summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2017-06-18 02:36:51 -0400
committerMark H Weaver <mhw@netris.org>2017-06-18 02:36:51 -0400
commit9d4385634d098cc0fb35bfe58179f7d855352e39 (patch)
tree653cfd7a6faecaf42129b1aa47703e7bd01bc471 /gnu
parenta6aff3528c32cc921bddd78b254678a1fc121f21 (diff)
parent96fd87c96bd6987a967575aaa931c5a7b1c84e21 (diff)
downloadguix-9d4385634d098cc0fb35bfe58179f7d855352e39.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu')
-rw-r--r--gnu/build/file-systems.scm4
-rw-r--r--gnu/build/marionette.scm17
-rw-r--r--gnu/local.mk17
-rw-r--r--gnu/packages.scm12
-rw-r--r--gnu/packages/abiword.scm4
-rw-r--r--gnu/packages/admin.scm12
-rw-r--r--gnu/packages/astronomy.scm12
-rw-r--r--gnu/packages/backup.scm4
-rw-r--r--gnu/packages/bioinformatics.scm32
-rw-r--r--gnu/packages/calcurse.scm18
-rw-r--r--gnu/packages/certs.scm4
-rw-r--r--gnu/packages/check.scm4
-rw-r--r--gnu/packages/crypto.scm13
-rw-r--r--gnu/packages/curl.scm4
-rw-r--r--gnu/packages/databases.scm17
-rw-r--r--gnu/packages/datastructures.scm4
-rw-r--r--gnu/packages/dns.scm4
-rw-r--r--gnu/packages/emacs.scm43
-rw-r--r--gnu/packages/embedded.scm26
-rw-r--r--gnu/packages/engineering.scm31
-rw-r--r--gnu/packages/enlightenment.scm18
-rw-r--r--gnu/packages/fonts.scm156
-rw-r--r--gnu/packages/freedesktop.scm36
-rw-r--r--gnu/packages/game-development.scm5
-rw-r--r--gnu/packages/games.scm14
-rw-r--r--gnu/packages/gnome.scm159
-rw-r--r--gnu/packages/gnunet.scm18
-rw-r--r--gnu/packages/gnuzilla.scm81
-rw-r--r--gnu/packages/haskell.scm391
-rw-r--r--gnu/packages/image.scm12
-rw-r--r--gnu/packages/java.scm22
-rw-r--r--gnu/packages/kde.scm11
-rw-r--r--gnu/packages/ldc.scm196
-rw-r--r--gnu/packages/libreoffice.scm5
-rw-r--r--gnu/packages/lighting.scm4
-rw-r--r--gnu/packages/linux.scm41
-rw-r--r--gnu/packages/mail.scm13
-rw-r--r--gnu/packages/mate.scm27
-rw-r--r--gnu/packages/mpd.scm4
-rw-r--r--gnu/packages/networking.scm17
-rw-r--r--gnu/packages/patches/crawl-upgrade-saves.patch83
-rw-r--r--gnu/packages/patches/gcc-4.6-gnu-inline.patch65
-rw-r--r--gnu/packages/patches/gspell-dash-test.patch20
-rw-r--r--gnu/packages/patches/guile-ssh-channel-finalization.patch28
-rw-r--r--gnu/packages/patches/libextractor-ffmpeg-3.patch360
-rw-r--r--gnu/packages/patches/libmwaw-CVE-2017-9433.patch33
-rw-r--r--gnu/packages/patches/nss-disable-long-b64-tests.patch34
-rw-r--r--gnu/packages/patches/nss-increase-test-timeout.patch6
-rw-r--r--gnu/packages/patches/osip-CVE-2017-7853.patch40
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5974.patch28
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5975.patch32
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5976.patch61
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5978.patch37
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5979.patch19
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5981.patch19
-rw-r--r--gnu/packages/photo.scm19
-rw-r--r--gnu/packages/python.scm70
-rw-r--r--gnu/packages/ruby.scm4
-rw-r--r--gnu/packages/selinux.scm10
-rw-r--r--gnu/packages/shells.scm6
-rw-r--r--gnu/packages/ssh.scm3
-rw-r--r--gnu/packages/statistics.scm4
-rw-r--r--gnu/packages/telephony.scm8
-rw-r--r--gnu/packages/tex.scm1274
-rw-r--r--gnu/packages/tmux.scm46
-rw-r--r--gnu/packages/version-control.scm4
-rw-r--r--gnu/packages/video.scm5
-rw-r--r--gnu/packages/web.scm49
-rw-r--r--gnu/packages/xfce.scm1
-rw-r--r--gnu/packages/xml.scm16
-rw-r--r--gnu/packages/zip.scm6
-rw-r--r--gnu/services/admin.scm116
-rw-r--r--gnu/services/cuirass.scm9
-rw-r--r--gnu/system/vm.scm10
-rw-r--r--gnu/tests/base.scm20
-rw-r--r--gnu/tests/messaging.scm18
-rw-r--r--gnu/tests/ssh.scm18
77 files changed, 3059 insertions, 1034 deletions
diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm
index 08f7d478ec..f9cc4088bb 100644
--- a/gnu/build/file-systems.scm
+++ b/gnu/build/file-systems.scm
@@ -419,6 +419,10 @@ warning and #f as the result."
                  #f)
                 ((= ENOMEDIUM errno)              ;for removable media
                  #f)
+                ((= EIO errno)                    ;unreadable hardware like audio CDs
+                 (format (current-error-port)
+                         "warning: failed to read from device '~a'~%" device)
+                 #f)
                 (else
                  (apply throw args))))))))
 
diff --git a/gnu/build/marionette.scm b/gnu/build/marionette.scm
index 506d6da420..424f2b6713 100644
--- a/gnu/build/marionette.scm
+++ b/gnu/build/marionette.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -25,6 +25,7 @@
   #:export (marionette?
             make-marionette
             marionette-eval
+            wait-for-file
             marionette-control
             marionette-screen-text
             wait-for-screen-text
@@ -164,6 +165,20 @@ QEMU monitor and to the guest's backdoor REPL."
      (newline repl)
      (read repl))))
 
+(define* (wait-for-file file marionette #:key (timeout 10))
+  "Wait until FILE exists in MARIONETTE; 'read' its content and return it.  If
+FILE has not shown up after TIMEOUT seconds, raise an error."
+  (marionette-eval
+   `(let loop ((i ,timeout))
+      (cond ((file-exists? ,file)
+             (call-with-input-file ,file read))
+            ((> i 0)
+             (sleep 1)
+             (loop (- i 1)))
+            (else
+             (error "file didn't show up" ,file))))
+   marionette))
+
 (define (marionette-control command marionette)
   "Run COMMAND in the QEMU monitor of MARIONETTE.  COMMAND is a string such as
 \"sendkey ctrl-alt-f1\" or \"screendump foo.ppm\" (info \"(qemu-doc)
diff --git a/gnu/local.mk b/gnu/local.mk
index 1d5c98094c..20351f3cd0 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -548,6 +548,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/cpufrequtils-fix-aclocal.patch		\
   %D%/packages/patches/cracklib-CVE-2016-6318.patch		\
   %D%/packages/patches/cracklib-fix-buffer-overflow.patch	\
+  %D%/packages/patches/crawl-upgrade-saves.patch		\
   %D%/packages/patches/crda-optional-gcrypt.patch		\
   %D%/packages/patches/crossmap-allow-system-pysam.patch	\
   %D%/packages/patches/csound-header-ordering.patch		\
@@ -600,6 +601,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/gcc-cross-environment-variables.patch	\
   %D%/packages/patches/gcc-libvtv-runpath.patch			\
   %D%/packages/patches/gcc-strmov-store-file-names.patch	\
+  %D%/packages/patches/gcc-4.6-gnu-inline.patch			\
   %D%/packages/patches/gcc-4.9.3-mingw-gthr-default.patch	\
   %D%/packages/patches/gcc-5.0-libvtv-runpath.patch		\
   %D%/packages/patches/gcc-5-source-date-epoch-1.patch		\
@@ -647,8 +649,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/guile-present-coding.patch		\
   %D%/packages/patches/guile-relocatable.patch			\
   %D%/packages/patches/guile-rsvg-pkgconfig.patch		\
-  %D%/packages/patches/guile-ssh-rexec-bug.patch		\
+  gnu/packages/patches/guile-ssh-channel-finalization.patch	\
   %D%/packages/patches/guile-ssh-double-free.patch		\
+  %D%/packages/patches/guile-ssh-rexec-bug.patch		\
   %D%/packages/patches/gtk2-respect-GUIX_GTK2_PATH.patch	\
   %D%/packages/patches/gtk2-respect-GUIX_GTK2_IM_MODULE_FILE.patch \
   %D%/packages/patches/gtk2-theme-paths.patch			\
@@ -721,7 +724,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch	\
   %D%/packages/patches/libevent-2.1-dns-tests.patch		\
   %D%/packages/patches/libevent-2.1-skip-failing-test.patch	\
-  %D%/packages/patches/libextractor-ffmpeg-3.patch		\
   %D%/packages/patches/libgit2-0.25.1-mtime-0.patch		\
   %D%/packages/patches/libgdata-fix-tests.patch			\
   %D%/packages/patches/libgdata-glib-duplicate-tests.patch	\
@@ -736,6 +738,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libmad-armv7-thumb-pt2.patch		\
   %D%/packages/patches/libmad-frame-length.patch		\
   %D%/packages/patches/libmad-mips-newgcc.patch			\
+  %D%/packages/patches/libmwaw-CVE-2017-9433.patch		\
   %D%/packages/patches/libsndfile-armhf-type-checks.patch	\
   %D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch	\
   %D%/packages/patches/libsndfile-CVE-2017-8362.patch		\
@@ -828,7 +831,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/ngircd-handle-zombies.patch		\
   %D%/packages/patches/ninja-zero-mtime.patch			\
   %D%/packages/patches/node-9077.patch				\
-  %D%/packages/patches/nss-disable-long-b64-tests.patch		\
   %D%/packages/patches/nss-increase-test-timeout.patch		\
   %D%/packages/patches/nss-pkgconfig.patch			\
   %D%/packages/patches/ntfs-3g-CVE-2017-0358.patch		\
@@ -852,6 +854,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/openssl-1.1.0-c-rehash-in.patch		\
   %D%/packages/patches/openssl-c-rehash-in.patch		\
   %D%/packages/patches/orpheus-cast-errors-and-includes.patch	\
+  %D%/packages/patches/osip-CVE-2017-7853.patch			\
   %D%/packages/patches/ots-no-include-missing-file.patch	\
   %D%/packages/patches/p7zip-CVE-2016-9296.patch			\
   %D%/packages/patches/p7zip-remove-unused-code.patch		\
@@ -1058,7 +1061,13 @@ dist_patch_DATA =						\
   %D%/packages/patches/xinetd-CVE-2013-4342.patch		\
   %D%/packages/patches/xmodmap-asprintf.patch 			\
   %D%/packages/patches/libyaml-CVE-2014-9130.patch 		\
-  %D%/packages/patches/zathura-plugindir-environment-variable.patch
+  %D%/packages/patches/zathura-plugindir-environment-variable.patch	\
+  %D%/packages/patches/zziplib-CVE-2017-5974.patch		\
+  %D%/packages/patches/zziplib-CVE-2017-5975.patch		\
+  %D%/packages/patches/zziplib-CVE-2017-5976.patch		\
+  %D%/packages/patches/zziplib-CVE-2017-5978.patch		\
+  %D%/packages/patches/zziplib-CVE-2017-5979.patch		\
+  %D%/packages/patches/zziplib-CVE-2017-5981.patch
 
 MISC_DISTRO_FILES =				\
   %D%/packages/ld-wrapper.in
diff --git a/gnu/packages.scm b/gnu/packages.scm
index 57907155fb..5629061788 100644
--- a/gnu/packages.scm
+++ b/gnu/packages.scm
@@ -29,6 +29,7 @@
   #:use-module ((guix build utils)
                 #:select ((package-name->name+version
                            . hyphen-separated-name->name+version)))
+  #:autoload   (guix profiles) (packages->manifest)
   #:use-module (ice-9 vlist)
   #:use-module (ice-9 match)
   #:use-module (srfi srfi-1)
@@ -53,7 +54,8 @@
             find-newest-available-packages
 
             specification->package
-            specification->package+output))
+            specification->package+output
+            specifications->manifest))
 
 ;;; Commentary:
 ;;;
@@ -278,3 +280,11 @@ version; if SPEC does not specify an output, return OUTPUT."
            (leave (G_ "package `~a' lacks output `~a'~%")
                   (package-full-name package)
                   sub-drv))))))
+
+(define (specifications->manifest specs)
+  "Given SPECS, a list of specifications such as \"emacs@25.2\" or
+\"guile:debug\", return a profile manifest."
+  ;; This procedure exists mostly so users of 'guix package -m' don't have to
+  ;; fiddle with multiple-value returns.
+  (packages->manifest
+   (map (compose list specification->package+output) specs)))
diff --git a/gnu/packages/abiword.scm b/gnu/packages/abiword.scm
index 30c2411df3..9a4acdc384 100644
--- a/gnu/packages/abiword.scm
+++ b/gnu/packages/abiword.scm
@@ -50,7 +50,7 @@
       (origin
         (method url-fetch)
         (uri
-          (string-append "http://abisource.org/downloads/" name "/" version
+          (string-append "https://www.abisource.com/downloads/" name "/" version
                          "/source/" name "-" version ".tar.gz"))
         (sha256
          (base32 "08imry821g81apdwym3gcs4nss0l9j5blqk31j5rv602zmcd9gxg"))
@@ -111,7 +111,7 @@
         ("glib:bin" ,glib "bin")
         ("libtool" ,libtool)
         ("pkg-config" ,pkg-config)))
-    (home-page "http://abisource.org/")
+    (home-page "https://www.abisource.com/")
     (synopsis "Word processing program")
 
     ;; HACKERS: The comment below is here so that it shows up early in the
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 79f1a4c2ba..3f960812a6 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -1359,14 +1359,14 @@ of supported upstream metrics systems simultaneously.")
 (define-public ansible
   (package
     (name "ansible")
-    (version "2.3.0.0")
+    (version "2.3.1.0")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "ansible" version))
        (sha256
         (base32
-         "0n54h8g6a6hcp41sasvjqa4yz1pwd8mshbwlcghj0sjnrl3kk7r9"))))
+         "1xdr82fy8gahxh3586wm5k1bxksys7yl1f2n24shrk8gf99qyjyd"))))
     (build-system python-build-system)
     (native-inputs
      `(("python2-pycrypto" ,python2-pycrypto)
@@ -1582,14 +1582,14 @@ done with the @code{auditctl} utility.")
 (define-public nmap
   (package
     (name "nmap")
-    (version "7.40")
+    (version "7.50")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://nmap.org/dist/nmap-" version
                                   ".tar.bz2"))
               (sha256
                (base32
-                "121i9mgyc28ra2825akd0ix5qyssv4xc2qlx296mam6hzxgnc54y"))
+                "1ckl2qxqxkrfa2qxdrqyaa4k1hhj273aqckrc46fijdz0a76mag9"))
               (modules '((guix build utils)))
               (snippet
                '(map delete-file-recursively
@@ -1701,7 +1701,7 @@ throughput (in the same interval).")
 (define-public thefuck
   (package
     (name "thefuck")
-    (version "3.16")
+    (version "3.18")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/nvbn/thefuck/archive/"
@@ -1709,7 +1709,7 @@ throughput (in the same interval).")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0jrhfxmj2asx4jdix9ks3fpl364ph8w9prhwpk4488aj1a0q4rak"))
+                "1xsvkqh89rgxq5w03mnlcfkn9y39nfwhb2pjabjspcc2mi2mq5y6"))
               (patches (search-patches "thefuck-test-environ.patch"))))
     (build-system python-build-system)
     (arguments
diff --git a/gnu/packages/astronomy.scm b/gnu/packages/astronomy.scm
index 2aa65d5880..879c6ba6a6 100644
--- a/gnu/packages/astronomy.scm
+++ b/gnu/packages/astronomy.scm
@@ -117,7 +117,7 @@ programs for the manipulation and analysis of astronomical data.")
 (define-public stellarium
   (package
     (name "stellarium")
-    (version "0.15.1")
+    (version "0.15.2")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://sourceforge/stellarium/"
@@ -125,7 +125,7 @@ programs for the manipulation and analysis of astronomical data.")
                                  version "/stellarium-" version ".tar.gz"))
              (sha256
               (base32
-               "04avigz8i8mi2x6x71bqr9np85n1p9qnvbj2hxr947f1jv22zr8g"))))
+               "19nxj482g1hh9qicgskpcgy61pri254jgxnkd10icxbnza4c0hv9"))))
     (build-system cmake-build-system)
     (inputs
      `(("qtbase" ,qtbase)
@@ -141,6 +141,14 @@ programs for the manipulation and analysis of astronomical data.")
     (arguments
       `(#:test-target "tests"
         #:phases (modify-phases %standard-phases
+                   (add-after 'unpack 'patch-version-check
+                     (lambda _
+                       ;; Previously-deprecated cmake variable vanished in
+                       ;; Qt 5.9.
+                       ;; See <https://bugreports.qt.io/browse/QTBUG-60936>.
+                       (substitute* "CMakeLists.txt"
+                         (("Qt5Core_VERSION_STRING") "Qt5Core_VERSION"))
+                       #t))
                    (add-before 'check 'set-offscreen-display
                      (lambda _
                        ;; make Qt render "offscreen", required for tests
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index b62438e4f1..1ef4e42015 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -118,7 +118,7 @@ spying and/or modification by the server.")
 (define-public par2cmdline
   (package
     (name "par2cmdline")
-    (version "0.7.1")
+    (version "0.7.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/Parchive/par2cmdline/archive/v"
@@ -126,7 +126,7 @@ spying and/or modification by the server.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0b2m90jmxm37zpvwcmhshdznnh3l5g5ahdx459a9ckgsxy77jkl9"))))
+                "0rsrca7903g08zrifv4102gkxrhmzvgwd1sb6vw9pa00qhzsfkzs"))))
     (native-inputs
      `(("automake" ,automake)
        ("autoconf" ,autoconf)))
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index b47f136935..b9d641ec34 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -97,7 +97,8 @@
   #:use-module (gnu packages xml)
   #:use-module (gnu packages xorg)
   #:use-module (gnu packages zip)
-  #:use-module (srfi srfi-1))
+  #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-26))
 
 (define-public r-ape
   (package
@@ -2094,7 +2095,7 @@ identify enrichments with functional annotations of the genome.")
 (define-public diamond
   (package
     (name "diamond")
-    (version "0.9.6")
+    (version "0.9.8")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2103,7 +2104,7 @@ identify enrichments with functional annotations of the genome.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1y8a10b695pvgn7kk2s87jdwbdf7iszpnr6139pw8ina1ajs4w8y"))))
+                "04f501vj3i95i2b4n60831k00ljalifrq33419bbz0y3sjlmcnj3"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f ; no "check" target
@@ -2718,19 +2719,26 @@ comment or quality sections.")
        ("zlib" ,zlib)))
     (build-system gnu-build-system)
     (arguments
-     `(#:make-flags '("FORCE_DYNAMIC=1") ; use shared libs
+     `(#:make-flags
+       '(,@(if (any (cute string-prefix? <> (or (%current-system)
+                                                (%current-target-system)))
+                    '("x86_64" "mips64el" "aarch64"))
+             '("FORCE_DYNAMIC=1") ; use shared libs
+             '("FORCE_DYNAMIC=1" "FORCE_32BIT=1")))
        #:phases
        (modify-phases %standard-phases
          (delete 'configure)
          (add-before 'build 'bin-mkdir
-                     (lambda _
-                       (mkdir-p "bin")))
+          (lambda _
+            (mkdir-p "bin")
+            #t))
          (replace 'install
-                  (lambda* (#:key outputs #:allow-other-keys)
-                    (let ((out (assoc-ref outputs "out")))
-                      (install-file "bin/gemma"
-                                    (string-append
-                                     out "/bin"))))))
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (install-file "bin/gemma"
+                             (string-append
+                              out "/bin")))
+             #t)))
        #:tests? #f)) ; no tests included yet
     (home-page "https://github.com/xiangzhou/GEMMA")
     (synopsis "Tool for genome-wide efficient mixed model association")
@@ -9527,7 +9535,7 @@ applications for tackling some common problems in a user-friendly way.")
      "TADbit is a complete Python library to deal with all steps to analyze,
 model, and explore 3C-based data.  With TADbit the user can map FASTQ files to
 obtain raw interaction binned matrices (Hi-C like matrices), normalize and
-correct interaction matrices, identify adn compare the so-called
+correct interaction matrices, identify and compare the so-called
 @dfn{Topologically Associating Domains} (TADs), build 3D models from the
 interaction matrices, and finally, extract structural properties from the
 models.  TADbit is complemented by TADkit for visualizing 3D models.")
diff --git a/gnu/packages/calcurse.scm b/gnu/packages/calcurse.scm
index f66fbdb636..20a9a8fb47 100644
--- a/gnu/packages/calcurse.scm
+++ b/gnu/packages/calcurse.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014, 2015 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2014, 2015, 2017 Eric Bavier <bavier@member.fsf.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -22,12 +22,13 @@
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages)
+  #:use-module (gnu packages base)
   #:use-module (gnu packages ncurses))
 
 (define-public calcurse
   (package
     (name "calcurse")
-    (version "4.0.0")
+    (version "4.2.2")
     (source
      (origin
       (method url-fetch)
@@ -35,14 +36,21 @@
                           version ".tar.gz"))
       (sha256
        (base32
-        "0d33cpkbhyidvm3xx6iw9ljqdvl6477c2kcwix3bs63nj0ch06v2"))))
+        "0il0y06akdqgy0f9p40m4x6arn66nh7sr1w1i41bszycs7div266"))))
     (build-system gnu-build-system)
-    (inputs `(("ncurses" ,ncurses)))
+    (inputs `(("ncurses" ,ncurses)
+              ("tzdata" ,tzdata)))
     (arguments
      ;; The ical tests all want to create a ".calcurse" directory, and may
      ;; fail with "cannot create directory '.calcurse': File exists" if run
      ;; concurently.
-     '(#:parallel-tests? #f))
+     '(#:parallel-tests? #f
+       #:phases (modify-phases %standard-phases
+                  (add-before 'check 'check-setup
+                    (lambda* (#:key inputs #:allow-other-keys)
+                      (setenv "TZDIR"   ;for test/ical-007.sh
+                              (string-append (assoc-ref inputs "tzdata")
+                                             "/share/zoneinfo")))))))
     (home-page "http://www.calcurse.org")
     (synopsis "Text-based calendar and scheduling")
     (description
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 85a8badc55..2441de6631 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -74,7 +74,7 @@
 (define-public nss-certs
   (package
     (name "nss-certs")
-    (version "3.30.2")
+    (version "3.31")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -85,7 +85,7 @@
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "096frzvyp3z257x84rxknscfgsbavzh2a0gyibx7kvmw4vzpfjhd"))))
+                "0pd643a8ns7q5az5ai3ascrw666i2kbfiyy1c9hlhw9jd8jn21g9"))))
     (build-system gnu-build-system)
     (outputs '("out"))
     (native-inputs
diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm
index ea91200a65..4b59ac567d 100644
--- a/gnu/packages/check.scm
+++ b/gnu/packages/check.scm
@@ -181,13 +181,13 @@ format.")
 (define-public cppcheck
   (package
     (name "cppcheck")
-    (version "1.78")
+    (version "1.79")
     (source (origin
       (method url-fetch)
       (uri (string-append "https://github.com/danmar/cppcheck/archive/"
                           version ".tar.gz"))
       (sha256
-       (base32 "1dnizw0rfj6faqgnmg8qh6njr9q89j8brhba7qmx2i47vl0qj11i"))
+       (base32 "1qf7l0hx2k2qsc1rm3gh00bc0hwf9wqkrvrk08141yjj2js2y8lw"))
       (file-name (string-append name "-" version ".tar.gz"))))
     (build-system cmake-build-system)
     (home-page "http://cppcheck.sourceforge.net")
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index f8631a6dbb..6f02d8691d 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -5,7 +5,7 @@
 ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox>
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
-;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2016, 2017 Eric Bavier <bavier@member.fsf.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -315,18 +315,18 @@ no man page, refer to the home page for usage details.")
 (define-public tomb
   (package
     (name "tomb")
-    (version "2.3")
+    (version "2.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://files.dyne.org/tomb/"
                                   "Tomb-" version ".tar.gz"))
               (sha256
                (base32
-                "1j90ab8x4cf10167yw4cs4frz694gb0qwkhgqiz1ly7mnr8ysmby"))))
+                "1hv1w79as7swqj0n137vz8n8mwvcgwlvd91sdyssz41jarg7f1vr"))))
     (build-system gnu-build-system)
+    (native-inputs `(("sudo" ,sudo)))   ;presence needed for 'check' phase
     (inputs
      `(("zsh" ,zsh)
-       ("sudo" ,sudo)
        ("gnupg" ,gnupg)
        ("cryptsetup" ,cryptsetup)
        ("e2fsprogs" ,e2fsprogs)         ;for mkfs.ext4
@@ -334,8 +334,7 @@ no man page, refer to the home page for usage details.")
        ("mlocate" ,mlocate)
        ("pinentry" ,pinentry)
        ("qrencode" ,qrencode)
-       ("steghide" ,steghide)
-       ("swish-e" ,swish-e)))
+       ("steghide" ,steghide)))
     (arguments
      `(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
        ;; TODO: Build and install gtk and qt trays
@@ -358,7 +357,7 @@ no man page, refer to the home page for usage details.")
                                  (error "program not found:" program)))
                            '("seq" "mkfs.ext4" "pinentry" "sudo"
                              "gpg" "cryptsetup" "gettext"
-                             "qrencode" "steghide" "swish-e")))))
+                             "qrencode" "steghide")))))
                #t)))
          (delete 'check)
          (add-after 'wrap 'check
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 420b9bacc1..af15aa38c4 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -40,14 +40,14 @@
 (define-public curl
   (package
    (name "curl")
-   (version "7.54.0")
+   (version "7.54.1")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://curl.haxx.se/download/curl-"
                                 version ".tar.lzma"))
             (sha256
              (base32
-              "02h7qhl8ynp75g1vcaw18ks0gp7nahvvkqck19pb1q0kkw1scsnd"))))
+              "0vnv3cz0s1l5cjby86hm0x6pgzqijmdm97qa9q5px200956z6yib"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"))                             ;1.2 MiB of man3 pages
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 0d252ed91d..a05ba6b726 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -459,7 +459,8 @@ as a drop-in replacement of MySQL.")
                 "1imrjp4vfslxj5rrvphcrrk21zv8kqw3gacmwradixh1d5rv6i8n"))))
     (build-system gnu-build-system)
     (arguments
-     `(#:phases
+     `(#:configure-flags '("--with-uuid=e2fs")
+       #:phases
        (modify-phases %standard-phases
          (add-before 'configure 'patch-/bin/sh
                      (lambda _
@@ -467,9 +468,16 @@ as a drop-in replacement of MySQL.")
                        (substitute* '("src/bin/pg_ctl/pg_ctl.c"
                                       "src/bin/psql/command.c")
                          (("/bin/sh") (which "sh")))
-                       #t)))))
+                       #t))
+         (add-after 'build 'build-contrib
+           (lambda _
+             (zero? (system* "make" "-C" "contrib"))))
+         (add-after 'install 'install-contrib
+           (lambda _
+             (zero? (system* "make" "-C" "contrib" "install")))))))
     (inputs
      `(("readline" ,readline)
+       ("libuuid" ,util-linux)
        ("zlib" ,zlib)))
     (home-page "https://www.postgresql.org/")
     (synopsis "Powerful object-relational database system")
@@ -1210,6 +1218,7 @@ sets, bitmaps and hyperloglogs.")
     (arguments
      `(#:configure-flags
        (list
+        "--disable-opt" ;"-march=native". XXX this also turns off -O0.
         (string-append "LDFLAGS=-Wl,-rpath="
                        (assoc-ref %outputs "out") "/lib"))))
     (inputs `(("zlib" ,zlib)))
@@ -1326,14 +1335,14 @@ trees (LSM), for sustained throughput under random insert workloads.")
 (define-public lmdb
   (package
     (name "lmdb")
-    (version "0.9.18")
+    (version "0.9.21")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/LMDB/lmdb/archive/"
                                   "LMDB_" version ".tar.gz"))
               (sha256
                (base32
-                "12crvzxky8in99ibh22k4ppmkgqs28yy3v7yy944za7fsrqv8dfx"))))
+                "0ndmj07hkm2ic60z1f4rdscxs7pq45hk9fibjyv5nhfclhsvd1qi"))))
     (build-system gnu-build-system)
     (arguments
      `(#:test-target "test"
diff --git a/gnu/packages/datastructures.scm b/gnu/packages/datastructures.scm
index 79068a54d0..36318ee04e 100644
--- a/gnu/packages/datastructures.scm
+++ b/gnu/packages/datastructures.scm
@@ -97,14 +97,14 @@ in between these sequences may be different in both content and length.")
 (define-public liburcu
   (package
     (name "liburcu")
-    (version "0.9.3")
+    (version "0.10.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.lttng.org/files/urcu/"
                                   "userspace-rcu-" version ".tar.bz2"))
               (sha256
                (base32
-                "01j0xp3f0w147yfyzybkjvb7i67i7prsvnkssgvgwry9lvk35khv"))))
+                "141imnd1s4bcd4wz0wk7sp3fj649kp8whp82gw49h48mlmxqmdbw"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("perl" ,perl)))                 ; for tests
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index 7f1d18f2b0..2e4d8fd18e 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -93,7 +93,7 @@ and BOOTP/TFTP for network booting of diskless machines.")
 (define-public isc-bind
   (package
     (name "bind")
-    (version "9.11.1")
+    (version "9.11.1-P1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -101,7 +101,7 @@ and BOOTP/TFTP for network booting of diskless machines.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "1chhphaa4lmfxj9daqsxph5ng4h3qq51jx21rj2i6an8ynah0192"))))
+                "0f56bhkxx7bga3f1a4whlm8fh5q8lz7ah97fdayp310vsn43w6vb"))))
     (build-system gnu-build-system)
     (outputs `("out" "utils"))
     (inputs
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index a4cb4a0b3a..99b9b06011 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -1740,6 +1740,29 @@ keep pressing the key until it selects what you want.  There's also
 column by drawing a thin line down the length of the editing window.")
     (license license:gpl3+)))
 
