summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2017-12-19 01:42:40 +0100
committerMarius Bakke <mbakke@fastmail.com>2017-12-19 01:42:40 +0100
commit32cd878be0bb7e153fcaa6f3bfa2632867390ff9 (patch)
treefc1ff93949817c9d172c84d0410ac9225cad57ae /gnu
parent753425610274ccb59cce13490c096027c61621d0 (diff)
parent98bd11cfe7b931e9c6d6bf002a8a225fb7a1025b (diff)
downloadguix-32cd878be0bb7e153fcaa6f3bfa2632867390ff9.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu')
-rw-r--r--gnu/bootloader/extlinux.scm10
-rw-r--r--gnu/bootloader/u-boot.scm25
-rw-r--r--gnu/build/bootloader.scm37
-rw-r--r--gnu/build/linux-boot.scm107
-rw-r--r--gnu/build/vm.scm44
-rw-r--r--gnu/local.mk26
-rw-r--r--gnu/packages/algebra.scm27
-rw-r--r--gnu/packages/aspell.scm68
-rw-r--r--gnu/packages/audio.scm137
-rw-r--r--gnu/packages/axoloti.scm2
-rw-r--r--gnu/packages/backup.scm1
-rw-r--r--gnu/packages/bioinformatics.scm174
-rw-r--r--gnu/packages/build-tools.scm5
-rw-r--r--gnu/packages/chez.scm15
-rw-r--r--gnu/packages/code.scm6
-rw-r--r--gnu/packages/compression.scm4
-rw-r--r--gnu/packages/cran.scm131
-rw-r--r--gnu/packages/crypto.scm4
-rw-r--r--gnu/packages/cups.scm23
-rw-r--r--gnu/packages/databases.scm2
-rw-r--r--gnu/packages/datastructures.scm55
-rw-r--r--gnu/packages/dictionaries.scm40
-rw-r--r--gnu/packages/emacs.scm178
-rw-r--r--gnu/packages/embedded.scm38
-rw-r--r--gnu/packages/erlang.scm9
-rw-r--r--gnu/packages/fontutils.scm8
-rw-r--r--gnu/packages/fvwm.scm8
-rw-r--r--gnu/packages/game-development.scm9
-rw-r--r--gnu/packages/games.scm44
-rw-r--r--gnu/packages/gl.scm35
-rw-r--r--gnu/packages/gnome.scm6
-rw-r--r--gnu/packages/gnunet.scm9
-rw-r--r--gnu/packages/gnupg.scm7
-rw-r--r--gnu/packages/gnuzilla.scm3
-rw-r--r--gnu/packages/graph.scm26
-rw-r--r--gnu/packages/gstreamer.scm41
-rw-r--r--gnu/packages/gtk.scm5
-rw-r--r--gnu/packages/guile.scm19
-rw-r--r--gnu/packages/haskell.scm4
-rw-r--r--gnu/packages/image.scm4
-rw-r--r--gnu/packages/imagemagick.scm14
-rw-r--r--gnu/packages/jemalloc.scm20
-rw-r--r--gnu/packages/kde.scm94
-rw-r--r--gnu/packages/language.scm11
-rw-r--r--gnu/packages/linux.scm137
-rw-r--r--gnu/packages/machine-learning.scm4
-rw-r--r--gnu/packages/mail.scm72
-rw-r--r--gnu/packages/maths.scm8
-rw-r--r--gnu/packages/messaging.scm2
-rw-r--r--gnu/packages/mpd.scm4
-rw-r--r--gnu/packages/music.scm343
-rw-r--r--gnu/packages/networking.scm13
-rw-r--r--gnu/packages/nutrition.scm9
-rw-r--r--gnu/packages/package-management.scm6
-rw-r--r--gnu/packages/password-utils.scm5
-rw-r--r--gnu/packages/patches/borg-fix-archive-corruption-bug.patch68
-rw-r--r--gnu/packages/patches/eigen-arm-neon-fixes.patch245
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch137
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch28
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch16
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch28
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-13775.patch195
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch179
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch80
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch72
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch210
-rw-r--r--gnu/packages/patches/jemalloc-arm-address-bits.patch39
-rw-r--r--gnu/packages/patches/libvdpau-va-gl-unbundle.patch35
-rw-r--r--gnu/packages/patches/picprog-non-intel-support.patch74
-rw-r--r--gnu/packages/patches/python-scikit-learn-fix-test-non-determinism.patch25
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-15118.patch58
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-15119.patch68
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-15268.patch62
-rw-r--r--gnu/packages/patches/rsync-CVE-2017-16548.patch31
-rw-r--r--gnu/packages/patches/rsync-CVE-2017-17433-fix-tests.patch42
-rw-r--r--gnu/packages/patches/rsync-CVE-2017-17433.patch45
-rw-r--r--gnu/packages/patches/rsync-CVE-2017-17434-pt1.patch28
-rw-r--r--gnu/packages/patches/rsync-CVE-2017-17434-pt2.patch39
-rw-r--r--gnu/packages/patches/t1lib-CVE-2011-1552+.patch (renamed from gnu/packages/patches/t1lib-CVE-2011-1552+CVE-2011-1553+CVE-2011-1554.patch)0
-rw-r--r--gnu/packages/perl-check.scm37
-rw-r--r--gnu/packages/perl.scm22
-rw-r--r--gnu/packages/photo.scm6
-rw-r--r--gnu/packages/popt.scm5
-rw-r--r--gnu/packages/python.scm37
-rw-r--r--gnu/packages/rsync.scm11
-rw-r--r--gnu/packages/ruby.scm29
-rw-r--r--gnu/packages/rust.scm1307
-rw-r--r--gnu/packages/search.scm7
-rw-r--r--gnu/packages/security-token.scm10
-rw-r--r--gnu/packages/shells.scm12
-rw-r--r--gnu/packages/skarnet.scm4
-rw-r--r--gnu/packages/sml.scm5
-rw-r--r--gnu/packages/statistics.scm15
-rw-r--r--gnu/packages/tcl.scm4
-rw-r--r--gnu/packages/terminals.scm4
-rw-r--r--gnu/packages/tex.scm15
-rw-r--r--gnu/packages/text-editors.scm13
-rw-r--r--gnu/packages/tls.scm24
-rw-r--r--gnu/packages/upnp.scm7
-rw-r--r--gnu/packages/version-control.scm63
-rw-r--r--gnu/packages/video.scm56
-rw-r--r--gnu/packages/virtualization.scm77
-rw-r--r--gnu/packages/web.scm30
-rw-r--r--gnu/packages/wine.scm16
-rw-r--r--gnu/packages/wm.scm119
-rw-r--r--gnu/packages/xdisorg.scm8
-rw-r--r--gnu/packages/xfig.scm105
-rw-r--r--gnu/packages/xorg.scm55
-rw-r--r--gnu/services.scm3
-rw-r--r--gnu/services/base.scm16
-rw-r--r--gnu/services/certbot.scm6
-rw-r--r--gnu/services/version-control.scm3
-rw-r--r--gnu/services/web.scm442
-rw-r--r--gnu/system/examples/beaglebone-black.tmpl54
-rw-r--r--gnu/system/install.scm31
-rw-r--r--gnu/system/vm.scm16
-rw-r--r--gnu/tests/version-control.scm7
-rw-r--r--gnu/tests/web.scm128
118 files changed, 4533 insertions, 2218 deletions
diff --git a/gnu/bootloader/extlinux.scm b/gnu/bootloader/extlinux.scm
index 9b6e2c7f2a..f7820a37a4 100644
--- a/gnu/bootloader/extlinux.scm
+++ b/gnu/bootloader/extlinux.scm
@@ -20,6 +20,7 @@
 (define-module (gnu bootloader extlinux)
   #:use-module (gnu bootloader)
   #:use-module (gnu system)
+  #:use-module (gnu build bootloader)
   #:use-module (gnu packages bootloaders)
   #:use-module (guix gexp)
   #:use-module (guix monads)
@@ -95,13 +96,8 @@ TIMEOUT ~a~%"
                   (find-files syslinux-dir "\\.c32$"))
         (unless
             (and (zero? (system* extlinux "--install" install-dir))
-                 (call-with-input-file (string-append syslinux-dir "/" #$mbr)
-                   (lambda (input)
-                     (let ((bv (get-bytevector-n input 440)))
-                       (call-with-output-file device
-                         (lambda (output)
-                           (put-bytevector output bv))
-                         #:binary #t)))))
+                 (write-file-on-device
+                  (string-append syslinux-dir "/" #$mbr) 440 device 0))
           (error "failed to install SYSLINUX")))))
 
 (define install-extlinux-mbr
diff --git a/gnu/bootloader/u-boot.scm b/gnu/bootloader/u-boot.scm
index 963b0d7597..397eb8181c 100644
--- a/gnu/bootloader/u-boot.scm
+++ b/gnu/bootloader/u-boot.scm
@@ -21,18 +21,35 @@
   #:use-module (gnu bootloader extlinux)
   #:use-module (gnu bootloader)
   #:use-module (gnu system)
+  #:use-module (gnu build bootloader)
   #:use-module (gnu packages bootloaders)
   #:use-module (guix gexp)
   #:use-module (guix monads)
   #:use-module (guix records)
   #:use-module (guix utils)
-  #:export (u-boot-bootloader))
+  #:export (u-boot-bootloader
+            u-boot-beaglebone-black-bootloader))
 
 (define install-u-boot
   #~(lambda (bootloader device mount-point)
       (if bootloader
         (error "Failed to install U-Boot"))))
 
+(define install-beaglebone-black-u-boot
+  ;; http://wiki.beyondlogic.org/index.php?title=BeagleBoneBlack_Upgrading_uBoot
+  ;; This first stage bootloader called MLO (U-Boot SPL) is expected at
+  ;; 0x20000 by BBB ROM code. The second stage bootloader will be loaded by
+  ;; the MLO and is expected at 0x60000.  Write both first stage ("MLO") and
+  ;; second stage ("u-boot.img") images, read in BOOTLOADER directory, to the
+  ;; specified DEVICE.
+  #~(lambda (bootloader device mount-point)
+      (let ((mlo (string-append bootloader "/libexec/MLO"))
+            (u-boot (string-append bootloader "/libexec/u-boot.img")))
+        (write-file-on-device mlo (* 256 512)
+                              device (* 256 512))
+        (write-file-on-device u-boot (* 1024 512)
+                              device (* 768 512)))))
+
 
 
 ;;;
@@ -45,3 +62,9 @@
    (name 'u-boot)
    (package #f)
    (installer install-u-boot)))
+
+(define u-boot-beaglebone-black-bootloader
+  (bootloader
+   (inherit u-boot-bootloader)
+   (package u-boot-beagle-bone-black)
+   (installer install-beaglebone-black-u-boot)))
diff --git a/gnu/build/bootloader.scm b/gnu/build/bootloader.scm
new file mode 100644
index 0000000000..d00674dd40
--- /dev/null
+++ b/gnu/build/bootloader.scm
@@ -0,0 +1,37 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu build bootloader)
+  #:use-module (ice-9 binary-ports)
+  #:export (write-file-on-device))
+
+
+;;;
+;;; Writing utils.
+;;;
+
+(define (write-file-on-device file size device offset)
+  "Write SIZE bytes from FILE to DEVICE starting at OFFSET."
+  (call-with-input-file file
+    (lambda (input)
+      (let ((bv (get-bytevector-n input size)))
+        (call-with-output-file device
+          (lambda (output)
+            (seek output offset SEEK_SET)
+            (put-bytevector output bv))
+          #:binary #t)))))
diff --git a/gnu/build/linux-boot.scm b/gnu/build/linux-boot.scm
index 2547f1e0af..4dd740174e 100644
--- a/gnu/build/linux-boot.scm
+++ b/gnu/build/linux-boot.scm
@@ -22,8 +22,11 @@
   #:use-module (system repl error-handling)
   #:autoload   (system repl repl) (start-repl)
   #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-9)
   #:use-module (srfi srfi-26)
   #:use-module (ice-9 match)
+  #:use-module (ice-9 rdelim)
+  #:use-module (ice-9 regex)
   #:use-module (ice-9 ftw)
   #:use-module (guix build utils)
   #:use-module ((guix build syscalls)
@@ -35,6 +38,7 @@
             linux-command-line
             find-long-option
             make-essential-device-nodes
+            make-static-device-nodes
             configure-qemu-networking
 
             bind-mount
@@ -105,6 +109,109 @@ with the given MAJOR number, starting with MINOR."
              'block-special #o644 (device-number major (+ minor i)))
       (loop (+ i 1)))))
 
+;; Representation of a /dev node.
+(define-record-type <device-node>
+  (device-node name type major minor module)
+  device-node?
+  (name device-node-name)
+  (type device-node-type)
+  (major device-node-major)
+  (minor device-node-minor)
+  (module device-node-module))
+
+(define (read-static-device-nodes port)
+  "Read from PORT a list of <device-node> written in the format used by
+/lib/modules/*/*.devname files."
+  (let loop ((line (read-line port)))
+    (if (eof-object? line)
+      '()
+      (match (string-split line #\space)
+       (((? (cut string-prefix? "#" <>)) _ ...)
+        (loop (read-line port)))
+       ((module-name device-name device-spec)
+        (let* ((device-parts
+               (string-match "([bc])([0-9][0-9]*):([0-9][0-9]*)"
+                             device-spec))
+               (type-string (match:substring device-parts 1))
+               (type (match type-string
+                      ("c" 'char-special)
+                      ("b" 'block-special)))
+               (major-string (match:substring device-parts 2))
+               (major (string->number major-string 10))
+               (minor-string (match:substring device-parts 3))
+               (minor (string->number minor-string 10)))
+          (cons (device-node device-name type major minor module-name)
+                (loop (read-line port)))))
+       (_
+        (begin
+          (format (current-error-port)
+                  "read-static-device-nodes: ignored devname line '~a'~%" line)
+          (loop (read-line port))))))))
+
+(define* (mkdir-p* dir #:optional (mode #o755))
+  "This is a variant of 'mkdir-p' that works around
+<http://bugs.gnu.org/24659> by passing MODE explicitly in each 'mkdir' call."
+  (define absolute?
+    (string-prefix? "/" dir))
+
+  (define not-slash
+    (char-set-complement (char-set #\/)))
+
+  (let loop ((components (string-tokenize dir not-slash))
+             (root       (if absolute?
+                             ""
+                             ".")))
+    (match components
+      ((head tail ...)
+       (let ((path (string-append root "/" head)))
+         (catch 'system-error
+           (lambda ()
+             (mkdir path mode)
+             (loop tail path))
+           (lambda args
+             (if (= EEXIST (system-error-errno args))
+                 (loop tail path)
+                 (apply throw args))))))
+      (() #t))))
+
+(define (report-system-error name . args)
+  "Report a system error for the file NAME."
+  (let ((errno (system-error-errno args)))
+    (format (current-error-port) "could not create '~a': ~a~%" name
+            (strerror errno))))
+
+;; Catch a system-error, log it and don't die from it.
+(define-syntax-rule (catch-system-error name exp)
+  (catch 'system-error
+    (lambda ()
+      exp)
+    (lambda args
+      (apply report-system-error name args))))
+
+;; Create a device node like the <device-node> passed here on the filesystem.
+(define create-device-node
+  (match-lambda
+    (($ <device-node> xname type major minor module)
+     (let ((name (string-append "/dev/" xname)))
+       (mkdir-p* (dirname name))
+       (catch-system-error name
+         (mknod name type #o600 (device-number major minor)))))))
+
+(define* (make-static-device-nodes linux-release-module-directory)
+  "Create static device nodes required by the given Linux release.
+This is required in order to solve a chicken-or-egg problem:
+The Linux kernel has a feature to autoload modules when a device is first
+accessed.
+And udev has a feature to set the permissions of static nodes correctly
+when it is starting up and also to automatically create nodes when hardware
+is hotplugged. That leaves universal device files which are not linked to
+one specific hardware device. These we have to create."
+  (let ((devname-name (string-append linux-release-module-directory "/"
+                                     "modules.devname")))
+    (for-each create-device-node
+              (call-with-input-file devname-name
+                                    read-static-device-nodes))))
+
 (define* (make-essential-device-nodes #:key (root "/"))
   "Make essential device nodes under ROOT/dev."
   ;; The hand-made devtmpfs/udev!
diff --git a/gnu/build/vm.scm b/gnu/build/vm.scm
index 20ee12709b..404f324045 100644
--- a/gnu/build/vm.scm
+++ b/gnu/build/vm.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
-;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
@@ -77,6 +77,7 @@
                            linux initrd
                            make-disk-image?
                            single-file-output?
+                           target-arm32?
                            (disk-image-size (* 100 (expt 2 20)))
                            (disk-image-format "qcow2")
                            (references-graphs '()))
@@ -91,6 +92,31 @@ access it via /dev/hda.
 
 REFERENCES-GRAPHS can specify a list of reference-graph files as produced by
 the #:references-graphs parameter of 'derivation'."
+
+  (define arch-specific-flags
+    `(;; On ARM, a machine has to be specified. Use "virt" machine to avoid
+      ;; hardware limits imposed by other machines.
+      ,@(if target-arm32? '("-M" "virt") '())
+
+      ;; Only enable kvm if we see /dev/kvm exists.  This allows users without
+      ;; hardware virtualization to still use these commands.  KVM support is
+      ;; still buggy on some ARM32 boards. Do not use it even if available.
+      ,@(if (and (file-exists? "/dev/kvm")
+                 (not target-arm32?))
+            '("-enable-kvm")
+            '())
+      "-append"
+      ;; The serial port name differs between emulated architectures/machines.
+      ,@(if target-arm32?
+            `(,(string-append "console=ttyAMA0 --load=" builder))
+            `(,(string-append "console=ttyS0 --load=" builder)))
+      ;; NIC is not supported on ARM "virt" machine, so use a user mode
+      ;; network stack instead.
+      ,@(if target-arm32?
+            '("-device" "virtio-net-pci,netdev=mynet"
+              "-netdev" "user,id=mynet")
+            '("-net" "nic,model=virtio"))))
+
   (when make-disk-image?
     (format #t "creating ~a image of ~,2f MiB...~%"
             disk-image-format (/ disk-image-size (expt 2 20)))
@@ -113,7 +139,8 @@ the #:references-graphs parameter of 'derivation'."
   (unless (zero?
            (apply system* qemu "-nographic" "-no-reboot"
                   "-m" (number->string memory-size)
-                  "-net" "nic,model=virtio"
+                  "-object" "rng-random,filename=/dev/urandom,id=guixsd-vm-rng"
+                  "-device" "virtio-rng-pci,rng=guixsd-vm-rng"
                   "-virtfs"
                   (string-append "local,id=store_dev,path="
                                  (%store-directory)
@@ -127,15 +154,12 @@ the #:references-graphs parameter of 'derivation'."
                                            builder)
                   (append
                    (if make-disk-image?
-                       `("-drive" ,(string-append "file=" output
-                                                  ",if=virtio"))
+                       `("-device" "virtio-blk,drive=myhd"
+                         "-drive" ,(string-append "if=none,file=" output
+                                                  ",format=" disk-image-format
+                                                  ",id=myhd"))
                        '())
-                   ;; Only enable kvm if we see /dev/kvm exists.
-                   ;; This allows users without hardware virtualization to still
-                   ;; use these commands.
-                   (if (file-exists? "/dev/kvm")
-                       '("-enable-kvm")
-                       '()))))
+                   arch-specific-flags)))
     (error "qemu failed" qemu))
 
   ;; When MAKE-DISK-IMAGE? is true, the image is in OUTPUT already.
diff --git a/gnu/local.mk b/gnu/local.mk
index f4a68c5861..62812b3f99 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -490,6 +490,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/system/vm.scm				\
 						\
   %D%/build/activation.scm			\
+  %D%/build/bootloader.scm			\
   %D%/build/cross-toolchain.scm			\
   %D%/build/file-systems.scm			\
   %D%/build/install.scm				\
@@ -557,6 +558,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/binutils-ld-new-dtags.patch		\
   %D%/packages/patches/binutils-loongson-workaround.patch	\
   %D%/packages/patches/blast+-fix-makefile.patch		\
+  %D%/packages/patches/borg-fix-archive-corruption-bug.patch	\
   %D%/packages/patches/byobu-writable-status.patch		\
   %D%/packages/patches/cairo-CVE-2016-9082.patch			\
   %D%/packages/patches/calibre-no-updates-dialog.patch		\
@@ -607,6 +609,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/dtc-format-modifier.patch		\
   %D%/packages/patches/dtc-32-bits-check.patch			\
   %D%/packages/patches/dvd+rw-tools-add-include.patch 		\
+  %D%/packages/patches/eigen-arm-neon-fixes.patch		\
   %D%/packages/patches/elfutils-tests-ptrace.patch		\
   %D%/packages/patches/elixir-disable-failing-tests.patch	\
   %D%/packages/patches/einstein-build.patch			\
@@ -701,15 +704,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
   %D%/packages/patches/gobject-introspection-cc.patch		\
   %D%/packages/patches/gobject-introspection-girepository.patch	\
-  %D%/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch	\
-  %D%/packages/patches/graphicsmagick-CVE-2017-12935.patch	\
-  %D%/packages/patches/graphicsmagick-CVE-2017-12936.patch	\
-  %D%/packages/patches/graphicsmagick-CVE-2017-12937.patch	\
-  %D%/packages/patches/graphicsmagick-CVE-2017-13775.patch	\
-  %D%/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch	\
-  %D%/packages/patches/graphicsmagick-CVE-2017-14042.patch	\
-  %D%/packages/patches/graphicsmagick-CVE-2017-14165.patch	\
-  %D%/packages/patches/graphicsmagick-CVE-2017-14649.patch	\
   %D%/packages/patches/graphite2-ffloat-store.patch		\
   %D%/packages/patches/grep-timing-sensitive-test.patch		\
   %D%/packages/patches/groff-source-date-epoch.patch		\
@@ -760,6 +754,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/isl-0.11.1-aarch64-support.patch	\
   %D%/packages/patches/jacal-fix-texinfo.patch			\
   %D%/packages/patches/java-powermock-fix-java-files.patch		\
+  %D%/packages/patches/jemalloc-arm-address-bits.patch		\
   %D%/packages/patches/jbig2dec-ignore-testtest.patch		\
   %D%/packages/patches/jq-CVE-2015-8863.patch			\
   %D%/packages/patches/kdbusaddons-kinit-file-name.patch	\
@@ -826,6 +821,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libtool-skip-tests2.patch		\
   %D%/packages/patches/libusb-0.1-disable-tests.patch		\
   %D%/packages/patches/libusb-for-axoloti.patch			\
+  %D%/packages/patches/libvdpau-va-gl-unbundle.patch		\
   %D%/packages/patches/libvpx-CVE-2016-2818.patch		\
   %D%/packages/patches/libxcb-python-3.5-compat.patch		\
   %D%/packages/patches/libxslt-generated-ids.patch		\
@@ -942,6 +938,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/perl-module-pluggable-search.patch	\
   %D%/packages/patches/perl-reproducible-build-date.patch	\
   %D%/packages/patches/perl-www-curl-remove-symbol.patch	\
+  %D%/packages/patches/picprog-non-intel-support.patch		\
   %D%/packages/patches/pidgin-add-search-path.patch		\
   %D%/packages/patches/pinball-const-fix.patch			\
   %D%/packages/patches/pinball-cstddef.patch			\
@@ -994,6 +991,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/python-parse-too-many-fields.patch	\
   %D%/packages/patches/python2-rdflib-drop-sparqlwrapper.patch	\
   %D%/packages/patches/python-statsmodels-fix-tests.patch	\
+  %D%/packages/patches/python-scikit-learn-fix-test-non-determinism.patch	\
   %D%/packages/patches/python-configobj-setuptools.patch	\
   %D%/packages/patches/python-faker-fix-build-32bit.patch	\
   %D%/packages/patches/python-pandas-skip-failing-tests.patch	\
@@ -1008,9 +1006,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/python-unittest2-python3-compat.patch	\
   %D%/packages/patches/python-unittest2-remove-argparse.patch	\
   %D%/packages/patches/qemu-CVE-2017-15038.patch		\
-  %D%/packages/patches/qemu-CVE-2017-15118.patch		\
-  %D%/packages/patches/qemu-CVE-2017-15119.patch		\
-  %D%/packages/patches/qemu-CVE-2017-15268.patch		\
   %D%/packages/patches/qemu-CVE-2017-15289.patch		\
   %D%/packages/patches/qt4-ldflags.patch			\
   %D%/packages/patches/qtscript-disable-tests.patch		\
@@ -1028,6 +1023,11 @@ dist_patch_DATA =						\
   %D%/packages/patches/ripperx-missing-file.patch		\
   %D%/packages/patches/rpcbind-CVE-2017-8779.patch		\
   %D%/packages/patches/rsem-makefile.patch			\
+  %D%/packages/patches/rsync-CVE-2017-16548.patch			\
+  %D%/packages/patches/rsync-CVE-2017-17433.patch			\
+  %D%/packages/patches/rsync-CVE-2017-17433-fix-tests.patch			\
+  %D%/packages/patches/rsync-CVE-2017-17434-pt1.patch			\
+  %D%/packages/patches/rsync-CVE-2017-17434-pt2.patch			\
   %D%/packages/patches/ruby-concurrent-ignore-broken-test.patch	\
   %D%/packages/patches/ruby-concurrent-test-arm.patch		\
   %D%/packages/patches/ruby-rack-ignore-failing-test.patch      \
@@ -1053,7 +1053,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/synfigstudio-fix-ui-with-gtk3.patch 	\
   %D%/packages/patches/t1lib-CVE-2010-2642.patch		\
   %D%/packages/patches/t1lib-CVE-2011-0764.patch		\
-  %D%/packages/patches/t1lib-CVE-2011-1552+CVE-2011-1553+CVE-2011-1554.patch		\
+  %D%/packages/patches/t1lib-CVE-2011-1552+.patch		\
   %D%/packages/patches/tar-CVE-2016-6321.patch			\
   %D%/packages/patches/tar-skip-unreliable-tests.patch		\
   %D%/packages/patches/tclxml-3.2-install.patch			\
diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm
index a7336066ef..7e26e76f4a 100644
--- a/gnu/packages/algebra.scm
+++ b/gnu/packages/algebra.scm
@@ -7,6 +7,7 @@
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -577,27 +578,34 @@ cosine/ sine transforms or DCT/DST).")
 (define-public eigen
   (package
     (name "eigen")
-    (version "3.2.9")
+    (version "3.3.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://bitbucket.org/eigen/eigen/get/"
                                   version ".tar.bz2"))
               (sha256
                (base32
-                "1zs5b210mq7nyanky07li6456rrd0xv2nxf6sl2lhkzdq5p067jd"))
+                "19m4406jvqnwh7kpcvx1lfx2vdc5zwia5q9ayv89bimg1gmln9fx"))
               (file-name (string-append name "-" version ".tar.bz2"))
+	      (patches (search-patches "eigen-arm-neon-fixes.patch"))
               (modules '((guix build utils)))
               (snippet
                ;; There are 3 test failures in the "unsupported" directory,
                ;; but maintainers say it's a known issue and it's unsupported
                ;; anyway, so just skip them.
-               '(substitute* "CMakeLists.txt"
-                  (("add_subdirectory\\(unsupported\\)")
-                   "# Do not build the tests for unsupported features.\n")
-                  ;; Work around
-                  ;; <http://eigen.tuxfamily.org/bz/show_bug.cgi?id=1114>.
-                  (("\"include/eigen3\"")
-                   "\"${CMAKE_INSTALL_PREFIX}/include/eigen3\"")))))
+               '(begin
+		  (substitute* "CMakeLists.txt"
+                    (("add_subdirectory\\(unsupported\\)")
+                     "# Do not build the tests for unsupported features.\n")
+                    ;; Work around
+                    ;; <http://eigen.tuxfamily.org/bz/show_bug.cgi?id=1114>.
+                    (("\"include/eigen3\"")
+                     "\"${CMAKE_INSTALL_PREFIX}/include/eigen3\""))
+		  (substitute* "test/bdcsvd.cpp"
+                    ;; See
+                    ;; https://bitbucket.org/eigen/eigen/commits/ea8c22ce6920e982d15245ee41d0531a46a28e5d
+                    ((".*svd_preallocate[^\n]*" &)
+                     (string-append "//" & " // Not supported by BDCSVD")))))))
     (build-system cmake-build-system)
     (arguments
      '(;; Turn off debugging symbols to save space.
@@ -608,6 +616,7 @@ cosine/ sine transforms or DCT/DST).")
                     (lambda _
                       (let* ((cores  (parallel-job-count))
                              (dash-j (format #f "-j~a" cores)))
+			(setenv "EIGEN_SEED" "1") ;for reproducibility
                         ;; First build the tests, in parallel.  See
                         ;; <http://eigen.tuxfamily.org/index.php?title=Tests>.
                         (and (zero? (system* "make" "buildtests" dash-j))
diff --git a/gnu/packages/aspell.scm b/gnu/packages/aspell.scm
index 86e0598344..ec8fa05feb 100644
--- a/gnu/packages/aspell.scm
+++ b/gnu/packages/aspell.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2013, 2014, 2015, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Christopher Andersson <christopher@8bits.nu>
 ;;; Copyright © 2016 Theodoros Foradis <theodoros@foradis.org>
 ;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
@@ -130,12 +130,20 @@ dictionaries, including personal ones.")
                      (base32
                       "01p92qj66cqb346gk7hjfynaap5sbcn85xz07kjfdq623ghr8v5s")))
 
