configure-flags
+     (list (string-append "--with-ssl=" (assoc-ref %build-inputs "openssl")))))
+  (home-page "https://www.stunnel.org")
+  (synopsis "TLS proxy for clients or servers")
+  (description "Stunnel is a proxy designed to add TLS encryption
+functionality to existing clients and servers without any changes in the
+programs' code.  Its architecture is optimized for security, portability, and
+scalability (including load-balancing), making it suitable for large
+deployments.")
+  (license l:gpl2+)))
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 7771b16534..02d0c94119 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -3,7 +3,7 @@
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2014, 2015, 2016 Alex Kost <alezost@gmail.com>
-;;; Copyright © 2013, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2015, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2016 Mathieu Lirzin <mthl@gnu.org>
 ;;; Copyright © 2015 Alexander I.Grafov <grafov@gmail.com>
 ;;; Copyright © 2015 Andy Wingo <wingo@igalia.com>
@@ -75,7 +75,14 @@
                                   "/files/" name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1i3f1agixxbfy4kxikb2b241p7c2lg73cl9wqfvlwz3q6zf5faxv"))))
+                "1i3f1agixxbfy4kxikb2b241p7c2lg73cl9wqfvlwz3q6zf5faxv"))
+              (modules '((guix build utils)))
+              (snippet
+               ;; Do not record a timestamp and file name in gzipped man
+               ;; pages (this is equivalent to 'gzip --no-name'.)
+               '(substitute* "setup.py"
+                  (("gzip\\.open\\(gzfile, 'w', 9\\)")
+                   "gzip.GzipFile('', 'wb', 9, open(gzfile, 'wb'), 0.)")))))
     (build-system python-build-system)
     (arguments
      `(#:python ,python-2     ;incompatible with python 3
diff --git a/gnu/packages/xiph.scm b/gnu/packages/xiph.scm
index fc5cd6ca95..ec84bdeedb 100644
--- a/gnu/packages/xiph.scm
+++ b/gnu/packages/xiph.scm
@@ -300,7 +300,7 @@ ogginfo, to obtain information (tags, bitrate, length, etc.) about
 (define opus
   (package
     (name "opus")
-    (version "1.1.3")
+    (version "1.1.4")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -308,7 +308,7 @@ ogginfo, to obtain information (tags, bitrate, length, etc.) about
                     ".tar.gz"))
               (sha256
                (base32
-                "0cxnd7pjxbgh6l3cbzsw29phpr5cq28fikfhjlp1hc3y5s0gxdjq"))))
+                "14l6kpapmcnvl7p9hrmbqcnzj13zfzyppyc9a5kd4788h2rvc8li"))))
     (build-system gnu-build-system)
     (synopsis "Versatile audio codec")
     (description
diff --git a/gnu/services.scm b/gnu/services.scm
index f72d4d5785..e645889d30 100644
--- a/gnu/services.scm
+++ b/gnu/services.scm
@@ -345,6 +345,10 @@ ACTIVATION-SCRIPT-TYPE."
                       ;; thus there is no accounting at all.
                       (close-port (open-file "/var/run/utmpx" "a0"))
 
+                      ;; Same for 'wtmp', which is populated by mingetty et
+                      ;; al.
+                      (close-port (open-file "/var/log/wtmp" "a0"))
+
                       ;; Set up /run/current-system.  Among other things this
                       ;; sets up locales, which the activation snippets
                       ;; executed below may expect.
diff --git a/gnu/services/cups.scm b/gnu/services/cups.scm
index df1843e438..70b858479a 100644
--- a/gnu/services/cups.scm
+++ b/gnu/services/cups.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Andy Wingo <wingo@pobox.com>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -811,6 +812,7 @@ IPP specifications.")
   ;; Activation gexp.
   (with-imported-modules '((guix build utils))
     #~(begin
+        (use-modules (guix build utils))
         (define (mkdir-p/perms directory owner perms)
           (mkdir-p directory)
           (chown "/var/run/cups" (passwd:uid owner) (passwd:gid owner))
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index c1381405d8..30b1672d33 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Andy Wingo <wingo@igalia.com>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1601,6 +1602,7 @@ accept from local for any relay
     (($ <opensmtpd-configuration> package config-file)
      (let ((smtpd (file-append package "/sbin/smtpd")))
        #~(begin
+           (use-modules (guix build utils))
            ;; Create mbox and spool directories.
            (mkdir-p "/var/mail")
            (mkdir-p "/var/spool/smtpd")
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 8f136f0dc1..f7412ff29e 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -332,6 +333,7 @@ restrict -6 ::1\n"))
   "Return the activation gexp for CONFIG."
   (with-imported-modules '((guix build utils))
     #~(begin
+        (use-modules (guix build utils))
         (define %user
           (getpw "ntpd"))
 