+(define-public emacs-inf-ruby
+  (package
+    (name "emacs-inf-ruby")
+    (version "2.5.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/nonsequitur/inf-ruby/"
+                           "archive/" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0m7323k649ckxql1grsdnf71bjhys7l4qb8wbpphb1mr1q8i4066"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/nonsequitur/inf-ruby")
+    (synopsis "Provides a REPL buffer connected to a Ruby subprocess in Emacs")
+    (description
+     "@code{inf-ruby} provides a Read Eval Print Loop (REPL) buffer, allowing
+for easy interaction with a ruby subprocess.  Features include support for
+detecting specific uses of Ruby, e.g. when using rails, and using a
+appropriate console.")
+    (license license:gpl3+)))
+
 (define-public emacs-znc
   (package
     (name "emacs-znc")
@@ -2780,7 +2803,7 @@ highlighted.  Pressing that character will switch to that window.")
 (define-public emacs-iedit
   (package
     (name "emacs-iedit")
-    (version "0.9.9")
+    (version "0.9.9.9")
     (source
      (origin
        (method url-fetch)
@@ -2789,7 +2812,7 @@ highlighted.  Pressing that character will switch to that window.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "00v86zllcsivmiibigbr91qij2zdf1lr9db8z8again1sn63wkdj"))))
+         "1hv8q6pr85ss9g3158l1fqv3m62vsq8rslsi86jicr2dcxyascr0"))))
     (build-system emacs-build-system)
     (home-page "http://www.emacswiki.org/emacs/Iedit")
     (synopsis "Edit multiple regions in the same way simultaneously")
@@ -3097,7 +3120,7 @@ strings, and code folding.")
 (define-public emacs-markdown-mode
   (package
     (name "emacs-markdown-mode")
-    (version "2.1")
+    (version "2.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://raw.githubusercontent.com/jrblevin"
@@ -3106,7 +3129,7 @@ strings, and code folding.")
               (file-name (string-append "markdown-mode-" version ".el"))
               (sha256
                (base32
-                "1faibar32jnjia9202swblw91q6z1g5s4k9xmypwjahfh8yznl6w"))))
+                "04isd2sdnms9acpmkd6n7b7y7j0x2kank2kry0zwbxs3bwdavgav"))))
     (build-system emacs-build-system)
     (home-page "http://jblevins.org/projects/markdown-mode/")
     (synopsis "Emacs Major mode for Markdown files")
@@ -3144,7 +3167,7 @@ If you want to mark a folder manually as a project just create an empty
 (define-public emacs-elfeed
   (package
     (name "emacs-elfeed")
-    (version "2.1.0")
+    (version "2.1.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/skeeto/elfeed/archive/"
@@ -3152,7 +3175,7 @@ If you want to mark a folder manually as a project just create an empty
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "145glas04zd0s2rmnif46vhyijs4z03v871gfp1dcrwxvvvns8ap"))))
+                "1wlwc8fbkg6w1c8p856ikc20xm72f51clnzz419p0g8cavy27npw"))))
     (build-system emacs-build-system)
     (arguments
      `(#:phases
@@ -3305,7 +3328,7 @@ that uses the standard completion function completing-read.")
 (define-public emacs-yaml-mode
   (package
     (name "emacs-yaml-mode")
-    (version "0.0.12")
+    (version "0.0.13")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://raw.githubusercontent.com/yoshiki"
@@ -3313,7 +3336,7 @@ that uses the standard completion function completing-read.")
               (file-name (string-append "yaml-mode-" version ".el"))
               (sha256
                (base32
-                "17wq433ycli0qx4gdhgrmb392qblm6y2dwcyn38j5ja1lasfb0ax"))))
+                "0im88sk9dqw03x6d6zaspgvg9i0pfpgb8f2zygrmbifh2w4pwmvj"))))
     (build-system emacs-build-system)
     (home-page "https://github.com/yoshiki/yaml-mode")
     (synopsis "Major mode for editing YAML files")
@@ -3351,7 +3374,7 @@ Dust.js, React/JSX, Angularjs, ejs, etc.")
 (define-public emacs-helm
   (package
     (name "emacs-helm")
-    (version "2.7.0")
+    (version "2.7.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -3360,7 +3383,7 @@ Dust.js, React/JSX, Angularjs, ejs, etc.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1scdirpclgq3pi1j2c90gqaaqg1pgvasp98f4jqw8c5xbqcr7jdw"))))
+                "0pay8pi3fszykgskfbxsp4byad497cgfz4m886mxnkba1naxf6h7"))))
     (build-system emacs-build-system)
     (propagated-inputs
      `(("emacs-async" ,emacs-async)
diff --git a/gnu/packages/embedded.scm b/gnu/packages/embedded.scm
index b9b8e84685..b81eedbd80 100644
--- a/gnu/packages/embedded.scm
+++ b/gnu/packages/embedded.scm
@@ -488,6 +488,28 @@ with a layered architecture of JTAG interface and TAP support.")
       (home-page "https://github.com/totalspectrum/gcc-propeller")
       (synopsis "GCC for the Parallax Propeller"))))
 
+(define-public propeller-gcc-4
+  (let ((xgcc propeller-gcc)
+        (commit "f1b01001b760d691a91ff1db4830d41bb712557f")
+        (revision "1"))
+    (package (inherit xgcc)
+      (name "propeller-gcc")
+      (version (string-append "4.6.1-" revision "." (string-take commit 9)))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/dbetz/propgcc-gcc.git")
+                      (commit commit)))
+                (file-name (string-append name "-" commit "-checkout"))
+                (sha256
+                 (base32
+                  "15mxrhk2v4vqmdkvcqy33ag1wrg9x9q20kx2w33kkw8pkrijknbi"))
+                (patches
+                 (append
+                  (origin-patches (package-source gcc-4.7))
+                  (search-patches "gcc-4.6-gnu-inline.patch")))))
+      (home-page "https://github.com/dbetz/propgcc-gcc"))))
+
 ;; There is no release, so we take the latest version as referenced from here:
 ;; https://github.com/dbetz/propeller-gcc
 (define-public proplib
@@ -654,7 +676,7 @@ upload binaries to a Parallax Propeller micro-controller.")
 (define-public spin2cpp
   (package
     (name "spin2cpp")
-    (version "3.4.0")
+    (version "3.6.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/totalspectrum/spin2cpp/"
@@ -662,7 +684,7 @@ upload binaries to a Parallax Propeller micro-controller.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "00i8i0dspd5115ggkv5vx2xqb21l6y38wz0bakgby8n3b4k9xnk0"))))
+                "0v5vzh69bp1r2byrpz12rql1w24ff2v9msr31596zq6hd6n82lnh"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ;; The tests assume that a micro-controller is connected.
diff --git a/gnu/packages/engineering.scm b/gnu/packages/engineering.scm
index 7ad93653e9..c171e2629a 100644
--- a/gnu/packages/engineering.scm
+++ b/gnu/packages/engineering.scm
@@ -44,6 +44,7 @@
   #:use-module (gnu packages curl)
   #:use-module (gnu packages flex)
   #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages freedesktop)
   #:use-module (gnu packages gd)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages ghostscript)
@@ -57,6 +58,7 @@
   #:use-module (gnu packages linux)               ;FIXME: for pcb
   #:use-module (gnu packages m4)
   #:use-module (gnu packages maths)
+  #:use-module (gnu packages ncurses)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
@@ -812,3 +814,32 @@ the 'showing the effect of'-style of operation.")
 for mathematical functions.  It also provides an machine-independent
 interface to select the best such procedures to use on a given system.")
     (license license:gpl3+)))
+
+(define-public minicom
+  (package
+    (name "minicom")
+    (version "2.7.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://alioth.debian.org/frs/download.php/"
+                           "file/4215/" name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1wa1l36fa4npd21xa9nz60yrqwkk5cq713fa3p5v0zk7g9mq6bsk"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags '("--enable-lock-dir=/var/lock")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-lock-check
+           (lambda _
+             (substitute* "configure"
+               (("test -d [$]UUCPLOCK") "true"))
+             #t)))))
+    (inputs
+     `(("ncurses" ,ncurses)))
+    (home-page "https://alioth.debian.org/projects/minicom/")
+    (synopsis "Serial terminal emulator")
+    (description "@code{minicom} is a serial terminal emulator.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm
index 165ca50ce1..6487446336 100644
--- a/gnu/packages/enlightenment.scm
+++ b/gnu/packages/enlightenment.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2015 Tomáš Čech <sleep_walker@suse.cz>
 ;;; Copyright © 2015 Daniel Pimentel <d4n1@member.fsf.org>
 ;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 ng0 <ng0@no-reply.pragmatique.xyz>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -208,7 +209,19 @@ Libraries with some extra bells and whistles.")
                 "1xvngjdsa0p901vfhrh2qpa50k32hwwhc8bgi16a9b5d9byzfhvn"))))
     (build-system gnu-build-system)
     (arguments
-     `(#:configure-flags '("--enable-mount-eeze")))
+     `(#:configure-flags '("--enable-mount-eeze")
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'fix-keyboard
+           (lambda _
+             (let ((xkeyboard (assoc-ref %build-inputs "xkeyboard-config")))
+               ;; We need to patch the path to 'base.lst' to be able
+               ;; to switch the keyboard layout in E.
+               (substitute* "src/modules/xkbswitch/e_mod_parse.c"
+                 (("/usr/share/X11/xkb/rules/xorg.lst")
+                  (string-append xkeyboard
+                                 "/share/X11/xkb/rules/base.lst")))
+               #t))))))
     (native-inputs
      `(("gettext" ,gettext-minimal)
        ("pkg-config" ,pkg-config)))
@@ -220,7 +233,8 @@ Libraries with some extra bells and whistles.")
        ("libxcb" ,libxcb)
        ("libxext" ,libxext)
        ("linux-pam" ,linux-pam)
-       ("xcb-util-keysyms" ,xcb-util-keysyms)))
+       ("xcb-util-keysyms" ,xcb-util-keysyms)
+       ("xkeyboard-config" ,xkeyboard-config)))
     (home-page "https://www.enlightenment.org/about-enlightenment")
     (synopsis "Lightweight desktop environment")
     (description
diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm
index 59e60dc292..4d61f0fccf 100644
--- a/gnu/packages/fonts.scm
+++ b/gnu/packages/fonts.scm
@@ -555,28 +555,13 @@ fonts.")
     (version "2.005")
     (source
      (origin
-       (method url-fetch)
+       (method url-fetch/zipbomb)
        (uri (string-append "http://www.gust.org.pl/projects/e-foundry/"
                            "tex-gyre/whole/tg-" version "otf.zip"))
        (sha256
         (base32
          "0kph9l3g7jb2bpmxdbdg5zl56wacmnvdvsdn7is1gc750sqvsn31"))))
-    (build-system trivial-build-system)
-    (arguments
-     `(#:modules ((guix build utils))
-       #:builder
-       (begin
-         (use-modules (guix build utils))
-
-         (let ((unzip    (string-append (assoc-ref %build-inputs "unzip")
-                                        "/bin/unzip"))
-               (font-dir (string-append %output "/share/fonts/opentype")))
-           (mkdir-p font-dir)
-           (system* unzip
-                    (assoc-ref %build-inputs "source")
-                    "-d" font-dir)))))
-    (native-inputs
-     `(("unzip" ,unzip)))
+    (build-system font-build-system)
     (home-page "http://www.gust.org.pl/projects/e-foundry/tex-gyre/")
     (synopsis "Remake of Ghostscript fonts")
     (description "The TeX Gyre collection of fonts is the result of an
@@ -598,28 +583,7 @@ Heros, Pagella, Schola, Termes.")
               (sha256
                (base32
                 "1asj6lykvxh46czbal7ymy2k861zlcdqpz8x3s5bbpqwlm3mhrl6"))))
-    (build-system trivial-build-system)
-    (arguments
-     `(#:modules ((guix build utils))
-       #:builder
-       (begin
-         (use-modules (guix build utils))
-         (let ((unzip (string-append (assoc-ref %build-inputs "unzip")
-                                     "/bin/unzip"))
-               (font-dir (string-append %output "/share/fonts/truetype"))
-               (doc-dir  (string-append %output "/share/doc/" ,name)))
-           (system* unzip (assoc-ref %build-inputs "source"))
-           (mkdir-p font-dir)
-           (mkdir-p doc-dir)
-           (chdir (string-append "AnonymousPro-" ,version ".001"))
-           (for-each (lambda (ttf)
-                       (install-file ttf font-dir))
-                     (find-files "." "\\.ttf$"))
-           (for-each (lambda (doc)
-                       (install-file doc doc-dir))
-                     (find-files "." "\\.txt$"))))))
-    (native-inputs
-     `(("unzip" ,unzip)))
+    (build-system font-build-system)
     (home-page "http://www.marksimonson.com/fonts/view/anonymous-pro")
     (synopsis "Fixed-width fonts designed with coding in mind")
     (description "Anonymous Pro is a family of four fixed-width fonts designed
@@ -740,27 +704,7 @@ display all Unicode symbols.")
        (sha256
         (base32
          "0spscx08fad7i8qs7icns96iwcapniq8lwwqqvbf7bamvs8qfln4"))))
-    (native-inputs `(("unzip" ,unzip)))
-    (build-system trivial-build-system)
-    (arguments
-     `(#:modules ((guix build utils))
-       #:builder (begin
-                   (use-modules (guix build utils)
-                                (srfi srfi-26))
-
-                   (let ((PATH (string-append (assoc-ref %build-inputs
-                                                         "unzip")
-                                              "/bin"))
-                         (font-dir (string-append %output
-                                                  "/share/fonts/truetype")))
-                     (setenv "PATH" PATH)
-                     (system* "unzip" (assoc-ref %build-inputs "source"))
-
-                     (mkdir-p font-dir)
-                     (chdir "roboto-hinted")
-                     (for-each (lambda (ttf)
-                                 (install-file ttf font-dir))
-                               (find-files "." "\\.ttf$"))))))
+    (build-system font-build-system)
     (home-page "https://github.com/google/roboto")
     (synopsis "The Roboto family of fonts")
     (description
@@ -782,33 +726,7 @@ visual language \"Material Design\".")
               (sha256
                (base32
                 "13liaz2pmww3aqabm55la5npd08m1skh334ky7qfidxaz5s742iv"))))
-    (build-system trivial-build-system)
-    (arguments
-     `(#:modules ((guix build utils))
-       #:builder
-       (begin
-         (use-modules (guix build utils))
-
-         (let ((tar      (string-append (assoc-ref %build-inputs "tar")
-                                        "/bin/tar"))
-               (PATH     (string-append (assoc-ref %build-inputs "gzip")
-                                        "/bin"))
-               (font-dir (string-append %output "/share/fonts/truetype"))
-               (doc-dir  (string-append %output "/share/doc/" ,name)))
-           (setenv "PATH" PATH)
-           (system* tar "xvf" (assoc-ref %build-inputs "source"))
-           (mkdir-p font-dir)
-           (mkdir-p doc-dir)
-           (chdir (string-append "un-fonts"))
-           (for-each (lambda (ttf)
-                       (install-file ttf font-dir))
-                     (find-files "." "\\.ttf$"))
-           (for-each (lambda (doc)
-                       (install-file doc doc-dir))
-                     '("COPYING" "README"))))))
-    (native-inputs
-     `(("tar" ,tar)
-       ("gzip" ,gzip)))
+    (build-system font-build-system)
     (home-page "https://kldp.net/projects/unfonts/")
     (synopsis "Collection of Korean fonts")
     (description
@@ -876,7 +794,7 @@ glyph designs, not just an added slant.")
     (name "font-hack")
     (version "2.020")
     (source (origin
-              (method url-fetch)
+              (method url-fetch/zipbomb)
               (uri (string-append
                     "https://github.com/chrissimpkins/Hack/releases/download/v"
                     version "/Hack-v"
@@ -885,28 +803,7 @@ glyph designs, not just an added slant.")
               (sha256
                (base32
                 "16kkmc3psckw1b7k07ccn1gi5ymhlg9djh43nqjzg065g6p6d184"))))
-    (build-system trivial-build-system)
-    (arguments
-     `(#:modules ((guix build utils))
-       #:builder (begin
-                   (use-modules (guix build utils)
-                                (srfi srfi-26))
-
-                   (let ((PATH     (string-append (assoc-ref %build-inputs
-                                                             "unzip")
-                                                  "/bin"))
-                         (font-dir (string-append %output
-                                                  "/share/fonts/truetype")))
-                     (setenv "PATH" PATH)
-                     (system* "unzip" (assoc-ref %build-inputs "source"))
-
-                     (mkdir-p font-dir)
-                     (for-each (lambda (ttf)
-                                 (install-file ttf font-dir))
-                               (find-files "." "\\.ttf$"))))))
-    (native-inputs
-     `(("source" ,source)
-       ("unzip" ,unzip)))
+    (build-system font-build-system)
     (home-page "https://sourcefoundry.org/hack/")
     (synopsis "Typeface designed for source code")
     (description
@@ -933,26 +830,7 @@ Powerline support.")
               (sha256
                (base32
                 "0arhhsf3i7ss39ykn73d1j8k4n8vx7115xph6jwkd970p1cxvr54"))))
-    (build-system trivial-build-system)
-    (arguments
-     `(#:modules ((guix build utils))
-       #:builder
-       (begin
-         (use-modules (guix build utils))
-         (let ((tar  (string-append (assoc-ref %build-inputs "tar")
-                                    "/bin/tar"))
-               (PATH (string-append (assoc-ref %build-inputs "gzip")
-                                    "/bin"))
-               (font-dir (string-append %output "/share/fonts/opentype")))
-           (setenv "PATH" PATH)
-           (mkdir-p font-dir)
-           (zero? (system* tar "-C" font-dir "--strip-components=2"
-                           "-xvf" (assoc-ref %build-inputs "source")
-                           (string-append "source-code-pro-"
-                                          ,version "/OTF")))))))
-    (native-inputs
-     `(("gzip" ,gzip)
-       ("tar" ,tar)))
+    (build-system font-build-system)
     (home-page "https://github.com/adobe-fonts/source-code-pro")
     (synopsis
      "Monospaced font family for user interface and coding environments")
@@ -974,23 +852,7 @@ designed to work well in user interface environments.")
               (sha256
                (base32
                 "1z65x0dw5dq6rs6p9wyfrir50rlh95vgzsxr8jcd40nqazw4jhpi"))))
-    (build-system trivial-build-system)
-    (arguments
-     `(#:modules ((guix build utils))
-       #:builder
-       (begin
-         (use-modules (guix build utils))
-         (let ((unzip (string-append (assoc-ref %build-inputs "unzip")
-                                     "/bin/unzip"))
-               (font-dir (string-append %output "/share/fonts/opentype")))
-           (mkdir-p font-dir)
-           (system* unzip
-                    "-j"
-                    (assoc-ref %build-inputs "source")
-                    "*.otf"
-                    "-d" font-dir)))))
-    (native-inputs
-     `(("unzip" ,unzip)))
+    (build-system font-build-system)
     (home-page "http://mozilla.github.io/Fira/")
     (synopsis "Mozilla's monospace font")
     (description "This is the typeface used by Mozilla in Firefox OS.")
diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm
index ef07f2d64b..a9a7e08da1 100644
--- a/gnu/packages/freedesktop.scm
+++ b/gnu/packages/freedesktop.scm
@@ -129,14 +129,14 @@ freedesktop.org project.")
 (define-public libinput
   (package
     (name "libinput")
-    (version "1.7.0")
+    (version "1.7.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://freedesktop.org/software/libinput/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1a58q60j3456d3qfhkkv319aq2hn4bpimcyhib4yks817pv719hj"))))
+                "07fbzxddvhjcch43hdxb24sj7ri96zzpcjalvsicmw0i4wnn2v89"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("cairo" ,cairo)
@@ -968,3 +968,35 @@ library to access fingerprint readers, over the D-Bus interprocess
 communication bus.  This daemon layer above libfprint solves problems related
 to applications simultaneously competing for fingerprint readers.")
     (license license:gpl2+)))
+
+(define-public desktop-file-utils
+  (package
+    (name "desktop-file-utils")
+    (version "0.23")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://www.freedesktop.org/software/" name
+                                  "/releases/" name "-" version ".tar.xz"))
+              (sha256
+               (base32
+                "119kj2w0rrxkhg4f9cf5waa55jz1hj8933vh47vcjipcplql02bc"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("glib" ,glib)))
+    (home-page "http://www.freedesktop.org/wiki/Software/desktop-file-utils/")
+    (synopsis "Utilities for working with desktop entries")
+    (description
+     "This package contains a few command line utilities for working with
+desktop entries:
+
+desktop-file-validate: validates a desktop file and prints warnings/errors
+                       about desktop entry specification violations.
+
+desktop-file-install: installs a desktop file to the applications directory,
+                      optionally munging it a bit in transit.
+
+update-desktop-database: updates the database containing a cache of MIME types
+                         handled by desktop files.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/game-development.scm b/gnu/packages/game-development.scm
index 5253d0c919..18ce2ae4a4 100644
--- a/gnu/packages/game-development.scm
+++ b/gnu/packages/game-development.scm
@@ -39,6 +39,7 @@
   #:use-module (gnu packages databases)
   #:use-module (gnu packages documentation)
   #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages freedesktop)
   #:use-module (gnu packages fribidi)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnunet)
@@ -295,7 +296,7 @@ support.")
 (define-public tiled
   (package
     (name "tiled")
-    (version "1.0.0")
+    (version "1.0.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/bjorn/tiled/archive/v"
@@ -303,7 +304,7 @@ support.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0g6ld9znydbdzy4x9h532gf1fg5bnz1mmrpvw4jg2a4lxkrz3rd5"))))
+                "1y75jmpcf2lv8s3g9v3ghnrwvs2fc4ni7nx74csaylg1g04cwlq7"))))
     (build-system gnu-build-system)
     (inputs
      `(("qtbase" ,qtbase)
diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index a76ab1ddc2..2c5294737f 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -1569,7 +1569,7 @@ is programmed in Haskell.")
 (define-public manaplus
   (package
     (name "manaplus")
-    (version "1.7.5.14")
+    (version "1.7.6.10")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1577,7 +1577,7 @@ is programmed in Haskell.")
                     version "/manaplus-" version ".tar.xz"))
               (sha256
                (base32
-                "1b5q79jkdrck5lq8lvhnpq2mly257r8lylp7b8sp8xn4365f86ch"))))
+                "0l7swvpzq20am4w2rsjpp6fsvbjv07il6wbfy45a7h9zsdihmqhl"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags
@@ -2238,14 +2238,14 @@ and a game metadata scraper.")
 (define openttd-engine
   (package
     (name "openttd-engine")
-    (version "1.7.0")
+    (version "1.7.1")
     (source
      (origin (method url-fetch)
              (uri (string-append "http://binaries.openttd.org/releases/"
                                  version "/openttd-" version "-source.tar.xz"))
              (sha256
               (base32
-               "1q4r5860dpkkw4fpfz3f8mvdd8xjpnwwzr9zybgmgb255bs0g4yz"))
+               "0dhv5bbbg1dmmq7fi3xss0a9jq2rqgb5sf9fsqzlsjcdm590j6b1"))
              (modules '((guix build utils)))
              (snippet
               ;; The DOS port contains proprietary software.
@@ -4049,7 +4049,8 @@ fish.  The whole game is accompanied by quiet, comforting music.")
                             version "-nodeps.tar.xz")))
        (sha256
         (base32
-         "0127dgldij2h4m7cf32yy9ndv4vcz03g4km71lmxrsi5mw7ljgpd"))))
+         "0127dgldij2h4m7cf32yy9ndv4vcz03g4km71lmxrsi5mw7ljgpd"))
+       (patches (search-patches "crawl-upgrade-saves.patch"))))
     (build-system gnu-build-system)
     (inputs
      `(("lua51" ,lua-5.1)
@@ -4101,6 +4102,9 @@ fabulous Orb of Zot.")
                    license:zlib
                    license:asl2.0))))
 
+;; The linter here claims that patch file names should start with the package
+;; name. But, in this case, the patches are inherited from crawl with the
+;; "crawl-" prefix instead of "crawl-tiles-".
 (define-public crawl-tiles
   (package
     (inherit crawl)
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index e277385aec..29b8dab7f8 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -24,6 +24,8 @@
 ;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;; Copyright © 2017 Hartmut Goebel <h.goebel@crazy-compilers.com>
+;;; Copyright © 2017 nee <nee-git@hidamari.blue>
+;;; Copyright © 2017 Chris Marusich <cmmarusich@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -65,6 +67,7 @@
   #:use-module (gnu packages databases)
   #:use-module (gnu packages djvu)
   #:use-module (gnu packages dns)
+  #:use-module (gnu packages documentation)
   #:use-module (gnu packages flex)
   #:use-module (gnu packages docbook)
   #:use-module (gnu packages enchant)
@@ -103,6 +106,7 @@
   #:use-module (gnu packages python)
   #:use-module (gnu packages rdesktop)
   #:use-module (gnu packages scanner)
+  #:use-module (gnu packages selinux)
   #:use-module (gnu packages ssh)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages gl)
@@ -735,38 +739,6 @@ Specification, the icon naming utility maps the icon names used by the
 GNOME and KDE desktops to the icon names proposed in the specification.")
     (license license:lgpl2.1+)))
 
-(define-public desktop-file-utils
-  (package
-    (name "desktop-file-utils")
-    (version "0.23")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "https://www.freedesktop.org/software/" name
-                                  "/releases/" name "-" version ".tar.xz"))
-              (sha256
-               (base32
-                "119kj2w0rrxkhg4f9cf5waa55jz1hj8933vh47vcjipcplql02bc"))))
-    (build-system gnu-build-system)
-    (native-inputs
-     `(("pkg-config" ,pkg-config)))
-    (inputs
-     `(("glib" ,glib)))
-    (home-page "http://www.freedesktop.org/wiki/Software/desktop-file-utils/")
-    (synopsis "Utilities for working with desktop entries")
-    (description
-     "This package contains a few command line utilities for working with
-desktop entries:
-
-desktop-file-validate: validates a desktop file and prints warnings/errors
-                       about desktop entry specification violations.
-
-desktop-file-install: installs a desktop file to the applications directory,
-                      optionally munging it a bit in transit.
-
-update-desktop-database: updates the database containing a cache of MIME types
-                         handled by desktop files.")
-    (license license:gpl2+)))
-
 (define-public gnome-icon-theme
   (package
     (name "gnome-icon-theme")
@@ -2449,6 +2421,37 @@ and the GLib main loop, to integrate well with GNOME applications.")
 and other secrets.  It communicates with the \"Secret Service\" using DBus.")
     (license license:lgpl2.1+)))
 