+(define-public aspell-dict-el
+  (aspell-dictionary "el" "Greek"
+                     #:version "0.08-0"
+                     #:prefix "aspell6-"
+                     #:sha256
+                     (base32
+                      "1ljcc30zg2v2h3w5h5jr5im41mw8jbsgvvhdd2cii2yzi8d0zxja")))
+
 (define-public aspell-dict-en
   (aspell-dictionary "en" "English"
-                     #:version "2017.01.22-0"
+                     #:version "2017.08.24-0"
                      #:sha256
                      (base32
-                      "1qamzpw1fsnn5n9jpsnnnzqj1a0m0xvsikmkdp5a6pmb7sp3ziwk")))
+                      "0z2vvm1by485cm0sna21cmw6zb771c2l2lnn676zmrwm46q65d89")))
 
 (define-public aspell-dict-eo
   (aspell-dictionary "eo" "Esperanto"
@@ -159,12 +167,19 @@ dictionaries, including personal ones.")
                      (base32
                       "14ffy9mn5jqqpp437kannc3559bfdrpk7r36ljkzjalxa53i0hpr")))
 
-(define-public aspell-dict-ru
-  (aspell-dictionary "ru" "Russian"
-                     #:version "0.99f7-1"
+(define-public aspell-dict-grc
+  (aspell-dictionary "grc" "Ancient Greek"
+                     #:version "0.02-0"
                      #:sha256
                      (base32
-                      "0ip6nq43hcr7vvzbv4lwwmlwgfa60hrhsldh9xy3zg2prv6bcaaw")))
+                      "1zxr8958v37v260fkqd4pg37ns5h5kyqm54hn1hg70wq5cz8h512")))
+
+(define-public aspell-dict-he
+  (aspell-dictionary "he" "Hebrew"
+                     #:version "1.0-0"
+                     #:sha256
+                     (base32
+                      "13bhbghx5b8g0119g3wxd4n8mlf707y41vlf59irxjj0kynankfn")))
 
 (define-public aspell-dict-it
   (aspell-dictionary "it" "Italian"
@@ -181,12 +196,20 @@ dictionaries, including personal ones.")
                      (base32
                       "0ffb87yjsh211hllpc4b9khqqrblial4pzi1h9r3v465z1yhn3j4")))
 
-(define-public aspell-dict-he
-  (aspell-dictionary "he" "Hebrew"
-                     #:version "1.0-0"
+(define-public aspell-dict-pt-br
+  (aspell-dictionary "pt-br" "Brazilian Portuguese"
+                     #:version "20090702-0"
+                     #:prefix "aspell6-"
                      #:sha256
                      (base32
-                      "13bhbghx5b8g0119g3wxd4n8mlf707y41vlf59irxjj0kynankfn")))
+                      "1y09lx9zf2rnp55r16b2vgj953l3538z1vaqgflg9mdvm555bz3p")))
+
+(define-public aspell-dict-ru
+  (aspell-dictionary "ru" "Russian"
+                     #:version "0.99f7-1"
+                     #:sha256
+                     (base32
+                      "0ip6nq43hcr7vvzbv4lwwmlwgfa60hrhsldh9xy3zg2prv6bcaaw")))
 
 (define-public aspell-dict-sv
   (aspell-dictionary "sv" "Swedish"
@@ -196,29 +219,6 @@ dictionaries, including personal ones.")
                      (base32
                       "02jwkjhr32kvyibnyzgx3smbnm576jwdzg3avdf6zxwckhy5fw4v")))
 
-(define-public aspell-dict-el
-  (aspell-dictionary "el" "Greek"
-                     #:version "0.08-0"
-                     #:prefix "aspell6-"
-                     #:sha256
-                     (base32
-                      "1ljcc30zg2v2h3w5h5jr5im41mw8jbsgvvhdd2cii2yzi8d0zxja")))
-
-(define-public aspell-dict-grc
-  (aspell-dictionary "grc" "Ancient Greek"
-                     #:version "0.02-0"
-                     #:sha256
-                     (base32
-                      "1zxr8958v37v260fkqd4pg37ns5h5kyqm54hn1hg70wq5cz8h512")))
-
-(define-public aspell-dict-pt-br
-  (aspell-dictionary "pt-br" "Brazilian Portuguese"
-                     #:version "20090702-0"
-                     #:prefix "aspell6-"
-                     #:sha256
-                     (base32
-                      "1y09lx9zf2rnp55r16b2vgj953l3538z1vaqgflg9mdvm555bz3p")))
-
 
 ;;;
 ;;; Hunspell packages made from the Aspell word lists.
diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index 4f6e4a4095..867b7ceca0 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -222,7 +222,7 @@ namespace ARDOUR { const char* revision = \"" version "\" ; }")))))
        (modify-phases %standard-phases
          (add-after
           'unpack 'set-rpath-in-LDFLAGS
-          ,(ardour-rpath-phase (version-prefix version 1))))
+          ,(ardour-rpath-phase (version-major version))))
        #:test-target "test"
        #:python ,python-2))
     (inputs
@@ -1993,6 +1993,38 @@ and ALSA.")
 into various outputs and to start, stop and configure jackd")
     (license license:gpl2+)))
 
+(define-public qjackrcd
+  (package
+    (name "qjackrcd")
+    (version "1.2.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://sourceforge/qjackrcd/stable/"
+                                  "qjackrcd-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0xpnhzbwg5c60n5dhwln5p7qm191nvmf23la88zxfqx1jv0mmxxb"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda* (#:key outputs #:allow-other-keys)
+             (zero? (system* "qmake"
+                             (string-append "PREFIX="
+                                            (assoc-ref outputs "out")))))))))
+    (native-inputs
+     `(("qtbase" ,qtbase))) ; for qmake
+    (inputs
+     `(("jack" ,jack-1)
+       ("libsndfile" ,libsndfile)
+       ("qtbase" ,qtbase)))
+    (home-page "https://sourceforge.net/projects/qjackrcd/")
+    (synopsis "Stereo audio recorder for JACK")
+    (description "QJackRcd is a simple graphical stereo recorder for JACK
+supporting silence processing for automatic pause, file splitting, and
+background file post-processing.")
+    (license license:gpl2+)))
 
 (define-public raul
   (package
@@ -3136,3 +3168,106 @@ on the ALSA software PCM plugin.")
 customized and extended using either the s7 Scheme implementation (included in
 the Snd sources), Ruby, or Forth.")
     (license (license:non-copyleft "file://COPYING"))))
+
+(define-public noise-repellent
+  (package
+    (name "noise-repellent")
+    (version "0.1.4")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/lucianodato/noise-repellent.git")
+                    (commit version)))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "0rd3dlmk3vivjmcr6x2x860y0j1d49c2j95j6ny50v184mwvn11j"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:make-flags
+       (list "CC=gcc"
+             (string-append "PREFIX=" (assoc-ref %outputs "out")))
+       #:tests? #f ; there are none
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure))))
+    (inputs
+     `(("lv2" ,lv2)
+       ("fftwf" ,fftwf)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "https://github.com/lucianodato/noise-repellent")
+    (synopsis "LV2 plugin for broadband noise reduction")
+    (description "Noise Repellent is an LV2 plugin to reduce noise.  It has
+the following features:
+
+@enumerate
+@item Spectral gating and spectral subtraction suppression rule
+@item Adaptive and manual noise thresholds estimation
+@item Adjustable noise floor
+@item Adjustable offset of thresholds to perform over-subtraction
+@item Time smoothing and a masking estimation to reduce artifacts
+@item Basic onset detector to avoid transients suppression
+@item Whitening of the noise floor to mask artifacts and to recover higher
+  frequencies
+@item Option to listen to the residual signal
+@item Soft bypass
+@item Noise profile saved with the session
+@end enumerate
+")
+    (license license:lgpl3+)))
+
+(define-public cli-visualizer
+  (package
+    (name "cli-visualizer")
+    (version "1.6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/dpayne/cli-visualizer/archive/"
+                           version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "07zkm87f2fr8kc6531zrkya7q81sdanm6813y2f54mg13g41y6hi"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("which" ,which)))
+    (inputs
+     `(("fftw" ,fftw)
+       ("googletest" ,googletest)
+       ("ncurses" ,ncurses)
+       ("pulseaudio" ,pulseaudio)))
+    (arguments
+     '(#:test-target "test"
+       #:make-flags
+       (list (string-append "PREFIX=" %output "/bin/") "ENABLE_PULSE=1")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'remove-sudo
+           (lambda _
+             (substitute* "install.sh" (("sudo") ""))
+             #t))
+         (add-before 'check 'set-check-environment
+           (lambda _
+             (setenv "CXX" "g++")
+             (setenv "CC" "gcc")
+             #t))
+         (add-before 'install 'make-prefix
+           (lambda _
+             (mkdir-p (string-append (assoc-ref %outputs "out") "/bin"))
+             #t))
+         (add-after 'install 'data
+           (lambda _
+             (for-each (lambda (file)
+                         (install-file file
+                                       (string-append (assoc-ref %outputs "out")
+                                                      "/share/doc")))
+                       (find-files "examples"))
+             #t)))))
+    (home-page "https://github.com/dpayne/cli-visualizer/")
+    (synopsis "Command-line audio visualizer")
+    (description "@code{cli-visualizer} displays fast-Fourier
+transforms (FFTs) of the sound being played, as well as other graphical
+representations.")
+    (license license:expat)))
diff --git a/gnu/packages/axoloti.scm b/gnu/packages/axoloti.scm
index 8ce4a63131..4963bb33cf 100644
--- a/gnu/packages/axoloti.scm
+++ b/gnu/packages/axoloti.scm
@@ -189,7 +189,7 @@
      `(("chibios"
         ,(origin
            (method url-fetch)
-           (uri "mirror://sourceforge/chibios/ChibiOS_RT%20stable/Version%202.6.9/ChibiOS_2.6.9.zip")
+           (uri "mirror://sourceforge/chibios/ChibiOS%20GPL3/Version%202.6.9/ChibiOS_2.6.9.zip")
            (sha256
             (base32
              "0lb5s8pkj80mqhsy47mmq0lqk34s2a2m3xagzihalvabwd0frhlj"))))
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index 2ee0d5336b..28d618381f 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -456,6 +456,7 @@ detection, and lossless compression.")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "borgbackup" version))
+              (patches (search-patches "borg-fix-archive-corruption-bug.patch"))
               (sha256
                (base32
                 "1rvn8b6clzd1r317r9jkvk34r31risi0dxfjc7jffhnwasck4anc"))
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index fedc8aec4c..cf026ab24e 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -421,7 +421,7 @@ computational cluster.")
 (define-public bedtools
   (package
     (name "bedtools")
-    (version "2.27.0")
+    (version "2.27.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/arq5x/bedtools2/releases/"
@@ -429,7 +429,7 @@ computational cluster.")
                                   "bedtools-" version ".tar.gz"))
               (sha256
                (base32
-                "0q6fsiz4s52yzxs6h2vxwq95fsi3n64wkpinkk05mfh4dmhybw74"))))
+                "1ndg5yknrxl4djx8ddzgk12rrbiidfpmkkg5z3f95jzryfxarhn8"))))
     (build-system gnu-build-system)
     (arguments
      '(#:test-target "test"
@@ -466,7 +466,19 @@ BED, GFF/GTF, VCF.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "05vrnr8yp7swfagshzpgqmzk1blnwnq8pq5pckzi1m26w98d63vf"))))))
+                "05vrnr8yp7swfagshzpgqmzk1blnwnq8pq5pckzi1m26w98d63vf"))))
+    (arguments
+     '(#:test-target "test"
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((bin (string-append (assoc-ref outputs "out") "/bin/")))
+               (for-each (lambda (file)
+                           (install-file file bin))
+                         (find-files "bin" ".*")))
+             #t)))))))
 
 (define-public ribotaper
   (package
@@ -2061,7 +2073,7 @@ identify enrichments with functional annotations of the genome.")
 (define-public diamond
   (package
     (name "diamond")
-    (version "0.9.13")
+    (version "0.9.14")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2070,7 +2082,7 @@ identify enrichments with functional annotations of the genome.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1pi5ncqwmynqpmmp3j3lhnqrjhj34sr6wpmsgrpkv3wyxx22fv86"))))
+                "07li3chjdna0wjyh680j3bhwiqh1fbfq9dy9jxxs82mc0rw0m1yy"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f ; no "check" target
@@ -2905,7 +2917,7 @@ indexing scheme is called a @dfn{Hierarchical Graph FM index} (HGFM).")
        (method url-fetch)
        (uri (string-append
              "http://eddylab.org/software/hmmer"
-             (version-prefix version 1) "/"
+             (version-major version) "/"
              version "/hmmer-" version ".tar.gz"))
        (sha256
         (base32
@@ -9385,83 +9397,89 @@ and irregular enzymatic cleavages, mass measurement accuracy, etc.")
     (license license:artistic2.0)))
 
 (define-public r-seurat
-  ;; Source releases are only made for new x.0 versions.  All newer versions
-  ;; are only released as pre-built binaries.  At the time of this writing the
-  ;; latest binary release is 1.4.0.12, which is equivalent to this commit.
-  (let ((commit "fccb77d1452c35ee47e47ebf8e87bddb59f3b08d")
-        (revision "1"))
-    (package
-      (name "r-seurat")
-      (version (string-append "1.4.0.12-" revision "." (string-take commit 7)))
-      (source (origin
-                (method git-fetch)
-                (uri (git-reference
-                      (url "https://github.com/satijalab/seurat")
-                      (commit commit)))
-                (file-name (string-append name "-" version "-checkout"))
-                (sha256
-                 (base32
-                  "101wq3aqrdmbfi3lqmq4iivk9iwbf10d4z216ss25hf7n9091cyl"))
-                ;; Delete pre-built jar.
-                (snippet
-                 '(begin (delete-file "inst/java/ModularityOptimizer.jar")
-                         #t))))
-      (build-system r-build-system)
-      (arguments
-       `(#:phases
-         (modify-phases %standard-phases
-           (add-after 'unpack 'build-jar
-             (lambda* (#:key inputs #:allow-other-keys)
-               (let ((classesdir "tmp-classes"))
-                 (setenv "JAVA_HOME" (assoc-ref inputs "jdk"))
-                 (mkdir classesdir)
-                 (and (zero? (apply system* `("javac" "-d" ,classesdir
-                                              ,@(find-files "java" "\\.java$"))))
-                      (zero? (system* "jar"
-                                      "-cf" "inst/java/ModularityOptimizer.jar"
-                                      "-C" classesdir ".")))))))))
-      (native-inputs
-       `(("jdk" ,icedtea "jdk")))
-      (propagated-inputs
-       `(("r-ape" ,r-ape)
-         ("r-caret" ,r-caret)
-         ("r-cowplot" ,r-cowplot)
-         ("r-dplyr" ,r-dplyr)
-         ("r-fastica" ,r-fastica)
-         ("r-fnn" ,r-fnn)
-         ("r-fpc" ,r-fpc)
-         ("r-gdata" ,r-gdata)
-         ("r-ggplot2" ,r-ggplot2)
-         ("r-gplots" ,r-gplots)
-         ("r-gridextra" ,r-gridextra)
-         ("r-igraph" ,r-igraph)
-         ("r-irlba" ,r-irlba)
-         ("r-lars" ,r-lars)
-         ("r-mixtools" ,r-mixtools)
-         ("r-pbapply" ,r-pbapply)
-         ("r-plyr" ,r-plyr)
-         ("r-ranger" ,r-ranger)
-         ("r-rcolorbrewer" ,r-rcolorbrewer)
-         ("r-rcpp" ,r-rcpp)
-         ("r-rcppeigen" ,r-rcppeigen)
-         ("r-rcppprogress" ,r-rcppprogress)
-         ("r-reshape2" ,r-reshape2)
-         ("r-rocr" ,r-rocr)
-         ("r-rtsne" ,r-rtsne)
-         ("r-stringr" ,r-stringr)
-         ("r-tclust" ,r-tclust)
-         ("r-tsne" ,r-tsne)
-         ("r-vgam" ,r-vgam)))
-      (home-page "http://www.satijalab.org/seurat")
-      (synopsis "Seurat is an R toolkit for single cell genomics")
-      (description
-       "This package is an R package designed for QC, analysis, and
+  (package
+    (name "r-seurat")
+    (version "2.1.0")
+    (source (origin
+              (method url-fetch)
+              (uri (cran-uri "Seurat" version))
+              (sha256
+               (base32
+                "1hqaq6bciikrsyw157w8fn4jw885air7xbkxrmism93rp4qx483x"))
+              ;; Delete pre-built jar.
+              (snippet
+               '(begin (delete-file "inst/java/ModularityOptimizer.jar")
+                       #t))))
+    (properties `((upstream-name . "Seurat")))
+    (build-system r-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'build-jar
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let ((classesdir "tmp-classes"))
+               (setenv "JAVA_HOME" (assoc-ref inputs "jdk"))
+               (mkdir classesdir)
+               (with-output-to-file "manifest"
+                 (lambda _
+                   (display "Manifest-Version: 1.0
+Main-Class: ModularityOptimizer\n")))
+               (and (zero? (apply system* `("javac" "-d" ,classesdir
+                                            ,@(find-files "java" "\\.java$"))))
+                    (zero? (system* "jar"
+                                    "-cmf" "manifest"
+                                    "inst/java/ModularityOptimizer.jar"
+                                    "-C" classesdir  ".")))))))))
+    (native-inputs
+     `(("jdk" ,icedtea "jdk")))
+    (propagated-inputs
+     `(("r-ape" ,r-ape)
+       ("r-caret" ,r-caret)
+       ("r-cowplot" ,r-cowplot)
+       ("r-diffusionmap" ,r-diffusionmap)
+       ("r-dplyr" ,r-dplyr)
+       ("r-dtw" ,r-dtw)
+       ("r-fnn" ,r-fnn)
+       ("r-fpc" ,r-fpc)
+       ("r-gdata" ,r-gdata)
+       ("r-ggjoy" ,r-ggjoy)
+       ("r-ggplot2" ,r-ggplot2)
+       ("r-gplots" ,r-gplots)
+       ("r-gridextra" ,r-gridextra)
+       ("r-hmisc" ,r-hmisc)
+       ("r-ica" ,r-ica)
+       ("r-igraph" ,r-igraph)
+       ("r-irlba" ,r-irlba)
+       ("r-lars" ,r-lars)
+       ("r-mass" ,r-mass)
+       ("r-matrix" ,r-matrix)
+       ("r-mixtools" ,r-mixtools)
+       ("r-nmf" ,r-nmf)
+       ("r-pbapply" ,r-pbapply)
+       ("r-plotly" ,r-plotly)
+       ("r-ranger" ,r-ranger)
+       ("r-rcolorbrewer" ,r-rcolorbrewer)
+       ("r-rcpp" ,r-rcpp)
+       ("r-rcppprogress" ,r-rcppprogress)
+       ("r-reshape2" ,r-reshape2)
+       ("r-rocr" ,r-rocr)
+       ("r-rtsne" ,r-rtsne)
+       ("r-sdmtools" ,r-sdmtools)
+       ("r-stringr" ,r-stringr)
+       ("r-tclust" ,r-tclust)
+       ("r-tidyr" ,r-tidyr)
+       ("r-tsne" ,r-tsne)
+       ("r-vgam" ,r-vgam)))
+    (home-page "http://www.satijalab.org/seurat")
+    (synopsis "Seurat is an R toolkit for single cell genomics")
+    (description
+     "This package is an R package designed for QC, analysis, and
 exploration of single cell RNA-seq data.  It easily enables widely-used
 analytical techniques, including the identification of highly variable genes,
 dimensionality reduction; PCA, ICA, t-SNE, standard unsupervised clustering
 algorithms; density clustering, hierarchical clustering, k-means, and the
 discovery of differentially expressed genes and markers.")
-      (license license:gpl3))))
+    (license license:gpl3)))
 
