summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2017-02-13 22:35:05 +0100
committerMarius Bakke <mbakke@fastmail.com>2017-02-13 22:35:05 +0100
commit424b1ae76901c538457bd3c30d9d9cf67e79855f (patch)
treeacc35c1160625618cd6083e728c6a4ff7e9cccc9 /gnu
parenta50e03014177d2f00b5b85d3e1c295406f842016 (diff)
parenteae2dbd47ac1f4a201b8584e2f88c30cd28e093a (diff)
downloadguix-424b1ae76901c538457bd3c30d9d9cf67e79855f.tar.gz
Merge branch 'master' into python-tests
Diffstat (limited to 'gnu')
-rw-r--r--gnu/build/activation.scm62
-rw-r--r--gnu/build/file-systems.scm33
-rw-r--r--gnu/build/linux-container.scm40
-rw-r--r--gnu/build/shepherd.scm177
-rw-r--r--gnu/local.mk67
-rw-r--r--gnu/packages.scm34
-rw-r--r--gnu/packages/admin.scm138
-rw-r--r--gnu/packages/algebra.scm4
-rw-r--r--gnu/packages/astronomy.scm4
-rw-r--r--gnu/packages/audacity.scm14
-rw-r--r--gnu/packages/audio.scm8
-rw-r--r--gnu/packages/backup.scm28
-rw-r--r--gnu/packages/bash.scm49
-rw-r--r--gnu/packages/benchmark.scm39
-rw-r--r--gnu/packages/bioinformatics.scm648
-rw-r--r--gnu/packages/bittorrent.scm91
-rw-r--r--gnu/packages/bootloaders.scm332
-rw-r--r--gnu/packages/bootstrap.scm39
-rw-r--r--gnu/packages/calendar.scm5
-rw-r--r--gnu/packages/cdrom.scm6
-rw-r--r--gnu/packages/check.scm4
-rw-r--r--gnu/packages/ci.scm7
-rw-r--r--gnu/packages/code.scm32
-rw-r--r--gnu/packages/compression.scm133
-rw-r--r--gnu/packages/compton.scm106
-rw-r--r--gnu/packages/crypto.scm38
-rw-r--r--gnu/packages/cups.scm9
-rw-r--r--gnu/packages/cyrus-sasl.scm4
-rw-r--r--gnu/packages/databases.scm264
-rw-r--r--gnu/packages/datamash.scm4
-rw-r--r--gnu/packages/disk.scm18
-rw-r--r--gnu/packages/django.scm4
-rw-r--r--gnu/packages/dns.scm16
-rw-r--r--gnu/packages/education.scm56
-rw-r--r--gnu/packages/emacs.scm283
-rw-r--r--gnu/packages/engineering.scm1
-rw-r--r--gnu/packages/enlightenment.scm8
-rw-r--r--gnu/packages/fcitx.scm36
-rw-r--r--gnu/packages/finance.scm51
-rw-r--r--gnu/packages/firmware.scm136
-rw-r--r--gnu/packages/fonts.scm249
-rw-r--r--gnu/packages/freedesktop.scm13
-rw-r--r--gnu/packages/ftp.scm18
-rw-r--r--gnu/packages/games.scm243
-rw-r--r--gnu/packages/gcal.scm6
-rw-r--r--gnu/packages/gd.scm29
-rw-r--r--gnu/packages/gdb.scm4
-rw-r--r--gnu/packages/geo.scm93
-rw-r--r--gnu/packages/ghostscript.scm9
-rw-r--r--gnu/packages/gimp.scm5
-rw-r--r--gnu/packages/gl.scm6
-rw-r--r--gnu/packages/glib.scm70
-rw-r--r--gnu/packages/gnome.scm555
-rw-r--r--gnu/packages/gnucash.scm4
-rw-r--r--gnu/packages/gnunet.scm36
-rw-r--r--gnu/packages/gnupg.scm85
-rw-r--r--gnu/packages/gnuzilla.scm41
-rw-r--r--gnu/packages/grub.scm161
-rw-r--r--gnu/packages/gsasl.scm2
-rw-r--r--gnu/packages/gstreamer.scm30
-rw-r--r--gnu/packages/gtk.scm86
-rw-r--r--gnu/packages/guile.scm132
-rw-r--r--gnu/packages/haskell.scm90
-rw-r--r--gnu/packages/image-viewers.scm59
-rw-r--r--gnu/packages/image.scm6
-rw-r--r--gnu/packages/imagemagick.scm4
-rw-r--r--gnu/packages/irc.scm24
-rw-r--r--gnu/packages/java.scm34
-rw-r--r--gnu/packages/kde.scm21
-rw-r--r--gnu/packages/kerberos.scm187
-rw-r--r--gnu/packages/ldc.scm210
-rw-r--r--gnu/packages/libevent.scm44
-rw-r--r--gnu/packages/libidn.scm7
-rw-r--r--gnu/packages/libupnp.scm6
-rw-r--r--gnu/packages/linux.scm218
-rw-r--r--gnu/packages/lisp.scm4
-rw-r--r--gnu/packages/lua.scm65
-rw-r--r--gnu/packages/lxde.scm23
-rw-r--r--gnu/packages/mail.scm229
-rw-r--r--gnu/packages/mate.scm2
-rw-r--r--gnu/packages/maths.scm129
-rw-r--r--gnu/packages/messaging.scm169
-rw-r--r--gnu/packages/mg.scm46
-rw-r--r--gnu/packages/mit-krb5.scm86
-rw-r--r--gnu/packages/mpd.scm8
-rw-r--r--gnu/packages/mtools.scm4
-rw-r--r--gnu/packages/music.scm168
-rw-r--r--gnu/packages/networking.scm73
-rw-r--r--gnu/packages/nfs.scm2
-rw-r--r--gnu/packages/node.scm2
-rw-r--r--gnu/packages/ocaml.scm815
-rw-r--r--gnu/packages/onc-rpc.scm4
-rw-r--r--gnu/packages/openbox.scm37
-rw-r--r--gnu/packages/orpheus.scm2
-rw-r--r--gnu/packages/package-management.scm47
-rw-r--r--gnu/packages/parallel.scm8
-rw-r--r--gnu/packages/password-utils.scm25
-rw-r--r--gnu/packages/patches/duplicity-piped-password.patch20
-rw-r--r--gnu/packages/patches/duplicity-test_selection-tmp.patch18
-rw-r--r--gnu/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch27
-rw-r--r--gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch40
-rw-r--r--gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch32
-rw-r--r--gnu/packages/patches/httpd-CVE-2016-8740.patch36
-rw-r--r--gnu/packages/patches/khal-disable-failing-tests.patch33
-rw-r--r--gnu/packages/patches/lcms-fix-out-of-bounds-read.patch34
-rw-r--r--gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch35
-rw-r--r--gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch414
-rw-r--r--gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch42
-rw-r--r--gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch40
-rw-r--r--gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch42
-rw-r--r--gnu/packages/patches/libevent-2.1-dns-tests.patch26
-rw-r--r--gnu/packages/patches/libevent-2.1-skip-failing-test.patch24
-rw-r--r--gnu/packages/patches/libtiff-CVE-2017-5225.patch86
-rw-r--r--gnu/packages/patches/libupnp-CVE-2016-6255.patch50
-rw-r--r--gnu/packages/patches/libupnp-CVE-2016-8863.patch72
-rw-r--r--gnu/packages/patches/libvpx-CVE-2016-2818.patch21
-rw-r--r--gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch188
-rw-r--r--gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch36
-rw-r--r--gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch42
-rw-r--r--gnu/packages/patches/omake-fix-non-determinism.patch41
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch233
-rw-r--r--gnu/packages/patches/p7zip-CVE-2016-9296.patch24
-rw-r--r--gnu/packages/patches/qemu-CVE-2016-10155.patch49
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-2615.patch52
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5525.patch55
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5526.patch58
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5552.patch44
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5578.patch39
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5579.patch44
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5667.patch46
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5856.patch68
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5898.patch44
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5931.patch55
-rw-r--r--gnu/packages/patches/screen-CVE-2017-5618.patch40
-rw-r--r--gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch31
-rw-r--r--gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch22
-rw-r--r--gnu/packages/patches/spice-CVE-2016-9577.patch33
-rw-r--r--gnu/packages/patches/spice-CVE-2016-9578-1.patch33
-rw-r--r--gnu/packages/patches/spice-CVE-2016-9578-2.patch38
-rw-r--r--gnu/packages/patches/tipp10-fix-compiling.patch213
-rw-r--r--gnu/packages/patches/tipp10-remove-license-code.patch332
-rw-r--r--gnu/packages/patches/totem-debug-format-fix.patch11
-rw-r--r--gnu/packages/patches/upower-builddir.patch2
-rw-r--r--gnu/packages/patches/vsearch-unbundle-cityhash.patch73
-rw-r--r--gnu/packages/patches/xf86-video-glint-remove-mibstore.patch24
-rw-r--r--gnu/packages/patches/xf86-video-nv-remove-mibstore.patch72
-rw-r--r--gnu/packages/patches/xinetd-CVE-2013-4342.patch36
-rw-r--r--gnu/packages/patches/xinetd-fix-fd-leak.patch26
-rw-r--r--gnu/packages/pdf.scm36
-rw-r--r--gnu/packages/perl.scm4
-rw-r--r--gnu/packages/photo.scm12
-rw-r--r--gnu/packages/plotutils.scm4
-rw-r--r--gnu/packages/polkit.scm26
-rw-r--r--gnu/packages/popt.scm14
-rw-r--r--gnu/packages/python.scm462
-rw-r--r--gnu/packages/qemu.scm15
-rw-r--r--gnu/packages/rdesktop.scm73
-rw-r--r--gnu/packages/re2c.scm47
-rw-r--r--gnu/packages/regex.scm7
-rw-r--r--gnu/packages/ruby.scm79
-rw-r--r--gnu/packages/rust.scm3
-rw-r--r--gnu/packages/scheme.scm1
-rw-r--r--gnu/packages/screen.scm10
-rw-r--r--gnu/packages/sdl.scm42
-rw-r--r--gnu/packages/search.scm34
-rw-r--r--gnu/packages/security-token.scm6
-rw-r--r--gnu/packages/serialization.scm86
-rw-r--r--gnu/packages/shells.scm66
-rw-r--r--gnu/packages/shellutils.scm4
-rw-r--r--gnu/packages/shishi.scm70
-rw-r--r--gnu/packages/simh.scm96
-rw-r--r--gnu/packages/spice.scm26
-rw-r--r--gnu/packages/ssh.scm4
-rw-r--r--gnu/packages/statistics.scm203
-rw-r--r--gnu/packages/suckless.scm463
-rw-r--r--gnu/packages/sync.scm48
-rw-r--r--gnu/packages/telephony.scm11
-rw-r--r--gnu/packages/terminals.scm68
-rw-r--r--gnu/packages/text-editors.scm102
-rw-r--r--gnu/packages/tls.scm66
-rw-r--r--gnu/packages/tor.scm86
-rw-r--r--gnu/packages/tv.scm8
-rw-r--r--gnu/packages/u-boot.scm136
-rw-r--r--gnu/packages/version-control.scm84
-rw-r--r--gnu/packages/video.scm99
-rw-r--r--gnu/packages/vim.scm84
-rw-r--r--gnu/packages/vpn.scm5
-rw-r--r--gnu/packages/web.scm122
-rw-r--r--gnu/packages/webkit.scm4
-rw-r--r--gnu/packages/wget.scm8
-rw-r--r--gnu/packages/wine.scm4
-rw-r--r--gnu/packages/wm.scm71
-rw-r--r--gnu/packages/xdisorg.scm26
-rw-r--r--gnu/packages/xfce.scm7
-rw-r--r--gnu/packages/xiph.scm4
-rw-r--r--gnu/packages/xorg.scm344
-rw-r--r--gnu/services.scm36
-rw-r--r--gnu/services/base.scm194
-rw-r--r--gnu/services/cuirass.scm16
-rw-r--r--gnu/services/cups.scm2
-rw-r--r--gnu/services/mail.scm2
-rw-r--r--gnu/services/messaging.scm6
-rw-r--r--gnu/services/networking.scm379
-rw-r--r--gnu/services/shepherd.scm2
-rw-r--r--gnu/services/spice.scm5
-rw-r--r--gnu/services/ssh.scm3
-rw-r--r--gnu/services/vpn.scm494
-rw-r--r--gnu/services/web.scm97
-rw-r--r--gnu/system.scm5
-rw-r--r--gnu/system/examples/bare-bones.tmpl2
-rw-r--r--gnu/system/examples/desktop.tmpl2
-rw-r--r--gnu/system/examples/lightweight-desktop.tmpl2
-rw-r--r--gnu/system/file-systems.scm94
-rw-r--r--gnu/system/grub.scm8
-rw-r--r--gnu/system/install.scm4
-rw-r--r--gnu/system/linux-container.scm21
-rw-r--r--gnu/system/mapped-devices.scm2
-rw-r--r--gnu/system/shadow.scm38
-rw-r--r--gnu/system/vm.scm2
-rw-r--r--gnu/tests/base.scm119
-rw-r--r--gnu/tests/install.scm65
-rw-r--r--gnu/tests/messaging.scm194
-rw-r--r--gnu/tests/web.scm146
223 files changed, 13435 insertions, 2744 deletions
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index 1b31dc1538..c4ed40e0de 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -25,9 +25,10 @@
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-26)
   #:export (activate-users+groups
+            activate-user-home
             activate-etc
             activate-setuid-programs
-            activate-/bin/sh
+            activate-special-files
             activate-modprobe
             activate-firmware
             activate-ptrace-attach
@@ -84,16 +85,27 @@
     (chmod file (logior #o600 (stat:perms stat)))))
 
 (define* (copy-account-skeletons home
-                                 #:optional (directory %skeleton-directory))
-  "Copy the account skeletons from DIRECTORY to HOME."
+                                 #:key
+                                 (directory %skeleton-directory)
+                                 uid gid)
+  "Copy the account skeletons from DIRECTORY to HOME.  When UID is an integer,
+make it the owner of all the files created; likewise for GID."
+  (define (set-owner file)
+    (when (or uid gid)
+      (chown file (or uid -1) (or gid -1))))
+
   (let ((files (scandir directory (negate dot-or-dot-dot?)
                         string<?)))
     (mkdir-p home)
+    (set-owner home)
     (for-each (lambda (file)
                 (let ((target (string-append home "/" file)))
                   (copy-recursively (string-append directory "/" file)
                                     target
                                     #:log (%make-void-port "w"))
+                  (for-each set-owner
+                            (find-files target (const #t)
+                                        #:directories? #t))
                   (make-file-writable target)))
               files)))
 
@@ -220,7 +232,7 @@ numeric gid or #f."
                      #:supplementary-groups supplementary-groups
                      #:comment comment
                      #:home home
-                     #:create-home? create-home?
+                     #:create-home? (and create-home? system?)
                      #:shell shell
                      #:password password)
 
@@ -268,6 +280,25 @@ numeric gid or #f."
                                (((names . _) ...)
                                 names)))))
 
+(define (activate-user-home users)
+  "Create and populate the home directory of USERS, a list of tuples, unless
+they already exist."
+  (define ensure-user-home
+    (match-lambda
+      ((name uid group supplementary-groups comment home create-home?
+             shell password system?)
+       (unless (or (not home) (directory-exists? home))
+         (let* ((pw  (getpwnam name))
+                (uid (passwd:uid pw))
+                (gid (passwd:gid pw)))
+           (mkdir-p home)
+           (chown home uid gid)
+           (unless system?
+             (copy-account-skeletons home
+                                     #:uid uid #:gid gid)))))))
+
+  (for-each ensure-user-home users))
+
 (define (activate-etc etc)
   "Install ETC, a directory in the store, as the source of static files for
 /etc."
@@ -352,10 +383,23 @@ copy SOURCE to TARGET."
 
   (for-each make-setuid-program programs))
 
-(define (activate-/bin/sh shell)
-  "Change /bin/sh to point to SHELL."
-  (symlink shell "/bin/sh.new")
-  (rename-file "/bin/sh.new" "/bin/sh"))
+(define (activate-special-files special-files)
+  "Install the files listed in SPECIAL-FILES.  Each element of SPECIAL-FILES
+is a pair where the first element is the name of the special file and the
+second element is the name it should appear at, such as:
+
+  ((\"/bin/sh\" \"/gnu/store/…-bash/bin/sh\")
+   (\"/usr/bin/env\" \"/gnu/store/…-coreutils/bin/env\"))
+"
+  (define install-special-file
+    (match-lambda
+      ((target file)
+       (let ((pivot (string-append target ".new")))
+         (mkdir-p (dirname target))
+         (symlink file pivot)
+         (rename-file pivot target)))))
+
+  (for-each install-special-file special-files))
 
 (define (activate-modprobe modprobe)
   "Tell the kernel to use MODPROBE to load modules."
diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm
index 6e5c6aaf15..f8ab95370c 100644
--- a/gnu/build/file-systems.scm
+++ b/gnu/build/file-systems.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016, 2017 David Craven <david@craven.ch>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -72,22 +72,33 @@
   "Bind-mount SOURCE at TARGET."
   (mount source target "" MS_BIND))
 
+(define (seek* fd/port offset whence)
+  "Like 'seek' but return -1 instead of throwing to 'system-error' upon
+EINVAL.  This makes it easier to catch cases like OFFSET being too large for
+FD/PORT."
+  (catch 'system-error
+    (lambda ()
+      (seek fd/port offset whence))
+    (lambda args
+      (if (= EINVAL (system-error-errno args))
+          -1
+          (apply throw args)))))
+
 (define (read-superblock device offset size magic?)
   "Read a superblock of SIZE from OFFSET and DEVICE.  Return the raw
 superblock on success, and #f if no valid superblock was found.  MAGIC?
 takes a bytevector and returns #t when it's a valid superblock."
   (call-with-input-file device
     (lambda (port)
-      (seek port offset SEEK_SET)
-
-      (let ((block (make-bytevector size)))
-        (match (get-bytevector-n! port block 0 (bytevector-length block))
-          ((? eof-object?)
-           #f)
-          ((? number? len)
-           (and (= len (bytevector-length block))
-                (and (magic? block)
-                     block))))))))
+      (and (= offset (seek* port offset SEEK_SET))
+           (let ((block (make-bytevector size)))
+             (match (get-bytevector-n! port block 0 (bytevector-length block))
+               ((? eof-object?)
+                #f)
+               ((? number? len)
+                (and (= len (bytevector-length block))
+                     (and (magic? block)
+                          block)))))))))
 
 (define (sub-bytevector bv start size)
   "Return a copy of the SIZE bytes of BV starting from offset START."
diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm
index b71d6a5f88..95bfd92dde 100644
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
+;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -32,7 +33,8 @@
             %namespaces
             run-container
             call-with-container
-            container-excursion))
+            container-excursion
+            container-excursion*))
 
 (define (user-namespace-supported?)
   "Return #t if user namespaces are supported on this system."
@@ -128,13 +130,19 @@ for the process."
               "/dev/fuse"))
 
   ;; Setup the container's /dev/console by bind mounting the pseudo-terminal
-  ;; associated with standard input.
-  (let ((in      (current-input-port))
-        (console (scope "/dev/console")))
-    (when (isatty? in)
+  ;; associated with standard input when there is one.
+  (let* ((in      (current-input-port))
+         (tty     (catch 'system-error
+                    (lambda ()
+                      ;; This call throws if IN does not correspond to a tty.
+                      ;; This is more reliable than 'isatty?'.
+                      (ttyname in))
+                    (const #f)))
+         (console (scope "/dev/console")))
+    (when tty
       (touch console)
       (chmod console #o600)
-      (bind-mount (ttyname in) console)))
+      (bind-mount tty console)))
 
   ;; Setup standard input/output/error.
   (symlink "/proc/self/fd"   (scope "/dev/fd"))
@@ -229,6 +237,8 @@ host user identifiers to map into the user namespace."
                                                                namespaces)))
                     (lambda args
                       ;; Forward the exception to the parent process.
+                      ;; FIXME: SRFI-35 conditions and non-trivial objects
+                      ;; cannot be 'read' so they shouldn't be written as is.
                       (write args child)
                       (primitive-exit 3))))
                 ;; TODO: Manage capabilities.
@@ -318,3 +328,21 @@ return the exit status."
      (match (waitpid pid)
        ((_ . status)
         (status:exit-val status))))))
+
+(define (container-excursion* pid thunk)
+  "Like 'container-excursion', but return the return value of THUNK."
+  (match (pipe)
+    ((in . out)
+     (match (container-excursion pid
+              (lambda ()
+                (close-port in)
+                (write (thunk) out)))
+       (0
+        (close-port out)
+        (let ((result (read in)))
+          (close-port in)
+          result))
+       (_                                         ;maybe PID died already
+        (close-port out)
+        (close-port in)
+        #f)))))
diff --git a/gnu/build/shepherd.scm b/gnu/build/shepherd.scm
new file mode 100644
index 0000000000..8fc74bc482
--- /dev/null
+++ b/gnu/build/shepherd.scm
@@ -0,0 +1,177 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu build shepherd)
+  #:use-module (gnu system file-systems)
+  #:use-module (gnu build linux-container)
+  #:use-module (guix build utils)
+  #:use-module (srfi srfi-1)
+  #:use-module (ice-9 match)
+  #:export (make-forkexec-constructor/container))
+
+;;; Commentary:
+;;;
+;;; This module provides extensions to the GNU Shepherd.  In particular, it
+;;; provides a helper to start services in a container.
+;;;
+;;; Code:
+
+(define (clean-up file)
+  (when file
+    (catch 'system-error
+      (lambda ()
+        (delete-file file))
+      (lambda args
+        (unless (= ENOENT (system-error-errno args))
+          (apply throw args))))))
+
+(define-syntax-rule (catch-system-error exp)
+  (catch 'system-error
+    (lambda ()
+      exp)
+    (const #f)))
+
+(define (default-namespaces args)
+  ;; Most daemons are here to talk to the network, and most of them expect to
+  ;; run under a non-zero UID.
+  (fold delq %namespaces '(net user)))
+
+(define* (default-mounts #:key (namespaces (default-namespaces '())))
+  (define (tmpfs directory)
+    (file-system
+      (device "none")
+      (title 'device)
+      (mount-point directory)
+      (type "tmpfs")
+      (check? #f)))
+
+  (define passwd
+    ;; This is for processes in the default user namespace but living in a
+    ;; different mount namespace, so that they can lookup users.
+    (file-system-mapping
+     (source "/etc/passwd") (target source)))
+
+  (define nscd-socket
+    (file-system-mapping
+     (source "/var/run/nscd") (target source)
+     (writable? #t)))
+
+  (append (cons (tmpfs "/tmp") %container-file-systems)
+          (let ((mappings `(,@(if (memq 'net namespaces)
+                                  '()
+                                  (cons nscd-socket
+                                        %network-file-mappings))
+                            ,@(if (and (memq 'mnt namespaces)
+                                       (not (memq 'user namespaces)))
+                                  (list passwd)
+                                  '())
+                            ,%store-mapping)))    ;XXX: coarse-grain
+            (map file-system-mapping->bind-mount
+                 (filter (lambda (mapping)
+                           (file-exists? (file-system-mapping-source mapping)))
+                         mappings)))))
+
+;; XXX: Lazy-bind the Shepherd to avoid a compile-time dependency.
+(module-autoload! (current-module)
+                  '(shepherd service) '(read-pid-file exec-command))
+
+(define* (read-pid-file/container pid pid-file #:key (max-delay 5))
+  "Read PID-FILE in the container namespaces of PID, which exists in a
+separate mount and PID name space.  Return the \"outer\" PID. "
+  (match (container-excursion* pid
+           (lambda ()
+             (read-pid-file pid-file
+                            #:max-delay max-delay)))
+    (#f
+     (catch-system-error (kill pid SIGTERM))
+     #f)
+    ((? integer? container-pid)
+     ;; XXX: When COMMAND is started in a separate PID namespace, its
+     ;; PID is always 1, but that's not what Shepherd needs to know.
+     pid)))
+
+(define* (make-forkexec-constructor/container command
+                                              #:key
+                                              (namespaces
+                                               (default-namespaces args))
+                                              (mappings '())
+                                              (user #f)
+                                              (group #f)
+                                              (log-file #f)
+                                              pid-file
+                                              (pid-file-timeout 5)
+                                              (directory "/")
+                                              (environment-variables
+                                               (environ))
+                                              #:rest args)
+  "This is a variant of 'make-forkexec-constructor' that starts COMMAND in
+NAMESPACES, a list of Linux namespaces such as '(mnt ipc).  MAPPINGS is the
+list of <file-system-mapping> to make in the case of a separate mount
+namespace, in addition to essential bind-mounts such /proc."
+  (define container-directory
+    (match command
+      ((program _  ...)
+       (string-append "/var/run/containers/" (basename program)))))
+
+  (define auto-mappings
+    `(,@(if log-file
+            (list (file-system-mapping
+                   (source log-file)
+                   (target source)
+                   (writable? #t)))
+            '())))
+
+  (define mounts
+    (append (map file-system-mapping->bind-mount
+                 (append auto-mappings mappings))
+            (default-mounts #:namespaces namespaces)))
+
+  (lambda args
+    (mkdir-p container-directory)
+
+    (when log-file
+      ;; Create LOG-FILE so we can map it in the container.
+      (unless (file-exists? log-file)
+        (call-with-output-file log-file (const #t))))
+
+    (let ((pid (run-container container-directory
+                              mounts namespaces 1
+                              (lambda ()
+                                (mkdir-p "/var/run")
+                                (clean-up pid-file)
+                                (clean-up log-file)
+
+                                (exec-command command
+                                              #:user user
+                                              #:group group
+                                              #:log-file log-file
+                                              #:directory directory
+                                              #:environment-variables
+                                              environment-variables)))))
+      (if pid-file
+          (if (or (memq 'mnt namespaces) (memq 'pid namespaces))
+              (read-pid-file/container pid pid-file
+                                       #:max-delay pid-file-timeout)
+              (read-pid-file pid-file #:max-delay pid-file-timeout))
+          pid))))
+
+;; Local Variables:
+;; eval: (put 'container-excursion* 'scheme-indent-function 1)
+;; End:
+
+;;; shepherd.scm ends here
diff --git a/gnu/local.mk b/gnu/local.mk
index 2f852b5da0..8615d12b08 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1,10 +1,10 @@
 # GNU Guix --- Functional package management for GNU
-# Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+# Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 # Copyright © 2013, 2014, 2015, 2016 Andreas Enge <andreas@enge.fr>
 # Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
 # Copyright © 2013, 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 # Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
-# Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+# Copyright © 2016, 2017 Kei Kebreau <kei@openmailbox.org>
 # Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
 # Copyright © 2016 Adonay "adfeno" Felipe Nogueira <https://libreplanet.org/wiki/User:Adfeno> <adfeno@openmailbox.org>
 # Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
@@ -64,6 +64,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/bittorrent.scm			\
   %D%/packages/bison.scm			\
   %D%/packages/boost.scm			\
+  %D%/packages/bootloaders.scm			\
   %D%/packages/bootstrap.scm			\
   %D%/packages/busybox.scm			\
   %D%/packages/c.scm				\
@@ -78,6 +79,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/code.scm				\
   %D%/packages/commencement.scm			\
   %D%/packages/compression.scm			\
+  %D%/packages/compton.scm 			\
   %D%/packages/conkeror.scm			\
   %D%/packages/conky.scm			\
   %D%/packages/connman.scm			\
@@ -169,7 +171,6 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/graphics.scm			\
   %D%/packages/graphviz.scm			\
   %D%/packages/groff.scm			\
-  %D%/packages/grub.scm				\
   %D%/packages/gsasl.scm			\
   %D%/packages/gstreamer.scm			\
   %D%/packages/gtk.scm				\
@@ -199,6 +200,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/julia.scm			\
   %D%/packages/kde.scm              \
   %D%/packages/kde-frameworks.scm		\
+  %D%/packages/kerberos.scm			\
   %D%/packages/key-mon.scm			\
   %D%/packages/kodi.scm				\
   %D%/packages/language.scm			\
@@ -252,7 +254,6 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/mingw.scm			\
   %D%/packages/mg.scm				\
   %D%/packages/microcom.scm			\
-  %D%/packages/mit-krb5.scm			\
   %D%/packages/moe.scm				\
   %D%/packages/monitoring.scm			\
   %D%/packages/mono.scm				\
@@ -317,6 +318,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/ratpoison.scm			\
   %D%/packages/rdesktop.scm			\
   %D%/packages/rdf.scm				\
+  %D%/packages/re2c.scm				\
   %D%/packages/readline.scm			\
   %D%/packages/regex.scm				\
   %D%/packages/rrdtool.scm			\
@@ -339,7 +341,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/serveez.scm			\
   %D%/packages/shells.scm			\
   %D%/packages/shellutils.scm			\
-  %D%/packages/shishi.scm			\
+  %D%/packages/simh.scm				\
   %D%/packages/skarnet.scm			\
   %D%/packages/skribilo.scm			\
   %D%/packages/slang.scm			\
@@ -372,7 +374,6 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/unrtf.scm			\
   %D%/packages/upnp.scm				\
   %D%/packages/uucp.scm				\
-  %D%/packages/u-boot.scm			\
   %D%/packages/valgrind.scm			\
   %D%/packages/version-control.scm		\
   %D%/packages/video.scm			\
@@ -424,6 +425,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/services/spice.scm				\
   %D%/services/ssh.scm				\
   %D%/services/version-control.scm              \
+  %D%/services/vpn.scm				\
   %D%/services/web.scm				\
   %D%/services/xorg.scm				\
 						\
@@ -449,6 +451,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/build/linux-initrd.scm			\
   %D%/build/linux-modules.scm			\
   %D%/build/marionette.scm			\
+  %D%/build/shepherd.scm			\
   %D%/build/svg.scm				\
   %D%/build/vm.scm				\
 						\
@@ -457,7 +460,9 @@ GNU_SYSTEM_MODULES =				\
   %D%/tests/nfs.scm				\
   %D%/tests/install.scm				\
   %D%/tests/mail.scm				\
-  %D%/tests/ssh.scm
+  %D%/tests/messaging.scm			\
+  %D%/tests/ssh.scm				\
+  %D%/tests/web.scm
 
 
 patchdir = $(guilemoduledir)/%D%/packages/patches
@@ -526,8 +531,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/doc++-include-directives.patch		\
   %D%/packages/patches/doc++-segfault-fix.patch			\
   %D%/packages/patches/doxygen-test.patch			\
-  %D%/packages/patches/duplicity-piped-password.patch		\
-  %D%/packages/patches/duplicity-test_selection-tmp.patch	\
   %D%/packages/patches/elfutils-tests-ptrace.patch		\
   %D%/packages/patches/elixir-disable-failing-tests.patch	\
   %D%/packages/patches/einstein-build.patch			\
@@ -575,6 +578,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/gd-fix-truecolor-format-correction.patch	\
   %D%/packages/patches/gegl-CVE-2012-4433.patch			\
   %D%/packages/patches/geoclue-config.patch			\
+  %D%/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch	\
   %D%/packages/patches/ghostscript-CVE-2013-5653.patch		\
   %D%/packages/patches/ghostscript-CVE-2015-3228.patch		\
   %D%/packages/patches/ghostscript-CVE-2016-7976.patch		\
@@ -593,7 +597,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/gmp-faulty-test.patch			\
   %D%/packages/patches/gnome-tweak-tool-search-paths.patch	\
   %D%/packages/patches/gnucash-price-quotes-perl.patch		\
-  %D%/packages/patches/gnupg-test-segfault-on-32bit-arch.patch	\
   %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
   %D%/packages/patches/gobject-introspection-cc.patch		\
   %D%/packages/patches/gobject-introspection-girepository.patch	\
@@ -602,6 +605,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/grub-gets-undeclared.patch		\
   %D%/packages/patches/grub-freetype.patch			\
   %D%/packages/patches/gsl-test-i686.patch			\
+  %D%/packages/patches/gst-plugins-base-fix-test-on-32bit.patch	\
   %D%/packages/patches/guile-1.8-cpp-4.5.patch			\
   %D%/packages/patches/guile-arm-fixes.patch			\
   %D%/packages/patches/guile-default-utf8.patch			\
@@ -630,7 +634,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/hdf-eos5-fortrantests.patch		\
   %D%/packages/patches/higan-remove-march-native-flag.patch	\
   %D%/packages/patches/hop-linker-flags.patch			\
-  %D%/packages/patches/httpd-CVE-2016-8740.patch			\
   %D%/packages/patches/hydra-disable-darcs-test.patch		\
   %D%/packages/patches/hypre-doc-tables.patch			\
   %D%/packages/patches/hypre-ldflags.patch			\
@@ -645,7 +648,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/jbig2dec-ignore-testtest.patch		\
   %D%/packages/patches/jq-CVE-2015-8863.patch			\
   %D%/packages/patches/kdbusaddons-kinit-file-name.patch	\
-  %D%/packages/patches/khal-disable-failing-tests.patch		\
   %D%/packages/patches/khmer-use-libraries.patch                \
   %D%/packages/patches/kmod-module-directory.patch		\
   %D%/packages/patches/kobodeluxe-paths.patch			\
@@ -655,7 +657,10 @@ dist_patch_DATA =						\
   %D%/packages/patches/kobodeluxe-midicon-segmentation-fault.patch	\
   %D%/packages/patches/kobodeluxe-graphics-window-signed-char.patch	\
   %D%/packages/patches/laby-make-install.patch			\
+  %D%/packages/patches/lcms-fix-out-of-bounds-read.patch	\
   %D%/packages/patches/ldc-disable-tests.patch			\
+  %D%/packages/patches/ldc-1.1.0-disable-dmd-tests.patch	\
+  %D%/packages/patches/ldc-1.1.0-disable-phobos-tests.patch	\
   %D%/packages/patches/liba52-enable-pic.patch			\
   %D%/packages/patches/liba52-link-with-libm.patch		\
   %D%/packages/patches/liba52-set-soname.patch			\
@@ -670,6 +675,11 @@ dist_patch_DATA =						\
   %D%/packages/patches/libdrm-symbol-check.patch		\
   %D%/packages/patches/libepoxy-gl-null-checks.patch		\
   %D%/packages/patches/libevent-dns-tests.patch			\
+  %D%/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch	\
+  %D%/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch	\
+  %D%/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch	\
+  %D%/packages/patches/libevent-2.1-dns-tests.patch		\
+  %D%/packages/patches/libevent-2.1-skip-failing-test.patch	\
   %D%/packages/patches/libextractor-ffmpeg-3.patch		\
   %D%/packages/patches/libjxr-fix-function-signature.patch	\
   %D%/packages/patches/libjxr-fix-typos.patch			\
@@ -687,6 +697,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libtiff-CVE-2016-10092.patch		\
   %D%/packages/patches/libtiff-CVE-2016-10093.patch		\
   %D%/packages/patches/libtiff-CVE-2016-10094.patch		\
+  %D%/packages/patches/libtiff-CVE-2017-5225.patch		\
   %D%/packages/patches/libtiff-assertion-failure.patch		\
   %D%/packages/patches/libtiff-divide-by-zero-ojpeg.patch	\
   %D%/packages/patches/libtiff-divide-by-zero-tiffcp.patch	\
@@ -701,8 +712,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/libtiff-tiffcp-underflow.patch		\
   %D%/packages/patches/libtool-skip-tests2.patch		\
   %D%/packages/patches/libunwind-CVE-2015-3239.patch		\
-  %D%/packages/patches/libupnp-CVE-2016-6255.patch		\
-  %D%/packages/patches/libupnp-CVE-2016-8863.patch		\
   %D%/packages/patches/libvpx-CVE-2016-2818.patch		\
   %D%/packages/patches/libwebp-CVE-2016-9085.patch		\
   %D%/packages/patches/libwmf-CAN-2004-0941.patch		\
@@ -721,6 +730,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libxml2-CVE-2016-5131.patch		\
   %D%/packages/patches/libxslt-generated-ids.patch		\
   %D%/packages/patches/libxslt-CVE-2016-4738.patch		\
+  %D%/packages/patches/libxt-guix-search-paths.patch		\
   %D%/packages/patches/linux-pam-no-setfsuid.patch		\
   %D%/packages/patches/lirc-localstatedir.patch			\
   %D%/packages/patches/llvm-for-extempore.patch			\
@@ -753,6 +763,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/multiqc-fix-git-subprocess-error.patch	\
   %D%/packages/patches/mumps-build-parallelism.patch		\
   %D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch	\
+  %D%/packages/patches/mupdf-mujs-CVE-2016-10132.patch		\
+  %D%/packages/patches/mupdf-mujs-CVE-2016-10133.patch		\
   %D%/packages/patches/mupen64plus-ui-console-notice.patch	\
   %D%/packages/patches/musl-CVE-2016-8859.patch			\
   %D%/packages/patches/mutt-store-references.patch		\
@@ -766,6 +778,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/ninja-zero-mtime.patch			\
   %D%/packages/patches/node-9077.patch				\
   %D%/packages/patches/nss-pkgconfig.patch			\
+  %D%/packages/patches/ntfs-3g-CVE-2017-0358.patch		\
   %D%/packages/patches/nvi-assume-preserve-path.patch		\
   %D%/packages/patches/nvi-dbpagesize-binpower.patch		\
   %D%/packages/patches/nvi-db4.patch				\
@@ -774,11 +787,13 @@ dist_patch_DATA =						\
   %D%/packages/patches/ocaml-CVE-2015-8869.patch		\
   %D%/packages/patches/ocaml-Add-a-.file-directive.patch	\
   %D%/packages/patches/ocaml-findlib-make-install.patch	\
+  %D%/packages/patches/omake-fix-non-determinism.patch	\
   %D%/packages/patches/ola-readdir-r.patch			\
   %D%/packages/patches/openexr-missing-samples.patch		\
   %D%/packages/patches/openjpeg-CVE-2016-5157.patch		\
   %D%/packages/patches/openjpeg-CVE-2016-7163.patch		\
   %D%/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch		\
+  %D%/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch		\
   %D%/packages/patches/openjpeg-use-after-free-fix.patch	\
   %D%/packages/patches/openocd-nrf52.patch			\
   %D%/packages/patches/openssl-runpath.patch			\
@@ -786,6 +801,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/openssl-c-rehash-in.patch		\
   %D%/packages/patches/orpheus-cast-errors-and-includes.patch	\
   %D%/packages/patches/ots-no-include-missing-file.patch	\
+  %D%/packages/patches/p7zip-CVE-2016-9296.patch			\
   %D%/packages/patches/p7zip-remove-unused-code.patch		\
   %D%/packages/patches/patchelf-page-size.patch			\
   %D%/packages/patches/patchelf-rework-for-arm.patch		\
@@ -849,6 +865,17 @@ dist_patch_DATA =						\
   %D%/packages/patches/python-pycrypto-CVE-2013-7459.patch	\
   %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \
   %D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch	\
+  %D%/packages/patches/qemu-CVE-2016-10155.patch			\
+  %D%/packages/patches/qemu-CVE-2017-2615.patch			\
+  %D%/packages/patches/qemu-CVE-2017-5525.patch			\
+  %D%/packages/patches/qemu-CVE-2017-5526.patch			\
+  %D%/packages/patches/qemu-CVE-2017-5552.patch			\
+  %D%/packages/patches/qemu-CVE-2017-5578.patch			\
+  %D%/packages/patches/qemu-CVE-2017-5579.patch			\
+  %D%/packages/patches/qemu-CVE-2017-5667.patch			\
+  %D%/packages/patches/qemu-CVE-2017-5856.patch			\
+  %D%/packages/patches/qemu-CVE-2017-5898.patch			\
+  %D%/packages/patches/qemu-CVE-2017-5931.patch			\
   %D%/packages/patches/qt4-ldflags.patch			\
   %D%/packages/patches/quickswitch-fix-dmenu-check.patch	\
   %D%/packages/patches/rapicorn-isnan.patch			\
@@ -866,10 +893,12 @@ dist_patch_DATA =						\
   %D%/packages/patches/sed-hurd-path-max.patch			\
   %D%/packages/patches/scheme48-tests.patch			\
   %D%/packages/patches/scotch-test-threading.patch		\
+  %D%/packages/patches/screen-CVE-2017-5618.patch		\
   %D%/packages/patches/sdl-libx11-1.6.patch			\
   %D%/packages/patches/seq24-rename-mutex.patch			\
   %D%/packages/patches/serf-comment-style-fix.patch		\
   %D%/packages/patches/serf-deflate-buckets-test-fix.patch	\
+  %D%/packages/patches/shadow-4.4-su-snprintf-fix.patch         \
   %D%/packages/patches/slim-session.patch			\
   %D%/packages/patches/slim-config.patch			\
   %D%/packages/patches/slim-sigusr1.patch			\
@@ -877,6 +906,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/slim-login.patch				\
   %D%/packages/patches/slurm-configure-remove-nonfree-contribs.patch \
   %D%/packages/patches/soprano-find-clucene.patch		\
+  %D%/packages/patches/spice-CVE-2016-9577.patch		\
+  %D%/packages/patches/spice-CVE-2016-9578-1.patch		\
+  %D%/packages/patches/spice-CVE-2016-9578-2.patch		\
   %D%/packages/patches/steghide-fixes.patch			\
   %D%/packages/patches/superlu-dist-scotchmetis.patch		\
   %D%/packages/patches/swish-e-search.patch			\
@@ -896,11 +928,12 @@ dist_patch_DATA =						\
   %D%/packages/patches/texi2html-i18n.patch			\
   %D%/packages/patches/tidy-CVE-2015-5522+5523.patch		\
   %D%/packages/patches/tinyxml-use-stl.patch			\
+  %D%/packages/patches/tipp10-fix-compiling.patch		\
+  %D%/packages/patches/tipp10-remove-license-code.patch		\
   %D%/packages/patches/tk-find-library.patch			\
   %D%/packages/patches/ttf2eot-cstddef.patch			\
   %D%/packages/patches/ttfautohint-source-date-epoch.patch	\
   %D%/packages/patches/tophat-build-with-later-seqan.patch	\
-  %D%/packages/patches/totem-debug-format-fix.patch		\
   %D%/packages/patches/tuxpaint-stamps-path.patch		\
   %D%/packages/patches/unrtf-CVE-2016-10091.patch		\
   %D%/packages/patches/unzip-CVE-2014-8139.patch		\
@@ -939,16 +972,16 @@ dist_patch_DATA =						\
   %D%/packages/patches/xf86-video-ark-remove-mibstore.patch	\
   %D%/packages/patches/xf86-video-ast-remove-mibstore.patch	\
   %D%/packages/patches/xf86-video-geode-glibc-2.20.patch	\
-  %D%/packages/patches/xf86-video-glint-remove-mibstore.patch	\
   %D%/packages/patches/xf86-video-i128-remove-mibstore.patch	\
   %D%/packages/patches/xf86-video-intel-compat-api.patch	\
   %D%/packages/patches/xf86-video-intel-glibc-2.20.patch	\
   %D%/packages/patches/xf86-video-mach64-glibc-2.20.patch	\
-  %D%/packages/patches/xf86-video-nv-remove-mibstore.patch	\
   %D%/packages/patches/xf86-video-tga-remove-mibstore.patch	\
   %D%/packages/patches/xfce4-panel-plugins.patch		\
   %D%/packages/patches/xfce4-session-fix-xflock4.patch		\
   %D%/packages/patches/xfce4-settings-defaults.patch		\
+  %D%/packages/patches/xinetd-fix-fd-leak.patch			\
+  %D%/packages/patches/xinetd-CVE-2013-4342.patch		\
   %D%/packages/patches/xmodmap-asprintf.patch 			\
   %D%/packages/patches/libyaml-CVE-2014-9130.patch 		\
   %D%/packages/patches/zathura-plugindir-environment-variable.patch
diff --git a/gnu/packages.scm b/gnu/packages.scm
index f55c294a18..0aa289d56c 100644
--- a/gnu/packages.scm
+++ b/gnu/packages.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
@@ -24,6 +24,7 @@
   #:use-module (guix packages)
   #:use-module (guix ui)
   #:use-module (guix utils)
+  #:use-module (guix memoization)
   #:use-module (guix combinators)
   #:use-module ((guix build utils)
                 #:select ((package-name->name+version
@@ -234,28 +235,27 @@ decreasing version order."
             matching)))))
 
 (define find-newest-available-packages
-  (memoize
-   (lambda ()
-     "Return a vhash keyed by package names, and with
+  (mlambda ()
+    "Return a vhash keyed by package names, and with
 associated values of the form
 
   (newest-version newest-package ...)
 
 where the preferred package is listed first."
 
-     ;; FIXME: Currently, the preferred package is whichever one
-     ;; was found last by 'fold-packages'.  Find a better solution.
-     (fold-packages (lambda (p r)
-                      (let ((name    (package-name p))
-                            (version (package-version p)))
-                        (match (vhash-assoc name r)
-                          ((_ newest-so-far . pkgs)
-                           (case (version-compare version newest-so-far)
-                             ((>) (vhash-cons name `(,version ,p) r))
-                             ((=) (vhash-cons name `(,version ,p ,@pkgs) r))
-                             ((<) r)))
-                          (#f (vhash-cons name `(,version ,p) r)))))
-                    vlist-null))))
+    ;; FIXME: Currently, the preferred package is whichever one
+    ;; was found last by 'fold-packages'.  Find a better solution.
+    (fold-packages (lambda (p r)
+                     (let ((name    (package-name p))
+                           (version (package-version p)))
+                       (match (vhash-assoc name r)
+                         ((_ newest-so-far . pkgs)
+                          (case (version-compare version newest-so-far)
+                            ((>) (vhash-cons name `(,version ,p) r))
+                            ((=) (vhash-cons name `(,version ,p ,@pkgs) r))
+                            ((<) r)))
+                         (#f (vhash-cons name `(,version ,p) r)))))
+                   vlist-null)))
 
 (define (find-best-packages-by-name name version)
   "If version is #f, return the list of packages named NAME with the highest
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 687cfad970..e12cfd23e3 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013 Cyril Roelandt <tipecaml@gmail.com>
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014, 2015, 2016 Eric Bavier <bavier@member.fsf.org>
@@ -12,7 +12,7 @@
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Peter Feigl <peter.feigl@nexoid.at>
 ;;; Copyright © 2016 John J. Foerch <jjfoerch@earthlink.net>
-;;; Coypright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Coypright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Coypright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Coypright © 2016 John Darrington <jmd@gnu.org>
 ;;;
@@ -75,7 +75,7 @@
   #:use-module (gnu packages man)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages gnome)
-  #:use-module (gnu packages mit-krb5)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages gtk))
 
 (define-public aide
@@ -270,40 +270,41 @@ client and server, a telnet client and server, and an rsh client and server.")
 (define-public shadow
   (package
     (name "shadow")
-    (version "4.2.1")
+    (version "4.4")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                    "http://pkg-shadow.alioth.debian.org/releases/"
-                    name "-" version ".tar.xz"))
+                    "https://github.com/shadow-maint/shadow/releases/"
+                    "download/" version "/shadow-" version ".tar.xz"))
+              (patches (search-patches "shadow-4.4-su-snprintf-fix.patch"))
               (sha256
                (base32
-                "0h9x1zdbq0pqmygmc1x459jraiqw4gqz8849v268crk78z8r621v"))))
+                "0g7hf55ar2pafg5g3ldx0fwzjk36wf4xb21p4ndanbjm3c2a9ab1"))))
     (build-system gnu-build-system)
     (arguments
      '(;; Assume System V `setpgrp (void)', which is the default on GNU
        ;; variants (`AC_FUNC_SETPGRP' is not cross-compilation capable.)
-       #:configure-flags '("--with-libpam" "ac_cv_func_setpgrp_void=yes")
+       #:configure-flags
+       '("--with-libpam" "ac_cv_func_setpgrp_void=yes")
 
-       #:phases (alist-cons-before
-                 'build 'set-nscd-file-name
-                 (lambda* (#:key inputs #:allow-other-keys)
-                   ;; Use the right file name for nscd.
-                   (let ((libc (assoc-ref inputs "libc")))
-                     (substitute* "lib/nscd.c"
-                       (("/usr/sbin/nscd")
-                        (string-append libc "/sbin/nscd")))))
-                 (alist-cons-after
-                  'install 'remove-groups
-                  (lambda* (#:key outputs #:allow-other-keys)
-                    ;; Remove `groups', which is already provided by Coreutils.
-                    (let* ((out (assoc-ref outputs "out"))
-                           (bin (string-append out "/bin"))
-                           (man (string-append out "/share/man")))
-                      (delete-file (string-append bin "/groups"))
-                      (for-each delete-file (find-files man "^groups\\."))
-                      #t))
-                  %standard-phases))))
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'set-nscd-file-name
+           (lambda* (#:key inputs #:allow-other-keys)
+             ;; Use the right file name for nscd.
+             (let ((libc (assoc-ref inputs "libc")))
+               (substitute* "lib/nscd.c"
+                 (("/usr/sbin/nscd")
+                  (string-append libc "/sbin/nscd"))))))
+         (add-after 'install 'remove-groups
+           (lambda* (#:key outputs #:allow-other-keys)
+             ;; Remove `groups', which is already provided by Coreutils.
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin"))
+                    (man (string-append out "/share/man")))
+               (delete-file (string-append bin "/groups"))
+               (for-each delete-file (find-files man "^groups\\."))
+               #t))))))
 
     (inputs (if (string-suffix? "-linux"
                                 (or (%current-target-system)
@@ -471,7 +472,7 @@ connection alive.")
          (bind-minor-version "9")
          (bind-patch-version "9")
          (bind-release-type "-P")         ; for patch release, use "-P"
-         (bind-release-version "5")      ; for patch release, e.g. "4"
+         (bind-release-version "6")      ; for patch release, e.g. "6"
          (bind-version (string-append bind-major-version
                                       "."
                                       bind-minor-version
@@ -587,7 +588,7 @@ connection alive.")
                                         "/bind-" bind-version ".tar.gz"))
                     (sha256
                      (base32
-                      "1yn15chkfqf4d7961ip2x10jm27a9wqymz2xqh0a2g89arrirkaw"))))
+                      "1qf9j0nyqx0qy871mj22xh4dg0n1pqlv94lpiijb8vr7n7m3svhr"))))
 
                 ;; When cross-compiling, we need the cross Coreutils and sed.
                 ;; Otherwise just use those from %FINAL-INPUTS.
@@ -608,14 +609,14 @@ tools: server, client, and relay agent.")
 (define-public libpcap
   (package
     (name "libpcap")
-    (version "1.7.4")
+    (version "1.8.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://www.tcpdump.org/release/libpcap-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1c28ykkizd7jqgzrfkg7ivqjlqs9p6lygp26bsw2i0z8hwhi3lvs"))))
+                "07jlhc66z76dipj4j5v3dig8x6h3k6cb36kmnmpsixf3zmlvqgb7"))))
     (build-system gnu-build-system)
     (native-inputs `(("bison" ,bison) ("flex" ,flex)))
     (arguments '(#:configure-flags '("--with-pcap=linux")
@@ -633,14 +634,14 @@ network statistics collection, security monitoring, network debugging, etc.")
 (define-public tcpdump
   (package
     (name "tcpdump")
-    (version "4.7.4")
+    (version "4.9.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://www.tcpdump.org/release/tcpdump-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1byr8w6grk08fsq0444jmcz9ar89lq9nf4mjq2cny0w9k8k21rbb"))))
+                "0pjsxsy8l71i813sa934cwf1ryp9xbr7nxwsvnzavjdirchq3sga"))))
     (build-system gnu-build-system)
     (inputs `(("libpcap" ,libpcap)
               ("openssl" ,openssl)))
@@ -1345,14 +1346,14 @@ of supported upstream metrics systems simultaneously.")
 (define-public ansible
   (package
     (name "ansible")
-    (version "2.1.0.0")
+    (version "2.2.1.0")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "ansible" version))
        (sha256
         (base32
-         "1bfc2xiplpad6f2nwi48y0kps7xqnsll85dlz63cy8k5bysl6d20"))))
+         "0gz9i30pdmkchi936ijy873k8di6fmf3v5rv551hxyf0hjkjx8b3"))))
     (build-system python-build-system)
     (native-inputs
      `(("python2-pycrypto" ,python2-pycrypto)
@@ -1716,7 +1717,10 @@ throughput (in the same interval).")
     (native-inputs
      `(("python-mock" ,python-mock)
        ("python-pytest" ,python-pytest)
-       ("python-pytest-mock" ,python-pytest-mock)))
+       ("python-pytest-mock" ,python-pytest-mock)
+       ;; Requires setuptools >= 17.1 due to some features used, while our
+       ;; python currently only includes 12.0. TODO: Remove this input.
+       ("python-setuptools" ,python-setuptools)))
     (home-page "https://github.com/nvbn/thefuck")
     (synopsis "Correct mistyped console command")
     (description
@@ -1927,3 +1931,65 @@ in order to be able to find it.
 @item @command{sunxi-nand-image-builder}: Prepares raw NAND images.
 @end enumerate")
     (license license:gpl2+)))
+
+(define-public sedsed
+  (package
+    (name "sedsed")
+    (version "1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/aureliojargas/sedsed/"
+                           "archive/v" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0139jkqvm8ipiwfj7k69ry2f9b1ffgpk79arpz4r7w9kf6h23bnh"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:tests? #f ; No tests.
+       #:python ,python-2
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-sed-in
+           (lambda _
+             (substitute* "sedsed.py"
+               (("sedbin = 'sed'")
+                (string-append "sedbin = '" (which "sed") "'")))
+             #t))
+         (delete 'build)
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin")))
+               ;; Just one file to copy around
+               (install-file "sedsed.py" bin)
+               #t)))
+         (add-after 'install 'symlink
+           ;; Create 'sedsed' symlink to "sedsed.py".
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin"))
+                    (sed (string-append bin "/sedsed"))
+                    (sedpy (string-append bin "/sedsed.py")))
+               (symlink  sedpy sed)
+               #t))))))
+    (home-page "http://aurelio.net/projects/sedsed")
+    (synopsis "Sed sed scripts")
+    (description
+     "@code{sedsed} can debug, indent, tokenize and HTMLize your sed(1) script.
+
+In debug mode it reads your script and add extra commands to it.  When
+executed you can see the data flow between the commands, revealing all the
+magic sed does on its internal buffers.
+
+In indent mode your script is reformatted with standard spacing.
+
+In tokenize mode you can see the elements of every command you use.
+
+In HTMLize mode your script is converted to a beautiful colored HTML file,
+with all the commands and parameters identified for your viewing pleasure.
+
+With sedsed you can master any sed script.  No more secrets, no more hidden
+buffers.")
+    (license license:expat)))
diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm
index b859da0e7e..544b62a1da 100644
--- a/gnu/packages/algebra.scm
+++ b/gnu/packages/algebra.scm
@@ -202,7 +202,7 @@ GP2C, the GP to C compiler, translates GP scripts to PARI programs.")
 (define-public giac-xcas
   (package
     (name "giac-xcas")
-    (version "1.2.2-103")
+    (version "1.2.3-19")
     (source (origin
               (method url-fetch)
               ;; "~parisse/giac" is not used because the maintainer regularly
@@ -214,7 +214,7 @@ GP2C, the GP to C compiler, translates GP scripts to PARI programs.")
                                   "source/giac_" version ".tar.gz"))
               (sha256
                (base32
-                "1qrhjw2sdvyv2x8fqs9isqv8rgldn448gfxbi7zbva8m5va5b3z1"))))
+                "0asynsj0xcfdjn0vkyxdgdy3hfpr6gc9f92xxa1rmn7clbqmlk1y"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/astronomy.scm b/gnu/packages/astronomy.scm
index c1b15e1dee..f390ce4486 100644
--- a/gnu/packages/astronomy.scm
+++ b/gnu/packages/astronomy.scm
@@ -58,7 +58,7 @@ in FITS files.")
 (define-public wcslib
   (package
     (name "wcslib")
-    (version "5.15")
+    (version "5.16")
     (source
      (origin
        (method url-fetch)
@@ -66,7 +66,7 @@ in FITS files.")
              "ftp://ftp.atnf.csiro.au/pub/software/wcslib/" name "-" version
              ".tar.bz2"))
        (sha256
-        (base32 "1s2nig327g4bimd9xshlk11ww09a7mrjmsbpdcd8smsmn2kl1glb"))))
+        (base32 "1vwrzkznpig2q40m11j12hsfqvsjz8z44l66pz5fkh6fy461w0zd"))))
     (inputs
      `(("cfitsio" ,cfitsio)))
     (build-system gnu-build-system)
diff --git a/gnu/packages/audacity.scm b/gnu/packages/audacity.scm
index 0f9554deba..a70d0e3a69 100644
--- a/gnu/packages/audacity.scm
+++ b/gnu/packages/audacity.scm
@@ -24,6 +24,7 @@
   #:use-module (gnu packages)
   #:use-module (gnu packages audio)
   #:use-module (gnu packages base)
+  #:use-module (gnu packages gettext)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages mp3)
@@ -38,20 +39,20 @@
 (define-public audacity
   (package
     (name "audacity")
-    (version "2.1.0")
+    (version "2.1.2")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://sourceforge/audacity/audacity/" version
-                           "/audacity-minsrc-" version ".tar.xz"))
+       (uri (string-append "https://github.com/audacity/audacity/archive"
+                           "/Audacity-" version ".zip"))
        (sha256
-        (base32 "1cs2w3fwqylpqmfwkvlgdx5lhclpckfil7pqibl37qlbnf4qvndh"))
+        (base32 "1642i9d5cdmqzj6r0qdl2ldnqsvpb08znnczncysi72x6zpvb5qq"))
        (patches (search-patches "audacity-fix-ffmpeg-binding.patch"))))
     (build-system gnu-build-system)
     (inputs
      ;; TODO: Add portSMF and libwidgetextra once they're packaged.  In-tree
      ;; versions shipping with Audacity are used for now.
-     `(("wxwidgets" ,wxwidgets-2)
+     `(("wxwidgets" ,wxwidgets-gtk2)
        ("gtk" ,gtk+-2)
        ("alsa-lib" ,alsa-lib)
        ("jack" ,jack-1)
@@ -72,7 +73,8 @@
        ("lilv" ,lilv)
        ("portaudio" ,portaudio)))
     (native-inputs
-     `(("pkg-config" ,pkg-config)
+     `(("gettext" ,gettext-minimal)     ;for msgfmt
+       ("pkg-config" ,pkg-config)
        ("python" ,python-2)
        ("which" ,which)))
     (arguments
diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index 5e22c1f221..84088a6b52 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -2102,19 +2102,15 @@ stretching and pitch scaling of audio.  This package contains the library.")
 (define-public wavpack
   (package
     (name "wavpack")
-    (version "4.70.0")
+    (version "5.1.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://www.wavpack.com/"
                                   name "-" version ".tar.bz2"))
               (sha256
                (base32
-                "191h8hv8qk72hfh1crg429i9yq3cminwqb249sy9zadbn1wy7b9c"))))
+                "0i19c6krc0p9krwrqy9s5xahaafigqzxcn31piidmlaqadyn4f8r"))))
     (build-system gnu-build-system)
-    (arguments
-     `(#:configure-flags
-       ;; wavpack.pc.in lacks path substitution for 'exec_prefix'.
-       (list (string-append "--libdir=" %output "/lib"))))
     (home-page "http://www.wavpack.com/")
     (synopsis "Hybrid lossless audio codec")
     (description
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index 8cfe470ec6..8dbe32ebdd 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -34,6 +34,7 @@
   #:use-module (gnu packages compression)
   #:use-module (gnu packages databases)
   #:use-module (gnu packages dejagnu)
+  #:use-module (gnu packages ftp)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnupg)
   #:use-module (gnu packages gperf)
@@ -52,7 +53,7 @@
 (define-public duplicity
   (package
     (name "duplicity")
-    (version "0.6.26")
+    (version "0.7.11")
     (source
      (origin
       (method url-fetch)
@@ -62,18 +63,19 @@
                           version ".tar.gz"))
       (sha256
        (base32
-        "0jh79syhr8n3l81jxlwsmwm1pklb4d923m2lgqbswyavh1fqmvwb"))
-      (patches (search-patches "duplicity-piped-password.patch"
-                               "duplicity-test_selection-tmp.patch"))))
+        "01zcq9cwn4pvj68rihgjvcdgccnxvz4jrba38sbv6nqz19cs2ixh"))))
     (build-system python-build-system)
     (native-inputs
-     `(("util-linux" ,util-linux)))     ;setsid command, for the tests
+     `(("util-linux" ,util-linux)     ;setsid command, for the tests
+       ("python-pexpect" ,python2-pexpect)
+       ("mock" ,python2-mock)))
+    (propagated-inputs
+     `(("lockfile" ,python2-lockfile)
+       ("urllib3" ,python2-urllib3)))
     (inputs
-     `(("python" ,python-2)
-       ("librsync" ,librsync)
-       ("mock" ,python2-mock)           ;for testing
-       ("lockfile" ,python2-lockfile)
-       ("gnupg" ,gnupg-1)               ;gpg executable needed
+     `(("librsync" ,librsync)
+       ("lftp" ,lftp)
+       ("gnupg" ,gnupg)                 ;gpg executable needed
        ("util-linux" ,util-linux)       ;for setsid
        ("tzdata" ,tzdata)))
     (arguments
@@ -81,6 +83,12 @@
        #:test-target "test"
        #:phases
        (modify-phases %standard-phases
+         (add-before
+          'build 'patch-source ; embed gpg store name
+          (lambda* (#:key inputs #:allow-other-keys)
+            (substitute* "duplicity/gpginterface.py"
+              (("self.call = 'gpg'")
+               (string-append "self.call = '" (assoc-ref inputs "gnupg") "/bin/gpg'")))))
          (add-before 'check 'check-setup
            (lambda* (#:key inputs #:allow-other-keys)
              (substitute* "testing/functional/__init__.py"
diff --git a/gnu/packages/bash.scm b/gnu/packages/bash.scm
index d328d711d1..c121fd84d6 100644
--- a/gnu/packages/bash.scm
+++ b/gnu/packages/bash.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
 ;;;
@@ -28,6 +28,9 @@
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix utils)
+  #:use-module (guix gexp)
+  #:use-module (guix monads)
+  #:use-module (guix store)
   #:use-module (guix build-system gnu)
   #:autoload   (guix gnupg) (gnupg-verify*)
   #:autoload   (guix hash) (port-sha256)
@@ -38,7 +41,7 @@
 
 (define (patch-url seqno)
   "Return the URL of Bash patch number SEQNO."
-  (format #f "mirror://gnu/bash/bash-4.3-patches/bash43-~3,'0d" seqno))
+  (format #f "mirror://gnu/bash/bash-4.4-patches/bash44-~3,'0d" seqno))
 
 (define (bash-patch seqno sha256)
   "Return the origin of Bash patch SEQNO, with expected hash SHA256"
@@ -95,6 +98,7 @@ number/base32-hash tuples, directly usable in the 'patch-series' form."
          (version "4.4"))
     (package
      (name "bash")
+     (replacement bash/fixed)
      (source (origin
               (method url-fetch)
               (uri (string-append
@@ -181,6 +185,7 @@ without modification.")
   ;; A stripped-down Bash for non-interactive use.
   (package (inherit bash)
     (name "bash-minimal")
+    (replacement #f) ;not vulnerable to CVE-2017-5932 since it lacks completion
     (inputs '())                                ; no readline, no curses
 
     ;; No "include" output because there's no support for loadable modules.
@@ -207,7 +212,8 @@ without modification.")
                  "ac_cv_func_dlopen=no"
 
                  ,@(if (%current-target-system)
-                       '("bash_cv_job_control_missing=no")
+                       '("bash_cv_job_control_missing=no"
+                         "bash_cv_getcwd_malloc=yes")
                        '())))
          ((#:phases phases)
           `(modify-phases ,phases
@@ -235,6 +241,43 @@ without modification.")
                    (delete-file-recursively (string-append out "/share"))
                    #t))))))))))
 
+(define* (url-fetch/reset-patch-level url hash-algo hash
+                                      #:optional name
+                                      #:key (system (%current-system)) guile)
+  "Fetch the Bash patch from URL and reset its 'PATCHLEVEL' definition so it
+can apply to a patch-level 0 Bash."
+  (mlet* %store-monad ((name -> (or name (basename url)))
+                       (patch (url-fetch url hash-algo hash
+                                         (string-append name ".orig")
+                                         #:system system
+                                         #:guile guile)))
+    (gexp->derivation name
+                      (with-imported-modules '((guix build utils))
+                        #~(begin
+                            (use-modules (guix build utils))
+                            (copy-file #$patch #$output)
+                            (substitute* #$output
+                              (("PATCHLEVEL [0-6]+")
+                               "PATCHLEVEL 0"))))
+                      #:guile-for-build guile
+                      #:system system)))
+
+(define bash/fixed                        ;CVE-2017-5932 (RCE with completion)
+  (package
+    (inherit bash)
+    (version "4.4.A")                             ;4.4.0 + patch #7
+    (replacement #f)
+    (source
+     (origin
+       (inherit (package-source bash))
+       (patches (cons (origin
+                        (method url-fetch/reset-patch-level)
+                        (uri (patch-url 7))
+                        (sha256
+                         (base32
+                          "1bzdsnqaf05gdbqpsixhan8vygjxpcxlz1dd8d9f5jdznw3wq76y")))
+                      (origin-patches (package-source bash))))))))
+
 (define-public bash-completion
   (package
     (name "bash-completion")
diff --git a/gnu/packages/benchmark.scm b/gnu/packages/benchmark.scm
index 465c81b431..acaeb67079 100644
--- a/gnu/packages/benchmark.scm
+++ b/gnu/packages/benchmark.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -22,12 +22,14 @@
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages compression)
-  #:use-module (gnu packages linux))
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages maths)
+  #:use-module (gnu packages python))
 
 (define-public fio
   (package
     (name "fio")
-    (version "2.15")
+    (version "2.17")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -35,22 +37,47 @@
                        "fio-" version ".tar.bz2"))
               (sha256
                (base32
-                "1ggma9c48717z2wz8j9f7jcgb3xqk8qawjl6c9hnabxxry94y130"))))
+                "1kxgad5k2m7y637g3kq8jmhwzlg3c64w9ky7066c5l09bwb6l58h"))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f ; No tests.
        #:phases
        (modify-phases %standard-phases
+         (add-after
+          'unpack 'patch-paths
+          (lambda* (#:key inputs outputs #:allow-other-keys)
+            (let ((out (assoc-ref outputs "out"))
+                  (gnuplot (string-append (assoc-ref inputs "gnuplot")
+                                          "/bin/gnuplot")))
+              (substitute* "tools/plot/fio2gnuplot"
+                (("/usr/share/fio") (string-append out "/share/fio"))
+                ;; FIXME (upstream): The 'gnuplot' executable is used inline
+                ;; in various os.system() calls mixed with *.gnuplot filenames.
+                (("; do gnuplot") (string-append "; do " gnuplot))
+                (("gnuplot mymath") (string-append gnuplot " mymath"))
+                (("gnuplot mygraph") (string-append gnuplot " mygraph")))
+              #t)))
          (replace 'configure
            (lambda* (#:key outputs #:allow-other-keys)
              ;; The configure script doesn't understand some of the
              ;; GNU options, so we can't use #:configure-flags.
              (let ((out (assoc-ref outputs "out")))
                (zero? (system* "./configure"
-                               (string-append "--prefix=" out)))))))))
+                               (string-append "--prefix=" out))))))
+         (add-after
+          'install 'wrap-python-scripts
+          (lambda* (#:key inputs outputs #:allow-other-keys)
+            (let ((out (assoc-ref outputs "out")))
+              (wrap-program (string-append out "/bin/fiologparser_hist.py")
+                `("PYTHONPATH" ":" prefix (,(getenv "PYTHONPATH"))))
+              #t))))))
     (inputs
      `(("libaio" ,libaio)
-       ("zlib" ,zlib)))
+       ("gnuplot" ,gnuplot)
+       ("zlib" ,zlib)
+       ("python-numpy" ,python2-numpy)
+       ("python-pandas" ,python2-pandas)
+       ("python" ,python-2)))
     (home-page "https://github.com/axboe/fio")
     (synopsis "Flexible I/O tester")
     (description
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index c930099179..5a1738b936 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -468,6 +468,47 @@ frames} (ORFs) using ribosome profiling (ribo-seq) data.  This package
 provides the Ribotaper pipeline.")
     (license license:gpl3+)))
 
+(define-public ribodiff
+  (package
+    (name "ribodiff")
+    (version "0.2.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/ratschlab/RiboDiff/"
+                           "archive/v" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0wpbwmfv05wdjxv7ikm664f7s7p7cqr8jnw99zrda0q67rl50aaj"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:python ,python-2
+       #:phases
+       (modify-phases %standard-phases
+         ;; Generate an installable executable script wrapper.
+         (add-after 'unpack 'patch-setup.py
+           (lambda _
+             (substitute* "setup.py"
+               (("^(.*)packages=.*" line prefix)
+                (string-append line "\n"
+                               prefix "scripts=['scripts/TE.py'],\n")))
+             #t)))))
+    (inputs
+     `(("python-numpy" ,python2-numpy)
+       ("python-matplotlib" ,python2-matplotlib)
+       ("python-scipy" ,python2-scipy)
+       ("python-statsmodels" ,python2-statsmodels)))
+    (home-page "http://public.bmi.inf.ethz.ch/user/zhongy/RiboDiff/")
+    (synopsis "Detect translation efficiency changes from ribosome footprints")
+    (description "RiboDiff is a statistical tool that detects the protein
+translational efficiency change from Ribo-Seq (ribosome footprinting) and
+RNA-Seq data.  It uses a generalized linear model to detect genes showing
+difference in translational profile taking mRNA abundance into account.  It
+facilitates us to decipher the translational regulation that behave
+independently with transcriptional regulation.")
+    (license license:gpl3+)))
+
 (define-public bioawk
   (package
     (name "bioawk")
@@ -2010,7 +2051,7 @@ identify enrichments with functional annotations of the genome.")
 (define-public diamond
   (package
     (name "diamond")
-    (version "0.8.31")
+    (version "0.8.34")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2019,7 +2060,7 @@ identify enrichments with functional annotations of the genome.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0nh79f4rpgq8vmlga743r7vd0z0ik6spy34f7vfq0v9lcmvfr7xq"))))
+                "0jvr34g346gbz7z1zb9bs0vplivm9p4cxk0lbzklvdpa7g236p39"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f ; no "check" target
@@ -2726,6 +2767,69 @@ several alignment strategies enable effective alignment of RNA-seq reads, in
 particular, reads spanning multiple exons.")
     (license license:gpl3+)))
 
+(define-public hisat2
+  (package
+    (name "hisat2")
+    (version "2.0.5")
+    (source
+     (origin
+       (method url-fetch)
+       ;; FIXME: a better source URL is
+       ;; (string-append "ftp://ftp.ccb.jhu.edu/pub/infphilo/hisat2"
+       ;;                "/downloads/hisat2-" version "-source.zip")
+       ;; with hash "0lywnr8kijwsc2aw10dwxic0n0yvip6fl3rjlvc8zzwahamy4x7g"
+       ;; but it is currently unavailable.
+       (uri "https://github.com/infphilo/hisat2/archive/cba6e8cb.tar.gz")
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1mf2hdsyv7cd97xm9mp9a4qws02yrj95y6w6f6cdwnq0klp81r50"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f                      ; no check target
+       #:make-flags (list "CC=gcc" "CXX=g++" "allall")
+       #:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (srfi srfi-26))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'make-deterministic
+           (lambda _
+             (substitute* "Makefile"
+               (("`date`") "0"))
+             #t))
+         (delete 'configure)
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin/"))
+                    (doc (string-append out "/share/doc/hisat2/")))
+               (for-each
+                (cut install-file <> bin)
+                (find-files "."
+                            "hisat2(-(build|align|inspect)(-(s|l)(-debug)*)*)*$"))
+               (mkdir-p doc)
+               (install-file "doc/manual.inc.html" doc))
+             #t)))))
+    (native-inputs
+     `(("unzip" ,unzip)                 ; needed for archive from ftp
+       ("perl" ,perl)
+       ("pandoc" ,ghc-pandoc)))         ; for documentation
+    (home-page "http://ccb.jhu.edu/software/hisat2/index.shtml")
+    (synopsis "Graph-based alignment of genomic sequencing reads")
+    (description "HISAT2 is a fast and sensitive alignment program for mapping
+next-generation sequencing reads (both DNA and RNA) to a population of human
+genomes (as well as to a single reference genome).  In addition to using one
+global @dfn{graph FM} (GFM) index that represents a population of human
+genomes, HISAT2 uses a large set of small GFM indexes that collectively cover
+the whole genome.  These small indexes, combined with several alignment
+strategies, enable rapid and accurate alignment of sequencing reads.  This new
+indexing scheme is called a @dfn{Hierarchical Graph FM index} (HGFM).")
+    ;; HISAT2 contains files from Bowtie2, which is released under
+    ;; GPLv2 or later.  The HISAT2 source files are released under
+    ;; GPLv3 or later.
+    (license license:gpl3+)))
+
 (define-public hmmer
   (package
     (name "hmmer")
@@ -3383,7 +3487,6 @@ that a read originated from a particular isoform.")
     (version "3.8.1551")
     (source (origin
               (method url-fetch/tarbomb)
-              (file-name (string-append name "-" version))
               (uri (string-append
                     "http://www.drive5.com/muscle/muscle_src_"
                     version ".tar.gz"))
@@ -5148,17 +5251,41 @@ sequence.")
     (supported-systems '("i686-linux" "x86_64-linux"))
     (license license:bsd-3)))
 
+(define-public r-centipede
+  (package
+    (name "r-centipede")
+    (version "1.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://download.r-forge.r-project.org/"
+                                  "src/contrib/CENTIPEDE_" version ".tar.gz"))
+              (sha256
+               (base32
+                "1hsx6qgwr0i67fhy9257zj7s0ppncph2hjgbia5nn6nfmj0ax6l9"))))
+    (build-system r-build-system)
+    (home-page "http://centipede.uchicago.edu/")
+    (synopsis "Predict transcription factor binding sites")
+    (description
+     "CENTIPEDE applies a hierarchical Bayesian mixture model to infer regions
+of the genome that are bound by particular transcription factors.  It starts
+by identifying a set of candidate binding sites, and then aims to classify the
+sites according to whether each site is bound or not bound by a transcription
+factor.  CENTIPEDE is an unsupervised learning algorithm that discriminates
+between two different types of motif instances using as much relevant
+information as possible.")
+    (license (list license:gpl2+ license:gpl3+))))
+
 (define-public r-vegan
   (package
     (name "r-vegan")
-    (version "2.4-1")
+    (version "2.4-2")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "vegan" version))
        (sha256
         (base32
-         "0i0c7rc0nzgbysd1nlxzxd2rvy75qcnw3yc7nggzqjzzj5d7yzsd"))))
+         "12wf64izrpq9z3ix7mgm5421mq0xsm8dw5qblvcrz452nfhjf5w9"))))
     (build-system r-build-system)
     (arguments
      `(#:phases
@@ -5610,7 +5737,7 @@ track.  The database is exposed as a @code{TxDb} object.")
 (define-public vsearch
   (package
     (name "vsearch")
-    (version "2.3.4")
+    (version "2.4.0")
     (source
      (origin
        (method url-fetch)
@@ -5620,31 +5747,12 @@ track.  The database is exposed as a @code{TxDb} object.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1xyraxmhyx62mxx8z7c8waygvcijwkh48ms1ar60w2cv2y2sn4al"))
-       (modules '((guix build utils)))
+         "007q9a50hdw4vs2iajabvbw7qccml4r8cbqzyi5ipkkf42jk3vnr"))
+       (patches (search-patches "vsearch-unbundle-cityhash.patch"))
        (snippet
         '(begin
-           ;; Remove bundled cityhash and '-mtune=native'.
-           (substitute* "src/Makefile.am"
-             (("^AM_CXXFLAGS=-I\\$\\{srcdir\\}/cityhash \
--O3 -mtune=native -Wall -Wsign-compare")
-              (string-append "AM_CXXFLAGS=-lcityhash"
-                             " -O3 -Wall -Wsign-compare"))
-             (("^__top_builddir__bin_vsearch_SOURCES = city.h \\\\")
-              "__top_builddir__bin_vsearch_SOURCES = \\")
-             (("^city.h \\\\") "\\")
-             (("^citycrc.h \\\\") "\\")
-             (("^libcityhash_a.*") "")
-             (("noinst_LIBRARIES = libcpu_sse2.a libcpu_ssse3.a \
-libcityhash.a")
-              "noinst_LIBRARIES = libcpu_sse2.a libcpu_ssse3.a")
-             (("__top_builddir__bin_vsearch_LDADD = libcpu_ssse3.a \
-libcpu_sse2.a libcityhash.a")
-              "__top_builddir__bin_vsearch_LDADD = libcpu_ssse3.a \
-libcpu_sse2.a -lcityhash"))
-           (substitute* "src/vsearch.h"
-             (("^\\#include \"city.h\"") "#include <city.h>")
-             (("^\\#include \"citycrc.h\"") "#include <citycrc.h>"))
+           ;; Remove bundled cityhash sources.  The vsearch source is adjusted
+           ;; for this in the patch.
            (delete-file "src/city.h")
            (delete-file "src/citycrc.h")
            (delete-file "src/city.cc")
@@ -6186,7 +6294,8 @@ names in their natural, rather than lexicographic, order.")
     (build-system r-build-system)
     (propagated-inputs
      `(("r-limma" ,r-limma)
-       ("r-locfit" ,r-locfit)))
+       ("r-locfit" ,r-locfit)
+       ("r-statmod" ,r-statmod))) ;for estimateDisp
     (home-page "http://bioinf.wehi.edu.au/edgeR")
     (synopsis "EdgeR does empirical analysis of digital gene expression data")
     (description "This package can do differential expression analysis of
@@ -6746,6 +6855,37 @@ dependencies between GO terms can be implemented and applied.")
 genome data packages and support for efficient SNP representation.")
     (license license:artistic2.0)))
 
+(define-public r-bsgenome-hsapiens-1000genomes-hs37d5
+  (package
+    (name "r-bsgenome-hsapiens-1000genomes-hs37d5")
+    (version "0.99.1")
+    (source (origin
+              (method url-fetch)
+              ;; We cannot use bioconductor-uri here because this tarball is
+              ;; located under "data/annotation/" instead of "bioc/".
+              (uri (string-append "http://www.bioconductor.org/packages/"
+                                  "release/data/annotation/src/contrib/"
+                                  "BSgenome.Hsapiens.1000genomes.hs37d5_"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "1cg0g5fqmsvwyw2p9hp2yy4ilk21jkbbrnpgqvb5c36ihjwvc7sr"))))
+    (properties
+     `((upstream-name . "BSgenome.Hsapiens.1000genomes.hs37d5")))
+    (build-system r-build-system)
+    ;; As this package provides little more than a very large data file it
+    ;; doesn't make sense to build substitutes.
+    (arguments `(#:substitutable? #f))
+    (propagated-inputs
+     `(("r-bsgenome" ,r-bsgenome)))
+    (home-page
+     "http://www.bioconductor.org/packages/BSgenome.Hsapiens.1000genomes.hs37d5/")
+    (synopsis "Full genome sequences for Homo sapiens")
+    (description
+     "This package provides full genome sequences for Homo sapiens from
+1000genomes phase2 reference genome sequence (hs37d5), based on NCBI GRCh37.")
+    (license license:artistic2.0)))
+
 (define-public r-impute
   (package
     (name "r-impute")
@@ -7630,6 +7770,71 @@ for DNA and protein sequences.  This package supports several sequence
 kernels, including: gkmSVM, kmer-SVM, mismatch kernel and wildcard kernel.")
     (license license:gpl2+)))
 
+(define-public r-tximport
+  (package
+    (name "r-tximport")
+    (version "1.2.0")
+    (source (origin
+              (method url-fetch)
+              (uri (bioconductor-uri "tximport" version))
+              (sha256
+               (base32
+                "1k5a7dad6zqg936s17f6cmwgqp11x24z9zhxndsgwbscgpyhpcb0"))))
+    (build-system r-build-system)
+    (home-page "http://bioconductor.org/packages/tximport")
+    (synopsis "Import and summarize transcript-level estimates for gene-level analysis")
+    (description
+     "This package provides tools to import transcript-level abundance,
+estimated counts and transcript lengths, and to summarize them into matrices
+for use with downstream gene-level analysis packages.  Average transcript
+length, weighted by sample-specific transcript abundance estimates, is
+provided as a matrix which can be used as an offset for different expression
+of gene-level counts.")
+    (license license:gpl2+)))
+
+(define-public r-rhdf5
+  (package
+    (name "r-rhdf5")
+    (version "2.18.0")
+    (source (origin
+              (method url-fetch)
+              (uri (bioconductor-uri "rhdf5" version))
+              (sha256
+               (base32
+                "0pb04li55ysag30s7rap7nnivc0rqmgsmpj43kin0rxdabfn1w0k"))))
+    (build-system r-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'unpack-smallhdf5
+           (lambda* (#:key outputs #:allow-other-keys)
+             (system* "tar" "-xzvf"
+                      "src/hdf5source/hdf5small.tgz" "-C" "src/" )
+             (substitute* "src/Makevars"
+               (("^.*cd hdf5source &&.*$") "")
+               (("^.*gunzip -dc hdf5small.tgz.*$") "")
+               (("^.*rm -rf hdf5.*$") "")
+               (("^.*mv hdf5source/hdf5 ..*$") ""))
+             (substitute* "src/hdf5/configure"
+               (("/bin/mv") "mv"))
+             #t)))))
+    (propagated-inputs
+     `(("r-zlibbioc" ,r-zlibbioc)))
+    (inputs
+     `(("perl" ,perl)
+       ("zlib" ,zlib)))
+    (home-page "http://bioconductor.org/packages/rhdf5")
+    (synopsis "HDF5 interface to R")
+    (description
+     "This R/Bioconductor package provides an interface between HDF5 and R.
+HDF5's main features are the ability to store and access very large and/or
+complex datasets and a wide variety of metadata on mass storage (disk) through
+a completely portable file format.  The rhdf5 package is thus suited for the
+exchange of large and/or complex datasets between R and other software
+package, and for letting R applications work on datasets that are larger than
+the available RAM.")
+    (license license:artistic2.0)))
+
 (define-public emboss
   (package
     (name "emboss")
@@ -7885,7 +8090,9 @@ replacement for strverscmp.")
        ("python-pyyaml" ,python-pyyaml)
        ("python-click" ,python-click)
        ("python-matplotlib" ,python-matplotlib)
-       ("python-numpy" ,python-numpy)))
+       ("python-numpy" ,python-numpy)
+       ;; MultQC checks for the presence of nose at runtime.
+       ("python-nose" ,python-nose)))
     (home-page "http://multiqc.info")
     (synopsis "Aggregate bioinformatics analysis reports")
     (description
@@ -7984,3 +8191,382 @@ immunoprecipitation and target enrichment on small gene panels.  Thereby,
 CopywriteR constitutes a widely applicable alternative to available copy
 number detection tools.")
     (license license:gpl2)))
+
+(define-public r-sva
+  (package
+    (name "r-sva")
+    (version "3.22.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "sva" version))
+       (sha256
+        (base32
+         "1wc1fjm6dzlsqqagm43y57w8jh8nsh0r0m8z1p6ximcb5gxqh7hn"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-genefilter" ,r-genefilter)))
+    (home-page "http://bioconductor.org/packages/sva")
+    (synopsis "Surrogate variable analysis")
+    (description
+     "This package contains functions for removing batch effects and other
+unwanted variation in high-throughput experiment.  It also contains functions
+for identifying and building surrogate variables for high-dimensional data
+sets.  Surrogate variables are covariates constructed directly from
+high-dimensional data like gene expression/RNA sequencing/methylation/brain
+imaging data that can be used in subsequent analyses to adjust for unknown,
+unmodeled, or latent sources of noise.")
+    (license license:artistic2.0)))
+
+(define-public r-seqminer
+  (package
+    (name "r-seqminer")
+    (version "5.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "seqminer" version))
+       (sha256
+        (base32
+         "0y0gc5lws3hdxasjb84m532ics6imb7qg9sl1zy62h503jh4j9gw"))))
+    (build-system r-build-system)
+    (inputs
+     `(("zlib" ,zlib)))
+    (home-page "http://seqminer.genomic.codes")
+    (synopsis "Read nucleotide sequence data (VCF, BCF, and METAL formats)")
+    (description
+     "This package provides tools to integrate nucleotide sequencing
+data (variant call format, e.g. VCF or BCF) or meta-analysis results in R.")
+    ;; Any version of the GPL is acceptable
+    (license (list license:gpl2+ license:gpl3+))))
+
+(define-public r-raremetals2
+  (package
+    (name "r-raremetals2")
+    (version "0.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://genome.sph.umich.edu/w/images/"
+                           "b/b7/RareMETALS2_" version ".tar.gz"))
+       (sha256
+        (base32
+         "0z5ljcgvnm06ja9lm85a3cniq7slxcy37aqqkxrdidr79an5fs4s"))))
+    (properties `((upstream-name . "RareMETALS2")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-seqminer" ,r-seqminer)
+       ("r-mvtnorm" ,r-mvtnorm)
+       ("r-compquadform" ,r-compquadform)
+       ("r-getopt" ,r-getopt)))
+    (home-page "http://genome.sph.umich.edu/wiki/RareMETALS2")
+    (synopsis "Analyze gene-level association tests for binary trait")
+    (description
+     "The R package rareMETALS2 is an extension of the R package rareMETALS.
+It was designed to meta-analyze gene-level association tests for binary trait.
+While rareMETALS offers a near-complete solution for meta-analysis of
+gene-level tests for quantitative trait, it does not offer the optimal
+solution for binary trait.  The package rareMETALS2 offers improved features
+for analyzing gene-level association tests in meta-analyses for binary
+trait.")
+    (license license:gpl3)))
+
+(define-public r-maldiquant
+  (package
+    (name "r-maldiquant")
+    (version "1.16")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "MALDIquant" version))
+       (sha256
+        (base32
+         "067xbmy10mpsvmv77g62chd7wwhdhcfn5hmp5fisbnz2h5rq0q60"))))
+    (properties `((upstream-name . "MALDIquant")))
+    (build-system r-build-system)
+    (home-page "http://cran.r-project.org/web/packages/MALDIquant")
+    (synopsis "Quantitative analysis of mass spectrometry data")
+    (description
+     "This package provides a complete analysis pipeline for matrix-assisted
+laser desorption/ionization-time-of-flight (MALDI-TOF) and other
+two-dimensional mass spectrometry data.  In addition to commonly used plotting
+and processing methods it includes distinctive features, namely baseline
+subtraction methods such as morphological filters (TopHat) or the
+statistics-sensitive non-linear iterative peak-clipping algorithm (SNIP), peak
+alignment using warping functions, handling of replicated measurements as well
+as allowing spectra with different resolutions.")
+    (license license:gpl3+)))
+
+(define-public r-protgenerics
+  (package
+    (name "r-protgenerics")
+    (version "1.6.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "ProtGenerics" version))
+       (sha256
+        (base32
+         "0hb3vrrvfx6lcfalmjxm8dmigfmi5nba0pzjfgsrzd35c8mbfc6f"))))
+    (properties `((upstream-name . "ProtGenerics")))
+    (build-system r-build-system)
+    (home-page "https://github.com/lgatto/ProtGenerics")
+    (synopsis "S4 generic functions for proteomics infrastructure")
+    (description
+     "This package provides S4 generic functions needed by Bioconductor
+proteomics packages.")
+    (license license:artistic2.0)))
+
+(define-public r-mzr
+  (package
+    (name "r-mzr")
+    (version "2.8.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "mzR" version))
+       (sha256
+        (base32
+         "0ipmhg6l3pf648rdx5g2ha7l5ppd3cja6afxhdw76x8ga3633x0r"))))
+    (properties `((upstream-name . "mzR")))
+    (build-system r-build-system)
+    (inputs
+     `(("netcdf" ,netcdf)))
+    (propagated-inputs
+     `(("r-biobase" ,r-biobase)
+       ("r-biocgenerics" ,r-biocgenerics)
+       ("r-protgenerics" ,r-protgenerics)
+       ("r-rcpp" ,r-rcpp)
+       ("r-zlibbioc" ,r-zlibbioc)))
+    (home-page "https://github.com/sneumann/mzR/")
+    (synopsis "Parser for mass spectrometry data files")
+    (description
+     "The mzR package provides a unified API to the common file formats and
+parsers available for mass spectrometry data.  It comes with a wrapper for the
+ISB random access parser for mass spectrometry mzXML, mzData and mzML files.
+The package contains the original code written by the ISB, and a subset of the
+proteowizard library for mzML and mzIdentML.  The netCDF reading code has
+previously been used in XCMS.")
+    (license license:artistic2.0)))
+
+(define-public r-affyio
+  (package
+    (name "r-affyio")
+    (version "1.44.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "affyio" version))
+       (sha256
+        (base32
+         "1svsl4mpk06xm505pap913x69ywks99262krag8y4ygpllj7dfyy"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-zlibbioc" ,r-zlibbioc)))
+    (inputs
+     `(("zlib" ,zlib)))
+    (home-page "https://github.com/bmbolstad/affyio")
+    (synopsis "Tools for parsing Affymetrix data files")
+    (description
+     "This package provides routines for parsing Affymetrix data files based
+upon file format information.  The primary focus is on accessing the CEL and
+CDF file formats.")
+    (license license:lgpl2.0+)))
+
+(define-public r-affy
+  (package
+    (name "r-affy")
+    (version "1.52.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "affy" version))
+       (sha256
+        (base32
+         "1snq71ligf0wvaxa6zfrl13ydw0zfhspmhdyfk8q3ba3np4cz344"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-affyio" ,r-affyio)
+       ("r-biobase" ,r-biobase)
+       ("r-biocgenerics" ,r-biocgenerics)
+       ("r-biocinstaller" ,r-biocinstaller)
+       ("r-preprocesscore" ,r-preprocesscore)
+       ("r-zlibbioc" ,r-zlibbioc)))
+    (home-page "http://bioconductor.org/packages/affy")
+    (synopsis "Methods for affymetrix oligonucleotide arrays")
+    (description
+     "This package contains functions for exploratory oligonucleotide array
+analysis.")
+    (license license:lgpl2.0+)))
+
+(define-public r-vsn
+  (package
+    (name "r-vsn")
+    (version "3.42.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "vsn" version))
+       (sha256
+        (base32
+         "0mgl0azys2g90simf8wx6jdwd7gyg3m4pf12n6w6507jixm2cg97"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-affy" ,r-affy)
+       ("r-biobase" ,r-biobase)
+       ("r-ggplot2" ,r-ggplot2)
+       ("r-limma" ,r-limma)))
+    (home-page "http://bioconductor.org/packages/release/bioc/html/vsn.html")
+    (synopsis "Variance stabilization and calibration for microarray data")
+    (description
+     "The package implements a method for normalising microarray intensities,
+and works for single- and multiple-color arrays.  It can also be used for data
+from other technologies, as long as they have similar format.  The method uses
+a robust variant of the maximum-likelihood estimator for an
+additive-multiplicative error model and affine calibration.  The model
+incorporates data calibration step (a.k.a.  normalization), a model for the
+dependence of the variance on the mean intensity and a variance stabilizing
+data transformation.  Differences between transformed intensities are
+analogous to \"normalized log-ratios\".  However, in contrast to the latter,
+their variance is independent of the mean, and they are usually more sensitive
+and specific in detecting differential transcription.")
+    (license license:artistic2.0)))
+
+(define-public r-mzid
+  (package
+    (name "r-mzid")
+    (version "1.12.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "mzID" version))
+       (sha256
+        (base32
+         "1zn896cpfvqp1qmq5c4vcj933hb8rxwb6gkck1wqvr7393rpqy1q"))))
+    (properties `((upstream-name . "mzID")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-doparallel" ,r-doparallel)
+       ("r-foreach" ,r-foreach)
+       ("r-iterators" ,r-iterators)
+       ("r-plyr" ,r-plyr)
+       ("r-protgenerics" ,r-protgenerics)
+       ("r-rcpp" ,r-rcpp)
+       ("r-xml" ,r-xml)))
+    (home-page "http://bioconductor.org/packages/mzID")
+    (synopsis "Parser for mzIdentML files")
+    (description
+     "This package provides a parser for mzIdentML files implemented using the
+XML package.  The parser tries to be general and able to handle all types of
+mzIdentML files with the drawback of having less pretty output than a vendor
+specific parser.")
+    (license license:gpl2+)))
+
+(define-public r-pcamethods
+  (package
+    (name "r-pcamethods")
+    (version "1.66.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "pcaMethods" version))
+       (sha256
+        (base32
+         "18mawhxw57pgpn87qha4mwki24gqja7wpqha8q496476vyap11xw"))))
+    (properties `((upstream-name . "pcaMethods")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-biobase" ,r-biobase)
+       ("r-biocgenerics" ,r-biocgenerics)
+       ("r-rcpp" ,r-rcpp)))
+    (home-page "https://github.com/hredestig/pcamethods")
+    (synopsis "Collection of PCA methods")
+    (description
+     "This package provides Bayesian PCA, Probabilistic PCA, Nipals PCA,
+Inverse Non-Linear PCA and the conventional SVD PCA.  A cluster based method
+for missing value estimation is included for comparison.  BPCA, PPCA and
+NipalsPCA may be used to perform PCA on incomplete data as well as for
+accurate missing value estimation.  A set of methods for printing and plotting
+the results is also provided.  All PCA methods make use of the same data
+structure (pcaRes) to provide a common interface to the PCA results.")
+    (license license:gpl3+)))
+
+(define-public r-msnbase
+  (package
+    (name "r-msnbase")
+    (version "2.0.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "MSnbase" version))
+       (sha256
+        (base32
+         "0jjjs29dcwsjaxzfqxy98ycpg3rwxzzchkj77my3cjgdc00sm66n"))))
+    (properties `((upstream-name . "MSnbase")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-affy" ,r-affy)
+       ("r-biobase" ,r-biobase)
+       ("r-biocgenerics" ,r-biocgenerics)
+       ("r-biocparallel" ,r-biocparallel)
+       ("r-digest" ,r-digest)
+       ("r-ggplot2" ,r-ggplot2)
+       ("r-impute" ,r-impute)
+       ("r-iranges" ,r-iranges)
+       ("r-maldiquant" ,r-maldiquant)
+       ("r-mzid" ,r-mzid)
+       ("r-mzr" ,r-mzr)
+       ("r-pcamethods" ,r-pcamethods)
+       ("r-plyr" ,r-plyr)
+       ("r-preprocesscore" ,r-preprocesscore)
+       ("r-protgenerics" ,r-protgenerics)
+       ("r-rcpp" ,r-rcpp)
+       ("r-reshape2" ,r-reshape2)
+       ("r-s4vectors" ,r-s4vectors)
+       ("r-vsn" ,r-vsn)
+       ("r-xml" ,r-xml)))
+    (home-page "https://github.com/lgatto/MSnbase")
+    (synopsis "Base functions and classes for MS-based proteomics")
+    (description
+     "This package provides basic plotting, data manipulation and processing
+of mass spectrometry based proteomics data.")
+    (license license:artistic2.0)))
+
+(define-public r-msnid
+  (package
+    (name "r-msnid")
+    (version "1.8.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "MSnID" version))
+       (sha256
+        (base32
+         "0fkk3za39cxi0jyxmagmycjdslr2xf6vg3ylz14jyffqi0blw9d5"))))
+    (properties `((upstream-name . "MSnID")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-biobase" ,r-biobase)
+       ("r-data-table" ,r-data-table)
+       ("r-doparallel" ,r-doparallel)
+       ("r-dplyr" ,r-dplyr)
+       ("r-foreach" ,r-foreach)
+       ("r-iterators" ,r-iterators)
+       ("r-msnbase" ,r-msnbase)
+       ("r-mzid" ,r-mzid)
+       ("r-mzr" ,r-mzr)
+       ("r-protgenerics" ,r-protgenerics)
+       ("r-r-cache" ,r-r-cache)
+       ("r-rcpp" ,r-rcpp)
+       ("r-reshape2" ,r-reshape2)))
+    (home-page "http://bioconductor.org/packages/MSnID")
+    (synopsis "Utilities for LC-MSn proteomics identifications")
+    (description
+     "This package extracts @dfn{tandem mass spectrometry} (MS/MS) ID data
+from mzIdentML (leveraging the mzID package) or text files.  After collating
+the search results from multiple datasets it assesses their identification
+quality and optimize filtering criteria to achieve the maximum number of
+identifications while not exceeding a specified false discovery rate.  It also
+contains a number of utilities to explore the MS/MS results and assess missed
+and irregular enzymatic cleavages, mass measurement accuracy, etc.")
+    (license license:artistic2.0)))
diff --git a/gnu/packages/bittorrent.scm b/gnu/packages/bittorrent.scm
index 43ec087bf5..9e56f667a4 100644
--- a/gnu/packages/bittorrent.scm
+++ b/gnu/packages/bittorrent.scm
@@ -2,9 +2,11 @@
 ;;; Copyright © 2014 Taylan Ulrich Bayirli/Kammer <taylanbayirli@gmail.com>
 ;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Tomáš Čech <sleep_walker@gnu.org>
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017 Jelle Licht <jlicht@fsfe.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -24,11 +26,13 @@
 (define-module (gnu packages bittorrent)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system python)
   #:use-module (guix build-system glib-or-gtk)
   #:use-module ((guix licenses) #:prefix l:)
   #:use-module (gnu packages adns)
+  #:use-module (gnu packages boost)
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages crypto)
@@ -170,6 +174,49 @@ XML-RPC over SCGI.")
     (home-page "https://github.com/rakshasa/rtorrent")
     (license l:gpl2+)))
 
+(define-public tremc
+  (let ((commit "401f2303c9b5a6e2e7b0808617d794576d4aa29e")
+        (revision "0"))
+    (package
+      (name "tremc")
+      (version (string-append "0.9.0-" revision "." (string-take commit 7)))
+      (source
+        (origin
+          (method git-fetch)
+          (uri (git-reference
+                 (url "https://github.com/louipc/tremc.git")
+                 (commit commit)))
+          (sha256
+           (base32
+            "1h2720zn35iggmf9av65g119b0bhskwm1ng0zbkjryaf38nfzpin"))))
+      (build-system python-build-system)
+      (arguments
+       `(#:tests? #f ; no test suite
+         #:phases
+         (modify-phases %standard-phases
+           ;; The software is just a Python script that must be
+           ;; copied into place.
+           (delete 'build)
+           (replace 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out"))
+                      (bin (string-append out "/bin"))
+                      (man (string-append out "/share/man/man1"))
+                      ;; FIXME install zsh completions
+                      (completions (string-append out "/etc/bash_completion.d")))
+                 (install-file "tremc" bin)
+                 (install-file "tremc.1" man)
+                 (install-file
+                   (string-append
+                     "completion/bash/"
+                     "transmission-remote-cli-bash-completion.sh")
+                   completions)))))))
+      (synopsis "Console client for the Transmission BitTorrent daemon")
+      (description "Tremc is a console client, with a curses interface, for the
+Transmission BitTorrent daemon.")
+      (home-page "https://github.com/louipc/tremc")
+      (license l:gpl3+))))
+
 (define-public transmission-remote-cli
   (package
     (name "transmission-remote-cli")
@@ -207,9 +254,11 @@ XML-RPC over SCGI.")
                           completions)))))))
     (synopsis "Console client for the Transmission BitTorrent daemon")
     (description "Transmission-remote-cli is a console client, with a curses
-interface, for the Transmission BitTorrent daemon.")
+interface, for the Transmission BitTorrent daemon.  This package is no longer
+maintained upstream.")
     (home-page "https://github.com/fagga/transmission-remote-cli")
-    (license l:gpl3+)))
+    (license l:gpl3+)
+    (properties `((superseded . ,tremc)))))
 
 (define-public aria2
   (package
@@ -326,3 +375,41 @@ the distributed hash table (DHT) and Peer Exchange.  Hashing is multi-threaded
 and will take advantage of multiple processor cores where possible.")
     (license (list l:public-domain      ; sha1.*, used to build without OpenSSL
                    l:gpl2+))))          ; with permission to link with OpenSSL
+
+(define-public libtorrent-rasterbar
+  (package
+    (name "libtorrent-rasterbar")
+    (version "1.0.10")
+    (source (origin
+              (method url-fetch)
+              (uri
+               (string-append
+                "https://github.com/arvidn/libtorrent/releases/download/libtorrent-"
+                "1_0_10" "/libtorrent-rasterbar-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0gjcr892hzmcngvpw5bycjci4dk49v763lsnpvbwsjmim2ncwrd8"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags
+       (list (string-append "--with-boost-libdir="
+                            (assoc-ref %build-inputs "boost")
+                            "/lib")
+             "--enable-python-binding"
+             "--enable-tests")
+       #:make-flags (list
+                     (string-append "LDFLAGS=-Wl,-rpath="
+                                    (assoc-ref %outputs "out") "/lib"))))
+    (inputs `(("boost" ,boost)
+              ("openssl" ,openssl)))
+    (native-inputs `(("python" ,python-2)
+                     ("pkg-config" ,pkg-config)))
+    (home-page "http://www.rasterbar.com/products/libtorrent/")
+    (synopsis "Feature complete BitTorrent implementation")
+    (description
+     "libtorrent-rasterbar is a feature complete C++ BitTorrent implementation
+focusing on efficiency and scalability.  It runs on embedded devices as well as
+desktops.")
+    (license l:bsd-2)))
+
+
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
new file mode 100644
index 0000000000..16cb7b4c0b
--- /dev/null
+++ b/gnu/packages/bootloaders.scm
@@ -0,0 +1,332 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2016, 2017 Danny Milosavljevic <dannym@scratchpost.org>
+;;; Copyright © 2016, 2017 David Craven <david@craven.ch>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages bootloaders)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages admin)
+  #:use-module ((gnu packages algebra) #:select (bc))
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages flex)
+  #:use-module (gnu packages disk)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages cdrom)
+  #:use-module (gnu packages cross-base)
+  #:use-module (gnu packages disk)
+  #:use-module (gnu packages flex)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages gettext)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages man)
+  #:use-module (gnu packages ncurses)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages qemu)
+  #:use-module (gnu packages texinfo)
+  #:use-module (guix build-system gnu)
+  #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix utils))
+
+(define unifont
+  ;; GNU Unifont, <http://gnu.org/s/unifont>.
+  ;; GRUB needs it for its graphical terminal, gfxterm.
+  (origin
+    (method url-fetch)
+    (uri
+     "http://unifoundry.com/pub/unifont-7.0.06/font-builds/unifont-7.0.06.bdf.gz")
+    (sha256
+     (base32
+      "0p2vhnc18cnbmb39vq4m7hzv4mhnm2l0a2s7gx3ar277fwng3hys"))))
+
+(define-public grub
+  (package
+    (name "grub")
+    (version "2.02rc1")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append
+                   "ftp://alpha.gnu.org/gnu/grub/grub-"
+                   "2.02~rc1"
+                   ".tar.xz"))
+             (file-name (string-append name "-" version ".tar.xz"))
+             (sha256
+              (base32
+               "0y02v19x9sb5jvj740f604vvi5j1rx8pily1jk0l64bdp7lkjlj4"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (add-after 'unpack 'patch-stuff
+                   (lambda* (#:key inputs #:allow-other-keys)
+                     (substitute* "grub-core/Makefile.in"
+                       (("/bin/sh") (which "sh")))
+
+                     ;; Give the absolute file name of 'mdadm', used to
+                     ;; determine the root file system when it's a RAID
+                     ;; device.  Failing to do that, 'grub-probe' silently
+                     ;; fails if 'mdadm' is not in $PATH.
+                     (substitute* "grub-core/osdep/linux/getroot.c"
+                       (("argv\\[0\\] = \"mdadm\"")
+                        (string-append "argv[0] = \""
+                                       (assoc-ref inputs "mdadm")
+                                       "/sbin/mdadm\"")))
+
+                     ;; Make the font visible.
+                     (copy-file (assoc-ref inputs "unifont") "unifont.bdf.gz")
+                     (system* "gunzip" "unifont.bdf.gz")
+                     #t)))))
+    (inputs
+     `(("gettext" ,gettext-minimal)
+
+       ;; Depend on LVM2 for libdevmapper, used by 'grub-probe' and
+       ;; 'grub-install' to recognize mapped devices (LUKS, etc.)
+       ("lvm2" ,lvm2)
+
+       ;; Depend on mdadm, which is invoked by 'grub-probe' and 'grub-install'
+       ;; to determine whether the root file system is RAID.
+       ("mdadm" ,mdadm)
+
+       ("freetype" ,freetype)
+       ;; ("libusb" ,libusb)
+       ;; ("fuse" ,fuse)
+       ("ncurses" ,ncurses)))
+    (native-inputs
+     `(("unifont" ,unifont)
+       ("bison" ,bison)
+       ("flex" ,flex)
+       ("texinfo" ,texinfo)
+       ("help2man" ,help2man)
+
+       ;; Dependencies for the test suite.  The "real" QEMU is needed here,
+       ;; because several targets are used.
+       ("parted" ,parted)
+       ("qemu" ,qemu-minimal)
+       ("xorriso" ,xorriso)))
+    (home-page "https://www.gnu.org/software/grub/")
+    (synopsis "GRand Unified Boot loader")
+    (description
+     "GRUB is a multiboot bootloader.  It is used for initially loading the
+kernel of an operating system and then transferring control to it.  The kernel
+then goes on to load the rest of the operating system.  As a multiboot
+bootloader, GRUB handles the presence of multiple operating systems installed
+on the same computer; upon booting the computer, the user is presented with a
+menu to select one of the installed operating systems.")
+    (license license:gpl3+)
+    (properties '((cpe-name . "grub2")))))
+
+(define-public grub-efi
+  (package
+    (inherit grub)
+    (name "grub-efi")
+    (synopsis "GRand Unified Boot loader (UEFI version)")
+    (inputs
+     `(("efibootmgr" ,efibootmgr)
+       ,@(package-inputs grub)))
+    (arguments
+     `(;; TODO: Tests need a UEFI firmware for qemu. There is one at
+       ;; https://github.com/tianocore/edk2/tree/master/OvmfPkg .
+       ;; Search for 'OVMF' in "tests/util/grub-shell.in".
+       #:tests? #f
+       ,@(substitute-keyword-arguments (package-arguments grub)
+           ((#:configure-flags flags ''())
+            `(cons "--with-platform=efi" ,flags))
+           ((#:phases phases)
+            `(modify-phases ,phases
+               (add-after 'patch-stuff 'use-absolute-efibootmgr-path
+                 (lambda* (#:key inputs #:allow-other-keys)
+                   (substitute* "grub-core/osdep/unix/platform.c"
+                     (("efibootmgr")
+                      (string-append (assoc-ref inputs "efibootmgr")
+                                     "/sbin/efibootmgr")))
+                   #t)))))))))
+
+(define-public syslinux
+  (let ((commit "bb41e935cc83c6242de24d2271e067d76af3585c"))
+    (package
+      (name "syslinux")
+      (version (git-version "6.04-pre" "1" commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/geneC/syslinux")
+                      (commit commit)))
+                (file-name (git-file-name name version))
+                (sha256
+                 (base32
+                  "0k8dvafd6410kqxf3kyr4y8jzmpmrih6wbjqg6gklak7945yflrc"))))
+      (build-system gnu-build-system)
+      (native-inputs
+       `(("nasm" ,nasm)
+         ("perl" ,perl)
+         ("python-2" ,python-2)))
+      (inputs
+       `(("libuuid" ,util-linux)))
+      (arguments
+       `(#:parallel-build? #f
+         #:make-flags
+         (list (string-append "BINDIR=" %output "/bin")
+               (string-append "SBINDIR=" %output "/sbin")
+               (string-append "LIBDIR=" %output "/lib")
+               (string-append "INCDIR=" %output "/include")
+               (string-append "DATADIR=" %output "/share")
+               (string-append "MANDIR=" %output "/share/man")
+               "PERL=perl"
+               "bios")
+         #:phases
+         (modify-phases %standard-phases
+           (add-after 'unpack 'patch-files
+             (lambda _
+               (substitute* (find-files "." "Makefile.*|ppmtolss16")
+                 (("/bin/pwd") (which "pwd"))
+                 (("/bin/echo") (which "echo"))
+                 (("/usr/bin/perl") (which "perl")))
+               #t))
+           (delete 'configure)
+           (add-before 'build 'set-permissions
+             (lambda _
+               (zero? (system* "chmod" "a+w" "utils/isohybrid.in"))))
+           (replace 'check
+             (lambda _
+               (setenv "CC" "gcc")
+               (substitute* "tests/unittest/include/unittest/unittest.h"
+                 ;; Don't look up headers under /usr.
+                 (("/usr/include/") ""))
+               (zero? (system* "make" "unittest")))))))
+      (home-page "http://www.syslinux.org")
+      (synopsis "Lightweight Linux bootloader")
+      (description "Syslinux is a lightweight Linux bootloader.")
+      (license (list license:gpl2+
+                     license:bsd-3 ; gnu-efi/*
+                     license:bsd-4 ; gnu-efi/inc/* gnu-efi/lib/*
+                     ;; Also contains:
+                     license:expat license:isc license:zlib)))))
+
+(define-public dtc
+  (package
+    (name "dtc")
+    (version "1.4.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://www.kernel.org/pub/software/utils/dtc/"
+                    "dtc-" version ".tar.xz"))
+              (sha256
+               (base32
+                "1b7si8niyca4wxbfah3qw4p4wli81mc1qwfhaswvrfqahklnwi8k"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("bison" ,bison)
+       ("flex" ,flex)))
+    (arguments
+     `(#:make-flags
+       (list "CC=gcc"
+             (string-append "PREFIX=" (assoc-ref %outputs "out"))
+             "INSTALL=install")
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure))))
+    (home-page "https://www.devicetree.org")
+    (synopsis "Compiles device tree source files")
+    (description "@command{dtc} compiles
+@uref{http://elinux.org/Device_Tree_Usage, device tree source files} to device
+tree binary files.  These are board description files used by Linux and BSD.")
+    (license license:gpl2+)))
+
+(define u-boot
+  (package
+    (name "u-boot")
+    (version "2017.01")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "ftp://ftp.denx.de/pub/u-boot/"
+                    "u-boot-" version ".tar.bz2"))
+              (sha256
+               (base32
+                "1wpc51jm3zyibgcr78jng2yksqvrya76bxgsr4pcyjrsz5sm2hkc"))))
+    (native-inputs
+     `(("bc" ,bc)
+       ("dtc" ,dtc)
+       ("python-2" ,python-2)))
+    (build-system  gnu-build-system)
+    (home-page "http://www.denx.de/wiki/U-Boot/")
+    (synopsis "ARM bootloader")
+    (description "U-Boot is a bootloader used mostly for ARM boards. It
+also initializes the boards (RAM etc).")
+    (license license:gpl2+)))
+
+(define (make-u-boot-package board triplet)
+  "Returns a u-boot package for BOARD cross-compiled for TRIPLET."
+  (package
+    (inherit u-boot)
+    (name (string-append "u-boot-" (string-downcase board)))
+    (native-inputs
+     `(("cross-gcc" ,(cross-gcc triplet))
+       ("cross-binutils" ,(cross-binutils triplet))
+       ,@(package-native-inputs u-boot)))
+    (arguments
+     `(#:modules ((ice-9 ftw) (guix build utils) (guix build gnu-build-system))
+       #:test-target "test"
+       #:make-flags
+       (list "HOSTCC=gcc" (string-append "CROSS_COMPILE=" ,triplet "-"))
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda* (#:key outputs make-flags #:allow-other-keys)
+             (let ((config-name (string-append ,board "_defconfig")))
+               (if (file-exists? (string-append "configs/" config-name))
+                   (zero? (apply system* "make" `(,@make-flags ,config-name)))
+                   (begin
+                     (display "Invalid board name. Valid board names are:")
+                     (let ((suffix-len (string-length "_defconfig")))
+                       (scandir "configs"
+                                (lambda (file-name)
+                                  (when (string-suffix? "_defconfig" file-name)
+                                    (format #t
+                                            "- ~A\n"
+                                            (string-drop-right file-name
+                                                               suffix-len))))))
+                     #f)))))
+         (replace 'install
+           (lambda* (#:key outputs make-flags #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (libexec (string-append out "/libexec"))
+                    (uboot-files (find-files "." ".*\\.(bin|efi|spl)$")))
+               (mkdir-p libexec)
+               (for-each
+                (lambda (file)
+                  (let ((target-file (string-append libexec "/" file)))
+                    (mkdir-p (dirname target-file))
+                    (copy-file file target-file)))
+                uboot-files)))))))))
+
+(define-public u-boot-vexpress
+  (make-u-boot-package "vexpress_ca9x4" "arm-linux-gnueabihf"))
+
+(define-public u-boot-malta
+  (make-u-boot-package "malta" "mips64el-linux-gnuabi64"))
+
+(define-public u-boot-beagle-bone-black
+  (make-u-boot-package "am335x_boneblack" "arm-linux-gnueabihf"))
diff --git a/gnu/packages/bootstrap.scm b/gnu/packages/bootstrap.scm
index dd922c3ae4..c8d94c8303 100644
--- a/gnu/packages/bootstrap.scm
+++ b/gnu/packages/bootstrap.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -28,7 +28,7 @@
   #:use-module ((guix store) #:select (add-to-store add-text-to-store))
   #:use-module ((guix derivations) #:select (derivation))
   #:use-module ((guix utils) #:select (gnu-triplet->nix-system))
-  #:use-module (guix combinators)
+  #:use-module (guix memoization)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-26)
   #:use-module (ice-9 match)
@@ -131,30 +131,29 @@ successful, or false to signal an error."
     (license gpl3+)))
 
 (define package-with-bootstrap-guile
-  (memoize
-   (lambda (p)
+  (mlambda (p)
     "Return a variant of P such that all its origins are fetched with
 %BOOTSTRAP-GUILE."
     (define rewritten-input
       (match-lambda
-       ((name (? origin? o))
-        `(,name ,(bootstrap-origin o)))
-       ((name (? package? p) sub-drvs ...)
-        `(,name ,(package-with-bootstrap-guile p) ,@sub-drvs))
-       (x x)))
+        ((name (? origin? o))
+         `(,name ,(bootstrap-origin o)))
+        ((name (? package? p) sub-drvs ...)
+         `(,name ,(package-with-bootstrap-guile p) ,@sub-drvs))
+        (x x)))
 
     (package (inherit p)
-      (source (match (package-source p)
-                ((? origin? o) (bootstrap-origin o))
-                (s s)))
-      (inputs (map rewritten-input
-                   (package-inputs p)))
-      (native-inputs (map rewritten-input
-                          (package-native-inputs p)))
-      (propagated-inputs (map rewritten-input
-                              (package-propagated-inputs p)))
-      (replacement (and=> (package-replacement p)
-                          package-with-bootstrap-guile))))))
+             (source (match (package-source p)
+                       ((? origin? o) (bootstrap-origin o))
+                       (s s)))
+             (inputs (map rewritten-input
+                          (package-inputs p)))
+             (native-inputs (map rewritten-input
+                                 (package-native-inputs p)))
+             (propagated-inputs (map rewritten-input
+                                     (package-propagated-inputs p)))
+             (replacement (and=> (package-replacement p)
+                                 package-with-bootstrap-guile)))))
 
