summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
authorRicardo Wurmus <rekado@elephly.net>2018-06-29 22:51:23 +0200
committerRicardo Wurmus <rekado@elephly.net>2018-06-29 22:51:23 +0200
commitf1728d43460e63b106dd446e70001d8e100eaf6d (patch)
tree9d211fabf9e200743be49e25d108d58ed88d2f60 /gnu
parentcda7f4bc8ecf331d623c7d37b01931a46830c648 (diff)
parent373cc3b74a6ad33fddf75c2d773a97b1775bda8e (diff)
downloadguix-f1728d43460e63b106dd446e70001d8e100eaf6d.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu')
-rw-r--r--gnu/bootloader/grub.scm10
-rw-r--r--gnu/build/install.scm59
-rw-r--r--gnu/build/linux-modules.scm1
-rw-r--r--gnu/build/vm.scm104
-rw-r--r--gnu/local.mk37
-rw-r--r--gnu/packages/admin.scm207
-rw-r--r--gnu/packages/aidc.scm5
-rw-r--r--gnu/packages/algebra.scm10
-rw-r--r--gnu/packages/animation.scm17
-rw-r--r--gnu/packages/astronomy.scm4
-rw-r--r--gnu/packages/audio.scm43
-rw-r--r--gnu/packages/backup.scm193
-rw-r--r--gnu/packages/base.scm11
-rw-r--r--gnu/packages/benchmark.scm10
-rw-r--r--gnu/packages/bioconductor.scm308
-rw-r--r--gnu/packages/bioinformatics.scm174
-rw-r--r--gnu/packages/bootloaders.scm25
-rw-r--r--gnu/packages/busybox.scm20
-rw-r--r--gnu/packages/check.scm19
-rw-r--r--gnu/packages/cluster.scm81
-rw-r--r--gnu/packages/code.scm6
-rw-r--r--gnu/packages/compression.scm77
-rw-r--r--gnu/packages/cran.scm421
-rw-r--r--gnu/packages/crypto.scm27
-rw-r--r--gnu/packages/cups.scm75
-rw-r--r--gnu/packages/databases.scm12
-rw-r--r--gnu/packages/dav.scm5
-rw-r--r--gnu/packages/debian.scm5
-rw-r--r--gnu/packages/dns.scm19
-rw-r--r--gnu/packages/documentation.scm15
-rw-r--r--gnu/packages/electronics.scm5
-rw-r--r--gnu/packages/elf.scm4
-rw-r--r--gnu/packages/elixir.scm36
-rw-r--r--gnu/packages/emacs.scm931
-rw-r--r--gnu/packages/emulators.scm192
-rw-r--r--gnu/packages/engineering.scm268
-rw-r--r--gnu/packages/enlightenment.scm4
-rw-r--r--gnu/packages/erlang.scm24
-rw-r--r--gnu/packages/fcitx.scm18
-rw-r--r--gnu/packages/file-systems.scm11
-rw-r--r--gnu/packages/firmware.scm97
-rw-r--r--gnu/packages/fltk.scm19
-rw-r--r--gnu/packages/fonts.scm24
-rw-r--r--gnu/packages/fontutils.scm18
-rw-r--r--gnu/packages/fpga.scm4
-rw-r--r--gnu/packages/freedesktop.scm7
-rw-r--r--gnu/packages/ftp.scm4
-rw-r--r--gnu/packages/game-development.scm40
-rw-r--r--gnu/packages/games.scm369
-rw-r--r--gnu/packages/gcc.scm15
-rw-r--r--gnu/packages/geo.scm4
-rw-r--r--gnu/packages/gettext.scm16
-rw-r--r--gnu/packages/gimp.scm14
-rw-r--r--gnu/packages/gnome.scm49
-rw-r--r--gnu/packages/gnu-pw-mgr.scm14
-rw-r--r--gnu/packages/gnupg.scm32
-rw-r--r--gnu/packages/gnuzilla.scm52
-rw-r--r--gnu/packages/golang.scm188
-rw-r--r--gnu/packages/gps.scm2
-rw-r--r--gnu/packages/graphics.scm4
-rw-r--r--gnu/packages/groovy.scm3
-rw-r--r--gnu/packages/gtk.scm41
-rw-r--r--gnu/packages/guile.scm122
-rw-r--r--gnu/packages/image-viewers.scm4
-rw-r--r--gnu/packages/image.scm19
-rw-r--r--gnu/packages/imagemagick.scm4
-rw-r--r--gnu/packages/irc.scm40
-rw-r--r--gnu/packages/java.scm140
-rw-r--r--gnu/packages/kerberos.scm56
-rw-r--r--gnu/packages/libedit.scm4
-rw-r--r--gnu/packages/libreoffice.scm140
-rw-r--r--gnu/packages/libusb.scm44
-rw-r--r--gnu/packages/linux.scm99
-rw-r--r--gnu/packages/lisp.scm7
-rw-r--r--gnu/packages/logging.scm2
-rw-r--r--gnu/packages/machine-learning.scm90
-rw-r--r--gnu/packages/mail.scm80
-rw-r--r--gnu/packages/markup.scm7
-rw-r--r--gnu/packages/maths.scm20
-rw-r--r--gnu/packages/maven.scm1398
-rw-r--r--gnu/packages/mes.scm12
-rw-r--r--gnu/packages/monitoring.scm26
-rw-r--r--gnu/packages/mpd.scm2
-rw-r--r--gnu/packages/music.scm175
-rw-r--r--gnu/packages/networking.scm102
-rw-r--r--gnu/packages/nickle.scm5
-rw-r--r--gnu/packages/node.scm15
-rw-r--r--gnu/packages/ntp.scm3
-rw-r--r--gnu/packages/ocaml.scm3
-rw-r--r--gnu/packages/opencl.scm290
-rw-r--r--gnu/packages/package-management.scm145
-rw-r--r--gnu/packages/parallel.scm22
-rw-r--r--gnu/packages/password-utils.scm5
-rw-r--r--gnu/packages/patches/beignet-correct-file-names.patch32
-rw-r--r--gnu/packages/patches/bind-CVE-2018-5738.patch100
-rw-r--r--gnu/packages/patches/binutils-aarch64-symbol-relocation.patch36
-rw-r--r--gnu/packages/patches/dovecot-trees-support-dovecot-2.3.patch60
-rw-r--r--gnu/packages/patches/doxygen-gcc-ice.patch25
-rw-r--r--gnu/packages/patches/elixir-disable-failing-tests.patch284
-rw-r--r--gnu/packages/patches/flann-cmake-3.11.patch84
-rw-r--r--gnu/packages/patches/gcc-8-strmov-store-file-names.patch110
-rw-r--r--gnu/packages/patches/heimdal-CVE-2017-11103.patch45
-rw-r--r--gnu/packages/patches/heimdal-CVE-2017-6594.patch85
-rw-r--r--gnu/packages/patches/icecat-bug-1413868-pt1.patch663
-rw-r--r--gnu/packages/patches/java-commons-collections-fix-java8.patch299
-rw-r--r--gnu/packages/patches/libreoffice-icu.patch126
-rw-r--r--gnu/packages/patches/libtiff-CVE-2018-10963.patch40
-rw-r--r--gnu/packages/patches/libtiff-CVE-2018-8905.patch61
-rw-r--r--gnu/packages/patches/libyaml-CVE-2014-9130.patch30
-rw-r--r--gnu/packages/patches/maven-generate-component-xml.patch171
-rw-r--r--gnu/packages/patches/maven-generate-javax-inject-named.patch31
-rw-r--r--gnu/packages/patches/mrrescue-support-love-11.patch213
-rw-r--r--gnu/packages/patches/mumble-1.2.19-abs.patch31
-rw-r--r--gnu/packages/patches/nyx-show-header-stats-with-python3.patch70
-rw-r--r--gnu/packages/patches/ocaml-enable-ocamldoc-reproducibility.patch149
-rw-r--r--gnu/packages/patches/opensmtpd-fix-crash.patch44
-rw-r--r--gnu/packages/patches/openssl-1.0.2-CVE-2018-0495.patch215
-rw-r--r--gnu/packages/patches/openssl-1.0.2-CVE-2018-0732.patch50
-rw-r--r--gnu/packages/patches/openssl-1.1.0-CVE-2018-0495.patch152
-rw-r--r--gnu/packages/patches/openssl-1.1.0-CVE-2018-0732.patch50
-rw-r--r--gnu/packages/patches/password-store-gnupg-compat.patch28
-rw-r--r--gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch36
-rw-r--r--gnu/packages/patches/python-nose-timer-drop-ordereddict.patch44
-rw-r--r--gnu/packages/patches/qemu-CVE-2018-11806.patch105
-rw-r--r--gnu/packages/patches/strace-kernel-4.16.patch92
-rw-r--r--gnu/packages/patches/upx-fix-CVE-2017-15056.patch96
-rw-r--r--gnu/packages/patches/x265-fix-ppc64le-build.patch25
-rw-r--r--gnu/packages/pdf.scm4
-rw-r--r--gnu/packages/perl-check.scm51
-rw-r--r--gnu/packages/perl-web.scm4
-rw-r--r--gnu/packages/perl.scm89
-rw-r--r--gnu/packages/photo.scm8
-rw-r--r--gnu/packages/python-crypto.scm37
-rw-r--r--gnu/packages/python-web.scm12
-rw-r--r--gnu/packages/python.scm259
-rw-r--r--gnu/packages/qt.scm50
-rw-r--r--gnu/packages/rdf.scm8
-rw-r--r--gnu/packages/ruby.scm12
-rw-r--r--gnu/packages/samba.scm37
-rw-r--r--gnu/packages/scheme.scm152
-rw-r--r--gnu/packages/scribus.scm14
-rw-r--r--gnu/packages/sdl.scm16
-rw-r--r--gnu/packages/search.scm36
-rw-r--r--gnu/packages/security-token.scm31
-rw-r--r--gnu/packages/selinux.scm5
-rw-r--r--gnu/packages/smalltalk.scm10
-rw-r--r--gnu/packages/spice.scm4
-rw-r--r--gnu/packages/ssh.scm44
-rw-r--r--gnu/packages/sssd.scm5
-rw-r--r--gnu/packages/statistics.scm32
-rw-r--r--gnu/packages/suckless.scm5
-rw-r--r--gnu/packages/syncthing.scm28
-rw-r--r--gnu/packages/syndication.scm6
-rw-r--r--gnu/packages/telephony.scm25
-rw-r--r--gnu/packages/terminals.scm34
-rw-r--r--gnu/packages/tex.scm21
-rw-r--r--gnu/packages/time.scm4
-rw-r--r--gnu/packages/tls.scm101
-rw-r--r--gnu/packages/tor.scm91
-rw-r--r--gnu/packages/version-control.scm112
-rw-r--r--gnu/packages/video.scm151
-rw-r--r--gnu/packages/vim.scm95
-rw-r--r--gnu/packages/virtualization.scm168
-rw-r--r--gnu/packages/vpn.scm11
-rw-r--r--gnu/packages/vulkan.scm87
-rw-r--r--gnu/packages/w3m.scm5
-rw-r--r--gnu/packages/web.scm238
-rw-r--r--gnu/packages/webkit.scm4
-rw-r--r--gnu/packages/wine.scm11
-rw-r--r--gnu/packages/wm.scm17
-rw-r--r--gnu/packages/xdisorg.scm93
-rw-r--r--gnu/packages/xfig.scm7
-rw-r--r--gnu/packages/xml.scm24
-rw-r--r--gnu/packages/xorg.scm57
-rw-r--r--gnu/packages/zile.scm9
-rw-r--r--gnu/services.scm213
-rw-r--r--gnu/services/authentication.scm41
-rw-r--r--gnu/services/base.scm5
-rw-r--r--gnu/services/cuirass.scm7
-rw-r--r--gnu/services/cups.scm5
-rw-r--r--gnu/services/dns.scm16
-rw-r--r--gnu/services/networking.scm6
-rw-r--r--gnu/services/pm.scm2
-rw-r--r--gnu/services/shepherd.scm40
-rw-r--r--gnu/services/sound.scm34
-rw-r--r--gnu/services/web.scm9
-rw-r--r--gnu/system.scm76
-rw-r--r--gnu/system/file-systems.scm11
-rw-r--r--gnu/system/install.scm16
-rw-r--r--gnu/system/mapped-devices.scm16
-rw-r--r--gnu/system/shadow.scm3
-rw-r--r--gnu/system/vm.scm453
-rw-r--r--gnu/tests/admin.scm7
-rw-r--r--gnu/tests/base.scm132
-rw-r--r--gnu/tests/dict.scm7
-rw-r--r--gnu/tests/mail.scm13
-rw-r--r--gnu/tests/messaging.scm14
-rw-r--r--gnu/tests/nfs.scm7
-rw-r--r--gnu/tests/rsync.scm7
-rw-r--r--gnu/tests/ssh.scm8
-rw-r--r--gnu/tests/version-control.scm20
-rw-r--r--gnu/tests/web.scm8
202 files changed, 11472 insertions, 3300 deletions
diff --git a/gnu/bootloader/grub.scm b/gnu/bootloader/grub.scm
index a131f3b506..06856dd58c 100644
--- a/gnu/bootloader/grub.scm
+++ b/gnu/bootloader/grub.scm
@@ -387,12 +387,18 @@ submenu \"GNU system, old configurations...\" {~%")
       ;; Install GRUB onto the EFI partition mounted at EFI-DIR, for the
       ;; system whose root is mounted at MOUNT-POINT.
       (let ((grub-install (string-append bootloader "/sbin/grub-install"))
-            (install-dir (string-append mount-point "/boot")))
+            (install-dir (string-append mount-point "/boot"))
+            ;; When installing GuixSD, it's common to mount EFI-DIR below
+            ;; MOUNT-POINT rather than /boot/efi on the live image.
+            (target-esp (if (file-exists? (string-append mount-point efi-dir))
+                            (string-append mount-point efi-dir)
+                            efi-dir)))
         ;; Tell 'grub-install' that there might be a LUKS-encrypted /boot or
         ;; root partition.
         (setenv "GRUB_ENABLE_CRYPTODISK" "y")
         (unless (zero? (system* grub-install "--boot-directory" install-dir
-                                "--efi-directory" efi-dir))
+                                "--bootloader-id=GuixSD"
+                                "--efi-directory" target-esp))
           (error "failed to install GRUB (EFI)")))))
 
 
diff --git a/gnu/build/install.scm b/gnu/build/install.scm
index 9e30c0d23e..5a5e703872 100644
--- a/gnu/build/install.scm
+++ b/gnu/build/install.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -18,6 +18,7 @@
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
 (define-module (gnu build install)
+  #:use-module (guix store database)
   #:use-module (guix build utils)
   #:use-module (guix build store-copy)
   #:use-module (srfi srfi-26)
@@ -25,7 +26,6 @@
   #:export (install-boot-config
             evaluate-populate-directive
             populate-root-file-system
-            reset-timestamps
             register-closure
             populate-single-profile-directory))
 
@@ -110,9 +110,6 @@ STORE."
 
     ("/var/guix/gcroots/booted-system" -> "/run/booted-system")
     ("/var/guix/gcroots/current-system" -> "/run/current-system")
-
-    ;; XXX: 'guix-register' creates this symlink with a wrong target, so
-    ;; create it upfront to be sure.
     ("/var/guix/gcroots/profiles" -> "/var/guix/profiles")
 
     (directory "/bin")
@@ -144,37 +141,27 @@ includes /etc, /var, /run, /bin/sh, etc., and all the symlinks to SYSTEM."
                 (try))
               (apply throw args)))))))
 
-(define (reset-timestamps directory)
-  "Reset the timestamps of all the files under DIRECTORY, so that they appear
-as created and modified at the Epoch."
-  (display "clearing file timestamps...\n")
-  (for-each (lambda (file)
-              (let ((s (lstat file)))
-                ;; XXX: Guile uses libc's 'utime' function (not 'futime'), so
-                ;; the timestamp of symlinks cannot be changed, and there are
-                ;; symlinks here pointing to /gnu/store, which is the host,
-                ;; read-only store.
-                (unless (eq? (stat:type s) 'symlink)
-                  (utime file 0 0 0 0))))
-            (find-files directory #:directories? #t)))
-
-(define* (register-closure store closure
-                           #:key (deduplicate? #t))
-  "Register CLOSURE in STORE, where STORE is the directory name of the target
-store and CLOSURE is the name of a file containing a reference graph as used
-by 'guix-register'.  As a side effect, this resets timestamps on store files
-and, if DEDUPLICATE? is true, deduplicates files common to CLOSURE and the
-rest of STORE."
-  (let ((status (apply system* "guix-register" "--prefix" store
-                       (append (if deduplicate? '() '("--no-deduplication"))
-                               (list closure)))))
-    (unless (zero? status)
-      (error "failed to register store items" closure))))
+(define* (register-closure prefix closure
+                           #:key
+                           (deduplicate? #t) (reset-timestamps? #t)
+                           (schema (sql-schema)))
+  "Register CLOSURE in PREFIX, where PREFIX is the directory name of the
+target store and CLOSURE is the name of a file containing a reference graph as
+produced by #:references-graphs..  As a side effect, if RESET-TIMESTAMPS? is
+true, reset timestamps on store files and, if DEDUPLICATE? is true,
+deduplicates files common to CLOSURE and the rest of PREFIX."
+  (let ((items (call-with-input-file closure read-reference-graph)))
+    (register-items items
+                    #:prefix prefix
+                    #:deduplicate? deduplicate?
+                    #:reset-timestamps? reset-timestamps?
+                    #:registration-time %epoch
+                    #:schema schema)))
 
 (define* (populate-single-profile-directory directory
                                             #:key profile closure
                                             deduplicate?
-                                            register?)
+                                            register? schema)
   "Populate DIRECTORY with a store containing PROFILE, whose closure is given
 in the file called CLOSURE (as generated by #:references-graphs.)  DIRECTORY
 is initialized to contain a single profile under /root pointing to PROFILE.
@@ -200,11 +187,11 @@ This is used to create the self-contained tarballs with 'guix pack'."
 
   (when register?
     (register-closure (canonicalize-path directory) closure
-                      #:deduplicate? deduplicate?)
+                      #:deduplicate? deduplicate?
+                      #:schema schema)
 
-    ;; XXX: 'guix-register' registers profiles as GC roots but the symlink
-    ;; target uses $TMPDIR.  Fix that.
-    (delete-file (scope "/var/guix/gcroots/profiles"))
+    (mkdir-p* "/var/guix/profiles")
+    (mkdir-p* "/var/guix/gcroots")
     (symlink* "/var/guix/profiles"
               "/var/guix/gcroots/profiles"))
 
diff --git a/gnu/build/linux-modules.scm b/gnu/build/linux-modules.scm
index 87d2e98edf..2ee2f1771f 100644
--- a/gnu/build/linux-modules.scm
+++ b/gnu/build/linux-modules.scm
@@ -32,6 +32,7 @@
             ensure-dot-ko
             module-aliases
             module-dependencies
+            normalize-module-name
             recursive-module-dependencies
             modules-loaded
             module-loaded?
diff --git a/gnu/build/vm.scm b/gnu/build/vm.scm
index fa3ce7790d..abecc8c470 100644
--- a/gnu/build/vm.scm
+++ b/gnu/build/vm.scm
@@ -25,6 +25,7 @@
   #:use-module (guix build utils)
   #:use-module (guix build store-copy)
   #:use-module (guix build syscalls)
+  #:use-module ((guix store database) #:select (reset-timestamps))
   #:use-module (gnu build linux-boot)
   #:use-module (gnu build install)
   #:use-module (gnu system uuid)
@@ -33,6 +34,7 @@
   #:use-module (ice-9 format)
   #:use-module (ice-9 match)
   #:use-module (ice-9 regex)
+  #:use-module (ice-9 popen)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-9)
   #:use-module (srfi srfi-26)
@@ -345,7 +347,7 @@ SYSTEM-DIRECTORY is the name of the directory of the 'system' derivation."
     ;; Optionally, register the inputs in the image's store.
     (when register-closures?
       (unless copy-closures?
-        ;; XXX: 'guix-register' wants to palpate the things it registers, so
+        ;; XXX: 'register-closure' wants to palpate the things it registers, so
         ;; bind-mount the store on the target.
         (mkdir-p target-store)
         (mount (%store-directory) target-store "" MS_BIND))
@@ -354,6 +356,7 @@ SYSTEM-DIRECTORY is the name of the directory of the 'system' derivation."
       (for-each (lambda (closure)
                   (register-closure target
                                     (string-append "/xchg/" closure)
+                                    #:reset-timestamps? copy-closures?
                                     #:deduplicate? deduplicate?))
                 closures)
       (unless copy-closures?
@@ -363,7 +366,7 @@ SYSTEM-DIRECTORY is the name of the directory of the 'system' derivation."
     (display "populating...\n")
     (populate-root-file-system system-directory target)
 
-    ;; 'guix-register' resets timestamps and everything, so no need to do it
+    ;; 'register-closure' resets timestamps and everything, so no need to do it
     ;; once more in that case.
     (unless register-closures?
       (reset-timestamps target))))
@@ -406,42 +409,67 @@ SYSTEM-DIRECTORY is the name of the directory of the 'system' derivation."
                              register-closures? (closures '()))
   "Given a GRUB package, creates an iso image as TARGET, using CONFIG-FILE as
 GRUB configuration and OS-DRV as the stuff in it."
-  (let ((grub-mkrescue (string-append grub "/bin/grub-mkrescue"))
-        (target-store  (string-append "/tmp/root" (%store-directory))))
-    (populate-root-file-system os-drv "/tmp/root")
-
-    (mount (%store-directory) target-store "" MS_BIND)
-
-    (when register-closures?
-      (display "registering closures...\n")
-      (for-each (lambda (closure)
-                  (register-closure
-                   "/tmp/root"
-                   (string-append "/xchg/" closure)
-                   ;; XXX: Using deduplication causes cross device link errors.
-                   #:deduplicate? #f))
-                closures))
-
-    (apply invoke
-           `(,grub-mkrescue "-o" ,target
-                            ,(string-append "boot/grub/grub.cfg=" config-file)
-                            ,(string-append "gnu/store=" os-drv "/..")
-                            "etc=/tmp/root/etc"
-                            "var=/tmp/root/var"
-                            "run=/tmp/root/run"
-                            ;; /mnt is used as part of the installation
-                            ;; process, as the mount point for the target
-                            ;; file system, so create it.
-                            "mnt=/tmp/root/mnt"
-                            "--"
-                            "-volid" ,(string-upcase volume-id)
-                            ,@(if volume-uuid
-                                  `("-volume_date" "uuid"
-                                    ,(string-filter (lambda (value)
-                                                      (not (char=? #\- value)))
-                                                    (iso9660-uuid->string
-                                                     volume-uuid)))
-                                  `())))))
+  (define grub-mkrescue
+    (string-append grub "/bin/grub-mkrescue"))
+
+  (define target-store
+    (string-append "/tmp/root" (%store-directory)))
+
+  (define items
+    ;; The store items to add to the image.
+    (delete-duplicates
+     (append-map (lambda (closure)
+                   (map store-info-item
+                        (call-with-input-file (string-append "/xchg/" closure)
+                          read-reference-graph)))
+                 closures)))
+
+  (populate-root-file-system os-drv "/tmp/root")
+  (mount (%store-directory) target-store "" MS_BIND)
+
+  (when register-closures?
+    (display "registering closures...\n")
+    (for-each (lambda (closure)
+                (register-closure
+                 "/tmp/root"
+                 (string-append "/xchg/" closure)
+
+                 ;; TARGET-STORE is a read-only bind-mount so we shouldn't try
+                 ;; to modify it.
+                 #:deduplicate? #f
+                 #:reset-timestamps? #f))
+              closures)
+    (register-bootcfg-root "/tmp/root" config-file))
+
+  (let ((pipe
+         (apply open-pipe* OPEN_WRITE
+                grub-mkrescue "-o" target
+                (string-append "boot/grub/grub.cfg=" config-file)
+                "etc=/tmp/root/etc"
+                "var=/tmp/root/var"
+                "run=/tmp/root/run"
+                ;; /mnt is used as part of the installation
+                ;; process, as the mount point for the target
+                ;; file system, so create it.
+                "mnt=/tmp/root/mnt"
+                "-path-list" "-"
+                "--"
+                "-volid" (string-upcase volume-id)
+                (if volume-uuid
+                    `("-volume_date" "uuid"
+                      ,(string-filter (lambda (value)
+                                        (not (char=? #\- value)))
+                                      (iso9660-uuid->string
+                                       volume-uuid)))
+                    `()))))
+    ;; Pass lines like 'gnu/store/…-x=/gnu/store/…-x' corresponding to the
+    ;; '-path-list -' option.
+    (for-each (lambda (item)
+                (format pipe "~a=~a~%"
+                        (string-drop item 1) item))
+              items)
+    (unless (zero? (close-pipe pipe))
+      (error "oh, my! grub-mkrescue failed" grub-mkrescue))))
 
 (define* (initialize-hard-disk device
                                #:key
diff --git a/gnu/local.mk b/gnu/local.mk
index 5b6fe71d1c..1f09260a4a 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -96,6 +96,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/chez.scm				\
   %D%/packages/ci.scm				\
   %D%/packages/cinnamon.scm			\
+  %D%/packages/cluster.scm			\
   %D%/packages/cmake.scm			\
   %D%/packages/cobol.scm			\
   %D%/packages/code.scm				\
@@ -321,6 +322,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/ocaml.scm			\
   %D%/packages/ocr.scm				\
   %D%/packages/onc-rpc.scm			\
+  %D%/packages/opencl.scm			\
   %D%/packages/openbox.scm			\
   %D%/packages/openldap.scm			\
   %D%/packages/openstack.scm			\
@@ -470,6 +472,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/services/desktop.scm			\
   %D%/services/dict.scm				\
   %D%/services/dns.scm				\
+  %D%/services/authentication.scm		\
   %D%/services/games.scm			\
   %D%/services/kerberos.scm			\
   %D%/services/lirc.scm				\
@@ -580,6 +583,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/azr3.patch				\
   %D%/packages/patches/bash-completion-directories.patch	\
   %D%/packages/patches/bazaar-CVE-2017-14176.patch		\
+  %D%/packages/patches/beignet-correct-file-names.patch		\
+  %D%/packages/patches/bind-CVE-2018-5738.patch			\
+  %D%/packages/patches/binutils-aarch64-symbol-relocation.patch	\
   %D%/packages/patches/binutils-loongson-workaround.patch	\
   %D%/packages/patches/blast+-fix-makefile.patch		\
   %D%/packages/patches/boost-fix-icu-build.patch		\
@@ -634,12 +640,13 @@ dist_patch_DATA =						\
   %D%/packages/patches/docbook-xsl-nonrecursive-string-subst.patch	\
   %D%/packages/patches/doc++-include-directives.patch		\
   %D%/packages/patches/doc++-segfault-fix.patch			\
+  %D%/packages/patches/dovecot-trees-support-dovecot-2.3.patch	\
+  %D%/packages/patches/doxygen-gcc-ice.patch			\
   %D%/packages/patches/doxygen-test.patch			\
   %D%/packages/patches/dvd+rw-tools-add-include.patch 		\
   %D%/packages/patches/e2fsprogs-glibc-2.27.patch		\
   %D%/packages/patches/eigen-arm-neon-fixes.patch		\
   %D%/packages/patches/elfutils-tests-ptrace.patch		\
-  %D%/packages/patches/elixir-disable-failing-tests.patch	\
   %D%/packages/patches/elogind-glibc-2.27.patch			\
   %D%/packages/patches/einstein-build.patch			\
   %D%/packages/patches/emacs-browse-at-remote-cgit-gnu.patch	\
@@ -669,6 +676,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/file-CVE-2017-1000249.patch		\
   %D%/packages/patches/findutils-localstatedir.patch		\
   %D%/packages/patches/findutils-test-xargs.patch		\
+  %D%/packages/patches/flann-cmake-3.11.patch			\
   %D%/packages/patches/flint-ldconfig.patch			\
   %D%/packages/patches/fltk-shared-lib-defines.patch		\
   %D%/packages/patches/fltk-xfont-on-demand.patch		\
@@ -699,6 +707,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/gcc-6-cross-environment-variables.patch	\
   %D%/packages/patches/gcc-6-source-date-epoch-1.patch		\
   %D%/packages/patches/gcc-6-source-date-epoch-2.patch		\
+  %D%/packages/patches/gcc-8-strmov-store-file-names.patch	\
   %D%/packages/patches/gcr-disable-failing-tests.patch		\
   %D%/packages/patches/gcr-fix-collection-tests-to-work-with-gpg-21.patch	\
   %D%/packages/patches/gd-CVE-2018-5711.patch			\
@@ -782,14 +791,13 @@ dist_patch_DATA =						\
   %D%/packages/patches/hdf-eos5-remove-gctp.patch		\
   %D%/packages/patches/hdf-eos5-fix-szip.patch			\
   %D%/packages/patches/hdf-eos5-fortrantests.patch		\
-  %D%/packages/patches/heimdal-CVE-2017-6594.patch		\
-  %D%/packages/patches/heimdal-CVE-2017-11103.patch		\
   %D%/packages/patches/hmmer-remove-cpu-specificity.patch	\
   %D%/packages/patches/higan-remove-march-native-flag.patch	\
   %D%/packages/patches/hubbub-sort-entities.patch		\
   %D%/packages/patches/hurd-fix-eth-multiplexer-dependency.patch        \
   %D%/packages/patches/hydra-disable-darcs-test.patch		\
   %D%/packages/patches/icecat-avoid-bundled-libraries.patch	\
+  %D%/packages/patches/icecat-bug-1413868-pt1.patch		\
   %D%/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch	\
   %D%/packages/patches/icecat-use-system-graphite2.patch	\
   %D%/packages/patches/icecat-use-system-harfbuzz.patch		\
@@ -799,6 +807,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/isl-0.11.1-aarch64-support.patch	\
   %D%/packages/patches/jacal-fix-texinfo.patch			\
   %D%/packages/patches/java-apache-ivy-port-to-latest-bouncycastle.patch	\
+  %D%/packages/patches/java-commons-collections-fix-java8.patch \
   %D%/packages/patches/java-jeromq-fix-tests.patch		\
   %D%/packages/patches/java-powermock-fix-java-files.patch		\
   %D%/packages/patches/java-simple-xml-fix-tests.patch		\
@@ -866,6 +875,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libmad-mips-newgcc.patch			\
   %D%/packages/patches/libmygpo-qt-fix-qt-5.11.patch		\
   %D%/packages/patches/libmygpo-qt-missing-qt5-modules.patch	\
+  %D%/packages/patches/libreoffice-icu.patch			\
   %D%/packages/patches/libsndfile-armhf-type-checks.patch	\
   %D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch	\
   %D%/packages/patches/libsndfile-CVE-2017-8362.patch		\
@@ -876,6 +886,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/libtheora-config-guess.patch		\
   %D%/packages/patches/libtiff-CVE-2017-9935.patch		\
   %D%/packages/patches/libtiff-CVE-2017-18013.patch		\
+  %D%/packages/patches/libtiff-CVE-2018-8905.patch		\
+  %D%/packages/patches/libtiff-CVE-2018-10963.patch		\
   %D%/packages/patches/libtool-skip-tests2.patch		\
   %D%/packages/patches/libusb-0.1-disable-tests.patch		\
   %D%/packages/patches/libusb-for-axoloti.patch			\
@@ -913,6 +925,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/mars-install.patch			\
   %D%/packages/patches/mars-sfml-2.3.patch			\
   %D%/packages/patches/maxima-defsystem-mkdir.patch		\
+  %D%/packages/patches/maven-generate-component-xml.patch		\
+  %D%/packages/patches/maven-generate-javax-inject-named.patch		\
   %D%/packages/patches/mcron-install.patch			\
   %D%/packages/patches/mcrypt-CVE-2012-4409.patch			\
   %D%/packages/patches/mcrypt-CVE-2012-4426.patch			\
@@ -932,6 +946,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/mozjs38-shell-version.patch		\
   %D%/packages/patches/mozjs38-tracelogger.patch		\
   %D%/packages/patches/mozjs38-version-detection.patch		\
+  %D%/packages/patches/mrrescue-support-love-11.patch		\
+  %D%/packages/patches/mumble-1.2.19-abs.patch			\
   %D%/packages/patches/mumps-build-parallelism.patch		\
   %D%/packages/patches/mupen64plus-ui-console-notice.patch	\
   %D%/packages/patches/mupen64plus-video-z64-glew-correct-path.patch    \
@@ -950,10 +966,12 @@ dist_patch_DATA =						\
   %D%/packages/patches/nvi-assume-preserve-path.patch		\
   %D%/packages/patches/nvi-dbpagesize-binpower.patch		\
   %D%/packages/patches/nvi-db4.patch				\
+  %D%/packages/patches/nyx-show-header-stats-with-python3.patch	\
   %D%/packages/patches/ocaml-bisect-fix-camlp4-in-another-directory.patch	\
   %D%/packages/patches/ocaml-bitstring-fix-configure.patch \
   %D%/packages/patches/ocaml-CVE-2015-8869.patch		\
   %D%/packages/patches/ocaml-Add-a-.file-directive.patch	\
+  %D%/packages/patches/ocaml-enable-ocamldoc-reproducibility.patch	\
   %D%/packages/patches/ocaml-findlib-make-install.patch	\
   %D%/packages/patches/ocaml-graph-honor-source-date-epoch.patch	\
   %D%/packages/patches/omake-fix-non-determinism.patch	\
@@ -964,7 +982,12 @@ dist_patch_DATA =						\
   %D%/packages/patches/openldap-CVE-2017-9287.patch		\
   %D%/packages/patches/openocd-nrf52.patch			\
   %D%/packages/patches/openscenegraph-ffmpeg3.patch             \
+  %D%/packages/patches/opensmtpd-fix-crash.patch		\
   %D%/packages/patches/openssl-runpath.patch			\
+  %D%/packages/patches/openssl-1.0.2-CVE-2018-0495.patch	\
+  %D%/packages/patches/openssl-1.0.2-CVE-2018-0732.patch	\
+  %D%/packages/patches/openssl-1.1.0-CVE-2018-0495.patch	\
+  %D%/packages/patches/openssl-1.1.0-CVE-2018-0732.patch	\
   %D%/packages/patches/openssl-1.1.0-c-rehash-in.patch		\
   %D%/packages/patches/openssl-c-rehash-in.patch		\
   %D%/packages/patches/orpheus-cast-errors-and-includes.patch	\
@@ -974,12 +997,12 @@ dist_patch_DATA =						\
   %D%/packages/patches/p7zip-CVE-2016-9296.patch		\
   %D%/packages/patches/p7zip-CVE-2017-17969.patch		\
   %D%/packages/patches/p7zip-remove-unused-code.patch		\
-  %D%/packages/patches/password-store-gnupg-compat.patch	\
   %D%/packages/patches/patchelf-page-size.patch			\
   %D%/packages/patches/patchelf-rework-for-arm.patch		\
   %D%/packages/patches/patchutils-xfail-gendiff-tests.patch	\
   %D%/packages/patches/patch-hurd-path-max.patch		\
   %D%/packages/patches/perf-gcc-ice.patch			\
+  %D%/packages/patches/perl-archive-tar-CVE-2018-12015.patch	\
   %D%/packages/patches/perl-file-path-CVE-2017-6512.patch	\
   %D%/packages/patches/perl-autosplit-default-time.patch	\
   %D%/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch	\
@@ -1042,7 +1065,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch	\
   %D%/packages/patches/python2-larch-coverage-4.0a6-compatibility.patch \
   %D%/packages/patches/python-networkx2-reproducible-build.patch	\
-  %D%/packages/patches/python-nose-timer-drop-ordereddict.patch \
   %D%/packages/patches/python-pillow-fix-failing-tests.patch	\
   %D%/packages/patches/python2-rdflib-drop-sparqlwrapper.patch	\
   %D%/packages/patches/python-scikit-learn-fix-test-non-determinism.patch	\
@@ -1060,6 +1082,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/python-unittest2-remove-argparse.patch	\
   %D%/packages/patches/python-waitress-fix-tests.patch		\
   %D%/packages/patches/qemu-glibc-2.27.patch 			\
+  %D%/packages/patches/qemu-CVE-2018-11806.patch 		\
   %D%/packages/patches/qt4-ldflags.patch			\
   %D%/packages/patches/qtbase-use-TZDIR.patch			\
   %D%/packages/patches/qtscript-disable-tests.patch		\
@@ -1103,7 +1126,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/slim-login.patch				\
   %D%/packages/patches/sooperlooper-build-with-wx-30.patch 	\
   %D%/packages/patches/steghide-fixes.patch			\
-  %D%/packages/patches/strace-kernel-4.16.patch			\
   %D%/packages/patches/superlu-dist-scotchmetis.patch		\
   %D%/packages/patches/swish-e-search.patch			\
   %D%/packages/patches/swish-e-format-security.patch		\
@@ -1149,6 +1171,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/ustr-fix-build-with-gcc-5.patch		\
   %D%/packages/patches/util-linux-tests.patch			\
   %D%/packages/patches/upower-builddir.patch			\
+  %D%/packages/patches/upx-fix-CVE-2017-15056.patch		\
   %D%/packages/patches/valgrind-enable-arm.patch		\
   %D%/packages/patches/valgrind-glibc-compat.patch		\
   %D%/packages/patches/vinagre-revert-1.patch                   \
@@ -1180,6 +1203,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/wpa-supplicant-fix-nonce-reuse.patch	\
   %D%/packages/patches/wpa-supplicant-krack-followups.patch	\
   %D%/packages/patches/wxmaxima-do-not-use-old-gnuplot-parameters.patch	\
+  %D%/packages/patches/x265-fix-ppc64le-build.patch		\
   %D%/packages/patches/xboing-CVE-2004-0149.patch		\
   %D%/packages/patches/xdotool-fix-makefile.patch               \
   %D%/packages/patches/xf86-video-ark-remove-mibstore.patch	\
@@ -1195,7 +1219,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/xinetd-fix-fd-leak.patch			\
   %D%/packages/patches/xinetd-CVE-2013-4342.patch		\
   %D%/packages/patches/xmodmap-asprintf.patch 			\
-  %D%/packages/patches/libyaml-CVE-2014-9130.patch 		\
   %D%/packages/patches/zathura-plugindir-environment-variable.patch
 
 MISC_DISTRO_FILES =				\
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index fde09b001b..f00bcd89d7 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -21,6 +21,7 @@
 ;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2018 Pierre-Antoine Rouby <pierre-antoine.rouby@inria.fr>
+;;; Copyright © 2018 Rutger Helling <rhelling@mykolab.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -139,13 +140,13 @@ usual file attributes can be checked for inconsistencies.")
 (define-public progress
   (package
     (name "progress")
-    (version "0.13.1")
+    (version "0.14")
     (source (origin
       (method url-fetch)
       (uri (string-append "https://github.com/Xfennec/"
                           name "/archive/v" version ".tar.gz"))
       (sha256
-       (base32 "199rk6608q9m6l0fbjm0xl2w1c5krf8245dqnksdp4rqp7l9ak06"))
+       (base32 "1wcanixfsi5k4i9h5vrnncgjdncalsdfqllrxibxwpgfnf20sji1"))
       (file-name (string-append name "-" version ".tar.gz"))))
     (build-system gnu-build-system)
     (native-inputs
@@ -255,7 +256,7 @@ services.")
     (origin
      (method url-fetch)
       (uri (string-append
-            "http://projects.gw-computing.net/attachments/download/615/dfc-"
+            "https://projects.gw-computing.net/attachments/download/615/dfc-"
             version ".tar.gz"))
       (sha256
        (base32
@@ -263,7 +264,7 @@ services.")
    (build-system cmake-build-system)
    (arguments '(#:tests? #f)) ; There are no tests.
    (native-inputs `(("gettext" ,gettext-minimal)))
-   (home-page "http://projects.gw-computing.net/projects/dfc")
+   (home-page "https://projects.gw-computing.net/projects/dfc")
    (synopsis "Display file system space usage using graphs and colors")
    (description
     "dfc (df color) is a modern version of df.  It uses colors, draws pretty
@@ -507,7 +508,7 @@ allow automatic login and starting any app.")
      "This package provides the /etc/services, /etc/protocols, and /etc/rpc
 files, which contain information about the IANA-assigned port, protocol, and
 ONC RPC numbers.")
-    (home-page "http://packages.debian.org/sid/netbase")
+    (home-page "https://packages.debian.org/sid/netbase")
     (license license:gpl2)))
 
 (define-public netcat
@@ -752,7 +753,7 @@ tools: server, client, and relay agent.")
     (version "1.8.1")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://www.tcpdump.org/release/libpcap-"
+              (uri (string-append "https://www.tcpdump.org/release/libpcap-"
                                   version ".tar.gz"))
               (sha256
                (base32
@@ -761,7 +762,7 @@ tools: server, client, and relay agent.")
     (native-inputs `(("bison" ,bison) ("flex" ,flex)))
     (arguments '(#:configure-flags '("--with-pcap=linux")
                  #:tests? #f))                    ; no 'check' target
-    (home-page "http://www.tcpdump.org")
+    (home-page "https://www.tcpdump.org")
     (synopsis "Network packet capture library")
     (description
      "libpcap is an interface for user-level packet capture.  It provides a
@@ -777,7 +778,7 @@ network statistics collection, security monitoring, network debugging, etc.")
     (version "4.9.2")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://www.tcpdump.org/release/tcpdump-"
+              (uri (string-append "https://www.tcpdump.org/release/tcpdump-"
                                   version ".tar.gz"))
               (sha256
                (base32
@@ -786,7 +787,7 @@ network statistics collection, security monitoring, network debugging, etc.")
     (inputs `(("libpcap" ,libpcap)
               ("openssl" ,openssl)))
     (native-inputs `(("perl" ,perl)))        ; for tests
-    (home-page "http://www.tcpdump.org/")
+    (home-page "https://www.tcpdump.org/")
     (synopsis "Network packet analyzer")
     (description
      "Tcpdump is a command-line tool to analyze network traffic passing
@@ -822,41 +823,36 @@ by bandwidth they use.")
 (define-public clusterssh
   (package
     (name "clusterssh")
-    (version "3.28")
+    (version "4.13.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/clusterssh/"
-                                  "1.%20ClusterSSH%20Series%203/" version
-                                  "/clusterssh-" version ".tar.gz"))
+                                  "2.%20ClusterSSH%20Series%204/"
+                                  "App-ClusterSSH-v" version ".tar.gz"))
               (sha256
                (base32
-                "1bwggpvaj2al5blg1ynapviv2kpydffpzq2zkhi81najnvzc1rr7"))))
-    (build-system gnu-build-system)
-    (inputs `(("perl" ,perl)))
-    (propagated-inputs `(("xterm" ,xterm)
-                         ("perl-tk" ,perl-tk)
-                         ("perl-x11-protocol" ,perl-x11-protocol)))
-    (arguments
-     `(#:phases
-       (modify-phases %standard-phases
-         (add-after 'install 'set-load-paths
-           (lambda* (#:key inputs outputs #:allow-other-keys)
-             ;; Put the perl-tk and perl-x11-protocol modules in the perl inc
-             ;; path for PROG
-             (let* ((out  (assoc-ref outputs "out"))
-                    (prog (string-append out "/bin/cssh"))
-                    (perl-ver ,(package-version perl))
-                    (x11-inc (string-append
-                              (assoc-ref inputs "perl-x11-protocol")
-                              "/lib/perl5/site_perl/" perl-ver))
-                    (tk-inc (string-append
-                             (assoc-ref inputs "perl-tk")
-                             "/lib/perl5/site_perl/" perl-ver
-                             "/x86_64-linux")))
-               (wrap-program
-                   prog
-                 `("PERL5LIB" ":" prefix (,x11-inc ,tk-inc))))
-             #t)))))
+                "0rmk2p3f2wz1h092anidjclh212rv3gxyk0c641qk3frlrjnw6mp"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-cpan-changes" ,perl-cpan-changes)
+       ("perl-file-slurp" ,perl-file-slurp)
+       ("perl-file-which" ,perl-file-which)
+       ("perl-module-build" ,perl-module-build)
+       ("perl-readonly" ,perl-readonly)
+       ("perl-test-differences" ,perl-test-differences)
+       ("perl-test-distmanifest" ,perl-test-distmanifest)
+       ("perl-test-perltidy" ,perl-test-perltidy)
+       ("perl-test-pod" ,perl-test-pod)
+       ("perl-test-pod-coverage" ,perl-test-pod-coverage)
+       ("perl-test-trap" ,perl-test-trap)
+       ("perltidy" ,perltidy)))
+    (propagated-inputs
+     `(("xterm" ,xterm)
+       ("perl-exception-class" ,perl-exception-class)
+       ("perl-tk" ,perl-tk)
+       ("perl-try-tiny" ,perl-try-tiny)
+       ("perl-x11-protocol" ,perl-x11-protocol)
+       ("perl-x11-protocol-other" ,perl-x11-protocol-other)))
     ;; The clusterssh.sourceforge.net address requires login to view
     (home-page "https://sourceforge.net/projects/clusterssh/")
     (synopsis "Secure concurrent multi-server terminal control")
@@ -869,7 +865,7 @@ over ssh connections.")
 (define-public rename
   (package
     (name "rename")
-    (version "0.20")
+    (version "0.35")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -877,7 +873,7 @@ over ssh connections.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "1cf6xx2hiy1xalp35fh8g73j67r0w0g66jpcbc6971x9jbm7bvjy"))))
+                "052iqmn7ya3w1nadpiyavmr3rx566r0lbflx94y8b5wx9q5c16rq"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-module-build" ,perl-module-build)
@@ -1047,7 +1043,7 @@ commands and their arguments.")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                    "http://w1.fi/releases/wpa_supplicant-"
+                    "https://w1.fi/releases/wpa_supplicant-"
                     version
                     ".tar.gz"))
               (patches (search-patches "wpa-supplicant-CVE-2017-13082.patch"
@@ -1108,7 +1104,7 @@ commands and their arguments.")
        ("libgcrypt" ,libgcrypt)))                 ;needed by crypto_gnutls.c
     (native-inputs
      `(("pkg-config" ,pkg-config)))
-    (home-page "http://w1.fi/wpa_supplicant/")
+    (home-page "https://w1.fi/wpa_supplicant/")
     (synopsis "Connecting to WPA and WPA2-protected wireless networks")
     (description
      "wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE
@@ -1225,7 +1221,7 @@ This package provides the 'wpa_supplicant' daemon and the 'wpa_cli' command.")
                          (string-append "--mandir=" out
                                         "/share/man")))))))
        #:tests? #f))
-    (home-page "http://kernel.org")               ; really, no home page
+    (home-page "https://www.kernel.org") ; really, no home page
     (synopsis "Send a wake-on-LAN packet")
     (description
      "WakeLan broadcasts a properly formatted UDP packet across the local area
@@ -1460,7 +1456,7 @@ track changes in important system configuration files.")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                    "http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-"
+                    "https://people.redhat.com/sgrubb/libcap-ng/libcap-ng-"
                     version ".tar.gz"))
               (sha256
                (base32
@@ -1655,7 +1651,7 @@ limits.")
 (define-public autojump
   (package
     (name "autojump")
-    (version "22.3.4")
+    (version "22.5.1")
     (source
      (origin
        (method url-fetch)
@@ -1664,7 +1660,7 @@ limits.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "113rcpr37ngf2xs8da41qdarq5qmj0dwx8ggqy3lhlb0kvqq7g9z"))))
+         "17z9j9936x0nizwrzf664bngh60x5qbvrrf1s5qdzd0f2gdanpvn"))))
     (build-system gnu-build-system)
     (native-inputs                      ;for tests
      `(("python-mock" ,python-mock)
@@ -1672,36 +1668,19 @@ limits.")
     (inputs
      `(("python" ,python-wrapper)))
     (arguments
-     `(#:phases (modify-phases %standard-phases
-                  (delete 'configure)
-                  (delete 'build)
-                  (replace 'check
-                    (lambda _
-                      (zero?
-                       (system* "python" "tests/unit/autojump_utils_test.py"))))
-                  (replace 'install
-                    ;; The install.py script doesn't allow system installation
-                    ;; into an arbitrary prefix, so do our own install.
-                    (lambda* (#:key outputs #:allow-other-keys)
-                      (let* ((out (assoc-ref outputs "out"))
-                             (bin (string-append out "/bin"))
-                             (share (string-append out "/share/autojump"))
-                             (py (string-append out "/lib/python"
-                                                ,(version-major+minor
-                                                  (package-version python-wrapper))
-                                                "/site-packages"))
-                             (man (string-append out "/share/man/man1")))
-                        (install-file "bin/autojump" bin)
-                        (for-each (λ (f) (install-file f py))
-                                  (find-files "bin" "\\.py$"))
-                        (for-each (λ (f) (install-file f share))
-                                  (find-files "bin" "autojump\\..*$"))
-                        (substitute* (string-append share "/autojump.sh")
-                          (("/usr/local") out))
-                        (install-file "docs/autojump.1" man)
-                        (wrap-program (string-append bin "/autojump")
-                          `("PYTHONPATH" ":" prefix (,py)))
-                        #t))))))
+     `(#:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (delete 'build)
+         (replace 'check
+           (lambda _
+             (invoke "python" "tests/unit/autojump_utils_test.py")))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (setenv "SHELL" (which "bash"))
+             (invoke "python" "install.py"
+                     (string-append "--destdir="
+                                    (assoc-ref outputs "out"))))))))
     (home-page "https://github.com/wting/autojump")
     (synopsis "Shell extension for file system navigation")
     (description
@@ -1796,13 +1775,13 @@ platform-specific methods.")
     (version "2.4.5")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://people.redhat.com/sgrubb/audit/"
+              (uri (string-append "https://people.redhat.com/sgrubb/audit/"
                                   "audit-" version ".tar.gz"))
               (sha256
                (base32
                 "1q1q51dvxscbi4kbakmd4bn0xrvwwaiwvaya79925cbrqwzxsg77"))))
     (build-system gnu-build-system)
-    (home-page "http://people.redhat.com/sgrubb/audit/")
+    (home-page "https://people.redhat.com/sgrubb/audit/")
     (arguments
      `(#:configure-flags (list "--with-python=no")
        #:phases
@@ -2131,7 +2110,7 @@ with @code{ChallengeResponseAuthentication} and @code{PrivilegeSeparation}
 enabled, and supports extensive configuration either by PAM options or in
 krb5.conf or both.  PKINIT is supported with recent versions of both MIT
 Kerberos and Heimdal and FAST is supported with recent MIT Kerberos.")
-    (home-page "http://www.eyrie.org/~eagle/software/pam-krb5")
+    (home-page "https://www.eyrie.org/~eagle/software/pam-krb5")
     ;; Dual licenced under  a homebrew non-copyleft OR GPL (any version)
     ;; However, the tarball does not contain a copy of the GPL,  so unless
     ;; we put one in, we cannot distribute it under GPL without violating
@@ -2359,11 +2338,23 @@ Intel DRM Driver.")
          "13r0b0hllgf8j9rh6x1knmbgvingbdmx046aazv6vck2ll120mw1"))))
     (build-system python-build-system)
     (arguments
-     `(#:python ,python-2))             ; Python 2 only
+     `(#:python ,python-2               ; Python 2 only
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'check
+           (lambda _
+             (invoke
+              "nosetests" "-v" "tests/"
+              ;; This test hangs indefinitely when run on a single core VM
+              ;; (see GNU bug #26647 and Debian bug #850230).
+              "--exclude=test_nested_execution_with_explicit_ports"
+              ;; This test randomly fails in certain environments causing too
+              ;; much noise to be useful (see Debian bug #854686).
+              "--exclude=test_should_use_sentinel_for_tasks_that_errored"))))))
     (native-inputs
-     `(("python2-fudge" ,python2-fudge)
-       ("python2-jinja2" ,python2-jinja2)
-       ("python2-nose" ,python2-nose)
+     `(("python2-fudge" ,python2-fudge) ; Requires < 1.0
+       ("python2-jinja2" ,python2-jinja2) ; Requires < 3.0
+       ("python2-nose" ,python2-nose) ; Requires < 2.0
        ("python2-pynacl" ,python2-pynacl)
        ("python2-bcrypt" ,python2-bcrypt)))
     (propagated-inputs
@@ -2383,15 +2374,15 @@ tool for remote execution and deployment.")
 (define-public neofetch
   (package
     (name "neofetch")
-    (version "3.4.0")
+    (version "5.0.0")
     (source (origin
-              (method url-fetch)
-              (uri (string-append "https://github.com/dylanaraps/neofetch/"
-                                  "archive/" version ".tar.gz"))
-              (file-name (string-append name "-" version ".tar.gz"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/dylanaraps/neofetch")
+                    (commit version)))
               (sha256
                (base32
-                "18rhamy910ig03rr55y9x5i6pf78yj9xc6jpm6nfh3gqja7340rb"))))
+                "0yzyi2p0d8xp576lxyv5m9h60dl1d5dmrn40aad307872835b9rr"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f                      ; there are no tests
@@ -2399,31 +2390,11 @@ tool for remote execution and deployment.")
        (list (string-append "PREFIX=" %output))
        #:phases
        (modify-phases %standard-phases
-         (add-after 'unpack 'patch-target-directories
-           (lambda* (#:key outputs #:allow-other-keys)
-             (let ((out (assoc-ref outputs "out")))
-               (substitute* "Makefile"
-                 (("\\$\\(DESTDIR\\)/etc/")
-                  "$(PREFIX)/etc/"))
-               (substitute* "neofetch"
-                 (("\"/etc/neofetch")
-                  (string-append "\"" out "/etc/neofetch"))
-                 (("\"/usr/share/neofetch")
-                  (string-append "\"" out "/share/neofetch"))))
-             #t))
-         (delete 'configure)            ; no configure script
-         (replace 'install
-           (lambda* (#:key make-flags outputs #:allow-other-keys)
-             (let* ((out (assoc-ref outputs "out"))
-                    (doc (string-append out "/share/doc/" ,name "-" ,version))
-                    (etc (string-append doc "/examples/etc")))
-               (zero? (apply system* `("make" ,@make-flags
-                                       ,(string-append "SYSCONFDIR=" etc)
-                                       "install")))))))))
+         (delete 'configure))))         ; no configure script
     (home-page "https://github.com/dylanaraps/neofetch")
-    (synopsis "System info script")
-    (description "Neofetch is a CLI system information tool written in Bash.
-Neofetch displays information about your system next to an image, your OS
+    (synopsis "System information script")
+    (description "Neofetch is a command-line system information tool written in
+Bash.  Neofetch displays information about your system next to an image, your OS
 logo, or any ASCII file of your choice.  The main purpose of Neofetch is to be
 used in screenshots to show other users what operating system or distribution
 you are running, what theme or icon set you are using, etc.")
@@ -2661,7 +2632,7 @@ Python loading in HPC environments.")
   (let ((real-name "inxi"))
     (package
       (name "inxi-minimal")
-      (version "3.0.11-1")
+      (version "3.0.13-1")
       (source
        (origin
          (method git-fetch)
@@ -2670,7 +2641,7 @@ Python loading in HPC environments.")
                (commit version)))
          (sha256
           (base32
-           "07wihl4gsamq98mhxvm6k4vpphym75467cxfa19b3g5ggpyq894g"))))
+           "0732ligzmzwpwaxin4g8rbfj91ghyvf69lx2jyrahi4df0bfamh5"))))
       (build-system trivial-build-system)
       (inputs
        `(("bash" ,bash)
@@ -2727,10 +2698,10 @@ Python loading in HPC environments.")
                            (string-append %output "/share/man/man1")))
            #t)))
       (home-page "https://smxi.org/docs/inxi.htm")
-      (synopsis "Full featured system information script")
+      (synopsis "Full-featured system information script")
       (description "Inxi is a system information script that can display
 various things about your hardware and software to users in an IRC chatroom or
-support forum.  It runs with the /exec command in most IRC clients.")
+support forum.  It runs with the @code{/exec} command in most IRC clients.")
       (license license:gpl3+))))
 
 (define-public inxi
diff --git a/gnu/packages/aidc.scm b/gnu/packages/aidc.scm
index 4615b346d6..64d26548c4 100644
--- a/gnu/packages/aidc.scm
+++ b/gnu/packages/aidc.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2014 John Darringon <jmd@gnu.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Hartmut Goebel <h.goebel@crazy-compilers.com>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -51,7 +52,7 @@ formats.")
 (define-public qrencode
   (package
     (name "qrencode")
-    (version "4.0.0")
+    (version "4.0.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -59,7 +60,7 @@ formats.")
                     ".tar.bz2"))
               (sha256
                (base32
-                "02vx69fl52jbcrmnydsaxcmy6nxqm9jyxzd7hr07s491d7hka069"))))
+                "1d2q5d3v8g3hsi3h5jq4n177bjhf3kawms09immw7p187f6jgjy9"))))
     (build-system gnu-build-system)
     (inputs `(("libpng" ,libpng)))
     (native-inputs `(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm
index 816f013655..45d15d6fd5 100644
--- a/gnu/packages/algebra.scm
+++ b/gnu/packages/algebra.scm
@@ -143,7 +143,7 @@ solve the shortest vector problem.")
    (source (origin
             (method url-fetch)
             (uri (string-append
-                  "http://pari.math.u-bordeaux.fr/pub/pari/unix/pari-"
+                  "https://pari.math.u-bordeaux.fr/pub/pari/unix/pari-"
                   version ".tar.gz"))
             (sha256
               (base32
@@ -174,7 +174,7 @@ polynomials, power series, algebraic numbers, etc., and a lot of
 transcendental functions.
 PARI is also available as a C library to allow for faster computations.")
    (license license:gpl2+)
-   (home-page "http://pari.math.u-bordeaux.fr/")))
+   (home-page "https://pari.math.u-bordeaux.fr/")))
 
 (define-public gp2c
   (package
@@ -183,7 +183,7 @@ PARI is also available as a C library to allow for faster computations.")
    (source (origin
             (method url-fetch)
             (uri (string-append
-                  "http://pari.math.u-bordeaux.fr/pub/pari/GP2C/gp2c-"
+                  "https://pari.math.u-bordeaux.fr/pub/pari/GP2C/gp2c-"
                   version ".tar.gz"))
             (sha256
               (base32
@@ -208,7 +208,7 @@ PARI is also available as a C library to allow for faster computations.
 
 GP2C, the GP to C compiler, translates GP scripts to PARI programs.")
    (license license:gpl2)
-   (home-page "http://pari.math.u-bordeaux.fr/")))
+   (home-page "https://pari.math.u-bordeaux.fr/")))
 
 (define-public giac-xcas
   (package
@@ -746,7 +746,7 @@ Sine Transform} (DST) and @dfn{Discrete Hartley Transform} (DHT).")
                              ;; Then run 'CTest' with -V so we get more
                              ;; details upon failure.
                              (zero? (system* "ctest" "-V" dash-j)))))))))
-    (home-page "http://eigen.tuxfamily.org")
+    (home-page "https://eigen.tuxfamily.org")
     (synopsis "C++ template library for linear algebra")
     (description
      "Eigen is a C++ template library for linear algebra: matrices, vectors,
diff --git a/gnu/packages/animation.scm b/gnu/packages/animation.scm
index b56a081984..a10747ef38 100644
--- a/gnu/packages/animation.scm
+++ b/gnu/packages/animation.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015, 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -52,7 +53,7 @@
                (base32
                 "0ii73nsd3xzkhz6w1rnxwphl637j9w82xiy6apa9vin2isdynnmc"))))
     (build-system gnu-build-system)
-    (home-page "http://www.synfig.org")
+    (home-page "https://www.synfig.org")
     (synopsis "Extended C++ template library")
     (description
      "ETL is a class and template library designed to add new datatypes and
@@ -130,7 +131,7 @@ C++ @dfn{Standard Template Library} (STL).")
        ("pango" ,pango)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
-    (home-page "http://www.synfig.org")
+    (home-page "https://www.synfig.org")
     (synopsis "Vector-based 2D animation renderer")
     (description
      "Synfig is a vector-based 2D animation package.  It is designed to be
@@ -180,7 +181,7 @@ for tweening, preventing the need to hand-draw each frame.")
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("intltool" ,intltool)))
-    (home-page "http://www.synfig.org")
+    (home-page "https://www.synfig.org")
     (synopsis "Vector-based 2D animation package (GUI)")
     (description
      "Synfig is a vector-based 2D animation package.  It is designed to
@@ -226,10 +227,10 @@ contains the graphical user interface for synfig.")
                                    "\nLIBS +=" libsndfile
                                    "/lib/libsndfile.so\n"
                                    "win32 {"))))
-               (zero? (system* "qmake"
-                               (string-append "DESTDIR="
-                                              (assoc-ref outputs "out")
-                                              "/bin")))))
+               (invoke "qmake"
+                       (string-append "DESTDIR="
+                                      (assoc-ref outputs "out")
+                                      "/bin"))))
            ;; Ensure that all required Qt plugins are found at runtime.
            (add-after 'install 'wrap-executable
              (lambda* (#:key inputs outputs #:allow-other-keys)
@@ -248,7 +249,7 @@ contains the graphical user interface for synfig.")
          ("libsndfile" ,libsndfile)))
       (native-inputs
        `(("qttools" ,qttools)))
-      (home-page "http://www.lostmarble.com/papagayo/")
+      (home-page "https://www.lostmarble.com/papagayo/")
       (synopsis "Lip-syncing for animations")
       (description
        "Papagayo is a lip-syncing program designed to help you line up
diff --git a/gnu/packages/astronomy.scm b/gnu/packages/astronomy.scm
index 232157da34..8129da832d 100644
--- a/gnu/packages/astronomy.scm
+++ b/gnu/packages/astronomy.scm
@@ -116,7 +116,9 @@ header.")
      `(("cfitsio" ,cfitsio)
        ("gsl" ,gsl)
        ("libjpeg" ,libjpeg)
-       ("wcslib" ,wcslib)))
+       ("libtiff" ,libtiff)
+       ("wcslib" ,wcslib)
+       ("zlib" ,zlib)))
     (build-system gnu-build-system)
     (home-page "https://www.gnu.org/software/gnuastro/")
     (synopsis "Astronomy utilities")
diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index d8dc1e3134..98f66aae88 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -1220,7 +1220,7 @@ patches that can be used with softsynths such as Timidity and WildMidi.")
 (define-public guitarix
   (package
     (name "guitarix")
-    (version "0.36.1")
+    (version "0.37.1")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -1228,7 +1228,7 @@ patches that can be used with softsynths such as Timidity and WildMidi.")
                    version ".tar.xz"))
              (sha256
               (base32
-               "1g5949jwh2n755xjs3kcbdb8a1wxr5mn0m115wdnk27dxcdn93b0"))))
+               "064k0jzxqgx9gwf8za6jziansabzrwzjaim3qx1743ify5g3gaai"))))
     (build-system waf-build-system)
     (arguments
      `(#:tests? #f ; no "check" target
@@ -1476,7 +1476,7 @@ synchronous execution of all clients, and low latency operation.")
     (version "1.6.0")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://download.drobilla.net/jalv-"
+              (uri (string-append "https://download.drobilla.net/jalv-"
                                   version ".tar.bz2"))
               (sha256
                (base32
@@ -1501,7 +1501,7 @@ synchronous execution of all clients, and low latency operation.")
        ("jack" ,jack-1)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
-    (home-page "http://drobilla.net/software/jalv/")
+    (home-page "https://drobilla.net/software/jalv/")
     (synopsis "Simple LV2 host for JACK")
     (description
      "Jalv is a simple but fully featured LV2 host for JACK.  It runs LV2
@@ -1711,7 +1711,7 @@ included are the command line utilities @code{send_osc} and @code{dump_osc}.")
     (version "0.24.2")
     (source (origin
              (method url-fetch)
-             (uri (string-append "http://download.drobilla.net/lilv-"
+             (uri (string-append "https://download.drobilla.net/lilv-"
                                  version ".tar.bz2"))
              (sha256
               (base32
@@ -1737,7 +1737,7 @@ included are the command line utilities @code{send_osc} and @code{dump_osc}.")
      `(("lv2" ,lv2)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
-    (home-page "http://drobilla.net/software/lilv/")
+    (home-page "https://drobilla.net/software/lilv/")
     (synopsis "Library to simplify use of LV2 plugins in applications")
     (description
      "Lilv is a C library to make the use of LV2 plugins as simple as possible
@@ -1890,7 +1890,7 @@ lv2-c++-tools.")
 (define-public openal
   (package
     (name "openal")
-    (version "1.17.2")
+    (version "1.18.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1898,7 +1898,7 @@ lv2-c++-tools.")
                     version ".tar.bz2"))
               (sha256
                (base32
-                "051k5fy8pk4fd9ha3qaqcv08xwbks09xl5qs4ijqq2qz5xaghhd3"))))
+                "10kydm8701a2kppiss9sdidn1820cmzhqgx1b2bsa5dsgzic32lz"))))
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f  ; no check target
@@ -1966,7 +1966,7 @@ buffers, and audio capture.")
     (version "1.0.0")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://download.drobilla.net/patchage-"
+              (uri (string-append "https://download.drobilla.net/patchage-"
                                   version
                                   ".tar.bz2"))
               (sha256
@@ -1984,7 +1984,7 @@ buffers, and audio capture.")
        ("dbus-glib" ,dbus-glib)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
-    (home-page "http://drobilla.net/software/patchage/")
+    (home-page "https://drobilla.net/software/patchage/")
     (synopsis "Modular patch bay for audio and MIDI systems")
     (description
      "Patchage is a modular patch bay for audio and MIDI systems based on JACK
@@ -2163,7 +2163,7 @@ using GuixSD.")
     (version "0.8.0")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://download.drobilla.net/raul-"
+              (uri (string-append "https://download.drobilla.net/raul-"
                                   version ".tar.bz2"))
               (sha256
                (base32
@@ -2177,7 +2177,7 @@ using GuixSD.")
        ("boost" ,boost)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
-    (home-page "http://drobilla.net/software/raul/")
+    (home-page "https://drobilla.net/software/raul/")
     (synopsis "Real-time audio utility library")
     (description
      "Raul (Real-time Audio Utility Library) is a C++ utility library primarily
@@ -2194,7 +2194,7 @@ aimed at audio/musical applications.")
       (source (origin
                 (method git-fetch)
                 (uri (git-reference
-                      (url "http://git.drobilla.net/raul.git")
+                      (url "https://git.drobilla.net/raul.git")
                       (commit commit)))
                 (file-name (string-append name "-" version "-checkout"))
                 (sha256
@@ -2249,7 +2249,7 @@ tempo and pitch of an audio recording independently of one another.")
        #:phases (modify-phases %standard-phases
                   (add-after
                    'unpack 'autoconf
-                   (lambda _ (zero? (system* "autoreconf" "-vfi"))))
+                   (lambda _ (invoke "autoreconf" "-vfi")))
                   (add-before
                    'build 'fix-makefile
                    (lambda _
@@ -2287,7 +2287,7 @@ input/output.")
     (version "0.6.0")
     (source (origin
              (method url-fetch)
-             (uri (string-append "http://download.drobilla.net/sratom-"
+             (uri (string-append "https://download.drobilla.net/sratom-"
                                  version ".tar.bz2"))
              (sha256
               (base32
@@ -2300,7 +2300,7 @@ input/output.")
        ("sord" ,sord)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
-    (home-page "http://drobilla.net/software/sratom/")
+    (home-page "https://drobilla.net/software/sratom/")
     (synopsis "Library for serialising LV2 atoms to/from RDF")
     (description
      "Sratom is a library for serialising LV2 atoms to/from RDF, particularly
@@ -2313,7 +2313,7 @@ the Turtle syntax.")
     (version "0.10.0")
     (source (origin
              (method url-fetch)
-             (uri (string-append "http://download.drobilla.net/suil-"
+             (uri (string-append "https://download.drobilla.net/suil-"
                                  version ".tar.bz2"))
              (sha256
               (base32
@@ -2330,7 +2330,7 @@ the Turtle syntax.")
        ("qt" ,qtbase)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
-    (home-page "http://drobilla.net/software/suil/")
+    (home-page "https://drobilla.net/software/suil/")
     (synopsis "Library for loading and wrapping LV2 plugin UIs")
     (description
      "Suil is a lightweight C library for loading and wrapping LV2 plugin UIs.
@@ -2723,7 +2723,7 @@ portions of LAME.")
        (modify-phases %standard-phases
          (add-after 'unpack 'autoreconf
            (lambda _
-             (zero? (system* "autoreconf" "-vif")))))
+             (invoke "autoreconf" "-vif"))))
        #:tests? #f))                    ;no 'check' target
     (home-page "http://www.portaudio.com/")
     (synopsis "Audio I/O library")
@@ -2791,9 +2791,8 @@ synthesizer written in C++.")
          (replace 'configure
            (lambda* (#:key outputs #:allow-other-keys)
              (setenv "CC" "gcc")
-             (zero?
-              (system* "./configure"
-                       (string-append "--prefix=" (assoc-ref outputs "out")))))))
+             (invoke "./configure"
+                     (string-append "--prefix=" (assoc-ref outputs "out"))))))
        ;; No 'check' target.
        #:tests? #f))
     (home-page "http://themaister.net/rsound.html")
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index 8d988a08a2..9884f58fc3 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -10,6 +10,7 @@
 ;;; Copyright © 2017 Christopher Allan Webber <cwebber@dustycloud.org>
 ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
 ;;; Copyright © 2018 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -32,6 +33,7 @@
   #:use-module (guix download)
   #:use-module (guix utils)
   #:use-module (guix build-system gnu)
+  #:use-module (guix build-system go)
   #:use-module (guix build-system python)
   #:use-module (gnu packages)
   #:use-module (gnu packages acl)
@@ -45,6 +47,7 @@
   #:use-module (gnu packages ftp)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnupg)
+  #:use-module (gnu packages golang)
   #:use-module (gnu packages gperf)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages linux)
@@ -64,7 +67,7 @@
 (define-public duplicity
   (package
     (name "duplicity")
-    (version "0.7.12")
+    (version "0.7.17")
     (source
      (origin
       (method url-fetch)
@@ -74,12 +77,13 @@
                           version ".tar.gz"))
       (sha256
        (base32
-        "1rhgrz2lm9vbfdp2raykrih1c6n2lw5jd572z4dsz488m52avjqi"))))
+        "0jmh3h09680xyf33hzxxxl74bwz66zqhzvjlj7j89r9rz3qwa91p"))))
     (build-system python-build-system)
     (native-inputs
      `(("util-linux" ,util-linux)     ;setsid command, for the tests
        ("par2cmdline" ,par2cmdline)
        ("python-pexpect" ,python2-pexpect)
+       ("python-fasteners" ,python2-fasteners)
        ("mock" ,python2-mock)))
     (propagated-inputs
      `(("lockfile" ,python2-lockfile)
@@ -143,7 +147,7 @@ spying and/or modification by the server.")
      `(#:phases
        (modify-phases %standard-phases
          (add-after 'unpack 'autoreconf
-           (lambda _ (zero? (system* "autoreconf" "-vfi")))))))
+           (lambda _ (invoke "autoreconf" "-vfi"))))))
     (synopsis "File verification and repair tools")
     (description "Par2cmdline uses Reed-Solomon error-correcting codes to
 generate and verify PAR2 recovery files.  These files can be distributed
@@ -416,7 +420,7 @@ rdiff-backup is easy to use and settings have sensible defaults.")
                             "t/backup_exec/conf/backup_exec.conf")
                (("/bin/true") (which "true"))
                (("/bin/false") (which "false")))
-             (zero? (system* "make" "test")))))))
+             (invoke "make" "test"))))))
     (inputs
      `(("perl" ,perl)
        ("rsync" ,rsync)))
@@ -471,13 +475,13 @@ detection, and lossless compression.")
 (define-public borg
   (package
     (name "borg")
-    (version "1.1.5")
+    (version "1.1.6")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "borgbackup" version))
        (sha256
-        (base32 "0gbdnq7ks46diz6y2pf6wpwkb9hy6hp3immi7jg3h7w72b3ycmj3"))
+        (base32 "0c09j46fi8i7klas0bh82a4whlwnajshk0izkgax6fjxr1sf9lm1"))
        (modules '((guix build utils)))
        (snippet
         '(begin
@@ -510,17 +514,6 @@ detection, and lossless compression.")
                ;; HOME=/homeless-shelter.
                (setenv "HOME" "/tmp")
                #t)))
-         ;; Later versions of msgpack were disallowed to some warnings and lack
-         ;; of support for Python versions that we don't support anyways. So,
-         ;; it's okay to to keep using more recents versions of msgpack for
-         ;; Borg. Also see the note about msgpack in the list of inputs.
-         ;; https://github.com/borgbackup/borg/issues/3517#issuecomment-357221978
-         (add-before 'build 'adjust-msgpack-dependency
-           (lambda _
-             (substitute* "setup.py"
-               (("msgpack-python>=0.4.6,<0.5.0")
-                 "msgpack-python>=0.4.6"))
-             #t))
          ;; The tests need to be run after Borg is installed.
          (delete 'check)
          (add-after 'install 'check
@@ -530,25 +523,24 @@ detection, and lossless compression.")
              ;; The tests should be run in an empty directory.
              (mkdir-p "tests")
              (with-directory-excursion "tests"
-               (zero?
-                 (system* "py.test" "-v" "--pyargs" "borg.testsuite" "-k"
-                          (string-append
-                            ;; These tests need to write to '/var'.
-                            "not test_get_cache_dir "
-                            "and not test_get_config_dir "
-                            "and not test_get_keys_dir "
-                            "and not test_get_security_dir "
-                            ;; These tests assume there is a root user in
-                            ;; '/etc/passwd'.
-                            "and not test_access_acl "
-                            "and not test_default_acl "
-                            "and not test_non_ascii_acl "
-                            ;; This test needs the unpackaged pytest-benchmark.
-                            "and not benchmark "
-                            ;; These tests assume the kernel supports FUSE.
-                            "and not test_fuse "
-                            "and not test_fuse_allow_damaged_files "
-                            "and not test_mount_hardlinks"))))))
+               (invoke "py.test" "-v" "--pyargs" "borg.testsuite" "-k"
+                       (string-append
+                        ;; These tests need to write to '/var'.
+                        "not test_get_cache_dir "
+                        "and not test_get_config_dir "
+                        "and not test_get_keys_dir "
+                        "and not test_get_security_dir "
+                        ;; These tests assume there is a root user in
+                        ;; '/etc/passwd'.
+                        "and not test_access_acl "
+                        "and not test_default_acl "
+                        "and not test_non_ascii_acl "
+                        ;; This test needs the unpackaged pytest-benchmark.
+                        "and not benchmark "
+                        ;; These tests assume the kernel supports FUSE.
+                        "and not test_fuse "
+                        "and not test_fuse_allow_damaged_files "
+                        "and not test_mount_hardlinks")))))
          (add-after 'install 'install-doc
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out"))
@@ -559,11 +551,9 @@ detection, and lossless compression.")
                            "docs/misc/internals-picture.txt"
                            "docs/misc/prune-example.txt"))
                (add-installed-pythonpath inputs outputs)
-               (and
-                 (zero? (system* "python3" "setup.py" "build_man"))
-                 (begin
-                   (copy-recursively "docs/man" man)
-                   #t))))))))
+               (invoke "python3" "setup.py" "build_man")
+               (copy-recursively "docs/man" man)
+               #t))))))
     (native-inputs
      `(("python-cython" ,python-cython)
        ("python-setuptools-scm" ,python-setuptools-scm)
@@ -693,17 +683,17 @@ NTFS volumes using @code{ntfs-3g}, preserving NTFS-specific attributes.")
          (replace 'check
                   (lambda _
                     (substitute* "obnamlib/vfs_local_tests.py"
-                      ;; Check for the nobody user instead of root
+                      ;; Check for the nobody user instead of root.
                       (("self.fs.get_username\\(0\\), 'root'")
                        "self.fs.get_username(65534), 'nobody'")
-                      ;; Disable tests checking for root group
+                      ;; Disable tests checking for root group.
                       (("self.fs.get_groupname\\(0\\)") "'root'"))
                     (substitute* "obnamlib/vfs_local.py"
-                      ;; Don't cover get_groupname function
+                      ;; Don't cover get_groupname function.
                       (("def get_groupname\\(self, gid\\):")
                        "def get_groupname(self, gid):  # pragma: no cover"))
-                    ;; Can't run network tests
-                    (zero? (system* "./check" "--unit-tests")))))))
+                    ;; Can't run network tests.
+                    (invoke "./check" "--unit-tests"))))))
     (inputs
      `(("python2-cliapp" ,python2-cliapp)
        ("python2-larch" ,python2-larch)
@@ -832,3 +822,114 @@ file systems with unattended creation and expiration.  A dirvish backup vault
 is like a time machine for your data. ")
     (license (license:fsf-free "file://COPYING"
                                "Open Software License 2.0"))))
+
+(define-public restic
+  (package
+    (name "restic")
+    (version "0.9.1")
+    ;; TODO Try packaging the bundled / vendored dependencies in the 'vendor/'
+    ;; directory.
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/restic/restic/releases/download/"
+                    "v" version "/restic-" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "15f0rsm2lxk4lmn4773q28g49p68pqyyx0ccp7r556asan73p79m"))))
+    (build-system go-build-system)
+    (arguments
+     `(#:import-path "github.com/restic/restic"
+       #:unpack-path "github.com/restic"
+      ;; We don't need to install the source code for end-user applications.
+       #:install-source? #f
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'build
+           (lambda* (#:key inputs #:allow-other-keys)
+             (with-directory-excursion (string-append
+                                        "src/github.com/restic/restic-"
+                                        ,version)
+               (invoke "go" "run" "build.go"))))
+
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out"))
+                   (src (string-append "src/github.com/restic/restic-"
+                                       ,version)))
+               (install-file (string-append src "/restic")
+                             (string-append out "/bin"))
+               #t)))
+
+         (add-after 'install 'install-docs
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (man "/share/man")
+                    (man-section (string-append man "/man"))
+                    (src (string-append "src/github.com/restic/restic-"
+                                        ,version "/doc/man/")))
+               ;; Install all the man pages to "out".
+               (for-each
+                 (lambda (file)
+                   (install-file file
+                                 (string-append out man-section
+                                                (string-take-right file 1))))
+                 (find-files src "\\.[1-9]"))
+               #t)))
+
+         (add-after 'install-docs 'install-shell-completion
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin"))
+                    (etc (string-append out "/etc"))
+                    (share (string-append out "/share")))
+               (for-each
+                (lambda (shell)
+                  (let* ((shell-name (symbol->string shell))
+                         (dir (string-append "etc/completion/" shell-name)))
+                    (mkdir-p dir)
+                    (invoke (string-append bin "/restic") "generate"
+                            (string-append "--" shell-name "-completion")
+                            (string-append dir "/"
+                                           (case shell
+                                             ((bash) "restic")
+                                             ((zsh) "_restic"))))))
+                '(bash zsh))
+               (with-directory-excursion "etc/completion"
+                 (install-file "bash/restic"
+                               (string-append etc "/bash_completion.d"))
+                 (install-file "zsh/_restic"
+                               (string-append share "/zsh/site-functions")))
+               #t))))))
+    (home-page "https://restic.net/")
+    (synopsis "Backup program with multiple revisions, encryption and more")
+    (description "Restic is a program that does backups right and was designed
+with the following principles in mind:
+
+@itemize
+@item Easy: Doing backups should be a frictionless process, otherwise you
+might be tempted to skip it.  Restic should be easy to configure and use, so
+that, in the event of a data loss, you can just restore it.  Likewise,
+restoring data should not be complicated.
+
+@item Fast: Backing up your data with restic should only be limited by your
+network or hard disk bandwidth so that you can backup your files every day.
+Nobody does backups if it takes too much time.  Restoring backups should only
+transfer data that is needed for the files that are to be restored, so that
+this process is also fast.
+
+@item Verifiable: Much more important than backup is restore, so restic
+enables you to easily verify that all data can be restored.  @item Secure:
+Restic uses cryptography to guarantee confidentiality and integrity of your
+data.  The location the backup data is stored is assumed not to be a trusted
+environment (e.g.  a shared space where others like system administrators are
+able to access your backups).  Restic is built to secure your data against
+such attackers.
+
+@item Efficient: With the growth of data, additional snapshots should only
+take the storage of the actual increment.  Even more, duplicate data should be
+de-duplicated before it is actually written to the storage back end to save
+precious backup space.
+@end itemize")
+    (license license:bsd-2)))
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index 6d9f019857..fef6002b3c 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -480,6 +480,17 @@ included.")
    (license gpl3+)
    (home-page "https://www.gnu.org/software/binutils/")))
 
+(define-public binutils/fixed
+  ;; TODO: Incorporate this in binutils during the next rebuild cycle.
+  (hidden-package
+   (package
+     (inherit binutils)
+     (source (origin
+               (inherit (package-source binutils))
+               (patches (append (origin-patches (package-source binutils))
+                                (search-patches
+                                 "binutils-aarch64-symbol-relocation.patch"))))))))
+
 (define* (make-ld-wrapper name #:key
                           (target (const #f))
                           binutils
diff --git a/gnu/packages/benchmark.scm b/gnu/packages/benchmark.scm
index ebc8bdb5f2..be3662798b 100644
--- a/gnu/packages/benchmark.scm
+++ b/gnu/packages/benchmark.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Dave Love <fx@gnu.org>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -34,15 +35,14 @@
 (define-public fio
   (package
     (name "fio")
-    (version "3.6")
+    (version "3.7")
     (source (origin
               (method url-fetch)
-              (uri (string-append
-                       "http://brick.kernel.dk/snaps/"
-                       "fio-" version ".tar.bz2"))
+              (uri (string-append "http://brick.kernel.dk/snaps/"
+                                  "fio-" version ".tar.gz"))
               (sha256
                (base32
-                "1d2jibp1b2dq97f22wj6pcjl7gbd2kmhfggj2c7q3j8v9axjqsh2"))))
+                "0rw9jf2ikm19lq4jizavdvvp3vfvlm3annq7jsxl2y5nf1pi2qr7"))))
     (build-system gnu-build-system)
     (arguments
      '(#:test-target "test"
diff --git a/gnu/packages/bioconductor.scm b/gnu/packages/bioconductor.scm
index ed35b4c61a..a6a8216ccb 100644
--- a/gnu/packages/bioconductor.scm
+++ b/gnu/packages/bioconductor.scm
@@ -24,10 +24,11 @@
   #:use-module (guix download)
   #:use-module (guix build-system r)
   #:use-module (gnu packages)
+  #:use-module (gnu packages bioinformatics)
   #:use-module (gnu packages cran)
   #:use-module (gnu packages compression)
-  #:use-module (gnu packages statistics)
-  #:use-module (gnu packages bioinformatics))
+  #:use-module (gnu packages graph)
+  #:use-module (gnu packages statistics))
 
 (define-public r-bsgenome-dmelanogaster-ucsc-dm6
   (package
@@ -61,6 +62,111 @@ melanogaster (Fly) as provided by UCSC (dm6) and stored in Biostrings
 objects.")
     (license license:artistic2.0)))
 
+(define-public r-bsgenome-dmelanogaster-ucsc-dm3-masked
+  (package
+    (name "r-bsgenome-dmelanogaster-ucsc-dm3-masked")
+    (version "1.3.99")
+    (source (origin
+              (method url-fetch)
+              ;; We cannot use bioconductor-uri here because this tarball is
+              ;; located under "data/annotation/" instead of "bioc/".
+              (uri (string-append "http://www.bioconductor.org/packages/"
+                                  "release/data/annotation/src/contrib/"
+                                  "BSgenome.Dmelanogaster.UCSC.dm3.masked_"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "1756csb09f1br9rj1l3f08qyh4hlymdbd0cfn8x3fq39dn45m5ap"))))
+    (properties
+     `((upstream-name . "BSgenome.Dmelanogaster.UCSC.dm3.masked")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-bsgenome" ,r-bsgenome)
+       ("r-bsgenome-dmelanogaster-ucsc-dm3"
+        ,r-bsgenome-dmelanogaster-ucsc-dm3)))
+    (home-page "https://www.bioconductor.org/packages/BSgenome.Dmelanogaster.UCSC.dm3.masked/")
+    (synopsis "Full masked genome sequences for Fly")
+    (description
+     "This package provides full masked genome sequences for Drosophila
+melanogaster (Fly) as provided by UCSC (dm3, April 2006) and stored in
+Biostrings objects.  The sequences are the same as in
+BSgenome.Dmelanogaster.UCSC.dm3, except that each of them has the 4 following
+masks on top: (1) the mask of assembly gaps (AGAPS mask), (2) the mask of
+intra-contig ambiguities (AMB mask), (3) the mask of repeats from
+RepeatMasker (RM mask), and (4) the mask of repeats from Tandem Repeats
+Finder (TRF mask).  Only the AGAPS and AMB masks are \"active\" by default.")
+    (license license:artistic2.0)))
+
+(define-public r-bsgenome-hsapiens-ucsc-hg19-masked
+  (package
+    (name "r-bsgenome-hsapiens-ucsc-hg19-masked")
+    (version "1.3.99")
+    (source (origin
+              (method url-fetch)
+              ;; We cannot use bioconductor-uri here because this tarball is
+              ;; located under "data/annotation/" instead of "bioc/".
+              (uri (string-append "http://www.bioconductor.org/packages/"
+                                  "release/data/annotation/src/contrib/"
+                                  "BSgenome.Hsapiens.UCSC.hg19.masked_"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "0452pyah0kv1vsrsjbrqw4k2rm8lc2vc771dzib45gnnfz86qxrr"))))
+    (properties
+     `((upstream-name . "BSgenome.Hsapiens.UCSC.hg19.masked")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-bsgenome" ,r-bsgenome)
+       ("r-bsgenome-hsapiens-ucsc-hg19"
+        ,r-bsgenome-hsapiens-ucsc-hg19)))
+    (home-page "https://bioconductor.org/packages/BSgenome.Hsapiens.UCSC.hg19.masked/")
+    (synopsis "Full masked genome sequences for Homo sapiens")
+    (description
+     "This package provides full genome sequences for Homo sapiens (Human) as
+provided by UCSC (hg19, Feb. 2009) and stored in Biostrings objects.  The
+sequences are the same as in BSgenome.Hsapiens.UCSC.hg19, except that each of
+them has the 4 following masks on top: (1) the mask of assembly gaps (AGAPS
+mask), (2) the mask of intra-contig ambiguities (AMB mask), (3) the mask of
+repeats from RepeatMasker (RM mask), and (4) the mask of repeats from Tandem
+Repeats Finder (TRF mask).  Only the AGAPS and AMB masks are \"active\" by
+default.")
+    (license license:artistic2.0)))
+
+(define-public r-bsgenome-mmusculus-ucsc-mm9-masked
+  (package
+    (name "r-bsgenome-mmusculus-ucsc-mm9-masked")
+    (version "1.3.99")
+    (source (origin
+              (method url-fetch)
+              ;; We cannot use bioconductor-uri here because this tarball is
+              ;; located under "data/annotation/" instead of "bioc/".
+              (uri (string-append "http://www.bioconductor.org/packages/"
+                                  "release/data/annotation/src/contrib/"
+                                  "BSgenome.Mmusculus.UCSC.mm9.masked_"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "00bpbm3havqcxr4g63zhllsbpd9q6svgihks7qp7x73nm4gvq7fn"))))
+    (properties
+     `((upstream-name . "BSgenome.Mmusculus.UCSC.mm9.masked")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-bsgenome" ,r-bsgenome)
+       ("r-bsgenome-mmusculus-ucsc-mm9"
+        ,r-bsgenome-mmusculus-ucsc-mm9)))
+    (home-page "http://bioconductor.org/packages/BSgenome.Mmusculus.UCSC.mm9.masked/")
+    (synopsis "Full masked genome sequences for Mouse")
+    (description
+     "This package provides full genome sequences for Mus musculus (Mouse) as
+provided by UCSC (mm9, Jul. 2007) and stored in Biostrings objects.  The
+sequences are the same as in BSgenome.Mmusculus.UCSC.mm9, except that each of
+them has the 4 following masks on top: (1) the mask of assembly gaps (AGAPS
+mask), (2) the mask of intra-contig ambiguities (AMB mask), (3) the mask of
+repeats from RepeatMasker (RM mask), and (4) the mask of repeats from Tandem
+Repeats Finder (TRF mask).  Only the AGAPS and AMB masks are \"active\" by
+default."  )
+    (license license:artistic2.0)))
+
 (define-public r-hpar
   (package
     (name "r-hpar")
@@ -371,3 +477,201 @@ filtered to remove spurious regions in the genome.  Downstream steps of
 segmentation and calling are also implemented via packages DNAcopy and CGHcall,
 respectively.")
     (license license:gpl2+)))
+
+(define-public r-bayseq
+  (package
+    (name "r-bayseq")
+    (version "2.14.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "baySeq" version))
+       (sha256
+        (base32
+         "0hbmm01a8libara9mbxknpk0wzarwfngnfwlmhpww91a0cmy5klg"))))
+    (properties `((upstream-name . "baySeq")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-abind" ,r-abind)
+       ("r-edger" ,r-edger)
+       ("r-genomicranges" ,r-genomicranges)))
+    (home-page "https://bioconductor.org/packages/baySeq/")
+    (synopsis "Bayesian analysis of differential expression patterns in count data")
+    (description
+     "This package identifies differential expression in high-throughput count
+data, such as that derived from next-generation sequencing machines,
+calculating estimated posterior likelihoods of differential expression (or
+more complex hypotheses) via empirical Bayesian methods.")
+    (license license:gpl3)))
+
+(define-public r-chipcomp
+  (package
+    (name "r-chipcomp")
+    (version "1.10.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "ChIPComp" version))
+       (sha256
+        (base32
+         "0j9nif7z33qdxf347r9wa62hhz8qs09r2p96x3hg5yz30a10ahqs"))))
+    (properties `((upstream-name . "ChIPComp")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-biocgenerics" ,r-biocgenerics)
+       ("r-bsgenome-hsapiens-ucsc-hg19" ,r-bsgenome-hsapiens-ucsc-hg19)
+       ("r-bsgenome-mmusculus-ucsc-mm9" ,r-bsgenome-mmusculus-ucsc-mm9)
+       ("r-genomeinfodb" ,r-genomeinfodb)
+       ("r-genomicranges" ,r-genomicranges)
+       ("r-iranges" ,r-iranges)
+       ("r-limma" ,r-limma)
+       ("r-rsamtools" ,r-rsamtools)
+       ("r-rtracklayer" ,r-rtracklayer)
+       ("r-s4vectors" ,r-s4vectors)))
+    (home-page "https://bioconductor.org/packages/ChIPComp")
+    (synopsis "Quantitative comparison of multiple ChIP-seq datasets")
+    (description
+     "ChIPComp implements a statistical method for quantitative comparison of
+multiple ChIP-seq datasets.  It detects differentially bound sharp binding
+sites across multiple conditions considering matching control in ChIP-seq
+datasets.")
+    ;; Any version of the GPL.
+    (license license:gpl3+)))
+
+(define-public r-riboprofiling
+  (package
+    (name "r-riboprofiling")
+    (version "1.10.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "RiboProfiling" version))
+       (sha256
+        (base32
+         "04yjklqdjkim7yxyk3cyvf0mmwyxyfvw2mmfzgwaaqbiyg29sli0"))))
+    (properties `((upstream-name . "RiboProfiling")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-biocgenerics" ,r-biocgenerics)
+       ("r-biostrings" ,r-biostrings)
+       ("r-data-table" ,r-data-table)
+       ("r-genomeinfodb" ,r-genomeinfodb)
+       ("r-genomicalignments" ,r-genomicalignments)
+       ("r-genomicfeatures" ,r-genomicfeatures)
+       ("r-genomicranges" ,r-genomicranges)
+       ("r-ggbio" ,r-ggbio)
+       ("r-ggplot2" ,r-ggplot2)
+       ("r-iranges" ,r-iranges)
+       ("r-plyr" ,r-plyr)
+       ("r-reshape2" ,r-reshape2)
+       ("r-rsamtools" ,r-rsamtools)
+       ("r-rtracklayer" ,r-rtracklayer)
+       ("r-s4vectors" ,r-s4vectors)
+       ("r-sqldf" ,r-sqldf)))
+    (home-page "https://bioconductor.org/packages/RiboProfiling/")
+    (synopsis "Ribosome profiling data analysis")
+    (description "Starting with a BAM file, this package provides the
+necessary functions for quality assessment, read start position recalibration,
+the counting of genomic sequence reads on CDS, 3'UTR, and 5'UTR, and plotting
+of count data: pairs, log fold-change, codon frequency and coverage
+assessment, principal component analysis on codon coverage.")
+    (license license:gpl3)))
+
+(define-public r-riboseqr
+  (package
+    (name "r-riboseqr")
+    (version "1.14.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "riboSeqR" version))
+       (sha256
+        (base32
+         "0xavd1cdhi8qfjn9a1hjhflyg6jq1ydvv56z12gjz572pwz2knvn"))))
+    (properties `((upstream-name . "riboSeqR")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-abind" ,r-abind)
+       ("r-bayseq" ,r-bayseq)
+       ("r-genomeinfodb" ,r-genomeinfodb)
+       ("r-genomicranges" ,r-genomicranges)
+       ("r-iranges" ,r-iranges)
+       ("r-rsamtools" ,r-rsamtools)
+       ("r-seqlogo" ,r-seqlogo)))
+    (home-page "https://bioconductor.org/packages/riboSeqR/")
+    (synopsis "Analysis of sequencing data from ribosome profiling experiments")
+    (description
+     "This package provides plotting functions, frameshift detection and
+parsing of genetic sequencing data from ribosome profiling experiments.")
+    (license license:gpl3)))
+
+(define-public r-interactionset
+  (package
+    (name "r-interactionset")
+    (version "1.8.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "InteractionSet" version))
+       (sha256
+        (base32
+         "0xngraq7ic80jr98i1wqp8bxdgidq6py60m2wfk82n1ixpcdck8n"))))
+    (properties
+     `((upstream-name . "InteractionSet")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-biocgenerics" ,r-biocgenerics)
+       ("r-genomeinfodb" ,r-genomeinfodb)
+       ("r-genomicranges" ,r-genomicranges)
+       ("r-iranges" ,r-iranges)
+       ("r-matrix" ,r-matrix)
+       ("r-rcpp" ,r-rcpp)
+       ("r-s4vectors" ,r-s4vectors)
+       ("r-summarizedexperiment" ,r-summarizedexperiment)))
+    (home-page "https://bioconductor.org/packages/InteractionSet")
+    (synopsis "Base classes for storing genomic interaction data")
+    (description
+     "This packages provides the @code{GInteractions},
+@code{InteractionSet} and @code{ContactMatrix} objects and associated methods
+for storing and manipulating genomic interaction data from Hi-C and ChIA-PET
+experiments.")
+    (license license:gpl3)))
+
+(define-public r-genomicinteractions
+  (package
+    (name "r-genomicinteractions")
+    (version "1.14.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "GenomicInteractions" version))
+       (sha256
+        (base32
+         "0cnagprxj0b7p6s29iyhqwxj7hgmrh75gj52y4dlil790d1bmq2q"))))
+    (properties
+     `((upstream-name . "GenomicInteractions")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-biobase" ,r-biobase)
+       ("r-biocgenerics" ,r-biocgenerics)
+       ("r-data-table" ,r-data-table)
+       ("r-dplyr" ,r-dplyr)
+       ("r-genomeinfodb" ,r-genomeinfodb)
+       ("r-genomicranges" ,r-genomicranges)
+       ("r-ggplot2" ,r-ggplot2)
+       ("r-gridextra" ,r-gridextra)
+       ("r-gviz" ,r-gviz)
+       ("r-igraph" ,r-igraph)
+       ("r-interactionset" ,r-interactionset)
+       ("r-iranges" ,r-iranges)
+       ("r-rsamtools" ,r-rsamtools)
+       ("r-rtracklayer" ,r-rtracklayer)
+       ("r-s4vectors" ,r-s4vectors)
+       ("r-stringr" ,r-stringr)))
+    (home-page "https://github.com/ComputationalRegulatoryGenomicsICL/GenomicInteractions/")
+    (synopsis "R package for handling genomic interaction data")
+    (description
+     "This R package provides tools for handling genomic interaction data,
+such as ChIA-PET/Hi-C, annotating genomic features with interaction
+information and producing various plots and statistics.")
+    (license license:gpl3)))
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index 3628d6231a..f89c60b8cd 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -5826,15 +5826,16 @@ application of SortMeRNA is filtering rRNA from metatranscriptomic data.")
 (define-public star
   (package
     (name "star")
-    (version "2.6.0a")
+    (version "2.6.0c")
     (source (origin
-              (method url-fetch)
-              (uri (string-append "https://github.com/alexdobin/STAR/archive/"
-                                  version ".tar.gz"))
-              (file-name (string-append name "-" version ".tar.gz"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/alexdobin/STAR.git")
+                    (commit version)))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
-                "0yci4ymy4407kjh0lqp021nzccp6r31wgrkixkmix5p130cxvc56"))
+                "04cj6jw8d9q6lk9c78wa4fky6jdlicf1d13plq7182h8vqiz8p59"))
               (modules '((guix build utils)))
               (snippet
                '(begin
@@ -6938,13 +6939,13 @@ Bioconductor, CRAN, and Github.")
 (define-public r-biocviews
   (package
     (name "r-biocviews")
-    (version "1.48.0")
+    (version "1.48.2")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "biocViews" version))
               (sha256
                (base32
-                "1yx2lir67ny0j150wyfqca0wsxp84byri8nscbs9qlndkh2jppq9"))))
+                "01yiafayl1m5704xdd2cn3zjc78rs10dqyz66lr3qkf6d8w66938"))))
     (properties
      `((upstream-name . "biocViews")))
     (build-system r-build-system)
@@ -7082,14 +7083,14 @@ support for default values, positional argument support, etc.")
 (define-public r-optparse
   (package
     (name "r-optparse")
-    (version "1.4.4")
+    (version "1.6.0")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "optparse" version))
        (sha256
         (base32
-         "1ff4wmsszrb3spwfp7ynfs8w11qpy1sdzfxm1wk8dqqvdwris7qb"))))
+         "1d7v5gl45x4amsfmzn5zyyffyqlc7a82h01szlnda22viyxids0h"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-getopt" ,r-getopt)))
@@ -7127,13 +7128,13 @@ abnormal copy number.")
 (define-public r-s4vectors
   (package
     (name "r-s4vectors")
-    (version "0.18.2")
+    (version "0.18.3")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "S4Vectors" version))
               (sha256
                (base32
-                "0qvj2j0zl4djjl7vrwc6xak6h8dxr53iwypfbcvfb3sh7jwhdiz5"))))
+                "02bps2rpjqx2npwxq3x62ncwi9ggr165cwi56h6hld28bw2gddy8"))))
     (properties
      `((upstream-name . "S4Vectors")))
     (build-system r-build-system)
@@ -7586,13 +7587,13 @@ files.")
 (define-public r-delayedarray
   (package
     (name "r-delayedarray")
-    (version "0.6.0")
+    (version "0.6.1")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "DelayedArray" version))
               (sha256
                (base32
-                "0n3w57cwy911q812wc8658y0v3xgpmg379sj98kfqdxa80z1mxdf"))))
+                "0sjwszxdi0vkj2i2di5i46gh9chc660yr3gs5nk9qnqp77713zds"))))
     (properties
      `((upstream-name . "DelayedArray")))
     (build-system r-build-system)
@@ -8528,43 +8529,51 @@ paired-end data.")
 (define-public r-rcas
   (package
     (name "r-rcas")
-    (version "1.3.4")
+    (version "1.6.0")
     (source (origin
               (method url-fetch)
-              (uri (string-append "https://github.com/BIMSBbioinfo/RCAS/archive/v"
-                                  version ".tar.gz"))
-              (file-name (string-append name "-" version ".tar.gz"))
+              (uri (bioconductor-uri "RCAS" version))
               (sha256
                (base32
-                "1qgc7vi6fpzl440yg7jhiycg5q336kd4pxqzx10yx2zcq3bq3msg"))))
+                "0vmn7a0rm2ban0kaxrf5danhss2r4hfhnwh5889fjcgqy300fdd5"))))
     (build-system r-build-system)
     (native-inputs
-     `(("r-knitr" ,r-knitr)
-       ("r-testthat" ,r-testthat)
+     `(("r-testthat" ,r-testthat)
        ;; During vignette building knitr checks that "pandoc-citeproc"
        ;; is in the PATH.
        ("ghc-pandoc-citeproc" ,ghc-pandoc-citeproc-with-pandoc-1)))
     (propagated-inputs
-     `(("r-data-table" ,r-data-table)
+     `(("r-biocgenerics" ,r-biocgenerics)
        ("r-biomart" ,r-biomart)
-       ("r-org-hs-eg-db" ,r-org-hs-eg-db)
-       ("r-org-ce-eg-db" ,r-org-ce-eg-db)
-       ("r-org-dm-eg-db" ,r-org-dm-eg-db)
-       ("r-org-mm-eg-db" ,r-org-mm-eg-db)
+       ("r-biostrings" ,r-biostrings)
        ("r-bsgenome-hsapiens-ucsc-hg19" ,r-bsgenome-hsapiens-ucsc-hg19)
        ("r-bsgenome-mmusculus-ucsc-mm9" ,r-bsgenome-mmusculus-ucsc-mm9)
        ("r-bsgenome-celegans-ucsc-ce10" ,r-bsgenome-celegans-ucsc-ce10)
        ("r-bsgenome-dmelanogaster-ucsc-dm3" ,r-bsgenome-dmelanogaster-ucsc-dm3)
-       ("r-topgo" ,r-topgo)
+       ("r-cowplot" ,r-cowplot)
+       ("r-data-table" ,r-data-table)
+       ("r-dbi" ,r-dbi)
        ("r-dt" ,r-dt)
+       ("r-genomation" ,r-genomation)
+       ("r-genomicfeatures" ,r-genomicfeatures)
+       ("r-ggplot2" ,r-ggplot2)
+       ("r-ggseqlogo" ,r-ggseqlogo)
+       ("r-knitr" ,r-knitr)
+       ("r-motifrg" ,r-motifrg)
+       ("r-org-hs-eg-db" ,r-org-hs-eg-db)
+       ("r-org-ce-eg-db" ,r-org-ce-eg-db)
+       ("r-org-dm-eg-db" ,r-org-dm-eg-db)
+       ("r-org-mm-eg-db" ,r-org-mm-eg-db)
        ("r-pbapply" ,r-pbapply)
+       ("r-pheatmap" ,r-pheatmap)
        ("r-plotly" ,r-plotly)
        ("r-plotrix" ,r-plotrix)
-       ("r-motifrg" ,r-motifrg)
-       ("r-genomation" ,r-genomation)
-       ("r-genomicfeatures" ,r-genomicfeatures)
+       ("r-proxy" ,r-proxy)
+       ("r-rsqlite" ,r-rsqlite)
        ("r-rtracklayer" ,r-rtracklayer)
-       ("r-rmarkdown" ,r-rmarkdown)))
+       ("r-rmarkdown" ,r-rmarkdown)
+       ("r-s4vectors" ,r-s4vectors)
+       ("r-topgo" ,r-topgo)))
     (synopsis "RNA-centric annotation system")
     (description
      "RCAS aims to be a standalone RNA-centric annotation system that provides
@@ -8576,7 +8585,7 @@ library implementing most of the pipeline's features.")
 (define-public rcas-web
   (package
     (name "rcas-web")
-    (version "0.0.4")
+    (version "0.0.5")
     (source
      (origin
        (method url-fetch)
@@ -8585,7 +8594,7 @@ library implementing most of the pipeline's features.")
                            "/rcas-web-" version ".tar.gz"))
        (sha256
         (base32
-         "1p16frfys41a8yaa4gkm457nzkqhqs2pc3lkac0ds457w9w5j1gm"))))
+         "0igz7jpcf7cm9800zcag6p3gd1i649figrhbdba6cjkm8f4gfspr"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -9696,13 +9705,13 @@ and irregular enzymatic cleavages, mass measurement accuracy, etc.")
 (define-public r-seurat
   (package
     (name "r-seurat")
-    (version "2.3.1")
+    (version "2.3.2")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "Seurat" version))
               (sha256
                (base32
-                "0hi59rgdrr2iqfvx5bq7yq02hbjxkjl1fzidqj14z0ypq0nzbjys"))
+                "1sjpy5rrpvlpm6hs7qy7qpglgbp7zrgfybcsalpmjb51rhxhgcg1"))
               ;; Delete pre-built jar.
               (snippet
                '(begin (delete-file "inst/java/ModularityOptimizer.jar")
@@ -9746,6 +9755,7 @@ Main-Class: ModularityOptimizer\n")))
        ("r-ggplot2" ,r-ggplot2)
        ("r-ggridges" ,r-ggridges)
        ("r-gplots" ,r-gplots)
+       ("r-hdf5r" ,r-hdf5r)
        ("r-hmisc" ,r-hmisc)
        ("r-ica" ,r-ica)
        ("r-igraph" ,r-igraph)
@@ -10060,14 +10070,14 @@ provide added flexibility for data combination and manipulation.")
 (define-public r-complexheatmap
   (package
     (name "r-complexheatmap")
-    (version "1.18.0")
+    (version "1.18.1")
     (source
      (origin
        (method url-fetch)
        (uri (bioconductor-uri "ComplexHeatmap" version))
        (sha256
         (base32
-         "0z57mrginzd40niy51dvnyqgbrij05ji0dbwqs3x2as80sq28i3q"))))
+         "0qjwz1hzpjnc90jiinjkikfnr0shi72q3zfdjjz7pxydy0mglq8n"))))
     (properties
      `((upstream-name . "ComplexHeatmap")))
     (build-system r-build-system)
@@ -11439,7 +11449,7 @@ applications for tackling some common problems in a user-friendly way.")
        ("python2-numpy" ,python2-numpy)
        ("python2-matplotlib" ,python2-matplotlib)
        ("python2-pysam" ,python2-pysam)))
-    (home-page "http://3dgenomes.github.io/TADbit/")
+    (home-page "https://3dgenomes.github.io/TADbit/")
     (synopsis "Analyze, model, and explore 3C-based data")
     (description
      "TADbit is a complete Python library to deal with all steps to analyze,
@@ -12715,7 +12725,7 @@ contains
        #:phases
        (modify-phases %standard-phases
          ;; FIXME: fails with "java.io.FileNotFoundException:
-         ;; /gnu/store/q76y0ximcziplgfpbn26kbw4h3s14f33-dropseq-tools-1.13/share/java/lib/biojava-alignment.jar"
+         ;; /gnu/store/…-dropseq-tools-1.13/share/java/lib/biojava-alignment.jar"
          (delete 'generate-jar-indices)
          ;; All dependencies must be linked to "lib", because that's where
          ;; they will be searched for when the Class-Path property of the
@@ -12896,7 +12906,7 @@ expression report comparing samples in an easily configurable manner.")
 (define-public pigx-chipseq
   (package
     (name "pigx-chipseq")
-    (version "0.0.15")
+    (version "0.0.17")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/BIMSBbioinfo/pigx_chipseq/"
@@ -12904,20 +12914,10 @@ expression report comparing samples in an easily configurable manner.")
                                   "/pigx_chipseq-" version ".tar.gz"))
               (sha256
                (base32
-                "11v9v3vyda0sv4cl45nki7mm4v4bjfcdq7a70kcvi9h465nq66wg"))))
+                "1c0x5lswvc8v9fw4iynl5rcfs7h7clzp4hqdnl65ia7rk35n4zg9"))))
     (build-system gnu-build-system)
-    (arguments
-     `(#:tests? #f ; parts of the tests rely on access to the network
-       #:phases
-       (modify-phases %standard-phases
-         (add-after 'install 'wrap-executable
-           ;; Make sure the executable finds all R modules.
-           (lambda* (#:key inputs outputs #:allow-other-keys)
-             (let ((out (assoc-ref outputs "out")))
-               (wrap-program (string-append out "/bin/pigx-chipseq")
-                 `("R_LIBS_SITE" ":" = (,(getenv "R_LIBS_SITE")))
-                 `("PYTHONPATH"  ":" = (,(getenv "PYTHONPATH")))))
-             #t)))))
+    ;; parts of the tests rely on access to the network
+    (arguments '(#:tests? #f))
     (inputs
      `(("grep" ,grep)
        ("coreutils" ,coreutils)
@@ -12976,7 +12976,7 @@ in an easily configurable manner.")
 (define-public pigx-bsseq
   (package
     (name "pigx-bsseq")
-    (version "0.0.8")
+    (version "0.0.9")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/BIMSBbioinfo/pigx_bsseq/"
@@ -12984,7 +12984,7 @@ in an easily configurable manner.")
                                   "/pigx_bsseq-" version ".tar.gz"))
               (sha256
                (base32
-                "0irlnlhhw9fd4ha7hksrxn3y7j76mz5qq1wjswbs9p364laqg69y"))))
+                "0j1dfjk8m1p1h6d5yw63scjlbx56z8gixmbw626w1vcyblg0frmz"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -13043,7 +13043,7 @@ methylation and segmentation.")
 (define-public pigx-scrnaseq
   (package
     (name "pigx-scrnaseq")
-    (version "0.0.4")
+    (version "0.0.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/BIMSBbioinfo/pigx_scrnaseq/"
@@ -13051,7 +13051,7 @@ methylation and segmentation.")
                                   "/pigx_scrnaseq-" version ".tar.gz"))
               (sha256
                (base32
-                "1pvjm6f3mascprs65vflggwwg5v925knvgal7k7a6nnlmw5qndrf"))))
+                "0a73rilv0vnw42d5rsdq205h4f0x8j3jqv998janh4s324c6w2kj"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
@@ -13079,6 +13079,7 @@ methylation and segmentation.")
        ("python-wrapper" ,python-wrapper)
        ("python-pyyaml" ,python-pyyaml)
        ("python-pandas" ,python-pandas)
+       ("python-magic" ,python-magic)
        ("python-numpy" ,python-numpy)
        ("python-loompy" ,python-loompy)
        ("ghc-pandoc" ,ghc-pandoc-1)
@@ -13236,3 +13237,62 @@ rate speciation and extinction.")
 junctions in RNA-seq data.  It is annotation-agnostic and offset-aware.  This
 version does count multisplits.")
       (license license:gpl3+))))
+
+(define-public minimap2
+  (package
+    (name "minimap2")
+    (version "2.10")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/lh3/minimap2/"
+                           "releases/download/v" version "/"
+                           "minimap2-" version ".tar.bz2"))
+       (sha256
+        (base32
+         "080w9066irkbhbyr4nmf19pzkdd2s4v31hpzlajgq2y0drr6zcsj"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f                      ; there are none
+       #:make-flags
+       (list "CC=gcc"
+             (let ((system ,(or (%current-target-system)
+                                (%current-system))))
+               (cond
+                ((string-prefix? "x86_64" system)
+                 "all")
+                ((or (string-prefix? "armhf" system)
+                     (string-prefix? "aarch64" system))
+                 "arm_neon=1")
+                (_ "sse2only=1"))))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin"))
+                    (man (string-append out "/share/man/man1")))
+               (install-file "minimap2" bin)
+               (mkdir-p man)
+               (install-file "minimap2.1" man))
+             #t)))))
+    (inputs
+     `(("zlib" ,zlib)))
+    (home-page "https://lh3.github.io/minimap2/")
+    (synopsis "Pairwise aligner for genomic and spliced nucleotide sequences")
+    (description "Minimap2 is a versatile sequence alignment program that
+aligns DNA or mRNA sequences against a large reference database.  Typical use
+cases include:
+
+@enumerate
+@item mapping PacBio or Oxford Nanopore genomic reads to the human genome;
+@item finding overlaps between long reads with error rate up to ~15%;
+@item splice-aware alignment of PacBio Iso-Seq or Nanopore cDNA or Direct RNA
+  reads against a reference genome;
+@item aligning Illumina single- or paired-end reads;
+@item assembly-to-assembly alignment;
+@item full-genome alignment between two closely related species with
+  divergence below ~15%.
+@end enumerate\n")
+    (license license:expat)))
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
index a86c73731e..6e4e021180 100644
--- a/gnu/packages/bootloaders.scm
+++ b/gnu/packages/bootloaders.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2018 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
@@ -61,7 +61,8 @@
   #:use-module (guix packages)
   #:use-module (guix utils)
   #:use-module (srfi srfi-1)
-  #:use-module (srfi srfi-26))
+  #:use-module (srfi srfi-26)
+  #:use-module (ice-9 regex))
 
 (define unifont
   ;; GNU Unifont, <http://gnu.org/s/unifont>.
@@ -144,6 +145,22 @@
        ("texinfo" ,texinfo)
        ("help2man" ,help2man)
 
+       ;; XXX: When building GRUB 2.02 on 32-bit x86, we need a binutils
+       ;; capable of assembling 64-bit instructions.  However, our default
+       ;; binutils on 32-bit x86 is not 64-bit capable.
+       ,@(if (string-match "^i[3456]86-" (%current-system))
+             (let ((binutils (package/inherit
+                              binutils
+                              (name "binutils-i386")
+                              (arguments
+                               (substitute-keyword-arguments (package-arguments binutils)
+                                 ((#:configure-flags flags ''())
+                                  `(cons "--enable-64-bit-bfd" ,flags)))))))
+               `(("ld-wrapper" ,(make-ld-wrapper "ld-wrapper-i386"
+                                                 #:binutils binutils))
+                 ("binutils" ,binutils)))
+             '())
+
        ;; Dependencies for the test suite.  The "real" QEMU is needed here,
        ;; because several targets are used.
        ("parted" ,parted)
@@ -439,7 +456,7 @@ def test_ctrl_c"))
 also initializes the boards (RAM etc).  This package provides its
 board-independent tools.")))
 