 (define-public r-aroma-light
   (package
diff --git a/gnu/packages/build-tools.scm b/gnu/packages/build-tools.scm
index 00a286150a..7c0faca9a2 100644
--- a/gnu/packages/build-tools.scm
+++ b/gnu/packages/build-tools.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Corentin Bocquillon <corentin@nybble.fr>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -70,7 +71,7 @@ makes a few sacrifices to acquire fast full and incremental build times.")
 (define-public meson
   (package
     (name "meson")
-    (version "0.43.0")
+    (version "0.44.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/mesonbuild/meson/"
@@ -78,7 +79,7 @@ makes a few sacrifices to acquire fast full and incremental build times.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0h3k0m45004ay1hzz9r66fkl1kwizaigxahyrlabyw0d1slyq4y5"))))
+                "06r8limj38mv884s5riiz6lpzw37cvhbf9jd0smzcbi7fwmv3yah"))))
     (build-system python-build-system)
     (inputs `(("ninja", ninja)))
     (propagated-inputs `(("python" ,python)))
diff --git a/gnu/packages/chez.scm b/gnu/packages/chez.scm
index b532057605..4b5b8e8bc7 100644
--- a/gnu/packages/chez.scm
+++ b/gnu/packages/chez.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Federico Beffa <beffa@fbengineering.ch>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -61,14 +62,14 @@
 (define-public chez-scheme
   (package
     (name "chez-scheme")
-    (version "9.4")
+    (version "9.5")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://github.com/cisco/ChezScheme/archive/"
                            "v" version ".tar.gz"))
        (sha256
-        (base32 "0lprmpsjg2plc6ykgkz482zyvhkzv6gd0vnar71ph21h6zknyklz"))
+        (base32 "135991hspq0grf26pvl2lkwhp92yz204h6rgiwyym0x6v0xzknd1"))
        (file-name (string-append "chez-scheme-" version ".tar.gz"))))
     (build-system gnu-build-system)
     (inputs
@@ -104,7 +105,15 @@
          (add-after 'unpack 'patch-processor-detection
            (lambda _ (substitute* "configure"
                        (("uname -a") "uname -m"))
-             #t))
+                   #t))
+         (add-after 'unpack 'patch-broken-documentation
+           (lambda _
+             ;; Work around an oversight in the 9.5 release tarball that causes
+             ;; building the documentation to fail. This should be fixed in the
+             ;; next one; see <https://github.com/cisco/ChezScheme/issues/209>.
+             (substitute* "csug/copyright.stex"
+               (("\\\\INSERTREVISIONMONTHSPACEYEAR" )
+                "October 2017"))))     ; tarball release date
          ;; Adapt the custom 'configure' script.
          (replace 'configure
            (lambda* (#:key inputs outputs #:allow-other-keys)
diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index 859dfd0ca7..a094f0a465 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2013, 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2017 Andy Wingo <wingo@igalia.com>
@@ -99,14 +99,14 @@ highlighting your own code that seemed comprehensible when you wrote it.")
 (define-public global                             ; a global variable
   (package
     (name "global")
-    (version "6.5.7")
+    (version "6.6.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/global/global-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "0cnd7a7d1pl46yk15q6mnr9i9w3xi8pxgchw4ia9njgr4jjqzh6r"))))
+               "1r2r6z41lmgbszzwx7h3jqhwnqb9jj32pndzhr3lb0id710c8gcl"))))
     (build-system gnu-build-system)
     (inputs `(("ncurses" ,ncurses)
               ("libltdl" ,libltdl)
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 0cee54848c..fc3aea31fe 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -661,7 +661,7 @@ compression library.")
 (define-public perl-compress-raw-zlib
   (package
     (name "perl-compress-raw-zlib")
-    (version "2.074")
+    (version "2.076")
     (source
      (origin
        (method url-fetch)
@@ -669,7 +669,7 @@ compression library.")
                            "Compress-Raw-Zlib-" version ".tar.gz"))
        (sha256
         (base32
-         "08bpx9v6i40n54rdcj6invlj294z20amrl8wvwf9b83aldwdwsd3"))))
+         "1al2h0i6mspldmlf5c09fy5a4j8swsxd31v6zi8zx9iyqk1lw7in"))))
     (build-system perl-build-system)
     (inputs
      `(("zlib" ,zlib)))
diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm
index 11d30815cf..e7c9c6588a 100644
--- a/gnu/packages/cran.scm
+++ b/gnu/packages/cran.scm
@@ -1642,3 +1642,134 @@ originally inspired by the book \"Visualizing Categorical Data\" by Michael
 Friendly and is now the main support package for a new book, \"Discrete Data
 Analysis with R\" by Michael Friendly and David Meyer (2015).")
     (license license:gpl2)))
+
+(define-public r-ica
+  (package
+    (name "r-ica")
+    (version "1.0-1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "ica" version))
+       (sha256
+        (base32
+         "1bkl4a72l0k6gm82l3jxnib898z20cw17zg81jj39l9dn65rlmcq"))))
+    (build-system r-build-system)
+    (home-page "http://cran.r-project.org/web/packages/ica/")
+    (synopsis "Independent component analysis")
+    (description "This package provides tools for @dfn{Independent Component
+Analysis} (ICA) using various algorithms: FastICA,
+Information-Maximization (Infomax), and @dfn{Joint Approximate Diagonalization
+of Eigenmatrices} (JADE).")
+    (license license:gpl2+)))
+
+(define-public r-dtw
+  (package
+    (name "r-dtw")
+    (version "1.18-1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "dtw" version))
+       (sha256
+        (base32
+         "1b91vahba09cqlb8b1ry4dlv4rbldb4s2p6w52gmyw31vxdv5nnr"))))
+    (build-system r-build-system)
+    (propagated-inputs `(("r-proxy" ,r-proxy)))
+    (home-page "http://dtw.r-forge.r-project.org/")
+    (synopsis "Dynamic Time Warping Algorithms")
+    (description "This package provides a comprehensive implementation of
+@dfn{dynamic time warping} (DTW) algorithms in R.  DTW computes the
+optimal (least cumulative distance) alignment between points of two time
+series.  Common DTW variants covered include local (slope) and global (window)
+constraints, subsequence matches, arbitrary distance definitions,
+normalizations, minimum variance matching, and so on.")
+    (license license:gpl2+)))
+
+(define-public r-sdmtools
+  (package
+    (name "r-sdmtools")
+    (version "1.1-221")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "SDMTools" version))
+       (sha256
+        (base32
+         "1kacrpamshv7wz83yn45sfbw4m9c44xrrngzcklnwx8gcxx2knm6"))))
+    (properties `((upstream-name . "SDMTools")))
+    (build-system r-build-system)
+    (propagated-inputs `(("r-r-utils" ,r-r-utils)))
+    (home-page "http://www.rforge.net/SDMTools/")
+    (synopsis "Species distribution modelling tools")
+    (description "This packages provides a set of tools for post processing
+the outcomes of species distribution modeling exercises.  It includes novel
+methods for comparing models and tracking changes in distributions through
+time.  It further includes methods for visualizing outcomes, selecting
+thresholds, calculating measures of accuracy and landscape fragmentation
+statistics, etc.")
+    (license license:gpl3+)))
+
+(define-public r-scatterplot3d
+  (package
+    (name "r-scatterplot3d")
+    (version "0.3-40")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "scatterplot3d" version))
+       (sha256
+        (base32
+         "0ababcj87kx7860mica9y2ydlhskxmgj9n46crx036cila512jc2"))))
+    (build-system r-build-system)
+    (home-page "http://cran.r-project.org/web/packages/scatterplot3d/")
+    (synopsis "3D scatter plot")
+    (description "This package provides an implementation of scatter plots for
+plotting.  a three dimensional point cloud.")
+    (license license:gpl2)))
+
+(define-public r-ggridges
+  (package
+    (name "r-ggridges")
+    (version "0.4.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "ggridges" version))
+       (sha256
+        (base32
+         "0kfa3icqdalqdg1klxjrhfl7if35d3wnsiyl86bprw5dyqyh3lh3"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-ggplot2" ,r-ggplot2)
+       ("r-plyr" ,r-plyr)
+       ("r-scales" ,r-scales)))
+    (home-page "https://github.com/clauswilke/ggridges")
+    (synopsis "Ridgeline plots in ggplot2")
+    (description
+     "Ridgeline plots provide a convenient way of visualizing changes in
+distributions over time or space.  This package enables the creation of such
+plots in @code{ggplot2}.")
+    (license license:gpl2)))
+
+(define-public r-ggjoy
+  (package
+    (name "r-ggjoy")
+    (version "0.4.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "ggjoy" version))
+       (sha256
+        (base32
+         "1s24zn7gmk52bvjjhanxby7rxbnc2yfl0nx5nv7x7z0zja8gg7nb"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-ggplot2" ,r-ggplot2)
+       ("r-ggridges" ,r-ggridges)))
+    (home-page "https://github.com/clauswilke/ggjoy")
+    (synopsis "Joyplots in ggplot2")
+    (description "Joyplots provide a convenient way of visualizing changes in
+distributions over time or space.  This package enables the creation of such
+plots in @code{ggplot2}.")
+    (license license:gpl2)))
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index 7f0240002f..92da952999 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -61,7 +61,7 @@
 (define-public libsodium
   (package
     (name "libsodium")
-    (version "1.0.15")
+    (version "1.0.16")
     (source (origin
             (method url-fetch)
             (uri (list (string-append
@@ -72,7 +72,7 @@
                         "releases/old/libsodium-" version ".tar.gz")))
             (sha256
              (base32
-              "1x3qw7lsz44vcxpcn1dvwig410phg6gmv31jwj94arrgka3rwspv"))))
+              "0cq5pn7qcib7q70mm1lgjwj75xdxix27v0xl1xl0kvxww7hwgbgf"))))
     (build-system gnu-build-system)
     (synopsis "Portable NaCl-based crypto library")
     (description
diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index bb2b88d9ff..974ef1c977 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -370,14 +370,19 @@ device-specific programs to convert and print many types of files.")
 (define-public hplip
   (package
     (name "hplip")
-    (version "3.17.10")
+    (version "3.17.11")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/hplip/hplip/" version
                                   "/hplip-" version ".tar.gz"))
               (sha256
                (base32
-                "0v27hg856b5z2rilczcbfgz8ksxn0n810g1glac3mxkj8qbl8wqg"))))
+                "0xda7x7xxjvzn1l0adlvbwcw21crq1r3r79bkf94q3m5i6abx49g"))
+              (modules '((guix build utils)))
+              (snippet
+               ;; Fix type mismatch.
+               '(substitute* "prnt/hpcups/genPCLm.cpp"
+                  (("boolean") "bool")))))
     (build-system gnu-build-system)
     (home-page "http://hplipopensource.com/")
     (synopsis "HP Printer Drivers")
@@ -437,11 +442,11 @@ device-specific programs to convert and print many types of files.")
                           (("/usr/include/libusb-1.0")
                            (string-append (assoc-ref inputs "libusb")
                                           "/include/libusb-1.0"))
-                          (("^\tinstall-dist_hplip_stateDATA")
-                           ;; Remove dependencies on
-                           ;; 'install-dist_hplip_stateDATA' so we don't bail
-                           ;; out while trying to create /var/lib/hplip.
-                           "\t")
+                          (("hplip_statedir =.*$")
+                           ;; Don't bail out while trying to create
+                           ;; /var/lib/hplip.  We can safely change its value
+                           ;; here because it's hard-coded in the code anyway.
+                           "hplip_statedir = $(prefix)\n")
                           (("hplip_confdir = /etc/hp")
                            ;; This is only used for installing the default config.
                            (string-append "hplip_confdir = " out
@@ -470,12 +475,14 @@ device-specific programs to convert and print many types of files.")
               ("cups-minimal" ,cups-minimal)
               ("libusb" ,libusb)
               ("sane-backends" ,sane-backends-minimal)
+              ("zlib" ,zlib)
               ("dbus" ,dbus)
               ("python-wrapper" ,python-wrapper)
               ("python" ,python)
               ;; TODO: Make hp-setup find python-dbus.
               ("python-dbus" ,python-dbus)))
-    (native-inputs `(("pkg-config" ,pkg-config)))))
+    (native-inputs `(("pkg-config" ,pkg-config)
+                     ("perl" ,perl)))))
 
 (define-public foomatic-filters
   (package
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 8f7e428729..1306cf76b2 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -1280,7 +1280,7 @@ module, and nothing else.")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/R/RI/RIBASUSHI/"
+       (uri (string-append "mirror://cpan/authors/id/I/IL/ILMARI/"
                            "SQL-Abstract-" version ".tar.gz"))
        (sha256
         (base32
diff --git a/gnu/packages/datastructures.scm b/gnu/packages/datastructures.scm
index 36318ee04e..0c751f4970 100644
--- a/gnu/packages/datastructures.scm
+++ b/gnu/packages/datastructures.scm
@@ -116,3 +116,58 @@ with the number of cores.  liburcu-cds provides efficient data structures
 based on RCU and lock-free algorithms.  These structures include hash tables,
 queues, stacks, and doubly-linked lists.")
     (license license:lgpl2.1+)))
+
+(define-public uthash
+  (package
+    (name "uthash")
+    (version "2.0.2")
+    (source
+     (origin
+       (method url-fetch)
+       (file-name (string-append name "-" version ".tar.gz"))
+       (uri (string-append "https://github.com/troydhanson/uthash/archive/v"
+                           version ".tar.gz"))
+       (sha256
+        (base32
+         "1la82gdlyl7m8ahdjirigwfh7zjgkc24cvydrqcri0vsvm8iv8rl"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("perl" ,perl)))
+    (arguments
+     `(#:make-flags
+       (list "CC=gcc")
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)            ; nothing to configure
+         (delete 'build)                ; nothing to build
+         (replace 'check
+           (lambda* (#:key make-flags #:allow-other-keys)
+             (with-directory-excursion "tests"
+               (zero? (apply system* "make"
+                             make-flags)))))
+         (replace 'install
+           ;; There is no top-level Makefile to do this for us.
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (doc (string-append out "/share/doc/" ,name))
+                    (include (string-append out "/include")))
+               ;; Don't install HTML files: they're just the below .txt files
+               ;; dolled up, can be stale, and regeneration requires asciidoc.
+               (for-each (λ (file) (install-file file doc))
+                         (find-files "doc" "\\.txt$"))
+               (for-each (λ (file) (install-file file include))
+                         (find-files "src" "\\.h$"))
+               #t))))))
+    (home-page "https://troydhanson.github.io/uthash/")
+    (synopsis
+     "Hash tables, lists, and other data structures implemented as C macros")
+    (description
+     "uthash implements a hash table and a few other basic data structures
+as C preprocessor macros.  It aims to be minimalistic and efficient: it's
+around 1,000 lines of code which, being macros, inline automatically.
+
+Unlike function calls with fixed prototypes, macros operate on untyped
+arguments.  Thus, they are able to work with any type of structure and key.
+Any C structure can be stored in a hash table by adding @code{UT_hash_handle}
+to the structure and choosing one or more fields to act as the key.")
+    (license license:bsd-2)))
diff --git a/gnu/packages/dictionaries.scm b/gnu/packages/dictionaries.scm
index 062c29b66d..d96a88b4d1 100644
--- a/gnu/packages/dictionaries.scm
+++ b/gnu/packages/dictionaries.scm
@@ -23,6 +23,7 @@
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
+  #:use-module (guix build-system python)
   #:use-module (guix build-system trivial)
   #:use-module (gnu packages base)
   #:use-module (gnu packages curl)
@@ -206,6 +207,45 @@ It comes with a German-English dictionary with approximately 270,000 entries.")
     (home-page  "http://www-user.tu-chemnitz.de/~fri/ding/")
     (license gpl2+)))
 
+(define-public grammalecte
+  (package
+    (name "grammalecte")
+    (version "0.6.1")
+    (source
+     (origin
+       (method url-fetch/zipbomb)
+       (uri (string-append "https://www.dicollecte.org/grammalecte/zip/"
+                           "Grammalecte-fr-v" version ".zip"))
+       (sha256
+        (base32
+         "0bl342i7nqbg8swk3fxashg9liyp3jdnix59pndhy41cpm1xln4i"))))
+    (build-system python-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'fix-setup.py
+           ;; FIXME: "setup.py" contains a typo in 0.6.1 release. The
+           ;; issue was reported and fixed upstream
+           ;; (https://dicollecte.org/thread.php?prj=fr&t=674). This
+           ;; phase can be removed in next release.
+           (lambda _
+             (substitute* "setup.py"
+               (("server_options\\.") "grammalecte-server-options."))
+             #t)))))
+    (home-page "https://www.dicollecte.org")
+    (synopsis  "French spelling and grammar checker")
+    (description "Grammalecte is a grammar checker dedicated to the French
+language, derived from Lightproof.
+
+Grammalecte aims at helping to write a proper French without distracting users
+with false positives.  This grammar checker follows the principle: the less
+false positives, the better; if it cannot know with a good chance if
+a dubious expression is wrong, it will keep silent.
+
+The package provides the command line interface, along with a server
+and a Python library.")
+    (license gpl3+)))
+
 (define-public translate-shell
   (package
     (name "translate-shell")
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index 1cf14993c3..1a00d8cb16 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -31,6 +31,7 @@
 ;;; Copyright © 2017 Peter Mikkelsen <petermikkelsen10@gmail.com>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Mike Gerwitz <mtg@gnu.org>
+;;; Copyright © 2017 Maxim Cournoyer <maxim.cournoyer@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -377,7 +378,7 @@ when typing parentheses directly or commenting out code line by line.")
 
 (define-public git-modes
   (package
-    (name "git-modes")
+    (name "emacs-git-modes")
     (version "1.2.6")
     (source (origin
               (method url-fetch)
@@ -396,6 +397,9 @@ when typing parentheses directly or commenting out code line by line.")
 configuration files, such as .gitattributes, .gitignore, and .git/config.")
     (license license:gpl3+)))
 
+(define-public git-modes/old-name
+  (deprecated-package "git-modes" git-modes))
+
 (define-public emacs-with-editor
   (package
     (name "emacs-with-editor")
@@ -1972,6 +1976,26 @@ keep pressing the key until it selects what you want.  There's also
 column by drawing a thin line down the length of the editing window.")
     (license license:gpl3+)))
 
+(define-public emacs-grep-a-lot
+  (package
+    (name "emacs-grep-a-lot")
+    (version "1.0.7")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/ZungBang/emacs-grep-a-lot.git")
+                    (commit "9f9f645b9e308a0d887b66864ff97d0fca1ba4ad")))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "1f8262mrlinzgnn4m49hbj1hm3c1mvzza24py4b37sasn49546lw"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/ZungBang/emacs-grep-a-lot")
+    (synopsis "Enables multiple grep buffers in Emacs")
+    (description
+     "This Emacs package allows managing multiple grep buffers.")
+    (license license:gpl3+)))
+
 (define-public emacs-inf-ruby
   (package
     (name "emacs-inf-ruby")
@@ -2153,6 +2177,43 @@ evaluated in the browser, just like Emacs does with an inferior Lisp process
 in Lisp modes.")
     (license license:unlicense)))
 
+(define-public emacs-string-inflection
+  (package
+    (name "emacs-string-inflection")
+    (version "1.0.6")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/akicho8/string-inflection")
+                    (commit "a150e7bdda60b7824d3a936750ce23f73b0e4edd")))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "1k0sm552iawi49v4zis6dbb81d1rzgky9v0dpv7nj31gnb7bmy7k"))))
+    (build-system emacs-build-system)
+    (native-inputs
+     `(("ert-runner" ,ert-runner)))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-before 'install 'check
+           (lambda _
+             (zero? (system* "ert-runner")))))))
+    (home-page "https://github.com/akicho8/string-inflection")
+    (synopsis "Convert symbol names between different naming conventions")
+    (description
+     "This Emacs package provides convenient methods for manipulating the
+naming style of a symbol.  It supports different naming conventions such as:
+
+@enumerate
+@item camel case
+@item Pascal case
+@item all upper case
+@item lower case separated by underscore
+@item etc...
+@end enumerate\n")
+    (license license:gpl2+)))
+
 (define-public emacs-stripe-buffer
   (package
     (name "emacs-stripe-buffer")
@@ -2195,6 +2256,31 @@ tables.")
 mode-line.")
     (license license:gpl2+)))
 
+(define-public emacs-robe
+  (package
+    (name "emacs-robe")
+    (version "0.8.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/dgutov/robe/"
+                           "archive/" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1vp45y99fwj88z04ah4yppz4z568qcib646az6m9az5ar0f203br"))))
+    (build-system emacs-build-system)
+    (propagated-inputs
+     `(("emacs-inf-ruby" ,emacs-inf-ruby)))
+    (home-page "https://github.com/dgutov/robe")
+    (synopsis "Ruby code assistance tool for Emacs")
+    (description
+     "Robe can provide information on loaded classes and modules in Ruby code,
+as well as where methods are defined.  This allows the user to jump to method
+definitions, modules and classes, display method documentation and provide
+method and constant name completion.")
+    (license license:gpl3+)))
+
 (define-public emacs-rspec
   (package
     (name "emacs-rspec")
@@ -2969,7 +3055,7 @@ single theme but a set of guidelines with numerous implementations.")
 (define-public emacs-smartparens
   (package
     (name "emacs-smartparens")
-    (version "1.10.1")
+    (version "1.11.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2978,7 +3064,7 @@ single theme but a set of guidelines with numerous implementations.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1nwsi6fbbxjq3r22r6knmx71la3g0lmwfb95i9q4k138gn0m2l3i"))))
+                "0q5as813xs8y29i3v2rm97phd6m7xsmmw6hwbvx57gwmi8i1c409"))))
     (build-system emacs-build-system)
     (propagated-inputs `(("emacs-dash" ,emacs-dash)))
     (home-page "https://github.com/Fuco1/smartparens")
@@ -4897,7 +4983,7 @@ highlights quasi-quoted expressions.")
 (define-public emacspeak
   (package
     (name "emacspeak")
-    (version "46.0")
+    (version "47.0")
     (source
      (origin
        (method url-fetch)
@@ -4906,11 +4992,7 @@ highlights quasi-quoted expressions.")
              version "/emacspeak-" version ".tar.bz2"))
        (sha256
         (base32
-         "15x4yfp3wl2fxm1nkx6pz3clw6zyw3argcsqxgcx6pa28sivlg2n"))
-       (modules '((guix build utils)))
-       (snippet
-        ;; Delete the bundled byte-compiled elisp files.
-        '(for-each delete-file (find-files "lisp" "\\.elc$")))))
+         "0xbcc266x752y68s3g096m161irzvsqym3axzqn8rb276a8x55n7"))))
     (build-system gnu-build-system)
     (arguments
      '(#:make-flags (list (string-append "prefix="
@@ -4920,6 +5002,7 @@ highlights quasi-quoted expressions.")
          (replace 'configure
            (lambda _
              ;; Configure Emacspeak according to etc/install.org.
+             (setenv "SHELL" (which "sh"))
              (zero? (system* "make" "config"))))
          (add-after 'build 'build-espeak
            (lambda _
@@ -4998,6 +5081,28 @@ you'd get with @kbd{M-q} using @code{adaptive-fill-mode}, but without
 actually changing the buffer's text.")
     (license license:gpl3+)))
 
+(define-public emacs-diff-hl
+ (package
+  (name "emacs-diff-hl")
+  (version "1.8.4")
+  (source
+    (origin
+      (method url-fetch)
+      (uri (string-append "http://elpa.gnu.org/packages/diff-hl-"
+                          version ".tar"))
+      (sha256
+        (base32
+          "0axhidc3cym7a2x4rpxf4745qss9s9ajyg4s9h5b4zn7v7fyp71n"))))
+  (build-system emacs-build-system)
+  (home-page "https://github.com/dgutov/diff-hl")
+  (synopsis
+    "Highlight uncommitted changes using VC")
+  (description
+    "@code{diff-hl-mode} highlights uncommitted changes on the side of the
+window (using the fringe, by default), allows you to jump between
+the hunks and revert them selectively.")
+  (license license:gpl3+)))
+
 (define-public emacs-diminish
   (package
     (name "emacs-diminish")
@@ -5386,7 +5491,7 @@ It should enable you to implement low-level X11 applications.")
 (define-public emacs-exwm
   (package
     (name "emacs-exwm")
-    (version "0.15")
+    (version "0.16")
     (synopsis "Emacs X window manager")
     (source (origin
               (method url-fetch)
@@ -5394,7 +5499,7 @@ It should enable you to implement low-level X11 applications.")
                                   version ".tar"))
               (sha256
                (base32
-                "1y7nqry9y0a99bsdqkk9f554vczfw4sz6raadw3138835qy697jg"))))
+                "0c4w5k9lzqj8yzhdqipdb4fs7ld2qklc6s137104jnfdvmrwcv2i"))))
     (build-system emacs-build-system)
     (propagated-inputs
      `(("emacs-xelb" ,emacs-xelb)))
@@ -5930,6 +6035,35 @@ available key bindings that follow C-x (or as many as space allows given your
 settings).")
     (license license:gpl3+)))
 
+(define-public emacs-ws-butler
+  (package
+    (name "emacs-ws-butler")
+    (version "0.6")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/lewang/ws-butler.git")
+                    (commit "323b651dd70ee40a25accc940b8f80c3a3185205")))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "1a4b0lsmwq84qfx51c5xy4fryhb1ysld4fhgw2vr37izf53379sb"))))
+    (build-system emacs-build-system)
+    (native-inputs
+     `(("ert-runner" ,ert-runner)))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-before 'install 'check
+           (lambda _
+             (zero? (system* "ert-runner" "tests")))))))
+    (home-page "https://github.com/lewang/ws-butler")
+    (synopsis "Trim spaces from end of lines")
+    (description
+     "This Emacs package automatically and unobtrusively trims whitespace
+characters from end of lines.")
+    (license license:gpl3+)))
+
 (define-public emacs-org-edit-latex
   (package
     (name "emacs-org-edit-latex")
@@ -6272,6 +6406,28 @@ and shell-command prompts that are based on bash completion.")
 let users kill or mark things easily.")
     (license license:gpl3+)))
 
+(define-public emacs-csv-mode
+  (package
+    (name "emacs-csv-mode")
+    (version "1.7")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://elpa.gnu.org/packages/csv-mode-"
+                           version ".el"))
+       (sha256
+        (base32
+         "0r4bip0w3h55i8h6sxh06czf294mrhavybz0zypzrjw91m1bi7z6"))))
+    (build-system emacs-build-system)
+    (home-page
+     "http://elpa.gnu.org/packages/csv-mode.html")
+    (synopsis
+     "Major mode for editing comma/char separated values")
+    (description
+     "This Emacs package implements CSV mode, a major mode for editing records
+in a generalized CSV (character-separated values) format.")
+    (license license:gpl3+)))
+
 (define-public emacs-transmission
   (package
     (name "emacs-transmission")
diff --git a/gnu/packages/embedded.scm b/gnu/packages/embedded.scm
index 033d0032e7..029b5a5c24 100644
--- a/gnu/packages/embedded.scm
+++ b/gnu/packages/embedded.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016, 2017 Theodoros Foradis <theodoros@foradis.org>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -932,3 +933,40 @@ int fast_build_block_buffer"))
 MPSSE (Multi-Protocol Synchronous Serial Engine) adapter by FTDI that can do
 SPI, I2C, JTAG.")
     (license license:gpl2+)))
+
+(define-public picprog
+  (package
+    (name "picprog")
+    (version "1.9.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://www.iki.fi/hyvatti/pic/picprog-"
+                                  version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1r04hg1n3v2jf915qr05la3q9cxy7a5jnh9cc98j04lh6c9p4x85"))
+              (patches (search-patches "picprog-non-intel-support.patch"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f                      ; No tests exist.
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-paths
+           (lambda* (#:key outputs #:allow-other-keys)
+             (substitute* "Makefile"
+               (("/usr/local") (assoc-ref outputs "out"))
+               ((" -o 0 -g 0 ") " ")
+               (("testport") ""))
+             #t))
+         (add-before 'install 'mkdir
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (mkdir-p (string-append out "/bin"))
+               (mkdir-p (string-append out "/man/man1"))
+               #t)))
+         (delete 'configure))))
+    (synopsis "Programs Microchip's PIC microcontrollers")
+    (description "This program programs Microchip's PIC microcontrollers.")
+    (home-page "http://hyvatti.iki.fi/~jaakko/pic/picprog.html")
+    (license license:gpl3+)))
diff --git a/gnu/packages/erlang.scm b/gnu/packages/erlang.scm
index 770ed715bc..77f39ee630 100644
--- a/gnu/packages/erlang.scm
+++ b/gnu/packages/erlang.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Steve Sprang <scs@stevesprang.com>
-;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016, 2017 Pjotr Prins <pjotr.guix@thebird.nl>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -23,6 +23,7 @@
   #:use-module (guix build-system gnu)
   #:use-module (guix download)
   #:use-module (guix packages)
+  #:use-module (guix utils)
   #:use-module (gnu packages)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages fontutils)
@@ -35,7 +36,7 @@
 (define-public erlang
   (package
     (name "erlang")
-    (version "20.1")
+    (version "20.1.7")
     (source (origin
               (method url-fetch)
               ;; The tarball from http://erlang.org/download contains many
@@ -46,7 +47,7 @@
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0r4g8ag7nlpw06y4c39fgcyccykj2sbyhv5jgp4qmrjci2ydgns8"))
+                "00pmngdyh1h088anmx6fbk085i93ajgk92rz7qsyhfc0lx0sm0a9"))
               (patches (search-patches "erlang-man-path.patch"))))
     (build-system gnu-build-system)
     (native-inputs
@@ -59,7 +60,7 @@
         ,(origin
            (method url-fetch)
            (uri (string-append "http://erlang.org/download/otp_doc_man_"
-                               version ".tar.gz"))
+                               (version-major+minor version) ".tar.gz"))
            (sha256
             (base32
              "0ikvdpn4z7az6szg176l1r2yxhgs3msa3wgb3gmy45jkz0pzik05"))))))
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index f6addc31cc..b0e67c2023 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -297,9 +297,13 @@ high quality, anti-aliased and subpixel rendered text on a display.")
             (sha256 (base32
                      "0nbvjpnmcznib1nlgg8xckrmsw3haa154byds2h90y2g0nsjh4w2"))
             (patches (search-patches
-                       "t1lib-CVE-2010-2642.patch"
+                       "t1lib-CVE-2010-2642.patch" ; 2011-0443, 2011-5244
                        "t1lib-CVE-2011-0764.patch"
-                       "t1lib-CVE-2011-1552+CVE-2011-1553+CVE-2011-1554.patch"))))
+                       "t1lib-CVE-2011-1552+.patch")))) ; 2011-1553, 2011-1554
+   (properties `((lint-hidden-cve . ("CVE-2011-0433"
+                                     "CVE-2011-1553"
+                                     "CVE-2011-1554"
+                                     "CVE-2011-5244"))))
    (build-system gnu-build-system)
    (arguments
     ;; Making the documentation requires latex, but t1lib is also an input
diff --git a/gnu/packages/fvwm.scm b/gnu/packages/fvwm.scm
index 933820e5fa..5ff3d5e4f2 100644
--- a/gnu/packages/fvwm.scm
+++ b/gnu/packages/fvwm.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 ng0 <ng0@infotropique.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -34,16 +35,15 @@
 (define-public fvwm
   (package
     (name "fvwm")
-    (version "2.6.6")
+    (version "2.6.7")
     (source (origin
               (method url-fetch)
               (uri (string-append
                     "https://github.com/fvwmorg/fvwm/releases/download/"
-                    "version-" (string-join (string-split version #\.) "_")
-                    "/" name "-" version ".tar.gz"))
+                    version "/" name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0b6w0vk6cpqaz0ws3vl4by0mycv33r42a0m806j2h8avy9ghipn5"))))
+                "0wzghjgy65pkn31rgl14fngizw7nbkzbxsfa670xmrndpmd4sr81"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("perl" ,perl)
diff --git a/gnu/packages/game-development.scm b/gnu/packages/game-development.scm
index 3c544f5546..ca76ff7d85 100644
--- a/gnu/packages/game-development.scm
+++ b/gnu/packages/game-development.scm
@@ -12,6 +12,7 @@
 ;;; Copyright © 2017 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
 ;;; Copyright © 2017 Peter Mikkelsen <petermikkelsen10@gmail.com>
 ;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
+;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -111,7 +112,7 @@ is used in some video games and movies.")
 (define-public deutex
   (package
    (name "deutex")
-   (version "5.0.0")
+   (version "5.1.0")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://github.com/Doom-Utils/" name
@@ -119,7 +120,7 @@ is used in some video games and movies.")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "1jvffcpq64hk3jysz4q6zi9hqkksy151ci9553h8q7wrrkbw0i9z"))))
+              "0hwkm0q2w16ddmiwh7x3jcfp58zjb40a5dh7c3sybwm9bar37pn1"))))
    (build-system gnu-build-system)
    (native-inputs `(("asciidoc" ,asciidoc)))
    (home-page "https://github.com/Doom-Utils/deutex")
@@ -1014,7 +1015,7 @@ of use.")
 (define-public openmw
   (package
     (name "openmw")
-    (version "0.42.0")
+    (version "0.43.0")
     (source
      (origin
        (method url-fetch)
@@ -1023,7 +1024,7 @@ of use.")
                        name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1pla8016lpbg8cgm9kia318a860f26dmiayc72p3zl35mqrc7g7w"))))
+         "11phjx7b3mv4n295xgq25lkcwq0mgr35i5k05hf1h77y6n6jbw64"))))
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f                      ; No test target
diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index 398ab4e9b5..b8e306a941 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -355,6 +355,47 @@ played.  Freedoom complements the Doom engine with free levels, artwork, sound
 effects and music to make a completely free game.")
    (license license:bsd-3)))
 