 (define* (glibc-dynamic-linker
           #:optional (system (or (and=> (%current-target-system)
diff --git a/gnu/packages/calendar.scm b/gnu/packages/calendar.scm
index a2ab5d299f..bc044918a8 100644
--- a/gnu/packages/calendar.scm
+++ b/gnu/packages/calendar.scm
@@ -84,14 +84,13 @@ data units.")
 (define-public khal
   (package
     (name "khal")
-    (version "0.8.4")
+    (version "0.9.1")
     (source (origin
              (method url-fetch)
              (uri (pypi-uri "khal" version))
-             (patches (search-patches "khal-disable-failing-tests.patch"))
              (sha256
               (base32
-               "03vy4dp9n43w51mwqjjy08dr5nj7wxqnb085visz3j43vzm42p1f"))))
+               "15rxjphjp46lz7gbs39d1ajd9flnhmhqicjh9bjpx3yi5xx4iawr"))))
     (build-system python-build-system)
     (arguments
      `(#:phases (modify-phases %standard-phases
diff --git a/gnu/packages/cdrom.scm b/gnu/packages/cdrom.scm
index 44f4eb035a..293bf16ade 100644
--- a/gnu/packages/cdrom.scm
+++ b/gnu/packages/cdrom.scm
@@ -3,7 +3,7 @@
 ;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
 ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
-;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
 ;;;
@@ -294,7 +294,7 @@ from an audio CD.")
 (define-public abcde
   (package
     (name "abcde")
-    (version "2.7.2")
+    (version "2.8.1")
     (home-page "https://abcde.einval.com/")
     (source (origin
               (method url-fetch)
@@ -302,7 +302,7 @@ from an audio CD.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1pakpi41k8yd780mfp0snhia6mmwjwxk9lcrq6gynimch8b8hfda"))
+                "0f9bjs0phk23vry7gvh0cll9vl6kmc1y4fwwh762scfdvpbp3774"))
               (modules '((guix build utils)))
               (snippet
                '(substitute* "Makefile"
diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm
index f0a6ff4d1c..9ad03cd558 100644
--- a/gnu/packages/check.scm
+++ b/gnu/packages/check.scm
@@ -180,13 +180,13 @@ format.")
 (define-public cppcheck
   (package
     (name "cppcheck")
-    (version "1.76.1")
+    (version "1.77")
     (source (origin
       (method url-fetch)
       (uri (string-append "https://github.com/danmar/cppcheck/archive/"
                           version ".tar.gz"))
       (sha256
-       (base32 "08pcawg36h850n4i794b2158jcv49f8a54dg3dikdkc1cwknwgjz"))
+       (base32 "1fn26p0xvfrdbhxjhy6aqhkk63n3fvrdb2ygcn9wg4vaandhmbkn"))
       (file-name (string-append name "-" version ".tar.gz"))))
     (build-system cmake-build-system)
     (home-page "http://cppcheck.sourceforge.net")
diff --git a/gnu/packages/ci.scm b/gnu/packages/ci.scm
index 15a94c5ee3..c25bc389c0 100644
--- a/gnu/packages/ci.scm
+++ b/gnu/packages/ci.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;; Copyright © 2016, 2017 Mathieu Lirzin <mthl@gnu.org>
+;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -186,8 +187,8 @@ their dependencies.")
       (license l:gpl3+))))
 
 (define-public cuirass
-  (let ((commit "d0a5801e397335bb44d8033e5deddf02c1cc99c2")
-        (revision "3"))
+  (let ((commit "f695c79eb3b93a0432901844c8ede16de39b8d07")
+        (revision "4"))
     (package
       (name "cuirass")
       (version (string-append "0.0.1-" revision "." (string-take commit 7)))
@@ -199,7 +200,7 @@ their dependencies.")
                 (file-name (string-append name "-" version))
                 (sha256
                  (base32
-                  "0sa94dgp9w6av7i0a570fv9a9yq03jkxdrm5d75h6szsp1kiyw2i"))))
+                  "1zsj3l85d8jq7h9a0zfb2w5pyvlwkirgvis4bv60syhbpblfvmri"))))
       (build-system gnu-build-system)
       (arguments
        '(#:phases
diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index f5aa7f4faf..f91fdab153 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -190,43 +191,30 @@ COCOMO model or user-provided parameters.")
 (define-public the-silver-searcher
   (package
     (name "the-silver-searcher")
-    (version "0.32.0")
+    (version "1.0.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                    "https://github.com/ggreer/the_silver_searcher/archive/"
+                    "http://geoff.greer.fm/ag/releases/the_silver_searcher-"
                     version ".tar.gz"))
               (sha256
                (base32
-                "1k543cjpignwvy8avhchz8pkqrqcgcryps36ycy8mz2w5rbhicn5"))
-              (file-name (string-append name "-" version ".tar.gz"))))
+                "0v54himv65w294l0k4lhdyc6kvpgijn8b9g5356479fzy7hphjkg"))))
     (build-system gnu-build-system)
     (native-inputs
-     `(("autoconf" ,autoconf)
-       ("automake" ,automake)
-       ("libtool" ,libtool)
-       ("pkg-config" ,pkg-config)))
+     `(("pkg-config" ,pkg-config)))
     (inputs
      `(("pcre" ,pcre)
        ("xz" ,xz)
        ("zlib" ,zlib)))
-    (arguments
-     `(#:phases
-       ;; There is no configure yet, so let's create it, but let configure and
-       ;; make do the work in later phases.
-       (alist-cons-before 'configure 'autoconf
-                          (lambda _
-                            (substitute* "build.sh"
-                              (("./configure") "true")
-                              (("make -j4") "true"))
-                            (zero? (system* "sh" "build.sh")))
-                          %standard-phases)))
     (home-page "http://geoff.greer.fm/ag/")
     (synopsis "Fast code searching tool")
     (description
-     "The silver searcher, or 'ag', is tool for quickly searching through
-files, but compared to grep is much faster and respects files like .gitignore,
-.hgignore, etc.")
+     "The Silver Searcher (@command{ag}) is a tool for quickly searching large
+numbers of files.  It's intended primarily for source code repositories, and
+respects files like @file{.gitignore} and @file{.hgignore}.  It's also an order
+of magnitude faster than its inspiration, @command{ack}, and less specialised
+tools such as @command{grep}.")
     (license license:asl2.0)))
 
 (define-public trio
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 2e4de8173e..9897883184 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -7,13 +7,14 @@
 ;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
-;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
 ;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
-;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
 ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -38,6 +39,7 @@
   #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system perl)
+  #:use-module (guix build-system python)
   #:use-module (gnu packages)
   #:use-module (gnu packages assembly)
   #:use-module (gnu packages autotools)
@@ -45,7 +47,9 @@
   #:use-module (gnu packages base)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages python)
   #:use-module (gnu packages valgrind)
+  #:use-module (ice-9 match)
   #:use-module ((srfi srfi-1) #:select (last)))
 
 (define-public zlib
@@ -361,6 +365,44 @@ LZO is written in ANSI C.  Both the source code and the compressed data
 format are designed to be portable across platforms.")
     (license license:gpl2+)))
 
+(define-public python-lzo
+  (package
+    (name "python-lzo")
+    (version "1.11")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "python-lzo" version))
+       (sha256
+        (base32
+         "11p3ifg14p086byhhin6azx5svlkg8dzw2b5abixik97xd6fm81q"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:test-target "check"
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-setuppy
+           (lambda _
+             (substitute* "setup.py"
+               (("include_dirs.append\\(.*\\)")
+                (string-append "include_dirs.append('"
+                               (assoc-ref %build-inputs "lzo")
+                               "/include/lzo"
+                               "')")))
+             #t)))))
+    (inputs
+     `(("lzo" ,lzo)))
+    (home-page "https://github.com/jd-boyd/python-lzo")
+    (synopsis "Python bindings for the LZO data compression library")
+    (description
+     "Python-LZO provides Python bindings for LZO, i.e. you can access
+the LZO library from your Python scripts thereby compressing ordinary
+Python strings.")
+    (license license:gpl2+)))
+
+(define-public python2-lzo
+  (package-with-python2 python-lzo))
+
 (define-public lzop
   (package
     (name "lzop")
@@ -632,6 +674,31 @@ time for compression ratio.")
     ;; line interface programs (lz4, fullbench, fuzzer, datagen) are GPL2+.
     (license (list license:bsd-2 license:gpl2+))))
 
+(define-public python-lz4
+  (package
+    (name "python-lz4")
+    (version "0.8.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "lz4" version))
+       (sha256
+        (base32
+         "1irad4sq4hdr30fr53smvv3zzk4rddcf9b4jx19w8s9xsxhr1x3b"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-nose" ,python-nose)))
+    (home-page "https://github.com/python-lz4/python-lz4")
+    (synopsis "LZ4 Bindings for Python")
+    (description
+     "This package provides python bindings for the lz4 compression library
+by Yann Collet.  The project contains bindings for the LZ4 block format and
+the LZ4 frame format.")
+    (license license:bsd-3)))
+
+(define-public python2-lz4
+  (package-with-python2 python-lz4))
+
 (define-public squashfs-tools
   (package
     (name "squashfs-tools")
@@ -923,7 +990,8 @@ for most inputs, but the resulting compressed files are anywhere from 20% to
                   (delete-file-recursively "CPP/7zip/Archive/Rar")
                   (delete-file-recursively "CPP/7zip/Compress/Rar")
                   #t))
-              (patches (search-patches "p7zip-remove-unused-code.patch"))))
+              (patches (search-patches "p7zip-CVE-2016-9296.patch"
+                                       "p7zip-remove-unused-code.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:make-flags
@@ -1001,3 +1069,62 @@ handles the 7z format which features very high compression ratios.")
     (description "gzstream is a small library for providing zlib
 functionality in a C++ iostream.")
     (license license:lgpl2.1+)))
+
+(define-public zpaq
+  (package
+    (name "zpaq")
+    (version "7.15")
+    (source
+     (origin
+       (method url-fetch/zipbomb)
+       (uri (string-append "http://mattmahoney.net/dc/zpaq"
+                           (string-delete #\. version) ".zip"))
+       (sha256
+        (base32
+         "066l94yyladlfzri877nh2dhkvspagjn3m5bmv725fmhkr9c4pp8"))
+       (modules '((guix build utils)))
+       (snippet
+        ;; Delete irrelevant pre-compiled binaries.
+        '(for-each delete-file (find-files "." "\\.exe$")))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (delete 'configure))           ; no ‘configure’ script
+       #:make-flags
+       (list
+        (string-append "CPPFLAGS=-Dunix"
+                       ,(match (or (%current-target-system)
+                                   (%current-system))
+                               ("x86_64-linux"  "")
+                               ("i686-linux"    "")
+                               (_               " -DNOJIT")))
+        ;; These should be safe, lowest-common-denominator instruction sets,
+        ;; allowing for some optimisation while remaining reproducible.
+        (string-append "CXXFLAGS=-O3 -DNDEBUG"
+                       ,(match (or (%current-target-system)
+                                   (%current-system))
+                               ("x86_64-linux"  " -march=nocona -mtune=generic")
+                               ("i686-linux"    " -march=i686 -mtune=generic")
+                               ("armhf-linux"   " -mtune=generic-armv7-a")
+                               (_               "")))
+        (string-append "PREFIX="
+                       (assoc-ref %outputs "out")))))
+    (native-inputs
+     `(("perl" ,perl)))                 ; for pod2man
+    (home-page "http://mattmahoney.net/dc/zpaq.html")
+    (synopsis "Incremental journaling archiver")
+    (description "ZPAQ is a command-line archiver for realistic situations with
+many duplicate and already compressed files.  It backs up only those files
+modified since the last update.  All previous versions remain untouched and can
+be independently recovered.  Identical files are only stored once (known as
+@dfn{de-duplication}).  Archives can also be encrypted.
+
+ZPAQ is intended to back up user data, not entire operating systems.  It ignores
+owner and group IDs, ACLs, extended attributes, or special file types like
+devices, sockets, or named pipes.  It does not follow or restore symbolic links
+or junctions, and always follows hard links.")
+    (license (list license:public-domain
+                   ;; libzpaq.cpp contains a mix of public-domain and
+                   ;; expat-licenced (or ‘MIT’) code.
+                   license:expat))))
diff --git a/gnu/packages/compton.scm b/gnu/packages/compton.scm
new file mode 100644
index 0000000000..a0a644db7b
--- /dev/null
+++ b/gnu/packages/compton.scm
@@ -0,0 +1,106 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 José Miguel Sánchez García <jmi2k@openmailbox.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages compton)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix build-system gnu)
+  #:use-module (gnu packages docbook)
+  #:use-module (gnu packages documentation)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages textutils)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xml)
+  #:use-module (gnu packages xorg))
+
+(define-public compton
+  (let ((upstream-version "0.1_beta2"))
+    (package
+      (name "compton")
+      (version (string-filter (char-set-complement (char-set #\_))
+                              upstream-version))
+      (source (origin
+                (method url-fetch)
+                (uri (string-append
+                      "https://github.com/chjj/" name "/archive/v"
+                      upstream-version ".tar.gz"))
+                (sha256
+                 (base32
+                  "02dhlqqcwnmlf2dxg7rd4lapgqahgndzixdkbpxicq9jawmdb73v"))
+                (file-name (string-append name "-" version "-checkout"))))
+      (build-system gnu-build-system)
+      (inputs
+       `(("dbus" ,dbus)
+         ("docbook-xml" ,docbook-xml)
+         ("libconfig" ,libconfig)
+         ("libx11" ,libx11)
+         ("libxcomposite" ,libxcomposite)
+         ("libxdamage" ,libxdamage)
+         ("libxext" ,libxext)
+         ("libxfixes" ,libxfixes)
+         ("libxinerama" ,libxinerama)
+         ("libxml2" ,libxml2)
+         ("libxrandr" ,libxrandr)
+         ("libxrender" ,libxrender)
+         ("libxslt" ,libxslt)
+         ("mesa" ,mesa)
+         ("xprop" ,xprop)
+         ("xwininfo" ,xwininfo)))
+      (native-inputs
+       `(("asciidoc" ,asciidoc)
+         ("libdrm" ,libdrm)
+         ("pkg-config" ,pkg-config)
+         ("python" ,python)
+         ("xproto" ,xproto)))
+      (arguments
+       `(#:make-flags (list
+                       "CC=gcc"
+                       "NO_REGEX_PCRE=1"          ; pcre makes build fail
+                       (string-append "PREFIX=" (assoc-ref %outputs "out")))
+         #:tests? #f                              ; no tests
+         #:phases
+         (modify-phases %standard-phases
+           (delete 'configure))))
+      (home-page "https://github.com/chjj/compton")
+      (synopsis "Compositor for X11")
+      (description
+       "Compton is a compositor for the Xorg display server and a for of
+xcompmgr-dana, which implements some changes like:
+
+@itemize
+@item OpenGL backend (@command{--backend glx}), in addition to the old X Render
+backend.
+@item Inactive window transparency (@command{-i}) and dimming
+(@command{--inactive-dim}).
+@item Menu transparency (@command{-m}, thanks to Dana).
+@item Shadows are now enabled for argb windows, e.g terminals with transparency
+@item Removed serverside shadows (and simple compositing) to clean the code,
+the only option that remains is clientside shadows.
+@item Configuration files (see the man page for more details).
+@item Colored shadows (@command{--shadow-[red/green/blue]}).
+@item A new fade system.
+@item VSync support (not always working).
+@item Blur of background of transparent windows, window color inversion (bad in
+performance).
+@item Some more options...
+@end itemize\n")
+      (license license:expat))))
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index e4a8a4bd54..d7888e6042 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox>
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
@@ -378,3 +378,39 @@ no man page, refer to the home page for usage details.")
 storage files: it can be operated from commandline and it can integrate with a
 user's graphical desktop.")
     (license license:gpl3+)))
+
+(define-public scrypt
+  (package
+    (name "scrypt")
+    (version "1.2.0")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://www.tarsnap.com/scrypt/scrypt-"
+                            version ".tgz"))
+        (sha256
+         (base32
+          "1m39hpfby0fdjam842773i5w7pa0qaj7f0r22jnchxsj824vqm0p"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases (modify-phases %standard-phases
+        (add-after 'unpack 'patch-command-invocations
+          (lambda _
+            (substitute* "Makefile.in"
+              (("command -p") ""))
+            #t))
+        (add-after 'install 'install-docs
+          (lambda* (#:key outputs #:allow-other-keys)
+            (let* ((out (assoc-ref %outputs "out"))
+                   (misc (string-append out "/share/doc/scrypt")))
+              (install-file "FORMAT" misc)
+              #t))))))
+    (inputs
+     `(("openssl" ,openssl)))
+    (home-page "https://www.tarsnap.com/scrypt.html")
+    (synopsis "Memory-hard encryption tool based on scrypt")
+    (description "This packages provides a simple password-based encryption
+utility as a demonstration of the @code{scrypt} key derivation function.
+@code{Scrypt} is designed to be far more resistant against hardware brute-force
+attacks than alternative functions such as @code{PBKDF2} or @code{bcrypt}.")
+    (license license:bsd-2)))
diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index ca16958352..39ab41c192 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
+;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -51,6 +52,7 @@
 (define-public cups-filters
   (package
     (name "cups-filters")
+    (replacement cups-filters/fixed)
     (version "1.13.1")
     (source(origin
               (method url-fetch)
@@ -133,6 +135,13 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
                    license:lgpl2.0+
                    license:expat))))
 
+(define mupdf/fixed-instead-of-mupdf
+  (package-input-rewriting `((,mupdf . ,(@@ (gnu packages pdf) mupdf/fixed)))))
+
+;;; Fix CVE-2016-10132 and CVE-2016-10133. See mupdf/fixed for more information.
+(define cups-filters/fixed
+  (mupdf/fixed-instead-of-mupdf cups-filters))
+
 ;; CUPS on non-MacOS systems requires cups-filters.  Since cups-filters also
 ;; depends on CUPS libraries and binaries, cups-minimal has been added to
 ;; satisfy this dependency.
diff --git a/gnu/packages/cyrus-sasl.scm b/gnu/packages/cyrus-sasl.scm
index 89a4a49797..62bd718ab9 100644
--- a/gnu/packages/cyrus-sasl.scm
+++ b/gnu/packages/cyrus-sasl.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;;
@@ -21,7 +21,7 @@
 (define-module (gnu packages cyrus-sasl)
   #:use-module (gnu packages)
   #:use-module (gnu packages databases)
-  #:use-module (gnu packages mit-krb5)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages tls)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index e05a337e47..fd8baa1531 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -13,6 +13,8 @@
 ;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;; Copyright © 2016 Andy Patterson <ajpatter@uwaterloo.ca>
+;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -31,37 +33,37 @@
 
 (define-module (gnu packages databases)
   #:use-module (gnu packages)
+  #:use-module (gnu packages algebra)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages avahi)
+  #:use-module (gnu packages base)
   #:use-module (gnu packages bash)
+  #:use-module (gnu packages bison)
   #:use-module (gnu packages boost)
+  #:use-module (gnu packages check)
+  #:use-module (gnu packages compression)
   #:use-module (gnu packages crypto)
+  #:use-module (gnu packages curl)
+  #:use-module (gnu packages cyrus-sasl)
+  #:use-module (gnu packages emacs)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages glib)
-  #:use-module (gnu packages perl)
+  #:use-module (gnu packages gnupg)
+  #:use-module (gnu packages jemalloc)
   #:use-module (gnu packages language)
   #:use-module (gnu packages linux)
-  #:use-module (gnu packages tcl)
-  #:use-module (gnu packages tls)
-  #:use-module (gnu packages compression)
   #:use-module (gnu packages ncurses)
-  #:use-module (gnu packages readline)
-  #:use-module (gnu packages emacs)
-  #:use-module (gnu packages check)
-  #:use-module (gnu packages algebra)
-  #:use-module (gnu packages curl)
-  #:use-module (gnu packages cyrus-sasl)
-  #:use-module (gnu packages gnupg)
-  #:use-module (gnu packages python)
+  #:use-module (gnu packages parallel)
   #:use-module (gnu packages pcre)
+  #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages popt)
+  #:use-module (gnu packages python)
   #:use-module (gnu packages rdf)
+  #:use-module (gnu packages readline)
+  #:use-module (gnu packages tcl)
+  #:use-module (gnu packages tls)
   #:use-module (gnu packages xml)
-  #:use-module (gnu packages bison)
-  #:use-module (gnu packages jemalloc)
-  #:use-module ((guix licenses)
-                #:select (gpl2 gpl3 gpl3+ lgpl2.1+ lgpl3+ x11-style non-copyleft
-                          bsd-2 bsd-3 public-domain))
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
@@ -116,7 +118,7 @@
     (synopsis "Clustered RDF storage and query engine")
     (description "4store is a RDF/SPARQL store written in C, supporting
 either single machines or networked clusters.")
-      (license gpl3+)))
+    (license license:gpl3+)))
 
 (define-public gdbm
   (package
@@ -138,7 +140,7 @@ either single machines or networked clusters.")
      "GDBM is a library for manipulating hashed databases.  It is used to
 store key/value pairs in a file in a manner similar to the Unix dbm library
 and provides interfaces to the traditional file format.")
-    (license gpl3+)))
+    (license license:gpl3+)))
 
 (define-public bdb
   (package
@@ -190,8 +192,9 @@ and provides interfaces to the traditional file format.")
     (description
      "Berkeley DB is an embeddable database allowing developers the choice of
 SQL, Key/Value, XML/XQuery or Java Object storage for their data model.")
-    (license (non-copyleft "file://LICENSE"
-                           "See LICENSE in the distribution."))
+    ;; Starting with version 6, BDB is distributed under AGPL3. Many individual
+    ;; files are covered by the 3-clause BSD license.
+    (license (list license:agpl3+ license:bsd-3))
     (home-page
      "http://www.oracle.com/us/products/database/berkeley-db/overview/index.html")))
 
@@ -199,6 +202,8 @@ SQL, Key/Value, XML/XQuery or Java Object storage for their data model.")
   (package (inherit bdb)
     (name "bdb")
     (version "5.3.28")
+    (license (license:non-copyleft "file://LICENSE"
+                                   "See LICENSE in the distribution."))
     (source (origin
               (method url-fetch)
               (uri (string-append "http://download.oracle.com/berkeley-db/db-"
@@ -207,6 +212,44 @@ SQL, Key/Value, XML/XQuery or Java Object storage for their data model.")
                (base32
                 "0a1n5hbl7027fbz5lm0vp0zzfp1hmxnz14wx3zl9563h83br5ag0"))))))
 
+(define-public leveldb
+  (package
+    (name "leveldb")
+    (version "1.19")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/google/leveldb"
+                                  "/archive/v" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "00jjgs9xlwycfkg0xd7n1rj6v9zrx7xc7hann6zalrjyhap18ykx"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:make-flags (list "CC=gcc")
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (replace 'install
+           ;; There is no install target, so we do it here.
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (lib (string-append out "/lib"))
+                    (include (string-append out "/include")))
+               (for-each (lambda (file)
+                           (install-file file lib))
+                         (find-files "out-shared" "^libleveldb\\.so.*$"))
+               (copy-recursively "include" include)
+               #t))))))
+    (inputs
+     `(("snappy" ,snappy)))
+    (home-page "http://leveldb.org/")
+    (synopsis "Fast key-value storage library")
+    (description
+     "LevelDB is a fast key-value storage library that provides an ordered
+mapping from string keys to string values.")
+    (license license:bsd-3)))
+
 (define-public mysql
   (package
     (name "mysql")
@@ -280,12 +323,12 @@ SQL, Key/Value, XML/XQuery or Java Object storage for their data model.")
      "MySQL is a fast, reliable, and easy to use relational database
 management system that supports the standardized Structured Query
 Language.")
-    (license gpl2)))
+    (license license:gpl2)))
 
 (define-public mariadb
   (package
     (name "mariadb")
-    (version "10.1.20")
+    (version "10.1.21")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://downloads.mariadb.org/f/"
@@ -293,7 +336,7 @@ Language.")
                                   name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1fd0kfw94iyprf0466kjw5mwmj4ky0i997lz6499jkb79pr86kn2"))))
+                "144lcm5awcf0k6a7saqfr4p2kg8r5wbdhdm4cmn2m8hyg1an70as"))))
     (build-system cmake-build-system)
     (arguments
      '(#:configure-flags
@@ -348,19 +391,19 @@ Language.")
     (description
      "MariaDB is a multi-user and multi-threaded SQL database server, designed
 as a drop-in replacement of MySQL.")
-    (license gpl2)))
+    (license license:gpl2)))
 
 (define-public postgresql
   (package
     (name "postgresql")
-    (version "9.5.5")
+    (version "9.5.6")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://ftp.postgresql.org/pub/source/v"
                                   version "/postgresql-" version ".tar.bz2"))
               (sha256
                (base32
-                "157kf6mdazmxfmd11f0akya2xcz6sfgprn7yqc26dpklps855ih2"))))
+                "0bz1b9r249ffjfvldaiah2g78ccwq30ddh8hdvlq61z26inmz7mv"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -384,7 +427,34 @@ stored procedures (in multiple languages).  It includes most SQL:2008 data
 types, including INTEGER, NUMERIC, BOOLEAN, CHAR, VARCHAR, DATE, INTERVAL, and
 TIMESTAMP.  It also supports storage of binary large objects, including
 pictures, sounds, or video.")
-    (license (x11-style "file://COPYRIGHT"))))
+    (license (license:x11-style "file://COPYRIGHT"))))
+
+(define-public qdbm
+  (package
+    (name "qdbm")
+    (version "1.8.78")
+    (source
+      (origin
+       (method url-fetch)
+       (uri (string-append "http://fallabs.com/" name "/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0gmpvhn02pkq280ffmn4da1g4mdr1xxz7l80b7y4n7km1mrzwrml"))))
+    (build-system gnu-build-system)
+    (arguments
+     `( #:configure-flags (list (string-append "LDFLAGS=-Wl,-rpath="
+                                               (assoc-ref %outputs "out")
+                                               "/lib"))))
+    (home-page "http://fallabs.com/qdbm")
+    (synopsis "Key-value database")
+    (description "QDBM is a library of routines for managing a
+database.  The database is a simple data file containing key-value
+pairs.  Every key and value is serial bytes with variable length.
+Binary data as well as character strings can be used as a key or a
+value.  There is no concept of data tables or data types.  Records are
+organized in a hash table or B+ tree.")
+    (license license:lgpl2.1+)))
 
 (define-public recutils
   (package
@@ -440,9 +510,97 @@ manipulating text-based, human-editable databases.  Despite being text-based,
 databases created with Recutils carry all of the expected features such as
 unique fields, primary keys, time stamps and more.  Many different field
 types are supported, as is encryption.")
-    (license gpl3+)
+    (license license:gpl3+)
     (home-page "http://www.gnu.org/software/recutils/")))
 
+(define-public rocksdb
+  (package
+    (name "rocksdb")
+    (version "5.1.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/facebook/rocksdb"
+                                  "/archive/v" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1qdbs13al7g45xc2j44wzx0ywrg32q1gsdhk5j6j4952xg91rfmh"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  ;; TODO: unbundle gtest.
+                  (delete-file "build_tools/gnu_parallel")
+                  #t))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:make-flags (list "CC=gcc"
+                          ;; Make the resulting library position-independent so the
+                          ;; static version can be included in shared objects.
+                          "EXTRA_CXXFLAGS=-fPIC"
+                          (string-append "INSTALL_PATH="
+                                         (assoc-ref %outputs "out")))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-Makefile
+           (lambda _
+             (substitute* "Makefile"
+               (("build_tools/gnu_parallel") "parallel")
+               (("#!/bin/sh") (string-append "#!" (which "sh"))))
+             #t))
+         (delete 'configure)
+         (add-before 'check 'disable-failing-tests
+           (lambda _
+             (substitute* "Makefile"
+               ;; These tests reliably fail due to "Too many open files".
+               (("^[[:blank:]]+env_test[[:blank:]]+\\\\") "\\")
+               (("^[[:blank:]]+persistent_cache_test[[:blank:]]+\\\\") "\\"))
+             #t))
+         (add-after
+          'check 'build-release-libraries
+          ;; The 'check' target depends on the default target which is compiled
+          ;; with debug symbols. The 'install' target depends on shared and
+          ;; static release targets so we build them here for clarity.
+          ;; TODO: Add debug output.
+          (lambda* (#:key (make-flags '()) #:allow-other-keys)
+            ;; Prevent the build from adding machine-specific optimizations.
+            ;; This does not work if passed as a make flag...
+            (setenv "PORTABLE" "1")
+            (and (zero? (apply system* "make" "static_lib" make-flags))
+                 (zero? (apply system* "make" "shared_lib" make-flags)))))
+         (add-after 'install 'delete-static-library
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (lib (string-append out "/lib")))
+               (for-each (lambda (file)
+                           (delete-file file))
+                         (find-files lib "\\.l?a$"))
+               #t))))))
+    (native-inputs
+     `(("parallel" ,parallel)
+       ("perl" ,perl)
+       ("procps" ,procps)
+       ("python" ,python-2)
+       ("which" ,which)))
+    (inputs
+     `(("bzip2" ,bzip2)
+       ("gflags" ,gflags)
+       ("jemalloc" ,jemalloc)
+       ("lz4" ,lz4)
+       ("snappy" ,snappy)
+       ("zlib" ,zlib)))
+    (home-page "http://rocksdb.org/")
+    (synopsis "Persistent key-value store for fast storage")
+    (description
+     "RocksDB is a library that forms the core building block for a fast
+key-value server, especially suited for storing data on flash drives.  It
+has a @dfn{Log-Structured-Merge-Database} (LSM) design with flexible tradeoffs
+between @dfn{Write-Amplification-Factor} (WAF), @dfn{Read-Amplification-Factor}
+(RAF) and @dfn{Space-Amplification-Factor} (SAF).  It has multi-threaded
+compactions, making it specially suitable for storing multiple terabytes of
+data in a single database.  RocksDB is partially based on @code{LevelDB}.")
+    ;; RocksDB is BSD-3 and the JNI adapter is Apache 2.0.
+    (license (list license:bsd-3 license:asl2.0))))
+
 (define-public sparql-query
   (package
     (name "sparql-query")
@@ -502,7 +660,7 @@ edit previous queries, even across sessions.  It can be used non-interactively,
 for example from a shell script.")
     ;; Some files (like scan-sparql.c) contain a GPLv3+ license header, while
     ;; others (like sparql-query.c) contain a GPLv2+ license header.
-    (license (list gpl3+))))
+    (license (list license:gpl3+))))
 
 (define-public sqlite
   (package
@@ -556,7 +714,7 @@ for example from a shell script.")
 zero-configuration, transactional SQL database engine.  SQLite is the most
 widely deployed SQL database engine in the world.  The source code for SQLite
 is in the public domain.")
-   (license public-domain)))
+   (license license:public-domain)))
 
 (define-public sqlite-3.15.1
   (package (inherit sqlite)
@@ -613,7 +771,7 @@ is in the public domain.")
 and BSD's DB except that it allows multiple simultaneous writers and uses
 locking internally to keep writers from trampling on each other.  TDB is also
 extremely small.")
-    (license lgpl3+)))
+    (license license:lgpl3+)))
 
 (define-public perl-dbi
   (package
@@ -958,7 +1116,7 @@ valid SQL query.")
    (description "Unixodbc is a library providing an API with which to access
 data sources.  Data sources include SQL Servers and any software with an ODBC
 Driver.")
-   (license lgpl2.1+)
+   (license license:lgpl2.1+)
    ;; COPYING contains copy of lgpl2.1 - but copyright notices just say "LGPL"
    (home-page "http://www.unixodbc.org")))
 
@@ -986,7 +1144,7 @@ self-contained, serverless, zero-configuration, transactional NoSQL
 database engine.  UnQLite is a document store database similar to
 MongoDB, Redis, CouchDB, etc. as well as a standard Key/Value store
 similar to BerkeleyDB, LevelDB, etc.")
-    (license bsd-2)))
+    (license license:bsd-2)))
 
 (define-public redis
   (package
@@ -1014,7 +1172,7 @@ similar to BerkeleyDB, LevelDB, etc.")
 supports many data structures including strings, hashes, lists, sets, sorted
 sets, bitmaps and hyperloglogs.")
     (home-page "http://redis.io/")
-    (license bsd-3)))
+    (license license:bsd-3)))
 
 (define-public kyotocabinet
   (package
@@ -1041,12 +1199,12 @@ sets, bitmaps and hyperloglogs.")
      "Kyoto Cabinet is a standalone file-based database that supports Hash
 and B+ Tree data storage models.  It is a fast key-value lightweight
 database and supports many programming languages.  It is a NoSQL database.")
-    (license gpl3+)))
+    (license license:gpl3+)))
 
 (define-public wiredtiger
   (package
     (name "wiredtiger")
-    (version "2.8.0")
+    (version "2.9.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1054,7 +1212,7 @@ database and supports many programming languages.  It is a NoSQL database.")
                     version ".tar.bz2"))
               (sha256
                (base32
-                "1qh7y5paisdxq19jgg81ld7i32lz920n5k30hdpxnr8ll9c4hgjr"))))
+                "0krwnb2zfbhvjaskwl875qzd3y626s84zcciq2mxr5c5riw3yh6s"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--enable-lz4" "--enable-zlib")
@@ -1077,7 +1235,7 @@ row-oriented storage (where all columns of a row are stored together),
 column-oriented storage (where columns are stored in groups, allowing for
 more efficient access and storage of column subsets) and log-structured merge
 trees (LSM), for sustained throughput under random insert workloads.")
-    (license gpl3) ; or GPL-2
+    (license license:gpl3) ; or GPL-2
     ;; configure.ac: WiredTiger requires a 64-bit build.
     (supported-systems '("x86_64-linux" "mips64el-linux"))))
 
@@ -1245,3 +1403,31 @@ development.")
     ;; test/crypto.test are licensed under a 3-clause BSD license. All other
     ;; source files are in the public domain.
     (license (list license:public-domain license:bsd-3))))
+
+(define-public python-pyodbc-c
+  (package
+    (name "python-pyodbc-c")
+    (version "3.1.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://gitlab.com/daym/pyodbc-c/repository/"
+                           "archive.tar.gz?ref=v" version))
+       (sha256
+        (base32
+         "05aq2297k779xidmxcwkrrxjvj1bh2q7d9a1rcjv6zr15y764ga9"))
+       (file-name (string-append name "-" version ".tar.gz"))))
+    (build-system python-build-system)
+    (inputs
+     `(("unixodbc" ,unixodbc)))
+    (arguments
+     `(;; No unit tests exist.
+       #:tests? #f))
+    (home-page "https://github.com/mkleehammer/pyodbc")
+    (synopsis "Python ODBC Library")
+    (description "@code{python-pyodbc-c} provides a Python DB-API driver
+for ODBC.")
+    (license (license:x11-style "file://LICENSE.TXT"))))
+
+(define-public python2-pyodbc-c
+  (package-with-python2 python-pyodbc-c))
diff --git a/gnu/packages/datamash.scm b/gnu/packages/datamash.scm
index 9889f16646..78ed868fa9 100644
--- a/gnu/packages/datamash.scm
+++ b/gnu/packages/datamash.scm
@@ -28,7 +28,7 @@
 (define-public datamash
   (package
     (name "datamash")
-    (version "1.1.0")
+    (version "1.1.1")
     (source
      (origin
       (method url-fetch)
@@ -36,7 +36,7 @@
                           version ".tar.gz"))
       (sha256
        (base32
-        "1c2bj0jrm4fxkf0ykxkzgyk1l9s0idqm8rbzmk3n9pgldb4arrd9"))))
+        "06w0pc828qsabmrlh7bc2zwc823xzxy89paaf37f6bipsyrij222"))))
     (native-inputs
      `(("which" ,which)                 ;for tests
        ("perl" ,perl)))                 ;for help2man
diff --git a/gnu/packages/disk.scm b/gnu/packages/disk.scm
index a4bb0be134..4cf9607a43 100644
--- a/gnu/packages/disk.scm
+++ b/gnu/packages/disk.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
-;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -45,6 +45,7 @@
   #:use-module (gnu packages readline)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages vim)
   #:use-module (gnu packages xml))
 
 (define-public parted
@@ -154,7 +155,7 @@ tables.")
 (define-public ddrescue
   (package
     (name "ddrescue")
-    (version "1.21")
+    (version "1.22")
     (source
      (origin
       (method url-fetch)
@@ -162,9 +163,9 @@ tables.")
                           version ".tar.lz"))
       (sha256
        (base32
-        "1b71hb42lh33y9843nd1mxlwkk9qh9ajvnz6ivzd1jq9lav4x7ph"))))
+        "19qhx9ggkkjl0g3a88g501wmybkj1y4n5lm5kp0km0blh0p7p189"))))
     (build-system gnu-build-system)
-    (home-page "http://www.gnu.org/software/ddrescue/ddrescue.html")
+    (home-page "https://www.gnu.org/software/ddrescue/ddrescue.html")
     (synopsis "Data recovery utility")
     (native-inputs `(("lzip" ,lzip)))
     (description
@@ -177,7 +178,7 @@ to recover data more efficiently by only reading the necessary blocks.")
 (define-public dosfstools
   (package
     (name "dosfstools")
-    (version "4.0")
+    (version "4.1")
     (source
      (origin
        (method url-fetch)
@@ -186,12 +187,13 @@ to recover data more efficiently by only reading the necessary blocks.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "1bvxbv1w6vhbx0nx7ygp700wq5k2hjv0hm7w0kz1x7amaf4p6dwh"))))
+         "0wy13i3i4x2bw1hf5m4fd0myh61f9bcrs035fdlf6gyc1jksrcp6"))))
     (build-system gnu-build-system)
     (arguments
      `(#:make-flags (list (string-append "PREFIX=" %output)
-                          "CC=gcc")
-       #:tests? #f))  ;no tests
+                          "CC=gcc")))
+    (native-inputs
+     `(("xxd" ,vim))) ; for tests
     (home-page "https://github.com/dosfstools/dosfstools")
     (synopsis "Utilities for making and checking MS-DOS FAT file systems")
     (description
diff --git a/gnu/packages/django.scm b/gnu/packages/django.scm
index 106d18a8d7..185fbf8e62 100644
--- a/gnu/packages/django.scm
+++ b/gnu/packages/django.scm
@@ -29,13 +29,13 @@
 (define-public python-django
   (package
     (name "python-django")
-    (version "1.10.3")
+    (version "1.10.5")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "Django" version))
               (sha256
                (base32
-                "0c4c8zs7kzb0bdlpy4vlzv6va26dbazr32h91rldf6waxs6z14kg"))))
+                "12szjsmnfhh2yr54sfynyjr8vl0q9gb6qak3ayqcifcinrs97f0d"))))
     (build-system python-build-system)
     (arguments
      '(#:phases
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index 9a4f4e108e..541979f587 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -28,6 +28,7 @@
   #:use-module (gnu packages base)
   #:use-module (gnu packages databases)
   #:use-module (gnu packages crypto)
+  #:use-module (gnu packages glib)
   #:use-module (gnu packages groff)
   #:use-module (gnu packages libevent)
   #:use-module (gnu packages linux)
@@ -53,11 +54,16 @@
                (base32
                 "15lzih6671gh9knzpl8mxchiml7z5lfqzr7jm2r0rjhrxs6nk4jb"))))
     (build-system gnu-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("dbus" ,dbus)))
     (arguments
      `(#:phases
        (alist-delete 'configure %standard-phases)
        #:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
-                          "CC=gcc")
+                          "CC=gcc"
+                          "COPTS=\"-DHAVE_DBUS\"")
        ;; No 'check' target.
        #:tests? #f))
     (home-page "http://www.thekelleys.org.uk/dnsmasq/doc.html")
@@ -76,7 +82,7 @@ and BOOTP/TFTP for network booting of diskless machines.")
 (define-public bind
   (package
     (name "bind")
-    (version "9.10.4-P5")
+    (version "9.10.4-P6")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -84,7 +90,7 @@ and BOOTP/TFTP for network booting of diskless machines.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "1sqg7wg05h66vdjc8j215r04f8pg7lphkb93nsqxvzhk6r0ppi49"))))
+                "0rgffdm0h6dks0np4h9q4kd8nyb3azrdxw2skqnjzd8ws78vzpx1"))))
     (build-system gnu-build-system)
     (outputs `("out" "utils"))
     (inputs
@@ -140,7 +146,7 @@ high-volume and high-reliability applications. The name BIND stands for
 (define-public dnscrypt-proxy
   (package
     (name "dnscrypt-proxy")
-    (version "1.8.1")
+    (version "1.9.4")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -148,7 +154,7 @@ high-volume and high-reliability applications. The name BIND stands for
                     "dnscrypt-proxy-" version ".tar.bz2"))
               (sha256
                (base32
-                "1dz0knslf7ysc2xx33ljrdlqyr4b0fpm9ifrwvwgcjaxgh94l7m8"))
+                "07piwsjczamwvdpv1585kg4awqakip51bwsm8nqi6bljww4agx7x"))
               (modules '((guix build utils)))
               (snippet
                ;; Delete bundled libltdl. XXX: This package also bundles
diff --git a/gnu/packages/education.scm b/gnu/packages/education.scm
index 3a883079fe..5444579059 100644
--- a/gnu/packages/education.scm
+++ b/gnu/packages/education.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
-;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -138,3 +139,56 @@ of categories with some of the activities available in that category.
 @end enumerate
 ")
     (license license:gpl3+)))
+
+(define-public tipp10
+  (package
+    (name "tipp10")
+    (version "2.1.0")
+    (source (origin
+              (method url-fetch)
+              ;; guix download is not able to handle the download links on the
+              ;; home-page, which use '<meta http-equiv="refresh" …>'
+              (uri (string-append "mirror://debian/pool/main/"
+                                  "t/tipp10/tipp10_2.1.0.orig.tar.gz"))
+              (sha256
+               (base32
+                "0d387b404j88gsv6kv0rb7wxr23v5g5vl6s5l7602x8pxf7slbbx"))
+              (patches (search-patches "tipp10-fix-compiling.patch"
+                                       "tipp10-remove-license-code.patch"))))
+    (build-system cmake-build-system)
+    (arguments
+     `(#:tests? #f ; packages has no tests
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'disable-new-version-check
+           (lambda _
+             ;; Make new version check to default to false.
+             ;; TODO: Remove the checkbox from the dialog and the check itself
+             (substitute* '("widget/settingspages.cpp" "widget/mainwindow.cpp")
+               (("settings.value(\"check_new_version\", true)")
+                "settings.value(\"check_new_version\", false)"))
+             #t))
+         (replace 'configure
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               ;; Make program honor $PREFIX
+               (substitute* "tipp10.pro"
+                 (("\\.path = /usr/") (string-append ".path = " out "/")))
+               (substitute* "def/defines.h"
+                 (("\"/usr/") (string-append "\"" out "/")))
+               ;; Recreate Makefile
+               (zero? (system* "qmake"))))))))
+    (inputs
+     `(("qt4" ,qt-4)
+       ("sqlite" ,sqlite)))
+    (home-page "https://www.tipp10.com/")
+    (synopsis "Touch typing tutor")
+    (description "Tipp10 is a touch typing tutor.  The ingenious thing about
+the software is its intelligence feature: characters that are mistyped are
+repeated more frequently.  Beginners will find their way around right away so
+they can start practicing without a hitch.
+
+Useful support functions and an extensive progress tracker, topical lessons
+and the ability to create your own practice lessons make learning to type
+easy.")
+    (license license:gpl2)))
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index 50cea76855..b361fcc4a5 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -1,10 +1,10 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 Taylan Ulrich Bayirli/Kammer <taylanbayirli@gmail.com>
-;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014, 2015, 2016, 2017 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch>
-;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
 ;;; Copyright © 2015, 2016 Christopher Allan Webber <cwebber@dustycloud.org>
 ;;; Copyright © 2016 humanitiesNerd <catonano@gmail.com>
@@ -12,11 +12,14 @@
 ;;; Copyright © 2016 David Thompson <davet@gnu.org>
 ;;; Copyright © 2016 Matthew Jordan <matthewjordandevops@yandex.com>
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
-;;; Copyright © 2016 Nicolas Goaziou <mail@nicolasgoaziou.fr>
+;;; Copyright © 2016, 2017 Nicolas Goaziou <mail@nicolasgoaziou.fr>
 ;;; Copyright © 2016 Alex Vong <alexvong1995@gmail.com>
 ;;; Copyright © 2016 Arun Isaac <arunisaac@systemreboot.net>
+;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
+;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -46,6 +49,7 @@
   #:use-module (guix build-system glib-or-gtk)
   #:use-module (guix build-system trivial)
   #:use-module (gnu packages)
+  #:use-module (gnu packages code)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages gnome)
@@ -106,7 +110,18 @@
                                    (find-files "." "loaddefs\\.el$")
                                    ;; This is the only "autoloads" file that
                                    ;; does not have "*loaddefs.el" name.
-                                   '("eshell/esh-groups.el")))))))
+                                   '("eshell/esh-groups.el")))
+
+                 ;; Make sure Tramp looks for binaries in the right places on
+                 ;; remote GuixSD machines, where 'getconf PATH' returns
+                 ;; something bogus.
+                 (substitute* "net/tramp-sh.el"
+                   ;; Patch the line after "(defcustom tramp-remote-path".
+                   (("\\(tramp-default-remote-path")
+                    (format #f "(tramp-default-remote-path ~s ~s ~s ~s "
+                            "~/.guix-profile/bin" "~/.guix-profile/sbin"
+                            "/run/current-system/profile/bin"
+                            "/run/current-system/profile/sbin")))))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(#:phases
@@ -398,7 +413,7 @@ configuration files, such as .gitattributes, .gitignore, and .git/config.")
 (define-public emacs-with-editor
   (package
     (name "emacs-with-editor")
-    (version "2.5.9")
+    (version "2.5.10")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -407,7 +422,7 @@ configuration files, such as .gitattributes, .gitignore, and .git/config.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0znfznyqr360ryi7za9szbz1l5236v2cig25s4k7kkw0w8828xzh"))))
+                "0lsxa1hghybkzvqhqvvym3hxbyp9vjcnnpb9j800z0vyhbnlka67"))))
     (build-system emacs-build-system)
     (propagated-inputs
      `(("emacs-dash" ,emacs-dash)))
@@ -423,7 +438,7 @@ on stdout instead of using a socket as the Emacsclient does.")
 (define-public magit
   (package
     (name "magit")
-    (version "2.10.0")
+    (version "2.10.1")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -431,7 +446,7 @@ on stdout instead of using a socket as the Emacsclient does.")
                    version "/" name "-" version ".tar.gz"))
              (sha256
               (base32
-               "1w74vy46z922kfs7gjkrng7wjpi481calpasqmjzpn3hqvgsd5d1"))))
+               "1a3gsarl0zrk1dydqn93kx7pnwm7pb7av7g17pj5m7b7kc66k7jv"))))
     (build-system gnu-build-system)
     (native-inputs `(("texinfo" ,texinfo)
                      ("emacs" ,emacs-minimal)))
@@ -967,6 +982,7 @@ provides an optional IDE-like error list.")
               ("mpg321" ,mpg321)
               ("taglib" ,taglib)
               ("mp3info" ,mp3info)))
+    (properties '((upstream-name . "emms")))
     (synopsis "Emacs Multimedia System")
     (description
      "EMMS is the Emacs Multimedia System.  It is a small front-end which
@@ -1066,6 +1082,44 @@ like.  It can be linked with various Emacs mail clients (Message and Mail
 mode, Rmail, Gnus, MH-E, and VM).  BBDB is fully customizable.")
     (license license:gpl3+)))
 
+(define-public emacs-ag
+  (package
+    (name "emacs-ag")
+    (version "0.47")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/Wilfred/ag.el/archive/"
+                    version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1rlmp6wnyhqfg86dbz17r914msp58favn4kd4yrdwyia265a4lar"))))
+    (build-system emacs-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-before 'install 'patch-exec-paths
+           (lambda* (#:key inputs #:allow-other-keys)
+             (emacs-substitute-variables "ag.el"
+               ("ag-executable"
+                (string-append (assoc-ref inputs "the-silver-searcher")
+                               "/bin/ag")))
+             #t)))))
+    (inputs
+     `(("the-silver-searcher" ,the-silver-searcher)))
+    (propagated-inputs
+     `(("dash" ,emacs-dash)
+       ("s" ,emacs-s)))
+    (home-page "https://github.com/Wilfred/ag.el")
+    (synopsis "Front-end for ag (the-silver-searcher) for Emacs")
+    (description "This package provides the ability to use the silver
+searcher, a code searching tool, sometimes abbreviated to @code{ag}.  Features
+include version control system awareness, use of Perl compatible regular
+expressions, editing the search results directly and searching file names
+rather than the contents of files.")
+    (license license:gpl3+)))
+
 (define-public emacs-async
   (package
     (name "emacs-async")
@@ -1090,7 +1144,7 @@ as a library for other Emacs packages.")
 (define-public emacs-auctex
   (package
     (name "emacs-auctex")
-    (version "11.88.6")
+    (version "11.90.0")
     (source
      (origin
        (method url-fetch)
@@ -1100,7 +1154,7 @@ as a library for other Emacs packages.")
              ".tar"))
        (sha256
         (base32
-         "1pmki8hdjjikxlvip3pzi350bln3gcimr27yjf0xfwjvnp5hh9nc"))))
+         "04nsndwcf0dimgc2p1yzzrymc36amzdnjg0158nxplmjkzdp28gy"))))
     (build-system emacs-build-system)
     ;; We use 'emacs' because AUCTeX requires dbus at compile time
     ;; ('emacs-minimal' does not provide dbus).
@@ -1391,6 +1445,29 @@ allows easily move between them.")
 strings.")
     (license license:gpl3+)))
 
+(define-public emacs-sx
+  (package
+    (name "emacs-sx")
+    (version "0.4")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/vermiculus/sx.el/"
+                                  "archive/v" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1w0xghfljqg31axcnv8gzlrd8pw25nji6idnrhflq0af9qh1dw03"))))
+    (build-system emacs-build-system)
+    (propagated-inputs
+     `(("emacs-markdown-mode" ,emacs-markdown-mode)
+       ("let-alist" ,let-alist)))
+    (home-page "https://github.com/vermiculus/sx.el/")
+    (synopsis "Emacs StackExchange client")
+    (description
+     "Emacs StackExchange client.  Ask and answer questions on
+Stack Overflow, Super User, and other StackExchange sites.")
+    (license license:gpl3+)))
+
 (define-public emacs-f
   (package
     (name "emacs-f")
@@ -1440,6 +1517,26 @@ Git, Mercurial, Subversion and Bazaar are supported, and many parts of the
 display and behaviour is easily customisable.")
     (license license:gpl3+)))
 
+(define-public emacs-git-timemachine
+  (package
+    (name "emacs-git-timemachine")
+    (version "3.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/pidu/git-timemachine/"
+                           "archive/" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1l4g0r69wfrnjsywv03v4bpdd53byg6zdx6mzabfxyymss3kvisa"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/pidu/git-timemachine")
+    (synopsis "Step through historic versions of Git-controlled files")
+    (description "This package enables you to step through historic versions
+of files under Git version control from within Emacs.")
+    (license license:gpl3+)))
+
 (define-public emacs-el-mock
   (package
     (name "emacs-el-mock")
@@ -1714,6 +1811,27 @@ evaluated in the browser, just like Emacs does with an inferior Lisp process
 in Lisp modes.")
     (license license:unlicense)))
 
+(define-public emacs-stripe-buffer
+  (package
+    (name "emacs-stripe-buffer")
+    (version "0.2.5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/sabof/stripe-buffer/"
+                           "archive/" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1p515dq7raly5hw94kiwm3vzsfih0d8af622q4ipvvljsm98aiik"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/sabof/stripe-buffer/")
+    (synopsis "Add stripes to list buffers")
+    (description
+     "This Emacs package adds faces to add stripes to list buffers and org
+tables.")
+    (license license:gpl2+)))
+
 (define-public emacs-rich-minority
   (package
     (name "emacs-rich-minority")
@@ -2703,14 +2821,14 @@ be removed from the front.  This type of data structure is sometimes called an
 (define-public emacs-spinner
   (package
     (name "emacs-spinner")
-    (version "1.7.1")
+    (version "1.7.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://elpa.gnu.org/packages/spinner-"
                                   version ".el"))
               (sha256
                (base32
-                "1fmwzdih0kbyvs8bn38mpm4sbs2mikqy2vdykfy9g20wpa8vb681"))))
+                "19kp1mmndbmw11sgvv2ggfjl4pyf5zrsbh3871f0965pw9z8vahd"))))
     (build-system emacs-build-system)
     (home-page "https://github.com/Malabarba/spinner.el")
     (synopsis "Emacs mode-line spinner for operations in progress")
@@ -2722,14 +2840,14 @@ ongoing operations.")
 (define-public emacs-seq
   (package
     (name "emacs-seq")
-    (version "2.15")
+    (version "2.19")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://elpa.gnu.org/packages/seq-"
                                   version ".tar"))
               (sha256
                (base32
-                "09wi1765bmn7i8fg6ajjfaxgs4ipc42d58zx2fdqpidrdg9c7q73"))))
+                "11hb7is6a4h1lscjcfrzh576j0g3m5yjydn16s6x5bxp5gsr6zha"))))
     (build-system emacs-build-system)
     (home-page "https://elpa.gnu.org/packages/seq.html")
     (synopsis "Sequence manipulation functions for Emacs")
@@ -3292,14 +3410,14 @@ passive voice.")
 (define-public emacs-org
   (package
     (name "emacs-org")
-    (version "20161224")
+    (version "20170124")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://elpa.gnu.org/packages/org-"
                                   version ".tar"))
               (sha256
                (base32
-                "0b10bjypn0w5ja776f8sxl1qpvb61iyz1n3c74jx6fqwypv7dmgi"))))
+                "0mcnjwvily0xv1xl11dj18lg38llvrxja2j9mwn6vql8n5y1srxi"))))
     (build-system emacs-build-system)
     (home-page "http://orgmode.org/")
     (synopsis "Outline-based notes management and organizer")
@@ -3541,3 +3659,134 @@ Streams are implemented as delayed evaluation of cons cells.")
       (description "This package provides expression based interactive search
 procedures for emacs-lisp-mode.")
       (license license:gpl3+))))
+
+(define-public emacs-ht
+  (package
+    (name "emacs-ht")
+    (version "2.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://github.com/Wilfred/ht.el/archive/"
+             version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1lpba36kzxcc966fvsbrfpy8ah9gnvay0yk26gbyjil0rggrbqzj"))))
+    (build-system emacs-build-system)
+    (propagated-inputs `(("emacs-dash" ,emacs-dash)))
+    (home-page "https://github.com/Wilfred/ht.el")
+    (synopsis "Hash table library for Emacs")
+    (description
+     "This package simplifies the use of hash tables in elisp.  It also
+provides functions to convert hash tables from and to alists and plists.")
+    (license license:gpl3+)))
+
+(define-public emacs-log4e
+  (package
+    (name "emacs-log4e")
+    (version "0.3.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://github.com/aki2o/log4e/archive/v"
+             version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0nbdpbw353snda3v19l9hsm6gimppwnpxj18amm350bm81lyim2g"))))
+    (build-system emacs-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'remove-tests
+           ;; Guile builder complains about null characters in some
+           ;; strings of test files.  Remove "test" directory (it is not
+           ;; needed anyway).
+           (lambda _
+             (delete-file-recursively "test"))))))
+    (home-page "https://github.com/aki2o/log4e")
+    (synopsis "Logging framework for elisp")
+    (description
+     "This package provides a logging framework for elisp.  It allows
+you to deal with multiple log levels.")
+    (license license:gpl3+)))
+
+(define-public emacs-gntp
+  (package
+    (name "emacs-gntp")
+    (version "0.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://github.com/tekai/gntp.el/archive/v"
+             version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "16c1dfkia9yhl206bdhjr3b8kfvqcqr38jl5lq8qsyrrzsnmghny"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/tekai/gntp.el")
+    (synopsis "Growl Notification Protocol for Emacs")
+    (description
+     "This package implements the Growl Notification Protocol GNTP
+described at @uref{http://www.growlforwindows.com/gfw/help/gntp.aspx}.
+It is incomplete as it only lets you send but not receive
+notifications.")
+    (license license:bsd-3)))
+
+(define-public emacs-alert
+  (package
+    (name "emacs-alert")
+    (version "1.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://github.com/jwiegley/alert/archive/v"
+             version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1693kck3k2iz5zhpmxwqyafxm68hr6gzs60lkxd3j1wlp2c9fwyr"))))
+    (build-system emacs-build-system)
+    (propagated-inputs
+     `(("emacs-gntp" ,emacs-gntp)
+       ("emacs-log4e" ,emacs-log4e)))
+    (home-page "https://github.com/jwiegley/alert")
+    (synopsis "Growl-style notification system for Emacs")
+    (description
+     "Alert is a Growl-workalike for Emacs which uses a common notification
+interface and multiple, selectable \"styles\", whose use is fully
+customizable by the user.")
+    (license license:gpl2+)))
+
+(define-public emacs-mu4e-alert
+  (package
+    (name "emacs-mu4e-alert")
+    (version "0.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://github.com/iqbalansari/mu4e-alert/archive/v"
+             version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1m63vyb2v5r9swmqv56q80jca8172nk5vaxl7bcm5zbfs8zsvr4b"))))
+    (build-system emacs-build-system)
+    (propagated-inputs
+     `(("emacs-alert" ,emacs-alert)
+       ("emacs-s" ,emacs-s)
+       ("emacs-ht" ,emacs-ht)))
+    (home-page "https://github.com/iqbalansari/mu4e-alert")
+    (synopsis "Desktop notification for mu4e")
+    (description
+     "This package provides desktop notifications for mu4e.
+Additionally it can display the number of unread emails in the
+mode-line.")
+    (license license:gpl3+)))
diff --git a/gnu/packages/engineering.scm b/gnu/packages/engineering.scm
index b147764a7d..734efcdc73 100644
--- a/gnu/packages/engineering.scm
+++ b/gnu/packages/engineering.scm
@@ -259,7 +259,6 @@ featuring various improvements and bug fixes.")))
     (version "2.0-18Sep92")
     (source (origin
               (method url-fetch/tarbomb)
-              (file-name (string-append name "-" version ".tar.gz"))
               (uri (string-append "http://www.rle.mit.edu/cpg/codes/"
                                   name "-" version ".tgz"))
               (sha256
diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm
index d60e97922c..d9eef54b88 100644
--- a/gnu/packages/enlightenment.scm
+++ b/gnu/packages/enlightenment.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Tomáš Čech <sleep_walker@suse.cz>
 ;;; Copyright © 2015 Daniel Pimentel <d4n1@member.fsf.org>
-;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -146,7 +146,7 @@ removable devices or support for multimedia.")
 (define-public terminology
   (package
     (name "terminology")
-    (version "0.9.1")
+    (version "1.0.0")
     (source (origin
               (method url-fetch)
               (uri
@@ -154,13 +154,13 @@ removable devices or support for multimedia.")
                               "terminology/terminology-" version ".tar.xz"))
               (sha256
                (base32
-                "1kwv9vkhngdm5v38q93xpcykghnyawhjjcb5bgy0p89gpbk7mvpc"))))
+                "1x4j2q4qqj10ckbka0zaq2r2zm66ff1x791kp8slv1ff7fw45vdz"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (inputs
      `(("efl" ,efl)))
-    (home-page "https://www.enlightenment.org")
+    (home-page "https://www.enlightenment.org/about-terminology")
     (synopsis "Powerful terminal emulator based on EFL")
     (description
      "Terminology is fast and feature rich terminal emulator.  It is solely
diff --git a/gnu/packages/fcitx.scm b/gnu/packages/fcitx.scm
index dd8eead7fb..fc55df14a6 100644
--- a/gnu/packages/fcitx.scm
+++ b/gnu/packages/fcitx.scm
@@ -85,3 +85,39 @@
 Pinyin, Quwei and some table-based (Wubi, Cangjie, Erbi, etc.) input methods
 built-in.")
     (license gpl2+)))
+
+(define-public fcitx-configtool
+  (package
+   (name "fcitx-configtool")
+   (version "0.4.8")
+   (source (origin
+            (method url-fetch)
+            (uri (string-append "https://download.fcitx-im.org/fcitx-configtool/"
+                  name "-" version ".tar.xz"))
+            (sha256
+             (base32
+              "1vaim0namw58bfafbvws1vgd4010p19zwqfbx6bd1zi5sgchdg0f"))))
+   (build-system cmake-build-system)
+   (arguments
+    `(#:configure-flags
+      (list "-DENABLE_GTK2=ON"
+            "-DENABLE_GTK3=ON")
+      #:tests? #f)) ; No tests.
+   (native-inputs
+    `(("glib:bin"   ,glib "bin")
+      ("pkg-config" ,pkg-config)))
+   (inputs
+    `(("fcitx"      ,fcitx)
+      ("dbus-glib"  ,dbus-glib)
+      ("gettext"    ,gettext-minimal)
+      ("gtk2"       ,gtk+-2)
+      ("gtk3"       ,gtk+)
+      ("iso-codes"  ,iso-codes)))
+   (home-page "https://fcitx-im.org/wiki/Configtool")
+   (synopsis "Graphic Fcitx configuration tool")
+   (description
+    "Fcitx is an input method framework with extension support.  It has
+Pinyin, Quwei and some table-based (Wubi, Cangjie, Erbi, etc.) input methods
+built-in.  This package provides GTK version of the graphic configuration
+tool of Fcitx.")
+   (license gpl2+)))
diff --git a/gnu/packages/finance.scm b/gnu/packages/finance.scm
index 7924827822..ee90c38eb7 100644
--- a/gnu/packages/finance.scm
+++ b/gnu/packages/finance.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
+;;; Copyright © 2017 Carlo Zancanaro <carlo@zancanaro.id.au>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -26,6 +27,7 @@
  #:use-module (guix build utils)
  #:use-module (guix build-system gnu)
  #:use-module (guix build-system cmake)
+ #:use-module (guix build-system python)
  #:use-module (gnu packages base)
  #:use-module (gnu packages boost)
  #:use-module (gnu packages databases)
@@ -240,3 +242,52 @@ allow to do that off the ERiC library (which is proprietary however).
 It's not clear at the moment whether one day it will be possible to
 do so.")
     (license license:agpl3+)))
+
+(define-public electrum
+  (package
+    (name "electrum")
+    (version "2.7.12")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://download.electrum.org/"
+                           version "/Electrum-"
+                           version ".tar.gz"))
+       (sha256
+        (base32
+         "0vxdfl208if7mdsnva1jg37bnay2dsz3ww157aqwcv1j6512fi1n"))
+       (modules '((guix build utils)))
+       (snippet
+        '(begin
+           ;; Delete the bundled dependencies.
+           (delete-file-recursively "packages")
+           #t))))
+    (build-system python-build-system)
+    (inputs
+     `(("python-slowaes" ,python2-slowaes)
+       ("python-sip" ,python2-sip)
+       ("python-pyqt" ,python2-pyqt-4)
+       ("python-ecdsa" ,python2-ecdsa)
+       ("python-pbkdf2" ,python2-pbkdf2)
+       ("python-requests" ,python2-requests)
+       ("python-qrcode" ,python2-qrcode)
+       ("python-protobuf" ,python2-protobuf)
+       ("python-dnspython" ,python2-dnspython)
+       ("python-jsonrpclib" ,python2-jsonrpclib)))
+    (arguments
+     `(#:python ,python-2
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'patch-home
+           (lambda* (#:key outputs #:allow-other-keys)
+             (substitute* "setup.py"
+               (("~/.local/share")
+                (string-append (assoc-ref outputs "out") "/local/share"))))))))
+    (home-page "https://electrum.org/")
+    (synopsis "Bitcoin wallet")
+    (description
+     "Electrum is a lightweight Bitcoin client, based on a client-server
+protocol.  It supports Simple Payment Verification (SPV) and deterministic key
+generation from a seed.  Your secret keys are encrypted and are never sent to
+other machines/servers.  Electrum does not download the Bitcoin blockchain.")
+    (license license:expat)))
diff --git a/gnu/packages/firmware.scm b/gnu/packages/firmware.scm
index 443c38e944..9106eec4ab 100644
--- a/gnu/packages/firmware.scm
+++ b/gnu/packages/firmware.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2017 David Craven <david@craven.ch>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -18,17 +19,21 @@
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
 (define-module (gnu packages firmware)
-  #:use-module (guix licenses)
+  #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages)
+  #:use-module (gnu packages admin)
+  #:use-module (gnu packages assembly)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages cmake)
   #:use-module (gnu packages cross-base)
   #:use-module (gnu packages flex)
-  #:use-module (gnu packages perl))
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages python))
 
 (define-public ath9k-htc-firmware
   (package
@@ -85,7 +90,7 @@
      "This is the firmware for the Qualcomm Atheros AR7010 and AR9271 USB
 802.11n NICs (aka Wi-Fi USB dongles).  It is used by the ath9k driver of
 Linux-libre.")
-    (license (non-copyleft "http://directory.fsf.org/wiki/License:ClearBSD"))))
+    (license (license:non-copyleft "http://directory.fsf.org/wiki/License:ClearBSD"))))
 
 (define-public b43-tools
   (let ((commit "8dce53297966b31b6c70a7a03c2433978dd9f288")
@@ -143,7 +148,7 @@ Linux-libre.")
        "The b43 firmware tools is a collection of firmware extractor,
 assembler, disassembler, and debugging tools for the Linux kernel b43 wireless
 driver.")
-      (license gpl2))))
+      (license license:gpl2))))
 
 (define-public openfwwf-firmware
   (package
@@ -173,4 +178,125 @@ driver.")
      "This is firmware from Open FirmWare for WiFi networks (OpenFWWF) for the
 Broadcom/AirForce chipset BCM43xx with Wireless-Core Revision 5.  It is used
 by the b43-open driver of Linux-libre.")
-    (license gpl2)))
+    (license license:gpl2)))
+
+(define-public seabios
+  (package
+    (name "seabios")
+    (version "1.10.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://code.coreboot.org/p/seabios/downloads/get/"
+                                  "seabios-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1jyjl719drnl1v0gf0l5q6qjjmkyqcqkka6s28dfdi0yqsxdsqsh"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("python-2" ,python-2)))
+    (arguments
+     `(#:tests? #f ; No check target.
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda _
+             (setenv "CC" "gcc")
+             #t))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (fmw (string-append out "/share/firmware")))
+               (mkdir-p fmw)
+               (copy-file "out/bios.bin" (string-append fmw "/bios.bin"))))))))
+    (home-page "https://www.seabios.org/SeaBIOS")
+    (synopsis "x86 BIOS implementation")
+    (description "SeaBIOS is an open source implementation of a 16bit x86 BIOS.
+SeaBIOS can run in an emulator or it can run natively on X86 hardware with the
+use of coreboot.")
+    ;; Dual licensed.
+    (license (list license:gpl3+ license:lgpl3+
+                   ;; src/fw/acpi-dsdt.dsl is lgpl2
+                   license:lgpl2.1
+                   ;; src/fw/lzmadecode.c and src/fw/lzmadecode.h are lgpl3+ and
+                   ;; cpl with a linking exception.
+                   license:cpl1.0))))
+
+;; OVMF is part of the edk2 source tree.
+(define edk2-commit "13a50a6fe1dcfa6600c38456ee24e0f9ecf51b5f")
+(define edk2-version (git-version "20170116" "1" edk2-commit))
+(define edk2-origin
+  (origin
+    (method git-fetch)
+    (uri (git-reference
+          (url "https://github.com/tianocore/edk2")
+          (commit edk2-commit)))
+    (file-name (git-file-name "edk2" edk2-version))
+    (sha256
+     (base32
+      "1gy2332kdqk8bjzpcsripx10896rbvgl0ic7r344kmpiwdgm948b"))))
+
+(define-public ovmf
+  (package
+    (name "ovmf")
+    (version edk2-version)
+    (source edk2-origin)
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("acpica" ,acpica)
+       ("nasm" ,nasm)
+       ("python-2" ,python-2)
+       ("util-linux" ,util-linux)))
+    (arguments
+     `(#:tests? #f ; No check target.
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda _
+             (let* ((cwd (getcwd))
+                    (tools (string-append cwd "/BaseTools"))
+                    (bin (string-append tools "/BinWrappers/PosixLike")))
+               (setenv "WORKSPACE" cwd)
+               (setenv "EDK_TOOLS_PATH" tools)
+               (setenv "PATH" (string-append (getenv "PATH") ":" bin))
+               (system* "bash" "edksetup.sh" "BaseTools")
+               (substitute* "Conf/target.txt"
+                 (("^TARGET[ ]*=.*$") "TARGET = RELEASE\n")
+                 (("^TOOL_CHAIN_TAG[ ]*=.*$") "TOOL_CHAIN_TAG = GCC49\n")
+                 (("^MAX_CONCURRENT_THREAD_NUMBER[ ]*=.*$")
+                  (format #f "MAX_CONCURRENT_THREAD_NUMBER = ~a~%"
+                          (number->string (parallel-job-count)))))
+               ;; Build build support.
+               (setenv "BUILD_CC" "gcc")
+               (zero? (system* "make" "-C" (string-append tools "/Source/C"))))))
+         (add-after 'build 'build-ia32
+           (lambda _
+             (substitute* "Conf/target.txt"
+               (("^TARGET_ARCH[ ]*=.*$") "TARGET_ARCH = IA32\n")
+               (("^ACTIVE_PLATFORM[ ]*=.*$")
+                "ACTIVE_PLATFORM = OvmfPkg/OvmfPkgIa32.dsc\n"))
+             (zero? (system* "build"))))
+         (add-after 'build 'build-x64
+           (lambda _
+             (substitute* "Conf/target.txt"
+               (("^TARGET_ARCH[ ]*=.*$") "TARGET_ARCH = X64\n")
+               (("^ACTIVE_PLATFORM[ ]*=.*$")
+                "ACTIVE_PLATFORM = OvmfPkg/OvmfPkgX64.dsc\n"))
+             (zero? (system* "build"))))
+         (delete 'build)
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (fmw (string-append out "/share/firmware")))
+               (mkdir-p fmw)
+               (copy-file "Build/OvmfIa32/RELEASE_GCC49/FV/OVMF.fd"
+                          (string-append fmw "/ovmf_ia32.bin"))
+               (copy-file "Build/OvmfX64/RELEASE_GCC49/FV/OVMF.fd"
+                          (string-append fmw "/ovmf_x64.bin")))
+             #t)))))
+    (supported-systems '("x86_64-linux" "i686-linux"))
+    (home-page "http://www.tianocore.org")
+    (synopsis "UEFI firmware for QEMU")
+    (description "OVMF is an EDK II based project to enable UEFI support for
+Virtual Machines.  OVMF contains a sample UEFI firmware for QEMU and KVM.")
+    (license (list license:expat
+                   license:bsd-2 license:bsd-3 license:bsd-4))))
diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm
index 35ee8dbd69..ce07accbf2 100644
--- a/gnu/packages/fonts.scm
+++ b/gnu/packages/fonts.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014 Joshua Grant <tadni@riseup.net>
 ;;; Copyright © 2014 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
@@ -15,6 +15,8 @@
 ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2016 Toni Reina <areina@riseup.net>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017 José Miguel Sánchez García <jmi2k@openmailbox.com>
+;;; Copyright © 2017 Alex Griffin <a@ajgrf.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -37,11 +39,13 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system trivial)
   #:use-module (gnu packages base)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages golang)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
@@ -241,7 +245,7 @@ package provides the TrueType (TTF) files.")
 (define-public font-cantarell
   (package
     (name "font-abattis-cantarell")
-    (version "0.0.24")
+    (version "0.0.25")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/cantarell-fonts/"
@@ -249,7 +253,7 @@ package provides the TrueType (TTF) files.")
                                   "/cantarell-fonts-" version ".tar.xz"))
               (sha256
                (base32
-                "0r4jnc2x9yncf40lixjb1pqgpq8rzbi2fz33pshlqzjgx2d69bcw"))))
+                "0zvkd8cm1cg2919v1js9qmzwa02sjl7qajj3gcvgqvai1fm2i8hl"))))
     (build-system gnu-build-system)
     (home-page "https://wiki.gnome.org/Projects/CantarellFonts")
     (synopsis "Cantarell sans-serif typeface")
@@ -504,6 +508,49 @@ ko (Korean) locales for @code{fontconfig}.")
     ;; GPLv2 with font embedding exception
     (license license:gpl2)))
 
+(define-public font-wqy-microhei
+  (package
+    (name "font-wqy-microhei")
+    (version "0.2.0-beta")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://sourceforge/wqy/wqy-microhei/"
+                                  version "/wqy-microhei-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0gi1yxqph8xx869ichpzzxvx6y50wda5hi77lrpacdma4f0aq0i8"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((PATH (string-append (assoc-ref %build-inputs "tar")  "/bin:"
+                                    (assoc-ref %build-inputs "gzip") "/bin"))
+               (font-dir (string-append (assoc-ref %outputs "out")
+                                        "/share/fonts/wenquanyi")))
+           (mkdir-p font-dir)
+           (setenv "PATH" PATH)
+           (system* "tar" "xvf" (assoc-ref %build-inputs "source"))
+           (install-file "wqy-microhei/wqy-microhei.ttc" font-dir)))))
+    (native-inputs
+     `(("gzip" ,gzip)
+       ("tar" ,tar)))
+    (home-page "http://wenq.org/wqy2/")
+    (synopsis "CJK font")
+    (description
+     "WenQuanYi Micro Hei is a Sans-Serif style (also known as Hei, Gothic or
+Dotum among the Chinese/Japanese/Korean users) high quality CJK outline font.
+It was derived from \"Droid Sans Fallback\" and \"Droid Sans\" released by
+Google Inc.  This font contains all the unified CJK Han glyphs in the range of
+U+4E00-U+9FC3 defined in Unicode Standard 5.1, together with many other
+languages unicode blocks, including Latins, Extended Latins, Hanguls and
+Kanas.  The font file is extremely compact (~4M) compared with most known CJK
+fonts.")
+    ;; This font is licensed under Apache2.0 or GPLv3 with font embedding
+    ;; exceptions.
+    (license license:gpl3)))
+
 (define-public font-tex-gyre
   (package
     (name "font-tex-gyre")
@@ -714,8 +761,7 @@ display all Unicode symbols.")
                      (mkdir-p font-dir)
                      (chdir "roboto-hinted")
                      (for-each (lambda (ttf)
-                                 (copy-file ttf
-                                            (string-append font-dir "/" ttf)))
+                                 (install-file ttf font-dir))
                                (find-files "." "\\.ttf$"))))))
     (home-page "https://github.com/google/roboto")
     (synopsis "The Roboto family of fonts")
@@ -951,3 +997,196 @@ designed to work well in user interface environments.")
     (synopsis "Mozilla's monospace font")
     (description "This is the typeface used by Mozilla in Firefox OS.")
     (license license:silofl1.1)))
+
+(define-public font-awesome
+  (package
+   (name "font-awesome")
+   (version "4.7.0")
+   (source (origin
+            (method url-fetch)
+            (uri (string-append "http://fontawesome.io/assets/"
+                                name "-" version ".zip"))
+            (sha256
+             (base32
+              "1frhmw41lnnm9rda2zs202pvfi5vzlrsw4xfp4mswl0qgws61mcd"))))
+   (build-system trivial-build-system)
+   (native-inputs
+    `(("unzip" ,unzip)))
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder (begin
+                  (use-modules (guix build utils))
+                  (let* ((font-dir (string-append %output
+                                                  "/share/fonts/opentype"))
+                         (source (assoc-ref %build-inputs "source"))
+                         (src-otf-file (string-append "font-awesome-"
+                                                      ,version
+                                                      "/fonts/FontAwesome.otf"))
+                         (dest-otf-file (string-append font-dir "/FontAwesome.otf"))
+                         (unzip (assoc-ref %build-inputs "unzip")))
+                    (setenv "PATH" (string-append unzip "/bin"))
+                    (mkdir-p font-dir)
+                    (system* "unzip" source "-d" ".")
+                    (copy-file src-otf-file dest-otf-file)))))
+   (home-page "http://fontawesome.io")
+   (synopsis "Font that contains a rich iconset")
+   (description
+    "Font Awesome is a full suite of pictographic icons for easy scalable
+vector graphics.")
+   (license license:silofl1.1)))
+
+(define-public font-comic-neue
+  (package
+   (name "font-comic-neue")
+   (version "2.3")
+   (source (origin
+            (method url-fetch)
+            (uri (string-append
+                  "http://www.comicneue.com/comic-neue-" version ".zip"))
+            (sha256
+             (base32
+              "1695hkpd8kqnr2a88p8xs496slgzxjjkzpa9aa33ml3pnh7519zk"))))
+   (build-system trivial-build-system)
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder (begin
+                  (use-modules (guix build utils))
+                  (let ((font-dir (string-append %output
+                                                 "/share/fonts/truetype"))
+                        (source (assoc-ref %build-inputs "source"))
+                        (unzip  (string-append (assoc-ref %build-inputs "unzip")
+                                               "/bin/unzip")))
+                    (mkdir-p font-dir)
+                    (system* unzip source)
+                    (with-directory-excursion
+                     (string-append "Web")
+                     (for-each (lambda (ttf)
+                                 (install-file ttf font-dir))
+                               (find-files "." "\\.ttf$")))))))
+   (native-inputs `(("unzip" ,unzip)))
+   (home-page "http://www.comicneue.com/")
+   (synopsis "Font that fixes the shortcomings of Comic Sans")
+   (description
+    "Comic Neue is a font that attempts to create a respectable casual
+typeface, by mimicking Comic Sans while fixing its most obvious shortcomings.")
+   (license license:silofl1.1)))
+
+(define-public font-iosevka
+  (package
+   (name "font-iosevka")
+   (version "1.11.0")
+   (source (origin
+            (method url-fetch)
+            (uri (string-append
+                  "https://github.com/be5invis/Iosevka/releases/download/v"
+                  version "/iosevka-pack-" version ".zip"))
+            (sha256
+             (base32
+              "0d8prdk7s5z94sdfd0y92cvqq531yqrlg7hnadbnhd7fs9jqr5hj"))))
+   (build-system trivial-build-system)
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder (begin
+                  (use-modules (guix build utils))
+                  (let ((font-dir (string-append %output
+                                                 "/share/fonts/truetype"))
+                        (source (assoc-ref %build-inputs "source"))
+                        (unzip  (string-append (assoc-ref %build-inputs "unzip")
+                                               "/bin/unzip")))
+                    (mkdir-p font-dir)
+                    (system* unzip "-d" font-dir source)))))
+   (native-inputs `(("unzip" ,unzip)))
+   (home-page "https://be5invis.github.io/Iosevka/")
+   (synopsis "Coders' typeface, built from code")
+   (description
+    "Iosevka is a slender monospace sans-serif or slab-serif typeface inspired
+by Pragmata Pro, M+, and PF DIN Mono, designed to be the ideal font for
+programming.  Iosevka is completely generated from its source code.")
+   (license (list license:silofl1.1  ; build artifacts (i.e. the fonts)
+                  license:bsd-3))))  ; supporting code
+
+(define-public font-go
+  (let ((commit "b7f8df6bc082334698d4505fb85fa05e99156b72")
+        (revision "1"))
+    (package
+     (name "font-go")
+     (version (string-append "20161115-" revision "." (string-take commit 7)))
+     (source (origin
+              (file-name (string-append "go-image-" version "-checkout"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://go.googlesource.com/image")
+                    (commit commit)))
+              (sha256
+               (base32
+                "1ywxs6dmcyzwwsmnan3qqza7znprnbvmdi260x6sjmydz6dyq2zs"))))
+     (build-system trivial-build-system)
+     (arguments
+      `(#:modules ((guix build utils))
+        #:builder (begin
+                    (use-modules (guix build utils))
+                    (let ((font-dir (string-append %output
+                                                   "/share/fonts/truetype"))
+                          (source (assoc-ref %build-inputs "source")))
+                      (mkdir-p font-dir)
+                      (with-directory-excursion
+                       (string-append source "/font/gofont/ttfs")
+                       (for-each (lambda (ttf)
+                                   (install-file ttf font-dir))
+                                 (find-files "." "\\.ttf$")))))))
+     (home-page "https://blog.golang.org/go-fonts")
+     (synopsis "The Go font family")
+     (description
+      "The Go font family is a set of WGL4 TrueType fonts from the Bigelow &
+Holmes type foundry, released under the same license as the Go programming
+language.  It includes a set of proportional, sans-serif fonts, and a set of
+monospace, slab-serif fonts.")
+     (license (package-license go-1.4)))))
+
+(define-public font-google-material-design-icons
+  (package
+   (name "font-google-material-design-icons")
+   (version "3.0.1")
+   (source (origin
+            (method url-fetch)
+            (uri (string-append
+                   "https://github.com/google/material-design-icons/archive/"
+                    version ".tar.gz"))
+            (sha256
+             (base32
+              "183n0qv3q8w6n27libarq1fhc4mqv2d3sasbfmbn7x9r5pw9c6ga"))
+            (file-name (string-append name "-" version ".tar.gz"))))
+   (build-system trivial-build-system)
+   (native-inputs
+    `(("tar" ,tar)
+      ("gzip" ,gzip)))
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder (begin
+                  (use-modules (guix build utils))
+                  (let* ((font-dir (string-append %output
+                                                  "/share/fonts/truetype"))
+                         (source (assoc-ref %build-inputs "source"))
+                         (font-filename "MaterialIcons-Regular.ttf")
+                         (src-ttf-file (string-append "material-design-icons-"
+                                                      ,version
+                                                      "/iconfont/"
+                                                      font-filename))
+                         (dest-ttf-file (string-append font-dir font-filename))
+                         (gzip (assoc-ref %build-inputs "gzip"))
+                         (tar (assoc-ref %build-inputs "tar")))
+                    (setenv "PATH" (string-append gzip "/bin:"
+                                                  tar "/bin:"))
+                    (system* "tar" "xf" source)
+                    (mkdir-p font-dir)
+                    (copy-file src-ttf-file dest-ttf-file)))))
+   (home-page "http://google.github.io/material-design-icons")
+   (synopsis "Icon font of Google Material Design icons")
+   (description
+    "Material design system icons are simple, modern, friendly, and sometimes
+quirky.  Each icon is created using our design guidelines to depict in simple
+and minimal forms the universal concepts used commonly throughout a UI.
+Ensuring readability and clarity at both large and small sizes, these icons
+have been optimized for beautiful display on all common platforms and display
+resolutions.")
+   (license license:asl2.0)))
diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm
index 66060eaa64..f9007b1b36 100644
--- a/gnu/packages/freedesktop.scm
+++ b/gnu/packages/freedesktop.scm
@@ -5,8 +5,9 @@
 ;;; Copyright © 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2017 Mark H Weaver <mhw@netris.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -87,14 +88,14 @@ freedesktop.org project.")
 (define-public libinput
   (package
     (name "libinput")
-    (version "1.5.3")
+    (version "1.6.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://freedesktop.org/software/libinput/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1qx623nyr49sxv49ilb0j85skgk1dhkr82vd577ywyjf7d96q84i"))))
+                "0cjq4mjqx8c7iiign330s34dvpw38rlv8byaxlx68p3kim8lylxp"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("cairo" ,cairo)
@@ -750,14 +751,14 @@ messaging clients such as Empathy, GNOME Shell or KDE Telepathy.")
 (define-public telepathy-mission-control
   (package
     (name "telepathy-mission-control")
-    (version "5.16.3")
+    (version "5.16.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://telepathy.freedesktop.org/releases/"
-                                  name "/" name "-" version ".tar.bz2"))
+                                  name "/" name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0zcbx69k0d3p2pjh3g7sa3q2zkd5xchxkqsmlfn3fwxaz0pmsmvi"))))
+                "1jz6wwgsfxixha6ys2hbzbk5faqnj9kh2m5qdlgx5anqgandsscp"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin") ; for glib-compile-schemas, etc.
diff --git a/gnu/packages/ftp.scm b/gnu/packages/ftp.scm
index 5ff56d7eae..7380fcfc3b 100644
--- a/gnu/packages/ftp.scm
+++ b/gnu/packages/ftp.scm
@@ -36,23 +36,19 @@
 (define-public lftp
   (package
     (name "lftp")
-    (version "4.7.4")
+    (version "4.7.5")
     (source (origin
               (method url-fetch)
-              ;; XXX: Downloads from main site redirects to 'get.html' and
-              ;; returns HTTP 200, leading Guix to download that instead.
-              ;; Try official mirror first. See:
-              ;; https://github.com/lavv17/lftp/issues/299 and
-              ;; https://lftp.tech/get.html (mirror list)
-              (uri (list (string-append "ftp://ftp.st.ryukoku.ac.jp/pub/network/"
-                                        "ftp/lftp/lftp-" version ".tar.xz")
-                         (string-append "https://lftp.tech/ftp/lftp-"
+              ;; See https://lftp.tech/get.html for mirrors.
+              (uri (list (string-append "https://lftp.tech/ftp/lftp-"
                                         version ".tar.xz")
                          (string-append "https://lftp.tech/ftp/old/lftp-"
-                                        version ".tar.xz")))
+                                        version ".tar.xz")
+                         (string-append "ftp://ftp.st.ryukoku.ac.jp/pub/network/"
+                                        "ftp/lftp/lftp-" version ".tar.xz")))
               (sha256
                (base32
-                "0b6r1gbpazvml1hvfjm2ccsfxibrjrm3fir912j6kxxn538w8rxz"))))
+                "1n6h3y5jz1rxlx7ap46vykgm0q2rvzr7c5s5ry5l32z3lbmwbdak"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index c449f59549..4bcdd484d6 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -10,20 +10,21 @@
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015, 2016 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com>
-;;; Copyright © 2015 Christopher Allan Webber <cwebber@dustycloud.org>
-;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com>
+;;; Copyright © 2015, 2017 Christopher Allan Webber <cwebber@dustycloud.org>
+;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2016, 2017 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
 ;;; Copyright © 2016 Rodger Fox <thylakoid@openmailbox.org>
 ;;; Copyright © 2016 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2016 Albin Söderqvist <albin@fripost.org>
 ;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;; Copyright © 2016 Steve Webber <webber.sl@gmail.com>
+;;; Copyright © 2017 Adonay "adfeno" Felipe Nogueira <https://libreplanet.org/wiki/User:Adfeno> <adfeno@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -104,6 +105,7 @@
   #:use-module (gnu packages xdisorg)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages pcre)
+  #:use-module (gnu packages cyrus-sasl)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system haskell)
   #:use-module (guix build-system python)
@@ -176,22 +178,23 @@ scriptable with Guile.")
 (define-public abbaye
   (package
     (name "abbaye")
-    (version "1.13")
+    (version "2.0.1")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "https://storage.googleapis.com/"
-                           "google-code-archive-downloads/v2/code.google.com/"
-                           "abbaye-for-linux/abbaye-for-linux-src-"
-                           version ".tar.gz"))
+       (uri (string-append "https://github.com/nevat/abbayedesmorts-gpl/"
+                           "archive/v" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1wgvckgqa2084rbskxif58wbb83xbas8s1i8s7d57xbj08ryq8rk"))))
+         "1a67b0hq6271dd7pvwndjq29cwn2n8gawwz17xafa3k1hrhf8vw3"))
+       (modules '((guix build utils)))
+       (snippet
+        ;; Unbundle fonts.
+        '(delete-file-recursively "fonts"))))
     (build-system gnu-build-system)
     (arguments
-     '(#:modules ((ice-9 match)
-                  (guix build gnu-build-system)
-                  (guix build utils))
+     '(#:make-flags '("CC=gcc")
        #:phases (modify-phases %standard-phases
                   (add-after 'set-paths 'set-sdl-paths
                     (lambda* (#:key inputs #:allow-other-keys)
@@ -201,10 +204,8 @@ scriptable with Guile.")
                   (add-after 'patch-source-shebangs 'patch-makefile
                     (lambda* (#:key outputs #:allow-other-keys)
                       ;; Replace /usr with package output directory.
-                      (for-each (lambda (file)
-                                  (substitute* file
-                                    (("/usr") (assoc-ref outputs "out"))))
-                                '("makefile" "src/pantallas.c" "src/comun.h"))))
+                      (substitute* "Makefile"
+                        (("/usr") (assoc-ref outputs "out")))))
                   (add-before 'install 'make-install-dirs
                     (lambda* (#:key outputs #:allow-other-keys)
                       (let ((prefix (assoc-ref outputs "out")))
@@ -216,15 +217,66 @@ scriptable with Guile.")
                   (delete 'configure))
        #:tests? #f)) ;; No check target.
     (native-inputs `(("pkg-config" ,pkg-config)))
-    (inputs `(("sdl-union" ,(sdl-union))))
-    (home-page "http://code.google.com/p/abbaye-for-linux/")
+    (inputs `(("sdl-union" ,(sdl-union (list sdl2 sdl2-image sdl2-mixer)))))
+    (home-page "https://github.com/nevat/abbayedesmorts-gpl")
     (synopsis "GNU/Linux port of the indie game \"l'Abbaye des Morts\"")
     (description "L'Abbaye des Morts is a 2D platform game set in 13th century
 France.  The Cathars, who preach about good Christian beliefs, were being
 expelled by the Catholic Church out of the Languedoc region in France.  One of
 them, called Jean Raymond, found an old church in which to hide, not knowing
 that beneath its ruins lay buried an ancient evil.")
-    (license license:gpl3+)))
+    (license license:gpl3)))
+
+(define-public angband
+  (package
+    (name "angband")
+    (version "4.0.5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://rephial.org/downloads/4.0/"
+                           "angband-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0lpq2kms7hp421vrasx2bkkn9w08kr581ldwik3v0hlq6h7rlxhd"))
+       (modules '((guix build utils)))
+       (snippet
+        ;; So, some of the sounds/graphics/tilesets are under different
+        ;; licenses... some of them even nonfree!  This is a console-only
+        ;; version of this package so we just remove them.
+        ;; In the future, if someone tries to make a graphical variant of
+        ;; this package, they can deal with that mess themselves. :)
+        '(begin
+           (for-each
+            (lambda (subdir)
+              (let ((lib-subdir (string-append "lib/" subdir)))
+                (delete-file-recursively lib-subdir)))
+            '("fonts" "icons" "sounds" "tiles"))
+           (substitute* "lib/Makefile"
+             ;; And don't try to invoke makefiles in the directories we removed
+             (("gamedata customize help screens fonts tiles sounds icons user")
+              "gamedata customize help screens user"))))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f                                 ;no check target
+       #:configure-flags (list (string-append "--bindir=" %output "/bin"))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'autogen.sh
+           (lambda _
+             (substitute* "acinclude.m4"
+               (("ncursesw5-config") "ncursesw6-config"))
+             (zero? (system* "sh" "autogen.sh"))))))) 
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)))
+    (inputs `(("ncurses" ,ncurses)))
+    (home-page "http://rephial.org/")
+    (synopsis "Dungeon exploration roguelike")
+    (description "Angband is a Classic dungeon exploration roguelike.  Explore
+the depths below Angband, seeking riches, fighting monsters, and preparing to
+fight Morgoth, the Lord of Darkness.")
+    (license license:gpl2)))
 
 (define-public pingus
   (package
@@ -942,7 +994,7 @@ Protocol).")
 (define-public extremetuxracer
   (package
     (name "extremetuxracer")
-    (version "0.7.3")
+    (version "0.7.4")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -950,7 +1002,7 @@ Protocol).")
                     version "/etr-" version ".tar.xz"))
               (sha256
                (base32
-                "1lg3z7jhzmsjym53qss8mbydny8hafwjnfsc7x91hrr9zrkwblly"))))
+                "0d2j4ybdjmimg67v2fndgahgq4fvgz3fpfb3a4l1ar75n6hy776s"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -1254,7 +1306,7 @@ is programmed in Haskell.")
 (define-public manaplus
   (package
     (name "manaplus")
-    (version "1.6.12.24")
+    (version "1.7.1.21")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1262,7 +1314,7 @@ is programmed in Haskell.")
                     version "/manaplus-" version ".tar.xz"))
               (sha256
                (base32
-                "1g64pid26vcv1ay002bzz6ymabwrmy3wmklywpcgpvrhynm6f2cq"))))
+                "0q9hk9jgz5jja1mmba5iafxwavk6991kjpmdxdkgbam0hk15pqmz"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags
@@ -2159,42 +2211,45 @@ http://lavachat.symlynx.com/unix/")
 
 (define-public red-eclipse
   (let ((data-sources
-         '(("acerspyro"   "0hqwa3b65l8mz73mcdsvrwbc14mrx1qn52073p5zh69pqd0mlfi0")
-           ("actors"      "0v87wifqwam5j6vsiidmcvw22i51h9h4skgwhi511mxkwryrp26h")
-           ("appleflap"   "0bkh1v125dwd5jhb4rrc1sl0jdlbb2ib53ihbxa66x1p8l27aklw")
-           ("blendbrush"  "1wh88fshsy492kjvadql2ik1q5pqgcj84jz0hc93ngag8xibxhfi")
-           ("caustics"    "0pc5bnd4fmxh06cm3h8045wgiy894f9x5a943n28gymdyql7q4f6")
-           ("crosshairs"  "1w9acqhxw5nm690862msl5jjbk8qlizxm1vv7p95lgm7q7pg0yxx")
-           ("elyvisions"  "04q31lp5jm8b9crf81s6k1jvrn90i1ay3s6vk103iv8g4amsfhdx")
-           ("fonts"       "1rsfk2d9xk0aaazvrcxk4z5n2cnys7pixadh521mv7zrxbx2d95x")
-           ("freezurbern" "0b2xg5x79yxanr30dhw3zr6dsc6x9w7v7aghbh9kp292j31l280m")
-           ("john"        "07pgjg1rxl3bmwriy2yl3g63nnryjws8jl0ry1cza3p9wd59f8rz")
-           ("jojo"        "0lkzd5pwfqan1gaaz22r5iz4z2nq8dkzycddwa0cxavmq8qmj281")
-           ("jwin"        "0mnyp1inhabw56mw5wkhfd4k6z0lvyhr6cjj6hnj3bz2dip2y2zm")
-           ("luckystrike" "1d89xnvahmzlgm0bjh3zhf02vxx1q16b70x2cihbl05dic1v75pr")
-           ("maps"        "19gy8kl7w2llsklym32hnlnd05z2dhq5dhdxhq5ss5na67skv5by")
-           ("mayhem"      "1si2gnsf732ml8ygkhg27ckvic9wafqmkgq0ab1ifpfpy606sa8d")
-           ("mikeplus64"  "0l48czyglbc0d4ack8xz9imarb6r4l29krq0mf3ld7yrxbc296vr")
-           ("misc"        "0fri1l3i1s1pzvr7aah4a7d9h2i877c21x184z80v4jpqv4228f3")
-           ("nobiax"      "1jv2yv2qj9qbxhaj1nd70v5142dpg074gkkh3bw2anchi8pzyhs8")
-           ("particles"   "0gwj6m5197gpwddqb3pwlkaiafgfszqysaz2h1bx60qzh5crgsf9")
-           ("philipk"     "0ngccscmvlgc2z96vira7phr87f65l4v7immbl697zmc5fda6k68")
-           ("projectiles" "1ig6dag5989rgwrhvmz7xz5q8gf5slgnda8h8zmiyhvrnal09hbp")
-           ("props"       "0g3sgrlgmk9zrl67d9pa93hzb4xx3wwznfxa1h3wwilld0m7gzhx")
-           ("skyboxes"    "0lvpzc741vkmy2rnra41ij91wq3pdl28xamy6vapq61mf44xmmvj")
-           ("sounds"      "0jmvvixcx7kv34sxjs4x7vqsyhir6l5av6b3lm8m8rsfi0sdvqml")
-           ("textures"    "1yx01k9yn2v1k79sa68wa51qw1zk03b8irkvxyd14ygibkicvgnb")
-           ("torley"      "1286srp05nfjban6ca124njyil70gr7bm6aqn5p0vz0xr00l4dw5")
-           ("trak"        "1079fg2cbm95psxic3r63i94z3cnbf04wlid2hqnw308s9l9q36c")
-           ("ulukai"      "0yd80ivn51ya60m4cg4bw13wxgijkjagfgskdphy9adgsaqq9n7b")
-           ("unnamed"     "0l21dhw7kbav59p7ysn6dr2sqzjivwxafml4023yznlhxx5fic4m")
-           ("vanities"    "1aqi32lf7y64fv1y00mpixckjr9wj8p1prgyxjiv7s3hf5q7n2b3")
-           ("vegetation"  "0253fdn5sxywrjb79krhvq2884almxpysn6dn0hi6ylpjzl78zrn")
-           ("weapons"     "0y2zsx6g6k9izshgix9id3y01hsisd88mp5zrlm5x9v8y0sf6kf8")
-           ("wicked"      "0ib0325dn6vzpx3p4cr6bhg9qhj8c5s20xyzy88xjc3y2pazbdvx"))))
+         '(("acerspyro"   "0zmg78scrfdv33h7vszqvzylcqjwg7d5b0j2riav3rjfh326j8xx")
+           ("actors"      "0l00rsvppqzdpsikm5qpj38jiygirszxlzay2nxp4g4n2qjq0m4a")
+           ("appleflap"   "0jhfr7f13hk3nswwxqc4jajriipr6zz6j63v955nv4sgxs7lzbjd")
+           ("blendbrush"  "1nk0zaisbqf2khrivq8ls6z2lnh6d51m133m2ppxk7k4c9gq1imq")
+           ("caustics"    "1hq08k476wayi0kmk4ps8h6jr75yinq04f1r2p8r79xsdpxq9my5")
+           ("crosshairs"  "1gmrmjm7i7n9py0qrzamk7ygi63yx1mr2pp6iwz2vwngprl03n8m")
+           ("dziq"        "0gr36ydrv8syjxv7w9dw3ix8waaq201fzxr0klkqp260p8xp215s")
+           ("elyvisions"  "05syxlpsap6nfwxnnd0ls7qj1p4vhw2jxi41pi5inwpfifapfphz")
+           ("fonts"       "184syks602xc657q08973w5ji50x5zssvd4vp2q2ig8m68iyr51c")
+           ("freezurbern" "020gpgcpy4rqjd9d18npfm96j8f02jcjnccbxcgzk1yb58y687ya")
+           ("john"        "0hj5kwlb2gb0gsnl9bk7dkqlk8r7vxcw8gxpgrb3kfn8d9cwcb7k")
+           ("jojo"        "0fij06040r7s5p7jksxm7wxi9jqwkhhm8iywys0dagk8j2wcbvsz")
+           ("jwin"        "0ysfynjvypc8dszf7rsvk02jgw8fmsli49vy2xpm83zpkrqpddgf")
+           ("luckystrike" "1bm0xdqjv35ry5xwbzw3a3v1xf2gj1jwfg29nyl6w3ch0h6crr11")
+           ("maps"        "0c9d1zxmpnngwhchzw6xb6cf84cx8xyycmdqcvyhamrd95d96qma")
+           ("mayhem"      "133pdql7ari159skd9qdmw0p1m73x32d1v6jswkz0xwk8vgxmkil")
+           ("mikeplus64"  "1d5npn9wlw0mviz9vhzzcsj98jvfh1wbvlh1nyqfj4ws5nfxhs7x")
+           ("misc"        "19x2ps6yxnfrz0xdhqdwncaq25ds7i4w2l8sdfi95yh2r7c5k1qn")
+           ("nieb"        "15029nipl92cb0jbh46z00k51hf3jk4v05pwx266b6b11bapdz0c")
+           ("nobiax"      "0k9apim5z4ihd5ajmnbq4gyh24w872dv0mr5v8wqn31a8gxzahhp")
+           ("particles"   "06827r9pnhzjil381xiwcbc93v9nxin7qlr59yrvk9gdzxmklk9m")
+           ("philipk"     "1l6fhl6qz471vjn05hvk29bm8dhwnzqbmi2hdylpa9k998nzkfc1")
+           ("projectiles" "03ay8ik52n3vx723swqlnl5gpkzf1v1gadwj3zcnh43ch7nd2bqh")
+           ("props"       "1yxz7gfmb79sqqrkyfdzp4ar9rf5f1kpfij4nrkk1l8vbw9liksc")
+           ("skyboxes"    "1mm98mhb6yhb006p1hlic91jcwjxhq79mblxciwbqqa9c5g4yki6")
+           ("snipergoth"  "1vlpmwlg71g6l5b706gp82bc07i5bbw2zphzynm2fx49za0zdi44")
+           ("sounds"      "156g5wh8cvdh6zr33haqm566sd28ylnzdf2h4pqzpxbb2i19vbfg")
+           ("textures"    "0wkhl5cgymr9kslzhksi83hs15rb0q01xvax5khi6b4dcl3mrmsh")
+           ("torley"      "1xlag6ndjyqafl984n6d9zi96dv9aif7vrc2nvikc3iwgjwlbxav")
+           ("trak"        "12x9ix8zkqn9svy56qmdgj4x2814qh25f4srplgq691lqn9qjhvd")
+           ("ulukai"      "0gz1hd8hca2biskc85hw4jjacpsmqg9x4w6cwrka8x987xmc92k5")
+           ("unnamed"     "09v8fjy6jqypm1i121kilg3z6zpw7dm0i4gxhd9b7ihprvzvy8r7")
+           ("vanities"    "0m3vfq9l71pbb80qz4s3k8r5azmm158chqbw8snch09ymxm6h462")
+           ("vegetation"  "07yzm9lbzr624j4i652ny5p762p83gadg40c1k8gwff4y7yk55gn")
+           ("weapons"     "05fsp17gdrhjqdwia7rwdw9gcijaqwcnny8lf6krms43xmn8cj0x")
+           ("wicked"      "0jjgwzdibr5my369gwvmvbklpjlwq939zgf643rv0168xc087xb2"))))
     (package
       (name "red-eclipse")
-      (version "1.5.6")
+      (version "1.5.8")
       (source (origin
                 (method url-fetch)
                 (uri (string-append "https://github.com/red-eclipse/base"
@@ -2202,7 +2257,7 @@ http://lavachat.symlynx.com/unix/")
                 (file-name (string-append name "-" version ".tar.gz"))
                 (sha256
                  (base32
-                  "1sv3xhng18sl655sd46lpmqbqz32h32s7nwz68bdr9z9w3iwkf66"))))
+                  "1ah92axwcai0fhgm7pvfb2dxvfdiwwyh8iqyiffndh6782hxz3bc"))))
       (build-system gnu-build-system)
       (arguments
        `(#:tests? #f            ; no check target
@@ -2789,7 +2844,7 @@ the GNU GPL.")
 (define-public tintin++
   (package
     (name "tintin++")
-    (version "2.01.1")
+    (version "2.01.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://sourceforge.net/projects/tintin"
@@ -2797,7 +2852,7 @@ the GNU GPL.")
                                   "/tintin" "-" version ".tar.gz"))
               (sha256
                (base32
-                "195wrfcys8yy953gdrl1gxryhjnx9lg1vqgxm3dyzm8bi18aa2yc"))))
+                "13h39agyhlhm17zyqlb56bmbbxpimikyf5pana3gd3ylvqy1xq81"))))
     (inputs
      `(("gnutls" ,gnutls)
        ("pcre" ,pcre)
@@ -3068,3 +3123,69 @@ symbols, the game needs graphics to render the non-euclidean world.")
 for Un*x systems with X11.")
     (home-page "http://olofson.net/kobodl/")
     (license license:gpl2+)))
+
+(define-public freeciv
+  (package
+   (name "freeciv")
+   (version "2.5.6")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append
+           "http://download.gna.org/freeciv/"
+           "stable/freeciv-" version ".tar.bz2"))
+     (sha256
+      (base32
+       "16wrnsx5rmbz6rjs03bhy0vn20i6n6g73lx7fjpai98ixhzc5bfg"))))
+   (build-system gnu-build-system)
+   (inputs
+    `(("curl" ,curl)
+      ("cyrus-sasl" ,cyrus-sasl)
+      ("gtk+" ,gtk+)
+      ("sdl-mixer" ,sdl-mixer)
+      ("zlib" ,zlib)))
+   (native-inputs
+    `(("pkg-config" ,pkg-config)))
+   (home-page "http://www.freeciv.org/")
+   (synopsis "Turn based empire building strategy game")
+   (description "Freeciv is a turn based empire building strategy game
+inspired by the history of human civilization.  The game commences in
+prehistory and your mission is to lead your tribe from the Stone Age
+to the Space Age.")
+   (license license:gpl2+)))
+
+(define-public no-more-secrets
+  (package
+    (name "no-more-secrets")
+    (version "0.3.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/bartobri/no-more-secrets/"
+                           "archive/v" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "038flwqr0kqv55im2v76xjn01zbvvkb3nzb5ridwm2kbnk9cgg4v"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f
+       #:make-flags (list "CC=gcc" "all-ncurses"
+                          (string-append "prefix="
+                                         (assoc-ref %outputs "out")))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure))))
+    (inputs
+     `(("ncurses" ,ncurses)))
+    (home-page "https://github.com/bartobri/no-more-secrets")
+    (synopsis "Recreation of data decryption effect in \"Sneakers\"")
+    (description
+     "@code{No More Secrets} provides a command line tool called \"nms\"
+that recreates the famous data decryption effect seen on screen in the 1992
+movie \"Sneakers\".
+
+This command works on piped data.  Pipe any ASCII or UTF-8 text to nms, and
+it will apply the hollywood effect, initially showing encrypted data, then
+starting a decryption sequence to reveal the original plaintext characters.")
+    (license license:expat)))
diff --git a/gnu/packages/gcal.scm b/gnu/packages/gcal.scm
index 375bbedff3..3e45163d79 100644
--- a/gnu/packages/gcal.scm
+++ b/gnu/packages/gcal.scm
@@ -25,16 +25,16 @@
 (define-public gcal
   (package
     (name "gcal")
-    (version "4")
+    (version "4.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/gcal/gcal-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "0vpzz2pb6xf5wlwyqj9xa29yvx72zdmffb0fv54hdirfn5vciiar"))))
+               "1av11zkfirbixn05hyq4xvilin0ncddfjqzc4zd9pviyp506rdci"))))
     (build-system gnu-build-system)
-    (home-page "http://www.gnu.org/software/gcal")
+    (home-page "https://www.gnu.org/software/gcal")
     (synopsis "Calculating and printing a wide variety of calendars")
     (description
      "Gcal is a program to calculate and print calendars on the
diff --git a/gnu/packages/gd.scm b/gnu/packages/gd.scm
index 0241a81db9..713f7ae91e 100644
--- a/gnu/packages/gd.scm
+++ b/gnu/packages/gd.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2013, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -36,6 +36,7 @@
 (define-public gd
   (package
     (name "gd")
+    (replacement gd-2.2.4)
 
     ;; Note: With libgd.org now pointing to github.com, genuine old
     ;; tarballs are no longer available.  Notably, versions 2.0.x are
@@ -77,6 +78,32 @@ most common applications of GD involve website development.")
                            "See COPYING file in the distribution."))
     (properties '((cpe-name . "libgd")))))
 
+(define gd-2.2.4
+  (package
+    (inherit gd)
+    (version "2.2.4")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://github.com/libgd/libgd/releases/download/"
+                            "gd-" version "/libgd-" version ".tar.xz"))
+        (patches (search-patches "gd-fix-gd2-read-test.patch"
+                                 "gd-fix-tests-on-i686.patch"))
+        (sha256
+         (base32
+          "1rp4v7n1dq38b92kl7gkvpvqqkw7nvdfnz6d5kip5klkxfki6zqk"))))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         ;; This test is known to fail on i686-linux:
+         ;; https://github.com/libgd/libgd/issues/359
+         ;; TODO Replace this substitution with an upstream bug fix.
+         (add-after 'unpack 'disable-failing-test
+           (lambda _
+             (substitute* "tests/gdimagegrayscale/basic.c"
+               (("return gdNumFailures\\(\\)")
+                 "return 0")))))))))
+
 (define-public perl-gd
   (package
     (name "perl-gd")
diff --git a/gnu/packages/gdb.scm b/gnu/packages/gdb.scm
index c6cc623f6c..ba1fd62a24 100644
--- a/gnu/packages/gdb.scm
+++ b/gnu/packages/gdb.scm
@@ -37,14 +37,14 @@
 (define-public gdb
   (package
     (name "gdb")
-    (version "7.12")
+    (version "7.12.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/gdb/gdb-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "152g2qa8337cxif3lkvabjcxfd9jphfb2mza8f1p2c4bjk2z6kw3"))))
+               "11ii260h1sd7v0bs3cz6d5l8gqxxgldry0md60ncjgixjw5nh1s6"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; FIXME "make check" fails on single-processor systems.
diff --git a/gnu/packages/geo.scm b/gnu/packages/geo.scm
index 86828e717d..4f137a88d7 100644
--- a/gnu/packages/geo.scm
+++ b/gnu/packages/geo.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
+;;; Copyright © 2017 Björn Höfling <bjoern.hoefling@bjoernhoefling.de>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -19,8 +20,9 @@
 
 (define-module (gnu packages geo)
   #:use-module (guix build-system glib-or-gtk)
+  #:use-module (guix build-system gnu)
   #:use-module (guix download)
-  #:use-module (guix licenses)
+  #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix utils)
   #:use-module (gnu packages glib)
@@ -30,6 +32,43 @@
   #:use-module (gnu packages webkit)
   #:use-module (gnu packages xml))
 
+(define-public geos
+  (package
+    (name "geos")
+    (version "3.6.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://download.osgeo.org/geos/geos-"
+                                  version
+                                  ".tar.bz2"))
+              (sha256
+               (base32
+                "1icz31kd5sml2kdxhjznvmv33zfr6nig9l0i6bdcz9q9g8x4wbja"))))
+    (build-system gnu-build-system)
+    (arguments `(#:phases
+                 (modify-phases %standard-phases
+                   (add-after
+                    'unpack 'patch-test-shebangs
+                    (lambda _
+                      (substitute* '("tests/xmltester/testrunner.sh"
+                                     "tests/geostest/testrunner.sh")
+                        (("/bin/sh") (which "sh")))
+                      #t)))))
+    (inputs
+     `(("glib" ,glib)))
+    (home-page "https://geos.osgeo.org/")
+    (synopsis "Geometry Engine for Geographic Information Systems")
+    (description
+     "GEOS provides a spatial object model and fundamental geometric
+functions.  It is a C++ port of the Java Topology Suite (JTS).  As such,
+it aims to contain the complete functionality of JTS in C++.  This
+includes all the OpenGIS Simple Features for SQL spatial predicate
+functions and spatial operators, as well as specific JTS enhanced
+topology functions.")
+    (license (list license:lgpl2.1+          ; Main distribution.
+                   license:zlib              ; tests/xmltester/tinyxml/*
+                   license:public-domain)))) ; include/geos/timeval.h
+
 ;;; FIXME GNOME Maps only runs within GNOME. On i3, it fails with this error:
 ;;; (org.gnome.Maps:8568): GLib-GIO-ERROR **: Settings schema
 ;;; 'org.gnome.desktop.interface' is not installed
@@ -92,4 +131,54 @@
 the OpenStreetMap project.  It can provide directions for walking, bicycling,
 and driving.")
     (home-page "https://wiki.gnome.org/Apps/Maps")
-    (license gpl2+)))
+    (license license:gpl2+)))
+
+(define-public proj.4
+  (package
+    (name "proj.4")
+    (version "4.9.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://download.osgeo.org/proj/proj-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "1xw5f427xk9p2nbsj04j6m5zyjlyd66sbvl2bkg8hd1kx8pm9139"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-test-paths
+           (lambda _
+             (substitute* '("nad/test27"
+                            "nad/test83"
+                            "nad/testvarious"
+                            "nad/testdatumfile"
+                            "nad/testflaky"
+                            "nad/testIGNF")
+               (("/bin/rm") (which "rm")))
+             #t))
+         ;; Precision problems on i686 and other platforms. See:
+         ;; https://web.archive.org/web/20151006134301/http://trac.osgeo.org/proj/ticket/255
+         ;; Disable failing test.
+         (add-after 'patch-test-paths 'ignore-failing-tests
+           (lambda _
+             (substitute* '("nad/Makefile.in")
+               (("\tPROJ_LIB.*" all) (string-append  "#" all)))
+             #t)))))
+    (inputs
+     `(("glib" ,glib)))
+    (home-page "http://proj4.org/")
+    (synopsis "Cartographic Projections Library")
+    (description
+     "Proj.4 is a library for converting coordinates between cartographic
+projections.")
+    (license (list license:expat
+                   ;; src/PJ_patterson.c
+                   license:asl2.0
+                   ;; src/geodesic.c/h
+                   license:x11
+                   ;; Embedded EPSG database.
+                   (license:non-copyleft "http://www.epsg.org/TermsOfUse")
+                   ;; cmake/*
+                   license:boost1.0))))
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 46b8c51299..a00448a8c6 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -39,6 +39,7 @@
 (define-public lcms
   (package
    (name "lcms")
+   (replacement lcms/fixed)
    (version "2.6")
    (source (origin
             (method url-fetch)
@@ -58,6 +59,14 @@ Consortium standard (ICC), approved as ISO 15076-1.")
    (license license:x11)
    (home-page "http://www.littlecms.com/")))
 
+(define lcms/fixed
+  (package
+    (inherit lcms)
+    (source
+      (origin
+        (inherit (package-source lcms))
+        (patches (search-patches "lcms-fix-out-of-bounds-read.patch"))))))
+
 (define-public libpaper
   (package
    (name "libpaper")
diff --git a/gnu/packages/gimp.scm b/gnu/packages/gimp.scm
index 169183db62..15eb5bc084 100644
--- a/gnu/packages/gimp.scm
+++ b/gnu/packages/gimp.scm
@@ -38,8 +38,7 @@
   #:use-module (gnu packages pdf)
   #:use-module (gnu packages photo)
   #:use-module (gnu packages python)
-  #:use-module (gnu packages xorg)
-  #:use-module (gnu packages imagemagick))
+  #:use-module (gnu packages xorg))
 
 (define-public babl
   (package
@@ -102,7 +101,7 @@ provided as well as the framework to add new color models and data types.")
             (("g_object_unref \\(buffer.\\);") ""))
 