-(define (make-u-boot-package board triplet)
+(define-public (make-u-boot-package board triplet)
   "Returns a u-boot package for BOARD cross-compiled for TRIPLET."
   (let ((same-arch? (if (string-prefix? (%current-system)
                                         (gnu-triplet->nix-system triplet))
@@ -483,7 +500,7 @@ board-independent tools.")))
                                                (string-drop-right file-name
                                                                   suffix-len))))
                                    (sort entries string-ci<)))
-                       #f)))))
+                       (error "Invalid boardname ~s." ,board))))))
            (replace 'install
              (lambda* (#:key outputs #:allow-other-keys)
                (let* ((out (assoc-ref outputs "out"))
diff --git a/gnu/packages/busybox.scm b/gnu/packages/busybox.scm
index 6ef7200f9d..4cdea3a294 100644
--- a/gnu/packages/busybox.scm
+++ b/gnu/packages/busybox.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -44,7 +45,7 @@
      '(#:phases
        (modify-phases %standard-phases
          (replace 'configure
-           (lambda _ (zero? (system* "make" "defconfig"))))
+           (lambda _ (invoke "make" "defconfig")))
          (replace 'check
            (lambda _
              (substitute* '("testsuite/du/du-s-works"
@@ -71,18 +72,17 @@
              (delete-file "testsuite/which/which-uses-default-path")
              (rmdir "testsuite/which")
 
-             (zero? (system* "make"
-                             ;; "V=1"
-                             "SKIP_KNOWN_BUGS=1"
-                             "SKIP_INTERNET_TESTS=1"
-                             "check"))))
+             (invoke "make"
+                     ;; "V=1"
+                     "SKIP_KNOWN_BUGS=1"
+                     "SKIP_INTERNET_TESTS=1"
+                     "check")))
          (replace 'install
            (lambda* (#:key outputs #:allow-other-keys)
              (let ((out (assoc-ref outputs "out")))
-               (zero?
-                (system* "make"
-                         (string-append "CONFIG_PREFIX=" out)
-                         "install"))))))))
+               (invoke "make"
+                       (string-append "CONFIG_PREFIX=" out)
+                       "install")))))))
     (native-inputs `(("perl" ,perl) ; needed to generate the man pages (pod2man)
                      ;; The following are needed by the tests.
                      ("inetutils" ,inetutils)
diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm
index 3e959bde92..42b90bc2b2 100644
--- a/gnu/packages/check.scm
+++ b/gnu/packages/check.scm
@@ -293,13 +293,13 @@ format.")
 (define-public cppcheck
   (package
     (name "cppcheck")
-    (version "1.83")
+    (version "1.84")
     (source (origin
       (method url-fetch)
       (uri (string-append "https://github.com/danmar/cppcheck/archive/"
                           version ".tar.gz"))
       (sha256
-       (base32 "15ghxwmyy09cd9mi008k4jn09c441j86qyaa4dz0is7f5dv5cdkx"))
+       (base32 "1ibz07dgs1dpfb8bmjh3qsma37wl5p6s6b4qlv5ccpshj4yjk9ma"))
       (file-name (string-append name "-" version ".tar.gz"))))
     (build-system cmake-build-system)
     (home-page "http://cppcheck.sourceforge.net")
@@ -1902,19 +1902,14 @@ create data based on random numbers and yet remain repeatable.")
 (define-public python-nose-timer
   (package
     (name "python-nose-timer")
-    (version "0.7.0")
+    (version "0.7.2")
     (source
       (origin
         (method url-fetch)
         (uri (pypi-uri "nose-timer" version))
-        (patches
-         (search-patches
-          ;; This patch will not be needed in the next version.
-          ;; It is taken from the master branch.
-          "python-nose-timer-drop-ordereddict.patch"))
         (sha256
           (base32
-            "1s32ymsnby8lz2qk55ifj9zi50dqcg6swnj5cz2rmwxg2jsslsxp"))))
+            "0ywg223p528014z5s0vzck74r4xyw3kvcp2casfnc85dkvir1zj7"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-nose" ,python-nose)
@@ -1930,14 +1925,14 @@ create data based on random numbers and yet remain repeatable.")
 (define-public python-freezegun
   (package
     (name "python-freezegun")
-    (version "0.3.9")
+    (version "0.3.10")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "freezegun" version))
        (sha256
         (base32
-         "1vhf3kgdy7gpy70n3bxa3y1n6aza316137md97z8p5k0gz6wqg3q"))))
+         "08m6b42yxb9hk5lv747v9n2qsxyadmkb0k6yg0gxdanwap0slg3h"))))
     (build-system python-build-system)
     (native-inputs
      `(("python-mock" ,python-mock)
@@ -1953,7 +1948,7 @@ create data based on random numbers and yet remain repeatable.")
          ;; package does not include the Makefile.
          (replace 'check
            (lambda _
-             (zero? (system* "nosetests" "./tests/")))))))
+             (invoke "nosetests" "./tests/"))))))
     (home-page "https://github.com/spulec/freezegun")
     (synopsis "Test utility for mocking the datetime module")
     (description
diff --git a/gnu/packages/cluster.scm b/gnu/packages/cluster.scm
new file mode 100644
index 0000000000..faaaa2419a
--- /dev/null
+++ b/gnu/packages/cluster.scm
@@ -0,0 +1,81 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2018 Sou Bunnbu <iyzsong@member.fsf.org>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages cluster)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix build-system gnu)
+  #:use-module (guix download)
+  #:use-module (guix packages)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages texinfo)
+  #:use-module (gnu packages tls))
+
+(define-public keepalived
+  (package
+    (name "keepalived")
+    (version "2.0.4")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "http://www.keepalived.org/software/keepalived-"
+                    version ".tar.gz"))
+              (sha256
+               (base32
+                "0qf46bfxv4w7qx7d73qq26pp72cvbyfjvna3hxn208vynvapalh0"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'build 'build-info
+           (lambda _
+             (invoke "make" "-C" "doc" "texinfo")
+             ;; Put images in a subdirectory as recommended by 'texinfo'.
+             (install-file "doc/build/texinfo/software_design.png"
+                           "doc/build/texinfo/keepalived-figures")
+             (substitute* "doc/build/texinfo/keepalived.texi"
+               (("@image\\{software_design,")
+                "@image{keepalived-figures/software_design,"))
+             (invoke "make" "-C" "doc/build/texinfo")))
+         (add-after 'install 'install-info
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (infodir (string-append out "/share/info")))
+               (install-file "doc/build/texinfo/keepalived.info" infodir)
+               (install-file "doc/build/texinfo/software_design.png"
+                             (string-append infodir "/keepalived-figures"))
+               #t))))))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("python-sphinx" ,python-sphinx)
+       ("texinfo" ,texinfo)))
+    (inputs
+     `(("openssl" ,openssl)
+       ("libnfnetlink" ,libnfnetlink)
+       ("libnl" ,libnl)))
+    (home-page "http://www.keepalived.org/")
+    (synopsis "Load balancing and high-availability frameworks")
+    (description
+     "Keepalived provides frameworks for both load balancing and high
+availability.  The load balancing framework relies on the Linux Virtual
+Server (@dfn{IPVS}) kernel module.  High availability is achieved by the Virtual
+Redundancy Routing Protocol (@dfn{VRRP}).  Each Keepalived framework can be used
+independently or together to provide resilient infrastructures.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index a8c85fdb5e..dea2f09022 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2015, 2018 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017, 2018 Clément Lassieur <clement@lassieur.org>
@@ -581,7 +581,7 @@ Objective@tie{}C, D, Java, Pawn, and Vala).  Features:
 (define-public astyle
   (package
     (name "astyle")
-    (version "2.05")
+    (version "3.1")
     (source
      (origin
        (method url-fetch)
@@ -589,7 +589,7 @@ Objective@tie{}C, D, Java, Pawn, and Vala).  Features:
                            version "/astyle_"  version "_linux.tar.gz"))
        (sha256
         (base32
-         "0f9sh9kq5ajp1yz133h00fr9235p1m698x7n3h7zbrhjiwgynd6s"))))
+         "1ms54wcs7hg1bsywqwf2lhdfizgbk7qxc9ghasxk8i99jvwlrk6b"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f                      ;no tests
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 1c27beb134..d9d15a710d 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -604,39 +604,40 @@ with the sfArk algorithm.")
     (license license:gpl3+)))
 
 (define-public sfarkxtc
- (let ((commit "b5e0a2ba3921f019d74d4b92bd31c36dd19d2cf1"))
-  (package
-    (name "sfarkxtc")
-    (version (string-take commit 10))
-    (source (origin
-              ;; There are no release tarballs, so we just fetch the latest
-              ;; commit at this time.
-              (method git-fetch)
-              (uri (git-reference
-                    (url "https://github.com/raboof/sfarkxtc.git")
-                    (commit commit)))
-              (file-name (git-file-name name version))
-              (sha256
-               (base32
-                "0f5x6i46qfl6ry21s7g2p4sd4b2r1g4fb03yqi2vv4kq3saryhvj"))))
-    (build-system gnu-build-system)
-    (arguments
-     `(#:tests? #f ;no "check" target
-       #:phases
-       (modify-phases %standard-phases
-         (replace 'configure
-                  (lambda* (#:key outputs #:allow-other-keys)
-                    (substitute* "Makefile"
-                      (("/usr/local") (assoc-ref outputs "out")))
-                    #t)))))
-    (inputs
-     `(("zlib" ,zlib)
-       ("sfarklib" ,sfarklib)))
-    (home-page "https://github.com/raboof/sfarkxtc")
-    (synopsis "Basic sfArk decompressor")
-    (description "SfArk extractor converts SoundFonts in the compressed legacy
+  (let ((commit "13cd6f93725a90d91ec5ea75babf1dbd694ac463")
+        (revision "1"))
+    (package
+      (name "sfarkxtc")
+      (version (git-version "0" revision commit))
+      (source (origin
+                ;; There are no release tarballs, so we just fetch the latest
+                ;; commit at this time.
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/raboof/sfarkxtc.git")
+                      (commit commit)))
+                (file-name (git-file-name name version))
+                (sha256
+                 (base32
+                  "1mb1jyk1m11l1gppd9hmql9cyp55sdf7jk5rbc7acky1z4k4mv19"))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:tests? #f                    ;no "check" target
+         #:phases
+         (modify-phases %standard-phases
+           (replace 'configure
+             (lambda* (#:key outputs #:allow-other-keys)
+               (substitute* "Makefile"
+                 (("/usr/local") (assoc-ref outputs "out")))
+               #t)))))
+      (inputs
+       `(("zlib" ,zlib)
+         ("sfarklib" ,sfarklib)))
+      (home-page "https://github.com/raboof/sfarkxtc")
+      (synopsis "Basic sfArk decompressor")
+      (description "SfArk extractor converts SoundFonts in the compressed legacy
 sfArk file format to the uncompressed sf2 format.")
-    (license license:gpl3+))))
+      (license license:gpl3+))))
 
 (define-public libmspack
   (package
@@ -2111,7 +2112,7 @@ single-member files which can't be decompressed in parallel.")
 (define-public innoextract
   (package
    (name "innoextract")
-   (version "1.6")
+   (version "1.7")
    (source
     (origin
      (method url-fetch)
@@ -2119,7 +2120,7 @@ single-member files which can't be decompressed in parallel.")
                          version ".tar.gz"))
      (sha256
       (base32
-       "08sp5vbfjvq1irhhraqkn5m2x1z209r4axhx7laf1adcw30ccapi"))
+       "0khwi9f0q0h6xfbixrrc1rfpgj0b7ajwilq7yhmxnn5lpc807f6x"))
      (file-name (string-append name "-" version ".tar.gz"))))
    (build-system cmake-build-system)
    (arguments
@@ -2209,7 +2210,8 @@ decompression is a little bit slower.")
                                  version "/" name "-" version "-src.tar.xz"))
              (sha256
               (base32
-               "08anybdliqsbsl6x835iwzljahnm9i7v26icdjkcv33xmk6p5vw1"))))
+               "08anybdliqsbsl6x835iwzljahnm9i7v26icdjkcv33xmk6p5vw1"))
+             (patches (search-patches "upx-fix-CVE-2017-15056.patch"))))
     (build-system gnu-build-system)
     (native-inputs `(("perl" ,perl)
                      ("ucl" ,ucl)))
@@ -2241,6 +2243,11 @@ decompression is a little bit slower.")
              #t))
          )))
     (home-page "https://upx.github.io/")
+    ;; CVE-2017-16869 is about Mach-O files which is not of a big concern for Guix.
+    ;; See https://github.com/upx/upx/issues/146 and
+    ;; https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-16869.
+    ;; The issue will be fixed after version 3.94.
+    (properties `((lint-hidden-cve . ("CVE-2017-16869"))))
     (synopsis "Compression tool for executables")
     (description
      "The Ultimate Packer for eXecutables (UPX) is an executable file
diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm
index 10cdd1b307..eeaeefd81f 100644
--- a/gnu/packages/cran.scm
+++ b/gnu/packages/cran.scm
@@ -30,6 +30,7 @@
   #:use-module (guix download)
   #:use-module (guix utils)
   #:use-module (guix build-system r)
+  #:use-module (gnu packages compression)
   #:use-module (gnu packages gcc)
   #:use-module (gnu packages machine-learning)
   #:use-module (gnu packages maths)
@@ -245,15 +246,17 @@ into a pipeline of data manipulation and visualisation.")
 (define-public r-haven
   (package
     (name "r-haven")
-    (version "1.1.1")
+    (version "1.1.2")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "haven" version))
        (sha256
         (base32
-         "1fkcvsrnw8waqwggv0aydbvbi99x5kp9g78xfxj4w6s3xvdzcysz"))))
+         "0pp8xjf5lzqg1wr8cwxj4njx99vxwlflwjrd7jvyzwlfpwh7n1qa"))))
     (build-system r-build-system)
+    (inputs
+     `(("zlib" ,zlib)))
     (propagated-inputs
      `(("r-forcats" ,r-forcats)
        ("r-hms" ,r-hms)
@@ -423,6 +426,41 @@ the plog header-only C++ logging library, and a method to log to R's standard
 error stream.")
     (license license:expat)))
 
+(define-public r-pls
+  (package
+    (name "r-pls")
+    (version "2.6-0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "pls" version))
+       (sha256
+        (base32
+         "15j59p5x0rkdrk7iqzkipsy50rsyjl31w8zxc4w3v1j5gzxhi1rx"))))
+    (build-system r-build-system)
+    (home-page "http://mevik.net/work/software/pls.html")
+    (synopsis "Partial Least Squares and Principal Component Regression")
+    (description
+     "The pls package implements multivariate regression methods: Partial Least
+Squares Regression (@dfn{PLSR}), Principal Component Regression (@dfn{PCR}), and
+Canonical Powered Partial Least Squares (@dfn{CPPLS}).  It supports:
+
+@itemize
+@item several algorithms: the traditional orthogonal scores (@dfn{NIPALS}) PLS
+algorithm, kernel PLS, wide kernel PLS, Simpls, and PCR through @code{svd}
+@item multi-response models (or @dfn{PLS2})
+@item flexible cross-validation
+@item Jackknife variance estimates of regression coefficients
+@item extensive and flexible plots: scores, loadings, predictions, coefficients,
+(R)MSEP, R², and correlation loadings
+@item formula interface, modelled after @code{lm()}, with methods for predict,
+print, summary, plot, update, etc.
+@item extraction functions for coefficients, scores, and loadings
+@item MSEP, RMSEP, and R² estimates
+@item multiplicative scatter correction (@dfn{MSC})
+@end itemize\n")
+    (license license:gpl2)))
+
 (define-public r-rcpp
   (package
     (name "r-rcpp")
@@ -556,14 +594,14 @@ ellipses, circles, cylinders, arrows, ...")
 (define-public r-globaloptions
   (package
     (name "r-globaloptions")
-    (version "0.0.13")
+    (version "0.1.0")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "GlobalOptions" version))
        (sha256
         (base32
-         "04jvha0mafslqz5nr99xjylg9n2x31gj9v4mgyg7qcmfwpqyw3ch"))))
+         "1wlyqz1yhmhjwslrd7q69jbd9vsbjkjfc01g60kl3cdpyr8hlyjn"))))
     (properties `((upstream-name . "GlobalOptions")))
     (build-system r-build-system)
     (home-page "https://github.com/jokergoo/GlobalOptions")
@@ -576,14 +614,14 @@ validation and filtering on the values, making options invisible or private.")
 (define-public r-circlize
   (package
     (name "r-circlize")
-    (version "0.4.3")
+    (version "0.4.4")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "circlize" version))
        (sha256
         (base32
-         "0pg947gkryygikfbv6admx8gsg02b6g219j6a1sdnqij2908yxna"))))
+         "1l28maiqi549z191srncxgabx5fnvf0lld7smzwfd3vr5cx8nqww"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-colorspace" ,r-colorspace)
@@ -681,14 +719,14 @@ compare different dendrograms to one another.")
 (define-public r-getoptlong
   (package
     (name "r-getoptlong")
-    (version "0.1.6")
+    (version "0.1.7")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "GetoptLong" version))
        (sha256
         (base32
-         "1d98gcvlvp9nz5lbnzr0kkpc2hbkx74hlhrnybqhg1gdwc3g09pm"))))
+         "1fl3w2n602ldybc5qj7qw4xmzzb804bsjkqwf6dswzj0vf0qiadr"))))
     (properties `((upstream-name . "GetoptLong")))
     (build-system r-build-system)
     (inputs
@@ -818,17 +856,19 @@ quantities.")
 (define-public r-progress
   (package
     (name "r-progress")
-    (version "1.1.2")
+    (version "1.2.0")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "progress" version))
        (sha256
         (base32
-         "1fxakchfjr5vj59s9sxynd7crpz97xj42438rmkhkf3rjpyspx59"))))
+         "1rhwm0bdw30z3rvl0bn56xprjl3zrdy7150w4gl4bkvn2d6h9fav"))))
     (build-system r-build-system)
     (propagated-inputs
-     `(("r-prettyunits" ,r-prettyunits)
+     `(("r-crayon" ,r-crayon)
+       ("r-hms" ,r-hms)
+       ("r-prettyunits" ,r-prettyunits)
        ("r-r6" ,r-r6)))
     (home-page "https://github.com/gaborcsardi/progress")
     (synopsis "Terminal progress bars")
@@ -896,14 +936,14 @@ most popular ones.")
 (define-public r-sp
   (package
     (name "r-sp")
-    (version "1.2-7")
+    (version "1.3-1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "sp" version))
        (sha256
         (base32
-         "0q04yfgyjannsrzl0ppwcv0simrxrrbx2iz5mzaafc5x38zf0q3d"))))
+         "17xm1ig80p9wc860hm3bgishz6lj9fxgwqidj7rkbk4ap99qp62p"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-lattice" ,r-lattice)))
@@ -1009,14 +1049,14 @@ SpatialVx.")
 (define-public r-extremes
   (package
     (name "r-extremes")
-    (version "2.0-8")
+    (version "2.0-9")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "extRemes" version))
        (sha256
         (base32
-         "0pnpib3g2r9x8hfqhvq23j8m3jh62lp28ipnqir5yadnzv850gfm"))))
+         "0cpvcajk9xyy7662nqkyx333vrxpwsc5nmv0bfnhsbgijz5y0hvm"))))
     (properties `((upstream-name . "extRemes")))
     (build-system r-build-system)
     (propagated-inputs
@@ -1539,14 +1579,14 @@ Delaunay triangulation and convex hull computation.")
 (define-public r-ddalpha
   (package
     (name "r-ddalpha")
-    (version "1.3.3")
+    (version "1.3.4")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "ddalpha" version))
        (sha256
         (base32
-         "0g4iqhrz2gym05q40ih6srilyajw2l2mv46pchn65bc7hw4vkgrk"))))
+         "16cn0bhbaz9l9k4y79sv2d4f7pvs7dyka273y89igs5jvr99kfj1"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-bh" ,r-bh)
@@ -1595,14 +1635,14 @@ Core algorithms are executed in parallel on systems supporting OpenMP.")
 (define-public r-rcpproll
   (package
     (name "r-rcpproll")
-    (version "0.2.2")
+    (version "0.3.0")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "RcppRoll" version))
        (sha256
         (base32
-         "19xzvxym8zbighndygkq4imfwc0abh4hqyq3qrr8aakyd096iisi"))))
+         "0srzfhzkk42kzrdjnhbb37946jp1p688rgysy6k3i2is8jb21zyb"))))
     (properties `((upstream-name . "RcppRoll")))
     (build-system r-build-system)
     (propagated-inputs
@@ -1713,14 +1753,14 @@ provides a one-row summary of model-level statistics.")
 (define-public r-recipes
   (package
     (name "r-recipes")
-    (version "0.1.2")
+    (version "0.1.3")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "recipes" version))
        (sha256
         (base32
-         "1car3a3mqn87pz049cbgkaayz86970mvkapk6al2k7jjw76306l9"))))
+         "1vqh3pxs4n1azhnd1lzg91vasya6g323kllhbrw177j7kdxqyimy"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-broom" ,r-broom)
@@ -1732,6 +1772,7 @@ provides a one-row summary of model-level statistics.")
        ("r-lubridate" ,r-lubridate)
        ("r-magrittr" ,r-magrittr)
        ("r-matrix" ,r-matrix)
+       ("r-pls" ,r-pls)
        ("r-purrr" ,r-purrr)
        ("r-rcpproll" ,r-rcpproll)
        ("r-rlang" ,r-rlang)
@@ -1822,14 +1863,14 @@ color labels, layout, etc.")
 (define-public r-stringdist
   (package
     (name "r-stringdist")
-    (version "0.9.4.7")
+    (version "0.9.5.1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "stringdist" version))
        (sha256
         (base32
-         "1qg80wmcrpkba9njvgjdg15bgw7ddks40kkfh5x61as9lhchy4i4"))))
+         "0gap1g9xwhp0zxqsznkc2carpvi80z03prr4q8m528684lznx2xa"))))
     (build-system r-build-system)
     (home-page "https://github.com/markvanderloo/stringdist")
     (synopsis "Approximate string matching and string distance functions")
@@ -1917,14 +1958,14 @@ analysis of multiply imputed data sets.")
 (define-public r-mice
   (package
     (name "r-mice")
-    (version "3.0.0")
+    (version "3.1.0")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "mice" version))
        (sha256
         (base32
-         "1p8a5ham90iaak4w17114pdnw535r2l9sxr402yrkc4gbwfbpdlq"))))
+         "0xpn215yfzib4hw09cwilnyg9zbvq460njavfvm84mvgwbm25byi"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-broom" ,r-broom)
@@ -2569,14 +2610,14 @@ iVAT).")
 (define-public r-xfun
   (package
     (name "r-xfun")
-    (version "0.1")
+    (version "0.2")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "xfun" version))
        (sha256
         (base32
-         "1sm51gmwgw876d6d1q8smxmfgfh6zsnykfx8qp8z6jmh0fvd89pj"))))
+         "0zl22fcw90kdvzkjyf6vbmdmn9rz3bl51522fasvmykypffyng4a"))))
     (build-system r-build-system)
     (home-page "https://github.com/yihui/xfun")
     (synopsis "Miscellaneous functions")
@@ -2718,17 +2759,19 @@ supports arbitrary vertex/edge/graph attributes.")
 (define-public r-statnet-common
   (package
     (name "r-statnet-common")
-    (version "4.0.0")
+    (version "4.1.2")
     (source
       (origin
         (method url-fetch)
         (uri (cran-uri "statnet.common" version))
         (sha256
           (base32
-            "0yw6l5b4qv0jqlg4zyczas7m12a5pyqghs6ydxy2f6v6vxkijvi0"))))
+            "0h3g687214rlycca0fjrpy1lqbqsrginxqhmhl2mb2jinqqxcfgd"))))
     (properties
       `((upstream-name . "statnet.common")))
     (build-system r-build-system)
+    (propagated-inputs
+     `(("r-coda" ,r-coda)))
     (home-page "https://statnet.org")
     (synopsis "R scripts and utilities used by the Statnet software")
     (description "This package provides non-statistical utilities used by the
@@ -2971,14 +3014,14 @@ Cryer and Kung-Sik Chan.")
 (define-public r-extradistr
   (package
     (name "r-extradistr")
-    (version "1.8.8")
+    (version "1.8.9")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "extraDistr" version))
        (sha256
         (base32
-         "0ywn4qwnamv36l1hw27l9y5kh3v6ha5781wsv2bz6szqjgg7kdb3"))))
+         "1fg8vjpal33y51iqzglk1yvy46d7js0l0wfbdy698lq8a06hq19p"))))
     (properties `((upstream-name . "extraDistr")))
     (build-system r-build-system)
     (propagated-inputs
@@ -3041,14 +3084,14 @@ applied econometric analysis.")
 (define-public r-cubature
   (package
     (name "r-cubature")
-    (version "1.3-11")
+    (version "1.4")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "cubature" version))
        (sha256
         (base32
-         "06f6gsvbb732p80r6hxvzh4ik546icxfvx21dyh65ypmw3kgm64k"))))
+         "1hd23b8v2kpqp5gr0va8p2q7j8w9rik6ks7zrr4b8mb2mwrakk74"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-rcpp" ,r-rcpp)))
@@ -3324,14 +3367,14 @@ environment within Shiny.")
 (define-public r-radiant-data
   (package
     (name "r-radiant-data")
-    (version "0.8.1")
+    (version "0.9.5")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "radiant.data" version))
        (sha256
         (base32
-         "1ylina1jlrmvjkj8pwg0ip5jv1038vnzyckmf542xl7g11x8rvw1"))
+         "0mbxfqn79nphii4hb6kxl2wc0w0ra16y378rp2yw9a9926zdb7mb"))
        (modules '((guix build utils)))
        (snippet
         '(begin
@@ -3347,6 +3390,7 @@ environment within Shiny.")
        ("r-curl" ,r-curl)
        ("r-dplyr" ,r-dplyr)
        ("r-dt" ,r-dt)
+       ("r-glue" ,r-glue)
        ("r-ggplot2" ,r-ggplot2)
        ("r-gridextra" ,r-gridextra)
        ("r-import" ,r-import)
@@ -3355,16 +3399,19 @@ environment within Shiny.")
        ("r-lubridate" ,r-lubridate)
        ("r-magrittr" ,r-magrittr)
        ("r-markdown" ,r-markdown)
-       ("r-pryr" ,r-pryr)
+       ("r-plotly" ,r-plotly)
        ("r-psych" ,r-psych)
        ("r-readr" ,r-readr)
+       ("r-readxl" ,r-readxl)
+       ("r-rlang" ,r-rlang)
        ("r-rmarkdown" ,r-rmarkdown)
        ("r-rstudioapi" ,r-rstudioapi)
        ("r-scales" ,r-scales)
        ("r-shiny" ,r-shiny)
        ("r-shinyace" ,r-shinyace)
        ("r-tibble" ,r-tibble)
-       ("r-tidyr" ,r-tidyr)))
+       ("r-tidyr" ,r-tidyr)
+       ("r-writexl" ,r-writexl)))
     (home-page "https://github.com/radiant-rstats/radiant.data")
     (synopsis "Data menu for Radiant: business analytics using R and Shiny")
     (description
@@ -3533,14 +3580,14 @@ extracting and replacing data in arrays.")
 (define-public r-prroc
   (package
     (name "r-prroc")
-    (version "1.3")
+    (version "1.3.1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "PRROC" version))
        (sha256
         (base32
-         "03hvh92lq4i4w4mla9bvwrwb4626f4hvlxgdn57hamp70960vjyc"))))
+         "1m28h8pcd78049lz2qixhkcr9h5b3jik3maqzfbvq9y58z71i4a7"))))
     (properties `((upstream-name . "PRROC")))
     (build-system r-build-system)
     (home-page "https://cran.r-project.org/web/packages/PRROC/")
@@ -3915,14 +3962,14 @@ exchanging spatial objects with other R packages.")
 (define-public r-later
   (package
     (name "r-later")
-    (version "0.7.2")
+    (version "0.7.3")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "later" version))
        (sha256
         (base32
-         "0l5ln7sjyi2rj7bx8iamxykqlfarv05zb9882ikizppb1cr1hgyw"))))
+         "04j2phymxgkk4hv9pfa5w3s98w5d7fvm11blrdhxmray4n618msw"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-bh" ,r-bh)
@@ -4125,14 +4172,14 @@ obtain a better initial configuration in non-metric MDS.")
 (define-public r-reticulate
   (package
     (name "r-reticulate")
-    (version "1.7")
+    (version "1.8")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "reticulate" version))
        (sha256
         (base32
-         "1ghhc4hbmwpp79ilbdbshynhs61i8sv8z6p1al04jy7ij0lcglxy"))))
+         "0zwb4ikf021nw7axdn7qlr6bq4xkph3anfy314idkspy1iil4nmr"))))
     (build-system r-build-system)
     (inputs `(("python" ,python)))
     (propagated-inputs
@@ -4166,3 +4213,291 @@ Python to R they are converted back to R types.")
     (description "This package provides a utility for R to parse a bibtex
 file.")
     (license license:gpl2+)))
+
+(define-public r-ggseqlogo
+  (package
+    (name "r-ggseqlogo")
+    (version "0.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "ggseqlogo" version))
+       (sha256
+        (base32
+         "13q6kcpxrqxqbji889fx63p0nsi08lk5yymkchig75r5k1d18ky1"))))
+    (build-system r-build-system)
+    (propagated-inputs `(("r-ggplot2" ,r-ggplot2)))
+    (home-page "https://github.com/omarwagih/ggseqlogo")
+    (synopsis "ggplot2 extension for drawing genetic sequence logos")
+    (description
+     "The range of functions provided by this package makes it possible to
+draw highly versatile genomic sequence logos.  Features include, but are not
+limited to, modifying colour schemes and fonts used to draw the logo,
+generating multiple logo plots, and aiding the visualisation with annotations.
+Sequence logos can easily be combined with other ggplot2 plots.")
+    ;; Unspecified version of the LGPL.
+    (license license:lgpl3+)))
+
+(define-public r-ggsci
+  (package
+    (name "r-ggsci")
+    (version "2.9")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "ggsci" version))
+       (sha256
+        (base32
+         "0g73x6grbka7ahjh6z23m3wrcifp5rdfdiasbl8lq4sp6rplxwaa"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-ggplot2" ,r-ggplot2)
+       ("r-scales" ,r-scales)))
+    (home-page "https://nanx.me/ggsci/")
+    (synopsis "Scientific journal and sci-fi themed color palettes for ggplot2")
+    (description
+     "This package provides a collection of ggplot2 color palettes inspired by
+plots in scientific journals, data visualization libraries, science fiction
+movies, and TV shows.")
+    (license license:gpl3)))
+
+(define-public r-ggsignif
+  (package
+    (name "r-ggsignif")
+    (version "0.4.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "ggsignif" version))
+       (sha256
+        (base32
+         "1rn58d7pb3axk6chiihryykrzw76adaa2yiafq4d0j6qbhax78f7"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-ggplot2" ,r-ggplot2)))
+    (home-page "https://github.com/const-ae/ggsignif")
+    (synopsis "Significance brackets for ggplot2")
+    (description
+     "Enrich your ggplots with group-wise comparisons.  This package provides
+an easy way to indicate if two groups are significantly different.  Commonly
+this is shown by a bracket on top connecting the groups of interest which
+itself is annotated with the level of significance.  The package provides a
+single layer that takes the groups for comparison and the test as arguments
+and adds the annotation to the plot.")
+    (license license:gpl3)))
+
+(define-public r-ggpubr
+  (package
+    (name "r-ggpubr")
+    (version "0.1.7")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "ggpubr" version))
+       (sha256
+        (base32
+         "110ny8p41kmbz0a5rl0mv9cqpjkx6yr3ybflp1r0fmcvhwv7cr3i"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-cowplot" ,r-cowplot)
+       ("r-dplyr" ,r-dplyr)
+       ("r-ggplot2" ,r-ggplot2)
+       ("r-ggrepel" ,r-ggrepel)
+       ("r-ggsci" ,r-ggsci)
+       ("r-ggsignif" ,r-ggsignif)
+       ("r-gridextra" ,r-gridextra)
+       ("r-magrittr" ,r-magrittr)
+       ("r-purrr" ,r-purrr)
+       ("r-scales" ,r-scales)
+       ("r-tidyr" ,r-tidyr)))
+    (home-page "http://www.sthda.com/english/rpkgs/ggpubr")
+    (synopsis "ggplot2-based publication-ready plots")
+    (description
+     "The ggplot2 package is an excellent and flexible package for elegant
+data visualization in R.  However the default generated plots require some
+formatting before we can send them for publication.  The ggpubr package
+provides some easy-to-use functions for creating and customizing ggplot2-based
+publication-ready plots.")
+    (license license:gpl2)))
+
+(define-public r-ellipse
+  (package
+    (name "r-ellipse")
+    (version "0.4.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "ellipse" version))
+       (sha256
+        (base32
+         "0g82vc51m3c1k0hnpp2zla6amxxgk2mmkl8ssnsc49jv3599r6hs"))))
+    (build-system r-build-system)
+    (home-page "https://cran.r-project.org/web/packages/ellipse/")
+    (synopsis "Functions for drawing ellipses and ellipse-like confidence regions")
+    (description
+     "This package contains various routines for drawing ellipses and
+ellipse-like confidence regions, implementing the plots described in Murdoch
+and Chow (1996), A graphical display of large correlation matrices, The
+American Statistician 50, 178-180.  There are also routines implementing the
+profile plots described in Bates and Watts (1988), Nonlinear Regression
+Analysis and its Applications.")
+    (license license:gpl2+)))
+
+(define-public r-flashclust
+  (package
+    (name "r-flashclust")
+    (version "1.01-2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "flashClust" version))
+       (sha256
+        (base32
+         "0l4lpz451ll7f7lfxmb7ds24ppzhfg1c3ypvydglcc35p2dq99s8"))))
+    (properties `((upstream-name . "flashClust")))
+    (build-system r-build-system)
+    (native-inputs `(("gfortran" ,gfortran)))
+    (home-page "https://cran.r-project.org/web/packages/flashClust/")
+    (synopsis "Implementation of optimal hierarchical clustering")
+    (description
+     "This package provides a fast implementation of hierarchical
+clustering.")
+    (license license:gpl2+)))
+
+(define-public r-factominer
+  (package
+    (name "r-factominer")
+    (version "1.41")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "FactoMineR" version))
+       (sha256
+        (base32
+         "1h20hydav6l2b7bngqw1av4l5rrh0wk58nhailga1f4qw9lrv259"))))
+    (properties `((upstream-name . "FactoMineR")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-car" ,r-car)
+       ("r-cluster" ,r-cluster)
+       ("r-ellipse" ,r-ellipse)
+       ("r-flashclust" ,r-flashclust)
+       ("r-lattice" ,r-lattice)
+       ("r-leaps" ,r-leaps)
+       ("r-mass" ,r-mass)
+       ("r-scatterplot3d" ,r-scatterplot3d)))
+    (home-page "http://factominer.free.fr")
+    (synopsis "Multivariate exploratory data analysis and data mining")
+    (description
+     "This package provides exploratory data analysis methods to summarize,
+visualize and describe datasets.  The main principal component methods are
+available, those with the largest potential in terms of applications:
+principal component analysis (PCA) when variables are quantitative,
+correspondence analysis (CA) and multiple correspondence analysis (MCA) when
+variables are categorical, Multiple Factor Analysis when variables are
+structured in groups, etc. and hierarchical cluster analysis.")
+    (license license:gpl2+)))
+
+(define-public r-factoextra
+  (package
+    (name "r-factoextra")
+    (version "1.0.5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "factoextra" version))
+       (sha256
+        (base32
+         "1l6m8k7qhdw8ndar8nhmym0lfyd1i2iszl1cicjax0vq23ss6xw1"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-abind" ,r-abind)
+       ("r-cluster" ,r-cluster)
+       ("r-dendextend" ,r-dendextend)
+       ("r-factominer" ,r-factominer)
+       ("r-ggplot2" ,r-ggplot2)
+       ("r-ggpubr" ,r-ggpubr)
+       ("r-ggrepel" ,r-ggrepel)
+       ("r-reshape2" ,r-reshape2)
+       ("r-tidyr" ,r-tidyr)))
+    (home-page "http://www.sthda.com/english/rpkgs/factoextra")
+    (synopsis "Extract and visualize the results of multivariate data analyses")
+    (description
+     "This package provides some easy-to-use functions to extract and
+visualize the output of multivariate data analyses, including
+@code{PCA} (Principal Component Analysis), @code{CA} (Correspondence
+Analysis), @code{MCA} (Multiple Correspondence Analysis), @code{FAMD} (Factor
+Analysis of Mixed Data), @code{MFA} (Multiple Factor Analysis) and
+@code{HMFA} (Hierarchical Multiple Factor Analysis) functions from different R
+packages.  It contains also functions for simplifying some clustering analysis
+steps and provides ggplot2-based elegant data visualization.")
+    (license license:gpl2)))
+
+(define-public r-nbclust
+  (package
+    (name "r-nbclust")
+    (version "3.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "NbClust" version))
+       (sha256
+        (base32
+         "1vwb48zy6ln1ddpqmfngii1i80n8qmqyxnzdp6gbaq96lakl3w3c"))))
+    (properties `((upstream-name . "NbClust")))
+    (build-system r-build-system)
+    (home-page "https://sites.google.com/site/malikacharrad/research/nbclust-package")
+    (synopsis "Determine the best number of clusters in a data set")
+    (description
+     "NbClust provides 30 indexes for determining the optimal number of
+clusters in a data set and offers the best clustering scheme from different
+results to the user.")
+    (license license:gpl2)))
+
+(define-public r-hdf5r
+  (package
+    (name "r-hdf5r")
+    (version "1.0.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "hdf5r" version))
+       (sha256
+        (base32
+         "1s6p4cj909kc635fh5xpl87bqlcdj3dn3r1wk5g40abimk2b0pva"))))
+    (build-system r-build-system)
+    (inputs
+     `(("hdf5" ,hdf5)
+       ("zlib" ,zlib)))
+    (propagated-inputs
+     `(("r-bit64" ,r-bit64)
+       ("r-r6" ,r-r6)))
+    (home-page "https://hhoeflin.github.io/hdf5r")
+    (synopsis "Interface to the HDF5 binary data format")
+    (description
+     "HDF5 is a data model, library and file format for storing and managing
+large amounts of data.  This package provides a nearly feature complete,
+object oriented wrapper for the HDF5 API using R6 classes.  Additionally,
+functionality is added so that HDF5 objects behave very similar to their
+corresponding R counterparts.")
+    (license license:asl2.0)))
+
+(define-public r-writexl
+  (package
+    (name "r-writexl")
+    (version "1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "writexl" version))
+       (sha256
+        (base32
+         "0r2v12dc4zqmr1agp6vbw0fc48i278018684x84psjjqfmnv14cf"))))
+    (build-system r-build-system)
+    (inputs `(("zlib" ,zlib)))
+    (home-page "https://github.com/ropensci/writexl")
+    (synopsis "Export data frames to xlsx format")
+    (description
+     "This package provides a data frame to xlsx exporter based on
+libxlsxwriter.")
+    (license license:bsd-2)))
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index 929fbb5bc2..338db04f53 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -32,6 +32,7 @@
   #:use-module (gnu packages attr)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages boost)
+  #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages cryptsetup)
   #:use-module (gnu packages databases)
@@ -217,7 +218,7 @@ communication.")
 (define-public encfs
   (package
     (name "encfs")
-    (version "1.9.1")
+    (version "1.9.5")
     (source
      (origin
        (method url-fetch)
@@ -226,13 +227,13 @@ communication.")
                        version "/encfs-" version ".tar.gz"))
        (sha256
         (base32
-         "1906254dg5hwljh0h4gyrw09ms3b57dlhjfzhfzffv50yzpkl837"))
+         "0qzxavvv20577bxvly8s7d3y7bqasqclc2mllp0ddfncjm9z02a7"))
        (modules '((guix build utils)))
        ;; Remove bundled dependencies in favour of proper inputs.
        (snippet '(begin
                    (for-each delete-file-recursively
-                             (find-files "internal" "^tinyxml2-[0-9]"
-                                         #:directories? #t))
+                             '("vendor/github.com/leethomason/tinyxml2"
+                               "vendor/github.com/google/googletest"))
                    #t))))
     (build-system cmake-build-system)
     (native-inputs
@@ -240,6 +241,7 @@ communication.")
 
        ;; Test dependencies.
        ("expect" ,expect)
+       ("googletest-source" ,(package-source googletest))
        ("perl" ,perl)))
     (inputs
      `(("attr" ,attr)
@@ -247,7 +249,18 @@ communication.")
        ("openssl" ,openssl)
        ("tinyxml2" ,tinyxml2)))
     (arguments
-     `(#:configure-flags (list "-DUSE_INTERNAL_TINYXML=OFF")))
+     `(#:configure-flags (list "-DUSE_INTERNAL_TINYXML=OFF")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'unpack-googletest
+           (lambda* (#:key inputs #:allow-other-keys)
+             (mkdir-p "vendor/github.com/google/googletest")
+             (invoke "tar" "xvf" (assoc-ref inputs "googletest-source")
+                     "-C" "vendor/github.com/google/googletest"
+                     "--strip-components=1")))
+         (add-before 'check 'make-unittests
+           (lambda _
+             (invoke "make" "unittests"))))))
     (home-page "https://vgough.github.io/encfs")
     (synopsis "Encrypted virtual file system")
     (description
@@ -713,14 +726,14 @@ SHA256, SHA512, SHA3, AICH, ED2K, Tiger, DC++ TTH, BitTorrent BTIH, GOST R
 (define-public botan
   (package
     (name "botan")
-    (version "2.5.0")
+    (version "2.6.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://botan.randombit.net/releases/"
                                   "Botan-" version ".tgz"))
               (sha256
                (base32
-                "06zvwknhwfrkdvq2sybqbqhnd2d4nq2cszlnsddql13z7vh1z8xq"))))
+                "1iawmymmnp5j2mcjj70slivn6bgg8gbpppldc1rjqw5sbdan3wn1"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index 201c180013..a99f2f22bf 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -23,29 +23,30 @@
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
 (define-module (gnu packages cups)
-  #:use-module ((guix licenses) #:prefix license:)
-  #:use-module (guix packages)
-  #:use-module (guix download)
-  #:use-module (guix build-system gnu)
   #:use-module (gnu packages)
   #:use-module (gnu packages algebra)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages avahi)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages fonts)     ; font-dejavu
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages ghostscript)
+  #:use-module (gnu packages glib)
   #:use-module (gnu packages groff)
+  #:use-module (gnu packages image)
   #:use-module (gnu packages libusb)
+  #:use-module (gnu packages pdf)
   #:use-module (gnu packages perl)
+  #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages pretty-print)
   #:use-module (gnu packages python)
+  #:use-module (gnu packages qt)
   #:use-module (gnu packages scanner)
-  #:use-module (gnu packages image)
-  #:use-module (gnu packages fonts) ;font-dejavu
-  #:use-module (gnu packages fontutils)
-  #:use-module (gnu packages ghostscript)
-  #:use-module (gnu packages glib)
-  #:use-module (gnu packages pdf)
-  #:use-module (gnu packages pkg-config)
-  #:use-module (gnu packages tls))
+  #:use-module (gnu packages tls)
+  #:use-module (guix build-system gnu)
+  #:use-module (guix download)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages))
 
 (define-public cups-filters
   (package
@@ -379,14 +380,14 @@ device-specific programs to convert and print many types of files.")
 (define-public hplip
   (package
     (name "hplip")
-    (version "3.18.3")
+    (version "3.18.6")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/hplip/hplip/" version
                                   "/hplip-" version ".tar.gz"))
               (sha256
                (base32
-                "0x5xs86v18w46rxz5whc15bl4fb7p4km6xqjpwzclp83nl7rl01y"))
+                "0zbv6cp9n3xypf2fg4j6fpz8zkvl0z08lyc1vq1gd04ln1l3xkqf"))
               (modules '((guix build utils)))
               (snippet
                ;; Fix type mismatch.
@@ -396,8 +397,10 @@ device-specific programs to convert and print many types of files.")
                   #t))))
     (build-system gnu-build-system)
     (home-page "http://hplipopensource.com/")
-    (synopsis "HP Printer Drivers")
-    (description "Hewlett-Packard Printer Drivers and PPDs.")
+    (synopsis "HP printer drivers")
+    (description
+     "Hewlett-Packard printer drivers and PostScript Printer Descriptions
+(@dfn{PPD}s).")
 
     ;; The 'COPYING' file lists directories where each of these 3 licenses
     ;; applies.
@@ -424,7 +427,8 @@ device-specific programs to convert and print many types of files.")
          ,(string-append "--with-icondir="
                          (assoc-ref %outputs "out") "/share/applications")
          ,(string-append "--with-systraydir="
-                         (assoc-ref %outputs "out") "/etc/xdg"))
+                         (assoc-ref %outputs "out") "/etc/xdg")
+         "--enable-qt5" "--disable-qt4")
 
        #:imported-modules ((guix build python-build-system)
                            ,@%gnu-build-system-modules)
@@ -463,7 +467,7 @@ device-specific programs to convert and print many types of files.")
                            (string-append "hplip_confdir = " out
                                           "/etc/hp"))
                           (("halpredir = /usr/share/hal/fdi/preprobe/10osvendor")
-                           ;; Note: We don't use hal.
+                           ;; We don't use hal.
                            (string-append "halpredir = " out
                                           "/share/hal/fdi/preprobe/10osvendor"))
                           (("rulesdir = /etc/udev/rules.d")
@@ -477,23 +481,30 @@ device-specific programs to convert and print many types of files.")
                           (("/etc/sane.d")
                            (string-append out "/etc/sane.d"))))))
 
-                  ;; Wrap bin/* so that the Python libs are found.
+                  ;; Wrap bin/* so that the Python libraries are found.
                   (add-after 'install 'wrap-binaries
                     (assoc-ref python:%standard-phases 'wrap)))))
 
-    ;; Python3 support is available starting from hplip@3.15.2.
-    (inputs `(("libjpeg" ,libjpeg)
-              ("cups-minimal" ,cups-minimal)
-              ("libusb" ,libusb)
-              ("sane-backends" ,sane-backends-minimal)
-              ("zlib" ,zlib)
-              ("dbus" ,dbus)
-              ("python-wrapper" ,python-wrapper)
-              ("python" ,python)
-              ;; TODO: Make hp-setup find python-dbus.
-              ("python-dbus" ,python-dbus)))
-    (native-inputs `(("pkg-config" ,pkg-config)
-                     ("perl" ,perl)))))
+    ;; Note that the error messages printed by the tools in the case of
+    ;; missing dependencies are often downright misleading.
+    ;; TODO: hp-toolbox still fails to start with:
+    ;;   from dbus.mainloop.pyqt5 import DBusQtMainLoop
+    ;;   ModuleNotFoundError: No module named 'dbus.mainloop.pyqt5'
+    (inputs
+     `(("cups-minimal" ,cups-minimal)
+       ("dbus" ,dbus)
+       ("libjpeg" ,libjpeg)
+       ("libusb" ,libusb)
+       ("python" ,python)
+       ("python-dbus" ,python-dbus)
+       ("python-pygobject" ,python-pygobject)
+       ("python-pyqt" ,python-pyqt)
+       ("python-wrapper" ,python-wrapper)
+       ("sane-backends" ,sane-backends-minimal)
+       ("zlib" ,zlib)))
+    (native-inputs
+     `(("perl" ,perl)
+       ("pkg-config" ,pkg-config)))))
 
 (define-public foomatic-filters
   (package
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 7690a85f1b..9cbdf616c0 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -398,7 +398,7 @@ mapping from string keys to string values.")
 (define-public memcached
   (package
     (name "memcached")
-    (version "1.5.6")
+    (version "1.5.8")
     (source
      (origin
        (method url-fetch)
@@ -406,7 +406,7 @@ mapping from string keys to string values.")
              "https://memcached.org/files/memcached-" version ".tar.gz"))
        (sha256
         (base32
-         "00szy9d4szaixi260dcd4846zci04y0sd47ia2lzg0bxkn2ywxcn"))))
+         "1ppnhsqv9047vm0rrmqla56y972f8qqjdb780iz6v922jjcc723k"))))
     (build-system gnu-build-system)
     (inputs
      `(("libevent" ,libevent)
@@ -1107,7 +1107,7 @@ extremely small.")
 (define-public perl-dbi
   (package
     (name "perl-dbi")
-    (version "1.637")
+    (version "1.641")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1115,7 +1115,7 @@ extremely small.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "1ikbsb6sb0bd2m1dqknl4vx7ikmnd41y0xq8np1l40g8jcjp2mr5"))))
+                "1hf2x29bnqf2x1v4bdhji802z7n2mbg7h1amv8gdkqyhrlrfa2am"))))
     (build-system perl-build-system)
     (synopsis "Database independent interface for Perl")
     (description "This package provides an database interface for Perl.")
@@ -1487,14 +1487,14 @@ similar to BerkeleyDB, LevelDB, etc.")
 (define-public redis
   (package
     (name "redis")
-    (version "4.0.2")
+    (version "4.0.10")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://download.redis.io/releases/redis-"
                                   version".tar.gz"))
               (sha256
                (base32
-                "04s8cgvwjj1979s3hg8zkwc9pyn3jkjpz5zidp87kfcipifr385i"))))
+                "194cydhv3hf4v95ifvjvsqrs4jn3ffrkg5lvxj5d3y04lwsp9dhx"))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f ; tests related to master/slave and replication fail
diff --git a/gnu/packages/dav.scm b/gnu/packages/dav.scm
index 0c6c62d5a3..9d0479b1e1 100644
--- a/gnu/packages/dav.scm
+++ b/gnu/packages/dav.scm
@@ -57,13 +57,13 @@ clients.")
 (define-public vdirsyncer
   (package
     (name "vdirsyncer")
-    (version "0.16.4")
+    (version "0.16.6")
     (source (origin
              (method url-fetch)
              (uri (pypi-uri name version))
              (sha256
               (base32
-               "03wva48bgv1ad3df6plc9b8xxh6k8bcaxrhlzwh81c9mzn5bspzv"))))
+               "07iqq5c53cfrb5xnmam1rsl683hc3rykmdak896n2gm81r361c66"))))
     (build-system python-build-system)
     (arguments
       `(#:phases (modify-phases %standard-phases
@@ -76,7 +76,6 @@ clients.")
              (zero? (system* "make" "test"))))
          (add-after 'install 'manpage
            (lambda* (#:key inputs outputs #:allow-other-keys)
-             (add-installed-pythonpath inputs outputs)
              (zero? (system* "make" "--directory=docs/" "man"))
              (install-file
                "docs/_build/man/vdirsyncer.1"
diff --git a/gnu/packages/debian.scm b/gnu/packages/debian.scm
index d3438a1f4c..e1dd9d1485 100644
--- a/gnu/packages/debian.scm
+++ b/gnu/packages/debian.scm
@@ -129,6 +129,7 @@ contains the archive keys used for that.")
          (add-after 'unpack 'patch-source
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (let ((out    (assoc-ref outputs "out"))
+                   (coreutils (assoc-ref inputs "coreutils"))
                    (wget   (assoc-ref inputs "wget"))
                    (debian (assoc-ref inputs "debian-keyring"))
                    (ubuntu (assoc-ref inputs "ubuntu-keyring")))
@@ -141,6 +142,7 @@ contains the archive keys used for that.")
                (substitute* "scripts/gutsy"
                  (("/usr") ubuntu))
                (substitute* "debootstrap"
+                 (("chroot ") (string-append coreutils "/bin/chroot "))
                  (("=/usr") (string-append "=" out)))
                (substitute* "functions"
                  (("wget ") (string-append wget "/bin/wget ")))
@@ -154,7 +156,8 @@ contains the archive keys used for that.")
        #:make-flags (list (string-append "DESTDIR=" (assoc-ref %outputs "out")))
        #:tests? #f)) ; no tests
     (inputs
-     `(("debian-keyring" ,debian-archive-keyring)
+     `(("coreutils" ,coreutils)
+       ("debian-keyring" ,debian-archive-keyring)
        ("ubuntu-keyring" ,ubuntu-keyring)
        ("wget" ,wget)))
     ;; The following are required for debootstrap to work correctly
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index 0b8d8be574..78479b2d32 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -50,6 +50,7 @@
   #:use-module (gnu packages tls)
   #:use-module (gnu packages web)
   #:use-module (gnu packages xml)
+  #:use-module (gnu packages)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
@@ -104,6 +105,7 @@ and BOOTP/TFTP for network booting of diskless machines.")
               (uri (string-append
                     "ftp://ftp.isc.org/isc/bind9/" version "/" name "-"
                     version ".tar.gz"))
+              (patches (search-patches "bind-CVE-2018-5738.patch"))
               (sha256
                (base32
                 "0a9dvyg1dk7vpqn9gz7p5jas3bz7z22bjd66b98g1qk16i2w7rqd"))))
@@ -188,7 +190,7 @@ high-volume and high-reliability applications. The name BIND stands for
              ;; Re-generate build files due to unbundling ltdl.
              ;; TODO: Prevent generating new libltdl and building it.
              ;; The system version is still favored and referenced.
-             (zero? (system* "autoreconf" "-vif")))))))
+             (invoke "autoreconf" "-vif"))))))
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("automake" ,automake)
@@ -233,7 +235,7 @@ servers is included, and an up-to-date version is available at
        (modify-phases %standard-phases
          (add-after 'unpack 'create-configure
            (lambda _
-             (zero? (system* "make" "configure")))))))
+             (invoke "make" "configure"))))))
     (native-inputs
      `(("autoconf" ,autoconf)))
     (inputs
@@ -424,9 +426,9 @@ struct servent *getservbyport(int port, const char *proto) {
   }
   return s;
 }" port)))
-               (system* (string-append gcc "/bin/gcc")
-                        "-shared" "-fPIC" "-o" "/tmp/nss_preload.so"
-                        "/tmp/nss_preload.c")
+               (invoke (string-append gcc "/bin/gcc")
+                       "-shared" "-fPIC" "-o" "/tmp/nss_preload.so"
+                       "/tmp/nss_preload.c")
                ;; The preload library only affects the unittests.
                (substitute* "Makefile"
                  (("./unittest")
@@ -539,10 +541,9 @@ Extensions} (DNSSEC).")
              (let* ((out (assoc-ref outputs "out"))
                     (doc (string-append out "/share/doc/knot"))
                     (etc (string-append doc "/examples/etc")))
-               (zero?
-                (system* "make"
-                         (string-append "config_dir=" etc)
-                         "install")))))
+               (invoke "make"
+                       (string-append "config_dir=" etc)
+                       "install"))))
          (add-after 'install 'wrap-python-scripts
            (lambda* (#:key outputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out"))
diff --git a/gnu/packages/documentation.scm b/gnu/packages/documentation.scm
index 9425df707c..f533535f03 100644
--- a/gnu/packages/documentation.scm
+++ b/gnu/packages/documentation.scm
@@ -139,10 +139,23 @@ markup) can be customized and extended by the user.")
        ("libxml2" ,libxml2) ; provides xmllint for the tests
        ("python" ,python-2))) ; for creating the documentation
     (inputs
-     `(("bash" ,bash-minimal)))
+     `(("bash" ,bash-minimal)
+       ,@(if (string-prefix? "armhf-" (%current-system))
+             `(("gcc-ice-patch" ,@(search-patches "doxygen-gcc-ice.patch")))
+             '())))
     (arguments
      `(#:test-target "tests"
        #:phases (modify-phases %standard-phases
+                  ;; Work around an ICE that shows up on native compiles for
+                  ;; armhf-linux.
+                  ,@(if (string-prefix? "armhf-" (%current-system))
+                        `((add-after 'unpack 'apply-gcc-patch
+                            (lambda* (#:key inputs #:allow-other-keys)
+                              (let ((patch (assoc-ref inputs "gcc-ice-patch")))
+                                (invoke "patch" "-p1" "--force"
+                                        "--input" patch)))))
+                        '())
+
                   (add-before 'configure 'patch-sh
                               (lambda* (#:key inputs #:allow-other-keys)
                                 (substitute* "src/portable.cpp"
diff --git a/gnu/packages/electronics.scm b/gnu/packages/electronics.scm
index 068aa23e36..af3ebeb805 100644
--- a/gnu/packages/electronics.scm
+++ b/gnu/packages/electronics.scm
@@ -146,7 +146,7 @@ as simple logic analyzer and/or oscilloscope hardware.")
                #t)))
          (add-after 'build 'build-doc
            (lambda _
-             (zero? (system* "doxygen"))))
+             (invoke "doxygen")))
          (add-after 'install 'install-doc
            (lambda* (#:key outputs #:allow-other-keys)
              (copy-recursively "doxy/html-api"
@@ -158,7 +158,8 @@ as simple logic analyzer and/or oscilloscope hardware.")
              (install-file "contrib/60-libsigrok.rules"
                            (string-append
                             (assoc-ref outputs "out")
-                            "/lib/udev/rules.d/"))))
+                            "/lib/udev/rules.d/"))
+             #t))
          (add-after 'install-udev-rules 'install-fw
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (let* ((fx2lafw (assoc-ref inputs "sigrok-firmware-fx2lafw"))
diff --git a/gnu/packages/elf.scm b/gnu/packages/elf.scm
index 9b120751d2..97bc7728ec 100644
--- a/gnu/packages/elf.scm
+++ b/gnu/packages/elf.scm
@@ -34,14 +34,14 @@
 (define-public elfutils
   (package
     (name "elfutils")
-    (version "0.170")
+    (version "0.172")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://sourceware.org/elfutils/ftp/"
                                   version "/elfutils-" version ".tar.bz2"))
               (sha256
                (base32
-                "0rp0r54z44is49c594qy7hr211nhb00aa5y7z74vsybbaxslg10z"))
+                "090fmbnvd9jblkwhb2bm3hanim63rrvd5f30mfxq4jac6kk9k73p"))
               (patches (search-patches "elfutils-tests-ptrace.patch"))))
     (build-system gnu-build-system)
 
diff --git a/gnu/packages/elixir.scm b/gnu/packages/elixir.scm
index ceabc2a6c4..ed6bd00236 100644
--- a/gnu/packages/elixir.scm
+++ b/gnu/packages/elixir.scm
@@ -40,15 +40,7 @@
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0acnxfwvkx1m1d0h5z051mz95n35zm468hcvc3wpmn17c15h5ihg"))
-              ;; FIXME: 27 tests (out of 4K) had to be disabled as
-              ;; they fail in the build environment.  Common failures
-              ;; are:
-              ;; - Mix.Shell.cmd() fails with error 130
-              ;; - The git_repo fixture cannot be found
-              ;; - Communication with spawned processes fails with EPIPE
-              ;; - Failure to copy files
-              (patches (search-patches "elixir-disable-failing-tests.patch"))))
+                "0acnxfwvkx1m1d0h5z051mz95n35zm468hcvc3wpmn17c15h5ihg"))))
     (build-system gnu-build-system)
     (arguments
      `(#:test-target "test"
@@ -70,27 +62,6 @@
                  (("#!/usr/bin/env elixir")
                   (string-append "#!" out "/bin/elixir"))))
              #t))
-         (add-after 'unpack 'fix-or-disable-tests
-           (lambda* (#:key inputs #:allow-other-keys)
-             ;; Some tests require access to a home directory.
-             (setenv "HOME" "/tmp")
-
-             ;; FIXME: These tests fail because the "git_repo" fixture does
-             ;; not exist or cannot be found.
-             (delete-file "lib/mix/test/mix/tasks/deps.git_test.exs")
-
-             ;; FIXME: Mix.Shell.cmd() always fails with error code 130.
-             (delete-file "lib/mix/test/mix/shell_test.exs")
-
-             ;; FIXME:
-             ;; disabled failing impure tests to make it build again.
-             ;; related discussion: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28034#14
-             (delete-file "lib/elixir/test/elixir/kernel/cli_test.exs")
-             (delete-file "lib/elixir/test/elixir/kernel/dialyzer_test.exs")
-             (delete-file "lib/iex/test/iex/helpers_test.exs")
-             (delete-file "lib/ex_unit/test/ex_unit/capture_io_test.exs")
-
-             #t))
          (add-before 'build 'make-current
            ;; The Elixir compiler checks whether or not to compile files by
            ;; inspecting their timestamps.  When the timestamp is equal to the
@@ -102,6 +73,11 @@
                            (utime file recent recent 0 0)))
                        (find-files "." ".*"))
              #t))
+         (add-before 'check 'set-home
+           (lambda* (#:key inputs #:allow-other-keys)
+             ;; Some tests require access to a home directory.
+             (setenv "HOME" "/tmp")
+             #t))
          (delete 'configure))))
     (inputs
      `(("erlang" ,erlang)
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index e90660a236..349ae0d20c 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -108,6 +108,7 @@
   #:use-module (gnu packages password-utils)
   #:use-module (gnu packages xdisorg)
   #:use-module (gnu packages shells)
+  #:use-module (gnu packages gnupg)
   #:use-module (guix utils)
   #:use-module (srfi srfi-1)
   #:use-module (ice-9 match))
@@ -312,12 +313,12 @@ editor (without an X toolkit)" )
        ((#:phases phases)
         `(modify-phases ,phases
            (add-after 'unpack 'autogen
-                      (lambda _
-                        (zero? (system* "sh" "autogen.sh"))))
+             (lambda _
+               (invoke "sh" "autogen.sh")))
            ;; Build sometimes fails: deps/dispnew.d: No such file or directory
            (add-before 'build 'make-deps-dir
              (lambda _
-               (zero? (system* "mkdir" "-p" "src/deps"))))))))))
+               (invoke "mkdir" "-p" "src/deps")))))))))
 
 
 ;;;
@@ -411,7 +412,7 @@ configuration files, such as .gitattributes, .gitignore, and .git/config.")
 (define-public emacs-with-editor
   (package
     (name "emacs-with-editor")
-    (version "2.7.2")
+    (version "2.7.3")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -420,7 +421,7 @@ configuration files, such as .gitattributes, .gitignore, and .git/config.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1jqi3axcs0cb1pcv1jxxc2a09v6psrm33wwl6hmyshzl8kbxs2mv"))))
+                "1ln2s0kckzkv50qmr6x1kb2j30cfjii0vs6lpghg7ff4lav8jqgh"))))
     (build-system emacs-build-system)
     (propagated-inputs
      `(("emacs-dash" ,emacs-dash)))
@@ -436,7 +437,7 @@ on stdout instead of using a socket as the Emacsclient does.")
 (define-public magit
   (package
     (name "magit")
-    (version "2.12.1")
+    (version "2.13.0")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -444,7 +445,7 @@ on stdout instead of using a socket as the Emacsclient does.")
                    version "/" name "-" version ".tar.gz"))
              (sha256
               (base32
-               "1czzknmhzbggcv3bxl5amvfpp0zrkdwl1x05qarsq6qakvc85xy3"))))
+               "1ygaah3dd3nxpyd17297xgvdcgr7pgzzwlmpnmchki0kiwgg3sbc"))))
     (build-system gnu-build-system)
     (native-inputs `(("texinfo" ,texinfo)
                      ("emacs" ,emacs-minimal)))
@@ -585,7 +586,7 @@ support for Git-SVN.")
        (modify-phases %standard-phases
          (add-before 'install 'make-info
            (lambda _
-             (zero? (system* "make" "info")))))))
+             (invoke "make" "info"))))))
     (native-inputs
      `(("texinfo" ,texinfo)))
     (propagated-inputs
@@ -602,7 +603,7 @@ process, passing on the arguments as command line arguments.")
 (define-public emacs-ghub
   (package
     (name "emacs-ghub")
-    (version "2.0.0")
+    (version "2.0.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -611,14 +612,14 @@ process, passing on the arguments as command line arguments.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1zrb3xk04a228g2ahx0r02d0d3xskj60q73qavvmm2i56r66cxvc"))))
+                "0d0qj5r1bm2aidi61rigrdaycxnyb7y1ivb3h8rpvvapsf8sk7z0"))))
     (build-system emacs-build-system)
     (arguments
      `(#:phases
        (modify-phases %standard-phases
          (add-before 'install 'make-info
            (lambda _
-             (zero? (system* "make" "info")))))))
+             (invoke "make" "info"))))))
     (native-inputs
      `(("texinfo" ,texinfo)))
     (home-page "https://github.com/magit/ghub")
@@ -702,8 +703,7 @@ only a handful of functions that are not resource-specific.")
                           files))
 
               (with-directory-excursion "doc"
-                (unless (zero? (system* "makeinfo" "haskell-mode.texi"))
-                  (error "makeinfo failed"))
+                (invoke "makeinfo" "haskell-mode.texi")
                 (install-file "haskell-mode.info" info))
                (copy-to-dir doc '("CONTRIBUTING.md" "NEWS" "README.md"))
                (copy-to-dir el-dir (find-files "." "\\.elc?"))
@@ -794,7 +794,7 @@ provides an optional IDE-like error list.")
          (modify-phases %standard-phases
            (add-after 'unpack 'autoconf
              (lambda _
-               (zero? (system* "autoconf"))))
+               (invoke "autoconf")))
            (add-before 'configure 'support-emacs!
              (lambda _
                ;; For some reason 'AC_PATH_EMACS' thinks that 'Emacs 26' is
@@ -825,13 +825,13 @@ provides an optional IDE-like error list.")
                  #t)))
            (replace 'install
              (lambda* (#:key outputs #:allow-other-keys)
-               (and (zero? (system* "make" "install" "install-icons"))
-                    (with-directory-excursion
-                        (string-append (assoc-ref outputs "out")
-                                       "/share/emacs/site-lisp")
-                      (for-each delete-file '("ChangeLog" "ChangeLog.1"))
-                      (symlink "w3m-load.el" "w3m-autoloads.el")
-                      #t)))))))
+               (invoke "make" "install" "install-icons")
+               (with-directory-excursion
+                   (string-append (assoc-ref outputs "out")
+                                  "/share/emacs/site-lisp")
+                 (for-each delete-file '("ChangeLog" "ChangeLog.1"))
+                 (symlink "w3m-load.el" "w3m-autoloads.el")
+                 #t))))))
       (home-page "http://emacs-w3m.namazu.org/")
       (synopsis "Simple Web browser for Emacs based on w3m")
       (description
@@ -937,7 +937,8 @@ provides an optional IDE-like error list.")
                    (vorbis  (assoc-ref inputs "vorbis-tools"))
                    (alsa    (assoc-ref inputs "alsa-utils"))
                    (mpg321  (assoc-ref inputs "mpg321"))
-                   (mp3info (assoc-ref inputs "mp3info")))
+                   (mp3info (assoc-ref inputs "mp3info"))
+                   (opus    (assoc-ref inputs "opus-tools")))
                ;; Specify the installation directory.
                (substitute* "Makefile"
                  (("PREFIX=.*$")
@@ -962,6 +963,9 @@ provides an optional IDE-like error list.")
                  (emacs-substitute-variables "emms-info-ogginfo.el"
                    ("emms-info-ogginfo-program-name"
                     (string-append vorbis "/bin/ogginfo")))
+                 (emacs-substitute-variables "emms-info-opusinfo.el"
+                   ("emms-info-opusinfo-program-name"
+                    (string-append opus "/bin/opusinfo")))
                  (emacs-substitute-variables "emms-info-libtag.el"
                    ("emms-info-libtag-program-name"
                     (string-append out "/bin/emms-print-metadata")))
@@ -1010,7 +1014,8 @@ provides an optional IDE-like error list.")
               ("vorbis-tools" ,vorbis-tools)
               ("mpg321" ,mpg321)
               ("taglib" ,taglib)
-              ("mp3info" ,mp3info)))
+              ("mp3info" ,mp3info)
+              ("opus-tools" ,opus-tools)))
     (properties '((upstream-name . "emms")))
     (synopsis "Emacs Multimedia System")
     (description
@@ -1023,27 +1028,8 @@ light user interface.")
     (license license:gpl3+)))
 
 (define-public emacs-emms-player-mpv
-  (package
-    (name "emacs-emms-player-mpv")
-    (version "0.1.0")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (string-append "https://github.com/dochang/emms-player-mpv/archive/"
-                           version ".tar.gz"))
-       (file-name (string-append name "-" version ".tar.gz"))
-       (sha256
-        (base32
-         "05qwbagc4i7yn7i94r1hdgj6wc5xijy1pxqv08pwsmli9rqj51n9"))))
-    (build-system emacs-build-system)
-    (propagated-inputs
-     `(("emms" ,emms)))
-    (home-page "https://github.com/dochang/emms-player-mpv/")
-    (synopsis "Mpv support for EMMS")
-    (description
-     "This package provides an EMMS player that uses mpv.  It supports pause
-and seeking.")
-    (license license:gpl3+)))
+  ;; A new mpv backend is included in Emms from 5.0.
+  (deprecated-package "emacs-emms-player-mpv" emms))
 
 (define-public emacs-emms-mode-line-cycle
   (package
@@ -1154,7 +1140,7 @@ than @code{electric-indent-mode}.")
          (add-before 'install 'make-info
            (lambda _
              (with-directory-excursion "docs"
-               (zero? (system* "make" "info")))))
+               (invoke "make" "info"))))
          (add-after 'install 'install-info
            (lambda* (#:key outputs #:allow-other-keys)
              (let* ((out  (assoc-ref outputs "out"))
@@ -1430,11 +1416,11 @@ Maps directly inside Emacs.")
     (license license:gpl3+)))
 
 (define-public emacs-graphviz-dot-mode
-  (let ((commit "fdaabbcc95d9156e3dadc84f81a4750c5b692580")
+  (let ((commit "c456a2b65c734089e6c44e87209a5a432a741b1a")
         (revision "1"))
     (package
       (name "emacs-graphviz-dot-mode")
-      (version (string-append "0.3.10-" revision "."
+      (version (string-append "0.3.11-" revision "."
                               (string-take commit 7)))
       (source (origin
                 (method git-fetch)
@@ -1444,7 +1430,7 @@ Maps directly inside Emacs.")
                 (file-name (string-append name "-" version "-checkout"))
                 (sha256
                  (base32
-                  "1s1qh5r0xp6hs0rl5yz5mkmjhpg04bh449c7vgjbb1pjsl1dl714"))))
+                  "0j1r2rspaakw37b0mx7pwpvdsvixq9sw3xjbww5piihzpdxz58z1"))))
       (build-system emacs-build-system)
       (arguments
        `(#:phases
@@ -1455,13 +1441,12 @@ Maps directly inside Emacs.")
                  (substitute* "Makefile"
                    (("\\/usr\\/bin\\/gzip")
                     (string-append (assoc-ref inputs "gzip") "/bin/gzip")))
-                 (zero?
-                  (system* "make"
-                           "clean"
-                           "info"
-                           (string-append "TEXINFODIR="
-                                          (assoc-ref inputs "texinfo")
-                                          "/bin"))))))
+                 (invoke "make"
+                         "clean"
+                         "info"
+                         (string-append "TEXINFODIR="
+                                        (assoc-ref inputs "texinfo")
+                                        "/bin")))))
            (add-after 'install 'install-info
              (lambda* (#:key outputs #:allow-other-keys)
                (let* ((out  (assoc-ref outputs "out"))
@@ -1499,7 +1484,7 @@ diagrams.")
        (modify-phases %standard-phases
          (add-after 'unpack 'autogen
            (lambda _
-             (zero? (system* "sh" "autogen.sh")))))))
+             (invoke "sh" "autogen.sh"))))))
     (native-inputs
      `(("autoconf" ,autoconf)
        ("automake" ,automake)
@@ -1564,7 +1549,7 @@ filters, new key bindings and faces.  It can be enabled by
            (lambda _ (chdir "server") #t))
          (add-after 'enter-server-dir 'autogen
            (lambda _
-             (zero? (system* "bash" "autogen.sh"))))
+             (invoke "bash" "autogen.sh")))
 
          ;; Build emacs side using 'emacs-build-system'.
          (add-after 'compress-documentation 'enter-lisp-dir
@@ -1656,15 +1641,14 @@ type, for example: packages, buffers, files, etc.")
 (define-public emacs-guix
   (package
     (name "emacs-guix")
-    (version "0.4")
+    (version "0.4.1.1")
     (source (origin
               (method url-fetch)
-              (uri (string-append "https://github.com/alezost/guix.el"
-                                  "/releases/download/v" version
-                                  "/emacs-guix-" version ".tar.gz"))
+              (uri (string-append "https://emacs-guix.gitlab.io/website/"
+                                  "releases/emacs-guix-" version ".tar.gz"))
               (sha256
                (base32
-                "1nn4b0gd895g0k4fynzrip7z8yb1r3qmvznq9v8a6q7sm84irmqq"))))
+                "0jbnrcazbks7h50rngpw5l40a6vn2794kb53cpva3yzdjmrc1955"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
@@ -1715,7 +1699,7 @@ type, for example: packages, buffers, files, etc.")
        ("bui" ,emacs-bui)
        ("edit-indirect" ,emacs-edit-indirect)
        ("magit-popup" ,emacs-magit-popup)))
-    (home-page "https://alezost.github.io/guix.el/")
+    (home-page "https://emacs-guix.gitlab.io/website/")
     (synopsis "Emacs interface for GNU Guix")
     (description
      "Emacs-Guix provides a visual interface, tools and features for the GNU
@@ -1727,7 +1711,7 @@ management tasks from Emacs.  To begin with, run @code{M-x guix-about} or
 (define-public emacs-d-mode
   (package
     (name "emacs-d-mode")
-    (version "2.0.8")
+    (version "2.0.9")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1736,7 +1720,7 @@ management tasks from Emacs.  To begin with, run @code{M-x guix-about} or
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0knpgi55jm09282aqf8pv55zillpnpzf9f4sgm6gwsmvxf17xaw0"))))
+                "127aa77ix3p7w4g339bx026df9y649dahlr3v359z0hs40zjz3kd"))))
     (build-system emacs-build-system)
     (propagated-inputs
      `(("emacs-undercover" ,emacs-undercover)))
@@ -2662,7 +2646,7 @@ build jobs.")
 (define-public emacs-company
   (package
     (name "emacs-company")
-    (version "0.9.3")
+    (version "0.9.6")
     (source
      (origin
        (method url-fetch)
@@ -2671,7 +2655,7 @@ build jobs.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1fyrpchpdmvszssy1qmsw41aqpv6q5rybvs1bw00nv9xdhiaq4vh"))))
+         "0a7zvmfvxh9w67myvcj2511ayk0fvkm06cdg38y8khnsx63jrr4k"))))
     (build-system emacs-build-system)
     (arguments
      `(#:phases
@@ -2971,8 +2955,8 @@ in @code{html-mode}.")
                  (substitute* "Makefile"
                    (("infodir=/usr/local/info")
                     (string-append "infodir=" info-dir)))
-                 (system* "make" "html/index.html")
-                 (system* "make" "slime.info")
+                 (invoke "make" "html/index.html")
+                 (invoke "make" "slime.info")
                  (install-file "slime.info" info-dir)
                  (copy-recursively "html" (string-append doc-dir "/html")))
                (for-each (lambda (f)
@@ -3014,6 +2998,33 @@ This provides a basic API and common UI widgets such as popup tooltips
 and popup menus.")
     (license license:gpl3+)))
 
+(define-public emacs-puppet-mode
+  (let ((commit "b3ed5057166a4f49dfa9be638523a348b55a2fd2")
+        (revision "1"))
+    (package
+      (name "emacs-puppet-mode")
+      ;; The last release, 0.3 was several years ago, and there have been many
+      ;; commits since
+      (version (git-version "0.3" revision commit))
+      (source
+       (origin
+         (method url-fetch)
+         (uri (string-append
+               "https://raw.githubusercontent.com/voxpupuli/puppet-mode/"
+               commit "/puppet-mode.el"))
+         (sha256
+          (base32
+           "1indycxawsl0p2aqqg754f6735q3cmah9vd886rpn0ncc3ipi1xm"))))
+      (build-system emacs-build-system)
+      (home-page "https://github.com/voxpupuli/puppet-mode")
+      (synopsis "Emacs major mode for the Puppet configuration language")
+      (description
+       "This package provides support for the Puppet configuration language,
+including syntax highlighting, indentation of expressions and statements,
+linting of manifests and integration with Puppet Debugger.")
+      ;; Also incorporates work covered by the Apache License, Version 2.0
+      (license license:gpl3+))))
+
 (define-public emacs-god-mode
   (let ((commit "6cf0807b6555eb6fcf8387a4e3b667071ef38964")
         (revision "1"))
@@ -3625,9 +3636,9 @@ automatically.")
              (let* ((out (assoc-ref outputs "out"))
                     (info (string-append out "/share/info")))
                (with-directory-excursion "doc"
-                 (unless (zero? (system* "makeinfo" "ivy.texi"))
-                   (error "makeinfo failed"))
-                 (install-file "ivy.info" info))))))))
+                 (invoke "makeinfo" "ivy.texi")
+                 (install-file "ivy.info" info)
+                 #t)))))))
     (propagated-inputs
      `(("emacs-hydra" ,emacs-hydra)))
     (native-inputs
@@ -3643,6 +3654,35 @@ splitting the input text by spaces and re-building it into a regular
 expression.")
     (license license:gpl3+)))
 
+(define-public emacs-ivy-yasnippet
+  (let ((commit "59b32cf8cfb63df906822a17f6f5e8545dac38d4"))
+    (package
+      (name "emacs-ivy-yasnippet")
+      (version (git-version "0.1" "1" commit))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/mkcms/ivy-yasnippet.git")
+               (commit commit)))
+         (file-name (git-file-name name version))
+         (sha256
+          (base32
+           "0hghdlxkfwrglvc1nql2ikgp6jj0qdbfwc3yvpb19mrf26hwgp13"))))
+      (build-system emacs-build-system)
+      (propagated-inputs
+       `(("emacs-ivy" ,emacs-ivy)
+         ("emacs-yasnippet" ,emacs-yasnippet)
+         ("emacs-dash" ,emacs-dash)))
+      (home-page "https://github.com/mkcms/ivy-yasnippet")
+      (synopsis "Preview @code{yasnippets} with @code{ivy}")
+      (description "This package allows you to select @code{yasnippet}
+snippets using @code{ivy} completion.  When current selection changes in the
+minibuffer, the snippet contents are temporarily expanded in the buffer.  To
+use it, call @code{M-x ivy-yasnippet} (but make sure you have enabled
+@code{yas-minor-mode} first).")
+      (license license:gpl3+))))
+
 (define-public emacs-avy
   (package
     (name "emacs-avy")
@@ -4050,14 +4090,15 @@ programming language.")
              (lambda* (#:key inputs #:allow-other-keys)
                (substitute* "Makeconf"
                  (("SHELL = /bin/sh")
-                  (string-append "SHELL = " (which "sh"))))))
+                  (string-append "SHELL = " (which "sh"))))
+               #t))
            ;; FIXME: the texlive-union insists on regenerating fonts.  It stores
            ;; them in HOME, so it needs to be writeable.
            (add-before 'build 'set-HOME
              (lambda _ (setenv "HOME" "/tmp") #t))
            (replace 'check
              (lambda _
-               (zero? (system* "make" "test"))))))))
+               (invoke "make" "test")))))))
     (inputs
      `(("emacs" ,emacs-minimal)
        ("r-minimal" ,r-minimal)))
@@ -4395,7 +4436,7 @@ indentation command behavior very similar to that of python-mode.")
 (define-public emacs-web-mode
   (package
     (name "emacs-web-mode")
-    (version "14")
+    (version "16")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://raw.githubusercontent.com/fxbois"
@@ -4403,7 +4444,7 @@ indentation command behavior very similar to that of python-mode.")
               (file-name (string-append "web-mode-" version ".el"))
               (sha256
                (base32
-                "086hik5fmxg3kx74qmransx9cz961qd22d4m6ah2dw6cwaj1s3s5"))))
+                "1hs5w7kdvcyn4ihyw1kfjg48djn5p7lz4rlbhzzdqv1g56xqx3gw"))))
     (build-system emacs-build-system)
     (synopsis "Major mode for editing web templates")
     (description "Web-mode is an Emacs major mode for editing web templates
@@ -4439,7 +4480,7 @@ the file buffer.")
 (define-public emacs-helm
   (package
     (name "emacs-helm")
-    (version "2.9.0")
+    (version "2.9.6")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -4448,7 +4489,7 @@ the file buffer.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1798gn0za11cxdbi436javfczv4abniccxcl0jppl463r8lzb8is"))))
+                "1f7m09i8gr0gk5nw5dn7rpdz20dg3hl4p77dpygkhl82yhk9q2ql"))))
     (build-system emacs-build-system)
     (propagated-inputs
      `(("emacs-async" ,emacs-async)
@@ -4671,36 +4712,38 @@ news items, openrc and runscripts.")
     (license license:gpl2+)))
 
 (define-public emacs-evil
-  (package
-    (name "emacs-evil")
-    (version "1.2.13")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (string-append "https://github.com/emacs-evil/evil/archive/"
-                           version ".tar.gz"))
-       (file-name (string-append name "-" version ".tar.gz"))
-       (sha256
-        (base32
-         "1z63zsxmsc6mh74wv6065carwqmgs7b7lz5044s12xvgsjfbwi8h"))))
-    (build-system emacs-build-system)
-    (propagated-inputs
-     `(("emacs-undo-tree" ,emacs-undo-tree)
-       ("emacs-goto-chg" ,emacs-goto-chg)))
-    (home-page "https://github.com/emacs-evil/evil")
-    (synopsis "Extensible Vi layer for Emacs")
-    (description
-     "Evil is an extensible vi layer for Emacs.  It emulates the
+  (let ((commit "230b87212c81aaa68ef5547a6b998d9c365fe139"))
+    (package
+      (name "emacs-evil")
+      (version (git-version "1.2.13" "1" commit))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/emacs-evil/evil")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "0c9zy3bpck10gcrv79kd3h7i4ygd5bgbgy773n0lg7a2r5kwn1gx"))))
+      (build-system emacs-build-system)
+      (propagated-inputs
+       `(("emacs-undo-tree" ,emacs-undo-tree)
+         ("emacs-goto-chg" ,emacs-goto-chg)))
+      (home-page "https://github.com/emacs-evil/evil")
+      (synopsis "Extensible Vi layer for Emacs")
+      (description
+       "Evil is an extensible vi layer for Emacs.  It emulates the
 main features of Vim, and provides facilities for writing custom
 extensions.")
-    (license license:gpl3+)))
+      (license license:gpl3+))))
 
 (define-public emacs-evil-collection
-  (let ((commit "f40704a57fd33b4bfad64147a2b771fc8961fdfc")
+  (let ((commit "ac21b8957cfc22485cdaa316384edf9cb220d837")
         (revision "1"))
     (package
       (name "emacs-evil-collection")
-      (version (git-version "20180425" revision commit))
+      (version (git-version "20180617" revision commit))
       (source (origin
                 (method git-fetch)
                 (uri (git-reference
@@ -4709,7 +4752,7 @@ extensions.")
                 (file-name (string-append name "-" version "-checkout"))
                 (sha256
                  (base32
-                  "0qn19k0f3isnbi1hkmcf3qjxbyvp23m5ak5ny7623qgwb2nwz1l5"))))
+                  "082a3c5c2ls9ryqrl5kzb4z6bcprhqx8pypnlj1razbld3lny934"))))
       (build-system emacs-build-system)
       (propagated-inputs
        `(("emacs-evil" ,emacs-evil)))
@@ -4768,7 +4811,7 @@ distribution, primarily targeting Clojure users")
 (define-public emacs-orgalist
   (package
     (name "emacs-orgalist")
-    (version "1.7")
+    (version "1.8")
     (source
      (origin
        (method url-fetch)
@@ -4776,7 +4819,7 @@ distribution, primarily targeting Clojure users")
                            "orgalist-" version ".el"))
        (sha256
         (base32
-         "13dl0l727vlny3y88gqpngcy90ly5r719s1pbmkva5gmcryb68xr"))))
+         "1wqwnmn08i0qkxm8b2iclvf6cydcn68h1p3h7r1kig2bdn5b8948"))))
     (build-system emacs-build-system)
     (home-page "http://elpa.gnu.org/packages/orgalist.html")
     (synopsis "Manage Org-like lists in non-Org buffers")
@@ -5410,8 +5453,8 @@ Yasnippet.")
       (license license:gpl2+))))
 
 (define-public emacs-helm-system-packages
-  (let ((commit "986b7bd360a705053500c4ce2c9bea03dd7b24a6")
-        (revision "1"))
+  (let ((commit "b41f8f251695cf236e9d1627070049a5b41aa38a")
+        (revision "2"))
     (package
       (name "emacs-helm-system-packages")
       (version (git-version "1.9.0" revision commit))
@@ -5423,7 +5466,7 @@ Yasnippet.")
                 (file-name (string-append name "-" version "-checkout"))
                 (sha256
                  (base32
-                  "19iklhpxgh5xx6h4dysf58nd46lmyb46xj601lf7kbwl6yq0y61f"))))
+                  "1wrsx1j86c9a74nsdndjv21slzl46idd3p6wqy5wnasawj0kfn8r"))))
       (build-system emacs-build-system)
       (propagated-inputs
        `(("emacs-helm" ,emacs-helm)))
@@ -5580,7 +5623,7 @@ highlights quasi-quoted expressions.")
 (define-public emacspeak
   (package
     (name "emacspeak")
-    (version "47.0")
+    (version "48.0")
     (source
      (origin
        (method url-fetch)
@@ -5589,7 +5632,7 @@ highlights quasi-quoted expressions.")
              version "/emacspeak-" version ".tar.bz2"))
        (sha256
         (base32
-         "0xbcc266x752y68s3g096m161irzvsqym3axzqn8rb276a8x55n7"))))
+         "07imi3hji06b3r7v7v59978q76s8a7ynmxwfc9j03pgnv965lpjy"))))
     (build-system gnu-build-system)
     (arguments
      '(#:make-flags (list (string-append "prefix="
@@ -5597,30 +5640,35 @@ highlights quasi-quoted expressions.")
        #:phases
        (modify-phases %standard-phases
          (replace 'configure
-           (lambda _
-             ;; Configure Emacspeak according to etc/install.org.
-             (setenv "SHELL" (which "sh"))
-             (zero? (system* "make" "config"))))
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (lisp (string-append out
+                                         "/share/emacs/site-lisp/emacspeak")))
+               (setenv "SHELL" (which "sh"))
+               ;; Configure Emacspeak according to etc/install.org.
+               (invoke "make" "config"))))
          (add-after 'build 'build-espeak
            (lambda _
-             (zero? (system* "make" "espeak"))))
+             (invoke "make" "espeak")))
          (replace 'install
-           (lambda* (#:key outputs #:allow-other-keys)
+           (lambda* (#:key inputs outputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out"))
                     (bin (string-append out "/bin"))
                     (lisp (string-append out "/share/emacs/site-lisp/emacspeak"))
-                    (info (string-append out "/share/info")))
+                    (info (string-append out "/share/info"))
+                    (emacs (string-append (assoc-ref inputs "emacs")
+                                          "/bin/emacs")))
                ;; According to etc/install.org, the Emacspeak directory should
                ;; be copied to its installation destination.
                (for-each
                 (lambda (file)
                   (copy-recursively file (string-append lisp "/" file)))
-                '("etc" "info" "lisp" "media" "servers" "sounds" "stumpwm"
-                  "xsl"))
+                '("etc" "info" "js" "lisp" "media" "scapes" "servers" "sounds"
+                  "stumpwm" "xsl"))
                ;; Make sure emacspeak is loaded from the correct directory.
                (substitute* "etc/emacspeak.sh"
-                 (("exec emacs.*$")
-                  (string-append "exec emacs -l " lisp
+                 (("exec FLAVOR.*")
+                  (string-append "exec " emacs " -l " lisp
                                  "/lisp/emacspeak-setup.el $CL_ALL")))
                ;; Install the convenient startup script.
                (mkdir-p bin)
@@ -5639,10 +5687,11 @@ highlights quasi-quoted expressions.")
                #t))))
        #:tests? #f)) ; no check target
     (inputs
-     `(("espeak" ,espeak)
+     `(("emacs" ,emacs)
+       ("espeak" ,espeak)
+       ("perl" ,perl)
        ("tcl" ,tcl)
        ("tclx" ,tclx)))
-    (native-inputs `(("emacs" ,emacs-minimal)))
     (home-page "http://emacspeak.sourceforge.net")
     (synopsis "Audio desktop interface for Emacs")
     (description
@@ -5804,7 +5853,7 @@ source file, @file{jl-encrypt.el}.")
 (define-public emacs-htmlize
   (package
     (name "emacs-htmlize")
-    (version "1.51")
+    (version "1.53")
     (source
      (origin
        (method url-fetch)
@@ -5814,7 +5863,7 @@ source file, @file{jl-encrypt.el}.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1fy1lybzrxl8a8r88f6p19nz8ygmvcxhxbnymkxh7jqaz25viwld"))))
+         "1lzaf9m1qr9dhw4nn53g6wszk2vqw95gpsbrc3y85bams4cn24ga"))))
     (build-system emacs-build-system)
     (home-page "https://github.com/hniksic/emacs-htmlize")
     (synopsis "Convert buffer text and decorations to HTML")
@@ -6087,13 +6136,13 @@ which code derived from Kelvin H's org-page.")
        (modify-phases %standard-phases
          (add-after 'unpack 'regenerate-el-files
            (lambda* (#:key inputs #:allow-other-keys)
-             (zero? (system* "make"
-                             (string-append "PROTO_PATH="
-                                            (assoc-ref inputs "xcb-proto")
-                                            "/share/xcb")
-                             (string-append "EMACS_BIN="
-                                            (assoc-ref inputs "emacs")
-                                            "/bin/emacs -Q"))))))))
+             (invoke "make"
+                     (string-append "PROTO_PATH="
+                                    (assoc-ref inputs "xcb-proto")
+                                    "/share/xcb")
+                     (string-append "EMACS_BIN="
+                                    (assoc-ref inputs "emacs")
+                                    "/bin/emacs -Q")))))))
     (native-inputs `(("xcb-proto" ,xcb-proto)))
     (home-page "https://github.com/ch11ng/xelb")
     (synopsis "X protocol Emacs Lisp binding")
@@ -7175,7 +7224,7 @@ messaging service.")
 (define-public emacs-bash-completion
   (package
    (name "emacs-bash-completion")
-   (version "2.0.0")
+   (version "2.1.0")
    (source
     (origin
       (method url-fetch)
@@ -7185,7 +7234,7 @@ messaging service.")
       (file-name (string-append name "-" version ".tar.gz"))
       (sha256
        (base32
-        "0mkci4a1fy8z4cmry8mx5vsx4f16a8r454slnh7lqzidnhfi63hj"))))
+        "1z0qck3v3ra6ivacn8n04w1v33a4xn01xx860761q31qzsv3sksq"))))
    (inputs `(("bash" ,bash)))
    (build-system emacs-build-system)
    (arguments
@@ -7888,7 +7937,7 @@ close, copy, cut, paste, undo, redo.")
 (define-public emacs-password-store
   (package
     (name "emacs-password-store")
-    (version "1.7.1")
+    (version "1.7.2")
     (source (origin
               (method url-fetch)
               (uri
@@ -7896,7 +7945,7 @@ close, copy, cut, paste, undo, redo.")
                               "password-store-" version ".tar.xz"))
               (sha256
                (base32
-                "0scqkpll2q8jhzcgcsh9kqz0gwdpvynivqjmmbzax2irjfaiklpn"))))
+                "1sl0d7nc85c6c2bmmmyb8rpmn47vhkj831l153mjlkawjvhwas27"))))
     (build-system emacs-build-system)
     (arguments
      `(#:phases
@@ -7911,6 +7960,7 @@ close, copy, cut, paste, undo, redo.")
     (propagated-inputs
      `(("emacs-f" ,emacs-f)
        ("emacs-s" ,emacs-s)
+       ("emacs-with-editor" ,emacs-with-editor)
        ("password-store" ,password-store)))
     (home-page "https://git.zx2c4.com/password-store/tree/contrib/emacs")
     (synopsis "Password store (pass) support for Emacs")
@@ -8099,7 +8149,7 @@ object has been freed.")
              #t)))))
     (inputs
      `(("emacs-minimal" ,emacs-minimal)
-       ("mysql" ,mysql)
+       ("mariadb" ,mariadb)
        ("postgresql" ,postgresql)))
     (propagated-inputs
      `(("emacs-finalize" ,emacs-finalize)
@@ -8905,10 +8955,10 @@ confused by comments or @code{foo-bar} matching @code{foo}.")
        (modify-phases %standard-phases
          (add-before 'install 'check
            (lambda* (#:key inputs #:allow-other-keys)
-             (zero? (system* "emacs" "--batch" "-L" "."
-                             "-l" "test/m-buffer-test.el"
-                             "-l" "test/m-buffer-at-test.el"
-                             "-f" "ert-run-tests-batch-and-exit")))))))
+             (invoke "emacs" "--batch" "-L" "."
+                     "-l" "test/m-buffer-test.el"
+                     "-l" "test/m-buffer-at-test.el"
+                     "-f" "ert-run-tests-batch-and-exit"))))))
     (build-system emacs-build-system)
     (home-page "https://github.com/phillord/m-buffer-el")
     (synopsis "List oriented buffer operations for Emacs")
@@ -9592,31 +9642,8 @@ time is being spent during Emacs startup in order to optimize startup time.")
     (license license:gpl3+)))
 
 (define-public emacs-emms-player-simple-mpv
-  (let ((commit "101d120ccdee1c2c213fd2f0423c858b21649c00")
-        (revision "1"))
-    (package
-      (name "emacs-emms-player-simple-mpv")
-      (version (string-append "0.4.0" "-" revision "."
-                              (string-take commit 7)))
-
-      (source
-       (origin
-         (method git-fetch)
-         (uri (git-reference
-               (url "https://github.com/momomo5717/emms-player-simple-mpv.git")
-               (commit commit)))
-         (file-name (git-file-name name version))
-         (sha256
-          (base32
-           "1i6rxkm0ra0jbkkwgkwxg3vk5xfl794h1gkgnlpscynz0v94b6ll"))))
-      (build-system emacs-build-system)
-      (propagated-inputs
-       `(("emacs-emms" ,emms)))
-      (home-page "https://github.com/momomo5717/emms-player-simple-mpv")
-      (synopsis "Extension of @file{emms-player-simple.el} for mpv JSON IPC")
-      (description "@code{emms-player-simple-mpv} provides macros and
-functions for defining emms simple players of mpv.")
-      (license license:gpl3+))))
+  ;; A new mpv backend is included in Emms from 5.0.
+  (deprecated-package "emacs-emms-player-simple-mpv" emms))
 
 (define-public emacs-magit-org-todos-el
   (let ((commit "df206287737b9671f2e36ae7b1474ebbe9940d2a"))
@@ -9905,11 +9932,11 @@ perform regression test for packages that provide font-lock rules.")
       (license license:gpl3+))))
 
 (define-public emacs-racket-mode
-  (let ((commit "33877b1bb24faea68842e0396bd5718b84e47451")
+  (let ((commit "48f0cb99d3b2ca6066249546d2063d85437251c1")
         (revision "1"))
     (package
       (name "emacs-racket-mode")
-      (version (string-append "0.0.1" "-" revision "."
+      (version (string-append "0.0.2" "-" revision "."
                               (string-take commit 7)))
       (source
        (origin
@@ -9920,8 +9947,10 @@ perform regression test for packages that provide font-lock rules.")
          (file-name (string-append name "-" version "-checkout"))
          (sha256
           (base32
-           "0681mzwx08zwbh8qg3s26jw1jn4fw2ljp1akxqkhy08sxhafqvb1"))))
+           "0fxky8xj639bjhiab9way9daqda22301b7w85vm4b4ydgjgnc59x"))))
       (build-system emacs-build-system)
+      (arguments
+       `(#:include '("\\.el$" "\\.rkt$")))
       (propagated-inputs
        `(("emacs-faceup" ,emacs-faceup)
          ("emacs-s" ,emacs-s)))
@@ -10637,27 +10666,8 @@ Org-mode file, and citations of Zotero items in Pandoc Markdown files.")
     (license license:gpl3+)))
 
 (define-public emacs-evil-ediff
-  (package
-    (name "emacs-evil-ediff")
-    (version "20170724")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (string-append
-             "https://github.com/emacs-evil/evil-ediff/archive/"
-             "67b0e69f65c196eff5b39dacb7a9ec05bb919c74"
-             ".tar.gz"))
-       (sha256
-        (base32
-         "0j2x26zfc6md54mjf76qpybil4yal70lp5bifcz62l1f8fc1vvlq"))))
-    (build-system emacs-build-system)
-    (propagated-inputs `(("emacs-evil" ,emacs-evil)))
-    (home-page "https://github.com/emacs-evil/evil-ediff")
-    (synopsis "Make Ediff a little evil")
-    (description
-     "This Emacs package configures Ediff to be friendlier to users of Vi-like
-keybindings.  Consult the help buffer for more information.")
-    (license license:gpl3+)))
+  ;; Evil-Ediff is included in Evil Collection from 20180617.
+  (deprecated-package "emacs-evil-ediff" emacs-evil-collection))
 
 (define-public emacs-evil-magit
   (let ((commit "dbf5a646a7ce1c35c229dfdc423bd5ecd927a3a8"))
@@ -10689,30 +10699,8 @@ describing the key binding changes.")
       (license license:gpl3+))))
 
 (define-public emacs-evil-mu4e
-  (package
-    (name "emacs-evil-mu4e")
-    (version "0.0.8")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (string-append
-             "https://github.com/JorisE/evil-mu4e/archive/"
-             "c03a0e11afda3092eb1461be09fa6a61ebc0e4f6"
-             ".tar.gz"))
-       (sha256
-        (base32
-         "1k3z5h04bqslrkq13paqf8pv9r0rf0zjl0zbb57ly043ds3nvxr2"))))
-    (build-system emacs-build-system)
-    (propagated-inputs
-     `(("emacs-dash" ,emacs-dash)
-       ("emacs-evil" ,emacs-evil)
-       ("mu" ,mu)))
-    (home-page "https://github.com/JorisE/evil-mu4e")
-    (synopsis "Evil-based key bindings for mu4e")
-    (description
-     "Use keybindings for the mu4e mail reader in Emacs that make sense for
-Evil users.")
-    (license license:gpl3+)))
+  ;; Evil-mu4e is included in Evil Collection from 20180617.
+  (deprecated-package "emacs-evil-mu4e" emacs-evil-collection))
 
 (define-public emacs-evil-multiedit
   (let ((commit "ea3d9177b74ab0bc65e55df9cc0a0b42e4ef815d"))
@@ -10778,26 +10766,39 @@ Org-mode.  It features:
       (license license:gpl3+))))
 
 (define-public emacs-fish-completion
-  (package
-    (name "emacs-fish-completion")
-    (version "20180329")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (string-append
-             "https://github.com/Ambrevar/emacs-fish-completion/archive/"
-             "3e3ed1f19fa778b7c35ad88e033dce5a6b1fc153"
-             ".tar.gz"))
-       (sha256
-        (base32
-         "16329py7fvid0bap1qhqxhdc68m9qqy1p8gc2bhng81zhm5a5zsm"))))
-    (build-system emacs-build-system)
-    (propagated-inputs `(("fish" ,fish)))
-    (home-page
-     "https://github.com/Ambrevar/emacs-fish-completion")
-    (synopsis "Fish completion for Emacs pcomplete")
-    (description
-     "This package provides completion for the Fish shell to pcomplete (used
+  (let ((commit "bac15fda1392a891070574dfe5d2d50b10831e8b"))
+    (package
+      (name "emacs-fish-completion")
+      (version (git-version "20180616" "1" commit))
+      (source
+       (origin
+         (method url-fetch)
+         (uri (string-append
+               "https://gitlab.com/Ambrevar/emacs-fish-completion/repository/"
+               "archive.tar.gz?ref="
+               commit))
+         (sha256
+          (base32
+           "093qzdrbkl7dhjk16zq8i13kh1phyigkblcfrbgbrxjqd2ndrfdi"))))
+      (build-system emacs-build-system)
+      (inputs `(("fish" ,fish)))
+      (arguments
+       `(#:phases
+         (modify-phases %standard-phases
+           (add-after 'unpack 'configure
+             (lambda* (#:key inputs outputs #:allow-other-keys)
+               (let ((fish (assoc-ref inputs "fish")))
+                 ;; Specify the absolute file names of the various
+                 ;; programs so that everything works out-of-the-box.
+                 (emacs-substitute-variables
+                     "fish-completion.el"
+                   ("fish-completion-command"
+                    (string-append fish "/bin/fish")))))))))
+      (home-page
+       "https://gitlab.com/Ambrevar/emacs-fish-completion")
+      (synopsis "Fish completion for Emacs pcomplete")
+      (description
+       "This package provides completion for the Fish shell to pcomplete (used
 by shell and Eshell).  You can set it up globally with:
 
 @example
@@ -10812,4 +10813,466 @@ shell/Eshell mode hook.
 The package @code{emacs-bash-completion} is an optional dependency: if available,
 @code{fish-completion-complete} can be configured to fall back on bash to further
 try completing.  See @code{fish-completion-fallback-on-bash-p}.")
-    (license license:gpl3+)))
+      (license license:gpl3+))))
+
+(define-public emacs-gif-screencast
+  (let ((commit "12b25442b97b84abae74ecb5190a9d14ff7cfe5a"))
+    (package
+      (name "emacs-gif-screencast")
+      (version (git-version "20180616" "1" commit))
+      (source
+       (origin
+         (method url-fetch)
+         (uri (string-append
+               "https://gitlab.com/Ambrevar/emacs-gif-screencast/"
+               "repository/archive.tar.gz?ref="
+               commit))
+         (sha256
+          (base32
+           "0lc457i78xjkn5idr2aaiadkh76zcsksj84z0qh80a9y775syrgh"))))
+      (build-system emacs-build-system)
+      (inputs
+       `(("scrot" ,scrot)
+         ("imagemagick" ,imagemagick)
+         ("gifsicle" ,gifsicle)))
+     (arguments
+      `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'configure
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((scrot (assoc-ref inputs "scrot"))
+                   (imagemagick (assoc-ref inputs "imagemagick"))
+                   (gifsicle (assoc-ref inputs "gifsicle")))
+               ;; Specify the absolute file names of the various
+               ;; programs so that everything works out-of-the-box.
+               (emacs-substitute-variables
+                   "gif-screencast.el"
+                 ("gif-screencast-program"
+                  (string-append scrot "/bin/scrot"))
+                 ("gif-screencast-convert-program"
+                  (string-append imagemagick "/bin/convert"))
+                 ("gif-screencast-cropping-program"
+                  (string-append imagemagick "/bin/mogrify"))
+                 ("gif-screencast-optimize-program"
+                  (string-append imagemagick "/bin/gifsicle")))))))))
+      (home-page
+       "https://gitlab.com/Ambrevar/emacs-gif-screencast")
+      (synopsis "One-frame-per-action GIF recording")
+      (description
+       "Call @code{gif-screencast} to start a recording.
+A screenshot is taken for every user action.  Call
+@code{gif-screencast-stop} (<f9> by default) to finish recording and create
+the GIF result.")
+      (license license:gpl3+))))
+
+(define-public emacs-google-translate
+  (let ((commit "d8b84a8359fcc697114d1298840e9a45b111c974"))
+    (package
+      (name "emacs-google-translate")
+      (version (git-version "0.11.14" "1" commit))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/atykhonov/google-translate")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "1qs4hcg1i2m487z50nnwgs0sa2xj4lpgizbrvi2yda0mf3m75fgc"))))
+      (build-system emacs-build-system)
+      (home-page "https://github.com/atykhonov/google-translate")
+      (synopsis "Emacs interface to Google Translate")
+      (description
+       "This packages provides an Emacs interface to the Google Translate
+on-line service.")
+      (license license:gpl3+))))
+
+(define-public emacs-helm-company
+  (let ((commit "acc9c7901e094c1591327a0db1ec7a439f67a84d"))
+    (package
+      (name "emacs-helm-company")
+      (version (git-version "0.2.2" "1" commit))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/Sodel-the-Vociferous/helm-company")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "1d4q9clp0q56br80c21a4wz1gc4jw3mdy97z9mq07x9i8rhlppzs"))))
+      (build-system emacs-build-system)
+      (propagated-inputs
+       `(("emacs-helm" ,emacs-helm)
+         ("emacs-company" ,emacs-company)))
+      (home-page "https://github.com/Sodel-the-Vociferous/helm-company")
+      (synopsis "Helm interface for company-mode")
+      (description
+       "This is a Helm interface to company-mode, a text completion
+framework.")
+      (license license:gpl3+))))
+
+(define-public emacs-helm-descbinds
+  (let ((commit "033be73f21778633813264ce1634a6e1ad873d8e"))
+    (package
+      (name "emacs-helm-descbinds")
+      (version (git-version "1.13" "1" commit))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/emacs-helm/helm-descbinds")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "1n89p56qwa243w1c85i5awnaf7piwjsvfi7nmnsrwm33hix5dknk"))))
+      (build-system emacs-build-system)
+      (propagated-inputs `(("emacs-helm" ,emacs-helm)))
+      (home-page "https://github.com/emacs-helm/helm-descbinds")
+      (synopsis "Convenient @code{describe-bindings} with Helm")
+      (description
+       "This package is a replacement of @code{describe-bindings} for Helm.
+@code{describe-bindings} is replaced with @code{helm-descbinds}.  As usual,
+type @code{C-h b}, or any incomplete key sequence plus @code{C-h}, to run
+@code{helm-descbinds}.  The bindings are presented in a similar way as
+@code{describe-bindings} does, but you can use completion to find the command
+you searched for and execute it, or view its documentation.")
+    (license license:gpl3+))))
+
+(define-public emacs-helm-emms
+  (let ((commit "d3f9bdef8ff0d093eaf6e26af50ea905ab53fdec"))
+    (package
+      (name "emacs-helm-emms")
+      (version (git-version "1.3" "1" commit))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/emacs-helm/helm-emms")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "0bdb8xp0yp3gijpa9i2rc17gfzjhzlm92vdzw93i10qpd1xhj4aa"))))
+      (build-system emacs-build-system)
+      (propagated-inputs
+       `(("emacs-helm" ,emacs-helm)
+         ("emacs-emms" ,emms)))
+      (home-page
+       "https://github.com/emacs-helm/helm-emms")
+      (synopsis "Emms for Helm")
+      (description "Helm interface for Emms to browse all tracks and all folders
+from @code{emms-source-file-default-directory}.")
+      (license license:gpl3+))))
+
+(define-public emacs-helm-exwm
+  (let ((commit "82a856c80c8d295e3be522a01c5a15af50d08990"))
+    (package
+      (name "emacs-helm-exwm")
+      (version (git-version "20180523" "1" commit))
+      (source
+       (origin
+         (method url-fetch)
+         (uri (string-append
+               "https://github.com/emacs-helm/helm-exwm/archive/"
+               commit
+               ".tar.gz"))
+         (sha256
+          (base32
+           "1xsg2lar1vh7jmj5lnnyi14vssxkgy95sv9r8pbfhbnkjkbjm9pb"))))
+      (build-system emacs-build-system)
+      (propagated-inputs
+       `(("emacs-helm" ,emacs-helm)
+         ("emacs-exwm" ,emacs-exwm)))
+      (home-page
+       "https://github.com/emacs-helm/helm-exwm")
+      (synopsis "Helm for EXWM buffers")
+      (description
+       "@code{helm-exwm} runs a Helm session over the list of EXWM buffers.
+@code{helm-exwm-switch} is a convenience X application launcher using Helm to
+switch between the various windows of one or several specific applications.
+See @code{helm-exwm-switch-browser} for an example.")
+      (license license:gpl3+))))
+
+(define-public emacs-helm-flycheck
+  (let ((commit "3cf7d3bb194acacc6395f88360588013d92675d6"))
+    (package
+      (name "emacs-helm-flycheck")
+      (version (git-version "0.4" "1" commit))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/yasuyk/helm-flycheck")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "1a2yfxhz04klwhcandqvfzysxp6b7bxyxx1xk1x3kds5hif5fkl4"))))
+      (build-system emacs-build-system)
+      (propagated-inputs
+       `(("emacs-dash" ,emacs-dash)
+         ("emacs-flycheck" ,flycheck)
+         ("emacs-helm" ,emacs-helm)))
+      (home-page "https://github.com/yasuyk/helm-flycheck")
+      (synopsis "Show Flycheck errors with Helm")
+      (description
+       "This integrates Flycheck with Helm.")
+      (license license:gpl3+))))
+
+(define-public emacs-helm-ls-git
+  (let ((commit "76654c776a7f6e2e5290645e748aac2a746f7daa"))
+    (package
+      (name "emacs-helm-ls-git")
+      (version (git-version "1.9.1" "1" commit))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/emacs-helm/helm-ls-git")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "0vsq1n3xl3ghy5zik2scm7jrs501n4kybdqd6yw6j0cv4jxdqbr0"))))
+      (build-system emacs-build-system)
+      (propagated-inputs `(("emacs-helm" ,emacs-helm)))
+      (home-page "https://github.com/emacs-helm/helm-ls-git")
+      (synopsis "Helm interface for listing the files in a Git repository")
+      (description
+       "This package provides a Helm interface for Git files.
+@itemize
+@item Display the open buffers in project.
+@item Display a status source showing state of project (modified files etc.).
+@item Display a list of all files in project under git control.
+@item Quickly look at diffs of modified files.
+@item Allow switching to @code{git status} with your preferred frontend
+(vc-dir, Magit,etc.).
+@item Full integration of git-grep, also allow usage of @code{helm-grep} (you
+can use ack-grep instead of grep).
+@item Integrate usage of gid from id-utils.
+@item Full integration with @code{helm-find-files}, allow you to browse
+projects unrelated to current-buffer.
+@item In addition, all actions of type files and buffers are provided.
+@end itemize\n")
+      (license license:gpl3+))))
+
+(define-public emacs-helm-mu
+  (let ((commit "77e6fea24e01481418738421dbcfe28ef1bd63cf"))
+    (package
+      (name "emacs-helm-mu")
+      (version (git-version  "20180513" "1" commit))
+      (source
+       (origin
+         (method url-fetch)
+         (uri (string-append
+               "https://github.com/emacs-helm/helm-mu/archive/"
+               commit
+               ".tar.gz"))
+         (sha256
+          (base32
+           "0qm4xi3i957scm50nar398pv4x8y03si10l77jb9ckjaviyq2hj9"))))
+      (build-system emacs-build-system)
+      (propagated-inputs
+       `(("emacs-helm" ,emacs-helm)
+         ("mu" ,mu)))
+      (home-page
+       "https://github.com/emacs-helm/helm-mu")
+      (synopsis
+       "Helm sources for searching emails and contacts")
+      (description
+       "Helm sources for searching emails and contacts using @code{mu} and
+@code{mu4e}.  Mu is an indexer for maildirs and mu4e is a mutt-like MUA for
+Emacs build on top of mu.  Mu is highly efficient making it possible to get
+instant results even for huge maildirs.  It also provides search operators,
+e.g: @code{from:Peter to:Anne flag:attach search term}.")
+      (license license:gpl3+))))
+
+(define-public emacs-helm-pass
+  (let ((commit "ebcbef1a962795a36e3491ae926e2a4b8a8b0ebb"))
+    (package
+      (name "emacs-helm-pass")
+      (version (git-version  "20180416" "1" commit))
+      (source
+       (origin
+         (method url-fetch)
+         (uri (string-append
+               "https://github.com/jabranham/helm-pass/archive/"
+               commit
+               ".tar.gz"))
+         (sha256
+          (base32
+           "1pgq4hj9wvz7z2fyxwsvbh6rmc1akya84v382nx26rr76iavz6wi"))))
+      (build-system emacs-build-system)
+      (propagated-inputs
+       `(("emacs-helm" ,emacs-helm)
+         ("emacs-password-store" ,emacs-password-store)))
+      (home-page
+       "https://github.com/jabranham/helm-pass")
+      (synopsis "Helm interface to pass, the standard Unix password manager")
+      (description
+       "Users of @code{helm-pass} may also be interested in functionality
+provided by other Emacs packages dealing with pass:
+@itemize
+@item @code{emacs-password-store}, which @code{helm-pass} relies on.
+@item @code{emacs-pass}, a major mode for @code{pass}.
+@item @code{auth-source-pass.el}: integration of Emacs' auth-source with
+@code{pass}, included in Emacs 26+).
+@end itemize\n")
+      (license license:gpl3+))))
+
+(define-public emacs-image+
+  (let ((commit "6834d0c09bb4df9ecc0d7a559bd7827fed48fffc"))
+    (package
+      (name "emacs-image+")
+      (version (git-version "0.6.2" "1" commit))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/mhayashi1120/Emacs-imagex")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "0v66wk9nh0raih4jhrzmmyi5lbysjnmbv791vm2230ffi2hmwxnd"))))
+      (build-system emacs-build-system)
+      (inputs `(("imagemagick" ,imagemagick)))
+      (arguments
+       `(#:phases
+         (modify-phases %standard-phases
+           (add-after 'unpack 'configure
+             (lambda* (#:key inputs outputs #:allow-other-keys)
+               (let ((imagemagick (assoc-ref inputs "imagemagick")))
+                 ;; Specify the absolute file names of the various
+                 ;; programs so that everything works out-of-the-box.
+                 (chmod "image+.el" #o666)
+                 (emacs-substitute-variables
+                     "image+.el"
+                   ("imagex-convert-command"
+                    (string-append imagemagick "/bin/convert"))
+                   ("imagex-identify-command"
+                    (string-append imagemagick "/bin/identify")))))))))
+      (home-page "https://github.com/mhayashi1120/Emacs-imagex")
+      (synopsis "Image manipulation extensions for Emacs")
+      (description
+       "Image+ provides keybindings allowing you to zoom in or zoom out of an
+image, rotate it, save modified images, and more.")
+      (license license:gpl3+))))
+
+(define-public emacs-package-lint
+  (let ((commit "69bb89d00ba212b734c676ad056aa793c450b288"))
+    (package
+      (name "emacs-package-lint")
+      (version (git-version "0.5" "1" commit))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/purcell/package-lint")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "1hfricsgmy3x9snnd2p4xq6vnnv94qdsxxnxp07b3hqc9bhw31rq"))))
+      (build-system emacs-build-system)
+      (home-page "https://github.com/purcell/package-lint")
+      (synopsis "Linting library for elisp package authors")
+      (description
+       "This provides a list of issues with the Emacs package metadata of a file,
+e.g. the package dependencies it requires.  See function
+@code{package-lint-buffer}.  Checks will currently be enabled only if a
+\"Package-Requires:\" or \"Package-Version:\" header is present in the
+file.")
+      (license license:gpl3+))))
+
+(define-public emacs-wgrep-helm
+  (let ((commit "1cdd7c136f1e7565bb13d2df69be3dc77b83698d"))
+    (package
+      (name "emacs-wgrep-helm")
+      (version (git-version "2.1.10" "1" commit))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/mhayashi1120/Emacs-wgrep")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "057p99hq0r6z1k8sl15w3sxrqvlv0g9wp39zy1pqhccv2mn3g2d6"))))
+      (build-system emacs-build-system)
+      (propagated-inputs
+       `(("emacs-wgrep" ,emacs-wgrep)))
+      (home-page
+       "https://github.com/mhayashi1120/Emacs-wgrep")
+      (synopsis
+       "Writable helm-grep-mode buffer and apply the changes to files")
+      (description
+       "@code{wgrep-helm} allows you to edit a @code{helm-grep-mode} buffer and
+apply those changes to the file buffer.")
+      (license license:gpl3+))))
+
+(define-public emacs-mu4e-conversation
+  (let ((commit "b60d6bd27d7220c3dd041ff2a090e29f2166a319"))
+    (package
+      (name "emacs-mu4e-conversation")
+      (version (git-version "20180615" "1" commit))
+      (source
+       (origin
+         (method url-fetch)
+         (uri (string-append
+               "https://gitlab.com/Ambrevar/mu4e-conversation/"
+               "repository/archive.tar.gz?ref="
+               commit))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "0x8kmi0rmbaaxn5zicm1f9yb8ynxi8074hi2n0rvymlfpxbpn0ma"))))
+      (build-system emacs-build-system)
+      (propagated-inputs
+       `(("mu" ,mu)))
+      (home-page
+       "https://gitlab.com/Ambrevar/mu4e-conversation")
+      (synopsis
+       "Show a complete thread in a single buffer")
+      (description
+       "This package offers an alternate view to mu4e e-mail display.  It
+shows all e-mails of a thread in a single view, where each correspondant has
+their own face.  Threads can be displayed linearly (in which case e-mails are
+displayed in chronological order) or as an Org document where the node tree
+maps the thread tree.")
+      (license license:gpl3+))))
+
+(define-public emacs-pinentry
+  (let ((commit "dcc9ba03252ee5d39e03bba31b420e0708c3ba0c")
+        (revision "1"))
+    (package
+      (name "emacs-pinentry")
+      (version (git-version "0.1" revision commit))
+      (source
+       (origin
+         (method url-fetch)
+         (uri (string-append
+               "http://git.savannah.gnu.org/cgit/emacs/elpa.git/plain"
+               "/packages/pinentry/pinentry.el?id=" commit))
+         (file-name (string-append "pinentry.el"))
+         (sha256
+          (base32
+           "1lf30q6r8nz5cjzclbb9bbymsk2y75nskvb55hnjdv93gr3j0sik"))))
+      (build-system emacs-build-system)
+      (propagated-inputs
+       `(("gnupg" ,gnupg)))
+      (home-page "https://elpa.gnu.org/packages/pinentry.html")
+      (synopsis "GnuPG Pinentry server implementation")
+      (description
+       "This package allows GnuPG passphrase to be prompted through the
+minibuffer instead of graphical dialog.
+
+To use, add @code{allow-emacs-pinentry} to @code{~/.gnupg/gpg-agent.conf},
+reload the configuration with @code{gpgconf --reload gpg-agent}, and start the
+server with @code{M-x pinentry-start}.")
+      (license license:gpl3+))))
diff --git a/gnu/packages/emulators.scm b/gnu/packages/emulators.scm
index 8fbb804e57..f669213f4f 100644
--- a/gnu/packages/emulators.scm
+++ b/gnu/packages/emulators.scm
@@ -56,13 +56,19 @@
   #:use-module (gnu packages libedit)
   #:use-module (gnu packages libusb)
   #:use-module (gnu packages linux)
+  #:use-module (gnu packages lua)
+  #:use-module (gnu packages maths)
   #:use-module (gnu packages mp3)
+  #:use-module (gnu packages music)
   #:use-module (gnu packages ncurses)
+  #:use-module (gnu packages networking)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages python)
   #:use-module (gnu packages qt)
   #:use-module (gnu packages sdl)
+  #:use-module (gnu packages texinfo)
+  #:use-module (gnu packages textutils)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages upnp)
   #:use-module (gnu packages video)
@@ -72,6 +78,7 @@
   #:use-module (gnu packages xiph)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages xorg)
+  #:use-module (gnu packages web)
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu))
 