+(define-public knights
+  (package
+    (name "knights")
+    (version "025")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://www.knightsgame.org.uk/files/knights_"
+                                  version "_src.tar.gz"))
+              (sha256
+               (base32
+                "18vp2ygvn0s0jz8rm585jqf6hjqkam1ximq81k0r9hpmfj7wb88f"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:make-flags
+       (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
+       #:phases
+       (modify-phases %standard-phases
+         ;; No configure script.
+         (delete 'configure))
+       #:tests? #f)) ;; No check target.
+    (inputs
+     `(("boost" ,boost)
+       ("sdl-union" ,(sdl-union (list sdl sdl-image sdl-mixer)))
+       ("freetype" ,freetype)
+       ("fontconfig" ,fontconfig)
+       ("curl" ,curl)))
+    (home-page "http://www.knightsgame.org.uk/")
+    (synopsis "Multiplayer dungeon game involving knights and quests")
+    (description "Knights is a multiplayer game involving several knights who
+must run around a dungeon and complete various quests.  Each game revolves
+around a quest – for example, you might have to find some items and carry them
+back to your starting point.  This may sound easy, but as there are only
+enough items in the dungeon for one player to win, you may end up having to
+kill your opponents to get their stuff!  Other quests involve escaping from
+the dungeon, fighting a duel to the death against the enemy knights, or
+destroying an ancient book using a special wand.")
+    ;; This package includes modified sources of lua (X11), enet (Expat), and
+    ;; guichan (BSD-3).  The "Coercri" library is released under the Boost
+    ;; license.  The whole package is released under GPLv3+.
+    (license license:gpl3+)))
+
 (define-public gnubg
   (package
     (name "gnubg")
@@ -2737,6 +2778,9 @@ Transport Tycoon Deluxe.")
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f ;; no tests available
+       #:configure-flags
+        (list (string-append "-DCMAKE_INSTALL_LIBDIR="
+                       (assoc-ref %outputs "out") "/lib"))
        #:phases
         (modify-phases %standard-phases
           (add-after 'unpack 'fix-usr-share-paths
diff --git a/gnu/packages/gl.scm b/gnu/packages/gl.scm
index 1956f60e6e..62e272b5bf 100644
--- a/gnu/packages/gl.scm
+++ b/gnu/packages/gl.scm
@@ -8,6 +8,7 @@
 ;;; Copyright © 2016 David Thompson <davet@gnu.org>
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
+;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -41,6 +42,7 @@
   #:use-module (gnu packages llvm)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
+  #:use-module (gnu packages tls)
   #:use-module (gnu packages video)
   #:use-module (gnu packages xdisorg)
   #:use-module (gnu packages xml)
@@ -724,3 +726,36 @@ mixed vector/bitmap output.")
     (license (list license:lgpl2.0+
                    (license:fsf-free "http://www.geuz.org/gl2ps/COPYING.GL2PS"
                                      "GPL-incompatible copyleft license")))))
+
+(define-public virtualgl
+  (package
+    (name "virtualgl")
+    (version "2.5.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/VirtualGL/virtualgl/archive/"
+                           version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0rnid3hwrry9d5d4m7sygq00xxx976rgk00a3557m9r5kxbmy476"))))
+    (arguments
+     `(#:tests? #f ;; no tests are available
+       #:configure-flags (list "-DVGL_USESSL=1" ;; use OpenSSL
+                          (string-append "-DCMAKE_INSTALL_LIBDIR="
+                                         (assoc-ref %outputs "out") "/lib"))))
+    (build-system cmake-build-system)
+    (inputs `(("glu" ,glu)
+              ("libjpeg-turbo" ,libjpeg-turbo)
+              ("mesa" ,mesa)
+              ("openssl" ,openssl)))
+    (native-inputs `(("pkg-config", pkg-config)))
+    (home-page "https://www.virtualgl.org")
+    (synopsis "Redirects 3D commands from an OpenGL application onto a 3D
+graphics card")
+    (description "VirtualGL redirects the 3D rendering commands from OpenGL
+applications to 3D accelerator hardware in a dedicated server and displays the
+rendered output interactively to a thin client located elsewhere on the
+network.")
+    (license license:wxwindows3.1+)))
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 6629a1261b..a89b61565f 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -4061,7 +4061,7 @@ work and the interface is well tested.")
 (define-public eolie
   (package
     (name "eolie")
-    (version "0.9.13")
+    (version "0.9.15")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/gnumdk/eolie/"
@@ -4069,7 +4069,7 @@ work and the interface is well tested.")
                                   "/eolie-" version ".tar.xz"))
               (sha256
                (base32
-                "1khpc6x40y5gm0a3p5fxiva9p1djijxmsh74xinigddnyqbjqw69"))))
+                "0glydxp1xh85gfidk1l9miqn6qxdbvvk5s3iy0pjlv8nrs3263jd"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(#:phases
@@ -6638,7 +6638,7 @@ basically a text box in which notes can be written.")
        (sha256
         (base32
          "0c1q9w5vql0vvg6g0knxfnv4ap19fg5cdrwndi1cj9lsym92c78j"))))
-    (build-system gnu-build-system)
+    (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("desktop-file-utils" ,desktop-file-utils)
        ("glib:bin" ,glib "bin") ; for glib-compile-resources.
diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index bf0274aa9c..2d238febce 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -144,14 +144,14 @@ tool to extract metadata from a file and print the results.")
 (define-public libmicrohttpd
   (package
    (name "libmicrohttpd")
-   (version "0.9.57")
+   (version "0.9.58")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/libmicrohttpd/libmicrohttpd-"
                                 version ".tar.gz"))
             (sha256
              (base32
-              "0kmgkk9sjg1n3q7rbzw5y4qmgh51zn5qi2j69gbqmr6phxjaghfy"))))
+              "1wq17qvizis7bsyvyw1gnfycvivssncngziddnyrbzv2dhvy24bs"))))
    (build-system gnu-build-system)
    (inputs
     `(("curl" ,curl)
@@ -188,11 +188,10 @@ authentication and support for SSL3 and TLS.")
    (version "7.57.0")
    (source (origin
             (method url-fetch)
-            (uri (string-append "https://gnunet.org/sites/default/files/"
-                                name "-" version ".tar.bz2"))
+            (uri (string-append "mirror://gnu/gnunet/" name "-" version ".tar.xz"))
             (sha256
              (base32
-              "1dykh12mc241jnxcd8q5pm1yw9ras53ywyba9f9dy5cq39j2mk9c"))))
+              "0cl2x1jddnhn1z8gd75w6k7lb6pymn5rf2vqgl2vdkbxsz677z07"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"))                             ; 1.5 MiB of man3 pages
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index a8424a87f6..c8d494c401 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
@@ -736,7 +736,10 @@ including tools for signing keys, keyring analysis, and party preparation.
     (description
      "Pinentry provides a console that allows users to enter a passphrase when
 @code{gpg} is run and needs it.")
-    (license license:gpl2+)))
+    (license license:gpl2+)
+    (properties '((ftp-server . "ftp.gnupg.org")
+                  (ftp-directory . "/gcrypt/pinentry")
+                  (upstream-name . "pinentry")))))
 
 (define-public pinentry-gtk2
   (package
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 34c1a777aa..15582fb471 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -481,7 +481,8 @@ security standards.")
         (mozilla-patch "icecat-bug-1047098-pt3.patch"    "36bd15d14c5a" "0cb3l3hpsgk674f08kfamxhqfga3ah5v904gpxq9ag006vzd2cxz")
         (mozilla-patch "icecat-bug-1404105.patch"        "2909ba991f31" "126vssj57dc800347f075wlnjzcwamnxxmgxl9w78jpb0hj9gf16")
         (search-patch  "icecat-bug-1415133.patch")
-        (mozilla-patch "icecat-bug-1355576.patch"        "cf34a0574e58" "1z7sa1d12hypgivm5xxn32s58afpjcij97jvnafcgnfvxywrgr1m")))
+        (mozilla-patch "icecat-bug-1355576.patch"        "cf34a0574e58" "1z7sa1d12hypgivm5xxn32s58afpjcij97jvnafcgnfvxywrgr1m")
+        (mozilla-patch "icecat-CVE-2017-7843.patch"      "f6216ea8b8fc" "0jnhdkj0ch9mj01mzlvhjgf8zsxlbg6m7yvpq99qr7xmg0pzbgwl")))
       (modules '((guix build utils)))
       (snippet
        '(begin
diff --git a/gnu/packages/graph.scm b/gnu/packages/graph.scm
index b5bdfe83fc..70df77b5d2 100644
--- a/gnu/packages/graph.scm
+++ b/gnu/packages/graph.scm
@@ -27,6 +27,7 @@
   #:use-module (gnu packages gcc)
   #:use-module (gnu packages bioinformatics)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages cran)
   #:use-module (gnu packages graphviz)
   #:use-module (gnu packages maths)
   #:use-module (gnu packages multiprecision)
@@ -119,6 +120,31 @@ random and regular graphs, graph visualization, centrality methods and much
 more.")
     (license license:gpl2+)))
 
+(define-public r-diffusionmap
+  (package
+    (name "r-diffusionmap")
+    (version "1.1-0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "diffusionMap" version))
+       (sha256
+        (base32
+         "1l985q2hfc8ss5afajik4p25dx628yikvhdimz5s0pql800q2yv3"))))
+    (properties `((upstream-name . "diffusionMap")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-igraph" ,r-igraph)
+       ("r-matrix" ,r-matrix)
+       ("r-scatterplot3d" ,r-scatterplot3d)))
+    (home-page "http://www.r-project.org")
+    (synopsis "Diffusion map")
+    (description "This package implements the diffusion map method of data
+parametrization, including creation and visualization of diffusion maps,
+clustering with diffusion K-means and regression using the adaptive regression
+model.")
+    (license license:gpl2)))
+
 (define-public r-rgraphviz
   (package
     (name "r-rgraphviz")
diff --git a/gnu/packages/gstreamer.scm b/gnu/packages/gstreamer.scm
index 3333ca87fd..5fad28952b 100644
--- a/gnu/packages/gstreamer.scm
+++ b/gnu/packages/gstreamer.scm
@@ -100,7 +100,7 @@ arrays of data.")
 (define-public gstreamer
   (package
     (name "gstreamer")
-    (version "1.12.3")
+    (version "1.12.4")
     (source
      (origin
       (method url-fetch)
@@ -109,7 +109,7 @@ arrays of data.")
             version ".tar.xz"))
       (sha256
        (base32
-        "0vi1g8rmmsnd630ds3jwv2iph46ll8y07fzf04mz15q88j9g926k"))))
+        "0x06jxmc5fhlz7cr1pl5lp0hm1jgz519jjic37d09srf9jm091ss"))))
     (build-system gnu-build-system)
     (outputs '("out" "doc"))
     (arguments
@@ -148,7 +148,7 @@ This package provides the core library and elements.")
 (define-public gst-plugins-base
   (package
     (name "gst-plugins-base")
-    (version "1.12.3")
+    (version "1.12.4")
     (source
      (origin
       (method url-fetch)
@@ -156,7 +156,7 @@ This package provides the core library and elements.")
                           name "-" version ".tar.xz"))
       (sha256
        (base32
-        "19ffwdch7m777ragmwpy6prqmfb742ym1n3ki40s0zyki627plyk"))))
+        "10i255q7i8an1hxz3szb36x1jcs9nfdy511pj2wg24h2vw1nnc2c"))))
     (build-system gnu-build-system)
     (outputs '("out" "doc"))
     (propagated-inputs
@@ -203,7 +203,7 @@ for the GStreamer multimedia library.")
 (define-public gst-plugins-good
   (package
     (name "gst-plugins-good")
-    (version "1.12.3")
+    (version "1.12.4")
     (source
      (origin
       (method url-fetch)
@@ -212,7 +212,7 @@ for the GStreamer multimedia library.")
             name "-" version ".tar.xz"))
       (sha256
        (base32
-        "00sznj1sl97fqpn6j8ngps04clvxp8h8yhw6lvszx4b855wz9rqk"))))
+        "0mxrbrqrfq1946gn9im19maj7ivld4k946vkwrzd94h8qsz4k7v4"))))
     (build-system gnu-build-system)
     (inputs
      `(("aalib" ,aalib)
@@ -262,14 +262,14 @@ developers consider to have good quality code and correct functionality.")
 (define-public gst-plugins-bad
   (package
     (name "gst-plugins-bad")
-    (version "1.12.3")
+    (version "1.12.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://gstreamer.freedesktop.org/src/"
                                   name "/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1v5z3i5ha20gmbb3r9dwsaaspv5fm1jfzlzwlzqx1gjj31v5kl1n"))))
+                "021d3q81m968lpnah517sfclagadcqwd6jz3lqdmqvb82sz5fy0c"))))
     (outputs '("out" "doc"))
     (build-system gnu-build-system)
     (arguments
@@ -277,16 +277,7 @@ developers consider to have good quality code and correct functionality.")
        #:configure-flags
        (list (string-append "--with-html-dir="
                             (assoc-ref %outputs "doc")
-                            "/share/gtk-doc/html"))
-       #:phases
-       (modify-phases %standard-phases
-         (add-after 'unpack 'patch-openjpeg-reference
-           (lambda _
-             ;; Remove hard-coded openjpeg-2.2 path. 2.3 is API- and
-             ;; ABI-compatible.
-             (substitute* "ext/openjpeg/gstopenjpeg.h"
-               (("<openjpeg-2\\.2/") "<openjpeg-2.3/"))
-             #t)))))
+                            "/share/gtk-doc/html"))))
     (propagated-inputs
      `(("gst-plugins-base" ,gst-plugins-base)))
     (native-inputs
@@ -347,7 +338,7 @@ par compared to the rest.")
 (define-public gst-plugins-ugly
   (package
     (name "gst-plugins-ugly")
-    (version "1.12.3")
+    (version "1.12.4")
     (source
      (origin
        (method url-fetch)
@@ -355,7 +346,7 @@ par compared to the rest.")
                            name "/" name "-" version ".tar.xz"))
        (sha256
         (base32
-         "0lh00rg26iy5lr5al23lxsyncjqkgzph1bzkrgp8x9sfr62ab378"))))
+         "08p5kggk1szvr76cdbx3q3yfc235w1przb76v2n51lwfi26mn5hw"))))
     (build-system gnu-build-system)
     (inputs
      `(("gst-plugins-base" ,gst-plugins-base)
@@ -386,7 +377,7 @@ distribution problems in some jurisdictions, e.g. due to patent threats.")
 (define-public gst-libav
   (package
     (name "gst-libav")
-    (version "1.12.3")
+    (version "1.12.4")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -394,7 +385,7 @@ distribution problems in some jurisdictions, e.g. due to patent threats.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0l4nc6ikdx49l7bdrk3bd9p3pzry8a328r22zg48gyzpnv5ghph1"))))
+                "0qly3lgamm36xql9q7wg5751gi6j2d3ifzz1pkr15ncc5mfslmia"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--with-system-libav")
@@ -411,7 +402,7 @@ distribution problems in some jurisdictions, e.g. due to patent threats.")
        ("python" ,python)))
     (inputs
      `(("gst-plugins-base" ,gst-plugins-base)
-       ("ffmpeg" ,ffmpeg-3.3)
+       ("ffmpeg" ,ffmpeg)
        ("orc" ,orc)
        ("zlib" ,zlib)))
     (home-page "http://gstreamer.freedesktop.org/")
@@ -424,7 +415,7 @@ compression formats through the use of the libav library.")
 (define-public python-gst
   (package
     (name "python-gst")
-    (version "1.12.3")
+    (version "1.12.4")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -432,7 +423,7 @@ compression formats through the use of the libav library.")
                     "gst-python-" version ".tar.xz"))
               (sha256
                (base32
-                "19rb06x2m7103zwfm0plxx95gb8bp01ng04h4q9k6ii9q7g2kxf3"))))
+                "1sm3dy10klf6i3w6a6mz0rnm29l2lxci5hr8346496jwc7v6mki0"))))
     (build-system gnu-build-system)
     (arguments
      ;; XXX: Factorize python-sitedir with python-build-system.
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index 0e77caf08c..694d281f21 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -15,6 +15,7 @@
 ;;; Copyright © 2016 Patrick Hetu <patrick.hetu@auf.org>
 ;;; Coypright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Coypright © 2017 Roel Janssen <roel@gnu.org>
+;;; Coypright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -380,7 +381,7 @@ printing and other features typical of a source code editor.")
 (define-public gtksourceview
  (package
    (name "gtksourceview")
-   (version "3.24.4")
+   (version "3.24.6")
    (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnome/sources/" name "/"
@@ -388,7 +389,7 @@ printing and other features typical of a source code editor.")
                                  name "-" version ".tar.xz"))
              (sha256
               (base32
-               "14x738xrz9q8qz13xd7dys748ryxyq2srbqyaa9r7n47h2av2zr0"))))
+               "1261fwjpwn3qizmvjns9z3k3a264j3ql5anyvmisfwywpkzbv9ks"))))
    (build-system gnu-build-system)
    (arguments
     '(#:phases
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index 352e7bd892..bc6fcd74eb 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -15,6 +15,7 @@
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;; Copyright © 2017 Theodoros Foradis <theodoros@foradis.org>
 ;;; Copyright © 2017 ng0 <ng0@infotropique.org>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1117,13 +1118,16 @@ inspired by the SCSH regular expression system.")
                 (compile-file
                  (lambda (in-file out-file)
                    (system* guild "compile" "-o" out-file in-file))))
-           ;; Make installation directories.
-           (mkdir-p module-dir)
-           (mkdir-p doc)
-
            ;; Switch directory for compiling and installing
            (chdir source)
 
+           ;; Install the documentation.
+           (install-file "README.md" doc)
+           (copy-recursively "examples" (string-append doc "/examples"))
+
+           ;; Make installation directories.
+           (mkdir-p module-dir)
+
            ;; copy the source
            (copy-file "gdbm.scm" gdbm.scm-dest)
 
@@ -1136,7 +1140,7 @@ inspired by the SCSH regular expression system.")
            ;; compile to the destination
            (compile-file gdbm.scm-dest gdbm.go-dest)))))
     (inputs
-     `(("guile" ,guile-2.0)))
+     `(("guile" ,guile-2.2)))
     (propagated-inputs
      `(("gdbm" ,gdbm)))
     (home-page "https://github.com/ijp/guile-gdbm")
@@ -1146,8 +1150,11 @@ inspired by the SCSH regular expression system.")
 Guile's foreign function interface.")
     (license license:gpl3+)))
 
+(define-public guile2.0-gdbm-ffi
+  (package-for-guile-2.0 guile-gdbm-ffi))
+
 (define-public guile2.2-gdbm-ffi
-  (package-for-guile-2.2 guile-gdbm-ffi))
+  (deprecated-package "guile2.2-gdbm-ffi" guile-gdbm-ffi))
 
 (define-public guile-sqlite3
   (let ((commit "607721fe1174a299e45d457acacf94eefb964071"))
diff --git a/gnu/packages/haskell.scm b/gnu/packages/haskell.scm
index 95bb3811ca..68172d8a91 100644
--- a/gnu/packages/haskell.scm
+++ b/gnu/packages/haskell.scm
@@ -1292,7 +1292,7 @@ unlit literate code files; and an option to turn off macro-expansion.")
 (define-public ghc-reflection
   (package
     (name "ghc-reflection")
-    (version "2.1")
+    (version "2.1.2")
     (source
      (origin
        (method url-fetch)
@@ -1302,7 +1302,7 @@ unlit literate code files; and an option to turn off macro-expansion.")
              ".tar.gz"))
        (sha256
         (base32
-         "10w3m6v3g6am203wbrikdbp57x9vw6b4jsh7bxdzsss4nmpm81zg"))))
+         "0f9w0akbm6p8h7kzgcd2f6nnpw1wy84pqn45vfz1ch5j0hn8h2d9"))))
     (build-system haskell-build-system)
     (inputs `(("ghc-tagged" ,ghc-tagged)))
     (home-page "https://github.com/ekmett/reflection")
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 4ea51710e7..93668519a5 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -1112,14 +1112,14 @@ PNG, and performs PNG integrity checks and corrections.")
 (define-public libjpeg-turbo
   (package
     (name "libjpeg-turbo")
-    (version "1.5.2")
+    (version "1.5.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/" name "/" version "/"
                                   name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0a5m0psfp5952y5vrcs0nbdz1y9wqzg2ms0xwrx752034wxr964h"))))
+                "08r5b5mywwrxv4axvq80dm31cklz81grczlzlxr2xqa6pgi90j5j"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("nasm" ,nasm)))
diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm
index 42f4a7c92e..ac9fca8600 100644
--- a/gnu/packages/imagemagick.scm
+++ b/gnu/packages/imagemagick.scm
@@ -164,7 +164,7 @@ script.")
 (define-public graphicsmagick
   (package
     (name "graphicsmagick")
-    (version "1.3.26")
+    (version "1.3.27")
     (source (origin
               (method url-fetch)
               (uri
@@ -176,17 +176,7 @@ script.")
                                  "/GraphicsMagick-" version ".tar.xz")))
               (sha256
                (base32
-                "122zgs96dqrys62mnh8x5yvfff6km4d3yrnvaxzg3mg5sprib87v"))
-              (patches
-               (search-patches "graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch"
-                               "graphicsmagick-CVE-2017-12935.patch"
-                               "graphicsmagick-CVE-2017-12936.patch"
-                               "graphicsmagick-CVE-2017-12937.patch"
-                               "graphicsmagick-CVE-2017-13775.patch"
-                               "graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch"
-                               "graphicsmagick-CVE-2017-14042.patch"
-                               "graphicsmagick-CVE-2017-14165.patch"
-                               "graphicsmagick-CVE-2017-14649.patch"))))
+                "0rq35p3rml10cxz2z4s7xcfsilhhk19mmy094g3ivz0fg797hcnh"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
diff --git a/gnu/packages/jemalloc.scm b/gnu/packages/jemalloc.scm
index a3bd2c93a4..5086df7a1b 100644
--- a/gnu/packages/jemalloc.scm
+++ b/gnu/packages/jemalloc.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -23,6 +24,8 @@
   #:use-module ((guix licenses) #:select (bsd-2))
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix utils)
+  #:use-module (gnu packages)
   #:use-module (gnu packages perl)
   #:use-module (guix build-system gnu))
 
@@ -37,7 +40,8 @@
                     version "/jemalloc-" version ".tar.bz2"))
               (sha256
                (base32
-                "1sf3lzgb0y8nnyzmp4zrca3sngdxw3kfh20sna9z03jv74fph528"))))
+                "1sf3lzgb0y8nnyzmp4zrca3sngdxw3kfh20sna9z03jv74fph528"))
+              (patches (search-patches "jemalloc-arm-address-bits.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -62,3 +66,17 @@
      "This library providing a malloc(3) implementation that emphasizes
 fragmentation avoidance and scalable concurrency support.")
     (license bsd-2)))
+
+(define-public jemalloc-4.5.0
+  (package
+    (inherit jemalloc)
+    (version "4.5.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/jemalloc/jemalloc/releases/download/"
+                    version "/jemalloc-" version ".tar.bz2"))
+              (sha256
+               (base32
+                "10373xhpc10pgmai9fkc1z0rs029qlcb3c0qfnvkbwdlcibdh2cl"))))
+    (inputs '())))
diff --git a/gnu/packages/kde.scm b/gnu/packages/kde.scm
index 59271ebee5..89ad30ecd2 100644
--- a/gnu/packages/kde.scm
+++ b/gnu/packages/kde.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016, 2017 Thomas Danckaert <post@thomasdanckaert.be>
+;;; Copyright © 2017 Mark Meyer <mark@ofosos.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -23,18 +24,29 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix utils)
+  #:use-module (gnu packages algebra)
   #:use-module (gnu packages apr)
   #:use-module (gnu packages boost)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages curl)
   #:use-module (gnu packages documentation)
+  #:use-module (gnu packages gettext)
+  #:use-module (gnu packages ghostscript)
   #:use-module (gnu packages gl)
   #:use-module (gnu packages gnome)
+  #:use-module (gnu packages graphics)
+  #:use-module (gnu packages image)
   #:use-module (gnu packages kde-frameworks)
   #:use-module (gnu packages llvm)
+  #:use-module (gnu packages maths)
+  #:use-module (gnu packages pdf)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages photo)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages qt)
-  #:use-module (gnu packages version-control))
+  #:use-module (gnu packages version-control)
+  #:use-module (gnu packages xorg))
 