+(define-public five-or-more
+  (package
+    (name "five-or-more")
+    (version "3.22.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://gnome/sources/" name "/"
+                           (version-major+minor version) "/"
+                           name "-" version ".tar.xz"))
+       (sha256
+        (base32
+         "1b26afyjr26wqy5j008gzsi3hpblbmabh0192lx6414lml1qxkxs"))))
+    (build-system glib-or-gtk-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("desktop-file-utils" ,desktop-file-utils)
+       ("intltool" ,intltool)
+       ("itstool" ,itstool)
+       ("xmllint" ,libxml2)))
+    (inputs
+     `(("gtk+" ,gtk+)
+       ("librsvg" ,librsvg)))
+    (home-page "https://wiki.gnome.org/Apps/Five%20or%20more")
+    (synopsis "Logic puzzle game")
+    (description "Five or More is a game where you try to align
+ five or more objects of the same color and shape causing them to disappear.
+ On every turn more objects will appear, until the board is full.
+ Try to last as long as possible.")
+    (license license:gpl2+)))
+
 (define-public gnome-mines
   (package
     (name "gnome-mines")
@@ -2777,7 +2780,7 @@ service via the system message bus.")
 (define-public libgweather
   (package
     (name "libgweather")
-    (version "3.24.0")
+    (version "3.24.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -2785,7 +2788,7 @@ service via the system message bus.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0ggspn3wmlkdxpfv4ym68qn1mzqc3hv666sykv8sv1ah40rbk28h"))))
+                "0g35xfcw9vh3sfff42blk9ksrlmkrjmj46h3ad0sqgdn6xh329qj"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
@@ -3324,7 +3327,7 @@ as possible!")
 (define-public grilo
   (package
     (name "grilo")
-    (version "0.3.2")
+    (version "0.3.3")
     (source
      (origin
        (method url-fetch)
@@ -3333,7 +3336,7 @@ as possible!")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "0nvzr2gfk2mpzf99442zawv0n5yjcyy50rqkrvdsibknbm56hvzj"))))
+         "1qx072m0gl6m3d5g5cbbf13p4h217icmlxjnrn829x5xqwi451sw"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin")         ; for glib-mkenums and glib-genmarshal
@@ -3341,10 +3344,11 @@ as possible!")
        ("pkg-config" ,pkg-config)
        ("gobject-introspection" ,gobject-introspection)))
     (inputs
-     `(("glib" ,glib)
+     `(("cyrus-sasl" ,cyrus-sasl)
+       ("glib" ,glib)
        ("gtk+" ,gtk+)
        ("libxml2" ,libxml2)
-       ;; XXX TODO: Add oauth
+       ("liboauth" ,liboauth)
        ("libsoup" ,libsoup)
        ("nettle" ,nettle)
        ("totem-pl-parser" ,totem-pl-parser)))
@@ -4499,7 +4503,7 @@ window manager.")
 (define-public gnome-online-accounts
   (package
     (name "gnome-online-accounts")
-    (version "3.24.0")
+    (version "3.24.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4507,7 +4511,7 @@ window manager.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0yy10znqj278lnhdiqjcqxrwwv5c1jdjd0ncjbbdyh8n0q77hbwy"))))
+                "0lgniqmkr6ffdw3kcqd34lvp969j2q2qzcy30zkzl5c09r7anc0a"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin") ; for glib-compile-schemas, etc.
@@ -4662,7 +4666,7 @@ users.")
 (define-public network-manager
   (package
     (name "network-manager")
-    (version "1.6.2")
+    (version "1.8.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/NetworkManager/"
@@ -4670,7 +4674,7 @@ users.")
                                   "NetworkManager-" version ".tar.xz"))
               (sha256
                (base32
-                "1y96k82rav8if334jl500zc024d210c4pgprh94yqyz3rmanyaxj"))
+                "17pn7kzilyl0qk525gp9xnbz4x0ssrdmgk1lvw95pyfd6rm5qnps"))
               (snippet
               '(begin
                  (use-modules (guix build utils))
@@ -4751,8 +4755,11 @@ users.")
        ("python-dbus" ,python-dbus)
        ("python-pygobject" ,python-pygobject)))
     (inputs
-     `(("dbus-glib" ,dbus-glib)
+     `(("curl" ,curl)
+       ("cyrus-sasl" ,cyrus-sasl)
+       ("dbus-glib" ,dbus-glib)
        ("dnsmasq" ,dnsmasq)
+       ("eudev" ,eudev)
        ("gnutls" ,gnutls)
        ("iptables" ,iptables)
        ("isc-dhcp" ,isc-dhcp)
@@ -4803,7 +4810,7 @@ services.")
 (define-public network-manager-applet
   (package
     (name "network-manager-applet")
-    (version "1.4.2")
+    (version "1.8.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4811,12 +4818,9 @@ services.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "16a43sl9aijmvxbb08hbjqyjnlshj8dckycbgi9nm333fr47n6s3"))))
+                "09f9hjpn9nkhw57mk6pi7q1bq3lhf5hvmwas0fknscssak7yjmry"))))
     (build-system glib-or-gtk-build-system)
-    ;; TODO: WWAN support supposedly requires an update of glibmm which in turn
-    ;; requires an update of the its dependencies (glib and others).
-    (arguments '(#:configure-flags '("--disable-migration"
-                                     "--without-wwan")))
+    (arguments '(#:configure-flags '("--disable-migration")))
     (native-inputs
      `(("intltool" ,intltool)
        ("gobject-introspection" ,gobject-introspection)
@@ -4831,7 +4835,9 @@ services.")
        ("libgudev" ,libgudev)
        ("libnotify" ,libnotify)
        ("libsecret" ,libsecret)
-       ("jansson" ,jansson)))                     ;for team support
+       ("libselinux" ,libselinux)
+       ("jansson" ,jansson) ; for team support
+       ("modem-manager" ,modem-manager)))
     (synopsis "Applet for managing network connections")
     (home-page "http://www.gnome.org/projects/NetworkManager/")
     (description
@@ -5595,7 +5601,7 @@ Microsoft SkyDrive and Hotmail, using their REST protocols.")
 (define-public gnome-calendar
   (package
     (name "gnome-calendar")
-    (version "3.24.2")
+    (version "3.24.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -5603,7 +5609,7 @@ Microsoft SkyDrive and Hotmail, using their REST protocols.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0lc0xdgn0y12i87775xyy0p3a5l82w9k49cmwl1my8r8pwf9lp6s"))))
+                "1v7k1wcl5yg9bd4l0rz0z03h32d35zgfp4qzz21widjcyis41jry"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("intltool" ,intltool)
@@ -6218,7 +6224,7 @@ that support the Assistive Technology Service Provider Interface (AT-SPI).")
 (define-public gspell
   (package
     (name "gspell")
-    (version "1.3.2")
+    (version "1.4.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -6226,7 +6232,7 @@ that support the Assistive Technology Service Provider Interface (AT-SPI).")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1n4kd5i11l79h8bpvx3cz79ww0b4z89y99h4czvyg80qlarn585w"))
+                "1ghh1xdzf04mfgb13zqpj88krpa44xv2vbyhm6k017kzrpz8hbs4"))
               (patches (search-patches "gspell-dash-test.patch"))))
     (build-system glib-or-gtk-build-system)
     (arguments
@@ -6267,3 +6273,48 @@ that support the Assistive Technology Service Provider Interface (AT-SPI).")
 application.  It provides a GObject API, spell-checking to text entries and
 text views, and buttons to choose the language.")
     (license license:gpl2+)))
+
+(define-public gnome-planner
+  (package
+    (name "gnome-planner")
+    (version "0.14.6")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnome/sources/planner/"
+                                  (version-major+minor version) "/planner-"
+                                  version ".tar.xz"))
+              (sha256
+               (base32
+                "15h6ps58giy5r1g66sg1l4xzhjssl362mfny2x09khdqsvk2j38k"))))
+    (build-system glib-or-gtk-build-system)
+    (arguments
+     ;; Disable the Python bindings because the Planner program functions
+     ;; without them, and (as of 2017-06-13) we have not packaged all of
+     ;; packages that are necessary for building the Python bindings.
+     `(#:configure-flags (list "--disable-python")))
+    (inputs
+     `(("libgnomecanvas" ,libgnomecanvas)
+       ("libgnomeui" ,libgnomeui)
+       ("libglade" ,libglade)
+       ("gnome-vfs" ,gnome-vfs)
+       ("gconf" ,gconf)
+       ("libxml2" ,libxml2)
+       ("libxslt" ,libxslt)
+       ("gtk+" ,gtk+)
+       ("glib" ,glib)))
+    (native-inputs
+     `(("intltool" ,intltool)
+       ("scrollkeeper" ,scrollkeeper)
+       ("pkg-config" ,pkg-config)))
+    (home-page "https://wiki.gnome.org/Apps/Planner")
+    (synopsis "Project management software for the GNOME desktop")
+    (description
+     "GNOME Planner is a project management tool based on the Work Breakdown
+Structure (WBS).  Its goal is to enable you to easily plan projects.  Based on
+the resources, tasks, and constraints that you define, Planner generates
+various views into a project.  For example, Planner can show a Gantt chart of
+the project.  It can show a detailed summary of tasks including their
+duration, cost, and current progress.  It can also show a report of resource
+utilization that highlights under-utilized and over-utilized resources.  These
+views can be printed as PDF or PostScript files, or exported to HTML.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 44d6129897..56db405bc8 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -5,7 +5,7 @@
 ;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2016, 2017 ng0 <ng0@no-reply.pragmatique.xyz>
+;;; Copyright © 2016, 2017 ng0 <ng0@no-reply.infotropique.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -66,22 +66,14 @@
 (define-public libextractor
   (package
    (name "libextractor")
-   (version "1.3")
+   (version "1.4")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/libextractor/libextractor-"
                                 version ".tar.gz"))
             (sha256
              (base32
-              "0zvv7wd011npcx7yphw9bpgivyxz6mlp87a57n96nv85k96dd2l6"))
-            (patches (search-patches "libextractor-ffmpeg-3.patch"))
-            (modules '((guix build utils)))
-            (snippet
-             ;; Nowadays libmagic (from 'file') returns 'audio/ogg' and not
-             ;; 'application/ogg'.  Adjust accordingly.
-             '(substitute* "src/plugins/test_mime.c"
-                (("application/ogg")
-                 "audio/ogg")))))
+              "0v7ns5jhsyp1wzvbaydfgxnva5zd63gkzm9djhckmam9liq824l4"))))
    (build-system gnu-build-system)
    ;; WARNING: Checks require /dev/shm to be in the build chroot, especially
    ;; not to be a symbolic link to /run/shm.
@@ -184,14 +176,14 @@ and support for SSL3 and TLS.")
 (define-public gnurl
   (package
    (name "gnurl")
-   (version "7.54.0")
+   (version "7.54.1")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://gnunet.org/sites/default/files/"
                                 name "-" version ".tar.bz2"))
             (sha256
              (base32
-              "1ww346cdsxln6iq158a4wm38bmicg5wspd2c83gnqf1glx22hza0"))))
+              "0szbj352h95sgc9kbx9wzkgjksmg3g5k6cvlc7hz3wrbdh5gb0a4"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"))                             ; 1.5 MiB of man3 pages
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 8d03f0e00d..6809a696a0 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -250,7 +250,7 @@ in C/C++.")
 (define-public nspr
   (package
     (name "nspr")
-    (version "4.14")
+    (version "4.15")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -258,7 +258,7 @@ in C/C++.")
                    version "/src/nspr-" version ".tar.gz"))
              (sha256
               (base32
-               "1m8p9l3prabhfxz6zs889fl7gmcka72a62i46a8klh2pca11iz34"))))
+               "101dksqm1z0hzd7ap82ccbxjr48s6q3xhshdl81qkj6hqdmy1p97"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("perl" ,perl)))
@@ -282,7 +282,7 @@ in the Mozilla clients.")
 (define-public nss
   (package
     (name "nss")
-    (version "3.30.2")
+    (version "3.31")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -293,10 +293,9 @@ in the Mozilla clients.")
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "096frzvyp3z257x84rxknscfgsbavzh2a0gyibx7kvmw4vzpfjhd"))
+                "0pd643a8ns7q5az5ai3ascrw666i2kbfiyy1c9hlhw9jd8jn21g9"))
               ;; Create nss.pc and nss-config.
               (patches (search-patches "nss-pkgconfig.patch"
-                                       "nss-disable-long-b64-tests.patch"
                                        "nss-increase-test-timeout.patch"))))
     (build-system gnu-build-system)
     (outputs '("out" "bin"))
@@ -329,16 +328,6 @@ in the Mozilla clients.")
                   `((setenv "USE_64" "1")))
                  (_
                   '()))
-             ;; The timeout values in "increase-test-timeouts" are still
-             ;; too low, so apply this workaround on armhf for now to avoid
-             ;; rebuilding on all platforms. This should be incorporated in
-             ;; the patch for the next update.
-             ;; https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00472.html
-             ,@(if (string-prefix? "armhf" (or (%current-target-system)
-                                               (%current-system)))
-                   `((substitute* "nss/gtests/ssl_gtest/tls_connect.cc"
-                       (("25000\\);") "300000);")))
-                   '())
              #t))
          (replace 'check
            (lambda _
@@ -427,35 +416,35 @@ standards.")
         (mozilla-patch "icecat-bug-1342366.patch"        "fb43f6690a26" "1vnkjpq2bcqwzmjkgyqv8wj0ndrrsyix3qy1rsb5is6pjmi9sbaa")
         (mozilla-patch "icecat-bug-1343818.patch"        "90f870bbec29" "0mbki955f71n4yr9p0yc7kh5jwq7vs4bs4rhaazdncirbr564hm6")
         (mozilla-patch "icecat-bug-1348454.patch"        "c1cd8a02669f" "1wf0107763rw45kxkak7478vlax06ay7076cbm7ysxl7vijbr52w")
-        (mozilla-patch "icecat-bug-1297111.patch"        "2553531f83b9" "0ibf59pa8czdyhc25sas6zhh2gf1k8vr8fklis2b1ms3n1qnzrha")
+        (mozilla-patch "icecat-CVE-2017-5470-pt01.patch" "2553531f83b9" "0ibf59pa8czdyhc25sas6zhh2gf1k8vr8fklis2b1ms3n1qnzrha")
         (mozilla-patch "icecat-bug-1355873.patch"        "9ee455ddcd68" "0d38hi4556635g9ag805vfyffdgfsp4a8v3d9ldffdp99ypv2ixj")
-        (mozilla-patch "icecat-bug-1348424-pt1.patch"    "6472c7006a73" "1fgydas23fzj49n4g43133bgjn98b2h38bii4knl7z7pm3fs2wws")
-        (mozilla-patch "icecat-bug-1348424-pt2.patch"    "0d5a26b29816" "03mkghl9i83jk1axr8bvw8la6shbggkabf23if8a9vi5jdv8182x")
+        (mozilla-patch "icecat-CVE-2017-5470-pt02.patch" "6472c7006a73" "1fgydas23fzj49n4g43133bgjn98b2h38bii4knl7z7pm3fs2wws")
+        (mozilla-patch "icecat-CVE-2017-5470-pt03.patch" "0d5a26b29816" "03mkghl9i83jk1axr8bvw8la6shbggkabf23if8a9vi5jdv8182x")
         (mozilla-patch "icecat-bug-1357092.patch"        "e78c943af07f" "0r830k6hja8z9rjk2nqjg8zfzr0wjcnic8rddh7jmc1inr1w3crm")
-        (mozilla-patch "icecat-bug-1352093.patch"        "d7c06f2d0d13" "1ahyns5v37w91bilvb3pa8kkdzkkn3fcxmi49jr5bycjlawljrm4")
-        (mozilla-patch "icecat-bug-1349595.patch"        "9071c7d4cc9c" "12128sf8s3zwv2w16kfl5jry9d6ky7hvps2006184rg23p32aj6n")
+        (mozilla-patch "icecat-CVE-2017-5470-pt04.patch" "d7c06f2d0d13" "1ahyns5v37w91bilvb3pa8kkdzkkn3fcxmi49jr5bycjlawljrm4")
+        (mozilla-patch "icecat-CVE-2017-5470-pt05.patch" "9071c7d4cc9c" "12128sf8s3zwv2w16kfl5jry9d6ky7hvps2006184rg23p32aj6n")
         (mozilla-patch "icecat-bug-1336979.patch"        "8bbc7b586d68" "0c13imyp1nq18in3yb1zcyi41b69svh4fn8msyj0c2lhbf8qnqcw")
-        (mozilla-patch "icecat-bug-1352556.patch"        "6d80ca63ff8b" "0s893fn6v0p323lcnl4cbkg1zd7gs1p0bw76ki6cmiapkn63gs13")
-        (mozilla-patch "icecat-bug-1359547.patch"        "43d7b98d8743" "1dhgy1jkvn3c4k27hbv8p16w7l09b8hd4w9zzpk8dpn4h78ncs3h")
+        (mozilla-patch "icecat-CVE-2017-5470-pt06.patch" "6d80ca63ff8b" "0s893fn6v0p323lcnl4cbkg1zd7gs1p0bw76ki6cmiapkn63gs13")
+        (mozilla-patch "icecat-CVE-2017-7752.patch"      "43d7b98d8743" "1dhgy1jkvn3c4k27hbv8p16w7l09b8hd4w9zzpk8dpn4h78ncs3h")
         (mozilla-patch "icecat-CVE-2017-5031.patch"      "bd4fcdee9a06" "0xz1r342023a0bsllhjbzn6v75lpqznwacqyikb7q8i4hxkxh78a")
         (mozilla-patch "icecat-bug-1346499.patch"        "747fd6c81983" "00iscyn4wr69205ppiaghlnd32845f5lcsl303v0fcdd4d1v04vc")
         (mozilla-patch "icecat-bug-1334443-pt1.patch"    "16201e8478df" "1k91xaai25vn1svkaldnsd2s8br3fgvnk5l54k3n3lk3m5vj55hv")
         (mozilla-patch "icecat-bug-1334443-pt2.patch"    "f100e5cf3bcb" "1cgbbbnkrd3ydfw99rhnpqdp5zq65537mg8sa1s9ajxkjjd1dkwj")
         (mozilla-patch "icecat-bug-1354810.patch"        "e579ef6e8d11" "0cmrh8dl85lzjxpbni08xbs8qq15sljnpg70a7rsl0jdbgih3mdx")
         (mozilla-patch "icecat-bug-1356755.patch"        "4a3fce67b52d" "126i9nwxsb3sjwb7dvhafacq86glnhx7r7jjv0h9v21s1w0kx4wj")
-        (mozilla-patch "icecat-bug-1273265.patch"        "7902fea300b8" "1jkrl8hdycsi17dd1m1vvl6gm1skhpf10q2m29zwfr8l40fd6a3q")
+        (mozilla-patch "icecat-CVE-2017-7765.patch"      "7902fea300b8" "1jkrl8hdycsi17dd1m1vvl6gm1skhpf10q2m29zwfr8l40fd6a3q")
         (mozilla-patch "icecat-bug-1353204.patch"        "b5a21502aeff" "13rbrhvr37w95av9d4hkgi913nq0j6k2iijydylvprcn18cwibp0")
         (mozilla-patch "icecat-bug-1028195.patch"        "69a5ca2bf867" "0q8cgi6837ikpg7gsvywmzhq0i102845apcbrd6mw0205qqsnw5c")
         (mozilla-patch "icecat-bug-1347835.patch"        "bc635f45af37" "1fny422l6yc80901x6swybr8nk0in1wxfgy97ky4bdkcqlnmzpqv")
         (mozilla-patch "icecat-bug-1241066.patch"        "b922ca70cce5" "09hcf9rm7ng3vj5y267w0c9h6pqinnz8gjlkwx1337xh43mdvqjv")
-        (mozilla-patch "icecat-bug-1346012.patch"        "1ce6d0652921" "163ji64a86h682frh1jq016w1mjf8g24r8cni0irsdmiihis7zxc")
+        (mozilla-patch "icecat-CVE-2017-5470-pt07.patch" "1ce6d0652921" "163ji64a86h682frh1jq016w1mjf8g24r8cni0irsdmiihis7zxc")
         (mozilla-patch "icecat-bug-1324140.patch"        "8886f9cd5dd3" "0byabs9md8r3pc4r67sv2759427n1za0gfayln40nx47n2p52kmg")
-        (mozilla-patch "icecat-bug-1342552.patch"        "ad995e90916b" "02nq9sg675p26z99nr2pykbz51hi2phf0gmrb1bjpq9pjbll7gsa")
-        (mozilla-patch "icecat-bug-1355039.patch"        "4ae71415fecf" "0yfkkdkkimad9a3w734xx85lb7hrl870c8k8an7w78fq3vl3fjnd")
-        (mozilla-patch "icecat-bug-1363396.patch"        "24cbb7f2e0ff" "006f0zhz5nxs72q9plwzhq4l79b47svzizvv510m5g2krsfrccza")
-        (mozilla-patch "icecat-bug-1356558.patch"        "89c7fb6c5be3" "19650nmc4vn1prbpn5h06kz9d1al279xkc23v39577h4zhdrknkj")
+        (mozilla-patch "icecat-CVE-2017-5470-pt08.patch" "ad995e90916b" "02nq9sg675p26z99nr2pykbz51hi2phf0gmrb1bjpq9pjbll7gsa")
+        (mozilla-patch "icecat-CVE-2017-7749.patch"      "4ae71415fecf" "0yfkkdkkimad9a3w734xx85lb7hrl870c8k8an7w78fq3vl3fjnd")
+        (mozilla-patch "icecat-CVE-2017-7751.patch"      "24cbb7f2e0ff" "006f0zhz5nxs72q9plwzhq4l79b47svzizvv510m5g2krsfrccza")
+        (mozilla-patch "icecat-CVE-2017-7750.patch"      "89c7fb6c5be3" "19650nmc4vn1prbpn5h06kz9d1al279xkc23v39577h4zhdrknkj")
         (mozilla-patch "icecat-bug-1337810.patch"        "0f6dd3564c76" "1sxajqh6r7fjs45xhvjwg94smpvyvplh3rdvq11d3q5m9v4kg7mz")
-        (mozilla-patch "icecat-bug-1347748.patch"        "145905da25d3" "0c2q9f000snpm9x0qda2y0awrsm313iwxbv0kh33ca0kpza49a76")
+        (mozilla-patch "icecat-CVE-2017-5470-pt09.patch" "145905da25d3" "0c2q9f000snpm9x0qda2y0awrsm313iwxbv0kh33ca0kpza49a76")
         (mozilla-patch "icecat-bug-1345355.patch"        "c5012009a0b2" "0m772bgrwb8iwv2bdgx694ybg5wgbf58xg5v245x0p7gwhgwiwmr")
         (mozilla-patch "icecat-bug-1351340.patch"        "047f19a1b9a0" "0qjnhybibs3cpcba3ga4g7d4c0w716xa9jf87y2ir8yz7dw1f9vl")
         (mozilla-patch "icecat-bug-1056322.patch"        "f076a30f6c29" "0xgskjl6zmxi3v4l0f3wlas0qb2403fin5lv1hi3jf2142ihpaml")
@@ -480,32 +469,44 @@ standards.")
         (mozilla-patch "icecat-bug-1360574-pt1.patch"    "237eee780619" "1iw6z762zdc42kwjvv58a2cjc0s4kzwwy7838apl7y7cq85g0jg2")
         (mozilla-patch "icecat-bug-1360574-pt2.patch"    "46a5a4aac189" "1i553f9qvav0fn5avbp8912995pqbhzbzamxxfz8gn2ik17y3xly")
         (mozilla-patch "icecat-bug-1358776.patch"        "bd35fa23f79a" "12nicgwhcn63knmlcl0c2askn9sj35bfclaab3826pkd9yq5g4p5")
-        (mozilla-patch "icecat-bug-1362590.patch"        "c1314a709b41" "0klgrcyc20fig6rbm9znjpcnfsz6xnlp1v03fbvaww0riy2qm42k")
+        (mozilla-patch "icecat-CVE-2017-5470-pt10.patch" "c1314a709b41" "0klgrcyc20fig6rbm9znjpcnfsz6xnlp1v03fbvaww0riy2qm42k")
         (mozilla-patch "icecat-bug-1359859.patch"        "e38948fb79d6" "1sfyc5s9ndv6q72k8n9x0rvj4sz40k51iljrs42gwykzkjm2fx5m")
         (mozilla-patch "icecat-bug-1342057.patch"        "278bef1d7a64" "0zk18s9pnbwz9ankmc9mj4197s55j1jvax04ansqymmmc3a5ciif")
-        (mozilla-patch "icecat-bug-1325513.patch"        "218e0963406f" "0wqms5nany4sx2g4p01lbam7la2dyazz87dhv5hcsf8ifxrfww11")
+        (mozilla-patch "icecat-CVE-2017-5470-pt11.patch" "218e0963406f" "0wqms5nany4sx2g4p01lbam7la2dyazz87dhv5hcsf8ifxrfww11")
         (mozilla-patch "icecat-bug-1304566.patch"        "188e39630fcd" "1bfxfgj5ywx4bcf91kwyrjh5ppiv59gadx4445achyabdi639l8d")
         (mozilla-patch "icecat-bug-1356601.patch"        "8191e403fedf" "1k4zmq0923f5dc3dwbz1q0bkcbm90ldwkczym366hgwadb2305nd")
         (mozilla-patch "icecat-bug-1334097.patch"        "fe2a2c7e88cb" "1rppaivaddigwk65krn8m9f9mcdkiiv28ws9n9zj62n0rc1shyvc")
         (mozilla-patch "icecat-bug-1359051.patch"        "8d7dbe5c6587" "14zh74bbld4s0jy0a48fi9acxkc236mh9wjid3vrf72yj6bi5xnp")
         (mozilla-patch "icecat-bug-1359697.patch"        "ca2b5274549f" "1ns7v70i1hfkxqnjhf9fp0lk9095hdcllg94j3dl1nfaif4w6vbf")
         (mozilla-patch "icecat-bug-1343256.patch"        "a30dd7dd6617" "1k078176fp8vz871wirjz9d3yx9l2lfl8p75c4905n3j3zv2297q")
-        (mozilla-patch "icecat-bug-1349310.patch"        "81b3ce7d37b3" "0ad0wqczy4kpggj6m3b8bzxi6ax340mik1mfawhkq89a1h2sfpxv")
+        (mozilla-patch "icecat-CVE-2017-7778.patch"      "81b3ce7d37b3" "0ad0wqczy4kpggj6m3b8bzxi6ax340mik1mfawhkq89a1h2sfpxv")
         (mozilla-patch "icecat-bug-1356179.patch"        "66d8893f37f0" "0izl31lagvdv4qpb9gkjxvgpmxzw50x5bviap4l7bbnb56cv7d8p")
-        (mozilla-patch "icecat-bug-1365602.patch"        "aad883966edd" "058axnrwrbvy2h9r9pb766lyky45hb92rap142sbp17yz0sxfmww")
+        (mozilla-patch "icecat-CVE-2017-5472.patch"      "aad883966edd" "058axnrwrbvy2h9r9pb766lyky45hb92rap142sbp17yz0sxfmww")
         (mozilla-patch "icecat-bug-1355520.patch"        "7ca2d8839f7a" "1xbmpvr2x720x9ghd5wgbg6lknbnhcyqmkkfamdf97mqcyizyr21")
         (mozilla-patch "icecat-bug-1358469.patch"        "4d432638c0f9" "0qpjmwik3dryjwmgfwmkqk0rs9rb2lafb2k9fc3pkjnrq5y0l9xg")
-        (mozilla-patch "icecat-bug-1356025.patch"        "f5967db0a0f3" "045wbvkm21kbm314dd6lbq2disiaf26kmsxi6brf442fd0028gwq")
+        (mozilla-patch "icecat-CVE-2017-5470-pt12.patch" "f5967db0a0f3" "045wbvkm21kbm314dd6lbq2disiaf26kmsxi6brf442fd0028gwq")
         (mozilla-patch "icecat-bug-1345910.patch"        "ec6b6720e54e" "0lm15jl46mdlsds6947jsiyvhf9agb8hcdrqj2svc3kn9kzvyr2n")
-        (mozilla-patch "icecat-bug-1359639.patch"        "a4f8d8a12afa" "0d7sjc21af074rvgvijj42gmpjvcb1v1zlpgb3s7ky7w6wjr35vx")
-        (mozilla-patch "icecat-bug-1357090.patch"        "d07f24a72ce4" "1qbwska76b2zslb95wnx9v04znb6k9fqylr4ajyfqpwk1sr363hg")
-        (mozilla-patch "icecat-bug-1364283.patch"        "a6caa7628e36" "1yv5f4h8js9bry9krcx130w6ic8rdmmq4fap6va24kfx8qflg70h")
+        (mozilla-patch "icecat-CVE-2017-5470-pt13.patch" "a4f8d8a12afa" "0d7sjc21af074rvgvijj42gmpjvcb1v1zlpgb3s7ky7w6wjr35vx")
+        (mozilla-patch "icecat-CVE-2017-7754.patch"      "d07f24a72ce4" "1qbwska76b2zslb95wnx9v04znb6k9fqylr4ajyfqpwk1sr363hg")
+        (mozilla-patch "icecat-CVE-2017-7764.patch"      "a6caa7628e36" "1yv5f4h8js9bry9krcx130w6ic8rdmmq4fap6va24kfx8qflg70h")
         (mozilla-patch "icecat-bug-1237868.patch"        "41138235d4ea" "0mcj4x2kmagwf5hp8xhczf04sxm995pk1zarc9yffk84z7fcrxkj")
         (mozilla-patch "icecat-bug-1331335.patch"        "b724283e3b31" "1xbb1vcdzfpcmrmxm8ihwzslh2vz15k0k601nvyhh6vgx270h1wn")
         (mozilla-patch "icecat-bug-1367267.patch"        "4c2f4d8b693e" "1hrndhfnz0vnjnspwh5mbvgl2j8d1cs62awp04wx2w6z4l4wrmbv")
-        (mozilla-patch "icecat-bug-1366595.patch"        "cce3fd607206" "1z97jw8jpfyx61jxf0j8nsplnna2c5bwihwnl9cvlc2cspp3kgp5")
-        (mozilla-patch "icecat-bug-1349266.patch"        "dc4e3c64d781" "1zd666k4qpdamly3av09k602pmirjcs9l6la6ba0qq9w9vfan3g5")
-        (mozilla-patch "icecat-bug-1366140.patch"        "379c348250e8" "0kvsyhi9j3bjx14ffr13dslqp8ghcgrz6ds2fikdkrrrk4syskd5")))
+        (mozilla-patch "icecat-CVE-2017-7756.patch"      "cce3fd607206" "1z97jw8jpfyx61jxf0j8nsplnna2c5bwihwnl9cvlc2cspp3kgp5")
+        (mozilla-patch "icecat-CVE-2017-5470-pt14.patch" "dc4e3c64d781" "1zd666k4qpdamly3av09k602pmirjcs9l6la6ba0qq9w9vfan3g5")
+        (mozilla-patch "icecat-CVE-2017-5470-pt15.patch" "379c348250e8" "0kvsyhi9j3bjx14ffr13dslqp8ghcgrz6ds2fikdkrrrk4syskd5")
+        (mozilla-patch "icecat-bug-1349531.patch"        "70cd711c6ae8" "07hlby5xdvqy6jdqxydv5pwap8hhsycb19fgw5fan2xf9dhrfpb8")
+        (mozilla-patch "icecat-CVE-2017-5470-pt16.patch" "6e644bc1a57f" "1xp8b74wijfz198q4hdybldnwh3hh0vh33dc5s7489abmz4s5zjg")
+        (mozilla-patch "icecat-CVE-2017-7758.patch"      "279bffa85beb" "0shf77l9id6s8cs8xbc0ii0ccd7n09jv20410kkqqz11m296dcjr")
+        (mozilla-patch "icecat-CVE-2017-7757.patch"      "0abcbc6ef8f3" "045arb1b83a3yv358naznl15bnr4wgxxayv8d5gcxarcbrrvm5q4")
+        (mozilla-patch "icecat-CVE-2017-5470-pt17.patch" "e0261afd69b9" "0a19b24iq57430kpbsdvka9vyg6kwhnnqis1xsd6wh8gz0bw5l79")
+        (mozilla-patch "icecat-CVE-2017-5470-pt18.patch" "4ec931d4bf29" "0bq0hq41xhy9aqjra5m0flmpilinlkb088r6w1kly561ckjl1f9f")
+        (mozilla-patch "icecat-bug-1339826-pt1.patch"    "9c29579fffe2" "0yfc764qrynh441wwim18cr6k0sazgrm77frcdnyks0hzf0y44d1")
+        (mozilla-patch "icecat-bug-1339826-pt2.patch"    "be946ea1a75a" "0pw0y1sdckn5brm39sdg47hbda5432aw32c3xq26ism23im85191")
+        (mozilla-patch "icecat-bug-1339826-pt2.patch"    "44b2fe592a90" "1v8mz3b40dp6l5qrgha4yibmrnx80pxsvdll6ky1k937yhbzjk4a")
+        (mozilla-patch "icecat-CVE-2017-5470-pt19.patch" "f68e0d98a22a" "063z4a7gyhzy85fc2j2yr7kmk2zf7v875hjw4485civazydysw4j")
+        (mozilla-patch "icecat-bug-1353625.patch"        "c41f37d913e2" "1s997c1hj4ywnlfbhvi1y96vd6bxl74wcrb0nly611h51h8xnyxm")
+        (mozilla-patch "icecat-CVE-2017-5470-pt20.patch" "38273203b827" "12p9r4spdp09d6ic9sqspvdr50lmc1p86ydz2fxdifb1f95njhx0")))
       (modules '((guix build utils)))
       (snippet
        '(begin
diff --git a/gnu/packages/haskell.scm b/gnu/packages/haskell.scm
index 0bafdf6f61..9d03e5600f 100644
--- a/gnu/packages/haskell.scm
+++ b/gnu/packages/haskell.scm
@@ -4109,7 +4109,7 @@ available in later versions of base to a wider (older) range of compilers.")
 (define-public ghc-auto-update
   (package
     (name "ghc-auto-update")
-    (version "0.1.2.2")
+    (version "0.1.4")
     (source
      (origin
        (method url-fetch)
@@ -4119,7 +4119,7 @@ available in later versions of base to a wider (older) range of compilers.")
              ".tar.gz"))
        (sha256
         (base32
-         "1ns4c5mqhnm7hsiqxf1ivjs5fflyq92b16ldzrcl0p85631h0c3v"))))
+         "09dlh2alsx2mw5kvj931yhbj0aw7jmly2cm9xbscm2sf098w35jy"))))
     (build-system haskell-build-system)
     (home-page "https://github.com/yesodweb/wai")
     (synopsis "Efficiently run periodic, on-demand actions")
@@ -5085,7 +5085,7 @@ essentially the opposite of pretty-printing.")
 (define-public ghc-wai
   (package
     (name "ghc-wai")
-    (version "3.0.4.0")
+    (version "3.2.1.1")
     (source
      (origin
        (method url-fetch)
@@ -5095,7 +5095,7 @@ essentially the opposite of pretty-printing.")
              ".tar.gz"))
        (sha256
         (base32
-         "1551n0g0n22vml33v0jz5xgjcy6j79algvsdqg11a1z5ljjrjlqf"))))
+         "08afasnirja21vr0bmzcywz4w29x736dmdv7h8nnh1l8bn7sd02x"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-bytestring-builder" ,ghc-bytestring-builder)
@@ -5153,7 +5153,7 @@ communication between web applications and web servers.")
 (define-public ghc-wai-extra
   (package
     (name "ghc-wai-extra")
-    (version "3.0.11.1")
+    (version "3.0.13.1")
     (source
      (origin
        (method url-fetch)
@@ -5163,7 +5163,7 @@ communication between web applications and web servers.")
              ".tar.gz"))
        (sha256
         (base32
-         "1kr2s5qyx1dvnwr372h7pca4sgxjv0pdx96xkgsfi180h3mb0vq8"))))
+         "0mh761a1bayr4ydwqmh3h8ndpi19zqw34mmy49lp2abr70r0nm1p"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-ansi-terminal" ,ghc-ansi-terminal)
@@ -5890,7 +5890,7 @@ described in @url{http://www.lua.org/}.")
 (define-public ghc-http-client
   (package
     (name "ghc-http-client")
-    (version "0.4.24")
+    (version "0.5.6.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://hackage.haskell.org/package/"
@@ -5898,7 +5898,7 @@ described in @url{http://www.lua.org/}.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0xz133kdfiyy2rm6z95bmvjj6y2540xzd86cfmdv9s6kz4p1ir4k"))))
+                "1v9bdb8dkhb5g6jl9azk86ig7ia8xh9arr64n7s8r94fp0vl6c1c"))))
     (build-system haskell-build-system)
     ;; Tests require access to the web.
     (arguments `(#:tests? #f))
@@ -6371,7 +6371,7 @@ the choice of SSL/TLS, and SOCKS.")
 (define-public ghc-http-client-tls
   (package
     (name "ghc-http-client-tls")
-    (version "0.2.2")
+    (version "0.3.4.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://hackage.haskell.org/package/"
@@ -6379,7 +6379,7 @@ the choice of SSL/TLS, and SOCKS.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0a01r05h5fxswyn6k6cgqgak4scqjan72hyy5wbdqzzhl4rmh7j5"))))
+                "1mbwdfn4hs8lcwml2l6xv4n068l9zlasyv6vwb2ylgm030pyv3xh"))))
     (build-system haskell-build-system)
     ;; Tests require Internet access
     (arguments `(#:tests? #f))
@@ -8295,4 +8295,375 @@ advanced user's otherwise working script to fail under future circumstances.
 @end enumerate")
     (license license:gpl3+)))
 