           (substitute* "tests/compositions/Makefile"
-            (("/bin/sh") (which "bash"))))
+            (("/bin/sh") (which "sh"))))
         %standard-phases)))
     (inputs
      `(("babl" ,babl)
diff --git a/gnu/packages/gl.scm b/gnu/packages/gl.scm
index 9a484b7126..a3862f1ec3 100644
--- a/gnu/packages/gl.scm
+++ b/gnu/packages/gl.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2013 Joshua Grant <tadni@riseup.net>
 ;;; Copyright © 2014, 2016 David Thompson <davet@gnu.org>
-;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 David Thompson <davet@gnu.org>
@@ -197,7 +197,7 @@ also known as DXTn or DXTC) for Mesa.")
 (define-public mesa
   (package
     (name "mesa")
-    (version "13.0.2")
+    (version "13.0.3")
     (source
       (origin
         (method url-fetch)
@@ -205,7 +205,7 @@ also known as DXTn or DXTC) for Mesa.")
                             version "/mesa-" version ".tar.xz"))
         (sha256
          (base32
-          "1m8n8kd8kcs5ddyvldiw09wvpi5wwpfmmxlb87d63vgl8lk65vd6"))
+          "03m4gc6qc50lb0ic06f83r3yl0x4lmj2zjq3sl60vl3nq7jqpanr"))
         (patches
          (search-patches "mesa-wayland-egl-symbols-check-mips.patch"))))
     (build-system gnu-build-system)
diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm
index a78b188af0..9dd46d60b1 100644
--- a/gnu/packages/glib.scm
+++ b/gnu/packages/glib.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
-;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox.org>
 ;;;
@@ -30,6 +30,7 @@
   #:use-module (guix build-system python)
   #:use-module (gnu packages)
   #:use-module (gnu packages base)
+  #:use-module (gnu packages backup)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages enlightenment)
@@ -38,6 +39,8 @@
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages libffi)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages nettle)
   #:use-module (gnu packages pcre)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
@@ -134,7 +137,7 @@ shared NFS home directories.")
 (define glib
   (package
    (name "glib")
-   (version "2.48.2")
+   (version "2.50.2")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/"
@@ -142,7 +145,7 @@ shared NFS home directories.")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "1x6kwrk1zyd3csv0ca3pmwc4bnkc33agn95cds15h6nbi4apappj"))
+              "1xgvmiqbhla6grpmbidqs3bl6zrb9mjknfsh7r4hb3163xy76s5y"))
             (patches (search-patches "glib-tests-timer.patch"))))
    (build-system gnu-build-system)
    (outputs '("out"           ; everything
@@ -152,6 +155,7 @@ shared NFS home directories.")
     `(("pcre" ,pcre))) ; in the Requires.private field of glib-2.0.pc
    (inputs
     `(("coreutils" ,coreutils)
+      ("util-linux" ,util-linux)  ; for libmount
       ("libffi" ,libffi)
       ("zlib" ,zlib)
       ("tzdata" ,tzdata)))     ; for tests/gdatetime.c
@@ -279,14 +283,14 @@ dynamic loading, and an object system.")
 (define gobject-introspection
   (package
     (name "gobject-introspection")
-    (version "1.48.0")
+    (version "1.50.0")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnome/sources/"
                    "gobject-introspection/" (version-major+minor version)
                    "/gobject-introspection-" version ".tar.xz"))
              (sha256
-              (base32 "0xsqwxhfqzr79av89mg766kxpb2i41bd0vwspk01xjdzrnn5l9zs"))
+              (base32 "1i9pccig8mv6qf0c1z8fcapays190nmr7j6pyc7cfhzmcv39fr8w"))
              (modules '((guix build utils)))
              (snippet
               '(substitute* "tools/g-ir-tool-template.in"
@@ -427,7 +431,7 @@ translated.")
 (define dbus-glib
   (package
     (name "dbus-glib")
-    (version "0.106")
+    (version "0.108")
     (source (origin
              (method url-fetch)
              (uri
@@ -435,7 +439,7 @@ translated.")
                              version ".tar.gz"))
              (sha256
               (base32
-               "0in0i6v68ixcy0ip28i84hdczf10ykq9x682qgcvls6gdmq552dk"))))
+               "0b307hw9j41npzr6niw1bs6ryp87m5yafg492gqwvsaj4dz0qd4z"))))
     (build-system gnu-build-system)
     (propagated-inputs ; according to dbus-glib-1.pc
      `(("dbus" ,dbus)
@@ -482,7 +486,7 @@ has an ease of use unmatched by other C++ callback libraries.")
 (define glibmm
   (package
     (name "glibmm")
-    (version "2.48.1")
+    (version "2.50.0")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnome/sources/glibmm/"
@@ -490,7 +494,7 @@ has an ease of use unmatched by other C++ callback libraries.")
                                  "/glibmm-" version ".tar.xz"))
              (sha256
               (base32
-               "1pvw2mrm03p51p03179rb6fk9p42iykkwj1jcdv7jr265xymy8nw"))))
+               "152yz5w0lx0y5j9ml72az7pc83p4l92bc0sb8whpcazldqy6wwnz"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases (alist-cons-before
@@ -563,7 +567,7 @@ useful for C++.")
 (define-public python-pygobject
   (package
     (name "python-pygobject")
-    (version "3.20.0")
+    (version "3.22.0")
     (source
      (origin
        (method url-fetch)
@@ -572,7 +576,7 @@ useful for C++.")
                            "/pygobject-" version ".tar.xz"))
        (sha256
         (base32
-         "0ikzh3l7g1gjh8jj8vg6mdvrb25svp63gxcam4m0i404yh0lgari"))))
+         "1ryblpc4wbhxcwf7grgib4drrab5xi6p78ihhrx0zj7g13xrrch8"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("which" ,which)
@@ -663,7 +667,6 @@ many applications simultaneously.
 This package provides the library for GLib applications.")
     (license license:lgpl2.1+)))
 
-
 (define-public dbus-c++
   (package
     (name "dbus-c++")
@@ -703,3 +706,46 @@ programming langauage.  It also contains the utility
 @command{dbuscxx-xml2cpp}.")
     (home-page "https://sourceforge.net/projects/dbus-cplusplus/")
     (license license:lgpl2.1+)))
+
+(define-public appstream-glib
+  (package
+    (name "appstream-glib")
+    (version "0.6.7")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://people.freedesktop.org/~hughsient/"
+                                  "appstream-glib/releases/"
+                                  "appstream-glib-" version ".tar.xz"))
+              (sha256
+               (base32
+                "08mrf4k0jhnpdd4fig2grmi2vbxkgdhrwk0d0zq0j1wp5ip7arwp"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("gdk-pixbuf" ,gdk-pixbuf)
+       ("glib" ,glib)
+       ("gtk+" ,gtk+)
+       ("json-glib" ,json-glib)
+       ("libarchive" ,libarchive)
+       ("libsoup" ,libsoup)
+       ("nettle" ,nettle)
+       ("util-linux" ,util-linux)))
+    (arguments
+     `(#:configure-flags
+       '("--disable-firmware" "--disable-dep11")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-tests
+           (lambda _
+             (substitute* "libappstream-glib/as-self-test.c"
+               (("g_test_add_func.*as_test_store_local_appdata_func);") "")
+               (("g_test_add_func.*as_test_store_speed_appdata_func);") "")
+               (("g_test_add_func.*as_test_store_speed_desktop_func);") ""))
+             #t)))))
+    (home-page "https://github.com/hughsie/appstream-glib")
+    (synopsis "Library for reading and writing AppStream metadata")
+    (description "This library provides objects and helper methods to help
+reading and writing @uref{https://www.freedesktop.org/wiki/Distributions/AppStream,AppStream}
+metadata.")
+    (license license:lgpl2.1+)))
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 2d97f228f1..dd1a6d6294 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
 ;;; Copyright © 2014, 2016 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2014, 2015 Federico Beffa <beffa@fbengineering.ch>
@@ -8,8 +8,8 @@
 ;;; Copyright © 2015 Mathieu Lirzin <mthl@openmailbox.org>
 ;;; Copyright © 2015 Andy Wingo <wingo@igalia.com>
 ;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com>
-;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
@@ -22,6 +22,7 @@
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -82,6 +83,7 @@
   #:use-module (gnu packages ibus)
   #:use-module (gnu packages iso-codes)
   #:use-module (gnu packages libcanberra)
+  #:use-module (gnu packages libunistring)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages libusb)
   #:use-module (gnu packages lirc)
@@ -89,25 +91,29 @@
   #:use-module (gnu packages image)
   #:use-module (gnu packages networking)
   #:use-module (gnu packages password-utils)
+  #:use-module (gnu packages pcre)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages photo)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages python)
+  #:use-module (gnu packages rdesktop)
   #:use-module (gnu packages scanner)
   #:use-module (gnu packages ssh)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages gl)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages spice)
   #:use-module (gnu packages tex)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages web)
   #:use-module (gnu packages webkit)
+  #:use-module (gnu packages xiph)
   #:use-module (gnu packages xorg)
   #:use-module (gnu packages xdisorg)
   #:use-module (gnu packages freedesktop)
   #:use-module (gnu packages mail)
-  #:use-module (gnu packages mit-krb5)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages multiprecision)
   #:use-module (gnu packages backup)
   #:use-module (gnu packages nettle)
@@ -117,6 +123,8 @@
   #:use-module (gnu packages samba)
   #:use-module (gnu packages readline)
   #:use-module (gnu packages fonts)
+  #:use-module (gnu packages qemu)
+  #:use-module (gnu packages zip)
   #:use-module (srfi srfi-1))
 
 (define-public brasero
@@ -242,7 +250,7 @@ commonly used macros.")
 (define-public gnome-desktop
   (package
     (name "gnome-desktop")
-    (version "3.20.2")
+    (version "3.22.2")
     (source
      (origin
       (method url-fetch)
@@ -251,7 +259,7 @@ commonly used macros.")
                           name "-" version ".tar.xz"))
       (sha256
        (base32
-        "1cp2c6q1ybirfq6rqyfj5lr5vyqdizy730bfg5jqnflcmakjsb29"))))
+        "074yjz4g9gii045v2pl1ad34hcg92ci04ynxqcabwnf3lvvypmsi"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("gobject-introspection" ,gobject-introspection)
@@ -316,6 +324,43 @@ Gnome project.  It includes xml2po tool which makes it easier to translate
 and keep up to date translations of documentation.")
     (license license:gpl2+))) ; xslt under lgpl
 
+(define-public gnome-disk-utility
+  (package
+    (name "gnome-disk-utility")
+    (version "3.22.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnome/sources/" name "/"
+                                  (version-major+minor version) "/"
+                                  name "-" version ".tar.xz"))
+              (sha256
+               (base32
+                "1hqynlcgwm72il2rdml98gcarz0alsgxs5xf6ww2x0czaj3s3953"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("glib:bin" ,glib "bin")
+       ("intltool" ,intltool)
+       ("pkg-config" ,pkg-config)
+       ("docbook-xml" ,docbook-xml)
+       ("docbook-xsl" ,docbook-xsl)
+       ("libxml2" ,libxml2)
+       ("libxslt" ,libxslt)))
+    (inputs
+     `(("glib" ,glib)
+       ("appstream-glib" ,appstream-glib)
+       ("gnome-settings-daemon" ,gnome-settings-daemon)
+       ("gtk+" ,gtk+)
+       ("libcanberra" ,libcanberra)
+       ("libdvdread" ,libdvdread)
+       ("libnotify" ,libnotify)
+       ("libpwquality" ,libpwquality)
+       ("libsecret" ,libsecret)
+       ("udisks" ,udisks)))
+    (home-page "https://git.gnome.org/browse/gnome-disk-utility")
+    (synopsis "Disk management utility for GNOME")
+    (description "Disk management utility for GNOME.")
+    (license license:gpl2+)))
+
 (define-public gcr
   (package
     (name "gcr")
@@ -464,7 +509,7 @@ forgotten when the session ends.")
 (define-public evince
   (package
     (name "evince")
-    (version "3.20.1")
+    (version "3.22.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnome/sources/" name "/"
@@ -472,7 +517,7 @@ forgotten when the session ends.")
                                  name "-" version ".tar.xz"))
              (sha256
               (base32
-               "0m80s98k4i463dclpyk01fqb91cawbb6vvcz5vq2974k6qqc4ypw"))))
+               "0713mcrym5ykhl5smqxi6m9578gz3nkibmkmc794amss7gdkkm7k"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(#:configure-flags '("--disable-nautilus")
@@ -536,7 +581,7 @@ on the GNOME Desktop with a single simple application.")
 (define-public gsettings-desktop-schemas
   (package
     (name "gsettings-desktop-schemas")
-    (version "3.20.0")
+    (version "3.22.0")
     (source
      (origin
       (method url-fetch)
@@ -545,7 +590,7 @@ on the GNOME Desktop with a single simple application.")
                           name "-" version ".tar.xz"))
       (sha256
        (base32
-        "1hfrqqsmqscgbnaikmyq4yq8h72554wdg13algh5bf8a7i9ip92m"))))
+        "1qgalzqwg0fl0n22vslqcsnsmj9kc54qj25ib16rxaf36jxcf1hg"))))
     (build-system gnu-build-system)
     (inputs
      `(("glib" ,glib)))
@@ -602,14 +647,14 @@ GNOME and KDE desktops to the icon names proposed in the specification.")
 (define-public desktop-file-utils
   (package
     (name "desktop-file-utils")
-    (version "0.22")
+    (version "0.23")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.freedesktop.org/software/" name
                                   "/releases/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1ianvr2a69yjv4rpyv30w7yjsmnsb23crrka5ndqxycj4rkk4dc4"))))
+                "119kj2w0rrxkhg4f9cf5waa55jz1hj8933vh47vcjipcplql02bc"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -666,7 +711,7 @@ update-desktop-database: updates the database containing a cache of MIME types
 (define-public adwaita-icon-theme
   (package (inherit gnome-icon-theme)
     (name "adwaita-icon-theme")
-    (version "3.20")
+    (version "3.22.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -674,21 +719,21 @@ update-desktop-database: updates the database containing a cache of MIME types
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0ddfwwqx8s63qbqimmbb015lqsab4s0rvy1j81jdsh7k95rqh2ks"))))
+                "1dyw8mm72wfpkn83vdqr0ifv5yhy565jhxrcjsd83nc7c3igd2y1"))))
     (native-inputs
      `(("gtk-encode-symbolic-svg" ,gtk+ "bin")))))
 
 (define-public shared-mime-info
   (package
     (name "shared-mime-info")
-    (version "1.7")
+    (version "1.8")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://freedesktop.org/~hadess/"
                                  "shared-mime-info-" version ".tar.xz"))
              (sha256
               (base32
-               "0bjd2j1rqrj150mr04j7ib71lfdlgbf235fg8d70g8mszqf7ik7a"))))
+               "1sc96lv9dp1lkvs8dh3ngm3hbjb274d363dl9avhb61il3qmxx9a"))))
     (build-system gnu-build-system)
     (arguments
      ;; The build system appears not to be parallel-safe.
@@ -712,15 +757,15 @@ database is translated at Transifex.")
 (define-public hicolor-icon-theme
   (package
     (name "hicolor-icon-theme")
-    (version "0.12")
+    (version "0.15")
     (source
      (origin
       (method url-fetch)
       (uri (string-append "https://icon-theme.freedesktop.org/releases/"
-                          "hicolor-icon-theme-" version ".tar.gz"))
+                          "hicolor-icon-theme-" version ".tar.xz"))
       (sha256
        (base32
-        "0wzc7g4ldb2l8zc0x2785ck808c03i857jji942ikakyc68adp4y"))))
+        "1k1kf2c5zbqh31nglc3nxs9j6wr083k9kjyql8p22ccc671mmi4w"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f)) ; no check target
@@ -734,7 +779,7 @@ database is translated at Transifex.")
 (define-public libnotify
   (package
     (name "libnotify")
-    (version "0.7.6")
+    (version "0.7.7")
     (source
      (origin
       (method url-fetch)
@@ -743,7 +788,7 @@ database is translated at Transifex.")
                           name "-" version ".tar.xz"))
       (sha256
        (base32
-        "0dyq8zgjnnzcah31axnx6afb21kl7bks1gvrg4hjh3nk02j1rxhf"))))
+        "017wgq9n00hx39n0hm784zn18hl721hbaijda868cm96bcqwxd4w"))))
     (build-system gnu-build-system)
     (inputs
      `(("gdk-pixbuf" ,gdk-pixbuf)
@@ -767,7 +812,7 @@ some form of information without getting in the user's way.")
 (define-public libpeas
   (package
     (name "libpeas")
-    (version "1.18.0")
+    (version "1.20.0")
     (source
      (origin
       (method url-fetch)
@@ -776,7 +821,7 @@ some form of information without getting in the user's way.")
                           name "-" version ".tar.xz"))
       (sha256
        (base32
-        "09jy2rwwgp0xx7cnypxl56m7zzxnj3j4v58xqjxjasf3chn88jdz"))))
+        "0m6k6fcrx40n92nc1cy3z72vs1ja49sb58dj3fjp40605pzgz4pk"))))
     (build-system gnu-build-system)
     (inputs
      `(("gtk+" ,gtk+)
@@ -904,7 +949,7 @@ XML/CSS rendering engine.")
 (define-public libgsf
   (package
     (name "libgsf")
-    (version "1.14.40")
+    (version "1.14.41")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -912,7 +957,7 @@ XML/CSS rendering engine.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1q2i5p9s5zw0y0502risykrzkfma7p24n3mmh244scjy9f4kh1im"))))
+                "1lq87wnrsjbjafpk3c8xwd56gqx319fhck9xkg2da88hd9c9h2qm"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("intltool" ,intltool)
@@ -1663,7 +1708,7 @@ engineering.")
 (define-public gnome-themes-standard
   (package
     (name "gnome-themes-standard")
-    (version "3.20.2")
+    (version "3.22.2")
     (source
      (origin
        (method url-fetch)
@@ -1672,7 +1717,7 @@ engineering.")
                            version ".tar.xz"))
        (sha256
         (base32
-         "05br99z67f82i18nljpxnwssfnaqp7mph61w3hq0i44z5i5rq3cx"))))
+         "19bxw69ms46px5xgvwbjlhq2vkmrqfx2az49q63w2wxqb76icidk"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags
@@ -1735,7 +1780,7 @@ passwords in the GNOME keyring.")
 (define-public vala
   (package
     (name "vala")
-    (version "0.32.1")
+    (version "0.34.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -1743,7 +1788,7 @@ passwords in the GNOME keyring.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1ab1l44abf9fj1wznzq5956431ia136rl5049cggnk5393jlf3fx"))))
+                "10vbd74jazc3vhfagzx8v197bshrg61hnjzna6y3wmhljhrvs5vb"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -1777,7 +1822,7 @@ libraries written in C.")
 (define-public vte
   (package
     (name "vte")
-    (version "0.44.2")
+    (version "0.46.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -1785,7 +1830,7 @@ libraries written in C.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0j899ccrkzh7208w29c835m1yms0cas5cxkck8x6l4xv2i45ksm1"))))
+                "1ipmnfazvhzjp5pjw90mmxbkizivnh7gnlqqml94lw2rqa5wy048"))))
     (build-system gnu-build-system)
     (arguments
      ;; XXX: fails to compile tests with the default flags.
@@ -1804,7 +1849,8 @@ libraries written in C.")
        ("xmllint" ,libxml2)))
     (propagated-inputs
      `(("gtk+" ,gtk+)                             ;required by vte-2.91.pc
-       ("gnutls" ,gnutls)))                       ;ditto
+       ("gnutls" ,gnutls)                         ;ditto
+       ("pcre2" ,pcre2)))                         ;ditto
     (home-page "http://www.gnome.org/")
     (synopsis "Virtual Terminal Emulator")
     (description
@@ -1818,7 +1864,7 @@ editors, IDEs, etc.")
   (package
     (inherit vte)
     (name "vte-ng")
-    (version "0.44.1.b")
+    (version "0.46.1.a")
     (native-inputs
      `(("gtk-doc" ,gtk-doc)
        ("gperf" ,gperf)
@@ -1833,7 +1879,7 @@ editors, IDEs, etc.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1mhz4i1qkdlrs49vgm7nsrb60lry9v6wsgwsmji7fln1nyrp1pag"))))
+                "1c0czhsn28b5h4pk3kx89jjbdc5d2qkxhl4ywqvxfivphf2nicbp"))))
     (arguments
       `(#:configure-flags '("CXXFLAGS=-Wformat=0")
         #:phases (modify-phases %standard-phases
@@ -1894,6 +1940,43 @@ selection and URL hints.")))
      `(("gtk+" ,gtk+-2)         ; required by libvte.pc
        ("ncurses" ,ncurses))))) ; required by libvte.la
 
+(define-public vinagre
+  (package
+    (name "vinagre")
+    (version "3.22.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnome/sources/" name "/"
+                                  (version-major+minor version) "/"
+                                  name "-" version ".tar.xz"))
+              (sha256
+               (base32
+                "10jya3jyrm18nbw3v410gbkc7677bqamax44pzgd3j15randn76d"))))
+    (build-system glib-or-gtk-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("intltool" ,intltool)
+       ("itstool" ,itstool)
+       ("glib-bin" ,glib "bin")                   ;for glib-compile-schemas
+       ("gtk+-bin" ,gtk+ "bin")))                 ;for gtk-update-icon-cache
+    (inputs
+     `(("libxml2" ,libxml2)
+       ("gtk-vnc" ,gtk-vnc)
+       ("gnome-keyring" ,gnome-keyring)
+       ("libsecret" ,libsecret)
+       ("freerdp" ,freerdp)
+       ("spice" ,spice)
+       ("spice-gtk" ,spice-gtk)
+       ("telepathy-glib" ,telepathy-glib)
+       ("vte" ,vte)))
+    (arguments
+     `(#:configure-flags '("--enable-rdp")))
+    (home-page "https://wiki.gnome.org/Apps/Vinagre")
+    (synopsis "Remote desktop viewer for GNOME")
+    (description "Vinagre is a remote display client supporting the VNC, SPICE
+and RDP protocols.")
+    (license license:gpl3+)))
+
 (define-public dconf
   (package
     (name "dconf")
@@ -2058,7 +2141,7 @@ library.")
 (define-public glib-networking
   (package
     (name "glib-networking")
-    (version "2.48.2")
+    (version "2.50.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/glib-networking/"
@@ -2066,7 +2149,7 @@ library.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "111spcar6wbp6m0rdxzjscc7vfqx5nawscrfbxlvbf5jsr4hqp4j"))
+                "1vkb53jxawy38y29635izlch64j9xmcwwcimk134jwra7hpl86iz"))
               (patches
                (search-patches "glib-networking-ssl-cert-file.patch"))))
     (build-system gnu-build-system)
@@ -2258,7 +2341,7 @@ and other secrets.  It communicates with the \"Secret Service\" using DBus.")
 (define-public gnome-mines
   (package
     (name "gnome-mines")
-    (version "3.20.1")
+    (version "3.22.2")
     (source
      (origin
        (method url-fetch)
@@ -2267,7 +2350,7 @@ and other secrets.  It communicates with the \"Secret Service\" using DBus.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "0frb1r0f55giz7yqxl9920vvzqlirdivz54ygc9d85r8v63fh5aq"))))
+         "1wia0nj5i244m6pq3lridvk3vx9yipsa9l921nsskd97115mnyza"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:phases
@@ -2284,6 +2367,7 @@ and other secrets.  It communicates with the \"Secret Service\" using DBus.")
        ("xmllint" ,libxml2)))
     (inputs
      `(("gtk+" ,gtk+)
+       ("libgnome-games-support" ,libgnome-games-support)
        ("librsvg" ,librsvg)))
     (home-page "https://wiki.gnome.org/Apps/Mines")
     (synopsis "Minesweeper game")
@@ -2295,7 +2379,7 @@ floating in an ocean using only your brain and a little bit of luck.")
 (define-public gnome-sudoku
   (package
     (name "gnome-sudoku")
-    (version "3.20.5")
+    (version "3.22.2")
     (source
      (origin
        (method url-fetch)
@@ -2304,7 +2388,7 @@ floating in an ocean using only your brain and a little bit of luck.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "166bbv5k50v7pjp3wbl2rmxcmv1adwr14hxg5rw2ws8kams8151k"))))
+         "1sz2ln2nc9ff7zigghil32vbmr2qhb98dc0rbrz755rlrsh8pi08"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
@@ -2330,7 +2414,7 @@ more fun.")
 (define-public gnome-terminal
   (package
     (name "gnome-terminal")
-    (version "3.20.2")
+    (version "3.22.1")
     (source
      (origin
        (method url-fetch)
@@ -2339,7 +2423,7 @@ more fun.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "08ssch8h1y85wyhddkyr7ab4v8dnsn17z4ayyc5ff78gfdh30f7m"))))
+         "1m5h3ck7wcvq1kfap05jwhnbpp3kmikc2qy822gnsbdjdqrm41xh"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:configure-flags
@@ -2526,14 +2610,14 @@ faster results and to avoid unnecessary server load.")
 (define-public upower
   (package
     (name "upower")
-    (version "0.99.3")
+    (version "0.99.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://upower.freedesktop.org/releases/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0f6x9mi1jzgqdpycaikyhjljnw3aacsl3gxndyg0dfqkq6y9jwb9"))
+                "1c1ph1j1fnrf3vipxb7ncmdfc36dpvcvpsv8n8lmal7grjk2b8ww"))
               (patches (search-patches "upower-builddir.patch"))))
     (build-system glib-or-gtk-build-system)
     (arguments
@@ -2581,7 +2665,7 @@ service via the system message bus.")
 (define-public libgweather
   (package
     (name "libgweather")
-    (version "3.20.3")
+    (version "3.20.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -2589,7 +2673,7 @@ service via the system message bus.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "02vcnlchcq3hxsm75x2szzkszg1yp1rg164p1b23vnzm9svcaszv"))))
+                "1higj4nmn3srqjbzl4iva7c0b4fkdq74xi4b35xd0qc4qiawbkbx"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
@@ -2636,7 +2720,7 @@ services for numerous locations.")
 (define-public gnome-settings-daemon
   (package
     (name "gnome-settings-daemon")
-    (version "3.20.1")
+    (version "3.22.1")
     (source
      (origin
        (method url-fetch)
@@ -2645,7 +2729,7 @@ services for numerous locations.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "1rvqisrh3lridsb8rvm7spvncyq206ly0245zgpbm8swi5fhfjp8"))))
+         "1finsr7yqvix6n3rdwclv4fpgagmz6xyrk3qzapkn9ljv76rfzdm"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(;; Color management test can't reach the colord system service.
@@ -2691,14 +2775,15 @@ settings, themes, mouse settings, and startup of other daemons.")
 (define-public totem-pl-parser
  (package
    (name "totem-pl-parser")
-   (version "3.10.6")
+   (version "3.10.7")
    (source (origin
             (method url-fetch)
-            (uri (string-append "mirror://gnome/sources/totem-pl-parser/3.10/"
+            (uri (string-append "mirror://gnome/sources/totem-pl-parser/"
+                                (version-major+minor version) "/"
                                 "totem-pl-parser-" version ".tar.xz"))
             (sha256
              (base32
-              "0mv7aw9mw77w04zg95zjf0zmk6ckshpysbb9nap15h5is6zdk9cq"))))
+              "17089sqyh6w6zr8ci865ihmvqshnslcsk9fbsl4s7yii66y8b0lw"))))
    (build-system gnu-build-system)
    (arguments
     ;; FIXME: Tests require gvfs.
@@ -2726,7 +2811,7 @@ playlists in a variety of formats.")
 (define-public aisleriot
   (package
     (name "aisleriot")
-    (version "3.20.2")
+    (version "3.22.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -2734,7 +2819,7 @@ playlists in a variety of formats.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0vhpi7bzm4gbraky1d3ma26rbwnylcqdakav82j67bpqd7f6n0v2"))))
+                "01ydq39kk8xvv8nbqqbh458gpmvx676sms71r1iix42z40a13caj"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:configure-flags
@@ -2762,7 +2847,7 @@ which are easy to play with the aid of a mouse.")
 (define-public devhelp
   (package
     (name "devhelp")
-    (version "3.20.0")
+    (version "3.22.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -2770,7 +2855,7 @@ which are easy to play with the aid of a mouse.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "078zr92xs5ifp862v1vdmw1j9m6gr9zk5hjbk5065vxjwb17acx2"))))
+                "1c7zqn8apm1lnpsp74bd880rga2vi5wxfjghqdgwqf6j28pf1jjr"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("intltool" ,intltool)
@@ -2789,7 +2874,7 @@ throughout GNOME for API documentation).")
 (define-public cogl
   (package
     (name "cogl")
-    (version "1.22.0")
+    (version "1.22.2")
     (source
      (origin
        (method url-fetch)
@@ -2798,7 +2883,9 @@ throughout GNOME for API documentation).")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "14daxqrid5039xmq9yl4pk86awng1n9zgl6ysblhc4gw2ifzp7b8"))))
+         "03f0ha3qk7ca0nnkkcr1garrm1n1vvfqhkz9lwjm592fnv6ii9rr"))))
+    ;; NOTE: mutter exports a bundled fork of cogl, so when making changes to
+    ;; cogl, corresponding changes may be appropriate in mutter as well.
     (build-system gnu-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin")     ; for glib-mkenums
@@ -2866,6 +2953,8 @@ without stepping on each others toes.")
        (sha256
         (base32
          "01nfjd4k7j2n3agpx2d9ncff86nfsqv4n23465rb9zmk4iw4wlb7"))))
+    ;; NOTE: mutter exports a bundled fork of clutter, so when making changes
+    ;; to clutter, corresponding changes may be appropriate in mutter as well.
     (build-system gnu-build-system)
     (outputs '("out"
                "doc"))                            ;9 MiB of gtk-doc HTML pages
@@ -2909,7 +2998,7 @@ presentations, kiosk style applications and so on.")
 (define-public clutter-gtk
   (package
     (name "clutter-gtk")
-    (version "1.8.0")
+    (version "1.8.2")
     (source
      (origin
        (method url-fetch)
@@ -2918,7 +3007,7 @@ presentations, kiosk style applications and so on.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "07dzvx0b3fsswxnpxgk0adjgccnrvbxsd971naqwndnfivbgjbkl"))))
+         "153bl9256yjnfcplp7jmgf7lm2zb790zkayjclzsv42l6a3d89ys"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
@@ -2938,7 +3027,7 @@ presentations, kiosk style applications and so on.")
 (define-public clutter-gst
   (package
     (name "clutter-gst")
-    (version "3.0.18")
+    (version "3.0.22")
     (source
      (origin
        (method url-fetch)
@@ -2947,7 +3036,7 @@ presentations, kiosk style applications and so on.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "14w0pi9myvcn1yxzmk9sk8dghj17m5ji3aqdpfjikk90c060vv0a"))))
+         "1m6zwc7xr7lmbwiqav961g7jhc7gp5gb73dm6j93szpa6bxmgz7i"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin")     ; for glib-mkenums
@@ -2969,7 +3058,7 @@ GL based interactive canvas library.")
 (define-public libchamplain
   (package
     (name "libchamplain")
-    (version "0.12.13")
+    (version "0.12.14")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2977,7 +3066,7 @@ GL based interactive canvas library.")
                     version ".tar.xz"))
               (sha256
                (base32
-                "1arzd1hsgq14rbiwa1ih2g250x6ljna2s2kiqfrw155c612s9cxk"))))
+                "13snnka1jqc5qrgij8bm22xy02pncf3dn5ij3jh4rrpzq7g1sqpi"))))
     (build-system gnu-build-system)
     (arguments '(#:configure-flags '("--enable-vala")))
     (native-inputs
@@ -3070,10 +3159,24 @@ queries upon that data.")
 GNOME Games, but it may be used by others.")
     (license license:lgpl3+)))
 
+(define-public libgnome-games-support
+  (package
+    (inherit libgames-support)
+    (name "libgnome-games-support")
+    (version "1.2.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnome/sources/" name "/"
+                                  (version-major+minor version) "/"
+                                  name "-" version ".tar.xz"))
+              (sha256
+               (base32
+                "1rsyf5hbjim7zpk1yar3gv65g1nmw6zbbc0smrmxsfk0f9n3j9m6"))))))
+
 (define-public gnome-klotski
   (package
     (name "gnome-klotski")
-    (version "3.20.2")
+    (version "3.22.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3081,7 +3184,7 @@ GNOME Games, but it may be used by others.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "14w40a1gjlg4l1vhcy0qcf3scmwm2v3vhxnxj269pfqlv8s7alaw"))))
+                "04ragvrz29sydi2kf1zk2aimi3b3hn34jrndfd2lx6h8l45anq3q"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("desktop-file-utils" ,desktop-file-utils)
@@ -3091,7 +3194,7 @@ GNOME Games, but it may be used by others.")
        ("xmllint" ,libxml2)))
     (inputs
      `(("gtk+" ,gtk+)
-       ("libgames-support" ,libgames-support)
+       ("libgnome-games-support" ,libgnome-games-support)
        ("librsvg" ,librsvg)))
     (home-page "https://wiki.gnome.org/Apps/Klotski")
     (synopsis "Sliding block puzzles")
@@ -3105,7 +3208,7 @@ as possible!")
 (define-public grilo
   (package
     (name "grilo")
-    (version "0.3.0")
+    (version "0.3.2")
     (source
      (origin
        (method url-fetch)
@@ -3114,7 +3217,7 @@ as possible!")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "0q5wcvnckpfks48hy0gvlfdmvqm67vnblm3912rssmkgc1ysil8z"))))
+         "0nvzr2gfk2mpzf99442zawv0n5yjcyy50rqkrvdsibknbm56hvzj"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin")         ; for glib-mkenums and glib-genmarshal
@@ -3127,6 +3230,7 @@ as possible!")
        ("libxml2" ,libxml2)
        ;; XXX TODO: Add oauth
        ("libsoup" ,libsoup)
+       ("nettle" ,nettle)
        ("totem-pl-parser" ,totem-pl-parser)))
     (arguments
      `(#:phases
@@ -3156,7 +3260,7 @@ for application developers.")
 (define-public grilo-plugins
   (package
     (name "grilo-plugins")
-    (version "0.3.1")
+    (version "0.3.3")
     (source
      (origin
        (method url-fetch)
@@ -3165,7 +3269,7 @@ for application developers.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "1akd7q6pqnkcnayrdfjb0qx5w5yyl06kxzwhqp2gxm4y1b208pb0"))))
+         "172vr1y98d2mzlmg5akjn4ibrcj3gh22cwnb3cv9rvvzhj3yhrpy"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin")     ; for glib-mkenums and glib-genmarshal
@@ -3209,7 +3313,7 @@ for application developers.")
 (define-public totem
   (package
     (name "totem")
-    (version "3.20.1")
+    (version "3.22.0")
     (source
      (origin
        (method url-fetch)
@@ -3218,8 +3322,7 @@ for application developers.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "09swnhp46cyy2svqx02fzy555pjgc61lyjw56v9rz1mfc41lh8kg"))
-       (patches (search-patches "totem-debug-format-fix.patch"))))
+         "1sjgjqhpsh3kipnbc8y31xz64s61xjayxq98pi0vkgbl2rdmnsh2"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
@@ -3289,7 +3392,7 @@ which can read a large number of file formats.")
 (define-public rhythmbox
  (package
    (name "rhythmbox")
-   (version "3.4")
+   (version "3.4.1")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3297,7 +3400,7 @@ which can read a large number of file formats.")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "1347747m90aiz47wny1f8rdk5195qf2ph0554c6y91711sm951gg"))))
+              "1dj1hgdyhmwzs6h2zr89b1ipk0p6g7x74rfz56a5yjds3ik8d7q3"))))
    (build-system glib-or-gtk-build-system)
    (arguments
     `(#:configure-flags
@@ -3377,7 +3480,7 @@ supports playlists, song ratings, and any codecs installed through gstreamer.")
 (define-public eog
  (package
    (name "eog")
-   (version "3.20.4")
+   (version "3.20.5")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3385,7 +3488,7 @@ supports playlists, song ratings, and any codecs installed through gstreamer.")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "1qsv3brhi8l8fr22nd3d0fwq5xhwspqw0bammhkkq3ga0z6791wn"))))
+              "0fqvfc4y1lbv0awh8dbx9khfha0hdkmnj1lzw5jq0l7jmahwbrz6"))))
    (build-system glib-or-gtk-build-system)
    (arguments
     `(#:phases
@@ -3455,7 +3558,7 @@ part of udev-extras, then udev, then systemd.  It's now a project on its own.")
 (define-public gvfs
   (package
     (name "gvfs")
-    (version "1.28.3")
+    (version "1.30.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3463,7 +3566,7 @@ part of udev-extras, then udev, then systemd.  It's now a project on its own.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "05xxy0ids310qy24vmkyl3hc6mq05p39aa8mkr5fzxkhhnv4r325"))))
+                "0xgis1kgglnazy1vm66xiqyz8yvvmiad3h0g3agg7ryai6aa495q"))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f)) ; XXX: requiring `pidof'
@@ -3482,6 +3585,7 @@ part of udev-extras, then udev, then systemd.  It's now a project on its own.")
        ("glib" ,glib)
        ("libarchive" ,libarchive)
        ("libbluray" ,libbluray)
+       ("libcap" ,libcap)
        ("libcdio-paranoia" ,libcdio-paranoia)
        ("libgcrypt" ,libgcrypt)
        ("libgphoto2" ,libgphoto2)
@@ -3492,6 +3596,7 @@ part of udev-extras, then udev, then systemd.  It's now a project on its own.")
        ("libsoup" ,libsoup)
        ("libxml2" ,libxml2)
        ("nettle" ,nettle) ; XXX: required by libarchive.pc
+       ("polkit" ,polkit)
        ("udisks" ,udisks)))
     (home-page "https://wiki.gnome.org/gvfs/")
     (synopsis "Userspace virtual file system for GIO")
@@ -3508,7 +3613,7 @@ DAV, and others.")
 (define-public gusb
   (package
     (name "gusb")
-    (version "0.2.6")
+    (version "0.2.9")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/hughsie/libgusb/archive/"
@@ -3518,7 +3623,7 @@ DAV, and others.")
                                   ".tar.gz"))
               (sha256
                (base32
-                "0h9dzaza81b0mx5jfh5cnc31xdynl0jsxgwvl6vqyhy8mnwfi5nr"))))
+                "1500mgpidmnjfkcz1fzqkbqv547iy1cvr8bwf3k9vqgqcjx3844n"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin")         ; for glib-genmarshal, etc.
@@ -3606,7 +3711,7 @@ work and the interface is well tested.")
 (define-public epiphany
   (package
     (name "epiphany")
-    (version "3.22.1")
+    (version "3.22.6")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3614,7 +3719,7 @@ work and the interface is well tested.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "03ncqmb8n06qr88rlwa2rph833gjcwsmxaw2wf1yawadwpnn5cda"))))
+                "1hpwjwiviwh9dgc9cwq0gmr5jy40rvigjcq0cbg2nw2hqiyshzny"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      ;; FIXME: tests run under Xvfb, but fail with:
@@ -3622,7 +3727,8 @@ work and the interface is well tested.")
      ;;   ** (test-ephy-bookmarks:19591): WARNING **: Unable to start Zeroconf
      ;;      subsystem
      ;;   FAIL
-     '(#:tests? #f))
+     '(#:tests? #f
+       #:configure-flags '("CFLAGS=-std=gnu99")))
     (propagated-inputs
      `(("dconf" ,dconf)))
     (native-inputs
@@ -3652,7 +3758,7 @@ principles are simplicity and standards compliance.")
 (define-public d-feet
   (package
     (name "d-feet")
-    (version "0.3.10")
+    (version "0.3.11")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3660,7 +3766,7 @@ principles are simplicity and standards compliance.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0nb31bvwnj7pcpm85g8bvgjc6s5kbqy8g4qp7pzqf8w6rdgxzw48"))))
+                "1hmrijm4d9vwzx2r8qzzsy8ccpj79l1y6cc569n9jjzqcq699p53"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:out-of-source? #f ; tests need to run in the source directory.
@@ -3734,7 +3840,7 @@ to format Docbook and Mallard documents.")
 (define-public yelp
   (package
     (name "yelp")
-    (version "3.20.1")
+    (version "3.22.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3742,7 +3848,7 @@ to format Docbook and Mallard documents.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1hh8yqbv0scn9nksk9mq94cb4sdczlzxplclv2wqr41jmm8v186x"))))
+                "13kpi0qmnfx2xwizyhmf5i5xaw9ckcn1k7v0289p7als4dybf5l6"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin") ; for glib-genmarshal, etc.
@@ -3799,7 +3905,7 @@ wraps things up in a developer-friendly way.")
 (define-public libgee
   (package
     (name "libgee")
-    (version "0.18.0")
+    (version "0.18.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3807,7 +3913,7 @@ wraps things up in a developer-friendly way.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "16a34js81w9m2bw4qd8csm4pcgr3zq5z87867j4b8wfh6zwrxnaa"))))
+                "18ir5264bhdg76kcjn8i5bfs1vz89qqn2py20aavm2cwbaz6ns4r"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -3912,7 +4018,7 @@ share them with others via social networking and more.")
 (define-public file-roller
   (package
     (name "file-roller")
-    (version "3.20.3")
+    (version "3.22.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3920,7 +4026,7 @@ share them with others via social networking and more.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1sa46vjx78d670m6bikpibgz39a5zb6ri8yjmj632lmxqvj2sp3b"))))
+                "1yaxd0lqhajszilblkidqfkaffhzml10l7ib64023y36qgf8q597"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:phases
@@ -3954,7 +4060,7 @@ such as gzip tarballs.")
 (define-public gnome-session
   (package
     (name "gnome-session")
-    (version "3.20.2")
+    (version "3.22.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3962,7 +4068,7 @@ such as gzip tarballs.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1npnjm6wirz2v0liv7n23ivp2w0y1q230qcdb681hhzmp7h9fpq2"))))
+                "1xahljysbpnc1zafm1y2lqnmmqi2jh4fx7h2y48d9ipqnknk26in"))))
     (arguments
      '(#:phases
        (modify-phases %standard-phases
@@ -4033,7 +4139,7 @@ configuration program to choose applications starting on login.")
 (define-public gjs
   (package
     (name "gjs")
-    (version "1.44.0")
+    (version "1.46.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4041,7 +4147,7 @@ configuration program to choose applications starting on login.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "106fgpr4y99sj68l72pnfa2za11ps4bn6p9z28fr79j7mpv61jc8"))
+                "1m2ssa6qsipbp8lz4xbhf0nhadhv0xkdpmz1jcvl9187lwgmk0r2"))
               (modules '((guix build utils)))
               (snippet '(substitute* "test/run-with-dbus"
                           (("/bin/rm") "rm")))))
@@ -4052,6 +4158,10 @@ configuration program to choose applications starting on login.")
          (add-before
           'check 'pre-check
           (lambda _
+            ;; The test suite requires a running X server.
+            (system "Xvfb :1 &")
+            (setenv "DISPLAY" ":1")
+
             ;; For the missing /etc/machine-id.
             (setenv "DBUS_FATAL_WARNINGS" "0")
 
@@ -4086,7 +4196,7 @@ javascript engine and the GObject introspection framework.")
 (define-public gedit
   (package
     (name "gedit")
-    (version "3.20.2")
+    (version "3.22.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4094,7 +4204,7 @@ javascript engine and the GObject introspection framework.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1y330hanqfld3kssf77wfphah2qpfg17pa109spsbm50f5m2g89j"))))
+                "0i9z5d31vibb3dd329gwvyga38zq5k1a2glcdq7m93ycbl5mlfq6"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(#:configure-flags '("--disable-spell") ; XXX: gspell not packaged yet
@@ -4146,7 +4256,7 @@ powerful general purpose text editor.")
 (define-public zenity
   (package
     (name "zenity")
-    (version "3.20.0")
+    (version "3.22.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4154,7 +4264,7 @@ powerful general purpose text editor.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0j2sy6imwp41l75hy3fwr68n35drvanbwgmr42kc04zqjy9pbs02"))))
+                "0rp4l0vgyjhlkpk2imfwf7b05m1qxjrm8n8kp1rv70ykf48gmk8y"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("gettext" ,gettext-minimal)
@@ -4171,42 +4281,91 @@ to display dialog boxes from the commandline and shell scripts.")
     (license license:lgpl2.0+)))
 
 (define-public mutter
+  ;; Uses the gnome 3.22 branch that only contains bug fixes.
+  (let ((commit "23c315ea7121e9bd108e2837d0b4beeba53c5e18"))
   (package
     (name "mutter")
-    (version "3.20.3")
+    (version (git-version "3.22.2" "1" commit))
     (source (origin
-              (method url-fetch)
-              (uri (string-append "mirror://gnome/sources/" name "/"
-                                  (version-major+minor version) "/"
-                                  name "-" version ".tar.xz"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "git://git.gnome.org/mutter")
+                    (commit commit)))
+              (file-name (git-file-name name version))
               (sha256
                (base32
-                "05pr78vgq52bkkqpbfnp9mxw14ij2wk91l2yfa69dpjbvxqm4b0l"))))
+                "1v1f9xyzjr1ihmfwpq9kzlv2lyr9qn63ck8zny699mbp5hsi11mb"))))
+     ;; NOTE: Since version 3.21.x, mutter now bundles and exports forked
+     ;; versions of cogl and clutter.  As a result, many of the inputs,
+     ;; propagated-inputs, and configure flags used in cogl and clutter are
+     ;; needed here as well.
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags
        ;; XXX: build fails with [-Werror]:
        ;;    backends/meta-cursor-renderer.c:112:5: error:
        ;;      implicit declaration of function ?roundf?
-       '("--enable-compile-warnings=minimum")))
+       (list "--enable-compile-warnings=minimum"
+
+             "--disable-wayland"           ; TODO enable wayland
+             ;; "--enable-native-backend"  ; TODO enable the native backend
+
+             ;; The following flags are needed for the bundled clutter
+             "--enable-x11-backend=yes"
+
+             ;; the remaining flags are needed for the bundled cogl
+             "--enable-cogl-gst"
+             (string-append "--with-gl-libname="
+                            (assoc-ref %build-inputs "mesa")
+                            "/lib/libGL.so"))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'autoreconf
+                    (lambda _
+                      (zero? (system* "autoreconf" "-vfi")))))))
     (native-inputs
      `(("glib:bin" ,glib "bin") ; for glib-compile-schemas, etc.
        ("gobject-introspection" ,gobject-introspection)
        ("intltool" ,intltool)
-       ("pkg-config" ,pkg-config)))
+       ("pkg-config" ,pkg-config)
+       ;; For git build
+       ("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("libtool" ,libtool)))
     (propagated-inputs
-     ;; libmutter.pc refers to all these.
-     `(("gsettings-desktop-schemas" ,gsettings-desktop-schemas)
+     `(;; libmutter.pc refers to these:
+       ("gsettings-desktop-schemas" ,gsettings-desktop-schemas)
        ("gtk+" ,gtk+)
-       ("clutter" ,clutter)))
+       ;; mutter-clutter-1.0.pc and mutter-cogl-1.0.pc refer to these:
+       ("atk" ,atk)
+       ("cairo" ,cairo)
+       ("gdk-pixbuf" ,gdk-pixbuf)
+       ("glib" ,glib)
+       ("glib" ,glib)
+       ("gtk+" ,gtk+)
+       ("json-glib" ,json-glib)
+       ("libinput" ,libinput)
+       ("libx11" ,libx11)
+       ("libxcomposite" ,libxcomposite)
+       ("libxdamage" ,libxdamage)
+       ("libxext" ,libxext)
+       ("libxfixes" ,libxfixes)
+       ("libxkbcommon" ,libxkbcommon)
+       ("libxrandr" ,libxrandr)
+       ("mesa" ,mesa)
+       ("pango" ,pango)
+       ("udev" ,eudev)
+       ("wayland" ,wayland)
+       ("wayland-protocols" ,wayland-protocols)
+       ("xinput" ,xinput)))
     (inputs
      `(("gnome-desktop" ,gnome-desktop)
        ("libcanberra-gtk" ,libcanberra)
+       ("libgudev" ,libgudev)
        ("libice" ,libice)
        ("libsm" ,libsm)
-       ("libxkbcommon" ,libxkbcommon)
        ("libxkbfile" ,libxkbfile)
-       ("mesa-headers" ,mesa-headers)
+       ("libxrandr" ,libxrandr)
        ("startup-notification" ,startup-notification)
        ("upower-glib" ,upower)
        ("xkeyboard-config" ,xkeyboard-config)
@@ -4218,12 +4377,12 @@ to display dialog boxes from the commandline and shell scripts.")
 desktop via OpenGL.  Mutter combines a sophisticated display engine using the
 Clutter toolkit with solid window-management logic inherited from the Metacity
 window manager.")
-    (license license:gpl2+)))
+    (license license:gpl2+))))
 
 (define-public gnome-online-accounts
   (package
     (name "gnome-online-accounts")
-    (version "3.20.3")
+    (version "3.22.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4231,7 +4390,7 @@ window manager.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0ip0q539bik3wqwl867rjc63w2d5rjyvbqzwczkard70yd6c0kq9"))))
+                "13wvnfh3hnasdnb6fhjssybj2327qihd32kpdjjb3r1qiyc8dvqb"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin") ; for glib-compile-schemas, etc.
@@ -4261,7 +4420,7 @@ Exchange, Last.fm, IMAP/SMTP, Jabber, SIP and Kerberos.")
 (define-public evolution-data-server
   (package
     (name "evolution-data-server")
-    (version "3.20.5")
+    (version "3.22.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4269,7 +4428,7 @@ Exchange, Last.fm, IMAP/SMTP, Jabber, SIP and Kerberos.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0zmybf63y0d5zn48q3xjgkh2p2c3ka9xvzd6labp96bd6b6qc58d"))))
+                "0kygd46s0is6i451bqykagrfx34wjvrgjbjyyszaabnppp1dyn0c"))))
     (build-system gnu-build-system)
     (arguments
      '(;; XXX: fails with:
@@ -4390,7 +4549,7 @@ users.")
 (define-public network-manager
   (package
     (name "network-manager")
-    (version "1.4.2")
+    (version "1.4.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/NetworkManager/"
@@ -4398,7 +4557,7 @@ users.")
                                   "NetworkManager-" version ".tar.xz"))
               (sha256
                (base32
-                "016jc21mwjxvnfiblp5lji55sr8aq6w8a08fsjmqvnpnvm3y6r58"))
+                "029k2f1arx1m5hppmr778i9yg34jj68nmji3i89qs06c33rpi4w2"))
               (snippet
               '(begin
                  (use-modules (guix build utils))
@@ -4563,7 +4722,7 @@ the available networks and allows users to easily switch between them.")
 (define-public libxml++
   (package
     (name "libxml++")
-    (version "3.0.0")
+    (version "3.0.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4571,7 +4730,7 @@ the available networks and allows users to easily switch between them.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0lkrajbdys5f6w6qwfijih3hnbk4c6809qx2mmxkb7bj2w269wrg"))))
+                "19kik79fmg61nv0by0a5f9wchrcfjwzvih4v2waw01hqflhqvp0r"))))
     (build-system gnu-build-system)
     ;; libxml++-3.0.pc refers to all these.
     (propagated-inputs
@@ -4604,7 +4763,7 @@ libxml2.")
 (define-public gdm
   (package
     (name "gdm")
-    (version "3.20.1")
+    (version "3.22.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4612,7 +4771,7 @@ libxml2.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "17vqcnqnwx7s5xzgn358gsgbmpz7k90sh1qrwrh3wnj5r0pm38hh"))))
+                "17wnsrv91mx14xp96wrc21g2hsjjc38yhbkw55kf7hk3yliychva"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags
@@ -4724,7 +4883,7 @@ devices using the GNOME desktop.")
 (define-public gnome-control-center
   (package
     (name "gnome-control-center")
-    (version "3.20.1")
+    (version "3.22.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4732,7 +4891,7 @@ devices using the GNOME desktop.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1vd1h31vwyq7ss5f1151gx1vdsy35sjmapjmmz7x73ppc3y78r6f"))))
+                "06h9937sjfrzjf36pxqybg4wmkc5xdhbxgdkclnkjxiiqidjjsax"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:phases
@@ -4795,7 +4954,7 @@ properties, screen resolution, and other GNOME parameters.")
 (define-public gnome-shell
   (package
     (name "gnome-shell")
-    (version "3.20.4")
+    (version "3.22.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4803,7 +4962,7 @@ properties, screen resolution, and other GNOME parameters.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0kd9y847pw9v3zl0g52ly7xdcjz0b9v37aqmi19iddfkxjjyn4qc"))))
+                "16smvjfrpyfphv479hjky5261hgl4kli4q86bcb2b8xdcav4w3yq"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:phases
@@ -4877,7 +5036,7 @@ like switching to windows and launching applications.")
 (define-public gtk-vnc
   (package
     (name "gtk-vnc")
-    (version "0.6.0")
+    (version "0.7.0")
     (source
      (origin
        (method url-fetch)
@@ -4886,7 +5045,7 @@ like switching to windows and launching applications.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "0cq42dghjp4bhsxlj9hd2nz5s5rhd53fx7snmq6i6kg60n438ncm"))))
+         "0gj8dpy3sj4dp810gy67spzh5f0jd8aqg69clcwqjcskj1yawbiw"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--with-gtk=3.0")))
@@ -4912,10 +5071,98 @@ GTK-VNC implements client side RFB protocol and authentication extensions such
 as SASL, TLS and VeNCrypt.  Additionally it supports encoding extensions.")
     (license license:lgpl2.1+)))
 
+(define-public gnome-autoar
+  (package
+    (name "gnome-autoar")
+    (version "0.1.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnome/sources/" name "/"
+                                  (version-major+minor version) "/"
+                                  name "-" version ".tar.xz"))
+              (sha256
+               (base32
+                "1jcs6jgysg9n3zi3d1l4iqddzmczfdcvz7vkxn607p32nl8bhp7n"))))
+    (build-system glib-or-gtk-build-system)
+    (native-inputs
+     `(("gnome-common" ,gnome-common)
+       ("gobject-introspection" ,gobject-introspection)
+       ("pkg-config" ,pkg-config)))
+    (propagated-inputs
+     `(("libarchive" ,libarchive)))  ; XXX document why
+    (inputs
+     `(("gtk+" ,gtk+)
+       ("nettle" ,nettle))) ; XXX: required by libarchive.pc
+    (synopsis "Archives integration support for GNOME")
+    (home-page "https://git.gnome.org/browse/gnome-autoar/")
+    (description
+     "GNOME Autoar is a library which makes creating and extracting archives
+easy, safe, and automatic.")
+    (license license:lgpl2.1+)))
+
+(define-public tracker
+  (package
+    (name "tracker")
+    (version "1.10.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnome/sources/" name "/"
+                                  (version-major+minor version) "/"
+                                  name "-" version ".tar.xz"))
+              (sha256
+               (base32
+                "03ch3ndmxghfr9wnw9hfmpkjfa7k5v5cwwf3y1ja6ihk3c5avgbb"))))
+    (build-system glib-or-gtk-build-system)
+    (native-inputs
+     `(("gnome-common" ,gnome-common)
+       ("gobject-introspection" ,gobject-introspection)
+       ("intltool" ,intltool)
+       ("pkg-config" ,pkg-config)
+       ("vala" ,vala)))
+    (inputs
+     `(("gtk+" ,gtk+)
+       ("dbus" ,dbus)
+       ("gstreamer" ,gstreamer)
+       ("gst-plugins-base" ,gst-plugins-base)
+       ("sqlite" ,sqlite)
+       ("nettle" ,nettle)  ; XXX why is this needed?
+       ("poppler" ,poppler)
+       ("libgsf" ,libgsf)
+       ("libexif" ,libexif)
+       ("libpng" ,libpng)
+       ("libtiff" ,libtiff)
+       ("libvorbis" ,libvorbis)
+       ("flac" ,flac)
+       ("totem-pl-parser" ,totem-pl-parser)
+       ("zlib" ,zlib)
+       ("exempi" ,exempi)
+       ("libxml2" ,libxml2)
+       ("upower" ,upower)
+       ("libgee" ,libgee)
+       ("libunistring" ,libunistring)
+       ("giflib" ,giflib)
+       ("openjpeg" ,openjpeg-1)
+       ("libosinfo" ,libosinfo)
+       ("libcue" ,libcue)
+       ("libseccomp" ,libseccomp)
+       ("libuuid" ,util-linux)))
+    (arguments `(#:tests? #f))  ; XXX FIXME enable tests (some fail)
+    (synopsis "Metadata database, indexer and search tool")
+    (home-page "https://wiki.gnome.org/Projects/Tracker")
+    (description
+     "Tracker is an advanced framework for first class objects with associated
+metadata and tags.  It provides a one stop solution for all metadata, tags,
+shared object databases, search tools and indexing.")
+    ;; src/libtracker-*/* and src/tracker-extract/* are covered by lgpl2.1+,
+    ;; src/gvdb/* are covered by lgpl2.0+, and the rest is gpl2+.
+    (license (list license:gpl2+
+                   license:lgpl2.1+
+                   license:lgpl2.0+))))
+
 (define-public nautilus
   (package
     (name "nautilus")
-    (version "3.20.2")
+    (version "3.22.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4923,11 +5170,11 @@ as SASL, TLS and VeNCrypt.  Additionally it supports encoding extensions.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1bnalv0ljdjzqzvh3rfyg7r4z8vdbq1gdard5q68riqdi2dnfvld"))))
+                "1cv5xsah04svxx0b6di7iah9gcwk6na2c6lp442pal9v2ybrw76f"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:configure-flags
-       '("--disable-tracker" "--disable-selinux") ; XXX: not packaged
+       '("--disable-selinux") ; XXX: not packaged
        ;; XXX: FAIL: check-nautilus
        ;;   Settings schema 'org.gnome.nautilus.preferences' is not installed
        #:tests? #f))
@@ -4941,6 +5188,9 @@ as SASL, TLS and VeNCrypt.  Additionally it supports encoding extensions.")
        ("gvfs" ,gvfs)
        ("exempi" ,exempi)
        ("gnome-desktop" ,gnome-desktop)
+       ("gnome-autoar" ,gnome-autoar)
+       ("nettle" ,nettle)    ; XXX required by libarchive.pc via gnome-autoar
+       ("tracker" ,tracker)
        ;; XXX: gtk+ is required by libnautilus-extension.pc
        ;;
        ;; Don't propagate it to reduces "profile pollution" of the 'gnome' meta
@@ -4960,7 +5210,7 @@ files.")
 (define-public baobab
   (package
     (name "baobab")
-    (version "3.20.1")
+    (version "3.22.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -4969,7 +5219,7 @@ files.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "07wx4jb3nmipd4caybv21hl8h0gb282qc5a24b731mxhfqmg3pz9"))))
+                "1zwpzj6hbvcyw1ymqzn3zw8w4h29ad7411crbkbh71c8jwbwpssv"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("intltool" ,intltool)
@@ -4992,7 +5242,7 @@ is complete it provides a graphical representation of each selected folder.")
 (define-public gnome-backgrounds
   (package
     (name "gnome-backgrounds")
-    (version "3.20")
+    (version "3.22.1")
     (source
      (origin
        (method url-fetch)
@@ -5001,7 +5251,7 @@ is complete it provides a graphical representation of each selected folder.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "09viag7q53lfwrp074a1w7j0r8izlwpi10xbwjgbf5jwbqb6wv6n"))))
+         "09gfdrm1kaz2knyghhjb0ka1kklgbcbnqgy4c90bg0v3n899ij5z"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("intltool" ,intltool)))
@@ -5020,7 +5270,7 @@ can add your own files to the collection.")
 (define-public gnome-screenshot
   (package
     (name "gnome-screenshot")
-    (version "3.20.1")
+    (version "3.22.0")
     (source
      (origin
        (method url-fetch)
@@ -5029,7 +5279,7 @@ can add your own files to the collection.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "0hz1ywgb5vbfqr0p0cr20hmz5b11msyi3psanszdnv0lhxl9pa06"))))
+         "0c02n1hgv21m4082jx399b1yazsc0cr07ba8k0pv8v3w7i5z21ca"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin") ; for glib-compile-schemas, etc.
@@ -5051,7 +5301,7 @@ beautifying border effects.")
 (define-public dconf-editor
   (package
     (name "dconf-editor")
-    (version "3.20.3")
+    (version "3.22.1")
     (source
      (origin
        (method url-fetch)
@@ -5060,7 +5310,7 @@ beautifying border effects.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "0yf553bd9l030shhs0jkl5gvkzkfxbxxm56xv0l0nmbplaci8wm8"))))
+         "09n1ljryjgkmxwly542zb2dh9j7h76chc0br2bbhrhkwvjjmc3ha"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:phases
@@ -5219,7 +5469,7 @@ Microsoft SkyDrive and Hotmail, using their REST protocols.")
 (define-public gnome-calendar
   (package
     (name "gnome-calendar")
-    (version "3.20.2")
+    (version "3.22.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -5227,7 +5477,7 @@ Microsoft SkyDrive and Hotmail, using their REST protocols.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1vny8fclwglapdyxd2g9fbwdlk5hhnb993k2hvq3rf0hcgswycpi"))))
+                "03wivk7hbyqrqcrd7jg0m2xj6q13248la2184qkf7zncnj72g5ih"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("intltool" ,intltool)
@@ -5236,7 +5486,8 @@ Microsoft SkyDrive and Hotmail, using their REST protocols.")
      `(("bdb" ,bdb)
        ("desktop-file-utils" ,desktop-file-utils)
        ("evolution-data-server" ,evolution-data-server)
-       ("gnome-online-accounts" ,gnome-online-accounts)))
+       ("gnome-online-accounts" ,gnome-online-accounts)
+       ("gsettings-desktop-schemas" ,gsettings-desktop-schemas)))
     (home-page "https://wiki.gnome.org/Apps/Calendar")
     (synopsis "GNOME's calendar application")
     (description
@@ -5277,7 +5528,7 @@ existing databases over the internet.")
 (define-public gnome-tweak-tool
   (package
     (name "gnome-tweak-tool")
-    (version "3.20.1")
+    (version "3.22.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/gnome-tweak-tool/"
@@ -5287,7 +5538,7 @@ existing databases over the internet.")
                         (search-patch "gnome-tweak-tool-search-paths.patch")))
               (sha256
                (base32
-                "1fj6wjvnjygzm9br3sw9gya6d18yly1rm69yaiar9spfbkvv4wai"))))
+                "1frs16p2284mdw65g1ldmf9cz5sn3rg16wz58gjrw5pn2cgf2six"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(#:configure-flags '("--localstatedir=/tmp"
@@ -5328,7 +5579,7 @@ GNOME Shell appearance and extension, etc.")
 (define-public gnome-shell-extensions
   (package
     (name "gnome-shell-extensions")
-    (version "3.20.1")
+    (version "3.22.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -5336,7 +5587,7 @@ GNOME Shell appearance and extension, etc.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "18rr55krnqx1nzrzlj6kfzh4n67f3crakmwh28rr95y7cg0jwhxw"))))
+                "11wa4f9arr89a4y8nsvla5j58dzwlawjb2q1lz0jn5i9kv324z6z"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--enable-extensions=all")))
@@ -5523,7 +5774,7 @@ GLib/GObject code.")
 (define-public libgnomekbd
   (package
     (name "libgnomekbd")
-    (version "3.6.0")
+    (version "3.22.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -5531,7 +5782,7 @@ GLib/GObject code.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "02bahnl3vaqyqyr99r9kwka84sxj8qdrz7x0bf97192dysqaa7n4"))))
+                "1pvpbljvxc0riamraiflnm05dpb6i4vlmqqgdh74xggbpzd302rl"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
@@ -5714,7 +5965,7 @@ Bluefish supports many programming and markup languages.")
 (define-public gnome-system-monitor
   (package
     (name "gnome-system-monitor")
-    (version "3.20.1")
+    (version "3.22.2")
     (source
      (origin
        (method url-fetch)
@@ -5723,7 +5974,7 @@ Bluefish supports many programming and markup languages.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "1ya41b58syf8g5pc12gw1xm6jhdx3crap803bjwm086r7x2an8wv"))))
+         "10n9bl2q9xxnd6mfi4scfw5x0xyyzvnblz26q9gl8vks2nbv19b8"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin") ; for glib-mkenums.
diff --git a/gnu/packages/gnucash.scm b/gnu/packages/gnucash.scm
index 83096d66e0..e7828b7bbb 100644
--- a/gnu/packages/gnucash.scm
+++ b/gnu/packages/gnucash.scm
@@ -42,7 +42,7 @@
 (define-public gnucash
   (package
     (name "gnucash")
-    (version "2.6.14")
+    (version "2.6.15")
     (source
      (origin
       (method url-fetch)
@@ -50,7 +50,7 @@
                           version "/gnucash-" version ".tar.bz2"))
       (sha256
        (base32
-        "0xcf2nl3v6zsablmla20v283x3r0jdpixcbp37mzap82lln4y51v"))
+        "1bnvnv1sxv85bgpfklykbhymjl4sbfqc1z9as5ym97s3cf1fn68n"))
       (patches (search-patches "gnucash-price-quotes-perl.patch"))))
     (build-system gnu-build-system)
     (inputs
diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 27e1ffb4e0..a4514a7f41 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -5,7 +5,7 @@
 ;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2016 ng0 <ng0@libertad.pw>
+;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -44,7 +44,9 @@
   #:use-module (gnu packages libunistring)
   #:use-module (gnu packages maths)
   #:use-module (gnu packages multiprecision)
+  #:use-module (gnu packages music)
   #:use-module (gnu packages ncurses)
+  #:use-module (gnu packages package-management)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pulseaudio)
@@ -87,13 +89,11 @@
    ;; The following dependencies are all optional, but should be
    ;; available for maximum coverage:
    ;; * libmagic (file)
-   ;; * libmp4v2        ; package it
-   ;; * librpm          ; package it
-   ;; * libsmf          ; package it
-   ;; * libtidy         ; package it
+   ;; * librpm (rpm)    ; investigate failure
    ;; * libgif (giflib) ; investigate failure
    (inputs
     `(("exiv2" ,exiv2)
+      ("bzip2" ,bzip2)
       ("flac" ,flac)
       ("ffmpeg" ,ffmpeg)
       ("file" ,file)                           ;libmagic, for the MIME plug-in
@@ -106,17 +106,39 @@
       ("libjpeg" ,libjpeg)
       ("libltdl" ,libltdl)
       ("libmpeg2" ,libmpeg2)
+      ("libmp4v2" ,libmp4v2)
+      ("libsmf" ,libsmf)
+      ("tidy-html" ,tidy-html)
       ("libogg" ,libogg)
       ("libtiff" ,libtiff)
       ("libvorbis" ,libvorbis)
       ("zlib" ,zlib)))
    (native-inputs
     `(("pkg-config" ,pkg-config)))
+   (outputs '("out"
+              "static")) ; 396 KiB .a files
    (arguments
     `(#:configure-flags
       (list (string-append "--with-ltdl="
-                           (assoc-ref %build-inputs "libltdl")))
-      #:parallel-tests? #f))
+                           (assoc-ref %build-inputs "libltdl"))
+            (string-append "--with-tidy="
+                           (assoc-ref %build-inputs "tidy-html")))
+      #:parallel-tests? #f
+      #:phases
+      (modify-phases %standard-phases
+        (add-after 'install 'move-static-libraries
+          (lambda* (#:key outputs #:allow-other-keys)
+            ;; Move static libraries to the "static" output.
+            (let* ((out    (assoc-ref outputs "out"))
+                   (lib    (string-append out "/lib"))
+                   (static (assoc-ref outputs "static"))
+                   (slib   (string-append static "/lib")))
+              (mkdir-p slib)
+              (for-each (lambda (file)
+                          (install-file file slib)
+                          (delete-file file))
+                        (find-files lib "\\.a$"))
+              #t))))))
    (synopsis "Library to extract meta-data from media files")
    (description
     "GNU libextractor is a library for extracting metadata from files.  It
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index dc801a6a4f..befd29961c 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -217,18 +217,14 @@ compatible to GNU Pth.")
 (define-public gnupg
   (package
     (name "gnupg")
-    (version "2.1.17")
+    (version "2.1.18")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
                                   ".tar.bz2"))
               (sha256
                (base32
-                "1js308b46ifx1gim0c9nivr5yxhans7iq1yvkf7zl2928gdm9p65"))
-              (patches
-               ;; This fixes a test failure on 32bit. Remove for next version.
-               ;; https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00869.html
-               (search-patches "gnupg-test-segfault-on-32bit-arch.patch"))))
+                "157rrv3ly9j2k0acz43nhiba5hfl6h7048jvj55wwqjmgsmnyk6h"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -310,7 +306,7 @@ libskba (working with X.509 certificates and CMS data).")
         (add-before 'configure 'patch-config-files
           (lambda _
             (substitute* "tests/openpgp/Makefile.in"
-              (("/bin/sh") (which "bash")))
+              (("/bin/sh") (which "sh")))
             #t))
         (add-after 'install 'rename-v2-commands
           (lambda* (#:key outputs #:allow-other-keys)
@@ -349,7 +345,7 @@ libskba (working with X.509 certificates and CMS data).")
          (add-after 'unpack 'patch-check-sh
            (lambda _
              (substitute* "checks/Makefile.in"
-               (("/bin/sh") (which "bash"))))))))))
+               (("/bin/sh") (which "sh"))))))))))
 
 (define-public gpgme
   (package
@@ -500,43 +496,36 @@ and signature functionality from Python programs.")
   (package-with-python2 python-gnupg))
 
 (define-public pius
-  ;; pius 2.2.2 does not work with gpg-agent 2.1, so we take a newer
-  ;; commit.  When a new pius (> 2.2.2) is released, update this package
-  ;; and delete this message.
-  ;; More info: https://github.com/jaymzh/pius/issues/46
-  (let ((commit "891687ccb3d232a1fc0e7da7d22572c0318644cb")
-        (base-version "2.2.2"))     ; i.e. there were no releases
-                                    ; between BASE-VERSION and COMMIT
-    (package
-     (name "pius")
-     (version (string-append base-version "-0."
-                             (string-take commit 7)))
-     (source (origin
-              (method git-fetch)
-              (uri (git-reference
-                    (url "https://github.com/jaymzh/pius.git")
-                    (commit commit)))
-              (sha256
-               (base32
-                "0m2na4bnf1rv0zpf404l9ga6pwyf7ijldp4lw5irgh7gkmpllxr3"))))
-     (build-system python-build-system)
-     (inputs `(("perl" ,perl)                ;for 'pius-party-worksheet'
-               ("gpg" ,gnupg)))
-     (arguments
-      `(#:tests? #f
-        #:python ,python-2                     ;uses the Python 2 'print' syntax
-        #:phases
-        (modify-phases %standard-phases
-          (add-before
-           'build 'set-gpg-file-name
-           (lambda* (#:key inputs outputs #:allow-other-keys)
-             (let* ((gpg (string-append (assoc-ref inputs "gpg")
-                                        "/bin/gpg")))
-               (substitute* "libpius/constants.py"
-                 (("/usr/bin/gpg2") gpg))))))))
-     (synopsis "Programs to simplify GnuPG key signing")
-     (description
-      "Pius (PGP Individual UID Signer) helps attendees of PGP keysigning
+  (package
+   (name "pius")
+   (version "2.2.3")
+   (source (origin
+            (method url-fetch)
+            (uri (string-append
+                  "https://github.com/jaymzh/pius/releases/download/v"
+                  version "/pius-" version ".tar.bz2"))
+            (sha256
+             (base32
+              "0iy0gnms6lv9hpvk29313kc495a2f7pq2mg6ljxhy233vxsmjsk6"))))
+   (build-system python-build-system)
+   (inputs `(("perl" ,perl)                ;for 'pius-party-worksheet'
+             ("gpg" ,gnupg)))
+   (arguments
+    `(#:tests? #f
+      #:python ,python-2                     ;uses the Python 2 'print' syntax
+      #:phases
+      (modify-phases %standard-phases
+        (add-before
+         'build 'set-gpg-file-name
+         (lambda* (#:key inputs outputs #:allow-other-keys)
+           (let* ((gpg (string-append (assoc-ref inputs "gpg")
+                                      "/bin/gpg")))
+             (substitute* "libpius/constants.py"
+               (("/usr/bin/gpg2") gpg))
+             #t))))))
+   (synopsis "Programs to simplify GnuPG key signing")
+   (description
+    "Pius (PGP Individual UID Signer) helps attendees of PGP keysigning
 parties.  It is the main utility and makes it possible to quickly and easily
 sign each UID on a set of PGP keys.  It is designed to take the pain out of
 the sign-all-the-keys part of PGP Keysigning Party while adding security
@@ -544,8 +533,8 @@ to the process.
 
 pius-keyring-mgr and pius-party-worksheet help organisers of
 PGP keysigning parties.")
-     (license license:gpl2)
-     (home-page "https://www.phildev.net/pius/index.shtml"))))
+   (license license:gpl2)
+   (home-page "https://www.phildev.net/pius/index.shtml")))
 
 (define-public signing-party
   (package
@@ -573,7 +562,7 @@ PGP keysigning parties.")
               (substitute* "keyanalyze/Makefile"
                 (("./configure") (string-append "./configure --prefix=" out)))
               (substitute* "keyanalyze/pgpring/configure"
-                (("/bin/sh") (which "bash")))
+                (("/bin/sh") (which "sh")))
               (substitute* "gpgwrap/Makefile"
                 (("\\} clean")
                  (string-append "} clean\ninstall:\n\tinstall -D bin/gpgwrap "
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index e92d78c88a..9279c46b5d 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
@@ -36,7 +36,7 @@
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages libcanberra)
   #:use-module (gnu packages cups)
-  #:use-module (gnu packages mit-krb5)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
@@ -342,19 +342,38 @@ standards.")
         (mozilla-patch "icecat-CVE-2016-9893-pt7.patch"  "9b78ab1e6d07" "19ib6bp96xk000ll40b8qxvizkncyzclz2rsb9w5fa42qs9978ff")
         (mozilla-patch "icecat-CVE-2016-9893-pt8.patch"  "78ebf9c9dfb0" "1shgr4rk6r2zxr1qqk1j3qnnqzqxnbi093qhlrfh8q5q1ivqf6k1")
         (mozilla-patch "icecat-CVE-2016-9893-pt9.patch"  "a46a9f16823c" "0dwkyz3kcqnfcbhbfh2lss7s0yh87rgzb871qxx3x4ynyqph9mnz")
-        (mozilla-patch "icecat-bug-1311687.patch"        "6bc7cc7a33a6" "1wggcqv84n8mp7xps7hy4rwy61fkh45imfqzc0b46s3w5hyhypn2")
+        (mozilla-patch "icecat-CVE-2017-5376.patch"      "6bc7cc7a33a6" "1wggcqv84n8mp7xps7hy4rwy61fkh45imfqzc0b46s3w5hyhypn2")
         (mozilla-patch "icecat-CVE-2016-9893-pt10.patch" "778f65148b40" "0j2a153sk0654vv2lnxjib4lwml3mlqn6vs46c2pp82iba8nyfrm")
         (mozilla-patch "icecat-CVE-2016-9895.patch"      "94bd2b43c766" "10h0qpr6m9cqyqxxnkbb6mzb3cagavzlynkxgd7a4izyq1bv28rk")
         (mozilla-patch "icecat-CVE-2016-9893-pt11.patch" "893de7431d51" "11gyik8mwipl6ipypkvdq519pw7ccbg0g0bnvxb7271n44cqqcq5")
-        (mozilla-patch "icecat-bug-1323338.patch"        "b21dee058b2c" "005khpimffqzas7slajid4dd2c15nyk7rjk6fsps87bgnx0gx0s4")
+        (mozilla-patch "icecat-CVE-2017-5383-pt1.patch"  "b21dee058b2c" "005khpimffqzas7slajid4dd2c15nyk7rjk6fsps87bgnx0gx0s4")
         (mozilla-patch "icecat-bug-1258410-pt1.patch"    "cd23c5d74be8" "1myzkpzg6pmjacjz8az06m9kz84in1mwsiaw5sgx47pm02598wm5")
         (mozilla-patch "icecat-bug-1258410-pt2.patch"    "b83594617d15" "171cqflc9jh47az96im1whwhyq4ayicspqsczsmn2x5ll9lqw5fq")
-        (mozilla-patch "icecat-bug-1322107.patch"        "d6c6f5e4e641" "10x9f46ylm2q3i669hj1csd6agdm8w7xa0iln691z8ayg2hcrxdz")
-        (mozilla-patch "icecat-bug-1285833.patch"        "122f5fbfc563" "05pp2f4pg4j8a8pdgjhfrc8g2chhkhsarn9n8sbyag0fy3ig1cvd")
-        (mozilla-patch "icecat-bug-1297361.patch"        "297c675ddadc" "1jc1b5i69vq1fvz3qfnnv52c9cj17bjbmfyzmqlw5ywna0wfvabz")
-        (mozilla-patch "icecat-bug-1325877.patch"        "3cff736e3bb6" "1nxqwnl9zksvkfkmis7zica4xrhwfndjyy2sxc1dvrh9rshk1swq")
-        (mozilla-patch "icecat-bug-1285960.patch"        "2732280adabc" "0zrpq3aybaw2yy38vs6883a4nw01x4kxn3lfqn9yhcgjvngmmyia")
-        (mozilla-patch "icecat-bug-1325938.patch"        "81c9fdbd96e8" "0scv1zyi4vbsjdsyj4w70n5jd50baq0dzw3qpxqf1n69nfb9k214")))
+        (mozilla-patch "icecat-CVE-2017-5380.patch"      "d6c6f5e4e641" "10x9f46ylm2q3i669hj1csd6agdm8w7xa0iln691z8ayg2hcrxdz")
+        (mozilla-patch "icecat-CVE-2017-5373-pt1.patch"  "122f5fbfc563" "05pp2f4pg4j8a8pdgjhfrc8g2chhkhsarn9n8sbyag0fy3ig1cvd")
+        (mozilla-patch "icecat-CVE-2017-5390.patch"      "297c675ddadc" "1jc1b5i69vq1fvz3qfnnv52c9cj17bjbmfyzmqlw5ywna0wfvabz")
+        (mozilla-patch "icecat-CVE-2017-5373-pt2.patch"  "3cff736e3bb6" "1nxqwnl9zksvkfkmis7zica4xrhwfndjyy2sxc1dvrh9rshk1swq")
+        (mozilla-patch "icecat-CVE-2017-5373-pt3.patch"  "2732280adabc" "0zrpq3aybaw2yy38vs6883a4nw01x4kxn3lfqn9yhcgjvngmmyia")
+        (mozilla-patch "icecat-CVE-2017-5373-pt4.patch"  "81c9fdbd96e8" "0scv1zyi4vbsjdsyj4w70n5jd50baq0dzw3qpxqf1n69nfb9k214")
+        (mozilla-patch "icecat-CVE-2017-5373-pt5.patch"  "a386ca6a3013" "1m1scz2pxzmg9wya8is5dcr3mgvkx3g1xlykgigmw2mqs5zcdg9s")
+        (mozilla-patch "icecat-CVE-2017-5373-pt6.patch"  "0521b0e4707c" "1mv057p4hcvapibpbd9apryag19aiqdzafc6df2angl97m4mcbjx")
+        (mozilla-patch "icecat-bug-1290037.patch"        "bf0dd9ae6807" "02iw5ngsvvij95arnn69a744d6si27g1x41ixg16l51dbn900b3r")
+        (mozilla-patch "icecat-bug-1322666.patch"        "576f03e362c5" "0m88xs0jwhzx2lg12cvimxjknp7rpsvvhxxblhiqqjwnqip0pyc0")
+        (mozilla-patch "icecat-bug-1304266.patch"        "4d82e7314a72" "1rrrw4rw0xv7c2myiypcqh1fk47rk3fvic79zh6m04bl3knclr1r")
+        (mozilla-patch "icecat-CVE-2017-5373-pt7.patch"  "0617dd4b444d" "1ipags2cl2p521pm0qx110h5di2mgif6h1r3g8l9b0rc5m9b1y2j")
+        (mozilla-patch "icecat-CVE-2017-5375.patch"      "ead08c2a6c57" "1nnnwdr7411xpz6n9j869g6sz447cq6xsmds9cw6d24iprcinp5m")
+        (mozilla-patch "icecat-CVE-2017-5378-pt1.patch"  "c5e67d41bdd0" "05kwn5zv381lsiw9vbzm8fh6s1lddx47l8f4pwg487h9dj7vbdfq")
+        (mozilla-patch "icecat-CVE-2017-5373-pt8.patch"  "2ce94f2ea797" "1yrnjqpafjns68z99s1m6jins3agid7c1z3v9qgk5xzfcddl31pn")
+        (mozilla-patch "icecat-CVE-2017-5373-pt9.patch"  "e4ac8a66d3db" "1ggbh6nk005plm7kvp7qznbnlpidqkipxc5hlaqbjc3m0z9mypzl")
+        (mozilla-patch "icecat-CVE-2017-5386.patch"      "8c171b75a0c6" "1cplkgwkhqvb62q7s8cya2drjdswnlicv5d9a60fxvnp6m7a3z02")
+        (mozilla-patch "icecat-CVE-2017-5383-pt2.patch"  "79a31d8153bf" "0dzwk2hc741c0jr8xya4y8q59lk8mcgnvfdrdk0vzq1gby16b9zi")
+        (mozilla-patch "icecat-CVE-2017-5378-pt2.patch"  "747085a1cd93" "0rpc8hl0jka4akdjnlwya4x9v4pqa1r5vc4pkmxsgvqpp2vkq4m2")
+        (mozilla-patch "icecat-bug-1331606.patch"        "f0329536734b" "1br5shyfwp009y623wgjq60vhcp5k5zpzkgy4r3s5yrm5xyfcprf")
+        (mozilla-patch "icecat-bug-1328642.patch"        "237c1ca6e035" "0808g5j17var6wv6ivj08i43fwkga9abmmgmz5w3hb8mhajkjw58")
+        (mozilla-patch "icecat-CVE-2017-5396.patch"      "910ad552cbf5" "1qss3gc6n4myzwvwanc09xvyiq3hwhixn2xvpbk9xkfz2apdlfa6")
+        (mozilla-patch "icecat-bug-1312827.patch"        "5c894801eb1e" "03xyjwx9rfx5w7q6wq9if83fcfgrlvvbyxpsawzxxgybnizyy7g8")
+        (mozilla-patch "icecat-bug-1191841.patch"        "83ee87b301bd" "1kd9z4py372a2f1jg7jwvwri43vipf0k7lcvsg7b0cqr5p70zwcg")
+        (mozilla-patch "icecat-bug-1234317.patch"        "eb6f18dbfe8d" "1dh3263fvg3dxav09g6fn41ax4q1jmwp5fk6pl6shn16mrfha1qq")))
       (modules '((guix build utils)))
       (snippet
        '(begin
@@ -422,7 +441,7 @@ standards.")
        ("libgnome" ,libgnome)
        ("libjpeg-turbo" ,libjpeg-turbo)
        ("libxft" ,libxft)
-       ("libevent" ,libevent)
+       ("libevent" ,libevent-2.0)
        ("libxinerama" ,libxinerama)
        ("libxscrnsaver" ,libxscrnsaver)
        ("libxcomposite" ,libxcomposite)
diff --git a/gnu/packages/grub.scm b/gnu/packages/grub.scm
deleted file mode 100644
index 3658f221ce..0000000000
--- a/gnu/packages/grub.scm
+++ /dev/null
@@ -1,161 +0,0 @@
-;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
-;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
-;;;
-;;; This file is part of GNU Guix.
-;;;
-;;; GNU Guix is free software; you can redistribute it and/or modify it
-;;; under the terms of the GNU General Public License as published by
-;;; the Free Software Foundation; either version 3 of the License, or (at
-;;; your option) any later version.
-;;;
-;;; GNU Guix is distributed in the hope that it will be useful, but
-;;; WITHOUT ANY WARRANTY; without even the implied warranty of
-;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-;;; GNU General Public License for more details.
-;;;
-;;; You should have received a copy of the GNU General Public License
-;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
-
-(define-module (gnu packages grub)
-  #:use-module (guix download)
-  #:use-module (guix packages)
-  #:use-module (guix utils)
-  #:use-module ((guix licenses) #:select (gpl3+))
-  #:use-module (guix build-system gnu)
-  #:use-module (gnu packages)
-  #:use-module (gnu packages flex)
-  #:use-module (gnu packages disk)
-  #:use-module (gnu packages bison)
-  #:use-module (gnu packages gettext)
-  #:use-module (gnu packages fontutils)
-  #:use-module (gnu packages linux)
-  #:use-module (gnu packages qemu)
-  #:use-module (gnu packages man)
-  #:use-module (gnu packages texinfo)
-  #:use-module (gnu packages ncurses)
-  #:use-module (gnu packages cdrom))
-
-(define unifont
-  ;; GNU Unifont, <http://gnu.org/s/unifont>.
-  ;; GRUB needs it for its graphical terminal, gfxterm.
-  (origin
-    (method url-fetch)
-    (uri
-     "http://unifoundry.com/pub/unifont-7.0.06/font-builds/unifont-7.0.06.bdf.gz")
-    (sha256
-     (base32
-      "0p2vhnc18cnbmb39vq4m7hzv4mhnm2l0a2s7gx3ar277fwng3hys"))))
-
-(define-public grub
-  (package
-    (name "grub")
-    (version "2.02beta3")
-    (source (origin
-             (method url-fetch)
-             (uri (string-append
-                   "ftp://alpha.gnu.org/gnu/grub/grub-"
-                   "2.02~beta3"
-                   ".tar.xz"))
-             (file-name (string-append name "-" version ".tar.xz"))
-             (sha256
-              (base32
-               "18ddwnw0vxs7zigvah0g6a5z5vvlz0p8fjglxv1h59sjbrakvv1h"))))
-    (build-system gnu-build-system)
-    (arguments
-     '(;; Two warnings: suggest braces, signed/unsigned comparison.
-       #:configure-flags '("--disable-werror")
-
-       #:phases (modify-phases %standard-phases
-                  (add-after 'unpack 'patch-stuff
-                   (lambda* (#:key inputs #:allow-other-keys)
-                     (substitute* "grub-core/Makefile.in"
-                       (("/bin/sh") (which "sh")))
-
-                     ;; Give the absolute file name of 'mdadm', used to
-                     ;; determine the root file system when it's a RAID
-                     ;; device.  Failing to do that, 'grub-probe' silently
-                     ;; fails if 'mdadm' is not in $PATH.
-                     (substitute* "grub-core/osdep/linux/getroot.c"
-                       (("argv\\[0\\] = \"mdadm\"")
-                        (string-append "argv[0] = \""
-                                       (assoc-ref inputs "mdadm")
-                                       "/sbin/mdadm\"")))
-
-                     ;; Make the font visible.
-                     (copy-file (assoc-ref inputs "unifont") "unifont.bdf.gz")
-                     (system* "gunzip" "unifont.bdf.gz")
-
-                     ;; We hit an assertion failure in
-                     ;; grub-core/tests/video_checksum.c, as reported at
-                     ;; <https://lists.gnu.org/archive/html/grub-devel/2016-07/msg00026.html>.
-                     ;; Disable this test for now.
-                     (substitute* "tests/grub_func_test.in"
-                       (("set -e") "exit 77\nset -e"))
-                     #t)))))
-    (inputs
-     `(("gettext" ,gettext-minimal)
-
-       ;; Depend on LVM2 for libdevmapper, used by 'grub-probe' and
-       ;; 'grub-install' to recognize mapped devices (LUKS, etc.)
-       ("lvm2" ,lvm2)
-
-       ;; Depend on mdadm, which is invoked by 'grub-probe' and 'grub-install'
-       ;; to determine whether the root file system is RAID.
-       ("mdadm" ,mdadm)
-
-       ("freetype" ,freetype)
-       ;; ("libusb" ,libusb)
-       ;; ("fuse" ,fuse)
-       ("ncurses" ,ncurses)))
-    (native-inputs
-     `(("unifont" ,unifont)
-       ("bison" ,bison)
-       ("flex" ,flex)
-       ("texinfo" ,texinfo)
-       ("help2man" ,help2man)
-
-       ;; Dependencies for the test suite.  The "real" QEMU is needed here,
-       ;; because several targets are used.
-       ("parted" ,parted)
-       ("qemu" ,qemu-minimal)
-       ("xorriso" ,xorriso)))
-    (home-page "https://www.gnu.org/software/grub/")
-    (synopsis "GRand Unified Boot loader")
-    (description
-     "GRUB is a multiboot bootloader.  It is used for initially loading the
-kernel of an operating system and then transferring control to it.  The kernel
-then goes on to load the rest of the operating system.  As a multiboot
-bootloader, GRUB handles the presence of multiple operating systems installed
-on the same computer; upon booting the computer, the user is presented with a
-menu to select one of the installed operating systems.")
-    (license gpl3+)
-    (properties '((cpe-name . "grub2")))))
-
-(define-public grub-efi
-  (package
-    (inherit grub)
-    (name "grub-efi")
-    (synopsis "GRand Unified Boot loader (UEFI version)")
-    (inputs
-     `(("efibootmgr" ,efibootmgr)
-       ,@(package-inputs grub)))
-    (arguments
-     `(;; TODO: Tests need a UEFI firmware for qemu. There is one at
-       ;; https://github.com/tianocore/edk2/tree/master/OvmfPkg .
-       ;; Search for 'OVMF' in "tests/util/grub-shell.in".
-       #:tests? #f
-       ,@(substitute-keyword-arguments (package-arguments grub)
-           ((#:configure-flags flags) `(cons* "--with-platform=efi"
-                                              ,flags))
-           ((#:phases phases)
-            `(modify-phases ,phases
-               (add-after 'patch-stuff 'use-absolute-efibootmgr-path
-                 (lambda* (#:key inputs #:allow-other-keys)
-                   (substitute* "grub-core/osdep/unix/platform.c"
-                     (("efibootmgr")
-                      (string-append (assoc-ref inputs "efibootmgr")
-                                     "/sbin/efibootmgr")))
-                   #t)))))))))
diff --git a/gnu/packages/gsasl.scm b/gnu/packages/gsasl.scm
index ce39aed655..4c8f818f91 100644
--- a/gnu/packages/gsasl.scm
+++ b/gnu/packages/gsasl.scm
@@ -21,7 +21,7 @@
   #:use-module (gnu packages compression)
   #:use-module (gnu packages libidn)
   #:use-module (gnu packages nettle)
-  #:use-module (gnu packages shishi)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages tls)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
diff --git a/gnu/packages/gstreamer.scm b/gnu/packages/gstreamer.scm
index 54f1529de4..e3e009300f 100644
--- a/gnu/packages/gstreamer.scm
+++ b/gnu/packages/gstreamer.scm
@@ -98,7 +98,7 @@ arrays of data.")
 (define-public gstreamer
   (package
     (name "gstreamer")
-    (version "1.10.2")
+    (version "1.10.3")
     (source
      (origin
       (method url-fetch)
@@ -107,7 +107,7 @@ arrays of data.")
             version ".tar.xz"))
       (sha256
        (base32
-        "0rcd4ya4k99x6ngm9v78as7ql0rqibkwshc13lb4rjdszs0qw3hm"))))
+        "0gdnxg5igbhnpjhrzp31w1ww95j805byqd6mj3x29wli54dxrfc5"))))
     (build-system gnu-build-system)
     (outputs '("out" "doc"))
     (arguments
@@ -146,7 +146,7 @@ This package provides the core library and elements.")
 (define-public gst-plugins-base
   (package
     (name "gst-plugins-base")
-    (version "1.10.2")
+    (version "1.10.3")
     (source
      (origin
       (method url-fetch)
@@ -154,7 +154,9 @@ This package provides the core library and elements.")
                           name "-" version ".tar.xz"))
       (sha256
        (base32
-        "086yjwmp4fykcqkj6zqhwrk2z49981kl8x545vz2wvblrc7x9h7v"))))
+        "040pifl4cgsqqz2si4s1y5khj3zwm39w21siagxwp805swbrcag6"))
+      (patches
+       (search-patches "gst-plugins-base-fix-test-on-32bit.patch"))))
     (build-system gnu-build-system)
     (outputs '("out" "doc"))
     (propagated-inputs
@@ -201,7 +203,7 @@ for the GStreamer multimedia library.")
 (define-public gst-plugins-good
   (package
     (name "gst-plugins-good")
-    (version "1.10.2")
+    (version "1.10.3")
     (source
      (origin
       (method url-fetch)
@@ -210,7 +212,7 @@ for the GStreamer multimedia library.")
             name "-" version ".tar.xz"))
       (sha256
        (base32
-        "04rksbhjj2yz32g523cfabwqn2s3byd94dpbxghxr0p9ridk53qr"))))
+        "0mar8ss8bvpz699ql4kgndvna8qsv7kj372py4435ffl6hzfj1sf"))))
     (build-system gnu-build-system)
     (inputs
      `(("aalib" ,aalib)
@@ -266,14 +268,14 @@ developers consider to have good quality code and correct functionality.")
 (define-public gst-plugins-bad
   (package
     (name "gst-plugins-bad")
-    (version "1.10.2")
+    (version "1.10.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://gstreamer.freedesktop.org/src/"
                                   name "/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0fisnnfpp3s8pbm6hjrfi4wjpq2da8c6w3ns9pjcg7590f9wm587"))))
+                "1rwla1p57yzygb68z2xk5l5kvqzj5w3nxq0davkwk139zd8r6294"))))
     (outputs '("out" "doc"))
     (build-system gnu-build-system)
     (arguments
@@ -343,7 +345,7 @@ par compared to the rest.")
 (define-public gst-plugins-ugly
   (package
     (name "gst-plugins-ugly")
-    (version "1.10.2")
+    (version "1.10.3")
     (source
      (origin
        (method url-fetch)
@@ -351,7 +353,7 @@ par compared to the rest.")
                            name "/" name "-" version ".tar.xz"))
        (sha256
         (base32
-         "17gc2zd3v6spmm2d6912sqfcyyv5f2ghdhq31f5kx5mw5r6ds0zk"))))
+         "1lkb8kznc9wxmhbp7k67b50y27nz8jp2x2flb91xzydz7b89f5f9"))))
     (build-system gnu-build-system)
     (inputs
      `(("gst-plugins-base" ,gst-plugins-base)
@@ -382,7 +384,7 @@ distribution problems in some jurisdictions, e.g. due to patent threats.")
 (define-public gst-libav
   (package
     (name "gst-libav")
-    (version "1.10.2")
+    (version "1.10.3")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -390,7 +392,7 @@ distribution problems in some jurisdictions, e.g. due to patent threats.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0g778j7w4vpbhwjzyrzpajvr26nxm6vqby84v8g1w1hz44v71pd3"))))
+                "1aajayv63ardkbmcg7pnh2d87r067325a5wzinwihaw6n5jw2sws"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--with-system-libav")
@@ -420,7 +422,7 @@ compression formats through the use of the libav library.")
 (define-public python-gst
   (package
     (name "python-gst")
-    (version "1.10.2")
+    (version "1.10.3")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -428,7 +430,7 @@ compression formats through the use of the libav library.")
                     "gst-python-" version ".tar.xz"))
               (sha256
                (base32
-                "1sljnqkxf2ix6yzghrapw5irl0rbp8aa8w2hggk7i6d9js10ls71"))))
+                "1s5437bnk0j5hfg2gwfwq4b68l6vj1lfskxh73v6ikp0vw32vymx"))))
     (build-system gnu-build-system)
     (arguments
      ;; XXX: Factorize python-sitedir with python-build-system.
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index b2882b5e98..0a291370e7 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -70,7 +70,7 @@
 (define-public atk
   (package
    (name "atk")
-   (version "2.20.0")
+   (version "2.22.0")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/" name "/"
@@ -78,7 +78,7 @@
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "1w1q29yfxcq67j7fyqrfm0l0n1vy4zn539c0sf4ga9d0qkv50fj9"))))
+              "1dj47ndvspa7lghw1jvjhv3v08q5f9ab5rb395mcgjbl975gajfk"))))
    (build-system gnu-build-system)
    (outputs '("out" "doc"))
    (arguments
@@ -168,7 +168,7 @@ affine transformation (scale, rotation, shear, etc.).")
 (define-public harfbuzz
   (package
    (name "harfbuzz")
-   (version "1.3.4")
+   (version "1.4.1")
    (source (origin
              (method url-fetch)
              (uri (string-append "https://www.freedesktop.org/software/"
@@ -176,7 +176,7 @@ affine transformation (scale, rotation, shear, etc.).")
                                  version ".tar.bz2"))
              (sha256
               (base32
-               "0ava7y24797k5ps3ghq2ccjjds97ri1gx32v6546a6pgmpyad2ki"))))
+               "1g8mndf0p0fzjfvxrprga84zvqq186gbddnw6wbna7cscfmpz8l5"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "bin")) ; 160K, only hb-view depend on cairo
@@ -206,7 +206,7 @@ affine transformation (scale, rotation, shear, etc.).")
 (define-public pango
   (package
    (name "pango")
-   (version "1.40.1")
+   (version "1.40.3")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/pango/"
@@ -214,7 +214,7 @@ affine transformation (scale, rotation, shear, etc.).")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "0h0sbh0b5kh3lvrxrb82bs86rqakf33a9jakpv33lay7f90zayp2"))))
+              "1lqi4yncw5q0v7g5makzxyp18g5cksqyld8m1wx0qli8wxf8pfmb"))))
    (build-system gnu-build-system)
    (propagated-inputs
     `(("cairo" ,cairo)
@@ -331,18 +331,17 @@ diagrams.")
                (base32
                 "07hrabhpl6n8ajz10s0d960jdwndxs87szxyn428mpxi8cvpg1f5"))))
     (build-system gnu-build-system)
-    (inputs
-     `(("gtk" ,gtk+-2)
-       ;; These two are needed only to allow the tests to run successfully.
-       ("xorg-server" ,xorg-server)
-       ("shared-mime-info" ,shared-mime-info)))
     (native-inputs
      `(("intltool" ,intltool)
        ("glib" ,glib "bin")             ; for glib-genmarshal, etc.
-       ("pkg-config" ,pkg-config)))
+       ("pkg-config" ,pkg-config)
+       ;; For testing.
+       ("xorg-server" ,xorg-server)
+       ("shared-mime-info" ,shared-mime-info)))
     (propagated-inputs
      ;; As per the pkg-config file.
-     `(("libxml2" ,libxml2)))
+     `(("gtk" ,gtk+-2)
+       ("libxml2" ,libxml2)))
     (arguments
      `(#:phases
        ;; Unfortunately, some of the tests in "make check" are highly dependent
@@ -377,7 +376,7 @@ printing and other features typical of a source code editor.")
 (define-public gtksourceview
  (package
    (name "gtksourceview")
-   (version "3.20.4")
+   (version "3.22.2")
    (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnome/sources/" name "/"
@@ -385,7 +384,7 @@ printing and other features typical of a source code editor.")
                                  name "-" version ".tar.xz"))
              (sha256
               (base32
-               "009xag7df07ngav2wzs0rdrrx4s2m6ahx93pxzc2p1pkbz4nl3ks"))))
+               "0pmgff3p9q1z500aiqfn5l4mmij4yfi4qhq8fxscqc89vlql5s3c"))))
    (build-system gnu-build-system)
    (arguments
     '(#:phases
@@ -425,8 +424,7 @@ highlighting and other features typical of a source code editor.")
 (define-public gdk-pixbuf
   (package
    (name "gdk-pixbuf")
-   (version "2.34.0")
-   (replacement gdk-pixbuf/fixed)
+   (version "2.36.3")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/" name "/"
@@ -434,7 +432,7 @@ highlighting and other features typical of a source code editor.")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "0yc8indbl3hf18z6x6kjg59xp9sngm1d8vmz4c7bs6g27qw5npnm"))))
+              "1v1rssjd8p5s3lymsfhiq5mbs2pc0h1r6jd0asrwdbrign7i68sj"))))
    (build-system gnu-build-system)
    (arguments
     '(#:configure-flags '("--with-x11")
@@ -475,35 +473,11 @@ in the GNOME project.")
    (license license:lgpl2.0+)
    (home-page "https://developer.gnome.org/gdk-pixbuf/")))
 
-(define gdk-pixbuf/fixed
-  (package (inherit gdk-pixbuf)
-    (name "gdk-pixbuf")
-    (version "2.36.3")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "mirror://gnome/sources/" name "/"
-                                  (version-major+minor version)  "/"
-                                  name "-" version ".tar.xz"))
-              (sha256
-               (base32
-                "1v1rssjd8p5s3lymsfhiq5mbs2pc0h1r6jd0asrwdbrign7i68sj"))))
-    (replacement #f)))
-
-(define-syntax-rule (package/inherit p overrides ...)
-  "Like (package (inherit P) OVERRIDES ...), except that the same
-transformation is done to the package replacement, if any.  P must be a bare
-identifier, and will be bound to either P or its replacement when evaluating
-OVERRIDES."
-  (let loop ((p p))
-    (package (inherit p)
-      overrides ...
-      (replacement (and=> (package-replacement p) loop)))))
-
 ;; To build gdk-pixbuf with SVG support, we need librsvg, and librsvg depends
 ;; on gdk-pixbuf, so this new varibale.  Also, librsvg adds 90MiB to the
 ;; closure size.
 (define-public gdk-pixbuf+svg
-  (package/inherit gdk-pixbuf
+  (package (inherit gdk-pixbuf)
     (name "gdk-pixbuf+svg")
     (inputs
      `(("librsvg" ,librsvg)
@@ -531,7 +505,7 @@ OVERRIDES."
 (define-public at-spi2-core
   (package
    (name "at-spi2-core")
-   (version "2.20.2")
+   (version "2.22.0")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/" name "/"
@@ -539,7 +513,7 @@ OVERRIDES."
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "0hx12snd9as4cq99ka3bn056xdf13f87pd1ilp6177qk8ffxx948"))))
+              "02n8ybhg8344mpjwvkhnzvr0qbvvl6ryi2q9irwhi0ri46ps6pj1"))))
    (build-system gnu-build-system)
    (outputs '("out" "doc"))
    (arguments
@@ -576,7 +550,7 @@ is part of the GNOME accessibility project.")
 (define-public at-spi2-atk
   (package
    (name "at-spi2-atk")
-   (version "2.20.1")
+   (version "2.22.0")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/" name "/"
@@ -584,7 +558,7 @@ is part of the GNOME accessibility project.")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "13mzfwra0izmkzn7dsdgy5zj19n8izp0wdy7w1yg9s0qx6aafn13"))))
+              "1h8k271ad78smm41c9bmw5dc4gki0wfy324cn2g25svkp2zfvgg8"))))
    (build-system gnu-build-system)
    (arguments
     '(#:phases
@@ -674,7 +648,9 @@ application suites.")
 (define-public gtk+
   (package (inherit gtk+-2)
    (name "gtk+")
-   (version "3.20.9")
+   ;; NOTE: When updating the version of 'gtk+', the hash of 'mate-themes' in
+   ;;       mate.scm will also need to be updated.
+   (version "3.22.6")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/" name "/"
@@ -682,7 +658,7 @@ application suites.")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "05xcwvy68p7f4hdhi4bgdm3aycvqqr4pr5kkkr8ba91l5yx0k9l3"))
+              "0bqpx8825b1fdjmz14wq20zq58gq1yi1p5xjps8l6zqid8hmm9zb"))
             (patches (search-patches "gtk3-respect-GUIX_GTK3_PATH.patch"
                                      "gtk3-respect-GUIX_GTK3_IM_MODULE_FILE.patch"))))
    (outputs '("out" "bin" "doc"))
@@ -1031,7 +1007,7 @@ toolkit.")
 (define-public gtkmm
   (package
     (name "gtkmm")
-    (version "3.20.1")
+    (version "3.22.0")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnome/sources/" name "/"
@@ -1039,7 +1015,7 @@ toolkit.")
                                  name "-" version ".tar.xz"))
              (sha256
               (base32
-               "04n631a127pyidaz82ypdy9syq1hzj636r32y9hyr9kcfnwf2785"))))
+               "1x8l0ny6r3ym53z82q9d5fan4m9vi93xy3b3hj1hrclgc95lvnh5"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)
                      ("glib" ,glib "bin")        ;for 'glib-compile-resources'
@@ -1077,7 +1053,7 @@ extensive documentation, including API reference and a tutorial.")
 (define-public gtkmm-2
   (package (inherit gtkmm)
     (name "gtkmm")
-    (version "2.24.4")
+    (version "2.24.5")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnome/sources/" name "/"
@@ -1085,7 +1061,7 @@ extensive documentation, including API reference and a tutorial.")
                                  name "-" version ".tar.xz"))
              (sha256
               (base32
-               "1vpmjqv0aqb1ds0xi6nigxnhlr0c74090xzi15b92amlzkrjyfj4"))))
+               "0wkbzvsx4kgw16f6xjdc1dz7f77ldngdila4yi5lw2zrgcxsb006"))))
     (arguments
      '(#:configure-flags '("CPPFLAGS=-std=c++11"))) ; required by libsigc++
     (native-inputs `(("pkg-config" ,pkg-config)))
@@ -1221,7 +1197,7 @@ write GNOME applications.")
 (define-public girara
   (package
     (name "girara")
-    (version "0.2.6")
+    (version "0.2.7")
     (source (origin
               (method url-fetch)
               (uri
@@ -1229,7 +1205,7 @@ write GNOME applications.")
                               version ".tar.gz"))
               (sha256
                (base32
-                "03wsxj27hvcbs3x96nah7j3paclifwlfag8kdph4kldl48srp9pb"))))
+                "1r9jbhf9n40zj4ddqv1q5spijpjm683nxg4hr5lnir4a551s7rlq"))))
     (native-inputs `(("pkg-config" ,pkg-config)
                      ("gettext" ,gettext-minimal)))
     (inputs `(("gtk+" ,gtk+)
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index 7ce6683681..52b92453f7 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -27,7 +27,7 @@
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
 (define-module (gnu packages guile)
-  #:use-module (guix licenses)
+  #:use-module ((guix licenses) #:prefix license:)
   #:use-module (gnu packages)
   #:use-module (gnu packages aspell)
   #:use-module (gnu packages bash)
@@ -55,6 +55,7 @@
   #:use-module (gnu packages sdl)
   #:use-module (gnu packages maths)
   #:use-module (gnu packages image)
+  #:use-module (gnu packages version-control)
   #:use-module (gnu packages xdisorg)
   #:use-module (gnu packages xorg)
   #:use-module (guix packages)
@@ -129,7 +130,7 @@ the Scheme language which can be easily embedded in other applications to
 provide a convenient means of extending the functionality of the application
 without requiring the source code to be rewritten.")
    (home-page "http://www.gnu.org/software/guile/")
-   (license lgpl2.0+)))
+   (license license:lgpl2.0+)))
 
 (define-public guile-2.0
   (package
@@ -205,7 +206,7 @@ the Scheme language which can be easily embedded in other applications to
 provide a convenient means of extending the functionality of the application
 without requiring the source code to be rewritten.")
    (home-page "http://www.gnu.org/software/guile/")
-   (license lgpl3+)))
+   (license license:lgpl3+)))
 
 (define-public guile-2.0/fixed
   ;; A package of Guile 2.0 that's rarely changed.  It is the one used
@@ -375,7 +376,7 @@ provides several tools for web development: database access, templating
 frameworks, session management, URL-remapping for RESTful, page caching, and
 more.")
     (home-page "https://www.gnu.org/software/artanis/")
-    (license (list gpl3+ lgpl3+))))     ;dual license
+    (license (list license:gpl3+ license:lgpl3+)))) ;dual license
 
 (define-public guile-reader
   (package
@@ -410,7 +411,7 @@ Guile-Reader’s approach is similar to Common Lisp’s “read table”, but
 hopefully more powerful and flexible (for instance, one may instantiate as
 many readers as needed).")
     (home-page "http://www.nongnu.org/guile-reader/")
-    (license gpl3+)))
+    (license license:gpl3+)))
 
 (define-public guile-ncurses
   (package
@@ -451,7 +452,7 @@ many readers as needed).")
     (description
      "guile-ncurses provides Guile language bindings for the ncurses
 library.")
-    (license lgpl3+)))
+    (license license:lgpl3+)))
 
 (define-public mcron
   (package
@@ -475,7 +476,7 @@ library.")
 tasks on a schedule, such as every hour or every Monday.  Mcron is written in
 Guile, so its configuration can be written in Scheme; the original cron
 format is also supported.")
-    (license gpl3+)))
+    (license license:gpl3+)))
 
 (define-public mcron2
   ;; This is mthl's mcron development branch, not yet merged in mcron.
@@ -564,7 +565,7 @@ format is also supported.")
 pure Scheme.  The library can be used to read and write iCalendar data.
 
 The library is shipped with documentation in Info format and usage examples.")
-    (license gpl3+)))
+    (license license:gpl3+)))
 
 (define-public guile-lib
   (package
@@ -608,19 +609,19 @@ for Guile\".")
     ;; The whole is under GPLv3+, but some modules are under laxer
     ;; distribution terms such as LGPL and public domain.  See `COPYING' for
     ;; details.
-    (license gpl3+)))
+    (license license:gpl3+)))
 
 (define-public guile-json
   (package
     (name "guile-json")
-    (version "0.5.0")
+    (version "0.6.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://savannah/guile-json/guile-json-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0l8a34l92nrdszy7ykycfvr8y0n0yi5qb3ccliycvpvf9mzk5n8d"))
+                "1qmjg7lbgciw95fkdzvlp9f68vv17kdjky42ywfzd4ffzwww0lgc"))
               (modules '((guix build utils)))
               (snippet
                ;; Make sure everything goes under .../site/X.Y, like Guile's
@@ -637,13 +638,16 @@ for Guile\".")
     (home-page "http://savannah.nongnu.org/projects/guile-json/")
     (synopsis "JSON module for Guile")
     (description
-     "Guile-json supports parsing and building JSON documents according to the
-http:://json.org specification.  These are the main features:
-- Strictly complies to http://json.org specification.
-- Build JSON documents programmatically via macros.
-- Unicode support for strings.
-- Allows JSON pretty printing.")
-    (license lgpl3+)))
+     "Guile-JSON supports parsing and building JSON documents according to the
+specification.  These are the main features:
+
+@itemize
+@item Strictly complies to @uref{http://json.org, specification}.
+@item Build JSON documents programmatically via macros.
+@item Unicode support for strings.
+@item Allows JSON pretty printing.
+@end itemize\n")
+    (license license:lgpl3+)))
 
 (define-public guile2.2-json
   (package-for-guile-2.2 guile-json))
@@ -729,7 +733,7 @@ This is Ian Price's r6rs packaged version of miniKanren, which deviates
 slightly from miniKanren mainline.
 
 See http://minikanren.org/ for more on miniKanren generally.")
-    (license expat)))
+    (license license:expat)))
 
 (define-public guile2.2-minikanren
   (package-for-guile-2.2 guile-minikanren))
@@ -814,7 +818,7 @@ See http://minikanren.org/ for more on miniKanren generally.")
      "Irregex is an s-expression based alternative to your classic
 string-based regular expressions.  It implements SRFI 115 and is deeply
 inspired by the SCSH regular expression system.")
-    (license bsd-3)))
+    (license license:bsd-3)))
 
 (define-public guile2.2-irregex
   (package-for-guile-2.2 guile-irregex))
@@ -882,7 +886,10 @@ inspired by the SCSH regular expression system.")
     (description
      "Guile bindings to the GDBM key-value storage system, using
 Guile's foreign function interface.")
-    (license gpl3+)))
+    (license license:gpl3+)))
+
+(define-public guile2.2-gdbm-ffi
+  (package-for-guile-2.2 guile-gdbm-ffi))
 
 (define-public guile-sqlite3
   (let ((commit "607721fe1174a299e45d457acacf94eefb964071"))
@@ -890,8 +897,10 @@ Guile's foreign function interface.")
       (name "guile-sqlite3")
       (version (string-append "0.0-0." (string-take commit 7)))
 
-      ;; XXX: Gitorious being dead, this is not a reliable home page.
-      (home-page "https://www.gitorious.org/guile-sqlite3/guile-sqlite3.git/")
+      ;; XXX: This used to be available read-only at
+      ;; <https://www.gitorious.org/guile-sqlite3/guile-sqlite3.git/> but it
+      ;; eventually disappeared, so we have our own copy here.
+      (home-page "https://notabug.org/civodul/guile-sqlite3.git")
       (source (origin
                 (method git-fetch)
                 (uri (git-reference
@@ -931,19 +940,19 @@ Guile's foreign function interface.")
       (synopsis "Access SQLite databases from Guile")
       (description
        "This package provides Guile bindings to the SQLite database system.")
-      (license gpl3+))))
+      (license license:gpl3+))))
 
 (define-public haunt
   (package
     (name "haunt")
-    (version "0.2")
+    (version "0.2.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://files.dthompson.us/haunt/haunt-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1id83n8fs7jxys1d8jy70vylg8gzcvlw1y7hb41y3qxv5zi4671m"))))
+                "1fpaf1vm6s7j13fs35barjh5yajcc2rc3pi8r7278wpgp4i2vs3w"))))
     (build-system gnu-build-system)
     (arguments
      `(#:modules ((ice-9 match) (ice-9 ftw)
@@ -973,13 +982,14 @@ Guile's foreign function interface.")
     (inputs
      `(("guile" ,guile-2.0)))
     (propagated-inputs
-     `(("guile-reader" ,guile-reader)))
+     `(("guile-reader" ,guile-reader)
+       ("guile-commonmark" ,guile-commonmark)))
     (synopsis "Functional static site generator")
     (description "Haunt is a static site generator written in Guile
 Scheme.  Haunt features a functional build system and an extensible
 interface for reading articles in any format.")
     (home-page "http://haunt.dthompson.us")
-    (license gpl3+)))
+    (license license:gpl3+)))
 
 (define-public guile-config
   (package
@@ -1006,7 +1016,7 @@ parameter parsing using getopt-long; basic GNU command-line parameter
 generation (--help, --usage, --version); automatic output generation for the
 above command-line parameters.")
     (home-page "https://github.com/a-sassmannshausen/guile-config")
-    (license agpl3+)))
+    (license license:agpl3+)))
 
 (define-public guile-redis
   (package
@@ -1039,7 +1049,7 @@ above command-line parameters.")
     (synopsis "Redis client library for Guile")
     (description "Guile-redis provides a Scheme interface to the Redis
 key-value cache and store.")
-    (license lgpl3+)))
+    (license license:lgpl3+)))
 
 (define-public guile2.2-redis
   (package-for-guile-2.2 guile-redis))
@@ -1118,7 +1128,7 @@ key-value cache and store.")
     (description "Wisp is a syntax for Guile which provides a Python-like
 whitespace-significant language.  It may be easier on the eyes for some
 users and in some situations.")
-    (license gpl3+)))
+    (license license:gpl3+)))
 
 (define-public guile-sly
   (package
@@ -1153,7 +1163,7 @@ users and in some situations.")
 features a functional reactive programming interface and live coding
 capabilities.")
     (home-page "http://dthompson.us/pages/software/sly.html")
-    (license gpl3+)))
+    (license license:gpl3+)))
 
 (define-public g-wrap
   (package
@@ -1191,7 +1201,7 @@ wrappers for C functions.  Given a definition of the types and prototypes for
 a given C interface, G-Wrap will automatically generate the C code that
 provides access to that interface and its types from the Scheme level.")
     (home-page "http://www.nongnu.org/g-wrap/index.html")
-    (license lgpl2.1+)))
+    (license license:lgpl2.1+)))
 
 (define-public guile-dbi
   (package
@@ -1229,7 +1239,7 @@ provides access to that interface and its types from the Scheme level.")
 SQL databases.  Database programming with guile-dbi is generic in that the same
 programming interface is presented regardless of which database system is used.
 It currently supports MySQL, Postgres and SQLite3.")
-    (license gpl2+)))
+    (license license:gpl2+)))
 
 (define-public guile-dbd-sqlite3
   (package
@@ -1256,7 +1266,7 @@ It currently supports MySQL, Postgres and SQLite3.")
     (description
      "guile-dbi is a library for Guile that provides a convenient interface to
 SQL databases.  This package implements the interface for SQLite.")
-    (license gpl2+)))
+    (license license:gpl2+)))
 
 (define-public guile-xosd
   (package
@@ -1285,7 +1295,7 @@ SQL databases.  This package implements the interface for SQLite.")
      "Guile-XOSD provides Guile bindings for @code{libxosd},
 @uref{http://sourceforge.net/projects/libxosd/, the X On Screen Display
 library}.")
-    (license gpl3+)))
+    (license license:gpl3+)))
 
 (define-public guile-daemon
   (package
@@ -1310,7 +1320,7 @@ library}.")
      "Guile-Daemon is a small Guile program that loads your initial
 configuration file, and then reads and evaluates Guile expressions that
 you send to a FIFO file.")
-    (license gpl3+)))
+    (license license:gpl3+)))
 
 (define-public guile-commonmark
   (package
@@ -1346,7 +1356,7 @@ to transform a CommonMark document to SXML.  guile-commonmark tries to closely
 follow the @uref{http://commonmark.org/, CommonMark spec}, the main difference
 is no support for parsing block and inline level HTML.")
     (home-page "https://github.com/OrangeShark/guile-commonmark")
-    (license lgpl3+)))
+    (license license:lgpl3+)))
 
 (define-public guile2.2-commonmark
   (package-for-guile-2.2 guile-commonmark))
@@ -1429,7 +1439,7 @@ of the C programming language, to be used on bytevectors.  C's type
 system works on raw memory, and Guile works on bytevectors which are
 an abstraction over raw memory.  It's also more powerful than the C
 type system, elevating types to first-class status.")
-    (license gpl3+)))
+    (license license:gpl3+)))
 
 (define-public guile-aspell
   (package
@@ -1465,7 +1475,7 @@ type system, elevating types to first-class status.")
     (description
      "guile-aspell is a Guile Scheme library for comparing a string against a
 dictionary and suggesting spelling corrections.")
-    (license gpl3+)))
+    (license license:gpl3+)))
 
 (define-public guile-bash
   ;; This project is currently retired.  It was initially announced here:
@@ -1535,7 +1545,7 @@ enable -f ~/.guix-profile/lib/bash/libguile-bash.so scm
 @end example
 
 and then run @command{scm example.scm}.")
-      (license gpl3+))))
+      (license license:gpl3+))))
 
 (define-public guile-8sync
   (package
@@ -1568,6 +1578,44 @@ and then run @command{scm example.scm}.")
 library for GNU Guile based on the actor model.
 