 (define-public kdevelop
   (package
@@ -220,6 +232,86 @@ for some KDevelop language plugins (Ruby, PHP, CSS...).")
 plugins, as well as code to create plugins, or complete applications.")
     (license license:gpl3+)))
 
+(define-public krita
+  (package
+    (name "krita")
+    (version "3.3.2.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "mirror://kde/stable/krita/"
+                    "3.3.2/" name "-" version ".tar.xz"))
+              (sha256
+               (base32
+                "0i3l27cfi1h486m74xf4ynk0pwx32xaqraa91a0g1bpj1jxf2mg5"))))
+    (build-system cmake-build-system)
+    (arguments
+     `(#:tests? #f
+       #:configure-flags
+       (list "-DBUILD_TESTING=OFF" "-DKDE4_BUILD_TESTS=OFF"
+             (string-append "-DWITH_FFTW3="
+                            (assoc-ref %build-inputs "fftw"))
+             (string-append "-DWITH_GSL="
+                            (assoc-ref %build-inputs "gsl"))
+             (string-append "-DWITH_LibRaw="
+                            (assoc-ref %build-inputs "libraw"))
+             (string-append "-DWITH_TIFF="
+                            (assoc-ref %build-inputs "libtiff"))
+             (string-append "-DCMAKE_CXX_FLAGS=-I"
+                            (assoc-ref %build-inputs "ilmbase")
+                            "/include/OpenEXR"))))
+    (native-inputs
+     `(("curl" ,curl)
+       ("eigen" ,eigen)
+       ("extra-cmake-modules" ,extra-cmake-modules)
+       ("gettext-minimal" ,gettext-minimal)
+       ("kitemmodels" ,kitemmodels)
+       ("qwt" ,qwt)
+       ("vc" ,vc)))
+    (inputs
+     `(("qtbase" ,qtbase)
+       ("qtdeclarative" ,qtdeclarative)
+       ("qtmultimedia" ,qtmultimedia)
+       ("qtx11extras" ,qtx11extras)
+       ("qtsvg" ,qtsvg)
+       ("karchive" ,karchive)
+       ("kcompletion" ,kcompletion)
+       ("kconfig" ,kconfig)
+       ("kcoreaddons" ,kcoreaddons)
+       ("kcrash" ,kcrash)
+       ("kguiaddons" ,kguiaddons)
+       ("ki18n" ,ki18n)
+       ("kiconthemes" ,kiconthemes)
+       ("kio" ,kio)
+       ("kitemviews" ,kitemviews)
+       ("kwidgetsaddons" ,kwidgetsaddons)
+       ("kwindowsystem" ,kwindowsystem)
+       ("kxmlgui" ,kxmlgui)
+       ("boost" ,boost)
+       ("exiv2" ,exiv2)
+       ("lcms" ,lcms)
+       ("libpng" ,libpng)
+       ("libjpeg-turbo" ,libjpeg-turbo)
+       ("zlib" ,zlib)
+       ("libx11" ,libx11)
+       ("libxcb" ,libxcb)
+       ("libxi" ,libxi)
+       ("fftw" ,fftw)
+       ("gsl" ,gsl)
+       ("poppler-qt5" ,poppler-qt5)
+       ("libraw" ,libraw)
+       ("libtiff" ,libtiff)
+       ("perl" ,perl)
+       ("ilmbase" ,ilmbase)
+       ("openexr" ,openexr)))
+    (home-page "https://krita.org")
+    (synopsis "Digital painting application")
+    (description
+     "Krita is a professional painting tool designed for concept artists,
+illustrators, matte and texture artists, and the VFX industry.  Notable
+features include brush stabilizers, brush engines and wrap-around mode.")
+    (license license:gpl2+)))
+
 (define-public libkomparediff2
   (package
     (name "libkomparediff2")
diff --git a/gnu/packages/language.scm b/gnu/packages/language.scm
index 57d625057c..06190ba6ac 100644
--- a/gnu/packages/language.scm
+++ b/gnu/packages/language.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015, 2016 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -51,7 +52,7 @@ manipulating such numbers.")
 (define-public perl-lingua-en-inflect
   (package
     (name "perl-lingua-en-inflect")
-    (version "1.901")
+    (version "1.903")
     (source
      (origin
        (method url-fetch)
@@ -59,7 +60,7 @@ manipulating such numbers.")
                            "Lingua-EN-Inflect-" version ".tar.gz"))
        (sha256
         (base32
-         "0mcwlgf6hkh4zm3s1x899f25xj4hyzrc2vssiwfxysqja36yf5ys"))))
+         "0j8d1f1wvmgc11d71pc8xp8fv5a1nb2yfw1dgd19xhscn1klpvzw"))))
     (build-system perl-build-system)
     (native-inputs `(("perl-module-build" ,perl-module-build)))
     (home-page "http://search.cpan.org/dist/Lingua-EN-Inflect")
@@ -284,15 +285,15 @@ parameters, returning the stemmed Italian word.")
 (define-public perl-lingua-stem-ru
   (package
     (name "perl-lingua-stem-ru")
-    (version "0.01")
+    (version "0.04")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/A/AL/ALGDR/"
+       (uri (string-append "mirror://cpan/authors/id/N/NE/NEILB/"
                            "Lingua-Stem-Ru-" version ".tar.gz"))
        (sha256
         (base32
-         "0pqgg442fkf12ayh9fgmpa8q9x0iqx6s96181r52yn7s7pcs61h6"))))
+         "0a2jmdz7jn32qj5hyiw5kbv8fvlpmws8i00a6xcbkzb48yvwww0j"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/Lingua-Stem-Ru")
     (synopsis "Porter's stemming algorithm for Russian")
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 381fff707d..32851fc4ea 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -78,6 +78,7 @@
   #:use-module (gnu packages maths)
   #:use-module (gnu packages multiprecision)
   #:use-module (gnu packages ncurses)
+  #:use-module (gnu packages netpbm)
   #:use-module (gnu packages networking)
   #:use-module (gnu packages ninja)
   #:use-module (gnu packages perl)
@@ -369,8 +370,8 @@ It has been modified to remove all non-free binary blobs.")
 (define %intel-compatible-systems '("x86_64-linux" "i686-linux"))
 (define %linux-compatible-systems '("x86_64-linux" "i686-linux" "armhf-linux"))
 
-(define %linux-libre-version "4.14.4")
-(define %linux-libre-hash "1hl4n1jpqd05b7qnxbwjmbl2l5cgrh2spqsjq1fnihphmawjd3li")
+(define %linux-libre-version "4.14.6")
+(define %linux-libre-hash "0q6dl2shkj5dkf0wgzgfyaq0axk97w05j618xi619y9xqph4ql79")
 
 ;; linux-libre configuration for armhf-linux is derived from Debian armmp.  It
 ;; supports qemu "virt" machine and possibly a large number of ARM boards.
@@ -383,20 +384,20 @@ It has been modified to remove all non-free binary blobs.")
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.9
-  (make-linux-libre "4.9.67"
-                    "1fr8h4g3j4ns0x33i36kgsgb175cdz9v530gx8sxcrbkd10i9i07"
+  (make-linux-libre "4.9.69"
+                    "0xkqbh8fpx47appszjbxzljr6vr0wyk0fphlkynpcrmingk4b98j"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.4
-  (make-linux-libre "4.4.104"
-                    "1971hphyqbzh80frkbidbqwhgk21r5p2a42bihjcd5kh3pssn4zl"
+  (make-linux-libre "4.4.105"
+                    "177qvci7wfrc23vi11bnyayfivxf6d8hankgrzv26jr3z6j0rall"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.1
-  (make-linux-libre "4.1.46"
-                    "0bg1vplfksgsnxqdxdp2n0b5lv2j299nv52s8hpja5ckp396jkhk"
+  (make-linux-libre "4.1.48"
+                    "13ii6ixcm46hzk1ns6n4hrrv4dyc0n3wvj2qhmxi178akdcgbn8a"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
@@ -4333,10 +4334,11 @@ libraries, which are often integrated directly into libfabric.")
   (package
     (name "psm")
     (version "3.3.20170428")
+    (home-page "https://github.com/intel/psm")
     (source
      (origin
        (method git-fetch)
-       (uri (git-reference (url "http://github.com/01org/psm")
+       (uri (git-reference (url home-page)
                            (commit "604758e76dc31e68d1de736ccf5ddf16cb22355b")))
        (file-name (string-append "psm-" version ".tar.gz"))
        (sha256
@@ -4362,7 +4364,6 @@ libraries, which are often integrated directly into libfabric.")
                       (substitute* "Makefile"
                         (("/lib64") "/lib"))
                       #t)))))
-    (home-page "https://github.com/01org/psm")
     (synopsis "Intel Performance Scaled Messaging (PSM) Libraries")
     (description
      "The PSM Messaging API, or PSM API, is Intel's low-level user-level
@@ -4372,3 +4373,119 @@ interfaces in parallel environments.")
     ;; Only Intel-compatable processors are supported.
     (supported-systems '("i686-linux" "x86_64-linux"))
     (license (list license:bsd-2 license:gpl2)))) ;dual
+
+(define-public snapscreenshot
+  (package
+    (name "snapscreenshot")
+    (version "1.0.14.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://bisqwit.iki.fi/src/arch/"
+                           name "-" version ".tar.bz2"))
+       (sha256
+        (base32 "0gzvqsbf6a2sbd1mqvj1lbm57i2bm5k0cr6ncr821d1f32gw03mk"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:make-flags
+       (let ((out (assoc-ref %outputs "out")))
+         (list (string-append "BINDIR=" out "/bin")
+               (string-append "MANDIR=" out "/share/man")))
+       #:tests? #f                      ; no test suite
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)            ; ./configure is a snarky no-op
+         (add-before 'install 'fix-ownership
+           ;; Install binaries owned by ‘root’ instead of the nonexistent ‘bin’.
+           (lambda _
+             (substitute* "depfun.mak"
+               ((" -o bin -g bin ") " "))
+             #t))
+         (add-before 'install 'create-output-directories
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (mkdir-p (string-append out "/share/man/man1"))
+               #t))))))
+    (home-page "http://bisqwit.iki.fi/source/snapscreenshot.html")
+    (synopsis "Take screenshots of one or more Linux text consoles")
+    (description
+     "snapscreenshot saves a screenshot of one or more Linux text consoles as a
+Targa (@dfn{.tga}) image.  It can be used by anyone with read access to the
+relevant @file{/dev/vcs*} file(s).")
+    (license license:gpl2)))
+
+(define-public fbcat
+  (package
+    (name "fbcat")
+    (version "0.5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/jwilk/fbcat/releases/download/"
+                           version "/" name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1dla1na3nf3s4xy0p6w0v54zipg1x8c14yqsw8w9qjzhchr4caxw"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     ;; For building the man pages.
+     `(("docbook-xml" ,docbook-xml)
+       ("docbook-xsl" ,docbook-xsl)
+       ("xsltproc" ,libxslt)))
+    (inputs
+     ;; The ‘fbgrab’ wrapper can use one of several PPM-to-PNG converters.  We
+     ;; choose netpbm simply because it's the smallest.  It still adds ~94 MiB
+     ;; to an otherwise tiny package, so we put ‘fbgrab’ in its own output.
+     `(("pnmtopng" ,netpbm)))
+    (outputs (list "out" "fbgrab"))
+    (arguments
+     `(#:make-flags (list "CC=gcc")
+       #:tests? #f                      ; no tests
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'fix-docbook-location
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "doc/Makefile"
+               (("http://docbook.sourceforge.net/release/xsl/current")
+                (string-append (assoc-ref inputs "docbook-xsl")
+                               "/xml/xsl/docbook-xsl-"
+                               ,(package-version docbook-xsl))))
+             #t))
+         (delete 'configure)            ; no configure script
+         (add-after 'build 'build-documentation
+           (lambda* (#:key make-flags #:allow-other-keys)
+             (zero? (apply system* "make" "-C" "doc"
+                           make-flags))))
+         (add-after 'build 'qualify-references
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((pnmtopng (assoc-ref inputs "pnmtopng"))
+                    (out (assoc-ref outputs "out")))
+               (substitute* "fbgrab"
+                 (("fbcat" all)
+                  (string-append out "/bin/" all))
+                 (("pnmtopng" all)
+                  (string-append pnmtopng "/bin/" all)))
+               #t)))
+         (replace 'install
+           ;; The Makefile lacks an ‘install’ target.  Install files manually.
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (out:fbgrab (assoc-ref outputs "fbgrab")))
+               (install-file "fbcat" (string-append out "/bin"))
+               (install-file "doc/fbcat.1"
+                             (string-append out "/share/man/man1"))
+               (install-file "fbgrab" (string-append out:fbgrab "/bin"))
+               (install-file "doc/fbgrab.1"
+                             (string-append out:fbgrab "/share/man/man1"))
+               #t))))))
+    (home-page "https://jwilk.net/software/fbcat")
+    (synopsis "Take a screenshot of the contents of the Linux framebuffer")
+    (description
+     "fbcat saves the contents of the Linux framebuffer (@file{/dev/fb*}), or
+a dump therof.  It supports a wide range of drivers and pixel formats.
+@command{fbcat} can take screenshots of virtually any application that can be
+made to write its output to the framebuffer, including (but not limited to)
+text-mode or graphical applications that don't use a display server.
+
+Also included is @command{fbgrab}, a wrapper around @command{fbcat} that
+emulates the behaviour of Gunnar Monell's older fbgrab utility.")
+    (license license:gpl2)))
diff --git a/gnu/packages/machine-learning.scm b/gnu/packages/machine-learning.scm
index cf400a0eed..c8bd5d7747 100644
--- a/gnu/packages/machine-learning.scm
+++ b/gnu/packages/machine-learning.scm
@@ -621,7 +621,9 @@ computing environments.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "18n8775kyfwbvcjjjzda9c5sqy4737c0hrmj6qj1ps2jmlqzair9"))))
+         "18n8775kyfwbvcjjjzda9c5sqy4737c0hrmj6qj1ps2jmlqzair9"))
+       (patches (search-patches
+                "python-scikit-learn-fix-test-non-determinism.patch"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 114b1a21bb..0423dd7c56 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -15,7 +15,7 @@
 ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox.org>
 ;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2016, 2017 Troy Sankey <sankeytms@gmail.com>
-;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
+;;; Copyright © 2016, 2017 ng0 <ng0@n0.is>
 ;;; Copyright © 2016 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2016, 2017 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
@@ -240,14 +240,14 @@ aliasing facilities to work just as they would on normal mail.")
 (define-public mutt
   (package
     (name "mutt")
-    (version "1.9.1")
+    (version "1.9.2")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://bitbucket.org/mutt/mutt/downloads/"
                                  "mutt-" version ".tar.gz"))
              (sha256
               (base32
-               "1c8vv4anl555a03pbnwf8wnf0d8pcnd4p35y3q8f5ikkcflq76vl"))
+               "15kqxpx8bykqbyw4q33hkz0j2f65v6cl21sl5li2vw5vaaim5qd2"))
              (patches (search-patches "mutt-store-references.patch"))))
     (build-system gnu-build-system)
     (inputs
@@ -279,7 +279,7 @@ operating systems.")
 (define-public neomutt
   (package
     (name "neomutt")
-    (version "20171027")
+    (version "20171208")
     (source
      (origin
        (method url-fetch)
@@ -287,7 +287,7 @@ operating systems.")
                            "/archive/" name "-" version ".tar.gz"))
        (sha256
         (base32
-         "10z523cy3s6syh0mwpsncl87wrvyzsk99y7nzicwvx6y3hmdw01d"))))
+         "0dfp7m794ws6vg029zx7wrrjrscrnmi8cvbzqzgxafl97bbjipwz"))))
     (build-system gnu-build-system)
     (inputs
      `(("cyrus-sasl" ,cyrus-sasl)
@@ -693,17 +693,23 @@ invoking @command{notifymuch} from the post-new hook.")
 (define-public notmuch
   (package
     (name "notmuch")
-    (version "0.25.2")
+    (version "0.25.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://notmuchmail.org/releases/notmuch-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0ai6vbs9wzwfz7jcphgqsqpcbq137l34xhmcli4h5c8n82fvmdp4"))))
+                "1fyx20rjpwbf2j1v5fpa5s0rjnwhcgvijzh2qyinp8rlbh1qxmab"))))
     (build-system gnu-build-system)
     (arguments
-     '(#:make-flags (list "V=1") ; Verbose test output.
+     `(#:modules ((guix build gnu-build-system)
+                  ((guix build emacs-build-system) #:prefix emacs:)
+                  (guix build utils))
+       #:imported-modules (,@%gnu-build-system-modules
+                           (guix build emacs-build-system)
+                           (guix build emacs-utils))
+       #:make-flags (list "V=1") ; Verbose test output.
        #:phases (modify-phases %standard-phases
                   (add-after 'unpack 'patch-notmuch-lib.el
                     (lambda _
@@ -715,16 +721,25 @@ invoking @command{notifymuch} from the post-new hook.")
                       (setenv "CC" "gcc")
                       (setenv "CONFIG_SHELL" (which "sh"))
 
-                      (let ((out (assoc-ref outputs "out")))
-                        (zero? (system* "./configure"
-                                        (string-append "--prefix=" out))))))
+                      (let* ((out (assoc-ref outputs "out"))
+                             (elisp
+                              (string-append out "/share/emacs/site-lisp/guix.d/"
+                                             ,name "-" ,version)))
+                        (zero?
+                         (system*
+                          "./configure"
+                          (string-append "--prefix=" out)
+                          (string-append "--emacslispdir=" elisp)
+                          (string-append "--emacsetcdir=" elisp))))))
                   (add-before 'check 'prepare-test-environment
                     (lambda _
                       (setenv "TEST_CC" "gcc")
                       ;; Patch various inline shell invocations.
                       (substitute* (find-files "test" "\\.sh$")
                         (("/bin/sh") (which "sh")))
-                      #t)))))
+                      #t))
+                  (add-after 'install 'make-autoloads
+                    (assoc-ref emacs:%standard-phases 'make-autoloads)))))
     (native-inputs
      `(("bash-completion" ,bash-completion)
        ("emacs" ,emacs-no-x) ; Minimal lacks libxml, needed for some tests.
@@ -928,7 +943,7 @@ compresses it.")
 (define-public claws-mail
   (package
     (name "claws-mail")
-    (version "3.15.1")
+    (version "3.16.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -936,7 +951,7 @@ compresses it.")
                     ".tar.xz"))
               (sha256
                (base32
-                "0hlm2jipyr4z6izlrpvabpz4ivh49i13avnm848kr1nv68pkq2cd"))))
+                "1awpr3s7n8bq8p3w10a4j6lg5bizjxyiqp4rqzc2j8cn7lyi64n2"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)))
     (inputs `(("bogofilter" ,bogofilter)
@@ -2181,7 +2196,7 @@ to access GNU Mailman.")
 (define-public blists
   (package
     (name "blists")
-    (version "1.0")
+    (version "2.0")
     (source
      (origin
        (method url-fetch)
@@ -2189,7 +2204,7 @@ to access GNU Mailman.")
                            "blists/blists-" version ".tar.gz"))
        (sha256
         (base32
-         "1gp51kmb8yv8d693wcpdslmwlbw5w2kgz4kxhrcaf7y89w8wy4qd"))))
+         "1xll5wn7py3bbncbwrj172f56nz75c9gwfsa80rwd96ss9gfmp3c"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; No tests
@@ -2381,3 +2396,28 @@ the GNOME desktop.  It supports both POP3 and IMAP servers as well as the
 mbox, maildir and mh local mailbox formats.  Balsa also supports SMTP and/or
 the use of a local MTA such as Sendmail.")
     (license gpl3+)))
+
+(define-public afew
+  (package
+    (name "afew")
+    (version "1.2.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "afew" version))
+       (sha256
+        (base32
+         "121w7bd53xyibllxxbfykjj76n81kn1vgjqd22izyh67y8qyyk5r"))))
+    (build-system python-build-system)
+    (inputs
+     `(("python-chardet" ,python-chardet)
+       ("python-notmuch" ,python-notmuch)))
+    (native-inputs
+     `(("python-setuptools-scm" ,python-setuptools-scm)))
+    (home-page "https://github.com/afewmail/afew")
+    (synopsis "Initial tagging script for notmuch mail")
+    (description "afew is an initial tagging script for notmuch mail.  It
+provides automatic tagging each time new mail is registered with notmuch.  It
+can add tags based on email headers or Maildir folders and can handle spam and
+killed threads.")
+    (license isc)))
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index f6ea4ffc91..9e36b70cab 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -335,7 +335,7 @@ the OCaml language.")
 (define-public glpk
   (package
     (name "glpk")
-    (version "4.63")
+    (version "4.64")
     (source
      (origin
       (method url-fetch)
@@ -343,7 +343,7 @@ the OCaml language.")
                           version ".tar.gz"))
       (sha256
        (base32
-        "1xp7nclmp8inp20968bvvfcwmz3mz03sbm0v3yjz8aqwlpqjfkci"))))
+        "096cqgjc7vkq6wd8znhcxjbs1s2rym3qf753fqxrrq531vs6g4jk"))))
     (build-system gnu-build-system)
     (inputs
      `(("gmp" ,gmp)))
@@ -1230,7 +1230,7 @@ interfaces.")
 (define-public ceres
   (package
     (name "ceres-solver")
-    (version "1.11.0")
+    (version "1.13.0")
     (home-page "http://ceres-solver.org/")
     (source (origin
               (method url-fetch)
@@ -1238,7 +1238,7 @@ interfaces.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0i7qkbf8g6pd8arxzldppga26ckv93y8zldsfz6wbd4n6b1nqrjd"))))
+                "1kbxgab3q1vgyq7hjqasr1lji4b2sgn7ss351amklkb3jyhr1x0x"))))
     (build-system cmake-build-system)
     (arguments
      ;; TODO: Build HTML user documentation and install separately.
diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
index 9525c9f5d1..1780536d05 100644
--- a/gnu/packages/messaging.scm
+++ b/gnu/packages/messaging.scm
@@ -387,7 +387,7 @@ authentication.")
      (list (search-path-specification
             (variable "PURPLE_PLUGIN_PATH")
             (files (list (string-append "lib/purple-"
-                                        (version-prefix version 1))
+                                        (version-major version))
                          "lib/pidgin")))))
     (home-page "http://www.pidgin.im/")
     (synopsis "Graphical multi-protocol instant messaging client")
diff --git a/gnu/packages/mpd.scm b/gnu/packages/mpd.scm
index c37fa56df4..74b53afce1 100644
--- a/gnu/packages/mpd.scm
+++ b/gnu/packages/mpd.scm
@@ -76,7 +76,7 @@ interfacing MPD in the C, C++ & Objective C languages.")
 (define-public mpd
   (package
     (name "mpd")
-    (version "0.20.11")
+    (version "0.20.12")
     (source (origin
               (method url-fetch)
               (uri
@@ -85,7 +85,7 @@ interfacing MPD in the C, C++ & Objective C languages.")
                               "/mpd-" version ".tar.xz"))
               (sha256
                (base32
-                "1g0lwm8p98q2hxa9vd6jx61s7d3r665s2bmz6ipkv9ijmyfps8p9"))))
+                "02gpfkki61c24hphaas9pb29wpvd0pbmwdqrpn8wi1gv103aqng1"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index 1aabe814be..a1014978be 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -40,6 +40,7 @@
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system python)
   #:use-module (guix build-system scons)
+  #:use-module (guix build-system glib-or-gtk)
   #:use-module (guix build-system waf)
   #:use-module (gnu packages)
   #:use-module (gnu packages algebra)
@@ -469,6 +470,75 @@ background while you work.")
 enable professional yet simple and intuitive pattern-based drum programming.")
     (license license:gpl2+)))
 
+(define-public easytag
+  (package
+    (name "easytag")
+    (version "2.4.3")
+    (source (origin
+             (method url-fetch)
+              (uri (string-append "mirror://gnome/sources/easytag/2.4/easytag-"
+                     version ".tar.xz"))
+             (sha256
+              (base32
+               "1mbxnqrw1fwcgraa1bgik25vdzvf97vma5pzknbwbqq5ly9fwlgw"))))
+    (build-system glib-or-gtk-build-system)
+    (native-inputs
+     `(("desktop-file-utils" ,desktop-file-utils)
+       ("glib" ,glib "bin")
+       ("intltool" ,intltool)
+       ("itstool" ,itstool)
+       ("pkg-config" ,pkg-config)
+       ("xmllint" ,libxml2)))
+    (inputs
+     `(("flac" ,flac)
+       ("gtk+" ,gtk+)
+       ("id3lib" ,id3lib)
+       ("libid3tag" ,libid3tag)
+       ("libvorbis" ,libvorbis)
+       ("opusfile" ,opusfile)
+       ("speex" ,speex)
+       ("taglib" ,taglib)
+       ("wavpack" ,wavpack)
+       ("yelp" ,yelp)))
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'configure-libid3tag
+           (lambda* (#:key inputs #:allow-other-keys)
+             ;; libid3tag does not provide a .pc file and EasyTAG's configure
+             ;; script healivy relies on pkg-config.  Providing a temporary
+             ;; local .pc file is easier than patching the configure script.
+             (let* ((libid3tag (assoc-ref inputs "libid3tag")))
+               (mkdir-p "pkgconfig")
+               (with-output-to-file
+                 "pkgconfig/id3tag.pc"
+                 (lambda _
+                   (format #t
+                     "prefix=~@*~a~@
+                      libdir=${prefix}/lib~@
+                      includedir=${prefix}/include~@
+                      Libs: -L${libdir} -lid3tag -lz~@
+                      Cflags: -I${includedir}~%"
+                     libid3tag)))
+               (setenv "PKG_CONFIG_PATH"
+                 (string-append (getenv "PKG_CONFIG_PATH")
+                   ":" (getcwd) "/pkgconfig")))))
+         (add-after 'unpack 'patch-makefile
+           (lambda _
+             (substitute* "Makefile.in"
+               ;; The Makefile generates a test-desktop-file-validate.sh
+               ;; script with /bin/sh hard-coded.
+               (("/bin/sh") (which "sh"))
+               ;; Don't create 'icon-theme.cache'.
+               (("gtk-update-icon-cache") "true")))))))
+    (home-page "https://wiki.gnome.org/Apps/EasyTAG")
+    (synopsis "Simple application for viewing and editing tags in audio files")
+    (description
+      "EasyTAG is an application for viewing and editing tags in audio files.
+It supports MP3, MP2, MP4/AAC, FLAC, Ogg Opus, Ogg Speex, Ogg Vorbis,
+MusePack, Monkey's Audio, and WavPack files.")
+    (license license:gpl2+)))
+
 (define-public extempore
   (package
     (name "extempore")
@@ -1857,7 +1927,7 @@ capabilities, custom envelopes, effects, etc.")
 (define-public yoshimi
   (package
     (name "yoshimi")
-    (version "1.5.3")
+    (version "1.5.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/yoshimi/"
@@ -1865,7 +1935,7 @@ capabilities, custom envelopes, effects, etc.")
                                   "/yoshimi-" version ".tar.bz2"))
               (sha256
                (base32
-                "0sns35pyw2f74xrv1fxiyf9g9415kvh2rrbdjd60hsiv584nlari"))))
+                "0h71x9742bswifwll7bma1fz648fd5xd0yfp7byvsczy6zhjz5pf"))))
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f ; there are no tests
@@ -1975,6 +2045,43 @@ on the library.")
 allows you to send JACK MIDI events (i.e. play) using your PC keyboard.")
     (license license:bsd-2)))
 