@@ -1170,3 +1177,188 @@ already have their data files.  The clever part about this: ScummVM
 just replaces the executables shipped with the games, allowing you to
 play them on systems for which they were never designed!")
     (license license:gpl2+)))
+
+(define-public mame
+  (package
+    (name "mame")
+    (version "0.199")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/mamedev/mame.git")
+             (commit (apply string-append "mame" (string-split version #\.)))))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32
+         "0rb2k6dxss36jjalbpvj2xsqdwqyqy89qab7jpv8ig1y08dpg36n"))
+       (modules '((guix build utils)))
+       (snippet
+        ;; Remove bundled libraries.
+        '(begin
+           (with-directory-excursion "3rdparty"
+             (for-each delete-file-recursively
+                       '("asio" "expat" "glm" "libflac" "libjpeg" "lua"
+                         "portaudio" "portmidi" "pugixml" "rapidjson" "SDL2"
+                         "SDL2-override" "sqlite3" "utf8proc" "zlib")))
+           #t))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:make-flags
+       (cons*
+        (string-append "QT_HOME=" (assoc-ref %build-inputs "qtbase"))
+        (string-append "SDL_INI_PATH="
+                       (assoc-ref %outputs "out")
+                       "/share/mame/ini")
+        (map (lambda (lib)
+               (string-append "USE_SYSTEM_LIB_" (string-upcase lib) "=1"))
+             '("asio" "expat" "flac" "glm" "jpeg" "lua" "portaudio" "portmidi"
+               "pugixml" "rapidjson" "sqlite3" "utf8proc" "zlib")))
+       #:tests? #f                      ;no test in regular release
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (add-after 'build 'build-documentation
+           (lambda _ (invoke "make" "-C" "docs" "man" "info")))
+         (replace 'install
+           ;; Upstream does not provide an installation phase.
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (share (string-append out "/share/mame")))
+               ;; Install data.
+               (for-each (lambda (dir)
+                           (copy-recursively dir (string-append share "/" dir)))
+                         '("artwork" "bgfx" "ctrlr" "hash" "ini" "language"
+                           "plugins" "samples"))
+               (let ((keymaps (string-append share "/keymaps")))
+                 (for-each (lambda (file) (install-file file keymaps))
+                           (find-files "keymaps" ".*LINUX\\.map")))
+               (let ((fonts (string-append share "/fonts")))
+                 (install-file "uismall.bdf" fonts))
+               (when (file-exists? "mame64")
+                 (rename-file "mame64" "mame"))
+               (install-file "mame" (string-append out "/bin")))
+             #t))
+         (add-after 'install 'install-documentation
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (man (string-append out "/share/man/man1"))
+                    (info (string-append out "/share/info")))
+               (install-file "docs/build/man/MAME.1" man)
+               (install-file "docs/build/texinfo/MAME.info" info))
+             #t))
+         (add-after 'install 'install-ini-file
+           ;; Generate an ini file so as to set some directories (e.g., roms)
+           ;; to a writable location, i.e., "$HOME/.mame/" and "$HOME/mame/".
+           ;;
+           ;; XXX: We need to insert absolute references to the store.  It can
+           ;; be an issue if they leak into user's home directory, e.g., with
+           ;; "mame -createconfig" and the package is later GC'ed.
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (share (string-append out "/share/mame"))
+                    (ini (string-append share "/ini")))
+               (with-output-to-file (string-append ini "/mame.ini")
+                 (lambda _
+                   (format #t
+                           "inipath              $HOME/.mame;~a/ini~@
+                            homepath             $HOME/mame~@
+                            rompath              $HOME/mame/roms~@
+                            samplepath           $HOME/mame/samples;~a/samples~@
+                            cheatpath            $HOME/mame/cheat~@
+                            artpath              $HOME/mame/artwork;~a/artwork~@
+                            crosshairpath        $HOME/mame/crosshair~@
+                            snapshot_directory   $HOME/mame/snapshots~@
+                            hashpath             ~a/hash~@
+                            fontpath             $HOME/mame/fonts;~a/fonts~@
+                            ctrlrpath            $HOME/mame/ctrlr;~a/ctrlr~@
+                            bgfx_path            ~a/bgfx~@
+                            pluginspath          $HOME/mame/plugins;~a/plugins~@
+                            languagepath         ~a/language~@
+                            cfg_directory        $HOME/.mame/cfg~@
+                            nvram_directory      $HOME/.mame/nvram~@
+                            input_directory      $HOME/.mame/inp~@
+                            state_directory      $HOME/.mame/sta~@
+                            diff_directory       $HOME/.mame/diff~@
+                            comment_directory    $HOME/.mame/comments~%"
+                           share share share share share share share share
+                           share)))
+               (with-output-to-file (string-append ini "/ui.ini")
+                 (lambda _
+                   (format #t
+                           "historypath          $HOME/mame/history~@
+                            categorypath         $HOME/mame/folders~@
+                            cabinets_directory   $HOME/mame/cabinets~@
+                            cpanels_directory    $HOME/mame/cpanel~@
+                            pcbs_directory       $HOME/mame/pcb~@
+                            flyers_directory     $HOME/mame/flyers~@
+                            titles_directory     $HOME/mame/titles~@
+                            ends_directory       $HOME/mame/ends~@
+                            marquees_directory   $HOME/mame/marquees~@
+                            artwork_preview_directory $HOME/mame/artpreview~@
+                            bosses_directory     $HOME/mame/bosses~@
+                            logos_directory      $HOME/mame/logo~@
+                            scores_directory     $HOME/mame/scores~@
+                            versus_directory     $HOME/mame/versus~@
+                            gameover_directory   $HOME/mame/gameover~@
+                            howto_directory      $HOME/mame/howto~@
+                            select_directory     $HOME/mame/select~@
+                            icons_directory      $HOME/mame/icons~@
+                            covers_directory     $HOME/mame/covers~@
+                            ui_path              $HOME/.mame/ui~%")))
+               #t)))
+         (add-after 'install 'install-desktop-file
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (desktop (string-append out "/share/applications"))
+                    (executable (string-append out "/bin/mame")))
+               (mkdir-p desktop)
+               (with-output-to-file (string-append desktop "/mame.desktop")
+                 (lambda _
+                   (format #t
+                           "[Desktop Entry]~@
+                           Name=mame~@
+                           Comment=Multi-purpose emulation framework~@
+                           Exec=~a~@
+                           TryExec=~@*~a~@
+                           Terminal=false~@
+                           Type=Application~@
+                           Categories=Game;Emulator;~@
+                           Keywords=Game;Emulator;Arcade;~%"
+                           executable)))
+               #t))))))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("pugixml" ,pugixml)
+       ("python-sphinx" ,python-sphinx)
+       ("texinfo" ,texinfo)))
+    (inputs
+     `(("alsa-lib" ,alsa-lib)
+       ("asio" ,asio)
+       ("expat" ,expat)
+       ("flac" ,flac)
+       ("fontconfig" ,fontconfig)
+       ("glm" ,glm)
+       ("libjpeg" ,libjpeg-8)    ;jpeg_read_header argument error in libjpeg-9
+       ("libxinerama" ,libxinerama)
+       ("lua" ,lua)
+       ("portaudio" ,portaudio)
+       ("portmidi" ,portmidi)
+       ("python-wrapper" ,python-wrapper)
+       ("qtbase" ,qtbase)
+       ("rapidjson" ,rapidjson)
+       ("sdl" ,(sdl-union (list sdl2 sdl2-ttf)))
+       ("sqlite" ,sqlite)
+       ("utf8proc" ,utf8proc)
+       ("zlib" ,zlib)))
+    (home-page "http://mamedev.org/")
+    (synopsis "Multi-purpose emulation framework")
+    (description "MAME's purpose is to preserve decades of software
+history.  As electronic technology continues to rush forward, MAME
+prevents this important @emph{vintage} software from being lost and
+forgotten.  This is achieved by documenting the hardware and how it
+functions.  The source code to MAME serves as this documentation.")
+    ;; The MAME project as a whole is distributed under the terms of GPL2+.
+    ;; However, over 90% of the files are under Expat license.  Also, artwork,
+    ;; keymaps, languages and samples are under CC0.
+    (license (list license:gpl2+ license:expat license:cc0))))
diff --git a/gnu/packages/engineering.scm b/gnu/packages/engineering.scm
index 6c3846ff76..8578789872 100644
--- a/gnu/packages/engineering.scm
+++ b/gnu/packages/engineering.scm
@@ -4,7 +4,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 David Thompson <davet@gnu.org>
 ;;; Copyright © 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2016, 2017 Theodoros Foradis <theodoros@foradis.org>
+;;; Copyright © 2016, 2017, 2018 Theodoros Foradis <theodoros@foradis.org>
 ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
@@ -1175,14 +1175,14 @@ high-performance parallel differential evolution (DE) optimization algorithm.")
   ;; See <https://debbugs.gnu.org/cgi/bugreport.cgi?bug=27344#236>.
   (package
     (name "libngspice")
-    (version "26")
+    (version "28")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/ngspice/ng-spice-rework/"
                                   version "/ngspice-" version ".tar.gz"))
               (sha256
                (base32
-                "02019ndcl057nq9z41nxycqba7wxlb081ibvfj9jv010nz431qji"))
+                "0rnz2rdgyav16w7wfn3sfrk2lwvvgz1fh0l9107zkcldijklz04l"))
               (modules '((guix build utils)))
               ;; We remove the non-free cider and build without it.
               (snippet
@@ -1206,7 +1206,7 @@ high-performance parallel differential evolution (DE) optimization algorithm.")
          (add-after 'unpack 'patch-timestamps
            (lambda _
              (substitute* "configure"
-               (("`date`") "Do 1. Jan 00:00:00 UTC 1970"))
+               (("`date`") "Thu Jan  1 00:00:01 UTC 1970"))
              #t))
          (add-after 'unpack 'delete-program-manuals
            (lambda _
@@ -1279,17 +1279,27 @@ an embedded event driven algorithm.")
   ;; TODO: Remove when we have modular Trilinos packages?
   (package
     (name "trilinos-serial-xyce")
-    (version "12.6.3")
+    (version "12.12.1")
     (source
      (origin (method url-fetch)
              (uri (string-append "https://trilinos.org/oldsite/download/files/trilinos-"
                                  version "-Source.tar.gz"))
              (sha256
               (base32
-               "07jd1qpsbf31cmbyyngr4l67xzwyan24dyx5wlcahgbw7x6my3wn"))))
+               "1zgrcksrcbmyy79mbdv0j4j4sh0chpigxk8vcrrwgaxyxwxxhrvw"))))
     (build-system cmake-build-system)
     (arguments
      `(#:out-of-source? #t
+       #:phases
+       (modify-phases %standard-phases
+         ;; Delete unneeded tribits(build system) directory which makes validate-runpath
+         ;; phase to fail.
+         (add-before 'validate-runpath 'delete-tribits
+           (lambda* (#:key outputs #:allow-other-keys)
+             (delete-file-recursively
+              (string-append (assoc-ref outputs "out")
+                             "/lib/cmake/tribits"))
+             #t)))
        #:configure-flags
        (list "-DCMAKE_CXX_FLAGS=-O3 -fPIC"
              "-DCMAKE_C_FLAGS=-O3 -fPIC"
@@ -1322,7 +1332,7 @@ an embedded event driven algorithm.")
        ("swig" ,swig)))
     (inputs
      `(("boost" ,boost)
-       ("lapack" ,lapack-3.5)
+       ("lapack" ,lapack)
        ("suitesparse" ,suitesparse)))
     (home-page "https://trilinos.org")
     (synopsis "Engineering and scientific problems algorithms")
@@ -1337,14 +1347,14 @@ unique design feature of Trilinos is its focus on packages.")
 (define-public xyce-serial
   (package
     (name "xyce-serial")
-    (version "6.7")
+    (version "6.8")
     (source
      (origin (method url-fetch)
              (uri (string-append "https://archive.org/download/Xyce-"
                                  version "/Xyce-" version ".tar.gz"))
              (sha256
               (base32
-               "02k952mnvrnc5kv7r65fdrn7khwq1lbyhwyvd7jznafzdpsvgm4x"))))
+               "09flp1xywbb2laayd9rg8vd0fjsh115y6k1p71jacy0nrbdvvlcg"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f
@@ -1360,7 +1370,7 @@ unique design feature of Trilinos is its focus on packages.")
     (inputs
      `(("fftw" ,fftw)
        ("suitesparse" ,suitesparse)
-       ("lapack" ,lapack-3.5)
+       ("lapack" ,lapack)
        ("trilinos" ,trilinos-serial-xyce)))
     (home-page "https://xyce.sandia.gov/")
     (synopsis "High-performance analog circuit simulator")
@@ -1395,8 +1405,6 @@ parallel computing platforms.  It also supports serial execution.")
                    "CC=mpicc"
                    "F77=mpif77"
                    "--enable-mpi"
-                   "--enable-isorropia=no"
-                   "--enable-zoltan=no"
                    (string-append
                     "ARCHDIR="
                     (assoc-ref %build-inputs "trilinos")))))))
@@ -1503,116 +1511,134 @@ parallel computing platforms.  It also supports serial execution.")
                    license:lgpl2.0+)))) ; freehdl's libraries
 
 (define-public qucs
-  (package
-    (name "qucs")
-    (version "0.0.19")
-    (source (origin
-              (method url-fetch)
-              (uri
-               (string-append
-                "https://sourceforge.net/projects/qucs/files/qucs/" version
-                "/qucs-" version ".tar.gz"))
-              (sha256
-               (base32
-                "0giv9gfyfdizvjhq56x2pdncrlyv3k15lrsh6pk37i94vr7l7ij5"))))
-    (build-system gnu-build-system)
-    (arguments
-     `(#:phases
-       (modify-phases %standard-phases
-         (add-before 'configure 'patch-configure
-           (lambda* (#:key inputs #:allow-other-keys)
-             (substitute* "qucs/configure"
-               (("\\$QTDIR") (assoc-ref inputs "qt4")))
-             #t))
-         (add-after 'patch-configure 'patch-scripts
-           (lambda* (#:key inputs outputs #:allow-other-keys)
-             (substitute* '("qucs/qucs/qucsdigi"
-                            "qucs/qucs/qucsdigilib"
-                            "qucs/qucs/qucsveri")
-               (("\\$BINDIR")
-                (string-append (assoc-ref outputs "out") "/bin"))
-               (("freehdl-config")
-                (string-append (assoc-ref inputs "freehdl") "/bin/freehdl-config"))
-               (("freehdl-v2cc")
-                (string-append (assoc-ref inputs "freehdl") "/bin/freehdl-v2cc"))
-               (("cp ")
-                (string-append (assoc-ref inputs "coreutils") "/bin/cp "))
-               (("glibtool")
-                (string-append (assoc-ref inputs "libtool") "/bin/libtool"))
-               (("sed")
-                (string-append (assoc-ref inputs "sed") "/bin/sed"))
-               (("iverilog")
-                (string-append (assoc-ref inputs "iverilog") "/bin/iverilog"))
-               (("vvp")
-                (string-append (assoc-ref inputs "iverilog") "/bin/vvp")))
-             #t))
-         (add-before 'check 'pre-check
-           (lambda _
-             ;; The test suite requires a running X server.
-             (system "Xvfb :1 &")
-             (setenv "DISPLAY" ":1")
-             #t))
-         (add-after 'install 'make-wrapper
-           (lambda* (#:key inputs outputs #:allow-other-keys)
-             (let ((out (assoc-ref outputs "out")))
-               ;; 'qucs' directly invokes gcc, hence this wrapping.
-               (wrap-program (string-append out "/bin/qucs")
-                 `("CPLUS_INCLUDE_PATH" ":" prefix
-                   (,(string-append (assoc-ref inputs "gcc-toolchain")
-                                    "/include")))
-                 `("PATH" ":" prefix
-                   (,(string-append (assoc-ref inputs "gcc-toolchain")
-                                    "/bin")))
-                 `("LIBRARY_PATH" ":" prefix
-                   (,(string-append (assoc-ref inputs "gcc-toolchain")
-                                    "/lib")))
-                 `("ADMSXMLBINDIR" ":" prefix
-                   (,(string-append (assoc-ref inputs "adms") "/bin")))
-                 `("ASCOBINDIR" ":" prefix
-                   (,(string-append (assoc-ref inputs "asco") "/bin")))
-                 `("QUCS_OCTAVE" ":" prefix
-                   (,(string-append (assoc-ref inputs "octave") "/bin/octave")))))
-             #t)))
-       #:parallel-build? #f ; race condition
-       #:configure-flags '("--disable-doc"))) ; we need octave-epstk
-    (native-inputs
-     `(("gperf" ,gperf)
-       ("libtool-native" ,libtool)
-       ("python" ,python-2) ; for tests
-       ("matplotlib" ,python2-matplotlib) ; for tests
-       ("numpy" ,python2-numpy) ; for tests
-       ("xorg-server" ,xorg-server))) ; for tests
-    (inputs
-     `(("adms" ,adms)
-       ("asco" ,asco)
-       ("coreutils" ,coreutils)
-       ("freehdl" ,freehdl)
-       ("gcc-toolchain" ,gcc-toolchain)
-       ("iverilog" ,iverilog)
-       ("libtool" ,libtool)
-       ("octave" ,octave)
-       ("qt4" ,qt-4)
-       ("sed" ,sed)))
-    (home-page "http://qucs.sourceforge.net/")
-    (synopsis "Circuit simulator with graphical user interface")
-    (description
-     "Qucs is a circuit simulator with graphical user interface.  The software
+  ;; Qucs 0.0.19 segfaults when using glibc-2.26. Temporarily build from git.
+  ;; TODO: When qucs-0.0.20 is released, revert the commit that introduced this
+  ;; comment and update the package.
+  (let ((commit "b4f27d9222568066cd59e4c387c51a35056c99d8")
+        (revision "0"))
+    (package
+      (name "qucs")
+      (version (git-version "0.0.19" revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/Qucs/qucs")
+                      (commit commit)))
+                (sha256
+                 (base32 "10bclay9xhkffmsh4j4l28kj1qpxx0pnxja5vx6305cllnq4r3gb"))
+                (file-name (string-append name "-" version "-checkout"))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:phases
+         (modify-phases %standard-phases
+           (add-before 'bootstrap 'patch-bootstrap
+             (lambda _
+               (for-each patch-shebang
+                         '("bootstrap"
+                           "qucs/bootstrap"
+                           "qucs-doc/bootstrap"
+                           "qucs-core/bootstrap"))
+               #t))
+           (add-before 'configure 'patch-configure
+             (lambda* (#:key inputs #:allow-other-keys)
+               (substitute* "qucs/configure"
+                 (("\\$QTDIR") (assoc-ref inputs "qt4")))
+               #t))
+           (add-after 'patch-configure 'patch-scripts
+             (lambda* (#:key inputs outputs #:allow-other-keys)
+               (substitute* '("qucs/qucs/qucsdigi"
+                              "qucs/qucs/qucsdigilib"
+                              "qucs/qucs/qucsveri")
+                 (("\\$BINDIR")
+                  (string-append (assoc-ref outputs "out") "/bin"))
+                 (("freehdl-config")
+                  (string-append (assoc-ref inputs "freehdl") "/bin/freehdl-config"))
+                 (("freehdl-v2cc")
+                  (string-append (assoc-ref inputs "freehdl") "/bin/freehdl-v2cc"))
+                 (("cp ")
+                  (string-append (assoc-ref inputs "coreutils") "/bin/cp "))
+                 (("glibtool")
+                  (string-append (assoc-ref inputs "libtool") "/bin/libtool"))
+                 (("sed")
+                  (string-append (assoc-ref inputs "sed") "/bin/sed"))
+                 (("iverilog")
+                  (string-append (assoc-ref inputs "iverilog") "/bin/iverilog"))
+                 (("vvp")
+                  (string-append (assoc-ref inputs "iverilog") "/bin/vvp")))
+               #t))
+           (add-before 'check 'pre-check
+             (lambda _
+               ;; The test suite requires a running X server.
+               (system "Xvfb :1 &")
+               (setenv "DISPLAY" ":1")
+               #t))
+           (add-after 'install 'make-wrapper
+             (lambda* (#:key inputs outputs #:allow-other-keys)
+               (let ((out (assoc-ref outputs "out")))
+                 ;; 'qucs' directly invokes gcc, hence this wrapping.
+                 (wrap-program (string-append out "/bin/qucs")
+                   `("CPLUS_INCLUDE_PATH" ":" prefix
+                     (,(string-append (assoc-ref inputs "gcc-toolchain")
+                                      "/include")))
+                   `("PATH" ":" prefix
+                     (,(string-append (assoc-ref inputs "gcc-toolchain")
+                                      "/bin")))
+                   `("LIBRARY_PATH" ":" prefix
+                     (,(string-append (assoc-ref inputs "gcc-toolchain")
+                                      "/lib")))
+                   `("ADMSXMLBINDIR" ":" prefix
+                     (,(string-append (assoc-ref inputs "adms") "/bin")))
+                   `("ASCOBINDIR" ":" prefix
+                     (,(string-append (assoc-ref inputs "asco") "/bin")))
+                   `("QUCS_OCTAVE" ":" prefix
+                     (,(string-append (assoc-ref inputs "octave") "/bin/octave")))))
+               #t)))
+         #:parallel-build? #f ; race condition
+         #:configure-flags '("--disable-doc"))) ; we need octave-epstk
+      (native-inputs
+       `(("autoconf" ,autoconf)
+         ("automake" ,automake)
+         ("bison" ,bison)
+         ("flex" ,flex)
+         ("gperf" ,gperf)
+         ("libtool-native" ,libtool)
+         ("pkg-config" ,pkg-config)
+         ("python" ,python-2) ; for tests
+         ("matplotlib" ,python2-matplotlib) ; for tests
+         ("numpy" ,python2-numpy) ; for tests
+         ("xorg-server" ,xorg-server))) ; for tests
+      (inputs
+       `(("adms" ,adms)
+         ("asco" ,asco)
+         ("coreutils" ,coreutils)
+         ("freehdl" ,freehdl)
+         ("gcc-toolchain" ,gcc-toolchain)
+         ("iverilog" ,iverilog)
+         ("libtool" ,libtool)
+         ("octave" ,octave)
+         ("qt4" ,qt-4)
+         ("sed" ,sed)))
+      (home-page "http://qucs.sourceforge.net/")
+      (synopsis "Circuit simulator with graphical user interface")
+      (description
+       "Qucs is a circuit simulator with graphical user interface.  The software
 aims to support all kinds of circuit simulation types---e.g. DC, AC,
 S-parameter, transient, noise and harmonic balance analysis.  Pure digital
 simulations are also supported.")
-    (license license:gpl2+)))
+      (license license:gpl2+))))
 
 (define-public qucs-s
   (package
     (name "qucs-s")
-    (version "0.0.19S")
+    (version "0.0.20")
     (source (origin
               (method url-fetch)
-              (uri (string-append "https://github.com/ra3xdh/qucs/releases/download/"
-                                  version "/qucs-" version ".tar.gz"))
+              (uri (string-append "https://github.com/ra3xdh/qucs_s/archive/"
+                                  version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1bhahvdqmayaw0306fxz1ghmjhd4fq05yk3rk7zi0z703w5imgjv"))))
+                "01dizf4rjciqc8x7bmv3kbhdlz90bm6n9m9fz7dbzqcwvszcs1hx"))))
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f ; no tests
@@ -1647,19 +1673,21 @@ simulations are also supported.")
                                 "\\+ \"qucsator\" \\+ executableSuffix"))
                 (string-append "}{ QucsSettings.Qucsator = \""
                                (assoc-ref inputs "qucs") "/bin/qucsator\""))
-               (((string-append "else QucsSettings\\.XyceExecutable = "
-                                "\"/usr/local/Xyce-Release-6.2.0-OPENSOURCE/bin/runxyce"))
-                (string-append "QucsSettings.XyceExecutable = \""
+               (((string-append "QucsSettings\\.XyceExecutable = "
+                                "\"/usr/local/Xyce-Release-6.8.0-OPENSOURCE/bin/Xyce"))
+                (string-append "}{ QucsSettings.XyceExecutable = \""
                                (assoc-ref inputs "xyce-serial") "/bin/Xyce"))
-               (((string-append "else QucsSettings\\.XyceParExecutable = \"/usr/local"
-                                "/Xyce-Release-6.2.0-OPENMPI-OPENSOURCE/bin/xmpirun"))
+               (((string-append "else QucsSettings\\.XyceParExecutable = "
+                                "\"mpirun -np %p /usr/local"
+                                "/Xyce-Release-6.8.0-OPENMPI-OPENSOURCE/bin/Xyce"))
                 (string-append "QucsSettings.XyceParExecutable = \""
-                               (assoc-ref inputs "mpi") "/bin/mpirun"))
-               (("%p")
-                (string-append "%p "(assoc-ref inputs "xyce-parallel") "/bin/Xyce"))
+                               (assoc-ref inputs "mpi") "/bin/mpirun -np %p "
+                               (assoc-ref inputs "xyce-parallel") "/bin/Xyce"))
                (("else QucsSettings\\.NgspiceExecutable = \"ngspice\"")
                 (string-append "QucsSettings.NgspiceExecutable = " "\""
                                (assoc-ref inputs "ngspice") "/bin/ngspice\"")))
+             (substitute* "qucs/extsimkernels/ngspice.cpp"
+               (("share/qucs/xspice_cmlib") "share/qucs-s/xspice_cmlib"))
              (substitute* "qucs/qucs_actions.cpp"
                (("qucstrans")
                 (string-append (assoc-ref inputs "qucs") "/bin/qucstrans"))
@@ -1672,7 +1700,7 @@ simulations are also supported.")
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (for-each
               (lambda (script)
-                (let ((file (string-append "../qucs-" ,version
+                (let ((file (string-append "../qucs_s-" ,version
                                            "/qucs/" script))
                       (out (assoc-ref outputs "out")))
                   (install-file file (string-append out "/bin"))
diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm
index d749ada9f0..cff5ab14a9 100644
--- a/gnu/packages/enlightenment.scm
+++ b/gnu/packages/enlightenment.scm
@@ -177,7 +177,7 @@ removable devices or support for multimedia.")
 (define-public terminology
   (package
     (name "terminology")
-    (version "1.2.0")
+    (version "1.2.1")
     (source (origin
               (method url-fetch)
               (uri
@@ -185,7 +185,7 @@ removable devices or support for multimedia.")
                               "terminology/terminology-" version ".tar.xz"))
               (sha256
                (base32
-                "0kw34l5lahn1qaks3ah6x8k41d6hfywpqfak2p7qq1z87zj506mx"))
+                "1ii8332bl88l8md3gvz5dhi9bjpm6shyf14ck9kfyy7d56hp71mc"))
               (modules '((guix build utils)))
               ;; Remove the bundled fonts.
               ;; TODO: Remove bundled lz4.
diff --git a/gnu/packages/erlang.scm b/gnu/packages/erlang.scm
index 0e2b7b5bcb..1c18efe9da 100644
--- a/gnu/packages/erlang.scm
+++ b/gnu/packages/erlang.scm
@@ -89,6 +89,7 @@
                   (guix build gnu-build-system))
        #:phases
        (modify-phases %standard-phases
+         (delete 'bootstrap)
          ;; The are several code fragments that embed timestamps into the
          ;; output. Here, we alter those fragments to use the value of
          ;; SOURCE_DATE_EPOCH instead.
@@ -127,6 +128,29 @@
                   (date->string source-date-epoch
                                 "{H,Mi,S} = {~H,~M,~S},")))
                #t)))
+         (add-after 'unpack 'patch-/bin/sh
+           (lambda _
+             (substitute* "erts/etc/unix/run_erl.c"
+               (("sh = \"/bin/sh\";")
+                (string-append "sh = \""
+                               (which "sh")
+                               "\";")))
+
+             (substitute* "erts/emulator/sys/unix/sys_drivers.c"
+               (("SHELL \"/bin/sh\"")
+                (string-append "SHELL \""
+                               (which "sh")
+                               "\"")))
+             (substitute* "erts/emulator/sys/unix/erl_child_setup.c"
+               (("SHELL \"/bin/sh\"")
+                (string-append "SHELL \""
+                               (which "sh")
+                               "\"")))
+
+             (substitute* "lib/kernel/src/os.erl"
+               (("/bin/sh") (which "sh")))
+
+             #t))
          (add-after 'patch-source-shebangs 'patch-source-env
            (lambda _
              (let ((escripts
diff --git a/gnu/packages/fcitx.scm b/gnu/packages/fcitx.scm
index fc55df14a6..bcd5f12dd1 100644
--- a/gnu/packages/fcitx.scm
+++ b/gnu/packages/fcitx.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -35,14 +36,14 @@
 (define-public fcitx
   (package
     (name "fcitx")
-    (version "4.2.8.6")
+    (version "4.2.9.6")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://download.fcitx-im.org/fcitx/"
                                   name "-" version "_dict.tar.xz"))
               (sha256
                (base32
-                "15ymd42kg920ri0f8fymq3i68g8k1kgpmdlnk9jf5fvnz6g4w0wi"))))
+                "0hyrh3v82a32ylnlvzrp6cmq56x4p1a42q5xc6njmmj2msxm34x5"))))
     (build-system cmake-build-system)
     (outputs '("out" "gtk2" "gtk3"))
     (arguments
@@ -65,7 +66,12 @@
              "-DENABLE_QT_IM_MODULE=OFF")))
     (native-inputs
      `(("doxygen"    ,doxygen)
-       ("glib:bin"   ,glib "bin")    ; for glib-genmarshal
+       ("extra-cmake-modules"
+        ;; XXX: We can't simply #:use-module due to a cycle somewhere.
+        ,(module-ref
+          (resolve-interface '(gnu packages kde-frameworks))
+          'extra-cmake-modules))
+       ("glib:bin"   ,glib "bin")       ; for glib-genmarshal
        ("pkg-config" ,pkg-config)))
     (inputs
      `(("dbus"             ,dbus)
@@ -78,7 +84,7 @@
        ("libxkbfile"       ,libxkbfile)
        ("libxml2"          ,libxml2)
        ("xkeyboard-config" ,xkeyboard-config)))
-    (home-page "http://fcitx-im.org")
+    (home-page "https://fcitx-im.org")
     (synopsis "Input method framework")
     (description
      "Fcitx is an input method framework with extension support.  It has
@@ -89,14 +95,14 @@ built-in.")
 (define-public fcitx-configtool
   (package
    (name "fcitx-configtool")
-   (version "0.4.8")
+   (version "0.4.10")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://download.fcitx-im.org/fcitx-configtool/"
                   name "-" version ".tar.xz"))
             (sha256
              (base32
-              "1vaim0namw58bfafbvws1vgd4010p19zwqfbx6bd1zi5sgchdg0f"))))
+              "1yyi9jhkwn49lx9a47k1zbvwgazv4y4z72gnqgzdpgdzfrlrgi5w"))))
    (build-system cmake-build-system)
    (arguments
     `(#:configure-flags
diff --git a/gnu/packages/file-systems.scm b/gnu/packages/file-systems.scm
index 4fd33ae901..3c9d7d49c1 100644
--- a/gnu/packages/file-systems.scm
+++ b/gnu/packages/file-systems.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Gábor Boskovits <boskovits@gmail.com>
-;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017, 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -144,7 +144,7 @@ non-determinism in the build process.")
 (define-public glusterfs
   (package
     (name "glusterfs")
-    (version "3.10.7")
+    (version "3.10.12")
     (source
      (origin
        (method url-fetch)
@@ -153,7 +153,7 @@ non-determinism in the build process.")
                            "/glusterfs-" version ".tar.gz"))
        (sha256
         (base32
-         "02sn9s3jjva2i1l47y3in326n8jgp57rbykz5s8m87y4bzpw0ym1"))
+         "01ysvamvfv2l5pswa1rygpg8w0954h2wkh1ba97h3nx03m5n0prg"))
        (patches
         (search-patches "glusterfs-use-PATH-instead-of-hardcodes.patch"))))
     (build-system gnu-build-system)
@@ -170,11 +170,12 @@ non-determinism in the build process.")
              ;; must be replaced.
              (install-file (string-append (assoc-ref inputs "automake")
                                           "/share/automake-"
-                                          ,(package-version automake) "/config.sub")
+                                          ,(version-major+minor (package-version automake)) "/config.sub")
                            ".")
              #t))
          ;; Fix flex error.  This has already been fixed with upstream commit
-         ;; db3fe245a9e8812829eae7d143e49d0bfdfef9a7.
+         ;; db3fe245a9e8812829eae7d143e49d0bfdfef9a7, but is not available in
+         ;; current releases.
          (add-before 'configure 'fix-lex
            (lambda _
              (substitute* "libglusterfs/src/Makefile.in"
diff --git a/gnu/packages/firmware.scm b/gnu/packages/firmware.scm
index 986e1d6219..176eef5137 100644
--- a/gnu/packages/firmware.scm
+++ b/gnu/packages/firmware.scm
@@ -209,7 +209,8 @@ by the b43-open driver of Linux-libre.")
              (let* ((out (assoc-ref outputs "out"))
                     (fmw (string-append out "/share/firmware")))
                (mkdir-p fmw)
-               (copy-file "out/bios.bin" (string-append fmw "/bios.bin"))))))))
+               (copy-file "out/bios.bin" (string-append fmw "/bios.bin"))
+               #t))))))
     (home-page "https://www.seabios.org/SeaBIOS")
     (synopsis "x86 BIOS implementation")
     (description "SeaBIOS is an implementation of a 16bit x86 BIOS.  SeaBIOS
@@ -262,36 +263,26 @@ coreboot.")
                (setenv "PATH" (string-append (getenv "PATH") ":" bin))
                ; FIXME: The below script errors out. When using 'invoke' instead
                ; of 'system*' this causes the build to fail.
-               (system* "bash" "edksetup.sh" "BaseTools")
+               (system* "bash" "edksetup.sh")
                (substitute* "Conf/target.txt"
                  (("^TARGET[ ]*=.*$") "TARGET = RELEASE\n")
-                 (("^TOOL_CHAIN_TAG[ ]*=.*$") "TOOL_CHAIN_TAG = GCC49\n")
                  (("^MAX_CONCURRENT_THREAD_NUMBER[ ]*=.*$")
                   (format #f "MAX_CONCURRENT_THREAD_NUMBER = ~a~%"
                           (number->string (parallel-job-count)))))
                ;; Build build support.
                (setenv "BUILD_CC" "gcc")
-               (invoke "make" "-C" (string-append tools "/Source/C"))
+               (invoke "make" "-C" tools)
                #t)))
-         (add-after 'build 'build-ia32
+         (replace 'build
            (lambda _
-             (substitute* "Conf/target.txt"
-               (("^TARGET_ARCH[ ]*=.*$") "TARGET_ARCH = IA32\n")
-               (("^ACTIVE_PLATFORM[ ]*=.*$")
-                "ACTIVE_PLATFORM = OvmfPkg/OvmfPkgIa32.dsc\n"))
-             (invoke "build")
-             #t))
+             (invoke "build" "-a" "IA32" "-t" "GCC49"
+                     "-p" "OvmfPkg/OvmfPkgIa32.dsc")))
          ,@(if (string=? "x86_64-linux" (%current-system))
              '((add-after 'build 'build-x64
                 (lambda _
-                  (substitute* "Conf/target.txt"
-                    (("^TARGET_ARCH[ ]*=.*$") "TARGET_ARCH = X64\n")
-                    (("^ACTIVE_PLATFORM[ ]*=.*$")
-                     "ACTIVE_PLATFORM = OvmfPkg/OvmfPkgX64.dsc\n"))
-                  (invoke "build")
-                  #t)))
+                  (invoke "build" "-a" "X64" "-t" "GCC49"
+                          "-p" "OvmfPkg/OvmfPkgX64.dsc"))))
              '())
-         (delete 'build)
          (replace 'install
            (lambda* (#:key outputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out"))
@@ -312,6 +303,76 @@ Virtual Machines.  OVMF contains a sample UEFI firmware for QEMU and KVM.")
     (license (list license:expat
                    license:bsd-2 license:bsd-3 license:bsd-4))))
 
+(define-public ovmf-aarch64
+  (package
+    (inherit ovmf)
+    (name "ovmf-aarch64")
+    (native-inputs
+     `(,@(package-native-inputs ovmf)
+       ,@(if (not (string-prefix? "aarch64" (%current-system)))
+           `(("cross-gcc" ,(cross-gcc "aarch64-linux-gnu"))
+             ("cross-binutils" ,(cross-binutils "aarch64-linux-gnu")))
+           '())))
+    (arguments
+     (substitute-keyword-arguments (package-arguments ovmf)
+       ((#:phases phases)
+        `(modify-phases ,phases
+           (add-before 'configure 'set-env
+             (lambda _
+               ,@(if (not (string-prefix? "aarch64" (%current-system)))
+                     `((setenv "GCC49_AARCH64_PREFIX" "aarch64-linux-gnu-"))
+                     '())
+               #t))
+           (replace 'build
+             (lambda _
+               (invoke "build" "-a" "AARCH64" "-t" "GCC49"
+                       "-p" "ArmVirtPkg/ArmVirtQemu.dsc")))
+           (delete 'build-x64)
+           (replace 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out"))
+                      (fmw (string-append out "/share/firmware")))
+                 (mkdir-p fmw)
+                 (copy-file "Build/ArmVirtQemu-AARCH64/RELEASE_GCC49/FV/QEMU_EFI.fd"
+                            (string-append fmw "/ovmf_aarch64.bin"))
+                 #t)))))))
+    (supported-systems %supported-systems)))
+
+(define-public ovmf-arm
+  (package
+    (inherit ovmf)
+    (name "ovmf-arm")
+    (native-inputs
+     `(,@(package-native-inputs ovmf)
+       ,@(if (not (string-prefix? "armhf" (%current-system)))
+           `(("cross-gcc" ,(cross-gcc "arm-linux-gnueabihf"))
+             ("cross-binutils" ,(cross-binutils "arm-linux-gnueabihf")))
+           '())))
+    (arguments
+     (substitute-keyword-arguments (package-arguments ovmf)
+       ((#:phases phases)
+        `(modify-phases ,phases
+           (add-before 'configure 'set-env
+             (lambda _
+               ,@(if (not (string-prefix? "armhf" (%current-system)))
+                     `((setenv "GCC49_ARM_PREFIX" "arm-linux-gnueabihf-"))
+                     '())
+               #t))
+           (replace 'build
+             (lambda _
+               (invoke "build" "-a" "ARM" "-t" "GCC49"
+                       "-p" "ArmVirtPkg/ArmVirtQemu.dsc")))
+           (delete 'build-x64)
+           (replace 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out"))
+                      (fmw (string-append out "/share/firmware")))
+                 (mkdir-p fmw)
+                 (copy-file "Build/ArmVirtQemu-ARM/RELEASE_GCC49/FV/QEMU_EFI.fd"
+                            (string-append fmw "/ovmf_arm.bin"))
+                 #t)))))))
+    (supported-systems %supported-systems)))
+
 (define* (make-arm-trusted-firmware platform #:optional (arch "aarch64"))
   (package
     (name (string-append "arm-trusted-firmware-" platform))
diff --git a/gnu/packages/fltk.scm b/gnu/packages/fltk.scm
index af7186ab7f..e4eb2fcad0 100644
--- a/gnu/packages/fltk.scm
+++ b/gnu/packages/fltk.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2018 Mark H Weaver <mhw@netris.org>
 ;;;
@@ -99,7 +99,7 @@ UI builder called FLUID that can be used to create applications in minutes.")
 (define-public ntk
   (package
     (name "ntk")
-    (version "1.3.0")
+    (version "1.3.1000")
     (source (origin
               (method git-fetch)
               (uri (git-reference
@@ -107,21 +107,20 @@ UI builder called FLUID that can be used to create applications in minutes.")
                     (commit (string-append "v" version))))
               (sha256
                (base32
-                "0ggrh6rihf676z1vfgpgcl6kpqwyh39ih0hskcgzklh7fphfik39"))
+                "0j38mhnfqy6swcrnc5zxcwlqi8b1pgklyghxk6qs1lf4japv2zc0"))
               (file-name (string-append name "-" version "-checkout"))))
     (build-system waf-build-system)
     (arguments
      `(#:tests? #f ;no "check" target
-       #:python ,python-2
        #:configure-flags '("--enable-gl")
        #:phases
        (modify-phases %standard-phases
-         (add-before
-          'configure 'set-ldflags
-          (lambda* (#:key outputs #:allow-other-keys)
-            (setenv "LDFLAGS"
-                    (string-append "-Wl,-rpath="
-                                   (assoc-ref outputs "out") "/lib")))))))
+         (add-before 'configure 'set-ldflags
+           (lambda* (#:key outputs #:allow-other-keys)
+             (setenv "LDFLAGS"
+                     (string-append "-Wl,-rpath="
+                                    (assoc-ref outputs "out") "/lib"))
+             #t)))))
     (inputs
      `(("libjpeg" ,libjpeg)
        ("glu" ,glu)))
diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm
index 031df7faa7..e9b68a7797 100644
--- a/gnu/packages/fonts.scm
+++ b/gnu/packages/fonts.scm
@@ -431,15 +431,19 @@ text in Simplified Chinese, Traditional Chinese, Japanese, and Korean.")
     (license license:silofl1.1)))
 
 (define-public font-cns11643
+  ;; Since upstream doesn't provide any version numbers, the date of the last
+  ;; edit is used, taken from https://data.gov.tw/dataset/5961
+  ;; XXX: The source is also updated in-place, so it may be desirable to mirror
+  ;; it elsewhere to avoid suddenly losing the current source file.
   (package
     (name "font-cns11643")
-    (version "98.1.20170524")
+    (version "98.1.20180605")
     (source (origin
               (method url-fetch)
               (uri "http://www.cns11643.gov.tw/AIDB/Open_Data.zip")
               (sha256
                (base32
-                "1iad6rklxkx03ji1fav9faq7cmqkci3i6pcyg2ilvh984j5qzhq3"))))
+                "000a9whrjr1cd4pjc23pbl60zwkq3wcb5g61p9qi7fn3hwkp0kyw"))))
     (build-system font-build-system)
     (home-page "http://www.cns11643.gov.tw/AIDB/welcome.do")
     (synopsis "CJK TrueType fonts, TW-Kai and TW-Sung")
@@ -617,7 +621,7 @@ languages, plus Greek and Cyrillic.")
 (define-public font-gnu-unifont
   (package
     (name "font-gnu-unifont")
-    (version "10.0.07")
+    (version "11.0.01")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -625,7 +629,7 @@ languages, plus Greek and Cyrillic.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "1js8dn4v4pv8jqprsxa1fv4fs3hqhm9x4dj19fg9qgc8fx7k0v0k"))))
+                "1nkapra0ic4fp3lmnvfc6jly62yskhcdkwrnq29hvh3xs51ncc52"))))
     (build-system gnu-build-system)
     (outputs '("out" ; TrueType version
                "pcf" ; PCF (bitmap) version
@@ -650,12 +654,12 @@ languages, plus Greek and Cyrillic.")
                    (psf (string-append (assoc-ref outputs "psf")
                                        "/share/consolefonts"))
                    (bin (assoc-ref outputs "bin")))
-              (system* "make"
-                       (string-append "PREFIX=" bin)
-                       (string-append "TTFDEST=" ttf)
-                       (string-append "PCFDEST=" pcf)
-                       (string-append "CONSOLEDEST=" psf)
-                       "install")
+              (invoke "make"
+                      (string-append "PREFIX=" bin)
+                      (string-append "TTFDEST=" ttf)
+                      (string-append "PCFDEST=" pcf)
+                      (string-append "CONSOLEDEST=" psf)
+                      "install")
               ;; Move Texinfo file to the right place.
               (mkdir (string-append bin "/share/info"))
               (rename-file (string-append bin "/share/unifont/unifont.info.gz")
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index de87f998ae..44f1b7628f 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -334,15 +334,15 @@ X11-system or any other graphical user interface.")
 (define-public teckit
   (package
    (name "teckit")
-   (version "2.5.7")
-   (source (origin
-            (method url-fetch)
-            (uri (string-append
-                  "https://github.com/silnrsi/teckit/releases/download/v"
-                  version "/teckit-" version ".tar.gz"))
-            (sha256
-              (base32
-                "1pbp97vcpj6x4yixx6ww0vsi1rrr99fksxdjafs6gdargzd24cj4"))))
+   (version "2.5.8")
+   (source
+    (origin
+      (method git-fetch)
+      (uri (git-reference
+            (url "https://github.com/silnrsi/teckit")
+            (commit (string-append "v" version))))
+      (sha256
+       (base32 "1jmsdmfz7bgq1n5qsqgpq1b1n77f1hll0czfw5wkxz4knzb14ndn"))))
    (build-system gnu-build-system)
    (inputs
     `(("zlib" ,zlib)
diff --git a/gnu/packages/fpga.scm b/gnu/packages/fpga.scm
index 0a5568a016..5c461f9861 100644
--- a/gnu/packages/fpga.scm
+++ b/gnu/packages/fpga.scm
@@ -152,7 +152,7 @@ For synthesis, the compiler generates netlists in the desired format.")
              #t))
          (replace 'configure
            (lambda* (#:key inputs (make-flags '()) #:allow-other-keys)
-             (zero? (apply system* "make" "config-gcc" make-flags))))
+             (apply invoke "make" "config-gcc" make-flags)))
          (add-after 'configure 'prepare-abc
            (lambda* (#:key inputs #:allow-other-keys)
              (let* ((sourceabc (assoc-ref inputs "abc"))
@@ -163,7 +163,7 @@ For synthesis, the compiler generates netlists in the desired format.")
                      (lambda (port)
                        (format port ".PHONY: all\nall:\n\tcp -f abc abc-default\n")))
                    (copy-file source "abc/abc")
-                   (zero? (system* "chmod" "+w" "abc/abc")))))
+                   (invoke "chmod" "+w" "abc/abc"))))
           (add-before 'check 'fix-iverilog-references
              (lambda* (#:key inputs native-inputs #:allow-other-keys)
                (let* ((xinputs (or native-inputs inputs))
diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm
index ea48afcb20..9173c02601 100644
--- a/gnu/packages/freedesktop.scm
+++ b/gnu/packages/freedesktop.scm
@@ -419,10 +419,11 @@ manager for the current system.")
              ;; AssertionError: 'x-apple-ios-png' != 'png'
              (substitute* "test/test-mime.py"
                (("self.check_mimetype\\(imgpng, 'image', 'png'\\)") "#"))
-             (zero? (system* "nosetests" "-v")))))))
+             (invoke "nosetests" "-v"))))))
     (native-inputs
-     `(("shared-mime-info" ,shared-mime-info) ;for tests
-       ("hicolor-icon-theme" ,hicolor-icon-theme) ;for tests
+     ;; For tests.
+     `(("shared-mime-info" ,shared-mime-info)
+       ("hicolor-icon-theme" ,hicolor-icon-theme)
        ("python-nose" ,python-nose)))
     (home-page "https://www.freedesktop.org/wiki/Software/pyxdg")
     (synopsis "Implementations of freedesktop.org standards in Python")
diff --git a/gnu/packages/ftp.scm b/gnu/packages/ftp.scm
index cb837e554e..8f64225ab4 100644
--- a/gnu/packages/ftp.scm
+++ b/gnu/packages/ftp.scm
@@ -169,7 +169,7 @@ as required.")
 (define-public libfilezilla
   (package
     (name "libfilezilla")
-    (version "0.12.2")
+    (version "0.12.3")
     (source
      (origin
        (method url-fetch)
@@ -177,7 +177,7 @@ as required.")
                            name "/" name "-" version ".tar.bz2"))
        (sha256
         (base32
-         "1v461hwdk74whp89s490dj1z18gfqf9bz9140m5f11rsvrpid33p"))))
+         "1v606kcz2rdmmlwxrv3xvwh7ia1nh6jfc9bhjw2r4ai3rm16gch5"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("cppunit" ,cppunit)
diff --git a/gnu/packages/game-development.scm b/gnu/packages/game-development.scm
index 3d6a038d9d..b428fa77f2 100644
--- a/gnu/packages/game-development.scm
+++ b/gnu/packages/game-development.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2015, 2016, 2017 David Thompson <davet@gnu.org>
 ;;; Copyright © 2016, 2017, 2018 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016, 2017 Kei Kebreau <kkebreau@posteo.net>
-;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2016, 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016, 2017 Julian Graham <joolean@gmail.com>
 ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
@@ -74,6 +74,7 @@
   #:use-module (gnu packages python)
   #:use-module (gnu packages qt)
   #:use-module (gnu packages sdl)
+  #:use-module (gnu packages texinfo)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages video)
   #:use-module (gnu packages xdisorg)
@@ -1233,3 +1234,40 @@ related games such as Heretic and Hexen.  It comes with a 3d preview mode and
 a 2D editor view.")
     (home-page "http://eureka-editor.sourceforge.net/")
     (license license:gpl2+)))
+
+(define-public guile-chickadee
+  (package
+    (name "guile-chickadee")
+    (version "0.2.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://files.dthompson.us/chickadee/"
+                                  "chickadee-" version ".tar.gz"))
+              (sha256
+               (base32
+                "10qx0ha5gsayybd186r1my7vc7rf5fbzp9jvmc4xg9a8wz8rqhah"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:make-flags '("GUILE_AUTO_COMPILE=0")))
+    (propagated-inputs
+     `(("guile-opengl" ,guile-opengl)
+       ("guile-sdl2" ,guile-sdl2)))
+    (inputs
+     `(("guile" ,guile-2.2)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("texinfo" ,texinfo)))
+    (home-page "https://dthompson.us/projects/chickadee.html")
+    (synopsis "Game development toolkit for Guile Scheme with SDL2 and OpenGL")
+    (description "Chickadee is a game development toolkit for Guile Scheme
+built on top of SDL2 and OpenGL.  Chickadee aims to provide all the features
+that parenthetically inclined game developers need to make 2D (and eventually
+3D) games in Scheme, such as:
+
+@enumerate
+@item extensible, fixed-timestep game loop
+@item OpenGL-based rendering engine
+@item keyboard, mouse, controller input
+@item REPL-driven development model
+@end enumerate\n")
+    (license license:gpl3+)))
diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index 5568de033b..5f43aa154c 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -177,82 +177,70 @@ settings to tweak as well.")
     (license license:gpl2+)))
 
 (define-public cataclysm-dda
-  (package
-    (name "cataclysm-dda")
-    (version "0.C")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "https://github.com/CleverRaven/Cataclysm-DDA/"
-                                  "archive/" version ".tar.gz"))
-              (file-name (string-append name "-" version ".tar.gz"))
-              (sha256
-               (base32
-                "1xlajmgl9cviqyjpp5g5q4rbljy9gqc49v54bi8gpzr68s14gsb9"))
-              (modules '((guix build utils)))
-              (snippet
-               ;; Import cmath header for the std::pow function.
-               '(begin
-                  (for-each (lambda (file)
-                              (substitute* file
-                                (("#include <math.h>")
-                                 "#include <cmath>")))
-                            (find-files "src"))
-                  #t))))
-    (build-system gnu-build-system)
-    (arguments
-     '(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
-                          "USE_HOME_DIR=1" "DYNAMIC_LINKING=1" "RELEASE=1")
-       #:phases
-       (modify-phases %standard-phases
-         (replace 'configure
-           (lambda _
-             (substitute* "Makefile"
-               (("ncursesw5-config") "ncursesw6-config")
-               (("RELEASE_FLAGS = -Werror") "RELEASE_FLAGS ="))
-             #t))
-         (add-after 'build 'build-tiles
-           (lambda* (#:key make-flags outputs #:allow-other-keys)
-             ;; Change prefix directory and enable tile graphics and sound.
-             (zero?
-              (apply system* "make" "TILES=1" "SOUND=1"
-                     (string-append "PREFIX="
-                                    (assoc-ref outputs "tiles"))
-                     (cdr make-flags)))))
-         (add-after 'install 'install-tiles
-           (lambda* (#:key make-flags outputs #:allow-other-keys)
-             (zero?
-              (apply system* "make" "install" "TILES=1" "SOUND=1"
-                     (string-append "PREFIX="
-                                    (assoc-ref outputs "tiles"))
-                     (cdr make-flags))))))
-       ;; TODO: Add libtap++ from https://github.com/cbab/libtappp as a native
-       ;;       input in order to support tests.
-       #:tests? #f))
-    (outputs '("out"
-               "tiles")) ; For tile graphics and sound support.
-    (native-inputs
-     `(("gettext" ,gettext-minimal)
-       ("pkg-config" ,pkg-config)))
-    (inputs
-     `(("freetype" ,freetype)
-       ("libogg" ,libogg)
-       ("libvorbis" ,libvorbis)
-       ("ncurses" ,ncurses)
-       ("sdl2" ,sdl2)
-       ("sdl2-image" ,sdl2-image)
-       ("sdl2-ttf" ,sdl2-ttf)
-       ("sdl2-mixer" ,sdl2-mixer)))
-    (home-page "http://en.cataclysmdda.com/")
-    (synopsis "Survival horror roguelike video game")
-    (description
-     "Cataclysm: Dark Days Ahead is a roguelike set in a post-apocalyptic world.
-Struggle to survive in a harsh, persistent, procedurally generated world.
-Scavenge the remnants of a dead civilization for food, equipment, or, if you are
-lucky, a vehicle with a full tank of gas to get you out of Dodge.  Fight to
-defeat or escape from a wide variety of powerful monstrosities, from zombies to
-giant insects to killer robots and things far stranger and deadlier, and against
-the others like yourself, that want what you have.")
-    (license license:cc-by-sa3.0)))
+  (let ((commit "ad3b0c3d521292d119f97a83390e7acfe9e9e7f7")
+        (revision "1"))
+    (package
+      (name "cataclysm-dda")
+      ;; This denotes the version released after the 0.C release.
+      ;; Revert to a normal version number if updating to stable version 0.D.
+      (version (git-version "0.C" revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/CleverRaven/Cataclysm-DDA.git")
+                      (commit commit)))
+                (sha256
+                 (base32
+                  "1kdgbl8zqd53f5yilm2c9nyq3w6585yxl5jvgxy65dlpzxcqqj7y"))
+                (file-name (git-file-name name version))))
+      (build-system gnu-build-system)
+      (arguments
+       '(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
+                            "USE_HOME_DIR=1" "DYNAMIC_LINKING=1" "RELEASE=1")
+         #:phases
+         (modify-phases %standard-phases
+           (delete 'configure)
+           (add-after 'build 'build-tiles
+             (lambda* (#:key make-flags outputs #:allow-other-keys)
+               ;; Change prefix directory and enable tile graphics and sound.
+               (apply invoke "make" "TILES=1" "SOUND=1"
+                      (string-append "PREFIX="
+                                     (assoc-ref outputs "tiles"))
+                      (cdr make-flags))))
+           (add-after 'install 'install-tiles
+             (lambda* (#:key make-flags outputs #:allow-other-keys)
+               (apply invoke "make" "install" "TILES=1" "SOUND=1"
+                      (string-append "PREFIX="
+                                     (assoc-ref outputs "tiles"))
+                      (cdr make-flags)))))
+         ;; TODO: Add libtap++ from https://github.com/cbab/libtappp as a native
+         ;;       input in order to support tests.
+         #:tests? #f))
+      (outputs '("out"
+                 "tiles")) ; For tile graphics and sound support.
+      (native-inputs
+       `(("gettext" ,gettext-minimal)
+         ("pkg-config" ,pkg-config)))
+      (inputs
+       `(("freetype" ,freetype)
+         ("libogg" ,libogg)
+         ("libvorbis" ,libvorbis)
+         ("ncurses" ,ncurses)
+         ("sdl2" ,sdl2)
+         ("sdl2-image" ,sdl2-image)
+         ("sdl2-ttf" ,sdl2-ttf)
+         ("sdl2-mixer" ,sdl2-mixer)))
+      (home-page "http://en.cataclysmdda.com/")
+      (synopsis "Survival horror roguelike video game")
+      (description
+       "Cataclysm: Dark Days Ahead is a roguelike set in a post-apocalyptic
+world.  Struggle to survive in a harsh, persistent, procedurally generated
+world.  Scavenge the remnants of a dead civilization for food, equipment, or,
+if you are lucky, a vehicle with a full tank of gas to get you out of Dodge.
+Fight to defeat or escape from a wide variety of powerful monstrosities, from
+zombies to giant insects to killer robots and things far stranger and deadlier,
+and against the others like yourself, that want what you have.")
+      (license license:cc-by-sa3.0))))
 
 (define-public cowsay
   (package
@@ -461,7 +449,7 @@ automata.  The following features are available:
 (define-public meandmyshadow
   (package
     (name "meandmyshadow")
-    (version "0.4")
+    (version "0.4.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/meandmyshadow/"
@@ -469,7 +457,7 @@ automata.  The following features are available:
                                   "-src.tar.gz"))
               (sha256
                (base32
-                "1dpb7s32b2psj5w3nr5kqibib8nndi86mw8gxp4hmxwrfiisf86d"))))
+                "0wl5dc75qy001s6043cx0vr2l5y2qfv1cldqnwill9sfygqj9p95"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f ; there are no tests
@@ -485,7 +473,7 @@ automata.  The following features are available:
              ;; link with libX11, even though we're using the GL backend.
              (substitute* "CMakeLists.txt"
                (("\\$\\{X11_LIBRARIES\\}") "-lX11"))
-             )))))
+             #t)))))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (inputs
@@ -1616,23 +1604,20 @@ reference interpreter, using the Glk API.")
 (define-public fizmo
   (package
     (name "fizmo")
-    (version "0.8.4")
+    (version "0.8.5")
     (source (origin
               (method url-fetch)
-              (uri (string-append "https://christoph-ender.de/fizmo/source/"
+              (uri (string-append "https://fizmo.spellbreaker.org/source/"
                                   name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1sd988db2302r7cbfcfghbmg8ck43c6hvnlnlpb0rqxb7pm9cwyy"))))
+                "1amyc4n41jf08kxmdgkk30bzzx54miaxa97w28f417qwn8lrl98w"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags
        (let ((libjpeg (assoc-ref %build-inputs "libjpeg"))
              (ncurses (assoc-ref %build-inputs "ncurses")))
-         (list (string-append "jpeg_CFLAGS=-I" libjpeg "/include")
-               (string-append "jpeg_LIBS=-ljpeg")
-               (string-append "ncursesw_CFLAGS=-I" ncurses "/include")
-               (string-append "ncursesw_LIBS=-lncursesw")))))
+         (list (string-append "--with-jpeg-includedir=" libjpeg "/include")))))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (inputs
@@ -1643,7 +1628,7 @@ reference interpreter, using the Glk API.")
        ("libxml2" ,libxml2)
        ("ncurses" ,ncurses)
        ("sdl2" ,sdl2)))
-    (home-page "https://christoph-ender.de/fizmo/")
+    (home-page "https://fizmo.spellbreaker.org/")
     (synopsis "Z-machine interpreter")
     (description
      "Fizmo is a console-based Z-machine interpreter.  It is used to play
@@ -1679,7 +1664,7 @@ Protocol).")
 (define-public extremetuxracer
   (package
     (name "extremetuxracer")
-    (version "0.7.4")
+    (version "0.7.5")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1687,15 +1672,15 @@ Protocol).")
                     version "/etr-" version ".tar.xz"))
               (sha256
                (base32
-                "0d2j4ybdjmimg67v2fndgahgq4fvgz3fpfb3a4l1ar75n6hy776s"))))
+                "1ly63316c07i0gyqqmyzsyvygsvygn0fpk3bnbg25fi6li99rlsg"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (inputs
      `(("glu" ,glu)
        ("sfml" ,sfml)))
-    (synopsis "High speed arctic racing game based on Tux Racer")
-    ;; Snarfed straight from Debian
+    (synopsis "High-speed arctic racing game based on Tux Racer")
+    ;; Snarfed straight from Debian.
     (description "Extreme Tux Racer, or etracer as it is called for short, is
 a simple OpenGL racing game featuring Tux, the Linux mascot.  The goal of the
 game is to slide down a snow- and ice-covered mountain as quickly as possible,
@@ -1822,7 +1807,7 @@ falling, themeable graphics and sounds, and replays.")
 (define-public wesnoth
   (package
     (name "wesnoth")
-    (version "1.14.1")
+    (version "1.14.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/wesnoth/wesnoth-"
@@ -1831,7 +1816,7 @@ falling, themeable graphics and sounds, and replays.")
                                   name "-" version ".tar.bz2"))
               (sha256
                (base32
-                "1mzrnbv71b4s41c5x8clhb53l8lidiwzny1hl828228pvys5bxkb"))))
+                "06648041nr77sgzr7jpmcn37cma3hp41qynp50xzddx28l17zwg9"))))
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f)) ; no check target
@@ -2001,6 +1986,16 @@ world}, @uref{http://evolonline.org, Evol Online} and
      (origin (method url-fetch)
              (uri (string-append "http://binaries.openttd.org/releases/"
                                  version "/openttd-" version "-source.tar.xz"))
+             (patches
+              (list
+               (origin (method url-fetch)
+                       (uri (string-append
+                             "https://github.com/OpenTTD/OpenTTD/commit/"
+                             "19076c24c1f3baf2a22d1fa832d5688216cf54a3.patch"))
+                       (file-name "openttd-fix-compilation-with-ICU-61.patch")
+                       (sha256
+                        (base32
+                         "02d1xmb75yv4x6rfnvxk3vvq4l3lvvwr2pfsdzn7lzalic51ziqh")))))
              (sha256
               (base32
                "0dhv5bbbg1dmmq7fi3xss0a9jq2rqgb5sf9fsqzlsjcdm590j6b1"))
@@ -2219,6 +2214,88 @@ Transport Tycoon Deluxe.")
        ("opensfx" ,openttd-opensfx)
        ,@(package-native-inputs openttd-engine)))))
 
+(define openrct2-title-sequences
+  (package
+   (name "openrct2-title-sequences")
+   (version "0.1.2")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://github.com/OpenRCT2/title-sequences/releases/download/v"
+                         version "/title-sequence-v" version ".zip"))
+     (file-name (string-append name "-" version ".zip"))
+     (sha256
+      (base32
+       "0qbyxrsw8hlgaq0r5d7lx7an3idy4qbfv7yiw9byhldk763n9cfw"))))
+   (build-system trivial-build-system)
+   (native-inputs
+    `(("bash" ,bash)
+      ("coreutils" ,coreutils)
+      ("unzip" ,unzip)))
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder
+      (begin
+        (use-modules (guix build utils))
+        (let* ((out (assoc-ref %outputs "out"))
+               (openrct2-title-sequences (string-append out
+                                         "/share/openrct2/title-sequences"))
+               (source (assoc-ref %build-inputs "source"))
+               (unzip (string-append (assoc-ref %build-inputs "unzip") "/bin/unzip")))
+          (copy-file source (string-append ,name "-" ,version ".zip"))
+          (invoke unzip (string-append ,name "-" ,version ".zip"))
+          (delete-file (string-append ,name "-" ,version ".zip"))
+          (mkdir-p openrct2-title-sequences)
+          (copy-recursively "."
+                            openrct2-title-sequences)
+          #t))))
+   (home-page "https://github.com/OpenRCT2/OpenRCT2")
+   (synopsis "Title sequences for OpenRCT2")
+   (description
+    "openrct2-title-sequences is a set of title sequences for OpenRCT2.")
+   (license license:gpl3+)))
+
+(define openrct2-objects
+  (package
+   (name "openrct2-objects")
+   (version "1.0.2")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://github.com/OpenRCT2/objects/releases/download/v"
+                         version "/objects.zip"))
+     (file-name (string-append name "-" version ".zip"))
+     (sha256
+      (base32
+       "1z92afhbv13j1ig6fz0x8w9vdmfchssv16vwwhb0vj40pn1g1rwy"))))
+   (build-system trivial-build-system)
+   (native-inputs
+    `(("bash" ,bash)
+      ("coreutils" ,coreutils)
+      ("unzip" ,unzip)))
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder
+      (begin
+        (use-modules (guix build utils))
+        (let* ((out (assoc-ref %outputs "out"))
+               (openrct2-objects (string-append out
+                                         "/share/openrct2/objects"))
+               (source (assoc-ref %build-inputs "source"))
+               (unzip (string-append (assoc-ref %build-inputs "unzip") "/bin/unzip")))
+          (copy-file source (string-append ,name "-" ,version ".zip"))
+          (invoke unzip (string-append ,name "-" ,version ".zip"))
+          (delete-file (string-append ,name "-" ,version ".zip"))
+          (mkdir-p openrct2-objects)
+          (copy-recursively "."
+                            openrct2-objects)
+          #t))))
+   (home-page "https://github.com/OpenRCT2/OpenRCT2")
+   (synopsis "Objects for OpenRCT2")
+   (description
+    "openrct2-objects is a set of objects for OpenRCT2.")
+   (license license:gpl3+)))
+
 (define-public openrct2
   (package
     (name "openrct2")
@@ -2234,35 +2311,39 @@ Transport Tycoon Deluxe.")
        (file-name (string-append name "-" version ".tar.gz"))))
     (build-system cmake-build-system)
     (arguments
-     `(#:tests? #f ;; no tests available
+     `(#:configure-flags '("-DDOWNLOAD_TITLE_SEQUENCES=OFF")
+       #:tests? #f ; Tests require network.
        #:phases
         (modify-phases %standard-phases
-          (add-after 'unpack 'fix-usr-share-paths
-            (lambda* (#:key make-flags outputs #:allow-other-keys)
+          (add-after 'unpack 'fix-usr-share-paths&add-data
+            (lambda* (#:key inputs outputs #:allow-other-keys)
+              (let ((titles (assoc-ref inputs "openrct2-title-sequences"))
+                    (objects (assoc-ref inputs "openrct2-objects")))
               ;; Fix some references to /usr/share.
+              ;; Change to Platform.Linux.cpp on 0.1.2+
               (substitute* "src/openrct2/platform/linux.c"
                 (("/usr/share")
-                (string-append (assoc-ref %outputs "out") "/share")))))
-          (add-after 'build 'fix-cmake-install-file
-            (lambda _
-              ;; The build system tries to download a file and compare hashes.
-              ;; Since we have no network, remove this so the install doesn't fail.
-              (substitute* "cmake_install.cmake"
-                (("EXPECTED_HASH SHA1=b587d83de508d0b104d14c599b76f8565900fce0")
-                "")))))))
+                 (string-append (assoc-ref %outputs "out") "/share")))
+              (copy-recursively (string-append titles
+                                "/share/openrct2/title-sequences") "data/title")
+              (copy-recursively (string-append objects
+                                "/share/openrct2/objects") "data/object")))))))
     (inputs `(("curl" ,curl)
               ("fontconfig" ,fontconfig)
               ("freetype" ,freetype)
+              ("icu4c" ,icu4c)
               ("jansson" ,jansson)
               ("libpng" ,libpng)
               ("libzip" ,libzip)
               ("mesa" ,mesa)
+              ("openrct2-objects" ,openrct2-objects)
+              ("openrct2-title-sequences" ,openrct2-title-sequences)
               ("openssl" ,openssl)
               ("sdl2" ,sdl2)
               ("speexdsp" ,speexdsp)
               ("zlib" ,zlib)))
     (native-inputs
-      `(("pkg-config" ,pkg-config)))
+     `(("pkg-config" ,pkg-config)))
     (home-page "https://github.com/OpenRCT2/OpenRCT2")
     (synopsis "Free software re-implementation of RollerCoaster Tycoon 2")
     (description "OpenRCT2 is a free software re-implementation of
@@ -2315,19 +2396,21 @@ are only two levels to play with, but they are very addictive.")
 (define-public pioneers
   (package
     (name "pioneers")
-    (version "15.4")
+    (version "15.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://downloads.sourceforge.net/pio/"
                                   "pioneers-" version ".tar.gz"))
               (sha256
                (base32
-                "1p1d18hrfmqcnghip3shkzcs5qkz6j99jvkdkqfi7pqdvjc323cs"))))
+                "037gdiiw690jw3wd1s9lxmkqx0caxyk0b4drpm7i9p28gig43q9y"))))
     (build-system gnu-build-system)
-    (inputs `(("gtk+" ,gtk+)
-              ("librsvg" ,librsvg)
-              ("avahi" ,avahi)))
+    (inputs `(("avahi" ,avahi)
+              ("gtk+" ,gtk+)
+              ("librsvg" ,librsvg)))
     (native-inputs `(("intltool" ,intltool)
+                     ("itstool" ,itstool)
+                     ("libxml2" ,libxml2)
                      ("pkg-config" ,pkg-config)))
     (synopsis "Board game inspired by The Settlers of Catan")
     (description "Pioneers is an emulation of the board game The Settlers of
@@ -3171,25 +3254,46 @@ colors, pictures, and sounds.")
                 "0jwzbwkgp1l5ia6c7s760gmdirbsncp6nfqp7vqdqsfb63la9gl2"))))
     (build-system trivial-build-system)
     (arguments
-     '(#:modules ((guix build utils))
+     `(#:modules ((guix build utils))
        #:builder
        (begin
          (use-modules (guix build utils))
-         (let* ((out     (assoc-ref %outputs "out"))
-                (bindir  (string-append out "/bin"))
-                (prog    (string-append bindir "/mrrescue"))
-                (source  (assoc-ref %build-inputs "source"))
-                (bash    (string-append (assoc-ref %build-inputs "bash")
-                                        "/bin/bash"))
-                (love    (string-append (assoc-ref %build-inputs "love")
-                                        "/bin/love")))
-           (mkdir-p bindir)
-           (with-output-to-file prog
+         (let* ((out    (assoc-ref %outputs "out"))
+                (script (string-append out "/bin/" ,name))
+                (data   (string-append out "/share/" ,name))
+                (source (assoc-ref %build-inputs "source"))
+                (unzip  (string-append (assoc-ref %build-inputs "unzip")
+                                       "/bin/unzip"))
+                (patch  (string-append (assoc-ref %build-inputs "patch")
+                                       "/bin/patch"))
+                (bash   (string-append (assoc-ref %build-inputs "bash")
+                                       "/bin/bash"))
+                (love   (string-append (assoc-ref %build-inputs "love")
+                                       "/bin/love")))
+
+           (mkdir-p (dirname script))
+           (with-output-to-file script
              (lambda ()
                (format #t "#!~a~%" bash)
-               (format #t "exec -a mrrescue \"~a\" \"~a\"~%" love source)))
-           (chmod prog #o755)
+               (format #t "exec -a ~a \"~a\" \"~a\"~%" ,name love data)))
+           (chmod script #o755)
+
+           ;; The better way to package this game would be to install *only* the
+           ;; script above, pointing to the unextracted .love file in the store.
+           ;; However, mrrescue 1.02e needs to be patched to work with Love 11.
+           ;; Instead of extracting the .love file, patching it, and re-zipping
+           ;; it to the store, simply point the script to the extracted patched
+           ;; data directory directly.
+           (mkdir-p data)
+           (with-directory-excursion data
+             (invoke unzip source)
+             (invoke patch "-p1" "-i"
+                     (assoc-ref %build-inputs "love-11.patch")))
            #t))))
+    (native-inputs
+     `(("unzip" ,unzip)
+       ("patch" ,patch)
+       ("love-11.patch" ,(search-patch "mrrescue-support-love-11.patch"))))
     (inputs
      `(("bash" ,bash)
        ("love" ,love)))
@@ -3197,8 +3301,8 @@ colors, pictures, and sounds.")
     (synopsis "Arcade-style fire fighting game")
     (description
      "Mr. Rescue is an arcade styled 2d action game centered around evacuating
-civilians from burning buildings.  The game features fast paced fire
-extinguishing action, intense boss battles, a catchy soundtrack and lots of
+civilians from burning buildings.  The game features fast-paced fire
+extinguishing action, intense boss battles, a catchy soundtrack, and lots of
 throwing people around in pseudo-randomly generated buildings.")
     (license (list license:zlib             ; for source code
                    license:cc-by-sa3.0))))  ; for graphics and music assets
@@ -4306,7 +4410,7 @@ Crowther & Woods, its original authors, in 1995.  It has been known as
 (define-public tome4
   (package
     (name "tome4")
-    (version "1.5.5")
+    (version "1.5.10")
     (synopsis "Single-player, RPG roguelike game set in the world of Eyal")
     (source
      (origin
@@ -4315,7 +4419,7 @@ Crowther & Woods, its original authors, in 1995.  It has been known as
                            version ".tar.bz2"))
        (sha256
         (base32
-         "0v2qgdfpvdzd1bcbp9v8pfahj1bgczsq2d4xfhh5wg11jgjcwz03"))
+         "0mc5dgh2x9nbili7gy6srjhb23ckalf08wqq2amyjr5rq392jvd7"))
        (modules '((guix build utils)))
        (snippet
         '(begin
@@ -4337,9 +4441,10 @@ Crowther & Woods, its original authors, in 1995.  It has been known as
     (arguments
      `(#:make-flags '("CC=gcc" "config=release")
        #:phases (modify-phases %standard-phases
+                  (delete 'bootstrap)
                   (replace 'configure
                     (lambda _
-                      (zero? (system* "premake4" "gmake"))
+                      (invoke "premake4" "gmake")
                       #t))
                   (add-after 'set-paths 'set-sdl-paths
                     (lambda* (#:key inputs #:allow-other-keys)
@@ -4426,7 +4531,7 @@ Tales of Maj’Eyal offers engaging roguelike gameplay for the 21st century.")
 (define-public quakespasm
   (package
     (name "quakespasm")
-    (version "0.93.0")
+    (version "0.93.1")
     (source
      (origin
        (method url-fetch)
@@ -4434,7 +4539,7 @@ Tales of Maj’Eyal offers engaging roguelike gameplay for the 21st century.")
                            version ".tgz"))
        (sha256
         (base32
-         "0b2nz7w4za32pc34r62ql270z692qcjs2pm0i3svkxkvfammhdfq"))))
+         "1bimv18f6rzhyjz78yvw2vqr5n0kdqbcqmq7cb3m951xgsxfcgpd"))))
     (arguments
      `(#:tests? #f
        #:make-flags '("CC=gcc"
@@ -4471,7 +4576,7 @@ some graphical niceities, and numerous bug-fixes and other improvements.")
   (package
     (inherit quakespasm)
     (name "vkquake")
-    (version "0.97.3")
+    (version "1.00.0")
     (source
      (origin
        (method url-fetch)
@@ -4480,7 +4585,7 @@ some graphical niceities, and numerous bug-fixes and other improvements.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1p0nh2v2ilylw62fxc5qpfcmyhs0s64w8sgh036nc6kn21kbjc0d"))))
+         "0bviv18jvp41jvrabgl7l5kq4n1p6p3rywij481yswawdw6l5idh"))))
     (arguments
      `(#:make-flags
        (let ((vulkanlib (string-append (assoc-ref %build-inputs
diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index 2ab70c107c..e7ce5f3c52 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2015, 2016, 2017, 2018 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Carlos Sánchez de La Lama <csanchezdll@gmail.com>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -515,6 +516,20 @@ Go.  It also includes runtime support libraries for these languages.")
 for several languages, including C, C++, Objective-C, Fortran, Ada, and Go.
 It also includes runtime support libraries for these languages.")))
 
+(define-public gcc-8
+  (package
+    (inherit gcc-7)
+    (version "8.1.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnu/gcc/gcc-"
+                                  version "/gcc-" version ".tar.xz"))
+              (sha256
+               (base32
+                "0lxil8x0jjx7zbf90cy1rli650akaa6hpk8wk8s62vk2jbwnc60x"))
+              (patches (search-patches "gcc-8-strmov-store-file-names.patch"
+                                       "gcc-5.0-libvtv-runpath.patch"))))))
+
 ;; Note: When changing the default gcc version, update
 ;;       the gcc-toolchain-* definitions and the gfortran definition
 ;;       accordingly.
diff --git a/gnu/packages/geo.scm b/gnu/packages/geo.scm
index 4ba09f2a90..85bb0ccf9b 100644
--- a/gnu/packages/geo.scm
+++ b/gnu/packages/geo.scm
@@ -544,14 +544,14 @@ coordinates.")
 (define-public r-rgooglemaps
   (package
    (name "r-rgooglemaps")
-   (version "1.4.1")
+   (version "1.4.2")
    (source
      (origin
        (method url-fetch)
        (uri (cran-uri "RgoogleMaps" version))
        (sha256
         (base32
-         "0fsmlnhl4kw2j4972kfanzw9njhnzk695gsyw8g6yppsmz2clcaq"))))
+         "112mdm53qx92n2m4ms02sbppckp44l1z19vy99j6gw3jrdprjydl"))))
    (properties `((upstream-name . "RgoogleMaps")))
    (build-system r-build-system)
    (propagated-inputs `(("r-png" ,r-png)))
diff --git a/gnu/packages/gettext.scm b/gnu/packages/gettext.scm
index 9b45e84559..f887f8eb30 100644
--- a/gnu/packages/gettext.scm
+++ b/gnu/packages/gettext.scm
@@ -142,14 +142,14 @@ translated messages from the catalogs.  Nearly all GNU packages use Gettext.")
 (define-public po4a
   (package
     (name "po4a")
-    (version "0.47")
+    (version "0.53")
     (source (origin
               (method url-fetch)
-              (uri (string-append "https://alioth.debian.org/frs/download.php"
-                                  "/file/4142/po4a-" version ".tar.gz"))
+              (uri (string-append "https://github.com/mquinson/po4a/releases/download/v"
+                                  version "/po4a-" version ".tar.gz"))
               (sha256
                (base32
-                "01vm0750aq0h2lphrflv3wq9gz7y0py8frglfpacn58ivyvy242h"))))
+                "033qrd37zjjzvjl6g55fvhlcrm7gynfx6rj76qpr2852dn0mw069"))))
     (build-system perl-build-system)
     (arguments
      `(#:phases
@@ -166,6 +166,14 @@ translated messages from the catalogs.  Nearly all GNU packages use Gettext.")
           (lambda _
             (delete-file "t/20-sgml.t")
             #t))
+         (add-before 'check 'disable-asciidoc-test
+           (lambda _
+             (delete-file "t/30-asciidoc.t")
+             #t))
+         (add-before 'check 'disable-yaml-test
+           (lambda _
+             (delete-file "t/32-yaml.t")
+             #t))
          (add-after 'unpack 'fix-builder
           (lambda* (#:key inputs outputs #:allow-other-keys)
             (substitute* "Po4aBuilder.pm"
diff --git a/gnu/packages/gimp.scm b/gnu/packages/gimp.scm
index 628d285e45..3a16309618 100644
--- a/gnu/packages/gimp.scm
+++ b/gnu/packages/gimp.scm
@@ -48,7 +48,7 @@
 (define-public babl
   (package
     (name "babl")
-    (version "0.1.46")
+    (version "0.1.50")
     (source (origin
               (method url-fetch)
               (uri (list (string-append "https://download.gimp.org/pub/babl/"
@@ -62,7 +62,7 @@
                                         "/babl-" version ".tar.bz2")))
               (sha256
                (base32
-                "0nwyhvfca6m35wjcccvwca7fcihzgdfyc012qi703y5d3cxl1hmv"))))
+                "0bavr2y4v88pip7vlca4kwmnksk2qxcvkkdp9jyfi6pzh701sb5m"))))
     (build-system gnu-build-system)
     (home-page "http://gegl.org/babl/")
     (synopsis "Image pixel format conversion library")
@@ -79,7 +79,7 @@ provided, as well as a framework to add new color models and data types.")
 (define-public gegl
   (package
     (name "gegl")
-    (version "0.4.0")
+    (version "0.4.2")
     (source (origin
               (method url-fetch)
               (uri (list (string-append "https://download.gimp.org/pub/gegl/"
@@ -87,7 +87,7 @@ provided, as well as a framework to add new color models and data types.")
                                         "/" name "-" version ".tar.bz2")))
               (sha256
                (base32
-                "1ighk4z8nlqrzyj8w97s140hzj59564l3xv6fpzbr97m1zx2nkfh"))))
+                "13bzl0k5l12pk8bkcq4ar7wscbnw7jswhp34mwfsrf10kp0qndba"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("LDFLAGS=-lm")))
@@ -117,7 +117,7 @@ buffers.")
 (define-public gimp
   (package
     (name "gimp")
-    (version "2.10.0")
+    (version "2.10.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://download.gimp.org/pub/gimp/v"
@@ -125,10 +125,10 @@ buffers.")
                                   "/gimp-" version ".tar.bz2"))
               (sha256
                (base32
-                "1qkxaigbfkx26xym5nzrgfrmn97cbnhn63v1saaha2nbi3xrdk3z"))))
+                "1srkqd9cx1xmny7cyk3b6f14dknb3fd77whm38vlvr7grnpbmc0w"))))
     (build-system gnu-build-system)
     (outputs '("out"
-               "doc"))                            ;9 MiB of gtk-doc HTML
+               "doc"))                            ; 9 MiB of gtk-doc HTML
     (arguments
      '(#:configure-flags (list (string-append "--with-html-dir="
                                               (assoc-ref %outputs "doc")
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 794fb17471..33f1f935ac 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -3756,6 +3756,17 @@ which can read a large number of file formats.")
             (uri (string-append "mirror://gnome/sources/" name "/"
                                 (version-major+minor version) "/"
                                 name "-" version ".tar.xz"))
+            (patches
+             (list
+              ;; fmradio: Fix build with GStreamer master
+              (origin
+                (method url-fetch)
+                (uri (string-append
+                      "https://gitlab.gnome.org/GNOME/rhythmbox/commit/"
+                      "b182c6b9e1d09e601bac0b703cc5f8b159ebbc3a.patch"))
+                (sha256
+                 (base32
+                  "17j45vyyr071ka3nckj2gycgyyv1j08fyrxw89jfdq2442nzrsiy")))))
             (sha256
              (base32
               "0hzcns8gf5yb0rm4ss8jd8qzarcaplp5cylk6plwilsqfvxj4xn2"))))
@@ -4186,7 +4197,7 @@ a secret password store, an adblocker, and a modern UI.")
 (define-public epiphany
   (package
     (name "epiphany")
-    (version "3.28.2.1")
+    (version "3.28.3.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4194,7 +4205,7 @@ a secret password store, an adblocker, and a modern UI.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0ba0qqsbg3cv1k1pcj971y7l8kqib5l7kbr743x9a7hbmkqfk95s"))))
+                "1xz6xl6b0iihvczyr0cs1z5ifvpai6anb4m0ng1caiph06klc1b9"))))
 
     (build-system meson-build-system)
     (arguments
@@ -6307,7 +6318,7 @@ fit the GNOME desktop.")
 (define-public gnome-dictionary
   (package
     (name "gnome-dictionary")
-    (version "3.24.0")
+    (version "3.26.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -6315,8 +6326,9 @@ fit the GNOME desktop.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1wnrpg8yndacq0xnzc84d519yp7f28brzklm3a48xcgs1i50drs1"))))
-    (build-system glib-or-gtk-build-system)
+                "007k2bq8iplg4psdpz074r5d4zxvn4s95qym4rw9hs6giljbrf0n"))))
+    (build-system meson-build-system)
+    (arguments '(#:glib-or-gtk? #t))
     (native-inputs
      `(("glib:bin" ,glib "bin")
        ("gobject-introspection" ,gobject-introspection)
@@ -6481,6 +6493,12 @@ like GNOME, Unity, Budgie, Pantheon, XFCE, Mate, etc.")
              (substitute* '("Makefile.am")
                (("\\$\\(DESTDIR\\)/usr/share")
                 "$(datadir)"))
+             #t))
+         (add-after 'unpack 'disable-configure-during-bootstrap
+           (lambda _
+             ;; Do not run configure as part of autogen.sh because references
+             ;; to /bin are not fixed yet.
+             (setenv "NOCONFIGURE" "y")
              #t)))))
     (native-inputs
      `(("autoconf" ,autoconf)
@@ -6530,6 +6548,14 @@ simple and consistent.")
                (base32
                 "1ya1cqvv8q847c0rpcg6apzky87q3h04y8jz5nmi52qk6kg8si0b"))))
     (build-system gnu-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'disable-configure-during-bootstrap
+           (lambda _
+             (substitute* "autogen.sh"
+               (("^\"\\$srcdir/configure\".*") ""))
+             #t)))))
     (native-inputs
      `(("autoconf" ,autoconf)
        ("automake" ,automake)))
@@ -7135,7 +7161,7 @@ photo-booth-like software, such as Cheese.")
 (define-public cheese
   (package
     (name "cheese")
-    (version "3.26.0")
+    (version "3.28.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -7143,7 +7169,7 @@ photo-booth-like software, such as Cheese.")
                                   version ".tar.xz"))
               (sha256
                (base32
-                "01f6lsp9jkhq5v2zxlghw15bca4xqavkxqkl8977r0g13p22zxcf"))))
+                "06da5qc5hdvwwd5vkbgbx8pjx1l3mvr07yrnnv3v1hfc3wp7l7jw"))))
     (arguments
      ;; Tests require GDK.
      `(#:tests? #f
@@ -7268,7 +7294,7 @@ mp3, Ogg Vorbis and FLAC")
                            ("libxtst" ,libxtst)
                            ("dconf" ,dconf)
                            ("libice" ,libice)))
-      (inputs `(("libsm", libsm)
+      (inputs `(("libsm" ,libsm)
                 ("python-cheetah" ,python2-cheetah)))
       (native-inputs `(("glib" ,glib "bin")
                        ("pkg-config" ,pkg-config)
@@ -7282,9 +7308,10 @@ mp3, Ogg Vorbis and FLAC")
                        ("gobject-introspection" ,gobject-introspection)
                        ("python2" ,python-2)))
       (synopsis "Tool to help prevent repetitive strain injury (RSI)")
-      (description "Workrave is a program that assists in the recovery and
-prevention of repetitive strain injury (RSI).  The program frequently alerts
-you to take micro-pauses, rest breaks and restricts you to your daily limit")
+      (description
+       "Workrave is a program that assists in the recovery and prevention of
+repetitive strain injury (@dfn{RSI}).  The program frequently alerts you to take
+micro-pauses and rest breaks, and restricts you to your daily limit.")
       (home-page "http://www.workrave.org")
       (license license:gpl3+))))
 
diff --git a/gnu/packages/gnu-pw-mgr.scm b/gnu/packages/gnu-pw-mgr.scm
index 906e7d3cf8..6bb5fea84b 100644
--- a/gnu/packages/gnu-pw-mgr.scm
+++ b/gnu/packages/gnu-pw-mgr.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2018 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -30,7 +30,7 @@
 (define-public gnu-pw-mgr
   (package
     (name "gnu-pw-mgr")
-    (version "2.0")
+    (version "2.3.1")
     (source
      (origin
       (method url-fetch)
@@ -38,8 +38,16 @@
                           version ".tar.xz"))
       (sha256
        (base32
-        "19qvg37snfa8s06q5crx25m1r1n4l0wvfpkbdxz17q7whp0plrl6"))))
+        "05vv6n5sqdswhzm21cqn8m2p6avblxl3cv7b39nqx8yxf58gi2xv"))))
     (build-system gnu-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'patch-source-shebangs 'patch-more-shebangs
+           (lambda _
+             (substitute* "tests/dom.test"
+               (("/usr/bin/printf") (which "printf")))
+             #t)))))
     (native-inputs
      `(("which" ,which)
        ("autogen" ,autogen)))
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index 8a8a1f5645..9564afbb90 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -107,6 +107,7 @@ Daemon and possibly more in the future.")
 
 (define-public libgcrypt
   (package
+    (replacement libgcrypt/fixed)
     (name "libgcrypt")
     (version "1.8.2")
     (source (origin
@@ -141,6 +142,19 @@ generation.")
     (properties '((ftp-server . "ftp.gnupg.org")
                   (ftp-directory . "/gcrypt/libgcrypt")))))
 
+(define libgcrypt/fixed
+  (package
+    (inherit libgcrypt)
+    (name "libgcrypt")
+    (version "1.8.3")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
+                                 version ".tar.bz2"))
+             (sha256
+              (base32
+               "0z5gs1khzyknyfjr19k8gk4q148s6q987ya85cpn0iv70fz91v36"))))))
+
 (define-public libassuan
   (package
     (name "libassuan")
@@ -230,14 +244,14 @@ compatible to GNU Pth.")
 (define-public gnupg
   (package
     (name "gnupg")
-    (version "2.2.7")
+    (version "2.2.8")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
                                   ".tar.bz2"))
               (sha256
                (base32
-                "0vlpis0q7gvq9mhdc43hkyn3cdriz4mwgj20my3gyzpgwqg3cnyr"))))
+                "1k8dnnfs9888yp713l7kg2jg110lw47s4krx0njna6fjrsw4qyvp"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -348,14 +362,14 @@ libskba (working with X.509 certificates and CMS data).")
 
 (define-public gnupg-1
   (package (inherit gnupg)
-    (version "1.4.22")
+    (version "1.4.23")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
                                   ".tar.bz2"))
               (sha256
                (base32
-                "1d1hz4szh1kvwhsw7w2zxa6q5ndrk3qy6hj289l1b8k3xi5s554m"))))
+                "1fkq4sqldvf6a25mm2qz95swv1qjg464736091w51djiwqbjyin9"))))
     (native-inputs '())
     (inputs
      `(("zlib" ,zlib)
@@ -506,14 +520,14 @@ decrypt messages using the OpenPGP format by making use of GPGME.")
 (define-public python-gnupg
   (package
     (name "python-gnupg")
-    (version "0.3.8")
+    (version "0.4.3")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "python-gnupg" version))
        (sha256
         (base32
-         "0nkbs9c8f30lra7ca39kg91x8cyxn0jb61vih4qky839gpbwwwiq"))))
+         "03dc8whhvk7ccspbk8vzfhkxli8cd9zfbss5p597g4jldgy8s59d"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -521,16 +535,14 @@ decrypt messages using the OpenPGP format by making use of GPGME.")
          (replace 'check
            (lambda _
              (substitute* "test_gnupg.py"
-               ;; Exported keys don't have a version line!
-               (("del k1\\[1\\]") "#")
                ;; Unsure why this test fails.
                (("'test_search_keys'") "True")
                (("def test_search_keys") "def disabled__search_keys"))
              (setenv "USERNAME" "guixbuilder")
              ;; The doctests are extremely slow and sometimes time out,
              ;; so we disable them.
-             (zero? (system* "python"
-                             "test_gnupg.py" "--no-doctests")))))))
+             (invoke "python"
+                     "test_gnupg.py" "--no-doctests"))))))
     (native-inputs
      `(("gnupg" ,gnupg-1)))
     (home-page "https://packages.python.org/python-gnupg/index.html")
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index df87700d6f..9e6061eb64 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -479,27 +479,43 @@ security standards.")
         (mozilla-patch "icecat-CVE-2018-5150-pt08.patch" "134c728799c1" "16hbwx6fx1hrddsyjjbd3z954ql3pg348xs13h9riyblq8crzmam")
         (mozilla-patch "icecat-CVE-2018-5150-pt09.patch" "14eab155eaa8" "0wr4xgblxzk4c2gvlnpl7ic1196mrhry1hgwdl1jivq0ji5cbvbd")
         (mozilla-patch "icecat-bug-1452619.patch"        "2b75d55ccf0e" "1g87aybw6ggv6hyk385bplv0lx63n020gwyq0d6d4pqld48hsm1i")
-        (mozilla-patch "icecat-bug-1453127.patch"        "89857f35df29" "0gzi47svrw5ajdlm3i12193psm702zx70x5h1rwp4gb7gxh4m4d9")
+        (mozilla-patch "icecat-CVE-2018-5156-pt1.patch"  "89857f35df29" "0gzi47svrw5ajdlm3i12193psm702zx70x5h1rwp4gb7gxh4m4d9")
         (mozilla-patch "icecat-CVE-2018-5150-pt10.patch" "3f2ec03c0405" "0w02952dlxd2gmwghck2nm4rjjmc5ylg62bw6m1rvi35kcr134lr")
         (mozilla-patch "icecat-CVE-2018-5183.patch"      "f729bf78fb3a" "0xkj6jwxwdqkvb5c7wi16b8cm8qrnlrd3s9jnd46jg03iykrx56f")
-        (mozilla-patch "icecat-bug-1437842.patch"        "eb896089db47" "10lppk4x2d3pim71a36ky1dmg08rs5ckfiljwvfnr1cw6934qxl4")
-        (mozilla-patch "icecat-bug-1458270.patch"        "2374dca97bde" "0y1g55wvj44nzb1qfkl271jcf8s1ik8lcl1785z0zim4qzn7qkpa")
-        (mozilla-patch "icecat-bug-1452576.patch"        "70b6298e0c9e" "0n5jfy6c421dkybk8m18vd61y95zz0r64g1p1zlya3fps5knfaqi")
-        (mozilla-patch "icecat-bug-1459206-pt1.patch"    "4ef79fe9b3b7" "1c32z1ki1i6xj1nbb0xlxwqnmz48ikmy8dmp37rkjz8ssn04wgfg")
-        (mozilla-patch "icecat-bug-1459206-pt2.patch"    "9ad16112044a" "0ayya67sx7avcb8bplfdxb92l9g4mjrb1s3hby283llhqv0ikg9b")
-        (mozilla-patch "icecat-bug-1459162.patch"        "11d8a87fb6d6" "1rkmdk18llw0x1jakix75hlhy0hpsmlminnflagbzrzjli81gwm1")
-        (mozilla-patch "icecat-bug-1451297.patch"        "407b10ad1273" "16qzsfirw045xag96f1qvpdlibm8lwdj9l1mlli4n1vz0db91v9q")
-        (mozilla-patch "icecat-bug-1462682.patch"        "e76e2e481b17" "0hnx13msjy28n3bpa2c24kpzalam4bdk5gnp0f9k671l48rs9yb3")
-        (mozilla-patch "icecat-bug-1450688.patch"        "2c75bfcd465c" "1pjinj8qypafqm2fk68s3hzcbzcijn09qzrpcxvzq6bl1yfc1xfd")
-        (mozilla-patch "icecat-bug-1456975.patch"        "042f80f3befd" "0av918kin4bkrq7gnjz0h9w8kkq8rk9l93250lfl5kqrinza1gsk")
-        (mozilla-patch "icecat-bugs-1442722+1455071+1433642+1456604+1458320.patch"
+        (mozilla-patch "icecat-CVE-2018-5188-pt01.patch" "eb896089db47" "10lppk4x2d3pim71a36ky1dmg08rs5ckfiljwvfnr1cw6934qxl4")
+        (mozilla-patch "icecat-CVE-2018-5188-pt02.patch" "2374dca97bde" "0y1g55wvj44nzb1qfkl271jcf8s1ik8lcl1785z0zim4qzn7qkpa")
+        (mozilla-patch "icecat-CVE-2018-5188-pt03.patch" "70b6298e0c9e" "0n5jfy6c421dkybk8m18vd61y95zz0r64g1p1zlya3fps5knfaqi")
+        (mozilla-patch "icecat-CVE-2018-12365-pt1.patch" "4ef79fe9b3b7" "1c32z1ki1i6xj1nbb0xlxwqnmz48ikmy8dmp37rkjz8ssn04wgfg")
+        (mozilla-patch "icecat-CVE-2018-12365-pt2.patch" "9ad16112044a" "0ayya67sx7avcb8bplfdxb92l9g4mjrb1s3hby283llhqv0ikg9b")
+        (mozilla-patch "icecat-CVE-2018-12359.patch"     "11d8a87fb6d6" "1rkmdk18llw0x1jakix75hlhy0hpsmlminnflagbzrzjli81gwm1")
+        (mozilla-patch "icecat-CVE-2018-5188-pt04.patch" "407b10ad1273" "16qzsfirw045xag96f1qvpdlibm8lwdj9l1mlli4n1vz0db91v9q")
+        (mozilla-patch "icecat-CVE-2018-6126.patch"      "e76e2e481b17" "0hnx13msjy28n3bpa2c24kpzalam4bdk5gnp0f9k671l48rs9yb3")
+        (mozilla-patch "icecat-CVE-2018-5188-pt05.patch" "2c75bfcd465c" "1pjinj8qypafqm2fk68s3hzcbzcijn09qzrpcxvzq6bl1yfc1xfd")
+        (mozilla-patch "icecat-CVE-2018-5188-pt06.patch" "042f80f3befd" "0av918kin4bkrq7gnjz0h9w8kkq8rk9l93250lfl5kqrinza1gsk")
+        (mozilla-patch "icecat-CVE-2018-5188-pt07+bugs-1455071+1433642+1456604+1458320.patch"
                                                          "bb0451c9c4a0" "1lhm1b2a7c6jwhzsg3c830hfhp17p8j9zbcmgchpb8c5jkc3vw0x")
-        (mozilla-patch "icecat-bug-1465108-pt1.patch"    "8189b262e3b9" "13rh86ddwmj1bhv3ibbil3sv5xbqq1c9v1czgbsna5hxxkzc1y3b")
-        (mozilla-patch "icecat-bug-1465108-pt2.patch"    "9f81ae3f6e1d" "05vfg8a8jrzd93n1wvncmvdmqgf9cgsl8ryxgjs3032gbbjkga7q")
-        (mozilla-patch "icecat-bug-1459693.patch"        "face7a3dd5d7" "0jclw30mf693w8lrmvn0iankggj21nh4j3zh51q5363rj5xncdzx")
-        (mozilla-patch "icecat-bug-1464829.patch"        "7afb58c046c8" "1r0569r76712x7x1sw6xr0x06ilv6iw3fncb0f8r8b9mp6wrpx34")
-        (mozilla-patch "icecat-bug-1452375-pt1.patch"    "f1a745f8c42d" "11q73pb7a8f09xjzil4rhg5nr49zrnz1vb0prni0kqvrnppf5s40")
-        (mozilla-patch "icecat-bug-1452375-pt2.patch"    "1f9a430881cc" "0f79rv7njliqxx33z07n60b50jg0a596d1km7ayz2hivbl2d0168")))
+        (mozilla-patch "icecat-CVE-2018-5188-pt08.patch" "8189b262e3b9" "13rh86ddwmj1bhv3ibbil3sv5xbqq1c9v1czgbsna5hxxkzc1y3b")
+        (mozilla-patch "icecat-CVE-2018-5188-pt09.patch" "9f81ae3f6e1d" "05vfg8a8jrzd93n1wvncmvdmqgf9cgsl8ryxgjs3032gbbjkga7q")
+        (mozilla-patch "icecat-CVE-2018-12360.patch"     "face7a3dd5d7" "0jclw30mf693w8lrmvn0iankggj21nh4j3zh51q5363rj5xncdzx")
+        (mozilla-patch "icecat-CVE-2018-5188-pt10.patch" "7afb58c046c8" "1r0569r76712x7x1sw6xr0x06ilv6iw3fncb0f8r8b9mp6wrpx34")
+        (mozilla-patch "icecat-CVE-2018-12362-pt1.patch" "f1a745f8c42d" "11q73pb7a8f09xjzil4rhg5nr49zrnz1vb0prni0kqvrnppf5s40")
+        (mozilla-patch "icecat-CVE-2018-12362-pt2.patch" "1f9a430881cc" "0f79rv7njliqxx33z07n60b50jg0a596d1km7ayz2hivbl2d0168")
+        (mozilla-patch "icecat-CVE-2018-5188-pt11.patch" "28f4fc0a5141" "1a8f9z6c80in8ccj82ysdrcr2lqypp29l4acs50kwncm0c0b01zl")
+        (mozilla-patch "icecat-CVE-2018-12363.patch"     "ad5a53a1d2b1" "0rhl4r39ydb3lkfp5pkwvhhzqgfh33s9r7b7jccgkrx6f13xyq78")
+        (mozilla-patch "icecat-CVE-2018-5188-pt12.patch" "0ddfc03c0454" "1b0xw2kj9765lvpl8iwr3wwcz40bdfp3dp4y9f546a61qsi9q9d6")
+        (mozilla-patch "icecat-CVE-2018-5156-pt2.patch"  "dbf36189a364" "1awbyhy0r79i03sns2p0m78f9hb6c7kp4hwia2khx4qszlsr4j95")
+        (mozilla-patch "icecat-CVE-2018-5188-pt13.patch" "32509dfde003" "0cc3c92dgf5qynk093prq610c9x815l2fa24ddrw9czdzbwblsdq")
+        (mozilla-patch "icecat-bug-1462912.patch"        "f18535a212da" "0zkqz9il89f1s1yrp5c6hj6kysy2x02iy50vgwdj30lr56gkpzmk")
+        (mozilla-patch "icecat-CVE-2018-5188-pt14.patch" "e8e9e1ef79f2" "0dc8p6fsppq3bhbpmp41f8mjxbr31pvgpga0a73dqdaicq5ydgj4")
+        (search-patch  "icecat-bug-1413868-pt1.patch")
+        (mozilla-patch "icecat-CVE-2018-5188-pt15.patch" "9d4d31b2630d" "1lcbmsyi09kp80h1jgxj5l45zl24xn22h1lq7drbyjxsn1kggq4g")
+        (mozilla-patch "icecat-CVE-2018-12366-pt1.patch" "edf2c7dff493" "06xmyk7nm54cm9m6qc59wz8cxxfa5r25mf2xzdzy74iq5hwa1ac8")
+        (mozilla-patch "icecat-CVE-2018-5188-pt16.patch" "05549a4d1b80" "10q68cllshmmhlrbirm9h4gyc3ffrcpsxihfpcbxh90nv2h16jci")
+        (mozilla-patch "icecat-CVE-2018-12364.patch"     "67b2d8924841" "197riigbb6l30959pygr0zlv7vaims78dg1mh0pg33pa7cbna0ds")
+        (mozilla-patch "icecat-CVE-2018-12366-pt2.patch" "528d4d997bb3" "0f375i96a404dkn0fanmd9pgfj3wyrhjfc5dwslw2s44gwfjhljb")
+        (mozilla-patch "icecat-bug-1369771.patch"        "fab16ad7f256" "0kd8qm04sjgfgfg8yw3ivcxazb1d7v430g86chw4n64qybsh9ka3")
+        (mozilla-patch "icecat-CVE-2018-5188-pt17.patch" "068e249d02b4" "1iy9by1mg5qhp8502h31m8zm99aq2hx0c5n3hadd5pk11lfnq6ll")
+        (mozilla-patch "icecat-bug-1413868-pt2.patch"    "755067c14b06" "089dwqwzcdg1l6aimi0i65q4dgb2iny5h8yjx63h9zgv77n0700a")))
       (modules '((guix build utils)))
       (snippet
        '(begin
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index d61747a09c..3640d7640b 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -78,7 +78,8 @@
          (delete 'configure)
          (add-after 'patch-generated-file-shebangs 'chdir
            (lambda _
-             (chdir "src")))
+             (chdir "src")
+             #t))
          (add-before 'build 'prebuild
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (let* ((gcclib (string-append (assoc-ref inputs "gcc:lib") "/lib"))
@@ -160,7 +161,7 @@
                ;; Go 1.4's cgo will not work with binutils >= 2.27:
                ;; https://github.com/golang/go/issues/16906
                (setenv "CGO_ENABLED" "0")
-               (zero? (system* "sh" "all.bash")))))
+               (invoke "sh" "all.bash"))))
 
          (replace 'install
            (lambda* (#:key outputs inputs #:allow-other-keys)
@@ -215,7 +216,7 @@ in the style of communicating sequential processes (@dfn{CSP}).")
   (package
     (inherit go-1.4)
     (name "go")
-    (version "1.9.6")
+    (version "1.9.7")
     (source
      (origin
        (method url-fetch)
@@ -223,7 +224,7 @@ in the style of communicating sequential processes (@dfn{CSP}).")
                            name version ".src.tar.gz"))
        (sha256
         (base32
-         "0a2qkvzr0g5cbd66wi7b6r40qyp9p55y0zz2j5qg1xsqwsdhbx1n"))))
+         "08kpy874x0rx43zpyv5kwd8xj2ma91xm33i0ka2v1v788px18a2q"))))
     (arguments
      (substitute-keyword-arguments (package-arguments go-1.4)
        ((#:phases phases)
@@ -343,7 +344,7 @@ in the style of communicating sequential processes (@dfn{CSP}).")
                  (setenv "GOROOT" (dirname (getcwd)))
                  (setenv "GOROOT_FINAL" output)
                  (setenv "CGO_ENABLED" "1")
-                 (zero? (system* "sh" "all.bash")))))
+                 (invoke "sh" "all.bash"))))
 
            (replace 'install
              ;; TODO: Most of this could be factorized with Go 1.4.
@@ -374,7 +375,8 @@ in the style of communicating sequential processes (@dfn{CSP}).")
                   '("README.md" "CONTRIBUTORS" "AUTHORS" "PATENTS"
                     "LICENSE" "VERSION" "CONTRIBUTING.md" "robots.txt"))
 
-                 (copy-recursively "../" output))))))))
+                 (copy-recursively "../" output)
+                 #t)))))))
     (native-inputs
      `(("go" ,go-1.4)
        ,@(package-native-inputs go-1.4)))
@@ -384,7 +386,7 @@ in the style of communicating sequential processes (@dfn{CSP}).")
   (package
     (inherit go-1.9)
     (name "go")
-    (version "1.10.2")
+    (version "1.10.3")
     (source
      (origin
        (method url-fetch)
@@ -392,7 +394,7 @@ in the style of communicating sequential processes (@dfn{CSP}).")
                            name version ".src.tar.gz"))
        (sha256
         (base32
-         "1gcqbac3wbhbcr0ri9zgfj6qkqbwf9fn116a0a7fvn4wdff60r32"))))
+         "1wjmw65nfkkzz084695gdgn13sbjcaafy2y5370d214pdk31qysn"))))
     (arguments
      (substitute-keyword-arguments (package-arguments go-1.9)
        ((#:phases phases)
@@ -1621,3 +1623,173 @@ values for the purpose of fuzz testing.")
       (synopsis "Go registry for request variables")
       (description "This package provides @code{gorilla/context}, which is a general purpose registry for global request variables in the Go programming language.")
       (license license:bsd-3))))
+
+(define-public go-github-com-gorilla-mux
+  (let ((commit "599cba5e7b6137d46ddf58fb1765f5d928e69604")
+        (revision "0"))
+    (package
+      (name "go-github-com-gorilla-mux")
+      (version (git-version "0.0.0" revision commit))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/gorilla/mux.git")
+               (commit commit)))
+         (file-name (git-file-name name version))
+         (sha256
+          (base32
+           "0wd6jjii1kg5s0nk3ri6gqriz6hbd6bbcn6x4jf8n7ncrb8qsxyz"))))
+      (build-system go-build-system)
+      (arguments
+       '(#:import-path "github.com/gorilla/mux"))
+      (home-page "https://github.com/gorilla/mux")
+      (synopsis "URL router and dispatcher for Go")
+      (description
+       "Gorilla/Mux implements a request router and dispatcher for matching
+incoming requests with their respective handler.")
+      (license license:bsd-3))))
+
+(define-public go-github-com-jonboulle-clockwork
+  (let ((commit "e3653ace2d63753697e0e5b07b9393971c0bba9d")
+        (revision "0"))
+    (package
+      (name "go-github-com-jonboulle-clockwork")
+      (version (git-version "0.0.0" revision commit))
+      (source
+        (origin
+          (method git-fetch)
+          (uri (git-reference
+                 (url "https://github.com/jonboulle/clockwork.git")
+                 (commit commit)))
+          (file-name (git-file-name name version))
+          (sha256
+            (base32
+              "1avzqhks12a8x2yzpvjsf3k0gv9cy7zx2z88hn0scacnxkphisvc"))))
+      (build-system go-build-system)
+      (arguments
+        '(#:import-path "github.com/jonboulle/clockwork"))
+      (home-page "https://github.com/jonboulle/clockwork")
+      (synopsis "Fake clock library for Go")
+      (description
+       "Replace uses of the @code{time} package with the
+@code{clockwork.Clock} interface instead.")
+      (license license:asl2.0))))
+
+(define-public go-github-com-spf13-pflag
+  (let ((commit "4f9190456aed1c2113ca51ea9b89219747458dc1")
+        (revision "0"))
+    (package
+      (name "go-github-com-spf13-pflag")
+      (version (git-version "0.0.0" revision commit))
+      (source
+        (origin
+          (method git-fetch)
+          (uri (git-reference
+                 (url "https://github.com/spf13/pflag.git")
+                 (commit commit)))
+          (file-name (git-file-name name version))
+          (sha256
+            (base32
+              "12vrlcsbwjqlfc49rwky45mbcj74c0kb6z54354pzas6fwzyi1kc"))))
+      (build-system go-build-system)
+      (arguments
+        '(#:import-path "github.com/spf13/pflag"))
+      (home-page "https://github.com/spf13/pflag")
+      (synopsis "Replacement for Go's @code{flag} package")
+      (description
+       "Pflag is library to replace Go's @code{flag} package.  It implements
+POSIX/GNU-style command-line options with double hyphens.  It is is compatible
+with the
+@uref{https://www.gnu.org/software/libc/manual/html_node/Argument-Syntax.html,
+GNU extensions} to the POSIX recommendations for command-line options.")
+      (license license:bsd-3))))
+
+(define-public go-github-com-sirupsen-logrus
+  (package
+    (name "go-github-com-sirupsen-logrus")
+    (version "1.0.5")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/sirupsen/logrus.git")
+             (commit (string-append "v" version))))
+       (sha256
+        (base32
+         "0g5z7al7kky11ai2dhac6gkp3b5pxsvx72yj3xg4wg3265gbn7yz"))))
+    (build-system go-build-system)
+    (native-inputs
+     `(("go-golang-org-x-crypto-ssh-terminal"
+        ,go-golang-org-x-crypto-ssh-terminal)
+       ("go-github-com-stretchr-testify"
+        ,go-github-com-stretchr-testify)
+       ("go-golang-org-x-sys-unix"
+        ,go-golang-org-x-sys-unix)))
+    (arguments
+     '(#:tests? #f                    ;FIXME missing dependencies
+       #:import-path "github.com/sirupsen/logrus"))
+    (home-page "https://github.com/sirupsen/logrus")
+    (synopsis "Structured, pluggable logging for Go")
+    (description "Logrus is a structured logger for Go, completely API
+compatible with the standard library logger.")
+    (license license:expat)))
+
+(define-public go-github-com-kardianos-osext
+  (let ((commit "ae77be60afb1dcacde03767a8c37337fad28ac14")
+        (revision "1"))
+    (package
+      (name "go-github-com-kardianos-osext")
+      (version (git-version "0.0.0" revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/kardianos/osext")
+                      (commit commit)))
+                (file-name (git-file-name name version))
+                (sha256
+                 (base32
+                  "056dkgxrqjj5r18bnc3knlpgdz5p3yvp12y4y978hnsfhwaqvbjz"))))
+      (build-system go-build-system)
+      (arguments
+       `(#:import-path "github.com/kardianos/osext"
+         ;; The tests are flaky:
+         ;; <https://github.com/kardianos/osext/issues/21>
+         #:tests? #f))
+      (synopsis "Find the running executable")
+      (description "Osext provides a method for finding the current executable
+file that is running.  This can be used for upgrading the current executable or
+finding resources located relative to the executable file.")
+      (home-page "https://github.com/kardianos/osext")
+      (license license:bsd-3))))
+
+(define-public go-github-com-ayufan-golang-kardianos-service
+  (let ((commit "0c8eb6d8fff2e2fb884a7bfd23e183fb63c0eff3")
+        (revision "0"))
+    (package
+      (name "go-github-com-ayufan-golang-kardianos-service")
+      (version (git-version "0.0.0" revision commit))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url
+                "https://github.com/ayufan/golang-kardianos-service.git")
+               (commit commit)))
+         (file-name (git-file-name name version))
+         (sha256
+          (base32
+           "0x0cn7l5gda2khsfypix7adxd5yqighzn04mxjw6hc4ayrh7his5"))))
+      (build-system go-build-system)
+      (native-inputs
+       `(("go-github-com-kardianos-osext"
+          ,go-github-com-kardianos-osext)))
+      (arguments
+       '(#:tests? #f                ;FIXME tests fail: Service is not running.
+         #:import-path "github.com/ayufan/golang-kardianos-service"))
+      (home-page "https://github.com/ayufan/golang-kardianos-service")
+      (synopsis "Go interface to a variety of service supervisors")
+      (description "This package provides @code{service}, a Go module that can
+run programs as a service using a variety of supervisors, including systemd,
+SysVinit, and more.")
+      (license license:zlib))))
diff --git a/gnu/packages/gps.scm b/gnu/packages/gps.scm
index e913c25904..0555d831e3 100644
--- a/gnu/packages/gps.scm
+++ b/gnu/packages/gps.scm
@@ -193,7 +193,7 @@ coordinates as well as partial support for adjustments in global coordinate syst
            ;; Use lrelease to convert TS translation files into QM files.
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (for-each (lambda (file)
-                         (system* "lrelease" file))
+                         (invoke "lrelease" file))
                        (find-files "lang" "\\.ts"))
              (substitute* "src/config.h"
                (("/usr/share/gpxsee")
diff --git a/gnu/packages/graphics.scm b/gnu/packages/graphics.scm
index 439170c007..52f7ff3ba6 100644
--- a/gnu/packages/graphics.scm
+++ b/gnu/packages/graphics.scm
@@ -373,7 +373,7 @@ storage of the \"EXR\" file format for storing 16-bit floating-point images.")
 (define-public openimageio
   (package
     (name "openimageio")
-    (version "1.6.15")
+    (version "1.7.19")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/OpenImageIO/oiio/"
@@ -381,7 +381,7 @@ storage of the \"EXR\" file format for storing 16-bit floating-point images.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "144crq0205d0w5aq4iglh2rhzf54a8rv3pksy6d533b75w5d7rq7"))))
+                "1qlmfhvl2wva4aifyiq7c4sdy61ddl7wykwvlpfys9p701xghvj7"))))
     (build-system cmake-build-system)
     ;; FIXME: To run all tests successfully, test image sets from multiple
     ;; third party sources have to be present.  For details see
diff --git a/gnu/packages/groovy.scm b/gnu/packages/groovy.scm
index 512f9c9edb..aaa524b1ba 100644
--- a/gnu/packages/groovy.scm
+++ b/gnu/packages/groovy.scm
@@ -1107,7 +1107,7 @@ and modify groovy's @dfn{Abstract Syntax Tree} (AST).")))
                      "groovy-jmx" "groovy-json" "groovy-jsr223"
                      "groovy-nio" "groovy-servlet" "groovy-sql"
                      "groovy-swing" "groovy-templates" "groovy-testng"
-                     "java-commons-cli" "java-asm"
+                     "groovy-xml" "java-commons-cli" "java-asm"
                      "java-classpathx-servletapi" "java-xstream"
                      "java-jansi" "java-jline-2"))
                  ;; antlr.jar is present twice in antlr2.  Symlink doesn't like
@@ -1140,6 +1140,7 @@ and modify groovy's @dfn{Abstract Syntax Tree} (AST).")))
        ("groovy-swing" ,groovy-swing)
        ("groovy-templates" ,groovy-templates)
        ("groovy-testng" ,groovy-testng)
+       ("groovy-xml" ,groovy-xml)
        ("java-commons-cli" ,java-commons-cli)
        ("java-asm" ,java-asm)
        ("java-classpathx-servletapi" ,java-classpathx-servletapi)
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index dfe982c803..76346f6bb2 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -284,7 +284,7 @@ functions which were removed.")
     (version "1.4.2")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://download.drobilla.net/ganv-"
+              (uri (string-append "https://download.drobilla.net/ganv-"
                                   version ".tar.bz2"))
               (sha256
                (base32
@@ -309,7 +309,7 @@ functions which were removed.")
     (native-inputs
      `(("glib" ,glib "bin")             ; for glib-genmarshal, etc.
        ("pkg-config" ,pkg-config)))
-    (home-page "http://drobilla.net/software/ganv/")
+    (home-page "https://drobilla.net/software/ganv/")
     (synopsis "GTK+ widget for interactive graph-like environments")
     (description
      "Ganv is an interactive GTK+ widget for interactive “boxes and lines” or
@@ -328,7 +328,7 @@ diagrams.")
       (source (origin
                 (method git-fetch)
                 (uri (git-reference
-                      (url "http://git.drobilla.net/ganv.git")
+                      (url "https://git.drobilla.net/ganv.git")
                       (commit commit)))
                 (file-name (git-file-name name version))
                 (sha256
@@ -1416,7 +1416,7 @@ information.")
 (define-public gtk-doc
   (package
     (name "gtk-doc")
-    (version "1.25")
+    (version "1.27")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -1424,12 +1424,30 @@ information.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0hpxcij9xx9ny3gs9p0iz4r8zslw8wqymbyababiyl7603a6x90y"))))
+                "0vwsdl61nvnmqswlz5j9m4hg7qirhazwcikcnqf9nx0c13vx6sz2"))))
     (build-system gnu-build-system)
     (arguments
      `(#:parallel-tests? #f
        #:phases
        (modify-phases %standard-phases
+         (add-after 'unpack 'patch-gtk-doc-scan
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "gtk-doc.xsl"
+              (("http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl")
+               (string-append (assoc-ref inputs "docbook-xsl")
+                              "/xml/xsl/docbook-xsl-"
+                              ,(package-version docbook-xsl)
+                              "/html/chunk.xsl")))
+             #t))
+         (add-after 'patch-gtk-doc-scan 'patch-test-out
+           (lambda _
+             ;; sanity.sh counts the number of status lines.  Since our
+             ;; texlive regenerates the fonts every time and the font
+             ;; generator metafont outputs a lot of extra lines, this
+             ;; test would always fail.  Disable it for now.
+             (substitute* "tests/Makefile.in"
+              (("empty.sh sanity.sh") "empty.sh"))
+             #t))
          (add-before 'build 'set-HOME
            (lambda _
              ;; FIXME: dblatex with texlive-union does not find the built
@@ -1450,7 +1468,15 @@ information.")
                 (string-append (car (find-files (assoc-ref inputs "docbook-xsl")
                                                 "^catalog.xml$"))
                                " \"http://docbook.sourceforge.net/release/xsl/")))
-             #t)))
+             #t))
+         (add-after 'install 'wrap-executables
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (for-each (lambda (prog)
+                           (wrap-program prog
+                             `("PYTHONPATH" ":" prefix (,(getenv "PYTHONPATH")))))
+                         (find-files (string-append out "/bin")))
+               #t))))
        #:configure-flags
        (list (string-append "--with-xml-catalog="
                             (assoc-ref %build-inputs "docbook-xml")
@@ -1469,7 +1495,8 @@ information.")
        ("docbook-xml" ,docbook-xml-4.3)
        ("docbook-xsl" ,docbook-xsl)
        ("source-highlight" ,source-highlight)
-       ("glib" ,glib)))
+       ("glib" ,glib)
+       ("python-six" ,python-six)))
     (home-page "http://www.gtk.org/gtk-doc/")
     (synopsis "Documentation generator from C source code")
     (description
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index a88d24885f..81b673c7e2 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -767,14 +767,23 @@ The library is shipped with documentation in Info format and usage examples.")
 (define-public guile-lib
   (package
     (name "guile-lib")
-    (version "0.2.5.1")
+    (version "0.2.6")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://savannah/guile-lib/guile-lib-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "19q420i3is3d4jmkdqs5y7ir7ipp4s795saflqgwf6617cx2zpj4"))))
+                "0n1lf5bsr5s9gqi07sdfkl1hpin6dzvkcj1xa63jd1w8aglwv8r1"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  ;; 'pre-inst-env' sets an incorrect load path, missing the
+                  ;; "/src" bit.  Add it.
+                  (substitute* "pre-inst-env.in"
+                    (("abs_top_(builddir|srcdir)=([[:graph:]]+)" _ dir value)
+                     (string-append "abs_top_" dir "=" value "/src")))
+                  #t))))
     (build-system gnu-build-system)
     (arguments
      '(#:make-flags
@@ -835,7 +844,8 @@ for Guile\".")
                                     "AC_SUBST([GUILE_EFFECTIVE_VERSION])\n")))
                   (substitute* '("Makefile.am" "json/Makefile.am")
                     (("moddir[[:blank:]]*=.*/share/guile/site" all)
-                     (string-append all "/@GUILE_EFFECTIVE_VERSION@")))))))
+                     (string-append all "/@GUILE_EFFECTIVE_VERSION@")))
+                  #t))))
     (build-system gnu-build-system)
     (native-inputs `(("autoconf" ,autoconf)
                      ("automake" ,automake)
@@ -1206,58 +1216,31 @@ Guile's foreign function interface.")
   (deprecated-package "guile2.2-gdbm-ffi" guile-gdbm-ffi))
 