 Note that 8sync is only available for Guile 2.2 (guile-next in Guix).")
-    (license lgpl3+)))
+    (license license:lgpl3+)))
+
+(define-public guile-git
+  (let ((revision "0")
+        (commit "969514aa7224217bc3c1a4c5312a9469ac5f13d5"))
+    (package
+      (name "guile-git")
+      (version (string-append "0.0-" revision "." (string-take commit 7)))
+      (home-page "https://gitlab.com/amirouche/guile-git")
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference (url home-page) (commit commit)))
+                (sha256
+                 (base32
+                  "079l8y6pjkmahb4k6dfqh3hk34pg540rrl29aixyvv86w9bdfjil"))
+                (file-name (git-file-name name version))))
+      (build-system gnu-build-system)
+      (arguments
+       '(#:phases (modify-phases %standard-phases
+                    (add-after 'unpack 'bootstrap
+                      (lambda _
+                        (zero? (system* "autoreconf" "-vfi")))))
+
+         ;; Test suite is not parallel-safe: the tests open same-named repos.
+         #:parallel-tests? #f))
+      (native-inputs
+       `(("autoconf" ,autoconf)
+         ("automake" ,automake)
+         ("pkg-config" ,pkg-config)))
+      (inputs
+       `(("guile" ,guile-2.0)
+         ("libgit2" ,libgit2)))
+      (propagated-inputs
+       `(("guile-bytestructures" ,guile-bytestructures)))
+      (synopsis "Guile bindings for libgit2")
+      (description
+       "This package provides Guile bindings to libgit2, a library to
+manipulate repositories of the Git version control system.")
+      (license license:gpl3+))))
 
 ;;; guile.scm ends here
diff --git a/gnu/packages/haskell.scm b/gnu/packages/haskell.scm
index b26234d405..d0f659f6e3 100644
--- a/gnu/packages/haskell.scm
+++ b/gnu/packages/haskell.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016, 2017 David Craven <david@craven.ch>
 ;;; Copyright © 2017 Danny Milosavljevic <dannym@scratchpost.org>
 ;;;
@@ -26,13 +26,13 @@
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
 (define-module (gnu packages haskell)
+  #:use-module (gnu packages)
   #:use-module (gnu packages bootstrap)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages elf)
   #:use-module (gnu packages gcc)
   #:use-module (gnu packages ghostscript)
   #:use-module (gnu packages gl)
-  #:use-module (gnu packages libedit)
   #:use-module (gnu packages libffi)
   #:use-module (gnu packages lua)
   #:use-module (gnu packages maths)
@@ -106,7 +106,6 @@
      `(("gmp" ,gmp)
        ("ncurses" ,ncurses)
        ("libffi" ,libffi)
-       ("libedit" ,libedit)
        ("ghc-testsuite"
         ,(origin
            (method url-fetch)
@@ -267,14 +266,17 @@ interactive environment for the functional language Haskell.")
 (define-public ghc-8
   (package
     (name "ghc")
-    (version "8.0.1")
+    (version "8.0.2")
     (source
      (origin
       (method url-fetch)
       (uri (string-append "https://www.haskell.org/ghc/dist/"
                           version "/" name "-" version "-src.tar.xz"))
       (sha256
-       (base32 "1lniqy29djhjkddnailpaqhlqh4ld2mqvb1fxgxw1qqjhz6j1ywh"))))
+       (base32 "1c8qc4fhkycynk4g1f9hvk53dj6a1vvqi6bklqznns6hw59m8qhi"))
+      (patches
+       (search-patches
+        "ghc-dont-pass-linker-flags-via-response-files.patch"))))
     (build-system gnu-build-system)
     (supported-systems '("i686-linux" "x86_64-linux"))
     (outputs '("out" "doc"))
@@ -282,7 +284,6 @@ interactive environment for the functional language Haskell.")
      `(("gmp" ,gmp)
        ("ncurses" ,ncurses)
        ("libffi" ,libffi)
-       ("libedit" ,libedit)
        ("ghc-testsuite"
         ,(origin
            (method url-fetch)
@@ -290,7 +291,7 @@ interactive environment for the functional language Haskell.")
                  "https://www.haskell.org/ghc/dist/"
                  version "/" name "-" version "-testsuite.tar.xz"))
            (sha256
-            (base32 "0lc1vjivkxn01aw3jg2gd7fmqb5pj7a5j987c7pn5r7caqv1cmxw"))))))
+            (base32 "1wjc3x68l305bl1h1ijd3yhqp2vqj83lkp3kqbr94qmmkqlms8sj"))))))
     (native-inputs
      `(("perl" ,perl)
        ("python" ,python-2)                ; for tests
@@ -312,13 +313,6 @@ interactive environment for the functional language Haskell.")
        ;; then complains that they don't match.
        #:build #f
 
-       #:modules ((guix build gnu-build-system)
-                  (guix build utils)
-                  (guix build rpath)
-                  (srfi srfi-26)
-                  (srfi srfi-1))
-       #:imported-modules (,@%gnu-build-system-modules
-                           (guix build rpath))
        #:configure-flags
        (list
         (string-append "--with-gmp-libraries="
@@ -366,19 +360,7 @@ interactive environment for the functional language Haskell.")
                        "testsuite/tests/programs/life_space_leak/life.test")
                (("/bin/sh") (which "sh"))
                (("/bin/rm") "rm"))
-             #t))
-         ;; the testsuite can't find shared libraries.
-         (add-before 'check 'configure-testsuite
-           (lambda* (#:key inputs #:allow-other-keys)
-             (let* ((gmp (assoc-ref inputs "gmp"))
-                    (gmp-lib (string-append gmp "/lib"))
-                    (ffi (assoc-ref inputs "libffi"))
-                    (ffi-lib (string-append ffi "/lib"))
-                    (ncurses (assoc-ref inputs "ncurses"))
-                    (ncurses-lib (string-append ncurses "/lib")))
-               (setenv "LD_LIBRARY_PATH"
-                       (string-append gmp-lib ":" ffi-lib ":" ncurses-lib))
-               #t))))))
+             #t)))))
     (native-search-paths (list (search-path-specification
                                 (variable "GHC_PACKAGE_PATH")
                                 (files (list
@@ -1607,6 +1589,25 @@ UTF8 without truncation.")
 environment variables.")
     (license license:expat)))
 
+(define-public ghc-setlocale
+  (package
+    (name "ghc-setlocale")
+    (version "1.0.0.4")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://hackage.haskell.org/package/setlocale-"
+                    version "/setlocale-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1sd73zgpijr9xjdj5p562cmlcxmx5iff5k8xh9b6rpcgrgnnlf9j"))))
+    (build-system haskell-build-system)
+    (home-page "https://hackage.haskell.org/package/setlocale")
+    (synopsis "Haskell bindings to setlocale")
+    (description "This package provides Haskell bindings to the
+@code{setlocale} C function.")
+    (license license:bsd-3)))
+
 (define-public ghc-x11
   (package
     (name "ghc-x11")
@@ -2976,7 +2977,7 @@ writing to stdout and other handles.")
 (define-public ghc-quickcheck-instances
   (package
     (name "ghc-quickcheck-instances")
-    (version "0.3.11")
+    (version "0.3.12")
     (source
      (origin
        (method url-fetch)
@@ -2986,13 +2987,15 @@ writing to stdout and other handles.")
              version ".tar.gz"))
        (sha256
         (base32
-         "041s6963czs1pz0fc9cx17lgd6p83czqy2nxji7bhxqxwl2j15h2"))))
+         "1wwvkzpams7i0j7nk5qj8vvhj8x5zcbgbgrpczszgvshva4bkmfx"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-old-time" ,ghc-old-time)
        ("ghc-unordered-containers" ,ghc-unordered-containers)
        ("ghc-hashable" ,ghc-hashable)
        ("ghc-quickcheck" ,ghc-quickcheck)
+       ("ghc-scientific" ,ghc-scientific)
+       ("ghc-vector" ,ghc-vector)
        ("ghc-text" ,ghc-text)))
     (home-page
      "https://github.com/aslatter/qc-instances")
@@ -8162,4 +8165,33 @@ Rust syntax.  It is intended to be useful for two different purposes:
 files in Haskell.")
     (license license:bsd-3)))
 
+(define-public ghc-hslogger
+  (package
+    (name "ghc-hslogger")
+    (version "1.2.10")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "hslogger-" version "/" "hslogger-"
+                           version ".tar.gz"))
+       (sha256 (base32
+                "0as5gvlh6pi2gflakp695qnlizyyp059dqrhvjl4gjxalja6xjnp"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-mtl" ,ghc-mtl)
+       ("ghc-network" ,ghc-network)
+       ("ghc-directory", ghc-directory)
+       ("ghc-old-locale" ,ghc-old-locale)
+       ("ghc-process" ,ghc-process)))
+    (native-inputs
+     `(("ghc-hunit" ,ghc-hunit)))
+    (home-page "http://software.complete.org/hslogger")
+    (synopsis "Logging framework for Haskell, similar to Python's logging module")
+    (description "Hslogger lets each log message have a priority and source be
+associated with it.  The programmer can then define global handlers that route
+or filter messages based on the priority and source.  It also has a syslog
+handler built in.")
+    (license license:bsd-3)))
+
 ;;; haskell.scm ends here
diff --git a/gnu/packages/image-viewers.scm b/gnu/packages/image-viewers.scm
index bc56041f84..05d39ba877 100644
--- a/gnu/packages/image-viewers.scm
+++ b/gnu/packages/image-viewers.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Alex Griffin <a@ajgrf.com>
+;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -25,6 +26,7 @@
   #:use-module (guix download)
   #:use-module (guix packages)
   #:use-module (guix build-system gnu)
+  #:use-module (guix build-system cmake)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages base)
   #:use-module (gnu packages curl)
@@ -33,6 +35,7 @@
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages image)
+  #:use-module (gnu packages imagemagick)
   #:use-module (gnu packages photo)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages xorg))
@@ -205,3 +208,59 @@ your images.  Among its features are:
 @item Configurable mouse actions
 @end enumerate\n")
     (license license:gpl3+)))
+
+(define-public catimg
+  (package
+    (name "catimg")
+    (version "2.2.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/posva/catimg/archive"
+                           "/v" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "14g90zwh2d3s13hgyxypx2vc0rj1g58l6zcxhgc84wsyxfxd6xpb"))))
+    (build-system cmake-build-system)
+    (arguments
+     `(#:tests? #f                      ; No check target
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let* ((magic (assoc-ref %build-inputs "imagemagick"))
+                    (convert (string-append magic "/bin/convert")))
+               (substitute* "catimg"
+                 ;; By replacing "convert", we also replace the "convert"
+                 ;; in the message 'The version of convert is too old, don't
+                 ;; expect good results :('. This should not happen, but in
+                 ;; practice this error message should not affect us.
+                 (("convert") convert))
+               #t)))
+         (replace 'build
+           (lambda _
+             (zero? (system* "cmake" "-D"
+                             (string-append "CMAKE_INSTALL_PREFIX="
+                                            (assoc-ref %outputs "out"))
+                             "."))
+             (zero? (system* "make"))))
+         (add-before 'install 'install-script
+           (lambda* (#:key outputs #:allow-other-keys)
+             ;; The bashscript lacks an file extension, we have to rename
+             ;; it so that the C program and the bash script can be happy
+             ;; side by side.
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin")))
+               (install-file "catimg" bin)
+               (rename-file (string-append bin "/catimg")
+                            (string-append bin "/catimg.sh"))
+               #t))))))
+    (inputs
+     `(("imagemagick" ,imagemagick))) ; For the bash script version
+    (home-page "https://github.com/posva/catimg")
+    (synopsis "Render images in the terminal")
+    (description
+     "Catimg is a little program that prints images in the terminal.
+It supports JPEG, PNG and GIF formats.")
+    (license license:expat)))
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index a9bbf192cc..54b7dd6e22 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -312,7 +312,8 @@ collection of tools for doing simple manipulations of TIFF images.")
                                  "libtiff-CVE-2016-10093.patch"
                                  "libtiff-divide-by-zero-tiffcp.patch"
                                  "libtiff-assertion-failure.patch"
-                                 "libtiff-CVE-2016-10094.patch"))))))
+                                 "libtiff-CVE-2016-10094.patch"
+                                 "libtiff-CVE-2017-5225.patch"))))))
 
 (define-public libwmf
   (package
@@ -497,7 +498,8 @@ error-resilience, a Java-viewer for j2k-images, ...")
          (base32
           "19yz4g0c45sm8y1z01j9djsrl1mkz3pmw7fykc6hkvrqymp7prsc"))
         (patches
-          (search-patches "openjpeg-CVE-2016-9850-CVE-2016-9851.patch"))))))
+          (search-patches "openjpeg-CVE-2016-9850-CVE-2016-9851.patch"
+                          "openjpeg-CVE-2016-9572-CVE-2016-9573.patch"))))))
 
 (define-public openjpeg-1
   (package (inherit openjpeg)
diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm
index d654c3be2e..a58e83d725 100644
--- a/gnu/packages/imagemagick.scm
+++ b/gnu/packages/imagemagick.scm
@@ -46,14 +46,14 @@
     ;; The 7 release series has an incompatible API, while the 6 series is still
     ;; maintained. Don't update to 7 until we've made sure that the ImageMagick
     ;; users are ready for the 7-series API.
-    (version "6.9.7-3")
+    (version "6.9.7-7")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://imagemagick/ImageMagick-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "18cibh5rmxddwpsrpzjd4sbim80g5w36zhl8bw582nw39cs6f5w0"))))
+               "02x463z31j449pfm8czb7jlpkd3nx4a3yyjxq3bhpjfq13i20d62"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags '("--with-frozenpaths" "--without-gcc-arch")
diff --git a/gnu/packages/irc.scm b/gnu/packages/irc.scm
index 44e21af7d6..6ba950763b 100644
--- a/gnu/packages/irc.scm
+++ b/gnu/packages/irc.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 ng0 <ng0@libertad.pw>
+;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -100,7 +101,7 @@ irssi, but graphical.")
 (define-public irssi
   (package
     (name "irssi")
-    (version "1.0.0")
+    (version "1.0.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://github.com/irssi/irssi/"
@@ -108,7 +109,7 @@ irssi, but graphical.")
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1f2gmr5nynagwi4wx3yprhzfpg4ww6r7ff395b0a48d0qqgkr2ka"))))
+               "1krw71n24mj4p3f5nhzj6kdi1kq9ssl53hrqyjpgz61m7wdcaa4l"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -140,14 +141,14 @@ SILC and ICB protocols via plugins.")
 (define-public weechat
   (package
     (name "weechat")
-    (version "1.6")
+    (version "1.7")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://weechat.org/files/src/weechat-"
                                   version ".tar.xz"))
               (sha256
                (base32
-                "1qqnb9bdi15l30378rnmhf26ndacwi5hmq5vpz4lfyihk17xnryn"))
+                "1crdwlxj5liik32svflfac0s87vm6p8xm208yndigzsbg8rli4sr"))
               (patches (search-patches "weechat-python.patch"))))
     (build-system gnu-build-system)
     (native-inputs `(("autoconf" ,autoconf)
@@ -180,14 +181,13 @@ SILC and ICB protocols via plugins.")
                   (add-before 'configure 'autogen
                     (lambda _
                       (zero? (system* "./autogen.sh"))))
-                  (add-before 'build 'set-python-file-name
-                    (lambda* (#:key inputs #:allow-other-keys)
-                      (substitute* "src/plugins/python/weechat-python.c"
-                        (("python2_bin = weechat_python_get_python2_bin.*;")
-                         (string-append "python2_bin = strdup (\""
-                                        (assoc-ref inputs "python")
-                                        "/bin/python\");\n")))
-                      #t)))))
+                  (add-after 'install 'wrap
+                    (lambda* (#:key inputs outputs #:allow-other-keys)
+                      (let ((out (assoc-ref outputs "out"))
+                            (py2 (assoc-ref inputs "python")))
+                        (wrap-program (string-append out "/bin/weechat")
+                          `("PATH" ":" prefix (,(string-append py2 "/bin"))))
+                        #t))))))
     (synopsis "Extensible chat client")
     (description "WeeChat (Wee Enhanced Environment for Chat) is an
 Internet Relay Chat client, which is designed to be light and fast.
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index 3a08fd83a8..92cbe2a02f 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -47,7 +47,7 @@
   #:use-module (gnu packages wget)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages perl)
-  #:use-module (gnu packages mit-krb5)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages xorg)
   #:use-module (gnu packages zip)
@@ -337,7 +337,7 @@ build process and its dependencies, whereas Make uses Makefile format.")
 (define-public icedtea-6
   (package
     (name "icedtea")
-    (version "1.13.12")
+    (version "1.13.13")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -345,7 +345,7 @@ build process and its dependencies, whereas Make uses Makefile format.")
                     version ".tar.xz"))
               (sha256
                (base32
-                "1q5iqm3dzqj8w3dwj6qqhczkkrslrfhmn3110klfwq9kyi2nimj8"))
+                "0bg9sb4f7qbq77c0zf9m17p47ga0kf0r9622g9p12ysg26jd1ksg"))
               (modules '((guix build utils)))
               (snippet
                '(substitute* "Makefile.in"
@@ -764,10 +764,10 @@ build process and its dependencies, whereas Make uses Makefile format.")
        ("openjdk6-src"
         ,(origin
            (method url-fetch)
-           (uri "https://java.net/downloads/openjdk6/openjdk-6-src-b40-22_aug_2016.tar.gz")
+           (uri "https://java.net/downloads/openjdk6/openjdk-6-src-b41-04_jan_2017.tar.xz")
            (sha256
             (base32
-             "01v4q7g9pa6w7m6yxply5yrin08jgv12fck665xnmp09bpxy8sa5"))))
+             "058szix0j280g14jzajvsixx1j2dxmc10r848f5swpy6rr8x8d4f"))))
        ("lcms" ,lcms)
        ("zlib" ,zlib)
        ("gtk" ,gtk+-2)
@@ -953,7 +953,7 @@ build process and its dependencies, whereas Make uses Makefile format.")
          ,@(package-inputs icedtea-6))))))
 
 (define-public icedtea-8
-  (let* ((version "3.2.0")
+  (let* ((version "3.3.0")
          (drop (lambda (name hash)
                  (origin
                    (method url-fetch)
@@ -962,7 +962,7 @@ build process and its dependencies, whereas Make uses Makefile format.")
                          "/icedtea8/" version "/" name ".tar.xz"))
                    (sha256 (base32 hash))))))
     (package (inherit icedtea-7)
-      (version "3.2.0")
+      (version "3.3.0")
       (source (origin
                 (method url-fetch)
                 (uri (string-append
@@ -970,7 +970,7 @@ build process and its dependencies, whereas Make uses Makefile format.")
                       version ".tar.xz"))
                 (sha256
                  (base32
-                  "104g2x5nhnqqvx6x29phx5vlrhlqy7qax83b9bqj1y619irrg8gj"))
+                  "02vmxa6gc6gizcri1fy797qmmm9y77vgi7gy9pwkk4agcw4zyr5p"))
                 (modules '((guix build utils)))
                 (snippet
                  '(substitute* "Makefile.am"
@@ -1040,31 +1040,31 @@ build process and its dependencies, whereas Make uses Makefile format.")
        `(("jdk" ,icedtea-7 "jdk")
          ("openjdk-src"
           ,(drop "openjdk"
-                 "093r3vlmbdx78w9s6d8lv4q65i0s9wq6an6i2g2d1zaf0js4043c"))
+                 "0889n19w6rvpzxgmmk9hlgzdh9ya95qkc2ajgpnzr3h69g15nz48"))
          ("corba-drop"
           ,(drop "corba"
-                 "11r3h9snnj7m5bqnzc5ryd85igdv7xlwzs0zy24p9ii6gsc0f9lh"))
+                 "0qcb72hhlsjgp6h9wd048qgyc88b7lfnxyc51xfyav0nhpfjnj8r"))
          ("jaxp-drop"
           ,(drop "jaxp"
-                 "1mp6ps15jk8v4nnvkmbvkk7g35icdjv7892q2a4f7b268yjcgmk1"))
+                 "1vyc7dw10x5k45jmi348y8min6sg651ns12zzn30fjzhpfi36nds"))
          ("jaxws-drop"
           ,(drop "jaxws"
-                 "1fb5hikzzx8292nhdbp0snqn66fwnnv4rkjsk1zsjvrv4z5vk18j"))
+                 "1dki6p39z1ms94cjvj5hd9q75q75g244c0xib82pma3q74jg6hx4"))
          ("jdk-drop"
           ,(drop "jdk"
-                 "1if9c5grp0km7pyn4mhfwi2ynh3ix20l1fqbfcy68sl2py7psmcj"))
+                 "17czby3nylcglp7l3d90a4pz1izc1sslifv8hrmynm9hn4m9d3k8"))
          ("langtools-drop"
           ,(drop "langtools"
-                 "0kbah4h4pllk0gf50mp5f6720f5ci0ixqylccppb484hp95pblcl"))
+                 "1h4azc21k58g9gn2y686wrvn9ahgac0ii7jhrrrmb5c1kjs0y2qv"))
          ("hotspot-drop"
           ,(drop "hotspot"
-                 "1gqz9qqsi61838dj08s01sa51zlnkvrk3hy721211dhnmkvlzmwx"))
+                 "12bfgwhrjfhgj6a2dsysdwhirg0jx88pi44y7s8a1bdan1mp03r8"))
          ("nashorn-drop"
           ,(drop "nashorn"
-                 "04697l95g6y6n5dvy55k2040c6qp5hfz16qaibwzs594m3gzwwjz"))
+                 "0bg9r16jffc64fhyczn4jpx7bkfw7w62prw65mh66vshqk4lbh0f"))
          ("shenandoah-drop"
           ,(drop "shenandoah"
-                 "0k6h7jk5i98jnld2ivy4bhydmkzrp25c3l6gwhvczvrhn7mlbnfx"))
+                 "0abjlsvz669i06mlks28wnh11mm55y5613990pn5j7hfbw8a34q5"))
          ,@(fold alist-delete (package-native-inputs icedtea-7)
                  '("gcj" "openjdk-src" "corba-drop" "jaxp-drop" "jaxws-drop"
                    "jdk-drop" "langtools-drop" "hotspot-drop")))))))
diff --git a/gnu/packages/kde.scm b/gnu/packages/kde.scm
index db8609a645..aef56bb202 100644
--- a/gnu/packages/kde.scm
+++ b/gnu/packages/kde.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016 Thomas Danckaert <post@thomasdanckaert.be>
+;;; Copyright © 2016, 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -39,7 +39,7 @@
 (define-public kdevelop
   (package
     (name "kdevelop")
-    (version "5.0.2")
+    (version "5.0.3")
     (source
       (origin
         (method url-fetch)
@@ -48,7 +48,7 @@
                             version ".tar.xz"))
         (sha256
          (base32
-          "0rl6csmzf14gf0r0mk7z2lj7cq8fggf5qmlbxq6j68vp2q0pj0cv"))))
+          "00gn2c66pyd9qaa0zhn2lqam0zsg7fbyi13hk32wclxq73y8v98p"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -98,15 +98,18 @@
              (let* ((out  (assoc-ref outputs "out"))
                     (kdevplatform (assoc-ref inputs "kdevplatform"))
                     (kio (assoc-ref inputs "kio"))
+                    (kcmutils (assoc-ref inputs "kcmutils"))
                     (qtquickcontrols (assoc-ref inputs "qtquickcontrols"))
                     (qtdeclarative (assoc-ref inputs "qtdeclarative"))
-                    (plugins "/lib/plugins")
+                    (profile "$HOME/.guix-profile")
                     (qml "/qml"))
                (wrap-program (string-append out "/bin/kdevelop")
+                 `("XDG_DATA_DIRS" ":" prefix
+                   ,(map (lambda (s) (string-append s "/share"))
+                         (list profile out kdevplatform kcmutils)))
                  `("QT_PLUGIN_PATH" ":" prefix
-                   (,(string-append out plugins)
-                    ,(string-append kdevplatform plugins)
-                    ,(string-append kio plugins)))
+                   ,(map (lambda (s) (string-append s "/lib/plugins"))
+                         (list profile out kdevplatform kio)))
                  `("QML2_IMPORT_PATH" ":" prefix
                    (,(string-append qtquickcontrols qml)
                     ,(string-append qtdeclarative qml))))))))))
@@ -145,14 +148,14 @@ for some KDevelop language plugins (Ruby, PHP, CSS...).")
 (define-public kdevplatform
   (package
     (name "kdevplatform")
-    (version "5.0.2")
+    (version "5.0.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/KDE/kdevplatform/archive/v"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1m8c0ixv91diyy9bvq53d4jik4zrnf7bix7clad4ywxnlpcs4ahr"))
+                "1k40wg08iwyswnpbs4bfh4yq38pp0qi78shjh4pf7yfa2kbid30j"))
               (file-name (string-append name "-" version ".tar.gz"))))
     (build-system cmake-build-system)
     (native-inputs
diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
new file mode 100644
index 0000000000..b6d25f4a23
--- /dev/null
+++ b/gnu/packages/kerberos.scm
@@ -0,0 +1,187 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2012, 2013 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2012, 2013 Nikita Karetnikov <nikita@karetnikov.org>
+;;; Copyright © 2012, 2017 Ludovic Courtès <ludo@gnu.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages kerberos)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages gnupg)
+  #:use-module (gnu packages libidn)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages databases)
+  #:use-module (gnu packages readline)
+  #:use-module (gnu packages tls)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix utils)
+  #:use-module (guix build-system gnu))
+
+(define-public mit-krb5
+  (package
+    (name "mit-krb5")
+    (version "1.14.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
+                                  (version-major+minor version)
+                                  "/krb5-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1jgjiyh1sp72lkxvk437lz5hzcibvw99jc4ihzfz03fg43aj0ind"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("bison" ,bison)
+       ("perl" ,perl)))
+    (arguments
+     `(;; Work around "No rule to make target '../../include/gssapi/gssapi.h',
+       ;; needed by 'authgss_prot.so'."
+       #:parallel-build? #f
+
+       ;; Likewise with tests.
+       #:parallel-tests? #f
+
+       ;; XXX: On 32-bit systems, 'kdb5_util' hangs on an fcntl/F_SETLKW call
+       ;; while running the tests in 'src/tests'.
+       #:tests? ,(string=? (%current-system) "x86_64-linux")
+
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'enter-source-directory
+           (lambda _
+             (chdir "src")
+             #t))
+         (add-before 'check 'pre-check
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let ((perl (assoc-ref inputs "perl")))
+               (substitute* "plugins/kdb/db2/libdb2/test/run.test"
+                 (("/bin/cat") (string-append perl "/bin/perl"))
+                 (("D/bin/sh") (string-append "D" (which "bash")))
+                 (("bindir=/bin/.") (string-append "bindir=" perl "/bin"))))
+
+             ;; avoid service names since /etc/services is unavailable
+             (substitute* "tests/resolve/Makefile"
+               (("-p telnet") "-p 23"))
+             #t)))))
+    (synopsis "MIT Kerberos 5")
+    (description
+     "Massachusetts Institute of Technology implementation of Kerberos.
+Kerberos is a network authentication protocol designed to provide strong
+authentication for client/server applications by using secret-key
+cryptography.")
+    (license (license:non-copyleft "file://NOTICE"
+                                   "See NOTICE in the distribution."))
+    (home-page "http://web.mit.edu/kerberos/")))
+
+(define-public shishi
+  (package
+    (name "shishi")
+    (version "1.0.2")
+    (source
+     (origin
+      (method url-fetch)
+      (uri (string-append "mirror://gnu/shishi/shishi-"
+                          version ".tar.gz"))
+      (sha256
+       (base32
+        "032qf72cpjdfffq1yq54gz3ahgqf2ijca4vl31sfabmjzq9q370d"))))
+    (build-system gnu-build-system)
+    (native-inputs `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("gnutls" ,gnutls)
+       ("libidn" ,libidn)
+       ("linux-pam" ,linux-pam-1.2)
+       ("zlib" ,zlib)
+       ;; libgcrypt 1.6 fails because of the following test:
+       ;;  #include <gcrypt.h>
+       ;; /* GCRY_MODULE_ID_USER was added in 1.4.4 and gc-libgcrypt.c
+       ;;    will fail on startup if we don't have 1.4.4 or later, so
+       ;;    test for it early. */
+       ;; #if !defined GCRY_MODULE_ID_USER
+       ;; error too old libgcrypt
+       ;; #endif
+       ("libgcrypt" ,libgcrypt-1.5)
+       ("libtasn1" ,libtasn1)))
+    (home-page "http://www.gnu.org/software/shishi/")
+    (synopsis "Implementation of the Kerberos 5 network security system")
+    (description
+     "GNU Shishi is a free implementation of the Kerberos 5 network security
+system.  It is used to allow non-secure network nodes to communicate in a
+secure manner through client-server mutual authentication via tickets.")
+    (license license:gpl3+)))
+
+(define-public heimdal
+  (package
+    (name "heimdal")
+    (version "1.5.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://www.h5l.org/dist/src/heimdal-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "19gypf9vzfrs2bw231qljfl4cqc1riyg0ai0xmm1nd1wngnpphma"))
+              (modules '((guix build utils)))
+              (snippet
+               '(substitute* "configure"
+                  (("User=.*$") "User=Guix\n")
+                  (("Date=.*$") "Date=2017\n")))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:configure-flags (list
+                          ;; Work around a linker error.
+                          "CFLAGS=-pthread"
+
+                          ;; Avoid 7 MiB of .a files.
+                          "--disable-static"
+
+                          ;; Do not build libedit.
+                          (string-append
+                           "--with-readline-lib="
+                           (assoc-ref %build-inputs "readline") "/lib")
+                          (string-append
+                           "--with-readline-include="
+                           (assoc-ref %build-inputs "readline") "/include"))
+
+       #:phases (modify-phases %standard-phases
+                  (add-before 'check 'skip-tests
+                    (lambda _
+                      ;; The test simply runs 'ftp --version && ftp --help'
+                      ;; but that fails in the chroot because 'ftp' tries to
+                      ;; do a service lookup before printing the help/version.
+                      (substitute* "appl/ftp/ftp/Makefile.in"
+                        (("^CHECK_LOCAL =.*")
+                         "CHECK_LOCAL = no-check-local\n"))
+                      #t)))))
+    (native-inputs `(("e2fsprogs" ,e2fsprogs)))   ;for 'compile_et'
+    (inputs `(("readline" ,readline)
+              ("bdb" ,bdb)
+              ("e2fsprogs" ,e2fsprogs)))          ;for libcom_err
+    (home-page "http://www.h5l.org/")
+    (synopsis "Kerberos 5 network authentication")
+    (description
+     "Heimdal is an implementation of Kerberos 5 network authentication
+service.")
+    (license license:bsd-3)))
diff --git a/gnu/packages/ldc.scm b/gnu/packages/ldc.scm
index 6ea7f664bd..b7f593712b 100644
--- a/gnu/packages/ldc.scm
+++ b/gnu/packages/ldc.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015, 2016 Roel Janssen <roel@gnu.org>
 ;;; Copyright © 2015 Pjotr Prins <pjotr.guix@thebird.nl>
+;;; Copyright © 2017 Frederick Muriithi <fredmanglis@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -27,6 +28,8 @@
   #:use-module (gnu packages)
   #:use-module (gnu packages base)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages curl)
+  #:use-module (gnu packages gdb)
   #:use-module (gnu packages libedit)
   #:use-module (gnu packages llvm)
   #:use-module (gnu packages python)
@@ -34,47 +37,44 @@
   #:use-module (gnu packages zip))
 
 (define-public rdmd
-  (let ((commit "da0a2e0a379b08294015eec9d531f1e5dd4226f0"))
-    (package
-      (name "rdmd")
-      (version (string-append "v2.070.0-1." (string-take commit 7)))
-      (source (origin
-        (method git-fetch)
-        (uri (git-reference
-              (url "https://github.com/D-Programming-Language/tools.git")
-              (commit commit)))
-        (file-name (string-append name "-" version "-checkout"))
-        (sha256
-         (base32
-          "1pcx5lyqzrip86f4vv60x292rpvnwsq2hvl1znm9x9rn68f34m45"))))
-      (build-system gnu-build-system)
-      (arguments
-       '(#:phases
-         (modify-phases %standard-phases
-           (delete 'configure)
-           (delete 'check) ; There is no Makefile, so there's no 'make check'.
-           (replace
-            'build
-            (lambda _
-              (zero? (system* "ldc2" "rdmd.d"))))
-           (replace
-            'install
-            (lambda* (#:key outputs #:allow-other-keys)
-              (let ((bin (string-append (assoc-ref outputs "out") "/bin")))
-                (install-file "rdmd" bin)))))))
-      (native-inputs
-       `(("ldc" ,ldc)))
-      (home-page "https://github.com/D-Programming-Language/tools/")
-      (synopsis "Specialized equivalent to 'make' for the D language")
-      (description
-       "rdmd is a companion to the dmd compiler that simplifies the typical
+  (package
+    (name "rdmd")
+    (version "2.073.0")
+    (source (origin
+      (method url-fetch)
+      (uri (string-append "https://github.com/dlang/tools/archive/v" version ".tar.gz"))
+      (file-name (string-append name "-" version ".tar.gz"))
+      (sha256
+       (base32
+        "01if3ivnb7g2myfhymp4d9346s4vmvcl82i1kxfs5iza45almh7v"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (delete 'check) ; There is no Makefile, so there's no 'make check'.
+         (replace
+          'build
+          (lambda _
+            (zero? (system* "ldc2" "rdmd.d"))))
+         (replace
+          'install
+          (lambda* (#:key outputs #:allow-other-keys)
+            (let ((bin (string-append (assoc-ref outputs "out") "/bin")))
+              (install-file "rdmd" bin)))))))
+    (native-inputs
+     `(("ldc" ,ldc)))
+    (home-page "https://github.com/D-Programming-Language/tools/")
+    (synopsis "Specialized equivalent to 'make' for the D language")
+    (description
+     "rdmd is a companion to the dmd compiler that simplifies the typical
 edit-compile-link-run or edit-make-run cycle to a rapid edit-run cycle.  Like
 make and other tools, rdmd uses the relative dates of the files involved to
 minimize the amount of work necessary.  Unlike make, rdmd tracks dependencies
 and freshness without requiring additional information from the user.")
-      (license license:boost1.0))))
+    (license license:boost1.0)))
 
-(define-public ldc
+(define-public ldc-bootstrap
   (package
     (name "ldc")
     (version "0.17.2")
@@ -171,3 +171,141 @@ latest DMD frontend and uses LLVM as backend.")
     (license (list license:bsd-3
                    license:gpl2+
                    license:boost1.0))))
+
+
+(define-public ldc
+  ;; The phobos, druntime and dmd-testsuite dependencies do not have a newer
+  ;; release than 1.1.0-beta4, hence the need to make use of the older-version
+  ;; variable to hold this variable.
+  (let ((older-version "1.1.0"))
+    (package
+      (inherit ldc-bootstrap)
+      (name "ldc")
+      (version "1.1.0")
+      ;; Beta version needed to compile various scientific tools that require
+      ;; the newer beta versions, and won't compile successfully with the
+      ;; older stable version.
+      (source (origin
+                (method url-fetch)
+                (uri (string-append
+                      "https://github.com/ldc-developers/ldc/archive/v"
+                      version ".tar.gz"))
+                (file-name (string-append name "-" version ".tar.gz"))
+                (sha256
+                 (base32
+                  "10zkrmx9bcmhfxvgykm3fkjamzc8js96wm032bv0fyil5c9ja2y1"))))
+      (arguments
+       `(#:phases
+         (modify-phases %standard-phases
+           (add-after 'unpack 'unpack-submodule-sources
+             (lambda* (#:key inputs #:allow-other-keys)
+               (let ((unpack (lambda (source target)
+                               (with-directory-excursion target
+                                 (zero? (system* "tar" "xvf"
+                                                 (assoc-ref inputs source)
+                                                 "--strip-components=1"))))))
+                 (and (unpack "phobos-src" "runtime/phobos")
+                      (unpack "druntime-src" "runtime/druntime")
+                      (unpack "dmd-testsuite-src" "tests/d2/dmd-testsuite")))))
+           ;; The 'patch-dmd2 step in ldc causes the build to fail since
+           ;; dmd2/root/port.c no longer exists.  Arguments needed to have
+           ;; 'patch-dmd2 step removed, but retain everything else.
+           (add-after 'unpack-submodule-sources 'patch-phobos
+             (lambda* (#:key inputs #:allow-other-keys)
+               (substitute* "runtime/phobos/std/process.d"
+                 (("/bin/sh") (which "sh"))
+                 (("echo") (which "echo")))
+               (substitute* "runtime/phobos/std/datetime.d"
+                 (("/usr/share/zoneinfo/")
+                  (string-append (assoc-ref inputs "tzdata") "/share/zoneinfo")))
+               (substitute* "tests/d2/dmd-testsuite/Makefile"
+                 (("/bin/bash") (which "bash")))
+               #t)))))
+      (native-inputs
+       `(("llvm" ,llvm)
+         ("clang" ,clang)
+         ("ldc" ,ldc-bootstrap)
+         ("python-lit" ,python-lit)
+         ("python-wrapper" ,python-wrapper)
+         ("unzip" ,unzip)
+         ("gdb" ,gdb)
+         ("phobos-src"
+          ,(origin
+             (method url-fetch)
+             (uri (string-append
+                   "https://github.com/ldc-developers/phobos/archive/ldc-v"
+                   older-version ".tar.gz"))
+             (sha256
+              (base32
+               "0z5v55b9s1ppf0c2ivjq7sbmq688c37c92ihc3qwrbxnqvkkvrlk"))
+             ;; This patch deactivates some tests that depend on network access
+             ;; to pass.  It also deactivates some tests that have some reliance
+             ;; on timezone.
+             ;;
+             ;; For the network tests, there's an effort to get a version flag
+             ;; added to deactivate these tests for distribution packagers
+             ;; that is being pursued at
+             ;; <https://forum.dlang.org/post/zmdbdgnzrxyvtpqafvyg@forum.dlang.org>.
+             ;; It also deactivates a test that requires /root
+             (patches (search-patches "ldc-1.1.0-disable-phobos-tests.patch"))))
+         ("druntime-src"
+          ,(origin
+             (method url-fetch)
+             (uri (string-append
+                   "https://github.com/ldc-developers/druntime/archive/ldc-v"
+                   older-version ".tar.gz"))
+             (sha256
+              (base32
+               "07qvrqj6vgakd6qr4x5f70w6zwkzd1li5x8i1b5ywnds1z5lnfp6"))))
+         ("dmd-testsuite-src"
+          ,(origin
+             (method url-fetch)
+             (uri (string-append
+                   "https://github.com/ldc-developers/dmd-testsuite/archive/ldc-v"
+                   older-version ".tar.gz"))
+             (sha256
+              (base32
+               "12cak7yqmsgjlflx0dp6fwmwb9dac25amgi86n0bb95ard3547wy"))
+             ;; Remove the gdb tests that fails with a "Error: No such file or
+             ;; directory" error, despite the files being present in the debug
+             ;; files left with the --keep-failed flag to guix build.
+             (patches (search-patches "ldc-1.1.0-disable-dmd-tests.patch")))))))))
+
+(define-public ldc-beta ldc)
+
+(define-public dub
+  (package
+    (name "dub")
+    (version "1.2.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/dlang/dub/archive/"
+                                  "v" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1sd8i1rvxc7y7kk0y6km5zyvaladc5zh56r6afj74ndd63dssv43"))))
+   (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; it would have tested itself by installing some packages (vibe etc)
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (replace 'build
+           (lambda _
+             (zero? (system* "./build.sh"))))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (outbin (string-append out "/bin")))
+               (mkdir-p outbin)
+               (install-file "bin/dub" outbin)
+               #t))))))
+    (inputs
+     `(("curl" ,curl)))
+    (native-inputs
+     `(("ldc" ,ldc)))
+    (home-page "https://code.dlang.org/getting_started")
+    (synopsis "DUB package manager")
+    (description "This package provides the D package manager.")
+    (license license:expat)))
diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm
index cb76915ef7..e552a4ee38 100644
--- a/gnu/packages/libevent.scm
+++ b/gnu/packages/libevent.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Eric Dvorsak <eric@dvorsak.fr>
 ;;; Copyright © 2016 David Thompson <davet@gnu.org>
+;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -33,7 +34,7 @@
 (define-public libevent
   (package
     (name "libevent")
-    (version "2.0.22")
+    (version "2.1.8")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -41,13 +42,16 @@
                    version "-stable/libevent-" version "-stable.tar.gz"))
              (sha256
               (base32
-               "18qz9qfwrkakmazdlwxvjmw8p76g70n3faikwvdwznns1agw9hki"))
-             (patches (search-patches "libevent-dns-tests.patch"))))
+               "1hhxnxlr0fsdv7bdmzsnhdz16fxf3jg2r6vyljcl3kj6pflcap4n"))
+             (patches (search-patches "libevent-2.1-dns-tests.patch"
+                                      ;; XXX: Try removing this for > 2.1.8.
+                                      ;; https://github.com/libevent/libevent/issues/452
+                                      "libevent-2.1-skip-failing-test.patch"))))
     (build-system gnu-build-system)
     (inputs
-     `(;; Dependencies used for the tests and for `event_rpcgen.py'.
-       ("which" ,which)
-       ("python" ,python-wrapper)))
+     `(("python" ,python-2)))           ; for 'event_rpcgen.py'
+    (native-inputs
+     `(("which" ,which)))
     (home-page "http://libevent.org/")
     (synopsis "Event notification library")
     (description
@@ -62,10 +66,28 @@ then add or remove events dynamically without having to change the event
 loop.")
     (license bsd-3)))
 
+(define-public libevent-2.0
+  (package
+    (inherit libevent)
+    (version "2.0.22")
+    (source (origin
+          (method url-fetch)
+          (uri (string-append
+                "https://github.com/libevent/libevent/releases/download/release-"
+                version "-stable/libevent-" version "-stable.tar.gz"))
+          (sha256
+           (base32
+            "18qz9qfwrkakmazdlwxvjmw8p76g70n3faikwvdwznns1agw9hki"))
+          (patches (search-patches
+                    "libevent-dns-tests.patch"
+                    "libevent-2.0-evdns-fix-remote-stack-overread.patch"
+                    "libevent-2.0-evutil-fix-buffer-overflow.patch"
+                    "libevent-2.0-evdns-fix-searching-empty-hostnames.patch"))))))
+
 (define-public libev
   (package
     (name "libev")
-    (version "4.23")
+    (version "4.24")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://dist.schmorp.de/libev/Attic/libev-"
@@ -73,7 +95,7 @@ loop.")
                                   ".tar.gz"))
               (sha256
                (base32
-                "0ynxxm7giy4hg3qp9q8wshqw1jla9sxbsbi2pwsdsl1v1hz79zn7"))))
+                "08gqsza1czx0nf62nkk183jb0946yzjsymaacxbzdgcs8z9r6dcp"))))
     (build-system gnu-build-system)
     (home-page "http://software.schmorp.de/pkg/libev.html")
     (synopsis "Event loop loosely modelled after libevent")
@@ -89,7 +111,7 @@ programs.")
 (define-public libuv
   (package
     (name "libuv")
-    (version "1.9.0")
+    (version "1.11.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/libuv/libuv/archive/v"
@@ -97,7 +119,7 @@ programs.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1sx5lahhg2w92y6mgyg7c7nrx2biyyxd5yiqkmq8n4w01lm2gf7q"))))
+                "0yhw86011l2dg2prms0d86szygrix4pxpgnyzs7iljy2xk3fxivf"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases (alist-cons-after
@@ -116,7 +138,7 @@ programs.")
 
                      ;; libuv.pc is installed only when pkg-config is found.
                      ("pkg-config" ,pkg-config)))
-    (home-page "https://github.com/joyent/libuv")
+    (home-page "https://github.com/libuv/libuv")
     (synopsis "Library for asynchronous I/O")
     (description
      "libuv is a multi-platform support library with a focus on asynchronous
diff --git a/gnu/packages/libidn.scm b/gnu/packages/libidn.scm
index bc67387b29..3af19b1c70 100644
--- a/gnu/packages/libidn.scm
+++ b/gnu/packages/libidn.scm
@@ -19,6 +19,7 @@
 
 (define-module (gnu packages libidn)
   #:use-module (gnu packages)
+  #:use-module (gnu packages libunistring)
   #:use-module (guix licenses)
   #:use-module (guix packages)
   #:use-module (guix download)
@@ -51,14 +52,16 @@ Java libraries.")
 (define-public libidn2
   (package
     (name "libidn2")
-    (version "0.11")
+    (version "0.16")
     (source (origin
               (method url-fetch)
               (uri (string-append "ftp://alpha.gnu.org/gnu/libidn/libidn2-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1zxzhzx14q2b1xkx746pz4lawvqd8d055yy84n52ndwb4pf7nfax"))))
+                "13v8kh4d5nfkymai88zlw3h7k4x9khrpdpv97waf4ah8ykzrxb9g"))))
+    (inputs
+     `(("libunistring" ,libunistring)))
     (build-system gnu-build-system)
     (synopsis "Internationalized domain name library for IDNA2008")
     (description "Libidn2 is an internationalized domain library implementing
diff --git a/gnu/packages/libupnp.scm b/gnu/packages/libupnp.scm
index ea4d1bd25e..330ae6deb6 100644
--- a/gnu/packages/libupnp.scm
+++ b/gnu/packages/libupnp.scm
@@ -26,17 +26,15 @@
 (define-public libupnp
   (package
     (name "libupnp")
-    (version "1.6.20")
+    (version "1.6.21")
     (source
      (origin
       (method url-fetch)
       (uri (string-append "mirror://sourceforge/pupnp/pupnp/libUPnP%20"
                           version "/" name "-" version ".tar.bz2"))
-      (patches (search-patches "libupnp-CVE-2016-6255.patch"
-                               "libupnp-CVE-2016-8863.patch"))
       (sha256
        (base32
-        "0qrsdsb1qm85hc4jy04qph895613d148f0x1mmk6z99y3q43fdgf"))))
+        "16x3z6jg1krwyydmbd0z59z5c9x4pniaajmfmnp5pmx18q43qgxg"))))
     (build-system gnu-build-system)
     (arguments
      ;; The tests require a network device capable of multicasting which is
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 5b6466c848..d53f5487ba 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -19,6 +19,9 @@
 ;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
 ;;; Copyright © 2016 ng0 <ng0@libertad.pw>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2017 José Miguel Sánchez García <jmi2k@openmailbox.com>
+;;; Copyright © 2017 Gábor Boskovits <boskovits@gmail.com>
+;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -43,6 +46,7 @@
   #:use-module (gnu packages attr)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages base)
+  #:use-module (gnu packages bash)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages calendar)
   #:use-module (gnu packages check)
@@ -61,8 +65,10 @@
   #:use-module (gnu packages gperf)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages libusb)
+  #:use-module (gnu packages man)
   #:use-module (gnu packages maths)
   #:use-module (gnu packages ncurses)
+  #:use-module (gnu packages networking)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pciutils)
   #:use-module (gnu packages pkg-config)
@@ -332,28 +338,27 @@ It has been modified to remove all non-free binary blobs.")
 
 (define %intel-compatible-systems '("x86_64-linux" "i686-linux"))
 
+(define %linux-libre-version "4.9.9")
+(define %linux-libre-hash "0grk94jym0wz581c7pimia0rszq4h2xqjmf818i4l4qrjd0bnqvk")
+
 (define-public linux-libre
-  (make-linux-libre "4.9.3"
-                    "1jd2rz58lcha9ac35glr26lc6hfi49fvpiwshgpd6ygf4irrs82w"
+  (make-linux-libre %linux-libre-version
+                    %linux-libre-hash
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.4
-  (make-linux-libre "4.4.42"
-                    "1jd43yvycizgqdmwp9rpj7gpjy37mah8jlqaiskjb0hivyk495yz"
+  (make-linux-libre "4.4.48"
+                    "0g7ram0b5b7p0c6v5m5im6m5pwa348mhkhf67rs036lzvcw1bvyk"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.1
-  (make-linux-libre "4.1.37"
-                    "0q79cxmrz0j5wh7z1dc103q6q6qf7rqgjl7ka8lvn4vl32pr0kq1"
+  (make-linux-libre "4.1.38"
+                    "165kmzglhg63hn7y4q7r6cb2dpsljxiq1czvgyx0bkd1vd2bcvsa"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
-;; Avoid rebuilding kernel variants when there is a minor version bump.
-(define %linux-libre-version "4.9.3")
-(define %linux-libre-hash "1jd2rz58lcha9ac35glr26lc6hfi49fvpiwshgpd6ygf4irrs82w")
-
 (define-public linux-libre-arm-generic
   (make-linux-libre %linux-libre-version
                     %linux-libre-hash
@@ -1590,14 +1595,14 @@ system.")
 (define-public kbd
   (package
     (name "kbd")
-    (version "2.0.3")
+    (version "2.0.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://kernel.org/linux/utils/kbd/kbd-"
                                   version ".tar.xz"))
               (sha256
                (base32
-                "0ppv953gn2zylcagr4z6zg5y2x93dxrml29plypg6xgbq3hrv2bs"))
+                "124swm93dm4ca0pifgkrand3r9gvj3019d4zkfxsj9djpvv0mnaz"))
               (modules '((guix build utils)))
               (snippet
                '(begin
@@ -1758,14 +1763,14 @@ time.")
 (define-public lvm2
   (package
     (name "lvm2")
-    (version "2.02.166")
+    (version "2.02.168")
     (source (origin
               (method url-fetch)
               (uri (string-append "ftp://sources.redhat.com/pub/lvm2/releases/LVM2."
                                   version ".tgz"))
               (sha256
                (base32
-                "150v0mawd2swdvypcmkjd3h3s4n5i1220h6sxx94a8jvp1kb0871"))
+                "03b62hcsj9z37ckd8c21wwpm07s9zblq7grfh58yzcs1vp6x38r3"))
               (modules '((guix build utils)))
               (snippet
                '(begin
@@ -2465,7 +2470,7 @@ MPEG-2 and audio over Linux IEEE 1394.")
 (define-public mdadm
   (package
     (name "mdadm")
-    (version "3.4")
+    (version "4.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2473,13 +2478,14 @@ MPEG-2 and audio over Linux IEEE 1394.")
                     version ".tar.xz"))
               (sha256
                (base32
-                "0248v9f28mrbwabl94ck22gfim29sqhkf70wrpfi52nk4x3bxl17"))))
+                "1ad3mma641946wn5lsllwf0lifw9lps34fv1nnkhyfpd9krffshx"))))
     (build-system gnu-build-system)
     (inputs
      `(("udev" ,eudev)))
     (arguments
      `(#:make-flags (let ((out (assoc-ref %outputs "out")))
-                      (list "INSTALL=install"
+                      (list "CC=gcc"
+                            "INSTALL=install"
                             "CHECK_RUN_DIR=0"
                             ;; TODO: tell it where to find 'sendmail'
                             ;; (string-append "MAILCMD=" <???> "/sbin/sendmail")
@@ -2656,7 +2662,7 @@ is flexible, efficient and uses a modular implementation.")
 (define-public fuse-exfat
   (package
     (name "fuse-exfat")
-    (version "1.2.5")
+    (version "1.2.6")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2664,7 +2670,7 @@ is flexible, efficient and uses a modular implementation.")
                     version "/" name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1i0sh0s6wnm4dqxli3drva871wgbbm57qjf592vnswna9hc6bvim"))))
+                "1rvq4hapy2anal1vg1yidv4x8rg4iw5sxfwqixkw0q2qsxb54471"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -2723,7 +2729,7 @@ and copy/paste text in the console and in xterm.")
 (define-public btrfs-progs
   (package
     (name "btrfs-progs")
-    (version "4.9")
+    (version "4.9.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://kernel.org/linux/kernel/"
@@ -2731,7 +2737,7 @@ and copy/paste text in the console and in xterm.")
                                   "btrfs-progs-v" version ".tar.xz"))
               (sha256
                (base32
-                "18y88avadn4wb3xmczd6pfcjr7ik62dw4phk6fmkms2j8vmvl9z2"))))
+                "1ppy2y9vypxw9awchari21yd3s2d7w2a9q3f4jq7dnjy5gyrnjj6"))))
     (build-system gnu-build-system)
     (outputs '("out"
                "static"))      ; static versions of binaries in "out" (~16MiB!)
@@ -2902,6 +2908,7 @@ from userspace.")
                (base32
                 "180y5y09h30ryf2vim8j30a2npwz1iv9ly5yjmh3wjdkwh2jrdyp"))
               (modules '((guix build utils)))
+              (patches (search-patches "ntfs-3g-CVE-2017-0358.patch"))
               (snippet
                ;; Install under $prefix.
                '(substitute* '("src/Makefile.in" "ntfsprogs/Makefile.in")
@@ -3116,14 +3123,14 @@ the default @code{nsswitch} and the experimental @code{umich_ldap}.")
 (define-public mcelog
   (package
     (name "mcelog")
-    (version "147")
+    (version "148")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://git.kernel.org/cgit/utils/cpu/mce/"
                                   "mcelog.git/snapshot/v" version ".tar.gz"))
               (sha256
                (base32
-                "10xxmqpd348ifbs7w8j0m53agp28r6imv237ha3kmhp632hmyf1d"))
+                "1d5g09ndfsnl56vyhb5xw0zxspnh0f937biw3agqhdfbvw40j9jr"))
               (file-name (string-append name "-" version ".tar.gz"))
               (modules '((guix build utils)))
               (snippet
@@ -3362,3 +3369,168 @@ monitoring tools for Linux.  These include @code{mpstat}, @code{iostat},
 @code{tapestat}, @code{cifsiostat}, @code{pidstat}, @code{sar}, @code{sadc},
 @code{sadf} and @code{sa}.")
     (license license:gpl2+)))
+
+(define-public light
+  (package
+    (name "light")
+    (version "1.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/haikarainen/" name
+                                  "/archive/v" version ".tar.gz"))
+              (sha256
+               (base32
+                "0r5gn6c0jcxknzybl6059dplxv46dpahchqq4gymrs7z8bp0hilp"))
+              (file-name (string-append name "-" version ".tar.gz"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:tests? #f ; no tests
+       #:make-flags (list "CC=gcc"
+                          (string-append "PREFIX=" %output))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (add-after 'unpack 'patch-makefile
+           (lambda _
+             (substitute* "Makefile" (("chown") "#")))))))
+    (native-inputs
+     `(("help2man" ,help2man)))
+    (home-page "https://haikarainen.github.io/light")
+    (synopsis "GNU/Linux application to control backlights")
+    (description
+     "Light is a program to send commands to screen backlight controllers
+under GNU/Linux.  Features include:
+
+@itemize
+@item It does not rely on X.
+@item Light can automatically figure out the best controller to use, making
+full use of underlying hardware.
+@item It is possible to set a minimum brightness value, as some controllers
+set the screen to be pitch black at a vaĺue of 0 (or higher).
+@end itemize
+
+Light is the successor of lightscript.")
+    (license license:gpl3+)))
+
+(define-public tlp
+  (package
+    (name "tlp")
+    (version "0.9")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/linrunner/"
+                    (string-upcase name)
+                    "/archive/" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0xksm8ar6dbq0azbfz8qs9yyzqg1j333lyd5znc074rz8inj4yw8"))))
+    (inputs `(("bash" ,bash)
+              ("dbus" ,dbus)
+              ("ethtool" ,ethtool)
+              ("eudev" ,eudev)
+              ("grep" ,grep)
+              ("hdparm" ,hdparm)
+              ("inetutils" ,inetutils)
+              ("iw" ,iw)
+              ("kmod" ,kmod)
+              ("pciutils" ,pciutils)
+              ("perl" ,perl)
+              ("rfkill" ,rfkill)
+              ("sed" ,sed)
+              ("usbutils" ,usbutils)
+              ("util-linux" ,util-linux)
+              ("wireless-tools" ,wireless-tools)))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (add-before 'build 'setenv
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (setenv "TLP_WITH_SYSTEMD" "0")
+               (setenv "TLP_NO_INIT" "1")
+               (setenv "TLP_NO_PMUTILS" "1")
+               (setenv "TLP_SBIN" (string-append out "/bin"))
+               (setenv "TLP_BIN" (string-append out "/bin"))
+               (setenv "TLP_TLIB" (string-append out "/share/tlp-pm"))
+               (setenv "TLP_ULIB" (string-append out "/lib/udev"))
+               (setenv "TLP_CONF" (string-append out "/etc/tlp"))
+               (setenv "TLP_SHCPL"
+                       (string-append out "/share/bash-completion/completions"))
+               (setenv "TLP_MAN" (string-append out "/share/man")))))
+         (delete 'check)
+         (replace 'install
+           (lambda _
+             (system "make install-tlp install-man")))
+         (add-after 'install 'wrap
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((bin (string-append (assoc-ref outputs "out") "/bin"))
+                    (bin-files (find-files bin ".*")))
+               (define (bin-directory input-name)
+                 (string-append (assoc-ref inputs input-name) "/bin"))
+               (define (sbin-directory input-name)
+                 (string-append (assoc-ref inputs input-name) "/sbin"))
+               (for-each (lambda (program)
+                           (wrap-program program
+                             `("PATH" ":" prefix
+                               ,(append
+                                 (map bin-directory '("bash"
+                                                      "coreutils"
+                                                      "dbus"
+                                                      "eudev"
+                                                      "grep"
+                                                      "inetutils"
+                                                      "kmod"
+                                                      "perl"
+                                                      "sed"
+                                                      "usbutils"
+                                                      "util-linux"))
+                                 (map sbin-directory '("ethtool"
+                                                       "hdparm"
+                                                       "iw"
+                                                       "pciutils"
+                                                       "rfkill"
+                                                       "wireless-tools"))))))
+                         bin-files)))))))
+    (home-page "http://linrunner.de/en/tlp/tlp.html")
+    (synopsis "Power management tool for Linux")
+    (description "TLP is a power management tool for Linux.  It comes with
+a default configuration already optimized for battery life.  Nevertheless,
+TLP is customizable to fulfil system requirements.  TLP settings are applied
+every time the power supply source is changed.")
+
+    ;; 'COPYING' is a custom version that says that one file is GPLv3+ and the
+    ;; rest is GPLv2+.
+    (license (list license:gpl2+ license:gpl3+))))
+
+(define-public lshw
+  (package
+    (name "lshw")
+    (version "B.02.18")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://www.ezix.org/software/"
+                                  "files/lshw-" version
+                                  ".tar.gz"))
+              (sha256
+               (base32
+                "0brwra4jld0d53d7jsgca415ljglmmx1l2iazpj4ndilr48yy8mf"))))
+    (build-system gnu-build-system)
+    (arguments
+      `(#:phases (modify-phases %standard-phases (delete 'configure))
+        #:tests? #f ; no tests
+        #:make-flags
+          (list (string-append "PREFIX=" (assoc-ref %outputs "out")))))
+    (synopsis "List hardware information")
+    (description
+     "@command{lshw} (Hardware Lister) is a small tool to provide
+detailed information on the hardware configuration of the machine.
+It can report exact memory configuration, firmware version, mainboard
+configuration, CPU version and speed, cache configuration, bus speed,
+and more on DMI-capable x86 or EFI (IA-64) systems and on some PowerPC
+machines (PowerMac G4 is known to work).")
+    (home-page "https://www.ezix.org/project/wiki/HardwareLiSter")
+    (license license:gpl2+)))
diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm
index e226443626..80161de01b 100644
--- a/gnu/packages/lisp.scm
+++ b/gnu/packages/lisp.scm
@@ -756,14 +756,14 @@ from other CLXes around the net.")
 (define-public sbcl-stumpwm
   (package
     (name "sbcl-stumpwm")
-    (version "0.9.9")
+    (version "1.0.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
                     "https://github.com/stumpwm/stumpwm/archive/"
                     version ".tar.gz"))
               (sha256
-               (base32 "1fqabij4zcsqg1ywgdv2irp1ys23dwc8ms9ai55lb2i47hgv7z3x"))
+               (base32 "1maxp98gh64az3d9vz9br6zdd6rc9fmj2imvax4by85g6kxvdz1i"))
               (file-name (string-append "stumpwm-" version ".tar.gz"))))
     (build-system asdf-build-system/sbcl)
     (inputs `(("sbcl-cl-ppcre" ,sbcl-cl-ppcre)
diff --git a/gnu/packages/lua.scm b/gnu/packages/lua.scm
index 65c335d373..5016732b7a 100644
--- a/gnu/packages/lua.scm
+++ b/gnu/packages/lua.scm
@@ -43,13 +43,13 @@
 (define-public lua
   (package
     (name "lua")
-    (version "5.3.3")
+    (version "5.3.4")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://www.lua.org/ftp/lua-"
                                  version ".tar.gz"))
              (sha256
-              (base32 "18mcfbbmjyp8f2l9yy7n6dzk066nq6man0kpwly4bppphilc04si"))
+              (base32 "0320a8dg3aci4hxla380dx1ifkw8gj4gbw5c4dz41g1kh98sm0gn"))
              (patches (search-patches "lua-pkgconfig.patch"
                                       "lua-liblua-so.patch"))))
     (build-system gnu-build-system)
@@ -371,13 +371,13 @@ Notable examples are GTK+, GStreamer and Webkit.")
 (define-public lua-lpeg
   (package
     (name "lua-lpeg")
-    (version "1.0.0")
+    (version "1.0.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://www.inf.puc-rio.br/~roberto/lpeg/lpeg-"
                                   version ".tar.gz"))
               (sha256
-               (base32 "13mz18s359wlkwm9d9iqlyyrrwjc6iqfpa99ai0icam2b3khl68h"))))
+               (base32 "0sq25z3r324a324ky73izgq9mbf66j2xvjp0fxf227rwxalzgnb2"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -401,3 +401,60 @@ Notable examples are GTK+, GStreamer and Webkit.")
 Grammars (PEGs).")
     (home-page "http://www.inf.puc-rio.br/~roberto/lpeg")
     (license license:expat)))
+
+(define-public lua5.2-lpeg
+  (package (inherit lua-lpeg)
+    (name "lua5.2-lpeg")
+    ;; XXX: The arguments field is almost an exact copy of the field in
+    ;; "lua-lpeg", except for the version string, which was derived from "lua"
+    ;; and now is taken from "lua-5.2".  See this discussion for context:
+    ;; http://lists.gnu.org/archive/html/guix-devel/2017-01/msg02048.html
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         ;; `make install` isn't available, so we have to do it manually
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out"))
+                   (lua-version ,(version-major+minor (package-version lua-5.2))))
+               (install-file "lpeg.so"
+                             (string-append out "/lib/lua/" lua-version))
+               (install-file "re.lua"
+                             (string-append out "/share/lua/" lua-version))
+               #t))))
+       #:test-target "test"))
+    (inputs `(("lua", lua-5.2)))))
+
+;; Lua 5.3 is not supported.
+(define-public lua5.2-bitop
+  (package
+    (name "lua5.2-bitop")
+    (version "1.0.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://bitop.luajit.org/download/"
+                                  "LuaBitOp-" version ".tar.gz"))
+              (sha256
+               (base32
+                "16fffbrgfcw40kskh2bn9q7m3gajffwd2f35rafynlnd7llwj1qj"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:test-target "test"
+       #:make-flags
+       (list "INSTALL=install -pD"
+             (string-append "INSTALLPATH=printf "
+                            (assoc-ref %outputs "out")
+                            "/lib/lua/"
+                            ,(version-major+minor (package-version lua-5.2))
+                            "/bit/bit.so"))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure))))
+    (inputs `(("lua", lua-5.2)))
+    (home-page "http://bitop.luajit.org/index.html")
+    (synopsis "Bitwise operations on numbers for Lua")
+    (description
+     "Lua BitOp is a C extension module for Lua which adds bitwise operations
+on numbers.")
+    (license license:expat)))
diff --git a/gnu/packages/lxde.scm b/gnu/packages/lxde.scm
index dedaaee27b..e8db6271f5 100644
--- a/gnu/packages/lxde.scm
+++ b/gnu/packages/lxde.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Mathieu Lirzin <mthl@openmailbox.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -33,7 +34,7 @@
 (define-public libfm
   (package
     (name "libfm")
-    (version "1.2.4")
+    (version "1.2.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/pcmanfm/"
@@ -41,7 +42,7 @@
                                   "%29/LibFM/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0bsh4p7h2glhxf1cc1lvbxyb4qy0y1zsnl9izf7vrldkikrgc13q"))))
+                "0nlvfwh09gbq8bkbvwnw6iqr918rrs9gc9ljb9pjspyg408bn1n7"))))
     (build-system gnu-build-system)
     (inputs `(("glib" ,glib)
               ("gtk+" ,gtk+-2)))
@@ -143,16 +144,20 @@ toolkit.  It allows users to monitor and control of running processes.")
 (define-public lxterminal
   (package
     (name "lxterminal")
-    (version "0.2.0")
+    (version "0.3.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/lxde/LXTerminal"
                                   "%20%28terminal%20emulator%29/LXTerminal%20"
-                                  version "/" name "-" version ".tar.gz"))
+                                  version "/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1brb506vmnncih8nyvlrckrrn6msbsvz2vwbm7bsqwigcnchwjqp"))))
+                "1yf76s15zvfw0h42b0ay1slpq47khgjmcry8ki2z812zar9lchia"))))
     (build-system gnu-build-system)
+    (arguments
+     `(;; Tests for "po" fail with "No rule to make target '../src/encoding.c'
+       ;; needed by 'lxterminal.pot'. Stop."
+       #:tests? #f))
     (inputs `(("gtk+" ,gtk+-2)
               ("vte"  ,vte/gtk+-2)))
     (native-inputs `(("intltool"   ,intltool)
@@ -168,7 +173,7 @@ performance, all instances of the terminal are sharing a single process.")
 (define-public menu-cache
   (package
     (name "menu-cache")
-    (version "1.0.1")
+    (version "1.0.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/lxde/" name "/"
@@ -176,7 +181,7 @@ performance, all instances of the terminal are sharing a single process.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0ngxvwfj9drabqi3lyzgpi0d0za6431sy2ijb010filrj54jdiqa"))))
+                "1m8j40npykfcfqs43kc0fmksal2jfmfi8lnb3mq3xy1lvvrfv0vg"))))
     (build-system gnu-build-system)
     (inputs `(("glib"  ,glib)
               ("libfm" ,libfm-extra)))
@@ -190,7 +195,7 @@ speed up the access to freedesktop.org defined application menus.")
 (define-public pcmanfm
   (package
     (name "pcmanfm")
-    (version "1.2.4")
+    (version "1.2.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/" name "/"
@@ -198,7 +203,7 @@ speed up the access to freedesktop.org defined application menus.")
                                   "%29/PCManFM/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "04z3vd9si24yi4c8calqncdpb9b6mbj4cs4f3fs86i6j05gvpk9q"))))
+                "0rxdh0dfzc84l85c54blq42gczygq8adhr3l9hqzy1dp530cm1hc"))))
     (build-system gnu-build-system)
     ;; (#:configure-flags '("--sysconfdir=/etc")) suggested in README.
     (inputs `(("gtk+"   ,gtk+-2)
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 2060557514..a9b2cb3ec9 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
 ;;; Copyright © 2014 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2014 Julien Lepiller <julien@lepiller.eu>
@@ -15,11 +15,12 @@
 ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox.org>
 ;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2016 Troy Sankey <sankeytms@gmail.com>
-;;; Copyright © 2016 ng0 <ngillmann@runbox.com>
+;;; Copyright © 2016, 2017 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2016 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2016 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -79,6 +80,7 @@
   #:use-module (gnu packages flex)
   #:use-module (gnu packages gdb)
   #:use-module (gnu packages man)
+  #:use-module (gnu packages ruby)
   #:use-module (gnu packages samba)
   #:use-module (gnu packages screen)
   #:use-module (gnu packages tls)
@@ -86,11 +88,12 @@
   #:use-module (gnu packages web)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages xorg)
+  #:use-module (gnu packages docbook)
   #:use-module ((guix licenses)
                 #:select (gpl2 gpl2+ gpl3 gpl3+ lgpl2.1 lgpl2.1+ lgpl3+
                            non-copyleft (expat . license:expat) bsd-3
                            public-domain bsd-4 isc (openssl . license:openssl)
-                           bsd-2))
+                           bsd-2 x11-style))
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix git-download)
@@ -247,10 +250,87 @@ aliasing facilities to work just as they would on normal mail.")
 operating systems.")
     (license gpl2+)))
 
+(define-public neomutt
+  (package
+    (inherit mutt)
+    (name "neomutt")
+    (version "20170113")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/" name "/" name
+                           "/archive/" name "-" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0cqr77q263b5qcmdw6g0qixdpk6gmzgzpa03v226nr55v2ips9jg"))))
+    (inputs
+     `(("cyrus-sasl" ,cyrus-sasl)
+       ("gdbm" ,gdbm)
+       ("gpgme" ,gpgme)
+       ("ncurses" ,ncurses)
+       ("gnutls" ,gnutls)
+       ("openssl" ,openssl) ;For smime
+       ("perl" ,perl)
+       ("libxslt" ,libxslt)
+       ("libidn" ,libidn)
+       ("libxml2" ,libxml2)
+       ("docbook-xsl" ,docbook-xsl)
+       ("notmuch" ,notmuch)))
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("pkg-config" ,pkg-config)))
+    (arguments
+     `(#:configure-flags
+       (list "--enable-smtp"
+             "--enable-imap"
+             "--enable-pop"
+             "--enable-gpgme"
+
+             ;; database, implies header caching
+             "--without-tokyocabinet"
+             "--without-qdbm"
+             "--without-bdb"
+             "--without-lmdb"
+             "--with-gdbm"
+
+             "--with-gnutls"
+             "--without-ssl"
+             "--with-sasl"
+
+             "--with-regex"
+             "--enable-smime"
+             "--enable-notmuch"
+             "--with-idn"
+
+             ;; If we do not set this, neomutt wants to check
+             ;; whether the path exists, which it does not
+             ;; in the chroot. The workaround is this.
+             "--with-mailpath=/var/mail"
+
+             "--with-external-dotlock"
+             "--enable-nntp"
+             "--enable-compressed"
+
+             (string-append "--with-curses="
+                            (assoc-ref %build-inputs "ncurses")))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'autoconf
+           (lambda _
+             (zero? (system* "sh" "autoreconf" "-vfi")))))))
+    (home-page "https://www.neomutt.org/")
+    (synopsis "Command-line mail reader based on Mutt")
+    (description
+     "NeoMutt is a command-line mail reader which is based on mutt.
+It adds a large amount of features to mutt, and they all find their way
+into mutt, so it is not a fork but a large set of feature patches.")))
+
 (define-public gmime
   (package
     (name "gmime")
-    (version "2.6.20")
+    (version "2.6.22")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/gmime/"
@@ -258,7 +338,7 @@ operating systems.")
                                   "/gmime-" version ".tar.xz"))
               (sha256
                (base32
-                "0rfzbgsh8ira5p76kdghygl5i3fvmmx4wbw5rp7f8ajc4vxp18g0"))))
+                "0fjmsphvz8srsmcdl4v13p2z4jp2migaybyny444hal4snbr0py2"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
@@ -327,7 +407,7 @@ and corrections.  It is based on a Bayesian filter.")
 (define-public offlineimap
   (package
     (name "offlineimap")
-    (version "7.0.12")
+    (version "7.0.13")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/OfflineIMAP/offlineimap/"
@@ -335,7 +415,7 @@ and corrections.  It is based on a Bayesian filter.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1m1lp7wxnra8k7lsqc8xlm5giy3i89wvmp35jjb1gf4yslpddnkz"))))
+                "1kl72wcxnxb4y5lm2f7ymwjsisnnpwb4w971ajkxlsiwjhzq8i7p"))))
     (build-system python-build-system)
     (native-inputs
      `(("asciidoc" ,asciidoc)
@@ -377,6 +457,57 @@ can read the same mailbox from multiple computers.  It supports IMAP as REMOTE
 repository and Maildir/IMAP as LOCAL repository.")
     (license gpl2+)))
 
+(define-public emacs-mew
+  (package
+    (name "emacs-mew")
+    (version "6.7")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://mew.org/Release/mew-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "03fzky2kz73vgx4cbps2psbbnrgqgkk5q7jwfldisymkzr9iz03y"))))
+    (native-inputs
+     `(("emacs" ,emacs)))
+    (propagated-inputs
+     `(("ruby-sqlite3" ,ruby-sqlite3) ; optional for the database of messages
+       ("ruby" ,ruby))) ; to set GEM_PATH so ruby-sqlite3 is found at runtime
+    (build-system gnu-build-system)
+    (arguments
+     (let ((elisp-dir "/share/emacs/site-lisp/guix.d/mew")
+           (icon-dir  "/share/mew"))
+       `(#:modules ((guix build gnu-build-system)
+                    (guix build utils)
+                    (guix build emacs-utils))
+         #:imported-modules (,@%gnu-build-system-modules
+                             (guix build emacs-utils))
+         #:configure-flags
+         (list (string-append "--with-elispdir=" %output ,elisp-dir)
+               (string-append "--with-etcdir=" %output ,icon-dir))
+         #:phases
+         (modify-phases %standard-phases
+           (add-after 'configure 'patch-mew-icon-directory
+             (lambda* (#:key outputs #:allow-other-keys)
+               (emacs-substitute-sexps "mew-key.el"
+                 ("(def.* mew-icon-directory"
+                  `(progn
+                    (add-to-list 'image-load-path 'mew-icon-directory)
+                    ,(string-append (assoc-ref outputs "out") ,icon-dir))))
+               #t))
+           (add-after 'install 'generate-autoloads
+             (lambda* (#:key outputs #:allow-other-keys)
+               (emacs-generate-autoloads
+                "mew" (string-append (assoc-ref outputs "out") ,elisp-dir))
+               #t)))
+         #:tests? #f)))
+    (home-page "http://www.mew.org")
+    (synopsis "Emacs e-mail client")
+    (description "Mew (Messaging in the Emacs World) is a user interface
+for text messages, multimedia messages (MIME), news articles and
+security functionality including PGP, S/MIME, SSH, and SSL.")
+    (license bsd-3)))
+
 (define-public mu
   (package
     (name "mu")
@@ -733,6 +864,27 @@ provides an API for C language.  It's the low-level API used by MailCore and
 MailCore 2.")
     (license (non-copyleft "file://COPYING"))))
 
+(define-public compface
+  (package
+    (name "compface")
+    (version "1.5.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://ftp.heanet.ie/mirrors/"
+                                  "ftp.xemacs.org/aux/"
+                                  name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "09b89wg63hg502hsz592cd2h87wdprb1dq1k1y07n89hym2q56d6"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f))
+    (synopsis "Portrait image compressor")
+    (description "This packages takes your 48x48x1 portrait image and
+compresses it.")
+    (home-page "http://www.cs.indiana.edu/pub/faces/")
+    (license (x11-style "file://README"))))
+
 (define-public claws-mail
   (package
     (name "claws-mail")
@@ -1536,10 +1688,10 @@ powerful user customization features.")
                         "contrib/mmuegel" "devtools/bin/configure.sh")
                   (find-files "." ".*\\.m4")
                   (find-files "." ".*\\.cf"))
-               (("/bin/sh") (which "bash")))
+               (("/bin/sh") (which "sh")))
 
              (substitute* "devtools/bin/Build"
-               (("SHELL=/bin/sh") (string-append "SHELL=" (which "bash"))))
+               (("SHELL=/bin/sh") (string-append "SHELL=" (which "sh"))))
              #t))
          (replace 'configure
            (lambda _
@@ -1740,3 +1892,62 @@ the GNU Mailman 3 REST API.")
 
 (define-public python2-mailmanclient
   (package-with-python2 python-mailmanclient))
+
+(define-public mlmmj
+  (package
+    (name "mlmmj")
+    (version "1.2.19.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://mlmmj.org/releases/mlmmj-"
+                           version ".tar.bz2"))
+       (sha256
+        (base32
+         "1piwvcxkqadjwk5x8jicaiyz9nngmaj3w13ghdqgaki32xd7zk9v"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("perl" ,perl))) ; For "contrib/web/"
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (arguments
+     `(#:configure-flags
+       ;; mlmmj-receive-strip is a replacement for mlmmj-receive
+       ;; It opens the files control/mimedeny and control/mimestrip to get a list
+       ;; of mimetypes for parts of multipart/mime messages that should be denied
+       ;; or stripped. The parts then get stripped directly when the mail is
+       ;; received. mlmmj-receive-strip also appends an extra header
+       ;; X-ThisMailContainsUnwantedMimeParts: Y when the mail contains unwanted
+       ;; mime parts
+       (list "--enable-receive-strip")
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'install 'install-contrib
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (share (string-append out "/share/mlmmj"))
+                    (contrib (string-append share "/contrib/web"))
+                    (texts (string-append share "/listtexts")))
+               (copy-recursively "contrib/web/" contrib)
+               (copy-recursively "listtexts" texts)
+               (rename-file texts (string-append share "/texts"))
+               #t))))))
+    (home-page "http://mlmmj.org")
+    (synopsis "Mailing list managing made joyful")
+    (description
+     "Mlmmj is a simple and slim mailing list manager (MLM) inspired by ezmlm.
+It works with many different Mail Transport Agents (MTAs) and is simple for a
+system adminstrator to install, configure and integrate with other software.
+As it uses very few resources, and requires no daemons, it is ideal for
+installation on systems where resources are limited.  Its features include:
+@enumerate
+@item Archive, Custom headers / footer,
+@item Fully automated bounce handling (similar to ezmlm),
+@item Complete requeueing functionality, Moderation functionality, Subject prefix,
+@item Subscribers only posting, Regular expression access control,
+@item Functionality to retrieve old posts, Web interface, Digests,
+@item No-mail subscription, VERP support,
+@item Delivery Status Notification (RFC1891) support,
+@item Rich and customisable texts for automated operations.
+@end enumerate\n")
+    (license license:expat)))
diff --git a/gnu/packages/mate.scm b/gnu/packages/mate.scm
index fc4eb84864..8600539adf 100644
--- a/gnu/packages/mate.scm
+++ b/gnu/packages/mate.scm
@@ -70,7 +70,7 @@
                                   ".tar.xz"))
               (sha256
                (base32
-                "12p6xvqs8smbk9nivi43089fiw1jbb3g9836arr0sksmmziklnvy"))))
+                "1gsfzrcbwp7835pbilk7cvda8hjsf9g3gl4llbm61y9j7a4x2kn6"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index c1c7a24aa0..43b0d0a72a 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -12,9 +12,11 @@
 ;;; Copyright © 2015 Fabian Harfert <fhmgufs@web.de>
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
 ;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
-;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Thomas Danckaert <post@thomasdanckaert.be>
+;;; Copyright © 2017 Paul Garlick <pgarlick@tourbillion-technology.com>
+;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -37,6 +39,7 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix utils)
   #:use-module (guix build utils)
   #:use-module (guix build-system cmake)
@@ -252,7 +255,7 @@ numbers.")
 (define-public glpk
   (package
     (name "glpk")
-    (version "4.60")
+    (version "4.61")
     (source
      (origin
       (method url-fetch)
@@ -260,13 +263,13 @@ numbers.")
                           version ".tar.gz"))
       (sha256
        (base32
-        "15z2ymzqhxwss6wgdj5f7vkyqlqdsjgrvm0x871kmlx0n0664mhk"))))
+        "1adbvwiaqrv9pql9ry3lhn2vfsxnff2vh4fs477d90kpfx0xwrlq"))))
     (build-system gnu-build-system)
     (inputs
      `(("gmp" ,gmp)))
     (arguments
      `(#:configure-flags '("--with-gmp")))
-    (home-page "http://www.gnu.org/software/glpk/")
+    (home-page "https://www.gnu.org/software/glpk/")
     (synopsis "GNU Linear Programming Kit, supporting the MathProg language")
     (description
      "GLPK is a C library for solving large-scale linear programming (LP),
@@ -310,7 +313,7 @@ integer programming problems and computes Markov bases for statistics.")
     (source
      (origin
       (method url-fetch)
-      (uri (string-append "ftp://ftp.ifor.math.ethz.ch/pub/fukuda/cdd/cddlib-"
+      (uri (string-append "ftp://ftp.math.ethz.ch/users/fukudak/cdd/cddlib-"
                           (string-delete #\. version) ".tar.gz"))
       (sha256
        (base32
@@ -953,17 +956,72 @@ Work may be performed both at the interactive command-line as well as via
 script files.")
     (license license:gpl3+)))
 
+(define-public opencascade-oce
+  (package
+    (name "opencascade-oce")
+    (version "0.17.2")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append
+               "https://github.com/tpaviot/oce/archive/OCE-"
+               version
+               ".tar.gz"))
+        (sha256
+          (base32
+            "0vpmnb0k5y2f7lpmwx9pg9yfq24zjvnsak5alzacncfm1hv9b6cd"))))
+    (build-system cmake-build-system)
+    (arguments
+     '(#:configure-flags
+        (list "-DOCE_TESTING:BOOL=ON"
+              "-DOCE_USE_TCL_TEST_FRAMEWORK:BOOL=ON"
+              "-DOCE_DRAW:BOOL=ON"
+              (string-append "-DOCE_INSTALL_PREFIX:PATH="
+                        (assoc-ref %outputs "out"))
+              "-UCMAKE_INSTALL_RPATH")))
+    (inputs
+      `(("freetype" ,freetype)
+        ("glu" ,glu)
+        ("libxmu" ,libxmu)
+        ("mesa" ,mesa)
+        ("tcl" ,tcl)
+        ("tk" ,tk)))
+    (native-inputs
+      `(("python" ,python-wrapper)))
+    (home-page "https://github.com/tpaviot/oce")
+    (synopsis "Libraries for 3D modeling and numerical simulation")
+    (description
+     "Open CASCADE is a set of libraries for the development of applications
+dealing with 3D CAD data or requiring industrial 3D capabilities.  It includes
+C++ class libraries providing services for 3D surface and solid modeling, CAD
+data exchange, and visualization.  It is used for development of specialized
+software dealing with 3D models in design (CAD), manufacturing (CAM),
+numerical simulation (CAE), measurement equipment (CMM), and quality
+control (CAQ) domains.
+
+This is the ``Community Edition'' (OCE) of Open CASCADE, which gathers
+patches, improvements, and experiments contributed by users over the official
+Open CASCADE library.")
+    (license (list license:lgpl2.1; OCE libraries, with an exception for the
+                                  ; use of header files; see
+                                  ; OCCT_LGPL_EXCEPTION.txt
+                   license:public-domain; files
+                                  ; src/Standard/Standard_StdAllocator.hxx and
+                                  ; src/NCollection/NCollection_StdAllocator.hxx
+                   license:expat; file src/OpenGl/OpenGl_glext.h
+                   license:bsd-3)))); test framework gtest
+
 (define-public gmsh
   (package
     (name "gmsh")
-    (version "2.15.0")
+    (version "2.16.0")
     (source
      (origin
       (method url-fetch)
       (uri (string-append "http://gmsh.info/src/gmsh-"
                           version "-source.tgz"))
       (sha256
-       (base32 "02h7fk4vv8qwnq3ymm409c5sp4nksd0m9h2vkxqmy42l0ic4nalr"))
+       (base32 "1slf0bfkwrcgn6296wb4qhbk4ahz6i4wfb10hnim08x05vrylag8"))
       (modules '((guix build utils)))
       (snippet
        ;; Remove non-free METIS code
@@ -977,6 +1035,7 @@ script files.")
        ("lapack" ,lapack)
        ("mesa" ,mesa)
        ("glu" ,glu)
+       ("opencascade-oce" ,opencascade-oce)
        ("libx11" ,libx11)
        ("libxext" ,libxext)))
     (inputs
@@ -985,15 +1044,7 @@ script files.")
     (arguments
      `(#:configure-flags `("-DENABLE_METIS:BOOL=OFF"
                            "-DENABLE_BUILD_SHARED:BOOL=ON"
-                           "-DENABLE_BUILD_DYNAMIC:BOOL=ON")
-       #:phases (modify-phases %standard-phases
-                  (replace
-                   'check
-                   (lambda _
-                     (zero? (system* "make" "test"
-                                     ;; Disable this test.  See
-                                     ;; https://geuz.org/trac/gmsh/ticket/271
-                                     "ARGS=-E component8_in_a_box")))))))
+                           "-DENABLE_BUILD_DYNAMIC:BOOL=ON")))
     (home-page "http://www.geuz.org/gmsh/")
     (synopsis "3D finite element grid generator")
     (description "Gmsh is a 3D finite element grid generator with a built-in
@@ -1934,7 +1985,7 @@ point numbers.")
 (define-public wxmaxima
   (package
     (name "wxmaxima")
-    (version "16.12.0")
+    (version "16.12.2")
     (source
      (origin
        (method url-fetch)
@@ -1942,7 +1993,7 @@ point numbers.")
                            version "/" name "-" version ".tar.gz"))
        (sha256
         (base32
-         "01kas9viqabw5id6crbhz8ahjimmv78gqzizs5hgnj9kngrgrm1h"))))
+         "0y22zhyhyxj2cbhzvs9c4pxr44i55ryfy5xi96d39bg2nbgs9h22"))))
     (build-system gnu-build-system)
     (inputs
      `(("wxwidgets" ,wxwidgets)
@@ -2840,3 +2891,45 @@ instruction sets.  Thus, an application written with Vc can be compiled for:
 @end enumerate\n")
     (home-page "https://github.com/VcDevel/Vc")
     (license license:bsd-3)))
+
+(define-public reducelcs
+  ;; This is the last commit which is available upstream, no
+  ;; release happened since 2010.
+  (let ((commit "474f88deb968061abe8cf11c959e02319b8ae5c0")
+        (revision "1"))
+    (package
+      (name "reducelcs")
+      (version (string-append "1.0-" revision "." (string-take commit 7)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/gdv/Reduce-Expand-for-LCS")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "1rllzcfwc042c336mhq262a8ha90x6afq30kvk60r7i4761j4yjm"))))
+      (build-system gnu-build-system)
+      (inputs
+       `(("openlibm" ,openlibm)))
+      (arguments
+       `(#:tests? #f ; no tests
+         #:phases
+         (modify-phases %standard-phases
+           (delete 'configure) ; No configure script exists.
+           (replace 'install ; No install phase exists.
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out"))
+                      (bin (string-append out "/bin")))
+                 (install-file "Approximation" bin)
+                 (install-file "CollectResults" bin)
+                 (install-file "GenerateInstances" bin)
+                 #t))))))
+      (synopsis "Approximate Longest Commons Subsequence computation tool")
+      (description
+       "@code{reduceLCS} is an implementation of the Reduce-Expand
+algorithm for LCS.  It is a fast program to compute the approximate
+Longest Commons Subsequence of a set of strings.")
+      (home-page "https://github.com/gdv/Reduce-Expand-for-LCS")
+      (license license:gpl3+))))
diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
index 2be3b09695..9345e24263 100644
--- a/gnu/packages/messaging.scm
+++ b/gnu/packages/messaging.scm
@@ -3,9 +3,9 @@
 ;;; Copyright © 2014 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016 ng0 <ng0@libertad.pw>
+;;; Copyright © 2016, 2017 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2016 Andy Patterson <ajpatter@uwaterloo.ca>
 ;;; Copyright © 2016, 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
@@ -37,6 +37,7 @@
   #:use-module (guix build-system cmake)
   #:use-module (gnu packages)
   #:use-module (gnu packages aidc)
+  #:use-module (gnu packages aspell)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages avahi)
   #:use-module (gnu packages base)
@@ -77,7 +78,12 @@
   #:use-module (gnu packages xiph)
   #:use-module (gnu packages audio)
   #:use-module (gnu packages bison)
-  #:use-module (gnu packages fontutils))
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages bash)
+  #:use-module (gnu packages guile)
+  #:use-module (gnu packages less)
+  #:use-module (gnu packages readline)
+  #:use-module (gnu packages texinfo))
 
 (define-public libotr
   (package
@@ -110,37 +116,16 @@ keys, no previous conversation is compromised.")
     (home-page "https://otr.cypherpunks.ca/")
     (license (list license:lgpl2.1 license:gpl2))))
 
-;; These patches together fix https://github.com/bitlbee/bitlbee/pull/55, are
-;; already upstream, and should be unnecessary when the next bitlbee comes
-;; out.
-(define %bitlbee-buddy-nick-change-patch
-  (origin
-    (method url-fetch)
-    (uri "https://github.com/bitlbee/bitlbee/commit/a42fda42.patch")
-    (sha256
-     (base32
-      "1mzjhcdn0rxir5mzgqz9kv142ai38p1iq2lajqx89wb7x0bp51zx"))))
-(define %bitlbee-always-use-nicks-patch
-  (origin
-    (method url-fetch)
-    (uri "https://github.com/bitlbee/bitlbee/commit/3320d6d9.patch")
-    (sha256
-     (base32
-      "14d9kb5zdzh5hzakdvrbviz83rix0j2lq9rzb58b2fn92fp8yixd"))))
-
 (define-public bitlbee
   (package
     (name "bitlbee")
-    (version "3.4.2")
+    (version "3.5.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://get.bitlbee.org/src/bitlbee-"
                                   version ".tar.gz"))
               (sha256
-               (base32 "0mza8lnfwibmklz8hdzg4f7p83hblf4h6fbf7d732kzpvra5bj39"))
-              (patches
-               (list %bitlbee-buddy-nick-change-patch
-                     %bitlbee-always-use-nicks-patch))))
+               (base32 "0sgsn0fv41rga46mih3fyv65cvfa6rvki8x92dn7bczbi7yxfdln"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)
                      ("check" ,check)))
@@ -461,7 +446,7 @@ was initially a fork of xmpppy, but is using non-blocking sockets.")
 (define-public gajim
   (package
     (name "gajim")
-    (version "0.16.6")
+    (version "0.16.7")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://gajim.org/downloads/"
@@ -469,7 +454,7 @@ was initially a fork of xmpppy, but is using non-blocking sockets.")
                                   "/gajim-" version ".tar.bz2"))
               (sha256
                (base32
-                "1p3qwzy07f0wkika9yigyiq167l2k6wn12flqa7x55z4ihbysmqk"))))
+                "13sxz0hpvyj2yvcbsfqq9yn0hp1d1zsxsj40r0v16jlibha5da9n"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -492,12 +477,11 @@ was initially a fork of xmpppy, but is using non-blocking sockets.")
              #t)))))
     (native-inputs
      `(("intltool" ,intltool)))
-    (propagated-inputs
+    (inputs
      `(("python2-nbxmpp" ,python2-nbxmpp)
        ("python2-pyopenssl" ,python2-pyopenssl)
-       ("python2-gnupg" ,python2-gnupg)))
-    (inputs
-     `(("python2-pygtk" ,python2-pygtk)
+       ("python2-gnupg" ,python2-gnupg)
+       ("python2-pygtk" ,python2-pygtk)
        ("python" ,python-2)))
     (home-page "https://gajim.org/")
     (synopsis "Jabber (XMPP) client")
@@ -824,7 +808,7 @@ connect with friends and family without anyone else listening in.")
                (("mkdir -p \\$\\{DESTDIR\\}/usr") "")
                (("/usr/local") "")
                (("/usr") "")
-               (("#!/bin/sh") (string-append "#!" (which "bash")))
+               (("#!/bin/sh") (string-append "#!" (which "sh")))
                (("python2") (which "python"))
                (("/opt/openssl-compat-bitcoin/lib/")
                 (string-append (assoc-ref inputs "openssl") "/lib/")))
@@ -1120,4 +1104,123 @@ Conferencing (PSYC).  psycLPC is a fork of LDMud with some new features and
 many bug fixes.")
     (license license:gpl2))))
 
+(define-public loudmouth
+  (package
+    (name "loudmouth")
+    (version "1.5.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://mcabber.com/files/loudmouth/"
+                           name "-" version ".tar.bz2"))
+       (sha256
+        (base32
+         "0b6kd5gpndl9nzis3n6hcl0ldz74bnbiypqgqa1vgb0vrcar8cjl"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("glib" ,glib)
+       ("gnutls" ,gnutls)
+       ("libidn" ,libidn)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("check" ,check)
+       ("glib" ,glib "bin") ; gtester
+       ("gtk-doc" ,gtk-doc)))
+    (home-page "https://mcabber.com/")
+    (description
+     "Loudmouth is a lightweight and easy-to-use C library for programming
+with the XMPP (formerly known as Jabber) protocol.  It is designed to be
+easy to get started with and yet extensible to let you do anything the XMPP
+protocol allows.")
+    (synopsis "Asynchronous XMPP library")
+    ;; The files have LGPL2.0+ headers, but COPYING specifies LGPL2.1.
+    (license license:lgpl2.0+)))
+
+(define-public mcabber
+  (package
+    (name "mcabber")
+    (version "1.0.5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://mcabber.com/files/"
+                           name "-" version ".tar.bz2"))
+       (sha256
+        (base32
+         "0ixdzk5b3s31a4bdfqgqrsiq7vbgdzhqr49p9pz9cq9bgn0h1wm0"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:configure-flags (list "--enable-otr"
+                               "--enable-aspell")))
+    (inputs
+     `(("gpgme" ,gpgme)
+       ("libotr" ,libotr)
+       ("aspell" ,aspell)
+       ("libidn" ,libidn)
+       ("glib" ,glib)
+       ("ncurses" ,ncurses)
+       ("loudmouth" ,loudmouth)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "https://mcabber.com")
+    (description
+     "Mcabber is a small XMPP (Jabber) console client, which includes features
+such as SASL and TLS support, @dfn{Multi-User Chat} (MUC) support, logging,
+command-completion, OpenPGP encryption, @dfn{Off-the-Record Messaging} (OTR)
+support, and more.")
+    (synopsis "Small XMPP console client")
+    (license license:gpl2+)))
+
+(define-public freetalk
+  (package
+    (name "freetalk")
+    (version "4.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnu/freetalk/freetalk-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "1rmrn7a1bb7vm26yaklrvx008a9qhwc32s57dwrlf40lv9gffwny"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'autogen
+           (lambda _
+             (zero? (system* "sh" "autogen.sh"))))
+         ;; For 'system' commands in Scheme code.
+         (add-after 'install 'wrap-program
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((out       (assoc-ref outputs "out"))
+                    (bash      (assoc-ref inputs "bash"))
+                    (coreutils (assoc-ref inputs "coreutils"))
+                    (less      (assoc-ref inputs "less")))
+               (wrap-program (string-append out "/bin/freetalk")
+                 `("PATH" ":" prefix
+                   ,(map (lambda (dir)
+                           (string-append dir "/bin"))
+                         (list bash coreutils less))))
+               #t))))))
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("pkg-config" ,pkg-config)
+       ("texinfo" ,texinfo)))
+    (inputs
+     `(("bash" ,bash)
+       ("glib" ,glib)
+       ("guile" ,guile-2.0)
+       ("less" ,less)
+       ("loudmouth" ,loudmouth)
+       ("readline" ,readline)))
+    (synopsis "Extensible console-based Jabber client")
+    (description
+     "GNU Freetalk is a command-line Jabber/XMPP chat client.  It notably uses
+the Readline library to handle input, so it features convenient navigation of
+text as well as tab-completion of buddy names, commands and English words.  It
+is also scriptable and extensible via Guile.")
+    (home-page "https://www.gnu.org/software/freetalk")
+    (license license:gpl3+)))
+
 ;;; messaging.scm ends here
diff --git a/gnu/packages/mg.scm b/gnu/packages/mg.scm
index a315dfed33..5df6770009 100644
--- a/gnu/packages/mg.scm
+++ b/gnu/packages/mg.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.org>
+;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -21,44 +22,55 @@
   #:use-module (guix download)
   #:use-module (guix packages)
   #:use-module (guix build-system gnu)
+  #:use-module (gnu packages libbsd)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages pkg-config))
 
 (define-public mg
   (package
     (name "mg")
-    (version "20050429")
+    (version "20161005")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://homepage.boetes.org/software/mg/mg-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "19kib0aha4a40izzds7r63qfb2akq4sily6k28fl0n0zdgq0cna1"))
+                "0qaydk2cy765n9clghmi5gdnpwn15y2v0fj6r0jcm0v7d89vbz5p"))
               (modules '((guix build utils)))
               (snippet
                '(begin
-                  (substitute* "Makefile.in"
-                    (("-Werror") "")
-                    (("-lcurses") "-lncurses")
-                    (("/usr/bin/install") "install -D")
-                    (("/usr/bin/strip") "strip"))))))
+                  (substitute* "GNUmakefile"
+                    (("/usr/bin/") ""))))))
     (build-system gnu-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
     (inputs
-     `(("ncurses" ,ncurses)))
+     `(("libbsd" ,libbsd)
+       ("ncurses" ,ncurses)))
     (arguments
      ;; No test suite available.
      '(#:tests? #f
-       #:phases (alist-cons-before
-                 'configure 'pre-configure
-                 (lambda* (#:key outputs #:allow-other-keys)
-                   (substitute* "Makefile.in"
-                     (("(prefix=[[:blank:]]*)/usr/local" all prefix)
-                      (string-append prefix (assoc-ref outputs "out")))))
-                 %standard-phases)))
+       #:make-flags (list (string-append "prefix=" %output)
+                          "CURSES_LIBS=-lncurses"
+                          "CC=gcc")
+       #:phases (modify-phases %standard-phases
+                  (delete 'configure)
+                  (add-before 'install 'patch-tutorial-location
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      (substitute* "mg.1"
+                        (("/usr") (assoc-ref outputs "out")))
+                      #t))
+                  (add-after 'install 'install-tutorial
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      (let* ((out (assoc-ref outputs "out"))
+                             (doc (string-append out "/share/doc/mg")))
+                        (install-file "tutorial" doc)
+                        #t))))))
     (home-page "http://homepage.boetes.org/software/mg/")
     (synopsis "Microscopic GNU Emacs clone")
     (description
-     "mg is Micro GNU Emacs; this is a portable version of the mg maintained
-by the OpenBSD team.")
+     "Mg (mg) is a GNU Emacs style editor, with which it is \"broadly\"
+compatible.  This is a portable version of the mg maintained by the OpenBSD
+team.")
     (license public-domain)))
diff --git a/gnu/packages/mit-krb5.scm b/gnu/packages/mit-krb5.scm
deleted file mode 100644
index 3299c7b5c4..0000000000
--- a/gnu/packages/mit-krb5.scm
+++ /dev/null
@@ -1,86 +0,0 @@
-;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
-;;;
-;;; This file is part of GNU Guix.
-;;;
-;;; GNU Guix is free software; you can redistribute it and/or modify it
-;;; under the terms of the GNU General Public License as published by
-;;; the Free Software Foundation; either version 3 of the License, or (at
-;;; your option) any later version.
-;;;
-;;; GNU Guix is distributed in the hope that it will be useful, but
-;;; WITHOUT ANY WARRANTY; without even the implied warranty of
-;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-;;; GNU General Public License for more details.
-;;;
-;;; You should have received a copy of the GNU General Public License
-;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
-
-(define-module (gnu packages mit-krb5)
-  #:use-module (gnu packages)
-  #:use-module (gnu packages bison)
-  #:use-module (gnu packages perl)
-  #:use-module (guix licenses)
-  #:use-module (guix packages)
-  #:use-module (guix download)
-  #:use-module (guix utils)
-  #:use-module (guix build-system gnu))
-
-(define-public mit-krb5
-  (package
-    (name "mit-krb5")
-    (version "1.14.3")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
-                                  (version-major+minor version)
-                                  "/krb5-" version ".tar.gz"))
-              (sha256
-               (base32
-                "1jgjiyh1sp72lkxvk437lz5hzcibvw99jc4ihzfz03fg43aj0ind"))))
-    (build-system gnu-build-system)
-    (native-inputs
-     `(("bison" ,bison)
-       ("perl" ,perl)))
-    (arguments
-     `(;; Work around "No rule to make target '../../include/gssapi/gssapi.h',
-       ;; needed by 'authgss_prot.so'."
-       #:parallel-build? #f
-
-       ;; Likewise with tests.
-       #:parallel-tests? #f
-
-       ;; XXX: On 32-bit systems, 'kdb5_util' hangs on an fcntl/F_SETLKW call
-       ;; while running the tests in 'src/tests'.
-       #:tests? ,(string=? (%current-system) "x86_64-linux")
-
-       #:phases
-       (modify-phases %standard-phases
-         (add-after 'unpack 'enter-source-directory
-           (lambda _
-             (chdir "src")
-             #t))
-         (add-before 'check 'pre-check
-           (lambda* (#:key inputs #:allow-other-keys)
-             (let ((perl (assoc-ref inputs "perl")))
-               (substitute* "plugins/kdb/db2/libdb2/test/run.test"
-                 (("/bin/cat") (string-append perl "/bin/perl"))
-                 (("D/bin/sh") (string-append "D" (which "bash")))
-                 (("bindir=/bin/.") (string-append "bindir=" perl "/bin"))))
-
-             ;; avoid service names since /etc/services is unavailable
-             (substitute* "tests/resolve/Makefile"
-               (("-p telnet") "-p 23"))
-             #t)))))
-    (synopsis "MIT Kerberos 5")
-    (description
-     "Massachusetts Institute of Technology implementation of Kerberos.
-Kerberos is a network authentication protocol designed to provide strong
-authentication for client/server applications by using secret-key
-cryptography.")
-    (license (non-copyleft "file://NOTICE"
-                           "See NOTICE in the distribution."))
-    (home-page "http://web.mit.edu/kerberos/")))
diff --git a/gnu/packages/mpd.scm b/gnu/packages/mpd.scm
index 5231c3f7f7..b817f1cf27 100644
--- a/gnu/packages/mpd.scm
+++ b/gnu/packages/mpd.scm
@@ -31,6 +31,7 @@
   #:use-module (guix build-system python)
   #:use-module (gnu packages avahi)
   #:use-module (gnu packages boost)
+  #:use-module (gnu packages gcc) ; GCC@5 for MPD >= 0.20
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages gtk)
@@ -74,7 +75,7 @@ interfacing MPD in the C, C++ & Objective C languages.")
 (define-public mpd
   (package
     (name "mpd")
-    (version "0.19.21")
+    (version "0.20.4")
     (source (origin
               (method url-fetch)
               (uri
@@ -83,7 +84,7 @@ interfacing MPD in the C, C++ & Objective C languages.")
                               "/mpd-" version ".tar.xz"))
               (sha256
                (base32
-                "0c0p61p3jfh89pnqwd9nrw55krfvvnzhkpdq53g6njvg0aybh1c3"))))
+                "0a4psqsf71vc6hfgyv55jclsx8yb7lf4w840qlq6cq8j3hsjaavi"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -116,7 +117,8 @@ interfacing MPD in the C, C++ & Objective C languages.")
               ("pulseaudio" ,pulseaudio)
               ("sqlite" ,sqlite)
               ("zlib" ,zlib)))
-    (native-inputs `(("pkg-config" ,pkg-config)))
+    (native-inputs `(("gcc" ,gcc-5) ; Fails to build with GCC@4.
+                     ("pkg-config" ,pkg-config)))
     ;; Missing optional inputs:
     ;;   libyajl
     ;;   libcdio_paranoia
diff --git a/gnu/packages/mtools.scm b/gnu/packages/mtools.scm
index 34bcb5d803..4261162427 100644
--- a/gnu/packages/mtools.scm
+++ b/gnu/packages/mtools.scm
@@ -48,7 +48,7 @@ FAT-specific file attributes.")
 (define-public exfat-utils
   (package
     (name "exfat-utils")
-    (version "1.2.5")
+    (version "1.2.6")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -56,7 +56,7 @@ FAT-specific file attributes.")
                     version "/" name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1qhvjd6dmzhxjdnm4cklajbr03wsjjvkxrsjij517a33napcl93s"))))
+                "0hxcz0y3rd79nycjlzaca9wh9qj64rw8rzm0xk4jk9ljry96csxr"))))
     (build-system gnu-build-system)
     (home-page "https://github.com/relan/exfat")
     (synopsis "Utilities to manipulate exFAT file systems")
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index f34abbce77..b603b0580e 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
 ;;; Copyright © 2016 Al McElrath <hello@yrns.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
@@ -8,6 +8,7 @@
 ;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
 ;;; Copyright © 2016 John J. Foerch <jjfoerch@earthlink.net>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
+;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -842,7 +843,7 @@ your own lessons.")
 (define-public powertabeditor
   (package
     (name "powertabeditor")
-    (version "2.0.0-alpha8")
+    (version "2.0.0-alpha9")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -851,27 +852,20 @@ your own lessons.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0gaa2x209v3azql8ak3r1n9a9qbxjx2ssirvwdxwklv2lmfqkm82"))
+                "1zjdz1qpkl83xr6dkap8airqcyjs3mxc5dzfyhrrvkyr7dics7ii"))
               (modules '((guix build utils)))
               (snippet
                '(begin
                   ;; Remove bundled sources for external libraries
                   (delete-file-recursively "external")
+                  ;; Use only system libraries
                   (substitute* "CMakeLists.txt"
-                    (("include_directories\\(\\$\\{PROJECT_SOURCE_DIR\\}/external/.*") "")
-                    (("add_subdirectory\\(external\\)") ""))
-                  (substitute* "test/CMakeLists.txt"
-                    (("include_directories\\(\\$\\{PROJECT_SOURCE_DIR\\}/external/.*") ""))
-
-                  ;; Add install target
-                  (substitute* "source/CMakeLists.txt"
-                    (("qt5_use_modules")
-                     (string-append
-                      "install(TARGETS powertabeditor "
-                      "RUNTIME DESTINATION ${CMAKE_INSTALL_PREFIX}/bin)\n"
-                      "install(FILES data/tunings.json DESTINATION "
-                      "${CMAKE_INSTALL_PREFIX}/share/powertabeditor/)\n"
-                      "qt5_use_modules")))
+                    (("include\\( PTE_ThirdParty \\)")
+                     "\
+include(third_party/Qt)
+include(third_party/boost)
+add_library( Catch INTERFACE IMPORTED )
+add_library( rapidjson INTERFACE IMPORTED )"))
                   #t))))
     (build-system cmake-build-system)
     (arguments
@@ -882,42 +876,45 @@ your own lessons.")
        ;; CMake appears to lose the RUNPATH for some reason, so it has to be
        ;; explicitly set with CMAKE_INSTALL_RPATH.
        (list "-DCMAKE_BUILD_WITH_INSTALL_RPATH=TRUE"
-             "-DCMAKE_ENABLE_PRECOMPILED_HEADERS=OFF" ; if ON pte_tests cannot be built
              (string-append "-DCMAKE_INSTALL_RPATH="
                             (string-join (map (match-lambda
                                                 ((name . directory)
                                                  (string-append directory "/lib")))
-                                              %build-inputs) ";")))
+                                              %build-inputs) ";"))
+             "-DPTE_DATA_DIR=share/powertabeditor")
        #:phases
        (modify-phases %standard-phases
-         (replace
-          'check
-          (lambda _
-            (zero? (system* "bin/pte_tests"
-                            ;; Exclude this failing test
-                            "~Formats/PowerTabOldImport/Directions"))))
-         (add-before
-          'configure 'fix-tests
-          (lambda _
-            ;; Tests cannot be built with precompiled headers
-            (substitute* "test/CMakeLists.txt"
-              (("cotire\\(pte_tests\\)") ""))
-            #t))
-         (add-before
-          'configure 'remove-third-party-libs
-          (lambda* (#:key inputs #:allow-other-keys)
-            ;; Link with required static libraries, because we're not
-            ;; using the bundled version of withershins.
-            (substitute* '("source/CMakeLists.txt"
-                           "test/CMakeLists.txt")
-              (("target_link_libraries\\((powertabeditor|pte_tests)" _ target)
-               (string-append "target_link_libraries(" target " "
-                              (assoc-ref inputs "binutils")
-                              "/lib/libbfd.a "
-                              (assoc-ref inputs "libiberty")
-                              "/lib/libiberty.a "
-                              "dl")))
-            #t)))))
+         (replace 'check
+           (lambda _
+             (zero? (system* "bin/pte_tests"
+                             ;; FIXME: one test fails.
+                             "exclude:Formats/PowerTabOldImport/Directions"))))
+         (add-after 'unpack 'set-target-directories
+           (lambda _
+             (substitute* "cmake/PTE_Executable.cmake"
+               (("set\\( install_dir.*")
+                "set( install_dir bin )\n"))
+             (substitute* "cmake/PTE_Paths.cmake"
+               (("set\\( PTE_DATA_DIR .*")
+                "set( PTE_DATA_DIR share/powertabeditor )\n"))
+             ;; Tests hardcode the data directory as "data"
+             (substitute* "test/CMakeLists.txt"
+               (("\\$\\{PTE_DATA_DIR\\}") "data"))
+             #t))
+         (add-before 'configure 'remove-third-party-libs
+           (lambda* (#:key inputs #:allow-other-keys)
+             ;; Link with required static libraries, because we're not
+             ;; using the bundled version of withershins.
+             (substitute* "source/build/CMakeLists.txt"
+               (("withershins" line)
+                (string-append line "\n"
+                               (assoc-ref inputs "binutils")
+                               "/lib/libbfd.a\n"
+                               (assoc-ref inputs "libiberty")
+                               "/lib/libiberty.a\n"
+                               "dl\n"
+                               "z\n")))
+             #t)))))
     (inputs
      `(("boost" ,boost)
        ("alsa-lib" ,alsa-lib)
@@ -1687,6 +1684,35 @@ synths, microtonal capabilities, custom envelopes, effects, etc.  Yoshimi
 improves on support for JACK features, such as JACK MIDI.")
     (license license:gpl2)))
 
+(define-public libgig
+  (package
+    (name "libgig")
+    (version "4.0.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://download.linuxsampler.org/packages/"
+                                  "libgig-" version ".tar.bz2"))
+              (sha256
+               (base32
+                "1wr8mwjmqpnyz6bx9757lspiii1zzn8zfbqsvn2ipzpgqkxv6kaz"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("libuuid" ,util-linux)
+       ("libsndfile" ,libsndfile)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "http://linuxsampler.org/libgig/")
+    (synopsis "C++ library for working with Gigasampler (.gig) files")
+    (description
+     "Libgig is a C++ library for loading, modifying existing and creating new
+Gigasampler (.gig) files and DLS (Downloadable Sounds) Level 1/2 files, KORG
+sample based instruments (.KSF and .KMP files), SoundFont v2 (.sf2) files and
+AKAI sampler data.  The package includes a couple of command line tools based
+on the library.")
+    ;; The library and tools are released under the GPL, except the AKAI
+    ;; classes which are released under the LGPL.
+    (license (list license:gpl2+ license:lgpl2.1+))))
+
 (define-public jack-keyboard
   (package
     (name "jack-keyboard")
@@ -2746,3 +2772,51 @@ collections and wantlists, inventory, and orders.")
 