+(define-public jack-capture
+  (package
+    (name "jack-capture")
+    (version "0.9.73")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/kmatheussen/jack_capture.git")
+                    (commit version)))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "0jcqky96q8xgya6wqv1p8pj9fkf2wh7ynl67ah7x5bn3basgfclf"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:make-flags
+       (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
+       #:tests? #f ; there are none
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure))))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("which" ,which)))
+    (inputs
+     `(("gtk+" ,gtk+-2)
+       ("jack" ,jack-1)
+       ("libogg" ,libogg)
+       ("liblo" ,liblo)
+       ("lame" ,lame)
+       ("libsndfile" ,libsndfile)))
+    (home-page "https://github.com/kmatheussen/jack_capture")
+    (synopsis "Program for recording sound files with JACK")
+    (description "This is a program for recording sound files with JACK.  It
+can connect to any JACK port and record the output into a stereo WAV file.")
+    (license license:gpl2+)))
+
 (define-public cursynth
   (package
     (name "cursynth")
@@ -2001,6 +2108,34 @@ synthesis engine.  Notes and parameter changes may be entered via MIDI or the
 computer's keyboard.")
     (license license:gpl3+)))
 
+(define-public aj-snapshot
+  (package
+    (name "aj-snapshot")
+    (version "0.9.7")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://sourceforge/aj-snapshot/"
+                                  "aj-snapshot-" version ".tar.bz2"))
+              (sha256
+               (base32
+                "0yxccgp9qw2cyqv719wlbq8wfsr5ga8czvwa7bmb8dh5s11n3rn8"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("minixml" ,minixml)
+       ("jack" ,jack-1)
+       ("alsa-lib" ,alsa-lib)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "http://aj-snapshot.sourceforge.net/")
+    (synopsis "Snapshot connections between ALSA and JACK clients")
+    (description "Aj-snapshot is a small program that can be used to make
+snapshots of the connections made between JACK and/or ALSA clients.  Because
+JACK can provide both audio and MIDI support to programs, aj-snapshot can
+store both types of connections for JACK.  ALSA, on the other hand, only
+provides routing facilities for MIDI clients.  Aj-snapshot is meant to be used
+from the command line.")
+    (license license:gpl3+)))
+
 (define-public qtractor
   (package
     (name "qtractor")
@@ -2607,13 +2742,14 @@ standard MIDI file with the csvmidi program.")
     (name "gx-guvnor-lv2")
     (version "0.1")
     (source (origin
-              (method url-fetch)
-              (uri (string-append "https://github.com/brummer10/GxGuvnor.lv2/"
-                                  "archive/v" version ".tar.gz"))
-              (file-name (string-append name "-" version ".tar.gz"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/brummer10/GxGuvnor.lv2.git")
+                    (commit (string-append "v" version))))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
-                "0rnfvrvs8qmmldyfmx4llyly33zp68448gx40ywdwj42x0mam92p"))))
+                "1wa5070j40p7f0b3kr259pzm99xb6cf2badr2capayjvgayd6gnm"))))
     (build-system gnu-build-system)
     (arguments
      `(;; The check target is used only to output a warning.
@@ -2625,7 +2761,8 @@ standard MIDI file with the csvmidi program.")
          (replace 'configure
            (lambda _
              (substitute* "Makefile"
-               (("INSTALL_DIR = .*") "INSTALL_DIR=/lib/lv2\n"))
+               (("INSTALL_DIR = .*") "INSTALL_DIR=/lib/lv2\n")
+               (("install : all") "install :"))
              #t)))))
     (inputs
      `(("lv2" ,lv2)))
@@ -2634,12 +2771,13 @@ standard MIDI file with the csvmidi program.")
     (description "This package provides the LV2 plugin \"GxGuvnor\", a
 simulation of an overdrive or distortion pedal for guitars.")
     ;; The LICENSE file says GPLv3 but the license headers in the files say
-    ;; GPLv2 or later.
-    (license license:gpl2+)))
+    ;; GPLv2 or later.  The whole project is released under GPLv3 or later
+    ;; according to https://github.com/brummer10/GxGuvnor.lv2/issues/1
+    (license license:gpl3+)))
 
 (define-public gx-vbass-preamp-lv2
-  (let ((commit "0e599abab10c7669dd444e5d06f671c2fc1b9c6c")
-        (revision "1"))
+  (let ((commit "eb999b0ca0ef4da40a59e458a9ab6e7042b96c99")
+        (revision "2"))
     (package (inherit gx-guvnor-lv2)
       (name "gx-vbass-preamp-lv2")
       (version (string-append "0-" revision "." (string-take commit 9)))
@@ -2650,18 +2788,13 @@ simulation of an overdrive or distortion pedal for guitars.")
                       (commit commit)))
                 (sha256
                  (base32
-                  "1dzksdfrva666gpi62fd2ni9rhf18sl917f1894qr0b17pbdh9k1"))
+                  "0firap073ldw4nrykkd7jvyyj0jbl1nslxyzjj4kswazp99x7d9h"))
                 (file-name (string-append name "-" version "-checkout"))))
-      (arguments
-       (substitute-keyword-arguments (package-arguments gx-guvnor-lv2)
-         ((#:phases phases)
-          `(modify-phases ,phases
-             (replace 'configure
-               (lambda _
-                 (substitute* "Makefile"
-                   (("INSTALL_DIR = .*") "INSTALL_DIR=/lib/lv2\n")
-                   (("install : all") "install :"))
-                 #t))))))
+      (inputs
+       `(("lv2" ,lv2)
+         ("gtk+" ,gtk+-2)))
+      (native-inputs
+       `(("pkg-config" ,pkg-config)))
       (home-page "https://github.com/brummer10/GxVBassPreAmp.lv2")
       (synopsis "Simulation of the Vox Venue Bass 100 Pre Amp Section")
       (description "This package provides the LV2 plugin \"GxVBassPreAmp\", a
@@ -2671,7 +2804,7 @@ Section."))))
 (define-public gx-overdriver-lv2
   (let ((commit "ed71801987449414bf3adaa0dbfac68e8775f1ce")
         (revision "1"))
-    (package (inherit gx-vbass-preamp-lv2)
+    (package (inherit gx-guvnor-lv2)
       (name "gx-overdriver-lv2")
       (version (string-append "0-" revision "." (string-take commit 9)))
       (source (origin
@@ -2691,7 +2824,7 @@ overdrive effect."))))
 (define-public gx-tone-mender-lv2
   (let ((commit "b6780b4a3e4782b3ed0e5882d6788f178aed138f")
         (revision "1"))
-    (package (inherit gx-vbass-preamp-lv2)
+    (package (inherit gx-guvnor-lv2)
       (name "gx-tone-mender-lv2")
       (version (string-append "0-" revision "." (string-take commit 9)))
       (source (origin
@@ -2711,7 +2844,7 @@ clean boost effect with a 3-knob tonestack."))))
 (define-public gx-push-pull-lv2
   (let ((commit "7f76ae2068498643ac8671ee0930b13ee3fd8eb5")
         (revision "1"))
-    (package (inherit gx-vbass-preamp-lv2)
+    (package (inherit gx-guvnor-lv2)
       (name "gx-push-pull-lv2")
       (version (string-append "0-" revision "." (string-take commit 9)))
       (source (origin
@@ -2733,14 +2866,14 @@ simulation of a push pull transistor fuzz effect with added high octave."))))
     (name "gx-suppa-tone-bender-lv2")
     (version "0.1")
     (source (origin
-              (method url-fetch)
-              (uri (string-append "https://github.com/brummer10/"
-                                  "GxSuppaToneBender.lv2/archive/v"
-                                  version ".tar.gz"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/brummer10/GxSuppaToneBender.lv2.git")
+                    (commit (string-append "v" version))))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
-                "1j90fns87035sfr6bxs4cvqxbyy3pqjhihx1nis8xajn202nl1hx"))
-              (file-name (string-append name "-" version ".tar.gz"))))
+                "01x6bjmllkmvxfzc5xwdix7w021j26js71awv728cxsmkxgqw0zy"))))
     (home-page "https://github.com/brummer10/GxSuppaToneBender.lv2")
     (synopsis "Simulation of the Vox Suppa Tone Bender pedal")
     (description "This package provides the LV2 plugin
@@ -2748,8 +2881,8 @@ simulation of a push pull transistor fuzz effect with added high octave."))))
 pedal.")))
 
 (define-public gx-saturator-lv2
-  (let ((commit "0b581ac85c515325b9f16e51937cae6e1bf81a0a")
-        (revision "2"))
+  (let ((commit "605330f432c94b6eb3f8203cbe472befae959532")
+        (revision "3"))
     (package (inherit gx-vbass-preamp-lv2)
       (name "gx-saturator-lv2")
       (version (string-append "0-" revision "." (string-take commit 9)))
@@ -2760,7 +2893,7 @@ pedal.")))
                       (commit commit)))
                 (sha256
                  (base32
-                  "1cl785pzq8zk55m1rnhfd6qsabci6kpf4pf002gwr91vagyq246z"))
+                  "1w4nvh0rmxrv3s3hmh4fs74f3hc0jn31v00j769j7v68mqr7kawy"))
                 (file-name (string-append name "-" version "-checkout"))))
       (home-page "https://github.com/brummer10/GxSaturator.lv2")
       (synopsis "Saturation effect")
@@ -2772,14 +2905,14 @@ saturation effect."))))
     (name "gx-hyperion-lv2")
     (version "0.1")
     (source (origin
-              (method url-fetch)
-              (uri (string-append "https://github.com/brummer10/"
-                                  "GxHyperion.lv2/archive/v"
-                                  version ".tar.gz"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/brummer10/GxHyperion.lv2.git")
+                    (commit (string-append "v" version))))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
-                "1pd7l33a14kq73wavgqq7csw4n3mwjz9d5rxaj0jgsyxd3llp3wh"))
-              (file-name (string-append name "-" version ".tar.gz"))))
+                "1vx79s6s9if117y2g0ppdja2sv2wcny6xcfl3j1z4cipahnildxf"))))
     (home-page "https://github.com/brummer10/GxHyperion.lv2")
     (synopsis "Simulation of the Hyperion Fuzz pedal")
     (description "This package provides the LV2 plugin \"GxHyperion\", a
@@ -2790,14 +2923,14 @@ simulation of the Hyperion Fuzz pedal.")))
     (name "gx-voodoo-fuzz-lv2")
     (version "0.1")
     (source (origin
-              (method url-fetch)
-              (uri (string-append "https://github.com/brummer10/"
-                                  "GxVoodoFuzz.lv2/archive/v"
-                                  version ".tar.gz"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/brummer10/GxVoodoFuzz.lv2.git")
+                    (commit (string-append "v" version))))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
-                "0cc8sg7q493bs6pcq4ipqp6czpxv04nh9yvn8kq2x65ni2208n2f"))
-              (file-name (string-append name "-" version ".tar.gz"))))
+                "1v0scphivri1fk4hl20j13f92i48mnx1zsil4hgnadsmm4nsfw43"))))
     (home-page "https://github.com/brummer10/GxVoodoFuzz.lv2")
     (synopsis "Fuzz effect modelled after the Voodoo Lab SuperFuzz")
     (description "This package provides the LV2 plugin \"GxVoodooFuzz\", a
@@ -2810,14 +2943,14 @@ parallel with a DarkBooster, followed by a volume control.")))
     (name "gx-super-fuzz-lv2")
     (version "0.1")
     (source (origin
-              (method url-fetch)
-              (uri (string-append "https://github.com/brummer10/"
-                                  "GxSuperFuzz.lv2/archive/v"
-                                  version ".tar.gz"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/brummer10/GxSuperFuzz.lv2.git")
+                    (commit (string-append "v" version))))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
-                "0pnivq05f1kji8c5jxsqdzhdfk3xn422v2d1x20x3jfsxnaf115x"))
-              (file-name (string-append name "-" version ".tar.gz"))))
+                "1jlljd9hlgfflbiizq47lv1xbbgjyx3v835mf24zmh1q5zsw4np4"))))
     (home-page "https://github.com/brummer10/GxSuperFuzz.lv2")
     (synopsis "Fuzz effect modelled after the UniVox SuperFuzz")
     (description "This package provides the LV2 plugin \"GxSuperFuzz\", an
@@ -2830,22 +2963,22 @@ adjusts the amount of harmonics.")))
     (name "gx-vintage-fuzz-master-lv2")
     (version "0.1")
     (source (origin
-              (method url-fetch)
-              (uri (string-append "https://github.com/brummer10/"
-                                  "GxVintageFuzzMaster.lv2/archive/v"
-                                  version ".tar.gz"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/brummer10/GxVintageFuzzMaster.lv2.git")
+                    (commit (string-append "v" version))))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
-                "0bdkfj6xi2g4izfw3pmr4i0nqzg8jnkdwc23x9ifxwc6p1kbayzk"))
-              (file-name (string-append name "-" version ".tar.gz"))))
+                "02jb211z8rw2qr5r1z5mdxlqgiw6cbc319xpqplvn6k21c59mskv"))))
     (home-page "https://github.com/brummer10/GxVintageFuzzMaster.lv2")
     (synopsis "Fuzz effect simulation of the vintage Fuzz Master")
     (description "This package provides the LV2 plugin
 \"GxVintageFuzzMaster\", a simulation of the vintage Fuzz Master pedal.")))
 
 (define-public gx-slow-gear-lv2
-  (let ((commit "cb852e0426f4e6fe077e7f1ede73a4da335cfc5e")
-        (revision "2"))
+  (let ((commit "5d37e775b0feef1d82feee94e2a7a2d7e57efe2d")
+        (revision "3"))
     (package (inherit gx-vbass-preamp-lv2)
       (name "gx-slow-gear-lv2")
       (version (string-append "0-" revision "." (string-take commit 9)))
@@ -2856,7 +2989,7 @@ adjusts the amount of harmonics.")))
                       (commit commit)))
                 (sha256
                  (base32
-                  "0dp7afi1r3kzciiyn1hrkz6arsq47ys9sx5g4b7xa9k1dv92ishp"))
+                  "141mz69zkhk3lm54bb6wgpnghb92zm1ig7fv07240cmhydqji1q1"))
                 (file-name (string-append name "-" version "-checkout"))))
       (home-page "https://github.com/brummer10/GxSlowGear.lv2")
       (synopsis "Slow gear audio effect")
@@ -2866,7 +2999,7 @@ slow gear audio effect to produce volume swells."))))
 (define-public gx-switchless-wah-lv2
   (let ((commit "7b08691203314612999f0ce2328cdc1161cd6665")
         (revision "2"))
-    (package (inherit gx-vbass-preamp-lv2)
+    (package (inherit gx-guvnor-lv2)
       (name "gx-switchless-wah-lv2")
       (version (string-append "0-" revision "." (string-take commit 9)))
       (source (origin
@@ -2884,8 +3017,8 @@ slow gear audio effect to produce volume swells."))))
 a simulation of an analog Wah pedal with switchless activation."))))
 
 (define-public mod-utilities
-  (let ((commit "7cdeeac26ae682730740105ece121d4dddb8ba3f")
-        (revision "1"))
+  (let ((commit "80ea3ea9f52fab7f191671f4810bf90fc955a046")
+        (revision "2"))
     (package
       (name "mod-utilities")
       (version (string-append "0-" revision "." (string-take commit 9)))
@@ -2894,17 +3027,19 @@ a simulation of an analog Wah pedal with switchless activation."))))
                 (uri (git-reference
                       (url "https://github.com/moddevices/mod-utilities.git")
                       (commit commit)))
+                (file-name (string-append name "-" version "-checkout"))
                 (sha256
                  (base32
-                  "1ilnkbrmwrszxvc21qlb86h29yz7cnc6rcp0jmna1y693ny2qhf4"))
-                (file-name (string-append name "-" version "-checkout"))))
+                  "1v55zmzmlg0ka7341x5lsvb44amy17vk27s669ps1basd1bk5s5v"))))
       (build-system gnu-build-system)
       (arguments
        `(#:tests? #f ; there are no tests
          #:make-flags
          (list (string-append "INSTALL_PATH="
                               (assoc-ref %outputs "out")
-                              "/lib/lv2"))
+                              "/lib/lv2")
+               (string-append "PREFIX=" (assoc-ref %outputs "out"))
+               "CC=gcc")
          #:phases
          (modify-phases %standard-phases
            (delete 'configure))))
@@ -3005,14 +3140,14 @@ develop custom plugins for use in other applications without programming.")
 (define-public qmidiarp
   (package
     (name "qmidiarp")
-    (version "0.6.4")
+    (version "0.6.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/qmidiarp/qmidiarp/"
                                   version "/qmidiarp-" version ".tar.bz2"))
               (sha256
                (base32
-                "1gkfv8ajgf86kbn6j5ilfc1zlz17gdi9yxzywqd6jwff4xlm75hx"))))
+                "043yh1p0rrbj1v840y27529m9260g55gvh1km8az4jxy7mns58r2"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
@@ -3548,3 +3683,71 @@ by The Echo Nest.")
 @url{https://gpodder.net} APIs.  It allows applications to discover, manage
 and track podcasts.")
     (license license:lgpl2.1+)))
+
+(define-public sonivox-eas
+  (package
+    (name "sonivox-eas")
+    (version "1.1.0")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/pedrolcl/Linux-SonivoxEas.git")
+                    (commit (string-append "v" version))))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "0l9gs00p5g4k4qy6i7nv1mfi2n2wnsycwjrgrh9hxzam4irf2mw2"))))
+    (build-system cmake-build-system)
+    (arguments '(#:tests? #f)) ; there are no tests
+    (inputs
+     `(("alsa-lib" ,alsa-lib)
+       ("drumstick" ,drumstick)
+       ("pulseaudio" ,pulseaudio)
+       ("qtbase" ,qtbase)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "https://github.com/pedrolcl/Linux-SonivoxEas")
+    (synopsis "MIDI synthesizer library")
+    (description "This project is a real time General MIDI synthesizer based
+on the Sonivox EAS Synthesizer by Google.  It does not need external
+soundfonts, using embedded samples instead.")
+    ;; Sonivox is released under the ASL2.0; the rest of the code is under
+    ;; GPLv2+.
+    (license (list license:gpl2+ license:asl2.0))))
+
+(define-public whysynth
+  (package
+    (name "whysynth")
+    (version "20170701")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://smbolton.com/whysynth/whysynth-"
+                                  version ".tar.bz2"))
+              (sha256
+               (base32
+                "02qbn0hbvn1iym4zxv35b201blg31yjpgh71h8db0j5zls2xc0m6"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("dssi" ,dssi)
+       ("liblo" ,liblo)
+       ("fftwf" ,fftwf)
+       ("gtk+" ,gtk+-2)
+       ("ladspa" ,ladspa)
+       ("alsa-lib" ,alsa-lib)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "http://smbolton.com/whysynth.html")
+    (synopsis "DSSI software synthesizer")
+    (description "WhySynth is a versatile softsynth which operates as a plugin
+for the DSSI Soft Synth Interface.  A brief list of features:
+
+@enumerate
+@item 4 oscillators, 2 filters, 3 LFOs, and 5 envelope generators per voice.
+@item 11 oscillator modes: minBLEP, wavecycle, chorused wavecycle,
+  asynchronous granular, three FM modes, waveshaper, noise, PADsynth, and phase
+  distortion.
+@item 10 filter modes.
+@item flexible modulation and mixdown options, plus effects.
+@end enumerate
+")
+    (license license:gpl2+)))
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index c60f255c3d..bf8e8c65d4 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -450,7 +450,7 @@ and up to 1 Mbit/s downstream.")
 (define-public whois
   (package
     (name "whois")
-    (version "5.2.18")
+    (version "5.2.19")
     (source
      (origin
        (method url-fetch)
@@ -458,7 +458,7 @@ and up to 1 Mbit/s downstream.")
                            name "_" version ".tar.xz"))
        (sha256
         (base32
-         "1mcpgj18n1xppvlhjqzpj05yr5z48bym9bd88k10fwgkmwk0spf3"))))
+         "0b16w48c17k35lhd95qcl2kjq2rahk8znkg3w467rf3kzmsa4fbc"))))
     (build-system gnu-build-system)
     ;; TODO: unbundle mkpasswd binary + its po files.
     (arguments
@@ -471,13 +471,14 @@ and up to 1 Mbit/s downstream.")
          (add-before 'build 'setenv
            (lambda _
              (setenv "HAVE_ICONV" "1")
-             (setenv "HAVE_LIBIDN" "1")
              #t)))))
     (inputs
+     ;; TODO: Switch to libidn2 when >= 2.0.3 is ungrafted in master.
      `(("libidn" ,libidn)))
     (native-inputs
      `(("gettext" ,gettext-minimal)
-       ("perl" ,perl)))
+       ("perl" ,perl)
+       ("pkg-config" ,pkg-config)))
     (synopsis "Improved whois client")
     (description "This whois client is intelligent and can
 automatically select the appropriate whois server for most queries.
@@ -710,7 +711,7 @@ allows for heavy scripting.")
 (define-public perl-net-dns
  (package
   (name "perl-net-dns")
-  (version "1.13")
+  (version "1.14")
   (source
     (origin
       (method url-fetch)
@@ -720,7 +721,7 @@ allows for heavy scripting.")
              ".tar.gz"))
       (sha256
         (base32
-          "0dlca65l45mqs7l58fg838bj3as5kmnbs1zy8vg9cbsz6rindivy"))))
+          "1z4r092qv0ify033dld5jayk8gs0bc7pl130dvb8ab7b9rcqmhw3"))))
   (build-system perl-build-system)
   (inputs
     `(("perl-digest-hmac" ,perl-digest-hmac)))
diff --git a/gnu/packages/nutrition.scm b/gnu/packages/nutrition.scm
index 90019f848c..0e03253cf1 100644
--- a/gnu/packages/nutrition.scm
+++ b/gnu/packages/nutrition.scm
@@ -52,11 +52,18 @@
     (inputs
      `(("pygtk"             ,python2-pygtk)
        ("sqlalchemy"        ,python2-sqlalchemy)
+       ("python-lxml"       ,python2-lxml)
        ("python-pillow"     ,python2-pillow)
        ("elib.intl"         ,python2-elib.intl)))
     (arguments
      `(#:python ,python-2               ;exception and print syntax
-       #:tests? #f))                    ;tests look bitrotted
+       #:tests? #f                      ;tests look bitrotted
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'install
+           (lambda* (#:key make-flags #:allow-other-keys)
+             (zero? (system* "python" "setup.py" "install" "--prefix"
+                             (assoc-ref %outputs "out"))))))))
     (home-page "http://thinkle.github.io/gourmet/")
     (synopsis "Recipe organizer")
     (description
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index e9f48ea89d..7aeb4967bf 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -87,8 +87,8 @@
   ;; Note: the 'update-guix-package.scm' script expects this definition to
   ;; start precisely like this.
   (let ((version "0.14.0")
-        (commit "ad4953bc0ec1684c49c0934304c7ec200a0cd280")
-        (revision 1))
+        (commit "02345c963e1e8a45afcdf5acb80fca4538244b36")
+        (revision 2))
     (package
       (name "guix")
 