 (define-public guile-sqlite3
-  (let ((commit "10c13a7e02ab1655c8a758e560cafc9d6eff26f4")
-        (revision "4"))
-    (package
-      (name "guile-sqlite3")
-      (version (git-version "0.0" revision commit))
-
-      ;; XXX: This used to be available read-only at
-      ;; <https://www.gitorious.org/guile-sqlite3/guile-sqlite3.git/> but it
-      ;; eventually disappeared, so we have our own copy here.
-      (home-page "https://notabug.org/civodul/guile-sqlite3.git")
-      (source (origin
-                (method git-fetch)
-                (uri (git-reference
-                      (url home-page)
-                      (commit commit)))
-                (sha256
-                 (base32
-                  "0nhhswpd7nb2f0gfr55fzcc2xm3l2xx4rbljsd1clrm8fj2d7q9d"))
-                (file-name (string-append name "-" version "-checkout"))
-                (modules '((guix build utils)))
-                (snippet
-                 ;; Upgrade 'Makefile.am' to the current way of doing things.
-                 '(begin
-                    (substitute* "Makefile.am"
-                      (("TESTS_ENVIRONMENT")
-                       "TEST_LOG_COMPILER"))
-                    #t))))
-
-      (build-system gnu-build-system)
-      (native-inputs
-       `(("autoconf" ,autoconf)
-         ("automake" ,automake)
-         ("pkg-config" ,pkg-config)))
-      (inputs
-       `(("guile" ,guile-2.2)
-         ("sqlite" ,sqlite)))
-      (arguments
-       '(#:phases (modify-phases %standard-phases
-                    (add-after 'unpack 'autoreconf
-                      (lambda _
-                        (zero? (system* "autoreconf" "-vfi"))))
-                    (add-before 'build 'set-sqlite3-file-name
-                      (lambda* (#:key inputs #:allow-other-keys)
-                        (substitute* "sqlite3.scm"
-                          (("\"libsqlite3\"")
-                           (string-append "\"" (assoc-ref inputs "sqlite")
-                                          "/lib/libsqlite3\"")))
-                        #t)))))
-      (synopsis "Access SQLite databases from Guile")
-      (description
-       "This package provides Guile bindings to the SQLite database system.")
-      (license license:gpl3+))))
+  (package
+    (name "guile-sqlite3")
+    (version "0.1.0")
+    (home-page "https://notabug.org/civodul/guile-sqlite3.git")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url home-page)
+                    (commit (string-append "v" version))))
+              (sha256
+               (base32
+                "1nv8j7wk6b5n4p22szyi8lv8fs31rrzxhzz16gyj8r38c1fyp9qp"))
+              (file-name (string-append name "-" version "-checkout"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("guile" ,guile-2.2)
+       ("sqlite" ,sqlite)))
+    (synopsis "Access SQLite databases from Guile")
+    (description
+     "This package provides Guile bindings to the SQLite database system.")
+    (license license:gpl3+)))
 
 (define-public haunt
   (package
@@ -1786,7 +1769,7 @@ is no support for parsing block and inline level HTML.")
 (define-public guile-bytestructures
   (package
     (name "guile-bytestructures")
-    (version "1.0.1")
+    (version "1.0.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/TaylanUB/scheme-bytestructures"
@@ -1794,7 +1777,7 @@ is no support for parsing block and inline level HTML.")
                                   "/bytestructures-" version ".tar.gz"))
               (sha256
                (base32
-                "1lnfcy65mqj823lamy2n2vaghdz0g7mj011bgnhmd6hwpnaidnh2"))))
+                "0xf6s8gd3656j8k2ar6y7i62r68azawyzxhsagsk8nvldnrs1r18"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -2002,20 +1985,6 @@ is not available for Guile 2.0.")
                   "0z1dvn0scx59pbgjkpacam7p5n7630z4qm8fazim7ixq9xv3s8wx"))
                 (file-name (git-file-name name version))))
       (build-system gnu-build-system)
-      (arguments
-       `(#:phases (modify-phases %standard-phases
-                    ;; FIXME: On i686, bytestructures miscalculates the offset
-                    ;; of the 'old-file' and 'new-file' fields within the
-                    ;; '%diff-delta' structure.  See
-                    ;; <https://github.com/TaylanUB/scheme-bytestructures/issues/30>.
-                    ,@(if (string=? (%current-system) "x86_64-linux")
-                          '()
-                          '((add-before 'check 'skip-tests
-                              (lambda _
-                                (substitute* "Makefile"
-                                  (("tests/status\\.scm")
-                                   ""))
-                                #t)))))))
       (native-inputs
        `(("autoconf" ,autoconf)
          ("automake" ,automake)
@@ -2131,8 +2100,8 @@ It has a nice, simple s-expression based syntax.")
     (license license:gpl3+)))
 
 (define-public guile-simple-zmq
-  (let ((commit "d76657aeb1cd10ef8136edc06bb90999914c7c3c")
-        (revision "0"))
+  (let ((commit "1f3b7c0b9b249c6fde8e8a632b252d8a1b794424")
+        (revision "1"))
     (package
       (name "guile-simple-zmq")
       (version (git-version "0.0.0" revision commit))
@@ -2144,7 +2113,7 @@ It has a nice, simple s-expression based syntax.")
                (commit commit)))
          (sha256
           (base32
-           "1w73dy5gpyv33jn34dqlkqpwh9w4y8wm6hgvbpb3wbp6xsa2mk4z"))
+           "0nj2pd5bsmmgd3c54wh4sixfhmsv1arsq7yam2d7487h3n9q57r7"))
          (file-name (git-file-name name version))))
       (build-system trivial-build-system)
       (arguments
@@ -2209,9 +2178,10 @@ It has a nice, simple s-expression based syntax.")
                                             file go-file)))))
                        (list scm-file))
              #t))))
+      (inputs
+       `(("guile" ,guile-2.2)))
       (propagated-inputs
-       `(("guile" ,guile-2.2)
-         ("zeromq" ,zeromq)))
+       `(("zeromq" ,zeromq)))
       (home-page "https://github.com/jerry40/guile-simple-zmq")
       (synopsis "Guile wrapper over ZeroMQ library")
       (description
diff --git a/gnu/packages/image-viewers.scm b/gnu/packages/image-viewers.scm
index 5abcdf9a2a..b2e67e52f9 100644
--- a/gnu/packages/image-viewers.scm
+++ b/gnu/packages/image-viewers.scm
@@ -60,7 +60,7 @@
 (define-public feh
   (package
     (name "feh")
-    (version "2.26.3")
+    (version "2.27")
     (home-page "https://feh.finalrewind.org/")
     (source (origin
               (method url-fetch)
@@ -68,7 +68,7 @@
                                   name "-" version ".tar.bz2"))
               (sha256
                (base32
-                "08aagymgajcvciagwy2zdxhicvdfnjmd2xyx9bqjy7l1n16ydwrz"))))
+                "0kn6cka9m76697i495npd60ad64jnfnzv5z6znzyr0vlxx2nhcmg"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases (modify-phases %standard-phases (delete 'configure))
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 6b7f41c906..a330a31599 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -394,6 +394,7 @@ extracting icontainer icon files.")
 (define-public libtiff
   (package
    (name "libtiff")
+   (replacement libtiff/fixed)
    (version "4.0.9")
    (source
      (origin
@@ -426,6 +427,17 @@ collection of tools for doing simple manipulations of TIFF images.")
                                   "See COPYRIGHT in the distribution."))
    (home-page "http://www.simplesystems.org/libtiff/")))
 
+(define libtiff/fixed
+  (package
+    (inherit libtiff)
+    (source
+      (origin
+        (inherit (package-source libtiff))
+        (patches
+          (append (origin-patches (package-source libtiff))
+                  (search-patches "libtiff-CVE-2018-8905.patch"
+                                  "libtiff-CVE-2018-10963.patch")))))))
+
 (define-public leptonica
   (package
     (name "leptonica")
@@ -487,8 +499,9 @@ arithmetic ops.")
     (source
       (origin
         (method url-fetch)
-        (uri (string-append "http://downloads.ghostscript.com/public/" name "/"
-                            name "-" version ".tar.gz"))
+        (uri
+         (string-append "https://github.com/ArtifexSoftware/ghostpdl-downloads/"
+                        "releases/download/gs922/" name "-" version ".tar.gz"))
         (sha256
           (base32 "0k01hp0q4275fj4rbr1gy64svfraw5w7wvwl08yjhvsnpb1rid11"))
         (patches (search-patches "jbig2dec-ignore-testtest.patch"))))
@@ -504,7 +517,7 @@ This is a decoder only implementation, and currently is in the alpha
 stage, meaning it doesn't completely work yet.  However, it is
 maintaining parity with available encoders, so it is useful for real
 work.")
-    (home-page "http://www.ghostscript.com/jbig2dec.html")
+    (home-page "https://jbig2dec.com")
     (license license:gpl2+)))
 
 (define-public openjpeg
diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm
index e80da6d848..24e62142b9 100644
--- a/gnu/packages/imagemagick.scm
+++ b/gnu/packages/imagemagick.scm
@@ -47,14 +47,14 @@
     ;; The 7 release series has an incompatible API, while the 6 series is still
     ;; maintained. Don't update to 7 until we've made sure that the ImageMagick
     ;; users are ready for the 7-series API.
-    (version "6.9.9-43")
+    (version "6.9.10-3")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://imagemagick/ImageMagick-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "09vfxb1ljfma7mvkcqp17bs7adlrfh6kc6k9hifkhgxf51vr7hk6"))))
+               "0njq3vp0f3d5992jsah5nhbc5id2bnl7myhdw669k0vmc55mmlcj"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags '("--with-frozenpaths" "--without-gcc-arch")
diff --git a/gnu/packages/irc.scm b/gnu/packages/irc.scm
index 993102f272..5a1df6d600 100644
--- a/gnu/packages/irc.scm
+++ b/gnu/packages/irc.scm
@@ -133,12 +133,11 @@ irssi, but graphical.")
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (let ((out (assoc-ref outputs "out")))
                (setenv "CONFIG_SHELL" (which "bash"))
-               (zero?
-                (system* "./configure"
-                         (string-append "--prefix=" out)
-                         (string-append "--with-proxy")
-                         (string-append "--with-socks")
-                         (string-append "--with-bot")))))))))
+               (invoke "./configure"
+                       (string-append "--prefix=" out)
+                       (string-append "--with-proxy")
+                       (string-append "--with-socks")
+                       (string-append "--with-bot"))))))))
     (inputs
      `(("glib" ,glib)
        ("ncurses" ,ncurses)
@@ -405,21 +404,20 @@ other enhancements and bug fixes.")
                      '())
                (setenv "CONFIG_SHELL" (which "bash"))
                (setenv "SHELL" (which "bash"))
-               (zero?
-                (system* "./configure"
-                         (string-append "--prefix=" out)
-                         "--with-ipv6" "--with-libarchive"
-                         ;; We use libressl because openssl does not come
-                         ;; with the lib/libssl.a which is needed for epic5.
-                         ;; XXX: No matter which implementation is chosen,
-                         ;; epic5 fails to connect to tls ports of roundrobin
-                         ;; irc networks. This however is believed to be an
-                         ;; protocol issue at epic5 related to ircd.
-                         (string-append "--with-ssl="
-                                        (assoc-ref %build-inputs "libressl"))
-                         (string-append "--with-tcl="
-                                        (assoc-ref %build-inputs "tcl")
-                                        "/lib/tclConfig.sh")))))))))
+               (invoke "./configure"
+                       (string-append "--prefix=" out)
+                       "--with-ipv6" "--with-libarchive"
+                       ;; We use libressl because openssl does not come
+                       ;; with the lib/libssl.a which is needed for epic5.
+                       ;; XXX: No matter which implementation is chosen,
+                       ;; epic5 fails to connect to tls ports of roundrobin
+                       ;; irc networks. This however is believed to be an
+                       ;; protocol issue at epic5 related to ircd.
+                       (string-append "--with-ssl="
+                                      (assoc-ref %build-inputs "libressl"))
+                       (string-append "--with-tcl="
+                                      (assoc-ref %build-inputs "tcl")
+                                      "/lib/tclConfig.sh"))))))))
     (inputs
      `(("libressl" ,libressl)
        ("ncurses" ,ncurses)
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index 678cbee188..64d82439b2 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -2629,7 +2629,16 @@ documentation tools.")
                     "code.google.com/jarjar/jarjar-src-" version ".zip"))
               (sha256
                (base32
-                "1v8irhni9cndcw1l1wxqgry013s2kpj0qqn57lj2ji28xjq8ndjl"))))
+                "1v8irhni9cndcw1l1wxqgry013s2kpj0qqn57lj2ji28xjq8ndjl"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  ;; Delete bundled thirds-party jar archives.
+                  ;; TODO: unbundle maven-plugin-api.
+                  (delete-file "lib/asm-4.0.jar")
+                  (delete-file "lib/asm-commons-4.0.jar")
+                  (delete-file "lib/junit-4.8.1.jar")
+                  #t))))
     (build-system ant-build-system)
     (arguments
      `(;; Tests require junit, which ultimately depends on this package.
@@ -2637,6 +2646,26 @@ documentation tools.")
        #:build-target "jar"
        #:phases
        (modify-phases %standard-phases
+         (add-before 'build 'do-not-use-bundled-asm
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "build.xml"
+               (("<path id=\"path.build\">")
+                (string-append "<path id=\"path.build\"><fileset dir=\""
+                               (assoc-ref inputs "java-asm-bootstrap")
+                               "/share/java\" includes=\"**/*.jar\"/>"))
+               (("<zipfileset src=\"lib/asm-4.0.jar\"/>") "")
+               (("lib/asm-commons-4.0.jar")
+                (string-append (assoc-ref inputs "java-asm-bootstrap")
+                               "/share/java/asm-6.0.jar"))
+               (("<include name=\"org/objectweb/asm/commons/Remap\\*\\.class\"/>")
+                (string-append "<include name=\"org/objectweb/asm/"
+                               "commons/Remap*.class\"/>"
+                               "<include name=\"org/objectweb/asm/*.class\"/>"
+                               "<include name=\"org/objectweb/asm/"
+                               "signature/*.class\"/>"
+                               "<include name=\"org/objectweb/asm/"
+                               "commons/SignatureRemapper.class\"/>")))
+             #t))
          (replace 'install
            (lambda* (#:key outputs #:allow-other-keys)
              (let ((target (string-append (assoc-ref outputs "out")
@@ -2644,6 +2673,8 @@ documentation tools.")
                (install-file (string-append "dist/jarjar-" ,version ".jar")
                              target))
              #t)))))
+    (inputs
+     `(("java-asm-bootstrap" ,java-asm-bootstrap)))
     (native-inputs
      `(("unzip" ,unzip)))
     (home-page "https://code.google.com/archive/p/jarjar/")
@@ -3262,6 +3293,39 @@ Compiler component.")))
 This component decrypts a string passed to it.")
     (license license:asl2.0)))
 
+(define-public java-plexus-cli
+  (package
+    (name "java-plexus-cli")
+    (version "1.7")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                     (url "https://github.com/sonatype/plexus-cli")
+                     (commit "a776afa6bca84e5107bedb69440329cdb24ed645")))
+              (file-name (string-append name "-" version))
+              (sha256
+               (base32
+                "0xjrlay605rypv3zd7y24vlwf0039bil3n2cqw54r1ddpysq46vx"))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:jar-name "plexus-cli.jar"
+       #:source-dir "src/main/java"
+       #:jdk ,icedtea-8
+       #:test-dir "src/test"))
+    (inputs
+     `(("java-commons-cli" ,java-commons-cli)
+       ("java-plexus-container-default" ,java-plexus-container-default)
+       ("java-plexus-classworlds" ,java-plexus-classworlds)))
+    (native-inputs
+     `(("java-plexus-utils" ,java-plexus-utils)
+       ("java-junit" ,java-junit)
+       ("java-guava" ,java-guava)))
+    (home-page "https://codehaus-plexus.github.io/plexus-cli")
+    (synopsis "CLI building library for plexus")
+    (description "This package is a library to help creating CLI around
+Plexus components.")
+    (license license:asl2.0)))
+
 (define-public java-sisu-build-api
   (package
     (name "java-sisu-build-api")
@@ -3550,7 +3614,7 @@ complex transformations and code analysis tools.")
      `(("java-aqute-bndlib" ,java-aqute-bndlib-bootstrap)
        ("java-aqute-libg" ,java-aqute-libg-bootstrap)
        ,@(delete `("java-aqute-bndlib" ,java-aqute-bndlib)
-                 (delete `("java-aqute-libg", java-aqute-libg)
+                 (delete `("java-aqute-libg" ,java-aqute-libg)
                          (package-inputs java-asm)))))))
 
 (define-public java-cglib
@@ -3999,7 +4063,9 @@ are many features, including:
                                   "commons-collections-" version "-src.tar.gz"))
               (sha256
                (base32
-                "055r51a5lfc3z7rkxnxmnn1npvkvda7636hjpm4qk7cnfzz98387"))))
+                "055r51a5lfc3z7rkxnxmnn1npvkvda7636hjpm4qk7cnfzz98387"))
+              (patches
+               (search-patches "java-commons-collections-fix-java8.patch"))))
     (arguments
       (substitute-keyword-arguments (package-arguments java-commons-collections4)
         ((#:phases phases)
@@ -6967,22 +7033,53 @@ it manages project dependencies, gives diffs jars, and much more.")
     (name "java-aqute-libg")
     (arguments
      `(#:jar-name "java-aqute-libg.jar"
-       #:source-dir "aQute.libg/src"
-       #:tests? #f)); FIXME: tests are in "aQute.libg/test", not in a java directory
+       ;; The build fails when source/target more recent than 1.7. This
+       ;; is a known issue. See: https://github.com/bndtools/bnd/issues/1327
+       ;;
+       ;; It is closed as won't fix. There is no way to change the source
+       ;; so that it works on 1.8, and still works on 1.6, the upstream
+       ;; target. It work fine on 1.7, so we use 1.7.
+       #:make-flags (list "-Dant.build.javac.source=1.7"
+                          "-Dant.build.javac.target=1.7")
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'chdir
+           ;; Change to aQute.libg directory, so that the relative
+           ;; paths in the tests aren't broken.
+           (lambda _
+             (chdir "aQute.libg")
+             #t))
+         (add-before 'check 'create-test-directory
+           ;; Copy the test directory to test/java, since that's where
+           ;; ant-build-system's default project in build.xml expects to find
+           ;; the test classes. Leave a copy in the original place to not
+           ;; break paths in tests.
+           (lambda _
+             (mkdir "src/test")
+             (copy-recursively "test" "src/test/java")
+             #t)))))
     (inputs
      `(("slf4j" ,java-slf4j-api)
        ("osgi-annot" ,java-osgi-annotation)
        ("java-osgi-cmpn" ,java-osgi-cmpn)
-       ("osgi" ,java-osgi-core)))))
+       ("osgi" ,java-osgi-core)))
+    (native-inputs
+     `(("hamcrest" ,java-hamcrest-core)
+       ("java-junit" ,java-junit)))))
 
 (define java-aqute-libg-bootstrap
   (package
     (inherit java-aqute-libg)
     (name "java-aqute-libg-bootstrap")
+    (arguments
+     ;; Disable tests, at this stage of bootstrap we have no test frameworks.
+     (substitute-keyword-arguments (package-arguments java-aqute-libg)
+       ((#:tests? _ #f) #f)))
     (inputs
      `(("slf4j-bootstrap" ,java-slf4j-api-bootstrap)
        ,@(delete `("slf4j" ,java-slf4j-api)
-                 (package-inputs java-aqute-libg))))))
+                 (package-inputs java-aqute-libg))))
+    (native-inputs '())))
 
 (define-public java-aqute-bndlib
   (package
@@ -10153,3 +10250,32 @@ This module can be assimilated to a significantly improved version of log4j.
 Moreover, @code{logback-classic} natively implements the slf4j API so that you
 can readily switch back and forth between logback and other logging frameworks
 such as log4j or @code{java.util.logging} (JUL).")))
+
+(define-public java-qdox
+  (package
+    (name "java-qdox")
+    ; Newer version exists, but this version is required by java-plexus-component-metadata
+    (version "2.0-M2")
+    (source (origin
+              (method url-fetch)
+              ;; 2.0-M4, -M5 at https://github.com/paul-hammant/qdox
+              ;; Older releases at https://github.com/codehaus/qdox/
+              ;; Note: The release at maven is pre-generated. The release at
+              ;; github requires jflex.
+              (uri (string-append "http://central.maven.org/maven2/"
+                                  "com/thoughtworks/qdox/qdox/" version
+                                  "/qdox-" version "-sources.jar"))
+              (sha256
+               (base32
+                "10xxrcaicq6axszcr2jpygisa4ch4sinyx5q7kqqxv4lknrmxp5x"))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:jar-name "qdox.jar"
+       #:tests? #f)); no tests
+    (home-page "http://qdox.codehaus.org/")
+    (synopsis "Parse definitions from Java source files")
+    (description "QDox is a high speed, small footprint parser for extracting
+class/interface/method definitions from source files complete with JavaDoc
+@code{@@tags}.  It is designed to be used by active code generators or
+documentation tools.")
+    (license license:asl2.0)))
diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
index 7b16da781e..cb14f765e2 100644
--- a/gnu/packages/kerberos.scm
+++ b/gnu/packages/kerberos.scm
@@ -7,6 +7,7 @@
 ;;; Copyright © 2012, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -136,29 +137,26 @@ secure manner through client-server mutual authentication via tickets.")
 (define-public heimdal
   (package
     (name "heimdal")
-    (version "1.5.3")
+    (version "7.5.0")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://www.h5l.org/dist/src/heimdal-"
-                                  version ".tar.gz"))
+              (uri (string-append
+                    "https://github.com/heimdal/heimdal/releases/download/"
+                    "heimdal-" version "/" "heimdal-" version ".tar.gz"))
               (sha256
                (base32
-                "19gypf9vzfrs2bw231qljfl4cqc1riyg0ai0xmm1nd1wngnpphma"))
-              (patches (search-patches "heimdal-CVE-2017-6594.patch"
-                                       "heimdal-CVE-2017-11103.patch"))
+                "1bdc682in55ygrxmhncs7cf4s239apcblci3z8i80wnc1w1s18n5"))
               (modules '((guix build utils)))
               (snippet
                '(begin
                   (substitute* "configure"
                     (("User=.*$") "User=Guix\n")
+                    (("Host=.*$") "Host=GNU")
                     (("Date=.*$") "Date=2017\n"))
                   #t))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags (list
-                          ;; Work around a linker error.
-                          "CFLAGS=-pthread"
-
                           ;; Avoid 7 MiB of .a files.
                           "--disable-static"
 
@@ -168,22 +166,40 @@ secure manner through client-server mutual authentication via tickets.")
                            (assoc-ref %build-inputs "readline") "/lib")
                           (string-append
                            "--with-readline-include="
-                           (assoc-ref %build-inputs "readline") "/include"))
+                           (assoc-ref %build-inputs "readline") "/include")
+
+                          ;; Do not build sqlite.
+                          (string-append
+                           "--with-sqlite3="
+                           (assoc-ref %build-inputs "sqlite")))
 
        #:phases (modify-phases %standard-phases
-                  (add-before 'check 'skip-tests
+                  (add-before 'configure 'pre-configure
                     (lambda _
-                      ;; The test simply runs 'ftp --version && ftp --help'
-                      ;; but that fails in the chroot because 'ftp' tries to
-                      ;; do a service lookup before printing the help/version.
-                      (substitute* "appl/ftp/ftp/Makefile.in"
-                        (("^CHECK_LOCAL =.*")
-                         "CHECK_LOCAL = no-check-local\n"))
-                      #t)))))
-    (native-inputs `(("e2fsprogs" ,e2fsprogs)))   ;for 'compile_et'
+                      (substitute* '("appl/afsutil/pagsh.c"
+                                     "tools/Makefile.in")
+                        (("/bin/sh") (which "sh")))
+                      #t))
+                  (add-before 'check 'pre-check
+                    (lambda _
+                      ;; For 'getxxyyy-test'.
+                      (setenv "USER" (passwd:name (getpwuid (getuid))))
+
+                      ;; Skip 'db' and 'kdc' tests for now.
+                      ;; FIXME: figure out why 'kdc' tests fail.
+                      (with-output-to-file "tests/db/have-db.in"
+                        (lambda ()
+                          (format #t "#!~a~%exit 1~%" (which "sh"))))
+                      #t)))
+       ;; Tests fail when run in parallel.
+       #:parallel-tests? #f))
+    (native-inputs `(("e2fsprogs" ,e2fsprogs)     ;for 'compile_et'
+                     ("texinfo" ,texinfo)
+                     ("unzip" ,unzip)))           ;for tests
     (inputs `(("readline" ,readline)
               ("bdb" ,bdb)
-              ("e2fsprogs" ,e2fsprogs)))          ;for libcom_err
+              ("e2fsprogs" ,e2fsprogs)            ;for libcom_err
+              ("sqlite" ,sqlite)))
     (home-page "http://www.h5l.org/")
     (synopsis "Kerberos 5 network authentication")
     (description
diff --git a/gnu/packages/libedit.scm b/gnu/packages/libedit.scm
index 9f6f1d05ce..095749e868 100644
--- a/gnu/packages/libedit.scm
+++ b/gnu/packages/libedit.scm
@@ -28,7 +28,7 @@
 (define-public libedit
   (package
     (name "libedit")
-    (version "20170329-3.1")
+    (version "20180525-3.1")
     (source
      (origin
       (method url-fetch)
@@ -36,7 +36,7 @@
                           "/" name "-" version ".tar.gz"))
       (sha256
        (base32
-        "1gnlgl0x8g9ky59s70nriy5gv47676d1s4ypvbv8y11apl7xkwli"))))
+        "05iicng4kag5hxdc7adbyj1gm3qbmvcc33m9cyx5gys0s67yl6y4"))))
     (build-system gnu-build-system)
     (inputs
      `(("ncurses" ,ncurses)))
diff --git a/gnu/packages/libreoffice.scm b/gnu/packages/libreoffice.scm
index 1faab302a0..33ecdc47f0 100644
--- a/gnu/packages/libreoffice.scm
+++ b/gnu/packages/libreoffice.scm
@@ -9,6 +9,7 @@
 ;;; Copyright © 2017, 2018 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
+;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -78,20 +79,21 @@
 (define-public ixion
   (package
     (name "ixion")
-    (version "0.12.2")
+    (version "0.13.0")
     (source
      (origin
-      (method url-fetch)
-      (uri (string-append "http://kohei.us/files/ixion/src/libixion-"
-                          version ".tar.xz"))
-      (sha256 (base32
-               "1bnsqbxpbijwbg42rrqq6mz06wvcxjpl0gjdzwyilkmv6s400i4b"))))
+       (method url-fetch)
+       (uri (string-append "http://kohei.us/files/ixion/src/libixion-"
+                           version ".tar.xz"))
+       (sha256
+        (base32
+         "1rf76drzg593jzswwnh8kr2jangp8ylizqjspx57rld25g2n1qss"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
-     (inputs
-      `(("mdds" ,mdds)
-        ("python" ,python)))
+    (inputs
+     `(("mdds" ,mdds)
+       ("python" ,python)))
     (home-page "https://gitlab.com/ixion/ixion")
     (synopsis "General purpose formula parser and interpreter")
     (description "Ixion is a library for calculating the results of formula
@@ -103,22 +105,23 @@ their dependencies automatically upon calculation.")
 (define-public orcus
   (package
     (name "orcus")
-    (version "0.12.1")
+    (version "0.13.4")
     (source
      (origin
-      (method url-fetch)
-      (uri (string-append "http://kohei.us/files/" name "/src/lib"
-                          name "-" version ".tar.xz"))
-      (sha256 (base32
-               "171bmqa9hkk4xygz20qda5900rs4kq9fgl424ldkxlj4d733dffi"))))
+       (method url-fetch)
+       (uri (string-append "http://kohei.us/files/" name "/src/lib"
+                           name "-" version ".tar.xz"))
+       (sha256
+        (base32
+         "1r42waglxwmvvwl20fy49vzgfp1sis4j703f81iswzdyzqalq75p"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
-     (inputs
-      `(("ixion" ,ixion)
-        ("mdds" ,mdds)
-        ("python" ,python)
-        ("zlib" ,zlib)))
+    (inputs
+     `(("ixion" ,ixion)
+       ("mdds" ,mdds)
+       ("python" ,python)
+       ("zlib" ,zlib)))
     (home-page "https://gitlab.com/orcus/orcus")
     (synopsis "File import filter library for spreadsheet documents")
     (description "Orcus is a library that provides a collection of standalone
@@ -224,6 +227,34 @@ cellphones), TCR (simple compressed text format), TealDoc, zTXT,
 ZVR (simple compressed text format).")
     (license mpl2.0)))
 
+(define-public libepubgen
+  (package
+    (name "libepubgen")
+    (version "0.1.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://sourceforge/libepubgen/libepubgen-"
+                           version "/libepubgen-" version ".tar.xz"))
+       (sha256
+        (base32
+         "1b8mc9zzrqypj1v9zdy3ybc48pw0rfr06cyi7n6grvybjjwq9q03"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("cppunit" ,cppunit)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("libxml2" ,libxml2)
+       ("boost" ,boost)))
+    (propagated-inputs         ; in Requires field of .pkg
+     `(("librevenge" ,librevenge)))
+    (home-page "https://sourceforge.net/projects/libepubgen/")
+    (synopsis "EPUB generator library for librevenge")
+    (description "libepubgen is an EPUB generator for librevenge.  It supports
+librevenge's text document interface and--currently in a very limited
+way--presentation and vector drawing interfaces.")
+    (license mpl2.0)))
+
 (define-public libwpg
   (package
     (name "libwpg")
@@ -835,10 +866,37 @@ and to return information on pronunciations, meanings and synonyms.")
     (license (non-copyleft "file://COPYING"
                            "See COPYING in the distribution."))))
 
+(define-public libqxp
+  (package
+    (name "libqxp")
+    (version "0.0.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://dev-www.libreoffice.org/src/libqxp/"
+                                  "libqxp-" version ".tar.xz"))
+              (sha256
+               (base32
+                "0wswz49y0lqwqw2nj9j7jaj5ag88hapcz8czgkxax57zhihpy9cc"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("boost" ,boost)
+       ("icu4c" ,icu4c)
+       ("zlib" ,zlib)))
+    (native-inputs
+     `(("cppunit" ,cppunit)
+       ("pkg-config" ,pkg-config)))
+    (propagated-inputs
+     `(("librevenge" ,librevenge))) ; mentioned in Requires field
+    (home-page "https://www.libreoffice.org")
+    (synopsis "Library and tools for the QuarkXPress file format")
+    (description "libqxp is a library and a set of tools for reading and
+converting QuarkXPress file format.  It supports versions 3.1 to 4.1.")
+    (license mpl2.0)))
+
 (define-public libreoffice
   (package
     (name "libreoffice")
-    (version "5.4.7.2")
+    (version "6.0.5.1")
     (source
      (origin
       (method url-fetch)
@@ -848,7 +906,8 @@ and to return information on pronunciations, meanings and synonyms.")
           (version-prefix version 3) "/libreoffice-" version ".tar.xz"))
       (sha256
        (base32
-        "0s9s4nhp2whwxis54jbxrf1dwpnpl95b9781d1pdj4xk5z9v90fv"))))
+        "0vnmb231hyhxm7klaqd8vp3rmvix145bq8iqzv19jgl1yaqkxl21"))
+      (patches (search-patches "libreoffice-icu.patch"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("bison" ,bison)
@@ -880,6 +939,7 @@ and to return information on pronunciations, meanings and synonyms.")
        ("libcmis" ,libcmis)
        ("libjpeg-turbo" ,libjpeg-turbo)
        ("libe-book" ,libe-book)
+       ("libepubgen" ,libepubgen)
        ("libetonyek" ,libetonyek)
        ("libexttextcat" ,libexttextcat)
        ("libfreehand" ,libfreehand)
@@ -890,6 +950,7 @@ and to return information on pronunciations, meanings and synonyms.")
        ("libmwaw" ,libmwaw)
        ("libodfgen" ,libodfgen)
        ("libpagemaker" ,libpagemaker)
+       ("libqxp" ,libqxp)
        ("libstaroffice" ,libstaroffice)
        ("libvisio" ,libvisio)
        ("libwpg" ,libwpg)
@@ -927,34 +988,23 @@ and to return information on pronunciations, meanings and synonyms.")
          (modify-phases %standard-phases
            (add-before 'configure 'prepare-src
              (lambda* (#:key inputs #:allow-other-keys)
-               (let ((gpgme (assoc-ref inputs "gpgme")))
-                 (substitute*
-                   "sdext/source/pdfimport/xpdfwrapper/pdfioutdev_gpl.cxx"
-                   ;; This header was renamed in Poppler 0.62.0.
-                   (("UTF8.h") "UnicodeMapFuncs.h")
-                   ;; And mapUCS2() was renamed to mapUTF16().
-                   (("UCS2") "UTF16"))
-                 (substitute*
+               (substitute*
                    (list "sysui/CustomTarget_share.mk"
                          "solenv/gbuild/gbuild.mk"
                          "solenv/gbuild/platform/unxgcc.mk")
-                   (("/bin/sh") (which "sh")))
-
-                 ;; GPGME++ headers are installed in a gpgme++ subdirectory,
-                 ;; but files in "xmlsecurity/source/gpg/" expect to find them
-                 ;; on the include path without a prefix.
-                 (substitute* "xmlsecurity/Library_xsec_xmlsec.mk"
-                   (("\\$\\$\\(INCLUDE\\)")
-                    (string-append "$$(INCLUDE) -I" gpgme "/include/gpgme++")))
+                 (("/bin/sh") (which "sh")))
 
-                 ;; XXX: When GTK2 is disabled, one header file is not included.
-                 ;; This is likely fixed in later versions.  See also
-                 ;; <https://bugs.gentoo.org/641812>.
-                 (substitute* "vcl/unx/gtk3/gtk3gtkframe.cxx"
-                   (("#include <unx/gtk/gtkgdi.hxx>")
-                    "#include <unx/gtk/gtkgdi.hxx>\n#include <unx/gtk/gtksalmenu.hxx>"))
+               ;; GPGME++ headers are installed in a gpgme++ subdirectory, but
+               ;; files in "xmlsecurity/source/gpg/" and elsewhere expect to
+               ;; find them on the include path without a prefix.
+               (substitute* '("xmlsecurity/Library_xsec_xmlsec.mk"
+                              "comphelper/Library_comphelper.mk")
+                 (("\\$\\$\\(INCLUDE\\)")
+                  (string-append "$$(INCLUDE) -I"
+                                 (assoc-ref inputs "gpgme")
+                                 "/include/gpgme++")))
 
-                 #t)))
+               #t))
            (add-after 'install 'bin-and-desktop-install
              ;; Create 'soffice' and 'libreoffice' symlinks to the executable
              ;; script.
diff --git a/gnu/packages/libusb.scm b/gnu/packages/libusb.scm
index 62c936c191..e4b8bbbbed 100644
--- a/gnu/packages/libusb.scm
+++ b/gnu/packages/libusb.scm
@@ -7,6 +7,7 @@
 ;;; Copyright © 2016 Theodoros Foradis <theodoros@foradis.org>
 ;;; Copyright © 2017 Jonathan Brielmaier <jonathan.brielmaier@web.de>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018 Vagrant Cascadian <vagrant@debian.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -214,6 +215,49 @@ with usb4java.")
 implementing @code{javax.usb} (JSR-80).")
     (license expat)))
 
+(define-public python-libusb1
+  (package
+    (name "python-libusb1")
+    (version "1.6.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "libusb1" version))
+       (sha256
+        (base32
+         "03b7xrz8vqg8w0za5r503jhcmbd1ls5610jcja1rqz833nf0v4wc"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:modules ((srfi srfi-1)
+                  (guix build utils)
+                  (guix build python-build-system))
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'install-license-files 'remove-incorrect-license
+           (lambda* (#:key out #:allow-other-keys)
+             ;; Was relicensed to LGPL 2.1+, but old COPYING file still left
+             ;; in source. Remove it so it does not get installed.
+             (delete-file "COPYING")
+             #t))
+         (add-after 'unpack 'fix-libusb-reference
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "usb1/libusb1.py"
+               (("libusb_path = ctypes.util.find_library\\(base_name\\)")
+                (string-append
+                 "libusb_path = \""
+                 (find (negate symbolic-link?)
+                       (find-files (assoc-ref inputs "libusb")
+                                   "^libusb.*\\.so\\..*"))
+                 "\"")))
+             #t)))))
+    (inputs `(("libusb" ,libusb)))
+    (home-page "https://github.com/vpelletier/python-libusb1")
+    (synopsis "Pure-python wrapper for libusb-1.0")
+    (description "Libusb is a library that gives applications easy access to
+USB devices on various operating systems.  This package provides a Python
+wrapper for accessing libusb-1.0.")
+    (license lgpl2.1+)))
+
 (define-public python-pyusb
   (package
     (name "python-pyusb")
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index cc1ee48792..ff3024d574 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -50,6 +50,7 @@
   #:use-module (gnu packages admin)
   #:use-module (gnu packages algebra)
   #:use-module (gnu packages attr)
+  #:use-module (gnu packages audio)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages backup)
   #:use-module (gnu packages base)
@@ -295,6 +296,12 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration."
                  (or (%current-target-system) (%current-system)))
            ((or "x86_64" "i386")
             `(("gcc" ,gcc-7)))
+           ("arm64"
+            ;; Work around a binutils 2.30 bug where some kernel symbols would
+            ;; be incorrectly marked as relocatable:
+            ;; <https://sourceware.org/bugzilla/show_bug.cgi?id=22764>.
+            `(("ld-wrapper" ,(make-ld-wrapper "ld-wrapper"
+                                              #:binutils binutils/fixed))))
            (_
             '()))
        ,@(match (and configuration-file
@@ -395,8 +402,8 @@ It has been modified to remove all non-free binary blobs.")
 ;; supports qemu "virt" machine and possibly a large number of ARM boards.
 ;; See : https://wiki.debian.org/DebianKernel/ARMMP.
 
-(define %linux-libre-version "4.17")
-(define %linux-libre-hash "0abbqrq96kn97jr02mf4ahqg7hl9vhq95c1l2z0s7jqrmhv1n8pb")
+(define %linux-libre-version "4.17.3")
+(define %linux-libre-hash "06mjbs3i0xq1h1cgr6xldr6a8rxsy30mf86wp3n2ff6l5v78iw2q")
 
 (define-public linux-libre
   (make-linux-libre %linux-libre-version
@@ -404,8 +411,8 @@ It has been modified to remove all non-free binary blobs.")
                     %linux-compatible-systems
                     #:configuration-file kernel-config))
 
-(define %linux-libre-4.14-version "4.14.48")
-(define %linux-libre-4.14-hash "011lkq30gpvbgvg2p1nw2kqkig9a3qridy678rkx3fpah0ya4rhd")
+(define %linux-libre-4.14-version "4.14.52")
+(define %linux-libre-4.14-hash "0lx916iw33n32h1fca59r7mh6l2smyml6igvzhimcah62hqx4rk8")
 
 (define-public linux-libre-4.14
   (make-linux-libre %linux-libre-4.14-version
@@ -414,14 +421,14 @@ It has been modified to remove all non-free binary blobs.")
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.9
-  (make-linux-libre "4.9.106"
-                    "0wgyv15x2czd4nyw4smzp9923cl1ix7pjcry4zn3y61ivqxbqini"
+  (make-linux-libre "4.9.110"
+                    "0nzfna9w9a45y521d3dcxkdv66gn38n4pq814rdqazk74qb5macn"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.4
-  (make-linux-libre "4.4.135"
-                    "0jdf5yx8b6q4zw7q9k8vv0ky8wlvclr9qz70wgrrvmm5dh1662j9"
+  (make-linux-libre "4.4.138"
+                    "1030ra5gn24qmx8lsnhr6kfnfm60avzs23r81dl7mvzr5dci8vsl"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
@@ -914,16 +921,15 @@ Zerofree requires the file system to be unmounted or mounted read-only.")
 (define-public strace
   (package
     (name "strace")
-    (version "4.22")
+    (version "4.23")
     (home-page "https://strace.io")
     (source (origin
              (method url-fetch)
              (uri (string-append home-page "/files/" version
                                  "/strace-" version ".tar.xz"))
-             (patches (search-patches "strace-kernel-4.16.patch"))
              (sha256
               (base32
-               "17dkpnsjxmys1ydidm9wcvc3wscsz44fmlxw3dclspn9cj9d1306"))))
+               "1bcsq2gbpcb81ayryvn56a6kjx42fc21la6qgds35n0xbybacq3q"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -1055,7 +1061,7 @@ MIDI functionality to the Linux-based operating system.")
     ;; TODO: Remove OSS related plugins, they add support to run native
     ;; ALSA applications on OSS however we do not offer OSS and OSS is
     ;; obsolete.
-    (outputs '("out" "pulseaudio"))
+    (outputs '("out" "pulseaudio" "jack"))
     (arguments
      `(#:phases
        (modify-phases %standard-phases
@@ -1063,9 +1069,17 @@ MIDI functionality to the Linux-based operating system.")
            (lambda* (#:key inputs outputs #:allow-other-keys)
              ;; Distribute the binaries to the various outputs.
              (let* ((out (assoc-ref outputs "out"))
+                    (jack (assoc-ref outputs "jack"))
+                    (jacklib (string-append jack "/lib/alsa-lib"))
                     (pua (assoc-ref outputs "pulseaudio"))
                     (pualib (string-append pua "/lib/alsa-lib"))
                     (puaconf (string-append pua "/share/alsa/alsa.conf.d")))
+               ;; For jack.
+               (mkdir-p jacklib)
+               (for-each (lambda (file)
+                           (rename-file file (string-append jacklib "/" (basename file))))
+                         (find-files out ".*jack\\.(la|so)"))
+               ;; For pluseaudio.
                (mkdir-p puaconf)
                (mkdir-p pualib)
                (chdir (string-append out "/share"))
@@ -1082,6 +1096,7 @@ MIDI functionality to the Linux-based operating system.")
                #t))))))
     (inputs
      `(("alsa-lib" ,alsa-lib)
+       ("jack" ,jack-1)
        ("speex" ,speex) ; libspeexdsp resampling plugin
        ("libsamplerate" ,libsamplerate) ; libsamplerate resampling plugin
        ("ffmpeg" ,ffmpeg) ; libavcodec resampling plugin, a52 plugin
@@ -1195,7 +1210,7 @@ that the Ethernet protocol is much simpler than the IP protocol.")
 (define-public iproute
   (package
     (name "iproute2")
-    (version "4.16.0")
+    (version "4.17.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1203,7 +1218,7 @@ that the Ethernet protocol is much simpler than the IP protocol.")
                     version ".tar.xz"))
               (sha256
                (base32
-                "02pfalg319jpbjz273ph725br8dnkzpfvi98azi9yd6p1w128p0c"))))
+                "0vmynikcamfhakvwyk5dsffy0ymgi5mdqiwybdvqfn1ijaq93abg"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f                                ; no test suite
@@ -2995,7 +3010,10 @@ arrays when needed.")
              (let ((lvm2 (assoc-ref inputs "lvm2"))
                    (udev (assoc-ref inputs "udev")))
                (substitute* "Makefile.inc"
-                 (("\\$\\(prefix\\)/usr") "$(prefix)"))
+                 (("\\$\\(prefix\\)/usr") "$(prefix)")
+                 ;; Do not save timestamp to avoid gzip "timestamp
+                 ;; out-of-range" warnings.
+                 (("gzip -9") "gzip -9n"))
                (substitute* '("kpartx/Makefile" "libmultipath/Makefile")
                  (("/usr/include/libdevmapper.h")
                   (string-append lvm2 "/include/libdevmapper.h"))
@@ -3256,6 +3274,7 @@ and copy/paste text in the console and in xterm.")
                        (invoke "make"
                                (string-append "bindir=" staticbin)
                                "install-static")))))
+       #:tests? #f            ; XXX: require the 'btrfs' kernel module.
        #:test-target "test"
        #:parallel-tests? #f)) ; tests fail when run in parallel
     (inputs `(("e2fsprogs" ,e2fsprogs)
@@ -3363,7 +3382,7 @@ disks and SD cards.  This package provides the userland utilities.")
   (package
     (inherit f2fs-tools-1.7)
     (name "f2fs-tools")
-    (version "1.8.0")
+    (version "1.10.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -3371,7 +3390,7 @@ disks and SD cards.  This package provides the userland utilities.")
                     "/f2fs-tools.git/snapshot/" name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1bir9ladb58ijlcvrjrq1fb1xv5ys50zdjaq0yzliib0apsyrnyl"))))
+                "05ikaim0qq3dx9x3sp43ralwz43r3b0viv62n99kabp0vf3b0hg8"))))
     (inputs
      `(("libuuid" ,util-linux)))))
 
@@ -4032,26 +4051,27 @@ monitoring tools for Linux.  These include @code{mpstat}, @code{iostat},
 (define-public light
   (package
     (name "light")
-    (version "1.0")
+    (version "1.1")
     (source (origin
-              (method url-fetch)
-              (uri (string-append "https://github.com/haikarainen/" name
-                                  "/archive/v" version ".tar.gz"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/haikarainen/light")
+                    (commit version)))
               (sha256
                (base32
-                "0r5gn6c0jcxknzybl6059dplxv46dpahchqq4gymrs7z8bp0hilp"))
-              (file-name (string-append name "-" version ".tar.gz"))))
+                "1qra8yzsga29bxlvq63v1db071a1xdji7i60p4kzrciidm1206js"))))
     (build-system gnu-build-system)
     (arguments
-     '(#:tests? #f ; no tests
+     '(#:tests? #f                      ; no tests
        #:make-flags (list "CC=gcc"
                           (string-append "PREFIX=" %output))
        #:phases
        (modify-phases %standard-phases
-         (delete 'configure)
+         (delete 'configure)            ; no configure script
          (add-after 'unpack 'patch-makefile
            (lambda _
-             (substitute* "Makefile" (("chown") "#")))))))
+             (substitute* "Makefile" (("chown") "#"))
+             #t)))))
     (native-inputs
      `(("help2man" ,help2man)))
     (home-page "https://haikarainen.github.io/light")
@@ -4404,14 +4424,14 @@ available in the kernel Linux.")
 (define-public cpuid
   (package
     (name "cpuid")
-    (version "20180419")
+    (version "20180519")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://www.etallen.com/cpuid/cpuid-"
                                   version ".src.tar.gz"))
               (sha256
                (base32
-                "0cnxj72pjalsszhn862r6shw64zbrkw0k3mm36fn93bivswjnj12"))))
+                "16pzwyifc9glpk1hm6bqb5d1a7cw0qnqiamh5sbvqg7j6sz26y4n"))))
     (build-system gnu-build-system)
     (arguments
      '(#:make-flags '("CC=gcc")
@@ -4826,3 +4846,26 @@ libpfm4 provides support for the @code{perf_events} interface, which was
 introduced in Linux 2.6.31.")
     (home-page "http://perfmon2.sourceforge.net/")
     (license license:expat)))
+
+(define-public libnfnetlink
+  (package
+    (name "libnfnetlink")
+    (version "1.0.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://www.netfilter.org/projects/libnfnetlink/files/"
+                    "libnfnetlink-" version ".tar.bz2"))
+              (sha256
+               (base32
+                "06mm2x4b01k3m7wnrxblk9j0mybyr4pfz28ml7944xhjx6fy2w7j"))))
+    (build-system gnu-build-system)
+    (home-page "https://www.netfilter.org/projects/libnfnetlink/")
+    (synopsis "Low-level netfilter netlink communication library")
+    (description
+     "@code{libnfnetlink} is the low-level library for netfilter related
+kernel/userspace communication.  It provides a generic messaging
+infrastructure for in-kernel netfilter subsystems (such as nfnetlink_log,
+nfnetlink_queue, nfnetlink_conntrack) and their respective users and/or
+management tools in userspace.")
+    (license license:gpl2)))
diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm
index 258e9827a5..720ac070cc 100644
--- a/gnu/packages/lisp.scm
+++ b/gnu/packages/lisp.scm
@@ -944,18 +944,19 @@ from other CLXes around the net.")
 (define-public sbcl-stumpwm
   (package
     (name "sbcl-stumpwm")
-    (version "1.0.0")
+    (version "18.05")
     (source (origin
               (method url-fetch)
               (uri (string-append
                     "https://github.com/stumpwm/stumpwm/archive/"
                     version ".tar.gz"))
               (sha256
-               (base32 "1maxp98gh64az3d9vz9br6zdd6rc9fmj2imvax4by85g6kxvdz1i"))
+               (base32 "1n2gaab3lwgf5r1hmwdcw13dkv9xdd7drn2shx28kfxvhdc9kbb9"))
               (file-name (string-append "stumpwm-" version ".tar.gz"))))
     (build-system asdf-build-system/sbcl)
     (inputs `(("cl-ppcre" ,sbcl-cl-ppcre)
-              ("clx" ,sbcl-clx)))
+              ("clx" ,sbcl-clx)
+              ("alexandria" ,sbcl-alexandria)))
     (outputs '("out" "lib"))
     (arguments
      '(#:phases
diff --git a/gnu/packages/logging.scm b/gnu/packages/logging.scm
index f50a2f1cbb..665b384b95 100644
--- a/gnu/packages/logging.scm
+++ b/gnu/packages/logging.scm
@@ -86,7 +86,7 @@ staying as close to their API as is reasonable.")
                       ;; mismatch, so run the whole thing.
                       (delete-file "test-driver")
                       (delete-file "configure")   ;it's read-only
-                      (zero? (system* "autoreconf" "-vfi"))))
+                      (invoke "autoreconf" "-vfi")))
                   (add-before 'check 'disable-signal-tests
                     (lambda _
                       ;; See e.g. https://github.com/google/glog/issues/219
diff --git a/gnu/packages/machine-learning.scm b/gnu/packages/machine-learning.scm
index 15e4d45749..a86bdcb5ed 100644
--- a/gnu/packages/machine-learning.scm
+++ b/gnu/packages/machine-learning.scm
@@ -47,7 +47,9 @@
   #:use-module (gnu packages gcc)
   #:use-module (gnu packages image)
   #:use-module (gnu packages maths)
+  #:use-module (gnu packages mpi)
   #:use-module (gnu packages ocaml)
+  #:use-module (gnu packages onc-rpc)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
@@ -232,7 +234,7 @@ classification.")
                #t))
            (add-after 'disable-broken-tests 'autogen
              (lambda _
-               (zero? (system* "bash" "autogen.sh")))))))
+               (invoke "bash" "autogen.sh"))))))
       (inputs
        `(("python" ,python-2) ; only Python 2 is supported
          ("libxml2" ,libxml2)))
@@ -666,15 +668,18 @@ and a QP solver.")
              ;; No test target, so we build and run the unit tests here.
              (let ((test-dir (string-append "../dlib-" ,version "/dlib/test")))
                (with-directory-excursion test-dir
-                 (and (zero? (system* "make" "-j" (number->string (parallel-job-count))))
-                      (zero? (system* "./dtest" "--runall")))))))
+                 (invoke "make" "-j" (number->string (parallel-job-count)))
+                 (invoke "./dtest" "--runall"))
+               #t)))
          (add-after 'install 'delete-static-library
            (lambda* (#:key outputs #:allow-other-keys)
              (delete-file (string-append (assoc-ref outputs "out")
                                          "/lib/libdlib.a"))
              #t)))))
     (native-inputs
-     `(("pkg-config" ,pkg-config)))
+     `(("pkg-config" ,pkg-config)
+       ;; For tests.
+       ("libnsl" ,libnsl)))
     (inputs
      `(("giflib" ,giflib)
        ("lapack" ,lapack)
@@ -725,7 +730,7 @@ computing environments.")
              (setenv "HOME" "/tmp")
              ;; Step out of the source directory just to be sure.
              (chdir "..")
-             (zero? (system* "nosetests" "-v" "sklearn")))))))
+             (invoke "nosetests" "-v" "sklearn"))))))
     (inputs
      `(("openblas" ,openblas)))
     (native-inputs
@@ -786,3 +791,78 @@ main intended application of Autograd is gradient-based optimization.")
 
 (define-public python2-autograd
   (package-with-python2 python-autograd))
+
+(define-public lightgbm
+  (package
+    (name "lightgbm")
+    (version "2.0.12")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/Microsoft/LightGBM/archive/v"
+                    version ".tar.gz"))
+              (sha256
+               (base32
+                "132zf0yk0545mg72hyzxm102g3hpb6ixx9hnf8zd2k55gas6cjj1"))
+              (file-name (string-append name "-" version ".tar.gz"))))
+    (native-inputs
+     `(("python-pytest" ,python-pytest)
+       ("python-nose" ,python-nose)))
+    (inputs
+     `(("openmpi" ,openmpi)))
+    (propagated-inputs
+     `(("python-numpy" ,python-numpy)
+       ("python-scipy" ,python-scipy)))
+    (arguments
+     `(#:configure-flags
+       '("-DUSE_MPI=ON")
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'check
+           (lambda* (#:key outputs #:allow-other-keys)
+             (with-directory-excursion ,(string-append "../LightGBM-" version)
+               (invoke "pytest" "tests/c_api_test/test_.py")))))))
+    (build-system cmake-build-system)
+    (home-page "https://github.com/Microsoft/LightGBM")
+    (synopsis "Gradient boosting framework based on decision tree algorithms")
+    (description "LightGBM is a gradient boosting framework that uses tree
+based learning algorithms.  It is designed to be distributed and efficient with
+the following advantages:
+
+@itemize
+@item Faster training speed and higher efficiency
+@item Lower memory usage
+@item Better accuracy
+@item Parallel and GPU learning supported (not enabled in this package)
+@item Capable of handling large-scale data
+@end itemize\n")
+    (license license:expat)))
+
+(define-public vowpal-wabbit
+  ;; Language bindings not included.
+  (package
+    (name "vowpal-wabbit")
+    (version "8.5.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/JohnLangford/vowpal_wabbit/archive/"
+                    version ".tar.gz"))
+              (sha256
+               (base32
+                "0clp2kb7rk5sckhllxjr5a651awf4s8dgzg4659yh4hf5cqnf0gr"))
+              (file-name (string-append name "-" version ".tar.gz"))))
+    (inputs
+     `(("boost" ,boost)
+       ("zlib" ,zlib)))
+    (arguments
+     `(#:configure-flags
+       (list (string-append "--with-boost="
+                            (assoc-ref %build-inputs "boost")))))
+    (build-system gnu-build-system)
+    (home-page "https://github.com/JohnLangford/vowpal_wabbit")
+    (synopsis "Fast machine learning library for online learning")
+    (description "Vowpal Wabbit is a machine learning system with techniques
+such as online, hashing, allreduce, reductions, learning2search, active, and
+interactive learning.")
+    (license license:bsd-3)))
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index f6dfb33970..bf77b0a7fe 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -26,6 +26,7 @@
 ;;; Copyright © 2017 Rene Saavedra <rennes@openmailbox.org>
 ;;; Copyright © 2018 Pierre Langlois <pierre.langlois@gmx.com>
 ;;; Copyright © 2018 Alex Vong <alexvong1995@gmail.com>
+;;; Copyright © 2018 Gábor Boskovits <boskovits@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -81,6 +82,7 @@
   #:use-module (gnu packages m4)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages openldap)
+  #:use-module (gnu packages onc-rpc)
   #:use-module (gnu packages pcre)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages python)
@@ -489,7 +491,7 @@ and corrections.  It is based on a Bayesian filter.")
 (define-public offlineimap
   (package
     (name "offlineimap")
-    (version "7.2.0")
+    (version "7.2.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/OfflineIMAP/offlineimap/"
@@ -497,7 +499,7 @@ and corrections.  It is based on a Bayesian filter.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1i7pzm1vrj98jcyn1ygsg1yp0gqlsssnc25451icvivysvdwdj5n"))))
+                "1022xf2w1xax4vx4kzhlfbhaf0b72wkpvrcscvs4q8qk2ja68h8x"))))
     (build-system python-build-system)
     (native-inputs
      `(("asciidoc" ,asciidoc)))
@@ -515,7 +517,7 @@ and corrections.  It is based on a Bayesian filter.")
              (substitute* "docs/Makefile"
                ;; Prevent xmllint and xsltproc from downloading a DTD file.
                (("a2x -v") "a2x --no-xmllint --xsltproc-opts=--nonet -v"))
-             (zero? (system* "make" "-C" "docs" "man"))))
+             (invoke "make" "-C" "docs" "man")))
          (add-after 'install 'install-documentation
            (lambda* (#:key outputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out"))
@@ -761,14 +763,14 @@ invoking @command{notifymuch} from the post-new hook.")
 (define-public notmuch
   (package
     (name "notmuch")
-    (version "0.26.2")
+    (version "0.27")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://notmuchmail.org/releases/notmuch-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0fqf6wwvqlccq9qdnd0mky7fx0kbkczd28blf045s0vsvdjii70h"))))
+                "0xh8vq2sa7r07xb3n13drc6gdiqhcgl0pj0za5xj43qkiwpikls0"))))
     (build-system gnu-build-system)
     (arguments
      `(#:modules ((guix build gnu-build-system)
@@ -793,12 +795,10 @@ invoking @command{notifymuch} from the post-new hook.")
                              (elisp
                               (string-append out "/share/emacs/site-lisp/guix.d/"
                                              ,name "-" ,version)))
-                        (zero?
-                         (system*
-                          "./configure"
-                          (string-append "--prefix=" out)
-                          (string-append "--emacslispdir=" elisp)
-                          (string-append "--emacsetcdir=" elisp))))))
+                        (invoke "./configure"
+                                (string-append "--prefix=" out)
+                                (string-append "--emacslispdir=" elisp)
+                                (string-append "--emacsetcdir=" elisp)))))
                   (add-before 'check 'prepare-test-environment
                     (lambda _
                       (setenv "TEST_CC" "gcc")
@@ -975,7 +975,7 @@ useful features.")
           (add-after 'unpack 'autogen
             (lambda _
               (setenv "NOCONFIGURE" "true")
-              (zero? (system* "sh" "autogen.sh")))))
+              (invoke "sh" "autogen.sh"))))
         #:configure-flags
         '("--disable-static" "--disable-db")))
     (home-page "http://www.etpan.org/libetpan.html")
@@ -1136,6 +1136,7 @@ delivery.")
        ("bzip2" ,bzip2)
        ("xz" ,xz)
        ("perl" ,perl)
+       ("libnsl" ,libnsl)
        ("libxt" ,libxt)
        ("libxaw" ,libxaw)))
     (native-inputs
@@ -1270,7 +1271,9 @@ It supports mbox/Maildir and its own dbox/mdbox formats.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "0rkk10b1bsjz979sc864vpgcdchy7yxwmyv4ik50lar1h6awdnrf"))))
+         "0rkk10b1bsjz979sc864vpgcdchy7yxwmyv4ik50lar1h6awdnrf"))
+       (patches
+        (search-patches "dovecot-trees-support-dovecot-2.3.patch"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("automake" ,automake)
@@ -1289,7 +1292,7 @@ It supports mbox/Maildir and its own dbox/mdbox formats.")
        (modify-phases %standard-phases
          (add-after 'unpack 'autogen
            (lambda _
-             (zero? (system* "sh" "autogen.sh")))))))
+             (invoke "sh" "autogen.sh"))))))
     (home-page "https://0xacab.org/riseuplabs/trees")
     (synopsis "NaCL-based Dovecot email storage encryption plugin")
     (description
@@ -1345,7 +1348,7 @@ using lidsodium sealed boxes.
          (modify-phases %standard-phases
            (add-after 'unpack 'autogen
              (lambda _
-               (zero? (system* "sh" "autogen.sh")))))))
+               (invoke "sh" "autogen.sh"))))))
       (home-page "https://github.com/LuckyFellow/dovecot-libsodium-plugin")
       (synopsis "Libsodium password hashing schemes plugin for Dovecot")
       (description
@@ -1952,14 +1955,15 @@ define(`confLIBS', `-lresolv')
 define(`confINSTALL', `~a/devtools/bin/install.sh')
 define(`confDEPEND_TYPE', `CC-M')
 define(`confINST_DEP', `')
-" (getcwd))))))
+" (getcwd))))
+             #t))
          (replace 'build
            (lambda _
-             (and (zero? (system* "sh" "Build"))
-                  (with-directory-excursion "cf/cf"
-                    (begin
-                      (copy-file "generic-linux.mc" "sendmail.mc")
-                      (zero? (system* "sh" "Build" "sendmail.cf")))))))
+             (invoke "sh" "Build")
+             (with-directory-excursion "cf/cf"
+               (copy-file "generic-linux.mc" "sendmail.mc")
+               (invoke "sh" "Build" "sendmail.cf"))
+             #t))
          (add-before 'install 'pre-install
            (lambda _
              (let ((out (assoc-ref %outputs "out")))
@@ -1968,7 +1972,8 @@ define(`confINST_DEP', `')
                (mkdir-p (string-append out "/etc/mail"))
                (setenv "DESTDIR" out)
                (with-directory-excursion "cf/cf"
-                 (zero? (system* "sh" "Build" "install-cf")))))))
+                 (invoke "sh" "Build" "install-cf"))
+               #t))))
        ;; There is no make check.  There are some post installation tests, but those
        ;; require root privileges
        #:tests? #f))
@@ -1995,7 +2000,9 @@ transfer protocols.")
                                   name "-" version ".tar.gz"))
               (sha256
                (base32
-                "10bsfsnlg9d9i6l2izdnxp05s3ri8fvwzqxvx1jmarc852382619"))))
+                "10bsfsnlg9d9i6l2izdnxp05s3ri8fvwzqxvx1jmarc852382619"))
+              ;; Fixed upstream: <github.com/OpenSMTPD/OpenSMTPD/pull/835>.
+              (patches (search-patches "opensmtpd-fix-crash.patch"))))
     (build-system gnu-build-system)
     (inputs
      `(("bdb" ,bdb)
@@ -2016,17 +2023,24 @@ transfer protocols.")
              "--with-path-CAfile=/etc/ssl/certs/ca-certificates.crt")
        #:phases
        (modify-phases %standard-phases
+         ;; Fix some incorrectly hard-coded external tool file names.
+         (add-after 'unpack 'patch-FHS-file-names
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "smtpd/smtpctl.c"
+               (("/bin/cat") (which "cat"))
+               (("/bin/sh") (which "sh")))
+             #t))
          ;; OpenSMTPD provides a single utility smtpctl to control the daemon and
          ;; the local submission subsystem.  To accomodate systems that require
          ;; historical interfaces such as sendmail, newaliases or makemap, the
          ;; smtpctl utility can operate in compatibility mode if called with the
          ;; historical name.
-         (add-after 'install 'install-compabilitymode
-           (lambda _
-             (let* ((out (assoc-ref %outputs "out"))
+         (add-after 'install 'install-compability-links
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out  (assoc-ref outputs "out"))
                     (sbin (string-append out "/sbin/")))
-               (for-each (lambda (cmd)
-                           (symlink "smtpctl" (string-append sbin cmd)))
+               (for-each (lambda (command)
+                           (symlink "smtpctl" (string-append sbin command)))
                          '("makemap" "sendmail" "send-mail"
                            "newaliases" "mailq")))
              #t)))))
@@ -2211,12 +2225,10 @@ installation on systems where resources are limited.  Its features include:
        (modify-phases %standard-phases
          (replace 'check
            (lambda _
-             (zero?
-              (system*
-               "django-admin"
-               "test"
-               "--settings=django_mailman3.tests.settings_test"
-               "django_mailman3")))))
+             (invoke "django-admin"
+                     "test"
+                     "--settings=django_mailman3.tests.settings_test"
+                     "django_mailman3"))))
        #:python ,python-2))
     (inputs
      `(("python2-django" ,python2-django)))
diff --git a/gnu/packages/markup.scm b/gnu/packages/markup.scm
index bce411d0bd..e15e8497b7 100644
--- a/gnu/packages/markup.scm
+++ b/gnu/packages/markup.scm
@@ -3,7 +3,7 @@
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Nils Gillmann <ng0@n0.is>
-;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -137,10 +137,9 @@ convert it to structurally valid XHTML (or HTML).")
          (replace 'configure
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (setenv "CC" "gcc")
-             (zero? (system*
-                     "./configure.sh"
+             (invoke "./configure.sh"
                      (string-append "--prefix=" (assoc-ref outputs "out"))
-                     "--shared")))))))
+                     "--shared"))))))
     (synopsis "Markdown processing library, written in C")
     (description
      "Discount is a markdown implementation, written in C.  It provides a
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index fa36431e79..ee9d84d1c3 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -294,14 +294,14 @@ semiconductors.")
 (define-public gsl
   (package
     (name "gsl")
-    (version "2.4")
+    (version "2.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnu/gsl/gsl-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "16yfs5n444s03np1naj6yp1fsysd42kdscxzkg0k2yvfjixx0ijd"))
+                "1395y9hlhqadn5g9j8q22224fds5sd92jxi9czfavjj24myasq04"))
               (patches (search-patches "gsl-test-i686.patch"))))
     (build-system gnu-build-system)
     (arguments
@@ -525,19 +525,6 @@ problems in numerical linear algebra.")
     (license (license:non-copyleft "file://LICENSE"
                                 "See LICENSE in the distribution."))))
 
-(define-public lapack-3.5
-  (package
-    (inherit lapack)
-    (version "3.5.0")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (string-append "http://www.netlib.org/lapack/lapack-"
-                           version ".tgz"))
-       (sha256
-        (base32
-         "0lk3f97i9imqascnlf6wr5mjpyxqcdj73pgj97dj2mgvyg9z1n4s"))))))
-
 (define-public scalapack
   (package
     (name "scalapack")
@@ -3385,7 +3372,8 @@ in finite element programs.")
             version "-src.zip"))
         (sha256
           (base32
-            "022w8hph7bli5zbpnk3z1qh1c2sl5hm8fw2ccim651ynn0hr7fyz"))))
+            "022w8hph7bli5zbpnk3z1qh1c2sl5hm8fw2ccim651ynn0hr7fyz"))
+        (patches (search-patches "flann-cmake-3.11.patch"))))
     (build-system cmake-build-system)
     (outputs '("out"
                "octave"))                  ;46 MiB .mex file that pulls Octave
diff --git a/gnu/packages/maven.scm b/gnu/packages/maven.scm
index 81021f6461..f63fcee6b2 100644
--- a/gnu/packages/maven.scm
+++ b/gnu/packages/maven.scm
@@ -23,7 +23,56 @@
   #:use-module (guix utils)
   #:use-module (guix build-system ant)
   #:use-module (gnu packages)
-  #:use-module (gnu packages java))
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages java)
+  #:use-module (gnu packages web)
+  #:use-module (gnu packages xml))
+
+(define-public java-plexus-component-metadata
+  (package
+    (inherit java-plexus-container-default)
+    (name "java-plexus-component-metadata")
+    (arguments
+     `(#:jar-name "plexus-component-metadata.jar"
+       #:source-dir "src/main/java"
+       #:test-dir "src/test"
+       #:jdk ,icedtea-8
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'chdir
+           (lambda _
+             (chdir "plexus-component-metadata")
+             #t))
+         (add-before 'build 'copy-resources
+           (lambda _
+             (copy-recursively "src/main/resources"
+                               "build/classes/")
+             #t)))))
+    (inputs
+     `(("java-plexus-container-default" ,java-plexus-container-default)
+       ("java-plexu-component-annotations" ,java-plexus-component-annotations)
+       ("java-plexus-utils" ,java-plexus-utils)
+       ("java-plexus-cli" ,java-plexus-cli)
+       ("java-plexus-classworlds" ,java-plexus-classworlds)
+       ("maven-plugin-api" ,maven-plugin-api)
+       ("maven-plugin-annotations" ,maven-plugin-annotations)
+       ("maven-core-bootstrap" ,maven-core-bootstrap)
+       ("maven-model" ,maven-model)
+       ("java-commons-cli" ,java-commons-cli)
+       ("java-qdox" ,java-qdox)
+       ("java-jdom2" ,java-jdom2)
+       ("java-asm" ,java-asm)))
+    (native-inputs
+     `(("java-junit" ,java-junit)
+       ("java-guava" ,java-guava)
+       ("java-geronimo-xbean-reflect" ,java-geronimo-xbean-reflect)))
+    (synopsis "Inversion-of-control container for Maven")
+    (description "The Plexus project provides a full software stack for creating
+and executing software projects.  Based on the Plexus container, the
+applications can utilise component-oriented programming to build modular,
+reusable components that can easily be assembled and reused.  This package
+provides the Maven plugin generating the component metadata.")))
 
 (define-public maven-resolver-api
   (package
@@ -128,3 +177,1350 @@ ease usage of the repository system.")))
     (synopsis "Maven repository connector implementation")
     (description "This package contains a repository connector implementation
 for repositories using URI-based layouts.")))
+
+(define-public maven-resolver-impl
+  (package
+    (inherit maven-resolver-api)
+    (name "maven-resolver-impl")
+    (arguments
+     `(#:jar-name "maven-resolver-impl.jar"
+       #:source-dir "maven-resolver-impl/src/main/java"
+       #:test-dir "maven-resolver-impl/src/test"
+       #:jdk ,icedtea-8
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'generate-sisu
+           (lambda _
+             (mkdir-p "build/classes/META-INF/sisu")
+             (with-output-to-file "build/classes/META-INF/sisu/javax.inject.Named"
+               (lambda _
+                 (display
+                   (string-append
+                     ;; Build this list by looking for files containing "@Named"
+                     "org.eclipse.aether.internal.impl.DefaultArtifactResolver\n"
+                     "org.eclipse.aether.internal.impl.DefaultTransporterProvider\n"
+                     "org.eclipse.aether.internal.impl.DefaultUpdatePolicyAnalyzer\n"
+                     "org.eclipse.aether.internal.impl.slf4j.Slf4jLoggerFactory\n"
+                     "org.eclipse.aether.internal.impl.DefaultRepositorySystem\n"
+                     "org.eclipse.aether.internal.impl.LoggerFactoryProvider\n"
+                     "org.eclipse.aether.internal.impl.DefaultFileProcessor\n"
+                     "org.eclipse.aether.internal.impl.DefaultLocalRepositoryProvider\n"
+                     "org.eclipse.aether.internal.impl.SimpleLocalRepositoryManagerFactory\n"
+                     "org.eclipse.aether.internal.impl.DefaultDeployer\n"
+                     "org.eclipse.aether.internal.impl.DefaultMetadataResolver\n"
+                     "org.eclipse.aether.internal.impl.DefaultInstaller\n"
+                     "org.eclipse.aether.internal.impl.Maven2RepositoryLayoutFactory\n"
+                     "org.eclipse.aether.internal.impl.DefaultSyncContextFactory\n"
+                     "org.eclipse.aether.internal.impl.DefaultOfflineController\n"
+                     "org.eclipse.aether.internal.impl.EnhancedLocalRepositoryManagerFactory\n"
+                     "org.eclipse.aether.internal.impl.DefaultRepositoryLayoutProvider\n"
+                     "org.eclipse.aether.internal.impl.DefaultRemoteRepositoryManager\n"
+                     "org.eclipse.aether.internal.impl.DefaultRepositoryEventDispatcher\n"
+                     "org.eclipse.aether.internal.impl.DefaultRepositoryConnectorProvider\n"
+                     "org.eclipse.aether.internal.impl.DefaultUpdateCheckManager\n"
+                     "org.eclipse.aether.internal.impl.DefaultChecksumPolicyProvider\n"
+                     "org.eclipse.aether.internal.impl.DefaultDependencyCollector\n"))))
+             #t)))))
+    (inputs
+     `(("maven-resolver-api" ,maven-resolver-api)
+       ("maven-resolver-spi" ,maven-resolver-spi)
+       ("maven-resolver-util" ,maven-resolver-util)
+       ("java-eclipse-sisu-inject" ,java-eclipse-sisu-inject)
+       ("java-javax-inject" ,java-javax-inject)
+       ("java-guice" ,java-guice)
+       ("java-guava" ,java-guava)
+       ("java-cglib" ,java-cglib)
+       ("java-asm" ,java-asm)
+       ("jajva-aopalliance" ,java-aopalliance)
+       ("java-slf4j-api" ,java-slf4j-api)))
+    (native-inputs
+     `(("java-junit" ,java-junit)
+       ("java-hamcrest-core" ,java-hamcrest-core)
+       ("maven-resolver-test-util" ,maven-resolver-test-util)))))
+
+(define-public maven-resolver-transport-wagon
+  (package
+    (inherit maven-resolver-api)
+    (name "maven-resolver-transport-wagon")
+    (arguments
+     `(#:jar-name "maven-resolver-transport-wagon.jar"
+       #:source-dir "maven-resolver-transport-wagon/src/main/java"
+       #:test-dir "maven-resolver-transport-wagon/src/test"
+       #:jdk ,icedtea-8
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'generate-sisu
+           (lambda _
+             (mkdir-p "build/classes/META-INF/sisu")
+             (with-output-to-file "build/classes/META-INF/sisu/javax.inject.Named"
+               (lambda _
+                 (display "org.eclipse.aether.transport.wagon.WagonTransporterFactory\n")))
+             #t))
+         (add-before 'build 'generate-components.xml
+           (lambda _
+             (mkdir-p "build/classes/META-INF/plexus")
+             (with-output-to-file "build/classes/META-INF/plexus/components.xml"
+               (lambda _
+                 (display
+                   (string-append
+                     "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
+<component-set>
+  <components>
+    <component>
+      <role>org.eclipse.aether.transport.wagon.WagonConfigurator</role>
+      <role-hint>plexus</role-hint>
+      <implementation>org.eclipse.aether.internal.transport.wagon.PlexusWagonConfigurator</implementation>
+      <description />
+      <isolated-realm>false</isolated-realm>
+      <requirements>
+        <requirement>
+          <role>org.codehaus.plexus.PlexusContainer</role>
+          <role-hint />
+          <field-name>container</field-name>
+        </requirement>
+      </requirements>
+    </component>
+    <component>
+      <role>org.eclipse.aether.transport.wagon.WagonProvider</role>
+      <role-hint>plexus</role-hint>
+      <implementation>org.eclipse.aether.internal.transport.wagon.PlexusWagonProvider</implementation>
+      <description />
+      <isolated-realm>false</isolated-realm>
+      <requirements>
+        <requirement>
+          <role>org.codehaus.plexus.PlexusContainer</role>
+          <role-hint />
+          <field-name>container</field-name>
+        </requirement>
+      </requirements>
+    </component>
+  </components>
+</component-set>\n"))))
+             #t)))))
+    (inputs
+     `(("maven-resolver-api" ,maven-resolver-api)
+       ("maven-resolver-spi" ,maven-resolver-spi)
+       ("maven-resolver-util" ,maven-resolver-util)
+       ("java-javax-inject" ,java-javax-inject)
+       ("mavne-wagon-provider-api" ,maven-wagon-provider-api)
+       ("java-plexus-component-annotation" ,java-plexus-component-annotations)
+       ("java-plexus-classworld" ,java-plexus-classworlds)
+       ("java-plexus-plexus-util" ,java-plexus-utils)
+       ("java-eclipse-sisu-inject" ,java-eclipse-sisu-inject)
+       ("java-eclipse-sisu-plexus" ,java-eclipse-sisu-plexus)))
+    (native-inputs
+     `(("java-junit" ,java-junit)
+       ("java-hamcrest-core" ,java-hamcrest-core)
+       ("maven-resolver-test-util" ,maven-resolver-test-util)
+       ("java-guava" ,java-guava)
+       ("java-cglib" ,java-cglib)
+       ("java-asm" ,java-asm)
+       ("java-aopalliance" ,java-aopalliance)
+       ("java-guice" ,java-guice)))
+    (synopsis "Transport implementation for Maven")
+    (description "This package contains a transport implementation based on
+Maven Wagon, for use in Maven.")))
+
+(define-public maven-shared-utils
+  (package
+    (name "maven-shared-utils")
+    (version "3.2.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://archive.apache.org/dist/maven/shared/"
+                                  "maven-shared-utils-" version "-source-release.zip"))
+              (sha256
+               (base32
+                "1kzmj68wwdcznb36hm6kfz57wbavw7g1rp236pz10znkjljn6rf6"))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:jar-name "maven-shared-utils.jar"
+       #:source-dir "src/main/java"
+       #:jdk ,icedtea-8
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'check 'remove-cyclic-dep
+           (lambda _
+             (delete-file
+               "src/test/java/org/apache/maven/shared/utils/introspection/ReflectionValueExtractorTest.java")
+             #t)))))
+    (inputs
+     `(("java-jansi" ,java-jansi)
+       ("java-commons-io" ,java-commons-io)
+       ("java-jsr305" ,java-jsr305)
+       ("java-plexus-container-default" ,java-plexus-container-default)))
+    (native-inputs
+     `(("unzip" ,unzip)
+       ("java-junit" ,java-junit)
+       ("java-hamcrest-core" ,java-hamcrest-core)
+       ("java-commons-lang3" ,java-commons-lang3)))
+    (home-page "https://maven.apache.org/shared/maven-shared-utils/")
+    (synopsis "Plexus-util replacement for maven")
+    (description "This project aims to be a functional replacement for
+plexus-utils in Maven.  It is not a 100% API compatible replacement but a
+replacement with improvements.")
+    (license license:asl2.0)))
+
+(define-public maven-plugin-annotations
+  (package
+    (name "maven-plugin-annotations")
+    (version "3.5")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://archive.apache.org/dist/maven/"
+                                  "plugin-tools/maven-plugin-tools-" version
+                                  "-source-release.zip"))
+              (sha256 (base32 "1ryqhs62j5pas93brhf5dsnvp99hxbvssf681yj5rk3r9h24hqm2"))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:jar-name "maven-plugin-annotations.jar"
+       #:source-dir "maven-plugin-annotations/src/main/java"
+       #:tests? #f))
+    (inputs
+     `(("maven-artifact" ,maven-artifact)))
+    (native-inputs
+     `(("unzip" ,unzip)))
+    (home-page "https://maven.apache.org/plugin-tools/maven-plugin-annotations/")
+    (synopsis "Java 5 annotations to use in Mojos")
+    (description "This package contains Java 5 annotations for use in Mojos.")
+    (license license:asl2.0)))
+
+(define-public maven-wagon-provider-api
+  (package
+    (name "maven-wagon-provider-api")
+    (version "3.0.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://archive.apache.org/dist/maven/wagon/"
+                                  "wagon-" version "-source-release.zip"))
+              (sha256 (base32 "1qb0q4m7vmf290xp3fnfdi3pwl3hkskia5g3z2v82q1ch3y2knqv"))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:jar-name "maven-wagon-provider-api.jar"
+       #:source-dir "wagon-provider-api/src/main/java"
+       #:test-dir "wagon-provider-api/src/test"))
+    (inputs
+     `(("java-plexus-utils" ,java-plexus-utils)))
+    (native-inputs
+     `(("unzip" ,unzip)
+       ("java-junit" ,java-junit)
+       ("java-easymock" ,java-easymock)))
+    (home-page "https://maven.apache.org/wagon")
+    (synopsis "Transport abstraction for Maven")
+    (description "Maven Wagon is a transport abstraction that is used in Maven's
+artifact and repository handling code.")
+    (license license:asl2.0)))
+
+(define-public maven-wagon-provider-test
+  (package
+    (inherit maven-wagon-provider-api)
+    (name "maven-wagon-provider-test")
+    (arguments
+     `(#:jar-name "maven-wagon-provider-test.jar"
+       #:source-dir "wagon-provider-test/src/main/java"
+       #:tests? #f; no tests
+       #:jdk ,icedtea-8))
+    (inputs
+     `(("java-plexus-utils" ,java-plexus-utils)
+       ("java-plexus-container-default" ,java-plexus-container-default)
+       ("java-eclipse-jetty-util-9.2" ,java-eclipse-jetty-util-9.2)
+       ("java-eclipse-jetty-security-9.2" ,java-eclipse-jetty-security-9.2)
+       ("java-eclipse-jetty-server-9.2" ,java-eclipse-jetty-server-9.2)
+       ("java-eclipse-jetty-servlet-9.2" ,java-eclipse-jetty-servlet-9.2)
+       ("java-slf4j-api" ,java-slf4j-api)
+       ("java-tomcat" ,java-tomcat)
+       ("maven-wagon-provider-api" ,maven-wagon-provider-api)))
+    (synopsis "Test classes from maven-wagon")
+    (description "Maven Wagon is a transport abstraction that is used in Maven's
+artifact and repository handling code.  This package contains common test
+classes used in multiple maven-wagon components.")))
+
+(define-public maven-wagon-file
+  (package
+    (inherit maven-wagon-provider-api)
+    (name "maven-wagon-file")
+    (arguments
+     `(#:jar-name "maven-wagon-file.jar"
+       #:source-dir "wagon-providers/wagon-file/src/main/java"
+       #:test-dir "wagon-providers/wagon-file/src/test"
+       #:jdk ,icedtea-8
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'check 'fix-paths
+           (lambda _
+             ;; Tests assume they are run by maven, which copies test resources
+             ;; to target.  Our ant-build-system does the same, but with the
+             ;; build directory.
+             (substitute* "wagon-providers/wagon-file/src/test/java/org/apache/maven/wagon/providers/file/FileWagonTest.java"
+               (("target") "build"))
+             #t))
+         (add-after 'build 'generate-metadata
+           (lambda _
+             (invoke "java" "-cp" (string-append (getenv "CLASSPATH") ":build/classes")
+                     "org.codehaus.plexus.metadata.PlexusMetadataGeneratorCli"
+                     "--source" "wagon-providers/wagon-file/src/main/java"
+                     "--output" "build/classes/META-INF/plexus/components.xml"
+                     "--classes" "build/classes"
+                     "--descriptors" "build/classes/META-INF")
+             #t))
+         (add-after 'generate-metadata 'rebuild
+           (lambda _
+             (invoke "ant" "jar")
+             #t)))))
+    (inputs
+     `(("java-plexus-utils" ,java-plexus-utils)
+       ("maven-wagon-provider-api" ,maven-wagon-provider-api)))
+    (native-inputs
+     `(("maven-wagon-provider-test" ,maven-wagon-provider-test)
+       ("java-plexus-component-metadata" ,java-plexus-component-metadata)
+       ("java-plexus-component-annotations" ,java-plexus-component-annotations)
+       ("java-eclipse-sisu-plexus" ,java-eclipse-sisu-plexus)
+       ("java-eclipse-sisu-inject" ,java-eclipse-sisu-inject)
+       ("java-plexus-classworlds" ,java-plexus-classworlds)
+       ("java-guava" ,java-guava)
+       ("java-guice" ,java-guice)
+       ("java-javax-inject" ,java-javax-inject)
+       ("java-cglib" ,java-cglib)
+       ("java-slf4j-api" ,java-slf4j-api)
+       ("java-plexus-utils" ,java-plexus-utils)
+       ("java-plexus-cli" ,java-plexus-cli)
+       ("maven-plugin-api" ,maven-plugin-api)
+       ("maven-plugin-annotations" ,maven-plugin-annotations)
+       ("maven-core" ,maven-core)
+       ("maven-model" ,maven-model)
+       ("java-commons-cli" ,java-commons-cli)
+       ("java-qdox" ,java-qdox)
+       ("java-jdom2" ,java-jdom2)
+       ("java-asm" ,java-asm)
+       ("java-geronimo-xbean-reflect" ,java-geronimo-xbean-reflect)
+       ,@(package-native-inputs maven-wagon-provider-api)))
+    (synopsis "Wagon provider that gets and puts artifacts using the file system")
+    (description "Maven Wagon is a transport abstraction that is used in Maven's
+artifact and repository handling code.  It uses providers, that are tools to
+manage artifacts and deployment.  This package contains the file provider which
+gets and puts artifacts using the file system.")))
+
+(define-public maven-wagon-tck-http
+  (package
+    (inherit maven-wagon-provider-api)
+    (name "maven-wagon-tck-http")
+    (arguments
+     `(#:jar-name "maven-wagon-tck-http.jar"
+       #:source-dir "wagon-tcks/wagon-tck-http/src/main/java"
+       #:tests? #f; no tests
+       #:jdk ,icedtea-8))
+    (inputs
+     `(("java-plexus-util" ,java-plexus-utils)
+       ("maven-wagon-provider-api" ,maven-wagon-provider-api)
+       ("java-tomcat" ,java-tomcat)
+       ("java-slf4j-api" ,java-slf4j-api)
+       ("java-commons-codec" ,java-commons-codec)
+       ("java-eclipse-sisu-plexus" ,java-eclipse-sisu-plexus)
+       ("java-plexus-classworlds" ,java-plexus-classworlds)
+       ("java-eclipse-jetty-util-9.2" ,java-eclipse-jetty-util-9.2)
+       ("java-eclipse-jetty-webapp-9.2" ,java-eclipse-jetty-webapp-9.2)
+       ("java-eclipse-jetty-security-9.2" ,java-eclipse-jetty-security-9.2)
+       ("java-eclipse-jetty-server-9.2" ,java-eclipse-jetty-server-9.2)
+       ("java-eclipse-jetty-servlet-9.2" ,java-eclipse-jetty-servlet-9.2)))
+    (synopsis "Wagon HTTP Test Compatibility Kit")
+    (description "Maven Wagon is a transport abstraction that is used in Maven's
+artifact and repository handling code.  This package contains the HTTP
+Test Compatibility Kit.")))
+
+(define-public maven-wagon-http-shared
+  (package
+    (inherit maven-wagon-provider-api)
+    (name "maven-wagon-http-shared")
+    (arguments
+     `(#:jar-name "maven-wagon-http-shared.jar"
+       #:source-dir "wagon-providers/wagon-http-shared/src/main/java"
+       #:test-dir "wagon-providers/wagon-http-shared/src/test"
+       #:jdk ,icedtea-8
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'build 'generate-metadata
+           (lambda _
+             (invoke "java" "-cp" (string-append (getenv "CLASSPATH") ":build/classes")
+                     "org.codehaus.plexus.metadata.PlexusMetadataGeneratorCli"
+                     "--source" "wagon-providers/wagon-http-shared/src/main/java"
+                     "--output" "build/classes/META-INF/plexus/components.xml"
+                     "--classes" "build/classes"
+                     "--descriptors" "build/classes/META-INF")
+             #t))
+         (add-after 'generate-metadata 'rebuild
+           (lambda _
+             (invoke "ant" "jar")
+             #t)))))
+    (inputs
+     `(("java-plexus-utils" ,java-plexus-utils)
+       ("java-httpcomponents-httpclient" ,java-httpcomponents-httpclient)
+       ("java-httpcomponents-httpcore" ,java-httpcomponents-httpcore)
+       ("java-commons-io" ,java-commons-io)
+       ("java-jsoup" ,java-jsoup)
+       ("maven-wagon-provider-api" ,maven-wagon-provider-api)))
+    (native-inputs
+     `(("maven-wagon-provider-test" ,maven-wagon-provider-test)
+       ("java-plexus-component-metadata" ,java-plexus-component-metadata)
+       ("java-plexus-component-annotations" ,java-plexus-component-annotations)
+       ("java-eclipse-sisu-plexus" ,java-eclipse-sisu-plexus)
+       ("java-eclipse-sisu-inject" ,java-eclipse-sisu-inject)
+       ("java-plexus-classworlds" ,java-plexus-classworlds)
+       ("java-guava" ,java-guava)
+       ("java-guice" ,java-guice)
+       ("java-javax-inject" ,java-javax-inject)
+       ("java-cglib" ,java-cglib)
+       ("java-slf4j-api" ,java-slf4j-api)
+       ("java-plexus-utils" ,java-plexus-utils)
+       ("java-plexus-cli" ,java-plexus-cli)
+       ("maven-plugin-api" ,maven-plugin-api)
+       ("maven-plugin-annotations" ,maven-plugin-annotations)
+       ("maven-core" ,maven-core)
+       ("maven-model" ,maven-model)
+       ("java-commons-cli" ,java-commons-cli)
+       ("java-qdox" ,java-qdox)
+       ("java-jdom2" ,java-jdom2)
+       ("java-asm" ,java-asm)
+       ("java-geronimo-xbean-reflect" ,java-geronimo-xbean-reflect)
+       ,@(package-native-inputs maven-wagon-provider-api)))
+    (synopsis "Shared Library for wagon providers supporting HTTP.")
+    (description "Maven Wagon is a transport abstraction that is used in Maven's
+artifact and repository handling code.  It uses providers, that are tools to
+manage artifacts and deployment.  This package contains a shared library for
+wagon providers supporting HTTP.")))
+
+(define-public maven-wagon-http
+  (package
+    (inherit maven-wagon-provider-api)
+    (name "maven-wagon-http")
+    (arguments
+     `(#:jar-name "maven-wagon-http.jar"
+       #:source-dir "wagon-providers/wagon-http/src/main/java"
+       #:test-dir "wagon-providers/wagon-http/src/test"
+       #:test-exclude (list
+                        "**/Abstract*.java"
+                        ;; FIXME: javax.net.ssl.SSLHandshakeException:
+                        ;; sun.security.validator.ValidatorException:
+                        ;; PKIX path building failed:
+                        ;; sun.security.provider.certpath.SunCertPathBuilderException:
+                        ;; unable to find valid certification path to requested target
+                        "**/HttpsWagonPreemptiveTest.java"
+                        "**/HttpsWagonTest.java"
+                        ;; Injection errors
+                        "**/TckTest.java")
+       #:jdk ,icedtea-8
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'copy-resources
+           (lambda _
+             (install-file "wagon-providers/wagon-http/src/main/resources/META-INF/plexus/components.xml"
+                           "build/classes/META-INF/plexus")
+             #t))
+         (add-before 'check 'fix-resource-path
+           (lambda _
+             (substitute* '("wagon-providers/wagon-http/src/test/java/org/apache/maven/wagon/providers/http/HttpsWagonPreemptiveTest.java"
+                            "wagon-providers/wagon-http/src/test/java/org/apache/maven/wagon/providers/http/HttpsWagonTest.java")
+               (("src/test") "wagon-providers/wagon-http/src/test"))
+             #t)))))
+    (inputs
+     `(("java-plexus-utils" ,java-plexus-utils)
+       ("java-httpcomponents-httpclient" ,java-httpcomponents-httpclient)
+       ("java-httpcomponents-httpcore" ,java-httpcomponents-httpcore)
+       ("maven-wagon-http-shared" ,maven-wagon-http-shared)
+       ("maven-wagon-tck-http" ,maven-wagon-tck-http)
+       ("maven-wagon-provider-api" ,maven-wagon-provider-api)))
+    (native-inputs
+     `(("maven-wagon-provider-test" ,maven-wagon-provider-test)
+       ("java-plexus-component-metadata" ,java-plexus-component-metadata)
+       ("java-plexus-component-annotations" ,java-plexus-component-annotations)
+       ("java-eclipse-sisu-plexus" ,java-eclipse-sisu-plexus)
+       ("java-plexus-container-default" ,java-plexus-container-default)
+       ("java-eclipse-sisu-inject" ,java-eclipse-sisu-inject)
+       ("java-plexus-classworlds" ,java-plexus-classworlds)
+       ("java-guava" ,java-guava)
+       ("java-guice" ,java-guice)
+       ("java-inject" ,java-javax-inject)
+       ("java-cglib" ,java-cglib)
+       ("java-slf4j-api" ,java-slf4j-api)
+       ("java-plexus-utils" ,java-plexus-utils)
+       ("java-plexus-cli" ,java-plexus-cli)
+       ("maven-plugin-api" ,maven-plugin-api)
+       ("maven-plugin-annotations" ,maven-plugin-annotations)
+       ("maven-core" ,maven-core)
+       ("maven-model" ,maven-model)
+       ("java-commons-cli" ,java-commons-cli)
+       ("java-qdox" ,java-qdox)
+       ("java-jdom2" ,java-jdom2)
+       ("java-asm" ,java-asm)
+       ("java-geronimo-xbean-reflect" ,java-geronimo-xbean-reflect)
+       ("java-tomcat" ,java-tomcat)
+       ("java-eclipse-jetty-util-9.2" ,java-eclipse-jetty-util-9.2)
+       ("java-eclipse-jetty-io-9.2" ,java-eclipse-jetty-io-9.2)
+       ("java-eclipse-jetty-http-9.2" ,java-eclipse-jetty-http-9.2)
+       ("java-eclipse-jetty-server-9.2" ,java-eclipse-jetty-server-9.2)
+       ("java-eclipse-jetty-servlet-9.2" ,java-eclipse-jetty-servlet-9.2)
+       ("java-eclipse-jetty-security-9.2" ,java-eclipse-jetty-security-9.2)
+       ("java-hamcrest-core" ,java-hamcrest-core)
+       ("java-commons-logging-minimal" ,java-commons-logging-minimal)
+       ("java-commons-codec" ,java-commons-codec)
+       ("java-commons-io" ,java-commons-io)
+       ("java-jsoup" ,java-jsoup)
+       ("java-slf4j-simple" ,java-slf4j-simple)
+       ,@(package-native-inputs maven-wagon-provider-api)))
+    (synopsis "Wagon provider that gets and puts artifacts through HTTP(S)")
+    (description "Maven Wagon is a transport abstraction that is used in Maven's
+artifact and repository handling code.  It uses providers, that are tools to
+manage artifacts and deployment.  This package contains a Wagon provider that
+gets and puts artifacts through HTTP(S) using Apache HttpClient-4.x.")))
+
+(define-public maven-artifact
+  (package
+    (name "maven-artifact")
+    (version "3.5.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://archive.apache.org/dist/maven/"
+                                  "maven-3/" version "/source/"
+                                  "apache-maven-" version "-src.tar.gz"))
+              (sha256 (base32 "06by23fz207lkvsndq883irfcf4p77jzkgf7n2q7hzyw1hs4h5s7"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  (for-each delete-file (find-files "." "\\.jar$"))
+                  #t))
+              (patches
+                (search-patches "maven-generate-component-xml.patch"
+                                "maven-generate-javax-inject-named.patch"))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:jar-name "maven-artifact.jar"
+       #:source-dir "maven-artifact/src/main/java"
+       #:test-dir "maven-artifact/src/test"
+       #:main-class "org.apache.maven.artifact.versioning.ComparableVersion"))
+    (inputs
+     `(("java-plexus-utils" ,java-plexus-utils)
+       ("java-commons-lang3" ,java-commons-lang3)))
+    (native-inputs
+     `(("java-junit" ,java-junit)))
+    (home-page "https://maven.apache.org/")
+    (synopsis "Build system")
+    (description "Apache Maven is a software project management and comprehension
+tool.  This package contains the Maven Artifact classes, providing the
+@code{Artifact} interface, with its @code{DefaultArtifact} implementation.  The
+jar file is executable and provides a little tool to display how Maven parses
+and compares versions:")
+    (license license:asl2.0)))
+
+(define-public maven-model
+  (package
+    (inherit maven-artifact)
+    (name "maven-model")
+    (arguments
+     `(#:jar-name "maven-model.jar"
+       #:source-dir "maven-model/src/main/java"
+       #:test-dir "maven-model/src/test"
+       #:jdk ,icedtea-8
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'generate-models
+           (lambda* (#:key inputs #:allow-other-keys)
+             (define (modello-single-mode file version mode)
+               (invoke "java" "org.codehaus.modello.ModelloCli"
+                       file mode "maven-model/src/main/java" version
+                       "false" "true"))
+             (let ((file "maven-model/src/main/mdo/maven.mdo"))
+               (modello-single-mode file "4.0.0" "java")
+               (modello-single-mode file "4.0.0" "xpp3-reader")
+               (modello-single-mode file "4.0.0" "xpp3-writer")
+               (modello-single-mode file "4.0.0" "xpp3-extended-reader"))
+             #t)))))
+    (inputs
+     `(("java-commons-lang3" ,java-commons-lang3)
+       ("java-plexus-utils" ,java-plexus-utils)))
+    (native-inputs
+     `(("java-modello-core" ,java-modello-core)
+       ;; for modello:
+       ("java-eclipse-sisu-plexus" ,java-eclipse-sisu-plexus)
+       ("java-plexus-component-annotations" ,java-plexus-component-annotations)
+       ("java-guice" ,java-guice)
+       ("java-cglib" ,java-cglib)
+       ("java-asm" ,java-asm)
+       ("java-eclipse-sisu-inject" ,java-eclipse-sisu-inject)
+       ("java-javax-inject" ,java-javax-inject)
+       ("java-plexus-classworlds" ,java-plexus-classworlds)
+       ("java-guava" ,java-guava)
+       ("java-geronimo-xbean-reflect" ,java-geronimo-xbean-reflect)
+       ("java-sisu-build-api" ,java-sisu-build-api)
+       ;; modello plugins:
+       ("java-modello-plugins-java" ,java-modello-plugins-java)
+       ("java-modello-plugins-xml" ,java-modello-plugins-xml)
+       ("java-modello-plugins-xpp3" ,java-modello-plugins-xpp3)
+       ;; for tests
+       ("java-junit" ,java-junit)))
+    (description "Apache Maven is a software project management and comprehension
+tool.  This package contains the model for Maven @dfn{POM} (Project Object Model),
+so really just plain Java objects.")))
+
+(define-public maven-builder-support
+  (package
+    (inherit maven-artifact)
+    (name "maven-builder-support")
+    (arguments
+     `(#:jar-name "maven-builder-support.jar"
+       #:source-dir "maven-builder-support/src/main/java"
+       #:jdk ,icedtea-8
+       #:test-dir "maven-builder-support/src/test"
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'check 'fix-paths
+           (lambda _
+             (with-directory-excursion "maven-builder-support/src/test/java"
+               (substitute*
+                 '("org/apache/maven/building/FileSourceTest.java"
+                   "org/apache/maven/building/UrlSourceTest.java")
+                 (("target/test-classes") "maven-builder-support/src/test/resources")))
+             #t)))))
+    (inputs
+     `(("java-plexus-utils" ,java-plexus-utils)
+       ("java-commons-lang3" ,java-commons-lang3)))
+    (native-inputs
+     `(("java-junit" ,java-junit)
+       ("java-hamcrest-core" ,java-hamcrest-core)))
+    (description "Apache Maven is a software project management and comprehension
+tool.  This package contains a support library for descriptor builders (model,
+setting, toolchains)")))
+
+(define-public maven-settings
+  (package
+    (inherit maven-artifact)
+    (name "maven-settings")
+    (arguments
+     `(#:jar-name "maven-settings.jar"
+       #:source-dir "maven-settings/src/main/java"
+       #:jdk ,icedtea-8
+       #:tests? #f; no tests
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'generate-models
+           (lambda* (#:key inputs #:allow-other-keys)
+             (define (modello-single-mode file version mode)
+               (invoke "java" "org.codehaus.modello.ModelloCli"
+                       file mode "maven-settings/src/main/java" version
+                       "false" "true"))
+             (let ((file "maven-settings/src/main/mdo/settings.mdo"))
+               (modello-single-mode file "1.1.0" "java")
+               (modello-single-mode file "1.1.0" "xpp3-reader")
+               (modello-single-mode file "1.1.0" "xpp3-writer"))
+             #t)))))
+    (inputs '())
+    (native-inputs
+     `(("java-modello-core" ,java-modello-core)
+       ;; for modello:
+       ;("container" ,java-plexus-container-default)
+       ("java-eclipse-sisu-plexus" ,java-eclipse-sisu-plexus)
+       ("java-plexus-component-annotations" ,java-plexus-component-annotations)
+       ("java-guice" ,java-guice)
+       ("java-cglib" ,java-cglib)
+       ("java-asm" ,java-asm)
+       ("java-eclipse-sisu-inject" ,java-eclipse-sisu-inject)
+       ("java-javax-inject" ,java-javax-inject)
+       ("java-plexus-classworlds" ,java-plexus-classworlds)
+       ("java-plexus-utils" ,java-plexus-utils)
+       ("java-guava" ,java-guava)
+       ("java-geronimo-xbean-reflect" ,java-geronimo-xbean-reflect)
+       ("java-sisu-build-api" ,java-sisu-build-api)
+       ;; modello plugins:
+       ("java-modello-plugins-java" ,java-modello-plugins-java)
+       ("java-modello-plugins-xml" ,java-modello-plugins-xml)
+       ("java-modello-plugins-xpp3" ,java-modello-plugins-xpp3)))
+    (description "Apache Maven is a software project management and comprehension
+tool.  This package contains strictly the model for Maven settings, that is
+simply plain java objects.")))
+
+(define-public maven-settings-builder
+  (package
+    (inherit maven-artifact)
+    (name "maven-settings-builder")
+    (arguments
+     `(#:jar-name "maven-settings-builder.jar"
+       #:source-dir "maven-settings-builder/src/main/java"
+       #:jdk ,icedtea-8
+       #:test-dir "maven-settings-builder/src/test"
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'generate-components.xml
+           (lambda _
+             (mkdir-p "build/classes/META-INF/plexus")
+             (chmod "components.sh" #o755)
+             (invoke "./components.sh" "maven-settings-builder/src/main/java"
+                     "build/classes/META-INF/plexus/components.xml")
+             #t)))))
+    (inputs
+     `(("java-plexus-utils" ,java-plexus-utils)
+       ("java-plexus-component-annotations" ,java-plexus-component-annotations)
+       ("java-plexus-interpolation" ,java-plexus-interpolation)
+       ("java-plexus-sec-dispatcher" ,java-plexus-sec-dispatcher)
+       ("maven-builder-support" ,maven-builder-support)
+       ("maven-settings" ,maven-settings)
+       ("java-commons-lang3" ,java-commons-lang3)))
+    (native-inputs
+     `(("java-junit" ,java-junit)))
+    (description "Apache Maven is a software project management and comprehension
+tool.  This package contains the effective model builder, with profile activation,
+inheritance, interpolation, @dots{}")))
+
+(define-public maven-model-builder
+  (package
+    (inherit maven-artifact)
+    (name "maven-model-builder")
+    (arguments
+     `(#:jar-name "maven-model-builder.jar"
+       #:source-dir "maven-model-builder/src/main/java"
+       #:jdk ,icedtea-8
+       #:test-dir "maven-model-builder/src/test"
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'copy-resources
+           (lambda _
+             (copy-recursively "maven-model-builder/src/main/resources"
+                               "build/classes")
+             #t))
+         (add-before 'build 'generate-components.xml
+           (lambda _
+             (mkdir-p "build/classes/META-INF/plexus")
+             (chmod "components.sh" #o755)
+             (invoke "./components.sh" "maven-model-builder/src/main/java"
+                     "build/classes/META-INF/plexus/components.xml")
+             #t))
+         (add-before 'check 'fix-paths
+           (lambda _
+             (substitute* (find-files "maven-model-builder/src/test/java" ".*.java")
+               (("src/test") "maven-model-builder/src/test"))
+             #t)))))
+    (inputs
+     `(("model" ,maven-model)
+       ("artifact" ,maven-artifact)
+       ("support" ,maven-builder-support)
+       ("annotations" ,java-plexus-component-annotations)
+       ("utils" ,java-plexus-utils)
+       ("interpolation" ,java-plexus-interpolation)
+       ("lang3" ,java-commons-lang3)
+       ("guava" ,java-guava)))
+    (native-inputs
+     `(("java-junit" ,java-junit)
+       ("java-hamcrest-core" ,java-hamcrest-core)
+       ("java-eclipse-sisu-plexus" ,java-eclipse-sisu-plexus)
+       ("java-plexus-component-annotations" ,java-plexus-component-annotations)
+       ("guice" ,java-guice)
+       ("java-cglib" ,java-cglib)
+       ("java-asm" ,java-asm)
+       ("sisu-inject" ,java-eclipse-sisu-inject)
+       ("javax-inject" ,java-javax-inject)
+       ("xmlunit" ,java-xmlunit)
+       ("xmlunit" ,java-xmlunit-legacy)
+       ("xbean" ,java-geronimo-xbean-reflect)
+       ("classworlds" ,java-plexus-classworlds)))
+    (description "Apache Maven is a software project management and comprehension
+tool.  This package contains the effective model builder, with profile activation,
+inheritance, interpolation, @dots{}")))
+
+(define-public maven-repository-metadata
+  (package
+    (inherit maven-artifact)
+    (name "maven-repository-metadata")
+    (arguments
+     `(#:jar-name "maven-repository-metadata.jar"
+       #:source-dir "maven-repository-metadata/src/main/java"
+       #:jdk ,icedtea-8
+       #:tests? #f; no tests
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'generate-models
+           (lambda* (#:key inputs #:allow-other-keys)
+             (define (modello-single-mode file version mode)
+               (invoke "java" "org.codehaus.modello.ModelloCli"
+                       file mode "maven-repository-metadata/src/main/java" version
+                       "false" "true"))
+             (let ((file "maven-repository-metadata/src/main/mdo/metadata.mdo"))
+               (modello-single-mode file "1.1.0" "java")
+               (modello-single-mode file "1.1.0" "xpp3-reader")
+               (modello-single-mode file "1.1.0" "xpp3-writer"))
+             #t)))))
+    (inputs '())
+    (native-inputs
+     `(("modello" ,java-modello-core)
+       ;; for modello:
+       ("java-eclipse-sisu-plexus" ,java-eclipse-sisu-plexus)
+       ("java-plexus-component-annotations" ,java-plexus-component-annotations)
+       ("java-guice" ,java-guice)
+       ("java-cglib" ,java-cglib)
+       ("java-asm" ,java-asm)
+       ("java-eclipse-sisu-inject" ,java-eclipse-sisu-inject)
+       ("java-javax-inject" ,java-javax-inject)
+       ("java-plexus-utils" ,java-plexus-utils)
+       ("java-plexus-classworlds" ,java-plexus-classworlds)
+       ("java-guava" ,java-guava)
+       ("java-geronimo-xbean-reflect" ,java-geronimo-xbean-reflect)
+       ("java-sisu-build-api" ,java-sisu-build-api)
+       ;; modello plugins:
+       ("java-modello-plugins-java" ,java-modello-plugins-java)
+       ("java-modello-plugins-xml" ,java-modello-plugins-xml)
+       ("java-modello-plugins-xpp3" ,java-modello-plugins-xpp3)))
+    (description "Apache Maven is a software project management and comprehension
+tool.  This package contains strictly the model for Maven Repository Metadata,
+so really just plain objects.")))
+
+(define-public maven-resolver-provider
+  (package
+    (inherit maven-artifact)
+    (name "maven-resolver-provider")
+    (arguments
+     `(#:jar-name "maven-resolver-provider.jar"
+       #:source-dir "maven-resolver-provider/src/main/java"
+       #:test-dir "maven-resolver-provider/src/test"
+       #:jdk ,icedtea-8
+       #:tests? #f; dependency loop on maven-core (@Component RepositorySystem)
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'generate-sisu-named
+           (lambda _
+             (mkdir-p "build/classes/META-INF/sisu")
+             (chmod "./sisu.sh" #o755)
+             (invoke "./sisu.sh" "maven-resolver-provider/src/main/java"
+                     "build/classes/META-INF/sisu/javax.inject.Named")
+             #t)))))
+    (inputs
+     `(("maven-resolver-spi" ,maven-resolver-spi)
+       ("maven-resolver-api" ,maven-resolver-api)
+       ("maven-resolver-impl" ,maven-resolver-impl)
+       ("maven-resolver-util" ,maven-resolver-util)
+       ("maven-model" ,maven-model)
+       ("maven-model-builder" ,maven-model-builder)
+       ("maven-builder-support" ,maven-builder-support)
+       ("maven-repository-metadata" ,maven-repository-metadata)
+       ("java-plexus-utils" ,java-plexus-utils)
+       ("java-plexus-component-annotations" ,java-plexus-component-annotations)
+       ("java-commons-lang3" ,java-commons-lang3)
+       ("java-guice" ,java-guice)
+       ("java-guava" ,java-guava)
+       ("java-eclipse-sisu-inject" ,java-eclipse-sisu-inject)
+       ("java-javax-inject" ,java-javax-inject)))))
+
+(define-public maven-plugin-api
+  (package
+    (inherit maven-artifact)
+    (name "maven-plugin-api")
+    (arguments
+     `(#:jar-name "maven-plugin-api.jar"
+       #:source-dir "maven-plugin-api/src/main/java"
+       #:jdk ,icedtea-8
+       #:test-dir "maven-plugin-api/src/test"
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'generate-models
+           (lambda* (#:key inputs #:allow-other-keys)
+             (define (modello-single-mode file version mode)
+               (invoke "java" "org.codehaus.modello.ModelloCli"
+                       file mode "maven-plugin-api/src/main/java" version
+                       "false" "true"))
+             (let ((file "maven-plugin-api/src/main/mdo/lifecycle.mdo"))
+               (modello-single-mode file "1.0.0" "java")
+               (modello-single-mode file "1.0.0" "xpp3-reader")
+               (modello-single-mode file "1.0.0" "xpp3-writer"))
+             #t)))))
+    (inputs
+     `(("maven-artifact" ,maven-artifact)
+       ("maven-model" ,maven-model)
+       ("java-eclipse-sisu-plexus" ,java-eclipse-sisu-plexus)
+       ("java-plexus-component-annotations" ,java-plexus-component-annotations)
+       ("guice" ,java-guice)
+       ("java-cglib" ,java-cglib)
+       ("java-asm" ,java-asm)
+       ("sisu-inject" ,java-eclipse-sisu-inject)
+       ("javax-inject" ,java-javax-inject)
+       ("utils" ,java-plexus-utils)))
+    (native-inputs
+     `(("modello" ,java-modello-core)
+       ;; for modello:
+       ("classworlds" ,java-plexus-classworlds)
+       ("guava" ,java-guava)
+       ("xbean" ,java-geronimo-xbean-reflect)
+       ("build-api" ,java-sisu-build-api)
+       ;; modello plugins:
+       ("java" ,java-modello-plugins-java)
+       ("xml" ,java-modello-plugins-xml)
+       ("xpp3" ,java-modello-plugins-xpp3)
+       ;; for tests
+       ("java-junit" ,java-junit)))
+    (description "Apache Maven is a software project management and comprehension
+tool.  This package contains strictly the API for plugins -- composed of goals
+implemented by Mojos -- development.
+
+A plugin is described in a @file{META-INF/maven/plugin.xml} plugin descriptor,
+generally generated from plugin sources using maven-plugin-plugin.")))
+
+(define maven-core-bootstrap
+  (package
+    (inherit maven-artifact)
+    (name "maven-core")
+    (arguments
+     `(#:jar-name "maven-core.jar"
+       #:source-dir "src/main/java"
+       #:jdk ,icedtea-8
+       ;; Tests need maven-compat, which requires maven-core
+       #:tests? #f
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'chdir
+           (lambda _
+             ;; Required for generating components.xml in maven-core
+             (chdir "maven-core")
+             #t))
+         (add-before 'build 'copy-resources
+           (lambda _
+             (mkdir-p "build/classes/")
+             (copy-recursively "src/main/resources" "build/classes")
+             #t))
+         (add-after 'copy-resources 'fill-properties
+           (lambda _
+             ;; This file controls the output of some mvn subcommands, such as
+             ;; mvn -version.
+             (substitute* "build/classes/org/apache/maven/messages/build.properties"
+               (("\\$\\{buildNumber\\}") "guix_build")
+               (("\\$\\{timestamp\\}") "0")
+               (("\\$\\{project.version\\}") ,(package-version maven-artifact))
+               (("\\$\\{distributionId\\}") "apache-maven")
+               (("\\$\\{distributionShortName\\}") "Maven")
+               (("\\$\\{distributionName\\}") "Apache Maven"))
+             #t))
+         (add-before 'build 'generate-sisu-named
+           (lambda _
+             (mkdir-p "build/classes/META-INF/sisu")
+             (chmod "../sisu.sh" #o755)
+             (invoke "../sisu.sh" "src/main/java"
+                     "build/classes/META-INF/sisu/javax.inject.Named")
+             #t))
+         (add-before 'build 'generate-models
+           (lambda* (#:key inputs #:allow-other-keys)
+             (define (modello-single-mode file version mode)
+               (invoke "java" "org.codehaus.modello.ModelloCli"
+                       file mode "src/main/java" version
+                       "false" "true"))
+             (let ((file "src/main/mdo/toolchains.mdo"))
+               (modello-single-mode file "1.1.0" "java")
+               (modello-single-mode file "1.1.0" "xpp3-reader")
+               (modello-single-mode file "1.1.0" "xpp3-writer"))
+             #t)))))
+    (inputs
+     `(("maven-artifact" ,maven-artifact)
+       ("maven-resolver-provider" ,maven-resolver-provider)
+       ("maven-builder-support" ,maven-builder-support)
+       ("maven-model" ,maven-model)
+       ("maven-model-builder" ,maven-model-builder)
+       ("maven-settings" ,maven-settings)
+       ("maven-settings-builder" ,maven-settings-builder)
+       ("maven-plugin-api" ,maven-plugin-api)
+       ("maven-repository-metadata" ,maven-repository-metadata)
+       ("maven-shared-utils" ,maven-shared-utils)
+       ("java-plexus-component-annotations" ,java-plexus-component-annotations)
+       ("java-plexus-utils" ,java-plexus-utils)
+       ("java-commons-lang3" ,java-commons-lang3)
+       ("java-guava" ,java-guava)
+       ("java-guice" ,java-guice)
+       ("maven-resolver-api" ,maven-resolver-api)
+       ("maven-resolver-spi" ,maven-resolver-spi)
+       ("maven-resolver-util" ,maven-resolver-util)
+       ("maven-resolver-impl" ,maven-resolver-impl)
+       ("java-eclipse-sisu-inject" ,java-eclipse-sisu-inject)
+       ("java-eclipse-sisu-plexus" ,java-eclipse-sisu-plexus)
+       ("java-javax-inject" ,java-javax-inject)
+       ("java-plexus-classworld" ,java-plexus-classworlds)))
+    (native-inputs
+     `(("java-modello-core" ,java-modello-core)
+       ("java-cglib" ,java-cglib)
+       ("java-asm" ,java-asm)
+       ("java-plexus-classworlds" ,java-plexus-classworlds)
+       ("java-geronimo-xbean-reflect" ,java-geronimo-xbean-reflect)
+       ("java-sisu-build-api" ,java-sisu-build-api)
+       ("java-modello-plugins-java" ,java-modello-plugins-java)
+       ("java-modello-plugins-xml" ,java-modello-plugins-xml)
+       ("java-modello-plugins-xpp3" ,java-modello-plugins-xpp3)
+       ;; tests
+       ("java-junit" ,java-junit)
+       ("java-mockito-1" ,java-mockito-1)
+       ("java-commons-jxpath" ,java-commons-jxpath)))
+    (description "Apache Maven is a software project management and comprehension
+tool.  This package contains the maven core classes managing the whole build
+process.")))
+
+(define-public maven-core
+  (package
+    (inherit maven-core-bootstrap)
+    (arguments
+      (substitute-keyword-arguments (package-arguments maven-core-bootstrap)
+        ((#:phases phases)
+         `(modify-phases ,phases
+            (add-before 'build 'modify-metainf
+              (lambda _
+                (substitute* "build.xml"
+                  (("message=\"\"") "message=\"Implementation-Version: 3.5.3\n\""))
+                #t))
+            (add-before 'build 'add-maven-files
+              (lambda _
+                (mkdir-p "build/classes/META-INF/maven/org.apache.maven/maven-core")
+                (copy-file "pom.xml"
+                           "build/classes/META-INF/maven/org.apache.maven/maven-core/pom.xml")
+                (with-output-to-file "build/classes/META-INF/maven/org.apache.maven/maven-core/pom.properties"
+                  (lambda _
+                    (format #t "version=~a~%
+groupId=org.apache.maven~%
+artifactId=maven-core" ,(package-version maven-core-bootstrap))))
+                #t))
+            (add-after 'build 'generate-metadata
+              (lambda _
+                (define (components file)
+                  (let ((sxml (with-input-from-file file
+                                (lambda _ (xml->sxml (current-input-port)
+                                                     #:trim-whitespace? #t)))))
+                    ;; Select the list of <component>s inside the <component-set>
+                    ;; and <components>.
+                    ((@ (ice-9 match) match) sxml
+                     (('*TOP*
+                       ('*PI* foo ...)
+                       ('component-set
+                        ('components x ...))) x))))
+                (use-modules (sxml simple))
+                (delete-file "build/classes/META-INF/plexus/components.xml")
+                (invoke "java" "-cp" (string-append (getenv "CLASSPATH") ":build/classes")
+                        "org.codehaus.plexus.metadata.PlexusMetadataGeneratorCli"
+                        "--source" "build/classes/META-INF/plexus"
+                        "--output" "build/classes/META-INF/plexus/components.t.xml"
+                        "--classes" "build/classes"
+                        "--descriptors" "build/classes")
+                ;; Now we merge all other components from hand-written xml
+                (let ((generated-xml (components "build/classes/META-INF/plexus/components.t.xml"))
+                      (components-xml (components "src/main/resources/META-INF/plexus/components.xml"))
+                      (default-bindings-xml (components "src/main/resources/META-INF/plexus/default-bindings.xml"))
+                      (artifact-handlers-xml (components "src/main/resources/META-INF/plexus/artifact-handlers.xml")))
+                  (with-output-to-file "build/classes/META-INF/plexus/components.xml"
+                    (lambda _
+                      (display "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n")
+                      (sxml->xml
+                        `(component-set
+                           (components
+                             ,@(append generated-xml components-xml
+                                       default-bindings-xml
+                                       artifact-handlers-xml)))))))
+                #t))
+            (add-after 'generate-metadata 'rebuild
+              (lambda _
+                (invoke "ant" "jar")
+                #t))))))
+    (native-inputs
+     `(("java-plexus-component-metadata" ,java-plexus-component-metadata)
+       ("java-commons-cli" ,java-commons-cli)
+       ("java-plexus-cli" ,java-plexus-cli)
+       ("java-jdom2" ,java-jdom2)
+       ("java-qdox" ,java-qdox)
+       ("maven-core-boot" ,maven-core-bootstrap)
+       ,@(package-native-inputs maven-core-bootstrap)))))
+
+(define-public maven-embedder
+  (package
+    (inherit maven-artifact)
+    (name "maven-embedder")
+    (arguments
+     `(#:jar-name "maven-embedder.jar"
+       #:source-dir "maven-embedder/src/main/java"
+       #:test-dir "maven-embedder/src/test"
+       #:test-exclude (list "**/MavenCliTest.java")
+       #:jdk ,icedtea-8
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'generate-sisu-named
+           (lambda _
+             (mkdir-p "build/classes/META-INF/sisu")
+             (chmod "sisu.sh" #o755)
+             (invoke "./sisu.sh" "maven-embedder/src/main/java"
+                     "build/classes/META-INF/sisu/javax.inject.Named")
+             #t))
+         (add-before 'build 'generate-models
+           (lambda* (#:key inputs #:allow-other-keys)
+             (define (modello-single-mode file version mode)
+               (invoke "java" "org.codehaus.modello.ModelloCli"
+                       file mode "maven-embedder/src/main/java" version
+                       "false" "true"))
+             (let ((file "maven-embedder/src/main/mdo/core-extensions.mdo"))
+               (modello-single-mode file "1.0.0" "java")
+               (modello-single-mode file "1.0.0" "xpp3-reader")
+               (modello-single-mode file "1.0.0" "xpp3-writer"))
+             #t))
+         (add-before 'check 'fix-test-paths
+           (lambda _
+             (substitute* "maven-embedder/src/test/java/org/apache/maven/cli/CLIManagerDocumentationTest.java"
+               (("target/test-classes") "build/test-classes"))
+             #t))
+         (add-before 'check 'fix-test-compilation
+           (lambda _
+             ;; Tests are in the java/ subdir. Other subdirectories contain
+             ;; additional test plugins, with duplicate classes, so we can't
+             ;; compile them. Also, they are meant to be built with maven, to
+             ;; test its build process.
+             (substitute* "build.xml"
+               (("srcdir=\"maven-embedder/src/test\"")
+                "srcdir=\"maven-embedder/src/test/java\""))
+             #t)))))
+    (inputs
+     `(("maven-core" ,maven-core)
+       ("maven-artifact" ,maven-artifact)
+       ("maven-plugin-api" ,maven-plugin-api)
+       ("maven-builder-support" ,maven-builder-support)
+       ("maven-model" ,maven-model)
+       ("maven-model-builder" ,maven-model-builder)
+       ("maven-settings" ,maven-settings)
+       ("maven-settings-builder" ,maven-settings-builder)
+       ("maven-shared-utils" ,maven-shared-utils)
+       ("java-plexus-classworlds" ,java-plexus-classworlds)
+       ("java-plexus-util" ,java-plexus-utils)
+       ("java-eclipse-sisu-plexus" ,java-eclipse-sisu-plexus)
+       ("java-plexus-cipher" ,java-plexus-cipher)
+       ("java-plexus-component-annotations" ,java-plexus-component-annotations)
+       ("java-plexus-sec-dispatcher" ,java-plexus-sec-dispatcher)
+       ("maven-resolevr-util" ,maven-resolver-util)
+       ("maven-resolevr-api" ,maven-resolver-api)
+       ("java-logback-core" ,java-logback-core)
+       ("java-logback-classic" ,java-logback-classic)
+       ("java-commons-cli" ,java-commons-cli)
+       ("java-commons-io" ,java-commons-io)
+       ("java-commons-lang3" ,java-commons-lang3)
+       ("java-guava" ,java-guava)
+       ("java-guice" ,java-guice)
+       ("java-javax-inject" ,java-javax-inject)
+       ("java-slf4j-api" ,java-slf4j-api)
+       ("java-slf4j-simple" ,java-slf4j-simple)))
+    (native-inputs
+     `(("java-modello-core" ,java-modello-core)
+       ("java-geronimo-xbean-reflect" ,java-geronimo-xbean-reflect)
+       ("java-sisu-build-api" ,java-sisu-build-api)
+       ("java-eclipse-sisu-plexus" ,java-eclipse-sisu-plexus)
+       ("java-eclipse-sisu-inject" ,java-eclipse-sisu-inject)
+       ("java-cglib" ,java-cglib)
+       ("java-asm" ,java-asm)
+       ("java-modello-plugins-java" ,java-modello-plugins-java)
+       ("java-modello-plugins-xml" ,java-modello-plugins-xml)
+       ("java-modello-plugins-xpp3" ,java-modello-plugins-xpp3)
+       ;; tests
+       ("java-junit" ,java-junit)
+       ("java-objenesis" ,java-objenesis)
+       ("java-mockito-1" ,java-mockito-1)
+       ("java-hamcrest-core" ,java-hamcrest-core)))
+    (description "Apache Maven is a software project management and comprehension
+tool.  This package contains a Maven embeddable component, with CLI and
+logging support.")))
+
+(define-public maven-compat
+  (package
+    (inherit maven-artifact)
+    (name "maven-compat")
+    (arguments
+     `(#:jar-name "maven-compat.jar"
+       #:source-dir "src/main/java"
+       #:jdk ,icedtea-8
+       #:test-dir "src/test"
+       #:phases
+       (modify-phases %standard-phases
+         ;; Tests assume we're in this directory
+         (add-before 'configure 'chdir
+           (lambda _
+             (chdir "maven-compat")
+             #t))
+         (add-before 'build 'generate-models
+           (lambda* (#:key inputs #:allow-other-keys)
+             (define (modello-single-mode file version mode)
+               (invoke "java" "org.codehaus.modello.ModelloCli"
+                       file mode "src/main/java" version
+                       "false" "true"))
+             (let ((file "src/main/mdo/profiles.mdo"))
+               (modello-single-mode file "1.0.0" "java")
+               (modello-single-mode file "1.0.0" "xpp3-reader")
+               (modello-single-mode file "1.0.0" "xpp3-writer"))
+             (let ((file "src/main/mdo/paramdoc.mdo"))
+               (modello-single-mode file "1.0.0" "java")
+               (modello-single-mode file "1.0.0" "xpp3-reader")
+               (modello-single-mode file "1.0.0" "xpp3-writer"))
+             #t))
+         (add-after 'build 'generate-metadata
+           (lambda _
+             (invoke "java" "-cp" (string-append (getenv "CLASSPATH") ":build/classes")
+                     "org.codehaus.plexus.metadata.PlexusMetadataGeneratorCli"
+                     "--source" "src/main/java"
+                     "--output" "build/classes/META-INF/plexus/components.xml"
+                     "--classes" "build/classes"
+                     "--descriptors" "build/classes/META-INF")
+             #t))
+         (add-before 'check 'build-tests
+          (lambda _
+            (invoke "ant" "compile-tests")
+            #t))
+         (add-after 'build-tests 'generate-test-metadata
+           (lambda _
+             (invoke "java" "-cp" (string-append (getenv "CLASSPATH")
+                                                 ":build/classes"
+                                                 ":build/test-classes")
+                     "org.codehaus.plexus.metadata.PlexusMetadataGeneratorCli"
+                     "--source" "src/test/java"
+                     "--output" "build/test-classes/META-INF/plexus/components.xml"
+                     "--classes" "build/test-classes"
+                     "--descriptors" "build/test-classes/META-INF")
+             #t))
+         (add-after 'generate-metadata 'rebuild
+           (lambda _
+             (invoke "ant" "jar")
+             #t)))))
+    (inputs
+     `(("maven-artifact" ,maven-artifact)
+       ("maven-repository-metadata" ,maven-repository-metadata)
+       ("maven-builder-support" ,maven-builder-support)
+       ("maven-model" ,maven-model)
+       ("maven-model-builder" ,maven-model-builder)
+       ("maven-settings" ,maven-settings)
+       ("maven-settings-builder" ,maven-settings-builder)
+       ("maven-core" ,maven-core)
+       ("maven-wagon-provider-api" ,maven-wagon-provider-api)
+       ("maven-wagon-file" ,maven-wagon-file)
+       ("maven-resolver-api" ,maven-resolver-api)
+       ("maven-resolver-util" ,maven-resolver-util)
+       ("maven-resolver-spi" ,maven-resolver-spi)
+       ("java-plexus-interpolation" ,java-plexus-interpolation)))
+    (native-inputs
+     `(("java-modello-core" ,java-modello-core)
+       ("java-plexus-utils" ,java-plexus-utils)
+       ("java-plexus-component-annotations" ,java-plexus-component-annotations)
+       ("java-plexus-classworlds" ,java-plexus-classworlds)
+       ("java-geronimo-xbean-reflect" ,java-geronimo-xbean-reflect)
+       ("java-sisu-build-api" ,java-sisu-build-api)
+       ("java-eclipse-sisu-plexus" ,java-eclipse-sisu-plexus)
+       ("java-exclispe-sisu-inject" ,java-eclipse-sisu-inject)
+       ("java-javax-inject" ,java-javax-inject)
+       ("java-guice" ,java-guice)
+       ("java-guava" ,java-guava)
+       ("java-cglib" ,java-cglib)
+       ("java-asm" ,java-asm)
+       ("java-modello-plugins-java" ,java-modello-plugins-java)
+       ("java-modello-plugins-xml" ,java-modello-plugins-xml)
+       ("java-modello-plugins-xpp3" ,java-modello-plugins-xpp3)
+       ;; metadata
+       ("java-plexus-component-metadata" ,java-plexus-component-metadata)
+       ("java-commons-cli" ,java-commons-cli)
+       ("java-plexus-cli" ,java-plexus-cli)
+       ("java-jdom2" ,java-jdom2)
+       ("maven-plugin-api" ,maven-plugin-api)
+       ("java-qdox" ,java-qdox)
+       ;; tests
+       ("java-plexus-cipher" ,java-plexus-cipher)
+       ("java-plexus-sec-dispatcher" ,java-plexus-sec-dispatcher)
+       ("java-jsr250" ,java-jsr250)
+       ("java-cdi-api" ,java-cdi-api)
+       ("java-junit" ,java-junit)
+       ("maven-resolver-impl" ,maven-resolver-impl)
+       ("maven-resolver-connector-basic" ,maven-resolver-connector-basic)
+       ("maven-resolver-transport-wagon" ,maven-resolver-transport-wagon)
+       ("java-commons-lang3" ,java-commons-lang3)
+       ("java-aop" ,java-aopalliance)
+       ("maven-resolver-provider" ,maven-resolver-provider)
+       ("java-slf4j-api" ,java-slf4j-api)
+       ("java-slf4j-simple" ,java-slf4j-simple)
+       ,@(package-inputs java-slf4j-api)))
+    (description "Apache Maven is a software project management and comprehension
+tool.  This package contains Maven2 classes maintained as compatibility
+layer for plugins that need to keep Maven2 compatibility.")))
+
+(define-public maven
+  (package
+    (inherit maven-artifact)
+    (name "maven")
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (replace 'build
+           (lambda _
+             (substitute* "apache-maven/src/bin/mvn"
+               (("cygwin=false;")
+                (string-append
+                  "CLASSPATH=" (getenv "CLASSPATH") "\n"
+                  "cygwin=false;"))
+               (("-classpath.*") "-classpath ${CLASSPATH} \\\n"))
+             #t))
+         (delete 'check)
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((bin (string-append (assoc-ref outputs "out") "/bin/"))
+                   (conf (string-append (assoc-ref outputs "out") "/conf/")))
+               (mkdir-p (string-append (assoc-ref outputs "out") "/lib"))
+               (for-each (lambda (file)
+                           (install-file (string-append "apache-maven/src/bin/" file)
+                                         bin)
+                           (chmod (string-append bin file) #o755))
+                '("mvn" "mvnDebug" "mvnyjp"))
+               (install-file "apache-maven/src/bin/m2.conf" bin)
+               (copy-recursively "apache-maven/src/conf" conf))
+             #t)))))
+    (inputs
+     `(("java-plexus-classworlds" ,java-plexus-classworlds)
+       ("maven-artifact" ,maven-artifact)
+       ("maven-embedder" ,maven-embedder)
+       ("maven-core" ,maven-core)
+       ("maven-compat" ,maven-compat)
+       ("maven-builder-support" ,maven-builder-support)
+       ("maven-model" ,maven-model)
+       ("maven-model-builder" ,maven-model-builder)
+       ("maven-settings" ,maven-settings)
+       ("maven-settings-builder" ,maven-settings-builder)
+       ("maven-plugin-api" ,maven-plugin-api)
+       ("maven-repository-metadata" ,maven-repository-metadata)
+       ("maven-shared-utils" ,maven-shared-utils)
+       ("maven-resolver-api" ,maven-resolver-api)
+       ("maven-resolver-spi" ,maven-resolver-spi)
+       ("maven-resolver-util" ,maven-resolver-util)
+       ("maven-resolver-impl" ,maven-resolver-impl)
+       ("maven-resolver-connector-basic" ,maven-resolver-connector-basic)
+       ("maven-resolver-provider" ,maven-resolver-provider)
+       ("maven-resolver-transport-wagon" ,maven-resolver-transport-wagon)
+       ("maven-wagon-provider-api" ,maven-wagon-provider-api)
+       ("maven-wagon-file" ,maven-wagon-file)
+       ("maven-wagon-http" ,maven-wagon-http)
+       ("java-commons-logging-minimal" ,java-commons-logging-minimal)
+       ("java-httpcomponents-httpclient" ,java-httpcomponents-httpclient)
+       ("java-httpcomponents-httpcore" ,java-httpcomponents-httpcore)
+       ("maven-wagon-http-shared" ,maven-wagon-http-shared)
+       ("maven-wagon-tck-http" ,maven-wagon-tck-http)
+       ("java-eclipse-sisu-plexus" ,java-eclipse-sisu-plexus)
+       ("java-guice" ,java-guice)
+       ("java-aopalliance" ,java-aopalliance)
+       ("java-cglib" ,java-cglib)
+       ("java-asm" ,java-asm)
+       ("java-eclipse-sisu-inject" ,java-eclipse-sisu-inject)
+       ("java-javax-inject" ,java-javax-inject)
+       ("java-plexus-component-annotations" ,java-plexus-component-annotations)
+       ("java-plexus-utils" ,java-plexus-utils)
+       ("java-plexus-interpolation" ,java-plexus-interpolation)
+       ("java-plexus-sec-dispatcher" ,java-plexus-sec-dispatcher)
+       ("java-plexus-cipher" ,java-plexus-cipher)
+       ("java-guava" ,java-guava)
+       ("java-jansi" ,java-jansi)
+       ("java-jsr250" ,java-jsr250)
+       ("java-cdi-api" ,java-cdi-api)
+       ("java-commons-cli" ,java-commons-cli)
+       ("java-commons-io" ,java-commons-io)
+       ("java-commons-lang3" ,java-commons-lang3)
+       ("java-slf4j-api" ,java-slf4j-api)
+       ;; TODO: replace with maven-slf4j-provider
+       ("java-slf4j-simple" ,java-slf4j-simple)))
+    (propagated-inputs
+     `(("coreutils" ,coreutils)
+       ("which" ,which)))
+    (description "Apache Maven is a software project management and comprehension
+tool.  Based on the concept of a project object model: builds, dependency
+management, documentation creation, site publication, and distribution
+publication are all controlled from the @file{pom.xml} declarative file.  Maven
+can be extended by plugins to utilise a number of other development tools for
+reporting or the build process.")))
diff --git a/gnu/packages/mes.scm b/gnu/packages/mes.scm
index a8a19854de..52464e28d4 100644
--- a/gnu/packages/mes.scm
+++ b/gnu/packages/mes.scm
@@ -73,7 +73,7 @@ extensive examples, including parsers for the Javascript and C99 languages.")
   (let ((triplet "i686-unknown-linux-gnu"))
     (package
       (name "mes")
-      (version "0.14")
+      (version "0.16")
       (source (origin
                 (method url-fetch)
                 (uri (string-append "https://gitlab.com/janneke/mes"
@@ -81,7 +81,7 @@ extensive examples, including parsers for the Javascript and C99 languages.")
                                     "/mes-" version ".tar.gz"))
                 (sha256
                  (base32
-                  "1i23jk61iibjza2s3lka56ry4ma424g2fyk8pjd5bd1dyjd0yrzf"))))
+                  "0c4vz1qw767af5h615055hh8zjwwmwf5mwkb64l0l921zaa9hg2n"))))
       (build-system gnu-build-system)
       (supported-systems '("i686-linux" "x86_64-linux"))
       (propagated-inputs
@@ -98,9 +98,7 @@ extensive examples, including parsers for the Javascript and C99 languages.")
                '())
          ("perl" ,perl)))               ;build-aux/gitlog-to-changelog
       (arguments
-       `(#:make-flags (list
-                       (string-append "PREFIX=" (assoc-ref %outputs "out")))
-         #:phases
+       `(#:phases
          (modify-phases %standard-phases
            (add-before 'install 'generate-changelog
              (lambda _
@@ -122,7 +120,7 @@ Guile-] Scheme interpreter prototype in C and a Nyacc-based C compiler in
 (define-public mescc-tools
   (package
     (name "mescc-tools")
-    (version "0.4")
+    (version "0.5.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -132,7 +130,7 @@ Guile-] Scheme interpreter prototype in C and a Nyacc-based C compiler in
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1iwc8xqwzdaqckb4jkkisljrgn8ii4bl7dzk1l2kpv98hsyq9vi1"))))
+                "0rsxbjc3bg0jl3h7ai4hndxx2iyyk8bvwj9nd3xv2vgz3bmypnah"))))
     (build-system gnu-build-system)
     (supported-systems '("i686-linux" "x86_64-linux"))
     (arguments
diff --git a/gnu/packages/monitoring.scm b/gnu/packages/monitoring.scm
index bbfa4957fc..db6c22a69c 100644
--- a/gnu/packages/monitoring.scm
+++ b/gnu/packages/monitoring.scm
@@ -22,10 +22,12 @@
 (define-module (gnu packages monitoring)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix build-system perl)
   #:use-module (guix build-system python)
   #:use-module (guix build-system gnu)
+  #:use-module (guix build-system go)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages base)
   #:use-module (gnu packages check)
@@ -295,3 +297,27 @@ WSGI and the node exporter textfile collector.")
 