+(define-public ghc-wai-conduit
+  (package
+    (name "ghc-wai-conduit")
+    (version "3.0.0.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "wai-conduit-" version "/"
+                           "wai-conduit-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1zvsiwjq2mvkb9sjgp3ly9m968m7a2jjzr4id6jpi3mmqykj15z4"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-conduit" ,ghc-conduit)
+       ("ghc-http-types" ,ghc-http-types)
+       ("ghc-wai" ,ghc-wai)
+       ("ghc-blaze-builder" ,ghc-blaze-builder)))
+    (home-page "https://github.com/yesodweb/wai")
+    (synopsis "Conduit wrappers for Haskell's WAI")
+    (description "This package provides data streaming abstraction for
+Haskell's Web Application Interface (WAI).")
+    (license license:expat)))
+
+(define-public ghc-http-date
+  (package
+    (name "ghc-http-date")
+    (version "0.0.6.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "http-date-" version "/"
+                           "http-date-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0dknh28kyarnzqrsc80ssalxjrq0qbv7ir49247p2grb7rh0dqgj"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-attoparsec" ,ghc-attoparsec)))
+    (native-inputs
+     `(("ghc-doctest" ,ghc-doctest)
+       ("ghc-hspec" ,ghc-hspec)
+       ("hspec-discover" ,hspec-discover)
+       ("ghc-old-locale" ,ghc-old-locale)))
+    (home-page "https://github.com/kazu-yamamoto/http-date")
+    (synopsis "HTTP Date parser/formatter")
+    (description "Library for Parsing and formatting HTTP
+Date in Haskell.")
+    (license license:bsd-3)))
+
+(define-public ghc-simple-sendfile
+  (package
+    (name "ghc-simple-sendfile")
+    (version "0.2.25")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "simple-sendfile-" version "/"
+                           "simple-sendfile-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0k99j9xfcf83c55jmn202hdinhjaa4yn3dal4rvjk2w2rlhqirha"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-conduit" ,ghc-conduit)
+       ("ghc-conduit-extra" ,ghc-conduit-extra)
+       ("ghc-network" ,ghc-network)
+       ("ghc-resourcet" ,ghc-resourcet)))
+    (native-inputs
+     `(("ghc-hspec" ,ghc-hspec)
+       ("hspec-discover" ,hspec-discover)))
+    (home-page "https://github.com/kazu-yamamoto/simple-sendfile")
+    (synopsis "Cross platform library for the sendfile system call")
+    (description "This library tries to call minimum system calls which
+are the bottleneck of web servers.")
+    (license license:bsd-3)))
+
+(define-public ghc-hex
+  (package
+    (name "ghc-hex")
+    (version "0.1.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "hex-" version "/"
+                           "hex-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1v31xiaivrrn0q2jz8919wvkjplv1kxna5ajhsj701fqxm1i5vhj"))))
+    (build-system haskell-build-system)
+    (home-page "http://hackage.haskell.org/package/hex")
+    (synopsis "Convert strings into hexadecimal and back")
+    (description "This package provides conversion functions between
+bytestrings and their hexademical representation.")
+    (license license:bsd-3)))
+
+(define-public ghc-psqueues
+  (package
+    (name "ghc-psqueues")
+    (version "0.2.2.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "psqueues-" version "/"
+                           "psqueues-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1dd6xv1wjxj1xinx155b14hijw8fafrg4096srzdzj7xyqq7qxbd"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-hashable" ,ghc-hashable)))
+    (native-inputs
+     `(("ghc-hunit" ,ghc-hunit)
+       ("ghc-quickcheck" ,ghc-quickcheck)
+       ("ghc-tagged" ,ghc-tagged)
+       ("ghc-test-framework" ,ghc-test-framework)
+       ("ghc-test-framework-hunit" ,ghc-test-framework-hunit)
+       ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2)))
+    (home-page "https://github.com/bttr/psqueues")
+    (synopsis "Pure priority search queues")
+    (description "The psqueues package provides
+@uref{http://en.wikipedia.org/wiki/Priority_queue, Priority Search Queues} in
+three different flavors:
+
+@itemize
+@item @code{OrdPSQ k p v}, which uses the @code{Ord k} instance to provide
+fast insertion, deletion and lookup.  This implementation is based on Ralf
+Hinze's @uref{http://citeseer.ist.psu.edu/hinze01simple.html, A Simple
+Implementation Technique for Priority Search Queues}.
+
+Hence, it is similar to the @uref{http://hackage.haskell.org/package/PSQueue,
+PSQueue} library, although it is considerably faster and provides a slightly
+different API.
+
+@item @code{IntPSQ p v} is a far more efficient implementation.  It fixes the
+key type to @code{Int} and uses a
+@code{http://en.wikipedia.org/wiki/Radix_tree, radix tree}
+(like @code{IntMap}) with an additional min-heap property.
+
+@item @code{HashPSQ k p v} is a fairly straightforward extension
+of @code{IntPSQ}: it simply uses the keys' hashes as indices in the
+@code{IntPSQ}.  If there are any hash collisions, it uses an
+@code{OrdPSQ} to resolve those.  The performance of this implementation
+is comparable to that of @code{IntPSQ}, but it is more widely
+applicable since the keys are not restricted to @code{Int},
+but rather to any @code{Hashable} datatype.
+@end itemize
+
+Each of the three implementations provides the same API, so they can
+be used interchangeably.
+
+Typical applications of Priority Search Queues include:
+
+@itemize
+@item Caches, and more specifically LRU Caches;
+@item Schedulers;
+@item Pathfinding algorithms, such as Dijkstra's and A*.
+@end itemize")
+    (license license:bsd-3)))
+
+(define-public ghc-glob
+  (package
+    (name "ghc-glob")
+    (version "0.7.14")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "Glob-" version "/"
+                           "Glob-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0aw43izg8vlvjl40ms6k92w7gxg7n3l6smdvzla47fp82s4vhdr8"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-dlist" ,ghc-dlist)
+       ("ghc-semigroups" ,ghc-semigroups)
+       ("ghc-transformers-compat" ,ghc-transformers-compat)))
+    (native-inputs
+     `(("ghc-hunit" ,ghc-hunit)
+       ("ghc-quickcheck" ,ghc-quickcheck)
+       ("ghc-test-framework" ,ghc-test-framework)
+       ("ghc-test-framework-hunit" ,ghc-test-framework-hunit)
+       ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2)))
+    (home-page "http://iki.fi/matti.niemenmaa/glob/")
+    (synopsis "Haskell library matching glob patterns against file paths")
+    (description "This package providesa Haskell library for globbing:
+matching patterns against file paths.")
+    (license license:bsd-3)))
+
+(define-public ghc-http2
+  (package
+    (name "ghc-http2")
+    (version "1.6.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "http2-" version "/"
+                           "http2-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0hww0rfsv6lqx62qzycbcqy5q6rh9k09qkyjkdm5m1sp1z50wqk1"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-bytestring-builder" ,ghc-bytestring-builder)
+       ("ghc-case-insensitive" ,ghc-case-insensitive)
+       ("ghc-aeson" ,ghc-aeson)
+       ("ghc-aeson-pretty" ,ghc-aeson-pretty)
+       ("ghc-hex" ,ghc-hex)
+       ("ghc-unordered-containers" ,ghc-unordered-containers)
+       ("ghc-vector" ,ghc-vector)
+       ("ghc-word8" ,ghc-word8)
+       ("ghc-psqueues" ,ghc-psqueues)
+       ("ghc-stm" ,ghc-stm)))
+       (native-inputs
+        `(("ghc-glob" ,ghc-glob)
+         ("ghc-hspec" ,ghc-hspec)
+         ("ghc-doctest" ,ghc-doctest)
+         ("hspec-discover" ,hspec-discover)))
+    (home-page "https://github.com/kazu-yamamoto/http2")
+    (synopsis "HTTP/2 library including frames, priority queues and HPACK")
+    (description "This package provides a HTTP/2.0 library including frames
+and HPACK.  Currently HTTP/2 16 framing and HPACK 10 is supported.")
+    (license license:bsd-3)))
+
+(define-public ghc-warp
+  (package
+    (name "ghc-warp")
+    (version "3.2.11.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "warp-" version "/" "warp-" version
+                           ".tar.gz"))
+       (sha256
+        (base32
+         "1zp5cy0bbj508vdvms1n5z80z37m253kwsqc5a83cfc990n6fgw5"))))
+    (build-system haskell-build-system)
+    (arguments
+     `(#:tests? #f)) ; FIXME: Test-Suite `spec` fails.
+    (inputs
+     `(("ghc-async" ,ghc-async)
+       ("ghc-auto-update" ,ghc-auto-update)
+       ("ghc-blaze-builder" ,ghc-blaze-builder)
+       ("ghc-bytestring-builder" ,ghc-bytestring-builder)
+       ("ghc-case-insensitive" ,ghc-case-insensitive)
+       ("ghc-hashable" ,ghc-hashable)
+       ("ghc-http-types" ,ghc-http-types)
+       ("ghc-iproute" ,ghc-iproute)
+       ("ghc-network" ,ghc-network)
+       ("ghc-stm" ,ghc-stm)
+       ("ghc-streaming-commons" ,ghc-streaming-commons)
+       ("ghc-text" ,ghc-text)
+       ("ghc-unix-compat" ,ghc-unix-compat)
+       ("ghc-vault" ,ghc-vault)
+       ("ghc-wai" ,ghc-wai)
+       ("ghc-word8" ,ghc-word8)
+       ("ghc-lifted-base" ,ghc-lifted-base)
+       ("ghc-http-date" ,ghc-http-date)
+       ("ghc-simple-sendfile" ,ghc-simple-sendfile)
+       ("ghc-http2" ,ghc-http2)))
+    (native-inputs
+     `(("ghc-silently" ,ghc-silently)
+       ("ghc-hspec" ,ghc-hspec)
+       ("ghc-auto-update" ,ghc-auto-update)
+       ("ghc-doctest" ,ghc-doctest)
+       ("ghc-quickcheck" ,ghc-quickcheck)
+       ("ghc-hunit" ,ghc-hunit)
+       ("ghc-http" ,ghc-http)
+       ("hspec-discover" ,hspec-discover)))
+    (home-page "http://github.com/yesodweb/wai")
+    (synopsis "HTTP server library for Haskell's WAI")
+    (description "Warp is a server library for HTTP/1.x and HTTP/2
+based WAI (Web Application Interface in Haskell).")
+    (license license:expat)))
+
+(define-public ghc-warp-tls
+  (package
+    (name "ghc-warp-tls")
+    (version "3.2.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "warp-tls-" version "/"
+                           "warp-tls-" version ".tar.gz"))
+       (sha256
+        (base32
+         "14m2bzk5ivz9gdpxlcj6qnh46f2lycm1ybdjnfkj2876zrqwii7m"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-cryptonite" ,ghc-cryptonite)
+       ("ghc-data-default-class" ,ghc-data-default-class)
+       ("ghc-network" ,ghc-network)
+       ("ghc-streaming-commons" ,ghc-streaming-commons)
+       ("ghc-tls" ,ghc-tls)
+       ("ghc-wai" ,ghc-wai)
+       ("ghc-warp" ,ghc-warp)))
+    (home-page "http://github.com/yesodweb/wai")
+    (synopsis "SSL/TLS support for Warp")
+    (description "This package provides SSL/TLS support for Warp,
+a WAI handler, via the native Haskell TLS implementation.")
+    (license license:expat)))
+
+(define-public ghc-http-conduit
+  (package
+    (name  "ghc-http-conduit")
+    (version "2.2.3.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "http-conduit-" version "/" "http-conduit-"
+                           version ".tar.gz"))
+       (sha256 (base32
+                "03na2nbm9la0shlijvjyb5mpp1prfskk4jmjy8iz707r0731dbjk"))))
+    (build-system haskell-build-system)
+    ;; FIXME: `httpLbs TLS` in test-suite `test` fails with
+    ;; ConnectionFailure getProtocolByName: does not exist (no such protocol
+    ;; name: tcp)
+    (arguments `(#:tests? #f))
+    (inputs
+     `(("ghc-aeson" ,ghc-aeson)
+       ("ghc-resourcet" ,ghc-resourcet)
+       ("ghc-conduit" ,ghc-conduit)
+       ("ghc-conduit-extra" ,ghc-conduit-extra)
+       ("ghc-http-types" ,ghc-http-types)
+       ("ghc-lifted-base" ,ghc-lifted-base)
+       ("ghc-http-client" ,ghc-http-client)
+       ("ghc-http-client-tls" ,ghc-http-client-tls)
+       ("ghc-monad-control" ,ghc-monad-control)
+       ("ghc-mtl" ,ghc-mtl)
+       ("ghc-exceptions" ,ghc-exceptions)))
+    (native-inputs
+     `(("ghc-hunit" ,ghc-hunit)
+       ("ghc-hspec" ,ghc-hspec)
+       ("ghc-data-default-class" ,ghc-data-default-class)
+       ("ghc-connection" ,ghc-connection)
+       ("ghc-warp-tls" ,ghc-warp-tls)
+       ("ghc-blaze-builder" ,ghc-blaze-builder)
+       ("ghc-text" ,ghc-text)
+       ("ghc-conduit" ,ghc-conduit)
+       ("ghc-utf8-string" ,ghc-utf8-string)
+       ("ghc-case-insensitive" ,ghc-case-insensitive)
+       ("ghc-lifted-base" ,ghc-lifted-base)
+       ("ghc-network" ,ghc-network)
+       ("ghc-wai" ,ghc-wai)
+       ("ghc-warp" ,ghc-warp)
+       ("ghc-wai-conduit" ,ghc-wai-conduit)
+       ("ghc-http-types" ,ghc-http-types)
+       ("ghc-http-client" ,ghc-http-client)
+       ("ghc-cookie" ,ghc-cookie)
+       ("ghc-conduit-extra" ,ghc-conduit-extra)
+       ("ghc-streaming-commons" ,ghc-streaming-commons)
+       ("ghc-aeson" ,ghc-aeson)
+       ("ghc-temporary" ,ghc-temporary)
+       ("ghc-resourcet" ,ghc-resourcet)))
+    (home-page "https://hackage.haskell.org/package/http-conduit")
+    (synopsis "HTTP/HTTPS client with conduit interface")
+    (description "This library uses attoparsec for parsing the actual
+contents of the HTTP connection.  It also provides higher-level functions
+which allow you to avoid direct usage of conduits.")
+    (license license:bsd-3)))
+
 ;;; haskell.scm ends here
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 317b1a0a30..7c4a18a4af 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -415,7 +415,7 @@ the W3C's XML-based Scaleable Vector Graphic (SVG) format.")
 (define-public leptonica
   (package
     (name "leptonica")
-    (version "1.74.0")
+    (version "1.74.4")
     (source
      (origin
        (method url-fetch)
@@ -424,7 +424,7 @@ the W3C's XML-based Scaleable Vector Graphic (SVG) format.")
              ".tar.gz"))
        (file-name (string-append "leptonica-" version ".tar.gz"))
        (sha256
-        (base32 "0i2a4vx9gizki0wgmv03xjz8j9d8agkvbag1a8m4kcw4asd4p87g"))))
+        (base32 "10pw7pwccd0m0fc9rlrr2m41s7j1qvba2wcrav17pw1gclkf34i0"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("gnuplot" ,gnuplot)             ;needed for test suite
@@ -850,16 +850,18 @@ channels.")
 (define-public exiv2
   (package
     (name "exiv2")
-    (version "0.25")
+    (version "0.26")
     (source (origin
              (method url-fetch)
-             (uri (list (string-append "http://www.exiv2.org/exiv2-"
+             (uri (list (string-append "http://www.exiv2.org/builds/exiv2-"
+                                       version "-trunk.tar.gz")
+                        (string-append "http://www.exiv2.org/exiv2-"
                                        version ".tar.gz")
                         (string-append "https://fossies.org/linux/misc/exiv2-"
                                        version ".tar.gz")))
              (sha256
               (base32
-               "197g6vgcpyf9p2cwn5p5hb1r714xsk1v4p96f5pv1z8mi9vzq2y8"))))
+               "1hsdzlzgkipprqh93yj81mrckl2l7c2mn2i84691pallnjz5qqhc"))))
     (build-system gnu-build-system)
     (arguments '(#:tests? #f))                    ; no `check' target
     (propagated-inputs
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index 9a129b8d91..7bdf97f98a 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -51,10 +51,12 @@
   #:use-module (gnu packages guile)
   #:use-module (gnu packages icu4c)
   #:use-module (gnu packages image)
+  #:use-module (gnu packages libffi)
   #:use-module (gnu packages linux) ;alsa
   #:use-module (gnu packages wget)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages perl)
+  #:use-module (gnu packages popt)
   #:use-module (gnu packages kerberos)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages xorg)
@@ -160,8 +162,22 @@ This package provides the classpath library.")
                 "1jyg4bsym6igz94wps5443c7wiwlzinqzkchcw972nz4kf1cql6g"))))
     (build-system gnu-build-system)
     (arguments
-     `(#:phases
+     `(#:configure-flags
+       (list "--with-internal-libffi=no"
+             "--with-internal-libpopt=no")
+       #:phases
        (modify-phases %standard-phases
+         (add-after 'unpack 'remove-timestamp-for-reproducibility
+           (lambda _
+             (substitute* "src/sablevm/Makefile.in"
+               (("\\$\\(SVMCOMPILETIME\\)") "(unknown)"))
+             #t))
+         (add-after 'unpack 'link-with-popt
+           (lambda _
+             (substitute* "src/sablevm/Makefile.in"
+               (("\\$\\(SVMADD\\)" match)
+                (string-append match " -lpopt")))
+             #t))
          (add-after 'unpack 'patch-path-to-classpath
            (lambda* (#:key inputs #:allow-other-keys)
              (substitute* "Makefile.in"
@@ -179,7 +195,9 @@ This package provides the classpath library.")
     (inputs
      `(("classpath" ,sablevm-classpath)
        ("jikes" ,jikes)
-       ("zlib" ,zlib)))
+       ("zlib" ,zlib)
+       ("popt" ,popt)
+       ("libffi" ,libffi)))
     (native-inputs
      `(("libltdl" ,libltdl)))
     (home-page "http://sablevm.org/")
diff --git a/gnu/packages/kde.scm b/gnu/packages/kde.scm
index a5ad8da062..0a416148cb 100644
--- a/gnu/packages/kde.scm
+++ b/gnu/packages/kde.scm
@@ -39,7 +39,7 @@
 (define-public kdevelop
   (package
     (name "kdevelop")
-    (version "5.1.0")
+    (version "5.1.1")
     (source
       (origin
         (method url-fetch)
@@ -48,7 +48,7 @@
                             version ".tar.xz"))
         (sha256
          (base32
-          "1s4cbkx2a0p73b52yxmf5dhv08xk9pxgrkjsnbzy76ssfr545g60"))))
+          "0m6pnmylp1gij5cr75waz8hjry5894qillj5977h467hnbzs808a"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -100,6 +100,7 @@
                     (kio (assoc-ref inputs "kio"))
                     (kcmutils (assoc-ref inputs "kcmutils"))
                     (qtquickcontrols (assoc-ref inputs "qtquickcontrols"))
+                    (qtbase (assoc-ref inputs "qtbase"))
                     (qtdeclarative (assoc-ref inputs "qtdeclarative"))
                     (profile "$HOME/.guix-profile")
                     (qml "/qml"))
@@ -107,6 +108,8 @@
                  `("XDG_DATA_DIRS" ":" prefix
                    ,(map (lambda (s) (string-append s "/share"))
                          (list profile out kdevplatform kcmutils)))
+                 `("QT_QPA_PLATFORM_PLUGIN_PATH" ":" =
+                   (,(string-append qtbase "/plugins/platforms")))
                  `("QT_PLUGIN_PATH" ":" prefix
                    ,(map (lambda (s) (string-append s "/lib/plugins"))
                          (list profile out kdevplatform kio)))
@@ -148,7 +151,7 @@ for some KDevelop language plugins (Ruby, PHP, CSS...).")
 (define-public kdevplatform
   (package
     (name "kdevplatform")
-    (version "5.1.0")
+    (version "5.1.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://kde/stable/kdevelop"
@@ -156,7 +159,7 @@ for some KDevelop language plugins (Ruby, PHP, CSS...).")
                                   version ".tar.xz"))
               (sha256
                (base32
-                "1nxf66vk6p7lmckdsha9fpq3zchwbg79qhy49f4hndlxgj03p7zh"))))
+                "09p7lvniw55g6x8v8wl3azlps8c13yx03x1m9cd3qdxi282l8n9i"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
diff --git a/gnu/packages/ldc.scm b/gnu/packages/ldc.scm
index 59036a5315..5707b9476b 100644
--- a/gnu/packages/ldc.scm
+++ b/gnu/packages/ldc.scm
@@ -77,105 +77,105 @@ and freshness without requiring additional information from the user.")
     (license license:boost1.0)))
 
 (define-public ldc-bootstrap
-  (package
-    (name "ldc")
-    (version "0.17.3")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append
-                    "https://github.com/ldc-developers/ldc/archive/v"
-                    version ".tar.gz"))
-              (file-name (string-append name "-" version ".tar.gz"))
-              (sha256
-               (base32
-                "135rgwwk82ccqp4n3fhqz4696jmvip90fg5ql2kccq5h1r71gb82"))))
-    (build-system cmake-build-system)
-    (supported-systems '("x86_64-linux" "i686-linux" "armhf-linux"))
-    (arguments
-     `(#:phases
-       (modify-phases %standard-phases
-         (add-after 'unpack 'unpack-submodule-sources
-           (lambda* (#:key inputs #:allow-other-keys)
-             (let ((unpack (lambda (source target)
-                             (with-directory-excursion target
-                               (zero? (system* "tar" "xvf"
-                                               (assoc-ref inputs source)
-                                               "--strip-components=1"))))))
-               (and (unpack "phobos-src" "runtime/phobos")
-                    (unpack "druntime-src" "runtime/druntime")
-                    (unpack "dmd-testsuite-src" "tests/d2/dmd-testsuite")))))
-         (add-after 'unpack-submodule-sources 'patch-dmd2
-           (lambda* (#:key inputs #:allow-other-keys)
-             (substitute* "dmd2/root/port.c"
-               ((" ::isnan") " isnan")
-               ((" ::isinf") " isinf")
-               (("#undef isnan") "")
-               (("#undef isinf") ""))
-             #t))
-         (add-after 'unpack-submodule-sources 'patch-phobos
-           (lambda* (#:key inputs #:allow-other-keys)
-             (substitute* "runtime/phobos/std/process.d"
-               (("/bin/sh") (which "sh"))
-               (("echo") (which "echo")))
-             (substitute* "runtime/phobos/std/datetime.d"
-               (("/usr/share/zoneinfo/")
-                (string-append (assoc-ref inputs "tzdata") "/share/zoneinfo")))
-             (substitute* "tests/d2/dmd-testsuite/Makefile"
-               (("/bin/bash") (which "bash")))
-             ;; FIXME: this test cannot be linked.
-             (delete-file "tests/d2/dmd-testsuite/runnable/cppa.d")
-             #t)))))
-    (inputs
-     `(("libconfig" ,libconfig)
-       ("libedit" ,libedit)
-       ("tzdata" ,tzdata)
-       ("zlib" ,zlib)))
-    (native-inputs
-     `(("llvm" ,llvm)
-       ("clang" ,clang)
-       ("python-lit" ,python-lit)
-       ("python-wrapper" ,python-wrapper)
-       ("unzip" ,unzip)
-       ("phobos-src"
-        ,(origin
-           (method url-fetch)
-           (uri (string-append
-                 "https://github.com/ldc-developers/phobos/archive/ldc-v"
-                 version ".tar.gz"))
-           (sha256
-            (base32
-             "0qywnvnp019mmmr74aw90ir9f03iz0hc7cgzna609agsar0b27jl"))
-           (patches (search-patches "ldc-disable-tests.patch"))))
-       ("druntime-src"
-        ,(origin
-           (method url-fetch)
-           (uri (string-append
-                 "https://github.com/ldc-developers/druntime/archive/ldc-v"
-                 version ".tar.gz"))
-           (sha256
-            (base32
-             "0z418n6x2fxac07sxpi4rl69069qiym4w6r9sjppn91q58qh8hjs"))))
-       ("dmd-testsuite-src"
-        ,(origin
-           (method url-fetch)
-           (uri (string-append
-                 "https://github.com/ldc-developers/dmd-testsuite/archive/ldc-v"
-                 version ".tar.gz"))
-           (sha256
-            (base32
-             "196mkfax5y3yqm3gz7jhqhnkjwrvr2m4a8nc9k41l0511ldzsk9x"))))))
-    (home-page "http://wiki.dlang.org/LDC")
-    (synopsis "LLVM compiler for the D programming language")
-    (description
-     "LDC is a compiler for the D programming language.  It is based on the
+  (let ((runtime-version "0.17.3"))
+    (package
+      (name "ldc")
+      (version "0.17.4")
+      (source (origin
+                (method url-fetch)
+                (uri (string-append
+                      "https://github.com/ldc-developers/ldc/archive/v"
+                      version ".tar.gz"))
+                (file-name (string-append name "-" version ".tar.gz"))
+                (sha256
+                 (base32
+                  "1kw0j378k6bh0k66dvx99bjq8ilp8bb24w3jrmibn8rhmqv0d5q8"))))
+      (build-system cmake-build-system)
+      (supported-systems '("x86_64-linux" "i686-linux" "armhf-linux"))
+      (arguments
+       `(#:phases
+         (modify-phases %standard-phases
+           (add-after 'unpack 'unpack-submodule-sources
+             (lambda* (#:key inputs #:allow-other-keys)
+               (let ((unpack (lambda (source target)
+                               (with-directory-excursion target
+                                 (zero? (system* "tar" "xvf"
+                                                 (assoc-ref inputs source)
+                                                 "--strip-components=1"))))))
+                 (and (unpack "phobos-src" "runtime/phobos")
+                      (unpack "druntime-src" "runtime/druntime")
+                      (unpack "dmd-testsuite-src" "tests/d2/dmd-testsuite")))))
+           (add-after 'unpack-submodule-sources 'patch-dmd2
+             (lambda* (#:key inputs #:allow-other-keys)
+               (substitute* "dmd2/root/port.c"
+                 ((" ::isnan") " isnan")
+                 ((" ::isinf") " isinf")
+                 (("#undef isnan") "")
+                 (("#undef isinf") ""))
+               #t))
+           (add-after 'unpack-submodule-sources 'patch-phobos
+             (lambda* (#:key inputs #:allow-other-keys)
+               (substitute* "runtime/phobos/std/process.d"
+                 (("/bin/sh") (which "sh"))
+                 (("echo") (which "echo")))
+               (substitute* "runtime/phobos/std/datetime.d"
+                 (("/usr/share/zoneinfo/")
+                  (string-append (assoc-ref inputs "tzdata") "/share/zoneinfo")))
+               (substitute* "tests/d2/dmd-testsuite/Makefile"
+                 (("/bin/bash") (which "bash")))
+               ;; FIXME: this test cannot be linked.
+               (delete-file "tests/d2/dmd-testsuite/runnable/cppa.d")
+               #t)))))
+      (inputs
+       `(("libconfig" ,libconfig)
+         ("libedit" ,libedit)
+         ("tzdata" ,tzdata)
+         ("zlib" ,zlib)))
+      (native-inputs
+       `(("llvm" ,llvm)
+         ("clang" ,clang)
+         ("python-lit" ,python-lit)
+         ("python-wrapper" ,python-wrapper)
+         ("unzip" ,unzip)
+         ("phobos-src"
+          ,(origin
+             (method url-fetch)
+             (uri (string-append
+                   "https://github.com/ldc-developers/phobos/archive/ldc-v"
+                   runtime-version ".tar.gz"))
+             (sha256
+              (base32
+               "0qywnvnp019mmmr74aw90ir9f03iz0hc7cgzna609agsar0b27jl"))
+             (patches (search-patches "ldc-disable-tests.patch"))))
+         ("druntime-src"
+          ,(origin
+             (method url-fetch)
+             (uri (string-append
+                   "https://github.com/ldc-developers/druntime/archive/ldc-v"
+                   runtime-version ".tar.gz"))
+             (sha256
+              (base32
+               "0z418n6x2fxac07sxpi4rl69069qiym4w6r9sjppn91q58qh8hjs"))))
+         ("dmd-testsuite-src"
+          ,(origin
+             (method url-fetch)
+             (uri (string-append
+                   "https://github.com/ldc-developers/dmd-testsuite/archive/ldc-v"
+                   runtime-version ".tar.gz"))
+             (sha256
+              (base32
+               "196mkfax5y3yqm3gz7jhqhnkjwrvr2m4a8nc9k41l0511ldzsk9x"))))))
+      (home-page "http://wiki.dlang.org/LDC")
+      (synopsis "LLVM compiler for the D programming language")
+      (description
+       "LDC is a compiler for the D programming language.  It is based on the
 latest DMD frontend and uses LLVM as backend.")
-    ;; Most of the code is released under BSD-3, except for code originally
-    ;; written for GDC, which is released under GPLv2+, and the DMD frontend,
-    ;; which is released under the "Boost Software License version 1.0".
-    (license (list license:bsd-3
-                   license:gpl2+
-                   license:boost1.0))))
-
+      ;; Most of the code is released under BSD-3, except for code originally
+      ;; written for GDC, which is released under GPLv2+, and the DMD frontend,
+      ;; which is released under the "Boost Software License version 1.0".
+      (license (list license:bsd-3
+                     license:gpl2+
+                     license:boost1.0)))))
 
 (define-public ldc
   ;; The phobos, druntime and dmd-testsuite dependencies do not have a newer
diff --git a/gnu/packages/libreoffice.scm b/gnu/packages/libreoffice.scm
index 42e47a5109..809e28e27b 100644
--- a/gnu/packages/libreoffice.scm
+++ b/gnu/packages/libreoffice.scm
@@ -584,14 +584,15 @@ text documents, vector drawings, presentations and spreadsheets.")
 (define-public libmwaw
   (package
     (name "libmwaw")
-    (version "0.3.5")
+    (version "0.3.11")
     (source
      (origin
       (method url-fetch)
       (uri (string-append "mirror://sourceforge/" name "/" name "/" name "-"
                           version "/" name "-" version ".tar.xz"))
+      (patches (search-patches "libmwaw-CVE-2017-9433.patch"))
       (sha256 (base32
-               "1vx9h419fcfcs0yj071hsg9d2qvkacgca6052m8hv3h743cdmzil"))))
+               "16i9s9p4sjpdpbm3gq6jkc9r3nyfy47ggkdlgh7vr0mydccklj2b"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("doxygen" ,doxygen)
diff --git a/gnu/packages/lighting.scm b/gnu/packages/lighting.scm
index 5f816dc54b..7f01cdbc99 100644
--- a/gnu/packages/lighting.scm
+++ b/gnu/packages/lighting.scm
@@ -36,7 +36,7 @@
 (define-public ola
   (package
     (name "ola")
-    (version "0.10.3")
+    (version "0.10.4")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -45,7 +45,7 @@
               (patches (search-patches "ola-readdir-r.patch"))
               (sha256
                (base32
-                "1yf1yy9n64n73zjq2bwc0gik0dd3n05297hdrrma2qvb0imzm5h1"))))
+                "01zpm0vpin784jyjhbdad097a4i0cjdfrqqfbsvx47d6nbssq2my"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("bison" ,bison)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 8e17f29581..f7e6853b62 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -358,8 +358,8 @@ It has been modified to remove all non-free binary blobs.")
 