@@ -104,7 +104,7 @@
                       (commit commit)))
                 (sha256
                  (base32
-                  "0ngra4cb1kf3kwccslmhnvlr116drsnbqrsjniq1hrg5mqf6vf1b"))
+                  "0f33makasj14zf0zfv1w7k04bkcpdy5grx5b904vv5ygi5bak7nx"))
                 (file-name (string-append "guix-" version "-checkout"))))
       (build-system gnu-build-system)
       (arguments
diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm
index 64168cc9d6..ffa152f279 100644
--- a/gnu/packages/password-utils.scm
+++ b/gnu/packages/password-utils.scm
@@ -14,6 +14,7 @@
 ;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2017 Nicolas Goaziou <mail@nicolasgoaziou.fr>
 ;;; Copyright © 2017 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
+;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -98,6 +99,10 @@ human.")
         (base32
          "0wrl8kxb16wzdgfjj057yv18cfg0b8z8lxp1fl2q8fkdgr7phm9g"))))
     (build-system cmake-build-system)
+    (arguments
+     `(#:configure-flags
+       (list (string-append "-DCMAKE_INSTALL_LIBDIR="
+                            (assoc-ref %outputs "out") "/lib"))))
     (inputs
      `(("libgcrypt" ,libgcrypt)
        ("libxi" ,libxi)
diff --git a/gnu/packages/patches/borg-fix-archive-corruption-bug.patch b/gnu/packages/patches/borg-fix-archive-corruption-bug.patch
new file mode 100644
index 0000000000..0debf119be
--- /dev/null
+++ b/gnu/packages/patches/borg-fix-archive-corruption-bug.patch
@@ -0,0 +1,68 @@
+Fix a bug in `borg check --repair` that corrupts existing archives:
+
+https://github.com/borgbackup/borg/issues/3444
+
+Patches copied from upstream source repository:
+
+https://github.com/borgbackup/borg/commit/e09892caec8a63d59e909518c4e9c230dbd69774
+https://github.com/borgbackup/borg/commit/a68d28bfa4db30561150c83eb6a0dca5efa4d9e8
+
+From a68d28bfa4db30561150c83eb6a0dca5efa4d9e8 Mon Sep 17 00:00:00 2001
+From: Thomas Waldmann <tw@waldmann-edv.de>
+Date: Sat, 16 Dec 2017 01:11:40 +0100
+Subject: [PATCH 1/2] modify borg check unit test so it "hangs", see #3444
+
+it doesn't infinitely hang, but slows down considerably.
+---
+ src/borg/testsuite/archiver.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/borg/testsuite/archiver.py b/src/borg/testsuite/archiver.py
+index c7def2c7..b3383e97 100644
+--- a/src/borg/testsuite/archiver.py
++++ b/src/borg/testsuite/archiver.py
+@@ -3006,7 +3006,7 @@ def test_missing_file_chunk(self):
+     def test_missing_archive_item_chunk(self):
+         archive, repository = self.open_archive('archive1')
+         with repository:
+-            repository.delete(archive.metadata.items[-5])
++            repository.delete(archive.metadata.items[0])
+             repository.commit()
+         self.cmd('check', self.repository_location, exit_code=1)
+         self.cmd('check', '--repair', self.repository_location, exit_code=0)
+-- 
+2.15.1
+
+
+From e09892caec8a63d59e909518c4e9c230dbd69774 Mon Sep 17 00:00:00 2001
+From: Thomas Waldmann <tw@waldmann-edv.de>
+Date: Sat, 16 Dec 2017 01:16:05 +0100
+Subject: [PATCH 2/2] check --repair: fix malfunctioning validator, fixes #3444
+
+the major problem was the ('path' in item) expression.
+the dict has bytes-typed keys there, so it never succeeded as it
+looked for a str key. this is a 1.1 regression, 1.0 was fine.
+
+the dict -> StableDict change is just for being more specific,
+the check triggered correctly as StableDict subclasses dict,
+it was just a bit too general.
+---
+ src/borg/archive.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/borg/archive.py b/src/borg/archive.py
+index 239d00b7..be086800 100644
+--- a/src/borg/archive.py
++++ b/src/borg/archive.py
+@@ -1457,7 +1457,7 @@ def robust_iterator(archive):
+             """
+             item_keys = frozenset(key.encode() for key in self.manifest.item_keys)
+             required_item_keys = frozenset(key.encode() for key in REQUIRED_ITEM_KEYS)
+-            unpacker = RobustUnpacker(lambda item: isinstance(item, dict) and 'path' in item,
++            unpacker = RobustUnpacker(lambda item: isinstance(item, StableDict) and b'path' in item,
+                                       self.manifest.item_keys)
+             _state = 0
+ 
+-- 
+2.15.1
+
diff --git a/gnu/packages/patches/eigen-arm-neon-fixes.patch b/gnu/packages/patches/eigen-arm-neon-fixes.patch
new file mode 100644
index 0000000000..0838f30463
--- /dev/null
+++ b/gnu/packages/patches/eigen-arm-neon-fixes.patch
@@ -0,0 +1,245 @@
+# HG changeset patch
+# User Gael Guennebaud <g.gael@free.fr>
+# Date 1497514590 -7200
+# Node ID d781c1de98342c5ca29c2fe719d8d3c96a35dcd4
+# Parent  48cd83b2b459aa9f3f5dca135d38760fe0b02a2f
+Bug 1436: fix compilation of Jacobi rotations with ARM NEON, some specializations of internal::conj_helper were missing.
+
+diff --git a/Eigen/Core b/Eigen/Core
+--- a/Eigen/Core
++++ b/Eigen/Core
+@@ -371,6 +371,7 @@
+ #include "src/Core/MathFunctions.h"
+ #include "src/Core/GenericPacketMath.h"
+ #include "src/Core/MathFunctionsImpl.h"
++#include "src/Core/arch/Default/ConjHelper.h"
+ 
+ #if defined EIGEN_VECTORIZE_AVX512
+   #include "src/Core/arch/SSE/PacketMath.h"
+diff --git a/Eigen/src/Core/arch/AVX/Complex.h b/Eigen/src/Core/arch/AVX/Complex.h
+--- a/Eigen/src/Core/arch/AVX/Complex.h
++++ b/Eigen/src/Core/arch/AVX/Complex.h
+@@ -204,23 +204,7 @@
+   }
+ };
+ 
+-template<> struct conj_helper<Packet8f, Packet4cf, false,false>
+-{
+-  EIGEN_STRONG_INLINE Packet4cf pmadd(const Packet8f& x, const Packet4cf& y, const Packet4cf& c) const
+-  { return padd(c, pmul(x,y)); }
+-
+-  EIGEN_STRONG_INLINE Packet4cf pmul(const Packet8f& x, const Packet4cf& y) const
+-  { return Packet4cf(Eigen::internal::pmul(x, y.v)); }
+-};
+-
+-template<> struct conj_helper<Packet4cf, Packet8f, false,false>
+-{
+-  EIGEN_STRONG_INLINE Packet4cf pmadd(const Packet4cf& x, const Packet8f& y, const Packet4cf& c) const
+-  { return padd(c, pmul(x,y)); }
+-
+-  EIGEN_STRONG_INLINE Packet4cf pmul(const Packet4cf& x, const Packet8f& y) const
+-  { return Packet4cf(Eigen::internal::pmul(x.v, y)); }
+-};
++EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet4cf,Packet8f)
+ 
+ template<> EIGEN_STRONG_INLINE Packet4cf pdiv<Packet4cf>(const Packet4cf& a, const Packet4cf& b)
+ {
+@@ -400,23 +384,7 @@
+   }
+ };
+ 
+-template<> struct conj_helper<Packet4d, Packet2cd, false,false>
+-{
+-  EIGEN_STRONG_INLINE Packet2cd pmadd(const Packet4d& x, const Packet2cd& y, const Packet2cd& c) const
+-  { return padd(c, pmul(x,y)); }
+-
+-  EIGEN_STRONG_INLINE Packet2cd pmul(const Packet4d& x, const Packet2cd& y) const
+-  { return Packet2cd(Eigen::internal::pmul(x, y.v)); }
+-};
+-
+-template<> struct conj_helper<Packet2cd, Packet4d, false,false>
+-{
+-  EIGEN_STRONG_INLINE Packet2cd pmadd(const Packet2cd& x, const Packet4d& y, const Packet2cd& c) const
+-  { return padd(c, pmul(x,y)); }
+-
+-  EIGEN_STRONG_INLINE Packet2cd pmul(const Packet2cd& x, const Packet4d& y) const
+-  { return Packet2cd(Eigen::internal::pmul(x.v, y)); }
+-};
++EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet2cd,Packet4d)
+ 
+ template<> EIGEN_STRONG_INLINE Packet2cd pdiv<Packet2cd>(const Packet2cd& a, const Packet2cd& b)
+ {
+diff --git a/Eigen/src/Core/arch/AltiVec/Complex.h b/Eigen/src/Core/arch/AltiVec/Complex.h
+--- a/Eigen/src/Core/arch/AltiVec/Complex.h
++++ b/Eigen/src/Core/arch/AltiVec/Complex.h
+@@ -224,23 +224,7 @@
+   }
+ };
+ 
+-template<> struct conj_helper<Packet4f, Packet2cf, false,false>
+-{
+-  EIGEN_STRONG_INLINE Packet2cf pmadd(const Packet4f& x, const Packet2cf& y, const Packet2cf& c) const
+-  { return padd(c, pmul(x,y)); }
+-
+-  EIGEN_STRONG_INLINE Packet2cf pmul(const Packet4f& x, const Packet2cf& y) const
+-  { return Packet2cf(internal::pmul<Packet4f>(x, y.v)); }
+-};
+-
+-template<> struct conj_helper<Packet2cf, Packet4f, false,false>
+-{
+-  EIGEN_STRONG_INLINE Packet2cf pmadd(const Packet2cf& x, const Packet4f& y, const Packet2cf& c) const
+-  { return padd(c, pmul(x,y)); }
+-
+-  EIGEN_STRONG_INLINE Packet2cf pmul(const Packet2cf& x, const Packet4f& y) const
+-  { return Packet2cf(internal::pmul<Packet4f>(x.v, y)); }
+-};
++EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet2cf,Packet4f)
+ 
+ template<> EIGEN_STRONG_INLINE Packet2cf pdiv<Packet2cf>(const Packet2cf& a, const Packet2cf& b)
+ {
+@@ -416,23 +400,8 @@
+     return pconj(internal::pmul(a, b));
+   }
+ };
+-template<> struct conj_helper<Packet2d, Packet1cd, false,false>
+-{
+-  EIGEN_STRONG_INLINE Packet1cd pmadd(const Packet2d& x, const Packet1cd& y, const Packet1cd& c) const
+-  { return padd(c, pmul(x,y)); }
+ 
+-  EIGEN_STRONG_INLINE Packet1cd pmul(const Packet2d& x, const Packet1cd& y) const
+-  { return Packet1cd(internal::pmul<Packet2d>(x, y.v)); }
+-};
+-
+-template<> struct conj_helper<Packet1cd, Packet2d, false,false>
+-{
+-  EIGEN_STRONG_INLINE Packet1cd pmadd(const Packet1cd& x, const Packet2d& y, const Packet1cd& c) const
+-  { return padd(c, pmul(x,y)); }
+-
+-  EIGEN_STRONG_INLINE Packet1cd pmul(const Packet1cd& x, const Packet2d& y) const
+-  { return Packet1cd(internal::pmul<Packet2d>(x.v, y)); }
+-};
++EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet1cd,Packet2d)
+ 
+ template<> EIGEN_STRONG_INLINE Packet1cd pdiv<Packet1cd>(const Packet1cd& a, const Packet1cd& b)
+ {
+diff --git a/Eigen/src/Core/arch/Default/ConjHelper.h b/Eigen/src/Core/arch/Default/ConjHelper.h
+new file mode 100644
+--- /dev/null
++++ b/Eigen/src/Core/arch/Default/ConjHelper.h
+@@ -0,0 +1,29 @@
++
++// This file is part of Eigen, a lightweight C++ template library
++// for linear algebra.
++//
++// Copyright (C) 2017 Gael Guennebaud <gael.guennebaud@inria.fr>
++//
++// This Source Code Form is subject to the terms of the Mozilla
++// Public License v. 2.0. If a copy of the MPL was not distributed
++// with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
++
++#ifndef EIGEN_ARCH_CONJ_HELPER_H
++#define EIGEN_ARCH_CONJ_HELPER_H
++
++#define EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(PACKET_CPLX, PACKET_REAL)                                                          \
++  template<> struct conj_helper<PACKET_REAL, PACKET_CPLX, false,false> {                                          \
++    EIGEN_STRONG_INLINE PACKET_CPLX pmadd(const PACKET_REAL& x, const PACKET_CPLX& y, const PACKET_CPLX& c) const \
++    { return padd(c, pmul(x,y)); }                                                                                \
++    EIGEN_STRONG_INLINE PACKET_CPLX pmul(const PACKET_REAL& x, const PACKET_CPLX& y) const                        \
++    { return PACKET_CPLX(Eigen::internal::pmul<PACKET_REAL>(x, y.v)); }                                           \
++  };                                                                                                              \
++                                                                                                                  \
++  template<> struct conj_helper<PACKET_CPLX, PACKET_REAL, false,false> {                                          \
++    EIGEN_STRONG_INLINE PACKET_CPLX pmadd(const PACKET_CPLX& x, const PACKET_REAL& y, const PACKET_CPLX& c) const \
++    { return padd(c, pmul(x,y)); }                                                                                \
++    EIGEN_STRONG_INLINE PACKET_CPLX pmul(const PACKET_CPLX& x, const PACKET_REAL& y) const                        \
++    { return PACKET_CPLX(Eigen::internal::pmul<PACKET_REAL>(x.v, y)); }                                           \
++  };
++
++#endif // EIGEN_ARCH_CONJ_HELPER_H
+diff --git a/Eigen/src/Core/arch/NEON/Complex.h b/Eigen/src/Core/arch/NEON/Complex.h
+--- a/Eigen/src/Core/arch/NEON/Complex.h
++++ b/Eigen/src/Core/arch/NEON/Complex.h
+@@ -265,6 +265,8 @@
+   }
+ };
+ 
++EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet2cf,Packet4f)
++
+ template<> EIGEN_STRONG_INLINE Packet2cf pdiv<Packet2cf>(const Packet2cf& a, const Packet2cf& b)
+ {
+   // TODO optimize it for NEON
+@@ -456,6 +458,8 @@
+   }
+ };
+ 
++EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet1cd,Packet2d)
++
+ template<> EIGEN_STRONG_INLINE Packet1cd pdiv<Packet1cd>(const Packet1cd& a, const Packet1cd& b)
+ {
+   // TODO optimize it for NEON
+diff --git a/Eigen/src/Core/arch/SSE/Complex.h b/Eigen/src/Core/arch/SSE/Complex.h
+--- a/Eigen/src/Core/arch/SSE/Complex.h
++++ b/Eigen/src/Core/arch/SSE/Complex.h
+@@ -229,23 +229,7 @@
+   }
+ };
+ 
+-template<> struct conj_helper<Packet4f, Packet2cf, false,false>
+-{
+-  EIGEN_STRONG_INLINE Packet2cf pmadd(const Packet4f& x, const Packet2cf& y, const Packet2cf& c) const
+-  { return padd(c, pmul(x,y)); }
+-
+-  EIGEN_STRONG_INLINE Packet2cf pmul(const Packet4f& x, const Packet2cf& y) const
+-  { return Packet2cf(Eigen::internal::pmul<Packet4f>(x, y.v)); }
+-};
+-
+-template<> struct conj_helper<Packet2cf, Packet4f, false,false>
+-{
+-  EIGEN_STRONG_INLINE Packet2cf pmadd(const Packet2cf& x, const Packet4f& y, const Packet2cf& c) const
+-  { return padd(c, pmul(x,y)); }
+-
+-  EIGEN_STRONG_INLINE Packet2cf pmul(const Packet2cf& x, const Packet4f& y) const
+-  { return Packet2cf(Eigen::internal::pmul<Packet4f>(x.v, y)); }
+-};
++EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet2cf,Packet4f)
+ 
+ template<> EIGEN_STRONG_INLINE Packet2cf pdiv<Packet2cf>(const Packet2cf& a, const Packet2cf& b)
+ {
+@@ -430,23 +414,7 @@
+   }
+ };
+ 
+-template<> struct conj_helper<Packet2d, Packet1cd, false,false>
+-{
+-  EIGEN_STRONG_INLINE Packet1cd pmadd(const Packet2d& x, const Packet1cd& y, const Packet1cd& c) const
+-  { return padd(c, pmul(x,y)); }
+-
+-  EIGEN_STRONG_INLINE Packet1cd pmul(const Packet2d& x, const Packet1cd& y) const
+-  { return Packet1cd(Eigen::internal::pmul<Packet2d>(x, y.v)); }
+-};
+-
+-template<> struct conj_helper<Packet1cd, Packet2d, false,false>
+-{
+-  EIGEN_STRONG_INLINE Packet1cd pmadd(const Packet1cd& x, const Packet2d& y, const Packet1cd& c) const
+-  { return padd(c, pmul(x,y)); }
+-
+-  EIGEN_STRONG_INLINE Packet1cd pmul(const Packet1cd& x, const Packet2d& y) const
+-  { return Packet1cd(Eigen::internal::pmul<Packet2d>(x.v, y)); }
+-};
++EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet1cd,Packet2d)
+ 
+ template<> EIGEN_STRONG_INLINE Packet1cd pdiv<Packet1cd>(const Packet1cd& a, const Packet1cd& b)
+ {
+diff --git a/Eigen/src/Core/arch/ZVector/Complex.h b/Eigen/src/Core/arch/ZVector/Complex.h
+--- a/Eigen/src/Core/arch/ZVector/Complex.h
++++ b/Eigen/src/Core/arch/ZVector/Complex.h
+@@ -336,6 +336,9 @@
+   }
+ };
+ 
++EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet2cf,Packet4f)
++EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet1cd,Packet2d)
++
+ template<> EIGEN_STRONG_INLINE Packet1cd pdiv<Packet1cd>(const Packet1cd& a, const Packet1cd& b)
+ {
+   // TODO optimize it for AltiVec
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch
deleted file mode 100644
index dbcaea1343..0000000000
--- a/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch
+++ /dev/null
@@ -1,137 +0,0 @@
-http://www.openwall.com/lists/oss-security/2017/09/01/6
-
-CVE-2017-11403:
-http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37
-
-CVE-2017-14103:
-http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f
-
-some changes were made to make the patch apply
-
-# HG changeset patch
-# User Glenn Randers-Pehrson <glennrp+bmo@gmail.com>
-# Date 1503875721 14400
-# Node ID 98721124e51fd5ec0c6fba64bce2e218869632d2
-# Parent  f0f2ea85a2930f3b6dcd72352719adb9660f2aad
-Attempt to fix Issue 440.
-
-diff -ru a/coders/png.c b/coders/png.c
---- a/coders/png.c	1969-12-31 19:00:00.000000000 -0500
-+++ b/coders/png.c	2017-09-10 11:31:56.543194173 -0400
-@@ -3106,7 +3106,9 @@
-       if (length > PNG_MAX_UINT || count == 0)
-         {
-           DestroyJNGInfo(color_image_info,alpha_image_info);
--          ThrowReaderException(CorruptImageError,CorruptImage,image);
-+          (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+              "chunk length (%lu) > PNG_MAX_UINT",length);
-+          return ((Image*)NULL);
-         }
-
-       chunk=(unsigned char *) NULL;
-@@ -3117,13 +3119,16 @@
-           if (chunk == (unsigned char *) NULL)
-             {
-               DestroyJNGInfo(color_image_info,alpha_image_info);
--              ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,
--                                   image);
-+              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                  "    Could not allocate chunk memory");
-+              return ((Image*)NULL);
-             }
-           if (ReadBlob(image,length,chunk) < length)
-             {
-               DestroyJNGInfo(color_image_info,alpha_image_info);
--              ThrowReaderException(CorruptImageError,CorruptImage,image);
-+              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                  "    chunk reading was incomplete");
-+              return ((Image*)NULL);
-             }
-           p=chunk;
-         }
-@@ -3198,7 +3203,7 @@
-                   jng_width, jng_height);
-               MagickFreeMemory(chunk);
-               DestroyJNGInfo(color_image_info,alpha_image_info);
--              ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
-+              return ((Image *)NULL);
-             }
-
-           /* Temporarily set width and height resources to match JHDR */
-@@ -3233,8 +3238,9 @@
-           if (color_image == (Image *) NULL)
-             {
-               DestroyJNGInfo(color_image_info,alpha_image_info);
--              ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,
--                                   image);
-+              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                  "    could not open color_image blob");
-+              return ((Image *)NULL);
-             }
-           if (logging)
-             (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-@@ -3245,7 +3251,9 @@
-           if (status == MagickFalse)
-             {
-               DestroyJNGInfo(color_image_info,alpha_image_info);
--              ThrowReaderException(CoderError,UnableToOpenBlob,color_image);
-+              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                  "    could not open color_image blob");
-+              return ((Image *)NULL);
-             }
-
-           if (!image_info->ping && jng_color_type >= 12)
-@@ -3255,17 +3263,18 @@
-               if (alpha_image_info == (ImageInfo *) NULL)
-                 {
-                   DestroyJNGInfo(color_image_info,alpha_image_info);
--                  ThrowReaderException(ResourceLimitError,
--                                       MemoryAllocationFailed, image);
-+                  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                      "    could not allocate alpha_image_info",length);
-+                  return ((Image *)NULL);
-                 }
-               GetImageInfo(alpha_image_info);
-               alpha_image=AllocateImage(alpha_image_info);
-               if (alpha_image == (Image *) NULL)
-                 {
-                   DestroyJNGInfo(color_image_info,alpha_image_info);
--                  ThrowReaderException(ResourceLimitError,
--                                       MemoryAllocationFailed,
--                                       alpha_image);
-+                  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                      "    could not allocate alpha_image");
-+                  return ((Image *)NULL);
-                 }
-               if (logging)
-                 (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-@@ -3277,7 +3286,9 @@
-                 {
-                   DestroyJNGInfo(color_image_info,alpha_image_info);
-                   DestroyImage(alpha_image);
--                  ThrowReaderException(CoderError,UnableToOpenBlob,image);
-+                  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                      "    could not allocate alpha_image blob");
-+                  return ((Image *)NULL);
-                 }
-               if (jng_alpha_compression_method == 0)
-                 {
-@@ -3613,6 +3624,8 @@
-               alpha_image = (Image *)NULL;
-               DestroyImageInfo(alpha_image_info);
-               alpha_image_info = (ImageInfo *)NULL;
-+              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                  " Destroy the JNG image");
-               DestroyImage(jng_image);
-               jng_image = (Image *)NULL;
-             }
-@@ -5146,8 +5159,8 @@
-
-       if (image == (Image *) NULL)
-         {
--          DestroyImageList(previous);
-           CloseBlob(previous);
-+          DestroyImageList(previous);
-           MngInfoFreeStruct(mng_info,&have_mng_structure);
-           return((Image *) NULL);
-         }
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch
deleted file mode 100644
index 2cb3d46f62..0000000000
--- a/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188.
-
-diff -ur a/coders/png.c b/coders/png.c
---- a/coders/png.c	2017-07-04 17:32:08.000000000 -0400
-+++ b/coders/png.c	2017-08-19 11:16:20.933969362 -0400
-@@ -4101,11 +4101,17 @@
-                   mng_info->image=image;
-                 }
- 
--              if ((mng_info->mng_width > 65535L) || (mng_info->mng_height
--                                                     > 65535L))
--                (void) ThrowException(&image->exception,ImageError,
--                                      WidthOrHeightExceedsLimit,
--                                      image->filename);
-+              if ((mng_info->mng_width > 65535L) ||
-+                  (mng_info->mng_height > 65535L))
-+                {
-+                  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                      "  MNG width or height is too large: %lu, %lu",
-+                      mng_info->mng_width,mng_info->mng_height);
-+                  MagickFreeMemory(chunk);
-+                  ThrowReaderException(CorruptImageError,
-+                     ImproperImageHeader,image);
-+                }
-+
-               FormatString(page_geometry,"%lux%lu+0+0",mng_info->mng_width,
-                            mng_info->mng_height);
-               mng_info->frame.left=0;
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch
deleted file mode 100644
index 7036f37438..0000000000
--- a/gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd.
-
-diff -ur a/coders/wmf.c b/coders/wmf.c
---- a/coders/wmf.c	2016-09-05 15:20:23.000000000 -0400
-+++ b/coders/wmf.c	2017-08-19 10:38:08.984187264 -0400
-@@ -2719,8 +2719,8 @@
-   if(image->exception.severity != UndefinedException)
-     ThrowException2(exception,
-                    CoderWarning,
--                   ddata->image->exception.reason,
--                   ddata->image->exception.description);
-+                   image->exception.reason,
-+                   image->exception.description);
- 
-   if(logging)
-     (void) LogMagickEvent(CoderEvent,GetMagickModule(),"leave ReadWMFImage()");
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch
deleted file mode 100644
index 71af9ffe59..0000000000
--- a/gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978.
-
-diff -ur a/coders/sun.c b/coders/sun.c
---- a/coders/sun.c	2016-05-30 13:19:54.000000000 -0400
-+++ b/coders/sun.c	2017-08-18 18:00:00.191023610 -0400
-@@ -1,5 +1,5 @@
- /*
--% Copyright (C) 2003-2015 GraphicsMagick Group
-+% Copyright (C) 2003-2017 GraphicsMagick Group
- % Copyright (C) 2002 ImageMagick Studio
- % Copyright 1991-1999 E. I. du Pont de Nemours and Company
- %
-@@ -577,6 +577,7 @@
-           for (bit=7; bit >= 0; bit--)
-             {
-               index=((*p) & (0x01 << bit) ? 0x01 : 0x00);
-+              VerifyColormapIndex(image,index);
-               indexes[x+7-bit]=index;
-               q[x+7-bit]=image->colormap[index];
-             }
-@@ -587,6 +588,7 @@
-             for (bit=7; bit >= (long) (8-(image->columns % 8)); bit--)
-               {
-                 index=((*p) & (0x01 << bit) ? 0x01 : 0x00);
-+                VerifyColormapIndex(image,index);
-                 indexes[x+7-bit]=index;
-                 q[x+7-bit]=image->colormap[index];
-               }
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-13775.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-13775.patch
deleted file mode 100644
index 83478c13b3..0000000000
--- a/gnu/packages/patches/graphicsmagick-CVE-2017-13775.patch
+++ /dev/null
@@ -1,195 +0,0 @@
-http://openwall.com/lists/oss-security/2017/08/31/3
-http://hg.code.sf.net/p/graphicsmagick/code/raw-rev/b037d79b6ccd
-
-some changes were made to make the patch apply
-
-# HG changeset patch
-# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
-# Date 1503774853 18000
-# Node ID b037d79b6ccd0cfba7ba9ce09b454ed46d688036
-# Parent  198ea602ea7cc767dc3022bbcf887bcd4534158d
-JNX: Fix DOS issues
-
-diff -r 198ea602ea7c -r b037d79b6ccd coders/jnx.c
---- a/coders/jnx.c	Tue Aug 22 08:08:30 2017 -0500
-+++ b/coders/jnx.c	Sat Aug 26 14:14:13 2017 -0500
-@@ -1,5 +1,5 @@
- /*
--% Copyright (C) 2012-2015 GraphicsMagick Group
-+% Copyright (C) 2012-2017 GraphicsMagick Group
- %
- % This program is covered by multiple licenses, which are described in
- % Copyright.txt. You should have received a copy of Copyright.txt with this
-@@ -100,6 +100,7 @@
- 
-   char img_label_str[MaxTextExtent];
- 
-+
-   alloc_size = TileInfo->PicSize + 2;
- 
-   if (image->logging)
-@@ -242,6 +243,9 @@
-     total_tiles,
-     current_tile;
- 
-+  magick_off_t
-+    file_size;
-+
-   /* Open image file. */
-   assert(image_info != (const ImageInfo *) NULL);
-   assert(image_info->signature == MagickSignature);
-@@ -254,9 +258,8 @@
-   if (status == False)
-     ThrowReaderException(FileOpenError, UnableToOpenFile, image);
- 
--  memset(JNXLevelInfo, 0, sizeof(JNXLevelInfo));
--
-   /* Read JNX image header. */
-+  (void) memset(&JNXHeader, 0, sizeof(JNXHeader));
-   JNXHeader.Version = ReadBlobLSBLong(image);
-   if (JNXHeader.Version > 4)
-     ThrowReaderException(CorruptImageError, ImproperImageHeader, image);
-@@ -266,8 +269,6 @@
-   JNXHeader.MapBounds.SouthWest.lat = ReadBlobLSBLong(image);
-   JNXHeader.MapBounds.SouthWest.lon = ReadBlobLSBLong(image);
-   JNXHeader.Levels = ReadBlobLSBLong(image);
--  if (JNXHeader.Levels > 20)
--    ThrowReaderException(CorruptImageError, ImproperImageHeader, image);
-   JNXHeader.Expiration = ReadBlobLSBLong(image);
-   JNXHeader.ProductID = ReadBlobLSBLong(image);