 (define-public python2-prometheus-client
   (package-with-python2 python-prometheus-client))
+
+(define-public go-github-com-prometheus-node-exporter
+  (let ((commit "55c32fcf02492fe4946f7ab563547cc5df7fc61e")
+        (revision "0"))
+    (package
+      (name "go-github-com-prometheus-node-exporter")
+      (version (git-version "0.0.0" revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/prometheus/node_exporter.git")
+                      (commit commit)))
+                (file-name (git-file-name name version))
+                (sha256
+                 (base32
+                  "041b87a0sid23c29swqmi5hw6cxbxvkfj3415jg73cm2pi8wh5s6"))))
+      (build-system go-build-system)
+      (arguments
+       '(#:import-path "github.com/prometheus/node_exporter"))
+      (synopsis "Prometheus exporter for hardware and OS metrics")
+      (description "Prometheus exporter for metrics exposed by *NIX kernels,
+written in Go with pluggable metric collectors.")
+      (home-page "https://github.com/prometheus/node_exporter")
+      (license license:asl2.0))))
diff --git a/gnu/packages/mpd.scm b/gnu/packages/mpd.scm
index 3c06fb0e64..57a04e1113 100644
--- a/gnu/packages/mpd.scm
+++ b/gnu/packages/mpd.scm
@@ -276,7 +276,7 @@ information about tracks being played to a scrobbler, such as Libre.FM.")
      '(#:phases
        (modify-phases %standard-phases
          (replace 'check
-           (lambda _ (zero? (system* "python" "mpd_test.py")))))))
+           (lambda _ (invoke "python" "mpd_test.py"))))))
     (native-inputs `(("python-mock" ,python-mock)))
     (home-page "https://github.com/Mic92/python-mpd2")
     (synopsis "Python MPD client library")
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index 55dd3a5c42..824b03dc0c 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -16,6 +16,7 @@
 ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 nee <nee.git@hidamari.blue>
 ;;; Copyright © 2018 Stefan Reichör <stefan@xsteve.at>
+;;; Copyright © 2018 Pierre Neidhardt <ambrevar@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -41,10 +42,12 @@
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system ant)
   #:use-module (guix build-system cmake)
+  #:use-module (guix build-system meson)
   #:use-module (guix build-system python)
   #:use-module (guix build-system scons)
   #:use-module (guix build-system glib-or-gtk)
   #:use-module (guix build-system waf)
+  #:use-module (guix build-system trivial)
   #:use-module (gnu packages)
   #:use-module (gnu packages algebra)
   #:use-module (gnu packages apr)
@@ -554,14 +557,14 @@ MusePack, Monkey's Audio, and WavPack files.")
     (name "extempore")
     (version "0.7.0")
     (source (origin
-              (method url-fetch)
-              (uri (string-append
-                    "https://github.com/digego/extempore/archive/"
-                    version ".tar.gz"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/digego/extempore.git")
+                    (commit version)))
               (sha256
                (base32
-                "1wap1mvsicrhlazikf7l8zxg37fir8bmnh9rin28m1rix730vcch"))
-              (file-name (string-append name "-" version ".tar.gz"))))
+                "12fsp7zkfxb9kykwq46l88kcbbici9arczrrsl4qn87m6vm5349l"))
+              (file-name (string-append name "-" version "-checkout"))))
     (build-system cmake-build-system)
     (arguments
      `(;; The default target also includes ahead-of-time compilation of the
@@ -918,8 +921,8 @@ Guile.")
 (define-public non-sequencer
   ;; The latest tagged release is three years old and uses a custom build
   ;; system, so we take the last commit.
-  (let ((commit "10c31e57291b6e42be53371567a722b62b32d220")
-        (revision "3"))
+  (let ((commit "5ae43bb27c42387052a73e5ffc5d33efb9d946a9")
+        (revision "4"))
     (package
       (name "non-sequencer")
       (version (string-append "1.9.5-" revision "." (string-take commit 7)))
@@ -930,7 +933,7 @@ Guile.")
                       (commit commit)))
                 (sha256
                  (base32
-                  "080rha4ffp7qycyg1mqcf4vj0s7z8qfvz6bxm0w29xgg2kkmb3fx"))
+                  "1cljkkyi9dxqpqhx8y6l2ja4zjmlya26m26kqxml8gx08vyvddhx"))
                 (file-name (string-append name "-" version "-checkout"))))
       (build-system waf-build-system)
       (arguments
@@ -2641,7 +2644,7 @@ of tools for manipulating and accessing your music.")
 (define-public milkytracker
   (package
     (name "milkytracker")
-    (version "1.01.00")
+    (version "1.02.00")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/milkytracker/"
@@ -2650,7 +2653,7 @@ of tools for manipulating and accessing your music.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1dvnddsnn9c83lz4dlm0cfjpc0m524amfkbalxbswdy0qc8cj1wv"))
+                "08v0l4ipvvwkwv4ywkc6c8a6xnpkyb02anj36w8q6gikxrs6xjvb"))
               (modules '((guix build utils)))
               ;; Remove non-FSDG compliant sample songs.
               (snippet
@@ -2683,7 +2686,7 @@ for improved Amiga ProTracker 2/3 compatibility.")
 (define-public schismtracker
   (package
     (name "schismtracker")
-    (version "20170910")
+    (version "20180513")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2692,7 +2695,7 @@ for improved Amiga ProTracker 2/3 compatibility.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "01gfcjngbpv87y9w5jln8k313hycpkb1d617hdy2cdw2hxqzlclz"))
+                "1yjfd02arb51n0vyv11qgpn6imh7hcqnc3953cbvgwb4cnrswk9f"))
               (modules '((guix build utils)))
               (snippet
                ;; Remove use of __DATE__ and __TIME__ for reproducibility.
@@ -2706,7 +2709,7 @@ for improved Amiga ProTracker 2/3 compatibility.")
      `(#:phases
        (modify-phases %standard-phases
          (add-after 'unpack 'autoconf
-           (lambda _ (zero? (system* "autoreconf" "-vfi"))))
+           (lambda _ (invoke "autoreconf" "-vfi")))
          (add-before 'configure 'link-libm
            (lambda _ (setenv "LIBS" "-lm") #t)))))
     (native-inputs
@@ -3196,7 +3199,7 @@ plugins, a switch trigger, a toggle switch, and a peakmeter.")
        (origin
          (method git-fetch)
          (uri (git-reference
-               (url "http://git.drobilla.net/ingen.git")
+               (url "https://git.drobilla.net/ingen.git")
                (commit commit)))
          (file-name (string-append name "-" version "-checkout"))
          (sha256
@@ -3257,7 +3260,7 @@ plugins, a switch trigger, a toggle switch, and a peakmeter.")
       (native-inputs
        `(("pkg-config" ,pkg-config)
          ("python-pygments" ,python-pygments)))
-      (home-page "http://drobilla.net/software/ingen")
+      (home-page "https://drobilla.net/software/ingen")
       (synopsis "Modular audio processing system")
       (description "Ingen is a modular audio processing system for JACK and
 LV2 based systems.  Ingen is built around LV2 technology and a strict
@@ -3536,7 +3539,10 @@ audio samples and various soft sythesizers.  It can receive input from a MIDI ke
      `(#:make-flags
        `(,(string-append "PREFIX=" (assoc-ref %outputs "out"))
          "USE_SYSTEM_FREETYPE=ON"
-         "DOWNLOAD_SOUNDFONT=OFF")
+         "DOWNLOAD_SOUNDFONT=OFF"
+         ;; The following is not supported since Qt 5.11.  Can be
+         ;; removed in Musescore 2.2.2+.
+         "BUILD_WEBKIT=OFF")
        ;; There are tests, but no simple target to run.  The command
        ;; used to run them is:
        ;;
@@ -3548,6 +3554,14 @@ audio samples and various soft sythesizers.  It can receive input from a MIDI ke
        #:tests? #f
        #:phases
        (modify-phases %standard-phases
+         ;; Fix Qt 5.11 upgrade.  Should be fixed in 2.2.2+, see:
+         ;; <https://github.com/musescore/MuseScore/commit/d10e70415c8e52e2ba9d45de564467e42f66c102>
+         (add-after 'unpack 'patch-sources
+           (lambda _
+             (substitute* "all.h"
+               (("#include <QRadioButton>") "#include <QRadioButton>
+#include <QButtonGroup>"))
+             #t))
          (delete 'configure))))
     (inputs
      `(("alsa-lib" ,alsa-lib)
@@ -3565,7 +3579,6 @@ audio samples and various soft sythesizers.  It can receive input from a MIDI ke
        ("qtdeclarative" ,qtdeclarative)
        ("qtscript" ,qtscript)
        ("qtsvg" ,qtsvg)
-       ("qtwebkit" ,qtwebkit)
        ("qtxmlpatterns" ,qtxmlpatterns)))
     (native-inputs
      `(("cmake" ,cmake)
@@ -3771,32 +3784,43 @@ notation and includes basic support for digital audio.")
     (license license:gpl2)))
 
 (define-public patchmatrix
-  (package
-    (name "patchmatrix")
-    (version "0.12.0")
-    (source (origin
-              (method git-fetch)
-              (uri (git-reference
-                    (url "https://github.com/OpenMusicKontrollers/patchmatrix.git")
-                    (commit version)))
-              (file-name (string-append "patchmatrix-" version "-checkout"))
-              (sha256
-               (base32
-                "19ivp7h5vq6r1qhmycjxzvrgg7fc4a3v5vb3n4c7afs4z3pj53zi"))))
-    (build-system cmake-build-system)
-    (arguments '(#:tests? #f))          ; no test target
-    (inputs
-     `(("jack" ,jack-1)
-       ("lv2" ,lv2)
-       ("mesa" ,mesa)))
-    (native-inputs
-     `(("pkg-config" ,pkg-config)))
-    (home-page "https://github.com/OpenMusicKontrollers/patchmatrix")
-    (synopsis "Simple JACK patch bay")
-    (description "PatchMatrix is a patch bay for the JACK audio connection
+  ;; There have been no releases for more than a year.
+  (let ((commit "a0b0b1e791f4574d5abd059cfe1819c71e8b18d5")
+        (revision "1"))
+    (package
+      (name "patchmatrix")
+      (version (git-version "0.12.0" revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/OpenMusicKontrollers/patchmatrix.git")
+                      (commit commit)))
+                (file-name (string-append "patchmatrix-" version "-checkout"))
+                (sha256
+                 (base32
+                  "0pph4ra7aci3rbpqvvr564pi16vxrk448bmvp8985cd9lbjlrp3m"))))
+      (build-system meson-build-system)
+      (arguments
+       '(#:tests? #f          ; no test target
+         #:phases
+         (modify-phases %standard-phases
+           (add-before 'reset-gzip-timestamps 'make-gzip-archive-writable
+             (lambda* (#:key outputs #:allow-other-keys)
+               (map make-file-writable
+                    (find-files (assoc-ref outputs "out") ".*\\.gz$"))
+               #t)))))
+      (inputs
+       `(("jack" ,jack-1)
+         ("lv2" ,lv2)
+         ("mesa" ,mesa)))
+      (native-inputs
+       `(("pkg-config" ,pkg-config)))
+      (home-page "https://github.com/OpenMusicKontrollers/patchmatrix")
+      (synopsis "Simple JACK patch bay")
+      (description "PatchMatrix is a patch bay for the JACK audio connection
 kit.  It provides a patch bay in flow matrix style for audio, MIDI, CV, and
 OSC connections.")
-    (license license:artistic2.0)))
+      (license license:artistic2.0))))
 
 (define-public sorcer
   (package
@@ -3994,3 +4018,70 @@ ISRCs and the MCN (=UPC/EAN) from disc.")
 mb_client, is a development library geared towards developers who wish to add
 MusicBrainz lookup capabilities to their applications.")
     (license license:lgpl2.1+)))
+
+(define-public clyrics
+  (package
+    (name "clyrics")
+    (version "0.10")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://github.com/trizen/clyrics/archive/"
+             version ".tar.gz"))
+       (sha256
+        (base32
+         "1l0cg26afnjv8cgk0jbiavbyvq55q1djyigzmi526rpcjjwq9jwn"))
+       (file-name (string-append name "-" version ".tar.gz"))))
+    (build-system trivial-build-system)
+    (native-inputs `(("tar" ,tar)
+                     ("gzip" ,gzip)))
+    (inputs
+     `(("bash" ,bash)                             ;for the wrapped program
+       ("perl" ,perl)
+       ("perl-www-mechanize" ,perl-www-mechanize)
+       ("perl-lwp-protocol-https" ,perl-lwp-protocol-https)
+       ;; Required or else LWP will fail with "GET https://www.google.com/ ==>
+       ;; 500 Can't verify SSL peers without knowing which Certificate
+       ;; Authorities to trust".
+       ("perl-mozilla-ca" ,perl-mozilla-ca)))
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder (begin
+                   (use-modules (guix build utils)
+                                (ice-9 match)
+                                (srfi srfi-26))
+                   (let* ((source (assoc-ref %build-inputs "source"))
+                          (tar (assoc-ref %build-inputs "tar"))
+                          (gzip (assoc-ref %build-inputs "gzip"))
+                          (output (assoc-ref %outputs "out")))
+                     (setenv "PATH"
+                             (string-append
+                              (assoc-ref %build-inputs "gzip") "/bin" ":"
+                              (assoc-ref %build-inputs "bash") "/bin" ":"
+                              (assoc-ref %build-inputs "perl") "/bin" ":"))
+                     (invoke (string-append tar "/bin/tar") "xvf"
+                             source)
+                     (chdir ,(string-append "clyrics-" version))
+                     (patch-shebang "clyrics")
+                     (substitute* "clyrics"
+                       (("/usr/share") output))
+                     (install-file "clyrics" (string-append output "/bin"))
+                     (wrap-program (string-append output "/bin/clyrics")
+                       `("PERL5LIB" ":" =
+                         ,(delete
+                           ""
+                           (map (match-lambda
+                                  (((?  (cut string-prefix? "perl-" <>) name) . dir)
+                                   (string-append dir "/lib/perl5/site_perl"))
+                                  (_ ""))
+                                %build-inputs))))
+                     (copy-recursively "plugins" (string-append output "/clyrics"))
+                     #t))))
+    (home-page "https://github.com/trizen/clyrics")
+    (synopsis "Extensible lyrics fetcher")
+    (description
+     "Clyrics is an extensible command-line tool to fetch the lyrics of songs.
+It can be used in daemon mode along with the Music-on-Console (MOC) and cmus
+console music players.")
+    (license license:gpl3+)))
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 3f23f178ba..b72a4734d7 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -15,7 +15,7 @@
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017, 2018 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
+;;; Copyright © 2017, 2018 Rutger Helling <rhelling@mykolab.com>
 ;;; Copyright © 2017 Gábor Boskovits <boskovits@gmail.com>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;; Copyright © 2018 Adam Van Ymeren <adam@vany.ca>
@@ -56,6 +56,7 @@
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages base)
   #:use-module (gnu packages bison)
+  #:use-module (gnu packages boost)
   #:use-module (gnu packages check)
   #:use-module (gnu packages code)
   #:use-module (gnu packages compression)
@@ -354,14 +355,14 @@ containing both Producer and Consumer support.")
 (define-public libndp
   (package
     (name "libndp")
-    (version "1.6")
+    (version "1.7")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://libndp.org/files/"
                                   name "-" version ".tar.gz"))
               (sha256
                (base32
-                "03mczwrxqbp54msafxzzyhaazkvjdwm2kipjkrb5xg8kw22glz8c"))))
+                "1dlinhl39va00v55qygjc9ap77yqf7xvn4rwmvdr49xhzzxhlj1c"))))
     (build-system gnu-build-system)
     (home-page "http://libndp.org/")
     (synopsis "Library for Neighbor Discovery Protocol")
@@ -1223,7 +1224,7 @@ gone wild and are suddenly taking up your bandwidth.")
 (define-public nzbget
   (package
     (name "nzbget")
-    (version "19.1")
+    (version "20.0")
     (source
      (origin
        (method url-fetch)
@@ -1232,7 +1233,7 @@ gone wild and are suddenly taking up your bandwidth.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "0y713g7gd4n5chbhr8lv7k50rxkmzysrg13sscxam3s386mmlb1r"))
+         "0q93aqqyzccn5r9sny38499rmg846qdh9pi2v5kvf9m23v54yk60"))
        (modules '((guix build utils)))
        (snippet
         ;; Reported upstream as <https://github.com/nzbget/nzbget/pull/414>.
@@ -1349,16 +1350,17 @@ networks.")
 (define-public speedtest-cli
   (package
     (name "speedtest-cli")
-    (version "2.0.0")
+    (version "2.0.2")
     (source
      (origin
-       (method url-fetch)
-       (uri (string-append
-             "https://github.com/sivel/speedtest-cli/archive/v" version ".tar.gz"))
-       (file-name (string-append name "-" version ".tar.gz"))
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/sivel/speedtest-cli")
+             (commit (string-append "v" version))))
+       (file-name (git-file-name name version))
        (sha256
         (base32
-         "16kcpba7nmszz2h0fq7qvv6src20syck2wlknaacg69kk88aybbk"))))
+         "0vv2z37g2kgm2dzkfa4bhri92hs0d1acxi8z66gznsl5148q7sdi"))))
     (build-system python-build-system)
     (home-page "https://github.com/sivel/speedtest-cli")
     (synopsis "Internet bandwidth tester")
@@ -1774,7 +1776,7 @@ file for more details.")
      `(("zlib" ,zlib)
        ("crypto++" ,crypto++)
        ("libpng" ,libpng)
-       ("wxwidgets-gtk2", wxwidgets-gtk2)))
+       ("wxwidgets-gtk2" ,wxwidgets-gtk2)))
     (home-page "http://amule.org/")
     (synopsis "Peer-to-peer client for the eD2K and Kademlia networks")
     (description
@@ -1857,3 +1859,79 @@ eight bytes) tools
 @end itemize")
     ;; Either BSD-3 or GPL-2 can be used.
     (license (list license:bsd-3 license:gpl2))))
+
+(define-public asio
+  (package
+    (name "asio")
+    (version "1.12.0")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/chriskohlhoff/asio.git")
+             (commit (string-join (cons name (string-split version #\.))
+                                  "-"))))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32
+         "04dg8kpgriay7q62mqcq2gl439k5y4mf761zghsd6wfl0farh3mx"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("libtool" ,libtool)))
+    (inputs
+     `(("boost" ,boost)
+       ("openssl" ,openssl)))
+    (arguments
+     `(#:configure-flags
+       (list
+        (string-append "--with-boost=" (assoc-ref %build-inputs "boost"))
+        (string-append "--with-openssl=" (assoc-ref %build-inputs "openssl")))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'chdir-to-asio
+           (lambda _
+             (chdir "asio")))
+         (add-before 'configure 'bootstrap
+           (lambda _
+             (invoke "sh" "autogen.sh"))))))
+    (home-page "https://think-async.com/Asio")
+    (synopsis "C++ library for ASynchronous network I/O")
+    (description "Asio is a cross-platform C++ library for network and
+low-level I/O programming that provides developers with a consistent
+asynchronous model using a modern C++ approach.")
+    (license license:boost1.0)))
+
+(define-public shadowsocks
+  ;; There are some security fixes after the last release.
+  (let* ((commit "e332ec93e9c90f1cbee676b022bf2c5d5b7b1239")
+         (revision "0")
+         (version (git-version "2.8.2" revision commit)))
+    (package
+      (name "shadowsocks")
+      (version version)
+      (home-page "https://github.com/shadowsocks/shadowsocks")
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url home-page)
+                      (commit commit)))
+                (sha256
+                 (base32
+                  "1idd9b4f2pnhcpk1bh030hqg5zq25gkwxd53xi3c0cj242w7sp2j"))
+                (file-name (git-file-name name version))))
+      (build-system python-build-system)
+      (synopsis "Fast tunnel proxy that helps you bypass firewalls")
+      (description
+       "This package is a fast tunnel proxy that helps you bypass firewalls.
+
+Features:
+@itemize
+@item TCP & UDP support
+@item User management API
+@item TCP Fast Open
+@item Workers and graceful restart
+@item Destination IP blacklist
+@end itemize")
+      (license license:asl2.0))))
diff --git a/gnu/packages/nickle.scm b/gnu/packages/nickle.scm
index 4c2269635b..860c111f43 100644
--- a/gnu/packages/nickle.scm
+++ b/gnu/packages/nickle.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Nils Gillmann <ng0@n0.is>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -27,14 +28,14 @@
 (define-public nickle
   (package
     (name "nickle")
-    (version "2.77")
+    (version "2.81")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://nickle.org/release/nickle-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0rhij7cn1zkn8wzxyjkamz9fs262zyg80p6v6i864hdalg4plpm3"))))
+                "1daqsflnqqgfkq6w6dknbm42avz70f5qxn7qidvgp472i4a37acr"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("readline" ,readline)))
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 1a79066eac..d1de7a536c 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2015, 2016 David Thompson <davet@gnu.org>
 ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 Mike Gerwitz <mtg@gnu.org>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -46,7 +47,7 @@
     (version "9.11.1")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://nodejs.org/dist/v" version
+              (uri (string-append "https://nodejs.org/dist/v" version
                                   "/node-v" version ".tar.gz"))
               (sha256
                (base32
@@ -64,7 +65,7 @@
                               "deps/uv"
                               "deps/zlib"))
                   (substitute* "Makefile"
-                    ;; Remove references to bundled software
+                    ;; Remove references to bundled software.
                     (("deps/http_parser/http_parser.gyp") "")
                     (("deps/uv/include/\\*.h") "")
                     (("deps/uv/uv.gyp") "")
@@ -138,10 +139,10 @@
                ;; Node's configure script expects the CC environment variable to
                ;; be set.
                (setenv "CC" (string-append (assoc-ref inputs "gcc") "/bin/gcc"))
-               (zero? (apply system*
-                             (string-append (assoc-ref inputs "python")
-                                            "/bin/python")
-                             "configure" flags)))))
+               (apply invoke
+                      (string-append (assoc-ref inputs "python")
+                                     "/bin/python")
+                      "configure" flags))))
          (add-after 'patch-shebangs 'patch-npm-shebang
            (lambda* (#:key outputs #:allow-other-keys)
              (let* ((bindir (string-append (assoc-ref outputs "out")
@@ -176,6 +177,6 @@ for easily building fast, scalable network applications.  Node.js uses an
 event-driven, non-blocking I/O model that makes it lightweight and efficient,
 perfect for data-intensive real-time applications that run across distributed
 devices.")
-    (home-page "http://nodejs.org/")
+    (home-page "https://nodejs.org/")
     (license expat)
     (properties '((timeout . 3600))))) ; 1 h
diff --git a/gnu/packages/ntp.scm b/gnu/packages/ntp.scm
index e9ae9fa466..24653a235b 100644
--- a/gnu/packages/ntp.scm
+++ b/gnu/packages/ntp.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
 ;;; Copyright © 2015, 2018 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016, 2017, 2018 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -164,7 +165,7 @@ minimalist than ntpd.")
                       ;; "recent date" since it is used to detect bogus dates
                       ;; received from servers.
                       (setenv "COMPILE_DATE" (number->string 1450563040))
-                      (zero? (system* "sh" "autogen.sh")))))))
+                      (invoke "sh" "autogen.sh"))))))
     (inputs `(("openssl" ,openssl)
               ("libevent" ,libevent)))
     (native-inputs `(("pkg-config" ,pkg-config)
diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm
index 864038fe99..f21c2b2610 100644
--- a/gnu/packages/ocaml.scm
+++ b/gnu/packages/ocaml.scm
@@ -135,7 +135,8 @@
               (patches
                (search-patches
                 "ocaml-CVE-2015-8869.patch"
-                "ocaml-Add-a-.file-directive.patch"))))
+                "ocaml-Add-a-.file-directive.patch"
+                "ocaml-enable-ocamldoc-reproducibility.patch"))))
     (build-system gnu-build-system)
     (native-search-paths
      (list (search-path-specification
diff --git a/gnu/packages/opencl.scm b/gnu/packages/opencl.scm
new file mode 100644
index 0000000000..644cd95e93
--- /dev/null
+++ b/gnu/packages/opencl.scm
@@ -0,0 +1,290 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2018 Fis Trivial <ybbs.daans@hotmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages opencl)
+  #:use-module (guix build-system gnu)
+  #:use-module (guix build-system cmake)
+  #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages gnupg)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages libedit)
+  #:use-module (gnu packages llvm)
+  #:use-module (gnu packages ncurses)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages ruby)
+  #:use-module (gnu packages video)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xorg))
+
+;; This file adds OpenCL implementation related packages. Due to the fact that
+;; OpenCL devices are not available during build (store environment), tests are
+;; all disabled.
+;; Check https://lists.gnu.org/archive/html/guix-devel/2018-04/msg00293.html
+
+(define (make-opencl-headers major-version subversion)
+  (let ((commit "e986688daf750633898dfd3994e14a9e618f2aa5")
+        (revision "0"))
+    (package
+      (name "opencl-headers")
+      (version (git-version
+                (string-append major-version "." subversion ".0")
+                revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/KhronosGroup/OpenCL-Headers.git")
+                      (commit commit)))
+                (file-name (string-append name "-" commit))
+                (sha256
+                 (base32
+                  "176ydpbyws5nr4av6hf8p41pkhc0rc4m4vrah9w6gp2fw2i32838"))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:phases
+         (modify-phases %standard-phases
+           (delete 'configure)
+           (delete 'build)
+           (delete 'check)
+           (replace 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               (copy-recursively (string-append "./opencl" (string-append
+                                                            ,major-version
+                                                            ,subversion) "/CL")
+                                 (string-append
+                                  (assoc-ref outputs "out")
+                                  "/include/CL")))))))
+      (synopsis "The Khronos OpenCL headers")
+      (description
+       "This package provides the C headers by Khronos for OpenCL
+programming.")
+      (home-page "https://www.khronos.org/registry/OpenCL/")
+      (license license:expat))))
+
+(define-public opencl-headers-2.2
+  (make-opencl-headers "2" "2"))
+(define-public opencl-headers-2.1
+  (make-opencl-headers "2" "1"))
+(define-public opencl-headers-2.0
+  (make-opencl-headers "2" "0"))
+(define-public opencl-headers-1.2
+  (make-opencl-headers "1" "2"))
+(define-public opencl-headers-1.1
+  (make-opencl-headers "1" "1"))
+(define-public opencl-headers-1.0
+  (make-opencl-headers "1" "0"))
+
+(define-public opencl-headers opencl-headers-2.2)
+
+(define-public opencl-clhpp
+  (package
+    (name "opencl-clhpp")
+    (version "2.0.10")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/KhronosGroup/OpenCL-CLHPP/archive/v"
+                    version ".tar.gz"))
+              (sha256
+               (base32
+                "0awg6yznbz3h285kmnd47fykx2qa34a07sr4x1657yn3jmi4a9zs"))
+              (file-name (string-append name "-" version ".tar.gz"))))
+    (native-inputs
+     `(("python" ,python-wrapper)))
+    (propagated-inputs
+     `(("opencl-headers" ,opencl-headers)))
+    (arguments
+     `(#:configure-flags
+       (let ((out (assoc-ref %outputs "out")))
+         (list
+          "-DBUILD_EXAMPLES=OFF"
+          "-DBUILD_TESTS=OFF"
+          (string-append "-DCMAKE_INSTALL_PREFIX="
+                         (assoc-ref %outputs "out")
+                         "/include")))
+       ;; regression tests requires a lot more dependencies
+       #:tests? #f))
+    (build-system cmake-build-system)
+    (home-page "http://github.khronos.org/OpenCL-CLHPP/")
+    (synopsis "Khronos OpenCL-CLHPP")
+    (description
+     "This package provides the @dfn{host API} C++ headers for OpenCL.")
+    (license license:expat)))
+
+(define-public ocl-icd
+  (package
+    (name "ocl-icd")
+    (version "2.2.12")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://forge.imag.fr/frs/download.php/836/ocl-icd-"
+                    version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1x2dr8p4dkfds56r38av360i3nv1y3326jmshxvjngaf6mlg6rbn"))
+              (modules '((guix build utils)))
+              (snippet
+               '(delete-file-recursively "khronos-headers"))))
+    (native-inputs
+     `(("opencl-headers" ,opencl-headers)
+       ("ruby" ,ruby)))
+    (inputs
+     `(("libgcrypt" ,libgcrypt)))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:configure-flags '("DEBUG_OCL_ICD=1")))
+    (native-search-paths
+     (list (search-path-specification
+            (variable "OPENCL_VENDOR_PATH")
+            (files '("etc/OpenCL/vendors")))))
+    (search-paths native-search-paths)
+    (home-page "https://forge.imag.fr/projects/ocl-icd/")
+    (synopsis "OpenCL loader for Installable Client Drivers (ICDs)")
+    (description
+     "OpenCL implementations are provided as ICDs (Installable Client
+Drivers).  An OpenCL program can use several ICDs thanks to the use of an ICD
+Loader as provided by this package.")
+    (license license:bsd-2)))
+
+(define-public clinfo
+  (package
+    (name "clinfo")
+    (version "2.2.18.04.06")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/Oblomov/clinfo/archive/"
+                    version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0v7cy01irwdgns6lzaprkmm0502pp5a24zhhffydxz1sgfjj2w7p"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("opencl-headers" ,opencl-headers)))
+    (inputs
+     `(("ocl-icd" ,ocl-icd)))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (replace 'build
+           (lambda _
+             (let ((cores (number->string (parallel-job-count))))
+               (setenv "CC" "gcc")
+               (invoke "make" "-j" cores))))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (invoke "make" "install" (string-append
+                                       "PREFIX="
+                                       (assoc-ref outputs "out"))))))
+       #:tests? #f))
+    (home-page "https://github.com/Oblomov/clinfo")
+    (synopsis "Print information about OpenCL platforms and devices")
+    ;; Only the implementation installed via Guix will be detected.
+    (description
+     "This package provides the @command{clinfo} command that enumerates all
+possible (known) properties of the OpenCL platform and devices available on
+the system.")
+    (license license:cc0)))
+
+(define-public beignet
+  (package
+    (name "beignet")
+    (version "1.3.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/intel/beignet/archive/Release_v"
+                    version
+                    ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "18r0lq3dkd4yn6bxa45s2lrr9cjbg70nr2nn6xablvgqwzw0jb0r"))
+              (patches (search-patches "beignet-correct-file-names.patch"))
+              (modules '((guix build utils)))
+              (snippet
+               ;; There's a suspicious .isa binary file under kernels/.
+               ;; Remove it.
+               '(for-each delete-file (find-files "." "\\.isa$")))))
+    (native-inputs `(("pkg-config" ,pkg-config)
+                     ("python" ,python)))
+    (inputs `(("clang@3.7" ,clang-3.7)
+              ("clang-runtime@3.7" ,clang-runtime-3.7)
+              ("glu" ,glu)
+              ("llvm@3.7" ,llvm-3.7)
+              ("libdrm" ,libdrm)
+              ("libedit" ,libedit)
+              ("libpthread-stubs", libpthread-stubs)
+              ("libsm" ,libsm)
+              ("libva" ,libva)
+              ("libxfixes" ,libxfixes)
+              ("libxext" ,libxext)
+              ("mesa-utils" ,mesa-utils)
+              ("ncurses" ,ncurses)
+              ("ocl-icd" ,ocl-icd)
+              ("opencl-headers" ,opencl-headers)
+              ("xextproto" ,xextproto)
+              ("zlib" ,zlib)))
+    (build-system cmake-build-system)
+    (arguments
+     `(#:configure-flags
+       (list (string-append "-DCLANG_LIBRARY_DIR="
+                            (assoc-ref %build-inputs "clang@3.7") "/lib")
+             "-DENABLE_GL_SHARING=ON"
+             "-DEXPERIMENTAL_DOUBLE=ON")
+
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'remove-headers
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (delete-file-recursively
+                (string-append out "/include"))
+               #t)))
+         (add-after 'remove-headers 'install-kernels
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (builddir (getcwd))
+                    (source-dir (string-append
+                                 builddir
+                                 "/../beignet-Release_v1.3.2/kernels")))
+               (copy-recursively source-dir
+                                 (string-append out "/lib/beignet/kernels"))
+               #t))))
+       ;; Beignet tries to find GPU when running tests, which is not available
+       ;; during build.
+       #:tests? #f))
+    (home-page "https://wiki.freedesktop.org/www/Software/Beignet/")
+    (synopsis "OpenCL framework for Intel GPUs")
+    (description
+     "Beignet is an implementation of the OpenCL specification.  This code
+base contains the code to run OpenCL programs on Intel GPUs---IvyBridge,
+Haswell, Skylake, Apollolake, etc.  It defines and implements the OpenCL host
+functions required to initialize the device, create the command queues, the
+kernels and the programs, and run them on the GPU.  The code also contains a
+back-end for the LLVM compiler framework.")
+    (license license:lgpl2.1+)))
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index e8e17eeeef..6a55f62ee6 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -7,6 +7,7 @@
 ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2018 Rutger Helling <rhelling@mykolab.com>
+;;; Copyright © 2018 Sou Bunnbu <iyzsong@member.fsf.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -26,15 +27,20 @@
 (define-module (gnu packages package-management)
   #:use-module (gnu packages)
   #:use-module (gnu packages acl)
+  #:use-module (gnu packages attr)
+  #:use-module (gnu packages avahi)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages backup)
   #:use-module (gnu packages bdw-gc)
+  #:use-module (gnu packages bison)
   #:use-module (gnu packages bootstrap)          ;for 'bootstrap-guile-origin'
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages cpio)
+  #:use-module (gnu packages crypto)
   #:use-module (gnu packages curl)
   #:use-module (gnu packages databases)
+  #:use-module (gnu packages docbook)
   #:use-module (gnu packages file)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages glib)
@@ -94,8 +100,8 @@
   ;; Note: the 'update-guix-package.scm' script expects this definition to
   ;; start precisely like this.
   (let ((version "0.14.0")
-        (commit "ab85cf7185da366da56314c53d8e43276e1cccc4")
-        (revision 11))
+        (commit "7af5c2a248b6c229187fc850517c84b0917c452b")
+        (revision 13))
     (package
       (name "guix")
 
@@ -111,7 +117,7 @@
                       (commit commit)))
                 (sha256
                  (base32
-                  "1c00yr2vgsdl3kmlbjppyws47ssahamdx88y0wg26x73px71rd19"))
+                  "06kjimcln4ydirgl05qy98kxjyx3l6brxnq1ly7wb85f73s97gix"))
                 (file-name (string-append "guix-" version "-checkout"))))
       (build-system gnu-build-system)
       (arguments
@@ -207,12 +213,13 @@
                         (let* ((out    (assoc-ref outputs "out"))
                                (guile  (assoc-ref inputs "guile"))
                                (json   (assoc-ref inputs "guile-json"))
+                               (sqlite (assoc-ref inputs "guile-sqlite3"))
                                (git    (assoc-ref inputs "guile-git"))
                                (bs     (assoc-ref inputs
                                                   "guile-bytestructures"))
                                (ssh    (assoc-ref inputs "guile-ssh"))
                                (gnutls (assoc-ref inputs "gnutls"))
-                               (deps   (list json gnutls git bs ssh))
+                               (deps   (list json sqlite gnutls git bs ssh))
                                (effective
                                 (read-line
                                  (open-pipe* OPEN_READ
@@ -269,6 +276,7 @@
       (propagated-inputs
        `(("gnutls" ,gnutls)
          ("guile-json" ,guile-json)
+         ("guile-sqlite3" ,guile-sqlite3)
          ("guile-ssh" ,guile-ssh)
          ("guile-git" ,guile-git)))
 
@@ -286,26 +294,34 @@ the Nix package manager.")
 ;; Alias for backward compatibility.
 (define-public guix-devel guix)
 
-(define-public guix-register
+(define-public guix-daemon
   ;; This package is for internal consumption: it allows us to quickly build
-  ;; the 'guix-register' program, which is referred to by (guix config).
-  ;; TODO: Remove this hack when 'guix-register' has been superseded by Scheme
-  ;; code.
+  ;; the 'guix-daemon' program and use that in (guix self), used by 'guix
+  ;; pull'.
   (package
     (inherit guix)
     (properties `((hidden? . #t)))
-    (name "guix-register")
+    (name "guix-daemon")
 
     ;; Use a minimum set of dependencies.
     (native-inputs
      (fold alist-delete (package-native-inputs guix)
            '("po4a" "graphviz" "help2man")))
-    (propagated-inputs
+    (inputs
      `(("gnutls" ,gnutls)
-       ("guile-git" ,guile-git)))
+       ("guile-git" ,guile-git)
+       ,@(fold alist-delete (package-inputs guix)
+               '("boot-guile" "boot-guile/i686" "util-linux"))))
+
+    (propagated-inputs '())
 
     (arguments
      (substitute-keyword-arguments (package-arguments guix)
+       ((#:configure-flags flags '())
+        ;; Pretend we have those libraries; we don't actually need them.
+        `(append ,flags
+                 '("guix_cv_have_recent_guile_sqlite3=yes"
+                   "guix_cv_have_recent_guile_ssh=yes")))
        ((#:tests? #f #f)
         #f)
        ((#:phases phases '%standard-phases)
@@ -315,11 +331,21 @@ the Nix package manager.")
                (invoke "make" "nix/libstore/schema.sql.hh")
                (invoke "make" "-j" (number->string
                                     (parallel-job-count))
-                       "guix-register")))
+                       "guix-daemon")))
            (delete 'copy-bootstrap-guile)
            (replace 'install
-             (lambda _
-               (invoke "make" "install-sbinPROGRAMS")))
+             (lambda* (#:key outputs #:allow-other-keys)
+               (invoke "make" "install-binPROGRAMS"
+                       "install-nodist_pkglibexecSCRIPTS")
+
+               ;; We need to tell 'guix-daemon' which 'guix' command to use.
+               ;; Here we use a questionable hack where we hard-code
+               ;; "~root/.config", which could be wrong (XXX).
+               (let ((out (assoc-ref outputs "out")))
+                 (substitute* (find-files (string-append out "/libexec"))
+                   (("exec \".*/bin/guix\"")
+                    "exec ~root/.config/current/bin/guix"))
+                 #t)))
            (delete 'wrap-program)))))))
 
 (define-public guile2.0-guix
@@ -376,41 +402,24 @@ out) and returning a package that uses that as its 'source'."
 (define-public nix
   (package
     (name "nix")
-    (version "1.11.9")
+    (version "2.0.4")
     (source (origin
              (method url-fetch)
              (uri (string-append "http://nixos.org/releases/nix/nix-"
                                  version "/nix-" version ".tar.xz"))
              (sha256
               (base32
-               "1qg7qrfr60dysmyfg3ijgani71l23p1kqadhjs8kz11pgwkkx50f"))))
+               "0ss9svxlh1pvrdmnqjvjyqjmbqmrdbyfarvbb14i9d4bggzl0r8n"))))
     (build-system gnu-build-system)
-    ;; XXX: Should we pass '--with-store-dir=/gnu/store'?  But then we'd also
-    ;; need '--localstatedir=/var'.  But then!  The thing would use /var/nix
-    ;; instead of /var/guix.  So in the end, we do nothing special.
-    (arguments
-     '(#:configure-flags
-       ;; Set the prefixes of Perl libraries to avoid propagation.
-       (let ((perl-libdir (lambda (p)
-                            (string-append
-                             (assoc-ref %build-inputs p)
-                             "/lib/perl5/site_perl"))))
-         (list (string-append "--with-dbi="
-                              (perl-libdir "perl-dbi"))
-               (string-append "--with-dbd-sqlite="
-                              (perl-libdir "perl-dbd-sqlite"))
-               (string-append "--with-www-curl="
-                              (perl-libdir "perl-www-curl"))))))
-    (native-inputs `(("perl" ,perl)
-                     ("pkg-config" ,pkg-config)))
+    (native-inputs `(("pkg-config" ,pkg-config)))
     (inputs `(("curl" ,curl)
-              ("openssl" ,openssl)
+              ("bzip2" ,bzip2)
               ("libgc" ,libgc)
+              ("libseccomp" ,libseccomp)
+              ("libsodium" ,libsodium)
+              ("openssl" ,openssl)
               ("sqlite" ,sqlite)
-              ("bzip2" ,bzip2)
-              ("perl-www-curl" ,perl-www-curl)
-              ("perl-dbi" ,perl-dbi)
-              ("perl-dbd-sqlite" ,perl-dbd-sqlite)))
+              ("xz" ,xz)))
     (home-page "https://nixos.org/nix/")
     (synopsis "The Nix package manager")
     (description
@@ -544,13 +553,13 @@ transactions from C or Python.")
 (define-public diffoscope
   (package
     (name "diffoscope")
-    (version "95")
+    (version "96")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri name version))
               (sha256
                (base32
-                "0aksxxivxli6l3fylxgl771hw0h7l8x35l76cmj0d12zgx54w0a1"))))
+                "1x66f2x8miy3giff14higpcs70c0zb5d3gj6yn8ac6p183sngl72"))))
     (build-system python-build-system)
     (arguments
      `(#:phases (modify-phases %standard-phases
@@ -899,3 +908,57 @@ Microsoft cabinet (.@dfn{CAB}) files.")
 and sign Windows@tie{}Installer (.@dfn{MSI}) files.  It aims to be a solution
 for packaging and deployment of cross-compiled Windows applications.")
     (license license:lgpl2.1+)))
+
+(define-public libostree
+  (package
+    (name "libostree")
+    (version "2018.5")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/ostreedev/ostree/releases/download/v"
+                    version "/libostree-" version ".tar.xz"))
+              (sha256
+               (base32
+                "0q82d6rvp119nx7ck7j63a591kz8vg7v465kf9ygh8kzg875l3xd"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-before 'check 'pre-check
+           (lambda _
+             ;; Don't try to use the non-existing '/var/tmp' as test
+             ;; directory.
+             (setenv "TEST_TMPDIR" (getenv "TMPDIR"))
+             #t)))
+       ;; XXX: fails with:
+       ;;     tap-driver.sh: internal error getting exit status
+       ;;     tap-driver.sh: fatal: I/O or internal error
+       #:tests? #f))
+    (native-inputs
+     `(("attr" ,attr)                   ; for tests
+       ("bison" ,bison)
+       ("glib:bin" ,glib "bin")          ; for 'glib-mkenums'
+       ("gobject-introspection" ,gobject-introspection)
+       ("pkg-config" ,pkg-config)
+       ("xsltproc" ,libxslt)))
+    (inputs
+     `(("avahi" ,avahi)
+       ("docbook-xml" ,docbook-xml-4.2)
+       ("docbook-xsl" ,docbook-xsl)
+       ("e2fsprogs" ,e2fsprogs)
+       ("fuse" ,fuse)
+       ("glib" ,glib)
+       ("gpgme" ,gpgme)
+       ("libarchive" ,libarchive)
+       ("libsoup" ,libsoup)
+       ("nettle" ,nettle)               ; required by 'libarchive.la'
+       ("util-linux" ,util-linux)))
+    (home-page "https://ostree.readthedocs.io/en/latest/")
+    (synopsis "Operating system and container binary deployment and upgrades")
+    (description
+     "@code{libostree} is both a shared library and suite of command line
+tools that combines a \"git-like\" model for committing and downloading
+bootable filesystem trees, along with a layer for deploying them and managing
+the bootloader configuration.")
+    (license license:lgpl2.0+)))
diff --git a/gnu/packages/parallel.scm b/gnu/packages/parallel.scm
index 716b433443..cb27f49c07 100644
--- a/gnu/packages/parallel.scm
+++ b/gnu/packages/parallel.scm
@@ -8,6 +8,7 @@
 ;;; Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
 ;;; Copyright © 2017, 2018 Rutger Helling <rhelling@mykolab.com>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -47,7 +48,7 @@
 (define-public parallel
   (package
     (name "parallel")
-    (version "20180522")
+    (version "20180622")
     (source
      (origin
       (method url-fetch)
@@ -55,7 +56,7 @@
                           version ".tar.bz2"))
       (sha256
        (base32
-        "1khcz9pm7rjnq4gw8pn30k1d40x337a204dxj4y4qijpx8m7w0gb"))))
+        "1n91dnnl8d8pman20hr03l9qrpc9wm5hw32ph45xjs0bgp1nmk7j"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -68,13 +69,20 @@
                   ;; Patch hard coded '/bin/sh' in the lin ending in:
                   ;; $Global::shell = $ENV{'PARALLEL_SHELL'} ||
                   ;;  parent_shell($$) || $ENV{'SHELL'} || "/bin/sh";
-                  (("/bin/sh\\\";\n$") (string-append (which "sh") "\";\n"))
-                  ;; Patch call to 'ps' and 'perl' commands.
-                  ((" ps ") (string-append " " (which "ps") " "))
-                  ((" perl -") (string-append " " (which "perl") " -"))))
+                  (("/bin/sh\\\";\n$") (string-append (which "sh") "\";\n"))))
               (list "src/parallel" "src/sem"))
              #t))
-         (add-after 'install 'post-install-test
+         (add-after 'install 'wrap-program
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (wrap-program (string-append out "/bin/parallel")
+                 `("PATH" ":" prefix
+                   ,(map (lambda (input)
+                           (string-append (assoc-ref inputs input) "/bin"))
+                         '("perl"
+                           "procps"))))
+               #t)))
+         (add-after 'wrap-program 'post-install-test
            (lambda* (#:key outputs #:allow-other-keys)
              (invoke (string-append
                       (assoc-ref outputs "out") "/bin/parallel")
diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm
index 497963af63..9ac30420b7 100644
--- a/gnu/packages/password-utils.scm
+++ b/gnu/packages/password-utils.scm
@@ -358,7 +358,7 @@ any X11 window.")
 (define-public password-store
   (package
     (name "password-store")
-    (version "1.7.1")
+    (version "1.7.2")
     (source (origin
               (method url-fetch)
               (uri
@@ -366,8 +366,7 @@ any X11 window.")
                               name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0scqkpll2q8jhzcgcsh9kqz0gwdpvynivqjmmbzax2irjfaiklpn"))
-              (patches (search-patches "password-store-gnupg-compat.patch"))))
+                "1sl0d7nc85c6c2bmmmyb8rpmn47vhkj831l153mjlkawjvhwas27"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
diff --git a/gnu/packages/patches/beignet-correct-file-names.patch b/gnu/packages/patches/beignet-correct-file-names.patch
new file mode 100644
index 0000000000..2c5d0bbaea
--- /dev/null
+++ b/gnu/packages/patches/beignet-correct-file-names.patch
@@ -0,0 +1,32 @@
+Help CMake find Clang's libraries.
+Have it install the ICD file in the right place.
+
+diff --git a/CMake/FindLLVM.cmake b/CMake/FindLLVM.cmake
+index 5457f248..e8e8f94a 100644
+--- a/CMake/FindLLVM.cmake
++++ b/CMake/FindLLVM.cmake
+@@ -107,7 +107,7 @@ endif (LLVM_VERSION_NODOT VERSION_GREATER 34)
+ macro(add_one_lib name)
+   FIND_LIBRARY(CLANG_LIB
+     NAMES ${name}
+-    PATHS ${LLVM_LIBRARY_DIR} NO_DEFAULT_PATH)
++    PATHS ${CLANG_LIBRARY_DIR} NO_DEFAULT_PATH)
+   set(CLANG_LIBRARIES ${CLANG_LIBRARIES} ${CLANG_LIB})
+ 	unset(CLANG_LIB CACHE)
+ endmacro()
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index c11acbb2..fb99e5c8 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -217,7 +217,7 @@ IF(OCLIcd_FOUND)
+     "intel-beignet.icd.in"
+     "${ICD_FILE_NAME}"
+   )
+-  install (FILES ${CMAKE_CURRENT_BINARY_DIR}/${ICD_FILE_NAME} DESTINATION /etc/OpenCL/vendors)
++  install (FILES ${CMAKE_CURRENT_BINARY_DIR}/${ICD_FILE_NAME} DESTINATION etc/OpenCL/vendors COMPONENT config)
+ ELSE(OCLIcd_FOUND)
+   MESSAGE(STATUS "Looking for OCL ICD header file - not found")
+   MESSAGE(FATAL_ERROR "OCL ICD loader miss. If you really want to disable OCL ICD support, please run cmake with option -DOCLICD_COMPAT=0.")
+--
+2.14.3
+
diff --git a/gnu/packages/patches/bind-CVE-2018-5738.patch b/gnu/packages/patches/bind-CVE-2018-5738.patch
new file mode 100644
index 0000000000..ddef014651
--- /dev/null
+++ b/gnu/packages/patches/bind-CVE-2018-5738.patch
@@ -0,0 +1,100 @@
+Fix CVE-2018-5738:
+
+https://kb.isc.org/article/AA-01616/0/CVE-2018-5738
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738
+
+diff --git a/bin/named/server.c b/bin/named/server.c
+index f63554e..847c4ff 100644
+--- a/bin/named/server.c
++++ b/bin/named/server.c
+@@ -3725,10 +3725,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
+ 	CHECKM(named_config_getport(config, &port), "port");
+ 	dns_view_setdstport(view, port);
+ 
+-	CHECK(configure_view_acl(vconfig, config, named_g_config,
+-				 "allow-query", NULL, actx,
+-				 named_g_mctx, &view->queryacl));
+-
+ 	/*
+ 	 * Make the list of response policy zone names for a view that
+ 	 * is used for real lookups and so cares about hints.
+@@ -4692,21 +4688,35 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
+ 				 "allow-query-cache-on", NULL, actx,
+ 				 named_g_mctx, &view->cacheonacl));
+ 	/*
+-	 * Set "allow-query-cache", "allow-recursion", and
+-	 * "allow-recursion-on" acls if configured in named.conf.
+-	 * (Ignore the global defaults for now, because these ACLs
+-	 * can inherit from each other when only some of them set at
+-	 * the options/view level.)
++	 * Set the "allow-query", "allow-query-cache", "allow-recursion",
++	 * and "allow-recursion-on" ACLs if configured in named.conf, but
++	 * NOT from the global defaults. This is done by leaving the third
++	 * argument to configure_view_acl() NULL.
++	 *
++	 * We ignore the global defaults here because these ACLs
++	 * can inherit from each other.  If any are still unset after
++	 * applying the inheritance rules, we'll look up the defaults at
++	 * that time.
+ 	 */
+-	CHECK(configure_view_acl(vconfig, config, NULL, "allow-query-cache",
+-				 NULL, actx, named_g_mctx, &view->cacheacl));
++
++	/* named.conf only */
++	CHECK(configure_view_acl(vconfig, config, NULL,
++				 "allow-query", NULL, actx,
++				 named_g_mctx, &view->queryacl));
++
++	/* named.conf only */
++	CHECK(configure_view_acl(vconfig, config, NULL,
++				 "allow-query-cache", NULL, actx,
++				 named_g_mctx, &view->cacheacl));
+ 
+ 	if (strcmp(view->name, "_bind") != 0 &&
+ 	    view->rdclass != dns_rdataclass_chaos)
+ 	{
++		/* named.conf only */
+ 		CHECK(configure_view_acl(vconfig, config, NULL,
+ 					 "allow-recursion", NULL, actx,
+ 					 named_g_mctx, &view->recursionacl));
++		/* named.conf only */
+ 		CHECK(configure_view_acl(vconfig, config, NULL,
+ 					 "allow-recursion-on", NULL, actx,
+ 					 named_g_mctx, &view->recursiononacl));
+@@ -4744,18 +4754,21 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
+ 		 * the global config.
+ 		 */
+ 		if (view->recursionacl == NULL) {
++			/* global default only */
+ 			CHECK(configure_view_acl(NULL, NULL, named_g_config,
+ 						 "allow-recursion", NULL,
+ 						 actx, named_g_mctx,
+ 						 &view->recursionacl));
+ 		}
+ 		if (view->recursiononacl == NULL) {
++			/* global default only */
+ 			CHECK(configure_view_acl(NULL, NULL, named_g_config,
+ 						 "allow-recursion-on", NULL,
+ 						 actx, named_g_mctx,
+ 						 &view->recursiononacl));
+ 		}
+ 		if (view->cacheacl == NULL) {
++			/* global default only */
+ 			CHECK(configure_view_acl(NULL, NULL, named_g_config,
+ 						 "allow-query-cache", NULL,
+ 						 actx, named_g_mctx,
+@@ -4769,6 +4782,14 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
+ 		CHECK(dns_acl_none(mctx, &view->cacheacl));
+ 	}
+ 
++	if (view->queryacl == NULL) {
++		/* global default only */
++		CHECK(configure_view_acl(NULL, NULL, named_g_config,
++					 "allow-query", NULL,
++					 actx, named_g_mctx,
++					 &view->queryacl));
++	}
++
+ 	/*
+ 	 * Ignore case when compressing responses to the specified
+ 	 * clients. This causes case not always to be preserved,
diff --git a/gnu/packages/patches/binutils-aarch64-symbol-relocation.patch b/gnu/packages/patches/binutils-aarch64-symbol-relocation.patch
new file mode 100644
index 0000000000..fbd596862b
--- /dev/null
+++ b/gnu/packages/patches/binutils-aarch64-symbol-relocation.patch
@@ -0,0 +1,36 @@
+Fix a regression in Binutils 2.30 where some symbols are incorrectly assumed
+to be addresses:
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=22764
+
+Patch taken from upstream (with ChangeLog entries and tests omitted):
+
+https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=279b2f94168ee91e02ccd070d27c983fc001fe12
+
+diff --git a/bfd/elfnn-aarch64.c b/bfd/elfnn-aarch64.c
+index af448f9..2737773 100644
+--- a/bfd/elfnn-aarch64.c
++++ b/bfd/elfnn-aarch64.c
+@@ -7189,10 +7189,19 @@ elfNN_aarch64_check_relocs (bfd *abfd, struct bfd_link_info *info,
+ #if ARCH_SIZE == 64
+ 	case BFD_RELOC_AARCH64_32:
+ #endif
+-	  if (bfd_link_pic (info)
+-	      && (sec->flags & SEC_ALLOC) != 0
+-	      && (sec->flags & SEC_READONLY) != 0)
++	  if (bfd_link_pic (info) && (sec->flags & SEC_ALLOC) != 0)
+ 	    {
++	      if (h != NULL
++		  /* This is an absolute symbol.  It represents a value instead
++		     of an address.  */
++		  && ((h->root.type == bfd_link_hash_defined
++		       && bfd_is_abs_section (h->root.u.def.section))
++		      /* This is an undefined symbol.  */
++		      || h->root.type == bfd_link_hash_undefined))
++		break;
++
++	      /* For local symbols, defined global symbols in a non-ABS section,
++		 it is assumed that the value is an address.  */
+ 	      int howto_index = bfd_r_type - BFD_RELOC_AARCH64_RELOC_START;
+ 	      _bfd_error_handler
+ 		/* xgettext:c-format */
diff --git a/gnu/packages/patches/dovecot-trees-support-dovecot-2.3.patch b/gnu/packages/patches/dovecot-trees-support-dovecot-2.3.patch
new file mode 100644
index 0000000000..314f6b6de0
--- /dev/null
+++ b/gnu/packages/patches/dovecot-trees-support-dovecot-2.3.patch
@@ -0,0 +1,60 @@
+From: Tobias Geerinckx-Rice <me@tobias.gr>
+Date: Mon, 25 Jun 2018 00:34:52 +0200
+Subject: dovecot-trees: Fix build with dovecot 2.3.
+
+The following patch was taken verbatim from the upstream repository[0]
+and will be included in the next release.
+
+[0]: https://0xacab.org/riseuplabs/trees/commit/e136c32a044701d68b0235b8405357c5fca62a11
+---
+From e136c32a044701d68b0235b8405357c5fca62a11 Mon Sep 17 00:00:00 2001
+From: David Goulet <dgoulet@ev0ke.net>
+Date: Tue, 10 Apr 2018 13:48:01 -0400
+Subject: [PATCH] Support dovecot 2.3
+
+Untested but it builds now properly. Thanks to "smorks" for the report!
+
+Fixes #16
+
+Signed-off-by: David Goulet <dgoulet@ev0ke.net>
+---
+ src/trees-istream.c | 4 ++++
+ src/trees-ostream.c | 7 +++++++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/src/trees-istream.c b/src/trees-istream.c
+index b08ff16..e94be7d 100644
+--- a/src/trees-istream.c
++++ b/src/trees-istream.c
+@@ -431,5 +431,9 @@ trees_istream_create(struct istream *input,
+   sstream->out_byte_count = 0;
+ #endif
+ 
++#if DOVECOT_PREREQ(2, 3)
++	return i_stream_create(&sstream->istream, input, i_stream_get_fd(input), 0);
++#else
+   return i_stream_create(&sstream->istream, input, i_stream_get_fd(input));
++#endif /* DOVECOT_PREREQ */
+ }
+diff --git a/src/trees-ostream.c b/src/trees-ostream.c
+index 1b25a91..0cb7867 100644
+--- a/src/trees-ostream.c
++++ b/src/trees-ostream.c
+@@ -174,7 +174,14 @@ trees_ostream_sendv(struct ostream_private *stream,
+ static int
+ trees_ostream_flush(struct ostream_private *stream)
+ {
++  /* This is pretty ugly but unfortunately between 2.2 and 2.3, Dovecot changed
++   * the expected value to be non zero in 2.3+ . */
++#if DOVECOT_PREREQ(2, 3)
++  ssize_t result = 1;
++#else
+   ssize_t result = 0;
++#endif /* DOVECOT_PREREQ */
++
+   struct trees_ostream *sstream = (struct trees_ostream *) stream;
+ 
+   if (sstream->flushed) {
+-- 
+2.17.1
+
diff --git a/gnu/packages/patches/doxygen-gcc-ice.patch b/gnu/packages/patches/doxygen-gcc-ice.patch
new file mode 100644
index 0000000000..fbfedcb7ab
--- /dev/null
+++ b/gnu/packages/patches/doxygen-gcc-ice.patch
@@ -0,0 +1,25 @@
+Work around this GCC ICE: <https://bugs.gnu.org/31708>.  It shows up
+only when doing native compiles on armhf-linux.
+
+Yes it's a terrible patch, but it does the job.
+
+--- doxygen-1.8.13/qtools/qutfcodec.cpp	1970-01-01 01:00:00.000000000 +0100
++++ doxygen-1.8.13/qtools/qutfcodec.cpp	2018-06-08 14:14:29.614009929 +0200
+@@ -189,7 +189,7 @@ int QUtf16Codec::heuristicContentMatch(c
+ }
+ 
+ 
+-
++volatile const void *bomPointer = &QChar::byteOrderMark;
+ 
+ class QUtf16Encoder : public QTextEncoder {
+     bool headerdone;
+@@ -209,7 +209,7 @@ public:
+ 	    headerdone = TRUE;
+ 	    len_in_out = (1+uc.length())*(int)sizeof(QChar);
+ 	    QCString d(len_in_out);
+-	    memcpy(d.rawData(),&QChar::byteOrderMark,sizeof(QChar));
++	    memcpy(d.rawData(),(void *)bomPointer,sizeof(QChar));
+ 	    memcpy(d.rawData()+sizeof(QChar),uc.unicode(),uc.length()*sizeof(QChar));
+ 	    return d;
+ 	}
diff --git a/gnu/packages/patches/elixir-disable-failing-tests.patch b/gnu/packages/patches/elixir-disable-failing-tests.patch
deleted file mode 100644
index 547598b292..0000000000
--- a/gnu/packages/patches/elixir-disable-failing-tests.patch
+++ /dev/null
@@ -1,284 +0,0 @@
-Most of these tests fail for unknown reasons when run in the chroot
-environment of a Guix build process.
-
-Common failures are:
-
- * Mix.Shell.cmd() fails with error 130
- * The git_repo fixture cannot be found
- * Communication with spawned processes fails with EPIPE
- * Failure to copy files
-
-
-diff --git a/lib/elixir/test/elixir/kernel/cli_test.exs b/lib/elixir/test/elixir/kernel/cli_test.exs
-index 3ffd56c..1232d19 100644
---- a/lib/elixir/test/elixir/kernel/cli_test.exs
-+++ b/lib/elixir/test/elixir/kernel/cli_test.exs
-@@ -39,6 +39,7 @@ end
- defmodule Kernel.CLI.OptionParsingTest do
-   use ExUnit.Case, async: true
-
-+  @tag :skip
-   test "properly parses paths" do
-     root = fixture_path("../../..") |> to_charlist
-     list = elixir('-pa "#{root}/*" -pz "#{root}/lib/*" -e "IO.inspect(:code.get_path, limit: :infinity)"')
-@@ -57,6 +58,7 @@ end
- defmodule Kernel.CLI.AtExitTest do
-   use ExUnit.Case, async: true
-
-+  @tag :skip
-   test "invokes at_exit callbacks" do
-     assert elixir(fixture_path("at_exit.exs") |> to_charlist) ==
-            'goodbye cruel world with status 1\n'
-@@ -66,6 +68,7 @@ end
- defmodule Kernel.CLI.ErrorTest do
-   use ExUnit.Case, async: true
-
-+  @tag :skip
-   test "properly format errors" do
-     assert :string.str('** (throw) 1', elixir('-e "throw 1"')) == 0
-     assert :string.str('** (ErlangError) erlang error: 1', elixir('-e "error 1"')) == 0
-@@ -86,6 +89,7 @@ defmodule Kernel.CLI.CompileTest do
-     {:ok, [tmp_dir_path: tmp_dir_path, beam_file_path: beam_file_path, fixture: fixture]}
-   end
-
-+  @tag :skip
-   test "compiles code", context do
-     assert elixirc('#{context[:fixture]} -o #{context[:tmp_dir_path]}') == ''
-     assert File.regular?(context[:beam_file_path])
-@@ -96,6 +100,7 @@ defmodule Kernel.CLI.CompileTest do
-     Code.delete_path context[:tmp_dir_path]
-   end
-
-+  @tag :skip
-   test "fails on missing patterns", context do
-     output = elixirc('#{context[:fixture]} non_existing.ex -o #{context[:tmp_dir_path]}')
-     assert :string.str(output, 'non_existing.ex') > 0, "expected non_existing.ex to be mentioned"
-@@ -103,6 +108,7 @@ defmodule Kernel.CLI.CompileTest do
-     refute File.exists?(context[:beam_file_path]), "expected the sample to not be compiled"
-   end
-
-+  @tag :skip
-   test "fails on missing write access to .beam file", context do
-     compilation_args = '#{context[:fixture]} -o #{context[:tmp_dir_path]}'
-
-diff --git a/lib/elixir/test/elixir/kernel/dialyzer_test.exs b/lib/elixir/test/elixir/kernel/dialyzer_test.exs
-index 801d852..40fc5bc 100644
---- a/lib/elixir/test/elixir/kernel/dialyzer_test.exs
-+++ b/lib/elixir/test/elixir/kernel/dialyzer_test.exs
-@@ -60,16 +60,19 @@ defmodule Kernel.DialyzerTest do
-     assert_dialyze_no_warnings! context
-   end
-
-+  @tag :skip
-   test "no warnings on rewrites", context do
-     copy_beam! context, Dialyzer.Rewrite
-     assert_dialyze_no_warnings! context
-   end
-
-+  @tag :skip
-   test "no warnings on raise", context do
-     copy_beam! context, Dialyzer.Raise
-     assert_dialyze_no_warnings! context
-   end
-
-+  @tag :skip
-   test "no warnings on macrocallback", context do
-     copy_beam! context, Dialyzer.Macrocallback
-     copy_beam! context, Dialyzer.Macrocallback.Impl
-diff --git a/lib/elixir/test/elixir/system_test.exs b/lib/elixir/test/elixir/system_test.exs
-index aafa559..0f9c178 100644
---- a/lib/elixir/test/elixir/system_test.exs
-+++ b/lib/elixir/test/elixir/system_test.exs
-@@ -53,7 +53,8 @@ defmodule SystemTest do
-     assert System.endianness in [:little, :big]
-     assert System.endianness == System.compiled_endianness
-   end
--
-+
-+  @tag :skip
-   test "argv/0" do
-     list = elixir('-e "IO.inspect System.argv" -- -o opt arg1 arg2 --long-opt 10')
-     {args, _} = Code.eval_string list, []
-diff --git a/lib/mix/test/mix/dep_test.exs b/lib/mix/test/mix/dep_test.exs
-index fff3351..d6ed1b3 100644
---- a/lib/mix/test/mix/dep_test.exs
-+++ b/lib/mix/test/mix/dep_test.exs
-@@ -244,6 +244,7 @@ defmodule Mix.DepTest do
-     end
-   end
-
-+  @tag :skip
-   test "remote converger" do
-     deps = [{:deps_repo, "0.1.0", path: "custom/deps_repo"},
-             {:git_repo, "0.2.0", git: MixTest.Case.fixture_path("git_repo")}]
-@@ -301,6 +302,7 @@ defmodule Mix.DepTest do
-     end
-   end
-
-+  @tag :skip
-   test "remote converger is not invoked if deps diverge" do
-     deps = [{:deps_repo, "0.1.0", path: "custom/deps_repo"},
-             {:git_repo, "0.2.0", git: MixTest.Case.fixture_path("git_repo"), only: :test}]
-
-diff --git a/lib/mix/test/mix/shell/io_test.exs b/lib/mix/test/mix/shell/io_test.exs
-index 9bfb6b4..d982ef3 100644
---- a/lib/mix/test/mix/shell/io_test.exs
-+++ b/lib/mix/test/mix/shell/io_test.exs
-@@ -29,6 +29,7 @@ defmodule Mix.Shell.IOTest do
-     assert capture_io("", fn -> refute yes?("Ok?") end)
-   end
-
-+  @tag :skip
-   test "runs a given command" do
-     assert capture_io("", fn -> assert cmd("echo hello") == 0 end) == "hello\n"
-
-diff --git a/lib/mix/test/mix/shell/quiet_test.exs b/lib/mix/test/mix/shell/quiet_test.exs
-index 626429b..99fab35 100644
---- a/lib/mix/test/mix/shell/quiet_test.exs
-+++ b/lib/mix/test/mix/shell/quiet_test.exs
-@@ -29,6 +29,7 @@ defmodule Mix.Shell.QuietTest do
-     assert capture_io("", fn -> refute yes?("Ok?") end)
-   end
-
-+  @tag :skip
-   test "runs a given command" do
-     assert capture_io("", fn -> assert cmd("echo hello") == 0 end) == ""
-
-diff --git a/lib/mix/test/mix/tasks/cmd_test.exs b/lib/mix/test/mix/tasks/cmd_test.exs
-index db4bf06..4d441f7 100644
---- a/lib/mix/test/mix/tasks/cmd_test.exs
-+++ b/lib/mix/test/mix/tasks/cmd_test.exs
-@@ -3,6 +3,7 @@ Code.require_file "../../test_helper.exs", __DIR__
- defmodule Mix.Tasks.CmdTest do
-   use MixTest.Case
-
-+  @tag :skip
-   test "runs the command for each app" do
-     in_fixture "umbrella_dep/deps/umbrella", fn ->
-       Mix.Project.in_project(:umbrella, ".", fn _ ->
-diff --git a/lib/mix/test/mix/tasks/deps.tree_test.exs b/lib/mix/test/mix/tasks/deps.tree_test.exs
-index 4f09ff3..c371997 100644
---- a/lib/mix/test/mix/tasks/deps.tree_test.exs
-+++ b/lib/mix/test/mix/tasks/deps.tree_test.exs
-@@ -29,6 +29,7 @@ defmodule Mix.Tasks.Deps.TreeTest do
-     end
-   end
-
-+  @tag :skip
-   test "shows the dependency tree", context do
-     Mix.Project.push ConvergedDepsApp
-
-@@ -109,6 +110,7 @@ defmodule Mix.Tasks.Deps.TreeTest do
-     end
-   end
-
-+  @tag :skip
-   test "shows the dependency tree in DOT graph format", context do
-     Mix.Project.push ConvergedDepsApp
-
-diff --git a/lib/mix/test/mix/tasks/deps_test.exs b/lib/mix/test/mix/tasks/deps_test.exs
-index b061777..cc45cf8 100644
---- a/lib/mix/test/mix/tasks/deps_test.exs
-+++ b/lib/mix/test/mix/tasks/deps_test.exs
-@@ -96,6 +96,7 @@
-     end
-   end
-
-+  @tag :skip
-   test "prints list of dependencies and their lock status" do
-     Mix.Project.push DepsApp
-
-@@ -409,6 +409,7 @@ defmodule Mix.Tasks.DepsTest do
-     end
-   end
-
-+  @tag :skip
-   test "fails on diverged dependencies by requirement" do
-     Mix.Project.push ConvergedDepsApp
-
-@@ -440,6 +441,7 @@ defmodule Mix.Tasks.DepsTest do
-     end
-   end
-
-+  @tag :skip
-   test "fails on diverged dependencies even when optional" do
-     Mix.Project.push ConvergedDepsApp
-
-@@ -469,6 +471,7 @@ defmodule Mix.Tasks.DepsTest do
-     end
-   end
-
-+  @tag :skip
-   test "works with converged dependencies" do
-     Mix.Project.push ConvergedDepsApp
-
-@@ -491,6 +494,7 @@ defmodule Mix.Tasks.DepsTest do
-     purge [GitRepo, GitRepo.Mixfile]
-   end
-
-+  @tag :skip
-   test "works with overridden dependencies" do
-     Mix.Project.push OverriddenDepsApp
-
-diff --git a/lib/mix/test/mix/umbrella_test.exs b/lib/mix/test/mix/umbrella_test.exs
-index 69f9428..406668a 100644
---- a/lib/mix/test/mix/umbrella_test.exs
-+++ b/lib/mix/test/mix/umbrella_test.exs
-@@ -98,6 +98,7 @@ defmodule Mix.UmbrellaTest do
-     end
-   end
-
-+  @tag :skip
-   test "loads umbrella child dependencies in all environments" do
-     in_fixture "umbrella_dep/deps/umbrella", fn ->
-       Mix.Project.in_project :umbrella, ".", fn _ ->
-
-diff --git a/lib/elixir/test/elixir/kernel/dialyzer_test.exs b/lib/elixir/test/elixir/kernel/dialyzer_test.exs
-index 792222c..e90beb9 100644
---- a/lib/elixir/test/elixir/kernel/dialyzer_test.exs
-+++ b/lib/elixir/test/elixir/kernel/dialyzer_test.exs
-@@ -54,6 +54,7 @@ defmodule Kernel.DialyzerTest do
-     {:ok, [outdir: dir, dialyzer: dialyzer]}
-   end
-
-+  @tag :skip
-   test "no warnings on valid remote calls", context do
-     copy_beam! context, Dialyzer.RemoteCall
-     assert_dialyze_no_warnings! context
-@@ -78,11 +79,13 @@ defmodule Kernel.DialyzerTest do
-     assert_dialyze_no_warnings! context
-   end
-
-+  @tag :skip
-   test "no warnings on struct update", context do
-     copy_beam! context, Dialyzer.StructUpdate
-     assert_dialyze_no_warnings! context
-   end
-
-+  @tag :skip
-   test "no warnings on protocol calls with opaque types", context do
-     copy_beam! context, Dialyzer.ProtocolOpaque
-     copy_beam! context, Dialyzer.ProtocolOpaque.Entity
-@@ -90,6 +93,7 @@ defmodule Kernel.DialyzerTest do
-     assert_dialyze_no_warnings! context
-   end
-
-+  @tag :skip
-   test "no warnings on and/2 and or/2", context do
-     copy_beam! context, Dialyzer.BooleanCheck
-     assert_dialyze_no_warnings! context
-
-diff --git a/Makefile b/Makefile
-index 2fc4f9a..aef8366 100644
---- a/Makefile
-+++ b/Makefile
-@@ -201,7 +201,7 @@ $(TEST_EBIN)/%.beam: $(TEST_ERL)/%.erl
-        $(Q) mkdir -p $(TEST_EBIN)
-        $(Q) $(ERLC) -o $(TEST_EBIN) $<
-
--test_elixir: test_stdlib test_ex_unit test_logger test_mix test_eex test_iex
-+test_elixir: test_stdlib test_ex_unit test_logger test_eex test_iex
-
- test_stdlib: compile
-        @ echo "==> elixir (exunit)"
-
diff --git a/gnu/packages/patches/flann-cmake-3.11.patch b/gnu/packages/patches/flann-cmake-3.11.patch
new file mode 100644
index 0000000000..1fb76eca0a
--- /dev/null
+++ b/gnu/packages/patches/flann-cmake-3.11.patch
@@ -0,0 +1,84 @@
+Fixes this issue:
+ <https://github.com/mariusmuja/flann/issues/369>.
+Patch from Buildroot:
+ <https://github.com/buildroot/buildroot/commit/45a39b3e2ba42b72d19bfcef30db1b8da9ead51a>.
+
+From fa5ec96a94646492a3f908e12905b3e48a8e800b Mon Sep 17 00:00:00 2001
+From: Romain Naour <romain.naour@gmail.com>
+Date: Wed, 18 Apr 2018 20:24:13 +0200
+Subject: [PATCH] src/cpp: fix cmake >= 3.11 build
+
+CMake < 3.11 doesn't support add_library() without any source file
+(i.e add_library(foo SHARED)). But flann CMake use a trick that use
+an empty string "" as source list (i.e add_library(foo SHARED "")).
+This look like a bug in CMake < 3.11.
+
+With CMake >= 3.11, the new behaviour of add_library() break the
+existing flann CMake code.
+
+From CMake Changelog [1]:
+"add_library() and add_executable() commands can now be called without
+ any sources and will not complain as long as sources are added later
+ via the target_sources() command."
+
+Note: flann CMake code doesn't use target_sources() since no source file
+are provided intentionally since the flann shared library is created by
+linking with the flann_cpp_s static library with this line:
+
+target_link_libraries(flann_cpp -Wl,-whole-archive flann_cpp_s -Wl,-no-whole-archive)
+
+If you try to use "add_library(flann_cpp SHARED ${CPP_SOURCES})" (as it should
+be normally done), the link fail due to already defined symbol.
+
+They are building the shared version using the static library "to speedup the
+build time" [3]
+
+This issue is already reported upstream [2] with a proposed solution.
+
+Upstream status: Pending
+
+Fixes:
+http://autobuild.buildroot.net/results/b2f/b2febfaf8c44ce477b3e4a5b9b976fd25e8d7454
+
+[1] https://cmake.org/cmake/help/v3.11/release/3.11.html
+[2] https://github.com/mariusmuja/flann/issues/369
+[3] https://github.com/mariusmuja/flann/commit/0fd62b43be2fbb0b8d791ee36290791224dc030c
+
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+---
+ src/cpp/CMakeLists.txt | 4 ++--
+ src/cpp/empty.cpp      | 1 +
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+ create mode 100644 src/cpp/empty.cpp
+
+diff --git a/src/cpp/CMakeLists.txt b/src/cpp/CMakeLists.txt
+index b44a735..a816863 100644
+--- a/src/cpp/CMakeLists.txt
++++ b/src/cpp/CMakeLists.txt
+@@ -29,7 +29,7 @@ if (BUILD_CUDA_LIB)
+ endif()
+ 
+ if(CMAKE_SYSTEM_NAME STREQUAL "Linux" AND CMAKE_COMPILER_IS_GNUCC)
+-    add_library(flann_cpp SHARED "")
++    add_library(flann_cpp SHARED "empty.cpp")
+     set_target_properties(flann_cpp PROPERTIES LINKER_LANGUAGE CXX)
+     target_link_libraries(flann_cpp -Wl,-whole-archive flann_cpp_s -Wl,-no-whole-archive)
+ 
+@@ -85,7 +85,7 @@ if (BUILD_C_BINDINGS)
+     set_property(TARGET flann_s PROPERTY COMPILE_DEFINITIONS FLANN_STATIC)
+ 
+     if(CMAKE_SYSTEM_NAME STREQUAL "Linux" AND CMAKE_COMPILER_IS_GNUCC)
+-        add_library(flann SHARED "")
++        add_library(flann SHARED "empty.cpp")
+         set_target_properties(flann PROPERTIES LINKER_LANGUAGE CXX)
+         target_link_libraries(flann -Wl,-whole-archive flann_s -Wl,-no-whole-archive)
+     else()
+diff --git a/src/cpp/empty.cpp b/src/cpp/empty.cpp
+new file mode 100644
+index 0000000..40a8c17
+--- /dev/null
++++ b/src/cpp/empty.cpp
+@@ -0,0 +1 @@
++/* empty */
+-- 
+2.14.3
diff --git a/gnu/packages/patches/gcc-8-strmov-store-file-names.patch b/gnu/packages/patches/gcc-8-strmov-store-file-names.patch
new file mode 100644
index 0000000000..f8e6b951b2
--- /dev/null
+++ b/gnu/packages/patches/gcc-8-strmov-store-file-names.patch
@@ -0,0 +1,110 @@
+Make sure that statements such as:
+
+  strcpy (dst, "/gnu/store/…");
+
+or
+
+  static const char str[] = "/gnu/store/…";
+  …
+  strcpy (dst, str);
+
+do not result in chunked /gnu/store strings that are undetectable by
+Guix's GC and its grafting code.  See <https://bugs.gnu.org/24703>
+and <https://bugs.gnu.org/30395>.
+
+--- gcc-5.3.0/gcc/builtins.c	2016-10-18 10:50:46.080616285 +0200
++++ gcc-5.3.0/gcc/builtins.c	2016-11-09 15:26:43.693042737 +0100
+@@ -3012,6 +3012,58 @@ determine_block_size (tree len, rtx len_rtx,
+ 			  GET_MODE_MASK (GET_MODE (len_rtx)));
+ }
+ 
++extern void debug_tree (tree);
++
++/* Return true if STR contains the string "/gnu/store".  */
++
++bool
++store_reference_p (tree str)
++{
++  if (getenv ("GUIX_GCC_DEBUG") != NULL)
++    debug_tree (str);
++
++  if (TREE_CODE (str) == ADDR_EXPR)
++    str = TREE_OPERAND (str, 0);
++
++  if (TREE_CODE (str) == VAR_DECL
++      && TREE_STATIC (str)
++      && TREE_READONLY (str))
++    {
++      /* STR may be a 'static const' variable whose initial value
++         is a string constant.  See <https://bugs.gnu.org/30395>.  */
++      str = DECL_INITIAL (str);
++      if (str == NULL_TREE)
++        return false;
++    }
++
++  if (TREE_CODE (str) != STRING_CST)
++    return false;
++
++  int len;
++  const char *store;
++
++  store = getenv ("NIX_STORE") ? getenv ("NIX_STORE") : "/gnu/store";
++  len = strlen (store);
++
++  /* Size of the hash part of store file names, including leading slash and
++     trailing hyphen.  */
++  const int hash_len = 34;
++
++  if (TREE_STRING_LENGTH (str) < len + hash_len)
++    return false;
++
++  /* We cannot use 'strstr' because 'TREE_STRING_POINTER' returns a string
++     that is not necessarily NUL-terminated.  */
++
++  for (int i = 0; i < TREE_STRING_LENGTH (str) - (len + hash_len); i++)
++    {
++      if (strncmp (TREE_STRING_POINTER (str) + i, store, len) == 0)
++	return true;
++    }
++
++  return false;
++}
++
+ /* Try to verify that the sizes and lengths of the arguments to a string
+    manipulation function given by EXP are within valid bounds and that
+    the operation does not lead to buffer overflow or read past the end.
+@@ -3605,6 +3657,13 @@ expand_builtin_memory_copy_args (tree dest, tree src, tree len,
+   unsigned HOST_WIDE_INT max_size;
+   unsigned HOST_WIDE_INT probable_max_size;
+ 
++  /* Do not emit block moves, which translate to the 'movabs' instruction on
++     x86_64, when SRC refers to store items.  That way, store references
++     remain visible to the Guix GC and grafting code.  See
++     <https://bugs.gnu.org/24703>.  */
++  if (store_reference_p (src))
++    return NULL_RTX;
++
+   /* If DEST is not a pointer type, call the normal function.  */
+   if (dest_align == 0)
+     return NULL_RTX;
+--- gcc-5.5.0/gcc/gimple-fold.c	2018-03-20 11:36:16.709442004 +0100
++++ gcc-5.5.0/gcc/gimple-fold.c	2018-03-20 11:46:43.838487065 +0100
+@@ -635,6 +635,8 @@ var_decl_component_p (tree var)
+   return SSA_VAR_P (inner);
+ }
+ 
++extern bool store_reference_p (tree);
++
+ /* If the SIZE argument representing the size of an object is in a range
+    of values of which exactly one is valid (and that is zero), return
+    true, otherwise false.  */
+@@ -742,6 +744,9 @@ gimple_fold_builtin_memory_op (gimple_stmt_iterator *gsi,
+       off0 = build_int_cst (build_pointer_type_for_mode (char_type_node,
+ 							 ptr_mode, true), 0);
+ 
++      if (store_reference_p (src))
++        return false;
++
+       /* If we can perform the copy efficiently with first doing all loads
+          and then all stores inline it that way.  Currently efficiently
+ 	 means that we can load all the memory into a single integer
diff --git a/gnu/packages/patches/heimdal-CVE-2017-11103.patch b/gnu/packages/patches/heimdal-CVE-2017-11103.patch
deleted file mode 100644
index d76f0df369..0000000000
--- a/gnu/packages/patches/heimdal-CVE-2017-11103.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-Fix CVE-2017-11103:
-
-https://orpheus-lyre.info/
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103
-https://security-tracker.debian.org/tracker/CVE-2017-11103
-
-Patch lifted from upstream source repository:
-
-https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea
-
-From 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea Mon Sep 17 00:00:00 2001
-From: Jeffrey Altman <jaltman@secure-endpoints.com>
-Date: Wed, 12 Apr 2017 15:40:42 -0400
-Subject: [PATCH] CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
-
-In _krb5_extract_ticket() the KDC-REP service name must be obtained from
-encrypted version stored in 'enc_part' instead of the unencrypted version
-stored in 'ticket'.  Use of the unecrypted version provides an
-opportunity for successful server impersonation and other attacks.
-
-Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
-
-Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c
----
- lib/krb5/ticket.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/lib/krb5/ticket.c b/lib/krb5/ticket.c
-index d95d96d1b..b8d81c6ad 100644
---- a/lib/krb5/ticket.c
-+++ b/lib/krb5/ticket.c
-@@ -705,8 +705,8 @@ _krb5_extract_ticket(krb5_context context,
-     /* check server referral and save principal */
-     ret = _krb5_principalname2krb5_principal (context,
- 					      &tmp_principal,
--					      rep->kdc_rep.ticket.sname,
--					      rep->kdc_rep.ticket.realm);
-+					      rep->enc_part.sname,
-+					      rep->enc_part.srealm);
-     if (ret)
- 	goto out;
-     if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){
--- 
-2.13.3
-
diff --git a/gnu/packages/patches/heimdal-CVE-2017-6594.patch b/gnu/packages/patches/heimdal-CVE-2017-6594.patch
deleted file mode 100644
index 714af60304..0000000000
--- a/gnu/packages/patches/heimdal-CVE-2017-6594.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-Fix CVE-2017-6594:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6594
-https://security-tracker.debian.org/tracker/CVE-2017-6594
-
-Patch lifted from upstream source repository:
-
-https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837
-
-To apply the patch to Heimdal 1.5.3 release tarball, the changes to 'NEWS' and
-files in 'tests/' are removed, and hunk #4 of 'kdc/krb5tgs.c' is modified.
-
-From b1e699103f08d6a0ca46a122193c9da65f6cf837 Mon Sep 17 00:00:00 2001
-From: Viktor Dukhovni <viktor@twosigma.com>
-Date: Wed, 10 Aug 2016 23:31:14 +0000
-Subject: [PATCH] Fix transit path validation CVE-2017-6594
-
-Commit f469fc6 (2010-10-02) inadvertently caused the previous hop realm
-to not be added to the transit path of issued tickets.  This may, in
-some cases, enable bypass of capath policy in Heimdal versions 1.5
-through 7.2.
-
-Note, this may break sites that rely on the bug.  With the bug some
-incomplete [capaths] worked, that should not have.  These may now break
-authentication in some cross-realm configurations.
----
- NEWS                   | 14 ++++++++++++++
- kdc/krb5tgs.c          | 12 ++++++++++--
- tests/kdc/check-kdc.in | 17 +++++++++++++++++
- tests/kdc/krb5.conf.in |  4 ++++
- 4 files changed, 45 insertions(+), 2 deletions(-)
-
-diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c
-index 6048b9c55..98503812f 100644
---- a/kdc/krb5tgs.c
-+++ b/kdc/krb5tgs.c
-@@ -655,8 +655,12 @@ fix_transited_encoding(krb5_context context,
- 		  "Decoding transited encoding");
- 	return ret;
-     }
-+
-+    /*
-+     * If the realm of the presented tgt is neither the client nor the server
-+     * realm, it is a transit realm and must be added to transited set.
-+     */
-     if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)) {
--	/* not us, so add the previous realm to transited set */
- 	if (num_realms + 1 > UINT_MAX/sizeof(*realms)) {
- 	    ret = ERANGE;
- 	    goto free_realms;
-@@ -737,6 +741,7 @@ tgs_make_reply(krb5_context context,
- 	       const char *server_name,
- 	       hdb_entry_ex *client,
- 	       krb5_principal client_principal,
-+               const char *tgt_realm,
- 	       hdb_entry_ex *krbtgt,
- 	       krb5_enctype krbtgt_etype,
- 	       krb5_principals spp,
-@@ -798,7 +803,7 @@ tgs_make_reply(krb5_context context,
- 				 &tgt->transited, &et,
- 				 krb5_principal_get_realm(context, client_principal),
- 				 krb5_principal_get_realm(context, server->entry.principal),
--				 krb5_principal_get_realm(context, krbtgt->entry.principal));
-+				 tgt_realm);
-     if(ret)
- 	goto out;
- 
-@@ -1519,4 +1524,6 @@ tgs_build_reply(krb5_context context,
-     krb5_keyblock sessionkey;
-     krb5_kvno kvno;
-     krb5_data rspac;
-+    const char *tgt_realm = /* Realm of TGT issuer */
-+        krb5_principal_get_realm(context, krbtgt->entry.principal);
-
-@@ -2324,6 +2331,7 @@ server_lookup:
- 			 spn,
- 			 client,
- 			 cp,
-+                         tgt_realm,
- 			 krbtgt_out,
- 			 tkey_sign->key.keytype,
- 			 spp,
--- 
-2.13.3
-
diff --git a/gnu/packages/patches/icecat-bug-1413868-pt1.patch b/gnu/packages/patches/icecat-bug-1413868-pt1.patch
new file mode 100644
index 0000000000..18382dc33a
--- /dev/null
+++ b/gnu/packages/patches/icecat-bug-1413868-pt1.patch
@@ -0,0 +1,663 @@
+Based on <https://hg.mozilla.org/releases/mozilla-esr52/rev/431fa5dd4016>
+Adapted to apply cleanly to GNU IceCat.
+
+# HG changeset patch
+# User Honza Bambas <honzab.moz@firemni.cz>
+# Date 1528830658 14400
+# Node ID 431fa5dd4016bdab7e4bb0d3c4df85468fe337b0
+# Parent  e8e9e1ef79f2a18c61ec1b87cfb214c8d4960f8e
+Bug 1413868. r=valentin, a=RyanVM
+
+diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp
+--- a/toolkit/xre/nsAppRunner.cpp
++++ b/toolkit/xre/nsAppRunner.cpp
+@@ -4,16 +4,17 @@
+  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+ 
+ #include "mozilla/dom/ContentParent.h"
+ #include "mozilla/dom/ContentChild.h"
+ #include "mozilla/ipc/GeckoChildProcessHost.h"
+ 
+ #include "mozilla/ArrayUtils.h"
+ #include "mozilla/Attributes.h"
++#include "mozilla/FilePreferences.h"
+ #include "mozilla/ChaosMode.h"
+ #include "mozilla/IOInterposer.h"
+ #include "mozilla/Likely.h"
+ #include "mozilla/MemoryChecking.h"
+ #include "mozilla/Poison.h"
+ #include "mozilla/Preferences.h"
+ #include "mozilla/ScopeExit.h"
+ #include "mozilla/Services.h"
+@@ -4304,16 +4305,20 @@ XREMain::XRE_mainRun()
+       // Need to write out the fact that the profile has been removed and potentially
+       // that the selected/default profile changed.
+       mProfileSvc->Flush();
+     }
+   }
+ 
+   mDirProvider.DoStartup();
+ 
++  // As FilePreferences need the profile directory, we must initialize right here.
++  mozilla::FilePreferences::InitDirectoriesWhitelist();
++  mozilla::FilePreferences::InitPrefs();
++
+   OverrideDefaultLocaleIfNeeded();
+ 
+ #ifdef MOZ_CRASHREPORTER
+   nsCString userAgentLocale;
+   // Try a localized string first. This pref is always a localized string in
+   // IceCatMobile, and might be elsewhere, too.
+   if (NS_SUCCEEDED(Preferences::GetLocalizedCString("general.useragent.locale", &userAgentLocale))) {
+     CrashReporter::AnnotateCrashReport(NS_LITERAL_CSTRING("useragent_locale"), userAgentLocale);
+diff --git a/toolkit/xre/nsEmbedFunctions.cpp b/toolkit/xre/nsEmbedFunctions.cpp
+--- a/toolkit/xre/nsEmbedFunctions.cpp
++++ b/toolkit/xre/nsEmbedFunctions.cpp
+@@ -46,16 +46,17 @@
+ #include "nsX11ErrorHandler.h"
+ #include "nsGDKErrorHandler.h"
+ #include "base/at_exit.h"
+ #include "base/command_line.h"
+ #include "base/message_loop.h"
+ #include "base/process_util.h"
+ #include "chrome/common/child_process.h"
+ 
++#include "mozilla/FilePreferences.h"
+ #include "mozilla/ipc/BrowserProcessSubThread.h"
+ #include "mozilla/ipc/GeckoChildProcessHost.h"
+ #include "mozilla/ipc/IOThreadChild.h"
+ #include "mozilla/ipc/ProcessChild.h"
+ #include "ScopedXREEmbed.h"
+ 
+ #include "mozilla/plugins/PluginProcessChild.h"
+ #include "mozilla/dom/ContentProcess.h"
+@@ -680,16 +681,18 @@ XRE_InitChildProcess(int aArgc,
+       ::SetProcessShutdownParameters(0x280 - 1, SHUTDOWN_NORETRY);
+ #endif
+ 
+ #if defined(MOZ_SANDBOX) && defined(XP_WIN)
+       // We need to do this after the process has been initialised, as
+       // InitLoggingIfRequired may need access to prefs.
+       mozilla::sandboxing::InitLoggingIfRequired(aChildData->ProvideLogFunction);
+ #endif
++      mozilla::FilePreferences::InitDirectoriesWhitelist();
++      mozilla::FilePreferences::InitPrefs();
+ 
+       OverrideDefaultLocaleIfNeeded();
+ 
+ #if defined(MOZ_CRASHREPORTER)
+ #if defined(MOZ_CONTENT_SANDBOX) && !defined(MOZ_WIDGET_GONK)
+       AddContentSandboxLevelAnnotation();
+ #endif
+ #endif
+diff --git a/xpcom/io/FilePreferences.cpp b/xpcom/io/FilePreferences.cpp
+new file mode 100644
+--- /dev/null
++++ b/xpcom/io/FilePreferences.cpp
+@@ -0,0 +1,271 @@
++/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
++/* vim: set ts=8 sts=2 et sw=2 tw=80: */
++/* This Source Code Form is subject to the terms of the Mozilla Public
++* License, v. 2.0. If a copy of the MPL was not distributed with this
++* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
++
++#include "FilePreferences.h"
++
++#include "mozilla/Preferences.h"
++#include "nsAppDirectoryServiceDefs.h"
++#include "nsDirectoryServiceDefs.h"
++#include "nsDirectoryServiceUtils.h"
++
++namespace mozilla {
++namespace FilePreferences {
++
++static bool sBlockUNCPaths = false;
++typedef nsTArray<nsString> Paths;
++
++static Paths& PathArray()
++{
++  static Paths sPaths;
++  return sPaths;
++}
++
++static void AllowDirectory(char const* directory)
++{
++  nsCOMPtr<nsIFile> file;
++  NS_GetSpecialDirectory(directory, getter_AddRefs(file));
++  if (!file) {
++    return;
++  }
++
++  nsString path;
++  if (NS_FAILED(file->GetTarget(path))) {
++    return;
++  }
++
++  // The whitelist makes sense only for UNC paths, because this code is used
++  // to block only UNC paths, hence, no need to add non-UNC directories here
++  // as those would never pass the check.
++  if (!StringBeginsWith(path, NS_LITERAL_STRING("\\\\"))) {
++    return;
++  }
++
++  if (!PathArray().Contains(path)) {
++    PathArray().AppendElement(path);
++  }
++}
++
++void InitPrefs()
++{
++  sBlockUNCPaths = Preferences::GetBool("network.file.disable_unc_paths", false);
++}
++
++void InitDirectoriesWhitelist()
++{
++  // NS_GRE_DIR is the installation path where the binary resides.
++  AllowDirectory(NS_GRE_DIR);
++  // NS_APP_USER_PROFILE_50_DIR and NS_APP_USER_PROFILE_LOCAL_50_DIR are the two
++  // parts of the profile we store permanent and local-specific data.
++  AllowDirectory(NS_APP_USER_PROFILE_50_DIR);
++  AllowDirectory(NS_APP_USER_PROFILE_LOCAL_50_DIR);
++}
++
++namespace { // anon
++
++class Normalizer
++{
++public:
++  Normalizer(const nsAString& aFilePath, const char16_t aSeparator);
++  bool Get(nsAString& aNormalizedFilePath);
++
++private:
++  bool ConsumeItem();
++  bool ConsumeSeparator();
++  bool IsEOF() { return mFilePathCursor == mFilePathEnd; }
++
++  bool ConsumeName();
++  bool CheckParentDir();
++  bool CheckCurrentDir();
++
++  nsString::const_char_iterator mFilePathCursor;
++  nsString::const_char_iterator mFilePathEnd;
++
++  nsDependentSubstring mItem;
++  char16_t const mSeparator;
++  nsTArray<nsDependentSubstring> mStack;
++};
++
++Normalizer::Normalizer(const nsAString& aFilePath, const char16_t aSeparator)
++  : mFilePathCursor(aFilePath.BeginReading())
++  , mFilePathEnd(aFilePath.EndReading())
++  , mSeparator(aSeparator)
++{
++}
++
++bool Normalizer::ConsumeItem()
++{
++  if (IsEOF()) {
++    return false;
++  }
++
++  nsString::const_char_iterator nameBegin = mFilePathCursor;
++  while (mFilePathCursor != mFilePathEnd) {
++    if (*mFilePathCursor == mSeparator) {
++      break; // don't include the separator
++    }
++    ++mFilePathCursor;
++  }
++
++  mItem.Rebind(nameBegin, mFilePathCursor);
++  return true;
++}
++
++bool Normalizer::ConsumeSeparator()
++{
++  if (IsEOF()) {
++    return false;
++  }
++
++  if (*mFilePathCursor != mSeparator) {
++    return false;
++  }
++
++  ++mFilePathCursor;
++  return true;
++}
++
++bool Normalizer::Get(nsAString& aNormalizedFilePath)
++{
++  aNormalizedFilePath.Truncate();
++
++  if (IsEOF()) {
++    return true;
++  }
++  if (ConsumeSeparator()) {
++    aNormalizedFilePath.Append(mSeparator);
++  }
++
++  if (IsEOF()) {
++    return true;
++  }
++  if (ConsumeSeparator()) {
++    aNormalizedFilePath.Append(mSeparator);
++  }
++
++  while (!IsEOF()) {
++    if (!ConsumeName()) {
++      return false;
++    }
++  }
++
++  for (auto const& name : mStack) {
++    aNormalizedFilePath.Append(name);
++  }
++
++  return true;
++}
++
++bool Normalizer::ConsumeName()
++{
++  if (!ConsumeItem()) {
++    return true;
++  }
++
++  if (CheckCurrentDir()) {
++    return true;
++  }
++
++  if (CheckParentDir()) {
++    if (!mStack.Length()) {
++      // This means there are more \.. than valid names
++      return false;
++    }
++
++    mStack.RemoveElementAt(mStack.Length() - 1);
++    return true;
++  }
++
++  if (mItem.IsEmpty()) {
++    // this means an empty name (a lone slash), which is illegal
++    return false;
++  }
++
++  if (ConsumeSeparator()) {
++    mItem.Rebind(mItem.BeginReading(), mFilePathCursor);
++  }
++  mStack.AppendElement(mItem);
++
++  return true;
++}
++
++bool Normalizer::CheckCurrentDir()
++{
++  if (mItem == NS_LITERAL_STRING(".")) {
++    ConsumeSeparator();
++    // EOF is acceptable
++    return true;
++  }
++
++  return false;
++}
++
++bool Normalizer::CheckParentDir()
++{
++  if (mItem == NS_LITERAL_STRING("..")) {
++    ConsumeSeparator();
++    // EOF is acceptable
++    return true;
++  }
++
++  return false;
++}
++
++} // anon
++
++bool IsBlockedUNCPath(const nsAString& aFilePath)
++{
++  if (!sBlockUNCPaths) {
++    return false;
++  }
++
++  if (!StringBeginsWith(aFilePath, NS_LITERAL_STRING("\\\\"))) {
++    return false;
++  }
++
++  nsAutoString normalized;
++  if (!Normalizer(aFilePath, L'\\').Get(normalized)) {
++    // Broken paths are considered invalid and thus inaccessible
++    return true;
++  }
++
++  for (const auto& allowedPrefix : PathArray()) {
++    if (StringBeginsWith(normalized, allowedPrefix)) {
++      if (normalized.Length() == allowedPrefix.Length()) {
++        return false;
++      }
++      if (normalized[allowedPrefix.Length()] == L'\\') {
++        return false;
++      }
++
++      // When we are here, the path has a form "\\path\prefixevil"
++      // while we have an allowed prefix of "\\path\prefix".
++      // Note that we don't want to add a slash to the end of a prefix
++      // so that opening the directory (no slash at the end) still works.
++      break;
++    }
++  }
++
++  return true;
++}
++
++void testing::SetBlockUNCPaths(bool aBlock)
++{
++  sBlockUNCPaths = aBlock;
++}
++
++void testing::AddDirectoryToWhitelist(nsAString const & aPath)
++{
++  PathArray().AppendElement(aPath);
++}
++
++bool testing::NormalizePath(nsAString const & aPath, nsAString & aNormalized)
++{
++  Normalizer normalizer(aPath, L'\\');
++  return normalizer.Get(aNormalized);
++}
++
++} // ::FilePreferences
++} // ::mozilla
+diff --git a/xpcom/io/FilePreferences.h b/xpcom/io/FilePreferences.h
+new file mode 100644
+--- /dev/null
++++ b/xpcom/io/FilePreferences.h
+@@ -0,0 +1,25 @@
++/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
++/* vim: set ts=8 sts=2 et sw=2 tw=80: */
++/* This Source Code Form is subject to the terms of the Mozilla Public
++* License, v. 2.0. If a copy of the MPL was not distributed with this
++* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
++
++#include "nsIObserver.h"
++
++namespace mozilla {
++namespace FilePreferences {
++
++void InitPrefs();
++void InitDirectoriesWhitelist();
++bool IsBlockedUNCPath(const nsAString& aFilePath);
++
++namespace testing {
++
++void SetBlockUNCPaths(bool aBlock);
++void AddDirectoryToWhitelist(nsAString const& aPath);
++bool NormalizePath(nsAString const & aPath, nsAString & aNormalized);
++
++}
++
++} // FilePreferences
++} // mozilla
+diff --git a/xpcom/io/moz.build b/xpcom/io/moz.build
+--- a/xpcom/io/moz.build
++++ b/xpcom/io/moz.build
+@@ -79,24 +79,26 @@ EXPORTS += [
+     'nsUnicharInputStream.h',
+     'nsWildCard.h',
+     'SlicedInputStream.h',
+     'SpecialSystemDirectory.h',
+ ]
+ 
+ EXPORTS.mozilla += [
+     'Base64.h',
++    'FilePreferences.h',
+     'SnappyCompressOutputStream.h',
+     'SnappyFrameUtils.h',
+     'SnappyUncompressInputStream.h',
+ ]
+ 
+ UNIFIED_SOURCES += [
+     'Base64.cpp',
+     'crc32c.c',
++    'FilePreferences.cpp',
+     'nsAnonymousTemporaryFile.cpp',
+     'nsAppFileLocationProvider.cpp',
+     'nsBinaryStream.cpp',
+     'nsDirectoryService.cpp',
+     'nsEscape.cpp',
+     'nsInputStreamTee.cpp',
+     'nsIOUtil.cpp',
+     'nsLinebreakConverter.cpp',
+diff --git a/xpcom/io/nsLocalFileWin.cpp b/xpcom/io/nsLocalFileWin.cpp
+--- a/xpcom/io/nsLocalFileWin.cpp
++++ b/xpcom/io/nsLocalFileWin.cpp
+@@ -41,16 +41,17 @@
+ #include  <stdio.h>
+ #include  <stdlib.h>
+ #include  <mbstring.h>
+ 
+ #include "nsXPIDLString.h"
+ #include "prproces.h"
+ #include "prlink.h"
+ 
++#include "mozilla/FilePreferences.h"
+ #include "mozilla/Mutex.h"
+ #include "SpecialSystemDirectory.h"
+ 
+ #include "nsTraceRefcnt.h"
+ #include "nsXPCOMCIDInternal.h"
+ #include "nsThreadUtils.h"
+ #include "nsXULAppAPI.h"
+ 
+@@ -1162,16 +1163,20 @@ nsLocalFile::InitWithPath(const nsAStrin
+   char16_t secondChar = *(++begin);
+ 
+   // just do a sanity check.  if it has any forward slashes, it is not a Native path
+   // on windows.  Also, it must have a colon at after the first char.
+   if (FindCharInReadable(L'/', begin, end)) {
+     return NS_ERROR_FILE_UNRECOGNIZED_PATH;
+   }
+ 
++  if (FilePreferences::IsBlockedUNCPath(aFilePath)) {
++    return NS_ERROR_FILE_ACCESS_DENIED;
++  }
++
+   if (secondChar != L':' && (secondChar != L'\\' || firstChar != L'\\')) {
+     return NS_ERROR_FILE_UNRECOGNIZED_PATH;
+   }
+ 
+   if (secondChar == L':') {
+     // Make sure we have a valid drive, later code assumes the drive letter
+     // is a single char a-z or A-Z.
+     if (PathGetDriveNumberW(aFilePath.Data()) == -1) {
+@@ -1974,16 +1979,20 @@ nsLocalFile::CopySingleFile(nsIFile* aSo
+     bool path1Remote, path2Remote;
+     if (!IsRemoteFilePath(filePath.get(), path1Remote) ||
+         !IsRemoteFilePath(destPath.get(), path2Remote) ||
+         path1Remote || path2Remote) {
+       dwCopyFlags |= COPY_FILE_NO_BUFFERING;
+     }
+   }
+ 
++  if (FilePreferences::IsBlockedUNCPath(destPath)) {
++    return NS_ERROR_FILE_ACCESS_DENIED;
++  }
++
+   if (!move) {
+     copyOK = ::CopyFileExW(filePath.get(), destPath.get(), nullptr,
+                            nullptr, nullptr, dwCopyFlags);
+   } else {
+     copyOK = ::MoveFileExW(filePath.get(), destPath.get(),
+                            MOVEFILE_REPLACE_EXISTING);
+ 
+     // Check if copying the source file to a different volume,
+diff --git a/xpcom/tests/gtest/TestFilePreferencesWin.cpp b/xpcom/tests/gtest/TestFilePreferencesWin.cpp
+new file mode 100644
+--- /dev/null
++++ b/xpcom/tests/gtest/TestFilePreferencesWin.cpp
+@@ -0,0 +1,141 @@
++#include "gtest/gtest.h"
++
++#include "mozilla/FilePreferences.h"
++#include "nsIFile.h"
++#include "nsXPCOMCID.h"
++
++TEST(FilePreferencesWin, Normalization)
++{
++  nsAutoString normalized;
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("foo"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("foo"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\foo"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\foo"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("foo\\some"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("foo\\some"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\.\\foo"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\."), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\.\\"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\.\\."), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\bar"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\bar"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\bar\\"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\bar\\"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\bar\\."), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\bar\\"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\bar\\.\\"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\bar\\"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\bar\\..\\"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\bar\\.."), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\..\\bar\\..\\"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\..\\bar"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\bar"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\bar\\..\\..\\"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\bar\\.\\..\\.\\..\\"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\"));
++
++  bool result;
++
++  result = mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\.."), normalized);
++  ASSERT_FALSE(result);
++
++  result = mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\..\\"), normalized);
++  ASSERT_FALSE(result);
++
++  result = mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\.\\..\\"), normalized);
++  ASSERT_FALSE(result);
++
++  result = mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\\\bar"), normalized);
++  ASSERT_FALSE(result);
++
++  result = mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\bar\\..\\..\\..\\..\\"), normalized);
++  ASSERT_FALSE(result);
++
++  result = mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\\\"), normalized);
++  ASSERT_FALSE(result);
++
++  result = mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\.\\\\"), normalized);
++  ASSERT_FALSE(result);
++
++  result = mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\..\\\\"), normalized);
++  ASSERT_FALSE(result);
++}
++
++TEST(FilePreferencesWin, AccessUNC)
++{
++  nsCOMPtr<nsIFile> lf = do_CreateInstance(NS_LOCAL_FILE_CONTRACTID);
++
++  nsresult rv;
++
++  mozilla::FilePreferences::testing::SetBlockUNCPaths(false);
++
++  rv = lf->InitWithPath(NS_LITERAL_STRING("\\\\nice\\..\\evil\\share"));
++  ASSERT_EQ(rv, NS_OK);
++
++  mozilla::FilePreferences::testing::SetBlockUNCPaths(true);
++
++  rv = lf->InitWithPath(NS_LITERAL_STRING("\\\\nice\\..\\evil\\share"));
++  ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED);
++
++  mozilla::FilePreferences::testing::AddDirectoryToWhitelist(NS_LITERAL_STRING("\\\\nice"));
++
++  rv = lf->InitWithPath(NS_LITERAL_STRING("\\\\nice\\share"));
++  ASSERT_EQ(rv, NS_OK);
++
++  rv = lf->InitWithPath(NS_LITERAL_STRING("\\\\nice\\..\\evil\\share"));
++  ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED);
++}
+diff --git a/xpcom/tests/gtest/moz.build b/xpcom/tests/gtest/moz.build
+--- a/xpcom/tests/gtest/moz.build
++++ b/xpcom/tests/gtest/moz.build
+@@ -51,16 +51,21 @@ UNIFIED_SOURCES += [
+ if CONFIG['MOZ_DEBUG'] and CONFIG['OS_ARCH'] not in ('WINNT') and CONFIG['OS_TARGET'] != 'Android':
+     # FIXME bug 523392: TestDeadlockDetector doesn't like Windows
+     # Bug 1054249: Doesn't work on Android
+     UNIFIED_SOURCES += [
+         'TestDeadlockDetector.cpp',
+         'TestDeadlockDetectorScalability.cpp',
+     ]
+ 
++if CONFIG['OS_TARGET'] == 'WINNT':
++    UNIFIED_SOURCES += [
++        'TestFilePreferencesWin.cpp',
++    ]
++
+ if CONFIG['WRAP_STL_INCLUDES'] and not CONFIG['CLANG_CL']:
+     UNIFIED_SOURCES += [
+         'TestSTLWrappers.cpp',
+     ]
+ 
+ # Compile TestAllocReplacement separately so Windows headers don't pollute
+ # the global namespace for other files.
+ SOURCES += [
+
diff --git a/gnu/packages/patches/java-commons-collections-fix-java8.patch b/gnu/packages/patches/java-commons-collections-fix-java8.patch
new file mode 100644
index 0000000000..322fd7f699
--- /dev/null
+++ b/gnu/packages/patches/java-commons-collections-fix-java8.patch
@@ -0,0 +1,299 @@
+From e760d181abd20ecb98654af63faec7b2a4d61189 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=A1bor=20Boskovits?= <boskovits@gmail.com>
+Date: Mon, 25 Jun 2018 15:02:25 +0200
+Subject: [PATCH] Rename removes in maps to fix java8.
+
+* src/java/org/apache/commons/collections/MultiHashMap.java:
+Rename "V MultiHashMap#remove(K, V)"
+to "boolean MulitHashMap#removeMapping(K, V)".
+* src/java/org/apache/commons/collections/MultiMap.java:
+Rename "V MultiMap#remove(K, V)"
+to "boolean MultiMap#removeMapping(K, V)".
+* src/java/org/apache/commons/collections/map/MultiKeyMap.java:
+Rename "V MultiKeyMap#remove(...)"
+to "V MultiKeyMap#removeMultiKey(...)".
+* src/java/org/apache/commons/collections/map/MultiValueMap.java:
+Rename "V MultiValueMap#remove(K, V)"
+to "boolean MultiValueMap#removeMapping(K, V)".
+* src/test/org/apache/commons/collections/TestMultiHashMap.java:
+Adjust accordingly.
+* src/test/org/apache/commons/collections/map/TestMultiKeyMap.java:
+Adjust accordingly.
+* src/test/org/apache/commons/collections/map/TestMultiValueMap.java:
+Adjust accordingly.
+---
+ .../commons/collections/MultiHashMap.java      |  8 ++++----
+ .../apache/commons/collections/MultiMap.java   |  2 +-
+ .../commons/collections/map/MultiKeyMap.java   |  8 ++++----
+ .../commons/collections/map/MultiValueMap.java |  8 ++++----
+ .../commons/collections/TestMultiHashMap.java  | 16 ++++++++--------
+ .../collections/map/TestMultiKeyMap.java       | 16 ++++++++--------
+ .../collections/map/TestMultiValueMap.java     | 18 +++++++++---------
+ 7 files changed, 38 insertions(+), 38 deletions(-)
+
+diff --git a/src/java/org/apache/commons/collections/MultiHashMap.java b/src/java/org/apache/commons/collections/MultiHashMap.java
+index 7fec9af..482ecbd 100644
+--- a/src/java/org/apache/commons/collections/MultiHashMap.java
++++ b/src/java/org/apache/commons/collections/MultiHashMap.java
+@@ -331,21 +331,21 @@ public class MultiHashMap extends HashMap implements MultiMap {
+      * @param item  the value to remove
+      * @return the value removed (which was passed in), null if nothing removed
+      */
+-    public Object remove(Object key, Object item) {
++    public boolean removeMapping(Object key, Object item) {
+         Collection valuesForKey = getCollection(key);
+         if (valuesForKey == null) {
+-            return null;
++            return false;
+         }
+         boolean removed = valuesForKey.remove(item);
+         if (removed == false) {
+-            return null;
++            return false;
+         }
+         // remove the list if it is now empty
+         // (saves space, and allows equals to work)
+         if (valuesForKey.isEmpty()){
+             remove(key);
+         }
+-        return item;
++        return true;
+     }
+ 
+     /**
+diff --git a/src/java/org/apache/commons/collections/MultiMap.java b/src/java/org/apache/commons/collections/MultiMap.java
+index be9455b..fe54234 100644
+--- a/src/java/org/apache/commons/collections/MultiMap.java
++++ b/src/java/org/apache/commons/collections/MultiMap.java
+@@ -66,7 +66,7 @@ public interface MultiMap extends Map {
+      * @throws ClassCastException if the key or value is of an invalid type
+      * @throws NullPointerException if the key or value is null and null is invalid
+      */
+-    public Object remove(Object key, Object item);
++    public boolean removeMapping(Object key, Object item);
+ 
+     //-----------------------------------------------------------------------
+     /**
+diff --git a/src/java/org/apache/commons/collections/map/MultiKeyMap.java b/src/java/org/apache/commons/collections/map/MultiKeyMap.java
+index 9e3e02d..0b99b65 100644
+--- a/src/java/org/apache/commons/collections/map/MultiKeyMap.java
++++ b/src/java/org/apache/commons/collections/map/MultiKeyMap.java
+@@ -197,7 +197,7 @@ public class MultiKeyMap
+      * @param key2  the second key
+      * @return the value mapped to the removed key, null if key not in map
+      */
+-    public Object remove(Object key1, Object key2) {
++    public Object removeMultiKey(Object key1, Object key2) {
+         int hashCode = hash(key1, key2);
+         int index = map.hashIndex(hashCode, map.data.length);
+         AbstractHashedMap.HashEntry entry = map.data[index];
+@@ -327,7 +327,7 @@ public class MultiKeyMap
+      * @param key3  the third key
+      * @return the value mapped to the removed key, null if key not in map
+      */
+-    public Object remove(Object key1, Object key2, Object key3) {
++    public Object removeMultiKey(Object key1, Object key2, Object key3) {
+         int hashCode = hash(key1, key2, key3);
+         int index = map.hashIndex(hashCode, map.data.length);
+         AbstractHashedMap.HashEntry entry = map.data[index];
+@@ -467,7 +467,7 @@ public class MultiKeyMap
+      * @param key4  the fourth key
+      * @return the value mapped to the removed key, null if key not in map
+      */
+-    public Object remove(Object key1, Object key2, Object key3, Object key4) {
++    public Object removeMultiKey(Object key1, Object key2, Object key3, Object key4) {
+         int hashCode = hash(key1, key2, key3, key4);
+         int index = map.hashIndex(hashCode, map.data.length);
+         AbstractHashedMap.HashEntry entry = map.data[index];
+@@ -617,7 +617,7 @@ public class MultiKeyMap
+      * @param key5  the fifth key
+      * @return the value mapped to the removed key, null if key not in map
+      */
+-    public Object remove(Object key1, Object key2, Object key3, Object key4, Object key5) {
++    public Object removeMultiKey(Object key1, Object key2, Object key3, Object key4, Object key5) {
+         int hashCode = hash(key1, key2, key3, key4, key5);
+         int index = map.hashIndex(hashCode, map.data.length);
+         AbstractHashedMap.HashEntry entry = map.data[index];
+diff --git a/src/java/org/apache/commons/collections/map/MultiValueMap.java b/src/java/org/apache/commons/collections/map/MultiValueMap.java
+index f44999b..86eaeb0 100644
+--- a/src/java/org/apache/commons/collections/map/MultiValueMap.java
++++ b/src/java/org/apache/commons/collections/map/MultiValueMap.java
+@@ -153,19 +153,19 @@ public class MultiValueMap extends AbstractMapDecorator implements MultiMap {
+      * @param value the value to remove
+      * @return the value removed (which was passed in), null if nothing removed
+      */
+-    public Object remove(Object key, Object value) {
++    public boolean removeMapping(Object key, Object value) {
+         Collection valuesForKey = getCollection(key);
+         if (valuesForKey == null) {
+-            return null;
++            return false;
+         }
+         boolean removed = valuesForKey.remove(value);
+         if (removed == false) {
+-            return null;
++            return false;
+         }
+         if (valuesForKey.isEmpty()) {
+             remove(key);
+         }
+-        return value;
++        return true;
+     }
+ 
+     /**
+diff --git a/src/test/org/apache/commons/collections/TestMultiHashMap.java b/src/test/org/apache/commons/collections/TestMultiHashMap.java
+index eca833a..a1de943 100644
+--- a/src/test/org/apache/commons/collections/TestMultiHashMap.java
++++ b/src/test/org/apache/commons/collections/TestMultiHashMap.java
+@@ -217,7 +217,7 @@ public class TestMultiHashMap extends AbstractTestMap {
+         MultiHashMap one = new MultiHashMap();
+         Integer value = new Integer(1);
+         one.put("One", value);
+-        one.remove("One", value);
++        one.removeMapping("One", value);
+         
+         MultiHashMap two = new MultiHashMap();
+         assertEquals(two, one);
+@@ -269,7 +269,7 @@ public class TestMultiHashMap extends AbstractTestMap {
+         assertEquals(4, map.totalSize());
+         map.remove("A");
+         assertEquals(3, map.totalSize());
+-        map.remove("B", "BC");
++        map.removeMapping("B", "BC");
+         assertEquals(2, map.totalSize());
+     }
+     
+@@ -292,7 +292,7 @@ public class TestMultiHashMap extends AbstractTestMap {
+         map.remove("A");
+         assertEquals(0, map.size("A"));
+         assertEquals(3, map.size("B"));
+-        map.remove("B", "BC");
++        map.removeMapping("B", "BC");
+         assertEquals(0, map.size("A"));
+         assertEquals(2, map.size("B"));
+     }
+@@ -464,11 +464,11 @@ public class TestMultiHashMap extends AbstractTestMap {
+         map.put("A", "AA");
+         map.put("A", "AB");
+         map.put("A", "AC");
+-        assertEquals(null, map.remove("C", "CA"));
+-        assertEquals(null, map.remove("A", "AD"));
+-        assertEquals("AC", map.remove("A", "AC"));
+-        assertEquals("AB", map.remove("A", "AB"));
+-        assertEquals("AA", map.remove("A", "AA"));
++        assertEquals(false, map.removeMapping("C", "CA"));
++        assertEquals(false, map.removeMapping("A", "AD"));
++        assertEquals(true, map.removeMapping("A", "AC"));
++        assertEquals(true, map.removeMapping("A", "AB"));
++        assertEquals(true, map.removeMapping("A", "AA"));
+         assertEquals(new MultiHashMap(), map);
+     }
+ 
+diff --git a/src/test/org/apache/commons/collections/map/TestMultiKeyMap.java b/src/test/org/apache/commons/collections/map/TestMultiKeyMap.java
+index b1ee3d0..b18f480 100644
+--- a/src/test/org/apache/commons/collections/map/TestMultiKeyMap.java
++++ b/src/test/org/apache/commons/collections/map/TestMultiKeyMap.java
+@@ -315,34 +315,34 @@ public class TestMultiKeyMap extends AbstractTestIterableMap {
+             switch (key.size()) {
+                 case 2:
+                 assertEquals(true, multimap.containsKey(key.getKey(0), key.getKey(1)));
+-                assertEquals(value, multimap.remove(key.getKey(0), key.getKey(1)));
++                assertEquals(value, multimap.removeMultiKey(key.getKey(0), key.getKey(1)));
+                 assertEquals(false, multimap.containsKey(key.getKey(0), key.getKey(1)));
+                 assertEquals(size - 1, multimap.size());
+-                assertEquals(null, multimap.remove(key.getKey(0), key.getKey(1)));
++                assertEquals(null, multimap.removeMultiKey(key.getKey(0), key.getKey(1)));
+                 assertEquals(false, multimap.containsKey(key.getKey(0), key.getKey(1)));
+                 break;
+                 case 3:
+                 assertEquals(true, multimap.containsKey(key.getKey(0), key.getKey(1), key.getKey(2)));
+-                assertEquals(value, multimap.remove(key.getKey(0), key.getKey(1), key.getKey(2)));
++                assertEquals(value, multimap.removeMultiKey(key.getKey(0), key.getKey(1), key.getKey(2)));
+                 assertEquals(false, multimap.containsKey(key.getKey(0), key.getKey(1), key.getKey(2)));
+                 assertEquals(size - 1, multimap.size());
+-                assertEquals(null, multimap.remove(key.getKey(0), key.getKey(1), key.getKey(2)));
++                assertEquals(null, multimap.removeMultiKey(key.getKey(0), key.getKey(1), key.getKey(2)));
+                 assertEquals(false, multimap.containsKey(key.getKey(0), key.getKey(1), key.getKey(2)));
+                 break;
+                 case 4:
+                 assertEquals(true, multimap.containsKey(key.getKey(0), key.getKey(1), key.getKey(2), key.getKey(3)));
+-                assertEquals(value, multimap.remove(key.getKey(0), key.getKey(1), key.getKey(2), key.getKey(3)));
++                assertEquals(value, multimap.removeMultiKey(key.getKey(0), key.getKey(1), key.getKey(2), key.getKey(3)));
+                 assertEquals(false, multimap.containsKey(key.getKey(0), key.getKey(1), key.getKey(2), key.getKey(3)));
+                 assertEquals(size - 1, multimap.size());
+-                assertEquals(null, multimap.remove(key.getKey(0), key.getKey(1), key.getKey(2), key.getKey(3)));
++                assertEquals(null, multimap.removeMultiKey(key.getKey(0), key.getKey(1), key.getKey(2), key.getKey(3)));
+                 assertEquals(false, multimap.containsKey(key.getKey(0), key.getKey(1), key.getKey(2), key.getKey(3)));
+                 break;
+                 case 5:
+                 assertEquals(true, multimap.containsKey(key.getKey(0), key.getKey(1), key.getKey(2), key.getKey(3), key.getKey(4)));
+-                assertEquals(value, multimap.remove(key.getKey(0), key.getKey(1), key.getKey(2), key.getKey(3), key.getKey(4)));
++                assertEquals(value, multimap.removeMultiKey(key.getKey(0), key.getKey(1), key.getKey(2), key.getKey(3), key.getKey(4)));
+                 assertEquals(false, multimap.containsKey(key.getKey(0), key.getKey(1), key.getKey(2), key.getKey(3), key.getKey(4)));
+                 assertEquals(size - 1, multimap.size());
+-                assertEquals(null, multimap.remove(key.getKey(0), key.getKey(1), key.getKey(2), key.getKey(3), key.getKey(4)));
++                assertEquals(null, multimap.removeMultiKey(key.getKey(0), key.getKey(1), key.getKey(2), key.getKey(3), key.getKey(4)));
+                 assertEquals(false, multimap.containsKey(key.getKey(0), key.getKey(1), key.getKey(2), key.getKey(3), key.getKey(4)));
+                 break;
+                 default:
+diff --git a/src/test/org/apache/commons/collections/map/TestMultiValueMap.java b/src/test/org/apache/commons/collections/map/TestMultiValueMap.java
+index b9a5ac8..9ecc269 100644
+--- a/src/test/org/apache/commons/collections/map/TestMultiValueMap.java
++++ b/src/test/org/apache/commons/collections/map/TestMultiValueMap.java
+@@ -161,7 +161,7 @@ public class TestMultiValueMap extends TestCase {
+         MultiValueMap one = new MultiValueMap();