diff --git a/gnu/services/spice.scm b/gnu/services/spice.scm
index bd0a538346..2f9dfd57ac 100644
--- a/gnu/services/spice.scm
+++ b/gnu/services/spice.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 David Craven <david@craven.ch>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -35,7 +36,9 @@
 
 (define (spice-vdagent-activation config)
   "Return the activation gexp for CONFIG."
-  #~(mkdir-p "/var/run/spice-vdagentd"))
+  #~(begin
+      (use-modules (guix build utils))
+      (mkdir-p "/var/run/spice-vdagentd")))
 
 (define (spice-vdagent-shepherd-service config)
   "Return a <shepherd-service> for spice-vdagentd with CONFIG."
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 6da612da67..58c35c9f5e 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;; Copyright © 2016 Julien Lepiller <julien@lepiller.eu>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -292,6 +293,7 @@ The other options should be self-descriptive."
 (define (openssh-activation config)
   "Return the activation GEXP for CONFIG."
   #~(begin
+      (use-modules (guix build utils))
       (mkdir-p "/etc/ssh")
       (mkdir-p (dirname #$(openssh-configuration-pid-file config)))
 
@@ -388,6 +390,7 @@ The other options should be self-descriptive."
 (define (dropbear-activation config)
   "Return the activation gexp for CONFIG."
   #~(begin
+      (use-modules (guix build utils))
       (mkdir-p "/etc/dropbear")))
 
 (define (dropbear-shepherd-service config)
diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm
index f577e0851e..844a11b3d3 100644
--- a/gnu/services/vpn.scm
+++ b/gnu/services/vpn.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -444,7 +445,9 @@ is trunkated and rewritten every minute.")
          (shell (file-append shadow "/sbin/nologin")))))
 
 (define %openvpn-activation
-  #~(mkdir-p "/var/run/openvpn"))
+  #~(begin
+      (use-modules (guix build utils))
+      (mkdir-p "/var/run/openvpn")))
 
 (define openvpn-server-service-type
   (service-type (name 'openvpn-server)
diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm
index 8ab861bf73..2959802c96 100644
--- a/gnu/system/mapped-devices.scm
+++ b/gnu/system/mapped-devices.scm
@@ -54,7 +54,7 @@
 (define-record-type* <mapped-device> mapped-device
   make-mapped-device
   mapped-device?
-  (source    mapped-device-source)                ;string
+  (source    mapped-device-source)                ;string | list of strings
   (target    mapped-device-target)                ;string
   (type      mapped-device-type))                 ;<mapped-device-kind>
 
diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm
index 2687a6cdb8..a725ca90f3 100644
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@@ -194,6 +194,29 @@ info --version")
                             (utmpx-entries)))
              marionette))
 
+          ;; Likewise for /var/log/wtmp (used by 'last').
+          (test-assert "wtmp entry"
+            (match (marionette-eval
+                    '(begin
+                       (use-modules (guix build syscalls)
+                                    (srfi srfi-1))
+
+                       (define (entry->list entry)
+                         (list (utmpx-user entry) (utmpx-line entry)
+                               (utmpx-host entry) (utmpx-login-type entry)))
+
+                       (call-with-input-file "/var/log/wtmp"
+                         (lambda (port)
+                           (let loop ((result '()))
+                             (if (eof-object? (peek-char port))
+                                 (map entry->list (reverse result))
+                                 (loop (cons (read-utmpx port) result)))))))
+                    marionette)
+              (((users lines hosts types) ..1)
+               (every (lambda (type)
+                        (eqv? type (login-type LOGIN_PROCESS)))
+                      types))))
+
           (test-assert "host name resolution"
             (match (marionette-eval
                     '(begin