 (define %intel-compatible-systems '("x86_64-linux" "i686-linux"))
 
-(define %linux-libre-version "4.11.4")
-(define %linux-libre-hash "11nd9pv18vz3g82ja71dkz9mbs0ffb8yamsd44d381szmmm2kpj8")
+(define %linux-libre-version "4.11.6")
+(define %linux-libre-hash "0xay0m2a4la8aqc8ai8zqfh1c1i6sjgh0dywm7nis0g1gqirwrds")
 
 (define-public linux-libre
   (make-linux-libre %linux-libre-version
@@ -368,32 +368,22 @@ It has been modified to remove all non-free binary blobs.")
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.9
-  (make-linux-libre "4.9.31"
-                    "0amc35c9f2rym6grb277yscnx8ybn8d4fbc2a59sgkg1lsdv7n4q"
+  (make-linux-libre "4.9.33"
+                    "1dam6vqymhlx1vsl0lzxphamiifgyf97snxg18b2czqq402nz094"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.4
-  (make-linux-libre "4.4.71"
-                    "0nrd165crx9m9s1px98if6q5dcdqwmas9kh8i4rw51gz2xinh0gx"
+  (make-linux-libre "4.4.73"
+                    "144ssqw1dr86z4cgl797pq5rggfibsxqk7wmfbl6j92l1cj6yjrz"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.1
-  (make-linux-libre "4.1.40"
-                    "0ygc5qaxwd4yxyzyq6qya9w111q24xqzxd33x73pmg3hr7asvy4x"
+  (make-linux-libre "4.1.41"
+                    "02mqfl899jxvrmxlh8lvcgvm3klwd8wbsdz4rr2gpchbggj4vgb2"
                     %intel-compatible-systems
-                    #:configuration-file kernel-config
-                    #:patches
-                    (list %boot-logo-patch
-                          (origin
-                            (method url-fetch)
-                            (uri "\
-https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4")
-                            (file-name "linux-libre-CVE-2017-6074.patch")
-                            (sha256
-                             (base32
-                              "1x40slfz1qxgiaznyy13bwlh34450pkyyrkljpyjlx6c4mrzb1jj"))))))
+                    #:configuration-file kernel-config))
 
 (define-public linux-libre-arm-generic
   (make-linux-libre %linux-libre-version
@@ -3387,14 +3377,14 @@ the default @code{nsswitch} and the experimental @code{umich_ldap}.")
 (define-public mcelog
   (package
     (name "mcelog")
-    (version "152")
+    (version "153")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://git.kernel.org/cgit/utils/cpu/mce/"
                                   "mcelog.git/snapshot/v" version ".tar.gz"))
               (sha256
                (base32
-                "0df1kbiw1pl84l6b9g515lpk5a81hmy8r27yakr4hrmi2vwzdfh6"))
+                "0q40d60p1klzg0aznvxhxgjlddwcxfj2q59s4q86sf9ild6rcdhl"))
               (file-name (string-append name "-" version ".tar.gz"))
               (modules '((guix build utils)))
               (snippet
@@ -3960,10 +3950,11 @@ userspace queueing component and the logging subsystem.")
                               ;; build currently.)
                               (system* "make" "-C" "src" "install"
                                        (string-append "PREFIX=" out)))
-                             (begin
-                               (install-file "doc/proot/man.1"
-                                             (string-append out "/share"
-                                                            "/man/man1"))
+                             (let ((man1 (string-append out
+                                                        "/share/man/man1")))
+                               (mkdir-p man1)
+                               (copy-file "doc/proot/man.1"
+                                          (string-append man1 "/proot.1"))
                                #t))))))))
     (native-inputs `(("which" ,which)
 
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 02a4f26022..f4003d7391 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -15,7 +15,7 @@
 ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox.org>
 ;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2016 Troy Sankey <sankeytms@gmail.com>
-;;; Copyright © 2016, 2017 ng0 <ng0@no-reply.pragmatique.xyz>
+;;; Copyright © 2016, 2017 ng0 <ng0@no-reply.infotropique.org>
 ;;; Copyright © 2016 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2016, 2017 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
@@ -265,7 +265,7 @@ operating systems.")
   (package
     (inherit mutt)
     (name "neomutt")
-    (version "20170602")
+    (version "20170609")
     (source
      (origin
        (method url-fetch)
@@ -273,7 +273,7 @@ operating systems.")
                            "/archive/" name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1kzhkz8bdqbdh5b6pzqb6ikp8d3nsic906b5pkmi6qlaga32yxjk"))))
+         "1kdhnhdlv84v6brhqgh8g0h6cpcbwfc59b4g09zkkgqc4fnggapy"))))
     (inputs
      `(("cyrus-sasl" ,cyrus-sasl)
        ("gdbm" ,gdbm)
@@ -296,10 +296,7 @@ operating systems.")
        ("pkg-config" ,pkg-config)))
     (arguments
      `(#:configure-flags
-       (list "--enable-smtp"
-             "--enable-imap"
-             "--enable-pop"
-             "--enable-gpgme"
+       (list "--enable-gpgme"
 
              ;; database, implies header caching
              "--without-tokyocabinet"
@@ -325,8 +322,6 @@ operating systems.")
              "--with-mailpath=/var/mail"
 
              "--with-external-dotlock"
-             "--enable-nntp"
-             "--enable-compressed"
 
              (string-append "--with-curses="
                             (assoc-ref %build-inputs "ncurses")))
diff --git a/gnu/packages/mate.scm b/gnu/packages/mate.scm
index a39cd25d30..316385a6f8 100644
--- a/gnu/packages/mate.scm
+++ b/gnu/packages/mate.scm
@@ -37,7 +37,7 @@
 (define-public mate-icon-theme
   (package
     (name "mate-icon-theme")
-    (version "1.16.0")
+    (version "1.18.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://pub.mate-desktop.org/releases/"
@@ -45,7 +45,7 @@
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1zldw22p1i76iss8car39pmfagpfxxlfk1fdhvr4x5r6gf36gv7d"))))
+                "0si3li3kza7s45zhasjvqn5f85zpkn0x8i4kq1dlnqvjjqzkg4ch"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
@@ -92,7 +92,7 @@ themes for both gtk+-2 and gtk+-3.")
 (define-public mate-desktop
   (package
     (name "mate-desktop")
-    (version "1.16.1")
+    (version "1.18.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://pub.mate-desktop.org/releases/"
@@ -100,11 +100,8 @@ themes for both gtk+-2 and gtk+-3.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1pzncfgrzp2mp9407ivk1113hkadpf110blr058h31jkwsk8syjq"))))
+                "12iv2y4dan962fs7vkkxbjkp77pbvjnwfa43ggr0zkdsc3ydjbbg"))))
     (build-system gnu-build-system)
-    (arguments
-     `(#:configure-flags '("--with-gtk=3.0"
-                           "--enable-mpaste")))
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("intltool" ,intltool)
@@ -115,7 +112,6 @@ themes for both gtk+-2 and gtk+-3.")
     (inputs
      `(("gtk+" ,gtk+)
        ("libxrandr" ,libxrandr)
-       ("python2" ,python-2)
        ("startup-notification" ,startup-notification)))
     (propagated-inputs
      `(("dconf" ,dconf))) ; mate-desktop-2.0.pc
@@ -129,7 +125,7 @@ desktop and the mate-about program.")
 (define-public libmateweather
   (package
     (name "libmateweather")
-    (version "1.16.1")
+    (version "1.18.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://pub.mate-desktop.org/releases/"
@@ -137,14 +133,13 @@ desktop and the mate-about program.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0w1b8b1ckmkbvwnqi9yh2lwbskzhz99s5yxdkar5xiqylnjrwmm3"))))
+                "0z6vfh42fv9rqjrraqfpf6h9nd9h662bxy3l3r48j19xvxrwmx3a"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
-       `("--with-gtk=3.0"
-         ,(string-append "--with-zoneinfo-dir="
-                         (assoc-ref %build-inputs "tzdata")
-                         "/share/zoneinfo"))
+       (list (string-append "--with-zoneinfo-dir="
+                            (assoc-ref %build-inputs "tzdata")
+                            "/share/zoneinfo"))
        #:phases
        (modify-phases %standard-phases
          (add-before
@@ -178,7 +173,7 @@ the MATE desktop environment.")
 (define-public mate-menus
   (package
     (name "mate-menus")
-    (version "1.16.0")
+    (version "1.18.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://pub.mate-desktop.org/releases/"
@@ -186,7 +181,7 @@ the MATE desktop environment.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0crw07iszwsqk54y8znfqdgfz76rjdz8992v4q9kpwwlrl11xmc5"))))
+                "05kyr37xqv6hm1rlvnqd5ng0x1n883brqynkirkk5drl56axnz7h"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/mpd.scm b/gnu/packages/mpd.scm
index 1ed8e967ef..11ca2d1979 100644
--- a/gnu/packages/mpd.scm
+++ b/gnu/packages/mpd.scm
@@ -75,7 +75,7 @@ interfacing MPD in the C, C++ & Objective C languages.")
 (define-public mpd
   (package
     (name "mpd")
-    (version "0.20.6")
+    (version "0.20.9")
     (source (origin
               (method url-fetch)
               (uri
@@ -84,7 +84,7 @@ interfacing MPD in the C, C++ & Objective C languages.")
                               "/mpd-" version ".tar.xz"))
               (sha256
                (base32
-                "0isbpa79m7zf09w3s1ry638cw96rxasy1ch66zl01k75i48mw1gl"))))
+                "1dsfwd0i81x8m9idi7idm9612mpf1g5lzcy69h04nd9jks3a4xyd"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 57a02e9f4a..5d1c432da3 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -14,6 +14,7 @@
 ;;; Copyright © 2016, 2017 Pjotr Prins <pjotr.guix@thebird.nl>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -31,12 +32,12 @@
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
 (define-module (gnu packages networking)
-  #:use-module (guix build-system perl)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix build-system glib-or-gtk)
   #:use-module (guix build-system gnu)
+  #:use-module (guix build-system perl)
   #:use-module (guix build-system python)
   #:use-module (gnu packages)
   #:use-module (gnu packages admin)
@@ -64,7 +65,8 @@
   #:use-module (gnu packages python)
   #:use-module (gnu packages textutils)
   #:use-module (gnu packages tls)
-  #:use-module (gnu packages valgrind))
+  #:use-module (gnu packages valgrind)
+  #:use-module (ice-9 match))
 
 (define-public macchanger
   (package
@@ -433,7 +435,7 @@ and up to 1 Mbit/s downstream.")
 (define-public whois
   (package
     (name "whois")
-    (version "5.2.15")
+    (version "5.2.16")
     (source
      (origin
        (method url-fetch)
@@ -441,7 +443,7 @@ and up to 1 Mbit/s downstream.")
                            name "_" version ".tar.xz"))
        (sha256
         (base32
-         "123ingf699javzh8qm6ny10nl28zbjzasa4k5pcn0qzw1dlnnnks"))))
+         "0fpwac26ja0rdqsbxyjcsk8gxgixfpxk0baj3rhnpaff3jv0ilp9"))))
     (build-system gnu-build-system)
     ;; TODO: unbundle mkpasswd binary + its po files.
     (arguments
@@ -634,7 +636,12 @@ live network and disk I/O bandwidth monitor.")
                       "libnl=true"
                       "pcre=true"
                       "experimental=true" ;build wesside-ng, etc.
-                      "AVX2FLAG=N" "AVX1FLAG=N" "SSEFLAG=Y"
+                      "AVX2FLAG=N" "AVX1FLAG=N"
+                      ,,@(match (%current-system)
+                           ((or "x86_64-linux" "i686-linux")
+                            `("SSEFLAG=Y"))
+                           (_
+                            `("NEWSSE=false")))
                       ,(string-append "prefix=" %output))
        #:phases (modify-phases %standard-phases
                   (delete 'configure)   ;no configure phase
diff --git a/gnu/packages/patches/crawl-upgrade-saves.patch b/gnu/packages/patches/crawl-upgrade-saves.patch
new file mode 100644
index 0000000000..301942dc30
--- /dev/null
+++ b/gnu/packages/patches/crawl-upgrade-saves.patch
@@ -0,0 +1,83 @@
+Store the crawl version in the textdatabases in SAVEDIR and
+upgrade the databases when the crawl version changes.
+
+By default crawl checks for a mtime difference on files in DATADIR to see if an
+upgrade is required, but guix nulls all file dates,
+and crawl would never upgrade saves.
+
+--- a/source/database.cc	2016-05-31 09:56:08.000000000 +0200
++++ a/source/database.cc	2017-06-05 03:00:19.270632107 +0200
+@@ -25,6 +25,7 @@
+ #include "syscalls.h"
+ #include "threads.h"
+ #include "unicode.h"
++#include "version.h"
+ 
+ // TextDB handles dependency checking the db vs text files, creating the
+ // db, loading, and destroying the DB.
+@@ -55,6 +56,7 @@
+     vector<string> _input_files;
+     DBM* _db;
+     string timestamp;
++    string version;
+     TextDB *_parent;
+     const char* lang() { return _parent ? Options.lang_name : 0; }
+ public:
+@@ -165,7 +167,7 @@
+ 
+ TextDB::TextDB(const char* db_name, const char* dir, ...)
+     : _db_name(db_name), _directory(dir),
+-      _db(nullptr), timestamp(""), _parent(0), translation(0)
++      _db(nullptr), timestamp(""), version(""),  _parent(0), translation(0)
+ {
+     va_list args;
+     va_start(args, dir);
+@@ -187,7 +189,7 @@
+     : _db_name(parent->_db_name),
+       _directory(parent->_directory + Options.lang_name + "/"),
+       _input_files(parent->_input_files), // FIXME: pointless copy
+-      _db(nullptr), timestamp(""), _parent(parent), translation(nullptr)
++      _db(nullptr), timestamp(""), version(""), _parent(parent), translation(nullptr)
+ {
+ }
+ 
+@@ -202,6 +204,9 @@
+         return false;
+ 
+     timestamp = _query_database(*this, "TIMESTAMP", false, false, true);
++    version = _query_database(*this, "VERSION", false, false, true);
++    if (version.empty())
++        return false;
+     if (timestamp.empty())
+         return false;
+ 
+@@ -245,6 +250,9 @@
+     string ts;
+     bool no_files = true;
+ 
++    if (string(Version::Long) != version)
++        return true;
++
+     for (const string &file : _input_files)
+     {
+         string full_input_path = _directory + file;
+@@ -261,7 +269,7 @@
+         ts += buf;
+     }
+ 
+-    if (no_files && timestamp.empty())
++    if (no_files && timestamp.empty() && version.empty())
+     {
+         // No point in empty databases, although for simplicity keep ones
+         // for disappeared translations for now.
+@@ -321,7 +329,10 @@
+             _store_text_db(full_input_path, _db);
+         }
+     }
++
++    string current_version = string(Version::Long);
+     _add_entry(_db, "TIMESTAMP", ts);
++    _add_entry(_db, "VERSION", current_version);
+ 
+     dbm_close(_db);
+     _db = 0;
diff --git a/gnu/packages/patches/gcc-4.6-gnu-inline.patch b/gnu/packages/patches/gcc-4.6-gnu-inline.patch
new file mode 100644
index 0000000000..710d358a8b
--- /dev/null
+++ b/gnu/packages/patches/gcc-4.6-gnu-inline.patch
@@ -0,0 +1,65 @@
+This patch was taken from https://gcc.gnu.org/ml/gcc-patches/2015-08/msg00375.html.
+It is used by propeller-gcc-4.
+
+Since the 3.0.3 release of gperf (made in May 2007), the generated func
+has had the gnu_inline attribute applied to it.  The gcc source however
+has not been updated to include that which has lead to a mismatch.
+
+In practice, this hasn't been an issue for two reasons:
+(1) Before gcc-5, the default standard was (gnu) C89, and gcc does not
+warn or throw an error in this mode.
+(2) Starting with gcc-4.8, the compiler driver used to build gcc was
+changed to C++, and g++ does not warn or throw an error in this mode.
+
+This error does show up though when using gcc-5 to build gcc-4.7 or
+older as then the default is (gnu) C11 and the C compiler driver is
+used.  That failure looks like:
+In file included from .../gcc-4.7.4/gcc/cp/except.c:990:0:
+cfns.gperf: At top level:
+cfns.gperf:101:1: error: 'gnu_inline' attribute present on 'libc_name_p'
+cfns.gperf:26:14: error: but not here
+
+Whether the compiler should always emit this error regardless of the
+active standard or compiler driver is debatable (I think it should be
+consistent -- either always do it or never do it).
+
+2015-08-06  Mike Frysinger  <vapier@gentoo.org>
+
+	* cfns.gperf [__GNUC__, __GNUC_STDC_INLINE__]: Apply the
+	__gnu_inline__ attribute.
+	* cfns.h: Regenerated.
+---
+ gcc/cp/cfns.gperf | 3 +++
+ gcc/cp/cfns.h     | 3 +++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/gcc/cp/cfns.gperf b/gcc/cp/cfns.gperf
+index 68acd3d..953262f 100644
+--- a/gcc/cp/cfns.gperf
++++ b/gcc/cp/cfns.gperf
+@@ -22,6 +22,9 @@ __inline
+ static unsigned int hash (const char *, unsigned int);
+ #ifdef __GNUC__
+ __inline
++#ifdef __GNUC_STDC_INLINE__
++__attribute__ ((__gnu_inline__))
++#endif
+ #endif
+ const char * libc_name_p (const char *, unsigned int);
+ %}
+diff --git a/gcc/cp/cfns.h b/gcc/cp/cfns.h
+index 1c6665d..6d00c0e 100644
+--- a/gcc/cp/cfns.h
++++ b/gcc/cp/cfns.h
+@@ -53,6 +53,9 @@ __inline
+ static unsigned int hash (const char *, unsigned int);
+ #ifdef __GNUC__
+ __inline
++#ifdef __GNUC_STDC_INLINE__
++__attribute__ ((__gnu_inline__))
++#endif
+ #endif
+ const char * libc_name_p (const char *, unsigned int);
+ /* maximum key range = 391, duplicates = 0 */
+-- 
+2.4.4
diff --git a/gnu/packages/patches/gspell-dash-test.patch b/gnu/packages/patches/gspell-dash-test.patch
index e737921c4b..1c9d77cfba 100644
--- a/gnu/packages/patches/gspell-dash-test.patch
+++ b/gnu/packages/patches/gspell-dash-test.patch
@@ -1,16 +1,22 @@
 Somehow, Aspell 0.60.6.1 and aspell-dict-en-2016.11.20-0 don't consider
 this a valid spelling.  Skip it.
 
---- gspell-1.3.2/testsuite/test-checker.c	2017-05-17 16:02:40.832415940 +0200
-+++ gspell-1.3.2/testsuite/test-checker.c	2017-05-17 16:02:50.768351895 +0200
-@@ -101,9 +101,6 @@ test_dashes (void)
- 
- 	checker = gspell_checker_new (lang);
- 
+TODO: Migrate to using hunspell. According to upstream, this bug won't be fixed.
+See https://bugzilla.gnome.org/show_bug.cgi?id=772406.
+--- a/testsuite/test-checker.c	2017-03-24 09:50:50.000000000 -0400
++++ b/testsuite/test-checker.c	2017-06-15 21:47:07.116173895 -0400
+@@ -105,10 +105,11 @@
+ 	 * be considered deprecated, it is better to use hunspell, so WONTFIX.
+ 	 * For more details, see:
+ 	 * https://bugzilla.gnome.org/show_bug.cgi?id=772406
++	 *
++	 * correctly_spelled = gspell_checker_check_word (checker, "spell-checking", -1, &error);
++	 * g_assert_no_error (error);
++	 * g_assert (correctly_spelled);
+ 	 */
 -	correctly_spelled = gspell_checker_check_word (checker, "spell-checking", -1, &error);
 -	g_assert_no_error (error);
 -	g_assert (correctly_spelled);
  
  	correctly_spelled = gspell_checker_check_word (checker, "nrst-auie", -1, &error);
  	g_assert_no_error (error);
-
diff --git a/gnu/packages/patches/guile-ssh-channel-finalization.patch b/gnu/packages/patches/guile-ssh-channel-finalization.patch
new file mode 100644
index 0000000000..54b5055a20
--- /dev/null
+++ b/gnu/packages/patches/guile-ssh-channel-finalization.patch
@@ -0,0 +1,28 @@
+Avoid asynchronous channel finalization, which could lead to segfaults due to
+libssh not being thread-safe: <https://bugs.gnu.org/26976>.
+
+--- guile-ssh-0.11.0/modules/ssh/dist/node.scm	2017-06-13 14:37:44.861671297 +0200
++++ guile-ssh-0.11.0/modules/ssh/dist/node.scm	2017-06-13 14:38:02.841580565 +0200
+@@ -391,11 +391,18 @@ listens on an expected port, return #f o
+   "Evaluate QUOTED-EXP on the node and return the evaluated result."
+   (let ((repl-channel (node-open-rrepl node)))
+     (rrepl-skip-to-prompt repl-channel)
+-    (call-with-values (lambda () (rrepl-eval repl-channel quoted-exp))
+-      (lambda vals
+-        (and (node-stop-repl-server? node)
++    (dynamic-wind
++      (const #t)
++      (lambda ()
++        (rrepl-eval repl-channel quoted-exp))
++      (lambda ()
++        (when (node-stop-repl-server? node)
+              (node-stop-server node))
+-        (apply values vals)))))
++
++        ;; Close REPL-CHANNEL right away to prevent finalization from
++        ;; happening in another thread at the wrong time (see
++        ;; <https://bugs.gnu.org/26976>.)
++        (close-port repl-channel)))))
+ 
+ (define (node-eval-1 node quoted-exp)
+   "Evaluate QUOTED-EXP on the node and return the evaluated result.  The
diff --git a/gnu/packages/patches/libextractor-ffmpeg-3.patch b/gnu/packages/patches/libextractor-ffmpeg-3.patch
deleted file mode 100644
index d0f83f624c..0000000000
--- a/gnu/packages/patches/libextractor-ffmpeg-3.patch
+++ /dev/null
@@ -1,360 +0,0 @@
-Fix build with ffmpeg-3, based on upstream revisions r35548 and r35549 by LRN
-and r36975 by Christian Grothoff, and backported to libextractor-1.3 by
-Mark H Weaver <mhw@netris.org>
-
---- libextractor-1.3/src/plugins/thumbnailffmpeg_extractor.c.orig	2013-12-21 11:04:41.000000000 -0500
-+++ libextractor-1.3/src/plugins/thumbnailffmpeg_extractor.c	2016-04-04 23:38:46.429041081 -0400
-@@ -59,6 +59,12 @@
- #include <ffmpeg/swscale.h>
- #endif
- 
-+#ifdef PIX_FMT_RGB24
-+#define PIX_OUTPUT_FORMAT PIX_FMT_RGB24
-+#else
-+#define PIX_OUTPUT_FORMAT AV_PIX_FMT_RGB24
-+#endif
-+
- /**
-  * Set to 1 to enable debug output.
-  */ 
-@@ -153,7 +159,7 @@
- static size_t 
- create_thumbnail (int src_width, int src_height, 
- 		  int src_stride[],
--		  enum PixelFormat src_pixfmt, 
-+		  enum AVPixelFormat src_pixfmt,
- 		  const uint8_t * const src_data[],
- 		  int dst_width, int dst_height,
- 		  uint8_t **output_data, 
-@@ -189,7 +195,8 @@
-   if (NULL == 
-       (scaler_ctx =
-        sws_getContext (src_width, src_height, src_pixfmt,
--		       dst_width, dst_height, PIX_FMT_RGB24, 
-+		       dst_width, dst_height,
-+		       PIX_OUTPUT_FORMAT,
- 		       SWS_BILINEAR, NULL, NULL, NULL)))
-     {
- #if DEBUG
-@@ -199,7 +206,12 @@
-       return 0;
-     }
- 
--  if (NULL == (dst_frame = avcodec_alloc_frame ()))
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+  dst_frame = av_frame_alloc ();
-+#else
-+  dst_frame = avcodec_alloc_frame();
-+#endif
-+  if (NULL == dst_frame)
-     {
- #if DEBUG
-       fprintf (stderr,
-@@ -209,18 +221,24 @@
-       return 0;
-     }
-   if (NULL == (dst_buffer =
--	       av_malloc (avpicture_get_size (PIX_FMT_RGB24, dst_width, dst_height))))
-+	       av_malloc (avpicture_get_size (PIX_OUTPUT_FORMAT,
-+					      dst_width, dst_height))))
-     {
- #if DEBUG
-       fprintf (stderr,
-                "Failed to allocate the destination image buffer\n");
- #endif
--      av_free (dst_frame);
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+      av_frame_free (&dst_frame);
-+#else
-+      avcodec_free_frame (&dst_frame);
-+#endif
-       sws_freeContext (scaler_ctx);
-       return 0;
-     }
-   avpicture_fill ((AVPicture *) dst_frame, dst_buffer,
--                  PIX_FMT_RGB24, dst_width, dst_height);
-+                  PIX_OUTPUT_FORMAT,
-+                  dst_width, dst_height);
-   sws_scale (scaler_ctx,
-              src_data, 
-              src_stride,
-@@ -236,7 +254,11 @@
-                "Failed to allocate the encoder output buffer\n");
- #endif
-       av_free (dst_buffer);
--      av_free (dst_frame);
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+      av_frame_free (&dst_frame);
-+#else
-+      avcodec_free_frame (&dst_frame);
-+#endif
-       sws_freeContext (scaler_ctx);
-       return 0;
-     }
-@@ -249,13 +271,17 @@
- #endif
-       av_free (encoder_output_buffer);
-       av_free (dst_buffer);
--      av_free (dst_frame);
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+      av_frame_free (&dst_frame);
-+#else
-+      avcodec_free_frame (&dst_frame);
-+#endif
-       sws_freeContext (scaler_ctx);
-       return 0;
-     }
-   encoder_codec_ctx->width = dst_width;
-   encoder_codec_ctx->height = dst_height;
--  encoder_codec_ctx->pix_fmt = PIX_FMT_RGB24;
-+  encoder_codec_ctx->pix_fmt = PIX_OUTPUT_FORMAT;
-   opts = NULL;
-   if (avcodec_open2 (encoder_codec_ctx, encoder_codec, &opts) < 0)
-     {
-@@ -263,10 +289,14 @@
-       fprintf (stderr,
-                "Failed to open the encoder\n");
- #endif
--      av_free (encoder_codec_ctx);
-+      avcodec_free_context (&encoder_codec_ctx);
-       av_free (encoder_output_buffer);
-       av_free (dst_buffer);
--      av_free (dst_frame);
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+      av_frame_free (&dst_frame);
-+#else
-+      avcodec_free_frame (&dst_frame);
-+#endif
-       sws_freeContext  (scaler_ctx);
-       return 0;
-     }
-@@ -295,9 +325,13 @@
- cleanup:
-   av_dict_free (&opts);
-   avcodec_close (encoder_codec_ctx);
--  av_free (encoder_codec_ctx);
-+  avcodec_free_context (&encoder_codec_ctx);
-   av_free (dst_buffer);
--  av_free (dst_frame);
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+  av_frame_free (&dst_frame);
-+#else
-+  avcodec_free_frame (&dst_frame);
-+#endif
-   sws_freeContext (scaler_ctx);
-   *output_data = encoder_output_buffer;
- 
-@@ -406,18 +440,23 @@
-       fprintf (stderr,
- 	       "Failed to open image codec\n");
- #endif
--      av_free (codec_ctx);
-+      avcodec_free_context (&codec_ctx);
-       return;
-     }
-   av_dict_free (&opts);
--  if (NULL == (frame = avcodec_alloc_frame ()))
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+  frame = av_frame_alloc ();
-+#else
-+  frame = avcodec_alloc_frame();
-+#endif
-+  if (NULL == frame)
-     {
- #if DEBUG
-       fprintf (stderr,
-                "Failed to allocate frame\n");
- #endif
-       avcodec_close (codec_ctx);
--      av_free (codec_ctx);
-+      avcodec_free_context (&codec_ctx);
-       return;
-     }
- 
-@@ -441,9 +480,13 @@
-       fprintf (stderr,
- 	       "Failed to decode a complete frame\n");
- #endif
--      av_free (frame);
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+      av_frame_free (&frame);
-+#else
-+      avcodec_free_frame (&frame);
-+#endif
-       avcodec_close (codec_ctx);
--      av_free (codec_ctx);
-+      avcodec_free_context (&codec_ctx);
-       return;
-     }
-   calculate_thumbnail_dimensions (codec_ctx->width, codec_ctx->height,
-@@ -467,9 +510,13 @@
- 		err);
-       av_free (encoded_thumbnail);
-     }
--  av_free (frame);
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+  av_frame_free (&frame);
-+#else
-+  avcodec_free_frame (&frame);
-+#endif
-   avcodec_close (codec_ctx);
--  av_free (codec_ctx);
-+  avcodec_free_context (&codec_ctx);
- }
- 
- 
-@@ -563,7 +610,12 @@
-       return;
-     }
- 
--  if (NULL == (frame = avcodec_alloc_frame ()))
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+  frame = av_frame_alloc ();
-+#else
-+  frame = avcodec_alloc_frame();
-+#endif
-+  if (NULL == frame)
-     {
- #if DEBUG
-       fprintf (stderr,
-@@ -616,7 +668,11 @@
-       fprintf (stderr,
- 	       "Failed to decode a complete frame\n");
- #endif
--      av_free (frame);
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+      av_frame_free (&frame);
-+#else
-+      avcodec_free_frame (&frame);
-+#endif
-       avcodec_close (codec_ctx);
-       avformat_close_input (&format_ctx);
-       av_free (io_ctx);
-@@ -643,7 +699,11 @@
- 		err);
-       av_free (encoded_thumbnail);
-     }
--  av_free (frame);
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+  av_frame_free (&frame);
-+#else
-+  avcodec_free_frame (&frame);
-+#endif
-   avcodec_close (codec_ctx);
-   avformat_close_input (&format_ctx);
-   av_free (io_ctx);
---- libextractor-1.3/src/plugins/previewopus_extractor.c.orig	2013-12-22 17:44:18.000000000 -0500
-+++ libextractor-1.3/src/plugins/previewopus_extractor.c	2016-04-04 23:39:41.377720710 -0400
-@@ -296,8 +296,13 @@
- /** Initialize one audio frame for reading from the input file */
- static int init_input_frame(AVFrame **frame)
- {
--    if (!(*frame = avcodec_alloc_frame())) {
-- #if DEBUG
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+    *frame = av_frame_alloc ();
-+#else
-+    *frame = avcodec_alloc_frame();
-+#endif
-+    if (NULL == *frame) {
-+#if DEBUG
-         fprintf(stderr, "Could not allocate input frame\n");
- #endif
-         return AVERROR(ENOMEM);
-@@ -655,7 +660,11 @@
-         av_freep(&converted_input_samples[0]);
-         free(converted_input_samples);
-     }
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+    av_frame_free (&input_frame);
-+#else
-     avcodec_free_frame(&input_frame);
-+#endif
- 
-     return ret;
- }
-@@ -671,10 +680,15 @@
-     int error;
- 
-     /** Create a new frame to store the audio samples. */
--    if (!(*frame = avcodec_alloc_frame())) {
--        #if DEBUG
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+    *frame = av_frame_alloc ();
-+#else
-+    *frame = avcodec_alloc_frame();
-+#endif
-+    if (NULL == *frame) {
-+#if DEBUG
- 		fprintf(stderr, "Could not allocate output frame\n");
--		#endif
-+#endif
-         return AVERROR_EXIT;
-     }
- 
-@@ -699,10 +713,14 @@
-      * sure that the audio frame can hold as many samples as specified.
-      */
-     if ((error = av_frame_get_buffer(*frame, 0)) < 0) {
--        #if DEBUG
-+#if DEBUG
- 		fprintf(stderr, "Could allocate output frame samples (error '%s')\n", get_error_text(error));
--		#endif
-+#endif
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+        av_frame_free (frame);
-+#else
-         avcodec_free_frame(frame);
-+#endif
-         return error;
-     }
- 
-@@ -780,20 +798,32 @@
-      * The samples are stored in the frame temporarily.
-      */
-     if (av_audio_fifo_read(fifo, (void **)output_frame->data, frame_size) < frame_size) {
--        #if DEBUG
-+#if DEBUG
- 		fprintf(stderr, "Could not read data from FIFO\n");
--		#endif
-+#endif
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+        av_frame_free (&output_frame);
-+#else
-         avcodec_free_frame(&output_frame);
-+#endif
-         return AVERROR_EXIT;
-     }
- 
-     /** Encode one frame worth of audio samples. */
-     if (encode_audio_frame(output_frame, output_format_context,
-                            output_codec_context, &data_written)) {
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+        av_frame_free (&output_frame);
-+#else
-         avcodec_free_frame(&output_frame);
-+#endif
-         return AVERROR_EXIT;
-     }
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+    av_frame_free (&output_frame);
-+#else
-     avcodec_free_frame(&output_frame);
-+#endif
-     return 0;
- }
- /** Write the trailer of the output file container. */
-@@ -907,7 +937,12 @@
-       return;
-     }
- 
--  if (NULL == (frame = avcodec_alloc_frame ()))
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+  frame = av_frame_alloc ();
-+#else
-+  frame = avcodec_alloc_frame();
-+#endif
-+  if (NULL == frame)
-     {
- #if DEBUG
-       fprintf (stderr,
diff --git a/gnu/packages/patches/libmwaw-CVE-2017-9433.patch b/gnu/packages/patches/libmwaw-CVE-2017-9433.patch
new file mode 100644
index 0000000000..502a11d2a8
--- /dev/null
+++ b/gnu/packages/patches/libmwaw-CVE-2017-9433.patch
@@ -0,0 +1,33 @@
+Fix CVE-2017-9433:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9433
+
+Patch copied from upstream source repository:
+
+https://sourceforge.net/p/libmwaw/libmwaw/ci/68b3b74569881248bfb6cbb4266177cc253b292f
+
+From 68b3b74569881248bfb6cbb4266177cc253b292f Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Sat, 8 Apr 2017 14:03:29 +0200
+Subject: [PATCH] ofz#1037 resize vector correctly
+
+---
+ src/lib/MsWrd1Parser.cxx | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lib/MsWrd1Parser.cxx b/src/lib/MsWrd1Parser.cxx
+index 63547e6..3626064 100644
+--- a/src/lib/MsWrd1Parser.cxx
++++ b/src/lib/MsWrd1Parser.cxx
+@@ -902,7 +902,7 @@ bool MsWrd1Parser::readFootnoteCorrespondance(MWAWVec2i limits)
+     int id = fIt++->second;
+     fPos[1] = fIt==footnoteMap.end() ? m_state->m_eot : fIt->first;
+     if (id >= int(m_state->m_footnotesList.size()))
+-      m_state->m_footnotesList.resize(size_t(id),MWAWVec2l(0,0));
++      m_state->m_footnotesList.resize(size_t(id)+1,MWAWVec2l(0,0));
+     m_state->m_footnotesList[size_t(id)]=fPos;
+   }
+   ascii().addDelimiter(input->tell(),'|');
+-- 
+2.13.1
+
diff --git a/gnu/packages/patches/nss-disable-long-b64-tests.patch b/gnu/packages/patches/nss-disable-long-b64-tests.patch
deleted file mode 100644
index 612d94128d..0000000000
--- a/gnu/packages/patches/nss-disable-long-b64-tests.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Disable long b64 tests, which consistently fail on armhf.
-This is based on an excerpt of the following upstream patch:
-
-  https://hg.mozilla.org/projects/nss/rev/00b2cc2b33c7
-
-(we exclude the part of the upstream patch that reverts
-an earlier failed attempt, and adapt the file names)
-
-diff --git a/gtests/util_gtest/util_b64_unittest.cc b/gtests/util_gtest/util_b64_unittest.cc
---- a/nss/gtests/util_gtest/util_b64_unittest.cc
-+++ b/nss/gtests/util_gtest/util_b64_unittest.cc
-@@ -63,17 +63,19 @@ TEST_F(B64EncodeDecodeTest, EncDecTest) 
- 
- TEST_F(B64EncodeDecodeTest, FakeDecTest) { EXPECT_TRUE(TestFakeDecode(100)); }
- 
- TEST_F(B64EncodeDecodeTest, FakeEncDecTest) {
-   EXPECT_TRUE(TestFakeEncode(100));
- }
- 
- // These takes a while ...
--TEST_F(B64EncodeDecodeTest, LongFakeDecTest1) {
-+TEST_F(B64EncodeDecodeTest, DISABLED_LongFakeDecTest1) {
-   EXPECT_TRUE(TestFakeDecode(0x66666666));
- }
--TEST_F(B64EncodeDecodeTest, LongFakeEncDecTest1) { TestFakeEncode(0x3fffffff); }
--TEST_F(B64EncodeDecodeTest, LongFakeEncDecTest2) {
-+TEST_F(B64EncodeDecodeTest, DISABLED_LongFakeEncDecTest1) {
-+  TestFakeEncode(0x3fffffff);
-+}
-+TEST_F(B64EncodeDecodeTest, DISABLED_LongFakeEncDecTest2) {
-   EXPECT_FALSE(TestFakeEncode(0x40000000));
- }
- 
- }  // namespace nss_test
diff --git a/gnu/packages/patches/nss-increase-test-timeout.patch b/gnu/packages/patches/nss-increase-test-timeout.patch
index 1e24940322..55117c02e9 100644
--- a/gnu/packages/patches/nss-increase-test-timeout.patch
+++ b/gnu/packages/patches/nss-increase-test-timeout.patch
@@ -1,4 +1,4 @@
-We've seen some tests take more than 20s to complete on a busy armhf
+We've seen some tests take up to 60s to complete on a busy armhf
 machine. Even a busy x86_64 machine can use more than 5s on some tests.
 