+         Integer value = new Integer(1);

+         one.put("One", value);

+-        one.remove("One", value);

++        one.removeMapping("One", value);

+         

+         MultiValueMap two = new MultiValueMap();

+         assertEquals(two, one);

+@@ -187,7 +187,7 @@ public class TestMultiValueMap extends TestCase {
+         assertEquals(4, map.totalSize());

+         map.remove("A");

+         assertEquals(3, map.totalSize());

+-        map.remove("B", "BC");

++        map.removeMapping("B", "BC");

+         assertEquals(2, map.totalSize());

+     }

+     

+@@ -204,7 +204,7 @@ public class TestMultiValueMap extends TestCase {
+         assertEquals(2, map.size());

+         map.remove("A");

+         assertEquals(2, map.size());

+-        map.remove("B", "BC");

++        map.removeMapping("B", "BC");

+         assertEquals(2, map.size());

+     }

+     

+@@ -227,7 +227,7 @@ public class TestMultiValueMap extends TestCase {
+         map.remove("A");

+         assertEquals(0, map.size("A"));

+         assertEquals(3, map.size("B"));

+-        map.remove("B", "BC");

++        map.removeMapping("B", "BC");

+         assertEquals(0, map.size("A"));

+         assertEquals(2, map.size("B"));

+     }

+@@ -338,11 +338,11 @@ public class TestMultiValueMap extends TestCase {
+         map.put("A", "AA");

+         map.put("A", "AB");

+         map.put("A", "AC");

+-        assertEquals(null, map.remove("C", "CA"));

+-        assertEquals(null, map.remove("A", "AD"));

+-        assertEquals("AC", map.remove("A", "AC"));

+-        assertEquals("AB", map.remove("A", "AB"));

+-        assertEquals("AA", map.remove("A", "AA"));

++        assertEquals(false, map.removeMapping("C", "CA"));

++        assertEquals(false, map.removeMapping("A", "AD"));

++        assertEquals(true, map.removeMapping("A", "AC"));

++        assertEquals(true, map.removeMapping("A", "AB"));

++        assertEquals(true, map.removeMapping("A", "AA"));

+         assertEquals(new MultiValueMap(), map);

+     }

+ 

+-- 
+2.18.0
+
diff --git a/gnu/packages/patches/libreoffice-icu.patch b/gnu/packages/patches/libreoffice-icu.patch
new file mode 100644
index 0000000000..2985d564aa
--- /dev/null
+++ b/gnu/packages/patches/libreoffice-icu.patch
@@ -0,0 +1,126 @@
+This patch fixes the build of Libreoffice 6.0.5 with icu 61.1.
+It was downloaded from https://bugs.gentoo.org/651702.
+
+--- a/forms/source/xforms/datatypes.hxx	
++++ a/forms/source/xforms/datatypes.hxx	
+@@ -36,6 +36,8 @@ 
+ 
+ #include <memory>
+ 
++using icu::RegexMatcher;
++
+ 
+ namespace xforms
+ {
+--- a/i18npool/inc/collator_unicode.hxx	
++++ a/i18npool/inc/collator_unicode.hxx	
+@@ -26,6 +26,8 @@ 
+ 
+ #include <unicode/tblcoll.h>
+ 
++using icu::RuleBasedCollator;
++
+ //      ----------------------------------------------------
+ //      class Collator_Unicode
+ //      ----------------------------------------------------
+--- a/i18npool/source/breakiterator/breakiterator_unicode.cxx	
++++ a/i18npool/source/breakiterator/breakiterator_unicode.cxx	
+@@ -30,6 +30,9 @@ 
+ #include <rtl/ustring.hxx>
+ #include <string.h>
+ 
++using icu::BreakIterator;
++using icu::RuleBasedBreakIterator;
++
+ U_CDECL_BEGIN
+ extern const char OpenOffice_dat[];
+ U_CDECL_END
+--- a/i18npool/source/collator/collator_unicode.cxx	
++++ a/i18npool/source/collator/collator_unicode.cxx	
+@@ -29,6 +29,8 @@ 
+ #include <com/sun/star/i18n/CollatorOptions.hpp>
+ #include <cppuhelper/supportsservice.hxx>
+ 
++using icu::Collator;
++
+ using namespace ::com::sun::star;
+ using namespace ::com::sun::star::i18n;
+ using namespace ::com::sun::star::lang;
+--- a/i18npool/source/collator/gencoll_rule.cxx	
++++ a/i18npool/source/collator/gencoll_rule.cxx	
+@@ -31,6 +31,8 @@ 
+ 
+ #include <unicode/tblcoll.h>
+ 
++using icu::RuleBasedCollator;
++
+ /* Main Procedure */
+ 
+ void data_write(char* file, char* name, sal_uInt8 *data, sal_Int32 len)
+--- a/i18npool/source/ordinalsuffix/ordinalsuffix.cxx	
++++ a/i18npool/source/ordinalsuffix/ordinalsuffix.cxx	
+@@ -29,6 +29,8 @@ 
+ #include <unicode/normlzr.h>
+ #include <memory>
+ 
++using icu::NumberFormat;
++
+ using namespace ::com::sun::star::i18n;
+ using namespace ::com::sun::star::uno;
+ using namespace ::com::sun::star;
+--- a/i18npool/source/transliteration/ignoreDiacritics_CTL.cxx	
++++ a/i18npool/source/transliteration/ignoreDiacritics_CTL.cxx	
+@@ -12,6 +12,8 @@ 
+ #include <unicode/translit.h>
+ #include <unicode/uchar.h>
+ 
++using icu::UnicodeString;
++
+ namespace i18npool {
+ 
+ ignoreDiacritics_CTL::ignoreDiacritics_CTL()
+--- a/i18nutil/source/utility/unicode.cxx	
++++ a/i18nutil/source/utility/unicode.cxx	
+@@ -34,6 +34,9 @@ 
+ // which (obviously) breaks UnicodeType::CURRENCY_SYMBOL
+ #undef CURRENCY_SYMBOL
+ 
++using icu::NumberFormat;
++using icu::UnicodeString;
++
+ using namespace ::com::sun::star::i18n;
+ 
+ template<class L, typename T>
+--- a/lotuswordpro/source/filter/localtime.cxx	
++++ a/lotuswordpro/source/filter/localtime.cxx	
+@@ -57,6 +57,8 @@ 
+ #include <limits.h>
+ #include <unicode/timezone.h>
+ 
++using icu::TimeZone;
++
+ const long DAY_SEC =24 * 60 * 60;
+ const long YEAR_SEC = 365 * DAY_SEC;
+ const long FOURYEAR_SEC = 4 * YEAR_SEC + DAY_SEC;
+--- a/opencl/source/openclconfig.cxx	
++++ a/opencl/source/openclconfig.cxx	
+@@ -17,6 +17,8 @@ 
+ #include <sal/log.hxx>
+ #include <sal/types.h>
+ 
++using icu::RegexMatcher;
++
+ OpenCLConfig::OpenCLConfig() :
+     mbUseOpenCL(true)
+ {
+--- a/vcl/inc/scrptrun.h	
++++ a/vcl/inc/scrptrun.h	
+@@ -45,6 +45,8 @@ 
+ #include <unicode/uscript.h>
+ #include <vector>
+ 
++using icu::UObject;
++
+ namespace vcl {
+ 
+ struct ParenStackEntry
diff --git a/gnu/packages/patches/libtiff-CVE-2018-10963.patch b/gnu/packages/patches/libtiff-CVE-2018-10963.patch
new file mode 100644
index 0000000000..d31c12399d
--- /dev/null
+++ b/gnu/packages/patches/libtiff-CVE-2018-10963.patch
@@ -0,0 +1,40 @@
+Fix CVE-2018-10963:
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2795
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963
+
+Patch copied from upstream source repository:
+
+https://gitlab.com/libtiff/libtiff/commit/de144fd228e4be8aa484c3caf3d814b6fa88c6d9
+
+From de144fd228e4be8aa484c3caf3d814b6fa88c6d9 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sat, 12 May 2018 14:24:15 +0200
+Subject: [PATCH] TIFFWriteDirectorySec: avoid assertion. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2795. CVE-2018-10963
+
+---
+ libtiff/tif_dirwrite.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
+index 2430de6d..c15a28db 100644
+--- a/libtiff/tif_dirwrite.c
++++ b/libtiff/tif_dirwrite.c
+@@ -695,8 +695,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff)
+ 								}
+ 								break;
+ 							default:
+-								assert(0);   /* we should never get here */
+-								break;
++								TIFFErrorExt(tif->tif_clientdata,module,
++								            "Cannot write tag %d (%s)",
++								            TIFFFieldTag(o),
++                                                                            o->field_name ? o->field_name : "unknown");
++								goto bad;
+ 						}
+ 					}
+ 				}
+-- 
+2.17.0
+
diff --git a/gnu/packages/patches/libtiff-CVE-2018-8905.patch b/gnu/packages/patches/libtiff-CVE-2018-8905.patch
new file mode 100644
index 0000000000..f49815789e
--- /dev/null
+++ b/gnu/packages/patches/libtiff-CVE-2018-8905.patch
@@ -0,0 +1,61 @@
+Fix CVE-2018-8095:
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2780
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905
+
+Patch copied from upstream source repository:
+
+https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d
+
+From 58a898cb4459055bb488ca815c23b880c242a27d Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sat, 12 May 2018 15:32:31 +0200
+Subject: [PATCH] LZWDecodeCompat(): fix potential index-out-of-bounds write.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2780 / CVE-2018-8905
+
+The fix consists in using the similar code LZWDecode() to validate we
+don't write outside of the output buffer.
+---
+ libtiff/tif_lzw.c | 18 ++++++++++++------
+ 1 file changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
+index 4ccb443c..94d85e38 100644
+--- a/libtiff/tif_lzw.c
++++ b/libtiff/tif_lzw.c
+@@ -602,6 +602,7 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
+ 	char *tp;
+ 	unsigned char *bp;
+ 	int code, nbits;
++	int len;
+ 	long nextbits, nextdata, nbitsmask;
+ 	code_t *codep, *free_entp, *maxcodep, *oldcodep;
+ 
+@@ -753,13 +754,18 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
+ 				}  while (--occ);
+ 				break;
+ 			}
+-			assert(occ >= codep->length);
+-			op += codep->length;
+-			occ -= codep->length;
+-			tp = op;
++			len = codep->length;
++			tp = op + len;
+ 			do {
+-				*--tp = codep->value;
+-			} while( (codep = codep->next) != NULL );
++				int t;
++				--tp;
++				t = codep->value;
++				codep = codep->next;
++				*tp = (char)t;
++			} while (codep && tp > op);
++			assert(occ >= len);
++			op += len;
++			occ -= len;
+ 		} else {
+ 			*op++ = (char)code;
+ 			occ--;
+-- 
+2.17.0
+
diff --git a/gnu/packages/patches/libyaml-CVE-2014-9130.patch b/gnu/packages/patches/libyaml-CVE-2014-9130.patch
deleted file mode 100644
index 800358c0d6..0000000000
--- a/gnu/packages/patches/libyaml-CVE-2014-9130.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Fixes CVE-2014-9130
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130
-
-Upstream source:
-https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
-
-# HG changeset patch
-# User Kirill Simonov <xi@resolvent.net>
-# Date 1417197312 21600
-# Node ID 2b9156756423e967cfd09a61d125d883fca6f4f2
-# Parent  053f53a381ff6adbbc93a31ab7fdee06a16c8a33
-Removed invalid simple key assertion (thank to Jonathan Gray).
-
-diff --git a/src/scanner.c b/src/scanner.c
---- a/src/scanner.c
-+++ b/src/scanner.c
-@@ -1106,13 +1106,6 @@
-             && parser->indent == (ptrdiff_t)parser->mark.column);
- 
-     /*
--     * A simple key is required only when it is the first token in the current
--     * line.  Therefore it is always allowed.  But we add a check anyway.
--     */
--
--    assert(parser->simple_key_allowed || !required);    /* Impossible. */
--
--    /*
-      * If the current position may start a simple key, save it.
-      */
- 
diff --git a/gnu/packages/patches/maven-generate-component-xml.patch b/gnu/packages/patches/maven-generate-component-xml.patch
new file mode 100644
index 0000000000..6cb23c7858
--- /dev/null
+++ b/gnu/packages/patches/maven-generate-component-xml.patch
@@ -0,0 +1,171 @@
+From da9e282d834f0e2128501a8154128dc95b4c599d Mon Sep 17 00:00:00 2001
+From: Julien Lepiller <julien@lepiller.eu>
+Date: Sat, 9 Sep 2017 20:34:38 +0200
+Subject: [PATCH] Add a script to generate component.xml files.
+
+plexus-component-metadata is normally used for this task, but it
+depends on maven-core, which depends on maven-model-builder, which needs
+plexus-component-metadata. This script is meant to break this dependency
+cycle.
+---
+ components.sh | 132 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 132 insertions(+)
+ create mode 100755 components.sh
+
+diff --git a/components.sh b/components.sh
+new file mode 100755
+index 0000000..c6748bd
+--- /dev/null
++++ b/components.sh
+@@ -0,0 +1,148 @@
++## This script generates a rough plexus/components.xml file. It is meant to
++## replace plexus-component-metadata as it eventually has a recursive dependency
++## on itself.
++##
++## This script must be run in the source directory (usually src/main/java).
++
++# Finds the complete name from a class name.
++function find_role() {
++    role=$1
++    # Find role
++    case $role in
++      "SettingsWriter" | "SettingsReader")
++        role=org.apache.maven.settings.io.$role
++        ;;
++      "SecDispatcher")
++        role=org.sonatype.plexus.components.sec.dispatcher.$role
++        ;;
++      "SettingsDecrypter")
++        role=org.apache.maven.settings.crypto.$role
++        ;;
++      "SettingsBuilder")
++        role=org.apache.maven.settings.building.$role
++        ;;
++      "SettingsValidator")
++        role=org.apache.maven.settings.validation.$role
++        ;;
++      "LoggerFactory")
++        role=org.eclipse.aether.spi.log.$role
++        ;;
++      "RemoteRepositoryManager" | "VersionResolver" | "VersionRangeResolver" \
++      | "ArtifactResolver" | "RepositoryEventDispatcher" | "MetadataResolver" \
++      | "SyncContextFactory" | "MetadataGeneratorFactory" | "MetadatResolver" \
++      | "ArtifactDescriptorReader")
++        role=org.eclipse.aether.impl.$role
++        ;;
++      "ModelBuilder" | "ModelProcessor")
++        role=org.apache.maven.model.building.$role
++        ;;
++      "ModelValidator")
++        role=org.apache.maven.model.validation.$role
++        ;;
++      "ProfileInjector" | "ProfileSelector")
++        role=org.apache.maven.model.profile.$role
++        ;;
++      "ProfileActivator")
++        role=org.apache.maven.model.profile.activation.$role
++        ;;
++      "SuperPomProvider")
++        role=org.apache.maven.model.superpom.$role
++        ;;
++      "ReportConfigurationExpander" | "PluginConfigurationExpander" \
++      | "ReportingConverter" | "LifecycleBindingsInjector")
++        role=org.apache.maven.model.plugin.$role
++        ;;
++      "ModelLocator")
++        role=org.apache.maven.model.locator.$role
++        ;;
++      "ModelPathTranslator" | "PathTranslator" | "UrlNormalizer" | "ModelUrlNormalizer")
++        role=org.apache.maven.model.path.$role
++        ;;
++      "DependencyManagementInjector" | "PluginManagementInjector")
++        role=org.apache.maven.model.management.$role
++        ;;
++      "ModelWriter" | "ModelReader")
++        role=org.apache.maven.model.io.$role
++        ;;
++      "DependencyManagementImporter")
++        role=org.apache.maven.model.composition.$role
++        ;;
++      "ModelNormalizer")
++        role=org.apache.maven.model.normalization.$role
++        ;;
++      "ModelInterpolator")
++        role=org.apache.maven.model.interpolation.$role
++        ;;
++      "InheritanceAssembler")
++        role=org.apache.maven.model.inheritance.$role
++        ;;
++      *)
++        role=$role
++        ;;
++    esac
++    echo $role
++}
++
++function generate_xml() {
++echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
++echo "<component-set>"
++echo "<components>"
++
++for file in `find -name '*.java'`; do
++  annot=`grep "@Component" $file`
++  if [ "$?" == "0" ]; then
++    # We have a component!
++    role=$(echo $annot | sed 's|.*role = \(.*\).class.*|\1|')
++    role_hint=$(echo $annot | sed 's|.*hint = "\(.*\)" .*|\1|')
++    if [ "$role_hint" = "$annot" ]; then
++      role_hint=default
++    fi
++    implem=$(echo $file | sed -e 's|^\./||' -e 's|\.java||' -e 's|/|.|g')
++    role=$(find_role $role)
++
++    echo "<component>"
++    echo "  <role>$role</role>"
++    echo "  <role-hint>$role_hint</role-hint>"
++    echo "  <implementation>$implem</implementation>"
++    echo "  <description />"
++    echo "  <isolated-realm>false</isolated-realm>"
++    echo "  <requirements>"
++    reqn=1
++    cont=true
++    while [ "$cont" = "true" ]; do
++      requirement=$(grep "@Requirement" $file -A1 | head -n ${reqn} | tail -1)
++      ((reqn++))
++      property=$(grep "@Requirement" $file -A1 | head -n ${reqn} | tail -1)
++      if (echo $requirement | grep "@Requirement" >/dev/null); then
++        ((reqn++))
++        ((reqn++))
++        optional=$(echo $requirement | sed 's|.*optional = \(.*\) .*|\1|')
++        req_role=$(echo $requirement | sed 's|.*role = \(.*\).class .*|\1|')
++        if (echo $req_role | grep "@Requirement" >/dev/null); then
++          req_role=$(echo $property | sed 's|.*private \(.*\) .*|\1|')
++        fi
++        req_role=$(find_role $req_role)
++        req_name=$(echo $property | sed 's|[^ ]* [^ ]* \([^ ;]*\).*|\1|')
++        echo "    <requirement>"
++        echo "      <role>$req_role</role>"
++        echo "      <field-name>$req_name</field-name>"
++        if (echo $optional | grep "@Requirement" >/dev/null); then
++          :
++        else
++          echo "      <optional>$optional</optional>"
++        fi
++        echo "    </requirement>"
++      else
++        cont=false
++      fi
++    done
++    echo "  </requirements>"
++    echo "</component>"
++  fi
++done
++
++echo "</components>"
++echo "</component-set>"
++}
++
++(cd $1; generate_xml) > $2
+-- 
+2.14.1
+
diff --git a/gnu/packages/patches/maven-generate-javax-inject-named.patch b/gnu/packages/patches/maven-generate-javax-inject-named.patch
new file mode 100644
index 0000000000..b8eba5ab90
--- /dev/null
+++ b/gnu/packages/patches/maven-generate-javax-inject-named.patch
@@ -0,0 +1,31 @@
+From 1d20c0e403f1a38d4aca830e0eb4db03ba43efd3 Mon Sep 17 00:00:00 2001
+From: Julien Lepiller <julien@lepiller.eu>
+Date: Tue, 19 Sep 2017 22:21:29 +0200
+Subject: [PATCH] Add sisu-maven-plugin replacement
+
+---
+ sisu.sh | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+ create mode 100755 sisu.sh
+
+diff --git a/sisu.sh b/sisu.sh
+new file mode 100755
+index 0000000..979f373
+--- /dev/null
++++ b/sisu.sh
+@@ -0,0 +1,12 @@
++## This script generates a rough javax.inject.Named file. It is meant to
++## replace sisu-maven-plugin as it eventually has a recursive dependency
++## on maven.
++##
++## This script must be run in the source directory (usually src/main/java).
++
++for file in `(cd $1; find -name '*.java')`; do
++  annot=`grep "^@Named" $1/$file`
++  if [ "$annot" != "" ]; then
++    echo $file | sed -e 's|^\./||' -e 's|\.java||' -e 's|/|.|g'
++  fi
++done > $2
+-- 
+2.14.1
+
diff --git a/gnu/packages/patches/mrrescue-support-love-11.patch b/gnu/packages/patches/mrrescue-support-love-11.patch
new file mode 100644
index 0000000000..2786a6b01b
--- /dev/null
+++ b/gnu/packages/patches/mrrescue-support-love-11.patch
@@ -0,0 +1,213 @@
+From: Tobias Geerinckx-Rice <me@tobias.gr>
+Date: Tue, 19 Jun 2018 04:37:46 +0200
+Subject: gnu: mrrescue: Support Love 11.
+
+The patch below was copied verbatim from an as-yet-unmerged PR[0] to
+make Mr. Rescue run on a newer version of the Löve engine.
+
+[0]: https://github.com/SimonLarsen/mrrescue/pull/17
+---
+From ab23031e0c2faecb77fde1be8a41d6f8ea4e6eda Mon Sep 17 00:00:00 2001
+From: Mystro256 <alexjnewt@hotmail.com>
+Date: Sun, 10 Jun 2018 21:19:23 -0400
+Subject: [PATCH] Love 11 support
+
+---
+ conf.lua            | 2 +-
+ config.lua          | 6 +++---
+ highscore_entry.lua | 4 ++--
+ highscore_list.lua  | 4 ++--
+ ingame.lua          | 6 +++---
+ ingame_menu.lua     | 4 ++--
+ joystick.lua        | 4 ++--
+ main.lua            | 2 +-
+ resources.lua       | 4 ++--
+ util.lua            | 4 ++--
+ 10 files changed, 20 insertions(+), 20 deletions(-)
+
+diff --git a/conf.lua b/conf.lua
+index 8776da4..f00b216 100644
+--- a/conf.lua
++++ b/conf.lua
+@@ -1,6 +1,6 @@
+ function love.conf(t)
+     t.identity = "mrrescue"
+-    t.version = "0.10.0"
++    t.version = "11.0"
+     t.console = false
+     t.accelerometerjoystick = true
+     t.gammacorrect = false
+diff --git a/config.lua b/config.lua
+index 63eeb04..71c2b66 100644
+--- a/config.lua
++++ b/config.lua
+@@ -38,7 +38,7 @@ function loadConfig()
+ 			config[i] = v
+ 		end
+ 	end
+-	if love.filesystem.exists("settings") then
++	if love.filesystem.getInfo("settings")~= nil then
+ 		local data = love.filesystem.read("settings")
+ 		local file = TSerial.unpack(data)
+ 		for i,v in pairs(file) do
+@@ -52,7 +52,7 @@ function loadConfig()
+ end
+ 
+ function loadHighscores()
+-	if love.filesystem.exists("highscores") then
++	if love.filesystem.getInfo("highscores")~= nil then
+ 		local data = love.filesystem.read("highscores")
+ 		local file = TSerial.unpack(data)
+ 		for i=1,3 do
+@@ -64,7 +64,7 @@ function loadHighscores()
+ end
+ 
+ function loadStats()
+-	if love.filesystem.exists("stats") then
++	if love.filesystem.getInfo("stats")~= nil then
+ 		local data = love.filesystem.read("stats")
+ 		stats = TSerial.unpack(data)
+ 	end
+diff --git a/highscore_entry.lua b/highscore_entry.lua
+index 2f763af..3b3bb73 100644
+--- a/highscore_entry.lua
++++ b/highscore_entry.lua
+@@ -45,9 +45,9 @@ function highscore_entry.draw()
+ 		for ix = 1,10 do
+ 			if highscore_entry.selection == char then
+ 				lg.rectangle("fill", 33+ix*16, 66+iy*16, 14, 14)
+-				lg.setColor(0,0,0,255)
++				lg.setColor(0,0,0,1)
+ 				lg.print(KEYBOARD:sub(char,char), 37+ix*16, 70+iy*16)
+-				lg.setColor(255,255,255,255)
++				lg.setColor(1,1,1,1)
+ 			else
+ 				lg.print(KEYBOARD:sub(char,char), 37+ix*16, 70+iy*16)
+ 			end
+diff --git a/highscore_list.lua b/highscore_list.lua
+index 6a17973..b66d0e2 100644
+--- a/highscore_list.lua
++++ b/highscore_list.lua
+@@ -31,10 +31,10 @@ function highscore_list.draw()
+ 		if scores[i] then
+ 			if highscore_list.level == highscore_list.hllevel
+ 			and highscore_list.hlpos == i then
+-				lg.setColor(25,118,115,255)
++				lg.setColor(25/255,118/255,115/255,1)
+ 				lg.print(scores[i].name,   48, 14+i*16)
+ 				lg.print(scores[i].score, 105, 14+i*16)
+-				lg.setColor(255,255,255,255)
++				lg.setColor(1,1,1,1)
+ 			else
+ 				lg.print(scores[i].name,   48, 14+i*16)
+ 				lg.print(scores[i].score, 105, 14+i*16)
+diff --git a/ingame.lua b/ingame.lua
+index 52004f1..f5c6f7c 100644
+--- a/ingame.lua
++++ b/ingame.lua
+@@ -189,16 +189,16 @@ function ingame.draw()
+ 		lg.pop()
+ 
+ 		if map.type == MT_NORMAL then
+-			lg.setBlendMode("multiply")
++			lg.setBlendMode("multiply", "premultiplied")
+ 			lg.draw(canvas, 0,0)
+ 			lg.setBlendMode("alpha")
+ 		end
+ 
+ 		-- Draw red screen if hit
+ 		if player.heat > 0 then
+-			lg.setColor(255,255,255,cap(player.heat*255, 16, 255))
++			lg.setColor(1,1,1,cap(player.heat*255, 16, 255)/255)
+ 			lg.draw(img.red_screen, quad.red_screen, 0,0)
+-			lg.setColor(255,255,255,255)
++			lg.setColor(1,1,1,1)
+ 		end
+ 
+ 		-- Draw hud
+diff --git a/ingame_menu.lua b/ingame_menu.lua
+index 9fcf768..82a8459 100644
+--- a/ingame_menu.lua
++++ b/ingame_menu.lua
+@@ -18,10 +18,10 @@ function ingame_menu.draw()
+ 	lg.pop()
+ 
+ 	lg.scale(config.scale)
+-	lg.setColor(0,0,0,238)
++	lg.setColor(0,0,0,238/255)
+ 	lg.rectangle("fill", 0, 0, WIDTH, HEIGHT)
+ 
+-	lg.setColor(255,255,255,255)
++	lg.setColor(1,1,1,1)
+ 	lg.printf("PAUSED", 0, 46, WIDTH, "center")
+ 	lg.print("RESUME", 103, 92)
+ 	lg.print("QUIT", 103, 106)
+diff --git a/joystick.lua b/joystick.lua
+index 50ccadb..72d545e 100644
+--- a/joystick.lua
++++ b/joystick.lua
+@@ -22,11 +22,11 @@ function joystick.draw()
+ 	lg.printf("SET JOYSTICK", 0, 39, WIDTH, "center")
+ 	for i=1,4 do
+ 		if joystick.waiting == true and joystick.selection == i then
+-			lg.setColor(195,52,41)
++			lg.setColor(195/255,52/255,41/255)
+ 		end
+ 		lg.print(string.upper(joykeynames[i]), 65, 53+i*13)
+ 		lg.print(config.joykeys[joykeynames[i]], 165, 53+i*13)
+-		lg.setColor(255,255,255)
++		lg.setColor(1,1,1)
+ 	end
+ 	lg.print("DEFAULT", 65, 118)
+ 	lg.print("BACK", 65, 131)
+diff --git a/main.lua b/main.lua
+index 9433e42..56096fa 100644
+--- a/main.lua
++++ b/main.lua
+@@ -273,7 +273,7 @@ function love.releaseerrhand(msg)
+     local font = love.graphics.newFont(14)
+     love.graphics.setFont(font)
+ 
+-    love.graphics.setColor(255, 255, 255, 255)
++    love.graphics.setColor(1, 1, 1, 1)
+ 
+     love.graphics.clear()
+ 
+diff --git a/resources.lua b/resources.lua
+index e5aa70d..1bab520 100644
+--- a/resources.lua
++++ b/resources.lua
+@@ -7,7 +7,7 @@ local snd = {}	-- sound Sources
+ 
+ local IMAGE_FILES = {
+ 	"splash", "tangram", "lovesplashpixel", "howto",
+-	"tiles", "door", "boldfont", "captain_dialog", "captain_dialog_sad",
++	"tiles", "door", "captain_dialog", "captain_dialog_sad",
+ 	"boss_health", "highscore_panes", "exclamation", "stats_screen",
+ 	"awards", "hud", "hud2", "hud_people", "item_slots", "water_bar",
+ 	"reserve_bar", "overloaded_bar", "temperature_bar", "temperature_bar_blink",
+@@ -147,7 +147,7 @@ function loadResources()
+ 	img.stream:setWrap("repeat", "clamp")
+ 
+ 	-- Create fonts
+-	font.bold = lg.newImageFont(img.boldfont, " ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.,!'-:*@<>+/_$&?", 2)
++	font.bold = lg.newImageFont("data/boldfont.png", " ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.,!'-:*@<>+/_$&?", 2)
+ 	lg.setFont(font.bold)
+ 
+ 	-- Create quads
+diff --git a/util.lua b/util.lua
+index b9976da..656600a 100644
+--- a/util.lua
++++ b/util.lua
+@@ -105,9 +105,9 @@ end
+ 
+ 
+ function drawBox(x,y,w,h)
+-	lg.setColor(30,23,18)
++	lg.setColor(30/255,23/255,18/255)
+ 	lg.rectangle("fill",x+1,y+1,w-2,h-2)
+-	lg.setColor(255,255,255)
++	lg.setColor(1,1,1)
+ 	-- Draw sides
+ 	lg.draw(img.menu_box, quad.box_left, x, y+1, 0, 1, (h-2))
+ 	lg.draw(img.menu_box, quad.box_left, x+w, y+1, 0, -1, (h-2))
diff --git a/gnu/packages/patches/mumble-1.2.19-abs.patch b/gnu/packages/patches/mumble-1.2.19-abs.patch
new file mode 100644
index 0000000000..683325f4bc
--- /dev/null
+++ b/gnu/packages/patches/mumble-1.2.19-abs.patch
@@ -0,0 +1,31 @@
+From ea861fe86743c8402bbad77d8d1dd9de8dce447e Mon Sep 17 00:00:00 2001
+From: Mikkel Krautz <mikkel@krautz.dk>
+Date: Fri, 29 Dec 2017 14:47:25 +0100
+Subject: [PATCH] AudioOutput: do not use non-existant template version of
+ std::abs.
+
+This change fixes AudioOutput to use the float overload of std::abs:
+
+    float std::abs(float);
+
+instead of a non-existant template version (for newer Boost 1.66).
+
+Fixes mumble-voip/mumble#3281
+
+---
+ src/mumble/AudioOutput.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/mumble/AudioOutput.cpp b/src/mumble/AudioOutput.cpp
+index cbe0c0e2b..7a0a5e2ab 100644
+--- a/src/mumble/AudioOutput.cpp
++++ b/src/mumble/AudioOutput.cpp
+@@ -437,7 +437,7 @@ bool AudioOutput::mix(void *outbuff, unsigned int nsamp) {
+ 					top[2] = 0.0f;
+ 				}
+ 
+-				if (std::abs<float>(front[0] * top[0] + front[1] * top[1] + front[2] * top[2]) > 0.01f) {
++				if (std::abs(front[0] * top[0] + front[1] * top[1] + front[2] * top[2]) > 0.01f) {
+ 					// Not perpendicular. Assume Y up and rotate 90 degrees.
+ 
+ 					float azimuth = 0.0f;
diff --git a/gnu/packages/patches/nyx-show-header-stats-with-python3.patch b/gnu/packages/patches/nyx-show-header-stats-with-python3.patch
new file mode 100644
index 0000000000..5b20f180f7
--- /dev/null
+++ b/gnu/packages/patches/nyx-show-header-stats-with-python3.patch
@@ -0,0 +1,70 @@
+From: Tobias Geerinckx-Rice <me@tobias.gr>
+Date: Fri, 22 Jun 2018 02:56:39 +0200
+Subject: nyx: Show header stats.
+
+The following patch was taken verbatim from the upstream repository and
+will be included in the next release.
+---
+commit 3494111cc81ad4985e81d0c1ea5e451d8f7a2bcc
+Author: Damian Johnson <atagar@torproject.org>
+Date:   Mon Feb 5 20:07:40 2018 -0800
+
+    Header stats missing with python3
+    
+    Ick! took me a while to find this. Python3 changed division from providing ints
+    to floats. This in turn caused our header panel to call addstr with float x/y
+    coordinates, which made that funciton fail silently. End result is that when
+    the header panel showed two columns of stats the right column was missing.
+    
+    Caught thanks to Stijn.
+
+diff --git a/nyx/panel/header.py b/nyx/panel/header.py
+index 09e3838..fb6f2f7 100644
+--- a/nyx/panel/header.py
++++ b/nyx/panel/header.py
+@@ -155,7 +155,7 @@ class HeaderPanel(nyx.panel.DaemonPanel):
+     # space available for content
+ 
+     interface = nyx_interface()
+-    left_width = max(subwindow.width / 2, 77) if is_wide else subwindow.width
++    left_width = max(subwindow.width // 2, 77) if is_wide else subwindow.width
+     right_width = subwindow.width - left_width
+ 
+     _draw_platform_section(subwindow, 0, 0, left_width, vals)
+diff --git a/web/changelog/index.html b/web/changelog/index.html
+index 333fa84..196d82b 100644
+--- a/web/changelog/index.html
++++ b/web/changelog/index.html
+@@ -74,6 +74,12 @@
+           </ul>
+         </li>
+ 
++        <li><span class="component">Header</span>
++          <ul>
++            <li>Right column of stats missing when using python 3.x</li>
++          </ul>
++        </li>
++
+         <li><span class="component">Connections</span>
+           <ul>
+             <li>Geoip information unavailable for inbound connections</li>
+diff --git a/web/changelog/legacy.html b/web/changelog/legacy.html
+index a380806..02d405f 100644
+--- a/web/changelog/legacy.html
++++ b/web/changelog/legacy.html
+@@ -137,13 +137,13 @@
+           </ul>
+         </li>
+ 
+-        <li><span class="component">Startup</span>
++        <li><span class="component">Graph</span>
+           <ul>
+             <li>Crash when pausing if we showed accounting stats</li>
+           </ul>
+         </li>
+ 
+-        <li><span class="component">Startup</span>
++        <li><span class="component">Logging</span>
+           <ul>
+             <li>Skip reading from malformed tor log files</li>
+             <li>Unable to log GUARD events</li>
diff --git a/gnu/packages/patches/ocaml-enable-ocamldoc-reproducibility.patch b/gnu/packages/patches/ocaml-enable-ocamldoc-reproducibility.patch
new file mode 100644
index 0000000000..39fb7aa226
--- /dev/null
+++ b/gnu/packages/patches/ocaml-enable-ocamldoc-reproducibility.patch
@@ -0,0 +1,149 @@
+From a87c3f20e846c00e53d695497dba7038edbd12f0 Mon Sep 17 00:00:00 2001
+From: Valentin Lorentz <progval@progval.net>
+Date: Thu, 13 Aug 2015 11:59:04 +0200
+Subject: [PATCH] Enable ocamldoc to build reproducible manpages
+
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794586
+Signed-off-by: Stephane Glondu <steph@glondu.net>
+---
+ ocamldoc/odoc_man.ml   | 15 +++++----------
+ ocamldoc/odoc_misc.ml  | 12 ++++++++++--
+ ocamldoc/odoc_misc.mli |  7 ++++++-
+ 3 files changed, 21 insertions(+), 13 deletions(-)
+
+diff --git a/ocamldoc/odoc_man.ml b/ocamldoc/odoc_man.ml
+index 615c5e172..3c85aa32a 100644
+--- a/ocamldoc/odoc_man.ml
++++ b/ocamldoc/odoc_man.ml
+@@ -864,14 +864,13 @@ class man =
+     (** Generate the man page for the given class.*)
+     method generate_for_class cl =
+       Odoc_info.reset_type_names () ;
+-      let date = Unix.time () in
+       let file = self#file_name cl.cl_name in
+       try
+         let chanout = self#open_out file in
+         let b = new_buf () in
+         bs b (".TH \""^cl.cl_name^"\" ");
+         bs b !man_section ;
+-        bs b (" "^(Odoc_misc.string_of_date ~hour: false date)^" ");
++        bs b (" source: "^Odoc_misc.current_date^" ");
+         bs b "OCamldoc ";
+         bs b ("\""^(match !Global.title with Some t -> t | None -> "")^"\"\n");
+ 
+@@ -923,14 +922,13 @@ class man =
+     (** Generate the man page for the given class type.*)
+     method generate_for_class_type ct =
+       Odoc_info.reset_type_names () ;
+-      let date = Unix.time () in
+       let file = self#file_name ct.clt_name in
+       try
+         let chanout = self#open_out file in
+         let b = new_buf () in
+         bs b (".TH \""^ct.clt_name^"\" ");
+         bs b !man_section ;
+-        bs b (" "^(Odoc_misc.string_of_date ~hour: false date)^" ");
++        bs b (" source: "^Odoc_misc.current_date^" ");
+         bs b "OCamldoc ";
+         bs b ("\""^(match !Global.title with Some t -> t | None -> "")^"\"\n");
+ 
+@@ -1016,14 +1014,13 @@ class man =
+     (** Generate the man file for the given module type.
+        @raise Failure if an error occurs.*)
+     method generate_for_module_type mt =
+-      let date = Unix.time () in
+       let file = self#file_name mt.mt_name in
+       try
+         let chanout = self#open_out file in
+         let b = new_buf () in
+         bs b (".TH \""^mt.mt_name^"\" ");
+         bs b !man_section ;
+-        bs b (" "^(Odoc_misc.string_of_date ~hour: false date)^" ");
++        bs b (" source: "^Odoc_misc.current_date^" ");
+         bs b "OCamldoc ";
+         bs b ("\""^(match !Global.title with Some t -> t | None -> "")^"\"\n");
+ 
+@@ -1099,14 +1096,13 @@ class man =
+     (** Generate the man file for the given module.
+        @raise Failure if an error occurs.*)
+     method generate_for_module m =
+-      let date = Unix.time () in
+       let file = self#file_name m.m_name in
+       try
+         let chanout = self#open_out file in
+         let b = new_buf () in
+         bs b (".TH \""^m.m_name^"\" ");
+         bs b !man_section ;
+-        bs b (" "^(Odoc_misc.string_of_date ~hour: false date)^" ");
++        bs b (" source: "^Odoc_misc.current_date^" ");
+         bs b "OCamldoc ";
+         bs b ("\""^(match !Global.title with Some t -> t | None -> "")^"\"\n");
+ 
+@@ -1206,14 +1202,13 @@ class man =
+           | Res_const (_,f) -> f.vc_name
+          )
+      in
+-     let date = Unix.time () in
+       let file = self#file_name name in
+       try
+         let chanout = self#open_out file in
+         let b = new_buf () in
+         bs b (".TH \""^name^"\" ");
+         bs b !man_section ;
+-        bs b (" "^(Odoc_misc.string_of_date ~hour: false date)^" ");
++        bs b (" source: "^Odoc_misc.current_date^" ");
+         bs b "OCamldoc ";
+         bs b ("\""^(match !Global.title with Some t -> t | None -> "")^"\"\n");
+         bs b ".SH NAME\n";
+diff --git a/ocamldoc/odoc_misc.ml b/ocamldoc/odoc_misc.ml
+index 4c74476da..456225f62 100644
+--- a/ocamldoc/odoc_misc.ml
++++ b/ocamldoc/odoc_misc.ml
+@@ -223,9 +223,9 @@ let apply_opt f v_opt =
+     None -> None
+   | Some v -> Some (f v)
+ 
+-let string_of_date ?(hour=true) d =
++let string_of_date ?(absolute=false) ?(hour=true) d =
+   let add_0 s = if String.length s < 2 then "0"^s else s in
+-  let t = Unix.localtime d in
++  let t = (if absolute then Unix.gmtime else Unix.localtime) d in
+   (string_of_int (t.Unix.tm_year + 1900))^"-"^
+   (add_0 (string_of_int (t.Unix.tm_mon + 1)))^"-"^
+   (add_0 (string_of_int t.Unix.tm_mday))^
+@@ -238,6 +238,14 @@ let string_of_date ?(hour=true) d =
+      ""
+   )
+ 
++let current_date =
++  let time =
++    try
++      float_of_string (Sys.getenv "SOURCE_DATE_EPOCH")
++    with
++      Not_found -> Unix.time ()
++  in string_of_date ~absolute: true ~hour: false time
++
+ 
+ let rec text_list_concat sep l =
+   match l with
+diff --git a/ocamldoc/odoc_misc.mli b/ocamldoc/odoc_misc.mli
+index dd5a7fcb9..38ff0612b 100644
+--- a/ocamldoc/odoc_misc.mli
++++ b/ocamldoc/odoc_misc.mli
+@@ -62,7 +62,12 @@ val apply_opt : ('a -> 'b) -> 'a option -> 'b option
+ 
+ (** Return a string representing a date given as a number of seconds
+    since 1970. The hour is optionnaly displayed. *)
+-val string_of_date : ?hour:bool -> float -> string
++val string_of_date : ?absolute:bool -> ?hour:bool -> float -> string
++
++(* Value returned by string_of_date for current time.
++ * Uses environment variable SOURCE_DATE_EPOCH if set; falls back to
++ * current timestamp otherwise. *)
++val current_date : string
+ 
+ (** Return the first sentence (until the first dot) of a text.
+    Don't stop in the middle of [Code], [Verbatim], [List], [Lnum],
+-- 
+2.17.1
+
diff --git a/gnu/packages/patches/opensmtpd-fix-crash.patch b/gnu/packages/patches/opensmtpd-fix-crash.patch
new file mode 100644
index 0000000000..0030167533
--- /dev/null
+++ b/gnu/packages/patches/opensmtpd-fix-crash.patch
@@ -0,0 +1,44 @@
+From 9b5f70b93e038df5446bd37a4adac5a0380748e7 Mon Sep 17 00:00:00 2001
+From: johannes <johannes.brechtmann@gmail.com>
+Date: Wed, 21 Feb 2018 23:57:11 +0100
+Subject: [PATCH] crypt_checkpass: include HAVE_CRYPT_H definition, add NULL
+ check
+
+---
+ openbsd-compat/crypt_checkpass.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/openbsd-compat/crypt_checkpass.c b/openbsd-compat/crypt_checkpass.c
+index dafd2dae..d10b3a57 100644
+--- a/openbsd-compat/crypt_checkpass.c
++++ b/openbsd-compat/crypt_checkpass.c
+@@ -1,5 +1,6 @@
+ /* OPENBSD ORIGINAL: lib/libc/crypt/cryptutil.c */
+ 
++#include "includes.h"
+ #include <errno.h>
+ #ifdef HAVE_CRYPT_H
+ #include <crypt.h>
+@@ -10,6 +11,8 @@
+ int
+ crypt_checkpass(const char *pass, const char *goodhash)
+ {
++	char *c;
++
+ 	if (goodhash == NULL)
+ 		goto fail;
+ 
+@@ -17,7 +20,11 @@ crypt_checkpass(const char *pass, const char *goodhash)
+ 	if (strlen(goodhash) == 0 && strlen(pass) == 0)
+ 		return 0;
+ 
+-	if (strcmp(crypt(pass, goodhash), goodhash) == 0)
++	c = crypt(pass, goodhash);
++	if (c == NULL)
++		goto fail;
++
++	if (strcmp(c, goodhash) == 0)
+ 		return 0;
+ 
+ fail:
+
diff --git a/gnu/packages/patches/openssl-1.0.2-CVE-2018-0495.patch b/gnu/packages/patches/openssl-1.0.2-CVE-2018-0495.patch
new file mode 100644
index 0000000000..2d54ed03b9
--- /dev/null
+++ b/gnu/packages/patches/openssl-1.0.2-CVE-2018-0495.patch
@@ -0,0 +1,215 @@
+Fix CVE-2018-0495:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495
+https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/
+
+Patch copied from upstream source repository:
+
+https://github.com/openssl/openssl/commit/949ff36623eafc3523a9f91784992965018ffb05
+
+From 949ff36623eafc3523a9f91784992965018ffb05 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Fri, 25 May 2018 12:10:13 +0100
+Subject: [PATCH] Add blinding to an ECDSA signature
+
+Keegan Ryan (NCC Group) has demonstrated a side channel attack on an
+ECDSA signature operation. During signing the signer calculates:
+
+s:= k^-1 * (m + r * priv_key) mod order
+
+The addition operation above provides a sufficient signal for a
+flush+reload attack to derive the private key given sufficient signature
+operations.
+
+As a mitigation (based on a suggestion from Keegan) we add blinding to
+the operation so that:
+
+s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order
+
+Since this attack is a localhost side channel only no CVE is assigned.
+
+Reviewed-by: Rich Salz <rsalz@openssl.org>
+---
+ CHANGES                  |  4 ++
+ crypto/ecdsa/ecdsatest.c |  9 ++++-
+ crypto/ecdsa/ecs_ossl.c  | 82 ++++++++++++++++++++++++++++++++--------
+ 3 files changed, 79 insertions(+), 16 deletions(-)
+
+diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c
+index 0f301f86d9..a130fc9117 100644
+--- a/crypto/ecdsa/ecdsatest.c
++++ b/crypto/ecdsa/ecdsatest.c
+@@ -137,7 +137,7 @@ int restore_rand(void)
+         return 1;
+ }
+ 
+-static int fbytes_counter = 0;
++static int fbytes_counter = 0, use_fake = 0;
+ static const char *numbers[8] = {
+     "651056770906015076056810763456358567190100156695615665659",
+     "6140507067065001063065065565667405560006161556565665656654",
+@@ -158,6 +158,11 @@ int fbytes(unsigned char *buf, int num)
+     int ret;
+     BIGNUM *tmp = NULL;
+ 
++    if (use_fake == 0)
++        return old_rand->bytes(buf, num);
++
++    use_fake = 0;
++
+     if (fbytes_counter >= 8)
+         return 0;
+     tmp = BN_new();
+@@ -199,11 +204,13 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
+     /* create the key */
+     if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)
+         goto x962_int_err;
++    use_fake = 1;
+     if (!EC_KEY_generate_key(key))
+         goto x962_int_err;
+     BIO_printf(out, ".");
+     (void)BIO_flush(out);
+     /* create the signature */
++    use_fake = 1;
+     signature = ECDSA_do_sign(digest, 20, key);
+     if (signature == NULL)
+         goto x962_int_err;
+diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c
+index 16d4f59b9b..1d37551803 100644
+--- a/crypto/ecdsa/ecs_ossl.c
++++ b/crypto/ecdsa/ecs_ossl.c
+@@ -252,6 +252,7 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
+ {
+     int ok = 0, i;
+     BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *order = NULL;
++    BIGNUM *blind = NULL, *blindm = NULL;
+     const BIGNUM *ckinv;
+     BN_CTX *ctx = NULL;
+     const EC_GROUP *group;
+@@ -269,14 +270,25 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
+     }
+ 
+     ret = ECDSA_SIG_new();
+-    if (!ret) {
++    if (ret == NULL) {
+         ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+         return NULL;
+     }
+     s = ret->s;
+ 
+-    if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||
+-        (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) {
++    ctx = BN_CTX_new();
++    if (ctx == NULL) {
++        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    BN_CTX_start(ctx);
++    order = BN_CTX_get(ctx);
++    tmp = BN_CTX_get(ctx);
++    m = BN_CTX_get(ctx);
++    blind = BN_CTX_get(ctx);
++    blindm = BN_CTX_get(ctx);
++    if (blindm == NULL) {
+         ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+         goto err;
+     }
+@@ -315,26 +327,70 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
+             }
+         }
+ 
+-        if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) {
++        /*
++         * The normal signature calculation is:
++         *
++         *   s := k^-1 * (m + r * priv_key) mod order
++         *
++         * We will blind this to protect against side channel attacks
++         *
++         *   s := k^-1 * blind^-1 * (blind * m + blind * r * priv_key) mod order
++         */
++
++        /* Generate a blinding value */
++        do {
++            if (!BN_rand(blind, BN_num_bits(order) - 1, -1, 0))
++                goto err;
++        } while (BN_is_zero(blind));
++        BN_set_flags(blind, BN_FLG_CONSTTIME);
++        BN_set_flags(blindm, BN_FLG_CONSTTIME);
++        BN_set_flags(tmp, BN_FLG_CONSTTIME);
++
++        /* tmp := blind * priv_key * r mod order */
++        if (!BN_mod_mul(tmp, blind, priv_key, order, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++            goto err;
++        }
++        if (!BN_mod_mul(tmp, tmp, ret->r, order, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++            goto err;
++        }
++
++        /* blindm := blind * m mod order */
++        if (!BN_mod_mul(blindm, blind, m, order, ctx)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++            goto err;
++        }
++
++        /* s : = (blind * priv_key * r) + (blind * m) mod order */
++        if (!BN_mod_add_quick(s, tmp, blindm, order)) {
++            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
++            goto err;
++        }
++
++        /* s:= s * blind^-1 mod order */
++        if (BN_mod_inverse(blind, blind, order, ctx) == NULL) {
+             ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+             goto err;
+         }
+-        if (!BN_mod_add_quick(s, tmp, m, order)) {
++        if (!BN_mod_mul(s, s, blind, order, ctx)) {
+             ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+             goto err;
+         }
++
++        /* s := s * k^-1 mod order */
+         if (!BN_mod_mul(s, s, ckinv, order, ctx)) {
+             ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+             goto err;
+         }
++
+         if (BN_is_zero(s)) {
+             /*
+              * if kinv and r have been supplied by the caller don't to
+              * generate new kinv and r values
+              */
+             if (in_kinv != NULL && in_r != NULL) {
+-                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
+-                         ECDSA_R_NEED_NEW_SETUP_VALUES);
++                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_NEED_NEW_SETUP_VALUES);
+                 goto err;
+             }
+         } else
+@@ -349,15 +405,11 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
+         ECDSA_SIG_free(ret);
+         ret = NULL;
+     }
+-    if (ctx)
++    if (ctx != NULL) {
++        BN_CTX_end(ctx);
+         BN_CTX_free(ctx);
+-    if (m)
+-        BN_clear_free(m);
+-    if (tmp)
+-        BN_clear_free(tmp);
+-    if (order)
+-        BN_free(order);
+-    if (kinv)
++    }
++    if (kinv != NULL)
+         BN_clear_free(kinv);
+     return ret;
+ }
+-- 
+2.17.1
+
diff --git a/gnu/packages/patches/openssl-1.0.2-CVE-2018-0732.patch b/gnu/packages/patches/openssl-1.0.2-CVE-2018-0732.patch
new file mode 100644
index 0000000000..50b95306a5
--- /dev/null
+++ b/gnu/packages/patches/openssl-1.0.2-CVE-2018-0732.patch
@@ -0,0 +1,50 @@
+Fix CVE-2018-0732:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732
+
+Patch copied from upstream source repository:
+
+https://github.com/openssl/openssl/commit/3984ef0b72831da8b3ece4745cac4f8575b19098
+
+From 3984ef0b72831da8b3ece4745cac4f8575b19098 Mon Sep 17 00:00:00 2001
+From: Guido Vranken <guidovranken@gmail.com>
+Date: Mon, 11 Jun 2018 19:38:54 +0200
+Subject: [PATCH] Reject excessively large primes in DH key generation.
+
+CVE-2018-0732
+
+Signed-off-by: Guido Vranken <guidovranken@gmail.com>
+
+(cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe)
+
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/6457)
+---
+ crypto/dh/dh_key.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
+index 387558f146..f235e0d682 100644
+--- a/crypto/dh/dh_key.c
++++ b/crypto/dh/dh_key.c
+@@ -130,10 +130,15 @@ static int generate_key(DH *dh)
+     int ok = 0;
+     int generate_new_key = 0;
+     unsigned l;
+-    BN_CTX *ctx;
++    BN_CTX *ctx = NULL;
+     BN_MONT_CTX *mont = NULL;
+     BIGNUM *pub_key = NULL, *priv_key = NULL;
+ 
++    if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
++        DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
++        return 0;
++    }
++
+     ctx = BN_CTX_new();
+     if (ctx == NULL)
+         goto err;
+-- 
+2.17.1
+
diff --git a/gnu/packages/patches/openssl-1.1.0-CVE-2018-0495.patch b/gnu/packages/patches/openssl-1.1.0-CVE-2018-0495.patch
new file mode 100644
index 0000000000..15dedbcbd0
--- /dev/null
+++ b/gnu/packages/patches/openssl-1.1.0-CVE-2018-0495.patch
@@ -0,0 +1,152 @@
+Fix CVE-2018-0495:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495
+https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/
+
+Patch copied from upstream source repository:
+
+https://github.com/openssl/openssl/commit/0c27d793745c7837b13646302b6890a556b7017a
+
+From 0c27d793745c7837b13646302b6890a556b7017a Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Fri, 25 May 2018 12:10:13 +0100
+Subject: [PATCH] Add blinding to an ECDSA signature
+
+Keegan Ryan (NCC Group) has demonstrated a side channel attack on an
+ECDSA signature operation. During signing the signer calculates:
+
+s:= k^-1 * (m + r * priv_key) mod order
+
+The addition operation above provides a sufficient signal for a
+flush+reload attack to derive the private key given sufficient signature
+operations.
+
+As a mitigation (based on a suggestion from Keegan) we add blinding to
+the operation so that:
+
+s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order
+
+Since this attack is a localhost side channel only no CVE is assigned.
+
+Reviewed-by: Rich Salz <rsalz@openssl.org>
+---
+ CHANGES                |  4 +++
+ crypto/ec/ecdsa_ossl.c | 70 +++++++++++++++++++++++++++++++++++++-----
+ 2 files changed, 67 insertions(+), 7 deletions(-)
+
+diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c
+index 72e2f0f28b..449be0e92a 100644
+--- a/crypto/ec/ecdsa_ossl.c
++++ b/crypto/ec/ecdsa_ossl.c
+@@ -210,7 +210,8 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
+                                EC_KEY *eckey)
+ {
+     int ok = 0, i;
+-    BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL;
++    BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *blind = NULL;
++    BIGNUM *blindm = NULL;
+     const BIGNUM *order, *ckinv;
+     BN_CTX *ctx = NULL;
+     const EC_GROUP *group;
+@@ -243,8 +244,18 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
+     }
+     s = ret->s;
+ 
+-    if ((ctx = BN_CTX_new()) == NULL ||
+-        (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) {
++    ctx = BN_CTX_secure_new();
++    if (ctx == NULL) {
++        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
++
++    BN_CTX_start(ctx);
++    tmp = BN_CTX_get(ctx);
++    m = BN_CTX_get(ctx);
++    blind = BN_CTX_get(ctx);
++    blindm = BN_CTX_get(ctx);
++    if (blindm == NULL) {
+         ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+         goto err;
+     }
+@@ -284,18 +295,64 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
+             }
+         }
+ 
+-        if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) {
++        /*
++         * The normal signature calculation is:
++         *
++         *   s := k^-1 * (m + r * priv_key) mod order
++         *
++         * We will blind this to protect against side channel attacks
++         *
++         *   s := k^-1 * blind^-1 * (blind * m + blind * r * priv_key) mod order
++         */
++
++        /* Generate a blinding value */
++        do {
++            if (!BN_rand(blind, BN_num_bits(order) - 1, BN_RAND_TOP_ANY,
++                         BN_RAND_BOTTOM_ANY))
++                goto err;
++        } while (BN_is_zero(blind));
++        BN_set_flags(blind, BN_FLG_CONSTTIME);
++        BN_set_flags(blindm, BN_FLG_CONSTTIME);
++        BN_set_flags(tmp, BN_FLG_CONSTTIME);
++
++        /* tmp := blind * priv_key * r mod order */
++        if (!BN_mod_mul(tmp, blind, priv_key, order, ctx)) {
+             ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+             goto err;
+         }
+-        if (!BN_mod_add_quick(s, tmp, m, order)) {
++        if (!BN_mod_mul(tmp, tmp, ret->r, order, ctx)) {
+             ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+             goto err;
+         }
++
++        /* blindm := blind * m mod order */
++        if (!BN_mod_mul(blindm, blind, m, order, ctx)) {
++            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
++            goto err;
++        }
++
++        /* s : = (blind * priv_key * r) + (blind * m) mod order */
++        if (!BN_mod_add_quick(s, tmp, blindm, order)) {
++            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
++            goto err;
++        }
++
++        /* s:= s * blind^-1 mod order */
++        if (BN_mod_inverse(blind, blind, order, ctx) == NULL) {
++            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
++            goto err;
++        }
++        if (!BN_mod_mul(s, s, blind, order, ctx)) {
++            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
++            goto err;
++        }
++
++        /* s := s * k^-1 mod order */
+         if (!BN_mod_mul(s, s, ckinv, order, ctx)) {
+             ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+             goto err;
+         }
++
+         if (BN_is_zero(s)) {
+             /*
+              * if kinv and r have been supplied by the caller don't to
+@@ -317,9 +374,8 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
+         ECDSA_SIG_free(ret);
+         ret = NULL;
+     }
++    BN_CTX_end(ctx);
+     BN_CTX_free(ctx);
+-    BN_clear_free(m);
+-    BN_clear_free(tmp);
+     BN_clear_free(kinv);
+     return ret;
+ }
+-- 
+2.17.1
+
diff --git a/gnu/packages/patches/openssl-1.1.0-CVE-2018-0732.patch b/gnu/packages/patches/openssl-1.1.0-CVE-2018-0732.patch
new file mode 100644
index 0000000000..dfea6e7d06
--- /dev/null
+++ b/gnu/packages/patches/openssl-1.1.0-CVE-2018-0732.patch
@@ -0,0 +1,50 @@
+Fix CVE-2018-0732:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732
+
+Patch copied from upstream source repository:
+
+https://github.com/openssl/openssl/commit/ea7abeeabf92b7aca160bdd0208636d4da69f4f4
+
+From ea7abeeabf92b7aca160bdd0208636d4da69f4f4 Mon Sep 17 00:00:00 2001
+From: Guido Vranken <guidovranken@gmail.com>
+Date: Mon, 11 Jun 2018 19:38:54 +0200
+Subject: [PATCH] Reject excessively large primes in DH key generation.
+
+CVE-2018-0732
+
+Signed-off-by: Guido Vranken <guidovranken@gmail.com>
+
+(cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe)
+
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/6457)
+---
+ crypto/dh/dh_key.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
+index fce9ff47f3..58003d7087 100644
+--- a/crypto/dh/dh_key.c
++++ b/crypto/dh/dh_key.c
+@@ -78,10 +78,15 @@ static int generate_key(DH *dh)
+     int ok = 0;
+     int generate_new_key = 0;
+     unsigned l;
+-    BN_CTX *ctx;
++    BN_CTX *ctx = NULL;
+     BN_MONT_CTX *mont = NULL;
+     BIGNUM *pub_key = NULL, *priv_key = NULL;
+ 
++    if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
++        DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
++        return 0;
++    }
++
+     ctx = BN_CTX_new();
+     if (ctx == NULL)
+         goto err;
+-- 
+2.17.1
+
diff --git a/gnu/packages/patches/password-store-gnupg-compat.patch b/gnu/packages/patches/password-store-gnupg-compat.patch
deleted file mode 100644
index 75c6362021..0000000000
--- a/gnu/packages/patches/password-store-gnupg-compat.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-Copied from upstream mailing list:
-https://lists.zx2c4.com/pipermail/password-store/2018-February/003216.html.
-
-From 9b0c86159d754cc88dd3642564eed527153dfb7f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Cl=C3=A9ment=20Lassieur?= <clement@lassieur.org>
-Date: Sat, 24 Feb 2018 12:05:46 +0100
-Subject: [PATCH] tests: fix compatibility with GnuPG 2.2.5
-
----
- tests/t0300-reencryption.sh | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tests/t0300-reencryption.sh b/tests/t0300-reencryption.sh
-index 6d5811d..6d15364 100755
---- a/tests/t0300-reencryption.sh
-+++ b/tests/t0300-reencryption.sh
-@@ -10,7 +10,7 @@ canonicalize_gpg_keys() {
- 	$GPG --list-keys --with-colons "$@" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u
- }
- gpg_keys_from_encrypted_file() {
--	$GPG -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$1" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u
-+	$GPG -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$1" 2>&1 | grep "public key is" | cut -d ' ' -f 5 | LC_ALL=C sort -u
- }
- gpg_keys_from_group() {
- 	local output="$($GPG --list-config --with-colons | sed -n "s/^cfg:group:$1:\\(.*\\)/\\1/p" | head -n 1)"
--- 
-2.16.2
-
diff --git a/gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch b/gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch
new file mode 100644
index 0000000000..6460cf5855
--- /dev/null
+++ b/gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch
@@ -0,0 +1,36 @@
+Fix CVE-2018-12015:
+
+https://security-tracker.debian.org/tracker/CVE-2018-12015
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12015
+https://rt.cpan.org/Ticket/Display.html?id=125523
+
+Patch taken from this upstream commit and adapted to apply to
+the bundled copy in the Perl distribution:
+
+https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5
+
+diff --git a/cpan/Archive-Tar/lib/Archive/Tar.pm b/cpan/Archive-Tar/lib/Archive/Tar.pm
+index 6244369..a83975f 100644
+--- a/cpan/Archive-Tar/lib/Archive/Tar.pm
++++ b/cpan/Archive-Tar/lib/Archive/Tar.pm
+@@ -845,6 +845,20 @@ sub _extract_file {
+         return;
+     }
+ 
++    ### If a file system already contains a block device with the same name as
++    ### the being extracted regular file, we would write the file's content
++    ### to the block device. So remove the existing file (block device) now.
++    ### If an archive contains multiple same-named entries, the last one
++    ### should replace the previous ones. So remove the old file now.
++    ### If the old entry is a symlink to a file outside of the CWD, the new
++    ### entry would create a file there. This is CVE-2018-12015
++    ### <https://rt.cpan.org/Ticket/Display.html?id=125523>.
++    if (-l $full || -e _) {
++	if (!unlink $full) {
++	    $self->_error( qq[Could not remove old file '$full': $!] );
++	    return;
++	}
++    }
+     if( length $entry->type && $entry->is_file ) {
+         my $fh = IO::File->new;
+         $fh->open( $full, '>' ) or (
diff --git a/gnu/packages/patches/python-nose-timer-drop-ordereddict.patch b/gnu/packages/patches/python-nose-timer-drop-ordereddict.patch
deleted file mode 100644
index e1e71a332a..0000000000
--- a/gnu/packages/patches/python-nose-timer-drop-ordereddict.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 700076019b5aff72aac7651cc830aaef21ee9a47 Mon Sep 17 00:00:00 2001
-From: jakirkham <jakirkham@gmail.com>
-Date: Fri, 7 Jul 2017 05:57:56 -0400
-Subject: [PATCH] Drop ordereddict requirement (#84)
-
-* Drop ordereddict requirement
-
-As Python 2.7 is the minimum Python supported, every version of Python
-should have `ordereddict` preincluded in the standard library one way or
-another. So we can drop this dependency and just handle the differences
-between Python 2 and Python 3.
----
- nosetimer/plugin.py | 5 +----
- setup.py            | 1 -
- 2 files changed, 1 insertion(+), 5 deletions(-)
-
-diff --git a/nosetimer/plugin.py b/nosetimer/plugin.py
-index ef28e11..d093a51 100644
---- a/nosetimer/plugin.py
-+++ b/nosetimer/plugin.py
-@@ -12,10 +12,7 @@
- except ImportError:
-     import queue as Queue
- 
--try:
--    from collections import OrderedDict
--except ImportError:
--    from ordereddict import OrderedDict
-+from collections import OrderedDict
- 
- 
- # define constants
-diff --git a/setup.py b/setup.py
-index 6a55b82..d249325 100755
---- a/setup.py
-+++ b/setup.py
-@@ -27,7 +27,6 @@
-     install_requires=[
-         'nose',
-         'termcolor',
--        'ordereddict',
-     ],
-     license='MIT',
-     entry_points={
diff --git a/gnu/packages/patches/qemu-CVE-2018-11806.patch b/gnu/packages/patches/qemu-CVE-2018-11806.patch
new file mode 100644
index 0000000000..f021dfa747
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2018-11806.patch
@@ -0,0 +1,105 @@
+Fix CVE-2018-11806:
+
+https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11806
+
+Patch copied from upstream source repository:
+
+https://git.qemu.org/?p=qemu.git;a=commitdiff;h=864036e251f54c99d31df124aad7f34f01f5344c
+
+From 864036e251f54c99d31df124aad7f34f01f5344c Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Tue, 5 Jun 2018 23:38:35 +0530
+Subject: [PATCH] slirp: correct size computation while concatenating mbuf
+
+While reassembling incoming fragmented datagrams, 'm_cat' routine
+extends the 'mbuf' buffer, if it has insufficient room. It computes
+a wrong buffer size, which leads to overwriting adjacent heap buffer
+area. Correct this size computation in m_cat.
+
+Reported-by: ZDI Disclosures <zdi-disclosures@trendmicro.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
+---
+ slirp/mbuf.c | 11 +++++------
+ slirp/mbuf.h |  8 +++-----
+ 2 files changed, 8 insertions(+), 11 deletions(-)
+
+diff --git a/slirp/mbuf.c b/slirp/mbuf.c
+index 5ff24559fd..18cbf759a7 100644
+--- a/slirp/mbuf.c
++++ b/slirp/mbuf.c
+@@ -138,7 +138,7 @@ m_cat(struct mbuf *m, struct mbuf *n)
+ 	 * If there's no room, realloc
+ 	 */
+ 	if (M_FREEROOM(m) < n->m_len)
+-		m_inc(m,m->m_size+MINCSIZE);
++		m_inc(m, m->m_len + n->m_len);
+ 
+ 	memcpy(m->m_data+m->m_len, n->m_data, n->m_len);
+ 	m->m_len += n->m_len;
+@@ -147,7 +147,7 @@ m_cat(struct mbuf *m, struct mbuf *n)
+ }
+ 
+ 
+-/* make m size bytes large */
++/* make m 'size' bytes large from m_data */
+ void
+ m_inc(struct mbuf *m, int size)
+ {
+@@ -158,12 +158,12 @@ m_inc(struct mbuf *m, int size)
+ 
+         if (m->m_flags & M_EXT) {
+ 	  datasize = m->m_data - m->m_ext;
+-          m->m_ext = g_realloc(m->m_ext, size);
++	  m->m_ext = g_realloc(m->m_ext, size + datasize);
+ 	  m->m_data = m->m_ext + datasize;
+         } else {
+ 	  char *dat;
+ 	  datasize = m->m_data - m->m_dat;
+-          dat = g_malloc(size);
++	  dat = g_malloc(size + datasize);
+ 	  memcpy(dat, m->m_dat, m->m_size);
+ 
+ 	  m->m_ext = dat;
+@@ -171,8 +171,7 @@ m_inc(struct mbuf *m, int size)
+ 	  m->m_flags |= M_EXT;
+         }
+ 
+-        m->m_size = size;
+-
++        m->m_size = size + datasize;
+ }
+ 
+ 
+diff --git a/slirp/mbuf.h b/slirp/mbuf.h
+index 893601ff9d..33b84485d6 100644
+--- a/slirp/mbuf.h
++++ b/slirp/mbuf.h
+@@ -33,8 +33,6 @@
+ #ifndef MBUF_H
+ #define MBUF_H
+ 
+-#define MINCSIZE 4096	/* Amount to increase mbuf if too small */
+-
+ /*
+  * Macros for type conversion
+  * mtod(m,t) -	convert mbuf pointer to data pointer of correct type
+@@ -72,11 +70,11 @@ struct mbuf {
+ 	struct	mbuf *m_prevpkt;	/* Flags aren't used in the output queue */
+ 	int	m_flags;		/* Misc flags */
+ 
+-	int	m_size;			/* Size of data */
++	int	m_size;			/* Size of mbuf, from m_dat or m_ext */
+ 	struct	socket *m_so;
+ 
+-	caddr_t	m_data;			/* Location of data */
+-	int	m_len;			/* Amount of data in this mbuf */
++	caddr_t	m_data;			/* Current location of data */
++	int	m_len;			/* Amount of data in this mbuf, from m_data */
+ 
+ 	Slirp *slirp;
+ 	bool	resolution_requested;
+-- 
+2.17.1
+
diff --git a/gnu/packages/patches/strace-kernel-4.16.patch b/gnu/packages/patches/strace-kernel-4.16.patch
deleted file mode 100644
index e86d3be439..0000000000
--- a/gnu/packages/patches/strace-kernel-4.16.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-Fix test failure when using Linux-Libre >= 4.16.
-
-Taken from upstream:
-https://github.com/strace/strace/commit/bcff87c31c0f27c678a43d6b7f67dab363a974fa
-
-From bcff87c31c0f27c678a43d6b7f67dab363a974fa Mon Sep 17 00:00:00 2001
-From: Masatake YAMATO <yamato@redhat.com>
-Date: Wed, 2 May 2018 17:11:07 +0900
-Subject: [PATCH] tests/ioctl_kvm_run.c: handle cpuid at the end of vcpu dentry
-
-Since Linux 4.16, kernel appends the cpuid as suffix to the entry
-for a kvm vcpu in /proc/$pid/fd like:
-
-    anon_inode:kvm-vcpu:0
-
-That was
-
-    anon_inode:kvm-vcpu
-
-This kernel change causes the test case failure on newer kernels.
-Update the test to deal with the new name as well as the old one.
-
-* tests/ioctl_kvm_run.c: Include unistd.h for using readlink(2).
-(vcpu_dev_should_have_cpuid): New function for detecting whether
-a proc entry for given fd has the cpuid suffix or not.
-(main): Trim vcpu_dev to remove the cpuid suffix if needed.
-(vcpu_dev): Remove const modifier.
----
- tests/ioctl_kvm_run.c | 29 ++++++++++++++++++++++++++++-
- 1 file changed, 28 insertions(+), 1 deletion(-)
-
-diff --git a/tests/ioctl_kvm_run.c b/tests/ioctl_kvm_run.c
-index 179461430..e1bef5796 100644
---- a/tests/ioctl_kvm_run.c
-+++ b/tests/ioctl_kvm_run.c
-@@ -40,6 +40,7 @@
- # include <string.h>
- # include <sys/ioctl.h>
- # include <sys/mman.h>
-+# include <unistd.h>
- # include <linux/kvm.h>
- 
- static int
-@@ -56,7 +57,7 @@ kvm_ioctl(int fd, unsigned long cmd, const char *cmd_str, void *arg)
- 
- static const char dev[] = "/dev/kvm";
- static const char vm_dev[] = "anon_inode:kvm-vm";
--static const char vcpu_dev[] = "anon_inode:kvm-vcpu";
-+static char vcpu_dev[] = "anon_inode:kvm-vcpu:0";
- static size_t page_size;
- 
- extern const char code[];
-@@ -165,6 +166,23 @@ run_kvm(const int vcpu_fd, struct kvm_run *const run, const size_t mmap_size,
- 	}
- }
- 
-+static int
-+vcpu_dev_should_have_cpuid(int fd)
-+{
-+	int r = 0;
-+	char *filename = NULL;
-+	char buf[sizeof(vcpu_dev)];
-+
-+	if (asprintf(&filename, "/proc/%d/fd/%d", getpid(), fd) < 0)
-+		error_msg_and_fail("asprintf");
-+
-+	if (readlink(filename, buf, sizeof(buf)) == sizeof(buf) - 1
-+	    && (memcmp(buf, vcpu_dev, sizeof(buf) - 1) == 0))
-+		r = 1;
-+	free(filename);
-+	return r;
-+}
-+
- int
- main(void)
- {
-@@ -208,6 +226,15 @@ main(void)
- 	       (unsigned long) page_size, (unsigned long) page_size, mem);
- 
- 	int vcpu_fd = KVM_IOCTL(vm_fd, KVM_CREATE_VCPU, NULL);
-+	if (!vcpu_dev_should_have_cpuid(vcpu_fd))
-+		/*
-+		 * This is an older kernel that doesn't place a cpuid
-+		 * at the end of the dentry associated with vcpu_fd.
-+		 * Trim the cpuid part of vcpu_dev like:
-+		 * "anon_inode:kvm-vcpu:0" -> "anon_inode:kvm-vcpu"
-+		 */
-+		vcpu_dev[strlen (vcpu_dev) - 2] = '\0';
-+
- 	printf("ioctl(%d<%s>, KVM_CREATE_VCPU, 0) = %d<%s>\n",
- 	       vm_fd, vm_dev, vcpu_fd, vcpu_dev);
- 
diff --git a/gnu/packages/patches/upx-fix-CVE-2017-15056.patch b/gnu/packages/patches/upx-fix-CVE-2017-15056.patch
new file mode 100644
index 0000000000..525980e73e
--- /dev/null
+++ b/gnu/packages/patches/upx-fix-CVE-2017-15056.patch
@@ -0,0 +1,96 @@
+From 3e0c2966dffb5dadb512a476ef4be3d0cc51c2be Mon Sep 17 00:00:00 2001
+From: Pierre Neidhardt <ambrevar@gmail.com>
+Date: Sat, 16 Jun 2018 16:35:00 +0200
+Subject: [PATCH] Protect against bad crafted input
+
+Also check for wrap-around when checking oversize involving e_shoff and e_shnum.
+
+raised by https://github.com/upx/upx/pull/190
+	modified:   p_lx_elf.cpp
+---
+ src/p_lx_elf.cpp | 30 ++++++++++++++++++++++++++++++
+ 1 file changed, 30 insertions(+)
+
+diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp
+index 822a7652..41e805ee 100644
+--- a/src/p_lx_elf.cpp
++++ b/src/p_lx_elf.cpp
+@@ -235,8 +235,17 @@ PackLinuxElf32::PackLinuxElf32help1(InputFile *f)
+         sz_phdrs = 0;
+         return;
+     }
++    if (0==e_phnum) throwCantUnpack("0==e_phnum");
+     e_phoff = get_te32(&ehdri.e_phoff);
++    unsigned const last_Phdr = e_phoff + e_phnum * sizeof(Elf32_Phdr);
++    if (last_Phdr < e_phoff || (unsigned long)file_size < last_Phdr) {
++        throwCantUnpack("bad e_phoff");
++    }
+     e_shoff = get_te32(&ehdri.e_shoff);
++    unsigned const last_Shdr = e_shoff + e_shnum * sizeof(Elf32_Shdr);
++    if (last_Shdr < e_shoff || (unsigned long)file_size < last_Shdr) {
++        throwCantUnpack("bad e_shoff");
++    }
+     sz_phdrs = e_phnum * e_phentsize;
+ 
+     if (f && Elf32_Ehdr::ET_DYN!=e_type) {
+@@ -599,8 +608,17 @@ PackLinuxElf64::PackLinuxElf64help1(InputFile *f)
+         sz_phdrs = 0;
+         return;
+     }
++    if (0==e_phnum) throwCantUnpack("0==e_phnum");
+     e_phoff = get_te64(&ehdri.e_phoff);
++    upx_uint64_t const last_Phdr = e_phoff + e_phnum * sizeof(Elf64_Phdr);
++    if (last_Phdr < e_phoff || (unsigned long)file_size < last_Phdr) {
++        throwCantUnpack("bad e_phoff");
++    }
+     e_shoff = get_te64(&ehdri.e_shoff);
++    upx_uint64_t const last_Shdr = e_shoff + e_shnum * sizeof(Elf64_Shdr);
++    if (last_Shdr < e_shoff || (unsigned long)file_size < last_Shdr) {
++        throwCantUnpack("bad e_shoff");
++    }
+     sz_phdrs = e_phnum * e_phentsize;
+ 
+     if (f && Elf64_Ehdr::ET_DYN!=e_type) {
+@@ -3763,6 +3781,9 @@ void PackLinuxElf64::pack4(OutputFile *fo, Filter &ft)
+ 
+ void PackLinuxElf64::unpack(OutputFile *fo)
+ {
++    if (e_phoff != sizeof(Elf64_Ehdr)) {// Phdrs not contiguous with Ehdr
++        throwCantUnpack("bad e_phoff");
++    }
+     unsigned const c_phnum = get_te16(&ehdri.e_phnum);
+     upx_uint64_t old_data_off = 0;
+     upx_uint64_t old_data_len = 0;
+@@ -3828,6 +3849,9 @@ void PackLinuxElf64::unpack(OutputFile *fo)
+     unsigned total_out = 0;
+     unsigned c_adler = upx_adler32(NULL, 0);
+     unsigned u_adler = upx_adler32(NULL, 0);
++    if ((MAX_ELF_HDR - sizeof(Elf64_Ehdr))/sizeof(Elf64_Phdr) < u_phnum) {
++        throwCantUnpack("bad compressed e_phnum");
++    }
+ 
+     // Packed ET_EXE has no PT_DYNAMIC.
+     // Packed ET_DYN has original PT_DYNAMIC for info needed by rtld.
+@@ -4383,6 +4407,9 @@ Elf64_Sym const *PackLinuxElf64::elf_lookup(char const *name) const
+ 
+ void PackLinuxElf32::unpack(OutputFile *fo)
+ {
++    if (e_phoff != sizeof(Elf32_Ehdr)) {// Phdrs not contiguous with Ehdr
++        throwCantUnpack("bad e_phoff");
++    }
+     unsigned const c_phnum = get_te16(&ehdri.e_phnum);
+     unsigned old_data_off = 0;
+     unsigned old_data_len = 0;
+@@ -4449,6 +4476,9 @@ void PackLinuxElf32::unpack(OutputFile *fo)
+     unsigned total_out = 0;
+     unsigned c_adler = upx_adler32(NULL, 0);
+     unsigned u_adler = upx_adler32(NULL, 0);
++    if ((MAX_ELF_HDR - sizeof(Elf32_Ehdr))/sizeof(Elf32_Phdr) < u_phnum) {
++        throwCantUnpack("bad compressed e_phnum");
++    }
+ 
+     // Packed ET_EXE has no PT_DYNAMIC.
+     // Packed ET_DYN has original PT_DYNAMIC for info needed by rtld.
+-- 
+2.17.0
+
diff --git a/gnu/packages/patches/x265-fix-ppc64le-build.patch b/gnu/packages/patches/x265-fix-ppc64le-build.patch
new file mode 100644
index 0000000000..f71d2436ab
--- /dev/null
+++ b/gnu/packages/patches/x265-fix-ppc64le-build.patch
@@ -0,0 +1,25 @@
+https://sources.debian.org/data/main/x/x265/2.8-3/debian/patches/0003-Fix-build-error-on-on-ppc64le.patch
+
+This patch also fixes building on armhf-linux and aarch64-linux
+
+From: Jayashree <jayashree.c@multicorewareinc.com>
+Date: Fri, 25 May 2018 10:26:05 +0530
+Subject: Fix build error on on ppc64le
+
+---
+ source/common/param.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/source/common/param.cpp b/source/common/param.cpp
+index 31bcbc7..4a6d0c8 100644
+--- a/source/common/param.cpp
++++ b/source/common/param.cpp
+@@ -633,7 +633,7 @@ int x265_param_parse(x265_param* p, const char* name, const char* value)
+         if (bValueWasNull)
+             p->cpuid = atobool(value);
+         else
+-            p->cpuid = parseCpuName(value, bError);
++            p->cpuid = parseCpuName(value, bError, false);
+ #endif
+     }
+     OPT("fps")
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index a215fce034..1bd8e17167 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -276,7 +276,7 @@ Poppler PDF rendering library.")
       #:phases
       (modify-phases %standard-phases
         (add-after 'unpack 'autogen
-          (lambda _ (zero? (system* "autoreconf" "-vif")))))))
+          (lambda _ (invoke "autoreconf" "-vif"))))))
    (inputs
     `(("zlib" ,zlib)
       ("libpng" ,libpng)))
@@ -906,7 +906,7 @@ converter using the Poppler and Cairo libraries.")
             #t))
          (replace 'check
            (lambda _
-             (zero? (system* "python" "-m" "unittest" "Tests.tests")))))))
+             (invoke "python" "-m" "unittest" "Tests.tests"))))))
     (home-page "http://mstamy2.github.com/PyPDF2")
     (synopsis "Pure Python PDF toolkit")
     (description "PyPDF2 is a pure Python PDF library capable of:
diff --git a/gnu/packages/perl-check.scm b/gnu/packages/perl-check.scm
index a1be996e04..89a761f0a7 100644
--- a/gnu/packages/perl-check.scm
+++ b/gnu/packages/perl-check.scm
@@ -13,6 +13,7 @@
 ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
 ;;; Copyright © 2018 Pierre Neidhardt <ambrevar@gmail.com>
+;;; Copyright © 2018 Kei Kebreau <kkebreau@posteo.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -364,6 +365,30 @@ modified or tested with this API, making it simple to test both individual
 files, as well as to verify that there are no missing or unknown files.")
     (license perl-license)))
 
+(define-public perl-test-distmanifest
+  (package
+    (name "perl-test-distmanifest")
+    (version "1.014")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/E/ET/ETHER/Test-DistManifest-"
+             version ".tar.gz"))
+       (sha256
+        (base32 "1ifpff5simjslabwy7ac6kdylv4c0b5b39fgpwf9ha16yh6w49ix"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-build" ,perl-module-build)))
+    (propagated-inputs
+     `(("perl-module-manifest" ,perl-module-manifest)))
+    (home-page "https://github.com/jawnsy/Test-DistManifest")
+    (synopsis "Author test that validates a package @file{MANIFEST}")
+    (description
+     "@code{Test::DistManifest} provides a simple method of testing that a
+@file{MANIFEST} file matches its distribution.")
+    (license perl-license)))
+
 (define-public perl-test-eol
   (package
     (name "perl-test-eol")
@@ -1140,6 +1165,32 @@ a minimum of effort.")
     ;; "Under the same license as Perl itself"
     (license perl-license)))
 
+(define-public perl-test-perltidy
+  (package
+    (name "perl-test-perltidy")
+    (version "20130104")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/L/LA/LARRYL/Test-PerlTidy-"
+             version ".tar.gz"))
+       (sha256
+        (base32
+         "1j5rsb4km9rzcbd1ljavj8vm42bmilji40v2jj2k87l1ykrxj59z"))))
+    (build-system perl-build-system)
+    (propagated-inputs
+     `(("perl-file-finder" ,perl-file-finder)
+       ("perl-file-slurp" ,perl-file-slurp)
+       ("perltidy" ,perltidy)
+       ("perl-text-diff" ,perl-text-diff)))
+    (home-page "http://search.cpan.org/dist/Test-PerlTidy/")
+    (synopsis "Check that all your Perl files are tidy")
+    (description
+     "Using @code{Test::PerlTidy}, any file ending in .pl, .pm, .t or .PL will
+cause a test fail unless it is exactly as @code{perltidy} would like it to be.")
+    (license perl-license)))
+
 (define-public perl-test-trap
   (package
     (name "perl-test-trap")
diff --git a/gnu/packages/perl-web.scm b/gnu/packages/perl-web.scm
index 7a398675b2..3c462aed03 100644
--- a/gnu/packages/perl-web.scm
+++ b/gnu/packages/perl-web.scm
@@ -51,7 +51,7 @@ endeavor to implement this idea using modern technologies.")
 (define-public perl-uri-escape
   (package
     (name "perl-uri-escape")
-    (version "1.73")
+    (version "1.74")
     (source
      (origin
        (method url-fetch)
@@ -59,7 +59,7 @@ endeavor to implement this idea using modern technologies.")
                            version ".tar.gz"))
        (sha256
         (base32
-         "04z4xwiryrbxxi48bwbkgq9q9pwfgqry3wp0ramcrwv3dx5ap9yc"))))
+         "0gfmrpyy075pn2mbshs5599h8m096gjdz2dn8vcivjw9bzs59hm9"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-test-needs" ,perl-test-needs)))
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index cfc73c5b3c..27b49e6652 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -20,6 +20,7 @@
 ;;; Copyright © 2017 Christopher Allan Webber <cwebber@dustycloud.org>
 ;;; Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
 ;;; Copyright © 2018 Pierre Neidhardt <ambrevar@gmail.com>
+;;; Copyright © 2018 Kei Kebreau <kkebreau@posteo.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -71,6 +72,7 @@
              (patches (search-patches
                        "perl-file-path-CVE-2017-6512.patch"
                        "perl-no-sys-dirs.patch"
+                       "perl-archive-tar-CVE-2018-12015.patch"
                        "perl-autosplit-default-time.patch"
                        "perl-deterministic-ordering.patch"
                        "perl-reproducible-build-date.patch"))))
@@ -1487,6 +1489,27 @@ provides a means of converting those data streams back into into binary
 data.")
     (license perl-license)))
 
+(define-public perl-cpan-changes
+  (package
+    (name "perl-cpan-changes")
+    (version "0.400002")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/H/HA/HAARG/CPAN-Changes-"
+             version ".tar.gz"))
+       (sha256
+        (base32
+         "13dy78amkhwg278sv5im0ylyskhxpfivyl2aissqqih71nlxxvh1"))))
+    (build-system perl-build-system)
+    (home-page "http://search.cpan.org/dist/CPAN-Changes/")
+    (synopsis "Read and write @file{Changes} files")
+    (description
+     "@code{CPAN::Changes} helps users programmatically read and write
+@file{Changes} files that conform to a common specification.")
+    (license perl-license)))
+
 (define-public perl-cpan-meta-check
   (package
     (name "perl-cpan-meta-check")
@@ -5178,6 +5201,36 @@ strictly correct manner with ExtUtils::MakeMaker, and will run on any Perl
 installation version 5.005 or newer.")
     (license (package-license perl))))
 
+(define-public perl-module-manifest
+  (package
+    (name "perl-module-manifest")
+    (version "1.09")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/E/ET/ETHER/Module-Manifest-"
+             version ".tar.gz"))
+       (sha256
+        (base32
+         "16skpm804a19gsgxzn1wba3lmvc7cx5q8ly4srpyd82yy47zi5d3"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-test-exception" ,perl-test-exception)
+       ("perl-test-warn" ,perl-test-warn)))
+    (propagated-inputs
+     `(("perl-params-util" ,perl-params-util)))
+    (home-page "http://search.cpan.org/dist/Module-Manifest/")
+    (synopsis "Parse and examine a Perl distribution @file{MANIFEST} file")
+    (description
+     "@code{Module::Manifest} is a simple utility module created originally for
+use in @code{Module::Inspector}.
+
+It can load a @file{MANIFEST} file that comes in a Perl distribution tarball,
+examine the contents, and perform some simple tasks.  It can also load the
+@file{MANIFEST.SKIP} file and check that.")
+    (license perl-license)))
+
 (define-public perl-module-pluggable
   (package
     (name "perl-module-pluggable")
@@ -8426,14 +8479,14 @@ as exceptions to standard program flow.")
 (define-public perltidy
   (package
     (name "perltidy")
-    (version "20160302")
+    (version "20180220")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/perltidy/" version
                                   "/Perl-Tidy-" version ".tar.gz"))
               (sha256
                (base32
-                "19yw63yh5s3pq7k3nkw6nsamg5b8vvwyhgbizslgxg0mqgc4xl3d"))))
+                "0w1k5ffcrpx0fm9jgprrwy0290k6cmy7dyk83s61063migi3r5z9"))))
     (build-system perl-build-system)
     (home-page "http://perltidy.sourceforge.net/")
     (synopsis "Perl script tidier")
@@ -9441,6 +9494,38 @@ File::Find replacement in Perl.")
 interface to File::Find::Object.")
   (license (package-license perl))))
 
+(define-public perl-file-finder
+  (package
+    (name "perl-file-finder")
+    (version "0.53")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/M/ME/MERLYN/File-Finder-"
+             version ".tar.gz"))
+       (sha256
+        (base32
+         "0x3a2xgzrka73lcmmwalq2mmpzxa7s6pm01ahxf677ksqsdc3jrf"))))
+    (build-system perl-build-system)
+    (propagated-inputs
+     `(("perl-text-glob" ,perl-text-glob)))
+    (home-page "http://search.cpan.org/dist/File-Finder/")
+    (synopsis "Wrapper for @code{File::Find} ala @code{find(1)}")
+    (description
+     "@code{File::Find} is great, but constructing the wanted routine can
+sometimes be a pain.  @code{File::Finder} provides a wanted-writer, using
+syntax that is directly mappable to the @code{find(1)} command's syntax.
+
+A @code{File::Finder} object contains a hash of @code{File::Find} options, and
+a series of steps that mimic find's predicates.  Initially, a
+@code{File::Finder} object has no steps.  Each step method clones the previous
+object's options and steps, and then adds the new step, returning the new
+object.  In this manner, an object can be grown, step by step, by chaining
+method calls.  Furthermore, a partial sequence can be created and held, and
+used as the head of many different sequences.")
+    (license perl-license)))
+
 (define-public perl-font-ttf
   (package
     (name "perl-font-ttf")
diff --git a/gnu/packages/photo.scm b/gnu/packages/photo.scm
index f2d3d60ecd..b5b56b56de 100644
--- a/gnu/packages/photo.scm
+++ b/gnu/packages/photo.scm
@@ -69,14 +69,14 @@
 (define-public libraw
   (package
     (name "libraw")
-    (version "0.18.11")
+    (version "0.18.12")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.libraw.org/data/LibRaw-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "07a7k83hx7icahh6jaxfbd7pw5jjm5i11xcqjj31b28d1aj29xvw"))))
+                "1m2khr2cij8z6lawgbmdksjn14fpnjsy8ad4qahnpqapm1slsxap"))))
     (build-system gnu-build-system)
     (home-page "https://www.libraw.org")
     (synopsis "Raw image decoder")
@@ -184,7 +184,7 @@ MTP, and much more.")
 (define-public perl-image-exiftool
   (package
     (name "perl-image-exiftool")
-    (version "10.80")
+    (version "11.01")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -192,7 +192,7 @@ MTP, and much more.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "14rwr5wk2snqv4yva6fax1gfsdv88941n237m0wyzn3n0xh9dy5w"))))
+                "175w34n73mypdpbaqj2vgqsfp59yvfrn8k7zmx4cawnp895bypvh"))))
     (build-system perl-build-system)
     (arguments
      '(#:phases
diff --git a/gnu/packages/python-crypto.scm b/gnu/packages/python-crypto.scm
index b7cd51e868..50e7d25c8b 100644
--- a/gnu/packages/python-crypto.scm
+++ b/gnu/packages/python-crypto.scm
@@ -17,6 +17,7 @@
 ;;; Copyright © 2017 Carlo Zancanaro <carlo@zancanaro.id.au>
 ;;; Copyright © 2018 Tomáš Čech <sleep_walker@gnu.org>
 ;;; Copyright © 2018 Nicolas Goaziou <mail@nicolasgoaziou.fr>
+;;; Copyright © 2018 Vagrant Cascadian <vagrant@debian.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -173,6 +174,32 @@ John the Ripper).")
 (define-public python2-py-bcrypt
   (package-with-python2 python-py-bcrypt))
 
+(define-public python-pyblake2
+  (package
+    (name "python-pyblake2")
+    (version "1.1.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "pyblake2" version))
+       (sha256
+        (base32
+         "0gz9hgznv5zw4qjq43xa56y0yikimx30gffvibxzm0nv5sq7xk2w"))))
+    (build-system python-build-system)
+    (home-page "https://github.com/dchest/pyblake2")
+    (synopsis "BLAKE2 hash function for Python")
+    (description "BLAKE2 is a cryptographic hash function, which offers
+stronger security while being as fast as MD5 or SHA-1, and comes in two
+flavors: @code{BLAKE2b}, optimized for 64-bit platforms and produces digests
+of any size between 1 and 64 bytes, and @code{BLAKE2s}, optimized for 8- to
+32-bit platforms and produces digests of any size between 1 and 32 bytes.
+
+This package provides a Python interface for BLAKE2.")
+    ;; The COPYING file declares it as public domain, with the option to
+    ;; alternatively use and redistribute it under a variety of permissive
+    ;; licenses. cc0 is explicitly mentioned in setup.py and pyblake2module.c.
+    (license (list license:public-domain license:cc0))))
+
 (define-public python-paramiko
   (package
     (name "python-paramiko")
@@ -403,14 +430,14 @@ message digests and key derivation functions.")
 (define-public python-pyopenssl
   (package
     (name "python-pyopenssl")
-    (version "17.5.0")
+    (version "18.0.0")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "pyOpenSSL" version))
        (sha256
         (base32
-         "0wv78mwsdqbxqwdwllf4maqybhbj3vb8328ia04hnb558sxcy41c"))))
+         "1055rb456nvrjcij3sqj6c6l3kmh5cqqay0nsmx3pxq07d1g3234"))))
     (build-system python-build-system)
     (arguments
      '(#:phases
@@ -607,18 +634,18 @@ PKCS#8, PKCS#12, PKCS#5, X.509 and TSP.")
 (define-public python-pynacl
   (package
     (name "python-pynacl")
-    (version "1.2.0")
+    (version "1.2.1")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "PyNaCl" version))
        (modules '((guix build utils)))
-       ;; Remove bundled libsodium
+       ;; Remove bundled libsodium.
        (snippet '(begin (delete-file-recursively "src/libsodium")
                         #t))
        (sha256
         (base32
-         "01vjq0pxyw1mxaqy013hzs8nknmvg3kpzlzmh69jxznyipgvria5"))))
+         "1ada3qr83cliap6dk897vnvjkynij1kjqbwizdbgarazlyh8zlz0"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/python-web.scm b/gnu/packages/python-web.scm
index 9523ff3734..2e98a95d4b 100644
--- a/gnu/packages/python-web.scm
+++ b/gnu/packages/python-web.scm
@@ -783,14 +783,14 @@ that have uses outside of the Zope framework.")
 (define-public python-zope-testing
   (package
     (name "python-zope-testing")
-    (version "4.6.1")
+    (version "4.6.2")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "zope.testing" version))
        (sha256
         (base32
-         "1vvxhjmzl7vw2i1akfj1xbggwn36270ym7f2ic9xwbaswfw1ap56"))
+         "0iiq54hjhkk2gpvzfjac70vyn4r0kw0ngvicshxbdwrkgf2gjq3g"))
        (modules '((guix build utils)))
        (snippet
         '(begin
@@ -798,10 +798,6 @@ that have uses outside of the Zope framework.")
            (for-each delete-file (find-files "." "(\\.pyc|~)$"))
            #t))))
     (build-system python-build-system)
-    (native-inputs
-     `(("python-zope-exceptions" ,python-zope-exceptions)))
-    (propagated-inputs
-     `(("python-zope-interface" ,python-zope-interface)))
     (home-page "https://pypi.python.org/pypi/zope.testing")
     (synopsis "Zope testing helpers")
     (description "Zope.testing provides a number of testing utilities for HTML
@@ -1417,14 +1413,14 @@ file.")
 (define-public python-webtest
   (package
     (name "python-webtest")
-    (version "2.0.29")
+    (version "2.0.30")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "WebTest" version))
        (sha256
         (base32
-         "0bcj1ica5lnmj5zbvk46x28kgphcsgh7sfnwjmn0cr94mhawrg6v"))))
+         "1mb7m4ndklv84mh0pdkhv73yrflcnra61yczj5g3bvwbqlygfsaw"))))
     (build-system python-build-system)
     (arguments
      `(;; Unfortunately we have to disable tests!
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 753354426e..8b4b39d1af 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -52,6 +52,8 @@
 ;;; Copyright © 2018 Adam Massmann <massmannak@gmail.com>
 ;;; Copyright © 2016, 2018 Tomáš Čech <sleep_walker@gnu.org>
 ;;; Copyright © 2018 Nicolas Goaziou <mail@nicolasgoaziou.fr>
+;;; Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
+;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -340,6 +342,15 @@ data types.")
 ;; Current 2.x version.
 (define-public python-2 python-2.7)
 
+(define-public python2-called-python
+  ;; Both 2.x and 3.x used to be called "python".  In commit
+  ;; a7714d42de2c3082f3609d1e63c83d703fb39cf9 (March 2018), we renamed the
+  ;; Python 2.x package to "python2".
+  (package
+    (inherit python-2)
+    (name "python")
+    (properties `((superseded . ,python-2)))))
+
 (define-public python-3.6
   (package (inherit python-2)
     (name "python")
@@ -1200,13 +1211,13 @@ human-friendly syntax.")
 (define-public python-pandas
   (package
     (name "python-pandas")
-    (version "0.22.0")
+    (version "0.23.1")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "pandas" version))
        (sha256
-        (base32 "0v0fi2i10kwnmlpsl6f1fgajcpx3q6766qf6xqi5kw3ivn8l1aa4"))))
+        (base32 "142nvwb01r2wv42y2cz40bx33hd8ffh6s6gynapg859fmzr2mdah"))))
     (build-system python-build-system)
     (arguments
      `(#:modules ((guix build utils)
@@ -1226,7 +1237,8 @@ human-friendly syntax.")
                           (for-each delete-file
                                     '("pandas/tests/io/conftest.py"
                                       "pandas/tests/io/json/test_compression.py"
-                                      "pandas/tests/io/test_excel.py"))
+                                      "pandas/tests/io/test_excel.py"
+                                      "pandas/tests/io/test_parquet.py"))
                           (invoke "pytest" "-v" "pandas" "-k"
                                   (string-append
                                    "not network and not disabled"
@@ -1238,7 +1250,9 @@ human-friendly syntax.")
        ("python-dateutil" ,python-dateutil)))
     (native-inputs
      `(("python-cython" ,python-cython)
+       ("python-beautifulsoup4" ,python-beautifulsoup4)
        ("python-lxml" ,python-lxml)
+       ("python-html5lib" ,python-html5lib)
        ("python-nose" ,python-nose)
        ("python-pytest" ,python-pytest)))
     (home-page "https://pandas.pydata.org")
@@ -2900,7 +2914,7 @@ between language specification and implementation aspects.")
 (define-public python-numpy
   (package
     (name "python-numpy")
-    (version "1.14.3")
+    (version "1.14.5")
     (source
      (origin
        (method url-fetch)
@@ -2909,7 +2923,7 @@ between language specification and implementation aspects.")
              version "/numpy-" version ".tar.gz"))
        (sha256
         (base32
-         "1yim2bxlycn4dhxmfxid6slplpmcb4ynhp411b37ahmsm2lwgkyg"))))
+         "0admjpkih63lm19zbbilq8ck4f6ny5kqi03dk3m6b2mnixsh4jhv"))))
     (build-system python-build-system)
     (inputs
      `(("openblas" ,openblas)
@@ -4474,13 +4488,13 @@ them as the version argument or in a SCM managed file.")
 (define-public python-pathpy
   (package
     (name "python-pathpy")
-    (version "11.0")
+    (version "11.0.1")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "path.py" version))
        (sha256
-        (base32 "12s84maimiz61980q065rjgi8ang6xw2wwm64m0lmfks51dlw4qn"))))
+        (base32 "07x15v8c7ry9bvycw294c9yq6ky9v2b0dalvgi6rn38ilh69vsz7"))))
     ;; (outputs '("out" "doc"))
     (build-system python-build-system)
     (propagated-inputs
@@ -4861,26 +4875,15 @@ computing.")
 (define-public python-urwid
   (package
     (name "python-urwid")
-    (version "1.3.1")
+    (version "2.0.1")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "urwid" version))
        (sha256
         (base32
-         "18cnd1wdjcas08x5qwa5ayw6jsfcn33w4d9f7q3s29fy6qzc1kng"))))
+         "1g6cpicybvbananpjikmjk8npmjk4xvak1wjzji62wc600wkwkb4"))))
     (build-system python-build-system)
-    (arguments
-     `(#:phases
-       (modify-phases %standard-phases
-         ;; Disable failing test. Bug filed upstream:
-         ;; https://github.com/wardi/urwid/issues/164
-         ;; TODO: check again for python-urwid > 1.3.1 or python > 3.4.3.
-         (add-after 'unpack 'disable-failing-test
-          (lambda _
-            (substitute* "urwid/tests/test_event_loops.py"
-              (("test_remove_watch_file")
-                "disable_remove_watch_file")))))))
     (home-page "http://urwid.org")
     (synopsis "Console user interface library for Python")
     (description
@@ -4889,22 +4892,7 @@ features useful for text console applications.")
     (license license:lgpl2.1+)))
 
 (define-public python2-urwid
-  (let ((python2-urwid (package-with-python2 python-urwid)))
-    (package
-      (inherit python2-urwid)
-      (arguments
-       (append
-        `(;; Explicitly using Python 2 is necessary due the argument list being
-          ;; built from only the 'delete-test_vterm.py' phase and python-urwid's
-          ;; package arguments, which by default assumes the use of Python 3.
-          #:python ,python-2
-          #:phases
-          (modify-phases %standard-phases
-            ;; Disable the vterm tests because of non-deterministic failures
-            ;; with Python 2. See https://github.com/urwid/urwid/issues/230.
-            (add-after 'unpack 'delete-test_vterm.py
-              (delete-file "urwid/tests/test_vterm.py"))))
-        (package-arguments python-urwid))))))
+  (package-with-python2 python-urwid))
 
 (define-public python-urwidtrees
   (package
@@ -6023,13 +6011,13 @@ should be stored on various operating systems.")
 (define-public python-llfuse
   (package
     (name "python-llfuse")
-    (version "1.3.2")
+    (version "1.3.3")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "llfuse" version ".tar.bz2"))
               (sha256
                (base32
-                "0qxvnbz41bpvpc1vbi8qkhmpr9gj1qrrp5jdj085iqibd8l2l9cn"))))
+                "1rqww632y2zz71xmr6ch7yq80kvza9mhqr2z773k0d8l1lwzl575"))))
     (build-system python-build-system)
     (inputs
      `(("fuse" ,fuse)
@@ -7275,13 +7263,13 @@ applications.")
 (define-public python-click-log
   (package
     (name "python-click-log")
-    (version "0.2.1")
+    (version "0.3.2")
     (source (origin
              (method url-fetch)
              (uri (pypi-uri "click-log" version))
              (sha256
               (base32
-               "1r1x85023cslb2pwldd089jjk573mk3w78cnashs77wrx7yz8fj9"))))
+               "091i03bhxyzsdbc6kilxhivfda2f8ymz3b33xa6cj5kbzjiirz8n"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-click" ,python-click)))
@@ -12901,6 +12889,48 @@ and works only with Python 2 and NumPy < 1.9.")
 (define-public python2-phonenumbers
   (package-with-python2 python-phonenumbers))
 
+(define-public python-send2trash
+  (package
+    (name "python-send2trash")
+    (version "1.4.2")
+    (source
+     (origin (method url-fetch)
+             ;; Source tarball on PyPI doesn't include tests.
+             (uri (string-append "https://github.com/hsoft/send2trash/archive/"
+                                 version ".tar.gz"))
+             (file-name (string-append name "-" version ".tar.gz"))
+             (sha256
+              (base32
+               "0ffyhwjyx61slkdy38iwjc4gmj7fj9gs2q58f075gwvq630pzm9z"))))
+    (build-system python-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-before 'check 'pre-check
+           (lambda _
+             (mkdir-p "/tmp/foo")
+             (setenv "HOME" "/tmp/foo")
+             #t)))))
+    (home-page "https://github.com/hsoft/send2trash")
+    (synopsis "Send files to the user's @file{~/Trash} directory")
+    (description "This package provides a Python library to send files to the
+user's @file{~/Trash} directory.")
+    (license license:bsd-3)))
+
+(define-public python2-send2trash
+  (package
+    (inherit (package-with-python2 python-send2trash))
+    (arguments
+     (substitute-keyword-arguments (package-arguments python-send2trash)
+       ((#:phases phases)
+        `(modify-phases ,phases
+           (add-before 'check 'setenv
+             (lambda _
+               (setenv "PYTHONPATH"
+                       (string-append (getcwd) ":" (getenv "PYTHONPATH")))
+               #t))))))
+    (properties `((python2-variant . ,(delay python-send2trash))))))
+
 (define-public python-yapf
   (package
     (name "python-yapf")
@@ -13615,3 +13645,152 @@ Boost.Python library by David Abrahams: to minimize boilerplate code in
 traditional extension modules by inferring type information using compile-time
 introspection.")
     (license license:expat)))
+
+(define-public python-fasteners
+  (package
+    (name "python-fasteners")
+    (version "0.14.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "fasteners" version))
+       (sha256
+        (base32
+         "063y20kx01ihbz2mziapmjxi2cd0dq48jzg587xdsdp07xvpcz22"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-monotonic" ,python-monotonic)
+       ("python-six" ,python-six)
+       ("python-testtools" ,python-testtools)))
+    (home-page "https://github.com/harlowja/fasteners")
+    (synopsis "Python package that provides useful locks")
+    (description
+     "This package provides a Python program that provides following locks:
+
+@itemize
+@item Locking decorator
+@item Reader-writer locks
+@item Inter-process locks
+@item Generic helpers
+@end itemize\n")
+    (license license:asl2.0)))
+
+(define-public python2-fasteners
+  (package-with-python2 python-fasteners))
+
+(define-public python-requests-file
+  (package
+    (name "python-requests-file")
+    (version "1.4.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "requests-file" version))
+       (sha256
+        (base32
+         "1yp2jaxg3v86pia0q512dg3hz6s9y5vzdivsgrba1kds05ial14g"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-requests" ,python-requests)
+       ("python-six" ,python-six)))
+    (home-page
+     "https://github.com/dashea/requests-file")
+    (synopsis "File transport adapter for Requests")
+    (description
+     "Requests-File is a transport adapter for use with the Requests Python
+library to allow local filesystem access via file:// URLs.")
+    (license license:asl2.0)))
+
+(define-public python2-requests-file
+  (package-with-python2 python-requests-file))
+
+(define-public python-tldextract
+  (package
+    (name "python-tldextract")
+    (version "2.2.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "tldextract" version))
+       (sha256
+        (base32
+         "1d5s8v6kpsgazyahflhji1cfdcf89rv7l7z55v774bhzvcjp2y99"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-pytest" ,python-pytest)
+       ("python-responses" ,python-responses)))
+    (propagated-inputs
+     `(("python-idna" ,python-idna)
+       ("python-requests" ,python-requests)
+       ("python-requests-file" ,python-requests-file)))
+    (home-page
+     "https://github.com/john-kurkowski/tldextract")
+    (synopsis
+     "Separate the TLD from the registered domain and subdomains of a URL")
+    (description
+     "TLDExtract accurately separates the TLD from the registered domain and
+subdomains of a URL, using the Public Suffix List.  By default, this includes
+the public ICANN TLDs and their exceptions.  It can optionally support the
+Public Suffix List's private domains as well.")
+    (license license:bsd-3)))
+
+(define-public python2-tldextract
+  (package-with-python2 python-tldextract))
+
+(define-public python-pynamecheap
+  (package
+    (name "python-pynamecheap")
+    (version "0.0.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "PyNamecheap" version))
+       (sha256
+        (base32
+         "0wkbwz208j8nfrsmzmclvxg22ymknn0mlz76wbdza9k2bx2zja6l"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-requests" ,python-requests)))
+    (home-page
+     "https://github.com/Bemmu/PyNamecheap")
+    (synopsis
+     "Namecheap API client in Python")
+    (description
+     "PyNamecheap is a Namecheap API client in Python.")
+    (license license:expat)))
+
+(define-public python2-pynamecheap
+  (package-with-python2 python-pynamecheap))
+
+(define-public python-dns-lexicon
+  (package
+    (name "python-dns-lexicon")
+    (version "2.4.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "dns-lexicon" version))
+       (sha256
+        (base32
+         "0jdn3ns71bsybr7njgsqr9xlxsqh7zh6phn4ld0liazqdn2l5f6m"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:tests? #f))                    ;requires internet access
+    (propagated-inputs
+     `(("python-future" ,python-future)
+       ("python-pynamecheap" ,python-pynamecheap)
+       ("python-requests" ,python-requests)
+       ("python-tldextract" ,python-tldextract)
+       ("python-urllib3" ,python-urllib3)))
+    (home-page "https://github.com/AnalogJ/lexicon")
+    (synopsis
+     "Manipulate DNS records on various DNS providers")
+    (description
+     "Lexicon provides a way to manipulate DNS records on multiple DNS
+providers in a standardized way.  It has a CLI but it can also be used as a
+Python library.  It was designed to be used in automation, specifically with
+Let's Encrypt.")
+    (license license:expat)))
+
+(define-public python2-dns-lexicon
+  (package-with-python2 python-dns-lexicon))
diff --git a/gnu/packages/qt.scm b/gnu/packages/qt.scm
index 7d323cd2d5..a15d6453c9 100644
--- a/gnu/packages/qt.scm
+++ b/gnu/packages/qt.scm
@@ -9,6 +9,7 @@
 ;;; Copyright © 2017 Quiliro <quiliro@fsfla.org>
 ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Nicolas Goaziou <mail@nicolasgoaziou.fr>
+;;; Copyright © 2018 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1069,6 +1070,55 @@ between the host (QML/C++ application) and the client (HTML/JavaScript
 application).  The transport mechanism is supported out of the box by the two
 popular web engines, Qt WebKit 2 and Qt WebEngine.")))
 