 (define-public python2-discogs-client
   (package-with-python2 python-discogs-client))
+
+(define-public libsmf
+  (package
+    (name "libsmf")
+    (version "1.3")
+    (source
+     (origin
+       (method url-fetch)
+       ;; SF download page says development moved, but the link it points to
+       ;; is gone (https://github.com/nilsgey/libsmf).  Someone else adopted
+       ;; it but made no release so far (https://github.com/stump/libsmf).
+       (uri (string-append "mirror://sourceforge/libsmf/libsmf/"
+                           version "/libsmf-" version ".tar.gz"))
+       (sha256
+        (base32
+         "16c0n40h0r56gzbh5ypxa4dwp296dan3jminml2qkb4lvqarym6k"))))
+    (build-system gnu-build-system)
+    (outputs '("out"
+               "static")) ; 88KiB of .a files
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'move-static-libraries
+           (lambda* (#:key outputs #:allow-other-keys)
+             ;; Move static libraries to the "static" output.
+             (let* ((out    (assoc-ref outputs "out"))
+                    (lib    (string-append out "/lib"))
+                    (static (assoc-ref outputs "static"))
+                    (slib   (string-append static "/lib")))
+               (mkdir-p slib)
+               (for-each (lambda (file)
+                           (install-file file slib)
+                           (delete-file file))
+                         (find-files lib "\\.a$"))
+               #t))))))
+    (inputs
+     `(("readline" ,readline)
+       ("glib" ,glib)))
+    (native-inputs
+     `(("doxygen" ,doxygen)
+       ("pkg-config" ,pkg-config)))
+    (home-page "http://libsmf.sourceforge.net/")
+    (synopsis "Standard MIDI File format library")
+    (description
+     "LibSMF is a C library for handling SMF (\"*.mid\") files.  It transparently handles
+conversions between time and pulses, tempo map handling and more.  The only dependencies
+are a C compiler and glib.  Full API documentation and examples are included.")
+    (license license:bsd-2)))
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 8258b39671..a10fbfed92 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015, 2016 Stefan Reichör <stefan@xsteve.at>
@@ -53,7 +53,7 @@
   #:use-module (gnu packages libidn)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages lua)
-  #:use-module (gnu packages mit-krb5)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages pcre)
   #:use-module (gnu packages perl)
@@ -469,7 +469,7 @@ which can be used to encrypt a password with @code{crypt(3)}.")
 (define-public wireshark
   (package
     (name "wireshark")
-    (version "2.2.3")
+    (version "2.2.4")
     (synopsis "Network traffic analyzer")
     (source
      (origin
@@ -478,7 +478,7 @@ which can be used to encrypt a password with @code{crypt(3)}.")
                            version ".tar.bz2"))
        (sha256
         (base32
-         "0fsrvl6sp772g2q2j24h10h9lfda6q67x7wahjjm8849i2gciflp"))))
+         "049r5962yrajhhz9r4dsnx403dab50d6091y2mw298ymxqszp9s2"))))
     (build-system glib-or-gtk-build-system)
     (inputs `(("bison" ,bison)
               ("c-ares" ,c-ares)
@@ -879,15 +879,15 @@ sockets in Perl.")
 (define-public proxychains-ng
   (package
     (name "proxychains-ng")
-    (version "4.11")
+    (version "4.12")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/rofl0r/" name "/releases/"
                                   "download/v" version "/" name "-" version
-                                  ".tar.bz2"))
+                                  ".tar.xz"))
               (sha256
                (base32
-                "1dkncdzw852488gkh5zhn4b5i03qyj8rgh1wcvcva7yd12c19i6w"))))
+                "0kiss3ih6cwayzvqi5cx4kw4vh7r2kfxlbgk56v1f1066ncm8aj8"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; there are no tests
@@ -1060,3 +1060,62 @@ suddenly a lot of network traffic, you can fire up NetHogs and immediately see
 which PID is causing this.  This makes it easy to identify programs that have
 gone wild and are suddenly taking up your bandwidth.")
     (license license:gpl2+)))
+
+(define-public openvswitch
+  (package
+    (name "openvswitch")
+    (version "2.6.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "http://openvswitch.org/releases/openvswitch-"
+                    version ".tar.gz"))
+              (sha256
+               (base32
+                "036gq741j9kqsjlp693nff838c9wjd1c56nswl9vyyd1lsmj0yrh"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(;; FIXME: many tests fail with:
+       ;;    […]
+       ;;    test -e $OVS_RUNDIR/ovs-vswitchd.pid
+       ;;    ovs-appctl -t ovs-vswitchd exit
+       ;;    hard failure
+       #:tests? #f
+       #:configure-flags
+       '("--enable-shared"
+         "--localstatedir=/var"
+         "--with-dbdir=/var/lib/openvswitch")
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'install
+           (lambda _
+             (zero? (system* "make"
+                             ;; Don't try to create directories under /var.
+                             "RUNDIR=/tmp"
+                             "PKIDIR=/tmp"
+                             "LOGDIR=/tmp"
+                             "DBDIR=/tmp"
+                             "install")))))))
+    (native-inputs
+     `(("perl" ,perl)
+       ("pkg-config" ,pkg-config)
+       ("python" ,python-2)
+       ;; for testing
+       ("util-linux" ,util-linux)))
+    (propagated-inputs
+     `(("python-six" ,python2-six)))
+    (inputs
+     `(("libcap-ng" ,libcap-ng)
+       ("openssl" ,openssl)))
+    (synopsis "Virtual network switch")
+    (home-page "http://www.openvswitch.org/")
+    (description
+     "Open vSwitch is a multilayer virtual switch.  It is designed to enable
+massive network automation through programmatic extension, while still
+supporting standard management interfaces and protocols (e.g. NetFlow, sFlow,
+IPFIX, RSPAN, CLI, LACP, 802.1ag).")
+    (license                            ; see debian/copyright for detail
+     (list license:lgpl2.1              ; xenserver and utilities/bugtool
+           license:gpl2                 ; datapath
+           license:bsd-2 license:bsd-3
+           license:asl2.0))))           ; all other
diff --git a/gnu/packages/nfs.scm b/gnu/packages/nfs.scm
index 650a2af0d6..f18fe6cb51 100644
--- a/gnu/packages/nfs.scm
+++ b/gnu/packages/nfs.scm
@@ -22,7 +22,7 @@
   #:use-module (gnu packages databases)
   #:use-module (gnu packages gsasl)
   #:use-module (gnu packages libevent)
-  #:use-module (gnu packages mit-krb5)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages onc-rpc)
   #:use-module (gnu packages pkg-config)
   #:use-module (guix build-system cmake)
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 617dffc937..2df7816b59 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -64,7 +64,7 @@
                             "lib/internal/v8_prof_polyfill.js"
                             "test/parallel/test-stdio-closed.js")
                (("'/bin/sh'")
-                (string-append "'" (which "bash") "'")))
+                (string-append "'" (which "sh") "'")))
 
              ;; Fix hardcoded /usr/bin/env references.
              (substitute* '("test/parallel/test-child-process-default-options.js"
diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm
index 93020f1c06..9a0bc91128 100644
--- a/gnu/packages/ocaml.scm
+++ b/gnu/packages/ocaml.scm
@@ -32,18 +32,22 @@
   #:use-module (gnu packages emacs)
   #:use-module (gnu packages gcc)
   #:use-module (gnu packages ghostscript)
+  #:use-module (gnu packages glib)
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages gtk)
+  #:use-module (gnu packages libevent)
   #:use-module (gnu packages lynx)
   #:use-module (gnu packages m4)
   #:use-module (gnu packages multiprecision)
   #:use-module (gnu packages ncurses)
+  #:use-module (gnu packages pcre)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
   #:use-module (gnu packages tex)
   #:use-module (gnu packages texinfo)
   #:use-module (gnu packages time)
+  #:use-module (gnu packages tls)
   #:use-module (gnu packages version-control)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages xorg)
@@ -62,6 +66,46 @@
                  (number->string file-number) "/" name "-" version
                  ".tar.gz"))
 
+;; Janestreet packages are found in a similar way and all need the same patch.
+(define (janestreet-origin name version hash)
+  (origin (method url-fetch)
+          (uri (string-append "https://ocaml.janestreet.com/ocaml-core/"
+                              (version-major+minor version) "/files/"
+                              name "-" version ".tar.gz"))
+          (sha256 (base32 hash))
+          (modules '((guix build utils)))
+          (snippet
+           (let ((pattern (string-append "lib/" name)))
+             `(begin
+                ;; install.ml contains an invalid reference to the ppx file and
+                ;; propagates this error to the generated META file.  It
+                ;; looks for it in the "lib" directory, but it is installed in
+                ;; "lib/ocaml/site-lib/package".  This substitute does not change
+                ;; this file for non ppx packages.
+                (substitute* "install.ml"
+                  ((,pattern) (string-append "lib/ocaml/site-lib/" ,name)))
+                ;; The standard Makefile would try to install janestreet modules
+                ;; in OCaml's directory in the store, which is read-only.
+                (substitute* "Makefile"
+                  (("--prefix")
+                   "--libdir $(LIBDIR) --prefix")))))))
+
+;; They also require almost the same set of arguments
+(define janestreet-arguments
+  `(#:use-make? #t
+    #:make-flags
+    (list (string-append "CONFIGUREFLAGS=--prefix "
+                         (assoc-ref %outputs "out")
+                         " --enable-tests")
+          (string-append "LIBDIR="
+                         (assoc-ref %outputs "out")
+                         "/lib/ocaml/site-lib")
+          ;; for ocaml-bin-prot, otherwise ignored
+          (string-append "OCAML_TOPLEVEL_PATH="
+                         (assoc-ref %build-inputs "findlib")
+                         "/lib/ocaml/site-lib"))
+    #:phases (modify-phases %standard-phases (delete 'configure))))
+
 (define-public ocaml
   (package
     (name "ocaml")
@@ -804,10 +848,19 @@ other XUnit testing frameworks.")
      `(#:phases
        (modify-phases %standard-phases
          (delete 'configure)
-         (add-before 'install 'fix-install-name
-           (lambda* (#:key #:allow-other-keys)
-             (substitute* "Makefile"
-               (("install zip") "install camlzip")))))
+         (add-after 'install 'install-camlzip
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (dir (string-append out "/lib/ocaml/site-lib/camlzip")))
+               (mkdir-p dir)
+               (call-with-output-file (string-append dir "/META")
+                 (lambda (port)
+                   (format port "version=\"1.06\"\n")
+                   (format port "requires=\"unix\"\n")
+                   (format port "archive(byte)=\"zip.cma\"\n")
+                   (format port "archive(native)=\"zip.cmxa\"\n")
+                   (format port "archive(native,plugin)=\"zip.cmxs\"\n")
+                   (format port "directory=\"../zip\"\n")))))))
        #:install-target "install-findlib"
        #:make-flags
        (list "all" "allopt"
@@ -1218,3 +1271,757 @@ module automatically handles syntax errors, help messages and UNIX man page
 generation. It supports programs with single or multiple commands and respects
 most of the POSIX and GNU conventions.")
     (license license:bsd-3)))
+
+(define-public ocaml-fmt
+  (package
+    (name "ocaml-fmt")
+    (version "0.8.0")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "http://erratique.ch/software/fmt/releases/fmt-"
+                            version ".tbz"))
+        (sha256 (base32
+                  "16y7ibndnairb53j8a6qgipyqwjxncn4pl9jiw5bxjfjm59108px"))))
+    (build-system ocaml-build-system)
+    (native-inputs `(("opam" ,opam)
+                     ("topkg" ,ocaml-topkg)))
+    (propagated-inputs `(("result" ,ocaml-result)
+                         ("cmdliner" ,ocaml-cmdliner)))
+    (arguments `(#:tests? #f
+                 #:build-flags (list "build" "--with-base-unix" "true"
+                                     "--with-cmdliner" "true")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (delete 'configure))))
+    (home-page "http://erratique.ch/software/fmt")
+    (synopsis "OCaml Format pretty-printer combinators")
+    (description "Fmt exposes combinators to devise Format pretty-printing
+functions.")
+    (license license:isc)))
+
+(define-public ocaml-astring
+  (package
+    (name "ocaml-astring")
+    (version "0.8.3")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "http://erratique.ch/software/astring/releases/astring-"
+                            version ".tbz"))
+        (sha256 (base32
+                  "0ixjwc3plrljvj24za3l9gy0w30lsbggp8yh02lwrzw61ls4cri0"))))
+    (build-system ocaml-build-system)
+    (native-inputs `(("opam" ,opam)
+                     ("topkg" ,ocaml-topkg)))
+    (arguments `(#:tests? #f
+                 #:build-flags (list "build")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (delete 'configure))))
+    (home-page "http://erratique.ch/software/astring")
+    (synopsis "Alternative String module for OCaml")
+    (description "Astring exposes an alternative String module for OCaml.  This
+module balances minimality and expressiveness for basic, index-free, string
+processing and provides types and functions for substrings, string sets and
+string maps.  The String module exposed by Astring has exception safe functions,
+removes deprecated and rarely used functions, alters some signatures and names,
+adds a few missing functions and fully exploits OCaml's newfound string
+immutability.")
+    (license license:isc)))
+
+(define-public ocaml-alcotest
+  (package
+    (name "ocaml-alcotest")
+    (version "0.7.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/mirage/alcotest/releases/"
+                                  "download/" version "/alcotest-" version ".tbz"))
+              (sha256
+                (base32
+                  "0g5lzk0gpfx4q8hyhr460gr4lab5wakfxsmhfwvb3yinxwzs95gc"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:tests? #f
+                 #:build-flags (list "build")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (delete 'configure))))
+    (native-inputs `(("opam" ,opam)
+                     ("topkg" ,ocaml-topkg)))
+    (propagated-inputs `(("fmt" ,ocaml-fmt)
+                         ("astring" ,ocaml-astring)))
+    (home-page "https://github.com/mirage/alcotest")
+    (synopsis "Lightweight OCaml test framework")
+    (description "Alcotest exposes simple interface to perform unit tests.  It
+exposes a simple TESTABLE module type, a check function to assert test
+predicates and a run function to perform a list of unit -> unit test callbacks.
+Alcotest provides a quiet and colorful output where only faulty runs are fully
+displayed at the end of the run (with the full logs ready to inspect), with a
+simple (yet expressive) query language to select the tests to run.")
+    (license license:isc)))
+
+(define-public ocaml-ppx-tools
+  (package
+    (name "ocaml-ppx-tools")
+    (version "5.0+4.02.0")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://github.com/alainfrisch/ppx_tools/archive/"
+                            version ".tar.gz"))
+        (sha256 (base32
+                  "0rjg4rngi8k9873z4zq95zn9hj8qyw1vcrf11y15aqasfpqq16rc"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:phases (modify-phases %standard-phases (delete 'configure))
+                 #:tests? #f))
+    (home-page "https://github.com/alainfrisch/ppx_tools")
+    (synopsis "Tools for authors of ppx rewriters and other syntactic tools")
+    (description "Tools for authors of ppx rewriters and other syntactic tools.")
+    (license license:expat)))
+
+(define-public ocaml-react
+  (package
+    (name "ocaml-react")
+    (version "1.2.0")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "http://erratique.ch/software/react/releases/react-"
+                            version ".tbz"))
+        (sha256 (base32
+                  "0knhgbngphv5sp1yskfd97crf169qhpc0igr6w7vqw0q36lswyl8"))))
+    (build-system ocaml-build-system)
+    (native-inputs `(("opam" ,opam)))
+    (arguments `(#:tests? #f
+                 #:build-flags (list "native=true" "native-dynlink=true")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (delete 'configure))))
+    (home-page "http://erratique.ch/software/react")
+    (synopsis "Declarative events and signals for OCaml")
+    (description "React is an OCaml module for functional reactive programming
+(FRP).  It provides support to program with time varying values: declarative
+events and signals.  React doesn't define any primitive event or signal, it
+lets the client choose the concrete timeline.")
+    (license license:bsd-3)))
+
+(define-public ocaml-ssl
+  (package
+    (name "ocaml-ssl")
+    (version "0.5.3")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://github.com/savonet/ocaml-ssl/archive/"
+                            version ".tar.gz"))
+        (sha256 (base32
+                  "1ds5gzyzpcgwn7h40dmjkll7g990cr82ay05b2a7nrclvv6fdpg8"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:tests? #f
+                 #:make-flags (list "OCAMLFIND_LDCONF=ignore")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (add-before 'configure 'bootstrap
+                     (lambda* (#:key #:allow-other-keys)
+                       (system* "./bootstrap")
+                       (substitute* "src/OCamlMakefile"
+                         (("/bin/sh") (which "bash")))
+                       (substitute* "configure"
+                         (("/bin/sh") (which "bash"))))))))
+    (native-inputs `(("autoconf" ,autoconf)
+                     ("automake" ,automake)
+                     ("which" ,which)))
+    (propagated-inputs `(("openssl" ,openssl)))
+    (home-page "https://github.com/savonet/ocaml-ssl/")
+    (synopsis "OCaml bindings for OpenSSL")
+    (description "OCaml bindings for OpenSSL.")
+    (license license:lgpl2.1)))
+
+(define-public ocaml-lwt
+  (package
+    (name "ocaml-lwt")
+    (version "2.6.0")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://github.com/ocsigen/lwt/archive/" version
+                            ".tar.gz"))
+        (sha256 (base32
+                  "1gbw0g8a5a4b16diqrmlhc8ilnikrm4w3jjm1zq310maqg8z0zxz"))))
+    (build-system ocaml-build-system)
+    (arguments
+     `(#:configure-flags
+       (list "--enable-ssl" "--enable-glib" "--enable-react"
+             "--enable-ppx")
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'disable-some-checks
+           (lambda* (#:key #:allow-other-keys)
+             (substitute* "tests/unix/main.ml"
+               (("Test_mcast.suite;") ""))))
+         (add-after 'install 'link-stubs
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (stubs (string-append out "/lib/ocaml/site-lib/stubslibs"))
+                    (lib (string-append out "/lib/ocaml/site-lib/lwt")))
+               (mkdir-p stubs)
+               (symlink (string-append lib "/dlllwt-glib_stubs.so")
+                        (string-append stubs "/dlllwt-glib_stubs.so"))
+               (symlink (string-append lib "/dlllwt-unix_stubs.so")
+                        (string-append stubs "/dlllwt-unix_stubs.so"))))))))
+    (native-inputs `(("pkg-config" ,pkg-config)
+                     ("ppx-tools" ,ocaml-ppx-tools)))
+    (inputs `(("libev" ,libev)
+              ("glib" ,glib)))
+    (propagated-inputs `(("result" ,ocaml-result)
+                         ("ocaml-ssl" ,ocaml-ssl)
+                         ("ocaml-react" ,ocaml-react)))
+    (home-page "https://github.com/ocsigen/lwt")
+    (synopsis "Cooperative threads and I/O in monadic style")
+    (description "Lwt provides typed, composable cooperative threads.  These
+make it easy to run normally-blocking I/O operations concurrently in a single
+process.  Also, in many cases, Lwt threads can interact without the need for
+locks or other synchronization primitives.")
+    (license license:lgpl2.1)))
+
+(define-public ocaml-logs
+  (package
+    (name "ocaml-logs")
+    (version "0.6.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://erratique.ch/software/logs/releases/"
+                                  "logs-" version ".tbz"))
+              (sha256
+                (base32
+                  "1khbn7jqpid83zn8rvyh1x1sirls7zc878zj4fz985m5xlsfy853"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:tests? #f
+                 #:build-flags (list "build" "--with-js_of_ocaml" "false")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (delete 'configure))))
+    (native-inputs `(("opam" ,opam)))
+    (propagated-inputs `(("fmt" ,ocaml-fmt)
+                         ("lwt" ,ocaml-lwt)
+                         ("mtime" ,ocaml-mtime)
+                         ("result" ,ocaml-result)
+                         ("cmdliner" ,ocaml-cmdliner)
+                         ("topkg" ,ocaml-topkg)))
+    (home-page "http://erratique.ch/software/logs")
+    (synopsis "Logging infrastructure for OCaml")
+    (description "Logs provides a logging infrastructure for OCaml.  Logging is
+performed on sources whose reporting level can be set independently.  Log
+message report is decoupled from logging and is handled by a reporter.")
+    (license license:isc)))
+
+(define-public ocaml-fpath
+  (package
+    (name "ocaml-fpath")
+    (version "0.7.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://erratique.ch/software/fpath/releases/"
+                                  "fpath-" version ".tbz"))
+              (sha256
+                (base32
+                  "05134ij27xjl6gaqsc65yl19vfj6cjxq3mbm9bf4mija8grdpn6g"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:tests? #f
+                 #:build-flags (list "build")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (delete 'configure))))
+    (native-inputs `(("opam" ,opam)))
+    (propagated-inputs `(("topkg" ,ocaml-topkg)
+                         ("astring" ,ocaml-astring)))
+    (home-page "http://erratique.ch/software/fpath")
+    (synopsis "File system paths for OCaml")
+    (description "Fpath is an OCaml module for handling file system paths with
+POSIX or Windows conventions.  Fpath processes paths without accessing the
+file system and is independent from any system library.")
+    (license license:isc)))
+
+(define-public ocaml-bos
+  (package
+    (name "ocaml-bos")
+    (version "0.1.4")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://erratique.ch/software/bos/releases/"
+                                  "bos-" version ".tbz"))
+              (sha256
+                (base32
+                  "1ly66lysk4w6mdy4k1n3ynlpfpq7lw4wshcpzgx58v6x613w5s7q"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:tests? #f
+                 #:build-flags (list "build")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (delete 'configure))))
+    (native-inputs `(("opam" ,opam)))
+    (propagated-inputs `(("topkg" ,ocaml-topkg)
+                         ("astring" ,ocaml-astring)
+                         ("fmt" ,ocaml-fmt)
+                         ("fpath" ,ocaml-fpath)
+                         ("logs" ,ocaml-logs)
+                         ("rresult" ,ocaml-rresult)))
+    (home-page "http://erratique.ch/software/bos")
+    (synopsis "Basic OS interaction for OCaml")
+    (description "Bos provides support for basic and robust interaction with
+the operating system in OCaml.  It has functions to access the process
+environment, parse command line arguments, interact with the file system and
+run command line programs.")
+    (license license:isc)))
+
+(define-public ocaml-xmlm
+  (package
+    (name "ocaml-xmlm")
+    (version "1.2.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://erratique.ch/software/xmlm/releases/"
+                                  "xmlm-" version ".tbz"))
+              (sha256
+                (base32
+                  "1jywcrwn5z3gkgvicr004cxmdaqfmq8wh72f81jqz56iyn5024nh"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:tests? #f
+                 #:phases
+                 (modify-phases %standard-phases
+                   (delete 'configure)
+                   (replace 'build
+                     (lambda* (#:key #:allow-other-keys)
+                       (zero? (system* "pkg/build" "true")))))))
+    (native-inputs `(("opam" ,opam)))
+    (home-page "http://erratique.ch/software/xmlm")
+    (synopsis "Streaming XML codec for OCaml")
+    (description "Xmlm is a streaming codec to decode and encode the XML data
+format.  It can process XML documents without a complete in-memory
+representation of the data.")
+    (license license:isc)))
+
+(define-public ocaml-ulex
+  (package
+    (name "ocaml-ulex")
+    (version "1.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://www.cduce.org/download/ulex-"
+                                  version ".tar.gz"))
+              (sha256
+                (base32
+                  "0fjlkwps14adfgxdrbb4yg65fhyimplvjjs1xqj5np197cig67x0"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:phases (modify-phases %standard-phases (delete 'configure))
+                 #:tests? #f
+                 #:make-flags
+                 (list "all.opt"
+                       (string-append "OCAMLBUILD=ocamlbuild -byte-plugin "
+                                      "-cflags -I,"
+                                      (assoc-ref %build-inputs "camlp4")
+                                      "/lib/ocaml/site-lib/camlp4"))))
+    (native-inputs `(("camlp4" ,camlp4)))
+    (home-page "http://www.cduce.org/download.html#side")
+    (synopsis "Lexer generator for Unicode and OCaml")
+    (description "Lexer generator for Unicode and OCaml.")
+    (license license:expat)))
+
+(define-public ocaml-uchar
+  (package
+    (name "ocaml-uchar")
+    (version "0.0.1")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://github.com/ocaml/uchar/releases/download/v"
+                            version "/uchar-" version ".tbz"))
+        (sha256 (base32
+                  "0ficw1x7ymbd6m8hqw3w1aycwm1hbwd6bad3c5pspwnzh3qlikhi"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:tests? #f
+                 #:build-flags (list "native=true" "native-dynlink=true")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (delete 'configure))))
+    (native-inputs `(("opam" ,opam)))
+    (home-page "https://github.com/ocaml/uchar")
+    (synopsis "Compatibility library for OCaml's Uchar module")
+    (description "The uchar package provides a compatibility library for the
+`Uchar` module introduced in OCaml 4.03.")
+    (license license:lgpl2.1)))
+
+(define-public ocaml-uutf
+  (package
+    (name "ocaml-uutf")
+    (version "1.0.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://erratique.ch/software/uutf/releases/"
+                                  "uutf-" version ".tbz"))
+              (sha256
+                (base32
+                  "08i0cw02cxw4mi2rs01v9xi307qshs6fnd1dlqyb52kcxzblpp37"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:tests? #f
+                 #:build-flags (list "build")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (delete 'configure))))
+    (native-inputs `(("opam" ,opam)
+                     ("topkg" ,ocaml-topkg)))
+    (propagated-inputs `(("uchar" ,ocaml-uchar)
+                         ("cmdliner" ,ocaml-cmdliner)))
+    (home-page "http://erratique.ch/software/uutf")
+    (synopsis "Non-blocking streaming Unicode codec for OCaml")
+    (description "Uutf is a non-blocking streaming codec to decode and encode
+the UTF-8, UTF-16, UTF-16LE and UTF-16BE encoding schemes.  It can efficiently
+work character by character without blocking on IO.  Decoders perform character
+position tracking and support newline normalization.
+
+Functions are also provided to fold over the characters of UTF encoded OCaml
+string values and to directly encode characters in OCaml Buffer.t values.")
+    (license license:isc)))
+
+(define-public ocaml-jsonm
+  (package
+    (name "ocaml-jsonm")
+    (version "1.0.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://erratique.ch/software/jsonm/releases/"
+                                  "jsonm-" version ".tbz"))
+              (sha256
+                (base32
+                  "1v3ln6d965lplj28snjdqdqablpp1kx8bw2cfx0m6i157mqyln62"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:tests? #f
+                 #:build-flags (list "build")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (delete 'configure))))
+    (native-inputs `(("opam" ,opam)
+                     ("topkg" ,ocaml-topkg)))
+    (propagated-inputs `(("uutf" ,ocaml-uutf)
+                         ("cmdliner" ,ocaml-cmdliner)))
+    (home-page "http://erratique.ch/software/jsonm")
+    (synopsis "Non-blocking streaming JSON codec for OCaml")
+    (description "Jsonm is a non-blocking streaming codec to decode and encode
+the JSON data format.  It can process JSON text without blocking on IO and
+without a complete in-memory representation of the data.")
+    (license license:isc)))
+
+(define-public ocaml-ocurl
+  (package
+    (name "ocaml-ocurl")
+    (version "0.7.9")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://ygrek.org.ua/p/release/ocurl/ocurl-"
+                                  version ".tar.gz"))
+              (sha256
+                (base32
+                  "0pm6nm33wi0p9h765k6zb94ljpknryam4qd1hmb2rsk2y0y1181n"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:phases
+                 (modify-phases %standard-phases
+                   (add-before 'configure 'fix-/bin/sh
+                     (lambda* (#:key inputs #:allow-other-keys)
+                       (substitute* "configure"
+                         (("-/bin/sh") (string-append "-" (which "bash")))))))))
+    (native-inputs `(("pkg-config" ,pkg-config)))
+    (inputs `(("curl" ,curl)))
+    (home-page "http://ocurl.forge.ocamlcore.org/")
+    (synopsis "OCaml bindings for libcurl")
+    (description "Client-side URL transfer library, supporting HTTP and a
+multitude of other network protocols (FTP/SMTP/RTSP/etc).")
+    (license license:isc)))
+
+(define-public ocaml-base64
+  (package
+    (name "ocaml-base64")
+    (version "2.1.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/mirage/ocaml-base64/"
+                                  "releases/download/v" version "/base64-"
+                                   version ".tbz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                 "1p45sawchmrkr22gkmydjc4ary23pisp58zsnb7iq7d82nxs1lfq"))))
+    (build-system ocaml-build-system)
+    (arguments
+     `(#:build-flags (list "build" "--tests" "true")
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure))))
+    (native-inputs
+     `(("topkg" ,ocaml-topkg)
+       ("opam" ,opam)
+       ("rresult" ,ocaml-rresult)
+       ("bos" ,ocaml-bos)
+       ("alcotest" ,ocaml-alcotest)))
+    (home-page "https://github.com/mirage/ocaml-base64")
+    (synopsis "Base64 encoding for OCaml")
+    (description "Base64 is a group of similar binary-to-text encoding schemes
+that represent binary data in an ASCII string format by translating it into a
+radix-64 representation.  It is specified in RFC 4648.")
+    (license license:isc)))
+
+(define-public ocamlify
+  (package
+    (name "ocamlify")
+    (version "0.0.2")
+    (source (origin
+              (method url-fetch)
+              (uri (ocaml-forge-uri name version 1209))
+              (sha256
+               (base32
+                "1f0fghvlbfryf5h3j4as7vcqrgfjb4c8abl5y0y5h069vs4kp5ii"))))
+    (build-system ocaml-build-system)
+    ; tests are done during build
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (delete 'check))))
+    (home-page "https://forge.ocamlcore.org/projects/ocamlify")
+    (synopsis "Include files in OCaml code")
+    (description "OCamlify allows to create OCaml source code by including
+whole files into OCaml string or string list.  The code generated can be
+compiled as a standard OCaml file.  It allows embedding external resources as
+OCaml code.")
+    (license license:lgpl2.1+))); with the OCaml static compilation exception
+
+(define-public omake
+  (package
+    (name "omake")
+    (version "0.10.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://download.camlcity.org/download/"
+                                  "omake-" version ".tar.gz"))
+              (sha256
+               (base32
+                "093ansbppms90hiqvzar2a46fj8gm9iwnf8gn38s6piyp70lrbsj"))
+              (patches (search-patches "omake-fix-non-determinism.patch"))))
+    (build-system ocaml-build-system)
+    (arguments
+     `(#:make-flags
+       (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
+       #:tests? #f ; no test target
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'fix-makefile
+                     (lambda* (#:key outputs #:allow-other-keys)
+                       (substitute* "mk/osconfig_unix.mk"
+                                    (("CC = cc") "CC = gcc")))))))
+    (native-inputs `(("hevea" ,hevea)))
+    (home-page "http://projects.camlcity.org/projects/omake.html")
+    (synopsis "Build system designed for scalability and portability")
+    (description "Similar to make utilities you may have used, but it features
+many additional enhancements, including:
+
+@enumerate
+@item Support for projects spanning several directories or directory hierarchies.
+@item Fast, reliable, automated, scriptable dependency analysis using MD5 digests,
+      with full support for incremental builds.
+@item Dependency analysis takes the command lines into account — whenever the
+      command line used to build a target changes, the target is considered
+      out-of-date.
+@item Fully scriptable, includes a library that providing support for standard
+      tasks in C, C++, OCaml, and LaTeX projects, or a mixture thereof.
+@end enumerate")
+    (license (list license:lgpl2.1 ; libmojave
+                   license:expat ; OMake scripts
+                   license:gpl2)))) ; OMake itself, with ocaml linking exception
+                                    ; see LICENSE.OMake
+
+(define-public ocaml-batteries
+  (package
+    (name "ocaml-batteries")
+    (version "2.5.3")
+    (source (origin
+              (method url-fetch)
+              (uri (ocaml-forge-uri "batteries" version 1650))
+              (sha256
+               (base32
+                "1a97w3x2l1jr5x9kj5gqm1x6b0q9fjqdcsvls7arnl3bvzgsia0n"))))
+    (build-system ocaml-build-system)
+    (native-inputs
+     `(("qtest" ,ocaml-qtest)
+       ("bisect" ,ocaml-bisect)
+       ("ounit" ,ocaml-ounit)))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (delete 'check) ; tests are run by the build phase
+         (replace 'build
+           (lambda* (#:key outputs #:allow-other-keys)
+             (zero? (system* "ocaml" "setup.ml" "-build")))))))
+    (home-page "http://batteries.forge.ocamlcore.org/")
+    (synopsis "Development platform for the OCaml programming language")
+    (description "Define a standard set of libraries which may be expected on
+every compliant installation of OCaml and organize these libraries into a
+hierarchy of modules.")
+    (license license:lgpl2.1+)))
+
+(define-public ocaml-pcre
+  (package
+    (name "ocaml-pcre")
+    (version "7.2.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/mmottl/pcre-ocaml/archive"
+                                  "/v" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0rj6dw79px4sj2kq0iss2nzq3rnsn9wivvc0f44wa1mppr6njfb3"))))
+    (build-system ocaml-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'link-lib
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (stubs (string-append out "/lib/ocaml/site-lib/stubslibs"))
+                    (lib (string-append out "/lib/ocaml/site-lib/pcre")))
+               (mkdir-p stubs)
+               (symlink (string-append lib "/dllpcre_stubs.so")
+                        (string-append stubs "/dllpcre_stubs.so"))))))))
+    (native-inputs
+     `(("batteries" ,ocaml-batteries)
+       ("pcre:bin" ,pcre "bin")))
+    (propagated-inputs `(("pcre" ,pcre)))
+    (home-page "https://mmottl.github.io/pcre-ocaml")
+    (synopsis "Bindings to the Perl Compatibility Regular Expressions library")
+    (description "Pcre-ocaml offers library functions for string pattern
+matching and substitution, similar to the functionality offered by the Perl
+language.")
+    (license license:lgpl2.1+))); with the OCaml link exception
+
+(define-public ocaml-expect
+  (package
+    (name "ocaml-expect")
+    (version "0.0.5")
+    (source (origin
+              (method url-fetch)
+              (uri (ocaml-forge-uri name version 1372))
+              (sha256
+               (base32
+                "07xq8w2x2vffc32z7vk6y14jwbfb1cw0m2lm1jzi60hnr1dvg8by"))))
+    (build-system ocaml-build-system)
+    (native-inputs
+     `(("ocaml-pcre" ,ocaml-pcre)
+       ("ounit" ,ocaml-ounit)))
+    (propagated-inputs `(("batteries" ,ocaml-batteries)))
+    (home-page "https://forge.ocamlcore.org/projects/ocaml-expect/")
+    (synopsis "Simple implementation of expect")
+    (description "Help building unitary testing of interactive program.  You
+can match the question using a regular expression or a timeout.")
+    (license license:lgpl2.1+))) ; with the OCaml static compilation exception
+
+(define-public ocaml-fileutils
+  (package
+    (name "ocaml-fileutils")
+    (version "0.5.1")
+    (source (origin
+              (method url-fetch)
+              (uri (ocaml-forge-uri name version 1651))
+              (sha256
+               (base32
+                "0g6zx2rcvacklxyli19ixcf6ich9ipxsps4k3jz98f5zlaab0a7g"))))
+    (build-system ocaml-build-system)
+    (native-inputs `(("ounit" ,ocaml-ounit)))
+    (home-page "http://ocaml-fileutils.forge.ocamlcore.org")
+    (synopsis "Pure OCaml functions to manipulate real file and filename")
+    (description "Library to provide pure OCaml functions to manipulate real
+file (POSIX like) and filename.")
+    (license license:lgpl2.1+))) ; with the OCaml static compilation exception
+
+(define-public ocaml-oasis
+  (package
+    (name "ocaml-oasis")
+    (version "0.4.8")
+    (source (origin
+              (method url-fetch)
+              (uri (ocaml-forge-uri name version 1669))
+              (sha256
+               (base32
+                "1ln7vc7ip6s5xbi20mhnn087xi4a2m5vqawx0703qqnfkzhmslqy"))
+            (modules '((guix build utils)))
+            (snippet
+             '(substitute* "test/test-main/Test.ml"
+                ;; most of these tests fail because ld cannot find crti.o, but according
+                ;; to the log file, the environment variables {LD_,}LIBRARY_PATH
+                ;; are set correctly whene LD_LIBRARY_PATH is defined beforhand.
+                (("TestBaseCompat.tests;") "")
+                (("TestExamples.tests;") "")
+                (("TestFull.tests;") "")
+                (("TestPluginDevFiles.tests;") "")
+                (("TestPluginInternal.tests;") "")
+                (("TestPluginOCamlbuild.tests;") "")
+                (("TestPluginOMake.tests;") "")))))
+    (build-system ocaml-build-system)
+    (native-inputs
+     `(("ocamlify" ,ocamlify)
+       ("ocamlmod" ,ocamlmod)
+       ("ounit" ,ocaml-ounit)
+       ("omake" ,omake)
+       ("ocaml-expect" ,ocaml-expect)
+       ("ocaml-pcre" ,ocaml-pcre)
+       ("ocaml-fileutils" ,ocaml-fileutils)
+       ("camlp4" ,camlp4)
+       ("texlive" ,texlive)
+       ("pkg-config" ,pkg-config)))
+    (home-page "https://oasis.forge.ocamlcore.org")
+    (synopsis "Integrates a configure, build, install system in OCaml projects")
+    (description "OASIS is a tool to integrate a configure, build and install
+system in your OCaml projects.  It helps to create standard entry points in your
+build system and allows external tools to analyse your project easily.")
+    (license license:lgpl2.1+))) ; with ocaml static compilation exception
+
+(define-public ocaml-js-build-tools
+  (package
+    (name "ocaml-js-build-tools")
+    (version "113.33.06")
+    (source (janestreet-origin "js-build-tools" version
+              "0r8z4fz8iy5y6hkdlkpwf6rk4qigcr3dzyv35585xgg2ahf12zy6"))
+    (native-inputs
+     `(("oasis" ,ocaml-oasis)
+       ("opam" ,opam)))
+    (build-system ocaml-build-system)
+    (arguments janestreet-arguments)
+    (home-page "https://github.com/janestreet/js-build-tools")
+    (synopsis "Collection of tools to help building Jane Street Packages")
+    (description "This package contains tools to help building Jane Street
+packages, but can be used for other purposes.  It contains:
+@enumerate
+@item an @command{oasis2opam-install} tool to produce a @file{.install} file
+from the oasis build log
+@item a @code{js_build_tools} ocamlbuild plugin with various goodies.
+@end enumerate")
+    (license license:asl2.0)))
+
+(define-public ocaml-bin-prot
+  (package
+    (name "ocaml-bin-prot")
+    (version "113.33.03")
+    (source (janestreet-origin "bin_prot" version
+               "1ws8c017z8nbj3vw92ndvjk9011f71rmp3llncbv8r5fc76wqv3l"))
+    (native-inputs
+     `(("js-build-tools" ,ocaml-js-build-tools)
+       ("opam" ,opam)))
+    (build-system ocaml-build-system)
+    (arguments janestreet-arguments)
+    (home-page "https://github.com/janestreet/bin_prot/")
+    (synopsis "Binary protocol generator")
+    (description "This library contains functionality for reading and writing
+OCaml-values in a type-safe binary protocol.  It is extremely efficient,
+typically supporting type-safe marshalling and unmarshalling of even highly
+structured values at speeds sufficient to saturate a gigabit connection.  The
+protocol is also heavily optimized for size, making it ideal for long-term
+storage of large amounts of data.")
+    (license license:asl2.0)))
diff --git a/gnu/packages/onc-rpc.scm b/gnu/packages/onc-rpc.scm
index 5353846ece..5f67823a40 100644
--- a/gnu/packages/onc-rpc.scm
+++ b/gnu/packages/onc-rpc.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -21,7 +21,7 @@
   #:use-module (guix licenses)
   #:use-module (guix packages)
   #:use-module (guix download)
-  #:use-module (gnu packages mit-krb5)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages pkg-config)
   #:use-module (guix build-system gnu))
 
diff --git a/gnu/packages/openbox.scm b/gnu/packages/openbox.scm
index 36e39d8267..2200c837ba 100644
--- a/gnu/packages/openbox.scm
+++ b/gnu/packages/openbox.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -23,11 +24,13 @@
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages freedesktop)
+  #:use-module (gnu packages gettext)
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages image)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
+  #:use-module (gnu packages xdisorg)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages xorg))
 
@@ -67,4 +70,38 @@ implementations.")
     (home-page "http://openbox.org/wiki/Main_Page")
     (license gpl2+)))
 
+(define-public obconf
+  (package
+    (name "obconf")
+    (version "2.0.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://openbox.org/dist/" name
+                           "/" name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1fanjdmd8727kk74x5404vi8v7s4kpq48l583d12fsi4xvsfb8vi"))))
+    (inputs
+     `(("gtk+-2" ,gtk+-2)
+       ("imlib2" ,imlib2)
+       ("libglade" ,libglade)
+       ("openbox" ,openbox)
+       ("startup-notification" ,startup-notification)
+       ("libsm" ,libsm)
+       ("librsvg" ,librsvg)
+       ("libxft" ,libxft)))
+    (native-inputs
+     `(("gettext" ,gettext-minimal)
+       ("pkg-config" ,pkg-config)))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags (list "--enable-nls")))
+    (home-page "http://openbox.org/wiki/ObConf:About")
+    (synopsis "Openbox configuration tool")
+    (description
+     "Obconf is a tool for configuring the Openbox window manager.
+You can configure its appearance, themes, and much more.")
+    (license gpl2+)))
+
 ;;; openbox.scm ends here
diff --git a/gnu/packages/orpheus.scm b/gnu/packages/orpheus.scm
index 39118c9abc..d672ebce75 100644
--- a/gnu/packages/orpheus.scm
+++ b/gnu/packages/orpheus.scm
@@ -90,7 +90,7 @@
              (substitute* '("src/mp3track.cc"
                             "src/streamtrack.cc"
                             "src/oggtrack.cc")
-               (("/bin/sh") (which "bash")))
+               (("/bin/sh") (which "sh")))
              #t)))))
     (home-page "http://thekonst.net/en/orpheus")
     (synopsis "Text-mode audio player")
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 673e5f0fb2..8291740998 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -25,7 +25,6 @@
   #:use-module (guix utils)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system python)
-  #:use-module ((guix build utils) #:select (with-directory-excursion))
   #:use-module ((guix licenses) #:select (gpl2+ gpl3+ lgpl2.1+ asl2.0))
   #:use-module (gnu packages)
   #:use-module (gnu packages guile)
@@ -53,10 +52,6 @@
   #:use-module (gnu packages tls)
   #:use-module (gnu packages ssh)
   #:use-module (gnu packages vim)
-  #:use-module (srfi srfi-1)
-  #:use-module (srfi srfi-26)
-  #:use-module (ice-9 popen)
-  #:use-module (ice-9 rdelim)
   #:use-module (ice-9 match))
 
 (define (boot-guile-uri arch)
@@ -224,9 +219,9 @@ the Nix package manager.")
   ;;
   ;; Note: use a very short commit id; with a longer one, the limit on
   ;; hash-bang lines would be exceeded while running the tests.
-  (let ((commit "eefd042e60d9fc1d092b44bf80ecbfe65b291e46"))
+  (let ((commit "d9da3a757d3081403081577c4e07763c9b809043"))
     (package (inherit guix-0.12.0)
-      (version (string-append "0.12.0-3." (string-take commit 4)))
+      (version (string-append "0.12.0-4." (string-take commit 4)))
       (source (origin
                 (method git-fetch)
                 (uri (git-reference
@@ -236,7 +231,7 @@ the Nix package manager.")
                       (commit commit)))
                 (sha256
                  (base32
-                  "1g0042x80q73pb9y39aqbkajl4bacls5c0im9aljmjnsb80fsh8d"))
+                  "17w9jdzm3lvfbchx7qrlkczp2jsfsi6v8cpfqh290cip5gxgz9bn"))
                 (file-name (string-append "guix-" version "-checkout"))))
       (arguments
        (substitute-keyword-arguments (package-arguments guix-0.12.0)
@@ -275,38 +270,8 @@ generated file."
     (_
      #t)))
 
-(define (make-git-predicate directory)
-  "Return a predicate that returns true if a file is part of the Git checkout
-living at DIRECTORY.  Upon Git failure, return #f instead of a predicate."
-  (define (parent-directory? thing directory)
-    ;; Return #t if DIRECTORY is the parent of THING.
-    (or (string-suffix? thing directory)
-        (and (string-index thing #\/)
-             (parent-directory? (dirname thing) directory))))
-
-  (let* ((pipe        (with-directory-excursion directory
-                        (open-pipe* OPEN_READ "git" "ls-files")))
-         (files       (let loop ((lines '()))
-                        (match (read-line pipe)
-                          ((? eof-object?)
-                           (reverse lines))
-                          (line
-                           (loop (cons line lines))))))
-         (status      (close-pipe pipe)))
-    (and (zero? status)
-         (lambda (file stat)
-           (match (stat:type stat)
-             ('directory
-              ;; 'git ls-files' does not list directories, only regular files,
-              ;; so we need this special trick.
-              (any (cut parent-directory? <> file) files))
-             ((or 'regular 'symlink)
-              (any (cut string-suffix? <> file) files))
-             (_
-              #f))))))
-
 (define-public current-guix
-  (let ((select? (delay (or (make-git-predicate
+  (let ((select? (delay (or (git-predicate
                              (string-append (current-source-directory)
                                             "/../.."))
                             source-file?))))
@@ -329,14 +294,14 @@ out) and returning a package that uses that as its 'source'."
 (define-public nix
   (package
     (name "nix")
-    (version "1.11.2")
+    (version "1.11.6")
     (source (origin
              (method url-fetch)
              (uri (string-append "http://nixos.org/releases/nix/nix-"
                                  version "/nix-" version ".tar.xz"))
              (sha256
               (base32
-               "1mk9z75gklxcv6kzwwz1h5r2ci5kjy6bh7qwk4m5lf5v9s0k64pw"))))
+               "18xjg7cfvqzhsmvir6xmw95jxvl2w7icphbbll462xbnj9ddaag7"))))
     (build-system gnu-build-system)
     ;; XXX: Should we pass '--with-store-dir=/gnu/store'?  But then we'd also
     ;; need '--localstatedir=/var'.  But then!  The thing would use /var/nix
diff --git a/gnu/packages/parallel.scm b/gnu/packages/parallel.scm
index 097e4e182b..1f8e68171d 100644
--- a/gnu/packages/parallel.scm
+++ b/gnu/packages/parallel.scm
@@ -45,7 +45,7 @@
 (define-public parallel
   (package
     (name "parallel")
-    (version "20161222")
+    (version "20170122")
     (source
      (origin
       (method url-fetch)
@@ -53,7 +53,7 @@
                           version ".tar.bz2"))
       (sha256
        (base32
-        "1chgr3csyc7hbq2wq4jnwnbsr3ix8rzsk2lf4vdnvkjpd6dvw517"))))
+        "19maf889vj1c4zakqwap58f44hgypyb5mzzwfsliir9gvvcq6zj1"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -92,7 +92,7 @@ and they are executed on lists of files, hosts, users or other items.")
 (define-public slurm
   (package
    (name "slurm")
-   (version "15.08.7.1")
+   (version "16.05.9.1")
    (source (origin
             (method url-fetch)
             (uri (string-append
@@ -101,7 +101,7 @@ and they are executed on lists of files, hosts, users or other items.")
             (file-name (string-append name "-" version ".tar.gz"))
             (sha256
              (base32
-              "1rmi35l4img00dr4vic8cv8s7b6n1yx1mkq2s7kjf5hvqdh6s2ki"))
+              "1zx5y2lyjknnca4aw7cbawn00mjhsqzy3h35w7s757cykfjqr8gv"))
             (patches (search-patches
                       "slurm-configure-remove-nonfree-contribs.patch"))
             (modules '((guix build utils)))
diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm
index cb8dacc3ea..0a3b4b64e7 100644
--- a/gnu/packages/password-utils.scm
+++ b/gnu/packages/password-utils.scm
@@ -36,6 +36,7 @@
   #:use-module (gnu packages compression)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnupg)
+  #:use-module (gnu packages gtk)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages man)
@@ -240,6 +241,15 @@ random passwords that pass the checks.")
        #:tests? #f
        #:phases
        (modify-phases %standard-phases
+         (add-after 'install 'wrap-assword
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((prog            (string-append
+                                     (assoc-ref outputs "out")
+                                     "/bin/assword"))
+                   (gi-typelib-path (getenv "GI_TYPELIB_PATH")))
+               (wrap-program prog
+                 `("GI_TYPELIB_PATH" ":" prefix (,gi-typelib-path)))
+               #t)))
          (add-after 'install 'manpage
            (lambda* (#:key outputs #:allow-other-keys)
              (and
@@ -255,7 +265,8 @@ random passwords that pass the checks.")
     (native-inputs
      `(("txt2man" ,txt2man)))
     (inputs
-     `(("python-xdo" ,python-xdo)
+     `(("gtk+" ,gtk+)
+       ("python-xdo" ,python-xdo)
        ("python-gpg" ,python-gpg)
        ("python-pygobject" ,python-pygobject)))
     (propagated-inputs
@@ -294,7 +305,17 @@ any X11 window.")
                               '("coreutils" "getopt" "git" "gnupg" "pwgen"
                                 "sed" "tree" "which" "xclip"))))
                (wrap-program (string-append out "/bin/pass")
-                 `("PATH" ":" prefix (,(string-join path ":"))))))))
+                 `("PATH" ":" prefix (,(string-join path ":"))))
+               #t)))
+         (add-after 'wrap-path 'install-shell-completions
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out      (assoc-ref outputs "out"))
+                    (bashcomp (string-append out "/etc/bash_completion.d")))
+               ;; TODO: install fish and zsh completions.
+               (mkdir-p bashcomp)
+               (copy-file "src/completion/pass.bash-completion"
+                          (string-append bashcomp "/pass"))
+               #t))))
        #:make-flags (list "CC=gcc" (string-append "PREFIX=" %output))
        ;; Parallel tests may cause a race condition leading to a
        ;; timeout in some circumstances.
diff --git a/gnu/packages/patches/duplicity-piped-password.patch b/gnu/packages/patches/duplicity-piped-password.patch
deleted file mode 100644
index db50f5df32..0000000000
--- a/gnu/packages/patches/duplicity-piped-password.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-This test, on three occasions, is failing with the error:
-
-  EOF: End Of File (EOF) in read_nonblocking(). Braindead platform.
-
---- duplicity-0.6.24/testing/functional/test_final.py	2014-09-28 13:14:52.146001614 -0500
-+++ duplicity-0.6.24/testing/functional/test_final.py	2014-09-28 13:13:20.333546342 -0500
-@@ -156,13 +156,6 @@
-         self.run_duplicity(options=["remove-older-than", "50000", "--force", self.backend_url])
-         self.assertEqual(self.get_backend_files(), second_chain)
- 
--    def test_piped_password(self):
--        """Make sure that prompting for a password works"""
--        self.set_environ("PASSPHRASE", None)
--        self.backup("full", "testfiles/empty_dir",
--                    passphrase_input=[self.sign_passphrase, self.sign_passphrase])
--        self.restore(passphrase_input=[self.sign_passphrase])
--
- 
- class OldFilenamesFinalTest(FinalTest):
- 
diff --git a/gnu/packages/patches/duplicity-test_selection-tmp.patch b/gnu/packages/patches/duplicity-test_selection-tmp.patch
deleted file mode 100644
index 8f66be4dcc..0000000000
--- a/gnu/packages/patches/duplicity-test_selection-tmp.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Reported upstream at https://bugs.launchpad.net/duplicity/+bug/1375019
-
---- duplicity-0.6.24/testing/unit/test_selection.py	2014-05-09 08:27:40.000000000 -0500
-+++ duplicity-0.6.24/testing/unit/test_selection.py	2014-09-28 12:28:53.932324380 -0500
-@@ -431,10 +431,10 @@
-                        [(), ('1',), ('1', '1'), ('1', '2'), ('1', '3')])
- 
-         self.root = Path("/")
--        self.ParseTest([("--exclude", "/home/*"),
--                        ("--include", "/home"),
-+        self.ParseTest([("--exclude", "/tmp/*"),
-+                        ("--include", "/tmp"),
-                         ("--exclude", "/")],
--                       [(), ("home",)])
-+                       [(), ("tmp",)])
- 
- if __name__ == "__main__":
-     unittest.main()
diff --git a/gnu/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch b/gnu/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch
new file mode 100644
index 0000000000..40aae7a9d7
--- /dev/null
+++ b/gnu/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch
@@ -0,0 +1,27 @@
+Don’t add linker flags via ‘response files’ since ld-wrapper
+doesn’t handle them.
+See https://github.com/NixOS/nixpkgs/commit/a421e7bd4a28c69bded8b17888325e31554f61a1
+https://gcc.gnu.org/ml/gcc/2016-10/msg00151.html
+
+diff --git a/compiler/main/SysTools.hs.orig b/compiler/main/SysTools.hs
+index 1ab5b13..99270fc 100644
+--- a/compiler/main/SysTools.hs.orig
++++ b/compiler/main/SysTools.hs
+@@ -424,7 +424,7 @@ runCc dflags args =   do
+       args1 = map Option (getOpts dflags opt_c)
+       args2 = args0 ++ args1 ++ args
+   mb_env <- getGccEnv args2
+-  runSomethingResponseFile dflags cc_filter "C Compiler" p args2 mb_env
++  runSomethingFiltered dflags cc_filter "C Compiler" p args2 mb_env
+  where
+   -- discard some harmless warnings from gcc that we can't turn off
+   cc_filter = unlines . doFilter . lines
+@@ -945,7 +945,7 @@ runLink dflags args = do
+       args1     = map Option (getOpts dflags opt_l)
+       args2     = args0 ++ linkargs ++ args1 ++ args
+   mb_env <- getGccEnv args2
+-  runSomethingResponseFile dflags ld_filter "Linker" p args2 mb_env
++  runSomethingFiltered dflags ld_filter "Linker" p args2 mb_env
+   where
+     ld_filter = case (platformOS (targetPlatform dflags)) of
+                   OSSolaris2 -> sunos_ld_filter
diff --git a/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch b/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch
deleted file mode 100644
index 79bb41caaa..0000000000
--- a/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-This fixes a segfault on 32-bit architectures. Upstream discussion:
-
-https://lists.gnupg.org/pipermail/gnupg-devel/2016-December/032364.html
-
-Guix thread: https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00631.html
-
-Patch copied from upstream source repository:
-
-https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=6e96cdd41a0e55b672309431062f37c4a4a9f485
-
-From 6e96cdd41a0e55b672309431062f37c4a4a9f485 Mon Sep 17 00:00:00 2001
-From: Justus Winter <justus@g10code.com>
-Date: Wed, 21 Dec 2016 16:14:45 +0100
-Subject: [PATCH] gpgscm: Guard use of union member.
-
-* tests/gpgscm/scheme.c (opexe_5): Check that we have a file port
-before accessing filename.  Fixes a crash on 32-bit architectures.
-
-Fixes-commit: e7429b1ced0c69fa7901f888f8dc25f00fc346a4
-Signed-off-by: Justus Winter <justus@g10code.com>
----
- tests/gpgscm/scheme.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c
-index a5b7691..2844545 100644
---- a/tests/gpgscm/scheme.c
-+++ b/tests/gpgscm/scheme.c
-@@ -4838,7 +4838,7 @@ static pointer opexe_5(scheme *sc, enum scheme_opcodes op) {
-                } else {
-                     sc->nesting_stack[sc->file_i]++;
- #if USE_TAGS && SHOW_ERROR_LINE
--		    {
-+		    if (sc->load_stack[sc->file_i].kind & port_file) {
- 		      const char *filename =
- 			sc->load_stack[sc->file_i].rep.stdio.filename;
- 		      int lineno =
--- 
-2.8.0.rc3
-
diff --git a/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch b/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch
new file mode 100644
index 0000000000..4c6c7ed06e
--- /dev/null
+++ b/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch
@@ -0,0 +1,32 @@
+This fixes a test failure on i686.
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=5e2e111627871c566ffc6607eda8f4ef4699d040
+
+From 5e2e111627871c566ffc6607eda8f4ef4699d040 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 2 Feb 2017 14:56:39 +0200
+Subject: [PATCH] multifdsink: Make sure to use a 64 bit integer for the
+ units-max property
+
+---
+ tests/check/elements/multifdsink.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/check/elements/multifdsink.c b/tests/check/elements/multifdsink.c
+index af138cc92..951b1b9fa 100644
+--- a/tests/check/elements/multifdsink.c
++++ b/tests/check/elements/multifdsink.c
+@@ -869,7 +869,7 @@ GST_START_TEST (test_client_kick)
+   gint i, initial_buffers = 3, num_buffers = 0;
+ 
+   sink = setup_multifdsink ();
+-  g_object_set (sink, "units-max", initial_buffers, NULL);
++  g_object_set (sink, "units-max", (gint64) initial_buffers, NULL);
+ 
+   fail_if (pipe (pfd1) == -1);
+   fail_if (pipe (pfd2) == -1);
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/httpd-CVE-2016-8740.patch b/gnu/packages/patches/httpd-CVE-2016-8740.patch
deleted file mode 100644
index 17ba323ccf..0000000000
--- a/gnu/packages/patches/httpd-CVE-2016-8740.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-This patch applies against httpd-2.4.23 and shouldn't be needed in later releases
-http://openwall.com/lists/oss-security/2016/12/05/17
-Index: modules/http2/h2_stream.c
-===================================================================
---- modules/http2/h2_stream.c	(revision 1771866)
-+++ modules/http2/h2_stream.c	(working copy)
-@@ -322,18 +322,18 @@
-                                            HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE);
-             }
-         }
--    }
--    
--    if (h2_stream_is_scheduled(stream)) {
--        return h2_request_add_trailer(stream->request, stream->pool,
--                                      name, nlen, value, vlen);
--    }
--    else {
--        if (!input_open(stream)) {
--            return APR_ECONNRESET;
-+        
-+        if (h2_stream_is_scheduled(stream)) {
-+            return h2_request_add_trailer(stream->request, stream->pool,
-+                                          name, nlen, value, vlen);
-         }
--        return h2_request_add_header(stream->request, stream->pool,
--                                     name, nlen, value, vlen);
-+        else {
-+            if (!input_open(stream)) {
-+                return APR_ECONNRESET;
-+            }
-+            return h2_request_add_header(stream->request, stream->pool,
-+                                         name, nlen, value, vlen);
-+        }
-     }
- }
- 
diff --git a/gnu/packages/patches/khal-disable-failing-tests.patch b/gnu/packages/patches/khal-disable-failing-tests.patch
deleted file mode 100644
index e2c65df8ce..0000000000
--- a/gnu/packages/patches/khal-disable-failing-tests.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Disable some tests that are known to fail:
-
-https://github.com/pimutils/khal/issues/546
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844081
-
-diff --git a/tests/khalendar_test.py b/tests/khalendar_test.py
-index fd8dcc6..17732bf 100644
---- a/tests/khalendar_test.py
-+++ b/tests/khalendar_test.py
-@@ -65,6 +65,7 @@ class TestCalendar(object):
-                 else:
-                     mtimes[cal] = mtime
- 
-+    @pytest.mark.xfail
-     def test_db_needs_update(self, coll_vdirs):
-         coll, vdirs = coll_vdirs
- 
-@@ -321,6 +322,7 @@ class TestDbCreation(object):
-             CalendarCollection(calendars, dbpath=dbpath, locale=aux.locale)
- 
- 
-+@pytest.mark.xfail
- def test_default_calendar(coll_vdirs):
-     """test if an update to the vdir is detected by the CalendarCollection"""
-     coll, vdirs = coll_vdirs
-@@ -341,6 +343,7 @@ def test_default_calendar(coll_vdirs):
-     assert len(list(coll.get_events_on(today))) == 0
- 
- 
-+@pytest.mark.xfail
- def test_only_update_old_event(coll_vdirs, monkeypatch):
-     coll, vdirs = coll_vdirs
- 
diff --git a/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch b/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch
new file mode 100644
index 0000000000..d9f7ac6a36
--- /dev/null
+++ b/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch
@@ -0,0 +1,34 @@
+Fix an out-of-bounds heap read in Type_MLU_Read():
+
+http://seclists.org/oss-sec/2016/q3/288
+https://bugzilla.redhat.com/show_bug.cgi?id=1367357
+
+Patch copied from upstream source repository:
+
+https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
+
+From 5ca71a7bc18b6897ab21d815d15e218e204581e2 Mon Sep 17 00:00:00 2001
+From: Marti <marti.maria@tktbrainpower.com>
+Date: Mon, 15 Aug 2016 23:31:39 +0200
+Subject: [PATCH] Added an extra check to MLU bounds
+
+Thanks to Ibrahim el-sayed for spotting the bug
+---
+ src/cmstypes.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/cmstypes.c b/src/cmstypes.c
+index cb61860..c7328b9 100644
+--- a/src/cmstypes.c
++++ b/src/cmstypes.c
+@@ -1460,6 +1460,7 @@ void *Type_MLU_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU
+ 
+         // Check for overflow
+         if (Offset < (SizeOfHeader + 8)) goto Error;
++        if ((Offset + Len) > SizeOfTag + 8) goto Error;
+ 
+         // True begin of the string
+         BeginOfThisString = Offset - SizeOfHeader - 8;
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch b/gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch
new file mode 100644
index 0000000000..31eb44aefc
--- /dev/null
+++ b/gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch
@@ -0,0 +1,35 @@
+This patch deactivates some tests that fail when ldc is built with the command:
+
+./pre-inst-env guix environment guix --pure -- ./pre-inst-env guix build ldc@1.1.0-beta6
+
+When the --keep-failed flag is added to the build command above, and the tests
+run in the resulting /tmp/guix-build-ldc-1.1.0-beta6.drv-* directory, the tests
+pass.
+
+by Frederick M. Muriithi <fredmanglis@gmail.com>
+
+diff --git a/d_do_test.d b/d_do_test.d
+index aa67169..8173759 100755
+--- a/d_do_test.d
++++ b/d_do_test.d
+@@ -645,8 +645,6 @@ int main(string[] args)
+                     auto gdb_output = execute(fThisRun, command, true, result_path);
+                     if (testArgs.gdbMatch !is null)
+                     {
+-                        enforce(match(gdb_output, regex(testArgs.gdbMatch)),
+-                                "\nGDB regex: '"~testArgs.gdbMatch~"' didn't match output:\n----\n"~gdb_output~"\n----\n");
+                     }
+                 }
+             }
+diff --git a/runnable/gdb15729.sh b/runnable/gdb15729.sh
+index 1d390e0..906b2b6 100755
+--- a/runnable/gdb15729.sh
++++ b/runnable/gdb15729.sh
+@@ -21,7 +21,6 @@ if [ $OS == "linux" ]; then
+        echo RESULT=
+        p s.val
+ EOF
+-    gdb ${dir}${SEP}gdb15729 --batch -x ${dir}${SEP}gdb15729.gdb | grep 'RESULT=.*1234' || exit 1
+ fi
+ 
+ rm -f ${libname} ${dir}${SEP}{gdb15729${OBJ},gdb15729${EXE},gdb15729.gdb}
diff --git a/gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch b/gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch
new file mode 100644
index 0000000000..70dd419455
--- /dev/null
+++ b/gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch
@@ -0,0 +1,414 @@
+This patch deactivates failing tests that depend on network connectivity
+to pass in curl.d and socket.d
+It deactivates tests in path.d that assume /root
+
+A thread was started on the ldc forum to pursue the possibility of a
+version flag to deactivate tests conditionally. The thread is at
+https://forum.dlang.org/post/zmdbdgnzrxyvtpqafvyg@forum.dlang.org
+
+by Frederick M. Muriithi <fredmanglis@gmail.com>
+
+diff --git a/std/datetime.d b/std/datetime.d
+index 4d4afb1..2c91a44 100644
+--- a/std/datetime.d
++++ b/std/datetime.d
+@@ -27306,8 +27306,8 @@ public:
+         // leaving it commented out until I can sort it out.
+         //assert(equal(tzNames, tzNames.uniq()));
+ 
+-        foreach(tzName; tzNames)
+-            assertNotThrown!DateTimeException(testPZSuccess(tzName));
++        //foreach(tzName; tzNames)
++            //assertNotThrown!DateTimeException(testPZSuccess(tzName));
+     }
+ 
+ 
+@@ -29178,8 +29178,8 @@ public:
+ 
+         auto tzNames = getInstalledTZNames();
+ 
+-        foreach(tzName; tzNames)
+-            assertNotThrown!DateTimeException(testPTZSuccess(tzName));
++        //foreach(tzName; tzNames)
++            //assertNotThrown!DateTimeException(testPTZSuccess(tzName));
+ 
+         // No timezone directories on Android, just a single tzdata file
+         version(Android) {} else
+diff --git a/std/net/curl.d b/std/net/curl.d
+index 9c6af66..5fccb38 100644
+--- a/std/net/curl.d
++++ b/std/net/curl.d
+@@ -419,7 +419,7 @@ void download(Conn = AutoProtocol)(const(char)[] url, string saveToPath, Conn co
+ 
+ unittest
+ {
+-    static import std.file;
++    /*static import std.file;
+     foreach (host; [testServer.addr, "http://"~testServer.addr])
+     {
+         testServer.handle((s) {
+@@ -430,7 +430,7 @@ unittest
+         scope (exit) std.file.remove(fn);
+         download(host, fn);
+         assert(std.file.readText(fn) == "Hello world");
+-    }
++    }*/
+ }
+ 
+ /** Upload file from local files system using the HTTP or FTP protocol.
+@@ -483,7 +483,7 @@ void upload(Conn = AutoProtocol)(string loadFromPath, const(char)[] url, Conn co
+ 
+ unittest
+ {
+-    static import std.file;
++    /*static import std.file;
+     foreach (host; [testServer.addr, "http://"~testServer.addr])
+     {
+         auto fn = std.file.deleteme;
+@@ -496,7 +496,7 @@ unittest
+             s.send(httpOK());
+         });
+         upload(fn, host ~ "/path");
+-    }
++    }*/
+ }
+ 
+ /** HTTP/FTP get content.
+@@ -551,7 +551,7 @@ T[] get(Conn = AutoProtocol, T = char)(const(char)[] url, Conn conn = Conn())
+ 
+ unittest
+ {
+-    foreach (host; [testServer.addr, "http://"~testServer.addr])
++    /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+     {
+         testServer.handle((s) {
+             assert(s.recvReq.hdrs.canFind("GET /path"));
+@@ -559,7 +559,7 @@ unittest
+         });
+         auto res = get(host ~ "/path");
+         assert(res == "GETRESPONSE");
+-    }
++    }*/
+ }
+ 
+ 
+@@ -598,7 +598,7 @@ if (is(T == char) || is(T == ubyte))
+ 
+ unittest
+ {
+-    foreach (host; [testServer.addr, "http://"~testServer.addr])
++    /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+     {
+         testServer.handle((s) {
+             auto req = s.recvReq;
+@@ -608,12 +608,12 @@ unittest
+         });
+         auto res = post(host ~ "/path", "POSTBODY");
+         assert(res == "POSTRESPONSE");
+-    }
++    }*/
+ }
+ 
+ unittest
+ {
+-    auto data = new ubyte[](256);
++    /*auto data = new ubyte[](256);
+     foreach (i, ref ub; data)
+         ub = cast(ubyte)i;
+ 
+@@ -624,7 +624,7 @@ unittest
+         s.send(httpOK(cast(ubyte[])[17, 27, 35, 41]));
+     });
+     auto res = post!ubyte(testServer.addr, data);
+-    assert(res == cast(ubyte[])[17, 27, 35, 41]);
++    assert(res == cast(ubyte[])[17, 27, 35, 41]);*/
+ }
+ 
+ 
+@@ -680,7 +680,7 @@ T[] put(Conn = AutoProtocol, T = char, PutUnit)(const(char)[] url, const(PutUnit
+ 
+ unittest
+ {
+-    foreach (host; [testServer.addr, "http://"~testServer.addr])
++    /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+     {
+         testServer.handle((s) {
+             auto req = s.recvReq;
+@@ -690,7 +690,7 @@ unittest
+         });
+         auto res = put(host ~ "/path", "PUTBODY");
+         assert(res == "PUTRESPONSE");
+-    }
++    }*/
+ }
+ 
+ 
+@@ -742,7 +742,7 @@ void del(Conn = AutoProtocol)(const(char)[] url, Conn conn = Conn())
+ 
+ unittest
+ {
+-    foreach (host; [testServer.addr, "http://"~testServer.addr])
++    /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+     {
+         testServer.handle((s) {
+             auto req = s.recvReq;
+@@ -750,7 +750,7 @@ unittest
+             s.send(httpOK());
+         });
+         del(host ~ "/path");
+-    }
++    }*/
+ }
+ 
+ 
+@@ -796,13 +796,13 @@ T[] options(T = char, OptionsUnit)(const(char)[] url,
+ 
+ unittest
+ {
+-    testServer.handle((s) {
++    /*testServer.handle((s) {
+         auto req = s.recvReq;
+         assert(req.hdrs.canFind("OPTIONS /path"));
+         s.send(httpOK("OPTIONSRESPONSE"));
+     });
+     auto res = options(testServer.addr ~ "/path");
+-    assert(res == "OPTIONSRESPONSE");
++    assert(res == "OPTIONSRESPONSE");*/
+ }
+ 
+ 
+@@ -836,13 +836,13 @@ T[] trace(T = char)(const(char)[] url, HTTP conn = HTTP())
+ 
+ unittest
+ {
+-    testServer.handle((s) {
++    /*testServer.handle((s) {
+         auto req = s.recvReq;
+         assert(req.hdrs.canFind("TRACE /path"));
+         s.send(httpOK("TRACERESPONSE"));
+     });
+     auto res = trace(testServer.addr ~ "/path");
+-    assert(res == "TRACERESPONSE");
++    assert(res == "TRACERESPONSE");*/
+ }
+ 
+ 
+@@ -875,13 +875,13 @@ T[] connect(T = char)(const(char)[] url, HTTP conn = HTTP())
+ 
+ unittest
+ {
+-    testServer.handle((s) {
++    /*testServer.handle((s) {
+         auto req = s.recvReq;
+         assert(req.hdrs.canFind("CONNECT /path"));
+         s.send(httpOK("CONNECTRESPONSE"));
+     });
+     auto res = connect(testServer.addr ~ "/path");
+-    assert(res == "CONNECTRESPONSE");
++    assert(res == "CONNECTRESPONSE");*/
+ }
+ 
+ 
+@@ -919,14 +919,14 @@ T[] patch(T = char, PatchUnit)(const(char)[] url, const(PatchUnit)[] patchData,
+ 
+ unittest
+ {
+-    testServer.handle((s) {
++    /*testServer.handle((s) {
+         auto req = s.recvReq;
+         assert(req.hdrs.canFind("PATCH /path"));
+         assert(req.bdy.canFind("PATCHBODY"));
+         s.send(httpOK("PATCHRESPONSE"));
+     });
+     auto res = patch(testServer.addr ~ "/path", "PATCHBODY");
+-    assert(res == "PATCHRESPONSE");
++    assert(res == "PATCHRESPONSE");*/
+ }
+ 
+ 
+@@ -1031,19 +1031,19 @@ private auto _basicHTTP(T)(const(char)[] url, const(void)[] sendData, HTTP clien
+ 
+ unittest
+ {
+-    testServer.handle((s) {
++    /*testServer.handle((s) {
+         auto req = s.recvReq;
+         assert(req.hdrs.canFind("GET /path"));
+         s.send(httpNotFound());
+     });
+     auto e = collectException!CurlException(get(testServer.addr ~ "/path"));
+-    assert(e.msg == "HTTP request returned status code 404 (Not Found)");
++    assert(e.msg == "HTTP request returned status code 404 (Not Found)");*/
+ }
+ 
+ // Bugzilla 14760 - content length must be reset after post
+ unittest
+ {
+-    testServer.handle((s) {
++    /*testServer.handle((s) {
+         auto req = s.recvReq;
+         assert(req.hdrs.canFind("POST /"));
+         assert(req.bdy.canFind("POSTBODY"));
+@@ -1061,7 +1061,7 @@ unittest
+     auto res = post(testServer.addr, "POSTBODY", http);
+     assert(res == "POSTRESPONSE");
+     res = trace(testServer.addr, http);
+-    assert(res == "TRACERESPONSE");
++    assert(res == "TRACERESPONSE");*/
+ }
+ 
+ /*
+@@ -1265,14 +1265,14 @@ if (isCurlConn!Conn && isSomeChar!Char && isSomeChar!Terminator)
+ 
+ unittest
+ {
+-    foreach (host; [testServer.addr, "http://"~testServer.addr])
++    /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+     {
+         testServer.handle((s) {
+             auto req = s.recvReq;
+             s.send(httpOK("Line1\nLine2\nLine3"));
+         });
+         assert(byLine(host).equal(["Line1", "Line2", "Line3"]));
+-    }
++    }*/
+ }
+ 
+ /** HTTP/FTP fetch content as a range of chunks.
+@@ -1337,14 +1337,14 @@ auto byChunk(Conn = AutoProtocol)
+ 
+ unittest
+ {
+-    foreach (host; [testServer.addr, "http://"~testServer.addr])
++    /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+     {
+         testServer.handle((s) {
+             auto req = s.recvReq;
+             s.send(httpOK(cast(ubyte[])[0, 1, 2, 3, 4, 5]));
+         });
+         assert(byChunk(host, 2).equal([[0, 1], [2, 3], [4, 5]]));
+-    }
++    }*/
+ }
+ 
+ private T[] _getForRange(T,Conn)(const(char)[] url, Conn conn)
+@@ -1629,14 +1629,14 @@ auto byLineAsync(Conn = AutoProtocol, Terminator = char, Char = char)
+ 
+ unittest
+ {
+-    foreach (host; [testServer.addr, "http://"~testServer.addr])
++    /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+     {
+         testServer.handle((s) {
+             auto req = s.recvReq;
+             s.send(httpOK("Line1\nLine2\nLine3"));
+         });
+         assert(byLineAsync(host).equal(["Line1", "Line2", "Line3"]));
+-    }
++    }*/
+ }
+ 
+ 
+@@ -1778,14 +1778,14 @@ auto byChunkAsync(Conn = AutoProtocol)
+ 
+ unittest
+ {
+-    foreach (host; [testServer.addr, "http://"~testServer.addr])
++    /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+     {
+         testServer.handle((s) {
+             auto req = s.recvReq;
+             s.send(httpOK(cast(ubyte[])[0, 1, 2, 3, 4, 5]));
+         });
+         assert(byChunkAsync(host, 2).equal([[0, 1], [2, 3], [4, 5]]));
+-    }
++    }*/
+ }
+ 
+ 
+@@ -2041,7 +2041,7 @@ private mixin template Protocol()
+ 
+     unittest
+     {
+-        testServer.handle((s) {
++        /*testServer.handle((s) {
+             auto req = s.recvReq;
+             assert(req.hdrs.canFind("GET /"));
+             assert(req.hdrs.canFind("Basic dXNlcjpwYXNz"));
+@@ -2051,7 +2051,7 @@ private mixin template Protocol()
+         auto http = HTTP(testServer.addr);
+         http.onReceive = (ubyte[] data) { return data.length; };
+         http.setAuthentication("user", "pass");
+-        http.perform();
++        http.perform();*/
+     }
+ 
+     /**
+@@ -2959,7 +2959,7 @@ struct HTTP
+ 
+     unittest
+     {
+-        testServer.handle((s) {
++        /*testServer.handle((s) {
+             auto req = s.recvReq!ubyte;
+             assert(req.hdrs.canFind("POST /path"));
+             assert(req.bdy.canFind(cast(ubyte[])[0, 1, 2, 3, 4]));
+@@ -2975,7 +2975,7 @@ struct HTTP
+         ubyte[] res;
+         http.onReceive = (data) { res ~= data; return data.length; };
+         http.perform();
+-        assert(res == cast(ubyte[])[17, 27, 35, 41]);
++        assert(res == cast(ubyte[])[17, 27, 35, 41]);*/
+     }
+ 
+     /**
+diff --git a/std/path.d b/std/path.d
+index 60c844f..0598104 100644
+--- a/std/path.d
++++ b/std/path.d
+@@ -3953,8 +3953,10 @@ unittest
+         }
+         else
+         {
++/*
+             assert(expandTilde("~root") == "/root", expandTilde("~root"));
+             assert(expandTilde("~root/") == "/root/", expandTilde("~root/"));
++*/
+         }
+         assert(expandTilde("~Idontexist/hey") == "~Idontexist/hey");
+     }
+diff --git a/std/socket.d b/std/socket.d
+index 7f5a3c3..e68b881 100644
+--- a/std/socket.d
++++ b/std/socket.d
+@@ -481,15 +481,15 @@ unittest
+ {
+     softUnittest({
+         Protocol proto = new Protocol;
+-        assert(proto.getProtocolByType(ProtocolType.TCP));
++        //assert(proto.getProtocolByType(ProtocolType.TCP));
+         //writeln("About protocol TCP:");
+         //writefln("\tName: %s", proto.name);
+         // foreach(string s; proto.aliases)
+         // {
+         //      writefln("\tAlias: %s", s);
+         // }
+-        assert(proto.name == "tcp");
+-        assert(proto.aliases.length == 1 && proto.aliases[0] == "TCP");
++        //assert(proto.name == "tcp");
++        //assert(proto.aliases.length == 1 && proto.aliases[0] == "TCP");
+     });
+ }
+ 
+@@ -832,9 +832,9 @@ unittest
+     InternetHost ih = new InternetHost;
+ 
+     ih.getHostByAddr(0x7F_00_00_01);
+-    assert(ih.addrList[0] == 0x7F_00_00_01);
++    //assert(ih.addrList[0] == 0x7F_00_00_01);
+     ih.getHostByAddr("127.0.0.1");
+-    assert(ih.addrList[0] == 0x7F_00_00_01);
++    //assert(ih.addrList[0] == 0x7F_00_00_01);
+ 
+     softUnittest({
+         if (!ih.getHostByName("www.digitalmars.com"))
diff --git a/gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch b/gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch
new file mode 100644
index 0000000000..f1907d53e2
--- /dev/null
+++ b/gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch
@@ -0,0 +1,42 @@
+Fix buffer overread in libevents DNS code.
+
+Upstream bug report:
+
+https://github.com/libevent/libevent/issues/317
+
+Patch copied from upstream source repository:
+
+https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d
+
+From 3c570970516f48da35f42fef98276531fcc0abaa Mon Sep 17 00:00:00 2001
+From: Azat Khuzhin <a3at.mail@gmail.com>
+Date: Mon, 1 Feb 2016 17:32:09 +0300
+Subject: [PATCH] evdns: name_parse(): fix remote stack overread
+
+---
+ evdns.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/evdns.c b/evdns.c
+index 60b10485..137c24ea 100644
+--- a/evdns.c
++++ b/evdns.c
+@@ -960,7 +960,6 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) {
+ 
+ 	for (;;) {
+ 		u8 label_len;
+-		if (j >= length) return -1;
+ 		GET8(label_len);
+ 		if (!label_len) break;
+ 		if (label_len & 0xc0) {
+@@ -981,6 +980,7 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) {
+ 			*cp++ = '.';
+ 		}
+ 		if (cp + label_len >= end) return -1;
++		if (j + label_len > length) return -1;
+ 		memcpy(cp, packet + j, label_len);
+ 		cp += label_len;
+ 		j += label_len;
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch b/gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch
new file mode 100644
index 0000000000..c4ad0a1a4a
--- /dev/null
+++ b/gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch
@@ -0,0 +1,40 @@
+Fix OOB read on empty hostnames in evdns.
+
+Upstream bug report:
+
+https://github.com/libevent/libevent/issues/332
+
+Patch copied from upstream source repository:
+
+https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e
+
+From a0305cec166a5bc89f1eb362510cc4cd25ecc0bc Mon Sep 17 00:00:00 2001
+From: Azat Khuzhin <a3at.mail@gmail.com>
+Date: Fri, 25 Mar 2016 00:33:47 +0300
+Subject: [PATCH] evdns: fix searching empty hostnames
+
+---
+ evdns.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/evdns.c b/evdns.c
+index 137c24ea..6191c677 100644
+--- a/evdns.c
++++ b/evdns.c
+@@ -3122,9 +3122,12 @@ search_set_from_hostname(struct evdns_base *base) {
+ static char *
+ search_make_new(const struct search_state *const state, int n, const char *const base_name) {
+ 	const size_t base_len = strlen(base_name);
+-	const char need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1;
++	char need_to_append_dot;
+ 	struct search_domain *dom;
+ 
++	if (!base_len) return NULL;
++	need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1;
++
+ 	for (dom = state->head; dom; dom = dom->next) {
+ 		if (!n--) {
+ 			/* this is the postfix we want */
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch b/gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch
new file mode 100644
index 0000000000..4d16a4b917
--- /dev/null
+++ b/gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch
@@ -0,0 +1,42 @@
+Fix buffer overflow in evutil.
+
+Upstream bug report:
+
+https://github.com/libevent/libevent/issues/318
+
+Patch copied from upstream source repository:
+
+https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5
+
+From 28bdc2f3f62259d21ccaf7be2b60ef0a53e6f342 Mon Sep 17 00:00:00 2001
+From: Azat Khuzhin <a3at.mail@gmail.com>
+Date: Sun, 31 Jan 2016 00:57:16 +0300
+Subject: [PATCH] evutil_parse_sockaddr_port(): fix buffer overflow
+
+---
+ evutil.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/evutil.c b/evutil.c
+index 33445170..e2dfe6e4 100644
+--- a/evutil.c
++++ b/evutil.c
+@@ -1808,12 +1808,12 @@ evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int *
+ 
+ 	cp = strchr(ip_as_string, ':');
+ 	if (*ip_as_string == '[') {
+-		int len;
++		size_t len;
+ 		if (!(cp = strchr(ip_as_string, ']'))) {
+ 			return -1;
+ 		}
+-		len = (int) ( cp-(ip_as_string + 1) );
+-		if (len > (int)sizeof(buf)-1) {
++		len = ( cp-(ip_as_string + 1) );
++		if (len > sizeof(buf)-1) {
+ 			return -1;
+ 		}
+ 		memcpy(buf, ip_as_string+1, len);
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/libevent-2.1-dns-tests.patch b/gnu/packages/patches/libevent-2.1-dns-tests.patch
new file mode 100644
index 0000000000..091752a49d
--- /dev/null
+++ b/gnu/packages/patches/libevent-2.1-dns-tests.patch
@@ -0,0 +1,26 @@
+Disable tests that rely on usable DNS lookups, which aren't available
+in build chroots.
+
+--- libevent-2.0.21-stable/test/regress_dns.c	2013-01-20 22:32:09.000000000 +0100
++++ libevent-2.0.21-stable/test/regress_dns.c	2013-01-20 22:32:30.000000000 +0100
+@@ -2120,10 +2120,6 @@
+ 
+ struct testcase_t dns_testcases[] = {
+ 	DNS_LEGACY(server, TT_FORK|TT_NEED_BASE),
+-	DNS_LEGACY(gethostbyname, TT_FORK|TT_NEED_BASE|TT_NEED_DNS|TT_OFF_BY_DEFAULT),
+-	DNS_LEGACY(gethostbyname6, TT_FORK|TT_NEED_BASE|TT_NEED_DNS|TT_OFF_BY_DEFAULT),
+-	DNS_LEGACY(gethostbyaddr, TT_FORK|TT_NEED_BASE|TT_NEED_DNS|TT_OFF_BY_DEFAULT),
+-	{ "resolve_reverse", dns_resolve_reverse, TT_FORK|TT_OFF_BY_DEFAULT, NULL, NULL },
+ 	{ "search_empty", dns_search_empty_test, TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
+ 	{ "search", dns_search_test, TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
+ 	{ "search_lower", dns_search_lower_test, TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
+@@ -2163,9 +2159,6 @@
+ 
+ 	{ "client_fail_requests", dns_client_fail_requests_test,
+ 	  TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
+-	{ "client_fail_requests_getaddrinfo",
+-	  dns_client_fail_requests_getaddrinfo_test,
+-	  TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
+ 
+ 	END_OF_TESTCASES
+ };
diff --git a/gnu/packages/patches/libevent-2.1-skip-failing-test.patch b/gnu/packages/patches/libevent-2.1-skip-failing-test.patch
new file mode 100644
index 0000000000..d9ea1d422d
--- /dev/null
+++ b/gnu/packages/patches/libevent-2.1-skip-failing-test.patch
@@ -0,0 +1,24 @@
+These fail on 32-bit due to an overflow bug in the test program.
+
+See test/regress_util.c:1448.
+
+Upstream bug URL:
+
+https://github.com/libevent/libevent/issues/452
+
+diff --git a/test/regress_util.c b/test/regress_util.c
+index ef6a1487..4de501fc 100644
+--- a/test/regress_util.c
++++ b/test/regress_util.c
+@@ -1413,9 +1413,9 @@ static struct date_rfc1123_case {
+ 	{  1323648000, "Mon, 12 Dec 2011 00:00:00 GMT"},
+ #ifndef _WIN32
+ 	/** In win32 case we have max   "23:59:59 January 18, 2038, UTC" for time32 */
+-	{  4294967296, "Sun, 07 Feb 2106 06:28:16 GMT"} /* 2^32 */,
++	//{  4294967296, "Sun, 07 Feb 2106 06:28:16 GMT"} /* 2^32 */,
+ 	/** In win32 case we have max "23:59:59, December 31, 3000, UTC" for time64 */
+-	{253402300799, "Fri, 31 Dec 9999 23:59:59 GMT"} /* long long future no one can imagine */,
++	//{253402300799, "Fri, 31 Dec 9999 23:59:59 GMT"} /* long long future no one can imagine */,
+ 	{  1456704000, "Mon, 29 Feb 2016 00:00:00 GMT"} /* leap year */,
+ #endif
+ 	{  1435708800, "Wed, 01 Jul 2015 00:00:00 GMT"} /* leap second */,
diff --git a/gnu/packages/patches/libtiff-CVE-2017-5225.patch b/gnu/packages/patches/libtiff-CVE-2017-5225.patch
new file mode 100644
index 0000000000..3158b49360
--- /dev/null
+++ b/gnu/packages/patches/libtiff-CVE-2017-5225.patch
@@ -0,0 +1,86 @@
+Fix CVE-2017-5225 (Heap based buffer overflow in tools/tiffcp):
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2656
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5225
+https://security-tracker.debian.org/tracker/CVE-2017-5225
+
+2017-01-11 Even Rouault <even.rouault at spatialys.com>
+
+        * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow and
+        cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based
+overflow.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and
+        http://bugzilla.maptools.org/show_bug.cgi?id=2657
+
+
+less C/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
+new revision: 1.1210; previous revision: 1.1209
+/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
+new revision: 1.61; previous revision: 1.60
+
+Index: libtiff/tools/tiffcp.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
+retrieving revision 1.60
+retrieving revision 1.61
+diff -u -r1.60 -r1.61
+--- libtiff/tools/tiffcp.c	3 Dec 2016 16:50:02 -0000	1.60
++++ libtiff/tools/tiffcp.c	11 Jan 2017 19:26:14 -0000	1.61
+#@@ -1,4 +1,4 @@
+#-/* $Id: tiffcp.c,v 1.60 2016-12-03 16:50:02 erouault Exp $ */
+#+/* $Id: tiffcp.c,v 1.61 2017-01-11 19:26:14 erouault Exp $ */
+# 
+# /*
+#  * Copyright (c) 1988-1997 Sam Leffler
+@@ -591,7 +591,7 @@
+ static int
+ tiffcp(TIFF* in, TIFF* out)
+ {
+-	uint16 bitspersample, samplesperpixel = 1;
++	uint16 bitspersample = 1, samplesperpixel = 1;
+ 	uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK;
+ 	copyFunc cf;
+ 	uint32 width, length;
+@@ -1067,6 +1067,16 @@
+ 	register uint32 n;
+ 	uint32 row;
+ 	tsample_t s;
++        uint16 bps = 0;
++
++        (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
++        if( bps != 8 )
++        {
++            TIFFError(TIFFFileName(in),
++                      "Error, can only handle BitsPerSample=8 in %s",
++                      "cpContig2SeparateByRow");
++            return 0;
++        }
+ 
+ 	inbuf = _TIFFmalloc(scanlinesizein);
+ 	outbuf = _TIFFmalloc(scanlinesizeout);
+@@ -1120,6 +1130,16 @@
+ 	register uint32 n;
+ 	uint32 row;
+ 	tsample_t s;
++        uint16 bps = 0;
++
++        (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
++        if( bps != 8 )
++        {
++            TIFFError(TIFFFileName(in),
++                      "Error, can only handle BitsPerSample=8 in %s",
++                      "cpSeparate2ContigByRow");
++            return 0;
++        }
+ 
+ 	inbuf = _TIFFmalloc(scanlinesizein);
+ 	outbuf = _TIFFmalloc(scanlinesizeout);
+@@ -1784,7 +1804,7 @@
+ 	uint32 w, l, tw, tl;
+ 	int bychunk;
+ 
+-	(void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv);
++	(void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv);
+ 	if (shortv != config && bitspersample != 8 && samplesperpixel > 1) {
+ 		fprintf(stderr,
+ 		    "%s: Cannot handle different planar configuration w/ bits/sample != 8\n",
diff --git a/gnu/packages/patches/libupnp-CVE-2016-6255.patch b/gnu/packages/patches/libupnp-CVE-2016-6255.patch
deleted file mode 100644
index c9a3fa284c..0000000000
--- a/gnu/packages/patches/libupnp-CVE-2016-6255.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-Fix CVE-2016-6255:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6255
-http://www.openwall.com/lists/oss-security/2016/07/18/13
-
-Patch adapted from upstream commit:
-
-https://github.com/mrjimenez/pupnp/commit/d64d6a44906b5aa5306bdf1708531d698654dda5
-
-The upstream change is simplified to unconditionally disable the HTTP
-POST feature.
-
-From d64d6a44906b5aa5306bdf1708531d698654dda5 Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <mjg59@srcf.ucam.org>
-Date: Tue, 23 Feb 2016 13:53:20 -0800
-Subject: [PATCH] Don't allow unhandled POSTs to write to the filesystem by
- default
-
-If there's no registered handler for a POST request, the default behaviour
-is to write it to the filesystem. Several million deployed devices appear
-to have this behaviour, making it possible to (at least) store arbitrary
-data on them. Add a configure option that enables this behaviour, and change
-the default to just drop POSTs that aren't directly handled.
-
-Signed-off-by: Marcelo Roberto Jimenez <mroberto@users.sourceforge.net>
-(cherry picked from commit c91a8a3903367e1163765b73eb4d43be7d7927fa)
----
- configure.ac                         | 9 +++++++++
- upnp/inc/upnpconfig.h.in             | 9 +++++++++
- upnp/src/genlib/net/http/webserver.c | 4 ++++
- 3 files changed, 22 insertions(+)
-
-diff --git a/upnp/src/genlib/net/http/webserver.c b/upnp/src/genlib/net/http/webserver.c
-index 26bf0f7..7ae8c1e 100644
---- a/upnp/src/genlib/net/http/webserver.c
-+++ b/upnp/src/genlib/net/http/webserver.c
-@@ -1367,9 +1367,13 @@ static int http_RecvPostMessage(
- 		if (Fp == NULL)
- 			return HTTP_INTERNAL_SERVER_ERROR;
- 	} else {
-+#if 0
- 		Fp = fopen(filename, "wb");
- 		if (Fp == NULL)
- 			return HTTP_UNAUTHORIZED;
-+#else
-+		return HTTP_NOT_FOUND;
-+#endif
- 	}
- 	parser->position = POS_ENTITY;
- 	do {
diff --git a/gnu/packages/patches/libupnp-CVE-2016-8863.patch b/gnu/packages/patches/libupnp-CVE-2016-8863.patch
deleted file mode 100644
index 9978b39487..0000000000
--- a/gnu/packages/patches/libupnp-CVE-2016-8863.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-Fix CVE-2016-8863:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863
-https://sourceforge.net/p/pupnp/bugs/133/
-
-Patch copied from upstream source repository:
-
-https://sourceforge.net/p/pupnp/code/ci/9c099c2923ab4d98530ab5204af1738be5bddba7/
-
-From 9c099c2923ab4d98530ab5204af1738be5bddba7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <ukleinek@debian.org>
-Date: Thu, 8 Dec 2016 17:11:53 +0100
-Subject: [PATCH] Fix out-of-bound access in create_url_list() (CVE-2016-8863)
-
-If there is an invalid URL in URLS->buf after a valid one, uri_parse is
-called with out pointing after the allocated memory. As uri_parse writes
-to *out before returning an error the loop in create_url_list must be
-stopped early to prevent an out-of-bound access
-
-Bug: https://sourceforge.net/p/pupnp/bugs/133/
-Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863
-Bug-Debian: https://bugs.debian.org/842093
-Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=1388771
-(cherry picked from commit a0f6e719bc03c4d2fe6a4a42ef6b8761446f520b)
----
- upnp/src/gena/gena_device.c | 17 ++++++++++++-----
- 1 file changed, 12 insertions(+), 5 deletions(-)
-
-diff --git a/upnp/src/gena/gena_device.c b/upnp/src/gena/gena_device.c
-index fb04a29..245c56b 100644
---- a/upnp/src/gena/gena_device.c
-+++ b/upnp/src/gena/gena_device.c
-@@ -1113,7 +1113,7 @@ static int create_url_list(
- 	/*! [out] . */
- 	URL_list *out)
- {
--    size_t URLcount = 0;
-+    size_t URLcount = 0, URLcount2 = 0;
-     size_t i;
-     int return_code = 0;
-     uri_type temp;
-@@ -1155,16 +1155,23 @@ static int create_url_list(
-         }
-         memcpy( out->URLs, URLS->buff, URLS->size );
-         out->URLs[URLS->size] = 0;
--        URLcount = 0;
-         for( i = 0; i < URLS->size; i++ ) {
-             if( ( URLS->buff[i] == '<' ) && ( i + 1 < URLS->size ) ) {
-                 if( ( ( return_code =
-                         parse_uri( &out->URLs[i + 1], URLS->size - i + 1,
--                                   &out->parsedURLs[URLcount] ) ) ==
-+                                   &out->parsedURLs[URLcount2] ) ) ==
-                       HTTP_SUCCESS )
--                    && ( out->parsedURLs[URLcount].hostport.text.size !=
-+                    && ( out->parsedURLs[URLcount2].hostport.text.size !=
-                          0 ) ) {
--                    URLcount++;
-+                    URLcount2++;
-+                    if (URLcount2 >= URLcount)
-+                        /*
-+                         * break early here in case there is a bogus URL that
-+                         * was skipped above. This prevents to access
-+                         * out->parsedURLs[URLcount] which is beyond the
-+                         * allocation.
-+                         */
-+                        break;
-                 } else {
-                     if( return_code == UPNP_E_OUTOF_MEMORY ) {
-                         free( out->URLs );
--- 
-2.11.0
-
diff --git a/gnu/packages/patches/libvpx-CVE-2016-2818.patch b/gnu/packages/patches/libvpx-CVE-2016-2818.patch
index 1fdf01cbca..bef3448b81 100644
--- a/gnu/packages/patches/libvpx-CVE-2016-2818.patch
+++ b/gnu/packages/patches/libvpx-CVE-2016-2818.patch
@@ -9,15 +9,15 @@ Patch contents copied from Mozilla esr45 changeset 312077:7ebfe49f001c
 
 --- libvpx-1.5.0/vp8/vp8_cx_iface.c.orig	2015-11-09 17:12:38.000000000 -0500
 +++ libvpx-1.5.0/vp8/vp8_cx_iface.c	2016-06-08 08:48:46.037213092 -0400
-@@ -925,11 +925,19 @@
-         {
-             res = image2yuvconfig(img, &sd);
+@@ -860,11 +860,20 @@
+     if (img != NULL) {
+       res = image2yuvconfig(img, &sd);
  
--            if (vp8_receive_raw_frame(ctx->cpi, ctx->next_frame_flag | lib_flags,
--                                      &sd, dst_time_stamp, dst_end_time_stamp))
--            {
--                VP8_COMP *cpi = (VP8_COMP *)ctx->cpi;
--                res = update_error_state(ctx, &cpi->common.error);
+-      if (vp8_receive_raw_frame(ctx->cpi, ctx->next_frame_flag | lib_flags, &sd,
+-                                dst_time_stamp, dst_end_time_stamp)) {
+-        VP8_COMP *cpi = (VP8_COMP *)ctx->cpi;
+-        res = update_error_state(ctx, &cpi->common.error);
+-      }
 +            if (sd.y_width != ctx->cfg.g_w || sd.y_height != ctx->cfg.g_h) {
 +                /* from vp8_encoder.h for g_w/g_h:
 +                   "Note that the frames passed as input to the encoder must have this resolution"
@@ -31,6 +31,7 @@ Patch contents copied from Mozilla esr45 changeset 312077:7ebfe49f001c
 +                    VP8_COMP *cpi = (VP8_COMP *)ctx->cpi;
 +                    res = update_error_state(ctx, &cpi->common.error);
 +                }
-             }
++            }
  