 Increase timeouts to increase chances of a successful build.
@@ -10,7 +10,7 @@ Increase timeouts to increase chances of a successful build.
    ASSERT_TRUE_WAIT((client_->state() != TlsAgent::STATE_CONNECTING) &&
                         (server_->state() != TlsAgent::STATE_CONNECTING),
 -                   5000);
-+                   25000);
++                   300000);
  }
  
  void TlsConnectTestBase::EnableExtendedMasterSecret() {
@@ -19,7 +19,7 @@ Increase timeouts to increase chances of a successful build.
      failing_agent = client_;
    }
 -  ASSERT_TRUE_WAIT(failing_agent->state() == TlsAgent::STATE_ERROR, 5000);
-+  ASSERT_TRUE_WAIT(failing_agent->state() == TlsAgent::STATE_ERROR, 25000);
++  ASSERT_TRUE_WAIT(failing_agent->state() == TlsAgent::STATE_ERROR, 300000);
  }
  
  void TlsConnectTestBase::ConfigureVersion(uint16_t version) {
diff --git a/gnu/packages/patches/osip-CVE-2017-7853.patch b/gnu/packages/patches/osip-CVE-2017-7853.patch
new file mode 100644
index 0000000000..33d95cdb0e
--- /dev/null
+++ b/gnu/packages/patches/osip-CVE-2017-7853.patch
@@ -0,0 +1,40 @@
+Fix CVE-2017-7853:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7853
+https://savannah.gnu.org/support/index.php?109265
+
+Patch copied from upstream source repository:
+
+https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45
+
+From 1ae06daf3b2375c34af23083394a6f010be24a45 Mon Sep 17 00:00:00 2001
+From: Aymeric Moizard <amoizard@gmail.com>
+Date: Tue, 21 Feb 2017 17:16:26 +0100
+Subject: [PATCH]  * fix bug report: sr #109265: SIP message body length
+ underflow in libosip2-4.1.0    https://savannah.gnu.org/support/?109265   
+ also applicable to current latest version
+
+---
+ src/osipparser2/osip_message_parse.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/osipparser2/osip_message_parse.c b/src/osipparser2/osip_message_parse.c
+index 1628c60..aa35446 100644
+--- a/src/osipparser2/osip_message_parse.c
++++ b/src/osipparser2/osip_message_parse.c
+@@ -784,6 +784,12 @@ msg_osip_body_parse (osip_message_t * sip, const char *start_of_buf, const char
+     if ('\n' == start_of_body[0] || '\r' == start_of_body[0])
+       start_of_body++;
+ 
++    /* if message body is empty or contains a single CR/LF */
++    if (end_of_body <= start_of_body) {
++      osip_free (sep_boundary);
++      return OSIP_SYNTAXERROR;
++    }
++
+     body_len = end_of_body - start_of_body;
+ 
+     /* Skip CR before end boundary. */
+-- 
+2.13.1
+
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5974.patch b/gnu/packages/patches/zziplib-CVE-2017-5974.patch
new file mode 100644
index 0000000000..9ae02103e7
--- /dev/null
+++ b/gnu/packages/patches/zziplib-CVE-2017-5974.patch
@@ -0,0 +1,28 @@
+Fix CVE-2017-5974:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5974
+
+Patch copied from Debian.
+
+Index: zziplib-0.13.62/zzip/memdisk.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/memdisk.c
++++ zziplib-0.13.62/zzip/memdisk.c
+@@ -216,12 +216,12 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+         /* override sizes/offsets with zip64 values for largefile support */
+         zzip_extra_zip64 *block = (zzip_extra_zip64 *)
+             zzip_mem_entry_extra_block(item, ZZIP_EXTRA_zip64);
+-        if (block)
++        if (block && ZZIP_GET16(block->z_datasize) >= (8 + 8 + 8 + 4))
+         {
+-            item->zz_usize = __zzip_get64(block->z_usize);
+-            item->zz_csize = __zzip_get64(block->z_csize);
+-            item->zz_offset = __zzip_get64(block->z_offset);
+-            item->zz_diskstart = __zzip_get32(block->z_diskstart);
++            item->zz_usize = ZZIP_GET64(block->z_usize);
++            item->zz_csize = ZZIP_GET64(block->z_csize);
++            item->zz_offset = ZZIP_GET64(block->z_offset);
++            item->zz_diskstart = ZZIP_GET32(block->z_diskstart);
+         }
+     }
+     /* NOTE:
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5975.patch b/gnu/packages/patches/zziplib-CVE-2017-5975.patch
new file mode 100644
index 0000000000..fad174b056
--- /dev/null
+++ b/gnu/packages/patches/zziplib-CVE-2017-5975.patch
@@ -0,0 +1,32 @@
+Fix CVE-2017-5975:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5975
+
+Patch copied from Debian.
+
+Index: zziplib-0.13.62/zzip/memdisk.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/memdisk.c
++++ zziplib-0.13.62/zzip/memdisk.c
+@@ -173,6 +173,8 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+         return 0;               /* errno=ENOMEM; */
+     ___ struct zzip_file_header *header =
+         zzip_disk_entry_to_file_header(disk, entry);
++    if (!header)
++	{ free(item); return 0; }
+     /*  there is a number of duplicated information in the file header
+      *  or the disk entry block. Theoretically some part may be missing
+      *  that exists in the other, ... but we will prefer the disk entry.
+Index: zziplib-0.13.62/zzip/mmapped.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/mmapped.c
++++ zziplib-0.13.62/zzip/mmapped.c
+@@ -289,6 +289,8 @@ zzip_disk_entry_to_file_header(ZZIP_DISK
+         (disk->buffer + zzip_disk_entry_fileoffset(entry));
+     if (disk->buffer > file_header || file_header >= disk->endbuf)
+         return 0;
++    if (ZZIP_GET32(file_header) != ZZIP_FILE_HEADER_MAGIC)
++        return 0;
+     return (struct zzip_file_header *) file_header;
+ }
+ 
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5976.patch b/gnu/packages/patches/zziplib-CVE-2017-5976.patch
new file mode 100644
index 0000000000..17fc30e302
--- /dev/null
+++ b/gnu/packages/patches/zziplib-CVE-2017-5976.patch
@@ -0,0 +1,61 @@
+Fix CVE-2017-5976:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5976
+
+Patch copied from Debian.
+
+Index: zziplib-0.13.62/zzip/memdisk.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/memdisk.c
++++ zziplib-0.13.62/zzip/memdisk.c
+@@ -201,6 +201,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+         {
+             void *mem = malloc(ext1 + 2);
+             item->zz_ext[1] = mem;
++	    item->zz_extlen[1] = ext1 + 2;
+             memcpy(mem, ptr1, ext1);
+             ((char *) (mem))[ext1 + 0] = 0;
+             ((char *) (mem))[ext1 + 1] = 0;
+@@ -209,6 +210,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+         {
+             void *mem = malloc(ext2 + 2);
+             item->zz_ext[2] = mem;
++	    item->zz_extlen[2] = ext2 + 2;
+             memcpy(mem, ptr2, ext2);
+             ((char *) (mem))[ext2 + 0] = 0;
+             ((char *) (mem))[ext2 + 1] = 0;
+@@ -245,8 +247,10 @@ zzip_mem_entry_extra_block(ZZIP_MEM_ENTR
+     while (1)
+     {
+         ZZIP_EXTRA_BLOCK *ext = entry->zz_ext[i];
+-        if (ext)
++        if (ext && (entry->zz_extlen[i] >= zzip_extra_block_headerlength))
+         {
++	    char *endblock = (char *)ext + entry->zz_extlen[i];
++
+             while (*(short *) (ext->z_datatype))
+             {
+                 if (datatype == zzip_extra_block_get_datatype(ext))
+@@ -257,6 +261,10 @@ zzip_mem_entry_extra_block(ZZIP_MEM_ENTR
+                 e += zzip_extra_block_headerlength;
+                 e += zzip_extra_block_get_datasize(ext);
+                 ext = (void *) e;
++		if (e >= endblock)
++		{
++		    break;
++		}
+                 ____;
+             }
+         }
+Index: zziplib-0.13.62/zzip/memdisk.h
+===================================================================
+--- zziplib-0.13.62.orig/zzip/memdisk.h
++++ zziplib-0.13.62/zzip/memdisk.h
+@@ -66,6 +66,7 @@ struct _zzip_mem_entry {
+     int              zz_filetype;  /* (from "z_filetype") */
+     char*            zz_comment;   /* zero-terminated (from "comment") */
+     ZZIP_EXTRA_BLOCK* zz_ext[3];   /* terminated by null in z_datatype */
++    int              zz_extlen[3]; /* length of zz_ext[i] in bytes */
+ };                                 /* the extra blocks are NOT converted */
+ 
+ #define _zzip_mem_disk_findfirst(_d_) ((_d_)->list)
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5978.patch b/gnu/packages/patches/zziplib-CVE-2017-5978.patch
new file mode 100644
index 0000000000..452b14f804
--- /dev/null
+++ b/gnu/packages/patches/zziplib-CVE-2017-5978.patch
@@ -0,0 +1,37 @@
+Fix CVE-2017-5978:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5978
+
+Patch copied from Debian.
+
+Index: zziplib-0.13.62/zzip/memdisk.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/memdisk.c
++++ zziplib-0.13.62/zzip/memdisk.c
+@@ -180,7 +180,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+      *  that exists in the other, ... but we will prefer the disk entry.
+      */
+     item->zz_comment = zzip_disk_entry_strdup_comment(disk, entry);
+-    item->zz_name = zzip_disk_entry_strdup_name(disk, entry);
++    item->zz_name = zzip_disk_entry_strdup_name(disk, entry) ?: strdup("");
+     item->zz_data = zzip_file_header_to_data(header);
+     item->zz_flags = zzip_disk_entry_get_flags(entry);
+     item->zz_compr = zzip_disk_entry_get_compr(entry);
+@@ -197,7 +197,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+         int /*            */ ext2 = zzip_file_header_get_extras(header);
+         char *_zzip_restrict ptr2 = zzip_file_header_to_extras(header);
+ 
+-        if (ext1)
++        if (ext1 && ((ptr1 + ext1) < disk->endbuf))
+         {
+             void *mem = malloc(ext1 + 2);
+             item->zz_ext[1] = mem;
+@@ -206,7 +206,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+             ((char *) (mem))[ext1 + 0] = 0;
+             ((char *) (mem))[ext1 + 1] = 0;
+         }
+-        if (ext2)
++        if (ext2 && ((ptr2 + ext2) < disk->endbuf))
+         {
+             void *mem = malloc(ext2 + 2);
+             item->zz_ext[2] = mem;
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5979.patch b/gnu/packages/patches/zziplib-CVE-2017-5979.patch
new file mode 100644
index 0000000000..b38f50b172
--- /dev/null
+++ b/gnu/packages/patches/zziplib-CVE-2017-5979.patch
@@ -0,0 +1,19 @@
+Fix CVE-2017-5979:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5979
+
+Patch copied from Debian.
+
+Index: zziplib-0.13.62/zzip/fseeko.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/fseeko.c
++++ zziplib-0.13.62/zzip/fseeko.c
+@@ -255,7 +255,7 @@ zzip_entry_findfirst(FILE * disk)
+         return 0;
+     /* we read out chunks of 8 KiB in the hope to match disk granularity */
+     ___ zzip_off_t pagesize = PAGESIZE; /* getpagesize() */
+-    ___ ZZIP_ENTRY *entry = malloc(sizeof(*entry));
++    ___ ZZIP_ENTRY *entry = calloc(1, sizeof(*entry));
+     if (! entry)
+         return 0;
+     ___ unsigned char *buffer = malloc(pagesize);
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5981.patch b/gnu/packages/patches/zziplib-CVE-2017-5981.patch
new file mode 100644
index 0000000000..ed82cb3b91
--- /dev/null
+++ b/gnu/packages/patches/zziplib-CVE-2017-5981.patch
@@ -0,0 +1,19 @@
+Fix CVE-2017-5981:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5981
+
+Patch copied from Debian.
+Index: zziplib-0.13.62/zzip/fseeko.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/fseeko.c
++++ zziplib-0.13.62/zzip/fseeko.c
+@@ -311,7 +311,8 @@ zzip_entry_findfirst(FILE * disk)
+             } else
+                 continue;
+ 
+-            assert(0 <= root && root < mapsize);
++	    if (root < 0 || root >= mapsize)
++	        goto error;
+             if (fseeko(disk, root, SEEK_SET) == -1)
+                 goto error;
+             if (fread(disk_(entry), 1, sizeof(*disk_(entry)), disk)
diff --git a/gnu/packages/photo.scm b/gnu/packages/photo.scm
index b68aea9d7b..92513822ce 100644
--- a/gnu/packages/photo.scm
+++ b/gnu/packages/photo.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2014, 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Roel Janssen <roel@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -54,7 +54,9 @@
   #:use-module (gnu packages tex)
   #:use-module (gnu packages web)
   #:use-module (gnu packages xfig)
-  #:use-module (gnu packages xml))
+  #:use-module (gnu packages xml)
+  #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-26))
 
 (define-public libraw
   (package
@@ -285,7 +287,14 @@ scene to produce an image that looks much like a tone-mapped image.")
                (base32
                 "0cfk8jjhs9nbfjfdy98plrj9ayi59aph0nx6ppslgjhlcvacm2xf"))))
     (build-system cmake-build-system)
-    (arguments `(#:tests? #f)) ; There are no tests to run.
+    (arguments
+     `(,@(if (any (cute string-prefix? <> (or (%current-system)
+                                              (%current-target-system)))
+                  '("x86_64" "i686"))
+        ;; SSE and SSE2 are supported only on Intel processors.
+        '()
+        '(#:configure-flags '("-DBUILD_FOR_SSE=OFF" "-DBUILD_FOR_SSE2=OFF")))
+       #:tests? #f)) ; There are no tests to run.
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (inputs
@@ -310,7 +319,7 @@ photographic equipment.")
 (define-public darktable
   (package
     (name "darktable")
-    (version "2.2.4")
+    (version "2.2.5")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -319,7 +328,7 @@ photographic equipment.")
                     version "/darktable-" version ".tar.xz"))
               (sha256
                (base32
-                "1n7rddkxwcifc3kcdlnar9w562xv4h78fqkkn27jihqzp3b4am5x"))))
+                "10gjzd4irxhladh4jyss9kgp627k8vgx2divipsb33pp6cms80z3"))))
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f ; There are no tests.
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index a9091ff707..1373e4bb75 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -98,6 +98,7 @@
   #:use-module (gnu packages readline)
   #:use-module (gnu packages sdl)
   #:use-module (gnu packages shells)
+  #:use-module (gnu packages ssh)
   #:use-module (gnu packages statistics)
   #:use-module (gnu packages tex)
   #:use-module (gnu packages texinfo)
@@ -3134,16 +3135,14 @@ sources.")
 (define-public python-sphinx-rtd-theme
   (package
     (name "python-sphinx-rtd-theme")
-    (version "0.1.6")
+    (version "0.2.4")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "https://pypi.python.org/packages/source/s/"
-                           "sphinx_rtd_theme/sphinx_rtd_theme-"
-                           version ".tar.gz"))
+       (uri (pypi-uri "sphinx_rtd_theme" version))
        (sha256
         (base32
-         "19nw3rn7awplcdrz63kg1njqwkbymfg9lwn7l2grhdyhyr2gaa8g"))))
+         "05rlhjzdyapr2w74jjs7mrm8hi69qskcr5vya9f9drpsys7lpxrd"))))
     (build-system python-build-system)
     (arguments '(#:tests? #f)) ; No tests.
     (propagated-inputs
@@ -13132,6 +13131,9 @@ asynchronous messaging environments.")
 @command{nosetests} command of the Python Nose unit test framework.")
     (license license:bsd-3)))
 
+(define-public python2-rednose
+  (package-with-python2 python-rednose))
+
 (define-public python-flask-restplus
   (package
     (name "python-flask-restplus")
@@ -15319,3 +15321,61 @@ validating Swagger API specifications.")
 
 (define-public python2-swagger-spec-validator
   (package-with-python2 python-swagger-spec-validator))
+
+(define-public python-apache-libcloud
+  (package
+    (name "python-apache-libcloud")
+    (version "2.0.0")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (pypi-uri "apache-libcloud" version))
+        (sha256
+          (base32
+            "1a71z02ckcxld72k4qgmdnkjan52c4wczncs3p2mp5yafh7dsan7"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-ssh
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "libcloud/compute/ssh.py"
+               (("'ssh'") (string-append "'" (assoc-ref inputs "openssh")
+                                         "/bin/ssh" "'")))
+             #t))
+         (add-after 'unpack 'patch-tests
+           (lambda _
+             (substitute* "./libcloud/test/test_file_fixtures.py"
+               ;; See <https://issues.apache.org/jira/browse/LIBCLOUD-923>.
+               (("def _ascii") "def _raw_data(self, method, url, body, headers):
+        return (httplib.OK,
+                \"1234abcd\",
+                {\"test\": \"value\"},
+                httplib.responses[httplib.OK])
+    def _ascii"))
+             (substitute* "libcloud/test/compute/test_ssh_client.py"
+               (("class ShellOutSSHClientTests")
+                "@unittest.skip(\"Guix container doesn't have ssh service\")
+class ShellOutSSHClientTests")
+               ;; See <https://issues.apache.org/jira/browse/LIBCLOUD-924>.
+               (("'.xf0.x90.x8d.x88'") "b'\\xF0\\x90\\x8D\\x88'")
+               (("'.xF0', '.x90', '.x8D', '.x88'")
+                "b'\\xF0', b'\\x90', b'\\x8D', b'\\x88'"))
+             #t)))))
+    (inputs
+     `(("openssh" ,openssh)))
+    (propagated-inputs
+     `(("python-paramiko" ,python-paramiko)
+       ("python-requests" ,python-requests)))
+    (native-inputs
+     `(("python-lockfile" ,python-lockfile)
+       ("python-mock" ,python-mock)
+       ("python-requests-mock" ,python-requests-mock)))
+    (home-page "https://libcloud.apache.org/")
+    (synopsis "Unified Cloud API")
+    (description "@code{libcloud} is a Python library for interacting with
+many of the popular cloud service providers using a unified API.")
+    (license license:asl2.0)))
+
+(define-public python2-apache-libcloud
+  (package-with-python2 python-apache-libcloud))
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 6691095e55..7680f4eae0 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -466,13 +466,13 @@ specified in a \"Gemfile\", as well as their dependencies.")
 (define-public ruby-builder
   (package
     (name "ruby-builder")
-    (version "3.2.2")
+    (version "3.2.3")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "builder" version))
               (sha256
                (base32
-                "14fii7ab8qszrvsvhz6z2z3i4dw0h41a62fjr2h1j8m41vbrmyv2"))))
+                "0qibi5s67lpdv1wgcj66wcymcr04q6j4mzws6a479n0mlrmh5wr1"))))
     (build-system ruby-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm
index 81c899f841..729ae646b2 100644
--- a/gnu/packages/selinux.scm
+++ b/gnu/packages/selinux.scm
@@ -157,11 +157,13 @@ module into a binary representation.")
            (add-after 'install 'install-pywrap
              (lambda* (#:key make-flags #:allow-other-keys)
                (zero? (apply system* "make" "install-pywrap" make-flags))))))))
-    (inputs
+    ;; These libraries are in "Requires.private" in libselinux.pc.
+    (propagated-inputs
      `(("libsepol" ,libsepol)
-       ("pcre" ,pcre)
-       ;; For pywrap phase
-       ("python" ,python-wrapper)))
+       ("pcre" ,pcre)))
+    ;; For pywrap phase
+    (inputs
+     `(("python" ,python-wrapper)))
     ;; These inputs are only needed for the pywrap phase.
     (native-inputs
      `(("swig" ,swig)
diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm
index 41d1758250..6b9125e77f 100644
--- a/gnu/packages/shells.scm
+++ b/gnu/packages/shells.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 Stefan Reichör <stefan@xsteve.at>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2017 ng0 <ng0@no-reply.pragmatique.xyz>
+;;; Copyright © 2017 ng0 <ng0@no-reply.infotropique.org>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -99,14 +99,14 @@ direct descendant of NetBSD's Almquist Shell (@command{ash}).")
 (define-public fish
   (package
     (name "fish")
-    (version "2.5.0")
+    (version "2.6.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://fishshell.com/files/"
                                   version "/fish-" version ".tar.gz"))
               (sha256
                (base32
-                "19djav128nkhjxgfhwhc32i5y9d9c3karbh5yg67kqrdranyvh7q"))
+                "1yzx73kg5ng5ivhi68756sl5hpb8869110l9fwim6gn7f7bbprby"))
               (modules '((guix build utils)))
               ;; Don't try to install /etc/fish/config.fish.
               (snippet
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index d79663a2b5..d03686c11c 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -229,7 +229,8 @@ Additionally, various channel-specific options can be negotiated.")
                (base32
                 "0r261i8kc3avbmbwgyzak2vnqwssjlgz37g2y2fwm80w9bmn2m7j"))
               (patches (search-patches "guile-ssh-rexec-bug.patch"
-                                       "guile-ssh-double-free.patch"))
+                                       "guile-ssh-double-free.patch"
+                                       "guile-ssh-channel-finalization.patch"))
               (modules '((guix build utils)))
               (snippet
                ;; 'configure.ac' mistakenly tries to link files from examples/
diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm
index ae44bfb01f..91b91beae1 100644
--- a/gnu/packages/statistics.scm
+++ b/gnu/packages/statistics.scm
@@ -2294,13 +2294,13 @@ informative error messages when it's not available.")
 (define-public r-devtools
   (package
     (name "r-devtools")
-    (version "1.12.0")
+    (version "1.13.2")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "devtools" version))
               (sha256
                (base32
-                "16l18szmj482vf3dvl2fqwwa4zaqylmic1pk7dwh428cp0d86mzi"))))
+                "08ajsr12wd31lsx3jv5l9mq4063dc5fpr9lcnzra6kl59vi5pa7v"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-curl" ,r-curl)
diff --git a/gnu/packages/telephony.scm b/gnu/packages/telephony.scm
index 45701bf445..c3bf203602 100644
--- a/gnu/packages/telephony.scm
+++ b/gnu/packages/telephony.scm
@@ -120,12 +120,14 @@ packet-manipulation library.")
 (define-public osip
   (package
    (name "osip")
-   (version "4.1.0")
+   (version "5.0.0")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/osip/libosip2-" version ".tar.gz"))
-            (sha256 (base32
-                     "014503kqv7z63az6lgxr5fbajlrqylm5c4kgbf8p3a0n6cva0slr"))))
+            (patches (search-patches "osip-CVE-2017-7853.patch"))
+            (sha256
+             (base32
+              "00yznbrm9q04wgd4b831km8iwlvwvsnwv87igf79g5vj9yakr88q"))))
    (build-system gnu-build-system)
 
    (synopsis "Library implementing SIP (RFC-3261)")
diff --git a/gnu/packages/tex.scm b/gnu/packages/tex.scm
index 7839e16b27..71aa5c7f3a 100644
--- a/gnu/packages/tex.scm
+++ b/gnu/packages/tex.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Federico Beffa <beffa@fbengineering.ch>
 ;;; Copyright © 2016 Thomas Danckaert <post@thomasdanckaert.be>
-;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -30,8 +30,10 @@
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system perl)
   #:use-module (guix build-system trivial)
+  #:use-module (guix build-system texlive)
   #:use-module (guix utils)
   #:use-module (guix git-download)
+  #:use-module (guix svn-download)
   #:use-module (gnu packages)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages bash)
@@ -59,7 +61,8 @@
   #:use-module (gnu packages zip)
   #:autoload   (gnu packages texinfo) (texinfo)
   #:use-module (ice-9 ftw)
-  #:use-module (srfi srfi-1))
+  #:use-module (ice-9 match)
+  #:use-module ((srfi srfi-1) #:hide (zip)))
 
 (define texlive-extra-src
   (origin
@@ -77,7 +80,7 @@
     (sha256 (base32
               "1dv8vgfzpczqw82hv9g7a8djhhyzywljmrarlcyy6g2qi5q51glr"))))
 
-(define texlive-bin
+(define-public texlive-bin
   (package
    (name "texlive-bin")
    (version "2016")
@@ -179,6 +182,1271 @@ This package contains the binaries.")
    (license (license:fsf-free "https://www.tug.org/texlive/copying.html"))
    (home-page "https://www.tug.org/texlive/")))
 