+(define-public qtwebglplugin
+  (package (inherit qtsvg)
+    (name "qtwebglplugin")
+    (version "5.11.0")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "https://download.qt.io/official_releases/qt/"
+                                 (version-major+minor version) "/" version
+                                 "/submodules/" name "-everywhere-src-"
+                                 version ".tar.xz"))
+             (sha256
+              (base32
+               "1al7dv7i9rg4z4p8vnipbjbbgc6113lbfjggxxap3sn6hqs986fm"))))
+    (native-inputs '())
+    (inputs
+     `(("mesa" ,mesa)
+       ("qtbase" ,qtbase)
+       ("qtwebsockets" ,qtwebsockets)))
+    (synopsis "QPA plugin for running an application via a browser using
+streamed WebGL commands")
+    (description "Qt back end that uses WebGL for rendering. It allows Qt
+applications (with some limitations) to run in a web browser that supports
+WebGL.  WebGL is a JavaScript API for rendering 2D and 3D graphics within any
+compatible web browser without the use of plug-ins.  The API is similar to
+OpenGL ES 2.0 and can be used in HTML5 canvas elements")))
+
+(define-public qtwebview
+  (package (inherit qtsvg)
+    (name "qtwebview")
+    (version "5.11.0")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "https://download.qt.io/official_releases/qt/"
+                                 (version-major+minor version) "/" version
+                                 "/submodules/" name "-everywhere-src-"
+                                 version ".tar.xz"))
+             (sha256
+              (base32
+               "0a89v8mj5pb7a7whyhasf4ms0n34ghfmv2qp0pyxnq56f2bsjbl4"))))
+    (native-inputs
+     `(("perl" ,perl)))
+    (inputs
+     `(("qtbase" ,qtbase)
+       ("qtdeclarative" ,qtdeclarative)))
+    (synopsis "Display web content in a QML application")
+    (description "Qt WebView provides a way to display web content in a QML
+application without necessarily including a full web browser stack by using
+native APIs where it makes sense.")))
+
 (define-public qtlocation
   (package (inherit qtsvg)
     (name "qtlocation")
diff --git a/gnu/packages/rdf.scm b/gnu/packages/rdf.scm
index 973fef72f0..1618b29b06 100644
--- a/gnu/packages/rdf.scm
+++ b/gnu/packages/rdf.scm
@@ -233,7 +233,7 @@ and triple stores.")
     (version "0.28.0")
     (source (origin
              (method url-fetch)
-             (uri (string-append "http://download.drobilla.net/serd-"
+             (uri (string-append "https://download.drobilla.net/serd-"
                                  version ".tar.bz2"))
              (sha256
               (base32
@@ -250,7 +250,7 @@ and triple stores.")
                     (string-append "-Wl,-rpath="
                                    (assoc-ref outputs "out") "/lib"))
             #t)))))
-    (home-page "http://drobilla.net/software/serd/")
+    (home-page "https://drobilla.net/software/serd/")
     (synopsis "Library for RDF syntax supporting Turtle and NTriples")
     (description
      "Serd is a lightweight C library for RDF syntax which supports reading
@@ -267,7 +267,7 @@ ideal (e.g. in LV2 implementations or embedded applications).")
     (version "0.16.0")
     (source (origin
              (method url-fetch)
-             (uri (string-append "http://download.drobilla.net/sord-"
+             (uri (string-append "https://download.drobilla.net/sord-"
                                  version ".tar.bz2"))
              (sha256
               (base32
@@ -288,7 +288,7 @@ ideal (e.g. in LV2 implementations or embedded applications).")
      `(("serd" ,serd)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
-    (home-page "http://drobilla.net/software/sord/")
+    (home-page "https://drobilla.net/software/sord/")
     (synopsis "C library for storing RDF data in memory")
     (description
      "Sord is a lightweight C library for storing RDF data in memory.")
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 5c70f5e743..1602fd5d5e 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -697,7 +697,7 @@ line of code.")
   (synopsis "Converter from AsciiDoc content to other formats")
   (description
     "Asciidoctor is a text processor and publishing toolchain for converting
-AsciiDoc content to HTML5, DocBook 5 (or 4.5) and other formats.")
+AsciiDoc content to HTML5, DocBook 5 (or 4.5), PDF, and other formats.")
   (home-page "https://asciidoctor.org")
   (license license:expat)))
 
@@ -3330,7 +3330,7 @@ differences (added or removed nodes) between two XML/HTML documents.")
 (define-public ruby-rack
   (package
     (name "ruby-rack")
-    (version "2.0.3")
+    (version "2.0.5")
     (source
      (origin
        (method url-fetch)
@@ -3342,7 +3342,7 @@ differences (added or removed nodes) between two XML/HTML documents.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "12bnqrcg43x9hsswjqg31qqwk8cwj2fh0d2m179y20bjghhn54kx"))
+         "1k1k4wk10l6bxx46pw58j2p3nmyzjqnr65hbjjqydd6517fmxgib"))
        ;; Ignore test which fails inside the build environment but works
        ;; outside.
        (patches (search-patches "ruby-rack-ignore-failing-test.patch"))))
@@ -3417,17 +3417,17 @@ testing libraries to build on.")
 (define-public ruby-rack-protection
   (package
     (name "ruby-rack-protection")
-    (version "2.0.1")
+    (version "2.0.3")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "rack-protection" version))
        (sha256
         (base32
-         "0ywmgh7x8ljf7jfnq5hmfzki3f803waji3fcvi107w7mlyflbng7"))))
+         "1z5598qipilmnf45428jnxi63ykrgvnyywa5ckpr52zv2vpd8jdp"))))
     (build-system ruby-build-system)
     (arguments
-     '(;; Tests missing from the gem
+     '(;; Tests missing from the gem.
        #:tests? #f))
     (propagated-inputs
      `(("ruby-rack" ,ruby-rack)))
diff --git a/gnu/packages/samba.scm b/gnu/packages/samba.scm
index 37576ee9f6..0ce46056f5 100644
--- a/gnu/packages/samba.scm
+++ b/gnu/packages/samba.scm
@@ -4,7 +4,7 @@
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Adonay "adfeno" Felipe Nogueira <https://libreplanet.org/wiki/User:Adfeno> <adfeno@openmailbox.org>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
-;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -76,7 +76,7 @@
          ;; The 6.7 tarball is missing ‘install.sh’. Create it.
          (add-after 'unpack 'autoreconf
            (lambda _
-             (zero? (system* "autoreconf" "-i"))))
+             (invoke "autoreconf" "-i")))
          (add-before 'configure 'set-root-sbin
            (lambda _ ; Don't try to install in "/sbin".
              (setenv "ROOTSBINDIR"
@@ -150,14 +150,14 @@ anywhere.")
 (define-public samba
   (package
     (name "samba")
-    (version "4.8.2")
+    (version "4.8.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.samba.org/pub/samba/stable/"
                                  "samba-" version ".tar.gz"))
              (sha256
               (base32
-               "08mz29jmjxqvyyhm6pa388paagw1i2i21lc7pd2aprj9dllm5rb2"))))
+               "1vc21c0m7wky70hpyjhw6ph6zlzljsvivlgxy54znpaxc259lmp0"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -178,8 +178,7 @@ anywhere.")
            (lambda* (#:key outputs #:allow-other-keys)
              (let* ((out    (assoc-ref outputs "out"))
                     (libdir (string-append out "/lib")))
-               (zero? (system*
-                       "./configure"
+               (invoke "./configure"
                        "--enable-fhs"
                        ;; XXX: heimdal not packaged.
                        "--bundled-libraries=com_err"
@@ -188,7 +187,7 @@ anywhere.")
                        ;; Install public and private libraries into
                        ;; a single directory to avoid RPATH issues.
                        (string-append "--libdir=" libdir)
-                       (string-append "--with-privatelibdir=" libdir))))))
+                       (string-append "--with-privatelibdir=" libdir)))))
          (add-before 'install 'disable-etc-samba-directory-creation
            (lambda _
              (substitute* "dynconfig/wscript"
@@ -342,17 +341,30 @@ many event types, including timers, signals, and the classic file descriptor eve
 (define-public ldb
   (package
     (name "ldb")
-    (version "1.3.3")
+    (version "1.4.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.samba.org/ftp/ldb/ldb-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "14gsrm7dvyjpbpnc60z75j6fz2p187abm2h353lq95kx2bv70c1b"))))
+                "1d591ny4j4s409s2afjv4fn7inqlclr0zlyclw3619rkbaixlzm8"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  (for-each (lambda (file)
+                              ;; Delete everything except the build tools.
+                              (unless (or (string-prefix? "third_party/waf" file)
+                                          (string-suffix? "wscript" file))
+                                (delete-file file)))
+                            (find-files "third_party"))
+                  #t))))
     (build-system gnu-build-system)
     (arguments
-     '(#:phases
+     '(;; LMDB is only supported on 64-bit systems, yet the test suite
+       ;; requires it.
+       #:tests? (assoc-ref %build-inputs "lmdb")
+       #:phases
        (modify-phases %standard-phases
          (replace 'configure
            ;; ldb use a custom configuration script that runs waf.
@@ -372,7 +384,10 @@ many event types, including timers, signals, and the classic file descriptor eve
      `(("talloc" ,talloc)
        ("tdb" ,tdb)))
     (inputs
-     `(("popt" ,popt)
+     `(,@(if (target-64bit?)
+             `(("lmdb" ,lmdb))
+             '())
+       ("popt" ,popt)
        ("tevent" ,tevent)))
     (synopsis "LDAP-like embedded database")
     (home-page "https://ldb.samba.org/")
diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm
index dba5067e9e..4178a45a89 100644
--- a/gnu/packages/scheme.scm
+++ b/gnu/packages/scheme.scm
@@ -9,6 +9,7 @@
 ;;; Copyright © 2017 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018 Adam Massmann <massmannak@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -313,15 +314,14 @@ Scheme and C programs and between Scheme and Java programs.")
          (replace 'configure
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (let ((out (assoc-ref outputs "out")))
-               (zero?
-                (system* "./configure"
-                         (string-append "--prefix=" out)
-                         (string-append "--blflags="
-                                        ;; user flags completely override useful
-                                        ;; default flags, so repeat them here.
-                                        "-copt \\$(CPICFLAGS) "
-                                        "-L \\$(BUILDLIBDIR) "
-                                        "-ldopt -Wl,-rpath," out "/lib")))))))))
+               (invoke "./configure"
+                       (string-append "--prefix=" out)
+                       (string-append "--blflags="
+                                      ;; user flags completely override useful
+                                      ;; default flags, so repeat them here.
+                                      "-copt \\$(CPICFLAGS) "
+                                      "-L \\$(BUILDLIBDIR) "
+                                      "-ldopt -Wl,-rpath," out "/lib"))))))))
     (inputs `(("avahi" ,avahi)
               ("bigloo" ,bigloo)
               ("libgc" ,libgc)
@@ -356,7 +356,7 @@ mashups, office (web agendas, mail clients, ...), etc.")
      `(#:modules ((guix build gnu-build-system)
                   (guix build utils)
                   (srfi srfi-1))
-       
+
        ;; No `configure' script; run "make check" after "make install" as
        ;; prescribed by README.
        #:phases
@@ -660,7 +660,8 @@ threads.")
                                  "| mit-scheme")))
                  (with-directory-excursion "scmutils/scmutils"
                    (and (zero? (system "mit-scheme < compile.scm"))
-                        (zero? (system make-img)))))))
+                        (zero? (system make-img))))
+                 #t)))
            (add-before 'install 'fix-directory-names
              ;; Correct directory names in the startup script.
              (lambda* (#:key inputs outputs #:allow-other-keys)
@@ -684,8 +685,8 @@ threads.")
              ;; code.
              (lambda* (#:key inputs outputs #:allow-other-keys)
                (with-directory-excursion "scmutils/scmutils"
-                 (zero? (apply system* "etags"
-                               (find-files "." "\\.scm"))))))
+                 (apply invoke "etags" (find-files "." "\\.scm")))
+               #t))
            (replace 'install
              ;; Copy files to the store.
              (lambda* (#:key outputs #:allow-other-keys)
@@ -881,12 +882,13 @@ regular-expression notation.")
          (add-after 'install 'remove-bin-share
                     (lambda* (#:key inputs outputs #:allow-other-keys)
                       (delete-file-recursively
-                       (string-append (assoc-ref outputs "out") "/bin"))))
+                       (string-append (assoc-ref outputs "out") "/bin"))
+                      #t))
          (replace 'configure
                   (lambda* (#:key inputs outputs #:allow-other-keys)
-                    (zero? (system* "./configure"
-                                    (string-append "--prefix="
-                                                   (assoc-ref outputs "out")))))))))
+                    (invoke "./configure"
+                            (string-append "--prefix="
+                                           (assoc-ref outputs "out"))))))))
     (native-inputs `(("unzip" ,unzip)
                      ("texinfo" ,texinfo)))
     (home-page "http://people.csail.mit.edu/jaffer/SLIB.html")
@@ -915,39 +917,34 @@ utility functions for all standard Scheme implementations.")
        (modify-phases %standard-phases
          (replace 'configure
                   (lambda* (#:key inputs outputs #:allow-other-keys)
-                    (zero? (system* "./configure"
-                                    (string-append "--prefix="
-                                                   (assoc-ref outputs "out"))))))
+                    (invoke "./configure"
+                            (string-append "--prefix="
+                                           (assoc-ref outputs "out")))))
          (add-before 'build 'pre-build
                      (lambda* (#:key inputs #:allow-other-keys)
                        (substitute* "Makefile"
-                         (("ginstall-info") "install-info"))))
+                         (("ginstall-info") "install-info"))
+                       #t))
          (replace 'build
                   (lambda* (#:key inputs outputs #:allow-other-keys)
                     (setenv "SCHEME_LIBRARY_PATH"
                             (string-append (assoc-ref inputs "slib")
                                            "/lib/slib/"))
-                    (and
-                     (zero? (system* "make" "scmlit" "CC=gcc"))
-                     (zero? (system* "make" "all")))))
+                    (invoke "make" "scmlit" "CC=gcc")
+                    (invoke "make" "all")))
          (add-after 'install 'post-install
                     (lambda* (#:key inputs outputs #:allow-other-keys)
-                      (let ((req
-                             (string-append (assoc-ref outputs "out")
-                                            "/lib/scm/require.scm")))
-                        (and
-                         (delete-file req)
-                         (format (open req (logior O_WRONLY O_CREAT))
-                                 "(define (library-vicinity) ~s)\n"
-                                 (string-append (assoc-ref inputs "slib")
-                                                "/lib/slib/"))
+                      (let* ((out         (assoc-ref outputs "out"))
+                             (req (string-append out "/lib/scm/require.scm")))
+                        (delete-file req)
+                        (format (open req (logior O_WRONLY O_CREAT))
+                                "(define (library-vicinity) ~s)\n"
+                                (string-append (assoc-ref inputs "slib")
+                                               "/lib/slib/"))
 
-                         ;; We must generate the slibcat file
-                         (zero? (system*
-                                 (string-append
-                                  (assoc-ref outputs "out")
-                                  "/bin/scm")
-                                 "-br" "new-catalog")))))))))
+                        ;; We must generate the slibcat file.
+                        (invoke (string-append out "/bin/scm")
+                                "-br" "new-catalog")))))))
     (inputs `(("slib" ,slib)))
     (native-inputs `(("unzip" ,unzip)
                      ("texinfo" ,texinfo)))
@@ -1025,3 +1022,80 @@ the same program, without any interference between them.  Foreign functions in C
 can be added and values can be defined in the Scheme environment.  Being quite a
 small program, it is easy to comprehend, get to grips with, and use.")
     (license bsd-3)))                   ; there are no licence headers
+
+(define-public stalin
+  (let ((commit "ed1c9e339c352b7a6fee40bb2a47607c3466f0be"))
+    ;; FIXME: The Stalin "source" contains C code generated by itself:
+    ;; 'stalin-AMD64.c', etc.
+    (package
+      (name "stalin")
+      (version "0.11")
+      (source (origin
+                ;; Use Pearlmutter's upstream branch with AMD64 patches
+                ;; applied. Saves us from including those 20M! patches
+                ;; in Guix. For more info, see:
+                ;; <ftp.ecn.purdue.edu/qobi/stalin-0.11-amd64-patches.tgz>
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/barak/stalin.git")
+                      (commit commit)))
+                (file-name (string-append name "-" version "-checkout"))
+                (sha256
+                 (base32
+                  "15a5gxj9v7jqlgkg0543gdflw0rbrir7fj5zgifnb33m074wiyhn"))
+                (modules '((guix build utils)))
+                (snippet
+                 ;; remove gc libs from build, we have them as input
+                 '(begin
+                    (delete-file "gc6.8.tar.gz")
+                    (delete-file-recursively "benchmarks")
+                    (substitute* "build"
+                      ((".*gc6.8.*") "")
+                      (("  cd \\.\\.") "")
+                      ((".*B include/libgc.a") "")
+                      ((".*make.*") ""))
+                    #t))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:make-flags (list "ARCH_OPTS=-freg-struct-return")
+         #:phases
+         (modify-phases %standard-phases
+           (replace 'configure
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out"))
+                      (include-out (string-append out "/include")))
+                 (invoke "./build")
+                 (for-each (lambda (fname)
+                             (install-file fname include-out))
+                           (find-files "include"))
+                 (substitute* "makefile"
+                   (("\\./include") include-out))
+                 (substitute* "post-make"
+                   (("`pwd`") out))
+                 #t)))
+           (delete 'check)
+           (replace 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let ((out (assoc-ref outputs "out")))
+                 (install-file "stalin.1"
+                               (string-append out "/share/man/man1"))
+                 (install-file "stalin"
+                               (string-append out "/bin"))
+                 #t))))))
+      (inputs
+       `(("libx11" ,libx11)))
+      (propagated-inputs
+       `(("libgc" ,libgc)))
+      (supported-systems '("x86_64-linux"))
+      (home-page "https://engineering.purdue.edu/~qobi/papers/fdlcc.pdf")
+      (synopsis "Brutally efficient Scheme compiler")
+      (description
+       "Stalin is an aggressively optimizing whole-program compiler
+for Scheme that does polyvariant interprocedural flow analysis,
+flow-directed interprocedural escape analysis, flow-directed
+lightweight CPS conversion, flow-directed lightweight closure
+conversion, flow-directed interprocedural lifetime analysis, automatic
+in-lining, unboxing, and flow-directed program-specific and
+program-point-specific low-level representation selection and code
+generation.")
+      (license gpl2+))))
diff --git a/gnu/packages/scribus.scm b/gnu/packages/scribus.scm
index 98bdf5d24e..dca1dc86e1 100644
--- a/gnu/packages/scribus.scm
+++ b/gnu/packages/scribus.scm
@@ -61,7 +61,19 @@
     (arguments
      `(#:tests? #f                      ;no test target
        #:configure-flags
-       '("-DWANT_GRAPHICSMAGICK=1")))
+       '("-DWANT_GRAPHICSMAGICK=1")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'wrap-program
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             ;; Fix "ImportError: No module named _sysconfigdata_nd" where
+             ;; Scribus checks PATH and eventually runs system's Python
+             ;; instead of package's.
+             (let* ((out (assoc-ref outputs "out"))
+                    (py2 (assoc-ref inputs "python")))
+               (wrap-program (string-append out "/bin/scribus")
+                 `("PATH" ":" prefix (,(string-append py2 "/bin")))))
+             #t)))))
     (inputs
      `(("boost" ,boost)
        ("cairo" ,cairo)
diff --git a/gnu/packages/sdl.scm b/gnu/packages/sdl.scm
index 43cf2795dd..3e21cde83c 100644
--- a/gnu/packages/sdl.scm
+++ b/gnu/packages/sdl.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -348,7 +349,7 @@ directory.")
 (define-public sdl2-image
   (package (inherit sdl-image)
     (name "sdl2-image")
-    (version "2.0.2")
+    (version "2.0.3")
     (source (origin
               (method url-fetch)
               (uri
@@ -356,7 +357,7 @@ directory.")
                               version ".tar.gz"))
               (sha256
                (base32
-                "1s3ciydixrgv34vlf45ak5syq5nlfaqf19wf162lbz4ixxd0gpvj"))))
+                "0s13dmakn21q6yw8avl67d4zkxzl1wap6l5nwf6cvzrmlxfw441m"))))
     (propagated-inputs
      (propagated-inputs-with-sdl2 sdl-image))))
 
@@ -503,7 +504,16 @@ sound and device input (keyboards, joysticks, mice, etc.).")
              (string-append "--with-libsdl2-ttf-prefix="
                             (assoc-ref %build-inputs "sdl2-ttf"))
              (string-append "--with-libsdl2-mixer-prefix="
-                            (assoc-ref %build-inputs "sdl2-mixer")))))
+                            (assoc-ref %build-inputs "sdl2-mixer")))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'configure 'patch-makefile
+           (lambda _
+             ;; Install compiled Guile files in the expected place.
+             (substitute* '("Makefile")
+               (("^godir = .*$")
+                "godir = $(moddir)\n"))
+             #t)))))
     (native-inputs
      `(("guile" ,guile-2.2)
        ("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/search.scm b/gnu/packages/search.scm
index e176fd1aa7..e9e74817f2 100644
--- a/gnu/packages/search.scm
+++ b/gnu/packages/search.scm
@@ -126,24 +126,24 @@ rich set of boolean query operators.")
     (inputs `(("unqlite" ,unqlite)))
     (arguments
      `(#:phases (modify-phases %standard-phases
-                  (add-before
-                   'configure 'chdir-source
-                   (lambda _ (chdir "libtocc/src")))
-                  (replace
-                   'check
-                   (lambda _
-                     (with-directory-excursion "../tests"
-                       (and (zero? (system* "./configure"
-                                            (string-append "CONFIG_SHELL="
-                                                           (which "sh"))
-                                            (string-append "SHELL="
-                                                           (which "sh"))
-                                            "CPPFLAGS=-I../src"
-                                            (string-append
-                                             "LDFLAGS=-L../src/.libs "
-                                             "-Wl,-rpath=../src/.libs")))
-                            (zero? (system* "make"))
-                            (zero? (system* "./libtocctests")))))))))
+                  (add-before 'configure 'chdir-source
+                    (lambda _
+                      (chdir "libtocc/src")
+                      #t))
+                  (replace 'check
+                    (lambda _
+                      (with-directory-excursion "../tests"
+                        (invoke "./configure"
+                                (string-append "CONFIG_SHELL="
+                                               (which "sh"))
+                                (string-append "SHELL="
+                                               (which "sh"))
+                                "CPPFLAGS=-I../src"
+                                (string-append
+                                 "LDFLAGS=-L../src/.libs "
+                                 "-Wl,-rpath=../src/.libs"))
+                        (invoke "make")
+                        (invoke "./libtocctests")))))))
     (home-page "https://t-o-c-c.com/")
     (synopsis "Tool for Obsessive Compulsive Classifiers")
     (description
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 9c8474dd02..7fdcaaf1ea 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -28,6 +28,7 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system glib-or-gtk)
   #:use-module (gnu packages autotools)
@@ -91,16 +92,15 @@ readers and is needed to communicate with such devices through the
 (define-public eid-mw
   (package
     (name "eid-mw")
-    (version "4.3.4")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append
-                    "https://github.com/Fedict/eid-mw/archive/v"
-                    version ".tar.gz"))
-              (file-name (string-append name "-" version ".tar.gz"))
-              (sha256
-               (base32
-                "1ay9znry9dkhhn783paqy8czvv3w5gdpmq8ag8znx9akza8c929z"))))
+    (version "4.4.3")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/Fedict/eid-mw")
+             (commit (string-append "v" version))))
+       (sha256
+        (base32 "1h90iz4l85drchpkmhlsvg7f9abhw6890fdr9x5n5ir3kxikwcdm"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("autoconf" ,autoconf)
@@ -121,9 +121,14 @@ readers and is needed to communicate with such devices through the
     (arguments
      `(#:phases
        (modify-phases %standard-phases
-         ;; The github tarball doesn't contain a configure script.
-         (add-before 'configure 'autoreconf
-           (lambda _ (zero? (system* "autoreconf" "-i")))))))
+         (add-after 'unpack 'bootstrap
+           (lambda _
+             ;; configure.ac relies on ‘git --describe’ to get the version.
+             ;; Patch it to just return the real version number directly.
+             (substitute* "scripts/build-aux/genver.sh"
+               (("/bin/sh") (which "sh"))
+               (("\\$GITDESC") ,version))
+             (invoke "sh" "./bootstrap.sh"))))))
     (synopsis "Belgian eID Middleware")
     (description "The Belgian eID Middleware is required to authenticate with
 online services using the Belgian electronic identity card.")
diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm
index 9562123bda..c56a991d99 100644
--- a/gnu/packages/selinux.scm
+++ b/gnu/packages/selinux.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016, 2017, 2018 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -201,10 +202,10 @@ the core SELinux management utilities.")
              (lambda _ (chdir ,name) #t))
            (add-after 'build 'pywrap
              (lambda* (#:key make-flags #:allow-other-keys)
-               (zero? (apply system* "make" "pywrap" make-flags))))
+               (apply invoke "make" "pywrap" make-flags)))
            (add-after 'install 'install-pywrap
              (lambda* (#:key make-flags #:allow-other-keys)
-               (zero? (apply system* "make" "install-pywrap" make-flags))))))))
+               (apply invoke "make" "install-pywrap" make-flags)))))))
     (inputs
      `(("libsepol" ,libsepol)
        ("libselinux" ,libselinux)
diff --git a/gnu/packages/smalltalk.scm b/gnu/packages/smalltalk.scm
index c0c53a5291..9b36d83a80 100644
--- a/gnu/packages/smalltalk.scm
+++ b/gnu/packages/smalltalk.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Nicolas Goaziou <mail@nicolasgoaziou.fr>
 ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -132,14 +133,15 @@ such as ones for networking and GUI programming.")
            (lambda* (#:key outputs #:allow-other-keys)
              (let ((out (assoc-ref outputs "out")))
                (with-directory-excursion "bld"
-                 (zero?
-                  (system* "../unix/cmake/configure"
+                 (invoke "../unix/cmake/configure"
                            (string-append "--prefix=" out)
-                           "--without-quartz"))))))
+                           "--without-quartz")
+                 #t))))
          (replace 'build
            (lambda _
              (with-directory-excursion "bld"
-               (zero? (system* "make"))))))))
+               (invoke "make"))
+             #t)))))
     (synopsis "Smalltalk programming language and environment")
     (description "Squeak is a full-featured implementation of the Smalltalk
 programming language and environment based on (and largely compatible with)
diff --git a/gnu/packages/spice.scm b/gnu/packages/spice.scm
index 38d4a3a6bd..a648634646 100644
--- a/gnu/packages/spice.scm
+++ b/gnu/packages/spice.scm
@@ -128,7 +128,7 @@ system to use the host GPU to accelerate 3D rendering.")
 (define-public spice-protocol
   (package
     (name "spice-protocol")
-    (version "0.12.13")
+    (version "0.12.14")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -136,7 +136,7 @@ system to use the host GPU to accelerate 3D rendering.")
                 "spice-protocol-" version ".tar.bz2"))
               (sha256
                (base32
-                "0cwrgkp558mblcf4vrhacb3iizz12khsrrl82w38w9nj0ar13vl9"))))
+                "170ckpgazvqv7hxy209myg67pqnd6c0gvr4ysbqgsfch6320nd90"))))
     (build-system gnu-build-system)
     (synopsis "Protocol headers for the SPICE protocol")
     (description "SPICE (the Simple Protocol for Independent Computing
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index dd8518002d..cd92c62f58 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -256,22 +256,22 @@ Additionally, various channel-specific options can be negotiated.")
      '(#:phases (modify-phases %standard-phases
                   (add-after 'unpack 'autoreconf
                     (lambda* (#:key inputs #:allow-other-keys)
-                      (zero? (system* "autoreconf" "-vfi"))))
+                      (invoke "autoreconf" "-vfi")))
                   (add-before 'build 'fix-libguile-ssh-file-name
                     (lambda* (#:key outputs #:allow-other-keys)
                       ;; Build and install libguile-ssh.so so that we can use
                       ;; its absolute file name in .scm files, before we build
                       ;; the .go files.
-                      (and (zero? (system* "make" "install"
-                                           "-C" "libguile-ssh"
-                                           "-j" (number->string
-                                                 (parallel-job-count))))
-                           (let* ((out      (assoc-ref outputs "out"))
-                                  (libdir   (string-append out "/lib")))
-                             (substitute* (find-files "." "\\.scm$")
-                               (("\"libguile-ssh\"")
-                                (string-append "\"" libdir "/libguile-ssh\"")))
-                             #t))))
+                      (let* ((out (assoc-ref outputs "out"))
+                             (lib (string-append out "/lib")))
+                        (invoke "make" "install"
+                                "-C" "libguile-ssh"
+                                "-j" (number->string
+                                      (parallel-job-count)))
+                        (substitute* (find-files "." "\\.scm$")
+                          (("\"libguile-ssh\"")
+                           (string-append "\"" lib "/libguile-ssh\"")))
+                        #t)))
                   (add-after 'install 'remove-bin-directory
                     (lambda* (#:key outputs #:allow-other-keys)
                       (let* ((out (assoc-ref outputs "out"))
@@ -329,29 +329,25 @@ libssh library.")
                 "1gmhas4va6gd70i2x2mpxpwpgww6413mji29mg282jms3jscn3qd"))))
     (build-system gnu-build-system)
     (arguments
-     ;; Replace configure phase as the ./configure script does not link
-     ;; CONFIG_SHELL and SHELL passed as parameters
-     '(#:phases
+     `(#:phases
        (modify-phases %standard-phases
          (replace 'configure
-           (lambda* (#:key outputs inputs system build target
-                           #:allow-other-keys #:rest args)
-             (let* ((configure (assoc-ref %standard-phases 'configure))
-                    (prefix (assoc-ref outputs "out"))
-                    (bash   (which "bash"))
+           ;; Replace configure phase as the ./configure script does not like
+           ;; CONFIG_SHELL and SHELL passed as parameters
+           (lambda* (#:key outputs build target #:allow-other-keys)
+             (let* ((out   (assoc-ref outputs "out"))
+                    (bash  (which "bash"))
                     ;; Set --build and --host flags as the provided config.guess
                     ;; is not able to detect them
-                    (flags `(,(string-append "--prefix=" prefix)
+                    (flags `(,(string-append "--prefix=" out)
                              ,(string-append "--build=" build)
                              ,(string-append "--host=" (or target build)))))
                (setenv "CONFIG_SHELL" bash)
-               (zero? (apply system* bash
-                             (string-append "." "/configure")
-                             flags)))))
+               (apply invoke bash "./configure" flags))))
          (add-after 'install 'install-documentation
            (lambda* (#:key outputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out"))
-                    (doc (string-append out "/share/doc/corkscrew")))
+                    (doc (string-append out "/share/doc/" ,name "-" ,version)))
                (install-file "README" doc)
                #t))))))
     (home-page "http://www.agroman.net/corkscrew")
diff --git a/gnu/packages/sssd.scm b/gnu/packages/sssd.scm
index 28a364ebd5..0ff94cdd24 100644
--- a/gnu/packages/sssd.scm
+++ b/gnu/packages/sssd.scm
@@ -81,14 +81,14 @@ fundamental object types for C.")
 (define-public sssd
   (package
     (name "sssd")
-    (version "1.16.1")
+    (version "1.16.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://releases.pagure.org/SSSD/sssd/"
                                   "sssd-" version ".tar.gz"))
               (sha256
                (base32
-                "0vjh1c5960wh86zjsamdjhljls7bb5fz5jpcazgzrpmga5w6ggrd"))))
+                "032ppk57qs1lnvz7pb7lw9ldwm9i1yagh9fzgqgn6na3bg61ynzy"))))
     (build-system gnu-build-system)
     (arguments
      `(#:make-flags
@@ -165,6 +165,7 @@ fundamental object types for C.")
      `(("check" ,check)
        ("docbook-xsl" ,docbook-xsl)
        ("docbook-xml" ,docbook-xml)
+       ("libxml2" ,libxml2)             ; for xmllint
        ("libxslt" ,libxslt)
        ("pkg-config" ,pkg-config)
        ("util-linux" ,util-linux)))     ; for uuid.h, reqired for KCM
diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm
index 3eba723a43..8be3ce1a80 100644
--- a/gnu/packages/statistics.scm
+++ b/gnu/packages/statistics.scm
@@ -532,14 +532,14 @@ nonlinear mixed-effects models.")
 (define-public r-mgcv
   (package
    (name "r-mgcv")
-   (version "1.8-23")
+   (version "1.8-24")
    (source
     (origin
      (method url-fetch)
      (uri (cran-uri "mgcv" version))
      (sha256
       (base32
-       "1lsrhf1yzn25pfn3f5x8yxjqnfryim4jx3iqd7ah8aalh5asqwbp"))))
+       "15b76m1f0hz8dbmj9shqvslihdx5b7c48vck9grj5xs1z2y45r9c"))))
    (build-system r-build-system)
    (propagated-inputs
     `(("r-matrix" ,r-matrix)
@@ -835,13 +835,13 @@ see package vignette.  To quote Rene Magritte, \"Ceci n'est pas un pipe.\"")
 (define-public r-munsell
   (package
     (name "r-munsell")
-    (version "0.4.3")
+    (version "0.5.0")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "munsell" version))
        (sha256
-        (base32 "0jdxlbjslkzaqgp058da1cgm85qvqi09wpcgpvp4hvwnmy83qz1r"))))
+        (base32 "16g1fzisbpqb15yh3pqf3iia4csppva5dnv1z88x9dg263xskwyh"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-colorspace" ,r-colorspace)))
@@ -960,14 +960,14 @@ solution for sending email, including attachments, from within R.")
 (define-public r-stringi
   (package
     (name "r-stringi")
-    (version "1.2.2")
+    (version "1.2.3")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "stringi" version))
        (sha256
         (base32
-         "1z8yqnh3alq0xriz77vifgl27msf3av6maz07fld78m90ajb6y8r"))))
+         "1sgg4krw03qkz1n4dwiya0djggk7giwd0w21qlp0pfjqi0rxq6qx"))))
     (build-system r-build-system)
     (inputs `(("icu4c" ,icu4c)))
     (native-inputs `(("pkg-config" ,pkg-config)))
@@ -1289,13 +1289,13 @@ There is also a Shiny app as a user interface in this package.")
 (define-public r-highr
   (package
     (name "r-highr")
-    (version "0.6")
+    (version "0.7")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "highr" version))
               (sha256
                (base32
-                "0n9v44dxdy5fhkdmpbpa2p78whyd9z3rhhy42ipdz5m5vsr55qa3"))))
+                "1dzknqk4x7iiiq1jkh9bqm5qcvs7mbqxbkn5955050payavabfya"))))
     (build-system r-build-system)
     (home-page "https://github.com/yihui/highr")
     (synopsis "Syntax highlighting for R source code")
@@ -1816,7 +1816,8 @@ and fast file reading.")
     (arguments
      `(#:phases
        (modify-phases %standard-phases
-         (replace 'check (lambda _ (zero? (system* "nosetests" "-v")))))))
+         (replace 'check
+           (lambda _ (invoke "nosetests" "-v"))))))
     (propagated-inputs
      `(("python-numpy" ,python-numpy)
        ("python-scipy" ,python-scipy)
@@ -2603,14 +2604,14 @@ certain criterion, e.g., it contains a certain regular file.")
 (define-public r-rmarkdown
   (package
     (name "r-rmarkdown")
-    (version "1.9")
+    (version "1.10")
     (source
       (origin
         (method url-fetch)
         (uri (cran-uri "rmarkdown" version))
         (sha256
           (base32
-            "0wq6kbhrkv3fhcy4hg5yyv9gdvf8gr4nsjwdifs4ih8lnn0dmdyb"))))
+            "0mh2f3k98w7pgz0ri34149s4kx5y0kfm27nwq64k0qwxd16hwd9r"))))
     (properties `((upstream-name . "rmarkdown")))
     (build-system r-build-system)
     (propagated-inputs
@@ -2622,6 +2623,7 @@ certain criterion, e.g., it contains a certain regular file.")
        ("r-mime" ,r-mime)
        ("r-rprojroot" ,r-rprojroot)
        ("r-stringr" ,r-stringr)
+       ("r-tinytex" ,r-tinytex)
        ("r-yaml" ,r-yaml)
        ;; rmarkdown works with the 2.x release of Pandoc, but with degraded
        ;; functionality.  For example, tabbed plots do not currently work with
@@ -4038,14 +4040,14 @@ routines.")
 (define-public r-fastcluster
   (package
     (name "r-fastcluster")
-    (version "1.1.24")
+    (version "1.1.25")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "fastcluster" version))
        (sha256
         (base32
-         "15drhl22wm8whsy6b3vv754skfddiydb068zn1whrw5sknvkkjc2"))))
+         "01a2xnhhvv1swd4g8p4lzyn7ww7kg49jlnzc7kfz60jqjzpisrpk"))))
     (build-system r-build-system)
     (home-page "http://danifold.net/fastcluster.html")
     (synopsis "Fast hierarchical clustering routines")
@@ -4222,13 +4224,13 @@ mechanism.")
 (define-public r-zoo
   (package
     (name "r-zoo")
-    (version "1.8-1")
+    (version "1.8-2")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "zoo" version))
               (sha256
                (base32
-                "16nc5jnpkf5j9vgq3pzssv7knj30mi055wj7q3sygz3l0d88hgfr"))))
+                "1lpwigxmi5sc23xrha4gcsccsm4yfsg0sa97y6vac3pg1lliblvx"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-lattice" ,r-lattice)))
diff --git a/gnu/packages/suckless.scm b/gnu/packages/suckless.scm
index a343e3cb6e..dbfaa29127 100644
--- a/gnu/packages/suckless.scm
+++ b/gnu/packages/suckless.scm
@@ -100,9 +100,8 @@ a custom raw video format with a simple container.")
         (replace 'install
           (lambda* (#:key outputs #:allow-other-keys)
             (let ((out (assoc-ref outputs "out")))
-              (zero?
-               (system* "make" "install"
-                        (string-append "DESTDIR=" out) "PREFIX=")))))
+              (invoke "make" "install"
+                      (string-append "DESTDIR=" out) "PREFIX="))))
         (add-after 'build 'install-xsession
           (lambda* (#:key outputs #:allow-other-keys)
             ;; Add a .desktop file to xsessions.
diff --git a/gnu/packages/syncthing.scm b/gnu/packages/syncthing.scm
index f43c51714a..14e83b5861 100644
--- a/gnu/packages/syncthing.scm
+++ b/gnu/packages/syncthing.scm
@@ -490,34 +490,6 @@ address of the default LAN gateway.")
       (home-page "https://github.com/jackpal/gateway")
       (license bsd-3))))
 
-(define-public go-github-com-kardianos-osext
-  (let ((commit "ae77be60afb1dcacde03767a8c37337fad28ac14")
-        (revision "1"))
-    (package
-      (name "go-github-com-kardianos-osext")
-      (version (git-version "0.0.0" revision commit))
-      (source (origin
-                (method git-fetch)
-                (uri (git-reference
-                      (url "https://github.com/kardianos/osext")
-                      (commit commit)))
-                (file-name (git-file-name name version))
-                (sha256
-                 (base32
-                  "056dkgxrqjj5r18bnc3knlpgdz5p3yvp12y4y978hnsfhwaqvbjz"))))
-      (build-system go-build-system)
-      (arguments
-       `(#:import-path "github.com/kardianos/osext"
-         ;; The tests are flaky:
-         ;; <https://github.com/kardianos/osext/issues/21>
-         #:tests? #f))
-      (synopsis "Find the running executable")
-      (description "Osext provides a method for finding the current executable
-file that is running.  This can be used for upgrading the current executable or
-finding resources located relative to the executable file.")
-      (home-page "https://github.com/kardianos/osext")
-      (license bsd-3))))
-
 (define-public go-github-com-lib-pq
   (let ((commit "83612a56d3dd153a94a629cd64925371c9adad78")
         (revision "1"))
diff --git a/gnu/packages/syndication.scm b/gnu/packages/syndication.scm
index 27b49895e2..f37c0eaac5 100644
--- a/gnu/packages/syndication.scm
+++ b/gnu/packages/syndication.scm
@@ -32,7 +32,7 @@
 (define-public newsboat
   (package
     (name "newsboat")
-    (version "2.11.1")
+    (version "2.12")
     (source
      (origin
        (method url-fetch)
@@ -40,7 +40,7 @@
                            "/newsboat-" version ".tar.xz"))
        (sha256
         (base32
-         "1krpxl854h5dwmpr81m1s84cwk8zivdzvw0s5s0i4dba736pvdma"))))
+         "1x23zlgljaqf46v7sp8wnkyf6wighvirvn48ankpa34yr8mvrgcv"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("gettext" ,gettext-minimal)
@@ -60,7 +60,7 @@
          (delete 'configure)            ; no configure script
          (add-after 'build 'build-documentation
            (lambda _
-             (zero? (system* "make" "doc")))))
+             (invoke "make" "doc"))))
        #:make-flags
        (list (string-append "prefix=" (assoc-ref %outputs "out")))
        #:test-target "test"))
diff --git a/gnu/packages/telephony.scm b/gnu/packages/telephony.scm
index 6b625b5d3f..246d85901c 100644
--- a/gnu/packages/telephony.scm
+++ b/gnu/packages/telephony.scm
@@ -218,7 +218,7 @@ internet.")
 (define-public libsrtp
   (package
     (name "libsrtp")
-    (version "1.6.0")
+    (version "2.2.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/cisco/libsrtp/archive/v"
@@ -226,31 +226,13 @@ internet.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1ppdqsrx5ni54vmd4kdzzmvgmf5ixb04w0jw7idy8mad6l27jghs"))))
+                "02x5l5h2nq6f9gq1bmgz5v9jmnqaab51p8aldglng1z7pjbp9za4"))))
     (native-inputs
      `(("psmisc" ,psmisc)               ;some tests require 'killall'
        ("procps" ,procps)))
     (build-system gnu-build-system)
     (arguments
-     '(#:test-target "runtest"
-       #:phases
-       (modify-phases %standard-phases
-         (add-after 'unpack 'patch-mips-variable-in-testsuite
-           ;; This comes from https://github.com/cisco/libsrtp/pull/151
-           (lambda _
-             (substitute* "test/srtp_driver.c"
-               (("mips ") "mips_est ")
-               (("mips\\)") "mips_est)"))
-             #t))
-         (add-after 'unpack 'patch-dictionary-location
-           ;; With the above changes, the rtpw_test.sh test finally runs, and fails.
-           (lambda _
-             (substitute* "test/rtpw.c"
-               (("/usr/share/dict/words")
-                (string-append (assoc-ref %build-inputs "procps")
-                               "/share/doc/procps-ng/FAQ"))
-               (("words.txt") "FAQ"))
-             #t)))))
+     '(#:test-target "runtest"))
     (synopsis "Secure RTP (SRTP) Reference Implementation")
     (description
      "This package provides an implementation of the Secure Real-time Transport
@@ -387,6 +369,7 @@ address of one of the participants.")
               (sha256
                (base32
                 "1s60vaici3v034jzzi20x23hsj6mkjlc0glipjq4hffrg9qgnizh"))
+              (patches (search-patches "mumble-1.2.19-abs.patch"))
               (modules '((guix build utils)))
               (snippet
                `(begin
diff --git a/gnu/packages/terminals.scm b/gnu/packages/terminals.scm
index 1cd00f4621..5cdc081398 100644
--- a/gnu/packages/terminals.scm
+++ b/gnu/packages/terminals.scm
@@ -10,6 +10,7 @@
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Petter <petter@mykolab.ch>
 ;;; Copyright © 2018 Hartmut Goebel <h.goebel@crazy-compilers.com>
+;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -47,6 +48,7 @@
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages gtk)
+  #:use-module (gnu packages libevent)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages perl)
@@ -55,6 +57,8 @@
   #:use-module (gnu packages python)
   #:use-module (gnu packages python-web)
   #:use-module (gnu packages qt)
+  #:use-module (gnu packages serialization)
+  #:use-module (gnu packages ssh)
   #:use-module (gnu packages textutils)
   #:use-module (gnu packages wm)
   #:use-module (gnu packages xdisorg)
@@ -845,3 +849,33 @@ per-line fullscreen terminal rendering, and keyboard input event reporting.")
 
 (define-public python2-curtsies
   (package-with-python2 python-curtsies))
+
+(define-public tmate
+  (package
+    (name "tmate")
+    (version "2.2.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/tmate-io/tmate/archive/"
+                           version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "01f3hhm3x0sd6apyb1ajkjfdfvq5m2759w00yp2slr9fyicsrhnr"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("libevent" ,libevent)
+       ("libssh" ,libssh)
+       ("msgpack" ,msgpack)
+       ("ncurses" ,ncurses)))
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("pkg-config" ,pkg-config)))
+    (home-page "https://tmate.io/")
+    (synopsis "Terminal sharing application")
+    (description "tmate is a terminal sharing application that allows you to
+share your terminal with other users over the Internet.  tmate is a fork of
+tmux.")
+    (license license:isc)))
diff --git a/gnu/packages/tex.scm b/gnu/packages/tex.scm
index 6ce36f871d..98fc9f0921 100644
--- a/gnu/packages/tex.scm
+++ b/gnu/packages/tex.scm
@@ -175,21 +175,24 @@
                            (string-prefix? "mips64" s))))
       #:phases
       (modify-phases %standard-phases
-        (add-after 'unpack 'use-code-for-new-poppler
-          (lambda _
-            (copy-file "texk/web2c/pdftexdir/pdftoepdf-newpoppler.cc"
-                       "texk/web2c/pdftexdir/pdftoepdf.cc")
-            (copy-file "texk/web2c/pdftexdir/pdftosrc-newpoppler.cc"
-                       "texk/web2c/pdftexdir/pdftosrc.cc")
-            #t))
-        (add-after 'unpack 'fix-unix-detection
+        (add-after 'unpack 'configure-ghostscript-executable
           ;; ps2eps.pl uses the "gswin32c" ghostscript executable on Windows,
           ;; and the "gs" ghostscript executable on Unix. It detects Unix by
           ;; checking for the existence of the /usr/bin directory. Since
           ;; GuixSD does not have /usr/bin, it is also detected as Windows.
-          (lambda _
+          (lambda* (#:key inputs #:allow-other-keys)
             (substitute* "utils/ps2eps/ps2eps-src/bin/ps2eps.pl"
               (("gswin32c") "gs"))
+            (substitute* "texk/texlive/linked_scripts/epstopdf/epstopdf.pl"
+              (("\"gs\"")
+               (string-append "\"" (assoc-ref inputs "ghostscript") "/bin/gs\"")))
+            #t))
+        (add-after 'unpack 'use-code-for-new-poppler
+          (lambda _
+            (copy-file "texk/web2c/pdftexdir/pdftoepdf-newpoppler.cc"
+                       "texk/web2c/pdftexdir/pdftoepdf.cc")
+            (copy-file "texk/web2c/pdftexdir/pdftosrc-newpoppler.cc"
+                       "texk/web2c/pdftexdir/pdftosrc.cc")
             #t))
         (add-after 'install 'postint
           (lambda* (#:key inputs outputs #:allow-other-keys #:rest args)
diff --git a/gnu/packages/time.scm b/gnu/packages/time.scm
index a2f8a80704..fc831ab6cc 100644
--- a/gnu/packages/time.scm
+++ b/gnu/packages/time.scm
@@ -287,14 +287,14 @@ value (in fractional seconds) of a clock which never goes backwards.")
 (define-public python-pyrfc3339
   (package
     (name "python-pyrfc3339")
-    (version "1.0")
+    (version "1.1")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "pyRFC3339" version))
        (sha256
         (base32
-         "0dgm4l9y8jiax5cp6yxjd2i27cq8h33sh81n1wfbmnmqb32cdywd"))))
+         "06jv7ar7lpvvk0dixzwdr3wgm0g1lipxs429s2z7knwwa7hwpf41"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-pytz" ,python-pytz)))
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index a934a50878..e89dc85d18 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -12,6 +12,7 @@
 ;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
+;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -38,10 +39,14 @@
   #:use-module (guix build-system python)
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system haskell)
+  #:use-module (guix build-system trivial)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages)
+  #:use-module (gnu packages bash)
   #:use-module (gnu packages check)
+  #:use-module (gnu packages curl)
   #:use-module (gnu packages dns)
+  #:use-module (gnu packages gawk)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages haskell)
   #:use-module (gnu packages haskell-check)
@@ -255,6 +260,7 @@ required structures.")
 (define-public openssl
   (package
    (name "openssl")
+   (replacement openssl/fixed)
    (version "1.0.2o")
    (source (origin
              (method url-fetch)
@@ -391,6 +397,15 @@ required structures.")
    (license license:openssl)
    (home-page "https://www.openssl.org/")))
 
+(define openssl/fixed
+  (package
+    (inherit openssl)
+    (source (origin
+              (inherit (package-source openssl))
+              (patches (append (origin-patches (package-source openssl))
+                               (search-patches "openssl-1.0.2-CVE-2018-0495.patch"
+                                               "openssl-1.0.2-CVE-2018-0732.patch")))))))
+
 (define-public openssl-next
   (package
     (inherit openssl)
@@ -405,7 +420,9 @@ required structures.")
                         (string-append "ftp://ftp.openssl.org/source/old/"
                                        (string-trim-right version char-set:letter)
                                        "/" name "-" version ".tar.gz")))
-              (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
+              (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"
+                                       "openssl-1.1.0-CVE-2018-0495.patch"
+                                       "openssl-1.1.0-CVE-2018-0732.patch"))
               (sha256
                (base32
                 "05x509lccqjscgyi935z809pwfm708islypwhmjnb6cyvrn64daq"))))
@@ -459,14 +476,14 @@ required structures.")
 (define-public libressl
   (package
     (name "libressl")
-    (version "2.7.3")
+    (version "2.7.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://openbsd/LibreSSL/"
                                   name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1597kj9jy3jyw52ys19sd4blg2gkam5q0rqdxbnrnvnyw67hviqn"))))
+                "19kxa5i97q7p6rrps9qm0nd8zqhdjvzx02j72400c73cl2nryfhy"))))
     (build-system gnu-build-system)
     (arguments
      ;; Do as if 'getentropy' was missing since older Linux kernels lack it
@@ -503,13 +520,13 @@ netcat implementation that supports TLS.")
   (package
     (name "python-acme")
     ;; Remember to update the hash of certbot when updating python-acme.
-    (version "0.24.0")
+    (version "0.25.1")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "acme" version))
               (sha256
                (base32
-                "1jq1nlly5146k08dw31fc1pw78plya5jswznnd512c08giif0mfn"))))
+                "0d177dhy8a7472pz9v4blrlk02d8fp6s52li7z8v3dv97pvz7da7"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -528,6 +545,7 @@ netcat implementation that supports TLS.")
     ;; TODO: Add optional inputs for testing.
     (native-inputs
      `(("python-mock" ,python-mock)
+       ("python-pytest" ,python-pytest)
        ;; For documentation
        ("python-sphinx" ,python-sphinx)
        ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
@@ -537,6 +555,7 @@ netcat implementation that supports TLS.")
      `(("python-josepy" ,python-josepy)
        ("python-six" ,python-six)
        ("python-requests" ,python-requests)
+       ("python-requests-toolbelt" ,python-requests-toolbelt)
        ("python-pytz" ,python-pytz)
        ("python-pyrfc3339" ,python-pyrfc3339)
        ("python-pyasn1" ,python-pyasn1)
@@ -558,7 +577,7 @@ netcat implementation that supports TLS.")
               (uri (pypi-uri name version))
               (sha256
                (base32
-                "0w3dbz74rpabjnc3l3ybnzjdypbr65lsjqf9yn243b5kid9d8wm0"))))
+                "0kp56gwn1bnlrag9qidhm1i5ifdp5z6y1ravh3yimfrkc4cfa8sw"))))
     (build-system python-build-system)
     (arguments
      `(,@(substitute-keyword-arguments (package-arguments python-acme)
@@ -805,7 +824,7 @@ then ported to the GNU / Linux environment.")
 (define-public mbedtls-apache
   (package
     (name "mbedtls-apache")
-    (version "2.7.3")
+    (version "2.7.4")
     (source
      (origin
        (method url-fetch)
@@ -815,7 +834,7 @@ then ported to the GNU / Linux environment.")
                            version "-apache.tgz"))
        (sha256
         (base32
-         "0rfpcc4i01qsl66iy1z9vaw00s34h4qgx3r41i1v5vazv7vjla05"))))
+         "1x9qia3rd77brz6qiv46w3ham2q78shn2rsz1jbpgqq0jpa69q9l"))))
     (build-system cmake-build-system)
     (arguments
      `(#:configure-flags
@@ -873,3 +892,69 @@ implement the SSL3.0, TLS1.0, TLS1.1 and TLS1.2 protocol, and support RSA and
 Ephemeral (Elliptic curve and regular) Diffie Hellman key exchanges, and many
 extensions.")
     (license license:bsd-3)))
+
+(define-public dehydrated
+  (package
+    (name "dehydrated")
+    (version "0.6.2")
+    (source (origin
+              (method url-fetch/tarbomb)
+              (uri (string-append
+                    "https://github.com/lukas2511/dehydrated/archive/v"
+                    version ".tar.gz"))
+              (sha256
+               (base32
+                "03p80yj6bnzjc6dkp5hb9wpplmlrla8n5src71cnzw4rj53q8cqn"))
+              (file-name (string-append name "-" version ".tar.gz"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let* ((source (assoc-ref %build-inputs "source"))
+                (out (assoc-ref %outputs "out"))
+                (bin (string-append out "/bin"))
+                (bash (in-vicinity (assoc-ref %build-inputs "bash") "bin")))
+           (mkdir-p bin)
+           (with-directory-excursion bin
+             (copy-file
+              (in-vicinity source (string-append "/dehydrated-" ,version
+                                                 "/dehydrated"))
+              (in-vicinity bin "dehydrated"))
+             (patch-shebang "dehydrated" (list bash))
+
+             ;; Do not try to write in the store.
+             (substitute* "dehydrated"
+               (("SCRIPTDIR=\"\\$.*\"") "SCRIPTDIR=~/.dehydrated"))
+
+             (setenv "PATH" bash)
+             (wrap-program "dehydrated"
+               `("PATH" ":" prefix
+                 ,(map (lambda (dir)
+                         (string-append dir "/bin"))
+                       (map (lambda (input)
+                              (assoc-ref %build-inputs input))
+                            '("coreutils"
+                              "curl"
+                              "diffutils"
+                              "gawk"
+                              "grep"
+                              "openssl"
+                              "sed"))))))
+           #t))))
+    (inputs
+     `(("bash" ,bash)
+       ("coreutils" ,coreutils)
+       ("curl" ,curl)
+       ("diffutils" ,diffutils)
+       ("gawk" ,gawk)
+       ("grep" ,grep)
+       ("openssl" ,openssl)
+       ("sed" ,sed)))
+    (home-page "https://dehydrated.io/")
+    (synopsis "Let's Encrypt/ACME client implemented as a shell script")
+    (description "Dehydrated is a client for signing certificates with an
+ACME-server (currently only provided by Let's Encrypt) implemented as a
+relatively simple Bash script.")
+    (license license:expat)))
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index b18673b81b..054d1e4029 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -47,14 +47,14 @@
 (define-public tor
   (package
     (name "tor")
-    (version "0.3.3.6")
+    (version "0.3.3.7")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://dist.torproject.org/tor-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "1drk2h8zd05xrfpx7xn77pcxz0hs4nrq6figw56qk5gkvgv5kg4r"))))
+               "036ybfvldj7yfci9ipjki8smpzyxdg8c5r12bghc9yxdqh9basza"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags (list "--enable-gcc-hardening"
@@ -256,51 +256,46 @@ from you.")
                    license:bsd-3))))    ; onionshare/socks.py
 
 (define-public nyx
-  ;; The last ‘arm’ relase was 5 years ago.  Meanwhile, python3 support has
-  ;; been added and the software was renamed to ‘nyx’.
-  (let ((commit "fea209127484d9b304b908a4711c9528b1d065bc")
-        (revision "1"))                 ; Guix package revision
-    (package
-      (name "nyx")
-      (version (string-append "1.9-"
-                              revision "." (string-take commit 7)))
-      (source
-       (origin
-         (method git-fetch)
-         (file-name (string-append name "-" version "-checkout"))
-         (uri (git-reference
-               (url "https://git.torproject.org/nyx.git")
-               (commit commit)))
-         (sha256
-          (base32
-           "1g0l4988076xg5gs0x0nxzlg58rfx5g5agmklvyh4yp03vxncdb9"))))
-      (build-system python-build-system)
-      (native-inputs
-       `(("python-mock" ,python-mock)
-         ("python-pep8" ,python-pep8)
-         ("python-pyflakes" ,python-pyflakes)))
-      (inputs
-       `(("python-stem" ,python-stem)))
-      (arguments
-       `(#:configure-flags
-         (list (string-append "--man-page="
-                              (assoc-ref %outputs "out")
-                              "/share/man/man1/nyx.1")
-               (string-append "--sample-path="
-                              (assoc-ref %outputs "out")
-                              "/share/doc/nyx/nyxrc.sample"))
-         #:use-setuptools? #f           ; setup.py still uses distutils
-         #:phases
-         (modify-phases %standard-phases
-           (replace 'check
-             (lambda _
-               (zero? (system* "./run_tests.py" "--unit")))))))
-      ;; A Nyx home page is ‘being worked on’.  Use Arm's for now, which at
-      ;; least mentions the new source repository:
-      (home-page "http://www.atagar.com/arm/")
-      (synopsis "Tor relay status monitor")
-      (description "Nyx (formerly Anonymizing Relay Monitor or \"arm\")
-monitors the performance of relays participating in the
+  (package
+    (name "nyx")
+    (version "2.0.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri name version))
+       (patches
+        (search-patches "nyx-show-header-stats-with-python3.patch"))
+       (sha256
+        (base32
+         "0pm7vfcqr02pzqz4b2f6sw5prxxmgqwr1912am42xmy2i53n7nrq"))))
+    (build-system python-build-system)
+    (inputs
+     `(("python-stem" ,python-stem)))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'install-man-page
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (man (string-append out "/share/man")))
+               (install-file "nyx.1" (string-append man "/man1"))
+               #t)))
+         (add-after 'install 'install-sample-configuration
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (doc (string-append out "/share/doc/" ,name "-" ,version)))
+               (install-file "web/nyxrc.sample" doc)
+               #t))))
+       ;; XXX The tests seem to require more of a real terminal than the build
+       ;; environment provides:
+       ;;   _curses.error: setupterm: could not find terminal
+       ;; With TERM=linux, the tests try to move the cursor and still fail:
+       ;;   _curses.error: cbreak() returned ERR
+       #:tests? #f))
+    (home-page "https://nyx.torproject.org/")
+    (synopsis "Tor relay status monitor")
+    (description
+     "Nyx monitors the performance of relays participating in the
 @uref{https://www.torproject.org/, Tor anonymity network}.  It displays this
 information visually and in real time, using a curses-based terminal interface.
 This makes Nyx well-suited for remote shell connections and servers without a
@@ -316,4 +311,4 @@ statistics and status reports on:
 @end enumerate
 
 Potential client and exit connections are scrubbed of sensitive information.")
-      (license license:gpl3+))))
+    (license license:gpl3+)))
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 5487298929..86d6afef3e 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -53,6 +53,7 @@
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages documentation)
   #:use-module (gnu packages base)
+  #:use-module (gnu packages bash)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages boost)
   #:use-module (gnu packages check)
@@ -144,14 +145,14 @@ as well as the classic centralized workflow.")
    (name "git")
    ;; XXX When updating Git, check if the special 'git:src' input to cgit needs
    ;; to be updated as well.
-   (version "2.17.1")
+   (version "2.18.0")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://kernel.org/software/scm/git/git-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "0pm6bdnrrm165k3krnazxcxadifk2gqi30awlbcf9fism1x6w4vr"))))
+              "14hfwfkrci829a9316hnvkglnqqw1p03cw9k56p4fcb078wbwh4b"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("native-perl" ,perl)
@@ -164,7 +165,7 @@ as well as the classic centralized workflow.")
                 version ".tar.xz"))
           (sha256
            (base32
-            "0m7grrwsqaihdgcgaicxiy4rlqjpa75n5wl6hi2qhi33xa34gmc3"))))))
+            "15k04s9pcc5wkmlfa8x99nbgczjbx0c91767ciqmjy9kwsavxqws"))))))
    (inputs
     `(("curl" ,curl)
       ("expat" ,expat)
@@ -173,6 +174,10 @@ as well as the classic centralized workflow.")
       ("python" ,python-2) ; CAVEAT: incompatible with python-3 according to INSTALL
       ("zlib" ,zlib)
 
+      ;; Note: we keep this in inputs rather than native-inputs to work around
+      ;; a problem in 'patch-shebangs'; see <https://bugs.gnu.org/31952>.
+      ("bash-for-tests" ,bash)
+
       ;; For 'gitweb.cgi'
       ("perl-cgi" ,perl-cgi)
 
@@ -191,14 +196,28 @@ as well as the classic centralized workflow.")
    (outputs '("out"                               ; the core
               "send-email"                        ; for git-send-email
               "svn"                               ; git-svn
+              "credential-netrc"                  ; git-credential-netrc
               "gui"))                             ; gitk, git gui
    (arguments
     `(#:make-flags `("V=1"                        ;more verbose compilation
 
+                     ,(string-append "SHELL_PATH="
+                                     (assoc-ref %build-inputs "bash")
+                                     "/bin/sh")
+
+                     ;; Tests require a bash with completion support.
+                     ,(string-append "TEST_SHELL_PATH="
+                                     (assoc-ref %build-inputs "bash-for-tests")
+                                     "/bin/bash")
+
                      ;; By default 'make install' creates hard links for
                      ;; things in 'libexec/git-core', which leads to huge
                      ;; nars; see <https://bugs.gnu.org/21949>.
                      "NO_INSTALL_HARDLINKS=indeed")
+
+      ;; Make sure the full bash does not end up in the final closure.
+      #:disallowed-references (,bash)
+
       #:test-target "test"
 
       ;; Tests fail randomly when parallel: <https://bugs.gnu.org/29512>.
@@ -211,13 +230,23 @@ as well as the classic centralized workflow.")
                                              "/bin/wish8.6")) ; XXX
 
       #:modules ((srfi srfi-1)
+                 (srfi srfi-26)
                  ,@%gnu-build-system-modules)
       #:phases
       (modify-phases %standard-phases
+        (add-after 'unpack 'modify-PATH
+          (lambda* (#:key inputs #:allow-other-keys)
+            (let ((path (string-split (getenv "PATH") #\:))
+                  (bash-full (assoc-ref inputs "bash-for-tests")))
+              ;; Drop the test bash from PATH so that (which "sh") and
+              ;; similar does the right thing.
+              (setenv "PATH" (string-join
+                              (remove (cut string-prefix? bash-full <>) path)
+                              ":"))
+              #t)))
         (add-after 'configure 'patch-makefiles
           (lambda _
             (substitute* "Makefile"
-              (("/bin/sh") (which "sh"))
               (("/usr/bin/perl") (which "perl"))
               (("/usr/bin/python") (which "python")))
             #t))
@@ -274,6 +303,12 @@ as well as the classic centralized workflow.")
               (copy-file "contrib/completion/git-completion.bash"
                          (string-append completions "/git"))
               #t)))
+        (add-after 'install 'install-credential-netrc
+          (lambda* (#:key outputs #:allow-other-keys)
+            (let* ((netrc (assoc-ref outputs "credential-netrc")))
+              (install-file "contrib/credential/netrc/git-credential-netrc"
+                            (string-append netrc "/bin"))
+              #t)))
         (add-after 'install 'split
           (lambda* (#:key inputs outputs #:allow-other-keys)
             ;; Split the binaries to the various outputs.
@@ -416,7 +451,7 @@ everything from small to very large projects with speed and efficiency.")
              #t))
          ;; Run checks more verbosely.
          (replace 'check
-           (lambda _ (zero? (system* "./libgit2_clar" "-v" "-Q")))))))
+           (lambda _ (invoke "./libgit2_clar" "-v" "-Q"))))))
     (inputs
      `(("libssh2" ,libssh2)
        ("http-parser" ,http-parser)
@@ -459,12 +494,12 @@ write native speed custom Git applications in any language with bindings.")
          (delete 'configure)
          (replace 'build
            (lambda _
-             (zero? (system* "make"))))
+             (invoke "make")))
          (replace 'install
            (lambda* (#:key outputs #:allow-other-keys)
              (let ((out (assoc-ref outputs "out")))
-               (zero? (system* "make" "install"
-                               (string-append "PREFIX=" out)))))))))
+               (invoke "make" "install"
+                       (string-append "PREFIX=" out))))))))
     (home-page "https://www.agwa.name/projects/git-crypt")
     (synopsis "Transparent encryption of files in a git repository")
     (description "git-crypt enables transparent encryption and decryption of
@@ -544,9 +579,8 @@ collaboration using typical untrusted file hosts or services.")
          (add-after 'unpack 'unpack-git
            (lambda* (#:key inputs #:allow-other-keys)
              ;; Unpack the source of git into the 'git' directory.
-             (zero? (system*
-                     "tar" "--strip-components=1" "-C" "git" "-xf"
-                     (assoc-ref inputs "git:src")))))
+             (invoke "tar" "--strip-components=1" "-C" "git" "-xf"
+                     (assoc-ref inputs "git:src"))))
          (add-after 'unpack 'patch-absolute-file-names
            (lambda* (#:key inputs #:allow-other-keys)
              (define (quoted-file-name input path)
@@ -577,21 +611,20 @@ collaboration using typical untrusted file hosts or services.")
          (delete 'configure) ; no configure script
          (add-after 'build 'build-man
            (lambda* (#:key make-flags #:allow-other-keys)
-             (zero? (apply system* `("make" ,@make-flags "doc-man")))))
+             (apply invoke "make" "doc-man" make-flags)))
          (replace 'install
            (lambda* (#:key make-flags outputs #:allow-other-keys)
              (let ((out (assoc-ref outputs "out")))
-               (and (zero? (apply system*
-                                  `("make" ,@make-flags
-                                    ,(string-append "prefix=" out)
-                                    ,(string-append
-                                      "CGIT_SCRIPT_PATH=" out "/share/cgit")
-                                    "install" "install-man")))
-                    ;; Move the platform-dependent 'cgit.cgi' into lib
-                    ;; to get it stripped.
-                    (rename-file (string-append out "/share/cgit/cgit.cgi")
-                                 (string-append out "/lib/cgit/cgit.cgi"))
-                    #t))))
+               (apply invoke
+                      "make" "install" "install-man"
+                      (string-append "prefix=" out)
+                      (string-append "CGIT_SCRIPT_PATH=" out "/share/cgit")
+                      make-flags)
+               ;; Move the platform-dependent 'cgit.cgi' into lib to get it
+               ;; stripped.
+               (rename-file (string-append out "/share/cgit/cgit.cgi")
+                            (string-append out "/lib/cgit/cgit.cgi"))
+               #t)))
          (add-after 'install 'wrap-python-scripts
            (lambda* (#:key outputs #:allow-other-keys)
              (for-each
@@ -879,7 +912,7 @@ lot easier.")
              ;; two tests will fail -> disable them. TODO: fix the failing tests
              (delete-file "t/t3300-edit.sh")
              (delete-file "t/t7504-commit-msg-hook.sh")
-             (zero? (system* "make" "test")))))))
+             (invoke "make" "test"))))))
     (home-page "http://procode.org/stgit/")
     (synopsis "Stacked Git")
     (description
@@ -1432,7 +1465,8 @@ accessed and migrated on modern systems.")
                                      "libaegis/getpw_cache.cc")
                                    (find-files "test" "\\.sh"))
                            (("/bin/sh") (which "sh")))
-              (setenv "SH" (which "sh"))))
+              (setenv "SH" (which "sh"))
+              #t))
          (replace 'check
            (lambda _
              (let ((home (string-append (getcwd) "/my-new-home")))
@@ -1440,12 +1474,20 @@ accessed and migrated on modern systems.")
                (mkdir home)
                (setenv "HOME" home)
 
-               ;; This test assumes that  flex has been symlinked to "lex".
+               ;; This test assumes that flex has been symlinked to "lex".
                (substitute* "test/00/t0011a.sh"
                  (("type lex")  "type flex"))
 
+               ;; XXX Disable tests that fail, for unknown reasons, ‘for now’.
+               (for-each
+                (lambda (test) (substitute* "Makefile"
+                                 (((string-append "test/" test "\\.ES ")) "")))
+                (list "00/t0011a"
+                      "00/t0049a"
+                      "01/t0196a"))
+
                ;; The author decided to call the check rule "sure".
-               (zero? (system* "make" "sure"))))))))
+               (invoke "make" "sure")))))))
     (home-page "http://aegis.sourceforge.net")
     (synopsis "Project change supervisor")
     (description "Aegis is a project change supervisor, and performs some of
@@ -1862,9 +1904,10 @@ unique algebra of patches called @url{http://darcs.net/Theory,Patchtheory}.
          (add-after 'build 'add-properties
            (lambda* (#:key jar-name #:allow-other-keys)
              (with-directory-excursion "src"
-               (zero? (apply system* "jar" "-uf"
-                             (string-append "../build/jar/" jar-name)
-                             (find-files "." "\\.properties$")))))))))
+               (apply invoke "jar" "-uf"
+                      (string-append "../build/jar/" jar-name)
+                      (find-files "." "\\.properties$")))
+             #t)))))
     (inputs
      `(("java-classpathx-servletapi" ,java-classpathx-servletapi)
        ("java-javaewah" ,java-javaewah)
@@ -1911,7 +1954,7 @@ network protocols, and core version control algorithms.")
 (define-public gource
   (package
     (name "gource")
-    (version "0.48")
+    (version "0.49")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1919,7 +1962,7 @@ network protocols, and core version control algorithms.")
                     "/gource-" version "/gource-" version ".tar.gz"))
               (sha256
                (base32
-                "04qxcm05qiyr9rg2kv6abfy7kkzqr8ziw4iyp1d14lniv93m61dp"))))
+                "12hf5ipcsp9dxsqn84n4kr63xaiskrnf5a084wr29qk171lj7pd9"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
@@ -1999,7 +2042,7 @@ directory full of HOWTOs.")
 (define-public git-annex
   (package
     (name "git-annex")
-    (version "6.20170818")
+    (version "6.20180626")
     (source
      (origin
        (method url-fetch)
@@ -2007,7 +2050,7 @@ directory full of HOWTOs.")
                            "git-annex/git-annex-" version ".tar.gz"))
        (sha256
         (base32
-         "0ybxixbqvy4rx6mq9s02rh349rbr04hb17z4bfayin0qwa5kzpvx"))))
+         "0vq3x9p4h3m266pcm2r3m9p51pz5z9zskh7z5nk0adh33j30xf7q"))))
     (build-system haskell-build-system)
     (arguments
      `(#:configure-flags
@@ -2101,6 +2144,7 @@ directory full of HOWTOs.")
        ("ghc-split" ,ghc-split)
        ("ghc-stm" ,ghc-stm)
        ("ghc-stm-chans" ,ghc-stm-chans)
+       ("ghc-tagsoup" ,ghc-tagsoup)
        ("ghc-text" ,ghc-text)
        ("ghc-unix-compat" ,ghc-unix-compat)
        ("ghc-unordered-containers" ,ghc-unordered-containers)
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 51ca1c0ce5..2b8f3e18d2 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -25,6 +25,7 @@
 ;;; Copyright © 2018 Roel Janssen <roel@gnu.org>
 ;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2018 Pierre Neidhardt <ambrevar@gmail.com>
+;;; Copyright © 2018 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -44,6 +45,7 @@
 (define-module (gnu packages video)
   #:use-module (ice-9 match)
   #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-26)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix utils)
   #:use-module (guix packages)
@@ -122,6 +124,7 @@
   #:use-module (gnu packages texinfo)
   #:use-module (gnu packages textutils)
   #:use-module (gnu packages tls)
+  #:use-module (gnu packages time)
   #:use-module (gnu packages upnp)
   #:use-module (gnu packages version-control)
   #:use-module (gnu packages vulkan)
@@ -393,6 +396,7 @@ and creating Matroska files from other media files (@code{mkvmerge}).")
         (sha256
          (base32
           "0qx8mavwdzdpkkby7n29i9av7zsnklavacwfz537mf62q2pzjnbf"))
+        (patches (search-patches "x265-fix-ppc64le-build.patch"))
         (modules '((guix build utils)))
         (snippet '(begin
                     (delete-file-recursively "source/compat/getopt")
@@ -401,7 +405,9 @@ and creating Matroska files from other media files (@code{mkvmerge}).")
     (arguments
      `(#:tests? #f ; tests are skipped if cpu-optimized code isn't built
        ;; Currently the source code doesn't check for aarch64.
-       ,@(if (string-prefix? "aarch64" (or (%current-target-system) (%current-system)))
+       ,@(if (any (cute string-prefix? <> (or (%current-system)
+                                              (%current-target-system)))
+                  '("armhf" "aarch64"))
            '(#:configure-flags '("-DENABLE_PIC=TRUE"))
            '())
        #:phases
@@ -606,14 +612,14 @@ standards (MPEG-2, MPEG-4 ASP/H.263, MPEG-4 AVC/H.264, and VC-1/VMW3).")
 (define-public ffmpeg
   (package
     (name "ffmpeg")
-    (version "4.0")
+    (version "4.0.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://ffmpeg.org/releases/ffmpeg-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "0gx4ngnhi5glmxh38603qy5n6vq8bl1cr4sqd1xff95i82pmv57d"))))
+               "1vn04n0n46zdxq14cma3w8ml2ckh5jxwlybsc4xmvcqdqq0mqpv0"))))
     (build-system gnu-build-system)
     (inputs
      `(("fontconfig" ,fontconfig)
@@ -1035,8 +1041,7 @@ treaming protocols.")
                 (("#! /bin/sh") (string-append "#!" (which "sh"))))
               (setenv "SHELL" (which "bash"))
               (setenv "CONFIG_SHELL" (which "bash"))
-              (zero? (system*
-                      "./configure"
+              (invoke "./configure"
                       (string-append "--extra-cflags=-I"
                                      libx11 "/include") ; to detect libx11
                       "--disable-ffmpeg_a" ; disables bundled ffmpeg
@@ -1058,7 +1063,7 @@ treaming protocols.")
                                     (or (%current-target-system)
                                         (nix-system->gnu-triplet
                                          (%current-system)))))))
-                      "--disable-iwmmxt"))))))))
+                      "--disable-iwmmxt")))))))
     (home-page "https://www.mplayerhq.hu/design7/news.html")
     (synopsis "Audio and video player")
     (description "MPlayer is a movie player.  It plays most MPEG/VOB, AVI,
@@ -1218,7 +1223,7 @@ access to mpv's powerful playback capabilities.")
 (define-public youtube-dl
   (package
     (name "youtube-dl")
-    (version "2018.05.09")
+    (version "2018.06.19")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://yt-dl.org/downloads/"
@@ -1226,7 +1231,7 @@ access to mpv's powerful playback capabilities.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0sl4bi2jls3417rd62awbqdq1b6wskkjbfwpnyw4a61qarfxid1d"))))
+                "0ys2mc84r7mjpn7rykb57sn3ii1kp3divjdn2ivwqknj8jrzg3z6"))))
     (build-system python-build-system)
     (arguments
      ;; The problem here is that the directory for the man page and completion
@@ -1606,7 +1611,7 @@ device without having to bother about the decryption.")
     (synopsis "SubRip to WebVTT subtitle converter")
     (description "srt2vtt converts SubRip formatted subtitles to WebVTT format
 for use with HTML5 video.")
-    (home-page "http://dthompson.us/pages/software/srt2vtt")
+    (home-page "https://dthompson.us/projects/srt2vtt.html")
     (license license:gpl3+)))
 
 (define-public avidemux
@@ -1761,10 +1766,9 @@ capabilities.")
     (arguments
      '(#:phases
        (modify-phases %standard-phases
-         (add-after
-          'unpack 'autogen
-          (lambda _
-            (zero? (system* "sh" "autogen.sh")))))))
+         (add-after 'unpack 'autogen
+           (lambda _
+             (invoke "sh" "autogen.sh"))))))
     (home-page "http://www.vapoursynth.com/")
     (synopsis "Video processing framework")
     (description "VapourSynth is a C++ library and Python module for video
@@ -1811,34 +1815,41 @@ and custom quantization matrices.")
     (license license:gpl2+)))
 
 (define-public streamlink
-  (package
-    (name "streamlink")
-    (version "0.11.0")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (pypi-uri "streamlink" version))
-       (sha256
-        (base32
-         "02h8b3k8l5zz4vjm0nhxvl1pm924jms8y7sjl40fbybrzvsa4mg2"))))
-    (build-system python-build-system)
-    (home-page "https://github.com/streamlink/streamlink")
-    (native-inputs
-     `(("python-pytest" ,python-pytest)
-       ("python-mock" ,python-mock)
-       ("python-requests-mock" ,python-requests-mock)))
-    (propagated-inputs
-     `(("python-pysocks" ,python-pysocks)
-       ("python-websocket-client" ,python-websocket-client)
-       ("python-iso3166" ,python-iso3166)
-       ("python-iso639" ,python-iso639)
-       ("python-pycryptodome" ,python-pycryptodome)
-       ("python-requests" ,python-requests)
-       ("python-urllib3" ,python-urllib3)))
-    (synopsis "Extract streams from various services")
-    (description "Streamlink is command-line utility that extracts streams
+  ;; Release tarball doesn't contain ‘tests/resources/dash/’ directory.
+  (let ((commit "2dca7930a938f60b48d8e23260963ea7c49d979f"))
+    (package
+      (name "streamlink")
+      (version (git-version "0.13.0" "1" commit))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/streamlink/streamlink.git")
+               (commit commit)))
+         (file-name (git-file-name name version))
+         (sha256
+          (base32
+           "0vq19aspshim63aj8yl2p64ykrbk2mwwlawdx427b3j2djlc5qhw"))))
+      (build-system python-build-system)
+      (home-page "https://github.com/streamlink/streamlink")
+      (native-inputs
+       `(("python-freezegun" ,python-freezegun)
+         ("python-pytest" ,python-pytest)
+         ("python-mock" ,python-mock)
+         ("python-requests-mock" ,python-requests-mock)))
+      (propagated-inputs
+       `(("python-pysocks" ,python-pysocks)
+         ("python-websocket-client" ,python-websocket-client)
+         ("python-iso3166" ,python-iso3166)
+         ("python-iso639" ,python-iso639)
+         ("python-isodate", python-isodate)
+         ("python-pycryptodome" ,python-pycryptodome)
+         ("python-requests" ,python-requests)
+         ("python-urllib3" ,python-urllib3)))
+      (synopsis "Extract streams from various services")
+      (description "Streamlink is command-line utility that extracts streams
 from sites like Twitch.tv and pipes them into a video player of choice.")
-    (license license:bsd-2)))
+      (license license:bsd-2))))
 
 (define-public livestreamer
   (deprecated-package "livestreamer" streamlink))
@@ -1865,7 +1876,12 @@ from sites like Twitch.tv and pipes them into a video player of choice.")
            (add-before 'check 'check-setup
              (lambda _
                (setenv "HOME" (getcwd)) ;Needs to write to ‘$HOME’.
-               #t)))))
+               #t))
+           (add-after 'install 'install-rofi-plugin
+             (lambda* (#:key outputs #:allow-other-keys)
+               (install-file "plugins/rofi-twitchy"
+                             (string-append (assoc-ref outputs "out")
+                                            "/bin")))))))
       (inputs
        `(("python-requests" ,python-requests)
          ("streamlink" ,streamlink)))
@@ -2187,10 +2203,11 @@ Other features include a live preview and live streaming.")
                 "18yfkr70lr1x1hc8snn2ldnbzdcc7b64xmkqrfk8w59gpg7sl1xn"))))
     (build-system gnu-build-system)
     (arguments
-     `(#:phases (modify-phases %standard-phases
-                  (add-after 'unpack 'autogen.sh
-                    (lambda _
-                      (zero? (system* "sh" "autogen.sh")))))))
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'autogen.sh
+           (lambda _
+             (invoke "sh" "autogen.sh"))))))
     (native-inputs
      `(("autoconf" ,autoconf)
        ("automake" ,automake)))
@@ -2354,7 +2371,7 @@ supported players in addition to this package.")
              ;; Patch the Makefile so that it doesn't bootstrap again.
              (substitute* "gtk/module.rules"
                ((".*autogen\\.sh.*") ""))
-             (zero? (system* "sh" "./gtk/autogen.sh"))))
+             (invoke "sh" "./gtk/autogen.sh")))
          (add-before 'configure 'disable-contrib
            (lambda _
              (substitute* "make/include/main.defs"
@@ -2376,9 +2393,9 @@ supported players in addition to this package.")
              ;; errors on unrecognized arguments,
              ;; e.g. --enable-fast-install
              (let ((out (assoc-ref outputs "out")))
-               (zero? (apply system* "./configure"
-                             (string-append "--prefix=" out)
-                             (or configure-flags '()))))))
+               (apply invoke "./configure"
+                      (string-append "--prefix=" out)
+                      (or configure-flags '())))))
          (add-after 'configure 'chdir-build
            (lambda _ (chdir "./build") #t)))))
     (home-page "https://handbrake.fr")
@@ -2511,7 +2528,7 @@ practically any type of media.")
              #t))
          (add-after 'change-to-build-dir 'autogen
            (lambda _
-             (zero? (system* "sh" "autogen.sh")))))))
+             (invoke "sh" "autogen.sh"))))))
     (home-page "https://mediaarea.net/en/MediaInfo")
     (synopsis "Library for retrieving media metadata")
     (description "MediaInfo is a library used for retrieving technical
@@ -2570,7 +2587,7 @@ MPEG-2, MPEG-4, DVD (VOB)...
              #t))
          (add-after 'change-to-build-dir 'autogen
            (lambda _
-             (zero? (system* "sh" "autogen.sh")))))))
+             (invoke "sh" "autogen.sh"))))))
     (home-page "https://mediaarea.net/en/MediaInfo")
     (synopsis "Utility for reading media metadata")
     (description "MediaInfo is a utility used for retrieving technical
@@ -2612,8 +2629,8 @@ many codecs and formats supported by libmediainfo.")
                       #t))
                   (replace 'configure
                     (lambda _
-                      (zero? (system* "./genMakefiles"
-                                      "linux-with-shared-libraries")))))))
+                      (invoke "./genMakefiles"
+                              "linux-with-shared-libraries"))))))
     (home-page "http://www.live555.com/liveMedia/")
     (synopsis "Set of C++ libraries for multimedia streaming")
     (description "This code forms a set of C++ libraries for multimedia
@@ -2810,8 +2827,8 @@ alpha blending etc).")
        (modify-phases %standard-phases
          (add-after 'unpack 'autotools
            (lambda _
-             (zero? (system* "sh" "autogen.sh")))))))
-    ;; TODO: opencv for additional face detection filters
+             (invoke "sh" "autogen.sh"))))))
+    ;; TODO: opencv for additional face detection filters.
     (inputs
      `(("gavl" ,gavl)
        ("cairo" ,cairo)))
@@ -2958,3 +2975,27 @@ format and some of its derived file formats, including MP4.  It operates as a
 multiplexer and demultiplexer, and can mux video and audio in several formats
 using standalone executable files.")
     (license license:isc)))
+
+(define-public qtfaststart
+  (package
+    (name "qtfaststart")
+    (version "1.8")
+    (source (origin
+              (method url-fetch)
+              (uri (pypi-uri "qtfaststart" version))
+              (sha256
+               (base32
+                "0hcjfik8hhb1syqvyh5c6aillpvzal26nkjflcq1270z64aj6i5h"))))
+    (build-system python-build-system)
+    (arguments
+     '(#:tests? #f)) ; no test suite
+    (synopsis "Move QuickTime and MP4 metadata to the beginning of the file")
+    (description "qtfaststart enables streaming and pseudo-streaming of
+QuickTime and MP4 files by moving metadata and offset information to the
+beginning of the file.  It can also print some useful information about the
+structure of the file.  This program is based on qt-faststart.c from the FFmpeg
+project, which is released into the public domain, as well as ISO 14496-12:2005
+(the official spec for MP4), which can be obtained from the ISO or found
+online.")
+    (home-page "https://github.com/danielgtaylor/qtfaststart")
+    (license license:expat)))
diff --git a/gnu/packages/vim.scm b/gnu/packages/vim.scm
index 76240d85f1..c6906b12cf 100644
--- a/gnu/packages/vim.scm
+++ b/gnu/packages/vim.scm
@@ -450,59 +450,57 @@ trouble using them, because you do not have to remember each snippet name.")
       (home-page "https://github.com/Shougo/context_filetype.vim")
       (license license:expat)))) ; ??? check again
 
-;; The 2.2 release was in 2015, no new releases planned.
 (define-public vim-fugitive
-  (let ((commit "de6c05720cdf74c0218218d7207f700232a5b6dc")
-        (revision "1"))
-    (package
-      (name "vim-fugitive")
-      (version (string-append "2.2-" revision "." (string-take commit 7)))
-      (source
-        (origin
-          (method git-fetch)
-          (uri (git-reference
-                 (url "https://github.com/tpope/vim-fugitive.git")
-                 (commit commit)))
-          (file-name (string-append name "-" version "-checkout"))
-         (sha256
-          (base32
-           "0zg9vv7hirnx45vc2mwgg0xijmwwz55bssyd6cpdz71wbhrcpxxb"))))
-      (build-system gnu-build-system)
-      (arguments
-       '(#:tests? #f
-         #:phases
-         (modify-phases %standard-phases
-           (delete 'configure)
-           (delete 'build)
-           (replace 'install
-             (lambda* (#:key outputs #:allow-other-keys)
-               (let* ((out (assoc-ref outputs "out"))
-                      (vimfiles (string-append out "/share/vim/vimfiles"))
-                      (doc (string-append vimfiles "/doc"))
-                      (plugin (string-append vimfiles "/plugin")))
-                 (copy-recursively "doc" doc)
-                 (copy-recursively "plugin" plugin)
-                 #t))))))
-      (home-page "https://github.com/tpope/vim-fugitive")
-      (synopsis "Vim plugin to work with Git")
-      (description "Vim-fugitive is a wrapper for Vim that complements the
+  (package
+    (name "vim-fugitive")
+    (version "2.3")
+    (source
+      (origin
+        (method git-fetch)
+        (uri (git-reference
+               (url "https://github.com/tpope/vim-fugitive.git")
+               (commit (string-append "v" version))))
+        (file-name (git-file-name name version))
+        (sha256
+         (base32
+          "17s94a8g5z0lrs7yy4nyqyvp9ykys5ws2ar3m3c0bjsn0iazd7m3"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:tests? #f
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (delete 'build)
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (vimfiles (string-append out "/share/vim/vimfiles"))
+                    (doc (string-append vimfiles "/doc"))
+                    (plugin (string-append vimfiles "/plugin")))
+               (copy-recursively "doc" doc)
+               (copy-recursively "plugin" plugin)
+               #t))))))
+    (home-page "https://github.com/tpope/vim-fugitive")
+    (synopsis "Vim plugin to work with Git")
+    (description "Vim-fugitive is a wrapper for Vim that complements the
 command window, where you can stage and review your changes before the next
 commit or run any Git arbitrary command.")
-      (license license:vim)))) ; distributed under the same license as vim
+    (license license:vim))) ; distributed under the same license as vim
 
 (define-public vim-airline
   (package
     (name "vim-airline")
-    (version "0.8")
+    (version "0.9")
     (source
      (origin
-       (method url-fetch)
-       (uri (string-append "https://github.com/vim-airline/vim-airline/"
-                           "archive/v" version ".tar.gz"))
-       (file-name (string-append name "-" version ".tar.gz"))
+       (method git-fetch)
+       (uri (git-reference
+              (url "https://github.com/vim-airline/vim-airline")
+              (commit (string-append "v" version))))
+       (file-name (git-file-name name version))
        (sha256
         (base32
-         "053sfq3jmgdc5y7zbg6jrk7r2hp0raj3y3mxa2h1c1bnkb6wvcaz"))))
+         "0hq3304rhakx7x1v7wll7gxinmfz6561bq97qpj8jrk19rhcab75"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f
@@ -575,16 +573,17 @@ and powerline symbols, etc.")
 (define-public vim-syntastic
   (package
     (name "vim-syntastic")
-    (version "3.8.0")
+    (version "3.9.0")
     (source
      (origin
-       (method url-fetch)
-       (uri (string-append "https://github.com/vim-syntastic/syntastic/archive/"
-                           version ".tar.gz"))
-       (file-name (string-append name "-" version ".tar.gz"))
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/vim-syntastic/syntastic")
+             (commit version)))
+       (file-name (git-file-name name version))
        (sha256
         (base32
-         "0wsnd9bsp5x6yiw96h1bnd1vyxdkh130hb82kyyxydgsplx92ima"))))
+         "121a1mxgfng2y5zmivyyk02mca8pyw72crivf4f1q9nhn0barf57"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index 05d2ab0b87..ebc57dc369 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -45,13 +45,16 @@
   #:use-module (gnu packages gl)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnome)
+  #:use-module (gnu packages gnupg)
   #:use-module (gnu packages golang)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages image)
   #:use-module (gnu packages libusb)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages ncurses)
+  #:use-module (gnu packages nettle)
   #:use-module (gnu packages networking)
+  #:use-module (gnu packages package-management)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages polkit)
@@ -63,6 +66,7 @@
   #:use-module (gnu packages sdl)
   #:use-module (gnu packages spice)
   #:use-module (gnu packages texinfo)
+  #:use-module (gnu packages textutils)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages web)
   #:use-module (gnu packages xdisorg)
@@ -71,6 +75,7 @@
   #:use-module (guix build-system go)
   #:use-module (guix build-system python)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module ((guix licenses) #:select (gpl2 gpl2+ gpl3+ lgpl2.1 lgpl2.1+
                                                asl2.0))
   #:use-module (guix packages)
@@ -95,6 +100,7 @@
              (method url-fetch)
              (uri (string-append "https://download.qemu.org/qemu-"
                                  version ".tar.xz"))
+             (patches (search-patches "qemu-CVE-2018-11806.patch"))
              (sha256
               (base32
                "1z66spkm1prvhbq7h5mfnp0i6mmamsb938fqmdfvyrgzc7rh34z6"))))
@@ -124,28 +130,27 @@
 
                ;; The binaries need to be linked against -lrt.
                (setenv "LDFLAGS" "-lrt")
-               (zero?
-                (apply system*
-                       `("./configure"
-                         ,(string-append "--cc=" (which "gcc"))
-                         ;; Some architectures insist on using HOST_CC
-                         ,(string-append "--host-cc=" (which "gcc"))
-                         "--disable-debug-info" ; save build space
-                         "--enable-virtfs"      ; just to be sure
-                         ,(string-append "--prefix=" out)
-                         ,(string-append "--sysconfdir=/etc")
-                         ,@configure-flags))))))
+               (apply invoke
+                      `("./configure"
+                        ,(string-append "--cc=" (which "gcc"))
+                        ;; Some architectures insist on using HOST_CC
+                        ,(string-append "--host-cc=" (which "gcc"))
+                        "--disable-debug-info" ; save build space
+                        "--enable-virtfs"      ; just to be sure
+                        ,(string-append "--prefix=" out)
+                        ,(string-append "--sysconfdir=/etc")
+                        ,@configure-flags)))))
          (add-after 'install 'install-info
            (lambda* (#:key inputs outputs #:allow-other-keys)
              ;; Install the Info manual, unless Texinfo is missing.
-             (or (not (assoc-ref inputs "texinfo"))
-                 (let ((out (assoc-ref outputs "out")))
-                   (and (zero? (system* "make" "info"))
-                        (let ((infodir (string-append out "/share/info")))
-                          (for-each (lambda (info)
-                                      (install-file info infodir))
-                                    (find-files "." "\\.info"))
-                          #t))))))
+             (when (assoc-ref inputs "texinfo")
+               (let* ((out  (assoc-ref outputs "out"))
+                      (dir (string-append out "/share/info")))
+                 (invoke "make" "info")
+                 (for-each (lambda (info)
+                             (install-file info dir))
+                           (find-files "." "\\.info"))))
+             #t))
          ;; Create a wrapper for Samba. This allows QEMU to use Samba without
          ;; pulling it in as an input. Note that you need to explicitly install
          ;; Samba in your Guix profile for Samba support.
@@ -337,7 +342,7 @@ all common programming languages.  Vala bindings are also provided.")
 (define-public lxc
   (package
     (name "lxc")
-    (version "2.1.1")
+    (version "3.0.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -345,7 +350,7 @@ all common programming languages.  Vala bindings are also provided.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "1xpghrinxhm2072fwmn42pxhjwh7qx6cbsipw4s6g38a8mkklrk8"))))
+                "1nyml98k28sc5sda0260cmby4irkpnhpwgmx4yhqy10wpr4nr625"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -364,14 +369,13 @@ all common programming languages.  Vala bindings are also provided.")
            (lambda* (#:key outputs #:allow-other-keys)
              (let* ((out         (assoc-ref outputs "out"))
                     (bashcompdir (string-append out "/etc/bash_completion.d")))
-               (zero? (system*
-                       "make" "install"
+               (invoke "make" "install"
                        (string-append "bashcompdir=" bashcompdir)
                        ;; Don't install files into /var and /etc.
                        "LXCPATH=/tmp/var/lib/lxc"
                        "localstatedir=/tmp/var"
                        "sysconfdir=/tmp/etc"
-                       "sysconfigdir=/tmp/etc/default"))))))))
+                       "sysconfigdir=/tmp/etc/default")))))))
     (synopsis "Linux container tools")
     (home-page "https://linuxcontainers.org/")
     (description
@@ -766,7 +770,7 @@ Machine Protocol.")
 (define-public lookingglass
   (package
    (name "lookingglass")
-   (version "a10")
+   (version "a11")
    (source
     (origin
      (method url-fetch)
@@ -775,7 +779,7 @@ Machine Protocol.")
      (file-name (string-append name "-" version))
      (sha256
       (base32
-       "0zlxg9ibzr0a598wr5nl1pb4l7mzsqn8ip72v4frph0vwsm5il6c"))))
+       "11qwyp332l66sqksqa0z9439yi4accmbq7wjc6kikc5fimdh9wk5"))))
    (build-system gnu-build-system)
    (inputs `(("fontconfig" ,fontconfig)
              ("glu" ,glu)
@@ -784,9 +788,12 @@ Machine Protocol.")
              ("sdl2" ,sdl2)
              ("sdl2-ttf" ,sdl2-ttf)
              ("spice-protocol" ,spice-protocol)))
-   (native-inputs `(("pkg-config" ,pkg-config)))
+   (native-inputs `(("libconfig" ,libconfig)
+                    ("nettle" ,nettle)
+                    ("pkg-config" ,pkg-config)))
    (arguments
     `(#:tests? #f ;; No tests are available.
+      #:make-flags '("CC=gcc")
       #:phases (modify-phases %standard-phases
                  (replace 'configure
                    (lambda* (#:key outputs #:allow-other-keys)
@@ -864,3 +871,110 @@ packaged according to the
 Container Initiative (OCI) format} and is a compliant implementation of the
 Open Container Initiative specification.")
     (license asl2.0)))
+
+(define-public umoci
+  (package
+    (name "umoci")
+    (version "0.4.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/openSUSE/umoci/releases/download/v"
+                    version "/umoci.tar.xz"))
+              (file-name (string-append "umoci-" version ".tar.xz"))
+              (sha256
+               (base32
+                "0hg7hs4dagj2fgymm4b4s68k1v2k2093s3jg0d94j0ixhfmyg9nd"))))
+    (build-system go-build-system)
+    (arguments
+     '(#:import-path "github.com/openSUSE/umoci"
+       #:install-source? #f
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'unpack
+           (lambda* (#:key source import-path #:allow-other-keys)
+             ;; Unpack the tarball into 'umoci' instead of "runc-${version}".
+             (let ((dest (string-append "src/" import-path)))
+               (mkdir-p dest)
+               (invoke "tar" "-C" (string-append "src/" import-path)
+                       "--strip-components=1"
+                       "-xvf" source))))
+         (replace 'build
+           (lambda* (#:key import-path #:allow-other-keys)
+             (chdir (string-append "src/" import-path))
+             ;; TODO: build manpages with 'go-md2man'.
+             (invoke "make" "SHELL=bash")))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bindir (string-append out "/bin")))
+               (install-file "umoci" bindir)
+               #t))))))
+    (home-page "https://umo.ci/")
+    (synopsis "Tool for modifying Open Container images")
+    (description
+     "@command{umoci} is a tool that allows for high-level modification of an
+Open Container Initiative (OCI) image layout and its tagged images.")
+    (license asl2.0)))
+
+(define-public skopeo
+  (package
+    (name "skopeo")
+    (version "0.1.28")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/projectatomic/skopeo")
+                    (commit (string-append "v" version))))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "068nwrr3nr27alravcq1sxyhdd5jjr24213vdgn1dqva3885gbi0"))))
+    (build-system go-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("btrfs-progs" ,btrfs-progs)
+       ("eudev" ,eudev)
+       ("libassuan" ,libassuan)
+       ("libselinux" ,libselinux)
+       ("libostree" ,libostree)
+       ("lvm2" ,lvm2)
+       ("glib" ,glib)
+       ("gpgme" ,gpgme)))
+    (arguments
+     '(#:import-path "github.com/projectatomic/skopeo"
+       #:install-source? #f
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'build
+           (lambda* (#:key import-path #:allow-other-keys)
+             (chdir (string-append "src/" import-path))
+             ;; TODO: build manpages with 'go-md2man'.
+             (invoke "make" "binary-local")))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (invoke "make" "install-binary" "install-completions"
+                       (string-append "PREFIX=" out))))))))
+    (home-page "https://github.com/projectatomic/skopeo")
+    (synopsis "Interact with container images and container image registries")
+    (description
+     "@command{skopeo} is a command line utility providing various operations
+with container images and container image registries.  It can:
+@enumerate
+
+@item Copy container images between various containers image stores,
+converting them as necessary.
+
+@item Convert a Docker schema 2 or schema 1 container image to an OCI image.
+
+@item Inspect a repository on a container registry without needlessly pulling
+the image.
+
+@item Sign and verify container images.
+
+@item Delete container images from a remote container registry.
+
+@end enumerate")
+    (license asl2.0)))
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index fb06196ec4..85bbe7e9c6 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -122,10 +122,10 @@ Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
    (home-page "http://www.unix-ag.uni-kl.de/~massar/vpnc/")))
 
 (define-public vpnc-scripts
-  (let ((commit "6f87b0fe7b20d802a0747cc310217920047d58d3"))
+  (let ((commit "07c3518dd6b8dc424e9c3650a62bed994a4dcbe1"))
     (package
       (name "vpnc-scripts")
-      (version (string-append "20161214." (string-take commit 7)))
+      (version (string-append "20180226." (string-take commit 7)))
       (source (origin
                 (method git-fetch)
                 (uri
@@ -135,7 +135,7 @@ Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
                 (file-name (git-file-name name version))
                 (sha256
                  (base32
-                  "0pa36w4wlyyvfb66cayhans99wsr2j5si2fvfr7ldfm512ajwn8h"))))
+                  "02d29nrmnj6kfa889cavqn1pkn9ssb5gyp4lz1v47spwx7abpdi7"))))
       (build-system gnu-build-system)
       (inputs `(("coreutils" ,coreutils)
                 ("grep" ,grep)
@@ -161,7 +161,7 @@ Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
            (delete 'configure)          ; no configure script
            (replace 'build
              (lambda _
-               (zero? (system* "gcc" "-o" "netunshare" "netunshare.c"))))
+               (invoke "gcc" "-o" "netunshare" "netunshare.c")))
            (replace 'install
              ;; There is no Makefile; manually install the relevant files.
              (lambda* (#:key outputs #:allow-other-keys)
@@ -193,7 +193,8 @@ Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
                                     "sed"
                                     "which")))))
                   (find-files (string-append out "/etc/vpnc/vpnc-script")
-                              "^vpnc-script"))))))
+                              "^vpnc-script"))
+                 #t))))
          #:tests? #f))                  ; no tests
       (home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git")
       (synopsis "Network configuration scripts for Cisco VPN clients")
diff --git a/gnu/packages/vulkan.scm b/gnu/packages/vulkan.scm
index 62c5d500ff..c83bfdd0c9 100644
--- a/gnu/packages/vulkan.scm
+++ b/gnu/packages/vulkan.scm
@@ -24,21 +24,26 @@
   #:use-module (guix download)
   #:use-module (guix git-download)
   #:use-module (guix build-system cmake)
+  #:use-module (guix build-system gnu)
   #:use-module (guix build-system meson)
   #:use-module (gnu packages)
+  #:use-module (gnu packages autotools)
   #:use-module (gnu packages bison)
+  #:use-module (gnu packages check)
   #:use-module (gnu packages cmake)
   #:use-module (gnu packages freedesktop)
+  #:use-module (gnu packages gettext)
   #:use-module (gnu packages gl)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
+  #:use-module (gnu packages wine)
   #:use-module (gnu packages xorg))
 
 (define-public spirv-headers
   ;; Keep updated in accordance with
   ;; https://github.com/google/shaderc/blob/known-good/known_good.json
-  (let ((commit "061097878467b8e040fbf153a837d844ef9f9f96")
-        (revision "2"))
+  (let ((commit "3ce3e49d73b8abbf2ffe33f829f941fb2a40f552")
+        (revision "3"))
     (package
       (name "spirv-headers")
       (version (string-append "0.0-" revision "." (string-take commit 9)))
@@ -50,7 +55,7 @@
                (commit commit)))
          (sha256
           (base32
-           "0bf9h6xc5fkncxnadwmqvpsjh7sdgns6is8prv1gvlfzrkvpjj17"))
+           "0yk4bzqifdqpmdxkhvrxbdqhf5ngkga0ig1yyz7khr7rklqfz7wp"))
          (file-name (string-append name "-" version "-checkout"))))
       (build-system cmake-build-system)
       (arguments
@@ -58,10 +63,10 @@
          #:phases (modify-phases %standard-phases
                     (replace 'install
                       (lambda* (#:key outputs #:allow-other-keys)
-                        (zero? (system* "cmake" "-E" "copy_directory"
+                        (invoke "cmake" "-E" "copy_directory"
                                         "../source/include/spirv"
                                         (string-append (assoc-ref outputs "out")
-                                                       "/include/spirv"))))))))
+                                                       "/include/spirv")))))))
       (home-page "https://github.com/KhronosGroup/SPIRV-Headers")
       (synopsis "Machine-readable files from the SPIR-V Registry")
       (description
@@ -80,8 +85,8 @@ and for the GLSL.std.450 extended instruction set.
 (define-public spirv-tools
   ;; Keep updated in accordance with
   ;; https://github.com/google/shaderc/blob/known-good/known_good.json
-  (let ((commit "90862fe4b1c6763b32ce683d2d32c2f281f577cf")
-        (revision "1"))
+  (let ((commit "fe2fbee294a8ad4434f828a8b4d99eafe9aac88c")
+        (revision "2"))
     (package
      (name "spirv-tools")
      (version (string-append "0.0-" revision "." (string-take commit 9)))
@@ -93,14 +98,12 @@ and for the GLSL.std.450 extended instruction set.
              (commit commit)))
        (sha256
         (base32
-         "1yq8ab6f52wcxm2azzmx70nqz8l35izd45830aikjkk1jfzmzabb"))
+         "03rq4ypwqnz34n8ip85n95a3b9rxb34j26azzm3b3invaqchv19x"))
        (file-name (string-append name "-" version "-checkout"))))
      (build-system cmake-build-system)
      (arguments
-      `(#:configure-flags (list (string-append "-DCMAKE_INSTALL_LIBDIR="
-                                               (assoc-ref %outputs "out")
-                                               "/lib")
-                                (string-append "-DSPIRV-Headers_SOURCE_DIR="
+      `(#:tests? #f ; FIXME: Tests fail.
+        #:configure-flags (list (string-append "-DSPIRV-Headers_SOURCE_DIR="
                                                (assoc-ref %build-inputs
                                                           "spirv-headers")))))
      (inputs `(("spirv-headers" ,spirv-headers)))
@@ -117,8 +120,8 @@ disassembler, validator, and optimizer for SPIR-V.")
 (define-public glslang
   ;; Keep updated in accordance with
   ;; https://github.com/google/shaderc/blob/known-good/known_good.json
-  (let ((commit "b5b08462442239e6537315ea1405b6afcd53043e")
-        (revision "2"))
+  (let ((commit "32d3ec319909fcad0b2b308fe1635198773e8316")
+        (revision "3"))
     (package
       (name "glslang")
       (version (string-append "3.0-" revision "." (string-take commit 9)))
@@ -130,7 +133,7 @@ disassembler, validator, and optimizer for SPIR-V.")
                (commit commit)))
          (sha256
           (base32
-           "08imby3hciisshzacrkx8s56lx4fxm7dad06xxaxxcapinmqrvwk"))
+           "1kmgjv5kbrjy6azpgwnjcn3cj8vg5i8hnyk3m969sc0gq2j1rbjj"))
          (file-name (string-append name "-" version "-checkout"))))
       (build-system cmake-build-system)
       (arguments
@@ -209,9 +212,12 @@ and the ICD.")
                    (license:x11-style "file://COPYRIGHT.txt")
                    license:bsd-3))))
 