-             /* reset for next frame */
+       /* reset for next frame */
+       ctx->next_frame_flag = 0;
diff --git a/gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch b/gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch
new file mode 100644
index 0000000000..e752e57ec5
--- /dev/null
+++ b/gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch
@@ -0,0 +1,188 @@
+Fix CVE-2016-10132:
+
+https://bugs.ghostscript.com/show_bug.cgi?id=697381
+http://seclists.org/oss-sec/2017/q1/74
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10132
+
+Patch lifted from upstream source repository:
+
+http://git.ghostscript.com/?p=mujs.git;h=fd003eceda531e13fbdd1aeb6e9c73156496e569
+
+From fd003eceda531e13fbdd1aeb6e9c73156496e569 Mon Sep 17 00:00:00 2001
+From: Tor Andersson <tor@ccxvii.net>
+Date: Fri, 2 Dec 2016 14:56:20 -0500
+Subject: [PATCH] Fix 697381: check allocation when compiling regular
+ expressions.
+
+Also use allocator callback function.
+---
+ thirdparty/mujs/jsgc.c     |  2 +-
+ thirdparty/mujs/jsregexp.c |  2 +-
+ thirdparty/mujs/jsstate.c  |  6 ------
+ thirdparty/mujs/regexp.c   | 45 +++++++++++++++++++++++++++++++++++----------
+ thirdparty/mujs/regexp.h   |  7 +++++++
+ 5 files changed, 44 insertions(+), 18 deletions(-)
+
+diff --git a/thirdparty/mujs/jsgc.c b/thirdparty/mujs/jsgc.c
+index 4f7e7dc..f80111e 100644
+--- a/thirdparty/mujs/jsgc.c
++++ b/thirdparty/mujs/jsgc.c
+@@ -46,7 +46,7 @@ static void jsG_freeobject(js_State *J, js_Object *obj)
+ 		jsG_freeproperty(J, obj->head);
+ 	if (obj->type == JS_CREGEXP) {
+ 		js_free(J, obj->u.r.source);
+-		js_regfree(obj->u.r.prog);
++		js_regfreex(J->alloc, J->actx, obj->u.r.prog);
+ 	}
+ 	if (obj->type == JS_CITERATOR)
+ 		jsG_freeiterator(J, obj->u.iter.head);
+diff --git a/thirdparty/mujs/jsregexp.c b/thirdparty/mujs/jsregexp.c
+index a2d5156..7b09c06 100644
+--- a/thirdparty/mujs/jsregexp.c
++++ b/thirdparty/mujs/jsregexp.c
+@@ -16,7 +16,7 @@ void js_newregexp(js_State *J, const char *pattern, int flags)
+ 	if (flags & JS_REGEXP_I) opts |= REG_ICASE;
+ 	if (flags & JS_REGEXP_M) opts |= REG_NEWLINE;
+ 
+-	prog = js_regcomp(pattern, opts, &error);
++	prog = js_regcompx(J->alloc, J->actx, pattern, opts, &error);
+ 	if (!prog)
+ 		js_syntaxerror(J, "regular expression: %s", error);
+ 
+diff --git a/thirdparty/mujs/jsstate.c b/thirdparty/mujs/jsstate.c
+index 638cab3..fd5bcf6 100644
+--- a/thirdparty/mujs/jsstate.c
++++ b/thirdparty/mujs/jsstate.c
+@@ -9,12 +9,6 @@
+ 
+ static void *js_defaultalloc(void *actx, void *ptr, int size)
+ {
+-	if (size == 0) {
+-		free(ptr);
+-		return NULL;
+-	}
+-	if (!ptr)
+-		return malloc((size_t)size);
+ 	return realloc(ptr, (size_t)size);
+ }
+ 
+diff --git a/thirdparty/mujs/regexp.c b/thirdparty/mujs/regexp.c
+index 9852be2..01c18a3 100644
+--- a/thirdparty/mujs/regexp.c
++++ b/thirdparty/mujs/regexp.c
+@@ -807,23 +807,31 @@ static void dumpprog(Reprog *prog)
+ }
+ #endif
+ 
+-Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
++Reprog *regcompx(void *(*alloc)(void *ctx, void *p, int n), void *ctx,
++	const char *pattern, int cflags, const char **errorp)
+ {
+ 	struct cstate g;
+ 	Renode *node;
+ 	Reinst *split, *jump;
+ 	int i;
+ 
+-	g.prog = malloc(sizeof (Reprog));
+-	g.pstart = g.pend = malloc(sizeof (Renode) * strlen(pattern) * 2);
++	g.pstart = NULL;
++	g.prog = NULL;
+ 
+ 	if (setjmp(g.kaboom)) {
+ 		if (errorp) *errorp = g.error;
+-		free(g.pstart);
+-		free(g.prog);
++		alloc(ctx, g.pstart, 0);
++		alloc(ctx, g.prog, 0);
+ 		return NULL;
+ 	}
+ 
++	g.prog = alloc(ctx, NULL, sizeof (Reprog));
++	if (!g.prog)
++		die(&g, "cannot allocate regular expression");
++	g.pstart = g.pend = alloc(ctx, NULL, sizeof (Renode) * strlen(pattern) * 2);
++	if (!g.pstart)
++		die(&g, "cannot allocate regular expression parse list");
++
+ 	g.source = pattern;
+ 	g.ncclass = 0;
+ 	g.nsub = 1;
+@@ -840,7 +848,9 @@ Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
+ 		die(&g, "syntax error");
+ 
+ 	g.prog->nsub = g.nsub;
+-	g.prog->start = g.prog->end = malloc((count(node) + 6) * sizeof (Reinst));
++	g.prog->start = g.prog->end = alloc(ctx, NULL, (count(node) + 6) * sizeof (Reinst));
++	if (!g.prog->start)
++		die(&g, "cannot allocate regular expression instruction list");
+ 
+ 	split = emit(g.prog, I_SPLIT);
+ 	split->x = split + 3;
+@@ -859,20 +869,35 @@ Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
+ 	dumpprog(g.prog);
+ #endif
+ 
+-	free(g.pstart);
++	alloc(ctx, g.pstart, 0);
+ 
+ 	if (errorp) *errorp = NULL;
+ 	return g.prog;
+ }
+ 
+-void regfree(Reprog *prog)
++void regfreex(void *(*alloc)(void *ctx, void *p, int n), void *ctx, Reprog *prog)
+ {
+ 	if (prog) {
+-		free(prog->start);
+-		free(prog);
++		alloc(ctx, prog->start, 0);
++		alloc(ctx, prog, 0);
+ 	}
+ }
+ 
++static void *default_alloc(void *ctx, void *p, int n)
++{
++	return realloc(p, (size_t)n);
++}
++
++Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
++{
++	return regcompx(default_alloc, NULL, pattern, cflags, errorp);
++}
++
++void regfree(Reprog *prog)
++{
++	regfreex(default_alloc, NULL, prog);
++}
++
+ /* Match */
+ 
+ static int isnewline(int c)
+diff --git a/thirdparty/mujs/regexp.h b/thirdparty/mujs/regexp.h
+index 4bb4615..6bb73e8 100644
+--- a/thirdparty/mujs/regexp.h
++++ b/thirdparty/mujs/regexp.h
+@@ -1,6 +1,8 @@
+ #ifndef regexp_h
+ #define regexp_h
+ 
++#define regcompx js_regcompx
++#define regfreex js_regfreex
+ #define regcomp js_regcomp
+ #define regexec js_regexec
+ #define regfree js_regfree
+@@ -8,6 +10,11 @@
+ typedef struct Reprog Reprog;
+ typedef struct Resub Resub;
+ 
++Reprog *regcompx(void *(*alloc)(void *ctx, void *p, int n), void *ctx,
++	const char *pattern, int cflags, const char **errorp);
++void regfreex(void *(*alloc)(void *ctx, void *p, int n), void *ctx,
++	Reprog *prog);
++
+ Reprog *regcomp(const char *pattern, int cflags, const char **errorp);
+ int regexec(Reprog *prog, const char *string, Resub *sub, int eflags);
+ void regfree(Reprog *prog);
+-- 
+2.9.1
+
diff --git a/gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch b/gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch
new file mode 100644
index 0000000000..d73849262c
--- /dev/null
+++ b/gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch
@@ -0,0 +1,36 @@
+Fix CVE-2016-10133:
+
+https://bugs.ghostscript.com/show_bug.cgi?id=697401
+http://seclists.org/oss-sec/2017/q1/74
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10133
+
+Patch lifted from upstream source repository:
+
+https://git.ghostscript.com/?p=mujs.git;h=77ab465f1c394bb77f00966cd950650f3f53cb24
+
+From 77ab465f1c394bb77f00966cd950650f3f53cb24 Mon Sep 17 00:00:00 2001
+From: Tor Andersson <tor.andersson@gmail.com>
+Date: Thu, 12 Jan 2017 14:47:01 +0100
+Subject: [PATCH] Fix 697401: Error when dropping extra arguments to
+ lightweight functions.
+
+---
+ thirdparty/mujs/jsrun.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/thirdparty/mujs/jsrun.c b/thirdparty/mujs/jsrun.c
+index ee80845..782a6f9 100644
+--- a/thirdparty/mujs/jsrun.c
++++ b/thirdparty/mujs/jsrun.c
+@@ -937,7 +937,7 @@ static void jsR_calllwfunction(js_State *J, int n, js_Function *F, js_Environmen
+ 	jsR_savescope(J, scope);
+ 
+ 	if (n > F->numparams) {
+-		js_pop(J, F->numparams - n);
++		js_pop(J, n - F->numparams);
+ 		n = F->numparams;
+ 	}
+ 	for (i = n; i < F->varlen; ++i)
+-- 
+2.9.1
+
diff --git a/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch
new file mode 100644
index 0000000000..6edd676e38
--- /dev/null
+++ b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch
@@ -0,0 +1,42 @@
+Fix CVE-2017-0358:
+http://seclists.org/oss-sec/2017/q1/259
+This patch was copied from the above URL.
+
+diff -ur ntfs-3g.old/src/lowntfs-3g.c ntfs-3g/src/lowntfs-3g.c
+--- ntfs-3g.old/src/lowntfs-3g.c	2017-02-09 15:01:04.074331542 -0500
++++ ntfs-3g/src/lowntfs-3g.c	2017-02-09 15:06:35.757580937 -0500
+@@ -3827,13 +3827,14 @@
+	struct stat st;
+	pid_t pid;
+	const char *cmd = "/sbin/modprobe";
++	char *env = (char*)NULL;
+	struct timespec req = { 0, 100000000 };   /* 100 msec */
+	fuse_fstype fstype;
+        
+	if (!stat(cmd, &st) && !geteuid()) {
+		pid = fork();
+		if (!pid) {
+-			execl(cmd, cmd, "fuse", NULL);
++			execle(cmd, cmd, "fuse", NULL, &env);
+			_exit(1);
+		} else if (pid != -1)
+			waitpid(pid, NULL, 0);
+diff -ur ntfs-3g.old/src/ntfs-3g.c ntfs-3g/src/ntfs-3g.c
+--- ntfs-3g.old/src/ntfs-3g.c	2017-02-09 15:01:04.074331542 -0500
++++ ntfs-3g/src/ntfs-3g.c	2017-02-09 15:06:26.077252571 -0500
+@@ -3612,13 +3612,14 @@
+	struct stat st;
+	pid_t pid;
+	const char *cmd = "/sbin/modprobe";
++	char *env = (char*)NULL;
+	struct timespec req = { 0, 100000000 };   /* 100 msec */
+	fuse_fstype fstype;
+	
+	if (!stat(cmd, &st) && !geteuid()) {
+		pid = fork();
+		if (!pid) {
+-			execl(cmd, cmd, "fuse", NULL);
++			execle(cmd, cmd, "fuse", NULL, &env);
+			_exit(1);
+		} else if (pid != -1)
+			waitpid(pid, NULL, 0);
diff --git a/gnu/packages/patches/omake-fix-non-determinism.patch b/gnu/packages/patches/omake-fix-non-determinism.patch
new file mode 100644
index 0000000000..813ce3cd7d
--- /dev/null
+++ b/gnu/packages/patches/omake-fix-non-determinism.patch
@@ -0,0 +1,41 @@
+From 2e7e254160506dc00f1beabf170512a8e932934b Mon Sep 17 00:00:00 2001
+From: Julien Lepiller <julien@lepiller.eu>
+Date: Sat, 31 Dec 2016 15:43:38 +0100
+Subject: [PATCH] fix build date in binary
+
+---
+ src/magic/omake_gen_magic.ml | 12 ++----------
+ 1 file changed, 2 insertions(+), 10 deletions(-)
+
+diff --git a/src/magic/omake_gen_magic.ml b/src/magic/omake_gen_magic.ml
+index b2419ba..fad52f5 100644
+--- a/src/magic/omake_gen_magic.ml
++++ b/src/magic/omake_gen_magic.ml
+@@ -150,7 +150,7 @@ let ir_magic = "%s"
+ let obj_magic = "%s"
+ let lib_dir = "%s"
+ let version = "%s"
+-let version_message = "OMake %s:\\n\\tbuild [%s %s %d %02d:%02d:%02d %d]\\n\\ton %s"
++let version_message = "OMake %s"
+ |}
+        default_save_interval
+        digest_len
+@@ -160,15 +160,7 @@ let version_message = "OMake %s:\\n\\tbuild [%s %s %d %02d:%02d:%02d %d]\\n\\ton
+        (digest_files ".omo.magic" ".omo" omo_files)
+        (String.escaped libdir)
+        (String.escaped (shorten_version version))
+-       (String.escaped version)
+-       [|"Sun"; "Mon"; "Tue"; "Wed"; "Thu"; "Fri"; "Sat"|].(tm.tm_wday)
+-       [|"Jan"; "Feb"; "Mar"; "Apr"; "May"; "Jun"; "Jul"; "Aug"; "Sep"; "Oct"; "Nov"; "Dec"|].(tm.tm_mon)
+-       tm.tm_mday
+-       tm.tm_hour
+-       tm.tm_min
+-       tm.tm_sec
+-       (tm.tm_year + 1900)
+-       (String.escaped (Unix.gethostname ()));
++       (String.escaped version);
+   List.iter
+     (fun (name,value) ->
+        Printf.fprintf buf "let %s = %S\n" name value
+--
+2.11.0
diff --git a/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch b/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch
new file mode 100644
index 0000000000..545b5d0a71
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch
@@ -0,0 +1,233 @@
+Fix CVE-2016-9572 and CVE-2016-9573:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9572
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573
+
+Patch copied from 3rd-party repository:
+
+https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d
+
+From 7b28bd2b723df6be09fe7791eba33147c1c47d0d Mon Sep 17 00:00:00 2001
+From: szukw000 <szukw000@arcor.de>
+Date: Mon, 28 Nov 2016 21:57:20 +0100
+Subject: [PATCH] Changes for issues #863 and #862
+
+---
+ src/bin/jp2/convert.c        | 59 +++++++++++++++++++++++++++++++++++++++-----
+ src/bin/jp2/convertbmp.c     | 29 +++++++++++++++++++++-
+ src/bin/jp2/opj_decompress.c |  2 +-
+ src/lib/openjp2/j2k.c        | 11 ++++++---
+ 4 files changed, 90 insertions(+), 11 deletions(-)
+
+diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
+index deee4f6..6a3f65b 100644
+--- a/src/bin/jp2/convert.c
++++ b/src/bin/jp2/convert.c
+@@ -906,7 +906,8 @@ int imagetotga(opj_image_t * image, const char *outfile) {
+     for (i = 0; i < image->numcomps-1; i++)	{
+         if ((image->comps[0].dx != image->comps[i+1].dx)
+                 ||(image->comps[0].dy != image->comps[i+1].dy)
+-                ||(image->comps[0].prec != image->comps[i+1].prec))	{
++                ||(image->comps[0].prec != image->comps[i+1].prec)
++				||(image->comps[0].sgnd != image->comps[i+1].sgnd))	{
+             fclose(fdest);
+             fprintf(stderr, "Unable to create a tga file with such J2K image charateristics.");
+             return 1;
+@@ -1743,7 +1744,7 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
+     int *red, *green, *blue, *alpha;
+     int wr, hr, max;
+     int i;
+-    unsigned int compno, ncomp;
++    unsigned int compno, ncomp, ui;
+     int adjustR, adjustG, adjustB, adjustA;
+     int fails, two, want_gray, has_alpha, triple;
+     int prec, v;
+@@ -1768,6 +1769,27 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
+ 
+     if(want_gray) ncomp = 1;
+ 
++    for (ui = 1; ui < ncomp; ++ui) {
++        if (image->comps[0].dx != image->comps[ui].dx) {
++            break;
++        }
++        if (image->comps[0].dy != image->comps[ui].dy) {
++            break;
++        }
++        if (image->comps[0].prec != image->comps[ui].prec) {
++            break;
++        }
++        if (image->comps[0].sgnd != image->comps[ui].sgnd) {
++            break;
++        }
++    }
++    if (ui != ncomp) {
++        fprintf(stderr,"imagetopnm: All components\n    shall have "
++         "the same subsampling, same bit depth, same sign.\n"
++         "    Aborting\n");
++        return 1;
++    }
++
+     if ((force_split == 0) &&
+ 				(ncomp == 2 /* GRAYA */
+             || (ncomp > 2 /* RGB, RGBA */
+@@ -2126,7 +2148,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
+ {
+     FILE *rawFile = NULL;
+     size_t res;
+-    unsigned int compno;
++    unsigned int compno, numcomps;
+     int w, h, fails;
+     int line, row, curr, mask;
+     int *ptr;
+@@ -2139,6 +2161,31 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
+         return 1;
+     }
+ 
++    numcomps = image->numcomps;
++
++    if (numcomps > 4) {
++        numcomps = 4;
++    }
++    for (compno = 1; compno < numcomps; ++compno) {
++        if (image->comps[0].dx != image->comps[compno].dx) {
++            break;
++        }
++        if (image->comps[0].dy != image->comps[compno].dy) {
++            break;
++        }
++        if (image->comps[0].prec != image->comps[compno].prec) {
++            break;
++        }
++        if (image->comps[0].sgnd != image->comps[compno].sgnd) {
++            break;
++        }
++    }
++    if (compno != numcomps) {
++        fprintf(stderr,"imagetoraw_common: All components shall have the same subsampling, same bit depth, same sign.\n");
++        fprintf(stderr,"\tAborting\n");
++        return 1;
++    }
++
+     rawFile = fopen(outfile, "wb");
+     if (!rawFile) {
+         fprintf(stderr, "Failed to open %s for writing !!\n", outfile);
+@@ -2146,9 +2193,9 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
+     }
+ 
+     fails = 1;
+-    fprintf(stdout,"Raw image characteristics: %d components\n", image->numcomps);
++    fprintf(stdout,"Raw image characteristics: %d components\n", numcomps);
+ 
+-    for(compno = 0; compno < image->numcomps; compno++)
++    for(compno = 0; compno < numcomps; compno++)
+     {
+         fprintf(stdout,"Component %u characteristics: %dx%dx%d %s\n", compno, image->comps[compno].w,
+                 image->comps[compno].h, image->comps[compno].prec, image->comps[compno].sgnd==1 ? "signed": "unsigned");
+@@ -2238,7 +2285,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
+         }
+         else if (image->comps[compno].prec <= 32)
+         {
+-            fprintf(stderr,"More than 16 bits per component no handled yet\n");
++            fprintf(stderr,"More than 16 bits per component not handled yet\n");
+             goto fin;
+         }
+         else
+diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
+index ae83077..8017ba8 100644
+--- a/src/bin/jp2/convertbmp.c
++++ b/src/bin/jp2/convertbmp.c
+@@ -806,8 +806,35 @@ int imagetobmp(opj_image_t * image, const char *outfile) {
+     FILE *fdest = NULL;
+     int adjustR, adjustG, adjustB;
+ 
++   {
++    unsigned int ui, ncomp = image->numcomps;
++
++    if (ncomp > 4) { /* RGBA in bmpmask32toimage */
++        ncomp = 4;
++    }
++    for (ui = 1; ui < ncomp; ++ui) {
++        if (image->comps[0].dx != image->comps[ui].dx) {
++            break;
++        }
++        if (image->comps[0].dy != image->comps[ui].dy) {
++            break;
++        }
++        if (image->comps[0].prec != image->comps[ui].prec) {
++            break;
++        }
++        if (image->comps[0].sgnd != image->comps[ui].sgnd) {
++            break;
++        }
++    }
++    if (ui != ncomp) {
++        fprintf(stderr,"imagetobmp: All components shall have the same subsampling, same bit depth, same sign.\n");
++        fprintf(stderr,"\tAborting\n");
++        return 1;
++    }
++
++   }
+     if (image->comps[0].prec < 8) {
+-        fprintf(stderr, "Unsupported number of components: %d\n", image->comps[0].prec);
++        fprintf(stderr, "imagetobmp: Unsupported precision: %d\n", image->comps[0].prec);
+         return 1;
+     }
+     if (image->numcomps >= 3 && image->comps[0].dx == image->comps[1].dx
+diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
+index 83160c3..c30079b 100644
+--- a/src/bin/jp2/opj_decompress.c
++++ b/src/bin/jp2/opj_decompress.c
+@@ -1607,7 +1607,7 @@ int main(int argc, char **argv)
+ 		if(dirptr->filename_buf) free(dirptr->filename_buf);
+ 		free(dirptr);
+ 	}
+-	if (numDecompressedImages) {
++	if (numDecompressedImages && !failed) {
+ 		fprintf(stdout, "decode time: %d ms\n", (int)( (tCumulative * 1000.0) / (OPJ_FLOAT64)numDecompressedImages));
+ 	}
+ 	return failed ? EXIT_FAILURE : EXIT_SUCCESS;
+diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
+index 66802bb..b6daa32 100644
+--- a/src/lib/openjp2/j2k.c
++++ b/src/lib/openjp2/j2k.c
+@@ -2158,7 +2158,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
+                                   i, l_img_comp->dx, l_img_comp->dy);
+                     return OPJ_FALSE;
+                 }
+-                if( l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */
++                if( l_img_comp->prec < 1 || l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */
+                     opj_event_msg(p_manager, EVT_ERROR,
+                                   "Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n",
+                                   i, l_img_comp->prec);
+@@ -10029,7 +10029,11 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k,
+         /* Move data and copy one information from codec to output image*/
+         for (compno = 0; compno < p_image->numcomps; compno++) {
+                 p_image->comps[compno].resno_decoded = p_j2k->m_output_image->comps[compno].resno_decoded;
+-                p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
++		p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
++
++		if(p_image->comps[compno].data == NULL) return OPJ_FALSE;
++
++                p_j2k->m_output_image->comps[compno].data = NULL;
+ #if 0
+                 char fn[256];
+                 sprintf( fn, "/tmp/%d.raw", compno );
+@@ -10037,7 +10041,6 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k,
+                 fwrite( p_image->comps[compno].data, sizeof(OPJ_INT32), p_image->comps[compno].w * p_image->comps[compno].h, debug );
+                 fclose( debug );
+ #endif
+-                p_j2k->m_output_image->comps[compno].data = NULL;
+         }
+ 
+         return OPJ_TRUE;
+@@ -10131,6 +10134,8 @@ OPJ_BOOL opj_j2k_get_tile(      opj_j2k_t *p_j2k,
+ 
+                 p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
+ 
++				if (p_image->comps[compno].data == NULL) return OPJ_FALSE;
++
+                 p_j2k->m_output_image->comps[compno].data = NULL;
+         }
+ 
diff --git a/gnu/packages/patches/p7zip-CVE-2016-9296.patch b/gnu/packages/patches/p7zip-CVE-2016-9296.patch
new file mode 100644
index 0000000000..3fa80377ad
--- /dev/null
+++ b/gnu/packages/patches/p7zip-CVE-2016-9296.patch
@@ -0,0 +1,24 @@
+From: Robert Luberda <robert@debian.org>
+Date: Sat, 19 Nov 2016 08:48:08 +0100
+Subject: Fix nullptr dereference (CVE-2016-9296)
+
+Patch taken from https://sourceforge.net/p/p7zip/bugs/185/
+This patch file taken from Debian's patch set for p7zip
+---
+ CPP/7zip/Archive/7z/7zIn.cpp | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/CPP/7zip/Archive/7z/7zIn.cpp b/CPP/7zip/Archive/7z/7zIn.cpp
+index b0c6b98..7c6dde2 100644
+--- a/CPP/7zip/Archive/7z/7zIn.cpp
++++ b/CPP/7zip/Archive/7z/7zIn.cpp
+@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedStreams(
+       if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
+         ThrowIncorrect();
+   }
+-  HeadersSize += folders.PackPositions[folders.NumPackStreams];
++  if (folders.PackPositions)
++      HeadersSize += folders.PackPositions[folders.NumPackStreams];
+   return S_OK;
+ }
+ 
diff --git a/gnu/packages/patches/qemu-CVE-2016-10155.patch b/gnu/packages/patches/qemu-CVE-2016-10155.patch
new file mode 100644
index 0000000000..825edaa815
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2016-10155.patch
@@ -0,0 +1,49 @@
+From eb7a20a3616085d46aa6b4b4224e15587ec67e6e Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Mon, 28 Nov 2016 17:49:04 -0800
+Subject: [PATCH] watchdog: 6300esb: add exit function
+
+When the Intel 6300ESB watchdog is hot unplug. The timer allocated
+in realize isn't freed thus leaking memory leak. This patch avoid
+this through adding the exit function.
+
+http://git.qemu.org/?p=qemu.git;a=patch;h=eb7a20a3616085d46aa6b4b4224e15587ec67e6e
+this patch is from qemu-git.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Message-Id: <583cde9c.3223ed0a.7f0c2.886e@mx.google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/watchdog/wdt_i6300esb.c |    9 +++++++++
+ 1 files changed, 9 insertions(+), 0 deletions(-)
+
+diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c
+index a83d951..49b3cd1 100644
+--- a/hw/watchdog/wdt_i6300esb.c
++++ b/hw/watchdog/wdt_i6300esb.c
+@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp)
+     /* qemu_register_coalesced_mmio (addr, 0x10); ? */
+ }
+ 
++static void i6300esb_exit(PCIDevice *dev)
++{
++    I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev);
++
++    timer_del(d->timer);
++    timer_free(d->timer);
++}
++
+ static WatchdogTimerModel model = {
+     .wdt_name = "i6300esb",
+     .wdt_description = "Intel 6300ESB",
+@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void *data)
+     k->config_read = i6300esb_config_read;
+     k->config_write = i6300esb_config_write;
+     k->realize = i6300esb_realize;
++    k->exit = i6300esb_exit;
+     k->vendor_id = PCI_VENDOR_ID_INTEL;
+     k->device_id = PCI_DEVICE_ID_INTEL_ESB_9;
+     k->class_id = PCI_CLASS_SYSTEM_OTHER;
+-- 
+1.7.0.4
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-2615.patch b/gnu/packages/patches/qemu-CVE-2017-2615.patch
new file mode 100644
index 0000000000..ede1f8c89d
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-2615.patch
@@ -0,0 +1,52 @@
+http://git.qemu.org/?p=qemu.git;a=patch;h=62d4c6bd5263bb8413a06c80144fc678df6dfb64
+this patch is from qemu-git.
+
+
+From 62d4c6bd5263bb8413a06c80144fc678df6dfb64 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 1 Feb 2017 09:35:01 +0100
+Subject: [PATCH] cirrus: fix oob access issue (CVE-2017-2615)
+
+When doing bitblt copy in backward mode, we should minus the
+blt width first just like the adding in the forward mode. This
+can avoid the oob access of the front of vga's vram.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+
+{ kraxel: with backward blits (negative pitch) addr is the topmost
+          address, so check it as-is against vram size ]
+
+Cc: qemu-stable@nongnu.org
+Cc: P J P <ppandit@redhat.com>
+Cc: Laszlo Ersek <lersek@redhat.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106)
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Message-id: 1485938101-26602-1-git-send-email-kraxel@redhat.com
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+---
+ hw/display/cirrus_vga.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
+index 7db6409dc5..16f27e8ac5 100644
+--- a/hw/display/cirrus_vga.c
++++ b/hw/display/cirrus_vga.c
+@@ -274,10 +274,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
+ {
+     if (pitch < 0) {
+         int64_t min = addr
+-            + ((int64_t)s->cirrus_blt_height-1) * pitch;
+-        int32_t max = addr
+-            + s->cirrus_blt_width;
+-        if (min < 0 || max > s->vga.vram_size) {
++            + ((int64_t)s->cirrus_blt_height - 1) * pitch
++            - s->cirrus_blt_width;
++        if (min < -1 || addr >= s->vga.vram_size) {
+             return true;
+         }
+     } else {
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5525.patch b/gnu/packages/patches/qemu-CVE-2017-5525.patch
new file mode 100644
index 0000000000..d0c0c82a4a
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5525.patch
@@ -0,0 +1,55 @@
+From 12351a91da97b414eec8cdb09f1d9f41e535a401 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 14 Dec 2016 18:30:21 -0800
+Subject: [PATCH] audio: ac97: add exit function
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+http://git.qemu.org/?p=qemu.git;a=patch;h=12351a91da97b414eec8cdb09f1d9f41e535a401
+this patch is from qemu-git
+
+Currently the ac97 device emulation doesn't have a exit function,
+hot unplug this device will leak some memory. Add a exit function to
+avoid this.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Message-id: 58520052.4825ed0a.27a71.6cae@mx.google.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/audio/ac97.c |   11 +++++++++++
+ 1 files changed, 11 insertions(+), 0 deletions(-)
+
+diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c
+index cbd959e..c306575 100644
+--- a/hw/audio/ac97.c
++++ b/hw/audio/ac97.c
+@@ -1387,6 +1387,16 @@ static void ac97_realize(PCIDevice *dev, Error **errp)
+     ac97_on_reset (&s->dev.qdev);
+ }
+ 
++static void ac97_exit(PCIDevice *dev)
++{
++    AC97LinkState *s = DO_UPCAST(AC97LinkState, dev, dev);
++
++    AUD_close_in(&s->card, s->voice_pi);
++    AUD_close_out(&s->card, s->voice_po);
++    AUD_close_in(&s->card, s->voice_mc);
++    AUD_remove_card(&s->card);
++}
++
+ static int ac97_init (PCIBus *bus)
+ {
+     pci_create_simple (bus, -1, "AC97");
+@@ -1404,6 +1414,7 @@ static void ac97_class_init (ObjectClass *klass, void *data)
+     PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
+ 
+     k->realize = ac97_realize;
++    k->exit = ac97_exit;
+     k->vendor_id = PCI_VENDOR_ID_INTEL;
+     k->device_id = PCI_DEVICE_ID_INTEL_82801AA_5;
+     k->revision = 0x01;
+-- 
+1.7.0.4
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5526.patch b/gnu/packages/patches/qemu-CVE-2017-5526.patch
new file mode 100644
index 0000000000..5a6d796458
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5526.patch
@@ -0,0 +1,58 @@
+From 069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 14 Dec 2016 18:32:22 -0800
+Subject: [PATCH] audio: es1370: add exit function
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+http://git.qemu.org/?p=qemu.git;a=patch;h=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da
+this patch is from qemu-git.
+
+Currently the es1370 device emulation doesn't have a exit function,
+hot unplug this device will leak some memory. Add a exit function to
+avoid this.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Message-id: 585200c9.a968ca0a.1ab80.4c98@mx.google.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/audio/es1370.c |   14 ++++++++++++++
+ 1 files changed, 14 insertions(+), 0 deletions(-)
+
+diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c
+index 8449b5f..883ec69 100644
+--- a/hw/audio/es1370.c
++++ b/hw/audio/es1370.c
+@@ -1041,6 +1041,19 @@ static void es1370_realize(PCIDevice *dev, Error **errp)
+     es1370_reset (s);
+ }
+ 
++static void es1370_exit(PCIDevice *dev)
++{
++    ES1370State *s = ES1370(dev);
++    int i;
++
++    for (i = 0; i < 2; ++i) {
++        AUD_close_out(&s->card, s->dac_voice[i]);
++    }
++
++    AUD_close_in(&s->card, s->adc_voice);
++    AUD_remove_card(&s->card);
++}
++
+ static int es1370_init (PCIBus *bus)
+ {
+     pci_create_simple (bus, -1, TYPE_ES1370);
+@@ -1053,6 +1066,7 @@ static void es1370_class_init (ObjectClass *klass, void *data)
+     PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
+ 
+     k->realize = es1370_realize;
++    k->exit = es1370_exit;
+     k->vendor_id = PCI_VENDOR_ID_ENSONIQ;
+     k->device_id = PCI_DEVICE_ID_ENSONIQ_ES1370;
+     k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO;
+-- 
+1.7.0.4
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5552.patch b/gnu/packages/patches/qemu-CVE-2017-5552.patch
new file mode 100644
index 0000000000..50911f4f36
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5552.patch
@@ -0,0 +1,44 @@
+From 33243031dad02d161225ba99d782616da133f689 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liq3ea@gmail.com>
+Date: Thu, 29 Dec 2016 03:11:26 -0500
+Subject: [PATCH] virtio-gpu-3d: fix memory leak in resource attach backing
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+If the virgl_renderer_resource_attach_iov function fails the
+'res_iovs' will be leaked. Add check of the return value to
+free the 'res_iovs' when failing.
+
+http://git.qemu.org/?p=qemu.git;a=patch;h=33243031dad02d161225ba99d782616da133f689
+this patch is from qemu-git.
+
+Signed-off-by: Li Qiang <liq3ea@gmail.com>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Message-id: 1482999086-59795-1-git-send-email-liq3ea@gmail.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/display/virtio-gpu-3d.c |    7 +++++--
+ 1 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
+index e29f099..b13ced3 100644
+--- a/hw/display/virtio-gpu-3d.c
++++ b/hw/display/virtio-gpu-3d.c
+@@ -291,8 +291,11 @@ static void virgl_resource_attach_backing(VirtIOGPU *g,
+         return;
+     }
+ 
+-    virgl_renderer_resource_attach_iov(att_rb.resource_id,
+-                                       res_iovs, att_rb.nr_entries);
++    ret = virgl_renderer_resource_attach_iov(att_rb.resource_id,
++                                             res_iovs, att_rb.nr_entries);
++
++    if (ret != 0)
++        virtio_gpu_cleanup_mapping_iov(res_iovs, att_rb.nr_entries);
+ }
+ 
+ static void virgl_resource_detach_backing(VirtIOGPU *g,
+-- 
+1.7.0.4
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5578.patch b/gnu/packages/patches/qemu-CVE-2017-5578.patch
new file mode 100644
index 0000000000..05655bcd98
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5578.patch
@@ -0,0 +1,39 @@
+http://git.qemu.org/?p=qemu.git;a=patch;h=204f01b30975923c64006f8067f0937b91eea68b
+this patch is from qemu-git.
+
+
+From 204f01b30975923c64006f8067f0937b91eea68b Mon Sep 17 00:00:00 2001
+From: Li Qiang <liq3ea@gmail.com>
+Date: Thu, 29 Dec 2016 04:28:41 -0500
+Subject: [PATCH] virtio-gpu: fix memory leak in resource attach backing
+
+In the resource attach backing function, everytime it will
+allocate 'res->iov' thus can leading a memory leak. This
+patch avoid this.
+
+Signed-off-by: Li Qiang <liq3ea@gmail.com>
+Message-id: 1483003721-65360-1-git-send-email-liq3ea@gmail.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/display/virtio-gpu.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
+index 6a26258cac..ca88cf478d 100644
+--- a/hw/display/virtio-gpu.c
++++ b/hw/display/virtio-gpu.c
+@@ -714,6 +714,11 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g,
+         return;
+     }
+ 
++    if (res->iov) {
++        cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
++        return;
++    }
++
+     ret = virtio_gpu_create_mapping_iov(&ab, cmd, &res->addrs, &res->iov);
+     if (ret != 0) {
+         cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5579.patch b/gnu/packages/patches/qemu-CVE-2017-5579.patch
new file mode 100644
index 0000000000..7630012d54
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5579.patch
@@ -0,0 +1,44 @@
+http://git.qemu.org/?p=qemu.git;a=patch;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b
+this patch is from qemu-git.
+
+
+From 8409dc884a201bf74b30a9d232b6bbdd00cb7e2b Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 4 Jan 2017 00:43:16 -0800
+Subject: [PATCH] serial: fix memory leak in serial exit
+
+The serial_exit_core function doesn't free some resources.
+This can lead memory leak when hotplug and unplug. This
+patch avoid this.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Message-Id: <586cb5ab.f31d9d0a.38ac3.acf2@mx.google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/char/serial.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/hw/char/serial.c b/hw/char/serial.c
+index ffbacd8227..67b18eda12 100644
+--- a/hw/char/serial.c
++++ b/hw/char/serial.c
+@@ -906,6 +906,16 @@ void serial_realize_core(SerialState *s, Error **errp)
+ void serial_exit_core(SerialState *s)
+ {
+     qemu_chr_fe_deinit(&s->chr);
++
++    timer_del(s->modem_status_poll);
++    timer_free(s->modem_status_poll);
++
++    timer_del(s->fifo_timeout_timer);
++    timer_free(s->fifo_timeout_timer);
++
++    fifo8_destroy(&s->recv_fifo);
++    fifo8_destroy(&s->xmit_fifo);
++
+     qemu_unregister_reset(serial_reset, s);
+ }
+ 
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5667.patch b/gnu/packages/patches/qemu-CVE-2017-5667.patch
new file mode 100644
index 0000000000..5adea0d278
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5667.patch
@@ -0,0 +1,46 @@
+Fix CVE-2017-5667 (sdhci OOB access during multi block SDMA transfer):
+
+http://seclists.org/oss-sec/2017/q1/243
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5667
+
+Patch copied from upstream source repository:
+
+http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=42922105beb14c2fc58185ea022b9f72fb5465e9
+
+From 42922105beb14c2fc58185ea022b9f72fb5465e9 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Tue, 7 Feb 2017 18:29:59 +0000
+Subject: [PATCH] sd: sdhci: check data length during dma_memory_read
+
+While doing multi block SDMA transfer in routine
+'sdhci_sdma_transfer_multi_blocks', the 's->fifo_buffer' starting
+index 'begin' and data length 's->data_count' could end up to be same.
+This could lead to an OOB access issue. Correct transfer data length
+to avoid it.
+
+Cc: qemu-stable@nongnu.org
+Reported-by: Jiang Xin <jiangxin1@huawei.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20170130064736.9236-1-ppandit@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ hw/sd/sdhci.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
+index 01fbf228be..5bd5ab6319 100644
+--- a/hw/sd/sdhci.c
++++ b/hw/sd/sdhci.c
+@@ -536,7 +536,7 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
+                 boundary_count -= block_size - begin;
+             }
+             dma_memory_read(&address_space_memory, s->sdmasysad,
+-                            &s->fifo_buffer[begin], s->data_count);
++                            &s->fifo_buffer[begin], s->data_count - begin);
+             s->sdmasysad += s->data_count - begin;
+             if (s->data_count == block_size) {
+                 for (n = 0; n < block_size; n++) {
+-- 
+2.11.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5856.patch b/gnu/packages/patches/qemu-CVE-2017-5856.patch
new file mode 100644
index 0000000000..bee0824c0a
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5856.patch
@@ -0,0 +1,68 @@
+http://git.qemu.org/?p=qemu.git;a=patch;h=765a707000e838c30b18d712fe6cb3dd8e0435f3
+this patch is from qemu-git.
+
+
+From 765a707000e838c30b18d712fe6cb3dd8e0435f3 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Mon, 2 Jan 2017 11:03:33 +0100
+Subject: [PATCH] megasas: fix guest-triggered memory leak
+
+If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd
+will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory.
+Avoid this by returning only the status from map_dcmd, and loading
+cmd->iov_size in the caller.
+
+Reported-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/scsi/megasas.c |   11 ++++++-----
+ 1 files changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
+index 67fc1e7..6233865 100644
+--- a/hw/scsi/megasas.c
++++ b/hw/scsi/megasas.c
+@@ -683,14 +683,14 @@ static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd)
+         trace_megasas_dcmd_invalid_sge(cmd->index,
+                                        cmd->frame->header.sge_count);
+         cmd->iov_size = 0;
+-        return -1;
++        return -EINVAL;
+     }
+     iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl);
+     iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl);
+     pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), 1);
+     qemu_sglist_add(&cmd->qsg, iov_pa, iov_size);
+     cmd->iov_size = iov_size;
+-    return cmd->iov_size;
++    return 0;
+ }
+ 
+ static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size)
+@@ -1559,19 +1559,20 @@ static const struct dcmd_cmd_tbl_t {
+ 
+ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
+ {
+-    int opcode, len;
++    int opcode;
+     int retval = 0;
++    size_t len;
+     const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
+ 
+     opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+     trace_megasas_handle_dcmd(cmd->index, opcode);
+-    len = megasas_map_dcmd(s, cmd);
+-    if (len < 0) {
++    if (megasas_map_dcmd(s, cmd) < 0) {
+         return MFI_STAT_MEMORY_NOT_AVAILABLE;
+     }
+     while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
+         cmdptr++;
+     }
++    len = cmd->iov_size;
+     if (cmdptr->opcode == -1) {
+         trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
+         retval = megasas_dcmd_dummy(s, cmd);
+-- 
+1.7.0.4
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5898.patch b/gnu/packages/patches/qemu-CVE-2017-5898.patch
new file mode 100644
index 0000000000..5a94bb1ae4
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5898.patch
@@ -0,0 +1,44 @@
+Fix CVE-2017-5898 (integer overflow in emulated_apdu_from_guest):
+
+http://seclists.org/oss-sec/2017/q1/328
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5898
+
+Patch copied from upstream source repository:
+
+http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a
+
+From c7dfbf322595ded4e70b626bf83158a9f3807c6a Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Fri, 3 Feb 2017 00:52:28 +0530
+Subject: [PATCH] usb: ccid: check ccid apdu length
+
+CCID device emulator uses Application Protocol Data Units(APDU)
+to exchange command and responses to and from the host.
+The length in these units couldn't be greater than 65536. Add
+check to ensure the same. It'd also avoid potential integer
+overflow in emulated_apdu_from_guest.
+
+Reported-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 20170202192228.10847-1-ppandit@redhat.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/dev-smartcard-reader.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
+index 89e11b68c4..1325ea1659 100644
+--- a/hw/usb/dev-smartcard-reader.c
++++ b/hw/usb/dev-smartcard-reader.c
+@@ -967,7 +967,7 @@ static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv)
+     DPRINTF(s, 1, "%s: seq %d, len %d\n", __func__,
+                 recv->hdr.bSeq, len);
+     ccid_add_pending_answer(s, (CCID_Header *)recv);
+-    if (s->card) {
++    if (s->card && len <= BULK_OUT_DATA_SIZE) {
+         ccid_card_apdu_from_guest(s->card, recv->abData, len);
+     } else {
+         DPRINTF(s, D_WARN, "warning: discarded apdu\n");
+-- 
+2.11.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5931.patch b/gnu/packages/patches/qemu-CVE-2017-5931.patch
new file mode 100644
index 0000000000..08910e5fac
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5931.patch
@@ -0,0 +1,55 @@
+Fix CVE-2017-5931 (integer overflow in handling virtio-crypto requests):
+
+http://seclists.org/oss-sec/2017/q1/337
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5931
+
+Patch copied from upstream source repository:
+
+http://git.qemu-project.org/?p=qemu.git;a=commit;h=a08aaff811fb194950f79711d2afe5a892ae03a4
+
+From a08aaff811fb194950f79711d2afe5a892ae03a4 Mon Sep 17 00:00:00 2001
+From: Gonglei <arei.gonglei@huawei.com>
+Date: Tue, 3 Jan 2017 14:50:03 +0800
+Subject: [PATCH] virtio-crypto: fix possible integer and heap overflow
+
+Because the 'size_t' type is 4 bytes in 32-bit platform, which
+is the same with 'int'. It's easy to make 'max_len' to zero when
+integer overflow and then cause heap overflow if 'max_len' is zero.
+
+Using uint_64 instead of size_t to avoid the integer overflow.
+
+Cc: qemu-stable@nongnu.org
+Reported-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Gonglei <arei.gonglei@huawei.com>
+Tested-by: Li Qiang <liqiang6-s@360.cn>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ hw/virtio/virtio-crypto.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
+index 2f2467e859..c23e1ad458 100644
+--- a/hw/virtio/virtio-crypto.c
++++ b/hw/virtio/virtio-crypto.c
+@@ -416,7 +416,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
+     uint32_t hash_start_src_offset = 0, len_to_hash = 0;
+     uint32_t cipher_start_src_offset = 0, len_to_cipher = 0;
+ 
+-    size_t max_len, curr_size = 0;
++    uint64_t max_len, curr_size = 0;
+     size_t s;
+ 
+     /* Plain cipher */
+@@ -441,7 +441,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
+         return NULL;
+     }
+ 
+-    max_len = iv_len + aad_len + src_len + dst_len + hash_result_len;
++    max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len;
+     if (unlikely(max_len > vcrypto->conf.max_size)) {
+         virtio_error(vdev, "virtio-crypto too big length");
+         return NULL;
+-- 
+2.11.1
+
diff --git a/gnu/packages/patches/screen-CVE-2017-5618.patch b/gnu/packages/patches/screen-CVE-2017-5618.patch
new file mode 100644
index 0000000000..1b95e428c8
--- /dev/null
+++ b/gnu/packages/patches/screen-CVE-2017-5618.patch
@@ -0,0 +1,40 @@
+Fixes CVE-2017-5618 (privilege escalation via opening the logfile when
+screen is installed setuid root):
+
+https://savannah.gnu.org/bugs/?50142
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5618
+
+This patch reverts the upstream commit that introduced the bug:
+
+https://git.savannah.gnu.org/cgit/screen.git/commit/?id=5460f5d28c01a9a58e021eb1dffef2965e629d58
+
+From f55b0cc29a0ac2a1c54e8a5e886b7393edd4a76c Mon Sep 17 00:00:00 2001
+From: Leo Famulari <leo@famulari.name>
+Date: Sat, 11 Feb 2017 22:40:24 -0500
+Subject: [PATCH] Revert "adding permissions check for the logfile name"
+
+This reverts commit 5460f5d28c01a9a58e021eb1dffef2965e629d58.
+---
+ src/screen.c | 6 ------
+ 1 file changed, 6 deletions(-)
+
+diff --git a/src/screen.c b/src/screen.c
+index 64650e9..283c305 100644
+--- a/src/screen.c
++++ b/src/screen.c
+@@ -673,12 +673,6 @@ int main(int ac, char** av)
+                 Panic(0, "-L: logfile name can not start with \"-\" symbol");
+               if (strlen(screenlogfile) > PATH_MAX)
+                 Panic(0, "-L: logfile name too long. (max. %d char)", PATH_MAX);
+-
+-              FILE *w_check;
+-              if ((w_check = fopen(screenlogfile, "w")) == NULL)
+-                Panic(0, "-L: logfile name access problem");
+-              else
+-                fclose(w_check);
+             }
+             nwin_options.Lflag = 1;
+             break;
+-- 
+2.11.1
+
diff --git a/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch b/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch
new file mode 100644
index 0000000000..3f357c4924
--- /dev/null
+++ b/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch
@@ -0,0 +1,31 @@
+Patch copied from upstream source repository:
+
+https://github.com/shadow-maint/shadow/commit/67d2bb6e0a5ac124ce1f026dd5723217b1493194
+
+From 67d2bb6e0a5ac124ce1f026dd5723217b1493194 Mon Sep 17 00:00:00 2001
+From: Serge Hallyn <serge@hallyn.com>
+Date: Sun, 18 Sep 2016 21:31:18 -0500
+Subject: [PATCH] su.c: fix missing length argument to snprintf
+
+---
+ src/su.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/su.c b/src/su.c
+index 0c50a9456afd..93ffd2fbe2b4 100644
+--- a/src/su.c
++++ b/src/su.c
+@@ -373,8 +373,8 @@ static void prepare_pam_close_session (void)
+ 		              stderr);
+ 		(void) kill (-pid_child, caught);
+ 
+-		snprintf (kill_msg, _(" ...killed.\n"));
+-		snprintf (wait_msg, _(" ...waiting for child to terminate.\n"));
++		snprintf (kill_msg, 256, _(" ...killed.\n"));
++		snprintf (wait_msg, 256, _(" ...waiting for child to terminate.\n"));
+ 
+ 		(void) signal (SIGALRM, kill_child);
+ 		(void) alarm (2);
+-- 
+2.11.0.rc2
+
diff --git a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch b/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch
index b63d5bb018..4092261f75 100644
--- a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch
+++ b/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch
@@ -1,19 +1,19 @@
-From 53eda9102b969a4be2882cea4befee03591a7436 Mon Sep 17 00:00:00 2001
-From: Pjotr Prins <pjotr.public01@thebird.nl>
-Date: Fri, 12 Feb 2016 12:43:33 +0100
-Subject: [PATCH] Remove contribs
+From 49d83e24a8e66977056fc9920812265c16806500 Mon Sep 17 00:00:00 2001
+From: carolili <carolili@iki.fi>
+Date: Thu, 9 Feb 2017 19:24:49 +0000
+Subject: [PATCH] Removing contribs
 
 ---
- configure.ac | 20 --------------------
- 1 file changed, 20 deletions(-)
+ configure.ac | 22 ----------------------
+ 1 file changed, 22 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index fedf354..e010732 100644
+index 1cf1051..5d76b44 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -438,26 +438,6 @@ dnl All slurm Makefiles:
+@@ -435,28 +435,6 @@ dnl All slurm Makefiles:
+ 
  AC_CONFIG_FILES([Makefile
- 		 config.xml
  		 auxdir/Makefile
 -		 contribs/Makefile
 -		 contribs/cray/Makefile
@@ -27,7 +27,9 @@ index fedf354..e010732 100644
 -		 contribs/perlapi/libslurm/perl/Makefile.PL
 -		 contribs/perlapi/libslurmdb/Makefile
 -		 contribs/perlapi/libslurmdb/perl/Makefile.PL
+-		 contribs/seff/Makefile
 -		 contribs/torque/Makefile
+-		 contribs/openlava/Makefile
 -		 contribs/phpext/Makefile
 -		 contribs/phpext/slurm_php/config.m4
 -		 contribs/sgather/Makefile
@@ -39,5 +41,5 @@ index fedf354..e010732 100644
  		 doc/man/Makefile
  		 doc/man/man1/Makefile
 -- 
-2.1.4
+2.11.0
 
diff --git a/gnu/packages/patches/spice-CVE-2016-9577.patch b/gnu/packages/patches/spice-CVE-2016-9577.patch
new file mode 100644
index 0000000000..a2cb558cd3
--- /dev/null
+++ b/gnu/packages/patches/spice-CVE-2016-9577.patch
@@ -0,0 +1,33 @@
+Prevent buffer overflow when reading large messages.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1401603
+https://access.redhat.com/security/cve/CVE-2016-9577
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9577
+https://security-tracker.debian.org/tracker/CVE-2016-9577
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3
+
+From 5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3 Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Tue, 29 Nov 2016 16:46:56 +0000
+Subject: main-channel: Prevent overflow reading messages from client
+
+diff --git a/server/main_channel.c b/server/main_channel.c
+index 0ecc9df..1fc3915 100644
+--- a/server/main_channel.c
++++ b/server/main_channel.c
+@@ -1026,6 +1026,9 @@ static uint8_t *main_channel_alloc_msg_rcv_buf(RedChannelClient *rcc,
+ 
+     if (type == SPICE_MSGC_MAIN_AGENT_DATA) {
+         return reds_get_agent_data_buffer(mcc, size);
++    } else if (size > sizeof(main_chan->recv_buf)) {
++        /* message too large, caller will log a message and close the connection */
++        return NULL;
+     } else {
+         return main_chan->recv_buf;
+     }
+-- 
+cgit v0.10.2
+
diff --git a/gnu/packages/patches/spice-CVE-2016-9578-1.patch b/gnu/packages/patches/spice-CVE-2016-9578-1.patch
new file mode 100644
index 0000000000..f86cdb4eb1
--- /dev/null
+++ b/gnu/packages/patches/spice-CVE-2016-9578-1.patch
@@ -0,0 +1,33 @@
+Prevent possible DoS during protocol handshake.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1399566
+https://access.redhat.com/security/cve/CVE-2016-9578
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9578
+https://security-tracker.debian.org/tracker/CVE-2016-9578
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a
+
+From 1c6517973095a67c8cb57f3550fc1298404ab556 Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Tue, 13 Dec 2016 14:39:48 +0000
+Subject: Prevent possible DoS attempts during protocol handshake
+
+diff --git a/server/reds.c b/server/reds.c
+index f40b65c..86a33d5 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -2202,7 +2202,8 @@ static void reds_handle_read_header_done(void *opaque)
+ 
+     reds->peer_minor_version = header->minor_version;
+ 
+-    if (header->size < sizeof(SpiceLinkMess)) {
++    /* the check for 4096 is to avoid clients to cause arbitrary big memory allocations */
++    if (header->size < sizeof(SpiceLinkMess) || header->size > 4096) {
+         reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA);
+         spice_warning("bad size %u", header->size);
+         reds_link_free(link);
+-- 
+cgit v0.10.2
+
diff --git a/gnu/packages/patches/spice-CVE-2016-9578-2.patch b/gnu/packages/patches/spice-CVE-2016-9578-2.patch
new file mode 100644
index 0000000000..76f7ec7ffb
--- /dev/null
+++ b/gnu/packages/patches/spice-CVE-2016-9578-2.patch
@@ -0,0 +1,38 @@
+Fixes a potential buffer overflow in the protocol handling.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1399566
+https://access.redhat.com/security/cve/CVE-2016-9578
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9578
+https://security-tracker.debian.org/tracker/CVE-2016-9578
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a
+
+From f66dc643635518e53dfbe5262f814a64eec54e4a Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Tue, 13 Dec 2016 14:40:10 +0000
+Subject: Prevent integer overflows in capability checks
+
+diff --git a/server/reds.c b/server/reds.c
+index 86a33d5..9150454 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -2110,6 +2110,14 @@ static void reds_handle_read_link_done(void *opaque)
+     link_mess->num_channel_caps = GUINT32_FROM_LE(link_mess->num_channel_caps);
+     link_mess->num_common_caps = GUINT32_FROM_LE(link_mess->num_common_caps);
+ 
++    /* Prevent DoS. Currently we defined only 13 capabilities,
++     * I expect 1024 to be valid for quite a lot time */
++    if (link_mess->num_channel_caps > 1024 || link_mess->num_common_caps > 1024) {
++        reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA);
++        reds_link_free(link);
++        return;
++    }
++
+     num_caps = link_mess->num_common_caps + link_mess->num_channel_caps;
+     caps = (uint32_t *)((uint8_t *)link_mess + link_mess->caps_offset);
+ 
+-- 
+cgit v0.10.2
+
diff --git a/gnu/packages/patches/tipp10-fix-compiling.patch b/gnu/packages/patches/tipp10-fix-compiling.patch
new file mode 100644
index 0000000000..4c206d4d83
--- /dev/null
+++ b/gnu/packages/patches/tipp10-fix-compiling.patch
@@ -0,0 +1,213 @@
+Description: Debian patches to make tipp10 compile
+Author: Christoph Martin <chrism@debian.org>
+Last-Update: 2016-07-20
+
+https://sources.debian.net/data/main/t/tipp10/2.1.0-2/debian/patches/0001-FixCompiling
+
+--- a/widget/tickerboard.cpp
++++ b/widget/tickerboard.cpp
+@@ -97,7 +97,8 @@ void TickerBoard::startTicker(bool wasPa
+ 

+ 		if (tickerSpeed == 50) {

+ 			scrollOffset = 290;

+-			scroll(-290, 0, QRect::QRect(10, 15, 590, 35)); //contentsRect());

++			const QRect qr = QRect(10, 15, 590, 35);

++			scroll(-290, 0, qr); //contentsRect());

+ 		}

+ 

+ 		startFlag = true;

+@@ -153,7 +154,8 @@ void TickerBoard::changeChar() {
+ 			scrollOffset = 0;

+ 		} else {

+ 			scrollOffset = 290;

+-			scroll(-290, 0, QRect::QRect(10, 15, 590, 35)); //contentsRect());

++			const QRect qr = QRect(10, 15, 590, 35);

++			scroll(-290, 0, qr); //contentsRect());

+ 		}

+ 		splitLesson();

+ 	}

+@@ -242,7 +244,8 @@ void TickerBoard::progress() {
+ 

+ 				// Move ticker 1 pixel to left

+ 				scrollOffset++;

+-				scroll(-1, 0, QRect::QRect(10, 15, 590, 35)); //contentsRect());

++				const QRect qr = QRect(10, 15, 590, 35);

++				scroll(-1, 0, qr); //contentsRect());

+ 

+ 				if ((lessonOffset - scrollOffset) <= 30) {

+ 					setSpeed(tickerSpeed);

+@@ -265,14 +268,16 @@ void TickerBoard::progress() {
+ 			// 160 pixels overage (because the user must see at least the next word)

+ 			if ((lessonOffset - scrollOffset) > 200) {

+ 				scrollOffset += (lessonOffset - scrollOffset) - 200;

+-				scroll(-((lessonOffset - scrollOffset) - 200), 0, QRect::QRect(10, 15, 590, 35)); //contentsRect());

++				const QRect qr = QRect(10, 15, 590, 35);

++				scroll(-((lessonOffset - scrollOffset) - 200), 0, qr); //contentsRect());

+ 			}

+ 		} else {

+ 			// If the user types faster than the ticker, move ticker faster after

+ 			// 160 pixels overage (because the user must see at least the next word)

+ 			if ((lessonOffset - scrollOffset) > 280) {

+ 				scrollOffset += 570;

+-				scroll(-570, 0, QRect::QRect(10, 15, 590, 35)); //contentsRect());

++				const QRect qr = QRect(10, 15, 590, 35);

++				scroll(-570, 0, qr); //contentsRect());

+ 			}

+ 

+ 		}

+--- a/widget/settingspages.cpp
++++ b/widget/settingspages.cpp
+@@ -501,7 +501,7 @@ void DatabasePage::writeSettings() {
+ 	QSettings settings;

+ 	#endif

+ 	settings.beginGroup("database");

+-	settings.setValue("pathpro", lineDatabasePath->text() + "/" + QString::QString(APP_USER_DB));

++	settings.setValue("pathpro", lineDatabasePath->text() + "/" + QString(APP_USER_DB));

+ 	settings.endGroup();

+ }

+ 

+--- a/widget/lessondialog.cpp
++++ b/widget/lessondialog.cpp
+@@ -89,7 +89,7 @@ void LessonDialog::updateContent() {
+ 			*lessonData = lineLessonContent->toPlainText().split("\n", QString::SkipEmptyParts);

+ 			// Delete empty lines

+ 			for (int i = 0; i < lessonData->size(); i++) {

+-				if (QString::QString(lessonData->at(i).toLocal8Bit().constData()).simplified() == "") {

++				if (QString(lessonData->at(i).toLocal8Bit().constData()).simplified() == "") {

+ 					lessonData->removeAt(i);

+ 				}

+ 			}

+@@ -259,7 +259,7 @@ void LessonDialog::clickSave() {
+ 	contentList = lineLessonContent->toPlainText().split("\n", QString::SkipEmptyParts);

+ 	// Delete empty lines

+ 	for (i = 0; i < contentList.size(); i++) {

+-		if (QString::QString(contentList.at(i).toLocal8Bit().constData()).simplified() == "") {

++		if (QString(contentList.at(i).toLocal8Bit().constData()).simplified() == "") {

+ 			contentList.removeAt(i);

+ 		}

+ 	}

+--- a/sql/chartablesql.cpp
++++ b/sql/chartablesql.cpp
+@@ -57,7 +57,7 @@ QVariant CharSqlModel::data(const QModel
+ 			// Read the unicode value

+ 			unicode = value.toInt();

+ 			// Convert unicode to a char

+-			unicodeToChar = QString::QString(QChar(unicode)); //"\'" + QString::QString(QChar(unicode)) + "\'";

++			unicodeToChar = QString(QChar(unicode)); //"\'" + QString::QString(QChar(unicode)) + "\'";

+ 			return unicodeToChar;

+ 		} else {

+ 			// Last column (error weight)

+--- a/sql/startsql.cpp
++++ b/sql/startsql.cpp
+@@ -344,7 +344,7 @@ bool StartSql::updateOwnLesson(QString l
+ 		for (i = 0; i < content.size(); i++) {

+ 			//simplifiedContent = QString::QString(

+ 			//	content.at(i)).replace(QChar(0x27), "''", Qt::CaseSensitive).simplified();

+-			simplifiedContent = trim(QString::QString(

++			simplifiedContent = trim(QString(

+ 				content.at(i)).replace(QChar(0x27), "''", Qt::CaseSensitive));

+ 

+ 			if (!query.exec("INSERT INTO own_content VALUES(NULL,'" +

+--- a/def/defines.h
++++ b/def/defines.h
+@@ -27,9 +27,9 @@ Foundation, Inc., 51 Franklin Street, Fi
+ #define DEFINES_H

+ 

+ // OS constants

+-#define APP_WIN						true

++#define APP_WIN						false

+ #define APP_MAC						false

+-#define APP_X11						false

++#define APP_X11						true

+ #define APP_PORTABLE				false //at least one of the 3 OS must be true too!

+ 

+ // Languages

+@@ -47,6 +47,7 @@ Foundation, Inc., 51 Franklin Street, Fi
+ #define APP_URL 					"http://www.tipp10.com"

+ #define APP_DB 						"tipp10v2.template"

+ #define APP_USER_DB					"tipp10v2.db"

++#define APP_SHARE_DIR					"/usr/share/tipp10"

+ 

+ // Update constants

+ #define UPDATE_URL 					"www.tipp10.com"

+--- a/tipp10.pro
++++ b/tipp10.pro
+@@ -88,3 +88,15 @@ SOURCES         += 	main.cpp \
+                     sql/startsql.cpp \

+                     games/abcrainwidget.cpp \

+                     games/charball.cpp

++

++target.path = /usr/bin/

++INSTALLS += target

++share.path = /usr/share/tipp10/

++share.files = release/* *wav

++INSTALLS += share

++desktop.path = /usr/share/applications/

++desktop.files = tipp10.desktop

++INSTALLS += desktop

++pixmap.path = /usr/share/pixmaps/

++pixmap.files = tipp10.png

++INSTALLS += pixmap

+--- a/sql/connection.h
++++ b/sql/connection.h
+@@ -179,11 +179,13 @@ static bool createConnection() {
+ 				CANCEL_NO, "Betroffener Pfad:\n" + dbPath);*/

+ 			// Try to create new databae in user path

+ 			// Exist a database in the program dir?

+-			if (QFile::exists(QCoreApplication::applicationDirPath() + "/" + dbNameTemplate)) {

++			// if (QFile::exists(QCoreApplication::applicationDirPath() + "/" + dbNameTemplate)) {

++		  	if (QFile::exists(QString(APP_SHARE_DIR) + "/" + dbNameTemplate)) {

+ 			//if (QFile::exists(":/" + dbNameTemplate)) {

+ 				// A database exist in the program dir

+ 				// -> copy database to user home dir

+-				QFile file(QCoreApplication::applicationDirPath() + "/" + dbNameTemplate);

++				// QFile file(QCoreApplication::applicationDirPath() + "/" + dbNameTemplate);

++			  	QFile file(QString(APP_SHARE_DIR) + "/" + dbNameTemplate);

+ 				//QFile file(":/" + dbNameTemplate);

+ 				if (file.copy(dbPath)) {

+ 					QFile::setPermissions(dbPath, QFile::permissions(dbPath) | QFile::WriteUser);

+@@ -229,7 +231,8 @@ static bool createConnection() {
+ 		// Exist a database in user's home dir?

+ 		if (!QFile::exists(dbPath)) {

+ 			// Exist a database template in the program dir?

+-			dbPath = QCoreApplication::applicationDirPath() + "/" + dbNameTemplate;

++			// dbPath = QCoreApplication::applicationDirPath() + "/" + dbNameTemplate;

++		  	dbPath = QString(APP_SHARE_DIR) + "/" + dbNameTemplate;

+ 			//dbPath = ":/" + dbNameTemplate;

+ 			if (QFile::exists(dbPath)) {

+ 				// A database template exist in the program dir

+--- a/widget/helpbrowser.cpp
++++ b/widget/helpbrowser.cpp
+@@ -52,13 +52,15 @@ HelpBrowser::HelpBrowser(QString link, Q
+     textBrowser->setOpenExternalLinks(true);

+ 	

+     textBrowser->setSource(QString("file:///") + 

+-    	QCoreApplication::applicationDirPath() + 

++	// QCoreApplication::applicationDirPath() + 

++    	APP_SHARE_DIR + 

+     	QString("/help/") + language + QString("/index.html"));

+     	

+     if (link != "") {

+     

+ 		textBrowser->setSource(QString("file:///") + 

+-			QCoreApplication::applicationDirPath() + 

++			// QCoreApplication::applicationDirPath() + 

++			APP_SHARE_DIR + 

+ 			QString("/help/") + language + QString("/content/") + link);

+ 			

+ 	}

+--- a/tipp10.desktop
++++ b/tipp10.desktop
+@@ -1,10 +1,10 @@
+ [Desktop Entry]
+-Encoding=UTF-8
+ Name=TIPP10
+ Comment=Touch Typing Tutor
+ Comment[de]=10-Finger-Schreibtrainer
+-Exec=tipp10
++Exec=/usr/bin/tipp10
+ Icon=tipp10.png
+ Terminal=false
+ Type=Application
+ Categories=Education;
++Keywords=learning;touchtyping
diff --git a/gnu/packages/patches/tipp10-remove-license-code.patch b/gnu/packages/patches/tipp10-remove-license-code.patch
new file mode 100644
index 0000000000..4b7487e726
--- /dev/null
+++ b/gnu/packages/patches/tipp10-remove-license-code.patch
@@ -0,0 +1,332 @@
+Description: Remove license dialog and license key checking
+
+https://sources.debian.net/data/main/t/tipp10/2.1.0-2/debian/patches/0002-RemoveLicenseCode
+
+--- a/main.cpp
++++ b/main.cpp
+@@ -33,7 +33,6 @@ Foundation, Inc., 51 Franklin Street, Fi
+ #include "def/defines.h"

+ #include "sql/connection.h"

+ #include "widget/mainwindow.h"

+-#include "widget/licensedialog.h"

+ #include "widget/illustrationdialog.h"

+ 

+ int main(int argc, char *argv[]) {

+@@ -59,7 +58,7 @@ int main(int argc, char *argv[]) {
+ 	QSettings settings;

+ 	#endif

+ 

+-	// Read/write language, license key and show illustration flag

++	// Read/write language and show illustration flag

+ 	settings.beginGroup("general");

+ 	QString languageGui = settings.value("language_gui",

+ 		QLocale::system().name()).toString();

+@@ -101,7 +100,6 @@ int main(int argc, char *argv[]) {
+ 	QString languageLesson = settings.value("language_lesson",

+ 		"").toString();

+ 

+-	QString licenseKey = settings.value("licensekey", "").toString();

+ 	bool showIllustration = settings.value("check_illustration", true).toBool();

+ 	bool useNativeStyle = settings.value("check_native_style", false).toBool();

+ 	settings.endGroup();

+--- a/tipp10.pro
++++ b/tipp10.pro
+@@ -43,7 +43,6 @@ HEADERS         += 	def/defines.h \
+                     widget/helpbrowser.h \

+                     widget/companylogo.h \

+                     widget/errormessage.h \

+-                    widget/licensedialog.h \

+                     widget/txtmessagedialog.h \

+                     widget/checkversion.h \

+                     sql/connection.h \

+@@ -78,7 +77,6 @@ SOURCES         += 	main.cpp \
+                     widget/helpbrowser.cpp \

+                     widget/companylogo.cpp \

+                     widget/errormessage.cpp \

+-                    widget/licensedialog.cpp \

+                     widget/txtmessagedialog.cpp \

+                     widget/checkversion.cpp \

+                     sql/lessontablesql.cpp \

+--- a/widget/licensedialog.cpp
++++ /dev/null
+@@ -1,168 +0,0 @@
+-/*

+-Copyright (c) 2006-2009, Tom Thielicke IT Solutions

+-

+-This program is free software; you can redistribute it and/or

+-modify it under the terms of the GNU General Public License

+-as published by the Free Software Foundation; either version 2

+-of the License.

+-

+-This program is distributed in the hope that it will be useful,

+-but WITHOUT ANY WARRANTY; without even the implied warranty of

+-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+-GNU General Public License for more details.

+-

+-You should have received a copy of the GNU General Public License

+-along with this program; if not, write to the Free Software

+-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

+-02110-1301, USA.

+-*/

+-

+-/****************************************************************

+-**

+-** Implementation of the LicenseDialog class

+-** File name: licensedialog.cpp

+-**

+-****************************************************************/

+-

+-#include <QHBoxLayout>

+-#include <QVBoxLayout>

+-#include <QMessageBox>

+-#include <QSettings>

+-#include <QCoreApplication>

+-

+-#include "licensedialog.h"

+-#include "def/defines.h"

+-

+-LicenseDialog::LicenseDialog(QWidget *parent) : QDialog(parent) {

+-

+-	setWindowFlags(windowFlags() ^ Qt::WindowContextHelpButtonHint);

+-

+-	setWindowTitle(tr("Lizenznummer"));

+-	setWindowIcon(QIcon(":/img/" + QString(ICON_FILENAME)));

+-

+-	// Create texbox

+-    createLineEdit();

+-

+-	// Create buttons

+-    createButtons();

+-

+-	// Set the layout of all widgets created above

+-	createLayout();

+-

+-	lineLicensing->setFocus();

+-}

+-

+-void LicenseDialog::createButtons() {

+-	//Buttons

+-	buttonOk = new QPushButton(this);

+-	buttonDemo = new QPushButton(this);

+-

+-	buttonOk->setText(tr("&Ok"));

+-	buttonDemo->setText(tr("&Demo starten"));

+-	buttonDemo->setToolTip(tr("Im Demo-Modus koennen pro Lektion nur\n"

+-		"10 Schriftzeichen eingegeben werden"));

+-

+-	buttonOk->setDefault(true);

+-	// Widget connections

+-    connect(buttonOk, SIGNAL(clicked()), this, SLOT(clickOk()));

+-    connect(buttonDemo, SIGNAL(clicked()), this, SLOT(clickDemo()));

+-}

+-

+-void LicenseDialog::createLineEdit() {

+-

+-	lineLicensing = new QLineEdit();

+-	lineLicensing->setInputMask(">NNNNNNNNNNNNNN");

+-

+-	labelLicensing = new QLabel(tr("Bitte geben Sie Ihre Lizenznummer "

+-		"(ohne Leerzeichen) ein, "

+-		"die Sie im Arbeitsbuch (Schulbuch) auf Seite 3 finden:"));

+-

+-	labelLicensing->setWordWrap(true);

+-}

+-

+-void LicenseDialog::createLayout() {

+-	// Button layout horizontal

+-	QHBoxLayout *buttonLayoutHorizontal = new QHBoxLayout;

+-    buttonLayoutHorizontal->addStretch(1);

+-    buttonLayoutHorizontal->addWidget(buttonDemo);

+-    buttonLayoutHorizontal->addWidget(buttonOk);

+-	// Full layout of all widgets vertical

+-	QVBoxLayout *mainLayout = new QVBoxLayout;

+-    mainLayout->addSpacing(1);

+-    mainLayout->addWidget(labelLicensing);

+-    mainLayout->addSpacing(1);

+-    mainLayout->addWidget(lineLicensing);

+-    mainLayout->addSpacing(1);

+-    mainLayout->addLayout(buttonLayoutHorizontal);

+-    mainLayout->setMargin(15);

+-    mainLayout->setSpacing(15);

+-    // Pass layout to parent widget (this)

+-	this->setLayout(mainLayout);

+-}

+-

+-void LicenseDialog::clickOk() {

+-

+-	// Check license key

+-	if (!checkLicenseKey(lineLicensing->text())) {

+-

+-		// License key is wrong

+-

+-		// Message to the user

+-		QMessageBox::information(0, APP_NAME,

+-			tr("Die eingegebene Lizenznummer ist leider nicht "

+-			"korrekt.\nBitte ueberpruefen Sie die Schreibweise."));

+-

+-		lineLicensing->setFocus();

+-

+-	} else {

+-

+-		// License key is ok

+-		writeSettings();

+-		accept();

+-	}

+-}

+-

+-void LicenseDialog::clickDemo() {

+-	accept();

+-}

+-

+-bool LicenseDialog::checkLicenseKey(QString licenseKey) {

+-	if (licenseKey.size() == 14 &&

+-		licenseKey[0].isLetter() &&

+-		licenseKey[1].isLetter() &&

+-		(licenseKey.mid(2, 2) == "39" ||

+-		licenseKey.mid(2, 2) == "41" ||

+-		licenseKey.mid(2, 2) == "43" ||

+-		licenseKey.mid(2, 2) == "49" ||

+-		licenseKey.mid(2, 2) == "99") &&

+-		licenseKey[4].isDigit() &&

+-		licenseKey[5].isDigit() &&

+-		licenseKey[6].isDigit() &&

+-		licenseKey[7].isLetter() &&

+-		licenseKey[8].isDigit() &&

+-		licenseKey[9].isDigit() &&

+-		licenseKey[10].isDigit() &&

+-		licenseKey[11].isDigit() &&

+-		licenseKey[12].isLetter() &&

+-		licenseKey[13].isLetter()) {

+-

+-		return true;

+-	}

+-	return false;

+-}

+-

+-void LicenseDialog::writeSettings() {

+-	// Saves settings of the startwiget

+-	// (uses the default constructor of QSettings, passing

+-	// the application and company name see main function)

+-	#if APP_PORTABLE

+-	QSettings settings(QCoreApplication::applicationDirPath() +

+-    	"/portable/settings.ini", QSettings::IniFormat);

+-    #else

+-	QSettings settings;

+-	#endif

+-

+-	settings.beginGroup("general");

+-	settings.setValue("licensekey", lineLicensing->text());

+-	settings.endGroup();

+-}

+--- a/widget/licensedialog.h
++++ /dev/null
+@@ -1,85 +0,0 @@
+-/*

+-Copyright (c) 2006-2009, Tom Thielicke IT Solutions

+-

+-This program is free software; you can redistribute it and/or

+-modify it under the terms of the GNU General Public License

+-as published by the Free Software Foundation; either version 2

+-of the License.

+-

+-This program is distributed in the hope that it will be useful,

+-but WITHOUT ANY WARRANTY; without even the implied warranty of

+-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+-GNU General Public License for more details.

+-

+-You should have received a copy of the GNU General Public License

+-along with this program; if not, write to the Free Software

+-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

+-02110-1301, USA.

+-*/

+-

+-/****************************************************************

+-**

+-** Definition of the LicenseDialog class

+-** File name: licensedialog.h

+-**

+-****************************************************************/

+-

+-#ifndef LICENSEDIALOG_H

+-#define LICENSEDIALOG_H

+-

+-#include <QDialog>

+-#include <QWidget>

+-#include <QPushButton>

+-#include <QLabel>

+-#include <QLineEdit>

+-#include <QString>

+-

+-//! The LicenseDialog class provides a license input widget.

+-/*!

+-	The LicenseDialog class shows a dialog to enter a license key.

+-

+-	@author Tom Thielicke, s712715

+-	@version 0.0.1

+-	@date 09.09.2008

+-*/

+-class LicenseDialog : public QDialog {

+-	Q_OBJECT

+-

+-	public:

+-

+-		//! Constructor, creates two table objects and provide it in two tabs.

+-		LicenseDialog(QWidget *parent = 0);

+-

+-		bool checkLicenseKey(QString licenseKey);

+-

+-	public slots:

+-

+-	private slots:

+-

+-		//! Start button pressed

+-		void clickOk();

+-

+-		//! Demo button pressed

+-		void clickDemo();

+-

+-	private:

+-

+-		//! Creates a cancel and a ok button.

+-		void createButtons();

+-

+-		//! Creates a textbox.

+-		void createLineEdit();

+-

+-		//! Creates the layout of the complete class.

+-		void createLayout();

+-

+-		//! Writes user settings

+-		void writeSettings();

+-

+-		QPushButton *buttonOk;

+-		QPushButton *buttonDemo;

+-		QLabel *labelLicensing;

+-		QLineEdit *lineLicensing;

+-};

+-

+-#endif //LICENSEDIALOG_H

+--- a/widget/mainwindow.cpp
++++ b/widget/mainwindow.cpp
+@@ -116,11 +116,6 @@ void MainWindow::closeEvent(QCloseEvent
+ 	}

+ }

+ 

+-bool MainWindow::checkLicenseKey(QString licenseKey) {

+-

+-    return false;

+-}

+-

+ void MainWindow::createMenu() {

+ 	//Mac-Version:

+ 	//-----------

+--- a/widget/mainwindow.h
++++ b/widget/mainwindow.h
+@@ -39,7 +39,6 @@ Foundation, Inc., 51 Franklin Street, Fi
+ #include "trainingwidget.h"

+ #include "evaluationwidget.h"

+ #include "illustrationdialog.h"

+-#include "licensedialog.h"

+ #include "games/abcrainwidget.h"

+ #include "helpbrowser.h"

+ 

diff --git a/gnu/packages/patches/totem-debug-format-fix.patch b/gnu/packages/patches/totem-debug-format-fix.patch
deleted file mode 100644
index 7ddd31ee10..0000000000
--- a/gnu/packages/patches/totem-debug-format-fix.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- totem-3.20.1/src/backend/bacon-video-widget.c.orig	2016-03-22 12:45:32.000000000 -0400
-+++ totem-3.20.1/src/backend/bacon-video-widget.c	2016-05-11 02:49:55.299109551 -0400
-@@ -2334,7 +2334,7 @@
-     if (!gst_toc_entry_get_start_stop_times (entry, &start, &stop)) {
-       GST_DEBUG ("Chapter #%d (couldn't get times)", i);
-     } else {
--      GST_DEBUG ("Chapter #%d (start: %li stop: %li)", i, start, stop);
-+      GST_DEBUG ("Chapter #%d (start: %li stop: %li)", i, (long) start, (long) stop);
-     }
-   }
- 
diff --git a/gnu/packages/patches/upower-builddir.patch b/gnu/packages/patches/upower-builddir.patch
index 13cef5876a..d59d4364b8 100644
--- a/gnu/packages/patches/upower-builddir.patch
+++ b/gnu/packages/patches/upower-builddir.patch
@@ -37,7 +37,7 @@ Patch by Andy Wingo <wingo@igalia.com>
 -	if (g_file_test ("../etc/UPower.conf", G_FILE_TEST_EXISTS))
 -		g_setenv ("UPOWER_CONF_FILE_NAME", "../etc/UPower.conf", TRUE);
 -	else
--		g_setenv ("UPOWER_CONF_FILE_NAME", "../../etc/UPower.conf", TRUE);
+-		g_setenv ("UPOWER_CONF_FILE_NAME", "../../../etc/UPower.conf", TRUE);
 -
  	/* tests go here */
  	g_test_add_func ("/power/backend", up_test_backend_func);
diff --git a/gnu/packages/patches/vsearch-unbundle-cityhash.patch b/gnu/packages/patches/vsearch-unbundle-cityhash.patch
new file mode 100644
index 0000000000..b1ecb1f063
--- /dev/null
+++ b/gnu/packages/patches/vsearch-unbundle-cityhash.patch
@@ -0,0 +1,73 @@
+diff --git a/src/Makefile.am b/src/Makefile.am
+index e56a8a2..4adcc48 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -3,7 +3,7 @@ bin_PROGRAMS = $(top_builddir)/bin/vsearch
+ if TARGET_PPC
+ AM_CXXFLAGS=-Wall -Wsign-compare -O3 -g -mcpu=power8
+ else
+-AM_CXXFLAGS=-Wall -Wsign-compare -O3 -g
++AM_CXXFLAGS=-Wall -Wsign-compare -O3 -g -lcityhash
+ endif
+ 
+ AM_CFLAGS=$(AM_CXXFLAGS)
+@@ -18,8 +18,6 @@ allpairs.h \
+ arch.h \
+ bitmap.h \
+ chimera.h \
+-city.h \
+-citycrc.h \
+ cluster.h \
+ cpu.h \
+ db.h \
+@@ -59,31 +57,26 @@ xstring.h
+ 
+ if TARGET_PPC
+ libcpu_a_SOURCES = cpu.cc $(VSEARCHHEADERS)
+-noinst_LIBRARIES = libcpu.a libcityhash.a
++noinst_LIBRARIES = libcpu.a
+ else
+ libcpu_sse2_a_SOURCES = cpu.cc $(VSEARCHHEADERS)
+ libcpu_sse2_a_CXXFLAGS = $(AM_CXXFLAGS) -msse2
+ libcpu_ssse3_a_SOURCES = cpu.cc $(VSEARCHHEADERS)
+ libcpu_ssse3_a_CXXFLAGS = $(AM_CXXFLAGS) -mssse3 -DSSSE3
+-noinst_LIBRARIES = libcpu_sse2.a libcpu_ssse3.a libcityhash.a
++noinst_LIBRARIES = libcpu_sse2.a libcpu_ssse3.a
+ endif
+ 
+-libcityhash_a_SOURCES = city.cc city.h
+-
+ if TARGET_WIN
+ 
+-libcityhash_a_CXXFLAGS = -Wall -Wno-sign-compare -O3 -g -D_MSC_VER
+-__top_builddir__bin_vsearch_LDFLAGS = -static
+-__top_builddir__bin_vsearch_LDADD = libregex.a libcityhash.a libcpu_ssse3.a libcpu_sse2.a
++__top_builddir__bin_vsearch_LDFLAGS = -static -lcityhash
++__top_builddir__bin_vsearch_LDADD = libregex.a libcpu_ssse3.a libcpu_sse2.a
+ 
+ else
+ 
+-libcityhash_a_CXXFLAGS = -Wall -Wno-sign-compare -O3 -g
+-
+ if TARGET_PPC
+-__top_builddir__bin_vsearch_LDADD = libcityhash.a libcpu.a
++__top_builddir__bin_vsearch_LDADD = libcpu.a
+ else
+-__top_builddir__bin_vsearch_LDADD = libcityhash.a libcpu_ssse3.a libcpu_sse2.a
++__top_builddir__bin_vsearch_LDADD = libcpu_ssse3.a libcpu_sse2.a
+ endif
+ 
+ endif
+diff --git a/src/vsearch.h b/src/vsearch.h
+index f2c244b..5f51bbe 100644
+--- a/src/vsearch.h
++++ b/src/vsearch.h
+@@ -148,7 +148,7 @@
+ #include <bzlib.h>
+ #endif
+ 
+-#include "city.h"
++#include <city.h>
+ #include "md5.h"
+ #include "sha1.h"
+ 
diff --git a/gnu/packages/patches/xf86-video-glint-remove-mibstore.patch b/gnu/packages/patches/xf86-video-glint-remove-mibstore.patch
deleted file mode 100644
index 969ed7e41e..0000000000
--- a/gnu/packages/patches/xf86-video-glint-remove-mibstore.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Removes references to mibstore.h and miInitializeBackingStore, which
-have been removed from xorg-server.  Zack Rusin <zackr@vmware.com>
-wrote: "It was a noop for at least 5 years and it has been removed."
-See: http://patches.openembedded.org/patch/46133/
-
---- xf86-video-glint-1.2.8/src/glint_driver.c.~1~	2012-07-15 22:50:47.000000000 -0400
-+++ xf86-video-glint-1.2.8/src/glint_driver.c	2014-12-19 00:42:39.162714279 -0500
-@@ -52,8 +52,6 @@
- #include "compiler.h"
- #include "mipointer.h"
- 
--#include "mibstore.h"
--
- #include "pm3_regs.h"
- #include "glint_regs.h"
- #include "IBM.h"
-@@ -2904,7 +2902,6 @@
-         }
-     }
- 
--    miInitializeBackingStore(pScreen);
-     xf86SetBackingStore(pScreen);
-     xf86SetSilkenMouse(pScreen);
- 
diff --git a/gnu/packages/patches/xf86-video-nv-remove-mibstore.patch b/gnu/packages/patches/xf86-video-nv-remove-mibstore.patch
deleted file mode 100644
index 48588ed0e4..0000000000
--- a/gnu/packages/patches/xf86-video-nv-remove-mibstore.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-Removes references to mibstore.h and miInitializeBackingStore, which
-have been removed from xorg-server.  Zack Rusin <zackr@vmware.com>
-wrote: "It was a noop for at least 5 years and it has been removed."
-See: http://patches.openembedded.org/patch/46133/
-
-diff -ru xf86-video-nv-2.1.20.orig/src/g80_driver.c xf86-video-nv-2.1.20/src/g80_driver.c
---- xf86-video-nv-2.1.20.orig/src/g80_driver.c	2012-07-17 02:47:02.000000000 -0400
-+++ xf86-video-nv-2.1.20/src/g80_driver.c	2014-12-17 10:11:42.197579082 -0500
-@@ -34,7 +34,6 @@
- #include <xf86Resources.h>
- #endif
- #include <mipointer.h>
--#include <mibstore.h>
- #include <micmap.h>
- #include <xf86cmap.h>
- #include <fb.h>
-@@ -833,7 +832,6 @@
-         }
-     }
- 
--    miInitializeBackingStore(pScreen);
-     xf86SetBackingStore(pScreen);
-     xf86SetSilkenMouse(pScreen);
- 
-diff -ru xf86-video-nv-2.1.20.orig/src/nv_driver.c xf86-video-nv-2.1.20/src/nv_driver.c
---- xf86-video-nv-2.1.20.orig/src/nv_driver.c	2012-07-17 02:47:02.000000000 -0400
-+++ xf86-video-nv-2.1.20/src/nv_driver.c	2014-12-17 10:11:39.037563413 -0500
-@@ -2550,7 +2550,6 @@
-     if (!pNv->NoAccel)
- 	NVAccelInit(pScreen);
-     
--    miInitializeBackingStore(pScreen);
-     xf86SetBackingStore(pScreen);
-     xf86SetSilkenMouse(pScreen);
- 
-diff -ru xf86-video-nv-2.1.20.orig/src/nv_include.h xf86-video-nv-2.1.20/src/nv_include.h
---- xf86-video-nv-2.1.20.orig/src/nv_include.h	2012-07-17 02:48:19.000000000 -0400
-+++ xf86-video-nv-2.1.20/src/nv_include.h	2014-12-17 10:11:22.089479372 -0500
-@@ -24,9 +24,6 @@
- /* All drivers initialising the SW cursor need this */
- #include "mipointer.h"
- 
--/* All drivers implementing backing store need this */
--#include "mibstore.h"
--
- #include "micmap.h"
- 
- #include "xf86DDC.h"
-diff -ru xf86-video-nv-2.1.20.orig/src/riva_driver.c xf86-video-nv-2.1.20/src/riva_driver.c
---- xf86-video-nv-2.1.20.orig/src/riva_driver.c	2012-07-17 02:47:02.000000000 -0400
-+++ xf86-video-nv-2.1.20/src/riva_driver.c	2014-12-17 10:11:31.101524060 -0500
-@@ -1168,7 +1168,6 @@
-     if (!pRiva->NoAccel)
- 	RivaAccelInit(pScreen);
-     
--    miInitializeBackingStore(pScreen);
-     xf86SetBackingStore(pScreen);
-     xf86SetSilkenMouse(pScreen);
- 
-diff -ru xf86-video-nv-2.1.20.orig/src/riva_include.h xf86-video-nv-2.1.20/src/riva_include.h
---- xf86-video-nv-2.1.20.orig/src/riva_include.h	2012-07-17 02:48:45.000000000 -0400
-+++ xf86-video-nv-2.1.20/src/riva_include.h	2014-12-17 10:11:12.229430478 -0500
-@@ -22,9 +22,6 @@
- /* All drivers initialising the SW cursor need this */
- #include "mipointer.h"
- 
--/* All drivers implementing backing store need this */
--#include "mibstore.h"
--
- #include "micmap.h"
- 
- #include "xf86DDC.h"
diff --git a/gnu/packages/patches/xinetd-CVE-2013-4342.patch b/gnu/packages/patches/xinetd-CVE-2013-4342.patch
new file mode 100644
index 0000000000..ad57bc7b0e
--- /dev/null
+++ b/gnu/packages/patches/xinetd-CVE-2013-4342.patch
@@ -0,0 +1,36 @@
+Fix CVE-2013-4342:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678
+
+Patch copied from upstream source repository:
+
+https://github.com/xinetd-org/xinetd/commit/91e2401a219121eae15244a6b25d2e79c1af5864
+
+From 91e2401a219121eae15244a6b25d2e79c1af5864 Mon Sep 17 00:00:00 2001
+From: Thomas Swan <thomas.swan@gmail.com>
+Date: Wed, 2 Oct 2013 23:17:17 -0500
+Subject: [PATCH] CVE-2013-4342: xinetd: ignores user and group directives for
+ TCPMUX services
+
+Originally reported to Debian in 2005 <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678> and rediscovered <https://bugzilla.redhat.com/show_bug.cgi?id=1006100>, xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root).
+---
+ xinetd/builtins.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/xinetd/builtins.c b/xinetd/builtins.c
+index 3b85579..34a5bac 100644
+--- a/xinetd/builtins.c
++++ b/xinetd/builtins.c
+@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp )
+    if( SC_IS_INTERNAL( scp ) ) {
+       SC_INTERNAL(scp, nserp);
+    } else {
+-      exec_server(nserp);
++      child_process(nserp);
+    }
+ }
+ 
+-- 
+2.7.4
+
diff --git a/gnu/packages/patches/xinetd-fix-fd-leak.patch b/gnu/packages/patches/xinetd-fix-fd-leak.patch
new file mode 100644
index 0000000000..77e4600185
--- /dev/null
+++ b/gnu/packages/patches/xinetd-fix-fd-leak.patch
@@ -0,0 +1,26 @@
+Fix a file descriptor leak:
+
+https://github.com/xinetd-org/xinetd/issues/23
+
+Patch copied from Debian:
+
+https://anonscm.debian.org/cgit/collab-maint/xinetd.git/tree/debian/patches/000012-fix_fd_leak
+
+Patch sent upstream at https://github.com/xinetd-org/xinetd/pull/26.
+
+diff --git a/xinetd/xgetloadavg.c b/xinetd/xgetloadavg.c
+index 5a26214..fe0f872 100644
+--- a/xinetd/xgetloadavg.c
++++ b/xinetd/xgetloadavg.c
+@@ -34,7 +34,7 @@ double xgetloadavg(void)
+ 
+    if( fscanf(fd, "%lf", &ret) != 1 ) {
+       perror("fscanf");
+-      return -1;
++      ret = -1;
+    }
+ 
+    fclose(fd);
+-- 
+2.7.4
+
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index b86647d4ee..58416ee66c 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -6,10 +6,11 @@
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
 ;;; Coypright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Coypright © 2016 Efraim Flashner <efraim@flashner.co.il>
-;;; Coypright © 2016 Marius Bakke <mbakke@fastmail.com>
+;;; Coypright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Coypright © 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Coypright © 2016 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2016 Arun Isaac <arunisaac@systemreboot.net>
+;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -271,7 +272,7 @@ reading and editing of existing PDF files.")
 (define-public zathura-cb
   (package
     (name "zathura-cb")
-    (version "0.1.5")
+    (version "0.1.6")
     (source (origin
               (method url-fetch)
               (uri
@@ -279,7 +280,7 @@ reading and editing of existing PDF files.")
                               version ".tar.gz"))
               (sha256
                (base32
-                "1zbazysdjwwnzw01qlnzyixwmsi8rqskc76mp81qcr3rpl96jprp"))))
+                "1fim4mpm8l2g3msj1vg70ks3c9lrwllv3yh4jv8l9f8k3r19b3l8"))))
     (native-inputs `(("pkg-config" ,pkg-config)))
     (propagated-inputs `(("girara" ,girara)))
     (inputs `(("libarchive" ,libarchive)
@@ -302,7 +303,7 @@ using libarchive.")
 (define-public zathura-ps
   (package
     (name "zathura-ps")
-    (version "0.2.3")
+    (version "0.2.4")
     (source (origin
               (method url-fetch)
               (uri
@@ -310,7 +311,7 @@ using libarchive.")
                               version ".tar.gz"))
               (sha256
                (base32
-                "18wsfy8pqficdgj8wy2aws7j4fy8z78157rhqk17mj5f295zgvm9"))))
+                "1nxbl0glnzpan78fhdfzhkcd0cikcvrkzf9m56mb0pvnwzlwg7zv"))))
     (native-inputs `(("pkg-config" ,pkg-config)))
     (propagated-inputs `(("girara" ,girara)))
     (inputs `(("libspectre" ,libspectre)
@@ -333,7 +334,7 @@ using libspectre.")
 (define-public zathura-djvu
   (package
     (name "zathura-djvu")
-    (version "0.2.5")
+    (version "0.2.6")
     (source (origin
               (method url-fetch)
               (uri
@@ -341,7 +342,7 @@ using libspectre.")
                               version ".tar.gz"))
               (sha256
                (base32
-                "03cw54d2fipvbrnbqy0xccqkx6s77dyhyymx479aj5ryy4513dq8"))))
+                "0py0ra44f65cg064xzds0qr6vnglj2a5bwhnbwa0dyh2nyizdzmf"))))
     (native-inputs `(("pkg-config" ,pkg-config)))
     (propagated-inputs `(("girara" ,girara)))
     (inputs
@@ -365,7 +366,7 @@ using the DjVuLibre library.")
 (define-public zathura-pdf-poppler
   (package
     (name "zathura-pdf-poppler")
-    (version "0.2.6")
+    (version "0.2.7")
     (source (origin
               (method url-fetch)
               (uri
@@ -373,7 +374,7 @@ using the DjVuLibre library.")
                               version ".tar.gz"))
               (sha256
                (base32
-                "1maqiv7yv8d8hymlffa688c5z71v85kbzmx2j88i8z349xx0rsyi"))))
+                "1h43sgxpsbrsnn5z19661642plzhpv6b0y3f4kyzshv1rr6lwplq"))))
     (native-inputs `(("pkg-config" ,pkg-config)))
     (propagated-inputs `(("girara" ,girara)))
     (inputs
@@ -398,7 +399,7 @@ by using the poppler rendering engine.")
 (define-public zathura
   (package
     (name "zathura")
-    (version "0.3.6")
+    (version "0.3.7")
     (source (origin
               (method url-fetch)
               (uri
@@ -406,7 +407,7 @@ by using the poppler rendering engine.")
                               version ".tar.gz"))
               (sha256
                (base32
-                "0fyb5hak0knqvg90rmdavwcmilhnrwgg1s5ykx9wd3skbpi8nsh8"))
+                "1w0g74dq4z2vl3f99s2gkaqrb5pskgzig10qhbxj4gq9yj4zzbr2"))
               (patches (search-patches
                         "zathura-plugindir-environment-variable.patch"))))
     (native-inputs `(("pkg-config" ,pkg-config)
@@ -480,6 +481,7 @@ extracting content or merging files.")
 (define-public mupdf
   (package
     (name "mupdf")
+    (replacement mupdf/fixed)
     (version "1.10a")
     (source
       (origin
@@ -538,6 +540,18 @@ line tools for batch rendering (pdfdraw), rewriting files (pdfclean),
 and examining the file structure (pdfshow).")
     (license license:agpl3+)))
 
+(define mupdf/fixed
+  (package
+    (inherit mupdf)
+    (source
+      (origin
+        (inherit (package-source mupdf))
+        (patches
+          (append
+            (origin-patches (package-source mupdf))
+            (search-patches "mupdf-mujs-CVE-2016-10132.patch"
+                            "mupdf-mujs-CVE-2016-10133.patch")))))))
+
 (define-public qpdf
   (package
    (name "qpdf")
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index 09278f4251..fb294eb42d 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -5950,7 +5950,7 @@ done, how much is left to do, and estimate how long it will take.")
 (define-public perl-term-readkey
   (package
     (name "perl-term-readkey")
-    (version "2.32")
+    (version "2.37")
     (source
      (origin
        (method url-fetch)
@@ -5958,7 +5958,7 @@ done, how much is left to do, and estimate how long it will take.")
                            "TermReadKey-" version ".tar.gz"))
        (sha256
         (base32
-         "1y79w5cj98w0a1nqxjhmaw01p2hfhzfw340m2qxd11p6124hxfaq"))))
+         "0hdj5mldpj3pyprd4hbbalfx9yjgi5p59gg2ixk9808f5v7q74sa"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/TermReadKey")
     (synopsis "Simple terminal control")
diff --git a/gnu/packages/photo.scm b/gnu/packages/photo.scm
index 8e823cfc21..ce71d2a441 100644
--- a/gnu/packages/photo.scm
+++ b/gnu/packages/photo.scm
@@ -163,7 +163,7 @@ MTP, and much more.")
 (define-public perl-image-exiftool
   (package
     (name "perl-image-exiftool")
-    (version "10.20")
+    (version "10.40")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -171,7 +171,7 @@ MTP, and much more.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "0akdnxvb23ibcwa63ncibaj5m5k56cb34x8gy90z9lqcjl0f4sph"))))
+                "1p05d9k94win8a24cr7lsllb6wjl3dagsmdbcxzv6f68z7i1jdly"))))
     (build-system perl-build-system)
     (arguments
      '(#:phases (alist-cons-after
@@ -186,10 +186,10 @@ MTP, and much more.")
                                    `("PERL5LIB" prefix (,lib)))))
                  %standard-phases)))
     (home-page "http://search.cpan.org/dist/Image-ExifTool")
-    (synopsis "Program and Perl library to manipulate EXIF tags")
-    (description
-     "This package provides the 'exiftool' command and the 'Image::ExifTool'
-Perl library to manipulate EXIF tags of digital images.")
+    (synopsis "Program and Perl library to manipulate EXIF and other metadata")
+    (description "This package provides the @code{exiftool} command and the
+@code{Image::ExifTool} Perl library to manipulate EXIF tags of digital images
+and a wide variety of other metadata.")
     (license (package-license perl))))
 
 (define-public libpano13
diff --git a/gnu/packages/plotutils.scm b/gnu/packages/plotutils.scm
index 74d209192f..bf993c66a7 100644
--- a/gnu/packages/plotutils.scm
+++ b/gnu/packages/plotutils.scm
@@ -173,14 +173,14 @@ colors, styles, options and details.")
 (define-public asymptote
   (package
     (name "asymptote")
-    (version "2.38")
+    (version "2.39")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/asymptote/"
                                   version "/asymptote-" version ".src.tgz"))
               (sha256
                (base32
-                "1dxwvq0xighqckkjkjva8s0igxfgy1j25z81pbwvlz6jzsrxpip9"))))
+                "187q81yw06x4gv2spfn0hcs1064ym3a8l6mdgawymfhqd60yhrs3"))))
     (build-system gnu-build-system)
     ;; Note: The 'asy' binary retains a reference to docdir for use with its
     ;; "help" command in interactive mode, so adding a "doc" output is not
diff --git a/gnu/packages/polkit.scm b/gnu/packages/polkit.scm
index e224ca22f3..0e38dd61ee 100644
--- a/gnu/packages/polkit.scm
+++ b/gnu/packages/polkit.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015 Andy Wingo <wingo@igalia.com>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Huang Ying <huang.ying.caritas@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -28,6 +29,7 @@
   #:use-module (gnu packages)
   #:use-module (gnu packages freedesktop)
   #:use-module (gnu packages glib)
+  #:use-module (gnu packages gtk)
   #:use-module (gnu packages gnuzilla)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages perl)
@@ -159,3 +161,27 @@ PolicyKit API through a Qt-styled API.  It is mainly a wrapper around
 QAction and QAbstractButton that lets you integrate those two component
 easily with PolicyKit.")
     (license lgpl2.0+)))
+
+(define-public polkit-gnome
+  (package
+    (name "polkit-gnome")
+    (version "0.105")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnome/sources/"
+                                  name "/" version "/"
+                                  name "-" version ".tar.xz"))
+              (sha256
+               (base32
+                "0sckmcbxyj6sbrnfc5p5lnw27ccghsid6v6wxq09mgxqcd4lk10p"))))
+    (build-system gnu-build-system)
+    (inputs `(("gtk+" ,gtk+)
+              ("polkit" ,polkit)))
+    (native-inputs `(("intltool"   ,intltool)
+                     ("pkg-config" ,pkg-config)))
+    (synopsis "Legacy polkit authentication agent for GNOME")
+    (description "PolicyKit-gnome provides a D-Bus session bus service
+that is used to bring up authentication dialogs used for obtaining
+privileges.")
+    (home-page "http://www.freedesktop.org/wiki/Software/polkit/")
+    (license lgpl2.0+)))
diff --git a/gnu/packages/popt.scm b/gnu/packages/popt.scm
index 3200873d58..a9b5f501da 100644
--- a/gnu/packages/popt.scm
+++ b/gnu/packages/popt.scm
@@ -20,7 +20,6 @@
 (define-module (gnu packages popt)
   #:use-module (guix packages)
   #:use-module (guix download)
-  #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system cmake)
   #:use-module (guix licenses))
@@ -95,16 +94,15 @@ similar to getopt(3), it contains a number of enhancements, including:
 (define-public gflags
   (package
     (name "gflags")
-    (version "2.1.2")
+    (version "2.2.0")
     (source (origin
-              (method git-fetch)
-              (uri (git-reference
-                    (commit (string-append "v" version))
-                    (url "https://github.com/gflags/gflags.git")))
+              (method url-fetch)
+              (uri (string-append "https://github.com/gflags/gflags"
+                                  "/archive/v" version ".tar.gz"))
               (sha256
                (base32
-                "0qxvr9cyxq3px60jglkm94pq5bil8dkjjdb99l3ypqcds7iypx9w"))
-              (file-name (string-append name "-" version "-checkout"))))
+                "120z4w40zr4s8wvfyw1bdmqvincwrwjnimzlwhs1ficaa333cv26"))
+              (file-name (string-append name "-" version ".tar.gz"))))
     (build-system cmake-build-system)
     (arguments
      '(#:configure-flags '("-DBUILD_SHARED_LIBS=ON"
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index fd423d3112..1492e0f369 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -23,17 +23,19 @@
 ;;; Copyright © 2016 Daniel Pimentel <d4n1@d4n1.org>
 ;;; Copyright © 2016 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2016 Troy Sankey <sankeytms@gmail.com>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2016 Dylan Jeffers <sapientech@sapientech@openmailbox.org>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
-;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2016 Stefan Reichoer <stefan@xsteve.at>
 ;;; Copyright © 2016 Dylan Jeffers <sapientech@sapientech@openmailbox.org>
 ;;; Copyright © 2016 Alex Vong <alexvong1995@gmail.com>
 ;;; Copyright © 2016 Arun Isaac <arunisaac@systemreboot.net>
-;;; Copyright © 2016 Julien Lepiller <julien@lepiller.eu>
+;;; Copyright © 2016, 2017 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 Thomas Danckaert <post@thomasdanckaert.be>
+;;; Copyright © 2017 Carlo Zancanaro <carlo@zancanaro.id.au>
+;;; Copyright © 2017 Frederick M. Muriithi <fredmanglis@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1079,14 +1081,14 @@ Python file, so it can be easily copied into your project.")
 (define-public python-dateutil
   (package
     (name "python-dateutil")
-    (version "2.5.2")
+    (version "2.5.3")
     (source
      (origin
       (method url-fetch)
       (uri (pypi-uri "python-dateutil" version))
       (sha256
        (base32
-        "0jrfpcgvgya6hs45dhrd9yiqgdgz9qp9aa07zsw8gqgn8zphff86"))))
+        "1v9j9fmf8g911yg6k01xa2db6dx3wv73zkk7fncsj7vagjqgs20l"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-six" ,python-six)))
@@ -1186,14 +1188,14 @@ under several distributions that's hard or impossible to figure out.")
 (define-public python2-pysqlite
   (package
     (name "python2-pysqlite")
-    (version "2.8.1")
+    (version "2.8.3")
     (source
      (origin
       (method url-fetch)
       (uri (pypi-uri "pysqlite" version))
       (sha256
        (base32
-        "0rm0zqyb363y6wljhfmbxs16jjv7p8nk1d8zgq9sdwj6js7y3jkm"))))
+        "1424gwq9sil2ffmnizk60q36vydkv8rxs6m7xs987kz8cdc37lqp"))))
     (build-system python-build-system)
     (inputs
      `(("sqlite" ,sqlite)))
@@ -1315,7 +1317,7 @@ Python 3.3+.")
     (arguments `(#:python ,python-2
                  #:tests? #f))                    ; invalid command "test"
     (home-page "https://fedorahosted.org/dogtail/")
-    (synopsis "GUI test tool and automation framework written in ​Python")
+    (synopsis "GUI test tool and automation framework written in Python")
     (description
      "Dogtail is a GUI test tool and automation framework written in Python.
 It uses Accessibility (a11y) technologies to communicate with desktop
@@ -2121,14 +2123,14 @@ protocol.")
 (define python-pbr-minimal
   (package
     (name "python-pbr-minimal")
-    (version "1.8.1")
+    (version "1.10.0")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "pbr" version))
        (sha256
         (base32
-         "0jcny36cf3s8ar5r4a575npz080hndnrfs4np1fqhv0ym4k7c4p2"))))
+         "177kd9kbv1hvf2ban7l3x9ymzbi1md4hkaymwbgnz7ihf312hr0q"))))
     (build-system python-build-system)
     (arguments
      `(#:tests? #f))
@@ -2282,10 +2284,11 @@ executed.")
     (propagated-inputs
      `(("python-coverage" ,python-coverage)))
     (home-page "https://github.com/schlamar/cov-core")
-    (synopsis "plugin core for use by pytest-cov, nose-cov and nose2-cov")
+    (synopsis "Coverage plugin core for pytest-cov, nose-cov and nose2-cov")
     (description
-     "This is a library package for use by pytest-cov, nose-cov and nose2-cov.
-It is useful for developing coverage plugins for these testing frameworks.")
+     "This is a library package for use by @code{pytest-cov}, @code{nose-cov}
+and @code{nose2-cov}.  It is useful for developing coverage plugins for these
+testing frameworks.")
     (license license:expat)))
 
 (define-public python2-cov-core
@@ -2389,16 +2392,15 @@ files.")
 (define-public python-certifi
   (package
     (name "python-certifi")
-    (version "2016.8.31")
+    (version "2017.1.23")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "certifi" version))
               (sha256
                (base32
-                "06c9dcyv8ss050gkv5xjivbxhm6qm0s9vzy4r33wqabgv118lw7p"))))
+                "1klrzl3hgvcf2mjk00g0k3kk1p2z27vzwnxivwar4vhjmjvpz1w1"))))
     (build-system python-build-system)
-    (arguments `(#:tests? #f)) ; no tests
-    (home-page "http://python-requests.org/")
+    (home-page "https://certifi.io/")
     (synopsis "Python CA certificate bundle")
     (description
      "Certifi is a Python library that contains a CA certificate bundle, which
@@ -2451,14 +2453,14 @@ with sensible defaults out of the box.")
 (define-public python-wheel
   (package
     (name "python-wheel")
-    (version "0.29.0")
+    (version "0.30.0a0")
     (source
       (origin
         (method url-fetch)
         (uri (pypi-uri "wheel" version))
         (sha256
          (base32
-          "0j0n38hg1jvrmyy68f9ikvzq1gs9g0sx4ws7maf8wi3bwbbqmfqy"))))
+          "1nm6mn8isny0hr86rhbfrpfj867c0phf001xgsd69xfp9ady1wwq"))))
     (build-system python-build-system)
     (native-inputs
      `(("python-jsonschema" ,python-jsonschema)
@@ -2612,13 +2614,13 @@ cutting and pasting that code over and over.")
 (define-public python-unidecode
   (package
     (name "python-unidecode")
-    (version "0.04.18")
+    (version "0.04.20")
     (source (origin
              (method url-fetch)
              (uri (pypi-uri "Unidecode" version))
              (sha256
               (base32
-               "12hhblqy1ajvidm38im4171x4arg83pfmziyn53nizp29p3m14gi"))))
+               "1q00i8gpsq3d9r0q8wk4b290fxl0kqlsdk7iadvli45in6s1hi7d"))))
     (build-system python-build-system)
     (home-page "https://pypi.python.org/pypi/Unidecode")
     (synopsis "ASCII transliterations of Unicode text")
@@ -3267,15 +3269,13 @@ mining and data analysis.")
 (define-public python-redis
   (package
     (name "python-redis")
-    (version "2.10.3")
+    (version "2.10.5")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append
-             "https://pypi.python.org/packages/source/r/redis/redis-"
-             version ".tar.gz"))
+       (uri (pypi-uri "redis" version))
        (sha256
-        (base32 "1701qjwn4n05q90fdg4bsg96s27xf5s4hsb4gxhv3xk052q3gyx4"))))
+        (base32 "0csmrkxb29x7xs9b51zplwkkq2hwnbh9jns1g85dykn5rxmaxysx"))))
     (build-system python-build-system)
     ;; Tests require a running Redis server
     (arguments '(#:tests? #f))
@@ -4133,14 +4133,14 @@ Python code against some of the style conventions in
 (define-public python-orderedmultidict
   (package
     (name "python-orderedmultidict")
-    (version "0.7.10")
+    (version "0.7.11")
     (source
       (origin
         (method url-fetch)
         (uri (pypi-uri "orderedmultidict" version))
         (sha256
           (base32
-            "1gvqk0jd432wsn88kq4svad68xz3r012jfpnhh9in7bqrkyxidky"))))
+            "0dls862ibm7qbq4fnvwx0xn1v9hwyzywbff8xjjdr42dd75208yw"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -4272,14 +4272,14 @@ You might also want to install the following optional dependencies:
 (define-public python-alembic
   (package
     (name "python-alembic")
-    (version "0.8.7")
+    (version "0.8.10")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "alembic" version))
        (sha256
         (base32
-         "0ias6fdzwr2s220fnjspkdgm9510bd0cnap0hx5y4zy4srba9f3z"))))
+         "06br9sfqypnjlal6fsbnky3zb0askwcn3diz8k3kwa0qcblm0fqf"))))
     (build-system python-build-system)
     (native-inputs
      `(("python-mock" ,python-mock)
@@ -4299,6 +4299,34 @@ SQLAlchemy Database Toolkit for Python.")
 (define-public python2-alembic
   (package-with-python2 python-alembic))
 
+(define-public python-autopep8
+  (package
+  (name "python-autopep8")
+  (version "1.2.4")
+  (source
+   (origin
+     (method url-fetch)
+     (uri (pypi-uri "autopep8" version))
+     (sha256
+      (base32
+       "18parm383lfn42a00wklv3qf20p4v277f1x3cn58x019dqk1xqrq"))))
+  (build-system python-build-system)
+  (propagated-inputs
+    `(("python-pep8" ,python-pep8)))
+  (home-page "https://github.com/hhatto/autopep8")
+  (synopsis "Format Python code according to the PEP 8 style guide")
+  (description
+    "@code{autopep8} automatically formats Python code to conform to
+the PEP 8 style guide.  It uses the pycodestyle utility to determine
+what parts of the code needs to be formatted.  @code{autopep8} is
+capable of fixing most of the formatting issues that can be reported
+by pycodestyle.")
+  (license (license:non-copyleft
+            "https://github.com/hhatto/autopep8/blob/master/LICENSE"))))
+
+(define-public python2-autopep8
+  (package-with-python2 python-autopep8))
+
 (define-public python-distutils-extra
   (package
     (name "python-distutils-extra")
@@ -5297,6 +5325,24 @@ features useful for text console applications.")
 (define-public python2-urwid
   (package-with-python2 python-urwid))
 
+(define-public python-openid
+  (package
+    (name "python-openid")
+    (version "3.0.10")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "python3-openid" version))
+       (sha256
+        (base32
+         "1x3nh3fycqfn43jp5j5pb4q4y2jxp4mdka4absaa3bc0078qd758"))))
+    (build-system python-build-system)
+    (home-page "https://github.com/necaris/python3-openid")
+    (synopsis "OpenID support for servers and consumers")
+    (description "This library provides OpenID authentication for Python, both
+for clients and servers.")
+    (license license:asl2.0)))
+
 (define-public python2-openid
   (package
     (name "python2-openid")
@@ -5672,13 +5718,13 @@ Python style, together with a fast and comfortable execution environment.")
 (define-public python-seaborn
   (package
     (name "python-seaborn")
-    (version "0.7.0")
+    (version "0.7.1")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "seaborn" version))
        (sha256
-        (base32 "0ibi3xsfm2kysph61mnfy0pf8d5rkgxgrdb0z9nbizgcgdsb5a0m"))))
+        (base32 "0pawrqc3mxpwd5g9pvi9gba02637bh5c8ldpp8izfwpfn52469zs"))))
     (build-system python-build-system)
     (arguments
      '(#:tests? #f)) ; Tests requires a running X11 server.
@@ -6186,20 +6232,39 @@ complexity of Python source code.")
 (define-public python2-flake8-2.2.4
   (package-with-python2 python-flake8-2.2.4))
 
+(define-public python-flake8-polyfill
+  (package
+    (name "python-flake8-polyfill")
+    (version "1.0.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "flake8-polyfill" version))
+       (sha256
+        (base32
+         "02gn2wxvh9vnf7m7dld7ca4l60mg5c370hv3swwppkngwaqmcw67"))))
+    (build-system python-build-system)
+    (home-page "https://gitlab.com/pycqa/flake8-polyfill")
+    (synopsis "Polyfill package for Flake8 plugins")
+    (description
+     "This package that provides some compatibility helpers for Flake8
+plugins that intend to support Flake8 2.x and 3.x simultaneously.")
+    (license license:expat)))
+
+(define-public python2-flake8-polyfill
+  (package-with-python2 python-flake8-polyfill))
+
 (define-public python-mistune
   (package
     (name "python-mistune")
-    (version "0.7")
+    (version "0.7.3")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append
-             "https://pypi.python.org/packages/source/m/mistune/mistune-"
-             version
-             ".tar.gz"))
+       (uri (pypi-uri "mistune" version))
        (sha256
         (base32
-         "17zqjp9m4d1w3jf2rbbq5xshcw24q1vlcv24gkgfqqyyymajxahx"))))
+         "04xpk1zvslhq3xpnf01g3ag0dy9wfv4z28p093r8k49vvxlyil11"))))
     (build-system python-build-system)
     (native-inputs
      `(("python-nose" ,python-nose)
@@ -6278,6 +6343,65 @@ pseudo terminal (pty), and interact with both the process and its pty.")
 (define-public python2-ptyprocess
   (package-with-python2 python-ptyprocess))
 
+(define-public python-cram
+  (package
+    (name "python-cram")
+    (version "0.7")
+    (home-page "https://bitheap.org/cram/")
+    (source (origin
+              (method url-fetch)
+              (uri (list (string-append home-page "cram-"
+                                        version ".tar.gz")
+                         (pypi-uri "cram" version)))
+              (sha256
+               (base32
+                "0bvz6fwdi55rkrz3f50zsy35gvvwhlppki2yml5bj5ffy9d499vx"))))
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-source
+           (lambda _
+             (substitute* (find-files "cram" ".*\\.py$")
+               ;; Replace default shell path.
+               (("/bin/sh") (which "sh")))
+             (substitute* (find-files "tests" ".*\\.t$")
+               (("md5") "md5sum")
+               (("/bin/bash") (which "bash"))
+               (("/bin/sh") (which "sh")))
+             (substitute* "cram/_test.py"
+               ;; This hack works around a bug triggered by substituting
+               ;; the /bin/sh paths. "tests/usage.t" compares the output of
+               ;; "cram -h", which breaks the output at 80 characters. This
+               ;; causes the line showing the default shell to break into two
+               ;; lines, but the test expects a single line...
+               (("env\\['COLUMNS'\\] = '80'")
+                "env['COLUMNS'] = '160'"))
+             #t))
+         (delete 'check)
+         (add-after 'install 'check
+           ;; The test phase uses the built library and executable.
+           ;; It's easier to run it after install since the build
+           ;; directory contains version-specific PATH.
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (add-installed-pythonpath inputs outputs)
+             (setenv "PATH" (string-append (getenv "PATH") ":"
+                                           (assoc-ref outputs "out") "/bin"))
+             (zero? (system* "make" "test")))))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-coverage" ,python-coverage)
+       ("which" ,which)))
+    (synopsis "Simple testing framework for command line applications")
+    (description
+     "Cram is a functional testing framework for command line applications.
+Cram tests look like snippets of interactive shell sessions.  Cram runs each
+command and compares the command output in the test with the command’s actual
+output.")
+    (license license:gpl2+)))
+
+(define-public python2-cram
+  (package-with-python2 python-cram))
+
 (define-public python-terminado
   (package
     (name "python-terminado")
@@ -7171,16 +7295,14 @@ serve the same purpose: provide Python bindings for libmagic.")))
 (define-public python-debian
   (package
     (name "python-debian")
-    (version "0.1.23")
+    (version "0.1.28")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append
-             "https://pypi.python.org/packages/source/p/python-debian/python-debian-"
-             version ".tar.gz"))
+       (uri (pypi-uri name version))
        (sha256
         (base32
-         "193faznwnjc3n5991wyzim6h9gyq1zxifmfrnpm3avgkh7ahyynh"))))
+         "0i15f0xzx679sd0ldq2sls9pnnps9fv6vhqvnv9dzf4qhma42i0y"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-six" ,python-six)))
@@ -8487,13 +8609,13 @@ processes across test runs.")
 (define-public python-icalendar
   (package
     (name "python-icalendar")
-    (version "3.11.1")
+    (version "3.11.2")
     (source (origin
              (method url-fetch)
              (uri (pypi-uri "icalendar" version))
              (sha256
               (base32
-               "1bvi7rzh7scl4nmgj2n2cy7k0v3p29y15cqy2hcdnfq9mnhdr63y"))))
+               "17rcy6rb9kqjf4p707ivmx7phjq7ngcz3bf7zriwxrqgrjagj7ag"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-dateutil" ,python-dateutil)
@@ -8805,16 +8927,16 @@ supports url redirection and retries, and also gzip and deflate decoding.")
 (define-public python-colorama
   (package
    (name "python-colorama")
-   (version "0.3.3")
+   (version "0.3.7")
    (source
     (origin
      (method url-fetch)
      (uri (pypi-uri "colorama" version))
      (sha256
       (base32
-       "1716z9pq1r5ys3nkg7wdrb3h2f9rmd0zdxpxzmx3bgwgf6xg48gb"))))
+       "0avqkn6362v7k2kg3afb35g4sfdvixjgy890clip4q174p9whhz0"))))
    (build-system python-build-system)
-   (synopsis "colored terminal text rendering for Python")
+   (synopsis "Colored terminal text rendering for Python")
    (description "Colorama is a Python library for rendering colored terminal
 text.")
    (home-page "https://pypi.python.org/pypi/colorama")
@@ -8965,14 +9087,14 @@ interface to the Amazon Web Services (AWS) API.")
 (define-public awscli
   (package
    (name "awscli")
-   (version "1.11.35")
+   (version "1.11.43")
    (source
     (origin
      (method url-fetch)
      (uri (pypi-uri name version))
      (sha256
       (base32
-       "0k6y8cg311bqak5x9pilg80w6f76dcbzm6xcdrw6rjnk6v4xwy70"))))
+       "1x94jmy8ygld8g4pf35zdankh4dx8g8qn3q9j3hrbawqw0vkrp3y"))))
    (build-system python-build-system)
    (propagated-inputs
     `(("python-colorama" ,python-colorama)
@@ -8986,7 +9108,7 @@ interface to the Amazon Web Services (AWS) API.")
       ("python-sphinx" ,python-sphinx)
       ("python-tox" ,python-tox)
       ("python-wheel" ,python-wheel)))
-   (home-page "http://aws.amazon.com/cli/")
+   (home-page "https://aws.amazon.com/cli/")
    (synopsis "Command line client for AWS")
    (description "AWS CLI provides a unified command line interface to the
 Amazon Web Services (AWS) API.")
@@ -9062,7 +9184,21 @@ normally the case.")
                 "1vqh1n5yy5dhnq312kwrl90fnck4v26is3lq3lxdvcn60vv19da0"))))
     (build-system python-build-system)
     (arguments
-     `(#:tests? #f))  ; no tests provided
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-before 'install 'patch-libxdo-path
+           ;; Hardcode the path of dynamically loaded libxdo library.
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let ((libxdo (string-append
+                            (assoc-ref inputs "xdotool")
+                            "/lib/libxdo.so")))
+               (substitute* "xdo/_xdo.py"
+                 (("find_library\\(\"xdo\"\\)")
+                  (simple-format #f "\"~a\"" libxdo)))
+               #t))))
+       #:tests? #f))  ; no tests provided
+    (propagated-inputs
+     `(("python-six" ,python-six)))
     (inputs
      `(("xdotool" ,xdotool)
        ("libX11" ,libx11)))
@@ -9226,14 +9362,14 @@ file.")
 (define-public python-paste
   (package
     (name "python-paste")
-    (version "2.0.2")
+    (version "2.0.3")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "Paste" version))
        (sha256
         (base32
-         "16dsv9qi0r4qsrsb6dilpq2rx0fnglvh36flzywcdnm2jg43mb5d"))
+         "062jk0nlxf6lb2wwj6zc20rlvrwsnikpkh90y0dn8cjch93s6ii3"))
        (patches (search-patches "python-paste-remove-website-test.patch"
                                 "python-paste-remove-timing-test.patch"))))
     (build-system python-build-system)
@@ -9241,12 +9377,6 @@ file.")
      `(("python-nose" ,python-nose)))
     (propagated-inputs
      `(("python-six" ,python-six)))
-    (arguments
-     '(;; Tests don't pass on Python 3, but work fine on Python 2.
-       ;; (As of 2.0.2, Python 3 support in Paste is presently a bit broken,
-       ;; but is usable enough for the minimal amount it's used in MediaGoblin
-       ;; still... things should be better by the next Paste release.)
-       #:tests? #f))
     (home-page "http://pythonpaste.org")
     (synopsis
      "Python web development tools, focusing on WSGI")
@@ -9254,18 +9384,10 @@ file.")
      "Paste provides a variety of web development tools and middleware which
 can be nested together to build web applications.  Paste's design closely
 follows ideas flowing from WSGI (Web Standard Gateway Interface).")
-    (license license:expat)
-    (properties `((python2-variant . ,(delay python2-paste))))))
+    (license license:expat)))
 
 (define-public python2-paste
-  (let ((paste (package-with-python2
-                (strip-python2-variant python-paste))))
-    (package
-      (inherit paste)
-      (arguments
-       ;; Tests are back for Python 2!
-       `(#:tests? #t
-         ,@(package-arguments paste))))))
+  (package-with-python2 python-paste))
 
 (define-public python-pastescript
   (package
@@ -10692,13 +10814,13 @@ It uses LR parsing and does extensive error checking.")
 (define-public python-tabulate
   (package
     (name "python-tabulate")
-    (version "0.7.5")
+    (version "0.7.7")
     (source (origin
              (method url-fetch)
              (uri (pypi-uri "tabulate" version))
              (sha256
               (base32
-               "03l1r7ddd1a0j2snv1yd0hlnghjad3fg1an1jr8936ksv75slwch"))
+               "1inqhspd4frxnp08c32yndr0lc4px1xfkqah184i5w09gkhvi843"))
              ;; Fix tests
              (modules '((guix build utils)))
              (snippet '(substitute* '("test/test_cli.py"
@@ -11000,13 +11122,13 @@ It supports TSIG authenticated messages and EDNS0.")
 (define-public python-email-validator
   (package
     (name "python-email-validator")
-    (version "1.0.1")
+    (version "1.0.2")
     (source
      (origin (method url-fetch)
              (uri (pypi-uri "email_validator" version))
              (sha256
               (base32
-               "0mn8jg5h8ifl8w6a6m0hq8kbk0mzw9vm054qfamkn89b3npz52qw"))))
+               "1ja9149l9ck5n45a72h3is7v476hjny5ybxbcamx1nw6iplsm7k6"))))
     (build-system python-build-system)
     (arguments
      '(#:phases
@@ -11308,14 +11430,14 @@ provide an easy-to-use Python interface for building OAuth1 and OAuth2 clients."
 (define-public python-stem
   (package
     (name "python-stem")
-    (version "1.5.3")
+    (version "1.5.4")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "stem" version))
        (sha256
         (base32
-         "0fm67dfx6qaj0mg80r4yw2i72birpzn7cnbyz4p1857max3zfc97"))))
+         "1j7pnblrn0yr6jmxvsq6y0ihmxmj5x50jl2n2606w67f6wq16j9n"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -12825,3 +12947,191 @@ protocols written in pure Python.")
 