+(define-public texlive-dvips
+  (package
+    (name "texlive-dvips")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/dvips"))
+                    (revision %texlive-revision)))
+              (sha256
+               (base32
+                "1k11yvz4q95bxyxczwvd4r177h6a2gg03xmf51kmgjgz8an2gq2w"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((target (string-append (assoc-ref %outputs "out")
+                                      "/share/texmf-dist/dvips")))
+           (mkdir-p target)
+           (copy-recursively (assoc-ref %build-inputs "source") target)
+           #t))))
+    (home-page "http://www.ctan.org/pkg/dvips")
+    (synopsis "DVI to PostScript drivers")
+    (description "This package provides files needed for converting DVI files
+to PostScript.")
+    ;; Various free software licenses apply to individual files.
+    (license (list license:lppl1.3c+
+                   license:expat
+                   license:lgpl3+))))
+
+(define-public texlive-generic-unicode-data
+  (package
+    (name "texlive-generic-unicode-data")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/tex/generic/unicode-data"))
+                    (revision %texlive-revision)))
+              (sha256
+               (base32
+                "0ivrhp6jz31pl4z841g4ws41lmvdiwz4sslmhf02inlib79gz6r2"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((target (string-append (assoc-ref %outputs "out")
+                                      "/share/texmf-dist/tex/generic/unicode-data")))
+             (mkdir-p target)
+             (copy-recursively (assoc-ref %build-inputs "source") target)
+             #t))))
+    (home-page "http://www.ctan.org/pkg/unicode-data")
+    (synopsis "Unicode data and loaders for TeX")
+    (description "This bundle provides generic access to Unicode Consortium
+data for TeX use.  It contains a set of text files provided by the Unicode
+Consortium which are currently all from Unicode 8.0.0, with the exception of
+@code{MathClass.txt} which is not currently part of the Unicode Character
+Database.  Accompanying these source data are generic TeX loader files
+allowing this data to be used as part of TeX runs, in particular in building
+format files.  Currently there are two loader files: one for general character
+set up and one for initializing XeTeX character classes as has been carried
+out to date by @code{unicode-letters.tex}. ")
+    (license license:lppl1.3c+)))
+
+(define-public texlive-generic-dehyph-exptl
+  (package
+    (name "texlive-generic-dehyph-exptl")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/tex/generic/dehyph-exptl"))
+                    (revision %texlive-revision)))
+              (sha256
+               (base32
+                "1l9wgv99qq0ysvlxqpj4g8bl0dywbzra4g8m2kmpg2fb0i0hczap"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((target (string-append (assoc-ref %outputs "out")
+                                      "/share/texmf-dist/tex/generic/dehyph-exptl")))
+           (mkdir-p target)
+           (copy-recursively (assoc-ref %build-inputs "source") target)
+           #t))))
+    (home-page "http://projekte.dante.de/Trennmuster/WebHome")
+    (synopsis "Hyphenation patterns for German")
+    (description "The package provides experimental hyphenation patterns for
+the German language, covering both traditional and reformed orthography.  The
+patterns can be used with packages Babel and hyphsubst from the Oberdiek
+bundle.")
+    ;; Hyphenation patterns are under the Expat license; documentation is
+    ;; under LPPL.
+    (license (list license:expat license:lppl))))
+
+(define-public texlive-generic-tex-ini-files
+  (package
+    (name "texlive-generic-tex-ini-files")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/tex/generic/tex-ini-files"))
+                    (revision %texlive-revision)))
+              (sha256
+               (base32
+                "1wh42n1lmzcvi3g6mm31nm3yd5ha5bl260xqc444jg1m9fdp3wz5"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((target (string-append (assoc-ref %outputs "out")
+                                      "/share/texmf-dist/tex/generic/tex-ini-files")))
+           (mkdir-p target)
+           (copy-recursively (assoc-ref %build-inputs "source") target)
+           #t))))
+    (home-page "http://ctan.org/pkg/tex-ini-files")
+    (synopsis "Files for creating TeX formats")
+    (description "This bundle provides a collection of model \".ini\" files
+for creating TeX formats.  These files are commonly used to introduced
+distribution-dependent variations in formats.  They are also used to
+allow existing format source files to be used with newer engines, for example
+to adapt the plain e-TeX source file to work with XeTeX and LuaTeX.")
+    (license license:public-domain)))
+
+(define-public texlive-generic-hyph-utf8
+  (package
+    (name "texlive-generic-hyph-utf8")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/tex/generic/hyph-utf8"))
+                    (revision %texlive-revision)))
+              (sha256
+               (base32
+                "0ghizcz7ps16dzfqf66wwg5i181assc6qsm0g7g5dbmp909931vi"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((target (string-append (assoc-ref %outputs "out")
+                                      "/share/texmf-dist/tex/generic/hyph-utf8")))
+           (mkdir-p target)
+           (copy-recursively (assoc-ref %build-inputs "source") target)
+           #t))))
+    (home-page "http://ctan.org/pkg/hyph-utf8")
+    (synopsis "Hyphenation patterns expressed in UTF-8")
+    (description "Modern native UTF-8 engines such as XeTeX and LuaTeX need
+hyphenation patterns in UTF-8 format, whereas older systems require
+hyphenation patterns in the 8-bit encoding of the font in use (such encodings
+are codified in the LaTeX scheme with names like OT1, T2A, TS1, OML, LY1,
+etc).  The present package offers a collection of conversions of existing
+patterns to UTF-8 format, together with converters for use with 8-bit fonts in
+older systems.  Since hyphenation patterns for Knuthian-style TeX systems are
+only read at iniTeX time, it is hoped that the UTF-8 patterns, with their
+converters, will completely supplant the older patterns.")
+    ;; Individual files each have their own license.  Most of these files are
+    ;; independent hyphenation patterns.
+    (license (list license:lppl1.0+
+                   license:lppl1.2+
+                   license:lppl1.3
+                   license:lppl1.3+
+                   license:lppl1.3a+
+                   license:lgpl2.1
+                   license:lgpl2.1+
+                   license:lgpl3+
+                   license:gpl2+
+                   license:gpl3+
+                   license:mpl1.1
+                   license:asl2.0
+                   license:expat
+                   license:bsd-3
+                   license:cc0
+                   license:public-domain
+                   license:wtfpl2))))
+
+(define-public texlive-metafont-base
+  (package
+    (name "texlive-metafont-base")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/metafont"))
+                    (revision %texlive-revision)))
+              (sha256
+               (base32
+                "1yl4n8cn5xqk2nc22zgzq6ymd7bhm6xx1mz3azip7i3ki4bhb5q5"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; no test target
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (replace 'build
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let ((cwd (getcwd)))
+               (setenv "MFINPUTS"
+                       (string-append cwd "/base:"
+                                      cwd "/misc:"
+                                      cwd "/roex:"
+                                      cwd "/feynmf:"
+                                      cwd "/mfpic:"
+                                      cwd "/config")))
+             (mkdir "build")
+             (with-directory-excursion "build"
+               (zero? (system* "inimf" "mf.mf")))))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out  (assoc-ref outputs "out"))
+                    (base (string-append out "/share/texmf-dist/web2c"))
+                    (mf   (string-append out "/share/texmf-dist/metafont/base")))
+               (mkdir-p base)
+               (mkdir-p mf)
+               (install-file "build/mf.base" base)
+               (copy-recursively "base" mf)
+               #t))))))
+    (native-inputs
+     `(("texlive-bin" ,texlive-bin)))
+    (home-page "http://www.ctan.org/pkg/metafont")
+    (synopsis "Metafont base files")
+    (description "This package provides the Metafont base files needed to
+build fonts using the Metafont system.")
+    (license license:knuth)))
+
+(define-public texlive-fonts-cm
+  (package
+    (name "texlive-fonts-cm")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/fonts/source/public/cm"))
+                    (revision %texlive-revision)))
+              (sha256
+               (base32
+                "045k5b9rdmbxpy1a3006l1x96z1rd18vg3cwrvnld9bqybw5qz44"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (srfi srfi-1)
+                  (srfi srfi-26))
+       #:tests? #f ; no tests
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (replace 'build
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let ((mf (assoc-ref inputs "texlive-metafont-base")))
+               ;; Tell mf where to find mf.base
+               (setenv "MFBASES" (string-append mf "/share/texmf-dist/web2c"))
+               ;; Tell mf where to look for source files
+               (setenv "MFINPUTS"
+                       (string-append (getcwd) ":"
+                                      mf "/share/texmf-dist/metafont/base")))
+             (mkdir "build")
+             (every (lambda (font)
+                      (format #t "building font ~a\n" font)
+                      (zero? (system* "mf" "-progname=mf"
+                                      "-output-directory=build"
+                                      (string-append "\\"
+                                                     "mode:=ljfour; "
+                                                     "mag:=1; "
+                                                     "batchmode; "
+                                                     "input "
+                                                     (basename font ".mf")))))
+                    (find-files "." "cm(.*[0-9]+.*|inch)\\.mf$"))))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (tfm (string-append
+                          out "/share/texmf-dist/fonts/tfm/public/cm"))
+                    (mf  (string-append
+                          out "/share/texmf-dist/fonts/source/public/cm")))
+               (for-each (cut install-file <> tfm)
+                         (find-files "build" "\\.*"))
+               (for-each (cut install-file <> mf)
+                         (find-files "." "\\.mf"))
+               #t))))))
+    (native-inputs
+     `(("texlive-bin" ,texlive-bin)
+       ("texlive-metafont-base" ,texlive-metafont-base)))
+    (home-page "http://www.ctan.org/pkg/cm")
+    (synopsis "Computer Modern fonts for TeX")
+    (description "This package provides the Computer Modern fonts by Donald
+Knuth.  The Computer Modern font family is a large collection of text,
+display, and mathematical fonts in a range of styles, based on Monotype Modern
+8A.")
+    (license license:knuth)))
+
+(define-public texlive-fonts-knuth-lib
+  (package
+    (name "texlive-fonts-knuth-lib")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/fonts/source/public/knuth-lib"))
+                    (revision %texlive-revision)))
+              (sha256
+               (base32
+                "0in9aqyi8jkyf9d16z0li50z5fpwj1iwgwm83gmvwqcf7chfs04y"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (srfi srfi-26))
+       #:tests? #f ; no tests
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (replace 'build
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let ((mf (assoc-ref inputs "texlive-metafont-base")))
+               ;; Tell mf where to find mf.base
+               (setenv "MFBASES"
+                       (string-append mf "/share/texmf-dist/web2c"))
+               ;; Tell mf where to look for source files
+               (setenv "MFINPUTS"
+                       (string-append (getcwd) ":"
+                                      mf "/share/texmf-dist/metafont/base")))
+             (mkdir "build")
+             (zero? (system* "mf" "-progname=mf"
+                             "-output-directory=build"
+                             (string-append "\\"
+                                            "mode:=ljfour; "
+                                            "mag:=1; "
+                                            "batchmode; "
+                                            "input manfnt")))))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (tfm (string-append
+                          out "/share/texmf-dist/fonts/tfm/public/knuth-lib"))
+                    (mf  (string-append
+                          out "/share/texmf-dist/fonts/source/public/knuth-lib")))
+               (for-each (cut install-file <> tfm)
+                         (find-files "build" "\\.*"))
+               (for-each (cut install-file <> mf)
+                         (find-files "." "\\.mf"))
+               #t))))))
+    (native-inputs
+     `(("texlive-bin" ,texlive-bin)
+       ("texlive-metafont-base" ,texlive-metafont-base)))
+    (home-page "https://www.ctan.org/pkg/knuth-lib")
+    (synopsis "Small library of METAFONT sources")
+    (description "This is a collection of core TeX and METAFONT macro files
+from Donald Knuth, including the plain format, plain base, and the MF logo
+fonts.")
+    (license license:knuth)))
+
+(define-public texlive-fonts-latex
+  (package
+    (name "texlive-fonts-latex")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/fonts/source/public/latex-fonts"))
+                    (revision %texlive-revision)))
+              (sha256
+               (base32
+                "0ypsm4xv9cw0jckk2qc7gi9hcmhf31mrg56pz3llyx3yd9vq2lps"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (srfi srfi-1)
+                  (srfi srfi-26))
+       #:tests? #f                      ; no tests
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (replace 'build
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let ((mf (assoc-ref inputs "texlive-metafont-base")))
+               ;; Tell mf where to find mf.base
+               (setenv "MFBASES" (string-append mf "/share/texmf-dist/web2c"))
+               ;; Tell mf where to look for source files
+               (setenv "MFINPUTS"
+                       (string-append (getcwd) ":"
+                                      mf "/share/texmf-dist/metafont/base:"
+                                      (assoc-ref inputs "texlive-fonts-cm")
+                                      "/share/texmf-dist/fonts/source/public/cm")))
+             (mkdir "build")
+             (every (lambda (font)
+                      (format #t "building font ~a\n" font)
+                      (zero? (system* "mf" "-progname=mf"
+                                      "-output-directory=build"
+                                      (string-append "\\"
+                                                     "mode:=ljfour; "
+                                                     "mag:=1; "
+                                                     "batchmode; "
+                                                     "input " font))))
+                    '("icmcsc10" "icmex10" "icmmi8" "icmsy8" "icmtt8"
+                      "ilasy8" "ilcmss8" "ilcmssb8" "ilcmssi8"
+                      "lasy5" "lasy6" "lasy7" "lasy8" "lasy9" "lasy10" "lasyb10"
+                      "lcircle10" "lcirclew10" "lcmss8" "lcmssb8" "lcmssi8"
+                      "line10" "linew10"))))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (tfm (string-append
+                          out "/share/texmf-dist/fonts/tfm/public/latex-fonts"))
+                    (mf  (string-append
+                          out "/share/texmf-dist/fonts/source/public/latex-fonts")))
+               (for-each (cut install-file <> tfm)
+                         (find-files "build" "\\.*"))
+               (for-each (cut install-file <> mf)
+                         (find-files "." "\\.mf"))
+               #t))))))
+    (native-inputs
+     `(("texlive-bin" ,texlive-bin)
+       ("texlive-metafont-base" ,texlive-metafont-base)
+       ("texlive-fonts-cm" ,texlive-fonts-cm)))
+    (home-page "http://www.ctan.org/pkg/latex-fonts")
+    (synopsis "Collection of fonts used in LaTeX distributions")
+    (description "This is a collection of fonts for use with standard LaTeX
+packages and classes. It includes invisible fonts (for use with the slides
+class), line and circle fonts (for use in the picture environment) and LaTeX
+symbol fonts.")
+    (license license:lppl1.2+)))
+
+;; This provides etex.src which is needed to build various formats, including
+;; luatex.fmt and pdflatex.fmt
+(define-public texlive-tex-plain
+  (package
+    (name "texlive-tex-plain")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/tex/plain"))
+                    (revision %texlive-revision)))
+              (sha256
+               (base32
+                "1ifmbyl3ir8k0v1g25xjb5rcyy5vhj8a3fa2088nczga09hna5vn"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((target (string-append (assoc-ref %outputs "out")
+                                      "/share/texmf-dist/tex/plain")))
+           (mkdir-p target)
+           (copy-recursively (assoc-ref %build-inputs "source") target)
+           #t))))
+    (home-page "https://www.ctan.org/pkg/plain")
+    (synopsis "Plain TeX format and supporting files")
+    (description
+     "Contains files used to build the Plain TeX format, as described in the
+TeXbook, together with various supporting files (some also discussed in the
+book).")
+    (license license:knuth)))
+
+(define-public texlive-latex-base
+  (let ((texlive-dir
+         (lambda (dir hash)
+           (origin
+             (method svn-fetch)
+             (uri (svn-reference
+                   (url (string-append "svn://www.tug.org/texlive/tags/"
+                                       %texlive-tag "/Master/texmf-dist/"
+                                       dir))
+                   (revision %texlive-revision)))
+             (sha256 (base32 hash))))))
+    (package
+      (name "texlive-latex-base")
+      (version (number->string %texlive-revision))
+      (source (origin
+                (method svn-fetch)
+                (uri (texlive-ref "latex" "base"))
+                (sha256
+                 (base32
+                  "1h9pir2hz6i9avc4lrl733p3zf4rpkg8537x1zdbhs91hvhikw9k"))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:modules ((guix build gnu-build-system)
+                    (guix build utils)
+                    (ice-9 match)
+                    (srfi srfi-1)
+                    (srfi srfi-26))
+         #:tests? #f                    ; no tests
+         #:phases
+         (modify-phases %standard-phases
+           (delete 'configure)
+           (replace 'build
+             (lambda* (#:key inputs #:allow-other-keys)
+               ;; Find required fonts
+               (setenv "TFMFONTS"
+                       (string-append (assoc-ref inputs "texlive-fonts-cm")
+                                      "/share/texmf-dist/fonts/tfm/public/cm:"
+                                      (assoc-ref inputs "texlive-fonts-latex")
+                                      "/share/texmf-dist/fonts/tfm/public/latex-fonts:"
+                                      (assoc-ref inputs "texlive-fonts-knuth-lib")
+                                      "/share/texmf-dist/fonts/tfm/public/knuth-lib"))
+               (setenv "TEXINPUTS"
+                       (string-append
+                        (getcwd) ":"
+                        (getcwd) "/build:"
+                        (string-join
+                         (append-map (match-lambda
+                                       ((_ . dir)
+                                        (find-files dir
+                                                    (lambda (_ stat)
+                                                      (eq? 'directory (stat:type stat)))
+                                                    #:directories? #t
+                                                    #:stat stat)))
+                                     inputs)
+                         ":")))
+
+               ;; Create an empty texsys.cfg, because latex.ltx wants to include
+               ;; it.  This file must exist and it's fine if it's empty.
+               (with-output-to-file "texsys.cfg"
+                 (lambda _ (format #t "%")))
+
+               (mkdir "build")
+               (mkdir "web2c")
+               (and (zero? (system* "luatex" "-ini" "-interaction=batchmode"
+                                    "-output-directory=build"
+                                    "unpack.ins"))
+                    ;; LaTeX and XeTeX require e-TeX, which is enabled only in
+                    ;; extended mode (activated with a leading asterisk).  We
+                    ;; should not use luatex here, because that would make the
+                    ;; generated format files incompatible with any other TeX
+                    ;; engine.
+
+                    ;; FIXME: XeTeX fails to build because neither
+                    ;; \XeTeXuseglyphmetrics nor \XeTeXdashbreakstate are
+                    ;; defined.
+                    (every
+                     (lambda (format)
+                       (zero? (system* "latex" "-ini" "-interaction=batchmode"
+                                       "-output-directory=web2c"
+                                       "-translate-file=cp227.tcx"
+                                       (string-append "*" format ".ini"))))
+                     '("latex" ;"xetex"
+                       ))
+                    (every
+                     (lambda (format)
+                       (zero? (system* "luatex" "-ini" "-interaction=batchmode"
+                                       "-output-directory=web2c"
+                                       (string-append format ".ini"))))
+                     '("dviluatex" "dvilualatex" "luatex" "lualatex" "xelatex")))))
+           (replace 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out"))
+                      (target (string-append
+                               out "/share/texmf-dist/tex/latex/base"))
+                      (web2c (string-append
+                              out "/share/texmf-dist/web2c")))
+                 (mkdir-p target)
+                 (mkdir-p web2c)
+                 (for-each delete-file (find-files "." "\\.(log|aux)$"))
+                 (for-each (cut install-file <> target)
+                           (find-files "build" ".*"))
+                 (for-each (cut install-file <> web2c)
+                           (find-files "web2c" ".*"))
+                 #t))))))
+      (native-inputs
+       `(("texlive-bin" ,texlive-bin)
+         ("texlive-generic-unicode-data" ,texlive-generic-unicode-data)
+         ("texlive-generic-dehyph-exptl" ,texlive-generic-dehyph-exptl)
+         ("texlive-generic-tex-ini-files" ,texlive-generic-tex-ini-files)
+         ("texlive-latex-latexconfig"
+          ,(texlive-dir "tex/latex/latexconfig/"
+                        "1zb3j49cj8p75yph6c8iysjp7qbdvghwf0mn9j0l7qq3qkbz2xaf"))
+         ("texlive-generic-hyph-utf8" ,texlive-generic-hyph-utf8)
+         ("texlive-generic-hyphen"
+          ,(texlive-dir "tex/generic/hyphen/"
+                        "0xim36wybw2625yd0zwlp9m2c2xrcybw58gl4rih9nkph0wqwwhd"))
+         ("texlive-generic-ruhyphen"
+          ,(texlive-dir "tex/generic/ruhyphen/"
+                        "14rjkpl4zkjqs13rcf9kcd24mn2kx7i1jbdwxq8ds94bi66ylzsd"))
+         ("texlive-generic-ukrhyph"
+          ,(texlive-dir "tex/generic/ukrhyph/"
+                        "1cfwdg2rhbayl3w0x1xqd36d45zbc96f029myp13s7cb6kbmbppv"))
+         ("texlive-generic-config"
+          ,(texlive-dir "tex/generic/config/"
+                        "19vj088p4kkp6xll0141m4kl6ssgdzhs3g10i232khb07aqiag8s"))
+         ("texlive-tex-plain" ,texlive-tex-plain)
+         ("texlive-fonts-cm" ,texlive-fonts-cm)
+         ("texlive-fonts-latex" ,texlive-fonts-latex)
+         ("texlive-fonts-knuth-lib" ,texlive-fonts-knuth-lib)))
+      (home-page "http://www.ctan.org/pkg/latex-base")
+      (synopsis "Base sources of LaTeX")
+      (description
+       "This bundle comprises the source of LaTeX itself, together with several
+packages which are considered \"part of the kernel\".  This bundle, together
+with the required packages, constitutes what every LaTeX distribution should
+contain.")
+      (license license:lppl1.3c+))))
+
+(define-public texlive-latex-filecontents
+  (package
+    (name "texlive-latex-filecontents")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "filecontents"))
+              (sha256
+               (base32
+                "0swkbxv8vg0yizadfnvrwjb4cj0pn34v9wm6v7wqq903fdav7k7q"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "latex/filecontents"))
+    (home-page "http://www.ctan.org/pkg/filecontents")
+    (synopsis "Extended filecontents and filecontents* environments")
+    (description
+     "LaTeX2e's @code{filecontents} and @code{filecontents*} environments
+enable a LaTeX source file to generate external files as it runs through
+LaTeX.  However, there are two limitations of these environments: they refuse
+to overwrite existing files, and they can only be used in the preamble of a
+document.  The filecontents package removes these limitations, letting you
+overwrite existing files and letting you use @code{filecontents} /
+@code{filecontents*} anywhere.")
+    (license license:lppl1.3c+)))
+
+(define-public texlive-generic-ifxetex
+  (package
+    (name "texlive-generic-ifxetex")
+    (version "0.6")
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "generic" "ifxetex"))
+              (sha256
+               (base32
+                "0w2xj7n0szavj329kds09q626szkc378p3w0sk022q0ln4ksz86d"))))
+    (build-system texlive-build-system)
+    (arguments
+     '(#:tex-directory "generic/ifxetex"
+       #:tex-format "xelatex"))
+    (inputs
+     `(("texlive-latex-filecontents" ,texlive-latex-filecontents)))
+    (home-page "http://www.ctan.org/pkg/ifxetex")
+    (synopsis "Am I running under XeTeX?")
+    (description
+     "This is a simple package which provides an @code{\\ifxetex} conditional,
+so that other code can determine that it is running under XeTeX.  The package
+requires the etexe-TeX extensions to the TeX primitive set.")
+    (license license:lppl1.3c+)))
+
+(define-public texlive-latex-fancyvrb
+  (package
+    (name "texlive-latex-fancyvrb")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "fancyvrb"))
+              (sha256
+               (base32
+                "03l7140y031rr14h02i4z9zqsfvrbn7wzwxbjsrjcgrk6sdr71wv"))))
+    (build-system texlive-build-system)
+    (arguments
+     '(#:tex-directory "latex/fancyvrb"
+       ;; We exclude "fvrb-ex" to avoid a dependency on texlive-luaotfload and
+       ;; thus texlive-luatex-lualibs.
+       #:build-targets '("fancyvrb.ins")))
+    (home-page "http://www.ctan.org/pkg/fancyvrb")
+    (synopsis "Sophisticated verbatim text")
+    (description
+     "This package provides tools for the flexible handling of verbatim text
+including: verbatim commands in footnotes; a variety of verbatim environments
+with many parameters; ability to define new customized verbatim environments;
+save and restore verbatim text and environments; write and read files in
+verbatim mode; build \"example\" environments (showing both result and
+verbatim source).")
+    (license license:lppl1.0+)))
+
+(define-public texlive-latex-graphics
+  (package
+    (name "texlive-latex-graphics")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "graphics"))
+              (sha256
+               (base32
+                "17ka701xr9nqsjlhz30hphr8d9j4zzwgv5zl5r2f118yzqh9c34v"))))
+    (build-system texlive-build-system)
+    (arguments
+     '(#:tex-directory "latex/graphics"
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'install-config
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((cfg (assoc-ref inputs "graphics-cfg"))
+                   (target (string-append (assoc-ref outputs "out")
+                                          "/share/texmf-dist/tex/latex/graphics-cfg")))
+               (mkdir-p target)
+               (install-file (string-append cfg "/graphics.cfg") target)
+               (install-file (string-append cfg "/color.cfg")    target)
+               #t)))
+         (add-after 'install 'install-defs
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((def (assoc-ref inputs "graphics-def"))
+                   (target (string-append (assoc-ref outputs "out")
+                                          "/share/texmf-dist/tex/latex/graphics-def")))
+               (mkdir-p target)
+               (copy-recursively def target)
+               #t))))))
+    (native-inputs
+     `(("graphics-cfg"
+        ,(origin
+           (method git-fetch)
+           (uri (git-reference
+                 (url "https://github.com/latex3/graphics-cfg.git")
+                 (commit "19d1238af17df376cd46333b229579b0f7f3a41f")))
+           (sha256
+            (base32
+             "12kbgbm52gmmgn8zajb74s8n5rvnxcfdvs3iyj8vcw5vrsw5i6mh"))))
+       ("graphics-def"
+        ,(origin
+           (method svn-fetch)
+           (uri (svn-reference
+                 (url (string-append "svn://www.tug.org/texlive/tags/"
+                                     %texlive-tag "/Master/texmf-dist/"
+                                     "/tex/latex/graphics-def"))
+                 (revision %texlive-revision)))
+           (sha256
+            (base32
+             "1q5l0x3jsy74v0zq4c9g0x0rb9jfzf7cbhdzkbchyydv49iav802"))))))
+    (home-page "http://www.ctan.org/pkg/latex-graphics")
+    (synopsis "LaTeX standard graphics bundle")
+    (description
+     "This is a collection of LaTeX packages for producing color, including
+graphics (e.g. PostScript) files, and rotation and scaling of text in LaTeX
+documents.  It comprises the packages color, graphics, graphicx, trig, epsfig,
+keyval, and lscape.")
+    ;; The configuration files are released under CC0.
+    (license (list license:lppl1.3c+
+                   license:cc0))))
+
+(define-public texlive-latex-xcolor
+  (package
+    (name "texlive-latex-xcolor")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "xcolor"))
+              (sha256
+               (base32
+                "01n613s7bcrd2n4jfawm0k4nn2ny3aaifp2jjfif3lz4sbv31494"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "latex/xcolor"))
+    (home-page "http://www.ctan.org/pkg/xcolor")
+    (synopsis "Driver-independent color extensions for LaTeX and pdfLaTeX")
+    (description
+     "The package starts from the basic facilities of the colorcolor package,
+and provides easy driver-independent access to several kinds of color tints,
+shades, tones, and mixes of arbitrary colors.  It allows a user to select a
+document-wide target color model and offers complete tools for conversion
+between eight color models.  Additionally, there is a command for alternating
+row colors plus repeated non-aligned material (like horizontal lines) in
+tables.")
+    (license license:lppl1.2+)))
+
+(define-public texlive-latex-hyperref
+  (package
+    (name "texlive-latex-hyperref")
+    (version "6.84a2")
+    ;; The sources in the TeX Live SVN repository do not contain hluatex.dtx,
+    ;; so we fetch the release from GitHub.
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/ho-tex/hyperref/"
+                                  "archive/release-" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1d3rmjgzh0025a1dza55zb6nzzlgd1y9snwx45wq1c1vf42m79h2"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "latex/hyperref"))
+    (home-page "http://www.ctan.org/pkg/hyperref")
+    (synopsis "Extensive support for hypertext in LaTeX")
+    (description
+     "The hyperref package is used to handle cross-referencing commands in
+LaTeX to produce hypertext links in the document.  The package provides
+backends for the special set defined for HyperTeX DVI processors; for embedded
+pdfmark commands for processing by Acrobat Distiller (dvips and dvipsone); for
+dviwindo; for PDF control within pdfTeX and dvipdfm; for TeX4ht; and for VTeX
+pdf and HTML backends.  The package is distributed with the backref and
+nameref packages, which make use of the facilities of hyperref.")
+    (license license:lppl1.3+)))
+
+(define-public texlive-latex-oberdiek
+  (package
+    (name "texlive-latex-oberdiek")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "oberdiek"))
+              (sha256
+               (base32
+                "0aswvsxgsn709xmvpcg50d2xl7vcy1ckdxb9c1cligqqfjjvviqf"))))
+    (build-system texlive-build-system)
+    (arguments
+     '(#:tex-directory "latex/oberdiek"
+       #:phases
+       (modify-phases %standard-phases
+         ;; "ifpdf.ins" is not generated, so we cannot process it.
+         (add-after 'unpack 'do-not-process-ifpdf.ins
+           (lambda _
+             (substitute* "oberdiek.ins"
+               (("\\\\batchinput\\{ifpdf.ins\\}") ""))
+             #t)))))
+    (home-page "http://www.ctan.org/pkg/oberdiek")
+    (synopsis "Bundle of packages submitted by Heiko Oberdiek")
+    (description
+     "The bundle comprises various LaTeX packages, providing among others:
+better accessibility support for PDF files; extensible chemists reaction
+arrows; record information about document class(es) used; and many more.")
+    (license license:lppl1.3+)))
+
+(define-public texlive-latex-tools
+  (package
+    (name "texlive-latex-tools")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "tools"))
+              (sha256
+               (base32
+                "052a0pch2k5zls5jlay9xxcf93rw3i60a2x28y3ip3rhbsv3xgiz"))))
+    (build-system texlive-build-system)
+    (arguments
+     '(#:tex-directory "latex/tools"
+       #:build-targets '("tools.ins")))
+    (home-page "http://www.ctan.org/pkg/latex-tools")
+    (synopsis "LaTeX standard tools bundle")
+    (description
+     "This package is a collection of (variously) simple tools provided as
+part of the LaTeX required tools distribution, comprising the following
+packages: afterpage, array, bm, calc, dcolumn, delarray, enumerate, fileerr,
+fontsmpl, ftnright, hhline, indentfirst, layout, longtable, multicol,
+rawfonts, showkeys, somedefs, tabularx, theorem, trace, varioref, verbatim,
+xr, and xspace.")
+    (license license:lppl1.3+)))
+
+(define-public texlive-latex-url
+  (package
+    (name "texlive-latex-url")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/tex/latex/url"))
+                    (revision %texlive-revision)))
+              (sha256
+               (base32
+                "184s2543cwia5l7iibhlkl1ffbncfhjpv5p56zq0c15by5sghlac"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((target (string-append (assoc-ref %outputs "out")
+                                      "/share/texmf-dist/tex/latex/url")))
+           (mkdir-p target)
+           (copy-recursively (assoc-ref %build-inputs "source") target)
+           #t))))
+    (home-page "https://www.ctan.org/pkg/url")
+    (synopsis "Verbatim with URL-sensitive line breaks")
+    (description "The command @code{\\url} is a form of verbatim command that
+allows linebreaks at certain characters or combinations of characters, accepts
+reconfiguration, and can usually be used in the argument to another command.
+The command is intended for email addresses, hypertext links,
+directories/paths, etc., which normally have no spaces, so by default the
+package ignores spaces in its argument.  However, a package option allows
+spaces, which is useful for operating systems where spaces are a common part
+of file names.")
+    ;; The license header states that it is under LPPL version 2 or later, but
+    ;; the latest version is 1.3c.
+    (license license:lppl1.3c+)))
+
+(define-public texlive-latex-l3kernel
+  (package
+    (name "texlive-latex-l3kernel")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "l3kernel"))
+              (sha256
+               (base32
+                "0ndqw0flhl20f4ny5lssp8rqpnj5kglyg59whbdrxbh2zc7w7j0b"))))
+    (build-system texlive-build-system)
+    (arguments
+     '(#:tex-directory "latex/l3kernel"))
+    (home-page "http://www.ctan.org/pkg/l3kernel")
+    (synopsis "LaTeX3 programmers’ interface")
+    (description
+     "The l3kernel bundle provides an implementation of the LaTeX3
+programmers’ interface, as a set of packages that run under LaTeX 2e.  The
+interface provides the foundation on which the LaTeX3 kernel and other future
+code are built: it is an API for TeX programmers.  The packages are set up so
+that the LaTeX3 conventions can be used with regular LaTeX 2e packages.")
+    (license license:lppl1.3c+)))
+
+(define-public texlive-latex-l3packages
+  (package
+    (name "texlive-latex-l3packages")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "l3packages"))
+              (sha256
+               (base32
+                "1p1y9my6ccmp2ab91fzqqgih8ifrk4y3wyh397kagiq9f6a6v91f"))))
+    (build-system texlive-build-system)
+    (arguments
+     '(#:tex-directory "latex/l3packages"
+       #:phases
+       (modify-phases %standard-phases
+         ;; All package sources are in sub-directories, so we need to add them
+         ;; to TEXINPUTS.
+         (add-after 'unpack 'set-TEXINPUTS
+           (lambda _
+             (let ((cwd (getcwd)))
+               (setenv "TEXINPUTS"
+                       (string-append cwd "/l3keys2e:"
+                                      cwd "/xparse:"
+                                      cwd "/xfrac:"
+                                      cwd "/xfp:"
+                                      cwd "/xtemplate")))
+             #t)))))
+    (inputs
+     `(("texlive-latex-l3kernel" ,texlive-latex-l3kernel)))
+    (home-page "http://www.ctan.org/pkg/l3packages")
+    (synopsis "High-level LaTeX3 concepts")
+    (description
+     "This bundle holds prototype implementations of concepts for a LaTeX
+designer interface, to be used with the experimental LaTeX kernel as
+programming tools and kernel sup­port.  Packages provided in this release are:
+
+@enumerate
+@item l3keys2e, which makes the facilities of the kernel module l3keys
+  available for use by LaTeX 2e packages;
+@item xfrac, which provides flexible splitlevel fractions;
+@item xparse, which provides a high-level interface for declaring document
+  commands; and
+@item xtemplate, which provides a means of defining generic functions using a
+  key-value syntax.
+@end enumerate\n")
+    (license license:lppl1.3c+)))
+
+(define-public texlive-latex-fontspec
+  (package
+    (name "texlive-latex-fontspec")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "fontspec"))
+              (sha256
+               (base32
+                "1rx43y5xmjqvc27pjdnmqwp4pcw3czcfd6nfpmzc1gnqfl1hlc0q"))))
+    (build-system texlive-build-system)
+    (arguments
+     '(#:tex-directory "latex/fontspec"
+       #:build-targets '("fontspec.dtx")))
+    (inputs
+     `(("texlive-latex-l3kernel" ,texlive-latex-l3kernel)))
+    (home-page "http://www.ctan.org/pkg/fontspec")
+    (synopsis "Advanced font selection in XeLaTeX and LuaLaTeX")
+    (description
+     "Fontspec is a package for XeLaTeX and LuaLaTeX.  It provides an
+automatic and unified interface to feature-rich AAT and OpenType fonts through
+the NFSS in LaTeX running on XeTeX or LuaTeX engines.  The package requires
+the l3kernel and xparse bundles from the LaTeX 3 development team.")
+    (license license:lppl1.3+)))
+
+;; The SVN directory contains little more than a dtx file that generates three
+;; of the many lua files that should be installed as part of this package.
+;; This is why we take the release from GitHub instead.
+(define-public texlive-luatex-lualibs
+  (package
+    (name "texlive-luatex-lualibs")
+    (version "2.5")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/lualatex/lualibs/"
+                                  "releases/download/v"
+                                  version "/lualibs.zip"))
+              (sha256
+               (base32
+                "1xx9blvrmx9hyhrl345lpai9m6xxnw997261a1ahn1bm5r2j5fqy"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:make-flags
+       (list (string-append "DESTDIR="
+                            (assoc-ref %outputs "out")
+                            "/share/texmf-dist"))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure))))
+    (native-inputs
+     `(("texlive-bin" ,texlive-bin)
+       ("unzip" ,unzip)
+       ("zip" ,zip)))
+    (home-page "https://github.com/lualatex/lualibs")
+    (synopsis "Lua modules for general programming (in the (La)TeX world)")
+    (description
+     "Lualibs is a collection of Lua modules useful for general programming.
+The bundle is based on Lua modules shipped with ConTeXt, and made available in
+this bundle for use independent of ConTeXt.")
+    ;; GPL version 2 only
+    (license license:gpl2)))
+
+(define-public texlive-latex-amsmath
+  (package
+    (name "texlive-latex-amsmath")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "amsmath"))
+              (sha256
+               (base32
+                "178ywjpdlv78qmfzqdyn6gy14620zjsn2q9wap76fbr9s4hw6dba"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "latex/amsmath"))
+    (home-page "http://www.ctan.org/pkg/amsmath")
+    (synopsis "AMS mathematical facilities for LaTeX")
+    (description
+     "This is the principal package in the AMS-LaTeX distribution.  It adapts
+for use in LaTeX most of the mathematical features found in AMS-TeX; it is
+highly recommended as an adjunct to serious mathematical typesetting in LaTeX.
+When amsmath is loaded, AMS-LaTeX packages @code{amsbsyamsbsy} (for bold
+symbols), @code{amsopnamsopn} (for operator names) and
+@code{amstextamstext} (for text embedded in mathematics) are also loaded.
+This package is part of the LaTeX required distribution; however, several
+contributed packages add still further to its appeal; examples are
+@code{empheqempheq}, which provides functions for decorating and highlighting
+mathematics, and @code{ntheoremntheorem}, for specifying theorem (and similar)
+definitions.")
+    (license license:lppl1.3c+)))
+
+(define-public texlive-latex-amscls
+  (package
+    (name "texlive-latex-amscls")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "amscls"))
+              (sha256
+               (base32
+                "0jmcr37mcdi7drczppvr6lmz5d5yd9m67ii79gp2nglg1xpw934j"))))
+    (build-system texlive-build-system)
+    (arguments
+     `(#:tex-directory "latex/amscls"))
+    (home-page "http://www.ctan.org/pkg/amscls")
+    (synopsis "AMS document classes for LaTeX")
+    (description
+     "This bundle contains three AMS classes: @code{amsartamsart} (for writing
+articles for the AMS), @code{amsbookamsbook} (for books) and
+@code{amsprocamsproc} (for proceedings), together with some supporting
+material.  The material is made available as part of the AMS-LaTeX
+distribution.")
+    (license license:lppl1.3c+)))
+
+(define-public texlive-latex-babel
+  (package
+    (name "texlive-latex-babel")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "babel"))
+              (sha256
+               (base32
+                "1n3i5adsyy7jw0imnzrm2i8wkf73i3mjk9h3ic8cb9cd19i4r9r3"))))
+    (build-system texlive-build-system)
+    (arguments
+     '(#:tex-directory "latex/babel"
+       #:phases
+       (modify-phases %standard-phases
+         ;; This package tries to produce babel.aux twice but refuses to
+         ;; overwrite the first one.
+         (add-before 'build 'fix-ins
+           (lambda _
+             (substitute* "babel.ins"
+               (("askonceonly") "askforoverwritefalse"))
+             #t)))))
+    (home-page "http://www.ctan.org/pkg/babel")
+    (synopsis "Multilingual support for Plain TeX or LaTeX")
+    (description
+     "The package manages culturally-determined typographical (and other)
+rules, and hyphenation patterns for a wide range of languages.  A document may
+select a single language to be supported, or it may select several, in which
+case the document may switch from one language to another in a variety of
+ways.  Babel uses contributed configuration files that provide the detail of
+what has to be done for each language.  Users of XeTeX are advised to use the
+polyglossia package rather than Babel.")
+    (license license:lppl1.3+)))
+
+(define-public texlive-latex-cyrillic
+  (package
+    (name "texlive-latex-cyrillic")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "cyrillic"))
+              (sha256
+               (base32
+                "1mdhl35hwas68ki56qqngzar37dwv4mm64l2canihr255bz34lbv"))))
+    (build-system texlive-build-system)
+    (arguments
+     '(#:tex-directory "latex/cyrillic"))
+    (home-page "http://www.ctan.org/pkg/latex-cyrillic")
+    (synopsis "Support for Cyrillic fonts in LaTeX")
+    (description
+     "This bundle of macros files provides macro support (including font
+encoding macros) for the use of Cyrillic characters in fonts encoded under the
+T2* and X2 encodings. These encodings cover (between them) pretty much every
+language that is written in a Cyrillic alphabet.")
+    (license license:lppl1.3c+)))
+
+(define-public texlive-latex-psnfss
+  (package
+    (name "texlive-latex-psnfss")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "psnfss"))
+              (sha256
+               (base32
+                "1920dcq8613yzprasbg80fh4fcjcidvvl54wkx438nimyxcri7qz"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "latex/psnfss"))
+    (home-page "http://www.ctan.org/pkg/psnfss")
+    (synopsis "Font support for common PostScript fonts")
+    (description
+     "The PSNFSS collection includes a set of files that provide a complete
+working setup of the LaTeX font selection scheme (NFSS2) for use with common
+PostScript fonts.  It covers the so-called \"Base\" fonts (which are built
+into any Level 2 PostScript printing device and the Ghostscript interpreter)
+and a number of free fonts.  It provides font definition files, macros and
+font metrics.  The bundle as a whole is part of the LaTeX required set of
+packages.")
+    (license license:lppl1.2+)))
+
+(define-public texlive-union
+  (lambda* (#:optional (packages '()))
+    "Return 'texlive-union' package which is a union of PACKAGES and the
+standard LaTeX packages."
+    (let ((default-packages
+            (list texlive-bin
+                  texlive-dvips
+                  texlive-fonts-cm
+                  texlive-fonts-latex
+                  texlive-metafont-base
+                  texlive-latex-base
+                  ;; LaTeX packages from the "required" set.
+                  texlive-latex-amsmath
+                  texlive-latex-amscls
+                  texlive-latex-babel
+                  texlive-latex-cyrillic
+                  texlive-latex-graphics
+                  texlive-latex-psnfss
+                  texlive-latex-tools)))
+      (package
+        (name "texlive-union")
+        (version (number->string %texlive-revision))
+        (source #f)
+        (build-system trivial-build-system)
+        (arguments
+         '(#:modules ((guix build union)
+                      (guix build utils)
+                      (guix build texlive-build-system)
+                      (guix build gnu-build-system)
+                      (guix build gremlin)
+                      (guix elf))
+           #:builder
+           (begin
+             (use-modules (ice-9 match)
+                          (srfi srfi-26)
+                          (guix build union)
+                          (guix build utils)
+                          (guix build texlive-build-system))
+             (let* ((out       (assoc-ref %outputs "out"))
+                    (texmf.cnf (string-append out "/share/texmf-dist/web2c/texmf.cnf")))
+               ;; Build a modifiable union of all inputs (but exclude bash)
+               (match (filter (match-lambda
+                                ((name . _)
+                                 (not (string=? "bash" name))))
+                              %build-inputs)
+                 (((names . directories) ...)
+                  (union-build (assoc-ref %outputs "out")
+                               directories
+                               #:create-all-directories? #t)))
+
+               ;; The configuration file "texmf.cnf" is provided by the
+               ;; "texlive-bin" package.  We take it and override only the
+               ;; setting for TEXMFROOT and TEXMF.  This file won't be consulted
+               ;; by default, though, so we still need to set TEXMFCNF.
+               (substitute* texmf.cnf
+                 (("^TEXMFROOT = .*")
+                  (string-append "TEXMFROOT = " out "/share\n"))
+                 (("^TEXMF = .*")
+                  "TEXMF = $TEXMFROOT/share/texmf-dist\n"))
+               (setenv "PATH" (string-append (assoc-ref %build-inputs "bash")
+                                             "/bin"))
+               (for-each
+                (cut wrap-program <>
+                     `("TEXMFCNF" ":" = (,(dirname texmf.cnf)))
+                     `("TEXMF"    ":" = (,(string-append out "/share/texmf-dist"))))
+                (find-files (string-append out "/bin") ".*"))
+               #t))))
+        (inputs
+         `(("bash" ,bash)
+           ,@(map (lambda (package)
+                    (list (package-name package) package))
+                  (append default-packages packages))))
+        (home-page (package-home-page texlive-bin))
+        (synopsis "Union of TeX Live packages")
+        (description "This package provides a subset of the TeX Live
+distribution.")
+        (license (fold (lambda (package result)
+                         (match (package-license package)
+                           ((lst ...)
+                            (append lst result))
+                           ((? license:license? license)
+                            (cons license result))))
+                       '()
+                       (append default-packages packages)))))))
+
+(define-public texlive-tiny
+  (package
+    (inherit (texlive-union))
+    (name "texlive-tiny")
+    (description "This is a very limited subset of the TeX Live distribution.
+It includes little more than the required set of LaTeX packages.")))
+
 (define texlive-texmf
   (package
    (name "texlive-texmf")
diff --git a/gnu/packages/tmux.scm b/gnu/packages/tmux.scm
index 5b92df88ae..0ffc3b9980 100644
--- a/gnu/packages/tmux.scm
+++ b/gnu/packages/tmux.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Matthew Jordan <matthewjordandevops@yandex.com>
 ;;; Copyright © 2017 Vasile Dumitrascu <va511e@yahoo.com>
+;;; Copyright © 2017 Stefan Reichör <stefan@xsteve.at>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -89,3 +90,48 @@ continue running in the background, then later reattached.")
       (description "A collection of various themes for Tmux.")
       (license
        (non-copyleft "http://www.wtfpl.net/txt/copying/")))))
+
+(define-public tmuxifier
+  (package
+    (name "tmuxifier")
+    (version "0.13.0")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append
+                    "https://github.com/jimeh/tmuxifier/archive/v"
+                    version ".tar.gz"))
+             (file-name (string-append name "-" version ".tar.gz"))
+             (sha256
+              (base32
+               "1j9fj6zg0j3sdn7svpybzsqh7876rv81zi437976kj7hxnyjkcz7"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f
+       #:phases (modify-phases %standard-phases
+                  (delete 'configure)
+                  (delete 'build)
+                  (replace 'install
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      (let* ((out    (assoc-ref %outputs "out"))
+                             (bindir (string-append out "/bin"))
+                             (share  (string-append out "/share/" ,name)))
+                        (install-file "bin/tmuxifier" bindir)
+                        (substitute* (string-append bindir "/tmuxifier")
+                          (("set -e")
+                           (string-append "TMUXIFIER=" share "\nset -e")))
+                        (for-each (lambda (init-script)
+                                    (install-file init-script (string-append
+                                                               share "/init")))
+                                  '("init.sh" "init.tcsh" "init.fish"))
+                        (for-each (lambda (dir)
+                                    (copy-recursively dir (string-append
+                                                           share "/" dir)))
+                                  '("completion" "lib" "libexec"
+                                    "templates"))))))))
+    (home-page "https://github.com/jimeh/tmuxifier")
+    (synopsis "Powerful session, window & pane management for Tmux")
+    (description "Tmuxifier allows you to easily create, edit, and load
+@code{layout} files, which are simple shell scripts where you use the tmux
+command and helper commands provided by tmuxifier to manage Tmux sessions and
+windows.")
+    (license expat)))
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index cd2576c51a..953440a6fd 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -701,14 +701,14 @@ control to Git repositories.")
 (define-public mercurial
   (package
     (name "mercurial")
-    (version "3.9")
+    (version "4.2.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://www.mercurial-scm.org/"
                                  "release/mercurial-" version ".tar.gz"))
              (sha256
               (base32
-               "1g6svg7fc1kyaxq653iwsvdh8hp2lrhs2ywazfc436a4zzf2akw3"))))
+               "182qh6d0srps2n5sydzy8n3gi78la6m0wi3846zpyyd0b8pmgmfp"))))
     (build-system python-build-system)
     (arguments
      `(;; Restrict to Python 2, as Python 3 would require
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 702704ed46..adae0d3d3e 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -482,6 +482,7 @@ standards (MPEG-2, MPEG-4 ASP/H.263, MPEG-4 AVC/H.264, and VC-1/VMW3).")
        ("libcaca" ,libcaca)
        ("libcdio-paranoia" ,libcdio-paranoia)
        ("libtheora" ,libtheora)
+       ("libva" ,libva)
        ("libvdpau" ,libvdpau)
        ("libvorbis" ,libvorbis)
        ("libvpx" ,libvpx)
@@ -1001,7 +1002,7 @@ access to mpv's powerful playback capabilities.")
 (define-public youtube-dl
   (package
     (name "youtube-dl")
-    (version "2017.06.05")
+    (version "2017.06.12")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://yt-dl.org/downloads/"
@@ -1009,7 +1010,7 @@ access to mpv's powerful playback capabilities.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "132f4csbl4bv71b01pnqfkd7hbbc6wclrh1h12fr1182954ahk5m"))))
+                "1p4d8g44v8vgr4xwvmbvzkjz6zakl2r89spaak6yw1zxmymd9b1w"))))
     (build-system python-build-system)
     (arguments
      ;; The problem here is that the directory for the man page and completion
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 398fdf3ae7..10945d4975 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -4621,3 +4621,52 @@ allocations, it does not buffer data, it can be interrupted at anytime.
 Depending on your architecture, it only requires about 40 bytes of data per
 message stream (in a web server that is per connection).")
     (license l:expat)))
+
+(define-public python2-httpretty
+  (package
+    (name "python2-httpretty")
+    (version "0.8.14")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "httpretty" version))
+       (sha256
+        (base32
+         "0vlp5qkyw3pxwwsg7xmdcfh1csvypvaz4m6abida8s4xmjxpdhc3"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-sphinx-rtd-theme" ,python2-sphinx-rtd-theme)
+       ("python-sphinx" ,python2-sphinx)
+       ("python-coverage" ,python2-coverage)
+       ("python-tornado" ,python2-tornado)
+       ("python-urllib3" ,python2-urllib3)
+       ("python-sure" ,python2-sure)
+       ("python-steadymark" ,python2-steadymark)
+       ("python-requests" ,python2-requests)
+       ("python-rednose" ,python2-rednose)
+       ("python-nose-randomly" ,python2-nose-randomly)
+       ("python-misaka" ,python2-misaka)
+       ("python-pytest-httpbin" ,python2-pytest-httpbin)
+       ("python-nose" ,python2-nose)))
+    (arguments
+     `(#:tests? #f
+       ;; Requires mock>=1.3.0 which requires a more up-to-date
+       ;; python-pbr. After updating these trying to build the
+       ;; package leads to failures in python-flake8 and other
+       ;; packages. The cascade of updates and failures this
+       ;; leads to, seems to not be worth having the test run.
+       #:python ,python-2
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'patch-test-requirements
+           (lambda* (#:key inputs #:allow-other-keys)
+             ;; Update requirements from dependecy==version
+             ;; to dependency>=version
+             (substitute* "development.txt"
+               (("==") ">="))
+             #t)))))
+    (home-page "http://github.com/gabrielfalcao/httpretty")
+    (synopsis "HTTP client mock for Python")
+    (description "@code{httpretty} is a helper for faking web requests,
+inspired by Ruby's @code{fakeweb}.")
+    (license l:expat)))
diff --git a/gnu/packages/xfce.scm b/gnu/packages/xfce.scm
index c8786dd69b..d7d1372dd2 100644
--- a/gnu/packages/xfce.scm
+++ b/gnu/packages/xfce.scm
@@ -39,6 +39,7 @@
   #:use-module (gnu packages xdisorg)
   #:use-module (gnu packages web)
   #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages freedesktop)
   #:use-module (gnu packages image)
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages pdf)
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 9635413b8f..a6bea3588f 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -4,7 +4,7 @@
 ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2015 Raimon Grau <raimonster@gmail.com>
 ;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
@@ -56,6 +56,7 @@
   (package
     (name "expat")
     (version "2.2.0")
+    (replacement expat-2.2.1)
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://sourceforge/expat/expat/"
@@ -74,6 +75,19 @@ stream-oriented parser in which an application registers handlers for
 things the parser might find in the XML document (like start tags).")
     (license license:expat)))
 