+(define-public vulkan-icd-loader
+  (deprecated-package "vulkan-icd-loader" vulkan-loader))
+
 (define-public shaderc
-  (let ((commit "773ec22d49f40b7161820f29d953be4a7e40190d")
-        (revision "1"))
+  (let ((commit "be8e0879750303a1de09385465d6b20ecb8b380d")
+        (revision "2"))
     (package
       (name "shaderc")
       (version (git-version "0.0.0" revision commit))
@@ -224,10 +230,10 @@ and the ICD.")
          (file-name (string-append name "-" version ".tar.gz"))
          (sha256
           (base32
-           "0b41inb1czxv3mciip0lfdxv19ccx2ys31fivfywjn2q8va1gd1f"))))
+           "16p25ry2i4zrj00zihfpf210f8xd7g398ffbw25igvi9mbn4nbfd"))))
       (build-system meson-build-system)
       (arguments
-       `(#:tests? #f                    ; tests don't work yet.
+       `(#:tests? #f ; FIXME: Tests fail.
          #:phases
          (modify-phases %standard-phases
            (replace 'configure
@@ -266,7 +272,8 @@ and the ICD.")
                  (copy-recursively glslang-source "third_party/glslang")
                  #t))))))
       (inputs
-       `(("python" ,python)))
+       `(("googletest" ,googletest)
+         ("python" ,python)))
       (native-inputs
        `(("cmake" ,cmake)
          ("glslang-source" ,(package-source glslang))
@@ -278,3 +285,43 @@ and the ICD.")
       (description "Shaderc is a collection of tools, libraries, and tests for
 shader compilation.")
       (license license:asl2.0))))
+
+(define-public vkd3d
+  (let ((commit "020c119e2da0786d8be0615cff961c190b00d62d") ; Release 1.0.
+        (revision "0"))
+    (package
+     (name "vkd3d")
+     (version "1.0")
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://source.winehq.org/git/vkd3d.git")
+             (commit commit)))
+       (sha256
+        (base32
+         "084svxhigs8r0725jv6gs7wwrxb9x4igyg5bgvgpcfw4aq0k69gn"))
+       (file-name (string-append name "-" version "-checkout"))))
+     (build-system gnu-build-system)
+     (arguments
+      `(#:configure-flags '("--with-spirv-tools")))
+     (native-inputs
+      `(("autoconf" ,autoconf)
+        ("automake" ,automake)
+        ("gettext" ,gnu-gettext)
+        ("libtool" ,libtool)
+        ("pkg-config" ,pkg-config)))
+     (inputs
+      `(("libx11" ,libx11)
+        ("libxcb" ,libxcb)
+        ("spirv-headers" ,spirv-headers)
+        ("spirv-tools" ,spirv-tools)
+        ("vulkan-loader" ,vulkan-loader)
+        ("wine" ,wine) ; Needed for 'widl'.
+        ("xcb-util" ,xcb-util)
+        ("xcb-util-keysyms" ,xcb-util-keysyms)
+        ("xcb-util-wm" ,xcb-util-wm)))
+     (home-page "https://source.winehq.org/git/vkd3d.git/")
+     (synopsis "Direct3D 12 to Vulkan translation library")
+     (description "vkd3d is a library for translating Direct3D 12 to Vulkan.")
+     (license license:lgpl2.1))))
diff --git a/gnu/packages/w3m.scm b/gnu/packages/w3m.scm
index 4e3264a47e..a8761ec602 100644
--- a/gnu/packages/w3m.scm
+++ b/gnu/packages/w3m.scm
@@ -42,10 +42,9 @@
     (version "0.5.3+git20180125")
     (source (origin
               (method git-fetch)
-              ;; Debian's fork of w3m is the only one that is still
-              ;; maintained.
+              ;; Debian's fork of w3m is the only one that is still maintained.
               (uri (git-reference
-                    (url "https://anonscm.debian.org/cgit/collab-maint/w3m.git")
+                    (url "https://salsa.debian.org/debian/w3m.git")
                     (commit (string-append "v" version))))
               (file-name (git-file-name name version))
               (sha256
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index fcfc9b0b90..5b22b895c6 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -26,6 +26,7 @@
 ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
 ;;; Copyright © 2018 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2018 Pierre-Antoine Rouby <pierre-antoine.rouby@inria.fr>
+;;; Copyright © 2018 Gábor Boskovits <boskovits@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -61,6 +62,7 @@
   #:use-module (guix build-system ant)
   #:use-module (guix build-system scons)
   #:use-module (gnu packages)
+  #:use-module (gnu packages admin)
   #:use-module (gnu packages adns)
   #:use-module (gnu packages apr)
   #:use-module (gnu packages check)
@@ -93,6 +95,7 @@
   #:use-module (gnu packages libevent)
   #:use-module (gnu packages libidn)
   #:use-module (gnu packages libunistring)
+  #:use-module (gnu packages linux)
   #:use-module (gnu packages lisp)
   #:use-module (gnu packages lua)
   #:use-module (gnu packages markup)
@@ -1025,17 +1028,16 @@ hash/signatures.")
 (define-public libyaml
   (package
     (name "libyaml")
-    (version "0.1.6")
+    (version "0.1.7")
     (source
      (origin
        (method url-fetch)
        (uri (string-append
              "http://pyyaml.org/download/libyaml/yaml-"
              version ".tar.gz"))
-       (patches (search-patches "libyaml-CVE-2014-9130.patch"))
        (sha256
         (base32
-         "0j9731s5zjb8mjx7wzf6vh7bsqi38ay564x6s9nri2nh9cdrg9kx"))))
+         "0a87931cx5m14a1x8rbjix3nz7agrcgndf4h392vm62a4rby9240"))))
     (build-system gnu-build-system)
     (home-page "http://pyyaml.org/wiki/LibYAML")
     (synopsis "YAML 1.1 parser and emitter written in C")
@@ -1846,31 +1848,27 @@ MIME type directly to the browser, without being processed through Catalyst.")
 (define-public perl-catalyst-runtime
   (package
     (name "perl-catalyst-runtime")
-    (version "5.90115")
+    (version "5.90118")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/J/JJ/JJNAPIORK/"
+       (uri (string-append "mirror://cpan/authors/id/H/HA/HAARG/"
                            "Catalyst-Runtime-" version ".tar.gz"))
        (sha256
         (base32
-         "0kh3ng6pjpxmndq9vrn515f70x7h44ish5bsgjwj4pjvchcyivzm"))))
+         "0cws3szx3vvh0372qdx8fypgv6qphcc3v81rbq30sl1ghby7ksd3"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-module-install" ,perl-module-install)
-       ("perl-test-fatal" ,perl-test-fatal)))
+     `(("perl-test-fatal" ,perl-test-fatal)))
     (propagated-inputs
      `(("perl-cgi-simple" ,perl-cgi-simple)
        ("perl-cgi-struct" ,perl-cgi-struct)
        ("perl-class-c3-adopt-next" ,perl-class-c3-adopt-next)
-       ("perl-class-data-inheritable" ,perl-class-data-inheritable)
        ("perl-class-date" ,perl-class-date)
        ("perl-class-load" ,perl-class-load)
        ("perl-data-dump" ,perl-data-dump)
        ("perl-http-body" ,perl-http-body)
        ("perl-http-message" ,perl-http-message)
-       ("perl-http-request-ascgi" ,perl-http-request-ascgi)
-       ("perl-io-stringy" ,perl-io-stringy)
        ("perl-json-maybexs" ,perl-json-maybexs)
        ("perl-libwww" ,perl-libwww)
        ("perl-module-pluggable" ,perl-module-pluggable)
@@ -1879,8 +1877,6 @@ MIME type directly to the browser, without being processed through Catalyst.")
         ,perl-moosex-emulate-class-accessor-fast)
        ("perl-moosex-getopt" ,perl-moosex-getopt)
        ("perl-moosex-methodattributes" ,perl-moosex-methodattributes)
-       ("perl-moosex-role-withoverloading" ,perl-moosex-role-withoverloading)
-       ("perl-namespace-autoclean" ,perl-namespace-autoclean)
        ("perl-namespace-clean" ,perl-namespace-clean)
        ("perl-path-class" ,perl-path-class)
        ("perl-plack" ,perl-plack)
@@ -2080,7 +2076,7 @@ application classes.")
 (define-public perl-catalystx-script-server-starman
   (package
     (name "perl-catalystx-script-server-starman")
-    (version "0.02")
+    (version "0.03")
     (source
      (origin
        (method url-fetch)
@@ -2089,7 +2085,7 @@ application classes.")
                            version ".tar.gz"))
        (sha256
         (base32
-         "0h02mpkc4cmi3jpvcd7iw7xyzx55bqvvl1qkf967gqkvpklm0qx5"))))
+         "08jvibq4v8xjj0c3cr93h0w8w0c88ajwjn37xjy7ygxl9krlffp6"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-module-install" ,perl-module-install)
@@ -2108,7 +2104,7 @@ development server with Starman.")
 (define-public perl-cgi
   (package
     (name "perl-cgi")
-    (version "4.35")
+    (version "4.38")
     (source
      (origin
        (method url-fetch)
@@ -2116,7 +2112,7 @@ development server with Starman.")
                            "CGI-" version ".tar.gz"))
        (sha256
         (base32
-         "07gwnlc7vq58fjwmfsrv0hfyirqqdrpjhf89caq34rjrkz2wsd0b"))))
+         "1m779315rzj4mpgscw209a2wk18iwg2n8zibn8aak4mv56jz8n4c"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-test-deep" ,perl-test-deep)
@@ -2133,6 +2129,30 @@ string generation and manipulation, and processing and preparing HTTP
 headers.")
     (license l:perl-license)))
 
+(define-public perl-cgi-formbuilder
+  (package
+    (name "perl-cgi-formbuilder")
+    (version "3.10")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://cpan.metacpan.org/authors/id/B/BI/BIGPRESH/"
+             "CGI-FormBuilder-" version ".tar.gz"))
+       (sha256
+        (base32
+         "163ixq9kninqq094z2rnkg9pv3bcmvjphlww4vksfrzhq3h9pjdf"))))
+    (build-system perl-build-system)
+    (inputs `(("perl-cgi" ,perl-cgi)))
+    (home-page
+     "https://metacpan.org/release/CGI-FormBuilder")
+    (synopsis
+     "Generate and process stateful forms")
+    (description
+     "@code{CGI::FormBuilder} provides an easy way to generate and process CGI
+form-based applications.")
+    (license l:perl-license)))
+
 (define-public perl-cgi-session
   (package
     (name "perl-cgi-session")
@@ -2163,19 +2183,21 @@ HTTP requests.")
 (define-public perl-cgi-simple
   (package
     (name "perl-cgi-simple")
-    (version "1.115")
+    (version "1.15")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/S/SZ/SZABGAB/"
+       (uri (string-append "mirror://cpan/authors/id/M/MA/MANWAR/"
                            "CGI-Simple-" version ".tar.gz"))
        (sha256
         (base32
-         "1nkyb1m1g5r47xykflf68dplanih5p15njv82frbgbsms34kp1sg"))))
+         "013dcy9k4sj9alkksk5aqz65ryxw0rxgg71c7w666y941gd8n46q"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-module-build" ,perl-module-build)
-       ("perl-io-stringy" ,perl-io-stringy))) ;for IO::Scalar
+     `(("perl-io-stringy" ,perl-io-stringy) ; for IO::Scalar
+       ("perl-module-build" ,perl-module-build)
+       ("perl-test-exception" ,perl-test-exception)
+       ("perl-test-nowarnings" ,perl-test-nowarnings)))
     (home-page "http://search.cpan.org/dist/CGI-Simple")
     (synopsis "CGI interface that is CGI.pm compliant")
     (description "CGI::Simple provides a relatively lightweight drop in
@@ -3066,16 +3088,19 @@ exists it is used instead.")
 (define-public perl-lwp-protocol-https
   (package
     (name "perl-lwp-protocol-https")
-    (version "6.06")
+    (version "6.07")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/M/MS/MSCHILLI/"
+       (uri (string-append "mirror://cpan/authors/id/O/OA/OALDERS/"
                            "LWP-Protocol-https-" version ".tar.gz"))
        (sha256
         (base32
-         "1vxdjqj4bwq56m9h1bqqwkk3c6jr76f2zqzvwa26yjng3p686v5q"))))
+         "1rxrpwylfw1afah0nk96kgkwjbl2p1a7lwx50iipg8c4rx3cjb2j"))))
     (build-system perl-build-system)
+    (native-inputs
+     ;; For tests.
+     `(("perl-test-requiresinternet" ,perl-test-requiresinternet)))
     (propagated-inputs
      `(("perl-io-socket-ssl" ,perl-io-socket-ssl)
        ("perl-libwww" ,perl-libwww)
@@ -3157,15 +3182,15 @@ and retry a few times.")
 (define-public perl-net-http
   (package
     (name "perl-net-http")
-    (version "6.07")
+    (version "6.18")
     (source (origin
              (method url-fetch)
              (uri (string-append
-                   "mirror://cpan/authors/id/M/MS/MSCHILLI/Net-HTTP-"
-                   version ".tar.gz"))
+                   "mirror://cpan/authors/id/O/OA/OALDERS/"
+                   "Net-HTTP-" version ".tar.gz"))
              (sha256
               (base32
-               "0r034hhci0yqbrkrh1gv6vi5g3i0kpd1k84z62nk02asb8rf0ccz"))))
+               "074mp9s37q1j290xa3qj1wwgalzla328i2zpnh73xkmdnwnxyhky"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-io-socket-ssl" ,perl-io-socket-ssl)
@@ -3776,13 +3801,13 @@ CDF, Atom 0.3, and Atom 1.0 feeds.")
 (define-public r-httpuv
   (package
     (name "r-httpuv")
-    (version "1.4.3")
+    (version "1.4.4.1")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "httpuv" version))
               (sha256
                (base32
-                "15ghxcyg9h0za3qy077fnn3izbpihskvaqwsppm2s43a771imsf6"))))
+                "12kwq10xa8glrip7rai9xb4hnpysng00g2l0rw7swfzq5lk4z966"))))
     (build-system r-build-system)
     (native-inputs `(("r-rcpp" ,r-rcpp)))
     (propagated-inputs
@@ -4000,14 +4025,14 @@ objects in HTML format.")
 (define-public r-rjson
   (package
     (name "r-rjson")
-    (version "0.2.19")
+    (version "0.2.20")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "rjson" version))
        (sha256
         (base32
-         "1g29vp3gfbh73a5br68jydsrigia4vnr5avc84avgwl6353749jw"))))
+         "0v1zvdd3svnavklh7y5xbwrrkbvx6053r4c5hgnk7hz7bqg7qa1s"))))
     (build-system r-build-system)
     (home-page "https://cran.r-project.org/web/packages/rjson")
     (synopsis "JSON library for R")
@@ -4378,16 +4403,17 @@ NetSurf project.")
        ("mercurial" ,mercurial)))
     (inputs
      `(("python" ,python-wrapper)
+       ("perl-cgi-formbuilder" ,perl-cgi-formbuilder)
        ("perl-cgi-session" ,perl-cgi-session)
        ("perl-cgi-simple" ,perl-cgi-simple)
-       ("perl-json" ,perl-json)
-       ("perl-image-magick" ,perl-image-magick)
-       ("perl-uri" ,perl-uri)
+       ("perl-db-file" ,perl-db-file)
        ("perl-html-parser" ,perl-html-parser)
-       ("perl-uri" ,perl-uri)
-       ("perl-text-markdown-discount" ,perl-text-markdown-discount)
        ("perl-html-scrubber" ,perl-html-scrubber)
        ("perl-html-template" ,perl-html-template)
+       ("perl-image-magick" ,perl-image-magick)
+       ("perl-json" ,perl-json)
+       ("perl-text-markdown-discount" ,perl-text-markdown-discount)
+       ("perl-uri" ,perl-uri)
        ("perl-yaml-libyaml" ,perl-yaml-libyaml)))
     (home-page "https://ikiwiki.info/")
     (synopsis "Wiki compiler, capable of generating HTML")
@@ -4900,7 +4926,7 @@ tools like SSH (Secure Shell) to reach the outside world.")
 (define-public stunnel
   (package
   (name "stunnel")
-  (version "5.46")
+  (version "5.47")
   (source
     (origin
       (method url-fetch)
@@ -4908,12 +4934,34 @@ tools like SSH (Secure Shell) to reach the outside world.")
                           version ".tar.gz"))
       (sha256
        (base32
-        "1iw4gap9ysag8iww2ik029scmdllk7jdzcpnnbj7hgbl526b9akn"))))
+        "02qx0b0dd38rfcl9vfd6zq1pcg5gv0z2mxw5z3p2pfbfk7dpbrn4"))))
   (build-system gnu-build-system)
+  (native-inputs
+   ;; For tests.
+   `(("iproute" ,iproute)
+     ("netcat" ,netcat)
+     ("procps" ,procps)))
   (inputs `(("openssl" ,openssl)))
   (arguments
    `(#:configure-flags
-     (list (string-append "--with-ssl=" (assoc-ref %build-inputs "openssl")))))
+     (list (string-append "--with-ssl=" (assoc-ref %build-inputs "openssl")))
+     #:phases
+     (modify-phases %standard-phases
+       (add-after 'unpack 'patch-output-directories
+         (lambda _
+           ;; Some (not all) Makefiles have a hard-coded incorrect docdir.
+           (substitute* (list "Makefile.in"
+                              "doc/Makefile.in"
+                              "tools/Makefile.in")
+             (("/doc/stunnel")
+              (string-append "/doc/" ,name "-" ,version)))
+           #t))
+       (add-before 'check 'patch-tests
+         (lambda _
+           (substitute* "tests/make_test"
+             (("/bin/sh ")
+              (string-append (which "sh") " ")))
+           #t)))))
   (home-page "https://www.stunnel.org")
   (synopsis "TLS proxy for clients or servers")
   (description "Stunnel is a proxy designed to add TLS encryption
@@ -6066,6 +6114,7 @@ artifact.")))
      `(#:jar-name "eclipse-jetty-security.jar"
        #:source-dir "src/main/java"
        #:jdk ,icedtea-8
+       #:test-exclude (list "**/ConstraintTest.*") ; This test fails
        #:phases
        (modify-phases %standard-phases
          (add-before 'configure 'chdir
@@ -6157,6 +6206,107 @@ container.")))
        ("server" ,java-eclipse-jetty-server-9.2)
        ,@(package-inputs java-eclipse-jetty-util-9.2)))))
 
+(define-public java-eclipse-jetty-xml
+  (package
+    (inherit java-eclipse-jetty-util)
+    (name "java-eclipse-jetty-xml")
+    (arguments
+     `(#:jar-name "eclipse-jetty-xml.jar"
+       #:source-dir "src/main/java"
+       #:jdk ,icedtea-8
+       #:tests? #f; most tests require network
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'chdir
+           (lambda _
+             (chdir "jetty-xml")
+             #t)))))
+    (inputs
+     `(("java-eclipse-jetty-util" ,java-eclipse-jetty-util)))
+    (native-inputs
+     `(("java-eclipse-jetty-io" ,java-eclipse-jetty-io)
+       ,@(package-native-inputs java-eclipse-jetty-util)))))
+
+(define-public java-eclipse-jetty-xml-9.2
+  (package
+    (inherit java-eclipse-jetty-xml)
+    (version (package-version java-eclipse-jetty-util-9.2))
+    (source (package-source java-eclipse-jetty-util-9.2))
+    (arguments
+     `(#:jar-name "eclipse-jetty-xml.jar"
+       #:source-dir "src/main/java"
+       #:jdk ,icedtea-8
+       #:tests? #f; most tests require network
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'chdir
+           (lambda _
+             (chdir "jetty-xml")
+             #t)))))
+    (inputs
+     `(("java-eclipse-jetty-util-9.2" ,java-eclipse-jetty-util-9.2)
+       ,@(package-inputs java-eclipse-jetty-util-9.2)))
+    (native-inputs
+     `(("java-eclipse-jetty-io-9.2" ,java-eclipse-jetty-io-9.2)
+       ,@(package-native-inputs java-eclipse-jetty-util-9.2)))))
+
+(define-public java-eclipse-jetty-webapp
+  (package
+    (inherit java-eclipse-jetty-util)
+    (name "java-eclipse-jetty-webapp")
+    (arguments
+     `(#:jar-name "eclipse-jetty-webapp.jar"
+       #:source-dir "src/main/java"
+       #:jdk ,icedtea-8
+       ;; One test fails
+       #:test-exclude (list "**/WebAppContextTest.java")
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'chdir
+           (lambda _
+             (chdir "jetty-webapp")
+             #t)))))
+    (inputs
+     `(("java-eclipse-jetty-util" ,java-eclipse-jetty-util)
+       ("java-eclipse-jetty-http" ,java-eclipse-jetty-http)
+       ("java-eclipse-jetty-server" ,java-eclipse-jetty-server)
+       ("java-eclipse-jetty-servlet" ,java-eclipse-jetty-servlet)
+       ("java-eclipse-jetty-security" ,java-eclipse-jetty-security)
+       ("java-eclipse-jetty-xml" ,java-eclipse-jetty-xml)
+       ("java-tomcat" ,java-tomcat)))
+    (native-inputs
+     `(("java-eclipse-jetty-io" ,java-eclipse-jetty-io)
+       ,@(package-native-inputs java-eclipse-jetty-util)))))
+
+(define-public java-eclipse-jetty-webapp-9.2
+  (package
+    (inherit java-eclipse-jetty-webapp)
+    (version (package-version java-eclipse-jetty-util-9.2))
+    (source (package-source java-eclipse-jetty-util-9.2))
+    (arguments
+     `(#:jar-name "eclipse-jetty-webapp.jar"
+       #:source-dir "src/main/java"
+       #:jdk ,icedtea-8
+       #:test-exclude (list "**/WebAppContextTest.java")
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'chdir
+           (lambda _
+             (chdir "jetty-webapp")
+             #t)))))
+    (inputs
+     `(("java-eclipse-jetty-util-9.2" ,java-eclipse-jetty-util-9.2)
+       ("java-eclipse-jetty-http-9.2" ,java-eclipse-jetty-http-9.2)
+       ("java-eclipse-jetty-server-9.2" ,java-eclipse-jetty-server-9.2)
+       ("java-eclipse-jetty-servlet-9.2" ,java-eclipse-jetty-servlet-9.2)
+       ("java-eclipse-jetty-security-9.2" ,java-eclipse-jetty-security-9.2)
+       ("java-eclipse-jetty-xml-9.2" ,java-eclipse-jetty-xml-9.2)
+       ("java-tomcat" ,java-tomcat)
+       ,@(package-inputs java-eclipse-jetty-util-9.2)))
+    (native-inputs
+     `(("java-eclipse-jetty-io-9.2" ,java-eclipse-jetty-io-9.2)
+       ,@(package-native-inputs java-eclipse-jetty-util-9.2)))))
+
 (define-public java-jsoup
   (package
     (name "java-jsoup")
@@ -6420,10 +6570,10 @@ compressed JSON header blocks.
     (license l:expat)))
 
 (define-public hpcguix-web
-  (let ((commit "3e3b9a3a406ee2dcd10c96cbedcc16ea378e8e8f"))
+  (let ((commit "87cb51611c0f1fd3863b830614ab1364599cf1ca"))
     (package
       (name "hpcguix-web")
-      (version (git-version "0.0.1" "0" commit))
+      (version (git-version "0.0.1" "1" commit))
       (source (origin
                 (method git-fetch)
                 (uri (git-reference
@@ -6432,7 +6582,7 @@ compressed JSON header blocks.
                 (file-name (git-file-name name version))
                 (sha256
                  (base32
-                  "01888byi9mh7d3adcmwhmg44kg98g92r44ilc4wd7an66mjnxpry"))))
+                  "0p66fl8r3v73v13fqg9rbqbzbdzvyznchxbq2s1jwq6qfsn2w3gr"))))
       (build-system gnu-build-system)
       (arguments
        `(#:modules ((guix build gnu-build-system)
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index d1abb0b687..10cd788af2 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -55,14 +55,14 @@
 (define-public webkitgtk
   (package
     (name "webkitgtk")
-    (version "2.20.2")
+    (version "2.20.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.webkitgtk.org/releases/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1qi6nnj4qidzija1am9xscwjxwfqwhiy7x39ndriqgzh86i97znz"))))
+                "1n0dy94bm7wvxln4jis1gp8plv8n4a01g41724zsf5psg1yk16sp"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f ; no tests
diff --git a/gnu/packages/wine.scm b/gnu/packages/wine.scm
index 369f64c547..91b37556a0 100644
--- a/gnu/packages/wine.scm
+++ b/gnu/packages/wine.scm
@@ -69,7 +69,7 @@
 (define-public wine
   (package
     (name "wine")
-    (version "3.0.1")
+    (version "3.0.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://dl.winehq.org/wine/source/"
@@ -77,7 +77,7 @@
                                   "/wine-" version ".tar.xz"))
               (sha256
                (base32
-                "1wr63n70pli83p3rmclr2j4lxzs4ll1cwlpdlaajfrf6v9yhvl5s"))))
+                "1zv3nk31s758ghp4795ym3w8l5868c2dllmjx9245qh9ahvp3mya"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)
                      ("gettext" ,gettext-minimal)
@@ -223,7 +223,7 @@ integrate Windows applications into your desktop.")
 (define-public wine-staging-patchset-data
   (package
    (name "wine-staging-patchset-data")
-   (version "3.9")
+   (version "3.11")
    (source
     (origin
      (method url-fetch)
@@ -232,7 +232,7 @@ integrate Windows applications into your desktop.")
      (file-name (string-append name "-" version ".zip"))
      (sha256
       (base32
-       "0akccqrp1ymjrra2c99f6hxlaa77jyihfs3q8x93vkgb9c0lq5xx"))))
+       "1sd9chv919y0wfqcshasl82899isvq9rik4h8d44g2cf4m9zzhvi"))))
    (build-system trivial-build-system)
    (native-inputs
     `(("bash" ,bash)
@@ -279,13 +279,14 @@ integrate Windows applications into your desktop.")
               (file-name (string-append name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0ddphvlp9lsjyqc6zckinc36bggpkg925v0x2vqr8nkdjs0w5bfc"))))
+                "0zlhkz6aybkr9jg8za9x56fp92q10df0abadn9bsa8ryparr5d15"))))
     (inputs `(("autoconf" ,autoconf) ; for autoreconf
               ("gtk+" ,gtk+)
               ("libva" ,libva)
               ("python" ,python)
               ("sdl2" ,sdl2)
               ("util-linux" ,util-linux) ; for hexdump
+              ("vkd3d" ,vkd3d)
               ("vulkan-loader" ,vulkan-loader)
               ("wine-staging-patchset-data" ,wine-staging-patchset-data)
               ,@(package-inputs wine)))
diff --git a/gnu/packages/wm.scm b/gnu/packages/wm.scm
index a3705c9d91..a076cbbb1d 100644
--- a/gnu/packages/wm.scm
+++ b/gnu/packages/wm.scm
@@ -103,7 +103,7 @@ nested include statements).")
 (define-public bspwm
   (package
     (name "bspwm")
-    (version "0.9.4")
+    (version "0.9.5")
     (source
      (origin
        (file-name (string-append name "-" version ".tar.gz"))
@@ -113,7 +113,7 @@ nested include statements).")
              version ".tar.gz"))
        (sha256
         (base32
-         "0yjr0vzbj3ar8qfr6gvpvjd82ay8iy1sg2fkw2swghlqiy6ix4kw"))))
+         "10pph8wxqysgk7b2h0svs0nwacn1a4y44jnzzry32pd1ysx92d97"))))
     (build-system gnu-build-system)
     (inputs
      `(("libxcb" ,libxcb)
@@ -123,10 +123,13 @@ nested include statements).")
        ("xcb-util-keysyms" ,xcb-util-keysyms)
        ("xcb-util-wm" ,xcb-util-wm)))
     (arguments
-     '(#:phases (modify-phases %standard-phases (delete 'configure))
-       #:tests? #f  ; no check target
-       #:make-flags (list "CC=gcc"
-                          (string-append "PREFIX=" %output))))
+     '(#:phases
+       (modify-phases %standard-phases
+         (delete 'configure))           ; no configure script
+       #:tests? #f                      ; no check target
+       #:make-flags
+       (list "CC=gcc"
+             (string-append "PREFIX=" %output))))
     (home-page "https://github.com/baskerville/bspwm")
     (synopsis "Tiling window manager based on binary space partitioning")
     (description "bspwm is a tiling window manager that represents windows as
@@ -988,7 +991,7 @@ project derived from the original Calm Window Manager.")
        ("glib" ,glib)
        ("glibmm" ,glibmm)))
     (native-inputs
-     `(("pkg-config", pkg-config)))
+     `(("pkg-config" ,pkg-config)))
     (arguments
      `(#:configure-flags (list
                           (string-append "--prefix=" %output)
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 1c6e23e264..e735bcf90a 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -264,25 +264,23 @@ between desktops, and change the number of desktops.")
 (define-public xeyes
   (package
     (name "xeyes")
-    (version "1.0.1")
+    (version "1.1.2")
     (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "http://xeyes.sourcearchive.com/downloads/1.0.1/xeyes_"
-               version
-               ".orig.tar.gz"))
-        (sha256
-          (base32
-            "04c3md570j67g55h3bix1qbngcslnq91skli51k3g1avki88zkm9"))))
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://www.x.org/releases/individual/app/"
+                           name "-" version ".tar.bz2"))
+       (sha256
+        (base32 "0lq5j7fryx1wn998jq6h3icz1h6pqrsbs3adskjzjyhn5l6yrg2p"))))
     (build-system gnu-build-system)
     (inputs
       `(("libxext" ,libxext)
         ("libxmu" ,libxmu)
+        ("libxrender" ,libxrender)
         ("libxt" ,libxt)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
-    (home-page "http://xeyes.sourcearchive.com/")
+    (home-page "https://www.x.org/")    ; no dedicated Xeyes page exists
     (synopsis "Follow-the-mouse X demo")
     (description "Xeyes is a demo program for x.org.  It shows eyes
 following the mouse.")
@@ -530,7 +528,7 @@ selection's dimensions to stdout.")
 (define-public maim
   (package
     (name "maim")
-    (version "5.5.1")
+    (version "5.5.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -539,7 +537,7 @@ selection's dimensions to stdout.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1dvw0axnr9hhjg6zdcq9lwvaq0x7vrzlz00p8n3hj25qzsi4z5as"))))
+                "14zdhsx1cndg5m8wbv1rqmza7wgknwfj5h0knzxg3p2jkjw66i95"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f))            ; no "check" target
@@ -735,17 +733,16 @@ Guile will work for XBindKeys.")
 (define-public sxhkd
   (package
     (name "sxhkd")
-    (version "0.5.6")
+    (version "0.5.9")
     (source
      (origin
-       (file-name (string-append name "-" version ".tar.gz"))
-       (method url-fetch)
-       (uri (string-append
-             "https://github.com/baskerville/sxhkd/archive/"
-             version ".tar.gz"))
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/baskerville/sxhkd")
+             (commit version)))
        (sha256
         (base32
-         "15grmzpxz5fqlbfg2slj7gb7r6nzkvjmflmbkqx7mlby9pm6wdkj"))))
+         "0cw547x7vky55k3ksrmzmrra4zhslqcwq9xw0y4cmbvy4s1qf64v"))))
     (build-system gnu-build-system)
     (inputs
      `(("asciidoc" ,asciidoc)
@@ -754,10 +751,14 @@ Guile will work for XBindKeys.")
        ("xcb-util-keysyms" ,xcb-util-keysyms)
        ("xcb-util-wm" ,xcb-util-wm)))
     (arguments
-     '(#:phases (modify-phases %standard-phases (delete 'configure))
+     `(#:phases (modify-phases %standard-phases (delete 'configure))
        #:tests? #f  ; no check target
-       #:make-flags (list "CC=gcc"
-                          (string-append "PREFIX=" %output))))
+       #:make-flags
+       (list "CC=gcc"
+             (string-append "PREFIX=" %output)
+             ;; Keep the documentation where the build system installs LICENSE.
+             (string-append "DOCPREFIX=" %output
+                            "/share/doc/" ,name "-" ,version))))
     (home-page "https://github.com/baskerville/sxhkd")
     (synopsis "Simple X hotkey daemon")
     (description "sxhkd is a simple X hotkey daemon with a powerful and
@@ -1286,41 +1287,41 @@ XCB util-xrm module provides the following libraries:
 (define-public xcalib
   (package
     (name "xcalib")
-    (version "0.8")
+    (version "0.10")
+    (home-page "https://github.com/OpenICC/xcalib")
     (source (origin
-              (method url-fetch)
-              (uri (string-append "mirror://sourceforge/xcalib/xcalib/" version
-                                  "/xcalib-source-" version ".tar.gz"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url home-page)
+                    (commit version)))
               (sha256
                (base32
-                "1rh6xb51c5xz926dnn82a2fn643g0sr4a8z66rn6yi7523kjw4ca"))))
-    (build-system gnu-build-system)
+                "05fzdjmhiafgi2jf0k41i3nm0837a78sb6yv59cwc23nla8g0bhr"))
+              (patches
+               (list
+                ;; Add missing documentation for the new --output option.
+                ;; This upstream patch can be removed on the next update.
+                (origin
+                  (method url-fetch)
+                  (uri (string-append
+                        home-page "/commit/"
+                        "ae03889b91fe984b18e925ad2b5e6f2f7354e058.patch"))
+                  (file-name "xcalib-update-man-page.patch")
+                  (sha256
+                   (base32
+                    "0f7b4d5484x4b9n1bwhqmar0kcaa029ffff7bp3xpr734n1qgqb6")))))))
+    (build-system cmake-build-system)
     (arguments
-     '(#:make-flags '("CC=gcc")
-       #:tests? #f   ; No test suite
-       #:phases (modify-phases %standard-phases
-                  (delete 'configure)
-                  (replace 'install
-                    (lambda* (#:key outputs #:allow-other-keys)
-                      (let* ((out (assoc-ref outputs "out"))
-                             (bin (string-append out "/bin")))
-                        (install-file "xcalib" bin))))
-                  (add-after 'install 'install-doc
-                    (lambda* (#:key outputs #:allow-other-keys)
-                      (let ((doc (string-append(assoc-ref outputs "out")
-                                               "/share/doc/xcalib")))
-                        (install-file "README" doc)
-                        ;; Avoid unspecified return value.
-                        #t))))))
+     '(#:tests? #f))                    ; no test suite
     (inputs `(("libx11" ,libx11)
               ("libxext" ,libxext)
+              ("libxrandr" ,libxrandr)
               ("libxxf86vm" ,libxxf86vm)))
     (synopsis "Tiny monitor calibration loader for XFree86 (or X.org)")
     (description "xcalib is a tiny tool to load the content of vcgt-Tags in ICC
 profiles to the video card's gamma ramp.  It does work with most video card
 drivers except the generic VESA driver.  Alter brightness, contrast, RGB, and
 invert colors on a specific display/screen.")
-    (home-page "http://xcalib.sourceforge.net/")
     (license license:gpl2)))
 
 (define-public nxbelld
diff --git a/gnu/packages/xfig.scm b/gnu/packages/xfig.scm
index 86fbd9159b..9c1f28592f 100644
--- a/gnu/packages/xfig.scm
+++ b/gnu/packages/xfig.scm
@@ -119,7 +119,7 @@ selected in various ways.  For text, 35 fonts are available.")
                  (("/usr/local/lib/fig2dev") (string-append out "/lib")))
                ;; The -a argument is required in order to pick up the correct paths
                ;; to several X header files.
-               (zero? (system* "xmkmf" "-a"))
+               (invoke "xmkmf" "-a")
                (substitute* '("Makefile"
                               "fig2dev/Makefile"
                               "transfig/Makefile")
@@ -130,10 +130,11 @@ selected in various ways.  For text, 35 fonts are available.")
                  (("(MANPATH = )[[:graph:]]*" _ front)
                   (string-append front out "/share/man"))
                  (("(CONFDIR = )([[:graph:]]*)" _ front default)
-                  (string-append front out default))))))
+                  (string-append front out default)))
+               #t)))
          (add-after 'install 'install/doc
            (lambda _
-             (zero? (system* "make" "install.man")))))))
+             (invoke "make" "install.man"))))))
     (home-page "http://mcj.sourceforge.net/")
     (synopsis "Create portable LaTeX figures")
     (description
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index d0184c45d1..9112d0273f 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -263,13 +263,11 @@ the @code{Graph} class and write it out in a specific file format.")
                                     (getenv "PERL5LIB")))
              #t)))))
     (native-inputs
-     `(("perl-datetime" ,perl-datetime)
-       ;; TODO package: perl-datetime-format-atom
-       ("perl-html-tagset" ,perl-html-tagset)
+     ;; TODO package: perl-datetime-format-atom
+     `(("perl-html-tagset" ,perl-html-tagset)
        ("perl-module-build-tiny" ,perl-module-build-tiny)
-       ("perl-module-install" ,perl-module-install)
-       ("perl-xml-xpath" ,perl-xml-xpath)))
-    (inputs
+       ("perl-module-install" ,perl-module-install)))
+    (propagated-inputs
      `(("perl-class-data-inheritable" ,perl-class-data-inheritable)
        ("perl-datetime" ,perl-datetime)
        ("perl-datetime-timezone" ,perl-datetime-timezone)
@@ -418,14 +416,14 @@ XML parser and the high performance DOM implementation.")
 (define-public perl-xml-libxml-simple
   (package
     (name "perl-xml-libxml-simple")
-    (version "0.97")
+    (version "0.99")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/M/MA/MARKOV/"
                                   "XML-LibXML-Simple-" version ".tar.gz"))
               (sha256
                (base32
-                "1g8nlk3zdz2cclxf7azvsb3jfxmvy6ml8wmj774k4qjqcsqmzk0w"))))
+                "0i4ybiqdnvnbfxqslw2y392kvy7i752dl8n99bqiqv5kzk4lbzhl"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-file-slurp-tiny" ,perl-file-slurp-tiny)
@@ -815,18 +813,18 @@ RSS 0.91, RSS 1.0, RSS 2.0, Atom")
 (define-public perl-xml-xpath
   (package
     (name "perl-xml-xpath")
-    (version "1.40")
+    (version "1.42")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/M/MA/MANWAR/"
                                   "XML-XPath-" version ".tar.gz"))
               (sha256
                (base32
-                "07pa0bl42jka8mj7jshjynx8vpfh8b4cdyiv4zlkqvkqz98nzxib"))))
+                "04mm91kxav598ax7nlg81dhnvanwvg6bkf30l0cgkmga5iyccsly"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-path-tiny" ,perl-path-tiny)))
-    (inputs
+    (propagated-inputs
      `(("perl-xml-parser" ,perl-xml-parser)))
     (home-page "http://search.cpan.org/dist/XML-XPath")
     (synopsis "Parse and evaluate XPath statements")
@@ -926,14 +924,14 @@ XSL-T processor.  It also performs any necessary post-processing.")
 (define-public xmlsec
   (package
     (name "xmlsec")
-    (version "1.2.25")
+    (version "1.2.26")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://www.aleksey.com/xmlsec/download/"
                                  name "1-" version ".tar.gz"))
              (sha256
               (base32
-               "1lpwj8dxwhha54sby0v5axjk79h56jnhjjiwiasbbk15vwzahz4n"))))
+               "0l1dk344rn3j2vnj13daz72xd8j1msvzhg82n2il5ji0qz4pd0ld"))))
     (build-system gnu-build-system)
     (propagated-inputs ; according to xmlsec1.pc
      `(("libxml2" ,libxml2)
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index f4bf2a503a..7ce543790f 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -15,6 +15,7 @@
 ;;; Copyright © 2017, 2018 Rutger Helling <rhelling@mykolab.com>
 ;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018 Kei Kebreau <kkebreau@posteo.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -2411,7 +2412,7 @@ devices, thus making direct access unnecessary.")
 (define-public xf86-input-evdev
   (package
     (name "xf86-input-evdev")
-    (version "2.10.5")
+    (version "2.10.6")
     (source
       (origin
         (method url-fetch)
@@ -2421,7 +2422,7 @@ devices, thus making direct access unnecessary.")
                ".tar.bz2"))
         (sha256
           (base32
-           "03dphgwjaxxyys8axc1kyysp6xvy9bjxicsdrhi2jvdgbchadnly"))))
+           "1h1y0fwnawlp4yc5llr1l7hwfcxxpln2fxhy6arcf6w6h4z0f9l7"))))
     (build-system gnu-build-system)
     (inputs
       `(("udev" ,eudev)
@@ -2529,7 +2530,7 @@ It is used to cotrol the pointer with a joystick device.")
 (define-public xf86-input-mouse
   (package
     (name "xf86-input-mouse")
-    (version "1.9.2")
+    (version "1.9.3")
     (source
       (origin
         (method url-fetch)
@@ -2539,7 +2540,7 @@ It is used to cotrol the pointer with a joystick device.")
                ".tar.bz2"))
         (sha256
           (base32
-            "0bsbgww9421792zan43j60mndqprhfxhc48agsi15d3abjqda9gl"))))
+            "1iawr1wyl2qch1mqszcs0s84i92mh4xxprflnycbw1adc18b7v4k"))))
     (build-system gnu-build-system)
     (inputs `(("xorg-server" ,xorg-server)))
     (native-inputs `(("pkg-config" ,pkg-config)))
@@ -2561,7 +2562,7 @@ as USB mice.")
 (define-public xf86-input-synaptics
   (package
     (name "xf86-input-synaptics")
-    (version "1.9.0")
+    (version "1.9.1")
     (source
       (origin
         (method url-fetch)
@@ -2571,7 +2572,7 @@ as USB mice.")
                ".tar.bz2"))
         (sha256
           (base32
-            "0niv0w1czbxh4y3qkqbpdp5gjwhp3379inwhknhif0m4sy4k5fmg"))))
+            "0xhm03qywwfgkpfl904d08lx00y28m1b6lqmks5nxizixwk3by3s"))))
     (build-system gnu-build-system)
     (inputs `(("libx11" ,libx11)
               ("libxi" ,libxi)
@@ -2730,7 +2731,7 @@ X server.")
 (define-public xf86-video-fbdev
   (package
     (name "xf86-video-fbdev")
-    (version "0.4.4")
+    (version "0.5.0")
     (source
       (origin
         (method url-fetch)
@@ -2740,7 +2741,7 @@ X server.")
                ".tar.bz2"))
         (sha256
           (base32
-            "06ym7yy017lanj730hfkpfk4znx3dsj8jq3qvyzsn8w294kb7m4x"))))
+            "16a66zr0l1lmssa07i3rzy07djxnb45c17ks8c71h8l06xgxihyw"))))
     (build-system gnu-build-system)
     (inputs `(("xorg-server" ,xorg-server)))
     (native-inputs `(("pkg-config" ,pkg-config)))
@@ -3440,7 +3441,7 @@ X server.")
 (define-public xf86-video-vmware
   (package
     (name "xf86-video-vmware")
-    (version "13.2.1")
+    (version "13.3.0")
     (source
       (origin
         (method url-fetch)
@@ -3450,7 +3451,7 @@ X server.")
                ".tar.bz2"))
         (sha256
           (base32
-           "0azn3g0vcki47n5jddagk2rmbwdvp845k8p7d2r56zxs3w8ggxz2"))))
+           "0v06qhm059klq40m2yx4wypzb7h53aaassbjfmm6clcyclj1k5s7"))))
     (build-system gnu-build-system)
     (inputs
      `(("libx11" ,libx11)
@@ -5635,7 +5636,7 @@ user-friendly mechanism to start the X server.")
 (define-public libxaw3d
   (package
     (name "libxaw3d")
-    (version "1.6.2")
+    (version "1.6.3")
     (source
       (origin
         (method url-fetch)
@@ -5645,7 +5646,7 @@ user-friendly mechanism to start the X server.")
                ".tar.bz2"))
         (sha256
           (base32
-            "0awplv1nf53ywv01yxphga3v6dcniwqnxgnb0cn4khb121l12kxp"))))
+            "0i653s8g25cc0mimkwid9366bqkbyhdyjhckx7bw77j20hzrkfid"))))
     (build-system gnu-build-system)
     (propagated-inputs
       `(("libxext" ,libxext)
@@ -5855,6 +5856,34 @@ perl programs to display windows and graphics on X11 servers.")
     ;; for details)."
     (license license:perl-license)))
 
+(define-public perl-x11-protocol-other
+  (package
+    (name "perl-x11-protocol-other")
+    (version "30")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/K/KR/KRYDE/X11-Protocol-Other-"
+             version ".tar.gz"))
+       (sha256
+        (base32
+         "1mambi57cdkj82wiw1l8y2f70a60qsamdas0165hlj10drryfgrj"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-encode-hanextra" ,perl-encode-hanextra)
+       ("perl-module-util" ,perl-module-util)))
+    (propagated-inputs
+     `(("perl-x11-protocol" ,perl-x11-protocol)))
+    (home-page "http://search.cpan.org/dist/X11-Protocol-Other/")
+    (synopsis "Miscellaneous helpers for @code{X11::Protocol} connections")
+    (description
+     "@code{X11::Protocol::Other} contains window manager related functions for
+use by client programs, as per the @dfn{ICCCM} (Inter-Client Communication
+Conventions Manual) and some of the @dfn{EWMH}
+(Extended Window Manager Hints).")
+    (license license:gpl3+)))
+
 (define-public xcompmgr
   (package
     (name "xcompmgr")
@@ -5899,7 +5928,7 @@ basic eye-candy effects.")
 (define-public xpra
   (package
     (name "xpra")
-    (version "2.3.1")
+    (version "2.3.2")
     (source
      (origin
        (method url-fetch)
@@ -5907,7 +5936,7 @@ basic eye-candy effects.")
                            version ".tar.xz"))
        (sha256
         (base32
-         "0wghjmrw77pkh6agc5rz7ynr6s8yyc68qvj9rnp0vlwa3x1fl3ry"))))
+         "02wpnlx43dwacaahpm8db5kbnjw2msm3ycq71gib0n2zamd71ni6"))))
     (build-system python-build-system)
     (inputs `(("ffmpeg" ,ffmpeg)
               ("flac" ,flac)
diff --git a/gnu/packages/zile.scm b/gnu/packages/zile.scm
index 858117de28..eea0dba272 100644
--- a/gnu/packages/zile.scm
+++ b/gnu/packages/zile.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2012, 2013, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -122,10 +123,10 @@ default Emacs configuration, but it carries a much lighter feature set.")
                              (chmod file #o755))
                            (find-files "."))
                  (patch-shebang "gnulib/gnulib-tool")
-                 (zero? (system* "sh" "./bootstrap"
-                                 "--gnulib-srcdir=gnulib"
-                                 "--skip-git" "--skip-po"
-                                 "--verbose"))))
+                 (invoke "sh" "./bootstrap"
+                         "--gnulib-srcdir=gnulib"
+                         "--skip-git" "--skip-po"
+                         "--verbose")))
              (add-after 'install 'wrap-command
                (lambda* (#:key outputs #:allow-other-keys)
                  ;; Add zile.scm to the search path.
diff --git a/gnu/services.scm b/gnu/services.scm
index 81af4df849..49cf01a4f8 100644
--- a/gnu/services.scm
+++ b/gnu/services.scm
@@ -331,13 +331,20 @@ containing the given entries."
   (service-type (name 'system)
                 (extensions '())
                 (compose identity)
-                (extend system-derivation)))
-
-(define (compute-boot-script _ mexps)
-  (mlet %store-monad ((gexps (sequence %store-monad mexps)))
-    (gexp->file "boot"
-                ;; Clean up and activate the system, then spawn shepherd.
-                #~(begin #$@gexps))))
+                (extend system-derivation)
+                (description
+                 "Build the operating system top-level directory, which in
+turn refers to everything the operating system needs: its kernel, initrd,
+system profile, boot script, and so on.")))
+
+(define (compute-boot-script _ gexps)
+  ;; Reverse GEXPS so that extensions appear in the boot script in the right
+  ;; order.  That is, user extensions would come first, and extensions added
+  ;; by 'essential-services' (e.g., running shepherd) are guaranteed to come
+  ;; last.
+  (gexp->file "boot"
+              ;; Clean up and activate the system, then spawn shepherd.
+              #~(begin #$@(reverse gexps))))
 
 (define (boot-script-entry mboot)
   "Return, as a monadic value, an entry for the boot script in the system
@@ -346,64 +353,74 @@ directory."
     (return `(("boot" ,boot)))))
 
 (define boot-service-type
-  ;; The service of this type is extended by being passed gexps as monadic
-  ;; values.  It aggregates them in a single script, as a monadic value, which
-  ;; becomes its 'parameters'.  It is the only service that extends nothing.
+  ;; The service of this type is extended by being passed gexps.  It
+  ;; aggregates them in a single script, as a monadic value, which becomes its
+  ;; value.
   (service-type (name 'boot)
                 (extensions
                  (list (service-extension system-service-type
                                           boot-script-entry)))
                 (compose identity)
-                (extend compute-boot-script)))
+                (extend compute-boot-script)
+                (description
+                 "Produce the operating system's boot script, which is spawned
+by the initrd once the root file system is mounted.")))
 
 (define %boot-service
   ;; The service that produces the boot script.
   (service boot-service-type #t))
 
 (define (cleanup-gexp _)
-  "Return as a monadic value a gexp to clean up /tmp and similar places upon
-boot."
-  (with-monad %store-monad
-    (with-imported-modules '((guix build utils))
-      (return #~(begin
-                  (use-modules (guix build utils))
-
-                  ;; Clean out /tmp and /var/run.
-                  ;;
-                  ;; XXX This needs to happen before service activations, so it
-                  ;; has to be here, but this also implicitly assumes that /tmp
-                  ;; and /var/run are on the root partition.
-                  (letrec-syntax ((fail-safe (syntax-rules ()
-                                               ((_ exp rest ...)
-                                                (begin
-                                                  (catch 'system-error
-                                                    (lambda () exp)
-                                                    (const #f))
-                                                  (fail-safe rest ...)))
-                                               ((_)
-                                                #t))))
-                    ;; Ignore I/O errors so the system can boot.
-                    (fail-safe
-                     ;; Remove stale Shadow lock files as they would lead to
-                     ;; failures of 'useradd' & co.
-                     (delete-file "/etc/group.lock")
-                     (delete-file "/etc/passwd.lock")
-                     (delete-file "/etc/.pwd.lock") ;from 'lckpwdf'
-
-                     (delete-file-recursively "/tmp")
-                     (delete-file-recursively "/var/run")
-                     (mkdir "/tmp")
-                     (chmod "/tmp" #o1777)
-                     (mkdir "/var/run")
-                     (chmod "/var/run" #o755)
-                     (delete-file-recursively "/run/udev/watch.old"))))))))
+  "Return a gexp to clean up /tmp and similar places upon boot."
+  (with-imported-modules '((guix build utils))
+    #~(begin
+        (use-modules (guix build utils))
+
+        ;; Clean out /tmp and /var/run.
+        ;;
+        ;; XXX This needs to happen before service activations, so it
+        ;; has to be here, but this also implicitly assumes that /tmp
+        ;; and /var/run are on the root partition.
+        (letrec-syntax ((fail-safe (syntax-rules ()
+                                     ((_ exp rest ...)
+                                      (begin
+                                        (catch 'system-error
+                                          (lambda () exp)
+                                          (const #f))
+                                        (fail-safe rest ...)))
+                                     ((_)
+                                      #t))))
+          ;; Ignore I/O errors so the system can boot.
+          (fail-safe
+           ;; Remove stale Shadow lock files as they would lead to
+           ;; failures of 'useradd' & co.
+           (delete-file "/etc/group.lock")
+           (delete-file "/etc/passwd.lock")
+           (delete-file "/etc/.pwd.lock")         ;from 'lckpwdf'
+
+           ;; Force file names to be decoded as UTF-8.  See
+           ;; <https://bugs.gnu.org/26353>.
+           (setenv "GUIX_LOCPATH"
+                   #+(file-append glibc-utf8-locales "/lib/locale"))
+           (setlocale LC_CTYPE "en_US.utf8")
+           (delete-file-recursively "/tmp")
+           (delete-file-recursively "/var/run")
+
+           (mkdir "/tmp")
+           (chmod "/tmp" #o1777)
+           (mkdir "/var/run")
+           (chmod "/var/run" #o755)
+           (delete-file-recursively "/run/udev/watch.old"))))))
 
 (define cleanup-service-type
   ;; Service that cleans things up in /tmp and similar.
   (service-type (name 'cleanup)
                 (extensions
                  (list (service-extension boot-service-type
-                                          cleanup-gexp)))))
+                                          cleanup-gexp)))
+                (description
+                 "Delete files from @file{/tmp}, @file{/var/run}, and other
+temporary locations at boot time.")))
 
 (define* (activation-service->script service)
   "Return as a monadic value the activation script for SERVICE, a service of
@@ -412,44 +429,39 @@ ACTIVATION-SCRIPT-TYPE."
 
 (define (activation-script gexps)
   "Return the system's activation script, which evaluates GEXPS."
-  (define (service-activations)
-    ;; Return the activation scripts for SERVICES.
-    (mapm %store-monad
-          (cut gexp->file "activate-service" <>)
-          gexps))
-
-  (mlet* %store-monad ((actions (service-activations)))
-    (gexp->file "activate"
-                (with-imported-modules (source-module-closure
-                                        '((gnu build activation)
-                                          (guix build utils)))
-                  #~(begin
-                      (use-modules (gnu build activation)
-                                   (guix build utils))
-
-                      ;; Make sure the user accounting database exists.  If it
-                      ;; does not exist, 'setutxent' does not create it and
-                      ;; thus there is no accounting at all.
-                      (close-port (open-file "/var/run/utmpx" "a0"))
-
-                      ;; Same for 'wtmp', which is populated by mingetty et
-                      ;; al.
-                      (mkdir-p "/var/log")
-                      (close-port (open-file "/var/log/wtmp" "a0"))
-
-                      ;; Set up /run/current-system.  Among other things this
-                      ;; sets up locales, which the activation snippets
-                      ;; executed below may expect.
-                      (activate-current-system)
-
-                      ;; Run the services' activation snippets.
-                      ;; TODO: Use 'load-compiled'.
-                      (for-each primitive-load '#$actions))))))
+  (define actions
+    (map (cut scheme-file "activate-service" <>) gexps))
+
+  (scheme-file "activate"
+               (with-imported-modules (source-module-closure
+                                       '((gnu build activation)
+                                         (guix build utils)))
+                 #~(begin
+                     (use-modules (gnu build activation)
+                                  (guix build utils))
+
+                     ;; Make sure the user accounting database exists.  If it
+                     ;; does not exist, 'setutxent' does not create it and
+                     ;; thus there is no accounting at all.
+                     (close-port (open-file "/var/run/utmpx" "a0"))
+
+                     ;; Same for 'wtmp', which is populated by mingetty et
+                     ;; al.
+                     (mkdir-p "/var/log")
+                     (close-port (open-file "/var/log/wtmp" "a0"))
+
+                     ;; Set up /run/current-system.  Among other things this
+                     ;; sets up locales, which the activation snippets
+                     ;; executed below may expect.
+                     (activate-current-system)
+
+                     ;; Run the services' activation snippets.
+                     ;; TODO: Use 'load-compiled'.
+                     (for-each primitive-load '#$actions)))))
 
 (define (gexps->activation-gexp gexps)
   "Return a gexp that runs the activation script containing GEXPS."
-  (mlet %store-monad ((script (activation-script gexps)))
-    (return #~(primitive-load #$script))))
+  #~(primitive-load #$(activation-script gexps)))
 
 (define (second-argument a b) b)
 
@@ -459,7 +471,10 @@ ACTIVATION-SCRIPT-TYPE."
                  (list (service-extension boot-service-type
                                           gexps->activation-gexp)))
                 (compose identity)
-                (extend second-argument)))
+                (extend second-argument)
+                (description
+                 "Run @dfn{activation} code at boot time and upon
+@command{guix system reconfigure} completion.")))
 
 (define %activation-service
   ;; The activation service produces the activation script from the gexps it
@@ -507,7 +522,10 @@ ACTIVATION-SCRIPT-TYPE."
                              (lambda (files)
                                #~(activate-special-files '#$files)))))
    (compose concatenate)
-   (extend append)))
+   (extend append)
+   (description
+    "Add special files to the root file system---e.g.,
+@file{/usr/bin/env}.")))
 
 (define (extra-special-file file target)
   "Use TARGET as the \"special file\" FILE.  For example, TARGET might be
@@ -541,7 +559,8 @@ directory."
                                          #~(activate-etc #$etc))))
                   (service-extension system-service-type etc-entry)))
                 (compose concatenate)
-                (extend append)))
+                (extend append)
+                (description "Populate the @file{/etc} directory.")))
 
 (define (etc-service files)
   "Return a new service of ETC-SERVICE-TYPE that populates /etc with FILES.
@@ -556,7 +575,10 @@ FILES must be a list of name/file-like object pairs."
                                             #~(activate-setuid-programs
                                                (list #$@programs))))))
                 (compose concatenate)
-                (extend append)))
+                (extend append)
+                (description
+                 "Populate @file{/run/setuid-programs} with the specified
+executables, making them setuid-root.")))
 
 (define (packages->profile-entry packages)
   "Return a system entry for the profile containing PACKAGES."
@@ -573,7 +595,11 @@ FILES must be a list of name/file-like object pairs."
                  (list (service-extension system-service-type
                                           packages->profile-entry)))
                 (compose concatenate)
-                (extend append)))
+                (extend append)
+                (description
+                 "This is the @dfn{system profile}, available as
+@file{/run/current-system/profile}.  It contains packages that the sysadmin
+wants to be globally available to all the system users.")))
 
 (define (firmware->activation-gexp firmware)
   "Return a gexp to make the packages listed in FIRMWARE loadable by the
@@ -589,7 +615,11 @@ kernel."
                  (list (service-extension activation-service-type
                                           firmware->activation-gexp)))
                 (compose concatenate)
-                (extend append)))
+                (extend append)
+                (description
+                 "Make ``firmware'' files loadable by the operating system
+kernel.  Firmware may then be uploaded to some of the machine's devices, such
+as Wifi cards.")))
 
 (define (gc-roots->system-entry roots)
   "Return an entry in the system's output containing symlinks to ROOTS."
@@ -616,7 +646,10 @@ kernel."
                  (list (service-extension system-service-type
                                           gc-roots->system-entry)))
                 (compose concatenate)
-                (extend append)))
+                (extend append)
+                (description
+                 "Register garbage-collector roots---i.e., store items that
+will not be reclaimed by the garbage collector.")))
 
 
 ;;;
diff --git a/gnu/services/authentication.scm b/gnu/services/authentication.scm
new file mode 100644
index 0000000000..1a2629d475
--- /dev/null
+++ b/gnu/services/authentication.scm
@@ -0,0 +1,41 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2018 Danny Milosavljevic <dannym@scratchpost.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services authentication)
+  #:use-module (gnu services)
+  #:use-module (gnu services dbus)
+  #:use-module (gnu packages freedesktop)
+  #:use-module (guix gexp)
+  #:use-module (guix records)
+  #:export (fprintd-configuration
+            fprintd-configuration?
+            fprintd-service-type))
+
+(define-record-type* <fprintd-configuration>
+  fprintd-configuration make-fprintd-configuration
+  fprintd-configuration?
+  (ntp      fprintd-configuration-fprintd
+            (default fprintd)))
+
+(define fprintd-service-type
+  (service-type (name 'fprintd)
+                (extensions
+                 (list (service-extension dbus-root-service-type
+                                          list)))
+                (description
+                 "Run fprintd, a fingerprint management daemon.")))
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index b34bb7132b..68411439db 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1592,8 +1592,9 @@ failed to register hydra.gnu.org public key: ~a~%" status))))))))
 
                            (call-with-output-file #$output
                              (lambda (port)
-                               (write (call-with-input-file "graph"
-                                        read-reference-graph)
+                               (write (map store-info-item
+                                           (call-with-input-file "graph"
+                                             read-reference-graph))
                                       port)))))
                      #:options `(#:local-build? #f
                                  #:references-graphs (("graph" ,item))))
diff --git a/gnu/services/cuirass.scm b/gnu/services/cuirass.scm
index c5e9fcbb22..4664a36dcf 100644
--- a/gnu/services/cuirass.scm
+++ b/gnu/services/cuirass.scm
@@ -3,10 +3,11 @@
 ;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;; Copyright © 2017 Jan Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
-;;; GNU Guix is free software: you can redistribute it and/or modify
+;;; GNU Guix is free software; you can redistribute it and/or modify
 ;;; it under the terms of the GNU General Public License as published by
 ;;; the Free Software Foundation, either version 3 of the License, or
 ;;; (at your option) any later version.
@@ -172,5 +173,7 @@
      (service-extension rottlog-service-type cuirass-log-rotations)
      (service-extension activation-service-type cuirass-activation)
      (service-extension shepherd-root-service-type cuirass-shepherd-service)
-     (service-extension account-service-type cuirass-account)))))
+     (service-extension account-service-type cuirass-account)))
+   (description
+    "Run the Cuirass continuous integration service.")))
 
diff --git a/gnu/services/cups.scm b/gnu/services/cups.scm
index 4c62e6a6f7..715d333a71 100644
--- a/gnu/services/cups.scm
+++ b/gnu/services/cups.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Andy Wingo <wingo@pobox.com>
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1024,7 +1025,9 @@ extensions that it uses."
                        (append (opaque-cups-configuration-extensions config)
                                extensions)))))))
 
-                (default-value (cups-configuration))))
+                (default-value (cups-configuration))
+                (description
+                 "Run the CUPS print server.")))
 
 ;; A little helper to make it easier to document all those fields.
 (define (generate-cups-documentation)
diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm
index d0913e90ed..2c57a36b84 100644
--- a/gnu/services/dns.scm
+++ b/gnu/services/dns.scm
@@ -622,8 +622,8 @@
                     (default '()))      ;list of string
   (cache-size       dnsmasq-configuration-cache-size
                     (default 150))      ;integer
-  (no-negcache?     dnsmasq-configuration-no-negcache?
-                    (default #f)))      ;boolean
+  (negative-cache?  dnsmasq-configuration-negative-cache?
+                    (default #t)))      ;boolean
 
 (define dnsmasq-shepherd-service
   (match-lambda
@@ -631,7 +631,7 @@
                                 no-hosts?
                                 port local-service? listen-addresses
                                 resolv-file no-resolv? servers
-                                cache-size no-negcache?)
+                                cache-size negative-cache?)
      (shepherd-service
       (provision '(dnsmasq))
       (requirement '(networking))
@@ -656,9 +656,9 @@
                   #$@(map (cut format #f "--server=~a" <>)
                           servers)
                   #$(format #f "--cache-size=~a" cache-size)
-                  #$@(if no-negcache?
-                         '("--no-negcache")
-                         '()))
+                  #$@(if negative-cache?
+                         '()
+                         '("--no-negcache")))
                 #:pid-file "/run/dnsmasq.pid"))
       (stop #~(make-kill-destructor))))))
 
@@ -667,4 +667,6 @@
    (name 'dnsmasq)
    (extensions
     (list (service-extension shepherd-root-service-type
-                             (compose list dnsmasq-shepherd-service))))))
+                             (compose list dnsmasq-shepherd-service))))
+   (default-value (dnsmasq-configuration))
+   (description "Run the dnsmasq DNS server.")))
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index e4441f6475..d5d0cf9d1d 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -608,7 +609,7 @@ demand.")))
             (call-with-output-file #$output
               (lambda (port)
                 (display "\
-# The beginning was automatically added.
+### These lines were generated from your system configuration:
 User tor
 DataDirectory /var/lib/tor
 Log notice syslog\n" port)
@@ -628,6 +629,9 @@ HiddenServicePort ~a ~a~%"
                                      (cons name mapping)))
                                   services))
 
+                (display "\
+### End of automatically generated lines.\n\n" port)
+
                 ;; Append the user's config file.
                 (call-with-input-file #$config-file
                   (lambda (input)
diff --git a/gnu/services/pm.scm b/gnu/services/pm.scm
index d40cb993e2..3817bd09de 100644
--- a/gnu/services/pm.scm
+++ b/gnu/services/pm.scm
@@ -3,7 +3,7 @@
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
-;;; GNU Guix is free software: you can redistribute it and/or modify
+;;; GNU Guix is free software; you can redistribute it and/or modify
 ;;; it under the terms of the GNU General Public License as published by
 ;;; the Free Software Foundation, either version 3 of the License, or
 ;;; (at your option) any later version.
diff --git a/gnu/services/shepherd.scm b/gnu/services/shepherd.scm
index 000e85eb86..6ca53faa3d 100644
--- a/gnu/services/shepherd.scm
+++ b/gnu/services/shepherd.scm
@@ -22,7 +22,6 @@
   #:use-module (guix sets)
   #:use-module (guix gexp)
   #:use-module (guix store)
-  #:use-module (guix monads)
   #:use-module (guix records)
   #:use-module (guix derivations)                 ;imported-modules, etc.
   #:use-module (gnu services)
@@ -66,26 +65,25 @@
 
 
 (define (shepherd-boot-gexp services)
-  (with-monad %store-monad
-    (return #~(begin
-                ;; Keep track of the booted system.
-                (false-if-exception (delete-file "/run/booted-system"))
-                (symlink (readlink "/run/current-system")
-                         "/run/booted-system")
-
-                ;; Close any remaining open file descriptors to be on the safe
-                ;; side.  This must be the very last thing we do, because
-                ;; Guile has internal FDs such as 'sleep_pipe' that need to be
-                ;; alive.
-                (let loop ((fd 3))
-                  (when (< fd 1024)
-                    (false-if-exception (close-fdes fd))
-                    (loop (+ 1 fd))))
-
-                ;; Start shepherd.
-                (execl #$(file-append shepherd "/bin/shepherd")
-                       "shepherd" "--config"
-                       #$(shepherd-configuration-file services))))))
+  #~(begin
+      ;; Keep track of the booted system.
+      (false-if-exception (delete-file "/run/booted-system"))
+      (symlink (readlink "/run/current-system")
+               "/run/booted-system")
+
+      ;; Close any remaining open file descriptors to be on the safe
+      ;; side.  This must be the very last thing we do, because
+      ;; Guile has internal FDs such as 'sleep_pipe' that need to be
+      ;; alive.
+      (let loop ((fd 3))
+        (when (< fd 1024)
+          (false-if-exception (close-fdes fd))
+          (loop (+ 1 fd))))
+
+      ;; Start shepherd.
+      (execl #$(file-append shepherd "/bin/shepherd")
+             "shepherd" "--config"
+             #$(shepherd-configuration-file services))))
 
 (define shepherd-root-service-type
   (service-type
diff --git a/gnu/services/sound.scm b/gnu/services/sound.scm
index 5fe555e8b6..f2dd24402f 100644
--- a/gnu/services/sound.scm
+++ b/gnu/services/sound.scm
@@ -26,6 +26,7 @@
   #:use-module (guix packages)
   #:use-module (guix records)
   #:use-module (guix store)
+  #:use-module (gnu packages linux)
   #:use-module (gnu packages pulseaudio)
   #:use-module (ice-9 match)
   #:export (alsa-configuration
@@ -44,17 +45,31 @@
 
 (define-record-type* <alsa-configuration>
   alsa-configuration make-alsa-configuration alsa-configuration?
+  (alsa-plugins alsa-configuration-alsa-plugins ;<package>
+                (default alsa-plugins))
   (pulseaudio?   alsa-configuration-pulseaudio? ;boolean
                  (default #t))
   (extra-options alsa-configuration-extra-options ;string
                  (default "")))
 
-(define (alsa-config-file config)
-  "Return the ALSA configuration file corresponding to CONFIG."
-  (plain-file "asound.conf"
-              (string-append "# Generated by 'alsa-service'.\n\n"
-                             (if (alsa-configuration-pulseaudio? config)
-                                 "# Use PulseAudio by default
+(define alsa-config-file
+  ;; Return the ALSA configuration file.
+  (match-lambda
+    (($ <alsa-configuration> alsa-plugins pulseaudio? extra-options)
+     (apply mixed-text-file "asound.conf"
+            `("# Generated by 'alsa-service'.\n\n"
+              ,@(if pulseaudio?
+                    `("# Use PulseAudio by default
+pcm_type.pulse {
+  lib \"" ,#~(string-append #$alsa-plugins:pulseaudio
+                            "/lib/alsa-lib/libasound_module_pcm_pulse.so") "\"
+}
+
+ctl_type.pulse {
+  lib \"" ,#~(string-append #$alsa-plugins:pulseaudio
+                            "/lib/alsa-lib/libasound_module_ctl_pulse.so") "\"
+}
+
 pcm.!default {
   type pulse
   fallback \"sysdefault\"
@@ -67,10 +82,9 @@ pcm.!default {
 ctl.!default {
   type pulse
   fallback \"sysdefault\"
-}
-"
-                                 "")
-                             (alsa-configuration-extra-options config))))
+}\n\n")
+                    '())
+              ,extra-options)))))
 
 (define (alsa-etc-service config)
   (list `("asound.conf" ,(alsa-config-file config))))
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index aae2f3db0d..9a58eff5ef 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -77,6 +77,7 @@
             nginx-configuration-upstream-blocks
             nginx-configuration-server-names-hash-bucket-size
             nginx-configuration-server-names-hash-bucket-max-size
+            nginx-configuration-extra-content
             nginx-configuration-file
 
             <nginx-server-configuration>
@@ -431,6 +432,8 @@
                                  (default #f))
   (server-names-hash-bucket-max-size nginx-configuration-server-names-hash-bucket-max-size
                                      (default #f))
+  (extra-content nginx-configuration-extra-content
+                 (default ""))
   (file          nginx-configuration-file         ;#f | string | file-like
                  (default #f)))
 
@@ -521,7 +524,8 @@ of index files."
                 (nginx log-directory run-directory
                  server-blocks upstream-blocks
                  server-names-hash-bucket-size
-                 server-names-hash-bucket-max-size)
+                 server-names-hash-bucket-max-size
+                 extra-content)
    (apply mixed-text-file "nginx.conf"
           (flatten
            "user nginx nginx;\n"
@@ -550,7 +554,8 @@ of index files."
            "\n"
            (map emit-nginx-upstream-config upstream-blocks)
            (map emit-nginx-server-config server-blocks)
-           "}\n"
+           extra-content
+           "\n}\n"
            "events {}\n"))))
 
 (define %nginx-accounts
diff --git a/gnu/system.scm b/gnu/system.scm
index f3dafd144b..e4a57475a9 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -359,6 +359,9 @@ marked as 'needed-for-boot'."
     (remove file-system-needed-for-boot?
             (operating-system-file-systems os)))
 
+  (define mapped-devices-for-boot
+    (operating-system-boot-mapped-devices os))
+
   (define (device-mappings fs)
     (let ((device (file-system-device fs)))
       (if (string? device)                        ;title is 'device
@@ -374,21 +377,23 @@ marked as 'needed-for-boot'."
     (file-system
       (inherit fs)
       (dependencies
-       (delete-duplicates (append (device-mappings fs)
-                                  (file-system-dependencies fs))
-                          eq?))))
+       (delete-duplicates
+        (remove (cut member <> mapped-devices-for-boot)
+                (append (device-mappings fs)
+                        (file-system-dependencies fs)))
+        eq?))))
 
   (service file-system-service-type
            (map add-dependencies file-systems)))
 
-(define (mapped-device-user device file-systems)
-  "Return a file system among FILE-SYSTEMS that uses DEVICE, or #f."
+(define (mapped-device-users device file-systems)
+  "Return the subset of FILE-SYSTEMS that use DEVICE."
   (let ((target (string-append "/dev/mapper/" (mapped-device-target device))))
-    (find (lambda (fs)
-            (or (member device (file-system-dependencies fs))
-                (and (string? (file-system-device fs))
-                     (string=? (file-system-device fs) target))))
-          file-systems)))
+    (filter (lambda (fs)
+              (or (member device (file-system-dependencies fs))
+                  (and (string? (file-system-device fs))
+                       (string=? (file-system-device fs) target))))
+            file-systems)))
 
 (define (operating-system-user-mapped-devices os)
   "Return the subset of mapped devices that can be installed in
@@ -396,9 +401,8 @@ user-land--i.e., those not needed during boot."
   (let ((devices      (operating-system-mapped-devices os))
         (file-systems (operating-system-file-systems os)))
    (filter (lambda (md)
-             (let ((user (mapped-device-user md file-systems)))
-               (or (not user)
-                   (not (file-system-needed-for-boot? user)))))
+             (let ((users (mapped-device-users md file-systems)))
+               (not (any file-system-needed-for-boot? users))))
            devices)))
 
 (define (operating-system-boot-mapped-devices os)
@@ -407,8 +411,8 @@ from the initrd."
   (let ((devices      (operating-system-mapped-devices os))
         (file-systems (operating-system-file-systems os)))
    (filter (lambda (md)
-             (let ((user (mapped-device-user md file-systems)))
-               (and user (file-system-needed-for-boot? user))))
+             (let ((users (mapped-device-users md file-systems)))
+               (any file-system-needed-for-boot? users)))
            devices)))
 
 (define (device-mapping-services os)
@@ -470,13 +474,13 @@ a container or that of a \"bare metal\" system."
     (cons* (service system-service-type entries)
            %boot-service
 
-           ;; %SHEPHERD-ROOT-SERVICE must come first so that the gexp that
+           ;; %SHEPHERD-ROOT-SERVICE must come last so that the gexp that
            ;; execs shepherd comes last in the boot script (XXX).  Likewise,
-           ;; the cleanup service must come last so that its gexp runs before
+           ;; the cleanup service must come first so that its gexp runs before
            ;; activation code.
-           %shepherd-root-service
-           %activation-service
            (service cleanup-service-type #f)
+           %activation-service
+           %shepherd-root-service
 
            (pam-root-service (operating-system-pam-services os))
            (account-service (append (operating-system-accounts os)
@@ -616,9 +620,6 @@ unset PATH
 GUIX_PROFILE=/run/current-system/profile ; \\
 . /run/current-system/profile/etc/profile
 
-# Prepend setuid programs.
-export PATH=/run/setuid-programs:$PATH
-
 # Since 'lshd' does not use pam_env, /etc/environment must be explicitly
 # loaded when someone logs in via SSH.  See <http://bugs.gnu.org/22175>.
 # We need 'PATH' to be defined here, for 'cat' and 'cut'.  Do this before
@@ -630,16 +631,26 @@ then
   export `cat /etc/environment | cut -d= -f1`
 fi
 
-if [ -f \"$HOME/.guix-profile/etc/profile\" ]
-then
-  # Load the user profile's settings.
-  GUIX_PROFILE=\"$HOME/.guix-profile\" ; \\
-  . \"$HOME/.guix-profile/etc/profile\"
-else
-  # At least define this one so that basic things just work
-  # when the user installs their first package.
-  export PATH=\"$HOME/.guix-profile/bin:$PATH\"
-fi
+# Arrange so that ~/.config/guix/current comes first.
+for profile in \"$HOME/.guix-profile\" \"$HOME/.config/guix/current\"
+do
+  if [ -f \"$profile/etc/profile\" ]
+  then
+    # Load the user profile's settings.
+    GUIX_PROFILE=\"$profile\" ; \\
+    . \"$profile/etc/profile\"
+  else
+    # At least define this one so that basic things just work
+    # when the user installs their first package.
+    export PATH=\"$profile/bin:$PATH\"
+  fi
+done
+
+# Prepend setuid programs.
+export PATH=/run/setuid-programs:$PATH
+
+# Arrange so that ~/.config/guix/current/share/info comes first.
+export INFOPATH=\"$HOME/.config/guix/current/share/info:$INFOPATH\"
 
 # Set the umask, notably for users logging in via 'lsh'.
 # See <http://bugs.gnu.org/22650>.
@@ -812,7 +823,6 @@ we're running in the final root.  When CONTAINER? is true, skip all
 hardware-related operations as necessary when booting a Linux container."
   (let* ((services (operating-system-services os #:container? container?))
          (boot     (fold-services services #:target-type boot-service-type)))
-    ;; BOOT is the script as a monadic value.
     (service-value boot)))
 
 (define (operating-system-user-accounts os)
diff --git a/gnu/system/file-systems.scm b/gnu/system/file-systems.scm
index 2b5948256a..393dd0df70 100644
--- a/gnu/system/file-systems.scm
+++ b/gnu/system/file-systems.scm
@@ -194,10 +194,15 @@
 ;; differs from user to user.
 (define (%store-prefix)
   "Return the store prefix."
-  (cond ((resolve-module '(guix store) #:ensure #f)
+  ;; Note: If we have (guix store database) in the search path and we do *not*
+  ;; have (guix store) proper, 'resolve-module' returns an empty (guix store)
+  ;; with one sub-module.
+  (cond ((and=> (resolve-module '(guix store) #:ensure #f)
+                (lambda (store)
+                  (module-variable store '%store-prefix)))
          =>
-         (lambda (store)
-           ((module-ref store '%store-prefix))))
+         (lambda (variable)
+           ((variable-ref variable))))
         ((getenv "NIX_STORE")
          => identity)
         (else
diff --git a/gnu/system/install.scm b/gnu/system/install.scm
index 35f4ba9c24..6a3ae1947b 100644
--- a/gnu/system/install.scm
+++ b/gnu/system/install.scm
@@ -54,7 +54,8 @@
             novena-installation-os
             pine64-plus-installation-os
             rk3399-puma-installation-os
-            wandboard-installation-os))
+            wandboard-installation-os
+            os-with-u-boot))
 
 ;;; Commentary:
 ;;;
@@ -386,6 +387,19 @@ You have been warned.  Thanks for being so brave.\x1b[0m
                      nvi                          ;:wq!
                      %base-packages))))
 
+(define* (os-with-u-boot os board #:key (bootloader-target "/dev/mmcblk0")
+                         (triplet "arm-linux-gnueabihf"))
+  "Given OS, amend it with the u-boot bootloader for BOARD,
+installed to BOOTLOADER-TARGET (a drive), compiled for TRIPLET.
+
+If you want a serial console, make sure to specify one in your
+operating-system's kernel-arguments (\"console=ttyS0\" or similar)."
+  (operating-system (inherit os)
+    (bootloader (bootloader-configuration
+                 (bootloader (bootloader (inherit u-boot-bootloader)
+                              (package (make-u-boot-package board triplet))))
+                 (target bootloader-target)))))
+
 (define* (embedded-installation-os bootloader bootloader-target tty
                                    #:key (extra-modules '()))
   "Return an installation os for embedded systems.
diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm
index a2cca0a93b..c452bdd894 100644
--- a/gnu/system/mapped-devices.scm
+++ b/gnu/system/mapped-devices.scm
@@ -32,7 +32,8 @@
   #:use-module (gnu system uuid)
   #:autoload   (gnu build file-systems) (find-partition-by-luks-uuid)
   #:autoload   (gnu build linux-modules)
-                 (device-module-aliases matching-modules known-module-aliases)
+                 (device-module-aliases matching-modules known-module-aliases
+                  normalize-module-name)
   #:autoload   (gnu packages cryptsetup) (cryptsetup-static)
   #:autoload   (gnu packages linux) (mdadm-static)
   #:use-module (srfi srfi-1)
@@ -127,10 +128,15 @@ DEVICE must be a \"/dev\" file name."
       (const #f)))
 
   (when aliases
-    (let ((modules (delete-duplicates
-                    (append-map (cut matching-modules <> aliases)
-                                (device-module-aliases device)))))
-      (unless (every (cute member <> linux-modules) modules)
+    (let ((modules  (delete-duplicates
+                     (append-map (cut matching-modules <> aliases)
+                                 (device-module-aliases device))))
+
+          ;; Module names (not file names) are supposed to use underscores
+          ;; instead of hyphens.  MODULES is a list of module names, whereas
+          ;; LINUX-MODULES is file names without '.ko', so normalize them.
+          (provided (map normalize-module-name linux-modules)))
+      (unless (every (cut member <> provided) modules)
         (raise (condition
                 (&message
                  (message (format #f (G_ "you may need these modules \
diff --git a/gnu/system/shadow.scm b/gnu/system/shadow.scm
index ef5b8dab92..28d399f2b1 100644
--- a/gnu/system/shadow.scm
+++ b/gnu/system/shadow.scm
@@ -168,6 +168,9 @@ then
     return
 fi
 
+# Source the system-wide file.
+source /etc/bashrc
+
 # Adjust the prompt depending on whether we're in 'guix environment'.
 if [ -n \"$GUIX_ENVIRONMENT\" ]
 then
diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm
index 8cfbda2264..b505b0cf6b 100644
--- a/gnu/system/vm.scm
+++ b/gnu/system/vm.scm
@@ -34,6 +34,7 @@
   #:use-module (guix utils)
   #:use-module (guix hash)
   #:use-module (guix base32)
+  #:use-module ((guix self) #:select (make-config.scm))
 
   #:use-module ((gnu build vm)
                 #:select (qemu-command))
@@ -50,7 +51,6 @@
   #:use-module (gnu packages disk)
   #:use-module (gnu packages zile)
   #:use-module (gnu packages linux)
-  #:use-module (gnu packages package-management)
   #:use-module ((gnu packages make-bootstrap)
                 #:select (%guile-static-stripped))
   #:use-module (gnu packages admin)
@@ -116,6 +116,19 @@
           (options "trans=virtio")
           (check? #f))))
 
+(define not-config?
+  ;; Select (guix …) and (gnu …) modules, except (guix config).
+  (match-lambda
+    (('guix 'config) #f)
+    (('guix rest ...) #t)
+    (('gnu rest ...) #t)
+    (rest #f)))
+
+(define guile-sqlite3&co
+  ;; Guile-SQLite3 and its propagated inputs.
+  (cons guile-sqlite3
+        (package-transitive-propagated-inputs guile-sqlite3)))
+
 (define* (expression->derivation-in-linux-vm name exp
                                              #:key
                                              (system (%current-system))
@@ -125,6 +138,8 @@
                                              (env-vars '())
                                              (guile-for-build
                                               (%guile-for-build))
+                                             (file-systems
+                                              %linux-vm-file-systems)
 
                                              (single-file-output? #f)
                                              (make-disk-image? #f)
@@ -134,8 +149,9 @@
                                              (disk-image-size 'guess))
   "Evaluate EXP in a QEMU virtual machine running LINUX with INITRD (a
 derivation).  The virtual machine runs with MEMORY-SIZE MiB of memory.  In the
-virtual machine, EXP has access to all its inputs from the store; it should
-put its output file(s) in the '/xchg' directory.
+virtual machine, EXP has access to FILE-SYSTEMS, which, by default, includes a
+9p share of the store, the '/xchg' where EXP should put its output file(s),
+and a 9p share of /tmp.
 
 If SINGLE-FILE-OUTPUT? is true, copy a single file from '/xchg' to OUTPUT.
 Otherwise, copy the contents of /xchg to a new directory OUTPUT.
@@ -148,14 +164,30 @@ based on the size of the closure of REFERENCES-GRAPHS.
 When REFERENCES-GRAPHS is true, it must be a list of file name/store path
 pairs, as for `derivation'.  The files containing the reference graphs are
 made available under the /xchg CIFS share."
+  (define config
+    ;; (guix config) module for consumption by (guix gcrypt).
+    (make-config.scm #:libgcrypt libgcrypt))
+
+  (define user-builder
+    (program-file "builder-in-linux-vm" exp))
+
+  (define loader
+    ;; Invoke USER-BUILDER instead using 'primitive-load'.  The reason for
+    ;; this is to allow USER-BUILDER to dlopen stuff by using a full-featured
+    ;; Guile, which it couldn't do using the statically-linked guile used in
+    ;; the initrd.  See example at
+    ;; <https://lists.gnu.org/archive/html/guix-devel/2017-10/msg00233.html>.
+    (program-file "linux-vm-loader"
+                  ;; When USER-BUILDER succeeds, reboot (indicating a
+                  ;; success), otherwise die, which causes a kernel panic
+                  ;; ("Attempted to kill init!").
+                  #~(when (zero? (system* #$user-builder))
+                      (reboot))))
+
   (mlet* %store-monad
-      ((user-builder (gexp->file "builder-in-linux-vm" exp))
-       (loader       (gexp->file "linux-vm-loader"
-                                 #~(primitive-load #$user-builder)))
-       (coreutils -> (canonical-package coreutils))
-       (initrd       (if initrd                   ; use the default initrd?
+      ((initrd       (if initrd                   ; use the default initrd?
                          (return initrd)
-                         (base-initrd %linux-vm-file-systems
+                         (base-initrd file-systems
                                       #:on-error 'backtrace
                                       #:linux linux
                                       #:linux-modules %base-initrd-modules
@@ -163,40 +195,44 @@ made available under the /xchg CIFS share."
 
     (define builder
       ;; Code that launches the VM that evaluates EXP.
-      (with-imported-modules (source-module-closure '((guix build utils)
-                                                      (gnu build vm)))
-        #~(begin
-            (use-modules (guix build utils)
-                         (gnu build vm))
-
-            (let* ((inputs  '#$(list qemu coreutils))
-                   (linux   (string-append #$linux "/"
-                                           #$(system-linux-image-file-name)))
-                   (initrd  (string-append #$initrd "/initrd"))
-                   (loader  #$loader)
-                   (graphs  '#$(match references-graphs
-                                 (((graph-files . _) ...) graph-files)
-                                 (_ #f)))
-                   (size    #$(if (eq? 'guess disk-image-size)
-                                  #~(+ (* 70 (expt 2 20)) ;ESP
-                                       (estimated-partition-size graphs))
-                                  disk-image-size)))
-
-              (set-path-environment-variable "PATH" '("bin") inputs)
-
-              (load-in-linux-vm loader
-                                #:output #$output
-                                #:linux linux #:initrd initrd
-                                #:memory-size #$memory-size
-                                #:make-disk-image? #$make-disk-image?
-                                #:single-file-output? #$single-file-output?
-                                ;; FIXME: ‘target-arm32?’ may not operate on
-                                ;; the right system/target values.  Rewrite
-                                ;; using ‘let-system’ when available.
-                                #:target-arm32? #$(target-arm32?)
-                                #:disk-image-format #$disk-image-format
-                                #:disk-image-size size
-                                #:references-graphs graphs)))))
+      (with-extensions guile-sqlite3&co
+        (with-imported-modules `(,@(source-module-closure
+                                    '((guix build utils)
+                                      (gnu build vm))
+                                    #:select? not-config?)
+                                 ((guix config) => ,config))
+          #~(begin
+              (use-modules (guix build utils)
+                           (gnu build vm))
+
+              (let* ((inputs  '#$(list qemu (canonical-package coreutils)))
+                     (linux   (string-append #$linux "/"
+                                             #$(system-linux-image-file-name)))
+                     (initrd  (string-append #$initrd "/initrd"))
+                     (loader  #$loader)
+                     (graphs  '#$(match references-graphs
+                                   (((graph-files . _) ...) graph-files)
+                                   (_ #f)))
+                     (size    #$(if (eq? 'guess disk-image-size)
+                                    #~(+ (* 70 (expt 2 20)) ;ESP
+                                         (estimated-partition-size graphs))
+                                    disk-image-size)))
+
+                (set-path-environment-variable "PATH" '("bin") inputs)
+
+                (load-in-linux-vm loader
+                                  #:output #$output
+                                  #:linux linux #:initrd initrd
+                                  #:memory-size #$memory-size
+                                  #:make-disk-image? #$make-disk-image?
+                                  #:single-file-output? #$single-file-output?
+                                  ;; FIXME: ‘target-arm32?’ may not operate on
+                                  ;; the right system/target values.  Rewrite
+                                  ;; using ‘let-system’ when available.
+                                  #:target-arm32? #$(target-arm32?)
+                                  #:disk-image-format #$disk-image-format
+                                  #:disk-image-size size
+                                  #:references-graphs graphs))))))
 
     (gexp->derivation name builder
                       ;; TODO: Require the "kvm" feature.
@@ -219,44 +255,65 @@ made available under the /xchg CIFS share."
   "Return a bootable, stand-alone iso9660 image.
 
 INPUTS is a list of inputs (as for packages)."
+  (define config
+    (make-config.scm #:libgcrypt libgcrypt))
+
+  (define schema
+    (and register-closures?
+         (local-file (search-path %load-path
+                                  "guix/store/schema.sql"))))
+
   (expression->derivation-in-linux-vm
    name
-   (with-imported-modules (source-module-closure '((gnu build vm)
-                                                   (guix build utils)))
-     #~(begin
-         (use-modules (gnu build vm)
-                      (guix build utils))
-
-         (let ((inputs
-                '#$(append (list qemu parted e2fsprogs dosfstools xorriso)
-                           (map canonical-package
-                                (list sed grep coreutils findutils gawk))
-                           (if register-closures? (list guix) '())))
-
-
-               (graphs     '#$(match inputs
-                                   (((names . _) ...)
-                                    names)))
-               ;; This variable is unused but allows us to add INPUTS-TO-COPY
-               ;; as inputs.
-               (to-register
-                '#$(map (match-lambda
-                          ((name thing) thing)
-                          ((name thing output) `(,thing ,output)))
-                        inputs)))
-
-           (set-path-environment-variable "PATH" '("bin" "sbin") inputs)
-           (make-iso9660-image #$(bootloader-package bootloader)
-                               #$bootcfg-drv
-                               #$os-drv
-                               "/xchg/guixsd.iso"
-                               #:register-closures? #$register-closures?
-                               #:closures graphs
-                               #:volume-id #$file-system-label
-                               #:volume-uuid #$(and=> file-system-uuid
-                                                      uuid-bytevector))
-           (reboot))))
+   (with-extensions guile-sqlite3&co
+     (with-imported-modules `(,@(source-module-closure '((gnu build vm)
+                                                         (guix store database)
+                                                         (guix build utils))
+                                                       #:select? not-config?)
+                              ((guix config) => ,config))
+       #~(begin
+           (use-modules (gnu build vm)
+                        (guix store database)
+                        (guix build utils))
+
+           (sql-schema #$schema)
+
+           (let ((inputs
+                  '#$(append (list qemu parted e2fsprogs dosfstools xorriso)
+                             (map canonical-package
+                                  (list sed grep coreutils findutils gawk))))
+
+
+                 (graphs     '#$(match inputs
+                                  (((names . _) ...)
+                                   names)))
+                 ;; This variable is unused but allows us to add INPUTS-TO-COPY
+                 ;; as inputs.
+                 (to-register
+                  '#$(map (match-lambda
+                            ((name thing) thing)
+                            ((name thing output) `(,thing ,output)))
+                          inputs)))
+
+             (set-path-environment-variable "PATH" '("bin" "sbin") inputs)
+             (make-iso9660-image #$(bootloader-package bootloader)
+                                 #$bootcfg-drv
+                                 #$os-drv
+                                 "/xchg/guixsd.iso"
+                                 #:register-closures? #$register-closures?
+                                 #:closures graphs
+                                 #:volume-id #$file-system-label
+                                 #:volume-uuid #$(and=> file-system-uuid
+                                                        uuid-bytevector))))))
    #:system system
+
+   ;; Keep a local file system for /tmp so that we can populate it directly as
+   ;; root and have files owned by root.  See <https://bugs.gnu.org/31752>.
+   #:file-systems (remove (lambda (file-system)
+                            (string=? (file-system-mount-point file-system)
+                                      "/tmp"))
+                          %linux-vm-file-systems)
+
    #:make-disk-image? #f
    #:single-file-output? #t
    #:references-graphs inputs))
@@ -290,91 +347,104 @@ INPUTS is a list of inputs (as for packages).  When COPY-INPUTS? is true, copy
 all of INPUTS into the image being built.  When REGISTER-CLOSURES? is true,
 register INPUTS in the store database of the image so that Guix can be used in
 the image."
+  (define config
+    (make-config.scm #:libgcrypt libgcrypt))
+
+  (define schema
+    (and register-closures?
+         (local-file (search-path %load-path
+                                  "guix/store/schema.sql"))))
+
   (expression->derivation-in-linux-vm
    name
-   (with-imported-modules (source-module-closure '((gnu build bootloader)
-                                                   (gnu build vm)
-                                                   (guix build utils)))
-     #~(begin
-         (use-modules (gnu build bootloader)
-                      (gnu build vm)
-                      (guix build utils)
-                      (srfi srfi-26)
-                      (ice-9 binary-ports))
-
-         (let ((inputs
-                '#$(append (list qemu parted e2fsprogs dosfstools)
-                           (map canonical-package
-                                (list sed grep coreutils findutils gawk))
-                           (if register-closures? (list guix) '())))
-
-               ;; This variable is unused but allows us to add INPUTS-TO-COPY
-               ;; as inputs.
-               (to-register
-                '#$(map (match-lambda
-                          ((name thing) thing)
-                          ((name thing output) `(,thing ,output)))
-                        inputs)))
-
-           (set-path-environment-variable "PATH" '("bin" "sbin") inputs)
-
-           (let* ((graphs     '#$(match inputs
-                                   (((names . _) ...)
-                                    names)))
-                  (initialize (root-partition-initializer
-                               #:closures graphs
-                               #:copy-closures? #$copy-inputs?
-                               #:register-closures? #$register-closures?
-                               #:system-directory #$os-drv))
-                  (root-size  #$(if (eq? 'guess disk-image-size)
-                                    #~(max
-                                       ;; Minimum 20 MiB root size
-                                       (* 20 (expt 2 20))
-                                       (estimated-partition-size
-                                        (map (cut string-append "/xchg/" <>)
-                                             graphs)))
-                                    (- disk-image-size
-                                       (* 50 (expt 2 20)))))
-                  (partitions
-                   (append
-                    (list (partition
-                           (size root-size)
-                           (label #$file-system-label)
-                           (uuid #$(and=> file-system-uuid
-                                          uuid-bytevector))
-                           (file-system #$file-system-type)
-                           (flags '(boot))
-                           (initializer initialize)))
-                    ;; Append a small EFI System Partition for use with UEFI
-                    ;; bootloaders if we are not targeting ARM because UEFI
-                    ;; support in U-Boot is experimental.
-                    ;;
-                    ;; FIXME: ‘target-arm32?’ may be not operate on the right
-                    ;; system/target values.  Rewrite using ‘let-system’ when
-                    ;; available.
-                    (if #$(target-arm32?)
-                        '()
-                        (list (partition
-                               ;; The standalone grub image is about 10MiB, but
-                               ;; leave some room for custom or multiple images.
-                               (size (* 40 (expt 2 20)))
-                               (label "GNU-ESP")             ;cosmetic only
-                               ;; Use "vfat" here since this property is used
-                               ;; when mounting. The actual FAT-ness is based
-                               ;; on file system size (16 in this case).
-                               (file-system "vfat")
-                               (flags '(esp))))))))
-             (initialize-hard-disk "/dev/vda"
-                                   #:partitions partitions
-                                   #:grub-efi #$grub-efi
-                                   #:bootloader-package
-                                   #$(bootloader-package bootloader)
-                                   #:bootcfg #$bootcfg-drv
-                                   #:bootcfg-location
-                                   #$(bootloader-configuration-file bootloader)
-                                   #:bootloader-installer
-                                   #$(bootloader-installer bootloader))
-             (reboot)))))
+   (with-extensions guile-sqlite3&co
+     (with-imported-modules `(,@(source-module-closure '((gnu build vm)
+                                                         (gnu build bootloader)
+                                                         (guix store database)
+                                                         (guix build utils))
+                                                       #:select? not-config?)
+                              ((guix config) => ,config))
+       #~(begin
+           (use-modules (gnu build bootloader)
+                        (gnu build vm)
+                        (guix store database)
+                        (guix build utils)
+                        (srfi srfi-26)
+                        (ice-9 binary-ports))
+
+           (sql-schema #$schema)
+
+           (let ((inputs
+                  '#$(append (list qemu parted e2fsprogs dosfstools)
+                             (map canonical-package
+                                  (list sed grep coreutils findutils gawk))))
+
+                 ;; This variable is unused but allows us to add INPUTS-TO-COPY
+                 ;; as inputs.
+                 (to-register
+                  '#$(map (match-lambda
+                            ((name thing) thing)
+                            ((name thing output) `(,thing ,output)))
+                          inputs)))
+
+             (set-path-environment-variable "PATH" '("bin" "sbin") inputs)
+
+             (let* ((graphs     '#$(match inputs
+                                     (((names . _) ...)
+                                      names)))
+                    (initialize (root-partition-initializer
+                                 #:closures graphs
+                                 #:copy-closures? #$copy-inputs?
+                                 #:register-closures? #$register-closures?
+                                 #:system-directory #$os-drv))
+                    (root-size  #$(if (eq? 'guess disk-image-size)
+                                      #~(max
+                                         ;; Minimum 20 MiB root size
+                                         (* 20 (expt 2 20))
+                                         (estimated-partition-size
+                                          (map (cut string-append "/xchg/" <>)
+                                               graphs)))
+                                      (- disk-image-size
+                                         (* 50 (expt 2 20)))))
+                    (partitions
+                     (append
+                      (list (partition
+                             (size root-size)
+                             (label #$file-system-label)
+                             (uuid #$(and=> file-system-uuid
+                                            uuid-bytevector))
+                             (file-system #$file-system-type)
+                             (flags '(boot))
+                             (initializer initialize)))
+                      ;; Append a small EFI System Partition for use with UEFI
+                      ;; bootloaders if we are not targeting ARM because UEFI
+                      ;; support in U-Boot is experimental.
+                      ;;
+                      ;; FIXME: ‘target-arm32?’ may be not operate on the right
+                      ;; system/target values.  Rewrite using ‘let-system’ when
+                      ;; available.
+                      (if #$(target-arm32?)
+                          '()
+                          (list (partition
+                                 ;; The standalone grub image is about 10MiB, but
+                                 ;; leave some room for custom or multiple images.
+                                 (size (* 40 (expt 2 20)))
+                                 (label "GNU-ESP") ;cosmetic only
+                                 ;; Use "vfat" here since this property is used
+                                 ;; when mounting. The actual FAT-ness is based
+                                 ;; on file system size (16 in this case).
+                                 (file-system "vfat")
+                                 (flags '(esp))))))))
+               (initialize-hard-disk "/dev/vda"
+                                     #:partitions partitions
+                                     #:grub-efi #$grub-efi
+                                     #:bootloader-package
+                                     #$(bootloader-package bootloader)
+                                     #:bootcfg #$bootcfg-drv
+                                     #:bootcfg-location
+                                     #$(bootloader-configuration-file bootloader)
+                                     #:bootloader-installer
+                                     #$(bootloader-installer bootloader)))))))
    #:system system
    #:make-disk-image? #t
    #:disk-image-size disk-image-size
@@ -392,49 +462,41 @@ makes sense when you want to build a GuixSD Docker image that has Guix
 installed inside of it.  If you don't need Guix (e.g., your GuixSD Docker
 image just contains a web server that is started by the Shepherd), then you
 should set REGISTER-CLOSURES? to #f."
-  (define not-config?
-    (match-lambda
-      (('guix 'config) #f)
-      (('guix rest ...) #t)
-      (('gnu rest ...) #t)
-      (rest #f)))
-
   (define config
     ;; (guix config) module for consumption by (guix gcrypt).
-    (scheme-file "gcrypt-config.scm"
-                 #~(begin
-                     (define-module (guix config)
-                       #:export (%libgcrypt))
+    (make-config.scm #:libgcrypt libgcrypt))
 
-                     ;; XXX: Work around <http://bugs.gnu.org/15602>.
-                     (eval-when (expand load eval)
-                       (define %libgcrypt
-                         #+(file-append libgcrypt "/lib/libgcrypt"))))))
+  (define schema
+    (and register-closures?
+         (local-file (search-path %load-path
+                                  "guix/store/schema.sql"))))
 
   (mlet %store-monad ((os-drv (operating-system-derivation os #:container? #t))
                       (name -> (string-append name ".tar.gz"))
                       (graph -> "system-graph"))
     (define build
-      (with-extensions (list guile-json)          ;for (guix docker)
+      (with-extensions (cons guile-json          ;for (guix docker)
+                             guile-sqlite3&co)   ;for (guix store database)
         (with-imported-modules `(,@(source-module-closure
                                     '((guix docker)
+                                      (guix store database)
                                       (guix build utils)
+                                      (guix build store-copy)
                                       (gnu build vm))
                                     #:select? not-config?)
-                                 (guix build store-copy)
                                  ((guix config) => ,config))
           #~(begin
               (use-modules (guix docker)
                            (guix build utils)
                            (gnu build vm)
                            (srfi srfi-19)
-                           (guix build store-copy))
+                           (guix build store-copy)
+                           (guix store database))
 
-              (let* ((inputs '#$(append (list tar)
-                                        (if register-closures?
-                                            (list guix)
-                                            '())))
-                     ;; This initializer requires elevated privileges that are
+              ;; Set the SQL schema location.
+              (sql-schema #$schema)
+
+              (let* (;; This initializer requires elevated privileges that are
                      ;; not normally available in the build environment (e.g.,
                      ;; it needs to create device nodes).  In order to obtain
                      ;; such privileges, we run it as root in a VM.
@@ -449,33 +511,22 @@ should set REGISTER-CLOSURES? to #f."
                      ;; lack of privileges if we use a root-directory that is on
                      ;; a file system that is shared with the host (e.g., /tmp).
                      (root-directory "/guixsd-system-root"))
-                (set-path-environment-variable "PATH" '("bin" "sbin") inputs)
+                (set-path-environment-variable "PATH" '("bin" "sbin") '(#+tar))
                 (mkdir root-directory)
                 (initialize root-directory)
                 (build-docker-image
                  (string-append "/xchg/" #$name) ;; The output file.
                  (cons* root-directory
-                        (call-with-input-file (string-append "/xchg/" #$graph)
-                          read-reference-graph))
+                        (map store-info-item
+                             (call-with-input-file
+                                 (string-append "/xchg/" #$graph)
+                               read-reference-graph)))
                  #$os-drv
                  #:compressor '(#+(file-append gzip "/bin/gzip") "-9n")
                  #:creation-time (make-time time-utc 0 1)
                  #:transformations `((,root-directory -> ""))))))))
     (expression->derivation-in-linux-vm
-     name
-     ;; The VM's initrd Guile doesn't support dlopen, but our "build" gexp
-     ;; needs to be run by a Guile that can dlopen libgcrypt.  The following
-     ;; hack works around that problem by putting the "build" gexp into an
-     ;; executable script (created by program-file) which, when executed, will
-     ;; run using a Guile that supports dlopen.  That way, the VM's initrd
-     ;; Guile can just execute it via invoke, without using dlopen.  See:
-     ;; https://lists.gnu.org/archive/html/guix-devel/2017-10/msg00233.html
-     (with-imported-modules `((guix build utils))
-       #~(begin
-           (use-modules (guix build utils))
-           ;; If we use execl instead of invoke here, the VM will crash with a
-           ;; kernel panic.
-           (invoke #$(program-file "build-docker-image" build))))
+     name build
      #:make-disk-image? #f
      #:single-file-output? #t
      #:references-graphs `((,graph ,os-drv)))))
diff --git a/gnu/tests/admin.scm b/gnu/tests/admin.scm
index 3c7deb5426..a5abbe9ad4 100644
--- a/gnu/tests/admin.scm
+++ b/gnu/tests/admin.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
+;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -74,13 +75,11 @@ HTTP-PORT."
 
           (test-begin "tailon")
 
-          (test-eq "service running"
-            'running!
+          (test-assert "service running"
             (marionette-eval
              '(begin
                 (use-modules (gnu services herd))
-                (start-service 'tailon)
-                'running!)
+                (start-service 'tailon))
              marionette))
 
           (define* (retry-on-error f #:key times delay)
diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm
index 3faeddef6c..4c24cf57f6 100644
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -29,6 +30,8 @@
   #:use-module (gnu services mcron)
   #:use-module (gnu services shepherd)
   #:use-module (gnu services networking)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages bash)
   #:use-module (gnu packages imagemagick)
   #:use-module (gnu packages ocr)
   #:use-module (gnu packages package-management)
@@ -36,11 +39,13 @@
   #:use-module (gnu packages tmux)
   #:use-module (guix gexp)
   #:use-module (guix store)
+  #:use-module (guix monads)
   #:use-module (guix packages)
   #:use-module (srfi srfi-1)
   #:export (run-basic-test
             %test-basic-os
             %test-halt
+            %test-cleanup
             %test-mcron
             %test-nss-mdns))
 
@@ -472,6 +477,72 @@ in a loop.  See <http://bugs.gnu.org/26931>.")
 
 
 ;;;
+;;; Cleanup of /tmp, /var/run, etc.
+;;;
+
+(define %cleanup-os
+  (simple-operating-system
+   (simple-service 'dirty-things
+                   boot-service-type
+                   (let ((script (plain-file
+                                  "create-utf8-file.sh"
+                                  (string-append
+                                   "echo $0: dirtying /tmp...\n"
+                                   "set -e; set -x\n"
+                                   "touch /witness\n"
+                                   "exec touch /tmp/λαμβδα"))))
+                     (with-imported-modules '((guix build utils))
+                       #~(begin
+                           (setenv "PATH"
+                                   #$(file-append coreutils "/bin"))
+                           (invoke #$(file-append bash "/bin/sh")
+                                   #$script)))))))
+
+(define (run-cleanup-test name)
+  (define os
+    (marionette-operating-system %cleanup-os
+                                 #:imported-modules '((gnu services herd)
+                                                      (guix combinators))))
+  (define test
+    (with-imported-modules '((gnu build marionette))
+      #~(begin
+          (use-modules (gnu build marionette)
+                       (srfi srfi-64)
+                       (ice-9 match))
+
+          (define marionette
+            (make-marionette (list #$(virtual-machine os))))
+
+          (mkdir #$output)
+          (chdir #$output)
+
+          (test-begin "cleanup")
+
+          (test-assert "dirty service worked"
+            (marionette-eval '(file-exists? "/witness") marionette))
+
+          (test-equal "/tmp cleaned up"
+            '("." "..")
+            (marionette-eval '(begin
+                                (use-modules (ice-9 ftw))
+                                (scandir "/tmp"))
+                             marionette))
+
+          (test-end)
+          (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+  (gexp->derivation "cleanup" test))
+
+(define %test-cleanup
+  ;; See <https://bugs.gnu.org/26353>.
+  (system-test
+   (name "cleanup")
+   (description "Make sure the 'cleanup' service can remove files with
+non-ASCII names from /tmp.")
+   (value (run-cleanup-test name))))
+
+
+;;;
 ;;; Mcron.
 ;;;
 
@@ -517,13 +588,11 @@ in a loop.  See <http://bugs.gnu.org/26931>.")
 
           (test-begin "mcron")
 
-          (test-eq "service running"
-            'running!
+          (test-assert "service running"
             (marionette-eval
              '(begin
                 (use-modules (gnu services herd))
-                (start-service 'mcron)
-                'running!)
+                (start-service 'mcron))
              marionette))
 
           ;; Make sure root's mcron job runs, has its cwd set to "/root", and
@@ -619,32 +688,43 @@ in a loop.  See <http://bugs.gnu.org/26931>.")
 
           (test-begin "avahi")
 
-          (test-assert "wait for services"
+          (test-assert "nscd PID file is created"
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (start-service 'nscd))
+             marionette))
+
+          (test-assert "nscd is listening on its socket"
+            (marionette-eval
+             ;; XXX: Work around a race condition in nscd: nscd creates its
+             ;; PID file before it is listening on its socket.
+             '(let ((sock (socket PF_UNIX SOCK_STREAM 0)))
+                (let try ()
+                  (catch 'system-error
+                    (lambda ()
+                      (connect sock AF_UNIX "/var/run/nscd/socket")
+                      (close-port sock)
+                      (format #t "nscd is ready~%")
+                      #t)
+                    (lambda args
+                      (format #t "waiting for nscd...~%")
+                      (usleep 500000)
+                      (try)))))
+             marionette))
+
+          (test-assert "avahi is running"
             (marionette-eval
              '(begin
                 (use-modules (gnu services herd))
+                (start-service 'avahi-daemon))
+             marionette))
 
-                (start-service 'nscd)
-
-                ;; XXX: Work around a race condition in nscd: nscd creates its
-                ;; PID file before it is listening on its socket.
-                (let ((sock (socket PF_UNIX SOCK_STREAM 0)))
-                  (let try ()
-                    (catch 'system-error
-                      (lambda ()
-                        (connect sock AF_UNIX "/var/run/nscd/socket")
-                        (close-port sock)
-                        (format #t "nscd is ready~%"))
-                      (lambda args
-                        (format #t "waiting for nscd...~%")
-                        (usleep 500000)
-                        (try)))))
-
-                ;; Wait for the other useful things.
-                (start-service 'avahi-daemon)
-                (start-service 'networking)
-
-                #t)
+          (test-assert "network is up"
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (start-service 'networking))
              marionette))
 
           (test-equal "avahi-resolve-host-name"
diff --git a/gnu/tests/dict.scm b/gnu/tests/dict.scm
index 4431e37dc1..dd60ffd464 100644
--- a/gnu/tests/dict.scm
+++ b/gnu/tests/dict.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017, 2018 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -84,13 +85,11 @@
           (test-begin "dicod")
 
           ;; Wait for the service to be started.
-          (test-eq "service is running"
-            'running!
+          (test-assert "service is running"
             (marionette-eval
              '(begin
                 (use-modules (gnu services herd))
-                (start-service 'dicod)
-                'running!)
+                (start-service 'dicod))
              marionette))
 
           ;; Wait until dicod is actually listening.
diff --git a/gnu/tests/mail.scm b/gnu/tests/mail.scm
index 4de13b8684..5677969fac 100644
--- a/gnu/tests/mail.scm
+++ b/gnu/tests/mail.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2017 Carlo Zancanaro <carlo@zancanaro.id.au>
 ;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
+;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -84,8 +85,7 @@ accept from any for local deliver to mbox
             (marionette-eval
              '(begin
                 (use-modules (gnu services herd))
-                (start-service 'smtpd)
-                #t)
+                (start-service 'smtpd))
              marionette))
 
           (test-assert "mbox is empty"
@@ -224,8 +224,7 @@ acl_check_data:
             (marionette-eval
              '(begin
                 (use-modules (gnu services herd))
-                (start-service 'exim)
-                #t)
+                (start-service 'exim))
              marionette))
 
           (sleep 1) ;; give the service time to start talking
@@ -330,13 +329,11 @@ Subject: Hello Nice to meet you!")
           (test-begin "dovecot")
 
           ;; Wait for dovecot to be up and running.
-          (test-eq "dovecot running"
-            'running!
+          (test-assert "dovecot running"
             (marionette-eval
              '(begin
                 (use-modules (gnu services herd))
-                (start-service 'dovecot)
-                'running!)
+                (start-service 'dovecot))
              marionette))
 
           ;; Check Dovecot service's PID.
diff --git a/gnu/tests/messaging.scm b/gnu/tests/messaging.scm
index f17dfe6265..f5f99b9f56 100644
--- a/gnu/tests/messaging.scm
+++ b/gnu/tests/messaging.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2017, 2018 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2017, 2018 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -102,13 +102,11 @@
           (test-begin "xmpp")
 
           ;; Wait for XMPP service to be up and running.
-          (test-eq "service running"
-            'running!
+          (test-assert "service running"
             (marionette-eval
              '(begin
                 (use-modules (gnu services herd))
-                (start-service 'xmpp-daemon)
-                'running!)
+                (start-service 'xmpp-daemon))
              marionette))
 
           ;; Check XMPP service's PID.
@@ -196,13 +194,11 @@
 
           (test-begin "bitlbee")
 
-          (test-eq "service started"
-            'running!
+          (test-assert "service started"
             (marionette-eval
              '(begin
                 (use-modules (gnu services herd))
-                (start-service 'bitlbee)
-                'running!)
+                (start-service 'bitlbee))
              marionette))
 
           (test-equal "valid PID"
diff --git a/gnu/tests/nfs.scm b/gnu/tests/nfs.scm
index d58cf7aefd..140f03779b 100644
--- a/gnu/tests/nfs.scm
+++ b/gnu/tests/nfs.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -94,13 +95,11 @@
           (test-begin "rpc-daemon")
 
           ;; Wait for the rpcbind daemon to be up and running.
-          (test-eq "RPC service running"
-            'running!
+          (test-assert "RPC service running"
             (marionette-eval
              '(begin
                 (use-modules (gnu services herd))
-                (start-service 'rpcbind-daemon)
-                'running!)
+                (start-service 'rpcbind-daemon))
              marionette))
 
           ;; Check the socket file and that the service is still running.
diff --git a/gnu/tests/rsync.scm b/gnu/tests/rsync.scm
index c97836788b..a6f8fa2bd1 100644
--- a/gnu/tests/rsync.scm
+++ b/gnu/tests/rsync.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
+;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -59,13 +60,11 @@ PORT."
           (test-begin "rsync")
 
           ;; Wait for rsync to be up and running.
-          (test-eq "service running"
-            'running!
+          (test-assert "service running"
             (marionette-eval
              '(begin
                 (use-modules (gnu services herd))
-                (start-service 'rsync)
-                'running!)
+                (start-service 'rsync))
              marionette))
 
           ;; Make sure the PID file is created.
diff --git a/gnu/tests/ssh.scm b/gnu/tests/ssh.scm
index 9247a43e6d..2e40122add 100644
--- a/gnu/tests/ssh.scm
+++ b/gnu/tests/ssh.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2017, 2018 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -111,13 +111,11 @@ root with an empty password."
             (test-begin "ssh-daemon")
 
             ;; Wait for sshd to be up and running.
-            (test-eq "service running"
-              'running!
+            (test-assert "service running"
               (marionette-eval
                '(begin
                   (use-modules (gnu services herd))
-                  (start-service 'ssh-daemon)
-                  'running!)
+                  (start-service 'ssh-daemon))
                marionette))
 
             ;; Check sshd's PID file.
diff --git a/gnu/tests/version-control.scm b/gnu/tests/version-control.scm
index 8024739734..3b935a1b48 100644
--- a/gnu/tests/version-control.scm
+++ b/gnu/tests/version-control.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017, 2018 Oleg Pykhalov <go.wigust@gmail.com>
 ;;; Copyright © 2017, 2018 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2017, 2018 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -147,23 +147,19 @@ HTTP-PORT."
              marionette))
 
           ;; Wait for nginx to be up and running.
-          (test-eq "nginx running"
-            'running!
+          (test-assert "nginx running"
             (marionette-eval
              '(begin
                 (use-modules (gnu services herd))
-                (start-service 'nginx)
-                'running!)
+                (start-service 'nginx))
              marionette))
 
           ;; Wait for fcgiwrap to be up and running.
-          (test-eq "fcgiwrap running"
-            'running!
+          (test-assert "fcgiwrap running"
             (marionette-eval
              '(begin
                 (use-modules (gnu services herd))
-                (start-service 'fcgiwrap)
-                'running!)
+                (start-service 'fcgiwrap))
              marionette))
 
           ;; Make sure the PID file is created.
@@ -272,13 +268,11 @@ HTTP-PORT."
           (test-begin "git-http")
 
           ;; Wait for nginx to be up and running.
-          (test-eq "nginx running"
-            'running!
+          (test-assert "nginx running"
             (marionette-eval
              '(begin
                 (use-modules (gnu services herd))
-                (start-service 'nginx)
-                'running!)
+                (start-service 'nginx))
              marionette))
 
           ;; Make sure Git test repository is created.
diff --git a/gnu/tests/web.scm b/gnu/tests/web.scm
index a6bf6efcfe..73d502dd0e 100644
--- a/gnu/tests/web.scm
+++ b/gnu/tests/web.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
-;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2017, 2018 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2018 Pierre-Antoine Rouby <pierre-antoine.rouby@inria.fr>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -245,13 +245,11 @@ HTTP-PORT, along with php-fpm."
                      ((pid) (number? pid))))))
              marionette))
 
-          (test-eq "nginx running"
-            'running!
+          (test-assert "nginx running"
             (marionette-eval
              '(begin
                 (use-modules (gnu services herd))
-                (start-service 'nginx)
-                'running!)
+                (start-service 'nginx))
              marionette))
 
           (test-equal "http-get"