 (define-public python2-dulwich
   (package-with-python2 python-dulwich))
+
+(define-public python-pbkdf2
+  (package
+    (name "python-pbkdf2")
+    (version "1.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "pbkdf2" version))
+       (sha256
+        (base32
+         "0yb99rl2mbsaamj571s1mf6vgniqh23v98k4632150hjkwv9fqxc"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-pycrypto" ,python-pycrypto)))  ; optional
+    (home-page "http://www.dlitz.net/software/python-pbkdf2/")
+    (synopsis "Password-based key derivation")
+    (description "This module implements the password-based key derivation
+function, PBKDF2, specified in RSA PKCS#5 v2.0.
+
+PKCS#5 v2.0 Password-Based Key Derivation is a key derivation function which
+is part of the RSA Public Key Cryptography Standards series.  The provided
+implementation takes a password or a passphrase and a salt value (and
+optionally a iteration count, a digest module, and a MAC module) and provides
+a file-like object from which an arbitrarly-sized key can be read.")
+    (license license:expat)))
+
+(define-public python2-pbkdf2
+  (package-with-python2 python-pbkdf2))
+
+(define-public python-qrcode
+  (package
+    (name "python-qrcode")
+    (version "5.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "qrcode" version))
+       (sha256
+        (base32
+         "0kljfrfq0c2rmxf8am57333ia41kd0snbm2rnqbdy816hgpcq5a1"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-lxml" ,python-lxml)     ; for SVG output
+       ("python-pillow" ,python-pillow) ; for PNG output
+       ("python-six" ,python-six)))
+    (home-page "https://github.com/lincolnloop/python-qrcode")
+    (synopsis "QR Code image generator")
+    (description "This package provides a pure Python QR Code generator
+module.  It uses the Python Imaging Library (PIL) to allow for the generation
+of QR Codes.
+
+In addition this package provides a command line tool to generate QR codes and
+either write these QR codes to a file or do the output as ascii art at the
+console.")
+    (license license:bsd-3)))
+
+(define-public python2-qrcode
+  (package-with-python2 python-qrcode))
+
+;; SlowAES isn't compatible with Python 3.
+(define-public python2-slowaes
+  (package
+    (name "python2-slowaes")
+    (version "0.1a1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "slowaes" version))
+       (sha256
+        (base32
+         "02dzajm83a7lqgxf6r3hgj64wfmcxz8gs4nvgxpvj5n19kjqlrc3"))))
+    (build-system python-build-system)
+    (arguments `(#:python ,python-2))
+    (home-page "http://code.google.com/p/slowaes/")
+    (synopsis "Implementation of AES in Python")
+    (description "This package contains an implementation of AES in Python.
+This implementation is slow (hence the project name) but still useful when
+faster ones are not available.")
+    (license license:asl2.0)))
+
+(define-public python-rst2ansi
+  (package
+    (name "python-rst2ansi")
+    (version "0.1.5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "rst2ansi" version))
+       (sha256
+        (base32
+         "0vzy6gd60l79ff750scl0sz48r1laalkl6md6dwzah4dcadgn5qv"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-docutils" ,python-docutils)))
+    (home-page "https://github.com/Snaipe/python-rst-to-ansi")
+    (synopsis "Convert RST to ANSI-decorated console output")
+    (description
+     "Python module dedicated to rendering RST (reStructuredText) documents
+to ansi-escaped strings suitable for display in a terminal.")
+    (license license:expat)))
+
+(define-public python-ddt
+  (package
+    (name "python-ddt")
+    (version "1.1.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "ddt" version))
+       (sha256
+        (base32
+         "1c00ikkxr7lha97c81k938bzhgd4pbwamkjn0h4nkhr3xk00zp6n"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-mock" ,python-mock)
+       ("python-nose" ,python-nose)))
+    (propagated-inputs
+     `(("python-six" ,python-six)
+       ("python-pyyaml" ,python-pyyaml)))
+    (home-page "https://github.com/txels/ddt")
+    (synopsis "Data-Driven Tests")
+    (description
+     "DDT (Data-Driven Tests) allows you to multiply one test case by running
+it with different test data, and make it appear as multiple test cases.")
+    (license license:expat)))
+
+(define-public python2-ddt
+  (package-with-python2 python-ddt))
+
+(define-public python-pycosat
+  (package
+    (name "python-pycosat")
+    (version "0.6.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "pycosat" version))
+       (sha256
+        (base32
+         "1kl3wh1f47rc712n4bmwplbx3fqz3x9i1b587jrbpmvdva4c8f6l"))))
+    ;; TODO: Unundle picosat. http://fmv.jku.at/picosat/
+    (build-system python-build-system)
+    (home-page "https://github.com/ContinuumIO/pycosat")
+    (synopsis "Bindings to picosat (a SAT solver)")
+    (description
+     "This package provides efficient Python bindings to @code{picosat} on
+the C level.  When importing pycosat, the @code{picosat} solver becomes part
+of the Python process itself.  @code{picosat} is a @dfn{Boolean Satisfiability
+Problem} (SAT) solver.")
+    (license license:expat)))
+
+(define-public python2-pycosat
+  (package-with-python2 python-pycosat))
+
+(define-public python2-ruamel.ordereddict
+  (package
+    (name "python2-ruamel.ordereddict")
+    (version "0.4.9")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "ruamel.ordereddict" version))
+       (sha256
+        (base32
+         "1xmkl8v9l9inm2pyxgc1fm5005yxm7fkd5gv74q7lj1iy5qc8n3h"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:python ,python-2
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'check)
+         (add-after 'install 'check
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (add-installed-pythonpath inputs outputs)
+             (zero? (system* "python" "test/testordereddict.py")))))))
+    (home-page "https://bitbucket.org/ruamel/ordereddict")
+    (synopsis "Version of dict that keeps keys in insertion order")
+    (description
+     "This is an implementation of an ordered dictionary with @dfn{Key
+Insertion Order} (KIO: updates of values do not affect the position of the
+key), @dfn{Key Value Insertion Order} (KVIO, an existing key's position is
+removed and put at the back).  The standard library module @code{OrderedDict},
+implemented later, implements a subset of @code{ordereddict} functionality.
+Sorted dictionaries are also provided.  Currently only with @dfn{Key Sorted
+Order} (KSO, no sorting function can be specified, but a transform can be
+specified to apply on the key before comparison (e.g. @code{string.lower})).")
+    (license license:expat)))
diff --git a/gnu/packages/qemu.scm b/gnu/packages/qemu.scm
index 61c15ae9d3..9afcd83049 100644
--- a/gnu/packages/qemu.scm
+++ b/gnu/packages/qemu.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -76,7 +76,18 @@
                                  version ".tar.bz2"))
              (sha256
               (base32
-               "0qjy3rcrn89n42y5iz60kgr0rrl29hpnj8mq2yvbc1wrcizmvzfs"))))
+               "0qjy3rcrn89n42y5iz60kgr0rrl29hpnj8mq2yvbc1wrcizmvzfs"))
+             (patches (search-patches "qemu-CVE-2016-10155.patch"
+                                      "qemu-CVE-2017-2615.patch"
+                                      "qemu-CVE-2017-5525.patch"
+                                      "qemu-CVE-2017-5526.patch"
+                                      "qemu-CVE-2017-5552.patch"
+                                      "qemu-CVE-2017-5578.patch"
+                                      "qemu-CVE-2017-5579.patch"
+                                      "qemu-CVE-2017-5667.patch"
+                                      "qemu-CVE-2017-5856.patch"
+                                      "qemu-CVE-2017-5898.patch"
+                                      "qemu-CVE-2017-5931.patch"))))
     (build-system gnu-build-system)
     (arguments
      '(;; Running tests in parallel can occasionally lead to failures, like:
diff --git a/gnu/packages/rdesktop.scm b/gnu/packages/rdesktop.scm
index e40852b4ec..3eb82f22f3 100644
--- a/gnu/packages/rdesktop.scm
+++ b/gnu/packages/rdesktop.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -20,9 +21,19 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages gstreamer)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages tls)
-  #:use-module (gnu packages xorg))
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages xorg)
+  #:use-module (gnu packages xml))
 
 (define-public rdesktop
   (package
@@ -57,3 +68,63 @@
 capable of natively speaking Remote Desktop Protocol (RDP).  It allows users
 to remotely control a user's Windows desktop.")
     (license license:gpl3+)))
+
+(define-public freerdp
+  (package
+    (name "freerdp")
+    (version "1.2.0-beta1+android9")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "git://github.com/FreeRDP/FreeRDP.git")
+                    (commit version)))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32 "1m0lzrr7hkxfvc5f9p8snimv0rmin2463zhg25mv36wig8g5k7l3"))))
+    (build-system cmake-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("xmlto" ,xmlto)))
+    (inputs
+     `(("libx11" ,libx11)
+       ("libxkbfile" ,libxkbfile)
+       ("libxcursor" ,libxcursor)
+       ("libxext" ,libxext)
+       ("libxi" ,libxi)
+       ("libxv" ,libxv)
+       ("libxrandr" ,libxrandr)
+       ("libxrender" ,libxrender)
+       ("libxinerama" ,libxinerama)
+       ("libxshmfence" ,libxshmfence)
+       ("libxml2" ,libxml2)
+       ("libxslt" ,libxslt)
+       ("cups" ,cups)
+       ("ffmpeg" ,ffmpeg)
+       ("pulseaudio" ,pulseaudio)
+       ("alsa-lib" ,alsa-lib)
+       ("gstreamer" ,gstreamer)
+       ("gst-plugins-base" ,gst-plugins-base)
+       ("zlib" ,zlib)
+       ("openssl" ,openssl)))
+    (arguments
+     `(#:configure-flags
+       '("-DCMAKE_INSTALL_LIBDIR=lib"
+         "-DWITH_PULSE=ON"
+         "-DWITH_CUPS=ON")
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'patch-cmakelists
+           (lambda _
+             ;; CMake would return an error on REMOVE_DUPLICATES because this
+             ;; list is empty.
+             (substitute* "channels/client/CMakeLists.txt"
+               (("list\\(REMOVE_DUPLICATES CHANNEL_STATIC_CLIENT_ENTRIES\\)")
+                "")))))
+       #:tests? #f))                              ; no 'test' target
+    (home-page "https://www.freerdp.com")
+    (synopsis "Remote Desktop Protocol implementation")
+    (description "FreeRDP implements Microsoft's Remote Desktop Protocol.  It
+consists of the @code{xfreerdp} client, libraries for client and server
+functionality, and Windows Portable Runtime (WinPR), a portable implementation
+of parts of the Windows API.")
+    (license license:asl2.0)))
diff --git a/gnu/packages/re2c.scm b/gnu/packages/re2c.scm
new file mode 100644
index 0000000000..c7f2966384
--- /dev/null
+++ b/gnu/packages/re2c.scm
@@ -0,0 +1,47 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Sergei Trofimovich <slyfox@inbox.ru>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages re2c)
+  #:use-module (guix licenses)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix build-system gnu))
+
+(define-public re2c
+  (package
+    (name "re2c")
+    (version "0.16")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "https://github.com/skvadrik/" name
+                                 "/releases/download/" version "/"
+                                 name "-" version ".tar.gz"))
+             (sha256
+              (base32
+               "114y0s4vmzip4hkf4cbz4yv8s498gzaylnphbzmwqhbn55j2bha8"))))
+    (build-system gnu-build-system)
+    (home-page "http://re2c.org/")
+    (synopsis "Lexer generator for C/C++")
+    (description
+     "@code{re2c} generates minimalistic hard-coded state machine (as opposed
+to full-featured table-based lexers).  Flexible API allows generated code
+to be wired into virtually any environment.  Instead of exposing traditional
+@code{yylex()} style API, re2c exposes its internals.  Be sure to take a look
+at examples, they cover a lot of real-world cases and shed some light on dark
+corners of re2c API.")
+    (license public-domain)))
diff --git a/gnu/packages/regex.scm b/gnu/packages/regex.scm
index a2bd2390c6..f04cba706d 100644
--- a/gnu/packages/regex.scm
+++ b/gnu/packages/regex.scm
@@ -27,7 +27,7 @@
 (define-public re2
    (package
      (name "re2")
-     (version "2016-11-01")
+     (version "2017-01-01")
      (source (origin
                (method url-fetch)
                (uri
@@ -37,7 +37,7 @@
                (file-name (string-append name "-" version ".tar.gz"))
                (sha256
                 (base32
-                 "0scn3rimfxz0kqxxasap04kv9cbzjsgi7krkqmyhbi710fgr9vh1"))))
+                 "0yij1ajh66h3pj3kfz7y0ldrsww8rlpjzaavyr5lchl98as1jq74"))))
      (build-system gnu-build-system)
      (arguments
       `(#:test-target "test"
@@ -50,7 +50,8 @@
             (lambda* (#:key outputs #:allow-other-keys)
               ;; No make target for shared-only; delete the static version.
               (delete-file (string-append (assoc-ref outputs "out")
-                                          "/lib/libre2.a")))))))
+                                          "/lib/libre2.a"))
+              #t)))))
      (home-page "https://github.com/google/re2")
      (synopsis "Fast, safe, thread-friendly regular expression engine")
      (description "RE2 is a fast, safe, thread-friendly alternative to
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 8fb22d0060..59370447b2 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2014, 2015 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015, 2016, 2017 Ben Woodcroft <donttrustben@gmail.com>
+;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -425,13 +426,13 @@ expectations and mocks frameworks.")
 (define-public bundler
   (package
     (name "bundler")
-    (version "1.13.6")
+    (version "1.14.4")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "bundler" version))
               (sha256
                (base32
-                "1xyhy9cn8w9passp64p6hb3df2fpiqbds6rj7xha1335xpgj5zgs"))))
+                "1hafmb7p41pm40a2z7f4x5zpgrb72xvgwlvkxnflmzqkvq2prkfv"))))
     (build-system ruby-build-system)
     (arguments
      '(#:tests? #f)) ; avoid dependency cycles
@@ -1858,25 +1859,31 @@ generation of complex SQL queries and is compatible with various RDBMSes.")
     (license license:expat)))
 
 (define-public ruby-minitar
-  (package
-    (name "ruby-minitar")
-    (version "0.5.4")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (rubygems-uri "minitar" version))
-       (sha256
-        (base32
-         "1vpdjfmdq1yc4i620frfp9af02ia435dnpj8ybsd7dc3rypkvbka"))))
-    (build-system ruby-build-system)
-    (arguments
-     '(#:tests? #f)) ; missing a gemspec
-    (synopsis "Ruby library and utility for handling tar archives")
-    (description
-     "Archive::Tar::Minitar is a pure-Ruby library and command-line utility
+  ;; We package from the GitHub source to fix the security issue reported at
+  ;; https://github.com/halostatue/minitar/issues/16.
+  (let ((commit "e25205ecbb6277ae8a3df1e6a306d7ed4458b6e4"))
+    (package
+      (name "ruby-minitar")
+      (version (string-append "0.5.4-1." (string-take commit 8)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/halostatue/minitar.git")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "1iywfx07jgjqcmixzkxk9zdwfmij1fyg1z2jlwzj15cj7s99qlfv"))))
+      (build-system ruby-build-system)
+      (arguments
+       '(#:tests? #f)) ; missing a gemspec
+      (synopsis "Ruby library and utility for handling tar archives")
+      (description
+       "Archive::Tar::Minitar is a pure-Ruby library and command-line utility
 that provides the ability to deal with POSIX tar archive files.")
-    (home-page "http://www.github.com/atoulme/minitar")
-    (license (list license:gpl2+ license:ruby))))
+      (home-page "http://www.github.com/atoulme/minitar")
+      (license (list license:gpl2+ license:ruby)))))
 
 (define-public ruby-mini-portile
   (package
@@ -4198,3 +4205,35 @@ RFC 2617.  This enables the use of the digest authentication scheme instead
 of the more insecure basic authentication scheme.")
     (home-page "http://github.com/drbrain/net-http-digest_auth")
     (license license:expat)))
+
+(define-public ruby-mail
+  (package
+    (name "ruby-mail")
+    (version "2.6.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (rubygems-uri "mail" version))
+       (sha256
+        (base32
+         "0c9vqfy0na9b5096i5i4qvrvhwamjnmajhgqi3kdsdfl8l6agmkp"))))
+    (build-system ruby-build-system)
+    (propagated-inputs
+     `(("ruby-mime-types" ,ruby-mime-types)))
+    (arguments
+     ;; Tests require extra gems not included in the Gemfile.
+     ;; XXX: Try enabling this for the next version with mini_mime.
+     `(#:tests? #f))
+    (synopsis "Mail library for Ruby")
+    (description
+     "Mail is an internet library for Ruby that is designed to handle email
+generation, parsing and sending.  The purpose of this library is to provide
+a single point of access to handle all email functions, including sending
+and receiving emails.  All network type actions are done through proxy
+methods to @code{Net::SMTP}, @code{Net::POP3} etc.
+
+Mail has been designed with a very simple object oriented system that
+really opens up the email messages you are parsing, if you know what you
+are doing, you can fiddle with every last bit of your email directly.")
+    (home-page "https://github.com/mikel/mail")
+    (license license:expat)))
diff --git a/gnu/packages/rust.scm b/gnu/packages/rust.scm
index ae04530041..fb284102da 100644
--- a/gnu/packages/rust.scm
+++ b/gnu/packages/rust.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;; Copyright © 2016 Eric Le Bihan <eric.le.bihan.dev@free.fr>
 ;;; Copyright © 2016 ng0 <ng0@libertad.pw>
+;;; Copyright © 2017 Ben Woodcroft <donttrustben@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -272,6 +273,8 @@ rustc-bootstrap and cargo-bootstrap packages.")
                (wrap-program (string-append out "/bin/rustc")
                  `("PATH" ":" prefix (,(string-append ld-wrapper "/bin")))
                  `("LIBRARY_PATH" ":" suffix (,(string-append libc "/lib"))))))))))
+    ;; rustc invokes gcc, so we need to set its search paths accordingly.
+    (native-search-paths (package-native-search-paths gcc))
     (synopsis "Compiler for the Rust progamming language")
     (description "Rust is a systems programming language that provides memory
 safety and thread safety guarantees.")
diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm
index 2756805f3d..1210ab526b 100644
--- a/gnu/packages/scheme.scm
+++ b/gnu/packages/scheme.scm
@@ -604,7 +604,6 @@ threads.")
          (snippet
           ;; Remove binary code
           '(delete-file-recursively "scmutils/mit-scheme"))
-         (file-name (string-append name "-" version ".tar.gz"))
          (uri (string-append "http://groups.csail.mit.edu/mac/users/gjs/6946"
                              "/scmutils-tarballs/" name "-" version
                              "-x86-64-gnu-linux.tar.gz"))
diff --git a/gnu/packages/screen.scm b/gnu/packages/screen.scm
index e0e46411b8..57e6cb595e 100644
--- a/gnu/packages/screen.scm
+++ b/gnu/packages/screen.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2013 Cyril Roelandt <tipecaml@gmail.com>
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -35,13 +35,15 @@
 (define-public screen
   (package
     (name "screen")
-    (version "4.4.0")
+    (version "4.5.0")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/screen/screen-"
                                  version ".tar.gz"))
+             (patches (search-patches "screen-CVE-2017-5618.patch"))
+             (patch-flags '("-p2"))
              (sha256
-              (base32 "12r12xwhsg59mlprikbbmn60gh8lqhrvyar7mlxg4fwsfma2lwpg"))))
+              (base32 "1c7grw03a9iwvqbxfd6hmjb681rp8gb55zsxm7b3apqqcb1sghq1"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("makeinfo" ,texinfo)))
@@ -53,7 +55,7 @@
        ;; By default, screen supports 16 colors, but we want 256 when
        ;; ~/.screenrc contains 'term xterm-256color'.
        '("--enable-colors256")))
-    (home-page "http://www.gnu.org/software/screen/")
+    (home-page "https://www.gnu.org/software/screen/")
     (synopsis "Full-screen window manager providing multiple terminals")
     (description
      "GNU Screen is a terminal window manager that multiplexes a single
diff --git a/gnu/packages/sdl.scm b/gnu/packages/sdl.scm
index cb0af1ceed..5103aeed6c 100644
--- a/gnu/packages/sdl.scm
+++ b/gnu/packages/sdl.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2015, 2017 David Thompson <dthompson2@worcester.edu>
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
+;;; Copyright © 2015, 2017 Sou Bunnbu <iyzsong@member.fsf.org>
 ;;; Copyright © 2015 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;;
@@ -425,3 +425,43 @@ Layer (SDL).  With them, Guile programmers can have easy access to graphics,
 sound and device input (keyboards, joysticks, mice, etc.).")
     (home-page "http://gnu.org/s/guile-sdl")
     (license gpl3+)))
+
+(define-public guile-sdl2
+  (package
+    (name "guile-sdl2")
+    (version "0.2.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://files.dthompson.us/guile-sdl2/guile-sdl2-"
+                    version ".tar.gz"))
+              (sha256
+               (base32
+                "0yq9lsl17cdvj77padvpk3jcw2g6g0pck9jrchc7n2767rrc012b"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:make-flags '("GUILE_AUTO_COMPILE=0")
+       #:configure-flags
+       (list (string-append "--with-libsdl2-prefix="
+                            (assoc-ref %build-inputs "sdl2"))
+             (string-append "--with-libsdl2-image-prefix="
+                            (assoc-ref %build-inputs "sdl2-image"))
+             (string-append "--with-libsdl2-ttf-prefix="
+                            (assoc-ref %build-inputs "sdl2-ttf"))
+             (string-append "--with-libsdl2-mixer-prefix="
+                            (assoc-ref %build-inputs "sdl2-mixer")))))
+    (native-inputs
+     `(("guile" ,guile-2.0)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("sdl2" ,sdl2)
+       ("sdl2-image" ,sdl2-image)
+       ("sdl2-mixer" ,sdl2-mixer)
+       ("sdl2-ttf" ,sdl2-ttf)))
+    (synopsis "Guile bindings for SDL2")
+    (home-page "https://dthompson.us/projects/guile-sdl2.html")
+    (description
+     "Guile-SDL2 provides Guile Scheme bindings for the SDL2 C shared library.
+The bindings are written in pure Scheme using Guile's foreign function
+interface.")
+    (license lgpl3+)))
diff --git a/gnu/packages/search.scm b/gnu/packages/search.scm
index cb8b670757..f687cb0a2a 100644
--- a/gnu/packages/search.scm
+++ b/gnu/packages/search.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015, 2016 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -19,7 +20,7 @@
 
 (define-module (gnu packages search)
   #:use-module ((guix licenses)
-                #:select (gpl2 gpl2+ gpl3+ bsd-3 x11))
+                #:select (gpl2 gpl2+ gpl3+ lgpl2.1+ bsd-3 x11))
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
@@ -35,13 +36,13 @@
 (define-public xapian
   (package
     (name "xapian")
-    (version "1.4.2")
+    (version "1.4.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://oligarchy.co.uk/xapian/" version
                                   "/xapian-core-" version ".tar.xz"))
               (sha256
-               (base32 "1kp18r97qm2zky9z6ym8csjg1kj81zvqn88n4cppl4lq54sw9hmf"))))
+               (base32 "0xg444bnxikqnxs31wsv930mvpwk4dm5zrr979371pm23i8ralkx"))))
     (build-system gnu-build-system)
     (inputs `(("zlib" ,zlib)
               ("util-linux" ,util-linux)))
@@ -160,6 +161,33 @@ accounting for new lines and paragraph changes.  It also has robust support
 for parsing HTML files.")
     (license gpl3+)))
 
+(define-public hyperestraier
+  (package
+    (name "hyperestraier")
+    (version "1.4.13")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "http://fallabs.com/" name "/"
+                            name "-" version ".tar.gz"))
+        (sha256
+         (base32
+          "1qk3pxgzyrpcz5qfyd5xs2hw9q1cbb7j5zd4kp1diq501wcj2vs9"))))
+    (inputs
+     `(("qdbm" ,qdbm)
+       ("zlib" ,zlib)))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags (list (string-append "LDFLAGS=-Wl,-rpath="
+                                              (assoc-ref %outputs "out")
+                                              "/lib"))))
+    (home-page "http://fallabs.com/hyperestraier")
+    (synopsis "Full-text search system")
+    (description "Hyper Estraier can be used to integrate full-text
+search into applications, using either the provided command line and CGI
+interfaces, or a C API.")
+    (license lgpl2.1+)))
+
 (define-public mlocate
   (package
     (name "mlocate")
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index e1b87adff9..7bce8c5aa7 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -35,15 +35,15 @@
 (define-public ccid
   (package
     (name "ccid")
-    (version "1.4.25")
+    (version "1.4.26")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                    "https://alioth.debian.org/frs/download.php/file/4187/"
+                    "https://alioth.debian.org/frs/download.php/file/4205/"
                     "ccid-" version ".tar.bz2"))
               (sha256
                (base32
-                "029n4lpy5nvg278s4mybisyj4lm0bcjslvwfslw6hkghw162n1kb"))))
+                "0bxy835c133ajalpj4gx60nqkjvpf9y1n97n04pw105pi9qbyrrj"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags (list (string-append "--enable-usbdropdir=" %output
diff --git a/gnu/packages/serialization.scm b/gnu/packages/serialization.scm
index 8db81c581c..9e073b7a98 100644
--- a/gnu/packages/serialization.scm
+++ b/gnu/packages/serialization.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox.org>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
@@ -24,6 +24,7 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix utils)
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages)
@@ -32,6 +33,7 @@
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages documentation)
+  #:use-module (gnu packages lua)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python))
 
@@ -129,6 +131,88 @@ such as compact binary encodings, XML, or JSON.")
 serialization.")
     (license license:boost1.0)))
 
+(define-public libmpack
+  (package
+    (name "libmpack")
+    (version "1.0.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/tarruda/libmpack/"
+                                  "archive/" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32 "08kfdl55yf66xk57aqsbf8n45f2jsw2v7qwnaan08ciim77j3sv5"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:test-target "test"
+       #:make-flags
+       (list "CC=gcc"
+             (string-append "PREFIX=" (assoc-ref %outputs "out")))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure))))
+    (native-inputs
+     `(("libtool" ,libtool)))
+    (home-page "https://github.com/tarruda/libmpack")
+    (synopsis "Small binary serialization library")
+    (description "Libmpack is a small binary serialization and RPC library
+that implements both the msgpack and msgpack-rpc specifications.")
+    (license license:expat)))
+
+(define-public lua-libmpack
+  (package (inherit libmpack)
+    (name "lua-libmpack")
+    (build-system gnu-build-system)
+    (arguments
+     `(;; FIXME: tests require "busted", which is not yet available in Guix.
+       #:tests? #f
+       #:test-target "test"
+       #:make-flags
+       (let* ((lua-version ,(package-version lua))
+              (lua-major+minor ,(version-major+minor (package-version lua))))
+         (list "CC=gcc"
+               "USE_SYSTEM_LUA=yes"
+               (string-append "LUA_VERSION=" lua-version)
+               (string-append "LUA_VERSION_MAJ_MIN=" lua-major+minor)
+               (string-append "PREFIX="
+                              (assoc-ref %outputs "out"))
+               (string-append "LUA_CMOD_INSTALLDIR="
+                              (assoc-ref %outputs "out")
+                              "/lib/lua/" lua-major+minor)
+               ;; This is unnecessary as of upstream commit 02886c13ff8a2,
+               ;; which is not part of the current release.
+               "CFLAGS=-DLUA_C89_NUMBERS -fPIC"))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (add-after 'unpack 'chdir
+           (lambda _ (chdir "binding/lua") #t)))))
+    (inputs
+     `(("lua" ,lua)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (synopsis "Lua bindings for the libmpack binary serialization library")))
+
+(define-public lua5.2-libmpack
+  (package (inherit lua-libmpack)
+    (name "lua5.2-libmpack")
+    (arguments
+     (substitute-keyword-arguments (package-arguments lua-libmpack)
+       ((#:make-flags flags)
+        `(let* ((lua-version ,(package-version lua-5.2))
+                (lua-major+minor ,(version-major+minor (package-version lua-5.2))))
+           (list "CC=gcc"
+                 "USE_SYSTEM_LUA=yes"
+                 (string-append "LUA_VERSION=" lua-version)
+                 (string-append "LUA_VERSION_MAJ_MIN=" lua-major+minor)
+                 (string-append "PREFIX="
+                                (assoc-ref %outputs "out"))
+                 (string-append "LUA_CMOD_INSTALLDIR="
+                                (assoc-ref %outputs "out")
+                                "/lib/lua/" lua-major+minor))))))
+    (inputs
+     `(("lua" ,lua-5.2)))))
+
 (define-public yaml-cpp
   (package
     (name "yaml-cpp")
diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm
index 5237e81206..a7a7fbce52 100644
--- a/gnu/packages/shells.scm
+++ b/gnu/packages/shells.scm
@@ -5,6 +5,8 @@
 ;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 Stefan Reichör <stefan@xsteve.at>
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -26,6 +28,7 @@
   #:use-module (gnu packages algebra)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages base)
+  #:use-module (gnu packages bison)
   #:use-module (gnu packages documentation)
   #:use-module (gnu packages libedit)
   #:use-module (gnu packages ncurses)
@@ -80,14 +83,14 @@ direct descendant of NetBSD's Almquist Shell (@command{ash}).")
 (define-public fish
   (package
     (name "fish")
-    (version "2.4.0")
+    (version "2.5.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://fishshell.com/files/"
                                   version "/fish-" version ".tar.gz"))
               (sha256
                (base32
-                "1iggr6ah0siyak073v2w4sx1man19q8jsxns8i09qhv06crb5fq6"))
+                "0kn2n9qr9cksg2cl78f3w0yd24368d35djhi6w5x3gbdxk23ywq3"))
               (modules '((guix build utils)))
               ;; Don't try to install /etc/fish/config.fish.
               (snippet
@@ -95,7 +98,12 @@ direct descendant of NetBSD's Almquist Shell (@command{ash}).")
                   ((".*INSTALL.*sysconfdir.*fish.*") "")))))
     (build-system gnu-build-system)
     (native-inputs
-     `(("doxygen" ,doxygen)))
+     `(("doxygen" ,doxygen)
+       ;; XXX These are needed to bootstrap the 2.5.0 tarball, and can probably
+       ;; be removed along with the ‘bootstrap’ phase on the next update.
+       ("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("libtool" ,libtool)))
     (inputs
      `(("bc" ,bc)
        ("ncurses" ,ncurses)
@@ -106,14 +114,20 @@ direct descendant of NetBSD's Almquist Shell (@command{ash}).")
        #:configure-flags '("--sysconfdir=/etc")
        #:phases
        (modify-phases %standard-phases
-         ;; Replace 'bc' by its absolute file name in the store.
-         (add-after 'unpack 'patch-bc
+         ;; Embed absolute paths to store items.
+         (add-after 'unpack 'embed-store-paths
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (substitute* '("share/functions/math.fish"
                             "share/functions/seq.fish")
                (("\\| bc")
                 (string-append "| " (assoc-ref %build-inputs "bc")
-                               "/bin/bc"))))))))
+                               "/bin/bc")))
+             (substitute* "share/functions/fish_update_completions.fish"
+               (("python") (which "python")))
+             #t))
+         (add-before 'configure 'bootstrap
+           (lambda _
+             (zero? (system* "autoreconf" "-vfi")))))))
     (synopsis "The friendly interactive shell")
     (description
      "Fish (friendly interactive shell) is a shell focused on interactive use,
@@ -172,6 +186,42 @@ has a small feature set similar to a traditional Bourne shell.")
     (home-page "http://github.com/rakitzis/rc")
     (license zlib)))
 
+(define-public es
+  (package
+    (name "es")
+    (version "0.9.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/wryun/es-shell/releases/"
+                           "download/v" version "/es-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1fplzxc6lncz2lv2fyr2ig23rgg5j96rm2bbl1rs28mik771zd5h"))
+       (file-name (string-append name "-" version ".tar.gz"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:test-target "test"
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 're-enter-rootdir
+           ;; The tarball has no folder.
+           (lambda _
+             (chdir ".."))))))
+    (inputs
+     `(("readline" ,readline)))
+    (native-inputs
+     `(("bison" ,bison)))
+    (synopsis "Extensible shell with higher-order functions")
+    (description
+     "Es is an extensible shell.  The language was derived from the Plan 9
+shell, rc, and was influenced by functional programming languages, such as
+Scheme, and the Tcl embeddable programming language.  This implementation is
+derived from Byron Rakitzis's public domain implementation of rc, and was
+written by Paul Haahr and Byron Rakitzis.")
+    (home-page "https://wryun.github.io/es-shell/")
+    (license public-domain)))
+
 (define-public tcsh
   (package
     (name "tcsh")
@@ -299,14 +349,14 @@ ksh, and tcsh.")
 (define-public xonsh
   (package
     (name "xonsh")
-    (version "0.5.2")
+    (version "0.5.3")
     (source
       (origin
         (method url-fetch)
         (uri (pypi-uri "xonsh" version))
         (sha256
           (base32
-            "13ndyq9cal2j93qqbjyp2jn3cshiavdxsaj2qjzm6mas0gzywmf0"))
+            "1pb1am26wl21g798lpl091j95900py7jj4g98rs9qkhywiln4z4q"))
         (modules '((guix build utils)))
         (snippet
          `(begin
diff --git a/gnu/packages/shellutils.scm b/gnu/packages/shellutils.scm
index c9a35ca3b6..e69df7d832 100644
--- a/gnu/packages/shellutils.scm
+++ b/gnu/packages/shellutils.scm
@@ -58,14 +58,14 @@ between various shells or commands.")
 (define-public trash-cli
   (package
     (name "trash-cli")
-    (version "0.17.1.1")
+    (version "0.17.1.14")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "trash-cli" version))
        (sha256
         (base32
-         "019sjab29jkps8zkf8icihhf3ng4lx9y4p1lxjd3wbnnynphc4is"))))
+         "01q0cl04ljf214z6s3g256gsxx3pqsgaf6ac1zh0vrq5bnhnr85h"))))
     (build-system python-build-system)
     (arguments
      `(#:python ,python-2
diff --git a/gnu/packages/shishi.scm b/gnu/packages/shishi.scm
deleted file mode 100644
index 7e02843d38..0000000000
--- a/gnu/packages/shishi.scm
+++ /dev/null
@@ -1,70 +0,0 @@
-;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013 Nikita Karetnikov <nikita@karetnikov.org>
-;;; Copyright © 2012 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
-;;;
-;;; This file is part of GNU Guix.
-;;;
-;;; GNU Guix is free software; you can redistribute it and/or modify it
-;;; under the terms of the GNU General Public License as published by
-;;; the Free Software Foundation; either version 3 of the License, or (at
-;;; your option) any later version.
-;;;
-;;; GNU Guix is distributed in the hope that it will be useful, but
-;;; WITHOUT ANY WARRANTY; without even the implied warranty of
-;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-;;; GNU General Public License for more details.
-;;;
-;;; You should have received a copy of the GNU General Public License
-;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
-
-(define-module (gnu packages shishi)
-  #:use-module ((guix licenses) #:select (gpl3+))
-  #:use-module (gnu packages)
-  #:use-module (gnu packages gnupg)
-  #:use-module (gnu packages libidn)
-  #:use-module (gnu packages linux)
-  #:use-module (gnu packages pkg-config)
-  #:use-module (gnu packages compression)
-  #:use-module (gnu packages tls)
-  #:use-module (guix packages)
-  #:use-module (guix download)
-  #:use-module (guix build-system gnu))
-
-(define-public shishi
-  (package
-    (name "shishi")
-    (version "1.0.2")
-    (source
-     (origin
-      (method url-fetch)
-      (uri (string-append "mirror://gnu/shishi/shishi-"
-                          version ".tar.gz"))
-      (sha256
-       (base32
-        "032qf72cpjdfffq1yq54gz3ahgqf2ijca4vl31sfabmjzq9q370d"))))
-    (build-system gnu-build-system)
-    (native-inputs `(("pkg-config" ,pkg-config)))
-    (inputs
-     `(("gnutls" ,gnutls)
-       ("libidn" ,libidn)
-       ("linux-pam" ,linux-pam-1.2)
-       ("zlib" ,zlib)
-       ;; libgcrypt 1.6 fails because of the following test:
-       ;;  #include <gcrypt.h>
-       ;; /* GCRY_MODULE_ID_USER was added in 1.4.4 and gc-libgcrypt.c
-       ;;    will fail on startup if we don't have 1.4.4 or later, so
-       ;;    test for it early. */
-       ;; #if !defined GCRY_MODULE_ID_USER
-       ;; error too old libgcrypt
-       ;; #endif
-       ("libgcrypt" ,libgcrypt-1.5)
-       ("libtasn1" ,libtasn1)))
-    (home-page "http://www.gnu.org/software/shishi/")
-    (synopsis "Implementation of the Kerberos 5 network security system")
-    (description
-     "GNU Shishi is a free implementation of the Kerberos 5 network security
-system.  It is used to allow non-secure network nodes to communicate in a
-secure manner through client-server mutual authentication via tickets.")
-    (license gpl3+)))
diff --git a/gnu/packages/simh.scm b/gnu/packages/simh.scm
new file mode 100644
index 0000000000..8547b705e0
--- /dev/null
+++ b/gnu/packages/simh.scm
@@ -0,0 +1,96 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 José Miguel Sánchez García <jmi2k@openmailbox.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages simh)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix build-system gnu)
+  #:use-module (gnu packages admin))
+
+(define-public simh
+  (package
+    (name "simh")
+    (version "3.9-0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/" name "/" name
+                                  "/archive/v" version ".tar.gz"))
+              (sha256
+               (base32
+                "1ymfy8j15d1aa4ai5xv9w7mk6lk4zx3zhfv0mfn66pdhrc8jlh0g"))
+              (file-name (string-append name "-" version ".tar.gz"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("libpcap" ,libpcap)))
+    (arguments
+     '(#:tests? #f
+       #:make-flags (list
+                      "LDFLAGS=-lm"
+                      (string-append "INCPATH="
+                                     (assoc-ref %build-inputs "libpcap")
+                                     "/include")
+                      (string-append "LIBPATH="
+                                     (assoc-ref %build-inputs "libpcap")
+                                     "/lib"))
+       #:phases
+         (modify-phases %standard-phases
+           (delete 'configure)
+           (add-before 'build 'prepare-build
+             (lambda _
+               (mkdir "BIN")))
+           (replace 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out"))
+                      (bin (string-append out "/bin/"))
+                      (lib (string-append out "/lib/simh/")))
+                 (mkdir-p bin)
+                 (mkdir-p lib)
+                 (for-each
+                   (lambda (file)
+                     (copy-file file (string-append bin
+                                                    "simh-"
+                                                    (basename file))))
+                   (find-files "BIN"))
+                 (for-each
+                   (lambda (file)
+                     (copy-file file (string-append lib
+                                                    (basename file))))
+                   (find-files "VAX" "bin$"))))))))
+    (home-page "http://simh.trailing-edge.com")
+    (synopsis "Collection of simulators from The Computer History Simulation
+Project")
+    (description
+     "SIMH is a highly portable, multi-system simulator.  SIMH implements
+simulators for:
+
+@itemize
+@item Data General Nova, Eclipse.
+@item Digital Equipment Corporation PDP-1, PDP-4, PDP-7, PDP-8, PDP-9, PDP-10,
+PDP-11, PDP-15, VAX.
+@item GRI Corporation GRI-909, GRI-99.
+@item IBM 1401, 1620, 1130, 7090/7094, System 3.
+@item Interdata (Perkin-Elmer) 16b and 32b systems.
+@item Hewlett-Packard 2114, 2115, 2116, 2100, 21MX, 1000.
+@item Honeywell H316/H516.
+@item MITS Altair 8800, with both 8080 and Z80.
+@item Royal-Mcbee LGP-30, LGP-21.
+@item Scientific Data Systems SDS 940.
+@item SWTP 6800.
+@end itemize")
+    (license license:expat)))
diff --git a/gnu/packages/spice.scm b/gnu/packages/spice.scm
index 805f47a600..e775174e23 100644
--- a/gnu/packages/spice.scm
+++ b/gnu/packages/spice.scm
@@ -96,7 +96,7 @@
 (define-public virglrenderer
   (package
     (name "virglrenderer")
-    (version "0.5.0")
+    (version "0.6.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -104,7 +104,7 @@
                 "virglrenderer-" version ".tar.bz2"))
               (sha256
                (base32
-                "1dj0j8nbyr7nrpds4dqlp43ji8ixjyqhgw6ywlz1r9dn6cs5m5d1"))))
+                "06kf0q4l52gzx5p63l8850hff8pmhp7xv1hk8zgx2apbw18y6jd5"))))
     (build-system gnu-build-system)
     (inputs
       `(("libepoxy" ,libepoxy)
@@ -121,35 +121,35 @@ system to use the host GPU to accelerate 3D rendering.")
 (define-public spice-protocol
   (package
     (name "spice-protocol")
-    (version "0.12.11")
+    (version "0.12.12")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                "http://www.spice-space.org/download/releases/"
+                "https://www.spice-space.org/download/releases/"
                 "spice-protocol-" version ".tar.bz2"))
               (sha256
                (base32
-                "0c33kg3vdz3nnl2wjfbgmszz5hbjbvsw6map35dj9hxnpwwf9fi2"))))
+                "00wx81f2ml62g3maw63jq9w217zym921rdi38h7lpm5m8ckxraqp"))))
     (build-system gnu-build-system)
     (synopsis "Protocol headers for the SPICE protocol")
     (description "SPICE (the Simple Protocol for Independent Computing
 Environments) is a remote-display system built for virtual environments
 which allows users to view a desktop computing environment.")
-    (home-page "http://www.spice-space.org")
+    (home-page "https://www.spice-space.org")
     (license (list license:bsd-3 license:lgpl2.1+))))
 
 (define-public spice-gtk
   (package
     (name "spice-gtk")
-    (version "0.32")
+    (version "0.33")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                "http://spice-space.org/download/gtk/"
+                "https://spice-space.org/download/gtk/"
                 "spice-gtk-" version ".tar.bz2"))
               (sha256
                (base32
-                "00pf94xh2xf0h1g13lnavxrysd0d0x22l5jl108cvq1mjc4z8j2c"))))
+                "0fdgx9k4vgmasp8i2n0swrkapq8f212igcg7wsgvr3mbhsvk7bvx"))))
     (build-system gnu-build-system)
     (propagated-inputs
       `(("gstreamer" ,gstreamer)
@@ -194,7 +194,7 @@ which allows users to view a desktop computing environment.")
               #t)))))
     (synopsis "Gtk client and libraries for SPICE remote desktop servers")
     (description "Gtk client and libraries for SPICE remote desktop servers.")
-    (home-page "http://www.spice-space.org")
+    (home-page "https://www.spice-space.org")
     (license (list license:lgpl2.1+ license:lgpl2.0+))))
 
 (define-public spice
@@ -208,7 +208,11 @@ which allows users to view a desktop computing environment.")
                 "spice-" version ".tar.bz2"))
               (sha256
                (base32
-                "0za03i77j8i3g5l2np2j7vy8cqsdbkm9wbv4hjnaqq9xhz2sa0gr"))))
+                "0za03i77j8i3g5l2np2j7vy8cqsdbkm9wbv4hjnaqq9xhz2sa0gr"))
+              (patches
+               (search-patches "spice-CVE-2016-9577.patch"
+                               "spice-CVE-2016-9578-1.patch"
+                               "spice-CVE-2016-9578-2.patch"))))
     (build-system gnu-build-system)
     (propagated-inputs
       `(("openssl" ,openssl)
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 0fe6598bb2..9d1d9cc0a9 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
@@ -38,7 +38,7 @@
   #:use-module (gnu packages multiprecision)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages nettle)
-  #:use-module (gnu packages mit-krb5)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
   #:autoload   (gnu packages protobuf) (protobuf)
diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm
index db1a6871ad..133ce41c43 100644
--- a/gnu/packages/statistics.scm
+++ b/gnu/packages/statistics.scm
@@ -1,12 +1,12 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Vicente Vera Parra <vicentemvp@gmail.com>
 ;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Pjotr Prins <pjotr.guix@thebird.nl>
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
 ;;; Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
-;;; Copyright © 2016 Raoul Bonnal <ilpuccio.febo@gmail.com>
+;;; Copyright © 2016, 2017 Raoul Bonnal <ilpuccio.febo@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -116,7 +116,9 @@ be output in text, PostScript, PDF or HTML.")
      `(#:make-flags
        (list (string-append "LDFLAGS=-Wl,-rpath="
                             (assoc-ref %outputs "out")
-                            "/lib/R/lib"))
+                            "/lib/R/lib")
+             ;; This affects the embedded timestamp of only the core packages.
+             "PKG_BUILT_STAMP=1970-01-01")
        #:phases
        (modify-phases %standard-phases
          (add-before 'configure 'patch-uname
@@ -126,8 +128,13 @@ be output in text, PostScript, PDF or HTML.")
                (substitute* "src/scripts/R.sh.in"
                  (("uname") uname-bin)))
              #t))
-         (add-before
-          'configure 'set-default-pager
+         (add-after 'unpack 'build-recommended-packages-reproducibly
+           (lambda _
+             (substitute* "src/library/Recommended/Makefile.in"
+               (("INSTALL_OPTS =.*" line)
+                (string-append line " --built-timestamp=1970-01-01")))
+             #t))
+         (add-before 'configure 'set-default-pager
           ;; Set default pager to "cat", because otherwise it is "false",
           ;; making "help()" print nothing at all.
           (lambda _ (setenv "PAGER" "cat") #t))
@@ -727,7 +734,8 @@ legends.")
        ("r-lazyeval" ,r-lazyeval)
        ("r-tibble" ,r-tibble)
        ("r-reshape2" ,r-reshape2)
-       ("r-scales" ,r-scales)))
+       ("r-scales" ,r-scales)
+       ("r-svglite" ,r-svglite))) ; Needed for 'ggsave'
     (home-page "http://ggplot2.org")
     (synopsis "An implementation of the grammar of graphics")
     (description
@@ -4004,3 +4012,186 @@ generalized linear model functions that implement secure convergence,
 dispersion modeling and Tweedie power-law families.")
     ;; Statmod is distributed under either license
     (license (list license:gpl2 license:gpl3))))
+
+(define-public r-rann
+  (package
+    (name "r-rann")
+    (version "2.5")
+    (source (origin
+              (method url-fetch)
+              (uri (cran-uri "RANN" version))
+              (sha256
+               (base32
+                "007cgqg9bybg2zlljbv5m6cmlm3r6i251018rpgjcn0xnm9sjsj7"))))
+    (properties
+     `((upstream-name . "RANN")))
+    (build-system r-build-system)
+    (home-page "https://github.com/jefferis/RANN")
+    (synopsis "Fast nearest neighbour search")
+    (description
+     "This package finds the k nearest neighbours for every point in a given
+dataset in O(N log N) time using Arya and Mount's ANN library.  Provides
+approximate, exact searches, fixed radius searches, bd and kb trees.")
+    (license license:gpl3+)))
+
+(define-public r-fivethirtyeight
+  (package
+    (name "r-fivethirtyeight")
+    (version "0.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://mran.microsoft.com/src/contrib/"
+                           "fivethirtyeight_" version ".tar.gz"))
+       (sha256
+        (base32
+         "0fcc8rq745nsghp27dk0lgih90y4zx8hrzcvsn6ih786yv7qxhvl"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-knitr" ,r-knitr)
+       ("r-rmarkdown" ,r-rmarkdown)
+       ("r-dplyr" ,r-dplyr)
+       ("r-readr" ,r-readr)
+       ("r-ggplot2" ,r-ggplot2)
+       ("r-magrittr" ,r-magrittr)
+       ("r-stringr" ,r-stringr)))
+    (home-page "https://mran.microsoft.com/package/fivethirtyeight/")
+    (synopsis "Data and code behind the stories at FiveThirtyEight")
+    (description "This R package provides access to the code and data sets
+published by the statistics blog FiveThirtyEight.")
+    (license license:expat)))
+
+(define-public r-compquadform
+  (package
+    (name "r-compquadform")
+    (version "1.4.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "CompQuadForm" version))
+       (sha256
+        (base32
+         "0bsgbdblxpv57mbwnf51xyiydp2bqyxkg4zzwqki85cv5xqlrq1n"))))
+    (properties `((upstream-name . "CompQuadForm")))
+    (build-system r-build-system)
+    (home-page "http://cran.r-project.org/web/packages/CompQuadForm")
+    (synopsis "Distribution function of quadratic forms in normal variables")
+    (description
+     "This package provides functions to compute the distribution function of
+quadratic forms in normal variables using Imhof's method, Davies's algorithm,
+Farebrother's algorithm or Liu et al.'s algorithm.")
+    (license license:gpl2+)))
+
+(define-public r-cowplot
+  (package
+    (name "r-cowplot")
+    (version "0.7.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "cowplot" version))
+       (sha256
+        (base32
+         "03iimcsh1pk7iqzjdlfcj43b8khijdk4hg00j4jdllv19xsfb0hx"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-ggplot2" ,r-ggplot2)
+       ("r-gtable" ,r-gtable)
+       ("r-plyr" ,r-plyr)))
+    (home-page "https://github.com/wilkelab/cowplot")
+    (synopsis "Streamlined plot theme and plot annotations for ggplot2")
+    (description
+     "This package provides some helpful extensions and modifications to the
+ggplot2 package to combine multiple ggplot2 plots into one and label them with
+letters, as is often required for scientific publications.")
+    (license license:gpl2)))
+
+(define-public r-mixtools
+  (package
+    (name "r-mixtools")
+    (version "1.0.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "mixtools" version))
+       (sha256
+        (base32
+         "133rr17ywmlhsc6457hs8qxi8ng443ql9ashxpwc8875gjhv1x32"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-segmented" ,r-segmented)))
+    (home-page "http://cran.r-project.org/web/packages/mixtools")
+    (synopsis "Tools for analyzing finite mixture models")
+    (description
+     "This package provides a collection of R functions for analyzing finite
+mixture models.")
+    (license license:gpl2+)))
+
+(define-public r-lars
+  (package
+    (name "r-lars")
+    (version "1.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "lars" version))
+       (sha256
+        (base32
+         "0blj44wqrx6lmym1m9v6wkz8zxzbjax2zl6swgdczci0ixb5nx34"))))
+    (build-system r-build-system)
+    (inputs
+     `(("gfortran" ,gfortran)))
+    (home-page "http://www-stat.stanford.edu/~hastie/Papers/#LARS")
+    (synopsis "Least angle regression software")
+    (description
+     "Least Angle Regression (\"LAR\") is a model selection algorithm; a
+useful and less greedy version of traditional forward selection methods.  A
+simple modification of the LAR algorithm implements Tibshirani's Lasso; the
+Lasso modification of LARS calculates the entire Lasso path of coefficients
+for a given problem at the cost of a single least squares fit.  Another LARS
+modification efficiently implements epsilon Forward Stagewise linear
+regression.")
+    (license license:gpl2)))
+
+(define-public r-fastica
+  (package
+    (name "r-fastica")
+    (version "1.2-0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "fastICA" version))
+       (sha256
+        (base32
+         "0ykk78fsk5da2g16i4wji85bvji7nayjvkfp07hyaxq9d15jmf0r"))))
+    (properties `((upstream-name . "fastICA")))
+    (build-system r-build-system)
+    (home-page "http://cran.r-project.org/web/packages/fastICA")
+    (synopsis "FastICA algorithms to perform ICA and projection pursuit")
+    (description
+     "This package provides an implementation of the FastICA algorithm to
+perform @dfn{independent component analysis} (ICA) and projection pursuit.")
+    ;; Any GPL version.
+    (license license:gpl3+)))
+
+(define-public r-randomforest
+  (package
+    (name "r-randomforest")
+    (version "4.6-12")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "randomForest" version))
+       (sha256
+        (base32
+         "1i43idaihhl6nwqw42v9dqpl6f8z3ykcn2in32lh2755i27jylbf"))))
+    (properties `((upstream-name . "randomForest")))
+    (build-system r-build-system)
+    (home-page "https://www.stat.berkeley.edu/~breiman/RandomForests/")
+    (native-inputs
+     `(("gfortran" ,gfortran)))
+    (synopsis "Breiman and Cutler's random forests for classification and regression")
+    (description
+"This package provides the Breiman and Cutler's random forests algorithm, based on a
+forest of trees using random inputs, for classification and regression.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/suckless.scm b/gnu/packages/suckless.scm
index a00420312d..e30a0883a3 100644
--- a/gnu/packages/suckless.scm
+++ b/gnu/packages/suckless.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2013 Cyril Roelandt <tipecaml@gmail.com>
 ;;; Copyright © 2015 Amirouche Boubekki <amirouche@hypermove.net>
 ;;; Copyright © 2016 Al McElrath <hello@yrns.org>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2015 Dmitry Bogatov <KAction@gnu.org>
 ;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
@@ -27,6 +27,7 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system glib-or-gtk)
   #:use-module (gnu packages)
@@ -36,7 +37,15 @@
   #:use-module (gnu packages fonts)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages webkit)
-  #:use-module (gnu packages fontutils))
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages mpd)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages ncurses)
+  #:use-module (gnu packages gawk)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages libbsd))
 
 (define-public dwm
   (package
@@ -55,19 +64,36 @@
                                          (assoc-ref %build-inputs "freetype")
                                          "/include/freetype2"))
        #:phases
-       (alist-replace
-        'configure
-        (lambda _
-         (substitute* "Makefile" (("\\$\\{CC\\}") "gcc"))
-         #t)
-        (alist-replace
-         'install
-         (lambda* (#:key outputs #:allow-other-keys)
-          (let ((out (assoc-ref outputs "out")))
-           (zero?
-            (system* "make" "install"
-                     (string-append "DESTDIR=" out) "PREFIX="))))
-         %standard-phases))))
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda _
+             (substitute* "Makefile" (("\\$\\{CC\\}") "gcc"))
+             #t))
+        (replace 'install
+          (lambda* (#:key outputs #:allow-other-keys)
+            (let ((out (assoc-ref outputs "out")))
+              (zero?
+               (system* "make" "install"
+                        (string-append "DESTDIR=" out) "PREFIX=")))))
+        (add-after 'build 'install-xsession
+          (lambda* (#:key outputs #:allow-other-keys)
+            ;; Add a .desktop file to xsessions.
+            (let* ((output (assoc-ref outputs "out"))
+                   (xsessions (string-append output "/share/xsessions")))
+              (mkdir-p xsessions)
+              (with-output-to-file
+                  (string-append xsessions "/dwm.desktop")
+                (lambda _
+                  (format #t
+                    "[Desktop Entry]~@
+                     Name=dwm~@
+                     Comment=Dynamic Window Manager~@
+                     Exec=~a/bin/dwm~@
+                     TryExec=~@*~a/bin/dwm~@
+                     Icon=~@
+                     Type=Application~%"
+                    output)))
+              #t))))))
     (inputs
      `(("freetype" ,freetype)
        ("libx11" ,libx11)
@@ -114,6 +140,34 @@ optimising the environment for the application in use and the task performed.")
 numbers of user-defined menu items efficiently.")
     (license license:x11)))
 
+(define-public spoon
+  (package
+    (name "spoon")
+    (version "0.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://dl.2f30.org/releases/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "10c5i7ykpy7inzzfiw1dh0srpkljycr3blxhvd8160wsvplbws48"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No tests
+       #:make-flags (list "CC=gcc"
+                          (string-append "PREFIX=" %output))))
+    (inputs
+     `(("libx11" ,libx11)
+       ("libxkbfile" ,libxkbfile)
+       ("alsa-lib" ,alsa-lib)
+       ("libmpdclient" ,libmpdclient)))
+    (home-page "http://git.2f30.org/spoon/")
+    (synopsis "Set dwm status")
+    (description
+     "Spoon can be used to set the dwm status.")
+    (license license:isc)))
+
 (define-public slock
   (package
     (name "slock")
@@ -257,3 +311,382 @@ allows you to write down the presentation for a quick lightning talk within a
 few minutes.")
     (home-page "http://tools.suckless.org/sent")
     (license license:x11)))
+
+(define-public xbattmon
+  (package
+    (name "xbattmon")
+    (version "0.9")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://dl.2f30.org/releases/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0n2rrjq03pgqrdkl7cz5snsfdanf4s58w9h6dbvnl7p8bbd3j2kn"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No tests
+       #:make-flags (list "CC=gcc"
+                          (string-append "PREFIX=" %output))))
+    (inputs
+     `(("libx11" ,libx11)))
+    (home-page "http://git.2f30.org/xbattmon/")
+    (synopsis "Simple battery monitor for X")
+    (description
+     "Xbattmon is a simple battery monitor for X.")
+    (license license:isc)))
+
+(define-public wificurse
+  (package
+    (name "wificurse")
+    (version "0.3.9")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://dl.2f30.org/releases/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "067ghr1xly5ca41kc83xila1p5hpq0bxfcmc8jvxi2ggm6wrhavn"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No tests
+       #:make-flags (list
+                     (string-append "PREFIX=" %output))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)))) ; No configure script
+    (home-page "http://git.2f30.org/wificurse/")
+    (synopsis "Wifi DoS attack tool")
+    (description
+     "Wificurses listens for beacons sent from wireless access points
+in the range of your wireless station.  Once received the program
+extracts the BSSID of the AP and transmits deauthentication packets
+using the broadcast MAC address.  This results to the disconnection
+of all clients connected to the AP at the time of the attack.  This
+is essencially a WiFi DoS attack tool created for educational
+purposes only.  It works only in Linux and requires wireless card
+drivers capable of injecting packets in wireless networks.")
+    (license license:gpl3+)))
+
+(define-public skroll
+  (package
+    (name "skroll")
+    (version "0.6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://dl.2f30.org/releases/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0km6bjfz4ssb1z0xwld6iiixnn7d255ax8yjs3zkdm42z8q9yl0f"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No tests
+       #:make-flags (list "CC=gcc"
+                          (string-append "PREFIX=" %output))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)))) ; No configure script
+    (home-page "http://2f30.org")
+    (synopsis "Commandline utility which scrolls text")
+    (description
+     "Skroll is a small utility that you can use to make a text scroll.
+Pipe text to it, and it will scroll a given number of letters from right to
+left.")
+    (license license:wtfpl2)))
+
+(define-public sbm
+  (package
+    (name "sbm")
+    (version "0.9")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://dl.2f30.org/releases/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1nks5mkh5wn30kyjzlkjlgi31bv1wq52kbp0r6nzbyfnvfdlywik"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No tests
+       #:make-flags (list "CC=gcc"
+                          (string-append "PREFIX=" %output))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)))) ; No configure script
+    (home-page "http://git.2f30.org/sbm/")
+    (synopsis "Simple bandwidth monitor")
+    (description
+     "Sbm is a simple bandwidth monitor.")
+    (license license:isc)))
+
+(define-public prout
+  (package
+    (name "prout")
+    (version "0.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://dl.2f30.org/releases/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1s6c3ygg1h1fyxkh8gd7nzjk6qhnwsb4535d2k780kxnwns5fzas"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No tests
+       #:make-flags (list "CC=gcc"
+                          (string-append "PREFIX=" %output))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)))) ; No configure script
+    (inputs
+     `(("cups-minimal" ,cups-minimal)
+       ("zlib" ,zlib)))
+    (home-page "http://git.2f30.org/prout/")
+    (synopsis "Smaller lp command")
+    (description
+     "Prout (PRint OUT) is a small utility one can use to send
+documents to a printer.
+It has no feature, and does nothing else.  Just set your default
+printer in client.conf(5) and start printing.  No need for a local
+cups server to be installed.")
+    (license license:wtfpl2)))
+
+(define-public noice
+  (package
+    (name "noice")
+    (version "0.6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://dl.2f30.org/releases/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0ldkbb71z6k4yzj4kpg3s94ijj1c1kx9dfcjz393py09scfyg5hr"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No tests
+       #:make-flags (list "CC=gcc"
+                          (string-append "PREFIX=" %output))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure) ; No configure script
+         (add-before 'build 'curses
+           (lambda _
+             (substitute* "Makefile"
+               (("lcurses") "lncurses")))))))
+    (inputs
+     `(("ncurses" ,ncurses)))
+    (home-page "http://git.2f30.org/noice/")
+    (synopsis "Small file browser")
+    (description
+     "Noice is a small curses-based file browser.")
+    (license license:bsd-2)))
+
+;;; We want some commits that are more recent than the latest release, 0.2
+(define-public human
+  (let ((commit "50c80e6ba12823184b6866e06b955dbd2ccdc5d7")
+        (revision "1"))
+    (package
+      (name "human")
+      (version (string-append "0.2-" revision "." (string-take commit 7)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "git://git.2f30.org/human.git")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "18xngm4h9vsyip52zwd79rrp1irzg6rs462lpbp61amf7hj955gn"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No tests
+       #:make-flags (list "CC=gcc"
+                          (string-append "PREFIX=" %output))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)))) ; No configure script
+    (home-page "http://git.2f30.org/human/")
+    (synopsis "Convert bytes to human readable formats")
+    (description
+     "Human is a small program which translate numbers into a
+human readable format.  By default, it tries to detect the best
+factorisation, but you can force its output.
+You can adjust the number of decimals with the @code{SCALE}
+environment variable.")
+    (license license:wtfpl2))))
+
+(define-public fortify-headers
+  (package
+    (name "fortify-headers")
+    (version "0.8")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://dl.2f30.org/releases/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1cacdczpjb49c4i1168g541wnl3i3gbpv2m2wbnmw5wddlyhgkdg"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No tests
+       #:make-flags (list "CC=gcc"
+                          (string-append "PREFIX=" %output))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)))) ; No configure script
+    (home-page "http://git.2f30.org/fortify-headers/")
+    (synopsis "Standalone fortify-source implementation")
+    (description
+     "This is a standalone implementation of fortify source.  It provides
+compile time buffer checks.  It is libc-agnostic and simply overlays the
+system headers by using the @code{#include_next} extension found in GCC.  It was
+initially intended to be used on musl based Linux distributions.
+
+@itemize
+@item It is portable, works on *BSD, Linux, Solaris and possibly others.
+@item It will only trap non-conformant programs.  This means that fortify
+  level 2 is treated in the same way as level 1.
+@item Avoids making function calls when undefined behaviour has already been
+  invoked.  This is handled by using __builtin_trap().
+@item Support for out-of-bounds read interfaces, such as send(), write(),
+  fwrite() etc.
+@item No ABI is enforced.  All of the fortify check functions are inlined
+  into the resulting binary.
+@end itemize\n")
+    (license license:isc)))
+
+(define-public colors
+  (package
+    (name "colors")
+    (version "0.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://dl.2f30.org/releases/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1lckmqpgj89841splng0sszbls2ag71ggkgr1wsv9y3v6y87589z"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No tests
+       #:make-flags (list "CC=gcc"
+                          (string-append "PREFIX=" %output))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)))) ; No configure script
+    (inputs
+     `(("libpng" ,libpng)))
+    (home-page "http://git.2f30.org/colors/")
+    (synopsis "Extract colors from pictures")
+    (description
+     "Extract colors from PNG files.  It is similar to
+strings(1) but for pictures.  For a given input file it outputs a
+colormap to stdout.")
+    (license license:isc)))
+
+;; No new releases were made at github, this repository is more active than
+;; the one at http://git.suckless.org/libutf/ and it is
+;; done by the same developer.
+(define-public libutf
+  (let ((revision "1")
+        (commit "ff4c60635e1f455b0a0b4200f8183fbd5a88225b"))
+    (package
+      (name "libutf")
+      (version (string-append "0.0.0-" revision "." (string-take commit 7)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/cls/libutf")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "1ih5vjavilzggyr1j1z6w1z12c2fs5fg77cfnv7ami5ivsy3kg3d"))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:tests? #f ; No tests
+         #:make-flags (list "CC=gcc"
+                            (string-append "PREFIX=" %output))
+         #:phases
+         (modify-phases %standard-phases
+           (delete 'configure)))) ; No configure script
+      (inputs
+       `(("gawk" ,gawk)))
+      (home-page "https://github.com/cls/libutf")
+      (synopsis "Plan 9 compatible UTF-8 library")
+      (description
+       "This is a C89 UTF-8 library, with an API compatible with that of
+Plan 9's libutf, but with a number of improvements:
+
+@itemize
+@item Support for runes beyond the Basic Multilingual Plane.
+@item utflen and utfnlen cannot overflow on 32- or 64-bit machines.
+@item chartorune treats all invalid codepoints as though Runeerror.
+@item fullrune, utfecpy, and utfnlen do not overestimate the length
+of malformed runes.
+@item An extra function, charntorune(p,s,n), equivalent to
+fullrune(s,n) ? chartorune(p,s): 0.
+@item Runeerror may be set to an alternative replacement value, such
+as -1, to be used instead of U+FFFD.
+@end itemize\n")
+      (license license:expat))))
+
+;; No release tarballs so far.
+(define-public lchat
+  (let ((revision "1")
+        (commit "bbde23732f8c7769b982f0c1bda9b99fbf93f932"))
+    (package
+      (name "lchat")
+      (version (string-append "0.0.0-" revision "." (string-take commit 7)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/younix/lchat")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "00q3rc0aa5416jvjvrj71x1wnr0331kxhvjjs7pyxgnq4xf36k63"))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:tests? #f ; No tests
+         #:make-flags (list "CC=gcc"
+                            (string-append "PREFIX=" %output))
+         #:phases
+         (modify-phases %standard-phases
+           (delete 'configure) ; No configure script
+           (add-before 'build 'libbsd
+             (lambda _
+               (substitute* "Makefile"
+                 (("-lutf") "-lutf -lbsd"))))
+           (replace 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out"))
+                      (bin (string-append out "/bin")))
+                 (install-file "lchat" bin)
+                 #t))))))
+      (inputs
+       `(("grep" ,grep)
+         ("ncurses" ,ncurses)
+         ("libutf" ,libutf)
+         ("libbsd" ,libbsd)))
+      (home-page "https://github.com/younix/lchat")
+      (synopsis "Line chat is a frontend for the irc client ii from suckless")
+      (description
+       "Lchat (line chat) is the little and small brother of cii.
+It is a front end for ii-like chat programs.  It uses tail(1) -f to get the
+chat output in background.")
+      (license license:isc))))
diff --git a/gnu/packages/sync.scm b/gnu/packages/sync.scm
index 429fe196de..4b026b93cb 100644
--- a/gnu/packages/sync.scm
+++ b/gnu/packages/sync.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -25,6 +26,7 @@
   #:use-module (gnu packages compression)
   #:use-module (gnu packages databases)
   #:use-module (gnu packages linux)
+  #:use-module (gnu packages lua)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages qt)
@@ -158,3 +160,49 @@ their folder.
 @item Toggle for monochrome icon.
 @end enumerate\n")
     (license license:lgpl3+)))
+
+(define-public lsyncd
+  (package
+    (name "lsyncd")
+    (version "2.2.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/axkibe/lsyncd/archive/release-"
+                           version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0da7mrq2c578v2dd5x9v75l1fqrm28jvn28qkcd49y8p992nj6gl"))))
+    (build-system cmake-build-system)
+    (arguments
+     `(;; The "tests" target is broken and assumes that tests are run in the
+       ;; root directory.
+       #:tests? #f
+       #:test-target "tests"
+       #:phases
+       (modify-phases %standard-phases
+         ;; No install target.
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin"))
+                    (man (string-append out "/share/man/man1")))
+               (install-file "lsyncd" bin)
+               (install-file (string-append "../lsyncd-release-"
+                                            ,version
+                                            "/doc/manpage/lsyncd.1")
+                             man)
+               #t))))))
+    (native-inputs
+     `(("lua" ,lua-5.2)))
+    (home-page "https://github.com/axkibe/lsyncd")
+    (synopsis "Synchronize local directories with remote targets")
+    (description "Lsyncd watches a local directory trees event monitor
+interface (inotify or fsevents).  It aggregates and combines events for a few
+seconds and then spawns one (or more) process(es) to synchronize the changes.
+By default this is rsync, which must be installed on all source and target
+machines.  Lsyncd is thus a light-weight live mirror solution that is
+comparatively easy to install not requiring new filesystems or block devices
+and does not hamper local filesystem performance.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/telephony.scm b/gnu/packages/telephony.scm
index 2adf08ce97..b0cefe4056 100644
--- a/gnu/packages/telephony.scm
+++ b/gnu/packages/telephony.scm
@@ -215,7 +215,8 @@ internet.")
               (base32
                "1w2g623qkd7gdyydglx2hr4s2y237lg0nszjmy7z8d2iq8hvb9sn"))))
     (native-inputs
-     `(("procps" ,procps)))
+     `(("psmisc" ,psmisc)                        ;some tests require 'killall'
+       ("procps" ,procps)))
     (build-system gnu-build-system)
     (arguments
      '(#:test-target "runtest"
@@ -234,8 +235,8 @@ internet.")
              (substitute* "test/rtpw.c"
                (("/usr/share/dict/words")
                 (string-append (assoc-ref %build-inputs "procps")
-                               "/share/doc/procps-ng"))
-                (("words.txt") "FAQ"))
+                               "/share/doc/procps-ng/FAQ"))
+               (("words.txt") "FAQ"))
              #t)))))
     (synopsis "Secure RTP (SRTP) Reference Implementation")
     (description "This package provides an implementation of the Secure
@@ -318,14 +319,14 @@ address of one of the participants.")
 (define-public mumble
   (package
     (name "mumble")
-    (version "1.2.18")
+    (version "1.2.19")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://mumble.info/snapshot/"
                                   name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1ajmdzf2jqbnm4hm53wv8bzazffflzs3z8hhbl70kfci4v4arxz0"))
+                "1s60vaici3v034jzzi20x23hsj6mkjlc0glipjq4hffrg9qgnizh"))
               (modules '((guix build utils)))
               (snippet
                `(begin
diff --git a/gnu/packages/terminals.scm b/gnu/packages/terminals.scm
index 8e648c4031..d0d99932c4 100644
--- a/gnu/packages/terminals.scm
+++ b/gnu/packages/terminals.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016, 2017 José Miguel Sánchez García <jmi2k@openmailbox.org>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -365,3 +366,70 @@ scripts, notifying the user when something interesting occurs.  Of course, it
 has no notion of what's interesing, but it's very good at that notifying part.")
     (home-page "http://www.johnath.com/beep")
     (license license:gpl2+)))
+
+(define-public unibilium
+  (package
+    (name "unibilium")
+    (version "1.2.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/mauke/unibilium/"
+                           "archive/v" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1n7a0jrlwhn9nnkna76sbnjrr808m0pmzbiwznmp7rhmjl4z2fk2"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:make-flags
+       (list "CC=gcc"
+             (string-append "PREFIX=" (assoc-ref %outputs "out")))
+       #:test-target "test"
+       ;; FIXME: tests require "prove"
+       #:tests? #f
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure))))
+    (native-inputs
+     `(("libtool" ,libtool)))
+    (home-page "https://github.com/mauke/unibilium")
+    (synopsis "Terminfo parsing library")
+    (description "Unibilium is a basic C terminfo library.  It doesn't depend
+on curses or any other library.  It also doesn't use global variables, so it
+should be thread-safe.")
+    (license license:lgpl3+)))
+
+(define-public libvterm
+  (package
+    (name "libvterm")
+    (version "0+bzr681")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://www.leonerd.org.uk/code/libvterm/"
+                           "libvterm-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1s56c8p1qz6frkcri0hg4qyydv2wcccj6n2xmz1dwcdqn38ldsmb"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:make-flags
+       (list "CC=gcc"
+             (string-append "PREFIX=" (assoc-ref %outputs "out")))
+       #:test-target "test"
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure))))
+    (native-inputs
+     `(("libtool" ,libtool)
+       ("perl" ,perl)))
+    (home-page "http://www.leonerd.org.uk/code/libvterm/")
+    (synopsis "VT220/xterm/ECMA-48 terminal emulator library")
+    (description "Libvterm is an abstract C99 library which implements a VT220
+or xterm-like terminal emulator.  It doesn't use any particular graphics
+toolkit or output system, instead it invokes callback function pointers that
+its embedding program should provide it to draw on its behalf.  It avoids
+calling @code{malloc} during normal running state, allowing it to be used in
+embedded kernel situations.")
+    (license license:expat)))
diff --git a/gnu/packages/text-editors.scm b/gnu/packages/text-editors.scm
index 4e2324dbea..4b6aa07ee8 100644
--- a/gnu/packages/text-editors.scm
+++ b/gnu/packages/text-editors.scm
@@ -1,5 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 José Miguel Sánchez García <jmi2k@openmailbox.org>
+;;; Copyright © 2016 Carlo Zancanaro <carlo@zancanaro.id.au>
+;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -19,13 +21,19 @@
 (define-module (gnu packages text-editors)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix utils)
   #:use-module (guix build-system gnu)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (gnu packages)
+  #:use-module (gnu packages boost)
+  #:use-module (gnu packages documentation)
+  #:use-module (gnu packages gcc)
   #:use-module (gnu packages lua)
   #:use-module (gnu packages ncurses)
-  #:use-module (gnu packages terminals))
+  #:use-module (gnu packages ruby)
+  #:use-module (gnu packages terminals)
+  #:use-module (gnu packages xml))
 
 (define-public vis
   (package
@@ -75,3 +83,95 @@ based command language.")
     (license (list license:isc               ; Main distribution.
                    license:public-domain     ; map.[ch]
                    license:expat))))         ; lexers and libutf.[ch]
+
+(define-public kakoune
+  (let ((commit "125c8b7e80995732e0d8c87b82040025748f1b4f")
+        (revision "1"))
+    (package
+      (name "kakoune")
+      (version (string-append "0.0.0-" revision "." (string-take commit 7)))
+      (source
+       (origin
+         (file-name (string-append "kakoune-" version "-checkout"))
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/mawww/kakoune.git")
+               (commit commit)))
+         (sha256
+          (base32
+           "19qs99l8r9p1vi5pxxx9an22fvi7xx40qw3jh2cnh2mbacawvdyb"))
+         (modules '((guix build utils)))
+         (snippet
+          ;; Kakoune uses 'gzip' to compress its manpages. Make sure
+          ;; timestamps are not preserved for reproducibility.
+          '(begin
+             (substitute* "src/Makefile"
+               (("gzip -f") "gzip -f --no-name"))
+             #t))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
+                            ;; Boost is compiled with the older ABI, so we can't use
+                            ;; the new ABI if we want to link againt it.
+                            "CPPFLAGS=-D_GLIBCXX_USE_CXX11_ABI=0")
+         #:phases
+         (modify-phases %standard-phases
+           (add-after 'unpack 'patch-source
+             (lambda _
+               ;; kakoune uses confstr with _CS_PATH to find out where to find
+               ;; a posix shell, but this doesn't work in the build
+               ;; environment. This substitution just replaces that result
+               ;; with the "sh" path.
+               (substitute* "src/shell_manager.cc"
+                 (("if \\(m_shell.empty\\(\\)\\)" line)
+                  (string-append "m_shell = \"" (which "sh")
+                                 "\";\n        " line)))
+               #t))
+           (delete 'configure)
+           ;; kakoune requires us to be in the src/ directory to build
+           (add-before 'build 'chdir
+             (lambda _ (chdir "src") #t))
+           (add-before 'check 'fix-test-permissions
+             (lambda _
+               ;; Out git downloader doesn't give us write permissions, but
+               ;; without them the tests fail.
+               (zero? (system* "chmod" "-R" "u+w" "../test")))))))
+      (native-inputs `(("gcc" ,gcc-5)
+                       ("libxslt" ,libxslt)
+                       ("asciidoc" ,asciidoc)
+                       ("ruby" ,ruby)))
+      (inputs `(("gcc:lib" ,gcc-5 "lib")
+                ("ncurses" ,ncurses)
+                ("boost" ,boost)))
+      (synopsis "Vim-inspired code editor")
+      (description
+       "Kakoune is a code editor heavily inspired by Vim, as such most of its
+commands are similar to Vi's ones, and it shares Vi's \"keystrokes as a text
+editing language\" model.  Kakoune has a strong focus on interactivity, most
+commands provide immediate and incremental results, while still being
+competitive (as in keystroke count) with Vim.")
+      (home-page "http://kakoune.org/")
+      (license license:unlicense))))
+
+(define-public joe
+  (package
+    (name "joe")
+    (version "4.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://sourceforge.net/projects/joe-editor/"
+                           "files/JOE sources/joe-" version "/"
+                           "joe-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0y898r1xlrv75m00y598rvwwsricabplyh80wawsqafapcl4hw55"))))
+    (build-system gnu-build-system)
+    (inputs `(("ncurses" ,ncurses)))
+    (home-page "http://joe-editor.sourceforge.net/")
+    (synopsis "Console screen editor")
+    (description
+     "JOE is a powerful console screen editor with a \"mode-less\" user
+interface similar to many user-friendly editors.  JOE has some of the key
+bindings and many of the powerful features of GNU Emacs.")
+    (license license:gpl3+)))
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 90878da933..b28eb164b0 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015, 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
@@ -45,7 +46,8 @@
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
   #:use-module (gnu packages texinfo)
-  #:use-module (gnu packages base))
+  #:use-module (gnu packages base)
+  #:use-module (srfi srfi-1))
 
 (define-public libtasn1
   (package
@@ -226,9 +228,23 @@ required structures.")
                 "1zyl2z63s68hx1dpxqx0lykmlf3rwrzlrf44sq3h7dvjmr1z55qf"))))
     (replacement #f)))
 
+(define-public gnutls/guile-2.2
+  ;; GnuTLS for Guile 2.2.  This is supported by GnuTLS >= 3.5.5.
+  (package
+    (inherit gnutls-3.5.8)
+    (name "guile2.2-gnutls")
+    (arguments
+     ;; Remove '--with-guile-site-dir=…/2.0'.
+     (substitute-keyword-arguments (package-arguments gnutls-3.5.8)
+       ((#:configure-flags flags)
+        `(cdr ,flags))))
+    (inputs `(("guile" ,guile-next)
+              ,@(alist-delete "guile" (package-inputs gnutls-3.5.8))))))
+
 (define-public openssl
   (package
    (name "openssl")
+   (replacement openssl-1.0.2k)
    (version "1.0.2j")
    (source (origin
              (method url-fetch)
@@ -366,11 +382,31 @@ required structures.")
    (license license:openssl)
    (home-page "http://www.openssl.org/")))
 
+(define openssl-1.0.2k
+  (package
+    (inherit openssl)
+    (name "openssl")
+    (version "1.0.2k")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (list (string-append "ftp://ftp.openssl.org/source/"
+                                  name "-" version ".tar.gz")
+                   (string-append "ftp://ftp.openssl.org/source/old/"
+                                  (string-trim-right version char-set:letter)
+                                  "/" name "-" version ".tar.gz")))
+        (sha256
+         (base32
+          "1h6qi35w6hv6rd73p4cdgdzg732pdrfgpp37cgwz1v9a3z37ffbb"))
+        (patches (search-patches "openssl-runpath.patch"
+                                 "openssl-c-rehash-in.patch"))))))
+
 (define-public openssl-next
   (package
     (inherit openssl)
+    (replacement #f)
     (name "openssl")
-    (version "1.1.0c")
+    (version "1.1.0d")
     (source (origin
              (method url-fetch)
              (uri (list (string-append "ftp://ftp.openssl.org/source/"
@@ -381,7 +417,7 @@ required structures.")
               (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
               (sha256
                (base32
-                "1xfn5ydl14myd9wgxm4nxy5a42cpp1g12ijf3g9m4mz0l90n8hzw"))))
+                "1pv0zql3r73qpjini90hn29l28d65b7i777zav0larbmi6gbnpkx"))))
     (outputs '("out"
                "doc"        ;1.3MiB of man3 pages
                "static"))   ; 5.5MiB of .a files
@@ -470,13 +506,14 @@ security, and applying best practice development processes.")
 (define-public python-acme
   (package
     (name "python-acme")
-    (version "0.9.3")
+    ;; Remember to update the hash of certbot when updating python-acme.
+    (version "0.11.1")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "acme" version))
       (sha256
-        (base32
-         "16a02bb0apnk1bm68bcabdmmwd6rnvnjzanrmcb46bpbapwz3vx6"))))
+       (base32
+        "0kk95iqxygrg0cd66kq8kbyalg2x5pz9hn1175cgwgf1vy72adfv"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -519,13 +556,15 @@ security, and applying best practice development processes.")
 (define-public certbot
   (package
     (name "certbot")
-    (version "0.9.3")
+    ;; Certbot and python-acme are developed in the same repository, and their
+    ;; versions should remain synchronized.
+    (version (package-version python-acme))
     (source (origin
               (method url-fetch)
               (uri (pypi-uri name version))
               (sha256
                (base32
-                "1c7k4lfq5j78d1rvrwrb9082ngwibz92cwkf4kazaa9b76w9q538"))))
+                "1wis5kgqcsrs60kkcmbrbx8z9yasmwa6lg9ir5im232hdm4285vc"))))
     (build-system python-build-system)
     (arguments
      `(#:python ,python-2
@@ -568,9 +607,10 @@ security, and applying best practice development processes.")
        ("python2-requests" ,python2-requests)
        ("python2-pytz" ,python2-pytz)))
     (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
-    (description "Tool to automatically receive and install X.509 certificates
-to enable TLS on servers.  The client will interoperate with the Let’s Encrypt CA which
-will be issuing browser-trusted certificates for free.")
+    (description "Certbot automatically receives and installs X.509 certificates
+to enable Transport Layer Security (TLS) on servers.  It interoperates with the
+Let’s Encrypt certificate authority (CA), which issues browser-trusted
+certificates for free.")
     (home-page "https://certbot.eff.org/")
     (license license:asl2.0)))
 
@@ -715,7 +755,7 @@ number generator")
 (define-public acme-client
   (package
     (name "acme-client")
-    (version "0.1.15")
+    (version "0.1.16")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://kristaps.bsd.lv/" name "/"
@@ -723,7 +763,7 @@ number generator")
                                   version ".tgz"))
               (sha256
                (base32
-                "07p723391whrswl4rir0l1k03l457sjscnj0cfaxr8mfnkx4y3wi"))))
+                "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9"))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f ; no test suite
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index 6f26f404be..9339dcdd70 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -2,7 +2,8 @@
 ;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -20,7 +21,7 @@
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
 (define-module (gnu packages tor)
-  #:use-module ((guix licenses) #:select (bsd-3 gpl3+ gpl2+ gpl2))
+  #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix git-download)
@@ -39,15 +40,19 @@
 (define-public tor
   (package
     (name "tor")
-    (version "0.2.9.8")
+    (version "0.2.9.9")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://dist.torproject.org/tor-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "0sklgmx4nikcfhqd606kvpwy1l8840w24ikli1xjjx25739k7pgv"))))
+               "0hqdk5p6dw4bpn7c8gmhyi8jjkhc37112pfw5nx4gl0g4lmmscik"))))
     (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags (list "--enable-expensive-hardening"
+                               "--enable-gcc-hardening"
+                               "--enable-linker-hardening")))
     (native-inputs
      `(("python" ,python-2)))  ; for tests
     (inputs
@@ -69,7 +74,7 @@ To @code{torify} applications (to take measures to ensure that an application,
 which has not been designed for use with Tor such as ssh, will use only Tor for
 internet connectivity, and also ensures that there are no leaks from DNS, UDP or
 the application layer) you need to install @code{torsocks}.")
-    (license bsd-3)))
+    (license license:bsd-3)))
 
 (define-public torsocks
   (package
@@ -91,7 +96,7 @@ way with Tor.  It ensures that DNS requests are handled safely and explicitly
 rejects UDP traffic from the application you're using.")
 
     ;; All the files explicitly say "version 2 only".
-    (license gpl2)))
+    (license license:gpl2)))
 
 (define-public privoxy
   (package
@@ -135,7 +140,7 @@ access, and removing ads and other obnoxious Internet junk.  Privoxy has a
 flexible configuration and can be customized to suit individual needs and
 tastes.  It has application for both stand-alone systems and multi-user
 networks.")
-    (license gpl2+)))
+    (license license:gpl2+)))
 
 (define-public onionshare
   (package
@@ -221,5 +226,68 @@ using a third party filesharing service.  You host the file on your own computer
 and use a Tor hidden service to make it temporarily accessible over the
 internet.  The other user just needs to use Tor Browser to download the file
 from you.")
-    (license (list gpl3+
-                   bsd-3)))) ; onionshare/socks.py
+    (license (list license:gpl3+
+                   license:bsd-3))))    ; onionshare/socks.py
+
+(define-public nyx
+  ;; The last ‘arm’ relase was 5 years ago.  Meanwhile, python3 support has
+  ;; been added and the software was renamed to ‘nyx’.
+  (let ((commit "fea209127484d9b304b908a4711c9528b1d065bc")
+        (revision "1"))                 ; Guix package revision
+    (package
+      (name "nyx")
+      (version (string-append "1.9-"
+                              revision "." (string-take commit 7)))
+      (source
+       (origin
+         (method git-fetch)
+         (file-name (string-append name "-" version "-checkout"))
+         (uri (git-reference
+               (url "https://git.torproject.org/nyx.git")
+               (commit commit)))
+         (sha256
+          (base32
+           "1g0l4988076xg5gs0x0nxzlg58rfx5g5agmklvyh4yp03vxncdb9"))))
+      (build-system python-build-system)
+      (native-inputs
+       `(("python-mock" ,python-mock)
+         ("python-pep8" ,python-pep8)
+         ("python-pyflakes" ,python-pyflakes)))
+      (inputs
+       `(("python-stem" ,python-stem)))
+      (arguments
+       `(#:configure-flags
+         (list (string-append "--man-page="
+                              (assoc-ref %outputs "out")
+                              "/share/man/man1/nyx.1")
+               (string-append "--sample-path="
+                              (assoc-ref %outputs "out")
+                              "/share/doc/nyx/nyxrc.sample"))
+         #:use-setuptools? #f           ; setup.py still uses distutils
+         #:phases
+         (modify-phases %standard-phases
+           (replace 'check
+             (lambda _
+               (zero? (system* "./run_tests.py" "--unit")))))))
+      ;; A Nyx home page is ‘being worked on’.  Use Arm's for now, which at
+      ;; least mentions the new source repository:
+      (home-page "http://www.atagar.com/arm/")
+      (synopsis "Tor relay status monitor")
+      (description "Nyx (formerly Anonymizing Relay Monitor or \"arm\")
+monitors the performance of relays participating in the
+@uref{https://www.torproject.org/, Tor anonymity network}.  It displays this
+information visually and in real time, using a curses-based terminal interface.
+This makes Nyx well-suited for remote shell connections and servers without a
+graphical display.  It's like @command{top} for Tor, providing detailed
+statistics and status reports on:
+
+@enumerate
+@item connections (with IP address, hostname, fingerprint, and consensus data),
+@item bandwidth, processor, and memory usage,
+@item the relay's current configuration,
+@item logged events,
+@item and much more.
+@end enumerate
+
+Potential client and exit connections are scrubbed of sensitive information.")
+      (license license:gpl3+))))
diff --git a/gnu/packages/tv.scm b/gnu/packages/tv.scm
index 2db71b8491..cb82e5b847 100644
--- a/gnu/packages/tv.scm
+++ b/gnu/packages/tv.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com>
+;;; Copyright © 2015, 2016, 2017 Alex Kost <alezost@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -32,15 +32,15 @@
 (define-public tvtime
   (package
     (name "tvtime")
-    (version "1.0.10")
+    (version "1.0.11")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                    "http://linuxtv.org/downloads/tvtime/tvtime-"
+                    "https://linuxtv.org/downloads/tvtime/tvtime-"
                     version ".tar.gz"))
               (sha256
                (base32
-                "1mk6dni82n8jv5wsrrpqzcwrg9ccx9vijb5sbm7gqm2y0h40q5y9"))))
+                "1367rl3n6qxwf30lqyz234zpb43s9xjhig3hrvbg7cbqcl8g4fs0"))))
     (build-system gnu-build-system)
     (inputs
      `(("alsa-lib" ,alsa-lib)
diff --git a/gnu/packages/u-boot.scm b/gnu/packages/u-boot.scm
deleted file mode 100644
index cdd52d8747..0000000000
--- a/gnu/packages/u-boot.scm
+++ /dev/null
@@ -1,136 +0,0 @@
-;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
-;;; Copyright © 2016 David Craven <david@craven.ch>
-;;;
-;;; This file is part of GNU Guix.
-;;;
-;;; GNU Guix is free software; you can redistribute it and/or modify it
-;;; under the terms of the GNU General Public License as published by
-;;; the Free Software Foundation; either version 3 of the License, or (at
-;;; your option) any later version.
-;;;
-;;; GNU Guix is distributed in the hope that it will be useful, but
-;;; WITHOUT ANY WARRANTY; without even the implied warranty of
-;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-;;; GNU General Public License for more details.
-;;;
-;;; You should have received a copy of the GNU General Public License
-;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
-
-(define-module (gnu packages u-boot)
-  #:use-module (guix build-system gnu)
-  #:use-module (guix download)
-  #:use-module (guix packages)
-  #:use-module ((guix licenses) #:prefix license:)
-  #:use-module (gnu packages)
-  #:use-module ((gnu packages algebra) #:select (bc))
-  #:use-module (gnu packages bison)
-  #:use-module (gnu packages cross-base)
-  #:use-module (gnu packages flex)
-  #:use-module (gnu packages python))
-
-(define-public dtc
-  (package
-    (name "dtc")
-    (version "1.4.2")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append
-                    "https://www.kernel.org/pub/software/utils/dtc/"
-                    "dtc-" version ".tar.xz"))
-              (sha256
-               (base32
-                "1b7si8niyca4wxbfah3qw4p4wli81mc1qwfhaswvrfqahklnwi8k"))))
-    (build-system gnu-build-system)
-    (native-inputs
-     `(("bison" ,bison)
-       ("flex" ,flex)))
-    (arguments
-     `(#:make-flags
-       (list "CC=gcc"
-             (string-append "PREFIX=" (assoc-ref %outputs "out"))
-             "INSTALL=install")
-       #:phases
-       (modify-phases %standard-phases
-         (delete 'configure))))
-    (home-page "https://www.devicetree.org")
-    (synopsis "Compiles device tree source files")
-    (description "@command{dtc} compiles device tree source files to device
-tree binary files. These are board description files used by Linux and BSD.")
-    (license license:gpl2+)))
-
-(define u-boot
-  (package
-    (name "u-boot")
-    (version "2016.07")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append
-                    "ftp://ftp.denx.de/pub/u-boot/"
-                    "u-boot-" version ".tar.bz2"))
-              (sha256
-               (base32
-                "0lqj4ckmfqiap8mc6z2d5albs3g2h5mzccbn60hsgxhabhibfkwp"))))
-    (native-inputs
-     `(("bc" ,bc)
-       ("dtc" ,dtc)
-       ("python-2" ,python-2)))
-    (build-system  gnu-build-system)
-    (home-page "http://www.denx.de/wiki/U-Boot/")
-    (synopsis "ARM bootloader")
-    (description "U-Boot is a bootloader used mostly for ARM boards. It
-also initializes the boards (RAM etc).")
-    (license license:gpl2+)))
-
-(define (make-u-boot-package board triplet)
-  "Returns a u-boot package for BOARD cross-compiled for TRIPLET."
-  (package
-    (inherit u-boot)
-    (name (string-append "u-boot-" (string-downcase board)))
-    (native-inputs
-     `(("cross-gcc" ,(cross-gcc triplet))
-       ("cross-binutils" ,(cross-binutils triplet))
-       ,@(package-native-inputs u-boot)))
-    (arguments
-     `(#:test-target "test"
-       #:make-flags
-       (list "HOSTCC=gcc" (string-append "CROSS_COMPILE=" ,triplet "-"))
-       #:phases
-       (modify-phases %standard-phases
-         (replace 'configure
-           (lambda* (#:key outputs make-flags #:allow-other-keys)
-             (let ((config-name (string-append ,board "_defconfig")))
-               (if (file-exists? (string-append "configs/" config-name))
-                   (zero? (apply system* "make" `(,@make-flags ,config-name)))
-                   (begin
-                     (display "Invalid board name. Valid board names are:")
-                     (let ((dir (opendir "configs"))
-                           (suffix-length (string-length "_defconfig")))
-                       (do ((file-name (readdir dir) (readdir dir)))
-                           ((eof-object? file-name))
-                         (when (string-suffix? "_defconfig" file-name)
-                           (format #t "- ~A\n"
-                                   (string-drop-right file-name suffix-length))))
-                       (closedir dir))
-                     #f)))))
-         (replace 'install
-           (lambda* (#:key outputs make-flags #:allow-other-keys)
-             (let* ((out (assoc-ref outputs "out"))
-                    (libexec (string-append out "/libexec"))
-                    (uboot-files (find-files "." ".*\\.(bin|efi|spl)$")))
-               (mkdir-p libexec)
-               (for-each
-                (lambda (file)
-                  (let ((target-file (string-append libexec "/" file)))
-                    (mkdir-p (dirname target-file))
-                    (copy-file file target-file)))
-                uboot-files)))))))))
-
-(define-public u-boot-vexpress
-  (make-u-boot-package "vexpress_ca9x4" "arm-linux-gnueabihf"))
-
-(define-public u-boot-malta
-  (make-u-boot-package "malta" "mips64el-linux-gnuabi64"))
-
-(define-public u-boot-beagle-bone-black
-  (make-u-boot-package "am335x_boneblack" "arm-linux-gnueabihf"))
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 8833b17e42..e49d6137b5 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -6,11 +6,11 @@
 ;;; Copyright © 2015, 2016 Mathieu Lirzin <mthl@gnu.org>
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014, 2016 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2015 Kyle Meyer <kyle@kyleam.com>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -112,14 +112,14 @@ as well as the classic centralized workflow.")
 (define-public git
   (package
    (name "git")
-   (version "2.11.0")
+   (version "2.11.1")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://kernel.org/software/scm/git/git-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "02zx368id8rys0bh2sjrxz0ln2l2wm5nf1vhp1rj72clsilqszky"))))
+              "05b4jw86w77c3pyh3nm6aw31vhxwzvhnx2x0bcfqmm15wg57k9y0"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("native-perl" ,perl)
@@ -132,7 +132,7 @@ as well as the classic centralized workflow.")
                 version ".tar.xz"))
           (sha256
            (base32
-            "1n18jnpi0z3skwc1ckrm7zdld6i3zvn0g95cg9r9pdn0564fglxk"))))))
+            "0cfa3c2r7d86ksswxdl0jqdka9mai3446gg8380921gf779nwj39"))))))
    (inputs
     `(("curl" ,curl)
       ("expat" ,expat)
@@ -275,16 +275,7 @@ as well as the classic centralized workflow.")
               (wrap-program git-sm
                 `("PATH" ":" prefix
                   (,(string-append (assoc-ref inputs "perl")
-                                   "/bin"))))
-
-              ;; Tell 'git' to look for core programs in the user's profile.
-              ;; This allows user to install other outputs of this package and
-              ;; have them transparently taken into account.  There's a
-              ;; 'GIT_EXEC_PATH' environment variable, but it's supposed to
-              ;; specify a single directory, not a search path.
-              (wrap-program (string-append out "/bin/git")
-                `("PATH" ":" prefix
-                  ("$HOME/.guix-profile/libexec/git-core"))))))
+                                   "/bin")))))))
         (add-after 'split 'install-man-pages
           (lambda* (#:key inputs outputs #:allow-other-keys)
             (let* ((out (assoc-ref outputs "out"))
@@ -301,7 +292,10 @@ as well as the classic centralized workflow.")
     (list (search-path-specification
            (variable "GIT_SSL_CAINFO")
            (file-type 'regular)
-           (files '("etc/ssl/certs/ca-certificates.crt")))))
+           (files '("etc/ssl/certs/ca-certificates.crt")))
+          (search-path-specification
+           (variable "GIT_EXEC_PATH")
+           (files '("libexec/git-core")))))
 
    (synopsis "Distributed version control system")
    (description
@@ -354,10 +348,13 @@ everything from small to very large projects with speed and efficiency.")
     (inputs
      `(("libssh2" ,libssh2)
        ("libcurl" ,curl)
-       ("python" ,python-wrapper)
-       ("openssl" ,openssl)))
+       ("python" ,python-wrapper)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
+    (propagated-inputs
+     ;; These two libraries are in 'Requires.private' in libgit2.pc.
+     `(("openssl" ,openssl)
+       ("zlib" ,zlib)))
     (home-page "https://libgit2.github.com/")
     (synopsis "Library providing Git core methods")
     (description
@@ -367,6 +364,47 @@ write native speed custom Git applications in any language with bindings.")
     ;; GPLv2 with linking exception
     (license license:gpl2)))
 
+(define-public git-crypt
+  (package
+    (name "git-crypt")
+    (version "0.5.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/AGWA/git-crypt"
+                                  "/archive/" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0454fdmgm5f3razkn8n03lfqm5zyzvr4r2528zmlxiwba9518l2i"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("git" ,git)
+       ("openssl" ,openssl)))
+    (arguments
+     `(#:tests? #f ; No tests.
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (replace 'build
+           (lambda _
+             (zero? (system* "make"))))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (zero? (system* "make" "install"
+                               (string-append "PREFIX=" out)))))))))
+    (home-page "https://www.agwa.name/projects/git-crypt")
+    (synopsis "Transparent encryption of files in a git repository")
+    (description "git-crypt enables transparent encryption and decryption of
+files in a git repository. Files which you choose to protect are encrypted when
+committed, and decrypted when checked out. git-crypt lets you freely share a
+repository containing a mix of public and private content. git-crypt gracefully
+degrades, so developers without the secret key can still clone and commit to a
+repository with encrypted files. This lets you store your secret material (such
+as keys or passwords) in the same repository as your code, without requiring you
+to lock down your entire repository.")
+    (license license:gpl3+)))
+
 (define-public cgit
   (package
     (name "cgit")
@@ -842,19 +880,19 @@ masters from remote CVS hosts.")
 (define-public vc-dwim
   (package
     (name "vc-dwim")
-    (version "1.7")
+    (version "1.8")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/vc-dwim/vc-dwim-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "094pjwshvazlgagc254in2xvrp93vhcj0kb5ms17qs7sch99x9z2"))))
+               "0d5sqafc40l878m8wjr35jxmalj4kam1m6ph60v08ng4ml5g7931"))))
     (build-system gnu-build-system)
     (inputs `(("perl" ,perl)
               ("inetutils" ,inetutils))) ; for `hostname', used in the tests
     (native-inputs `(("emacs" ,emacs-minimal))) ; for `ctags'
-    (home-page "http://www.gnu.org/software/vc-dwim/")
+    (home-page "https://www.gnu.org/software/vc-dwim/")
     (synopsis "Version-control-agnostic ChangeLog diff and commit tool")
     (description
      "The vc-dwim package contains two tools, \"vc-dwim\" and \"vc-chlog\".
@@ -1240,14 +1278,14 @@ a built-in wiki, built-in file browsing, built-in tickets system, etc.")
 (define-public stagit
   (package
     (name "stagit")
-    (version "0.4")
+    (version "0.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://dl.2f30.org/releases/"
                                   name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0z5r06wqrfnsz24ci4hjqbd62svclvhkgzaq9npsyjcp6jnf7izc"))))
+                "0ym1dwzn2z23hcg53qh1m1g5pfibrfnnlp3sm3z1v4mhz0pgaj56"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; No tests
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index a5b35479a0..44d1856d3d 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -11,7 +11,7 @@
 ;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
 ;;; Copyright © 2016 Dmitry Nikolaev <cameltheman@gmail.com>
 ;;; Copyright © 2016 Andy Patterson <ajpatter@uwaterloo.ca>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;;
@@ -57,6 +57,7 @@
   #:use-module (gnu packages compression)
   #:use-module (gnu packages curl)
   #:use-module (gnu packages databases)
+  #:use-module (gnu packages dejagnu)
   #:use-module (gnu packages elf)
   #:use-module (gnu packages flex)
   #:use-module (gnu packages fontutils)
@@ -75,6 +76,7 @@
   #:use-module (gnu packages linux)
   #:use-module (gnu packages lua)
   #:use-module (gnu packages m4)
+  #:use-module (gnu packages man)
   #:use-module (gnu packages mp3)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages ocr)
@@ -442,14 +444,14 @@ standards (MPEG-2, MPEG-4 ASP/H.263, MPEG-4 AVC/H.264, and VC-1/VMW3).")
 (define-public ffmpeg
   (package
     (name "ffmpeg")
-    (version "3.2.2")
+    (version "3.2.4")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://ffmpeg.org/releases/ffmpeg-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1z7d5y5crhsl5fm74236rdwbkd4jj5frx1l4iizjfym1w4gvs09z"))))
+               "0ymg1mkg1n0770gmjfqp79p5ijxq04smfrsrrxc8pjc0y0agyf3f"))))
     (build-system gnu-build-system)
     (inputs
      `(("fontconfig" ,fontconfig)
@@ -471,6 +473,7 @@ standards (MPEG-2, MPEG-4 ASP/H.263, MPEG-4 AVC/H.264, and VC-1/VMW3).")
        ("mesa" ,mesa)
        ("openal" ,openal)
        ("pulseaudio" ,pulseaudio)
+       ("sdl" ,sdl2)
        ("soxr" ,soxr)
        ("speex" ,speex)
        ("twolame" ,twolame)
@@ -580,7 +583,7 @@ standards (MPEG-2, MPEG-4 ASP/H.263, MPEG-4 AVC/H.264, and VC-1/VMW3).")
           (lambda* (#:key outputs configure-flags #:allow-other-keys)
             (let ((out (assoc-ref outputs "out")))
               (substitute* "configure"
-                (("#! /bin/sh") (string-append "#!" (which "bash"))))
+                (("#! /bin/sh") (string-append "#!" (which "sh"))))
               (setenv "SHELL" (which "bash"))
               (setenv "CONFIG_SHELL" (which "bash"))
               (zero? (apply system*
@@ -610,14 +613,14 @@ audio/video codec library.")
 (define-public ffmpeg-2.8
   (package
     (inherit ffmpeg)
-    (version "2.8.10")
+    (version "2.8.11")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://ffmpeg.org/releases/ffmpeg-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1ca84kc715xm7wmbnj1z4jfhxj8c7rxhy4cqwrd8cnih0l196j1c"))))
+               "1rhz7rhmhhh8bjcj3dc82haisn3qjbzqlr7k6d6v7064jgn3maiq"))))
     (arguments
      (substitute-keyword-arguments (package-arguments ffmpeg)
        ((#:configure-flags flags)
@@ -796,7 +799,7 @@ treaming protocols.")
             (let ((out (assoc-ref outputs "out"))
                   (libx11 (assoc-ref inputs "libx11")))
               (substitute* "configure"
-                (("#! /bin/sh") (string-append "#!" (which "bash"))))
+                (("#! /bin/sh") (string-append "#!" (which "sh"))))
               (setenv "SHELL" (which "bash"))
               (setenv "CONFIG_SHELL" (which "bash"))
               (zero? (system*
@@ -891,7 +894,9 @@ SVCD, DVD, 3ivx, DivX 3/4/5, WMV and H.264 movies.")
           (lambda* (#:key inputs #:allow-other-keys)
             (copy-file (assoc-ref inputs "waf") "waf")
             (setenv "CC" "gcc"))))
-       #:configure-flags (list "--enable-libmpv-shared" "--enable-zsh-comp")
+       #:configure-flags (list "--enable-libmpv-shared"
+                               "--enable-zsh-comp"
+                               "--disable-build-date")
        ;; No check function defined.
        #:tests? #f))
     (home-page "https://mpv.io/")
@@ -932,7 +937,7 @@ access to mpv's powerful playback capabilities.")
 (define-public libvpx
   (package
     (name "libvpx")
-    (version "1.6.0")
+    (version "1.6.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://storage.googleapis.com/"
@@ -940,7 +945,7 @@ access to mpv's powerful playback capabilities.")
                                   name "-" version ".tar.bz2"))
               (sha256
                (base32
-                "1basd6dda5di9p7jhc0f4f52wzm9c3hsravqspw6ibpcn5gbpbyh"))
+                "06d8hqjkfs6wl45qf4pwh1kpbvkx6cwywd5y8d4lgagvjwm0qb0w"))
               (patches (search-patches "libvpx-CVE-2016-2818.patch"))))
     (build-system gnu-build-system)
     (arguments
@@ -970,7 +975,7 @@ access to mpv's powerful playback capabilities.")
 (define-public youtube-dl
   (package
     (name "youtube-dl")
-    (version "2017.01.10")
+    (version "2017.02.07")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://yt-dl.org/downloads/"
@@ -978,7 +983,7 @@ access to mpv's powerful playback capabilities.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0clr6vj9lg96fffc9xv2apr7an6lljnli1b8clfj4dap1i0d34v4"))))
+                "1grq3aqa1zc0xdq1y6vqnk0y0vcd1j2jjn85696hw98mi0w1am73"))))
     (build-system python-build-system)
     (arguments
      ;; The problem here is that the directory for the man page and completion
@@ -1228,7 +1233,7 @@ for use with HTML5 video.")
          (lambda _
            (with-directory-excursion "avidemux_core/ffmpeg_package"
              (substitute* "ffmpeg-2.7.6/configure"
-               (("#! /bin/sh") (string-append "#!" (which "bash"))))
+               (("#! /bin/sh") (string-append "#!" (which "sh"))))
              (system* "tar" "cjf" "ffmpeg-2.7.6.tar.bz2" "ffmpeg-2.7.6"
                       ;; avoid non-determinism in the archive
                       "--sort=name" "--mtime=@0"
@@ -1485,7 +1490,7 @@ be used for realtime video capture via Linux-specific APIs.")
 (define-public obs
   (package
     (name "obs")
-    (version "0.16.6")
+    (version "17.0.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/jp9000/obs-studio"
@@ -1493,7 +1498,7 @@ be used for realtime video capture via Linux-specific APIs.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "00vwdnf0gnwp029sznsr0s4lcky3brxbmpy0ch7igjpk5sf6mkqp"))))
+                "02cfhpkcsq718zwhwwsm48gjggf95qr38hqpi0kwrvsy18ll0msm"))))
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f ; no tests
@@ -1513,9 +1518,11 @@ be used for realtime video capture via Linux-specific APIs.")
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (inputs
-     `(("curl" ,curl)
+     `(("alsa-lib" ,alsa-lib)
+       ("curl" ,curl)
        ("eudev" ,eudev)
        ("ffmpeg" ,ffmpeg)
+       ("fontconfig" ,fontconfig)
        ("freetype" ,freetype)
        ("jack" ,jack-1)
        ("jansson" ,jansson)
@@ -1525,6 +1532,7 @@ be used for realtime video capture via Linux-specific APIs.")
        ("pulseaudio" ,pulseaudio)
        ("qtbase" ,qtbase)
        ("qtx11extras" ,qtx11extras)
+       ("speex" ,speex)
        ("v4l-utils" ,v4l-utils)
        ("zlib" ,zlib)))
     (synopsis "Live streaming software")
@@ -1859,3 +1867,62 @@ of modern, widely supported codecs.")
     (description
      "Openh264 is a library which can decode H264 video streams.")
     (license license:bsd-2)))
+
+(define-public libmp4v2
+  (package
+    (name "libmp4v2")
+    (version "2.0.0")
+    (source
+     (origin
+       (method url-fetch)
+       ;; XXX: The new location of upstream is uncertain and will become relevant the
+       ;; moment when the googlecode archive shuts down. It is past the date it
+       ;; should've been turned off. I tried to communicate with upstream, but this
+       ;; wasn't very responsive and not very helpful. The short summary is, it is
+       ;; chaos when it comes to the amount of forks and only time will tell where
+       ;; the new upstream location is.
+       (uri (string-append "https://storage.googleapis.com/google-"
+                           "code-archive-downloads/v2/"
+                           "code.google.com/mp4v2/mp4v2-" version ".tar.bz2"))
+       (file-name (string-append name "-" version ".tar.bz2"))
+       (sha256
+        (base32
+         "0f438bimimsvxjbdp4vsr8hjw2nwggmhaxgcw07g2z361fkbj683"))))
+    (build-system gnu-build-system)
+    (outputs '("out"
+               "static")) ; 3.7MiB .a file
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'remove-dates
+           (lambda _
+             ;; Make the build reproducible.
+             (substitute* "configure"
+               (("PROJECT_build=\"`date`\"") "PROJECT_build=\"\"")
+               (("ac_abs_top_builddir=$ac_pwd") "ac_abs_top_builddir=\"\""))
+             #t))
+         (add-after 'install 'move-static-libraries
+           (lambda* (#:key outputs #:allow-other-keys)
+             ;; Move static libraries to the "static" output.
+             (let* ((out    (assoc-ref outputs "out"))
+                    (lib    (string-append out "/lib"))
+                    (static (assoc-ref outputs "static"))
+                    (slib   (string-append static "/lib")))
+               (mkdir-p slib)
+               (for-each (lambda (file)
+                           (install-file file slib)
+                           (delete-file file))
+                         (find-files lib "\\.a$"))
+               #t))))))
+    (native-inputs
+     `(("help2man" ,help2man)
+       ("dejagnu" ,dejagnu)))
+    (home-page "https://code.google.com/archive/p/mp4v2/")
+    (synopsis "API to create and modify mp4 files")
+    (description
+     "The MP4v2 library provides an API to create and modify mp4 files as defined by
+ISO-IEC:14496-1:2001 MPEG-4 Systems.  This file format is derived from Apple's QuickTime
+file format that has been used as a multimedia file format in a variety of platforms and
+applications.  It is a very powerful and extensible format that can accommodate
+practically any type of media.")
+    (license license:mpl1.1)))
diff --git a/gnu/packages/vim.scm b/gnu/packages/vim.scm
index 7275b980ab..f042aba931 100644
--- a/gnu/packages/vim.scm
+++ b/gnu/packages/vim.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2013 Cyril Roelandt <tipecaml@gmail.com>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -22,18 +23,23 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages)
   #:use-module (gnu packages acl)
   #:use-module (gnu packages admin) ; For GNU hostname
   #:use-module (gnu packages attr)
+  #:use-module (gnu packages base)
   #:use-module (gnu packages fontutils)
   #:use-module (gnu packages gawk)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages glib)
+  #:use-module (gnu packages gperf)
   #:use-module (gnu packages groff)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages image)
+  #:use-module (gnu packages jemalloc)
+  #:use-module (gnu packages libevent)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages lua)
   #:use-module (gnu packages ncurses)
@@ -41,15 +47,17 @@
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
   #:use-module (gnu packages ruby)
+  #:use-module (gnu packages serialization)
   #:use-module (gnu packages shells)
   #:use-module (gnu packages tcl)
+  #:use-module (gnu packages terminals)
   #:use-module (gnu packages xdisorg)
   #:use-module (gnu packages xorg))
 
 (define-public vim
   (package
     (name "vim")
-    (version "8.0.0147")
+    (version "8.0.0300")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://github.com/vim/vim/archive/v"
@@ -57,7 +65,7 @@
              (file-name (string-append name "-" version ".tar.gz"))
              (sha256
               (base32
-               "0rjq77n2gj3bb22dhawmbwkknii14gy7akplrplgxl1l789isfpq"))))
+               "04samk2bakyixbxyc3p0g6ypls45105sikibg0wc6lmak9bqjs85"))))
     (build-system gnu-build-system)
     (arguments
      `(#:test-target "test"
@@ -149,6 +157,78 @@ configuration files.")
        ("tcl" ,tcl)
        ,@(package-inputs vim)))))
 
+(define-public neovim
+  (package
+    (name "neovim")
+    (version "0.1.7")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/neovim/neovim/"
+                           "archive/v" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0zjbpc4rhv5bcr353xqnbrc36zjvn7qvh8xf6s7n1bdi3788by6q"))))
+    (build-system cmake-build-system)
+    (arguments
+     `(#:modules ((srfi srfi-26)
+                  (guix build cmake-build-system)
+                  (guix build utils))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'set-lua-paths
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let* ((lua-version "5.2")
+                    (lua-cpath-spec
+                     (lambda (prefix)
+                       (let ((path (string-append prefix "/lib/lua/" lua-version)))
+                         (string-append path "/?.so;" path "/?/?.so"))))
+                    (lua-path-spec
+                     (lambda (prefix)
+                       (let ((path (string-append prefix "/share/lua/" lua-version)))
+                         (string-append path "/?.lua;" path "/?/?.lua"))))
+                    (lua-inputs (map (cute assoc-ref %build-inputs <>)
+                                     '("lua"
+                                       "lua-lpeg"
+                                       "lua-bitop"
+                                       "lua-libmpack"))))
+               (setenv "LUA_PATH"
+                       (string-join (map lua-path-spec lua-inputs) ";"))
+               (setenv "LUA_CPATH"
+                       (string-join (map lua-cpath-spec lua-inputs) ";"))
+               #t))))))
+    (inputs
+     `(("libuv" ,libuv)
+       ("msgpack" ,msgpack)
+       ("libtermkey" ,libtermkey)
+       ("libvterm" ,libvterm)
+       ("unibilium" ,unibilium)
+       ("jemalloc" ,jemalloc)
+       ("libiconv" ,libiconv)
+       ("lua" ,lua-5.2)
+       ("lua-lpeg" ,lua5.2-lpeg)
+       ("lua-bitop" ,lua5.2-bitop)
+       ("lua-libmpack" ,lua5.2-libmpack)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("gettext" ,gettext-minimal)
+       ("gperf" ,gperf)))
+    (home-page "http://neovim.io")
+    (synopsis "Fork of vim focused on extensibility and agility")
+    (description "Neovim is a project that seeks to aggressively
+refactor Vim in order to:
+
+@itemize
+@item Simplify maintenance and encourage contributions
+@item Split the work between multiple developers
+@item Enable advanced external UIs without modifications to the core
+@item Improve extensibility with a new plugin architecture
+@end itemize\n")
+    ;; Neovim is licensed under the terms of the Apache 2.0 license,
+    ;; except for parts that were contributed under the Vim license.
+    (license (list license:asl2.0 license:vim))))
+
 (define-public vifm
   (package
     (name "vifm")
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index 6b13cf169b..efb46f73d4 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -152,7 +153,7 @@ and probably others.")
 (define-public openvpn
   (package
     (name "openvpn")
-    (version "2.3.14")
+    (version "2.4.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -160,7 +161,7 @@ and probably others.")
                     version ".tar.xz"))
               (sha256
                (base32
-                "167frlmmg2raffn9h7ww3agdwgfdl0wa5wm9fsgl0i6mz3md187k"))))
+                "0zpqnbhjaifdalyxwmvk5kcyd7cpxbcigbn7967nbsyvl54vl8vg"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--enable-iproute2=yes")))
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 5901e0ef6d..4d138b79fc 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2013 Aljosha Papsch <misc@rpapsch.de>
-;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
@@ -13,10 +13,11 @@
 ;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
 ;;; Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
 ;;; Copyright © 2016 Clément Lassieur <clement@lassieur.org>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2016 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 Bake Timmons <b3timmons@speedymail.org>
+;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -58,7 +59,7 @@
   #:use-module (gnu packages databases)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages flex)
-  #:use-module (gnu packages mit-krb5)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages gd)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages glib)
@@ -87,16 +88,14 @@
 (define-public httpd
   (package
     (name "httpd")
-    (version "2.4.23")
+    (version "2.4.25")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://apache/httpd/httpd-"
                                  version ".tar.bz2"))
              (sha256
               (base32
-               "0n2yx3gjlpr4kgqx845fj6amnmg25r2l6a7rzab5hxnpmar985hc"))
-             (patches (search-patches "httpd-CVE-2016-8740.patch"))
-             (patch-flags '("-p0"))))
+               "1cl0bkqg6srb1sypga0cn8dcmdyxldavij73zmmkxvlz3kgw4zpq"))))
     (build-system gnu-build-system)
     (native-inputs `(("pcre" ,pcre "bin")))       ;for 'pcre-config'
     (inputs `(("apr" ,apr)
@@ -127,14 +126,14 @@ and its related documentation.")
 (define-public nginx
   (package
     (name "nginx")
-    (version "1.11.6")
+    (version "1.11.9")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://nginx.org/download/nginx-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1gc5phrzm2hbpvryaya6rlvasa00vjips4hv5q1rqbcfa6xsnlri"))))
+                "0j2pcara9ir2xj3m2mjzf7wz46mdy51c0kal61cp0ldm2qgvf8nw"))))
     (build-system gnu-build-system)
     (inputs `(("pcre" ,pcre)
               ("openssl" ,openssl)
@@ -146,7 +145,7 @@ and its related documentation.")
          (add-before 'configure 'patch-/bin/sh
            (lambda _
              (substitute* "auto/feature"
-               (("/bin/sh") (which "bash")))
+               (("/bin/sh") (which "sh")))
              #t))
          (replace 'configure
            (lambda* (#:key outputs #:allow-other-keys)
@@ -527,7 +526,7 @@ for efficient socket-like bidirectional reliable communication channels.")
 (define-public libpsl
   (package
     (name "libpsl")
-    (version "0.16.1")
+    (version "0.17.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/rockdaboot/libpsl/"
@@ -535,7 +534,7 @@ for efficient socket-like bidirectional reliable communication channels.")
                                   "/libpsl-" version ".tar.gz"))
               (sha256
                (base32
-                "1srrd0iyz9p5xgl8q0hrzqg7p8cl9ar0cdb8f54hls4kllf3f80l"))))
+                "0jyxwc6bcvkcahkwcq237a0x209cysb63n5lak5m7zbglbb2jmq2"))))
     (build-system gnu-build-system)
     (inputs
      `(("icu4c" ,icu4c)
@@ -3968,3 +3967,102 @@ useful for users behind restrictive firewalls.  As long as Web traffic is
 allowed, even through a HTTP-only proxy, httptunnel can be combined with other
 tools like SSH (Secure Shell) to reach the outside world.")
     (license l:gpl2+)))
+
+(define-public stunnel
+  (package
+  (name "stunnel")
+  (version "5.39")
+  (source
+    (origin
+      (method url-fetch)
+      (uri (string-append "https://www.stunnel.org/downloads/stunnel-"
+                          version ".tar.gz"))
+      (sha256
+       (base32
+        "1vjdn32iw11zqsygwxbjmqgs4644dk3ql1h8ap890ls6a1x0i318"))))
+  (build-system gnu-build-system)
+  (inputs `(("openssl" ,openssl)))
+  (arguments
+   `(#:configure-flags
+     (list (string-append "--with-ssl=" (assoc-ref %build-inputs "openssl")))))
+  (home-page "https://www.stunnel.org")
+  (synopsis "TLS proxy for clients or servers")
+  (description "Stunnel is a proxy designed to add TLS encryption
+functionality to existing clients and servers without any changes in the
+programs' code.  Its architecture is optimized for security, portability, and
+scalability (including load-balancing), making it suitable for large
+deployments.")
+  (license l:gpl2+)))
+
+(define-public xinetd
+  (package
+    (name "xinetd")
+    (version "2.3.15")
+    (source
+     (origin
+       (method url-fetch)
+       (uri "https://github.com/xinetd-org/xinetd/archive/xinetd-2-3-15.tar.gz")
+       (patches (search-patches "xinetd-CVE-2013-4342.patch" "xinetd-fix-fd-leak.patch"))
+       (sha256
+        (base32
+         "0k59x52cbzp5fw0n8zn0y54j1ps0x9b72y8k5grzswjdmgs2a2v2"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags '("--with-loadavg")
+       #:tests? #f )) ; no tests
+    (home-page "https://github.com/xinetd-org/xinetd")
+    (synopsis "Internet services daemon")
+    (description "@code{xinetd}, a more secure replacement for @code{inetd},
+listens for incoming requests over a network and launches the appropriate
+service for that request.  Requests are made using port numbers as identifiers
+and xinetd usually launches another daemon to handle the request.  It can be
+used to start services with both privileged and non-privileged port numbers.")
+    (license (l:fsf-free "file://COPYRIGHT"))))
+
+(define-public tidy-html
+  (package
+    (name "tidy-html")
+    (version "5.2.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/htacg/tidy-html5/archive/"
+                           version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0kbwzh15dlapp3s3vff2qgz0yfcf8hwsnx5q4igwa6pimhak8lw0"))))
+    (build-system cmake-build-system)
+    (outputs '("out"
+               "static")) ; 1.0MiB of .a files
+    (arguments
+     `(#:tests? #f ; No tests available
+       #:configure-flags (list "-DCMAKE_BUILD_TYPE=Release")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'move-static-libraries
+           (lambda* (#:key outputs #:allow-other-keys)
+             ;; Move static libraries to the "static" output.
+             (let* ((out    (assoc-ref outputs "out"))
+                    (lib    (string-append out "/lib"))
+                    (static (assoc-ref outputs "static"))
+                    (slib   (string-append static "/lib")))
+               (mkdir-p slib)
+               (for-each (lambda (file)
+                           (install-file file slib)
+                           (delete-file file))
+                         (find-files lib "\\.a$"))
+               #t))))))
+    (native-inputs
+     `(("libxslt" ,libxslt)))
+    (home-page "http://www.html-tidy.org/")
+    (synopsis "HTML Tidy with HTML5 support")
+    (description
+     "Tidy is a console application which corrects and cleans up
+HTML and XML documents by fixing markup errors and upgrading
+legacy code to modern standards.
+
+Tidy also provides @code{libtidy}, a C static and dynamic library that
+developers can integrate into their applications to make use of the
+functions of Tidy.")
+    (license l:bsd-3)))
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index 79b49f0a85..30dde65631 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -53,14 +53,14 @@
 (define-public webkitgtk
   (package
     (name "webkitgtk")
-    (version "2.14.2")
+    (version "2.14.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.webkitgtk.org/releases/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0mjmcxhafh6l6j062z2nwfqbbvfyx16iqrzrbajswijh23awpnrf"))))
+                "1b73rcyfqjyg5rqw6f4760b2h1kixwva88clp2wl9vnl3psjvbni"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f ; no tests
diff --git a/gnu/packages/wget.scm b/gnu/packages/wget.scm
index 72aab86c14..9ac21b4db1 100644
--- a/gnu/packages/wget.scm
+++ b/gnu/packages/wget.scm
@@ -33,7 +33,7 @@
 (define-public wget
   (package
     (name "wget")
-    (version "1.18")
+    (version "1.19.1")
     (source
      (origin
       (method url-fetch)
@@ -41,11 +41,11 @@
                           version ".tar.xz"))
       (sha256
        (base32
-        "1hcwx8ww3sxzdskkx3l7q70a7wd6569yrnjkw9pw013cf9smpddm"))))
+        "1ljcfhbkdsd0zjfm520rbl1ai62fc34i7c45sfj244l8f6b0p58c"))))
     (build-system gnu-build-system)
     (inputs
      `(("gnutls" ,gnutls)
-       ("libidn" ,libidn)
+       ("libidn2" ,libidn2)
        ("libpsl" ,libpsl)))
     (native-inputs
      `(("pkg-config" ,pkg-config)
@@ -53,7 +53,7 @@
        ("python" ,python)               ;for testenv suite
        ("perl-http-daemon" ,perl-http-daemon)
        ("perl-io-socket-ssl" ,perl-io-socket-ssl)))
-    (home-page "http://www.gnu.org/software/wget/")
+    (home-page "https://www.gnu.org/software/wget/")
     (synopsis "Non-interactive command-line utility for downloading files")
     (description
      "GNU Wget is a non-interactive tool for fetching files using the HTTP,
diff --git a/gnu/packages/wine.scm b/gnu/packages/wine.scm
index 367f27af5e..7b73353387 100644
--- a/gnu/packages/wine.scm
+++ b/gnu/packages/wine.scm
@@ -53,7 +53,7 @@
 (define-public wine
   (package
     (name "wine")
-    (version "1.9.24")
+    (version "2.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://dl.winehq.org/wine/source/"
@@ -61,7 +61,7 @@
                                   "/wine-" version ".tar.bz2"))
               (sha256
                (base32
-                "0qb07vfxwz41wj71lb0ss3apf22m4ch06382rqfksf7gg34pswnb"))))
+                "1ik6q0h3ph3jizmp7bxhf6kcm1pzrdrn2m0yf2x86slv2aigamlp"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)
                      ("gettext" ,gettext-minimal)
diff --git a/gnu/packages/wm.scm b/gnu/packages/wm.scm
index 6713560c5f..7ae8e4b7f8 100644
--- a/gnu/packages/wm.scm
+++ b/gnu/packages/wm.scm
@@ -9,9 +9,10 @@
 ;;; Copyright © 2016 Al McElrath <hello@yrns.org>
 ;;; Copyright © 2016 Carlo Zancanaro <carlo@zancanaro.id.au>
 ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2016 ng0 <ng0@libertad.pw>
+;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2016 doncatnip <gnopap@gmail.com>
 ;;; Copyright © 2016 Ivan Vilata i Balaguer <ivan@selidor.net>
+;;; Copyright © 2017 Mekeor Melire <mekeor.melire@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -50,6 +51,7 @@
   #:use-module (gnu packages docbook)
   #:use-module (gnu packages image)
   #:use-module (gnu packages pcre)
+  #:use-module (gnu packages python)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages libevent)
   #:use-module (gnu packages fribidi)
@@ -122,14 +124,14 @@ the leaves of a full binary tree.")
 (define-public i3status
   (package
     (name "i3status")
-    (version "2.10")
+    (version "2.11")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://i3wm.org/i3status/i3status-"
                                   version ".tar.bz2"))
               (sha256
                (base32
-                "1497dsvb32z9xljmxz95dnyvsbayn188ilm3l4ys8m5h25vd1xfs"))))
+                "0pwcy599fw8by1a1sf91crkqba7679qhvhbacpmhis8c1xrpxnwq"))))
     (build-system gnu-build-system)
     (arguments
      `(#:make-flags (list "CC=gcc" (string-append "PREFIX=" %output))
@@ -319,7 +321,7 @@ prompt.")
 (define-public xmonad
   (package
     (name "xmonad")
-    (version "0.11.1")
+    (version "0.12")
     (synopsis "Tiling window manager")
     (source (origin
               (method url-fetch)
@@ -327,22 +329,15 @@ prompt.")
                                   name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1pfjssamiwpwjp1qqkm9m9p9s35pv381m0cwg6jxg0ppglibzq1r"))
-              (modules '((guix build utils)))
-              (snippet
-               ;; Here we update the constraints on the utf8-string package in
-               ;; the Cabal file.  We allow a newer version which is compatible
-               ;; with GHC 7.10.2.  The same change is applied on Hackage.  See
-               ;; <https://hackage.haskell.org/package/xmonad-0.11.1/revisions/>.
-               '(substitute* "xmonad.cabal"
-                  (("utf8-string >= 0.3 && < 0.4")
-                   "utf8-string >= 0.3 && < 1.1")))))
+                "1mzx3p17ppgmi30q3phaj58x6kxn73pbbkn9v9gzgmd8skdlkxp8"))))
     (build-system haskell-build-system)
     (inputs
-     `(("ghc-mtl" ,ghc-mtl)
-       ("ghc-utf8-string" ,ghc-utf8-string)
-       ("ghc-extensible-exceptions" ,ghc-extensible-exceptions)
-       ("ghc-x11" ,ghc-x11)))
+     `(("ghc-extensible-exceptions" ,ghc-extensible-exceptions)
+       ("ghc-mtl"                   ,ghc-mtl)
+       ("ghc-quickcheck"            ,ghc-quickcheck)
+       ("ghc-setlocale"             ,ghc-setlocale)
+       ("ghc-utf8-string"           ,ghc-utf8-string)
+       ("ghc-x11"                   ,ghc-x11)))
     (arguments
      `(#:phases
        (modify-phases %standard-phases
@@ -375,7 +370,7 @@ tiled on several screens.")
 (define-public ghc-xmonad-contrib
   (package
     (name "ghc-xmonad-contrib")
-    (version "0.11.4")
+    (version "0.12")
     (source
      (origin
        (method url-fetch)
@@ -383,7 +378,7 @@ tiled on several screens.")
                            "xmonad-contrib-" version ".tar.gz"))
        (sha256
         (base32
-         "1g5cw9vvnfbiyi599fngk02zlmdhrf82x0bndhypkn6kybab6yd3"))))
+         "04gk449dxwmimmb6y2d2hvvmv91r91xlj879qzlyq0mcf723278k"))))
     (build-system haskell-build-system)
     (propagated-inputs
      `(("ghc-mtl" ,ghc-mtl)
@@ -601,3 +596,39 @@ experience.")
 dynamic and extensible using the Lua programming language.")
     (license license:gpl2+)
     (home-page "https://awesome.naquadah.org/")))
+
+(define-public menumaker
+  (package
+    (name "menumaker")
+    (version "0.99.10")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://sourceforge/menumaker/"
+                           "menumaker-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1mm4cvg3kphkkd8nwrhcg6d9nm5ar7mgc0wf6fxk6zck1l7xn8ky"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("python" ,python)))
+    (synopsis "Heuristics-driven menu generator")
+    (description
+     "MenuMaker is a menu generation utility for a number of X window
+managers and desktop environments.  It is capable of finding lots of
+installed programs and generating a root menu consistent across all
+supported window managers, so one will get (almost) the same menu in
+all of them.  Currently supported window managers include:
+
+@enumerate
+@item BlackBox
+@item Deskmenu
+@item FluxBox
+@item IceWM
+@item OpenBox
+@item PekWM
+@item WindowMaker
+@item XFCE
+@end enumerate\n")
+    (home-page "http://menumaker.sourceforge.net/")
+    (license license:bsd-2)))
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 21d396972a..a1c89a5caa 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -3,7 +3,7 @@
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2014, 2015, 2016 Alex Kost <alezost@gmail.com>
-;;; Copyright © 2013, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2015, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2016 Mathieu Lirzin <mthl@gnu.org>
 ;;; Copyright © 2015 Alexander I.Grafov <grafov@gmail.com>
 ;;; Copyright © 2015 Andy Wingo <wingo@igalia.com>
@@ -75,7 +75,14 @@
                                   "/files/" name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1i3f1agixxbfy4kxikb2b241p7c2lg73cl9wqfvlwz3q6zf5faxv"))))
+                "1i3f1agixxbfy4kxikb2b241p7c2lg73cl9wqfvlwz3q6zf5faxv"))
+              (modules '((guix build utils)))
+              (snippet
+               ;; Do not record a timestamp and file name in gzipped man
+               ;; pages (this is equivalent to 'gzip --no-name'.)
+               '(substitute* "setup.py"
+                  (("gzip\\.open\\(gzfile, 'w', 9\\)")
+                   "gzip.GzipFile('', 'wb', 9, open(gzfile, 'wb'), 0.)")))))
     (build-system python-build-system)
     (arguments
      `(#:python ,python-2     ;incompatible with python 3
@@ -749,14 +756,14 @@ Escape key when Left Control is pressed and released on its own.")
 (define-public libwacom
   (package
     (name "libwacom")
-    (version "0.12")
+    (version "0.23")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/linuxwacom/libwacom/"
                                   name "-" version ".tar.bz2"))
               (sha256
                (base32
-                "022d0097dk2glgb6772zpcsqm1w42sbsbr3i72pdhzq6naqawys8"))))
+                "0qiikh95b9crybkwgcbbv9y80hb7lsbvvmvaia4gbgbdyagwb2m0"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -781,7 +788,7 @@ Wacom tablet applet.")
 (define-public xf86-input-wacom
   (package
     (name "xf86-input-wacom")
-    (version "0.29.0")
+    (version "0.34.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -789,7 +796,7 @@ Wacom tablet applet.")
                     name "-" version ".tar.bz2"))
               (sha256
                (base32
-                "15lbzjkaf690i69qy0n0ibwczbclqq1nx0418c6a567by5v7wl48"))))
+                "0idhkigl0pnyp08sqm6bqfb4h20v6rjrb71z1gdv59gk7d7qwpgi"))))
     (arguments
      `(#:configure-flags
        (list (string-append "--with-sdkdir="
@@ -837,7 +844,6 @@ the X.Org X Server version 1.7 and later (X11R7.5 or later).")
        ("libx11" ,libx11)
        ("libxcb" ,libxcb)
        ("libxxf86vm" ,libxxf86vm)
-       ("libjpeg" ,libjpeg)
        ("glib" ,glib)))                           ;for Geoclue2 support
     (home-page "https://github.com/jonls/redshift")
     (synopsis "Adjust the color temperature of your screen")
@@ -852,7 +858,7 @@ color temperature should be set to match the lamps in your room.")
 (define-public xscreensaver
   (package
     (name "xscreensaver")
-    (version "5.35")
+    (version "5.36")
     (source
      (origin
        (method url-fetch)
@@ -861,7 +867,7 @@ color temperature should be set to match the lamps in your room.")
                        version ".tar.gz"))
        (sha256
         (base32
-         "08kbb0ry7ih436ab4i5g6lnhaaz13zkcdmbdibrn4j5gm5qq8v0y"))))
+         "0v60mdhvv42jla5hljp77igng11kxpah5fs9j7ci65kz0hw552vb"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f  ; no check target
@@ -913,7 +919,7 @@ demos.  It also acts as a nice screen locker.")
     (license (license:non-copyleft
               (string-append
                "http://metadata.ftp-master.debian.org/changelogs/"
-               "/main/x/xscreensaver/xscreensaver_5.34-2_copyright")))))
+               "/main/x/xscreensaver/xscreensaver_5.36-1_copyright")))))
 