+(define expat-2.2.1  ; Fixes CVE-2017-9233, CVE-2016-9063 and other issues.
+  (package
+    (inherit expat)
+    (version "2.2.1")
+    (replacement #f)
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "mirror://sourceforge/expat/expat/"
+                                 version "/expat-" version ".tar.bz2"))
+             (sha256
+              (base32
+               "11c8jy1wvllvlk7xdc5cm8hdhg0hvs8j0aqy6s702an8wkdcls0q"))))))
+
 (define-public libxml2
   (package
     (name "libxml2")
diff --git a/gnu/packages/zip.scm b/gnu/packages/zip.scm
index 8feb4fea21..018891359b 100644
--- a/gnu/packages/zip.scm
+++ b/gnu/packages/zip.scm
@@ -136,6 +136,12 @@ recreates the stored directory structure by default.")
       (uri (string-append "mirror://sourceforge/zziplib/zziplib13/"
                           version "/zziplib-"
                           version ".tar.bz2"))
+      (patches (search-patches "zziplib-CVE-2017-5974.patch"
+                               "zziplib-CVE-2017-5975.patch"
+                               "zziplib-CVE-2017-5976.patch"
+                               "zziplib-CVE-2017-5978.patch"
+                               "zziplib-CVE-2017-5979.patch"
+                               "zziplib-CVE-2017-5981.patch"))
       (sha256
        (base32
         "0nsjqxw017hiyp524p9316283jlf5piixc1091gkimhz38zh7f51"))))
diff --git a/gnu/services/admin.scm b/gnu/services/admin.scm
index 6ac24e32b0..b9e3fa70a4 100644
--- a/gnu/services/admin.scm
+++ b/gnu/services/admin.scm
@@ -27,8 +27,17 @@
   #:use-module (guix packages)
   #:use-module (guix records)
   #:use-module (srfi srfi-1)
+  #:use-module (ice-9 vlist)
   #:export (%default-rotations
             %rotated-files
+
+            log-rotation
+            log-rotation?
+            log-rotation-frequency
+            log-rotation-files
+            log-rotation-options
+            log-rotation-post-rotate
+
             rottlog-configuration
             rottlog-configuration?
             rottlog-service
@@ -40,41 +49,78 @@
 ;;; /etc/rottlog/{rc,hourly|daily|weekly}.  Example usage
 ;;;
 ;;;     (mcron-service)
-;;;     (service rottlog-service-type (rottlog-configuration))
+;;;     (service rottlog-service-type)
 ;;;
 ;;; Code:
 
+(define-record-type* <log-rotation> log-rotation make-log-rotation
+  log-rotation?
+  (files       log-rotation-files)                ;list of strings
+  (frequency   log-rotation-frequency             ;symbol
+               (default 'weekly))
+  (post-rotate log-rotation-post-rotate           ;#f | gexp
+               (default #f))
+  (options     log-rotation-options               ;list of strings
+               (default '())))
+
 (define %rotated-files
   ;; Syslog files subject to rotation.
   '("/var/log/messages" "/var/log/secure" "/var/log/maillog"))
 
-(define (syslog-rotation-config files)
-  #~(string-append #$(string-join files ",")
-                 " {
-        sharedscripts
-        postrotate
-        " #$coreutils "/bin/kill -HUP $(cat /var/run/syslog.pid) 2> /dev/null
-        endscript
-}
-"))
-
-(define (simple-rotation-config files)
-  #~(string-append #$(string-join files ",") " {
-        sharedscripts
-}
-"))
-
 (define %default-rotations
-  `(("weekly"
-     ,(computed-file "rottlog.weekly"
-                     #~(call-with-output-file #$output
-                         (lambda (port)
-                           (display #$(syslog-rotation-config %rotated-files)
-                                    port)
-                           (display #$(simple-rotation-config
-                                       '("/var/log/shepherd.log"
-                                         "/var/log/guix-daemon.log"))
-                                    port)))))))
+  (list (log-rotation                             ;syslog files
+         (files %rotated-files)
+
+         ;; Restart syslogd after rotation.
+         (options '("sharedscripts"))
+         (post-rotate #~(let ((pid (call-with-input-file "/var/run/syslog.pid"
+                                     read)))
+                          (kill pid SIGHUP))))
+        (log-rotation
+         (files '("/var/log/shepherd.log" "/var/log/guix-daemon.log")))))
+
+(define (log-rotation->config rotation)
+  "Return a string-valued gexp representing the rottlog configuration snippet
+for ROTATION."
+  (define post-rotate
+    (let ((post (log-rotation-post-rotate rotation)))
+      (and post
+           (program-file "rottlog-post-rotate.scm" post))))
+
+  #~(let ((post #$post-rotate))
+      (string-append (string-join '#$(log-rotation-files rotation) ",")
+                     " {"
+                     #$(string-join (log-rotation-options rotation)
+                                    "\n  " 'prefix)
+                     (if post
+                         (string-append "\n  postrotate\n    " post
+                                        "\n  endscript\n")
+                         "")
+                     "\n}\n")))
+
+(define (log-rotations->/etc-entries rotations)
+  "Return the list of /etc entries for ROTATIONS, a list of <log-rotation>."
+  (define (frequency-file frequency rotations)
+    (computed-file (string-append "rottlog." (symbol->string frequency))
+                   #~(call-with-output-file #$output
+                       (lambda (port)
+                         (for-each (lambda (str)
+                                     (display str port))
+                                   (list #$@(map log-rotation->config
+                                                 rotations)))))))
+
+  (let* ((frequencies (delete-duplicates
+                       (map log-rotation-frequency rotations)))
+         (table       (fold (lambda (rotation table)
+                              (vhash-consq (log-rotation-frequency rotation)
+                                           rotation table))
+                            vlist-null
+                            rotations)))
+    (map (lambda (frequency)
+           `(,(symbol->string frequency)
+             ,(frequency-file frequency
+                              (vhash-foldq* cons '() frequency table))))
+         frequencies)))
 
 (define (default-jobs rottlog)
   (list #~(job '(next-hour '(0))                  ;midnight
@@ -91,15 +137,17 @@
                       (default rottlog))
   (rc-file            rottlog-rc-file             ;file-like
                       (default (file-append rottlog "/etc/rc")))
-  (periodic-rotations rottlog-periodic-rotations  ;list of (name file) tuples
+  (rotations          rottlog-rotations           ;list of <log-rotation>
                       (default %default-rotations))
   (jobs               rottlog-jobs                ;list of <mcron-job>
                       (default #f)))
 
 (define (rottlog-etc config)
-  `(("rottlog" ,(file-union "rottlog"
-                            (cons `("rc" ,(rottlog-rc-file config))
-                                  (rottlog-periodic-rotations config))))))
+  `(("rottlog"
+     ,(file-union "rottlog"
+                  (cons `("rc" ,(rottlog-rc-file config))
+                        (log-rotations->/etc-entries
+                         (rottlog-rotations config)))))))
 
 (define (rottlog-jobs-or-default config)
   (or (rottlog-jobs config)
@@ -116,6 +164,12 @@
                      ;; the documentation.
                      (service-extension profile-service-type
                                         (compose list rottlog-rottlog))))
+   (compose concatenate)
+   (extend (lambda (config rotations)
+             (rottlog-configuration
+              (inherit config)
+              (rotations (append (rottlog-rotations config)
+                                 rotations)))))
    (default-value (rottlog-configuration))))
 
 ;;; admin.scm ends here
diff --git a/gnu/services/cuirass.scm b/gnu/services/cuirass.scm
index 6beabc4b3b..88a9a86111 100644
--- a/gnu/services/cuirass.scm
+++ b/gnu/services/cuirass.scm
@@ -26,6 +26,7 @@
   #:use-module (gnu services)
   #:use-module (gnu services base)
   #:use-module (gnu services shepherd)
+  #:use-module (gnu services admin)
   #:use-module (gnu system shadow)
   #:export (<cuirass-configuration>
             cuirass-configuration
@@ -138,6 +139,13 @@
             (chown #$cache uid gid)
             (chown #$db uid gid))))))
 
+(define (cuirass-log-rotations config)
+  "Return the list of log rotations that corresponds to CONFIG."
+  (list (log-rotation
+         (files (list (cuirass-configuration-log-file config)))
+         (frequency 'weekly)
+         (options '("rotate 40")))))              ;worth keeping
+
 (define cuirass-service-type
   (service-type
    (name 'cuirass)
@@ -145,6 +153,7 @@
     (list
      (service-extension profile-service-type      ;for 'info cuirass'
                         (compose list cuirass-configuration-cuirass))
+     (service-extension rottlog-service-type cuirass-log-rotations)
      (service-extension activation-service-type cuirass-activation)
      (service-extension shepherd-root-service-type cuirass-shepherd-service)
      (service-extension account-service-type cuirass-account)))))
diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm
index ad5e6b75bb..392737d078 100644
--- a/gnu/system/vm.scm
+++ b/gnu/system/vm.scm
@@ -489,20 +489,21 @@ with '-virtfs' options for the host file systems listed in SHARED-FS."
      #$@(map virtfs-option shared-fs)
      "-vga std"
      (format #f "-drive file=~a,if=virtio,cache=writeback,werror=report,readonly"
-             #$image)
-     "-m 256"))
+             #$image)))
 
 (define* (system-qemu-image/shared-store-script os
                                                 #:key
                                                 (qemu qemu)
                                                 (graphic? #t)
+                                                (memory-size 256)
                                                 (mappings '())
                                                 full-boot?
                                                 (disk-image-size
                                                  (* (if full-boot? 500 70)
                                                     (expt 2 20))))
   "Return a derivation that builds a script to run a virtual machine image of
-OS that shares its store with the host.
+OS that shares its store with the host.  The virtual machine runs with
+MEMORY-SIZE MiB of memory.
 
 MAPPINGS is a list of <file-system-mapping> specifying mapping of host file
 systems into the guest.
@@ -531,7 +532,8 @@ it is mostly useful when FULL-BOOT?  is true."
                                 (string-join #$kernel-arguments " "))))
               #$@(common-qemu-options image
                                       (map file-system-mapping-source
-                                           (cons %store-mapping mappings)))))
+                                           (cons %store-mapping mappings)))
+              "-m " (number->string #$memory-size)))
 
     (define builder
       #~(call-with-output-file #$output
diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm
index f5bbfafee3..8389b67f68 100644
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@@ -446,20 +446,6 @@ functionality tests.")
             (define marionette
               (make-marionette (list #$command)))
 
-            (define (wait-for-file file)
-              ;; Wait until FILE exists in the guest; 'read' its content and
-              ;; return it.
-              (marionette-eval
-               `(let loop ((i 10))
-                  (cond ((file-exists? ,file)
-                         (call-with-input-file ,file read))
-                        ((> i 0)
-                         (sleep 1)
-                         (loop (- i 1)))
-                        (else
-                         (error "file didn't show up" ,file))))
-               marionette))
-
             (mkdir #$output)
             (chdir #$output)
 
@@ -478,12 +464,12 @@ functionality tests.")
             ;; runs with the right UID/GID.
             (test-equal "root's job"
               '(0 0)
-              (wait-for-file "/root/witness"))
+              (wait-for-file "/root/witness" marionette))
 
             ;; Likewise for Alice's job.  We cannot know what its GID is since
             ;; it's chosen by 'groupadd', but it's strictly positive.
             (test-assert "alice's job"
-              (match (wait-for-file "/home/alice/witness")
+              (match (wait-for-file "/home/alice/witness" marionette)
                 ((1000 gid)
                  (>= gid 100))))
 
@@ -492,7 +478,7 @@ functionality tests.")
             ;; that don't have a read syntax, hence the string.)
             (test-equal "root's job with command"
               "#<eof>"
-              (wait-for-file "/root/witness-touch"))
+              (wait-for-file "/root/witness-touch" marionette))
 
             (test-end)
             (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
diff --git a/gnu/tests/messaging.scm b/gnu/tests/messaging.scm
index cefb52534a..b76b8e8434 100644
--- a/gnu/tests/messaging.scm
+++ b/gnu/tests/messaging.scm
@@ -80,21 +80,6 @@
                                                     (number->string #$port)
                                                     "-:5222"))))
 
-            (define (guest-wait-for-file file)
-              ;; Wait until FILE exists in the guest; 'read' its content and
-              ;; return it.
-              (marionette-eval
-               `(let loop ((i 10))
-                  (cond ((file-exists? ,file)
-                         (call-with-input-file ,file read))
-                        ((> i 0)
-                         (begin
-                           (sleep 1))
-                         (loop (- i 1)))
-                        (else
-                         (error "file didn't show up" ,file))))
-               marionette))
-
             (define (host-wait-for-file file)
               ;; Wait until FILE exists in the host.
               (let loop ((i 60))
@@ -124,7 +109,8 @@
 
             ;; Check XMPP service's PID.
             (test-assert "service process id"
-              (let ((pid (number->string (guest-wait-for-file #$pid-file))))
+              (let ((pid (number->string (wait-for-file #$pid-file
+                                                        marionette))))
                 (marionette-eval `(file-exists? (string-append "/proc/" ,pid))
                                  marionette)))
 
diff --git a/gnu/tests/ssh.scm b/gnu/tests/ssh.scm
index 5f06151081..9c83a9cd48 100644
--- a/gnu/tests/ssh.scm
+++ b/gnu/tests/ssh.scm
@@ -69,20 +69,6 @@ When SFTP? is true, run an SFTP server test."
               (make-marionette (list #$command "-net"
                                      "user,hostfwd=tcp::2222-:22")))
 
-            (define (wait-for-file file)
-              ;; Wait until FILE exists in the guest; 'read' its content and
-              ;; return it.
-              (marionette-eval
-               `(let loop ((i 10))
-                  (cond ((file-exists? ,file)
-                         (call-with-input-file ,file read))
-                        ((> i 0)
-                         (sleep 1)
-                         (loop (- i 1)))
-                        (else
-                         (error "file didn't show up" ,file))))
-               marionette))
-
             (define (make-session-for-test)
               "Make a session with predefined parameters for a test."
               (make-session #:user "root"
@@ -141,7 +127,7 @@ root with an empty password."
 
             ;; Check sshd's PID file.
             (test-equal "sshd PID"
-              (wait-for-file #$pid-file)
+              (wait-for-file #$pid-file marionette)
               (marionette-eval
                '(begin
                   (use-modules (gnu services herd)
@@ -166,7 +152,7 @@ root with an empty password."
                    (channel-open-session channel)
                    (channel-request-exec channel "echo hello > /root/witness")
                    (and (zero? (channel-get-exit-status channel))
-                        (wait-for-file "/root/witness"))))))
+                        (wait-for-file "/root/witness" marionette))))))
 
             ;; Connect to the guest over SFTP.  Make sure we can write and
             ;; read a file there.