 (define-public xdpyprobe
   (package
diff --git a/gnu/packages/xfce.scm b/gnu/packages/xfce.scm
index 5639f1daa3..fce47d93ce 100644
--- a/gnu/packages/xfce.scm
+++ b/gnu/packages/xfce.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2016 Florian Paul Schmidt <mista.tapas@gmx.net>
 ;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -661,7 +662,7 @@ devices and folders.")
 (define-public xfce4-terminal
   (package
     (name "xfce4-terminal")
-    (version "0.6.3")
+    (version "0.8.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://archive.xfce.org/src/apps/" name "/"
@@ -669,14 +670,14 @@ devices and folders.")
                                   name "-" version ".tar.bz2"))
               (sha256
                (base32
-                "023y0lkfijifh05yz8grimxadqpi98mrivr00sl18nirq8b4fbwi"))))
+                "1w8jvi9nw00aki825mm8f7wpkhxxicw4f6j9v4ka71z8p2ry9rj0"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("intltool" ,intltool)))
     (inputs
      `(("libxfce4ui" ,libxfce4ui)
-       ("vte" ,vte/gtk+-2)))
+       ("vte" ,vte)))
     (home-page "http://www.xfce.org/")
     (synopsis "Xfce terminal emulator")
     (description
diff --git a/gnu/packages/xiph.scm b/gnu/packages/xiph.scm
index fc5cd6ca95..ec84bdeedb 100644
--- a/gnu/packages/xiph.scm
+++ b/gnu/packages/xiph.scm
@@ -300,7 +300,7 @@ ogginfo, to obtain information (tags, bitrate, length, etc.) about
 (define opus
   (package
     (name "opus")
-    (version "1.1.3")
+    (version "1.1.4")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -308,7 +308,7 @@ ogginfo, to obtain information (tags, bitrate, length, etc.) about
                     ".tar.gz"))
               (sha256
                (base32
-                "0cxnd7pjxbgh6l3cbzsw29phpr5cq28fikfhjlp1hc3y5s0gxdjq"))))
+                "14l6kpapmcnvl7p9hrmbqcnzj13zfzyppyc9a5kd4788h2rvc8li"))))
     (build-system gnu-build-system)
     (synopsis "Versatile audio codec")
     (description
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index a27c431ddf..2d6e98b43e 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014, 2015 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Eric Dvorsak <eric@dvorsak.fr>
 ;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
 ;;; Copyright © 2015 Cyrill Schenkel <cyrill.schenkel@gmail.com>
@@ -399,21 +399,31 @@ Resources file.")
     (description "Xorg font encoding files.")
     (license license:public-domain)))
 
+(define (%xorg-font-origin font version hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append "mirror://xorg/individual/font/" font "-"
+                        version ".tar.bz2"))
+    (sha256 hash)
+    (modules '((guix build utils)))
+    (snippet
+     ;; Do not include timestamps in '.pcf.gz' files.
+     '(substitute* "Makefile.in"
+        (("^COMPRESS = (.*)$" _ rest)
+         (string-append "COMPRESS = " (string-trim-right rest)
+                        " --no-name\n"))))))
+
+(define-syntax-rule (xorg-font-origin font version hash)
+  "Expand to the 'origin' form for the given Xorg font package."
+  (%xorg-font-origin font version (base32 hash)))
 
 (define-public font-adobe100dpi
   (package
     (name "font-adobe100dpi")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-adobe-100dpi-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "0m60f5bd0caambrk8ksknb5dks7wzsg7g7xaf0j21jxmx8rq9h5j"))))
+    (source (xorg-font-origin
+             "font-adobe-100dpi" version
+             "0m60f5bd0caambrk8ksknb5dks7wzsg7g7xaf0j21jxmx8rq9h5j"))
     (build-system gnu-build-system)
     (inputs
       `(("bdftopcf" ,bdftopcf)
@@ -436,16 +446,9 @@ Resources file.")
   (package
     (name "font-adobe75dpi")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-adobe-75dpi-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "02advcv9lyxpvrjv8bjh1b797lzg6jvhipclz49z8r8y98g4l0n6"))))
+    (source (xorg-font-origin
+             "font-adobe-75dpi" version
+             "02advcv9lyxpvrjv8bjh1b797lzg6jvhipclz49z8r8y98g4l0n6"))
     (build-system gnu-build-system)
     (inputs
       `(("bdftopcf" ,bdftopcf)
@@ -472,16 +475,9 @@ Resources file.")
   (package
     (name "font-alias")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-alias-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "16ic8wfwwr3jicaml7b5a0sk6plcgc1kg84w02881yhwmqm3nicb"))))
+    (source (xorg-font-origin
+             name version
+             "16ic8wfwwr3jicaml7b5a0sk6plcgc1kg84w02881yhwmqm3nicb"))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)))
     (arguments
@@ -513,16 +509,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-arabic-misc")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-arabic-misc-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "1x246dfnxnmflzf0qzy62k8jdpkb6jkgspcjgbk8jcq9lw99npah"))))
+    (source (xorg-font-origin
+             name version
+             "1x246dfnxnmflzf0qzy62k8jdpkb6jkgspcjgbk8jcq9lw99npah"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -550,16 +539,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-cronyx-cyrillic")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-cronyx-cyrillic-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "0ai1v4n61k8j9x2a1knvfbl2xjxk3xxmqaq3p9vpqrspc69k31kf"))))
+    (source (xorg-font-origin
+             name version
+             "0ai1v4n61k8j9x2a1knvfbl2xjxk3xxmqaq3p9vpqrspc69k31kf"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -583,16 +565,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-dec-misc")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-dec-misc-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "0yzza0l4zwyy7accr1s8ab7fjqkpwggqydbm2vc19scdby5xz7g1"))))
+    (source (xorg-font-origin
+             name version
+             "0yzza0l4zwyy7accr1s8ab7fjqkpwggqydbm2vc19scdby5xz7g1"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -612,16 +587,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-isas-misc")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-isas-misc-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "0rx8q02rkx673a7skkpnvfkg28i8gmqzgf25s9yi0lar915sn92q"))))
+    (source (xorg-font-origin
+             name version
+             "0rx8q02rkx673a7skkpnvfkg28i8gmqzgf25s9yi0lar915sn92q"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -642,16 +610,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-micro-misc")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-micro-misc-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "1dldxlh54zq1yzfnrh83j5vm0k4ijprrs5yl18gm3n9j1z0q2cws"))))
+    (source (xorg-font-origin
+             name version
+             "1dldxlh54zq1yzfnrh83j5vm0k4ijprrs5yl18gm3n9j1z0q2cws"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -668,16 +629,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-misc-cyrillic")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-misc-cyrillic-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "0q2ybxs8wvylvw95j6x9i800rismsmx4b587alwbfqiw6biy63z4"))))
+    (source (xorg-font-origin
+             name version
+             "0q2ybxs8wvylvw95j6x9i800rismsmx4b587alwbfqiw6biy63z4"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -694,16 +648,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-misc-ethiopic")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-misc-ethiopic-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "19cq7iq0pfad0nc2v28n681fdq3fcw1l1hzaq0wpkgpx7bc1zjsk"))))
+    (source (xorg-font-origin
+             name version
+             "19cq7iq0pfad0nc2v28n681fdq3fcw1l1hzaq0wpkgpx7bc1zjsk"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -724,16 +671,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-misc-misc")
     (version "1.1.2")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-misc-misc-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "150pq6n8n984fah34n3k133kggn9v0c5k07igv29sxp1wi07krxq"))))
+    (source (xorg-font-origin
+             name version
+             "150pq6n8n984fah34n3k133kggn9v0c5k07igv29sxp1wi07krxq"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -754,16 +694,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-mutt-misc")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-mutt-misc-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "13qghgr1zzpv64m0p42195k1kc77pksiv059fdvijz1n6kdplpxx"))))
+    (source (xorg-font-origin
+             name version
+             "13qghgr1zzpv64m0p42195k1kc77pksiv059fdvijz1n6kdplpxx"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -780,16 +713,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-schumacher-misc")
     (version "1.1.2")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-schumacher-misc-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "0nkym3n48b4v36y4s927bbkjnsmicajarnf6vlp7wxp0as304i74"))))
+    (source (xorg-font-origin
+             name version
+             "0nkym3n48b4v36y4s927bbkjnsmicajarnf6vlp7wxp0as304i74"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -810,16 +736,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-screen-cyrillic")
     (version "1.0.4")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-screen-cyrillic-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "0yayf1qlv7irf58nngddz2f1q04qkpr5jwp4aja2j5gyvzl32hl2"))))
+    (source (xorg-font-origin
+             name version
+             "0yayf1qlv7irf58nngddz2f1q04qkpr5jwp4aja2j5gyvzl32hl2"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -836,16 +755,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-sony-misc")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-sony-misc-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "1xfgcx4gsgik5mkgkca31fj3w72jw9iw76qyrajrsz1lp8ka6hr0"))))
+    (source (xorg-font-origin
+             name version
+             "1xfgcx4gsgik5mkgkca31fj3w72jw9iw76qyrajrsz1lp8ka6hr0"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -862,16 +774,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-sun-misc")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-sun-misc-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "1q6jcqrffg9q5f5raivzwx9ffvf7r11g6g0b125na1bhpz5ly7s8"))))
+    (source (xorg-font-origin
+             name version
+             "1q6jcqrffg9q5f5raivzwx9ffvf7r11g6g0b125na1bhpz5ly7s8"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -911,16 +816,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-winitzki-cyrillic")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-winitzki-cyrillic-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "181n1bgq8vxfxqicmy1jpm1hnr6gwn1kdhl6hr4frjigs1ikpldb"))))
+    (source (xorg-font-origin
+             name version
+             "181n1bgq8vxfxqicmy1jpm1hnr6gwn1kdhl6hr4frjigs1ikpldb"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -937,16 +835,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-xfree86-type1")
     (version "1.0.4")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-xfree86-type1-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "0jp3zc0qfdaqfkgzrb44vi9vi0a8ygb35wp082yz7rvvxhmg9sya"))))
+    (source (xorg-font-origin
+             name version
+             "0jp3zc0qfdaqfkgzrb44vi9vi0a8ygb35wp082yz7rvvxhmg9sya"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -2039,7 +1930,7 @@ server.")
 (define-public xauth
   (package
     (name "xauth")
-    (version "1.0.9")
+    (version "1.0.10")
     (source
       (origin
         (method url-fetch)
@@ -2049,7 +1940,7 @@ server.")
                ".tar.bz2"))
         (sha256
           (base32
-            "13y2invb0894b1in03jbglximbz6v31y2kr4yjjgica8xciibkjn"))))
+            "0kgwz9rmxjfdvi2syf8g0ms5rr5cgyqx4n0n1m960kyz7k745zjs"))))
     (build-system gnu-build-system)
     (inputs
       `(("libxmu" ,libxmu)
@@ -2123,6 +2014,41 @@ the same way.")
 legacy X clients.")
     (license license:x11)))
 
+(define-public xcalc
+  (package
+    (name "xcalc")
+    (version "1.0.6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://xorg/individual/app/" name "-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "1lg8xwj0nr8anbd77n3cs87s57sr4gmb3pxs3k22a28n6ndcvmbz"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases (modify-phases %standard-phases
+                  (add-after
+                   'configure 'mutate-makefile
+                   (lambda _
+                     (substitute* "Makefile"
+                       (("^appdefaultdir = .*$")
+                        (string-append "appdefaultdir = " %output
+                                       ,%app-defaults-dir "\n")))
+                     #t)))))
+    (inputs
+     `(("libxaw" ,libxaw)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "https://www.x.org/wiki/")
+    (synopsis "Hand calculator for the X Window system")
+    (description "Xcalc is a scientific calculator desktop accessory that can
+emulate a TI-30 or an HP-10C.")
+    (license license:x11)))
+
 
 (define-public xcb-proto
   (package
@@ -2426,7 +2352,7 @@ devices, thus making direct access unnecessary.")
 (define-public xf86-input-evdev
   (package
     (name "xf86-input-evdev")
-    (version "2.10.4")
+    (version "2.10.5")
     (source
       (origin
         (method url-fetch)
@@ -2436,7 +2362,7 @@ devices, thus making direct access unnecessary.")
                ".tar.bz2"))
         (sha256
           (base32
-            "1hhc97k1qmgs85fp8p2i3gq4p18azlczbvklv33w19p1phzs1xmv"))))
+           "03dphgwjaxxyys8axc1kyysp6xvy9bjxicsdrhi2jvdgbchadnly"))))
     (build-system gnu-build-system)
     (inputs
       `(("udev" ,eudev)
@@ -2460,7 +2386,7 @@ including most mice, keyboards, tablets and touchscreens.")
 (define-public xf86-input-libinput
   (package
     (name "xf86-input-libinput")
-    (version "0.23.0")
+    (version "0.24.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2468,7 +2394,7 @@ including most mice, keyboards, tablets and touchscreens.")
                     name "-" version ".tar.bz2"))
               (sha256
                (base32
-                "1p596v3kbmjpdz3kz8z19bnd79l860f1pbwjvma7bz7qx3gynlqb"))))
+                "0a1nn65qq71bbfhxq39zdb4b1h6ickzv98cjdacv4ngd18shgjyx"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags
@@ -2829,7 +2755,7 @@ compositing.  Both support Xv overlay and dynamic rotation with XRandR.")
 (define-public xf86-video-glint
   (package
     (name "xf86-video-glint")
-    (version "1.2.8")
+    (version "1.2.9")
     (source
       (origin
         (method url-fetch)
@@ -2839,8 +2765,7 @@ compositing.  Both support Xv overlay and dynamic rotation with XRandR.")
                ".tar.bz2"))
         (sha256
           (base32
-           "08a2aark2yn9irws9c78d9q44dichr03i9zbk61jgr54ncxqhzv5"))
-        (patches (search-patches "xf86-video-glint-remove-mibstore.patch"))))
+           "1lkpspvrvrp9s539bhfdjfh4andaqyk63l6zjn8m3km95smk6a45"))))
     (build-system gnu-build-system)
     (inputs `(("xf86dgaproto" ,xf86dgaproto)
               ("xorg-server" ,xorg-server)))
@@ -2880,10 +2805,10 @@ X server.")
 
 
 (define-public xf86-video-intel
-  (let ((commit "d1672806a5222f00dcc2eb24ccddd03f727f71bc"))
+  (let ((commit "e4fe79cf0d9a05ee3f3a027148ef0aeb2b1b34e1"))
     (package
       (name "xf86-video-intel")
-      (version (string-append "2.99.917-1-" (string-take commit 7)))
+      (version (string-append "2.99.917-3-" (string-take commit 7)))
       (source
        (origin
          ;; there's no current tarball
@@ -2893,7 +2818,7 @@ X server.")
                (commit commit)))
          (sha256
           (base32
-           "16hfcj11lbn6lp0hgrixidbfb7mghm1yn4lynmymm985w1gg0n72"))
+           "0hf3fxv5jchyh820h449c1ld9x19gc8081w1yk98mab6zr89zswp"))
          (file-name (string-append name "-" version))))
       (build-system gnu-build-system)
       (inputs `(("mesa" ,mesa)
@@ -2959,7 +2884,7 @@ the same level of support for generic VGA or 8514/A adapters.")
 (define-public xf86-video-mga
   (package
     (name "xf86-video-mga")
-    (version "1.6.4")
+    (version "1.6.5")
     (source
       (origin
         (method url-fetch)
@@ -2969,7 +2894,7 @@ the same level of support for generic VGA or 8514/A adapters.")
                ".tar.bz2"))
         (sha256
           (base32
-           "0kyl8w99arviv27pc349zsy2vinnm7mdpy34vr9nzisicw5nkij8"))))
+           "08ll52hlar9z446v0wwca5qkj3hxhswwm7vvcgic9xv4cf7csqxn"))))
     (build-system gnu-build-system)
     (inputs `(("mesa" ,mesa)
               ("xf86driproto" ,xf86driproto)
@@ -3062,7 +2987,7 @@ kernel mode setting (KMS).")
 (define-public xf86-video-nv
   (package
     (name "xf86-video-nv")
-    (version "2.1.20")
+    (version "2.1.21")
     (source
       (origin
         (method url-fetch)
@@ -3072,8 +2997,7 @@ kernel mode setting (KMS).")
                ".tar.bz2"))
         (sha256
           (base32
-           "1gqh1khc4zalip5hh2nksgs7i3piqq18nncgmsx9qvzi05azd5c3"))
-        (patches (search-patches "xf86-video-nv-remove-mibstore.patch"))))
+           "0bdk3pc5y0n7p53q4gc2ff7bw16hy5hwdjjxkm5j3s7hdyg6960z"))))
     (build-system gnu-build-system)
     (inputs `(("xorg-server" ,xorg-server)))
     (native-inputs `(("pkg-config" ,pkg-config)))
@@ -3175,7 +3099,7 @@ This driver is intended for the spice qxl virtio device.")
 (define-public xf86-video-r128
   (package
     (name "xf86-video-r128")
-    (version "6.10.1")
+    (version "6.10.2")
     (source
       (origin
         (method url-fetch)
@@ -3185,7 +3109,7 @@ This driver is intended for the spice qxl virtio device.")
                ".tar.bz2"))
         (sha256
           (base32
-           "1sp4glyyj23rs77vgffmn0mar5h504a86701nzvi56qwhd4yzgsy"))))
+           "1pkpka5m4cd6iy0f8iqnmg6xci14nb6887ilvxzn3xrsgx8j3nl4"))))
     (build-system gnu-build-system)
     (inputs `(("mesa" ,mesa)
               ("xf86driproto" ,xf86driproto)
@@ -3202,7 +3126,7 @@ This driver is intended for ATI Rage 128 based cards.")
 (define-public xf86-video-savage
   (package
     (name "xf86-video-savage")
-    (version "2.3.8")
+    (version "2.3.9")
     (source
       (origin
         (method url-fetch)
@@ -3212,7 +3136,7 @@ This driver is intended for ATI Rage 128 based cards.")
                ".tar.bz2"))
         (sha256
           (base32
-            "0qzshncynjdmyhavhqw4x5ha3gwbygi0zbsy158fpg1jcnla9kpx"))))
+           "11pcrsdpdrwk0mrgv83s5nsx8a9i4lhmivnal3fjbrvi3zdw94rc"))))
     (build-system gnu-build-system)
     (inputs `(("mesa" ,mesa)
               ("xf86driproto" ,xf86driproto)
@@ -3228,7 +3152,7 @@ This driver is intended for ATI Rage 128 based cards.")
 (define-public xf86-video-siliconmotion
   (package
     (name "xf86-video-siliconmotion")
-    (version "1.7.8")
+    (version "1.7.9")
     (source
       (origin
         (method url-fetch)
@@ -3238,7 +3162,7 @@ This driver is intended for ATI Rage 128 based cards.")
                ".tar.bz2"))
         (sha256
           (base32
-           "1sqv0y31mi4zmh9yaxqpzg7p8y2z01j6qys433hb8n4yznllkm79"))))
+           "1g2r6gxqrmjdff95d42msxdw6vmkg2zn5sqv0rxd420iwy8wdwyh"))))
     (build-system gnu-build-system)
     (inputs `(("xorg-server" ,xorg-server)))
     (native-inputs `(("pkg-config" ,pkg-config)))
@@ -3253,7 +3177,7 @@ Xorg X server.")
 (define-public xf86-video-sis
   (package
     (name "xf86-video-sis")
-    (version "0.10.8")
+    (version "0.10.9")
     (source
       (origin
         (method url-fetch)
@@ -3263,7 +3187,7 @@ Xorg X server.")
                ".tar.bz2"))
         (sha256
           (base32
-           "1znkqwdyd6am23xbsfjzamq125j5rrylg5mzqky4scv9gxbz5wy8"))))
+           "03f1abjjf68y8y1iz768rn95va9d33wmbwfbsqrgl6k0gi0bf9jj"))))
     (build-system gnu-build-system)
     (inputs `(("mesa" ,mesa)
               ("xf86dgaproto" ,xf86dgaproto)
@@ -3330,7 +3254,7 @@ This driver supports SiS chipsets of 300/315/330/340 series.")
 (define-public xf86-video-tdfx
   (package
     (name "xf86-video-tdfx")
-    (version "1.4.6")
+    (version "1.4.7")
     (source
       (origin
         (method url-fetch)
@@ -3340,7 +3264,7 @@ This driver supports SiS chipsets of 300/315/330/340 series.")
                ".tar.bz2"))
         (sha256
           (base32
-           "0dvdrhyn1iv6rr85v1c52s1gl0j1qrxgv7x0r7qn3ba0gj38i2is"))))
+           "0hia45z4jc472fxp00803nznizcn4h1ybp63jcsb4lmd9vhqxx2c"))))
     (build-system gnu-build-system)
     (inputs `(("mesa" ,mesa)
               ("xf86driproto" ,xf86driproto)
@@ -3383,7 +3307,7 @@ X server.")
 (define-public xf86-video-trident
   (package
     (name "xf86-video-trident")
-    (version "1.3.7")
+    (version "1.3.8")
     (source
       (origin
         (method url-fetch)
@@ -3393,7 +3317,7 @@ X server.")
                ".tar.bz2"))
         (sha256
           (base32
-           "1bhkwic2acq9za4yz4bwj338cwv5mdrgr2qmgkhlj3bscbg1imgc"))))
+           "0gxcar434kx813fxdpb93126lhmkl3ikabaljhcj5qn3fkcijlcy"))))
     (build-system gnu-build-system)
     (inputs `(("xf86dgaproto" ,xf86dgaproto)
               ("xorg-server" ,xorg-server)))
diff --git a/gnu/services.scm b/gnu/services.scm
index 03112f7515..6ac4f1322d 100644
--- a/gnu/services.scm
+++ b/gnu/services.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -38,6 +38,8 @@
   #:use-module (ice-9 match)
   #:export (service-extension
             service-extension?
+            service-extension-target
+            service-extension-compute
 
             service-type
             service-type?
@@ -70,6 +72,8 @@
             activation-service-type
             activation-service->script
             %linux-bare-metal-service
+            special-files-service-type
+            extra-special-file
             etc-service-type
             etc-directory
             setuid-program-service-type
@@ -334,9 +338,14 @@ ACTIVATION-SCRIPT-TYPE."
                   #~(begin
                       (use-modules (gnu build activation))
 
-                      ;; Make sure /bin/sh is valid and current.
-                      (activate-/bin/sh
-                       (string-append #$(canonical-package bash) "/bin/sh"))
+                      ;; Make sure the user accounting database exists.  If it
+                      ;; does not exist, 'setutxent' does not create it and
+                      ;; thus there is no accounting at all.
+                      (close-port (open-file "/var/run/utmpx" "a0"))
+
+                      ;; Same for 'wtmp', which is populated by mingetty et
+                      ;; al.
+                      (close-port (open-file "/var/log/wtmp" "a0"))
 
                       ;; Set up /run/current-system.  Among other things this
                       ;; sets up locales, which the activation snippets
@@ -402,6 +411,25 @@ ACTIVATION-SCRIPT-TYPE."
   ;; necessary or impossible in a container.
   (service linux-bare-metal-service-type #f))
 
+(define special-files-service-type
+  ;; Service to install "special files" such as /bin/sh and /usr/bin/env.
+  (service-type
+   (name 'special-files)
+   (extensions
+    (list (service-extension activation-service-type
+                             (lambda (files)
+                               #~(activate-special-files '#$files)))))
+   (compose concatenate)
+   (extend append)))
+
+(define (extra-special-file file target)
+  "Use TARGET as the \"special file\" FILE.  For example, TARGET might be
+  (file-append coreutils \"/bin/env\")
+and FILE could be \"/usr/bin/env\"."
+  (simple-service (string->symbol (string-append "special-file-" file))
+                  special-files-service-type
+                  `((,file ,target))))
+
 (define (etc-directory service)
   "Return the directory for SERVICE, a service of type ETC-SERVICE-TYPE."
   (files->etc-directory (service-parameters service)))
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 1b1ce0d5e8..57601eab85 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
@@ -36,6 +36,7 @@
                 #:select (alsa-utils crda eudev e2fsprogs fuse gpm kbd lvm2 rng-tools))
   #:use-module ((gnu packages base)
                 #:select (canonical-package glibc))
+  #:use-module (gnu packages bash)
   #:use-module (gnu packages package-management)
   #:use-module (gnu packages lsof)
   #:use-module (gnu packages terminals)
@@ -99,6 +100,18 @@
             %default-authorized-guix-keys
             guix-configuration
             guix-configuration?
+
+            guix-configuration-guix
+            guix-configuration-build-group
+            guix-configuration-build-accounts
+            guix-configuration-authorize-key?
+            guix-configuration-authorized-keys
+            guix-configuration-use-substitutes?
+            guix-configuration-substitute-urls
+            guix-configuration-extra-options
+            guix-configuration-log-file
+            guix-configuration-lsof
+
             guix-service
             guix-service-type
             guix-publish-configuration
@@ -301,13 +314,26 @@ FILE-SYSTEM."
                         #:select (mount-file-system))
                        ,@%default-modules)))))))
 
+(define (file-system-shepherd-services file-systems)
+  "Return the list of Shepherd services for FILE-SYSTEMS."
+  (let* ((file-systems (filter file-system-mount? file-systems)))
+    (define sink
+      (shepherd-service
+       (provision '(file-systems))
+       (requirement (cons* 'root-file-system 'user-file-systems
+                           (map file-system->shepherd-service-name
+                                file-systems)))
+       (documentation "Target for all the initially-mounted file systems")
+       (start #~(const #t))
+       (stop #~(const #f))))
+
+    (cons sink (map file-system-shepherd-service file-systems))))
+
 (define file-system-service-type
   (service-type (name 'file-systems)
                 (extensions
                  (list (service-extension shepherd-root-service-type
-                                          (lambda (file-systems)
-                                            (filter-map file-system-shepherd-service
-                                                        file-systems)))
+                                          file-system-shepherd-services)
                        (service-extension fstab-service-type
                                           identity)))
                 (compose concatenate)
@@ -354,93 +380,89 @@ in KNOWN-MOUNT-POINTS when it is stopped."
 (define user-processes-service-type
   (shepherd-service-type
    'user-processes
-   (match-lambda
-     ((requirements grace-delay)
-      (shepherd-service
-       (documentation "When stopped, terminate all user processes.")
-       (provision '(user-processes))
-       (requirement (cons* 'root-file-system 'user-file-systems
-                           (map file-system->shepherd-service-name
-                                requirements)))
-       (start #~(const #t))
-       (stop #~(lambda _
-                 (define (kill-except omit signal)
-                   ;; Kill all the processes with SIGNAL except those listed
-                   ;; in OMIT and the current process.
-                   (let ((omit (cons (getpid) omit)))
-                     (for-each (lambda (pid)
-                                 (unless (memv pid omit)
-                                   (false-if-exception
-                                    (kill pid signal))))
-                               (processes))))
-
-                 (define omitted-pids
-                   ;; List of PIDs that must not be killed.
-                   (if (file-exists? #$%do-not-kill-file)
-                       (map string->number
-                            (call-with-input-file #$%do-not-kill-file
-                              (compose string-tokenize
-                                       (@ (ice-9 rdelim) read-string))))
-                       '()))
-
-                 (define (now)
-                   (car (gettimeofday)))
-
-                 (define (sleep* n)
-                   ;; Really sleep N seconds.
-                   ;; Work around <http://bugs.gnu.org/19581>.
-                   (define start (now))
-                   (let loop ((elapsed 0))
-                     (when (> n elapsed)
-                       (sleep (- n elapsed))
-                       (loop (- (now) start)))))
-
-                 (define lset= (@ (srfi srfi-1) lset=))
-
-                 (display "sending all processes the TERM signal\n")
-
-                 (if (null? omitted-pids)
-                     (begin
-                       ;; Easy: terminate all of them.
-                       (kill -1 SIGTERM)
-                       (sleep* #$grace-delay)
-                       (kill -1 SIGKILL))
-                     (begin
-                       ;; Kill them all except OMITTED-PIDS.  XXX: We would
-                       ;; like to (kill -1 SIGSTOP) to get a fixed list of
-                       ;; processes, like 'killall5' does, but that seems
-                       ;; unreliable.
-                       (kill-except omitted-pids SIGTERM)
-                       (sleep* #$grace-delay)
-                       (kill-except omitted-pids SIGKILL)
-                       (delete-file #$%do-not-kill-file)))
-
-                 (let wait ()
-                   (let ((pids (processes)))
-                     (unless (lset= = pids (cons 1 omitted-pids))
-                       (format #t "waiting for process termination\
+   (lambda (grace-delay)
+     (shepherd-service
+      (documentation "When stopped, terminate all user processes.")
+      (provision '(user-processes))
+      (requirement '(file-systems))
+      (start #~(const #t))
+      (stop #~(lambda _
+                (define (kill-except omit signal)
+                  ;; Kill all the processes with SIGNAL except those listed
+                  ;; in OMIT and the current process.
+                  (let ((omit (cons (getpid) omit)))
+                    (for-each (lambda (pid)
+                                (unless (memv pid omit)
+                                  (false-if-exception
+                                   (kill pid signal))))
+                              (processes))))
+
+                (define omitted-pids
+                  ;; List of PIDs that must not be killed.
+                  (if (file-exists? #$%do-not-kill-file)
+                      (map string->number
+                           (call-with-input-file #$%do-not-kill-file
+                             (compose string-tokenize
+                                      (@ (ice-9 rdelim) read-string))))
+                      '()))
+
+                (define (now)
+                  (car (gettimeofday)))
+
+                (define (sleep* n)
+                  ;; Really sleep N seconds.
+                  ;; Work around <http://bugs.gnu.org/19581>.
+                  (define start (now))
+                  (let loop ((elapsed 0))
+                    (when (> n elapsed)
+                      (sleep (- n elapsed))
+                      (loop (- (now) start)))))
+
+                (define lset= (@ (srfi srfi-1) lset=))
+
+                (display "sending all processes the TERM signal\n")
+
+                (if (null? omitted-pids)
+                    (begin
+                      ;; Easy: terminate all of them.
+                      (kill -1 SIGTERM)
+                      (sleep* #$grace-delay)
+                      (kill -1 SIGKILL))
+                    (begin
+                      ;; Kill them all except OMITTED-PIDS.  XXX: We would
+                      ;; like to (kill -1 SIGSTOP) to get a fixed list of
+                      ;; processes, like 'killall5' does, but that seems
+                      ;; unreliable.
+                      (kill-except omitted-pids SIGTERM)
+                      (sleep* #$grace-delay)
+                      (kill-except omitted-pids SIGKILL)
+                      (delete-file #$%do-not-kill-file)))
+
+                (let wait ()
+                  (let ((pids (processes)))
+                    (unless (lset= = pids (cons 1 omitted-pids))
+                      (format #t "waiting for process termination\
  (processes left: ~s)~%"
-                               pids)
-                       (sleep* 2)
-                       (wait))))
+                              pids)
+                      (sleep* 2)
+                      (wait))))
 
-                 (display "all processes have been terminated\n")
-                 #f))
-       (respawn? #f))))))
+                (display "all processes have been terminated\n")
+                #f))
+      (respawn? #f)))))
 
-(define* (user-processes-service file-systems #:key (grace-delay 4))
+(define* (user-processes-service #:key (grace-delay 4))
   "Return the service that is responsible for terminating all the processes so
 that the root file system can be re-mounted read-only, just before
 rebooting/halting.  Processes still running GRACE-DELAY seconds after SIGTERM
 has been sent are terminated with SIGKILL.
 
-The returned service will depend on 'root-file-system' and on all the shepherd
-services corresponding to FILE-SYSTEMS.
+The returned service will depend on 'file-systems', meaning that it is
+considered started after all the auto-mount file systems have been mounted.
 
 All the services that spawn processes must depend on this one so that they are
 stopped before 'kill' is called."
-  (service user-processes-service-type
-           (list (filter file-system-mount? file-systems) grace-delay)))
+  (service user-processes-service-type grace-delay))
 
 
 ;;;
@@ -1525,8 +1547,10 @@ This service is not part of @var{%base-services}."
         (mingetty-service (mingetty-configuration
                            (tty "tty6")))
 
-        (static-networking-service "lo" "127.0.0.1"
-                                   #:provision '(loopback))
+        (service static-networking-service-type
+                 (list (static-networking (interface "lo")
+                                          (ip "127.0.0.1")
+                                          (provision '(loopback)))))
         (syslog-service)
         (urandom-seed-service)
         (guix-service)
@@ -1535,6 +1559,10 @@ This service is not part of @var{%base-services}."
         ;; The LVM2 rules are needed as soon as LVM2 or the device-mapper is
         ;; used, so enable them by default.  The FUSE and ALSA rules are
         ;; less critical, but handy.
-        (udev-service #:rules (list lvm2 fuse alsa-utils crda))))
+        (udev-service #:rules (list lvm2 fuse alsa-utils crda))
+
+        (service special-files-service-type
+                 `(("/bin/sh" ,(file-append (canonical-package bash)
+                                            "/bin/sh"))))))
 
 ;;; base.scm ends here
diff --git a/gnu/services/cuirass.scm b/gnu/services/cuirass.scm
index c15a846bad..237f71a09b 100644
--- a/gnu/services/cuirass.scm
+++ b/gnu/services/cuirass.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
 ;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -56,12 +57,16 @@
                     (default 60))
   (database         cuirass-configuration-database ;string (file-name)
                     (default "/var/run/cuirass/cuirass.db"))
+  (port             cuirass-configuration-port ;integer (port)
+                    (default 8080))
   (specifications   cuirass-configuration-specifications)
                                   ;gexp that evaluates to specification-alist
   (use-substitutes? cuirass-configuration-use-substitutes? ;boolean
                     (default #f))
   (one-shot?        cuirass-configuration-one-shot? ;boolean
-                    (default #f)))
+                    (default #f))
+  (load-path        cuirass-configuration-load-path
+                    (default '())))
 
 (define (cuirass-shepherd-service config)
   "Return a <shepherd-service> for the Cuirass service with CONFIG."
@@ -74,9 +79,11 @@
          (group            (cuirass-configuration-group config))
          (interval         (cuirass-configuration-interval config))
          (database         (cuirass-configuration-database config))
+         (port             (cuirass-configuration-port config))
          (specs            (cuirass-configuration-specifications config))
          (use-substitutes? (cuirass-configuration-use-substitutes? config))
-         (one-shot?        (cuirass-configuration-one-shot? config)))
+         (one-shot?        (cuirass-configuration-one-shot? config))
+         (load-path        (cuirass-configuration-load-path config)))
      (list (shepherd-service
             (documentation "Run Cuirass.")
             (provision '(cuirass))
@@ -87,9 +94,12 @@
                             "--specifications"
                             #$(scheme-file "cuirass-specs.scm" specs)
                             "--database" #$database
+                            "--port" #$(number->string port)
                             "--interval" #$(number->string interval)
                             #$@(if use-substitutes? '("--use-substitutes") '())
-                            #$@(if one-shot? '("--one-shot") '()))
+                            #$@(if one-shot? '("--one-shot") '())
+                            #$@(if (null? load-path) '()
+                                 `("--load-path" ,(string-join load-path ":"))))
                       #:user #$user
                       #:group #$group
                       #:log-file #$log-file))
diff --git a/gnu/services/cups.scm b/gnu/services/cups.scm
index df1843e438..70b858479a 100644
--- a/gnu/services/cups.scm
+++ b/gnu/services/cups.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Andy Wingo <wingo@pobox.com>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -811,6 +812,7 @@ IPP specifications.")
   ;; Activation gexp.
   (with-imported-modules '((guix build utils))
     #~(begin
+        (use-modules (guix build utils))
         (define (mkdir-p/perms directory owner perms)
           (mkdir-p directory)
           (chown "/var/run/cups" (passwd:uid owner) (passwd:gid owner))
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index c1381405d8..30b1672d33 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Andy Wingo <wingo@igalia.com>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1601,6 +1602,7 @@ accept from local for any relay
     (($ <opensmtpd-configuration> package config-file)
      (let ((smtpd (file-append package "/sbin/smtpd")))
        #~(begin
+           (use-modules (guix build utils))
            ;; Create mbox and spool directories.
            (mkdir-p "/var/mail")
            (mkdir-p "/var/spool/smtpd")
diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm
index 0b5aa1fae8..9f59d6eac6 100644
--- a/gnu/services/messaging.scm
+++ b/gnu/services/messaging.scm
@@ -40,7 +40,8 @@
             mod-muc-configuration
             ssl-configuration
 
-            %default-modules-enabled))
+            %default-modules-enabled
+            prosody-configuration-pidfile))
 
 ;;; Commentary:
 ;;;
@@ -592,7 +593,7 @@ See also @url{http://prosody.im/doc/modules/mod_muc}."
                                   (zero? (system* #$prosodyctl-bin #$@args))))))
     (list (shepherd-service
            (documentation "Run the Prosody XMPP server")
-           (provision '(prosody))
+           (provision '(prosody xmpp-daemon))
            (requirement '(networking syslogd user-processes))
            (start (prosodyctl-action "start"))
            (stop (prosodyctl-action "stop"))))))
@@ -621,6 +622,7 @@ See also @url{http://prosody.im/doc/modules/mod_muc}."
                   (serialize-prosody-configuration config)))))
          (config-file (plain-file "prosody.cfg.lua" config-str)))
     #~(begin
+        (use-modules (guix build utils))
         (define %user (getpw "prosody"))
 
         (mkdir-p #$config-dir)
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index ac011f1286..18bce2a2b8 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -30,17 +31,26 @@
   #:use-module (gnu packages linux)
   #:use-module (gnu packages tor)
   #:use-module (gnu packages messaging)
+  #:use-module (gnu packages networking)
   #:use-module (gnu packages ntp)
   #:use-module (gnu packages wicd)
   #:use-module (gnu packages gnome)
   #:use-module (guix gexp)
   #:use-module (guix records)
+  #:use-module (guix modules)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-9)
   #:use-module (srfi srfi-26)
   #:use-module (ice-9 match)
   #:export (%facebook-host-aliases
             static-networking
+
+            static-networking?
+            static-networking-interface
+            static-networking-ip
+            static-networking-netmask
+            static-networking-gateway
+
             static-networking-service
             static-networking-service-type
             dhcp-client-service
@@ -64,9 +74,17 @@
 
             wicd-service-type
             wicd-service
-            network-manager-service
+
+            network-manager-configuration
+            network-manager-configuration?
+            network-manager-configuration-dns
+            network-manager-service-type
+
             connman-service
-            wpa-supplicant-service-type))
+            wpa-supplicant-service-type
+
+            openvswitch-service-type
+            openvswitch-configuration))
 
 ;;; Commentary:
 ;;;
@@ -115,88 +133,138 @@ fe80::1%lo0 apps.facebook.com\n")
   (ip static-networking-ip)
   (netmask static-networking-netmask
            (default #f))
-  (gateway static-networking-gateway)
-  (provision static-networking-provision)
-  (name-servers static-networking-name-servers))
+  (gateway static-networking-gateway              ;FIXME: doesn't belong here
+           (default #f))
+  (provision static-networking-provision
+             (default #f))
+  (name-servers static-networking-name-servers    ;FIXME: doesn't belong here
+                (default '())))
 
-(define static-networking-service-type
-  (shepherd-service-type
-   'static-networking
-   (match-lambda
-     (($ <static-networking> interface ip netmask gateway provision
-                             name-servers)
-      (let ((loopback? (memq 'loopback provision)))
-        (shepherd-service
+(define static-networking-shepherd-service
+  (match-lambda
+    (($ <static-networking> interface ip netmask gateway provision
+                            name-servers)
+     (let ((loopback? (and provision (memq 'loopback provision))))
+       (shepherd-service
+
+        ;; Unless we're providing the loopback interface, wait for udev to be up
+        ;; and running so that INTERFACE is actually usable.
+        (requirement (if loopback? '() '(udev)))
+
+        (documentation
+         "Bring up the networking interface using a static IP address.")
+        (provision (or provision
+                       (list (symbol-append 'networking-
+                                            (string->symbol interface)))))
+
+        (start #~(lambda _
+                   ;; Return #t if successfully started.
+                   (let* ((addr     (inet-pton AF_INET #$ip))
+                          (sockaddr (make-socket-address AF_INET addr 0))
+                          (mask     (and #$netmask
+                                         (inet-pton AF_INET #$netmask)))
+                          (maskaddr (and mask
+                                         (make-socket-address AF_INET
+                                                              mask 0)))
+                          (gateway  (and #$gateway
+                                         (inet-pton AF_INET #$gateway)))
+                          (gatewayaddr (and gateway
+                                            (make-socket-address AF_INET
+                                                                 gateway 0))))
+                     (configure-network-interface #$interface sockaddr
+                                                  (logior IFF_UP
+                                                          #$(if loopback?
+                                                                #~IFF_LOOPBACK
+                                                                0))
+                                                  #:netmask maskaddr)
+                     (when gateway
+                       (let ((sock (socket AF_INET SOCK_DGRAM 0)))
+                         (add-network-route/gateway sock gatewayaddr)
+                         (close-port sock))))))
+        (stop #~(lambda _
+                  ;; Return #f is successfully stopped.
+                  (let ((sock (socket AF_INET SOCK_STREAM 0)))
+                    (when #$gateway
+                      (delete-network-route sock
+                                            (make-socket-address
+                                             AF_INET INADDR_ANY 0)))
+                    (set-network-interface-flags sock #$interface 0)
+                    (close-port sock)
+                    #f)))
+        (respawn? #f))))))
+
+(define (static-networking-etc-files interfaces)
+  "Return a /etc/resolv.conf entry for INTERFACES or the empty list."
+  (match (delete-duplicates
+          (append-map static-networking-name-servers
+                      interfaces))
+    (()
+     '())
+    ((name-servers ...)
+     (let ((content (string-join
+                     (map (cut string-append "nameserver " <>)
+                          name-servers)
+                     "\n" 'suffix)))
+       `(("resolv.conf"
+          ,(plain-file "resolv.conf"
+                       (string-append "\
+# Generated by 'static-networking-service'.\n"
+                                      content))))))))
+
+(define (static-networking-shepherd-services interfaces)
+  "Return the list of Shepherd services to bring up INTERFACES, a list of
+<static-networking> objects."
+  (define (loopback? service)
+    (memq 'loopback (shepherd-service-provision service)))
+
+  (let ((services (map static-networking-shepherd-service interfaces)))
+    (match (remove loopback? services)
+      (()
+       ;; There's no interface other than 'loopback', so we assume that the
+       ;; 'networking' service will be provided by dhclient or similar.
+       services)
+      ((non-loopback ...)
+       ;; Assume we're providing all the interfaces, and thus, provide a
+       ;; 'networking' service.
+       (cons (shepherd-service
+              (provision '(networking))
+              (requirement (append-map shepherd-service-provision
+                                       services))
+              (start #~(const #t))
+              (stop #~(const #f))
+              (documentation "Bring up all the networking interfaces."))
+             services)))))
 
-         ;; Unless we're providing the loopback interface, wait for udev to be up
-         ;; and running so that INTERFACE is actually usable.
-         (requirement (if loopback? '() '(udev)))
-
-         (documentation
-          "Bring up the networking interface using a static IP address.")
-         (provision provision)
-         (start #~(lambda _
-                    ;; Return #t if successfully started.
-                    (let* ((addr     (inet-pton AF_INET #$ip))
-                           (sockaddr (make-socket-address AF_INET addr 0))
-                           (mask     (and #$netmask
-                                          (inet-pton AF_INET #$netmask)))
-                           (maskaddr (and mask
-                                          (make-socket-address AF_INET
-                                                               mask 0)))
-                           (gateway  (and #$gateway
-                                          (inet-pton AF_INET #$gateway)))
-                           (gatewayaddr (and gateway
-                                             (make-socket-address AF_INET
-                                                                  gateway 0))))
-                      (configure-network-interface #$interface sockaddr
-                                                   (logior IFF_UP
-                                                           #$(if loopback?
-                                                                 #~IFF_LOOPBACK
-                                                                 0))
-                                                   #:netmask maskaddr)
-                      (when gateway
-                        (let ((sock (socket AF_INET SOCK_DGRAM 0)))
-                          (add-network-route/gateway sock gatewayaddr)
-                          (close-port sock))))
-
-                    #$(if (pair? name-servers)
-                          #~(call-with-output-file "/etc/resolv.conf"
-                              (lambda (port)
-                                (display
-                                 "# Generated by 'static-networking-service'.\n"
-                                 port)
-                                (for-each (lambda (server)
-                                            (format port "nameserver ~a~%"
-                                                    server))
-                                          '#$name-servers)
-                                #t))
-                          #t)))
-         (stop #~(lambda _
-                   ;; Return #f is successfully stopped.
-                   (let ((sock (socket AF_INET SOCK_STREAM 0)))
-                     (when #$gateway
-                       (delete-network-route sock
-                                             (make-socket-address
-                                              AF_INET INADDR_ANY 0)))
-                     (set-network-interface-flags sock #$interface 0)
-                     (close-port sock)
-                     #f)))
-         (respawn? #f)))))))
+(define static-networking-service-type
+  ;; The service type for statically-defined network interfaces.
+  (service-type (name 'static-networking)
+                (extensions
+                 (list
+                  (service-extension shepherd-root-service-type
+                                     static-networking-shepherd-services)
+                  (service-extension etc-service-type
+                                     static-networking-etc-files)))
+                (compose concatenate)
+                (extend append)))
 
 (define* (static-networking-service interface ip
                                     #:key
-                                    netmask gateway
-                                    (provision '(networking))
+                                    netmask gateway provision
                                     (name-servers '()))
   "Return a service that starts @var{interface} with address @var{ip}.  If
 @var{netmask} is true, use it as the network mask.  If @var{gateway} is true,
-it must be a string specifying the default network gateway."
-  (service static-networking-service-type
-           (static-networking (interface interface) (ip ip)
-                              (netmask netmask) (gateway gateway)
-                              (provision provision)
-                              (name-servers name-servers))))
+it must be a string specifying the default network gateway.
+
+This procedure can be called several times, one for each network
+interface of interest.  Behind the scenes what it does is extend
+@code{static-networking-service-type} with additional network interfaces
+to handle."
+  (simple-service 'static-network-interface
+                  static-networking-service-type
+                  (list (static-networking (interface interface) (ip ip)
+                                           (netmask netmask) (gateway gateway)
+                                           (provision provision)
+                                           (name-servers name-servers)))))
 
 (define dhcp-client-service-type
   (shepherd-service-type
@@ -327,6 +395,7 @@ restrict -6 ::1\n"))
   "Return the activation gexp for CONFIG."
   (with-imported-modules '((guix build utils))
     #~(begin
+        (use-modules (guix build utils))
         (define %user
           (getpw "ntpd"))
 
@@ -560,13 +629,29 @@ project's documentation} for more information."
   DaemonPort = " (number->string port) "
 " extra-settings))))
 
-       (list (shepherd-service
-              (provision '(bitlbee))
-              (requirement '(user-processes loopback))
-              (start #~(make-forkexec-constructor
-                        (list (string-append #$bitlbee "/sbin/bitlbee")
-                              "-n" "-F" "-u" "bitlbee" "-c" #$conf)))
-              (stop  #~(make-kill-destructor))))))))
+       (with-imported-modules (source-module-closure
+                               '((gnu build shepherd)
+                                 (gnu system file-systems)))
+         (list (shepherd-service
+                (provision '(bitlbee))
+
+                ;; Note: If networking is not up, then /etc/resolv.conf
+                ;; doesn't get mapped in the container, hence the dependency
+                ;; on 'networking'.
+                (requirement '(user-processes networking))
+
+                (modules '((gnu build shepherd)
+                           (gnu system file-systems)))
+                (start #~(make-forkexec-constructor/container
+                          (list #$(file-append bitlbee "/sbin/bitlbee")
+                                "-n" "-F" "-u" "bitlbee" "-c" #$conf)
+
+                          #:pid-file "/var/run/bitlbee.pid"
+                          #:mappings (list (file-system-mapping
+                                            (source "/var/lib/bitlbee")
+                                            (target source)
+                                            (writable? #t)))))
+                (stop  #~(make-kill-destructor)))))))))
 
 (define %bitlbee-accounts
   ;; User group and account to run BitlBee.
@@ -679,40 +764,58 @@ and @command{wicd-curses} user interfaces."
 ;;; NetworkManager
 ;;;
 
+(define-record-type* <network-manager-configuration>
+  network-manager-configuration make-network-manager-configuration
+  network-manager-configuration?
+  (network-manager network-manager-configuration-network-manager
+                   (default network-manager))
+  (dns network-manager-configuration-dns
+       (default "default")))
+
 (define %network-manager-activation
   ;; Activation gexp for NetworkManager.
   #~(begin
       (use-modules (guix build utils))
       (mkdir-p "/etc/NetworkManager/system-connections")))
 
-(define (network-manager-shepherd-service network-manager)
-  "Return a shepherd service for NETWORK-MANAGER."
-  (list (shepherd-service
-         (documentation "Run the NetworkManager.")
-         (provision '(networking))
-         (requirement '(user-processes dbus-system wpa-supplicant loopback))
-         (start #~(make-forkexec-constructor
-                   (list (string-append #$network-manager
-                                        "/sbin/NetworkManager")
-                         "--no-daemon")))
-         (stop #~(make-kill-destructor)))))
+(define network-manager-shepherd-service
+  (match-lambda
+    (($ <network-manager-configuration> network-manager dns)
+     (let
+         ((conf (plain-file "NetworkManager.conf"
+                            (string-append "
+[main]
+dns=" dns "
+"))))
+     (list (shepherd-service
+            (documentation "Run the NetworkManager.")
+            (provision '(networking))
+            (requirement '(user-processes dbus-system wpa-supplicant loopback))
+            (start #~(make-forkexec-constructor
+                      (list (string-append #$network-manager
+                                           "/sbin/NetworkManager")
+                            (string-append "--config=" #$conf)
+                            "--no-daemon")))
+            (stop #~(make-kill-destructor))))))))
 
 (define network-manager-service-type
-  (service-type (name 'network-manager)
-                (extensions
-                 (list (service-extension shepherd-root-service-type
-                                          network-manager-shepherd-service)
-                       (service-extension dbus-root-service-type list)
-                       (service-extension polkit-service-type list)
-                       (service-extension activation-service-type
-                                          (const %network-manager-activation))
-                       ;; Add network-manager to the system profile.
-                       (service-extension profile-service-type list)))))
-
-(define* (network-manager-service #:key (network-manager network-manager))
-  "Return a service that runs NetworkManager, a network connection manager
-that attempting to keep active network connectivity when available."
-  (service network-manager-service-type network-manager))
+  (let
+      ((config->package
+        (match-lambda
+         (($ <network-manager-configuration> network-manager)
+          (list network-manager)))))
+
+    (service-type
+     (name 'network-manager)
+     (extensions
+      (list (service-extension shepherd-root-service-type
+                               network-manager-shepherd-service)
+            (service-extension dbus-root-service-type config->package)
+            (service-extension polkit-service-type config->package)
+            (service-extension activation-service-type
+                               (const %network-manager-activation))
+            ;; Add network-manager to the system profile.
+            (service-extension profile-service-type config->package))))))
 
 
 ;;;
@@ -786,4 +889,62 @@ configure networking."
                        (service-extension dbus-root-service-type list)
                        (service-extension profile-service-type list)))))
 
+
+;;;
+;;; Open vSwitch
+;;;
+
+(define-record-type* <openvswitch-configuration>
+  openvswitch-configuration make-openvswitch-configuration
+  openvswitch-configuration?
+  (package openvswitch-configuration-package
+           (default openvswitch)))
+
+(define openvswitch-activation
+  (match-lambda
+    (($ <openvswitch-configuration> package)
+     (let ((ovsdb-tool (file-append package "/bin/ovsdb-tool")))
+       (with-imported-modules '((guix build utils))
+         #~(begin
+             (use-modules (guix build utils))
+             (mkdir-p "/var/run/openvswitch")
+             (mkdir-p "/var/lib/openvswitch")
+             (let ((conf.db "/var/lib/openvswitch/conf.db"))
+               (unless (file-exists? conf.db)
+                 (system* #$ovsdb-tool "create" conf.db)))))))))
+
+(define openvswitch-shepherd-service
+  (match-lambda
+    (($ <openvswitch-configuration> package)
+     (let ((ovsdb-server (file-append package "/sbin/ovsdb-server"))
+           (ovs-vswitchd (file-append package "/sbin/ovs-vswitchd")))
+       (list
+        (shepherd-service
+         (provision '(ovsdb))
+         (documentation "Run the Open vSwitch database server.")
+         (start #~(make-forkexec-constructor
+                   (list #$ovsdb-server "--pidfile"
+                         "--remote=punix:/var/run/openvswitch/db.sock")
+                   #:pid-file "/var/run/openvswitch/ovsdb-server.pid"))
+         (stop #~(make-kill-destructor)))
+        (shepherd-service
+         (provision '(vswitchd))
+         (requirement '(ovsdb))
+         (documentation "Run the Open vSwitch daemon.")
+         (start #~(make-forkexec-constructor
+                   (list #$ovs-vswitchd "--pidfile")
+                   #:pid-file "/var/run/openvswitch/ovs-vswitchd.pid"))
+         (stop #~(make-kill-destructor))))))))
+
+(define openvswitch-service-type
+  (service-type
+   (name 'openvswitch)
+   (extensions
+    (list (service-extension activation-service-type
+                             openvswitch-activation)
+          (service-extension profile-service-type
+                             (compose list openvswitch-configuration-package))
+          (service-extension shepherd-root-service-type
+                             openvswitch-shepherd-service)))))
+
 ;;; networking.scm ends here
diff --git a/gnu/services/shepherd.scm b/gnu/services/shepherd.scm
index d8d5006abf..5831220541 100644
--- a/gnu/services/shepherd.scm
+++ b/gnu/services/shepherd.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -195,6 +196,7 @@ stored."
     (string-append "shepherd-"
                    (string-map (match-lambda
                                  (#\/ #\-)
+                                 (#\  #\-)
                                  (chr chr))
                                provisions)
                    ".scm")))
diff --git a/gnu/services/spice.scm b/gnu/services/spice.scm
index bd0a538346..2f9dfd57ac 100644
--- a/gnu/services/spice.scm
+++ b/gnu/services/spice.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 David Craven <david@craven.ch>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -35,7 +36,9 @@
 
 (define (spice-vdagent-activation config)
   "Return the activation gexp for CONFIG."
-  #~(mkdir-p "/var/run/spice-vdagentd"))
+  #~(begin
+      (use-modules (guix build utils))
+      (mkdir-p "/var/run/spice-vdagentd")))
 
 (define (spice-vdagent-shepherd-service config)
   "Return a <shepherd-service> for spice-vdagentd with CONFIG."
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 6da612da67..58c35c9f5e 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;; Copyright © 2016 Julien Lepiller <julien@lepiller.eu>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -292,6 +293,7 @@ The other options should be self-descriptive."
 (define (openssh-activation config)
   "Return the activation GEXP for CONFIG."
   #~(begin
+      (use-modules (guix build utils))
       (mkdir-p "/etc/ssh")
       (mkdir-p (dirname #$(openssh-configuration-pid-file config)))
 
@@ -388,6 +390,7 @@ The other options should be self-descriptive."
 (define (dropbear-activation config)
   "Return the activation gexp for CONFIG."
   #~(begin
+      (use-modules (guix build utils))
       (mkdir-p "/etc/dropbear")))
 
 (define (dropbear-shepherd-service config)
diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm
new file mode 100644
index 0000000000..844a11b3d3
--- /dev/null
+++ b/gnu/services/vpn.scm
@@ -0,0 +1,494 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services vpn)
+  #:use-module (gnu services)
+  #:use-module (gnu services configuration)
+  #:use-module (gnu services shepherd)
+  #:use-module (gnu system shadow)
+  #:use-module (gnu packages admin)
+  #:use-module (gnu packages vpn)
+  #:use-module (guix packages)
+  #:use-module (guix records)
+  #:use-module (guix gexp)
+  #:use-module (srfi srfi-1)
+  #:use-module (ice-9 match)
+  #:use-module (ice-9 regex)
+  #:export (openvpn-client-service
+            openvpn-server-service
+            openvpn-client-service-type
+            openvpn-server-service-type
+            openvpn-client-configuration
+            openvpn-server-configuration
+            openvpn-remote-configuration
+            openvpn-ccd-configuration
+            generate-openvpn-client-documentation
+            generate-openvpn-server-documentation))
+
+;;;
+;;; OpenVPN.
+;;;
+
+(define (uglify-field-name name)
+  (match name
+    ('verbosity "verb")
+    (_ (let ((str (symbol->string name)))
+         (if (string-suffix? "?" str)
+             (substring str 0 (1- (string-length str)))
+             str)))))
+
+(define (serialize-field field-name val)
+  (if (eq? field-name 'pid-file)
+      (format #t "")
+      (format #t "~a ~a\n" (uglify-field-name field-name) val)))
+(define serialize-string serialize-field)
+(define (serialize-boolean field-name val)
+  (if val
+      (serialize-field field-name val)
+      (format #t "")))
+
+(define (ip-mask? val)
+  (and (string? val)
+       (if (string-match "^([0-9]+\\.){3}[0-9]+ ([0-9]+\\.){3}[0-9]+$" val)
+           (let ((numbers (string-tokenize val char-set:digit)))
+             (all-lte numbers (list 255 255 255 255 255 255 255 255)))
+           #f)))
+(define serialize-ip-mask serialize-string)
+
+(define-syntax define-enumerated-field-type
+  (lambda (x)
+    (define (id-append ctx . parts)
+      (datum->syntax ctx (apply symbol-append (map syntax->datum parts))))
+    (syntax-case x ()
+      ((_ name (option ...))
+       #`(begin
+           (define (#,(id-append #'name #'name #'?) x)
+             (memq x '(option ...)))
+           (define (#,(id-append #'name #'serialize- #'name) field-name val)
+             (serialize-field field-name val)))))))
+
+(define-enumerated-field-type proto
+  (udp tcp udp6 tcp6))
+(define-enumerated-field-type dev
+  (tun tap))
+
+(define key-usage? boolean?)
+(define (serialize-key-usage field-name value)
+  (if value
+      (format #t "remote-cert-tls server\n")
+      #f))
+
+(define bind? boolean?)
+(define (serialize-bind field-name value)
+  (if value
+      #f
+      (format #t "nobind\n")))
+
+(define resolv-retry? boolean?)
+(define (serialize-resolv-retry field-name value)
+  (if value
+      (format #t "resolv-retry infinite\n")
+      #f))
+
+(define (serialize-tls-auth role location)
+  (serialize-field 'tls-auth
+                   (string-append location " " (match role
+                                                 ('server "0")
+                                                 ('client "1")))))
+(define (tls-auth? val)
+  (or (eq? val #f)
+      (string? val)))
+(define (serialize-tls-auth-server field-name val)
+  (serialize-tls-auth 'server val))
+(define (serialize-tls-auth-client field-name val)
+  (serialize-tls-auth 'client val))
+(define tls-auth-server? tls-auth?)
+(define tls-auth-client? tls-auth?)
+
+(define (serialize-number field-name val)
+  (serialize-field field-name (number->string val)))
+
+(define (all-lte left right)
+  (if (eq? left '())
+      (eq? right '())
+      (and (<= (string->number (car left)) (car right))
+           (all-lte (cdr left) (cdr right)))))
+
+(define (cidr4? val)
+  (if (string? val)
+      (if (string-match "^([0-9]+\\.){3}[0-9]+/[0-9]+$" val)
+          (let ((numbers (string-tokenize val char-set:digit)))
+            (all-lte numbers (list 255 255 255 255 32)))
+          #f)
+      (eq? val #f)))
+
+(define (cidr6? val)
+  (if (string? val)
+      (string-match "^([0-9a-f]{0,4}:){0,8}/[0-9]{1,3}$" val)
+      (eq? val #f)))
+
+(define (serialize-cidr4 field-name val)
+  (if (eq? val #f) #f (serialize-field field-name val)))
+
+(define (serialize-cidr6 field-name val)
+  (if (eq? val #f) #f (serialize-field field-name val)))
+
+(define (ip? val)
+  (if (string? val)
+      (if (string-match "^([0-9]+\\.){3}[0-9]+$" val)
+          (let ((numbers (string-tokenize val char-set:digit)))
+            (all-lte numbers (list 255 255 255 255)))
+          #f)
+      (eq? val #f)))
+(define (serialize-ip field-name val)
+  (if (eq? val #f) #f (serialize-field field-name val)))
+
+(define (keepalive? val)
+  (and (list? val)
+       (and (number? (car val))
+            (number? (car (cdr val))))))
+(define (serialize-keepalive field-name val)
+  (format #t "~a ~a ~a\n" (uglify-field-name field-name)
+          (number->string (car val)) (number->string (car (cdr val)))))
+
+(define gateway? boolean?)
+(define (serialize-gateway field-name val)
+  (and val
+       (format #t "push \"redirect-gateway\"\n")))
+
+
+(define-configuration openvpn-remote-configuration
+  (name
+   (string "my-server")
+   "Server name.")
+  (port
+   (number 1194)
+   "Port number the server listens to."))
+
+(define-configuration openvpn-ccd-configuration
+  (name
+   (string "client")
+   "Client name.")
+  (iroute
+   (ip-mask #f)
+   "Client own network")
+  (ifconfig-push
+   (ip-mask #f)
+   "Client VPN IP."))
+
+(define (openvpn-remote-list? val)
+  (and (list? val)
+       (or (eq? val '())
+           (and (openvpn-remote-configuration? (car val))
+                (openvpn-remote-list? (cdr val))))))
+(define (serialize-openvpn-remote-list field-name val)
+  (for-each (lambda (remote)
+              (format #t "remote ~a ~a\n" (openvpn-remote-configuration-name remote)
+                      (number->string (openvpn-remote-configuration-port remote))))
+            val))
+
+(define (openvpn-ccd-list? val)
+  (and (list? val)
+       (or (eq? val '())
+           (and (openvpn-ccd-configuration? (car val))
+                (openvpn-ccd-list? (cdr val))))))
+(define (serialize-openvpn-ccd-list field-name val)
+  #f)
+
+(define (create-ccd-directory val)
+  "Create a ccd directory containing files for the ccd configuration option
+of OpenVPN.  Each file in this directory represents particular settings for a
+client.  Each file is named after the name of the client."
+  (let ((files (map (lambda (ccd)
+                      (list (openvpn-ccd-configuration-name ccd)
+                            (with-output-to-string
+                              (lambda ()
+                                (serialize-configuration
+                                 ccd openvpn-ccd-configuration-fields)))))
+                    val)))
+    (computed-file "ccd"
+                   (with-imported-modules '((guix build utils))
+                     #~(begin
+                         (use-modules (guix build utils))
+                         (use-modules (ice-9 match))
+                         (mkdir-p #$output)
+                         (for-each
+                          (lambda (ccd)
+                            (match ccd
+                              ((name config-string)
+                               (call-with-output-file
+                                   (string-append #$output "/" name)
+                                 (lambda (port) (display config-string port))))))
+                          '#$files))))))
+
+(define-syntax define-split-configuration
+  (lambda (x)
+    (syntax-case x ()
+      ((_ name1 name2 (common-option ...) (first-option ...) (second-option ...))
+       #`(begin
+           (define-configuration #,#'name1
+             common-option ...
+             first-option ...)
+           (define-configuration #,#'name2
+             common-option ...
+             second-option ...))))))
+
+(define-split-configuration openvpn-client-configuration
+  openvpn-server-configuration
+  ((openvpn
+    (package openvpn)
+    "The OpenVPN package.")
+
+   (pid-file
+    (string "/var/run/openvpn/openvpn.pid")
+    "The OpenVPN pid file.")
+
+   (proto
+    (proto 'udp)
+    "The protocol (UDP or TCP) used to open a channel between clients and
+servers.")
+
+   (dev
+    (dev 'tun)
+    "The device type used to represent the VPN connection.")
+
+   (ca
+    (string "/etc/openvpn/ca.crt")
+    "The certificate authority to check connections against.")
+
+   (cert
+    (string "/etc/openvpn/client.crt")
+    "The certificate of the machine the daemon is running on. It should be signed
+by the authority given in @code{ca}.")
+
+   (key
+    (string "/etc/openvpn/client.key")
+    "The key of the machine the daemon is running on. It must be the whose
+certificate is @code{cert}.")
+
+   (comp-lzo?
+    (boolean #t)
+    "Whether to use the lzo compression algorithm.")
+
+   (persist-key?
+    (boolean #t)
+    "Don't re-read key files across SIGUSR1 or --ping-restart.")
+
+   (persist-tun?
+    (boolean #t)
+    "Don't close and reopen TUN/TAP device or run up/down scripts across
+SIGUSR1 or --ping-restart restarts.")
+
+   (verbosity
+    (number 3)
+    "Verbosity level."))
+  ;; client-specific configuration
+  ((tls-auth
+    (tls-auth-client #f)
+    "Add an additional layer of HMAC authentication on top of the TLS control
+channel to protect against DoS attacks.")
+
+   (verify-key-usage?
+    (key-usage #t)
+    "Whether to check the server certificate has server usage extension.")
+
+   (bind?
+    (bind #f)
+    "Bind to a specific local port number.")
+
+   (resolv-retry?
+    (resolv-retry #t)
+    "Retry resolving server address.")
+
+   (remote
+    (openvpn-remote-list '())
+    "A list of remote servers to connect to."))
+  ;; server-specific configuration
+  ((tls-auth
+    (tls-auth-server #f)
+    "Add an additional layer of HMAC authentication on top of the TLS control
+channel to protect against DoS attacks.")
+
+   (port
+    (number 1194)
+    "Specifies the port number on which the server listens.")
+
+   (server
+    (ip-mask "10.8.0.0 255.255.255.0")
+    "An ip and mask specifying the subnet inside the virtual network.")
+
+   (server-ipv6
+    (cidr6 #f)
+    "A CIDR notation specifying the IPv6 subnet inside the virtual network.")
+
+   (dh
+    (string "/etc/openvpn/dh2048.pem")
+    "The Diffie-Hellman parameters file.")
+
+   (ifconfig-pool-persist
+    (string "/etc/openvpn/ipp.txt")
+    "The file that records client IPs.")
+
+   (redirect-gateway?
+    (gateway #f)
+    "When true, the server will act as a gateway for its clients.")
+
+   (client-to-client?
+    (boolean #f)
+    "When true, clients are alowed to talk to each other inside the VPN.")
+
+   (keepalive
+    (keepalive '(10 120))
+    "Causes ping-like messages to be sent back and forth over the link so that
+each side knows when the other side has gone down. @code{keepalive} requires
+a pair. The first element is the period of the ping sending, and the second
+element is the timeout before considering the other side down.")
+
+   (max-clients
+    (number 100)
+    "The maximum number of clients.")
+
+   (status
+    (string "/var/run/openvpn/status")
+    "The status file. This file shows a small report on current connection. It
+is trunkated and rewritten every minute.")
+
+   (client-config-dir
+    (openvpn-ccd-list '())
+    "The list of configuration for some clients.")))
+
+(define (openvpn-config-file role config)
+  (let ((config-str
+         (with-output-to-string
+           (lambda ()
+             (serialize-configuration config
+                                      (match role
+                                        ('server
+                                         openvpn-server-configuration-fields)
+                                        ('client
+                                         openvpn-client-configuration-fields))))))
+        (ccd-dir (match role
+                   ('server (create-ccd-directory
+                             (openvpn-server-configuration-client-config-dir
+                              config)))
+                   ('client #f))))
+    (computed-file "openvpn.conf"
+                   #~(begin
+                       (use-modules (ice-9 match))
+                       (call-with-output-file #$output
+                         (lambda (port)
+                           (match '#$role
+                             ('server (display "" port))
+                             ('client (display "client\n" port)))
+                           (display #$config-str port)
+                           (match '#$role
+                             ('server (display
+                                       (string-append "client-config-dir "
+                                                      #$ccd-dir "\n") port))
+                             ('client (display "" port)))))))))
+
+(define (openvpn-shepherd-service role)
+  (lambda (config)
+    (let* ((config-file (openvpn-config-file role config))
+           (pid-file ((match role
+                        ('server openvpn-server-configuration-pid-file)
+                        ('client openvpn-client-configuration-pid-file))
+                      config))
+           (openvpn ((match role
+                       ('server openvpn-server-configuration-openvpn)
+                       ('client openvpn-client-configuration-openvpn))
+                     config))
+           (log-file (match role
+                       ('server "/var/log/openvpn-server.log")
+                       ('client "/var/log/openvpn-client.log"))))
+      (list (shepherd-service
+             (documentation (string-append "Run the OpenVPN "
+                                           (match role
+                                             ('server "server")
+                                             ('client "client"))
+                                           " daemon."))
+             (provision (match role
+                          ('server '(vpn-server))
+                          ('client '(vpn-client))))
+             (requirement '(networking))
+             (start #~(make-forkexec-constructor
+                       (list (string-append #$openvpn "/sbin/openvpn")
+                             "--writepid" #$pid-file "--config" #$config-file
+                             "--daemon")
+                       #:pid-file #$pid-file))
+             (stop #~(make-kill-destructor)))))))
+
+(define %openvpn-accounts
+  (list (user-group (name "openvpn") (system? #t))
+        (user-account
+         (name "openvpn")
+         (group "openvpn")
+         (system? #t)
+         (comment "Openvpn daemon user")
+         (home-directory "/var/empty")
+         (shell (file-append shadow "/sbin/nologin")))))
+
+(define %openvpn-activation
+  #~(begin
+      (use-modules (guix build utils))
+      (mkdir-p "/var/run/openvpn")))
+
+(define openvpn-server-service-type
+  (service-type (name 'openvpn-server)
+                (extensions
+                 (list (service-extension shepherd-root-service-type
+                                          (openvpn-shepherd-service 'server))
+                       (service-extension account-service-type
+                                          (const %openvpn-accounts))
+                       (service-extension activation-service-type
+                                          (const %openvpn-activation))))))
+
+(define openvpn-client-service-type
+  (service-type (name 'openvpn-client)
+                (extensions
+                 (list (service-extension shepherd-root-service-type
+                                          (openvpn-shepherd-service 'client))
+                       (service-extension account-service-type
+                                          (const %openvpn-accounts))
+                       (service-extension activation-service-type
+                                          (const %openvpn-activation))))))
+
+(define* (openvpn-client-service #:key (config (openvpn-client-configuration)))
+  (validate-configuration config openvpn-client-configuration-fields)
+  (service openvpn-client-service-type config))
+
+(define* (openvpn-server-service #:key (config (openvpn-server-configuration)))
+  (validate-configuration config openvpn-server-configuration-fields)
+  (service openvpn-server-service-type config))
+
+(define (generate-openvpn-server-documentation)
+  (generate-documentation
+   `((openvpn-server-configuration
+      ,openvpn-server-configuration-fields
+      (ccd openvpn-ccd-configuration))
+     (openvpn-ccd-configuration ,openvpn-ccd-configuration-fields))
+   'openvpn-server-configuration))
+
+(define (generate-openvpn-client-documentation)
+  (generate-documentation
+   `((openvpn-client-configuration
+      ,openvpn-client-configuration-fields
+      (remote openvpn-remote-configuration))
+     (openvpn-remote-configuration ,openvpn-remote-configuration-fields))
+   'openvpn-client-configuration))
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index db895405a2..11408d7b0e 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -1,8 +1,9 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
-;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Copyright © 2016 Julien Lepiller <julien@lepiller.eu>
+;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -33,6 +34,12 @@
             nginx-configuration?
             nginx-server-configuration
             nginx-server-configuration?
+            nginx-upstream-configuration
+            nginx-upstream-configuration?
+            nginx-location-configuration
+            nginx-location-configuration?
+            nginx-named-location-configuration
+            nginx-named-location-configuration?
             nginx-service
             nginx-service-type))
 
@@ -53,6 +60,8 @@
                        (default (list 'default)))
   (root                nginx-server-configuration-root
                        (default "/srv/http"))
+  (locations           nginx-server-configuration-locations
+                       (default '()))
   (index               nginx-server-configuration-index
                        (default (list "index.html")))
   (ssl-certificate     nginx-server-configuration-ssl-certificate
@@ -62,14 +71,41 @@
   (server-tokens?      nginx-server-configuration-server-tokens?
                        (default #f)))
 
+(define-record-type* <nginx-upstream-configuration>
+  nginx-upstream-configuration make-nginx-upstream-configuration
+  nginx-upstream-configuration?
+  (name                nginx-upstream-configuration-name)
+  (servers             nginx-upstream-configuration-servers))
+
+(define-record-type* <nginx-location-configuration>
+  nginx-location-configuration make-nginx-location-configuration
+  nginx-location-configuration?
+  (uri                 nginx-location-configuration-uri
+                       (default #f))
+  (body                nginx-location-configuration-body))
+
+(define-record-type* <nginx-named-location-configuration>
+  nginx-named-location-configuration make-nginx-named-location-configuration
+  nginx-named-location-configuration?
+  (name                nginx-named-location-configuration-name
+                       (default #f))
+  (body                nginx-named-location-configuration-body))
+
 (define-record-type* <nginx-configuration>
   nginx-configuration make-nginx-configuration
   nginx-configuration?
-  (nginx         nginx-configuration-nginx)         ;<package>
-  (log-directory nginx-configuration-log-directory) ;string
-  (run-directory nginx-configuration-run-directory) ;string
-  (server-blocks nginx-configuration-server-blocks) ;list
-  (file          nginx-configuration-file))         ;string | file-like
+  (nginx         nginx-configuration-nginx          ;<package>
+                 (default nginx))
+  (log-directory nginx-configuration-log-directory  ;string
+                 (default "/var/log/nginx"))
+  (run-directory nginx-configuration-run-directory  ;string
+                 (default "/var/run/nginx"))
+  (server-blocks nginx-configuration-server-blocks
+                 (default '()))          ;list of <nginx-server-configuration>
+  (upstream-blocks nginx-configuration-upstream-blocks
+                   (default '()))      ;list of <nginx-upstream-configuration>
+  (file          nginx-configuration-file         ;#f | string | file-like
+                 (default #f)))
 
 (define (config-domain-strings names)
  "Return a string denoting the nginx config representation of NAMES, a list
@@ -88,6 +124,19 @@ of index files."
         ((? string? str) (string-append str " ")))
        names)))
 
+(define nginx-location-config
+  (match-lambda
+    (($ <nginx-location-configuration> uri body)
+     (string-append
+      "      location " uri " {\n"
+      "        " (string-join body "\n    ") "\n"
+      "      }\n"))
+    (($ <nginx-named-location-configuration> name body)
+     (string-append
+      "      location @" name " {\n"
+      "        " (string-join body "\n    ") "\n"
+      "      }\n"))))
+
 (define (default-nginx-server-config server)
   (string-append
    "    server {\n"
@@ -116,11 +165,23 @@ of index files."
    "      index " (config-index-strings (nginx-server-configuration-index server)) ";\n"
    "      server_tokens " (if (nginx-server-configuration-server-tokens? server)
                               "on" "off") ";\n"
+   "\n"
+   (string-join
+    (map nginx-location-config (nginx-server-configuration-locations server))
+    "\n")
+   "    }\n"))
+
+(define (nginx-upstream-config upstream)
+  (string-append
+   "    upstream " (nginx-upstream-configuration-name upstream) " {\n"
+   (string-concatenate
+    (map (lambda (server)
+           (simple-format #f "      server ~A;\n" server))
+         (nginx-upstream-configuration-servers upstream)))
    "    }\n"))
 
-(define (default-nginx-config log-directory run-directory server-list)
-  (plain-file "nginx.conf"
-              (string-append
+(define (default-nginx-config log-directory run-directory server-list upstream-list)
+  (mixed-text-file "nginx.conf"
                "user nginx nginx;\n"
                "pid " run-directory "/pid;\n"
                "error_log " log-directory "/error.log info;\n"
@@ -131,12 +192,18 @@ of index files."
                "    uwsgi_temp_path " run-directory "/uwsgi_temp;\n"
                "    scgi_temp_path " run-directory "/scgi_temp;\n"
                "    access_log " log-directory "/access.log;\n"
+               "\n"
+               (string-join
+                (filter (lambda (section) (not (null? section)))
+                        (map nginx-upstream-config upstream-list))
+                "\n")
+               "\n"
                (let ((http (map default-nginx-server-config server-list)))
                  (do ((http http (cdr http))
                       (block "" (string-append (car http) "\n" block )))
                      ((null? http) block)))
                "}\n"
-               "events {}\n")))
+               "events {}\n"))
 
 (define %nginx-accounts
   (list (user-group (name "nginx") (system? #t))
@@ -151,7 +218,7 @@ of index files."
 (define nginx-activation
   (match-lambda
     (($ <nginx-configuration> nginx log-directory run-directory server-blocks
-                              config-file)
+                              upstream-blocks config-file)
      #~(begin
          (use-modules (guix build utils))
 
@@ -169,13 +236,13 @@ of index files."
          (system* (string-append #$nginx "/sbin/nginx")
                   "-c" #$(or config-file
                              (default-nginx-config log-directory
-                               run-directory server-blocks))
+                               run-directory server-blocks upstream-blocks))
                   "-t")))))
 
 (define nginx-shepherd-service
   (match-lambda
     (($ <nginx-configuration> nginx log-directory run-directory server-blocks
-                              config-file)
+                              upstream-blocks config-file)
      (let* ((nginx-binary (file-append nginx "/sbin/nginx"))
             (nginx-action
              (lambda args
@@ -184,7 +251,7 @@ of index files."
                     (system* #$nginx-binary "-c"
                              #$(or config-file
                                    (default-nginx-config log-directory
-                                     run-directory server-blocks))
+                                     run-directory server-blocks upstream-blocks))
                              #$@args))))))
 
        ;; TODO: Add 'reload' action.
@@ -216,6 +283,7 @@ of index files."
                         (log-directory "/var/log/nginx")
                         (run-directory "/var/run/nginx")
                         (server-list '())
+                        (upstream-list '())
                         (config-file #f))
   "Return a service that runs NGINX, the nginx web server.
 
@@ -227,4 +295,5 @@ files in LOG-DIRECTORY, and stores temporary runtime files in RUN-DIRECTORY."
             (log-directory log-directory)
             (run-directory run-directory)
             (server-blocks server-list)
+            (upstream-blocks upstream-list)
             (file config-file))))
diff --git a/gnu/system.scm b/gnu/system.scm
index 4e57f975e6..1006c842c9 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
@@ -293,8 +293,7 @@ a container or that of a \"bare metal\" system."
          (other-fs  (non-boot-file-system-service os))
          (unmount   (user-unmount-service known-fs))
          (swaps     (swap-services os))
-         (procs     (user-processes-service
-                     (service-parameters other-fs)))
+         (procs     (user-processes-service))
          (host-name (host-name-service (operating-system-host-name os)))
          (entries   (operating-system-directory-base-entries
                      os #:container? container?)))
diff --git a/gnu/system/examples/bare-bones.tmpl b/gnu/system/examples/bare-bones.tmpl
index 87e8d1e93c..222ddda579 100644
--- a/gnu/system/examples/bare-bones.tmpl
+++ b/gnu/system/examples/bare-bones.tmpl
@@ -8,7 +8,7 @@
 (operating-system
   (host-name "komputilo")
   (timezone "Europe/Berlin")
-  (locale "en_US.UTF-8")
+  (locale "en_US.utf8")
 
   ;; Assuming /dev/sdX is the target hard disk, and "my-root" is
   ;; the label of the target root file system.
diff --git a/gnu/system/examples/desktop.tmpl b/gnu/system/examples/desktop.tmpl
index 21b4563b53..8b02659478 100644
--- a/gnu/system/examples/desktop.tmpl
+++ b/gnu/system/examples/desktop.tmpl
@@ -9,7 +9,7 @@
 (operating-system
   (host-name "antelope")
   (timezone "Europe/Paris")
-  (locale "en_US.UTF-8")
+  (locale "en_US.utf8")
 
   ;; Assuming /dev/sdX is the target hard disk, and "my-root"
   ;; is the label of the target root file system.
diff --git a/gnu/system/examples/lightweight-desktop.tmpl b/gnu/system/examples/lightweight-desktop.tmpl
index 91e7d0b562..131c43af77 100644
--- a/gnu/system/examples/lightweight-desktop.tmpl
+++ b/gnu/system/examples/lightweight-desktop.tmpl
@@ -9,7 +9,7 @@
 (operating-system
   (host-name "antelope")
   (timezone "Europe/Paris")
-  (locale "en_US.UTF-8")
+  (locale "en_US.utf8")
 
   ;; Assuming /dev/sdX is the target hard disk, and "my-root"
   ;; is the label of the target root file system.
diff --git a/gnu/system/file-systems.scm b/gnu/system/file-systems.scm
index 4cc1221eb8..7011a279d3 100644
--- a/gnu/system/file-systems.scm
+++ b/gnu/system/file-systems.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -18,8 +18,8 @@
 
 (define-module (gnu system file-systems)
   #:use-module (ice-9 match)
+  #:use-module (srfi srfi-1)
   #:use-module (guix records)
-  #:use-module (guix store)
   #:use-module ((gnu build file-systems)
                 #:select (string->uuid uuid->string))
   #:re-export (string->uuid
@@ -63,7 +63,11 @@
             file-system-mapping-target
             file-system-mapping-writable?
 
-            %store-mapping))
+            file-system-mapping->bind-mount
+
+            %store-mapping
+            %network-configuration-files
+            %network-file-mappings))
 
 ;;; Commentary:
 ;;;
@@ -95,11 +99,53 @@
   (dependencies     file-system-dependencies      ; list of <file-system>
                     (default '())))               ; or <mapped-device>
 
-(define-inlinable (file-system-needed-for-boot? fs)
-  "Return true if FS has the 'needed-for-boot?' flag set, or if it's the root
-file system."
+;; Note: This module is used both on the build side and on the host side.
+;; Arrange not to pull (guix store) and (guix config) because the latter
+;; differs from user to user.
+(define (%store-prefix)
+  "Return the store prefix."
+  (cond ((resolve-module '(guix store) #:ensure #f)
+         =>
+         (lambda (store)
+           ((module-ref store '%store-prefix))))
+        ((getenv "NIX_STORE")
+         => identity)
+        (else
+         "/gnu/store")))
+
+(define %not-slash
+  (char-set-complement (char-set #\/)))
+
+(define (file-prefix? file1 file2)
+  "Return #t if FILE1 denotes the name of a file that is a parent of FILE2,
+where both FILE1 and FILE2 are absolute file name.  For example:
+
+  (file-prefix? \"/gnu\" \"/gnu/store\")
+  => #t
+
+  (file-prefix? \"/gn\" \"/gnu/store\")
+  => #f
+"
+  (and (string-prefix? "/" file1)
+       (string-prefix? "/" file2)
+       (let loop ((file1 (string-tokenize file1 %not-slash))
+                  (file2 (string-tokenize file2 %not-slash)))
+         (match file1
+           (()
+            #t)
+           ((head1 tail1 ...)
+            (match file2
+              ((head2 tail2 ...)
+               (and (string=? head1 head2) (loop tail1 tail2)))
+              (()
+               #f)))))))
+
+(define (file-system-needed-for-boot? fs)
+  "Return true if FS has the 'needed-for-boot?' flag set, or if it holds the
+store--e.g., if FS is the root file system."
   (or (%file-system-needed-for-boot? fs)
-      (string=? "/" (file-system-mount-point fs))))
+      (and (file-prefix? (file-system-mount-point fs) (%store-prefix))
+           (not (memq 'bind-mount (file-system-flags fs))))))
 
 (define (file-system->spec fs)
   "Return a list corresponding to file-system FS that can be passed to the
@@ -324,6 +370,21 @@ TARGET in the other system."
   (writable? file-system-mapping-writable?        ;Boolean
              (default #f)))
 
+(define (file-system-mapping->bind-mount mapping)
+  "Return a file system that realizes MAPPING, a <file-system-mapping>, using
+a bind mount."
+  (match mapping
+    (($ <file-system-mapping> source target writable?)
+     (file-system
+       (mount-point target)
+       (device source)
+       (type "none")
+       (flags (if writable?
+                  '(bind-mount)
+                  '(bind-mount read-only)))
+       (check? #f)
+       (create-mount-point? #t)))))
+
 (define %store-mapping
   ;; Mapping of the host's store into the guest.
   (file-system-mapping
@@ -331,4 +392,23 @@ TARGET in the other system."
    (target (%store-prefix))
    (writable? #f)))
 
+(define %network-configuration-files
+  ;; List of essential network configuration files.
+  '("/etc/resolv.conf"
+    "/etc/nsswitch.conf"
+    "/etc/services"
+    "/etc/hosts"))
+
+(define %network-file-mappings
+  ;; List of file mappings for essential network files.
+  (filter-map (lambda (file)
+                (file-system-mapping
+                 (source file)
+                 (target file)
+                 ;; XXX: On some GNU/Linux systems, /etc/resolv.conf is a
+                 ;; symlink to a file in a tmpfs which, for an unknown reason,
+                 ;; cannot be bind mounted read-only within the container.
+                 (writable? (string=? file "/etc/resolv.conf"))))
+              %network-configuration-files))
+
 ;;; file-systems.scm ends here
diff --git a/gnu/system/grub.scm b/gnu/system/grub.scm
index 067b291a5c..b18b8be6d7 100644
--- a/gnu/system/grub.scm
+++ b/gnu/system/grub.scm
@@ -27,7 +27,7 @@
   #:use-module (guix download)
   #:use-module (gnu artwork)
   #:use-module (gnu system file-systems)
-  #:autoload   (gnu packages grub) (grub)
+  #:autoload   (gnu packages bootloaders) (grub)
   #:autoload   (gnu packages compression) (gzip)
   #:autoload   (gnu packages gtk) (guile-cairo guile-rsvg)
   #:use-module (ice-9 match)
@@ -94,8 +94,8 @@ denoting a file name."
 (define %background-image
   (grub-image
    (aspect-ratio 4/3)
-   (file #~(string-append #$%artwork-repository
-                          "/grub/GuixSD-fully-black-4-3.svg"))))
+   (file (file-append %artwork-repository
+                      "/grub/GuixSD-fully-black-4-3.svg"))))
 
 (define %default-theme
   ;; Default theme contributed by Felipe López.
@@ -108,7 +108,7 @@ denoting a file name."
   grub-configuration make-grub-configuration
   grub-configuration?
   (grub            grub-configuration-grub           ; package
-                   (default (@ (gnu packages grub) grub)))
+                   (default (@ (gnu packages bootloaders) grub)))
   (device          grub-configuration-device)        ; string
   (menu-entries    grub-configuration-menu-entries   ; list
                    (default '()))
diff --git a/gnu/system/install.scm b/gnu/system/install.scm
index ad234fd9c1..3ec343570a 100644
--- a/gnu/system/install.scm
+++ b/gnu/system/install.scm
@@ -28,11 +28,11 @@
   #:use-module (gnu services shepherd)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages bash)
+  #:use-module (gnu packages bootloaders)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages cryptsetup)
   #:use-module (gnu packages package-management)
   #:use-module (gnu packages disk)
-  #:use-module (gnu packages grub)
   #:use-module (gnu packages texinfo)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages nvi)
@@ -388,7 +388,7 @@ Use Alt-F2 for documentation.
      (base-pam-services #:allow-empty-passwords? #t))
 
     (packages (cons* (canonical-package glibc) ;for 'tzselect' & co.
-                     parted ddrescue
+                     parted gptfdisk ddrescue
                      grub                  ;mostly so xrefs to its manual work
                      cryptsetup
                      mdadm
diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.scm
index 24e61c3ead..bceea41332 100644
--- a/gnu/system/linux-container.scm
+++ b/gnu/system/linux-container.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
-;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -30,25 +30,10 @@
   #:use-module (gnu services)
   #:use-module (gnu system)
   #:use-module (gnu system file-systems)
-  #:export (mapping->file-system
-            system-container
+  #:export (system-container
             containerized-operating-system
             container-script))
 
-(define (mapping->file-system mapping)
-  "Return a file system that realizes MAPPING."
-  (match mapping
-    (($ <file-system-mapping> source target writable?)
-     (file-system
-       (mount-point target)
-       (device source)
-       (type "none")
-       (flags (if writable?
-                  '(bind-mount)
-                  '(bind-mount read-only)))
-       (check? #f)
-       (create-mount-point? #t)))))
-
 (define (containerized-operating-system os mappings)
   "Return an operating system based on OS for use in a Linux container
 environment.  MAPPINGS is a list of <file-system-mapping> to realize in the
@@ -66,7 +51,7 @@ containerized OS."
             (operating-system-file-systems os)))
 
   (define (mapping->fs fs)
-    (file-system (inherit (mapping->file-system fs))
+    (file-system (inherit (file-system-mapping->bind-mount fs))
       (needed-for-boot? #t)))
 
   (operating-system (inherit os)
diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm
index 8ab861bf73..2959802c96 100644
--- a/gnu/system/mapped-devices.scm
+++ b/gnu/system/mapped-devices.scm
@@ -54,7 +54,7 @@
 (define-record-type* <mapped-device> mapped-device
   make-mapped-device
   mapped-device?
-  (source    mapped-device-source)                ;string
+  (source    mapped-device-source)                ;string | list of strings
   (target    mapped-device-target)                ;string
   (type      mapped-device-type))                 ;<mapped-device-kind>
 
diff --git a/gnu/system/shadow.scm b/gnu/system/shadow.scm
index cfdcf5e136..1acfcc4866 100644
--- a/gnu/system/shadow.scm
+++ b/gnu/system/shadow.scm
@@ -21,9 +21,11 @@
   #:use-module (guix records)
   #:use-module (guix gexp)
   #:use-module (guix store)
+  #:use-module (guix modules)
   #:use-module (guix sets)
   #:use-module (guix ui)
   #:use-module (gnu services)
+  #:use-module (gnu services shepherd)
   #:use-module ((gnu system file-systems)
                 #:select (%tty-gid))
   #:use-module ((gnu packages admin)
@@ -43,6 +45,7 @@
             user-account-supplementary-groups
             user-account-comment
             user-account-home-directory
+            user-account-create-home-directory?
             user-account-shell
             user-account-system?
 
@@ -81,7 +84,7 @@
   (create-home-directory? user-account-create-home-directory? ;Boolean
                           (default #t))
   (shell          user-account-shell              ; gexp
-                  (default #~(string-append #$bash "/bin/bash")))
+                  (default (file-append bash "/bin/bash")))
   (system?        user-account-system?            ; Boolean
                   (default #f)))
 
@@ -128,7 +131,7 @@
          (name "nobody")
          (uid 65534)
          (group "nogroup")
-         (shell #~(string-append #$shadow "/sbin/nologin"))
+         (shell (file-append shadow "/sbin/nologin"))
          (home-directory "/nonexistent")
          (create-home-directory? #f)
          (system? #t))))
@@ -288,6 +291,35 @@ group."
       (activate-users+groups (list #$@user-specs)
                              (list #$@group-specs))))
 
+(define (account-shepherd-service accounts+groups)
+  "Return a Shepherd service that creates the home directories for the user
+accounts among ACCOUNTS+GROUPS."
+  (define accounts
+    (filter user-account? accounts+groups))
+
+  ;; Create home directories only once 'file-systems' is up.  This makes sure
+  ;; they are created in the right place if /home lives on a separate
+  ;; partition.
+  ;;
+  ;; XXX: We arrange for this service to stop right after it's done its job so
+  ;; that 'guix system reconfigure' knows that it can reload it fearlessly
+  ;; (and thus create new home directories).  The cost of this hack is that
+  ;; there's a small window during which first-time logins could happen before
+  ;; the home directory has been created.
+  (list (shepherd-service
+         (requirement '(file-systems))
+         (provision '(user-homes))
+         (modules '((gnu build activation)))
+         (start (with-imported-modules (source-module-closure
+                                        '((gnu build activation)))
+                  #~(lambda ()
+                      (activate-user-home
+                       (list #$@(map user-account->gexp accounts)))
+                      #f)))                       ;stop
+         (stop #~(const #f))
+         (respawn? #f)
+         (documentation "Create user home directories."))))
+
 (define (shells-file shells)
   "Return a file-like object that builds a shell list for use as /etc/shells
 based on SHELLS.  /etc/shells is used by xterm, polkit, and other programs."
@@ -327,6 +359,8 @@ the /etc/skel directory for those."
                 (extensions
                  (list (service-extension activation-service-type
                                           account-activation)
+                       (service-extension shepherd-root-service-type
+                                          account-shepherd-service)
                        (service-extension etc-service-type
                                           etc-files)))))
 
diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm
index 1e680b85a2..8a35f7fbc5 100644
--- a/gnu/system/vm.scm
+++ b/gnu/system/vm.scm
@@ -31,6 +31,7 @@
   #:use-module ((gnu build vm)
                 #:select (qemu-command))
   #:use-module (gnu packages base)
+  #:use-module (gnu packages bootloaders)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages gawk)
   #:use-module (gnu packages bash)
@@ -38,7 +39,6 @@
   #:use-module (gnu packages qemu)
   #:use-module (gnu packages disk)
   #:use-module (gnu packages zile)
-  #:use-module (gnu packages grub)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages package-management)
   #:use-module ((gnu packages make-bootstrap)
diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm
index 6370d6951b..000a4ddecb 100644
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -77,10 +77,17 @@ When INITIALIZATION is true, it must be a one-argument procedure that is
 passed a gexp denoting the marionette, and it must return gexp that is
 inserted before the first test.  This is used to introduce an extra
 initialization step, such as entering a LUKS passphrase."
+  (define special-files
+    (service-parameters
+     (fold-services (operating-system-services os)
+                    #:target-type special-files-service-type)))
+
   (define test
-    (with-imported-modules '((gnu build marionette))
+    (with-imported-modules '((gnu build marionette)
+                             (guix build syscalls))
       #~(begin
           (use-modules (gnu build marionette)
+                       (guix build syscalls)
                        (srfi srfi-1)
                        (srfi srfi-26)
                        (srfi srfi-64)
@@ -118,6 +125,18 @@ grep --version
 info --version")
                                     marionette)))
 
+          (test-equal "special files"
+            '#$special-files
+            (marionette-eval
+             '(begin
+                (use-modules (ice-9 match))
+
+                (map (match-lambda
+                       ((file target)
+                        (list file (readlink file))))
+                     '#$special-files))
+             marionette))
+
           (test-assert "accounts"
             (let ((users (marionette-eval '(begin
                                              (use-modules (ice-9 match))
@@ -144,6 +163,63 @@ info --version")
                      (pk 'services services)
                      '(root #$@(operating-system-shepherd-service-names os)))))
 
+          (test-assert "homes"
+            (let ((homes
+                   '#$(map user-account-home-directory
+                           (filter user-account-create-home-directory?
+                                   (operating-system-user-accounts os)))))
+              (marionette-eval
+               `(begin
+                  (use-modules (gnu services herd) (srfi srfi-1))
+
+                  ;; Home directories are supposed to exist once 'user-homes'
+                  ;; has been started.
+                  (start-service 'user-homes)
+
+                  (every (lambda (home)
+                           (and (file-exists? home)
+                                (file-is-directory? home)))
+                         ',homes))
+               marionette)))
+
+          (test-assert "skeletons in home directories"
+            (let ((users+homes
+                   '#$(filter-map (lambda (account)
+                                    (and (user-account-create-home-directory?
+                                          account)
+                                         (not (user-account-system? account))
+                                         (list (user-account-name account)
+                                               (user-account-home-directory
+                                                account))))
+                                  (operating-system-user-accounts os))))
+              (marionette-eval
+               `(begin
+                  (use-modules (srfi srfi-1) (ice-9 ftw)
+                               (ice-9 match))
+
+                  (every (match-lambda
+                           ((user home)
+                            ;; Make sure HOME has all the skeletons...
+                            (and (null? (lset-difference string=?
+                                                         (scandir "/etc/skel/")
+                                                         (scandir home)))
+
+                                 ;; ... and that everything is user-owned.
+                                 (let* ((pw  (getpwnam user))
+                                        (uid (passwd:uid pw))
+                                        (gid (passwd:gid pw))
+                                        (st  (lstat home)))
+                                   (define (user-owned? file)
+                                     (= uid (stat:uid (lstat file))))
+
+                                   (and (= uid (stat:uid st))
+                                        (eq? 'directory (stat:type st))
+                                        (every user-owned?
+                                               (find-files home
+                                                           #:directories? #t)))))))
+                         ',users+homes))
+               marionette)))
+
           (test-equal "login on tty1"
             "root\n"
             (begin
@@ -176,6 +252,45 @@ info --version")
                           (apply throw args)))))
                marionette)))
 
+          ;; There should be one utmpx entry for the user logged in on tty1.
+          (test-equal "utmpx entry"
+            '(("root" "tty1" #f))
+            (marionette-eval
+             '(begin
+                (use-modules (guix build syscalls)
+                             (srfi srfi-1))
+
+                (filter-map (lambda (entry)
+                              (and (equal? (login-type USER_PROCESS)
+                                           (utmpx-login-type entry))
+                                   (list (utmpx-user entry) (utmpx-line entry)
+                                         (utmpx-host entry))))
+                            (utmpx-entries)))
+             marionette))
+
+          ;; Likewise for /var/log/wtmp (used by 'last').
+          (test-assert "wtmp entry"
+            (match (marionette-eval
+                    '(begin
+                       (use-modules (guix build syscalls)
+                                    (srfi srfi-1))
+
+                       (define (entry->list entry)
+                         (list (utmpx-user entry) (utmpx-line entry)
+                               (utmpx-host entry) (utmpx-login-type entry)))
+
+                       (call-with-input-file "/var/log/wtmp"
+                         (lambda (port)
+                           (let loop ((result '()))
+                             (if (eof-object? (peek-char port))
+                                 (map entry->list (reverse result))
+                                 (loop (cons (read-utmpx port) result)))))))
+                    marionette)
+              (((users lines hosts types) ..1)
+               (every (lambda (type)
+                        (eqv? type (login-type LOGIN_PROCESS)))
+                      types))))
+
           (test-assert "host name resolution"
             (match (marionette-eval
                     '(begin
diff --git a/gnu/tests/install.scm b/gnu/tests/install.scm
index ae54154c5c..b104efcfd5 100644
--- a/gnu/tests/install.scm
+++ b/gnu/tests/install.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -35,6 +35,7 @@
   #:use-module (guix utils)
   #:export (%test-installed-os
             %test-separate-store-os
+            %test-separate-home-os
             %test-raid-root-os
             %test-encrypted-os
             %test-btrfs-root-os))
@@ -218,7 +219,6 @@ IMAGE, a disk image.  The QEMU VM is has access to MEMORY-SIZE MiB of RAM."
                   "-no-reboot" "-m" #$(number->string memory-size)
                   "-drive" "file=disk.img,if=virtio")))))
 
-
 (define %test-installed-os
   (system-test
    (name "installed-os")
@@ -234,6 +234,64 @@ build (current-guix) and then store a couple of full system images.")
 
 
 ;;;
+;;; Separate /home.
+;;;
+
+(define-os-with-source (%separate-home-os %separate-home-os-source)
+  ;; The OS we want to install.
+  (use-modules (gnu) (gnu tests) (srfi srfi-1))
+
+  (operating-system
+    (host-name "liberigilo")
+    (timezone "Europe/Paris")
+    (locale "en_US.utf8")
+
+    (bootloader (grub-configuration (device "/dev/vdb")))
+    (kernel-arguments '("console=ttyS0"))
+    (file-systems (cons* (file-system
+                           (device "my-root")
+                           (title 'label)
+                           (mount-point "/")
+                           (type "ext4"))
+                         (file-system
+                           (device "none")
+                           (title 'device)
+                           (type "tmpfs")
+                           (mount-point "/home")
+                           (type "tmpfs"))
+                         %base-file-systems))
+    (users (cons* (user-account
+                   (name "alice")
+                   (group "users")
+                   (home-directory "/home/alice"))
+                  (user-account
+                   (name "charlie")
+                   (group "users")
+                   (home-directory "/home/charlie"))
+                  %base-user-accounts))
+    (services (cons (service marionette-service-type
+                             (marionette-configuration
+                              (imported-modules '((gnu services herd)
+                                                  (guix combinators)))))
+                    %base-services))))
+
+(define %test-separate-home-os
+  (system-test
+   (name "separate-home-os")
+   (description
+    "Test basic functionality of an installed OS with a separate /home
+partition.  In particular, home directories must be correctly created (see
+<https://bugs.gnu.org/21108>).")
+   (value
+    (mlet* %store-monad ((image   (run-install %separate-home-os
+                                               %separate-home-os-source
+                                               #:script
+                                               %simple-installation-script))
+                         (command (qemu-command/writable-image image)))
+      (run-basic-test %separate-home-os command "separate-home-os")))))
+
+
+;;;
 ;;; Separate /gnu/store partition.
 ;;;
 
@@ -257,8 +315,7 @@ build (current-guix) and then store a couple of full system images.")
                            (device "store-fs")
                            (title 'label)
                            (mount-point "/gnu")
-                           (type "ext4")
-                           (needed-for-boot? #t)) ;definitely!
+                           (type "ext4"))
                          %base-file-systems))
     (users %base-user-accounts)
     (services (cons (service marionette-service-type
diff --git a/gnu/tests/messaging.scm b/gnu/tests/messaging.scm
new file mode 100644
index 0000000000..b0c8254ce0
--- /dev/null
+++ b/gnu/tests/messaging.scm
@@ -0,0 +1,194 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu tests messaging)
+  #:use-module (gnu tests)
+  #:use-module (gnu system)
+  #:use-module (gnu system grub)
+  #:use-module (gnu system file-systems)
+  #:use-module (gnu system shadow)
+  #:use-module (gnu system vm)
+  #:use-module (gnu services)
+  #:use-module (gnu services base)
+  #:use-module (gnu services messaging)
+  #:use-module (gnu services networking)
+  #:use-module (gnu packages messaging)
+  #:use-module (guix gexp)
+  #:use-module (guix store)
+  #:use-module (guix monads)
+  #:export (%test-prosody))
+
+(define %base-os
+  (operating-system
+    (host-name "komputilo")
+    (timezone "Europe/Berlin")
+    (locale "en_US.UTF-8")
+
+    (bootloader (grub-configuration (device "/dev/sdX")))
+    (file-systems %base-file-systems)
+    (firmware '())
+    (users %base-user-accounts)
+    (services (cons (dhcp-client-service)
+                    %base-services))))
+
+(define (os-with-service service)
+  "Return a test operating system that runs SERVICE."
+  (operating-system
+    (inherit %base-os)
+    (services (cons service
+                    (operating-system-user-services %base-os)))))
+
+(define (run-xmpp-test name xmpp-service pid-file create-account)
+  "Run a test of an OS running XMPP-SERVICE, which writes its PID to PID-FILE."
+  (mlet* %store-monad ((os -> (marionette-operating-system
+                               (os-with-service xmpp-service)
+                               #:imported-modules '((gnu services herd))))
+                       (command (system-qemu-image/shared-store-script
+                                 os #:graphic? #f))
+                       (username -> "alice")
+                       (server -> "localhost")
+                       (jid -> (string-append username "@" server))
+                       (password -> "correct horse battery staple")
+                       (port -> 15222)
+                       (message -> "hello world")
+                       (witness -> "/tmp/freetalk-witness"))
+
+    (define script.ft
+      (scheme-file
+       "script.ft"
+       #~(begin
+           (define (handle-received-message time from nickname message)
+             (define (touch file-name)
+               (call-with-output-file file-name (const #t)))
+             (when (equal? message #$message)
+               (touch #$witness)))
+           (add-hook! ft-message-receive-hook handle-received-message)
+
+           (ft-set-jid! #$jid)
+           (ft-set-password! #$password)
+           (ft-set-server! #$server)
+           (ft-set-port! #$port)
+           (ft-set-sslconn! #f)
+           (ft-connect-blocking)
+           (ft-send-message #$jid #$message)
+
+           (ft-set-daemon)
+           (ft-main-loop))))
+
+    (define test
+      (with-imported-modules '((gnu build marionette))
+        #~(begin
+            (use-modules (gnu build marionette)
+                         (srfi srfi-64))
+
+            (define marionette
+              ;; Enable TCP forwarding of the guest's port 5222.
+              (make-marionette (list #$command "-net"
+                                     (string-append "user,hostfwd=tcp::"
+                                                    (number->string #$port)
+                                                    "-:5222"))))
+
+            (define (guest-wait-for-file file)
+              ;; Wait until FILE exists in the guest; 'read' its content and
+              ;; return it.
+              (marionette-eval
+               `(let loop ((i 10))
+                  (cond ((file-exists? ,file)
+                         (call-with-input-file ,file read))
+                        ((> i 0)
+                         (begin
+                           (sleep 1))
+                         (loop (- i 1)))
+                        (else
+                         (error "file didn't show up" ,file))))
+               marionette))
+
+            (define (host-wait-for-file file)
+              ;; Wait until FILE exists in the host.
+              (let loop ((i 60))
+                (cond ((file-exists? file)
+                       #t)
+                      ((> i 0)
+                       (begin
+                         (sleep 1))
+                       (loop (- i 1)))
+                      (else
+                       (error "file didn't show up" file)))))
+
+            (mkdir #$output)
+            (chdir #$output)
+
+            (test-begin "xmpp")
+
+            ;; Wait for XMPP service to be up and running.
+            (test-eq "service running"
+              'running!
+              (marionette-eval
+               '(begin
+                  (use-modules (gnu services herd))
+                  (start-service 'xmpp-daemon)
+                  'running!)
+               marionette))
+
+            ;; Check XMPP service's PID.
+            (test-assert "service process id"
+              (let ((pid (number->string (guest-wait-for-file #$pid-file))))
+                (marionette-eval `(file-exists? (string-append "/proc/" ,pid))
+                                 marionette)))
+
+            ;; Alice sends an XMPP message to herself, with Freetalk.
+            (test-assert "client-to-server communication"
+              (let ((freetalk-bin (string-append #$freetalk "/bin/freetalk")))
+                (marionette-eval '(system* #$create-account #$jid #$password)
+                                 marionette)
+                ;; Freetalk requires write access to $HOME.
+                (setenv "HOME" "/tmp")
+                (system* freetalk-bin "-s" #$script.ft)
+                (host-wait-for-file #$witness)))
+
+            (test-end)
+            (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+    (gexp->derivation name test)))
+
+(define %create-prosody-account
+  (program-file
+   "create-account"
+   #~(begin
+       (use-modules (ice-9 match))
+       (match (command-line)
+         ((command jid password)
+          (let ((password-input (format #f "\"~a~%~a\"" password password))
+                (prosodyctl #$(file-append prosody "/bin/prosodyctl")))
+            (system (string-join
+                     `("echo" ,password-input "|" ,prosodyctl "adduser" ,jid)
+                     " "))))))))
+
+(define %test-prosody
+  (let* ((config (prosody-configuration
+                  (virtualhosts
+                   (list
+                    (virtualhost-configuration
+                     (domain "localhost")))))))
+    (system-test
+     (name "prosody")
+     (description "Connect to a running Prosody daemon.")
+     (value (run-xmpp-test name
+                           (service prosody-service-type config)
+                           (prosody-configuration-pidfile config)
+                           %create-prosody-account)))))
diff --git a/gnu/tests/web.scm b/gnu/tests/web.scm
new file mode 100644
index 0000000000..bae0e8fad7
--- /dev/null
+++ b/gnu/tests/web.scm
@@ -0,0 +1,146 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu tests web)
+  #:use-module (gnu tests)
+  #:use-module (gnu system)
+  #:use-module (gnu system grub)
+  #:use-module (gnu system file-systems)
+  #:use-module (gnu system shadow)
+  #:use-module (gnu system vm)
+  #:use-module (gnu services)
+  #:use-module (gnu services base)
+  #:use-module (gnu services web)
+  #:use-module (gnu services networking)
+  #:use-module (guix gexp)
+  #:use-module (guix store)
+  #:use-module (guix monads)
+  #:export (%test-nginx))
+
+(define %index.html-contents
+  ;; Contents of the /index.html file served by nginx.
+  "Hello, nginx!")
+
+(define %make-http-root
+  ;; Create our server root in /srv.
+  #~(begin
+      (mkdir "/srv")
+      (call-with-output-file "/srv/index.html"
+        (lambda (port)
+          (display #$%index.html-contents port)))))
+
+(define %nginx-servers
+  ;; Server blocks.
+  (list (nginx-server-configuration
+         (root "/srv")
+         (http-port 8042)
+         (https-port #f)
+         (ssl-certificate #f)
+         (ssl-certificate-key #f))))
+
+(define %nginx-os
+  ;; Operating system under test.
+  (operating-system
+    (host-name "komputilo")
+    (timezone "Europe/Berlin")
+    (locale "en_US.utf8")
+
+    (bootloader (grub-configuration (device "/dev/sdX")))
+    (file-systems %base-file-systems)
+    (firmware '())
+    (users %base-user-accounts)
+    (services (cons* (dhcp-client-service)
+                     (service nginx-service-type
+                              (nginx-configuration
+                               (log-directory "/var/log/nginx")
+                               (server-blocks %nginx-servers)))
+                     (simple-service 'make-http-root activation-service-type
+                                     %make-http-root)
+                     %base-services))))
+
+(define* (run-nginx-test #:optional (http-port 8042))
+  "Run tests in %NGINX-OS, which has nginx running and listening on
+HTTP-PORT."
+  (mlet* %store-monad ((os ->   (marionette-operating-system
+                                 %nginx-os
+                                 #:imported-modules '((gnu services herd)
+                                                      (guix combinators))))
+                       (command (system-qemu-image/shared-store-script
+                                 os #:graphic? #f)))
+    (define test
+      (with-imported-modules '((gnu build marionette))
+        #~(begin
+            (use-modules (srfi srfi-11) (srfi srfi-64)
+                         (gnu build marionette)
+                         (web uri)
+                         (web client)
+                         (web response))
+
+            (define marionette
+              ;; Forward the guest's HTTP-PORT, where nginx is listening, to
+              ;; port 8080 in the host.
+              (make-marionette (list #$command "-net"
+                                     (string-append
+                                      "user,hostfwd=tcp::8080-:"
+                                      #$(number->string http-port)))))
+
+            (mkdir #$output)
+            (chdir #$output)
+
+            (test-begin "nginx")
+
+            ;; Wait for nginx to be up and running.
+            (test-eq "service running"
+              'running!
+              (marionette-eval
+               '(begin
+                  (use-modules (gnu services herd))
+                  (start-service 'nginx)
+                  'running!)
+               marionette))
+
+            ;; Make sure the PID file is created.
+            (test-assert "PID file"
+              (marionette-eval
+               '(file-exists? "/var/run/nginx/pid")
+               marionette))
+
+            ;; Retrieve the index.html file we put in /srv.
+            (test-equal "http-get"
+              '(200 #$%index.html-contents)
+              (let-values (((response text)
+                            (http-get "http://localhost:8080/index.html"
+                                      #:decode-body? #t)))
+                (list (response-code response) text)))
+
+            ;; There should be a log file in here.
+            (test-assert "log file"
+              (marionette-eval
+               '(file-exists? "/var/log/nginx/access.log")
+               marionette))
+
+            (test-end)
+            (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+    (gexp->derivation "nginx-test" test)))
+
+(define %test-nginx
+  (system-test
+   (name "nginx")
+   (description "Connect to a running NGINX server.")
+   (value (run-nginx-test))))