-   JNXHeader.CRC = ReadBlobLSBLong(image);
-@@ -279,7 +280,41 @@
-   if (EOFBlob(image))
-     ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
- 
-+  file_size = GetBlobSize(image);
-+
-+  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                        "JNX Header:\n"
-+                        "    Version:    %u\n"
-+                        "    DeviceSN:   %u\n"
-+                        "    MapBounds:\n"
-+                        "      NorthEast: lat = %u, lon = %u\n"
-+                        "      SouthWest: lat = %u, lon = %u\n"
-+                        "    Levels:     %u\n"
-+                        "    Expiration: %u\n"
-+                        "    ProductID:  %u\n"
-+                        "    CRC:        %u\n"
-+                        "    SigVersion: %u\n"
-+                        "    SigOffset:  %u\n"
-+                        "    ZOrder:     %u",
-+                        JNXHeader.Version,
-+                        JNXHeader.DeviceSN,
-+                        JNXHeader.MapBounds.NorthEast.lat,
-+                        JNXHeader.MapBounds.NorthEast.lon,
-+                        JNXHeader.MapBounds.SouthWest.lat,
-+                        JNXHeader.MapBounds.SouthWest.lon,
-+                        JNXHeader.Levels,
-+                        JNXHeader.Expiration,
-+                        JNXHeader.ProductID,
-+                        JNXHeader.CRC,
-+                        JNXHeader.SigVersion,
-+                        JNXHeader.SigOffset,
-+                        JNXHeader.ZOrder);
-+
-+  if (JNXHeader.Levels > 20)
-+    ThrowReaderException(CorruptImageError, ImproperImageHeader, image);
-+
-   /* Read JNX image level info. */
-+  memset(JNXLevelInfo, 0, sizeof(JNXLevelInfo));
-   total_tiles = 0;
-   current_tile = 0;
-   for (i = 0; i < JNXHeader.Levels; i++)
-@@ -302,11 +337,23 @@
-         {
-           JNXLevelInfo[i].Copyright = NULL;
-         }
-+
-+      if (EOFBlob(image))
-+        ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
-+
-+      if (image->logging)
-+        (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                              "Level[%u] Info:"
-+                              "  TileCount: %4u"
-+                              "  TilesOffset: %6u"
-+                              "  Scale: %04u",
-+                              i,
-+                              JNXLevelInfo[i].TileCount,
-+                              JNXLevelInfo[i].TilesOffset,
-+                              JNXLevelInfo[i].Scale
-+                              );
-     }
- 
--  if (EOFBlob(image))
--    ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
--
-   /* Get the current limit */
-   SaveLimit = GetMagickResourceLimit(MapResource);
- 
-@@ -316,11 +363,32 @@
-   /* Read JNX image data. */
-   for (i = 0; i < JNXHeader.Levels; i++)
-     {
-+      /*
-+        Validate TileCount against remaining file data
-+      */
-+      const magick_off_t current_offset = TellBlob(image);
-+      const size_t pos_list_entry_size =
-+        sizeof(magick_uint32_t) + sizeof(magick_uint32_t) + sizeof(magick_uint32_t) +
-+        sizeof(magick_uint32_t) + sizeof(magick_uint16_t) + sizeof(magick_uint16_t) +
-+        sizeof(magick_uint32_t) + sizeof(magick_uint32_t);
-+      const magick_off_t remaining = file_size-current_offset;
-+      const size_t needed = MagickArraySize(pos_list_entry_size,JNXLevelInfo[i].TileCount);
-+
-+      if ((needed == 0U) || (remaining <= 0) || (remaining < (magick_off_t) needed))
-+        {
-+          (void) SetMagickResourceLimit(MapResource, SaveLimit);
-+          ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
-+        }
-+
-       PositionList = MagickAllocateArray(TJNXTileInfo *,
-                                          JNXLevelInfo[i].TileCount,
-                                          sizeof(TJNXTileInfo));
-       if (PositionList == NULL)
--        continue;
-+        {
-+          (void) SetMagickResourceLimit(MapResource, SaveLimit);
-+          ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,
-+                               image);
-+        }
- 
-       (void) SeekBlob(image, JNXLevelInfo[i].TilesOffset, SEEK_SET);
-       for (j = 0; j < JNXLevelInfo[i].TileCount; j++)
-@@ -333,12 +401,15 @@
-           PositionList[j].PicHeight = ReadBlobLSBShort(image);
-           PositionList[j].PicSize = ReadBlobLSBLong(image);
-           PositionList[j].PicOffset = ReadBlobLSBLong(image);
--        }
- 
--      if (EOFBlob(image))
--        {
--          MagickFreeMemory(PositionList);
--          ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
-+          if (EOFBlob(image) ||
-+              ((magick_off_t) PositionList[j].PicOffset +
-+               PositionList[j].PicSize > file_size))
-+            {
-+              (void) SetMagickResourceLimit(MapResource, SaveLimit);
-+              MagickFreeMemory(PositionList);
-+              ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
-+            }
-         }
- 
-       for (j = 0; j < JNXLevelInfo[i].TileCount; j++)
-@@ -351,6 +422,9 @@
-           image = ExtractTileJPG(image, image_info, PositionList+j, exception);
-           (void) SetMonitorHandler(previous_handler);
- 
-+          if (exception->severity >= ErrorException)
-+            break;
-+
-           current_tile++;
-           if (QuantumTick(current_tile,total_tiles))
-             if (!MagickMonitorFormatted(current_tile,total_tiles,exception,
-
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch
deleted file mode 100644
index e129fd58fc..0000000000
--- a/gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch
+++ /dev/null
@@ -1,179 +0,0 @@
-http://openwall.com/lists/oss-security/2017/08/31/1
-http://openwall.com/lists/oss-security/2017/08/31/2
-http://hg.code.sf.net/p/graphicsmagick/code/raw-rev/233a720bfd5e
-
-some changes were made to make the patch apply
-
-# HG changeset patch
-# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
-# Date 1503779175 18000
-# Node ID 233a720bfd5efd378f133a776507ed41230da617
-# Parent  b037d79b6ccd0cfba7ba9ce09b454ed46d688036
-XBM: Fix DOS issues.
-
-diff -r b037d79b6ccd -r 233a720bfd5e coders/xbm.c
---- a/coders/xbm.c	Sat Aug 26 14:14:13 2017 -0500
-+++ b/coders/xbm.c	Sat Aug 26 15:26:15 2017 -0500
-@@ -1,5 +1,5 @@
- /*
--% Copyright (C) 2003 -2012 GraphicsMagick Group
-+% Copyright (C) 2003-2017 GraphicsMagick Group
- % Copyright (C) 2002 ImageMagick Studio
- % Copyright 1991-1999 E. I. du Pont de Nemours and Company
- %
-@@ -121,13 +121,15 @@
- 
- static int XBMInteger(Image *image,short int *hex_digits)
- {
-+  unsigned int
-+    flag;
-+
-   int
-     c,
--    flag,
-     value;
- 
-   value=0;
--  flag=0;
-+  flag=0U;
-   for ( ; ; )
-   {
-     c=ReadBlobByte(image);
-@@ -158,18 +160,14 @@
-   Image
-     *image;
- 
--  int
--    bit;
--
--  long
--    y;
--
-   register IndexPacket
-     *indexes;
- 
--  register long
-+  register size_t
-+    bytes_per_line,
-     i,
--    x;
-+    x,
-+    y;
- 
-   register PixelPacket
-     *q;
-@@ -177,22 +175,24 @@
-   register unsigned char
-     *p;
- 
--  short int
--    hex_digits[256];
--
-   unsigned char
-     *data;
- 
-   unsigned int
-+    bit,
-+    byte,
-+    padding,
-+    version;
-+
-+  int
-+    value;
-+
-+  short int
-+    hex_digits[256];
-+
-+  MagickPassFail
-     status;
- 
--  unsigned long
--    byte,
--    bytes_per_line,
--    padding,
--    value,
--    version;
--
-   /*
-     Open image file.
-   */
-@@ -207,6 +207,8 @@
-   /*
-     Read X bitmap header.
-   */
-+  (void) memset(buffer,0,sizeof(buffer));
-+  name[0]='\0';
-   while (ReadBlobString(image,buffer) != (char *) NULL)
-     if (sscanf(buffer,"#define %s %lu",name,&image->columns) == 2)
-       if ((strlen(name) >= 6) &&
-@@ -278,6 +280,8 @@
-   /*
-     Initialize hex values.
-   */
-+  for (i = 0; i < sizeof(hex_digits)/sizeof(hex_digits[0]); i++)
-+    hex_digits[i]=(-1);
-   hex_digits['0']=0;
-   hex_digits['1']=1;
-   hex_digits['2']=2;
-@@ -311,40 +315,50 @@
-   */
-   p=data;
-   if (version == 10)
--    for (i=0; i < (long) (bytes_per_line*image->rows); (i+=2))
-+    for (i=0; i < (bytes_per_line*image->rows); (i+=2))
-     {
-       value=XBMInteger(image,hex_digits);
-+      if (value < 0)
-+        {
-+          MagickFreeMemory(data);
-+          ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
-+        }
-       *p++=(unsigned char) value;
-       if (!padding || ((i+2) % bytes_per_line))
-         *p++=(unsigned char) (value >> 8);
-     }
-   else
--    for (i=0; i < (long) (bytes_per_line*image->rows); i++)
-+    for (i=0; i < (bytes_per_line*image->rows); i++)
-     {
-       value=XBMInteger(image,hex_digits);
-+      if (value < 0)
-+        {
-+          MagickFreeMemory(data);
-+          ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
-+        }
-       *p++=(unsigned char) value;
-     }
-   /*
-     Convert X bitmap image to pixel packets.
-   */
-   p=data;
--  for (y=0; y < (long) image->rows; y++)
-+  for (y=0; y < image->rows; y++)
-   {
-     q=SetImagePixels(image,0,y,image->columns,1);
-     if (q == (PixelPacket *) NULL)
-       break;
-     indexes=AccessMutableIndexes(image);
--    bit=0;
--    byte=0;
--    for (x=0; x < (long) image->columns; x++)
-+    bit=0U;
-+    byte=0U;
-+    for (x=0; x < image->columns; x++)
-     {
--      if (bit == 0)
-+      if (bit == 0U)
-         byte=(*p++);
-       indexes[x]=byte & 0x01 ? 0x01 : 0x00;
-       bit++;
--      byte>>=1;
--      if (bit == 8)
--        bit=0;
-+      byte>>=1U;
-+      if (bit == 8U)
-+        bit=0U;
-     }
-     if (!SyncImagePixels(image))
-       break;
-
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch
deleted file mode 100644
index 46f6b032c7..0000000000
--- a/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-http://openwall.com/lists/oss-security/2017/08/28/5
-http://hg.code.sf.net/p/graphicsmagick/code/rev/3bbf7a13643d
-
-some changes were made to make the patch apply
-
-# HG changeset patch
-# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
-# Date 1503268616 18000
-# Node ID 3bbf7a13643df3be76b0e19088a6cc632eea2072
-# Parent  83a5b946180835f260bcb91e3d06327a8e2577e3
-PNM: For binary formats, verify sufficient backing file data before memory request.
-
-diff -r 83a5b9461808 -r 3bbf7a13643d coders/pnm.c
---- a/coders/pnm.c	Sun Aug 20 17:31:35 2017 -0500
-+++ b/coders/pnm.c	Sun Aug 20 17:36:56 2017 -0500
-@@ -569,7 +569,7 @@
-           (void) LogMagickEvent(CoderEvent,GetMagickModule(),"Colors: %u",
-                                 image->colors);
-         }
--      number_pixels=image->columns*image->rows;
-+      number_pixels=MagickArraySize(image->columns,image->rows);
-       if (number_pixels == 0)
-         ThrowReaderException(CorruptImageError,NegativeOrZeroImageSize,image);
-       if (image->storage_class == PseudoClass)
-@@ -858,14 +858,14 @@
-		if (1 == bits_per_sample)
-		  {
-		    /* PBM */
--		    bytes_per_row=((image->columns+7) >> 3);
-+		    bytes_per_row=((image->columns+7U) >> 3);
-		    import_options.grayscale_miniswhite=MagickTrue;
-		    quantum_type=GrayQuantum;
-		  }
-		else
-		  {
-		    /* PGM & XV_332 */
--		    bytes_per_row=((bits_per_sample+7)/8)*image->columns;
-+		    bytes_per_row=MagickArraySize(((bits_per_sample+7U)/8U),image->columns);
-		    if (XV_332_Format == format)
-		      {
-			quantum_type=IndexQuantum;
-@@ -878,7 +878,8 @@
-	      }
-	    else
-	      {
--		bytes_per_row=(((bits_per_sample+7)/8)*samples_per_pixel)*image->columns;
-+		bytes_per_row=MagickArraySize((((bits_per_sample+7)/8)*samples_per_pixel),
-+                                              image->columns);
-		if (3 == samples_per_pixel)
-		  {
-		    /* PPM */
-@@ -915,6 +916,28 @@
-		    is_monochrome=MagickFalse;
-		  }
-	      }
-+
-+            /* Validate file size before allocating memory */
-+            if (BlobIsSeekable(image))
-+              {
-+                const magick_off_t file_size = GetBlobSize(image);
-+                const magick_off_t current_offset = TellBlob(image);
-+                if ((file_size > 0) &&
-+                    (current_offset > 0) &&
-+                    (file_size > current_offset))
-+                  {
-+                    const magick_off_t remaining = file_size-current_offset;
-+                    const magick_off_t needed = (magick_off_t) image->rows *
-+                      (magick_off_t) bytes_per_row;
-+                    if ((remaining < (magick_off_t) bytes_per_row) ||
-+                        (remaining < needed))
-+                      {
-+                        ThrowException(exception,CorruptImageError,UnexpectedEndOfFile,
-+                                       image->filename);
-+                        break;
-+                      }
-+                  }
-+              }
-
-             scanline_set=AllocateThreadViewDataArray(image,exception,bytes_per_row,1);
-             if (scanline_set == (ThreadViewDataSet *) NULL)
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch
deleted file mode 100644
index 1f55d90d38..0000000000
--- a/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-http://hg.code.sf.net/p/graphicsmagick/code/raw-rev/493da54370aa
-http://openwall.com/lists/oss-security/2017/09/06/4
-
-some changes were made to make the patch apply
-
-# HG changeset patch
-# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
-# Date 1503257388 18000
-# Node ID 493da54370aa42cb430c52a69eb75db0001a5589
-# Parent  f8724674907902b7bc37c04f252fe30fbdd88e6f
-SUN: Verify that file header data length, and file length are sufficient for claimed image dimensions.
-
-diff -r f87246749079 -r 493da54370aa coders/sun.c
---- a/coders/sun.c	Sun Aug 20 12:21:03 2017 +0200
-+++ b/coders/sun.c	Sun Aug 20 14:29:48 2017 -0500
-@@ -498,6 +498,12 @@
-     if (sun_info.depth < 8)
-       image->depth=sun_info.depth;
- 
-+    if (image_info->ping)
-+      {
-+        CloseBlob(image);
-+        return(image);
-+      }
-+
-     /*
-       Compute bytes per line and bytes per image for an unencoded
-       image.
-@@ -522,15 +528,37 @@
-       if (bytes_per_image > sun_info.length)
-         ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
- 
--    if (image_info->ping)
--      {
--        CloseBlob(image);
--        return(image);
--      }
-     if (sun_info.type == RT_ENCODED)
-       sun_data_length=(size_t) sun_info.length;
-     else
-       sun_data_length=bytes_per_image;
-+
-+    /*
-+      Verify that data length claimed by header is supported by file size
-+    */
-+    if (sun_info.type == RT_ENCODED)
-+      {
-+        if (sun_data_length < bytes_per_image/255U)
-+          {
-+            ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
-+          }
-+      }
-+    if (BlobIsSeekable(image))
-+      {
-+        const magick_off_t file_size = GetBlobSize(image);
-+        const magick_off_t current_offset = TellBlob(image);
-+        if ((file_size > 0) &&
-+            (current_offset > 0) &&
-+            (file_size > current_offset))
-+        {
-+          const magick_off_t remaining = file_size-current_offset;
-+          if (remaining < (magick_off_t) sun_data_length)
-+            {
-+              ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
-+            }
-+        }
-+      }
-+
-     sun_data=MagickAllocateMemory(unsigned char *,sun_data_length);
-     if (sun_data == (unsigned char *) NULL)
-       ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,image);
-
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch
deleted file mode 100644
index 8e1166ba7a..0000000000
--- a/gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch
+++ /dev/null
@@ -1,210 +0,0 @@
-http://hg.code.sf.net/p/graphicsmagick/code/rev/358608a46f0a
-http://www.openwall.com/lists/oss-security/2017/09/22/2
-
-Some changes were made to make the patch apply.
-
-Notably, the DestroyJNG() function in the upstream diff has been replaced by
-its equivalent, a series of calls to MagickFreeMemory(), DestroyImageInfo(),
-and DestroyImage(). See
-http://hg.code.sf.net/p/graphicsmagick/code/rev/d445af60a8d5.
-
-# HG changeset patch
-# User Glenn Randers-Pehrson <glennrp+bmo@gmail.com>
-# Date 1504014487 14400
-# Node ID 358608a46f0a9c55e9bb8b37d09bf1ac9bc87f06
-# Parent  38c362f0ae5e7a914c3fe822284c6953f8e6eee2
-Fix Issue 439
-
-diff -ru a/coders/png.c b/coders/png.c
---- a/coders/png.c	1969-12-31 19:00:00.000000000 -0500
-+++ b/coders/png.c	2017-09-30 08:20:16.218944991 -0400
-@@ -1176,15 +1176,15 @@
-   /* allocate space */
-   if (length == 0)
-     {
--      (void) ThrowException2(&image->exception,CoderWarning,
--                             "invalid profile length",(char *) NULL);
-+      (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+          "invalid profile length");
-       return (MagickFail);
-     }
-   info=MagickAllocateMemory(unsigned char *,length);
-   if (info == (unsigned char *) NULL)
-     {
--      (void) ThrowException2(&image->exception,CoderWarning,
--                             "unable to copy profile",(char *) NULL);
-+      (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+          "Unable to copy profile");
-       return (MagickFail);
-     }
-   /* copy profile, skipping white space and column 1 "=" signs */
-@@ -1197,8 +1197,8 @@
-           if (*sp == '\0')
-             {
-               MagickFreeMemory(info);
--              (void) ThrowException2(&image->exception,CoderWarning,
--                                     "ran out of profile data",(char *) NULL);
-+              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                  "ran out of profile data");
-               return (MagickFail);
-             }
-           sp++;
-@@ -1234,8 +1234,9 @@
-   if(SetImageProfile(image,profile_name,info,length) == MagickFail)
-     {
-       MagickFreeMemory(info);
--      (void) ThrowException(&image->exception,ResourceLimitError,
--                            MemoryAllocationFailed,"unable to copy profile");
-+      (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+           "unable to copy profile");
-+      return MagickFail;
-     }
-   MagickFreeMemory(info);
-   return MagickTrue;
-@@ -3285,7 +3286,6 @@
-               if (status == MagickFalse)
-                 {
-                   DestroyJNGInfo(color_image_info,alpha_image_info);
--                  DestroyImage(alpha_image);
-                   (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-                       "    could not allocate alpha_image blob");
-                   return ((Image *)NULL);
-@@ -3534,7 +3534,7 @@
-       CloseBlob(color_image);
-       if (logging)
-         (void) LogMagickEvent(CoderEvent,GetMagickModule(),
--                              "    Reading jng_image from color_blob.");
-+            "    Reading jng_image from color_blob.");
-
-       FormatString(color_image_info->filename,"%.1024s",color_image->filename);
-
-@@ -3558,13 +3558,18 @@
-
-       if (logging)
-         (void) LogMagickEvent(CoderEvent,GetMagickModule(),
--                              "    Copying jng_image pixels to main image.");
-+            "    Copying jng_image pixels to main image.");
-       image->rows=jng_height;
-       image->columns=jng_width;
-       length=image->columns*sizeof(PixelPacket);
-+      if ((jng_height == 0 || jng_width == 0) && logging)
-+        (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+            "    jng_width=%lu jng_height=%lu",
-+            (unsigned long)jng_width,(unsigned long)jng_height);
-       for (y=0; y < (long) image->rows; y++)
-         {
--          s=AcquireImagePixels(jng_image,0,y,image->columns,1,&image->exception);
-+          s=AcquireImagePixels(jng_image,0,y,image->columns,1,
-+             &image->exception);
-           q=SetImagePixels(image,0,y,image->columns,1);
-           (void) memcpy(q,s,length);
-           if (!SyncImagePixels(image))
-@@ -3589,45 +3594,79 @@
-               CloseBlob(alpha_image);
-               if (logging)
-                 (void) LogMagickEvent(CoderEvent,GetMagickModule(),
--                                      "    Reading opacity from alpha_blob.");
-+                     "    Reading opacity from alpha_blob.");
-
-               FormatString(alpha_image_info->filename,"%.1024s",
-                            alpha_image->filename);
-
-               jng_image=ReadImage(alpha_image_info,exception);
-
--              for (y=0; y < (long) image->rows; y++)
-+              if (jng_image == (Image *)NULL)
-                 {
--                  s=AcquireImagePixels(jng_image,0,y,image->columns,1,
--                                       &image->exception);
--                  if (image->matte)
--                    {
--                      q=SetImagePixels(image,0,y,image->columns,1);
--                      for (x=(long) image->columns; x > 0; x--,q++,s++)
--                        q->opacity=(Quantum) MaxRGB-s->red;
--                    }
--                  else
-+                  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                       "    jng_image is NULL.");
-+                  if (color_image_info)
-+                    DestroyImageInfo(color_image_info);
-+                  if (alpha_image_info)
-+                    DestroyImageInfo(alpha_image_info);
-+                  if (color_image)
-+                    DestroyImage(color_image);
-+                  if (alpha_image)
-+                    DestroyImage(alpha_image);
-+                }
-+              else
-+                {
-+
-+                  if (logging)
-                     {
--                      q=SetImagePixels(image,0,y,image->columns,1);
--                      for (x=(long) image->columns; x > 0; x--,q++,s++)
--                        {
--                          q->opacity=(Quantum) MaxRGB-s->red;
--                          if (q->opacity != OpaqueOpacity)
--                            image->matte=MagickTrue;
--                        }
-+                      (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                          "    Read jng_image.");
-+                      (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                          "      jng_image->width=%lu, jng_image->height=%lu",
-+                          (unsigned long)jng_width,(unsigned long)jng_height);
-+                      (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                          "      image->rows=%lu, image->columns=%lu",
-+                         (unsigned long)image->rows,
-+                         (unsigned long)image->columns);
-                     }
--                  if (!SyncImagePixels(image))
--                    break;
--                }
--              (void) LiberateUniqueFileResource(alpha_image->filename);
--              DestroyImage(alpha_image);
--              alpha_image = (Image *)NULL;
--              DestroyImageInfo(alpha_image_info);
--              alpha_image_info = (ImageInfo *)NULL;
--              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
--                  " Destroy the JNG image");
--              DestroyImage(jng_image);
--              jng_image = (Image *)NULL;
-+
-+                  for (y=0; y < (long) image->rows; y++)
-+                   {
-+                     s=AcquireImagePixels(jng_image,0,y,image->columns,1,
-+                                          &image->exception);
-+                     if (image->matte)
-+                       {
-+                         q=SetImagePixels(image,0,y,image->columns,1);
-+                         for (x=(long) image->columns; x > 0; x--,q++,s++)
-+                           q->opacity=(Quantum) MaxRGB-s->red;
-+                       }
-+                     else
-+                       {
-+                         q=SetImagePixels(image,0,y,image->columns,1);
-+                         for (x=(long) image->columns; x > 0; x--,q++,s++)
-+                           {
-+                             q->opacity=(Quantum) MaxRGB-s->red;
-+                             if (q->opacity != OpaqueOpacity)
-+                               image->matte=MagickTrue;
-+                           }
-+                       }
-+                     if (!SyncImagePixels(image))
-+                       break;
-+                   }
-+                 (void) LiberateUniqueFileResource(alpha_image->filename);
-+                 if (color_image_info)
-+                   DestroyImageInfo(color_image_info);
-+                 if (alpha_image_info)
-+                   DestroyImageInfo(alpha_image_info);
-+                 if (color_image)
-+                   DestroyImage(color_image);
-+                 if (alpha_image)
-+                   DestroyImage(alpha_image);
-+                 (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-+                     " Destroy the JNG image");
-+                 DestroyImage(jng_image);
-+                 jng_image = (Image *)NULL;
-+               }
-             }
-         }
diff --git a/gnu/packages/patches/jemalloc-arm-address-bits.patch b/gnu/packages/patches/jemalloc-arm-address-bits.patch
new file mode 100644
index 0000000000..f2ef24c25a
--- /dev/null
+++ b/gnu/packages/patches/jemalloc-arm-address-bits.patch
@@ -0,0 +1,39 @@
+From 8cfc9dec37b312a2686f602bbcdd102ca07cca99 Mon Sep 17 00:00:00 2001
+From: David Goldblatt <davidgoldblatt@fb.com>
+Date: Fri, 29 Sep 2017 13:54:08 -0700
+Subject: [PATCH] ARM: Don't extend bit LG_VADDR to compute high address bits.
+
+In userspace ARM on Linux, zero-ing the high bits is the correct way to do this.
+This doesn't fix the fact that we currently set LG_VADDR to 48 on ARM, when in
+fact larger virtual address sizes are coming soon.  We'll cross that bridge when
+we come to it.
+---
+ include/jemalloc/internal/rtree.h | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/include/jemalloc/internal/rtree.h b/include/jemalloc/internal/rtree.h
+index b5d4db39..4563db23 100644
+--- a/include/jemalloc/internal/rtree.h
++++ b/include/jemalloc/internal/rtree.h
+@@ -178,9 +178,21 @@ rtree_leaf_elm_bits_read(tsdn_t *tsdn, rtree_t *rtree, rtree_leaf_elm_t *elm,
+ 
+ JEMALLOC_ALWAYS_INLINE extent_t *
+ rtree_leaf_elm_bits_extent_get(uintptr_t bits) {
++#    ifdef __aarch64__
++	/*
++	 * aarch64 doesn't sign extend the highest virtual address bit to set
++	 * the higher ones.  Instead, the high bits gets zeroed.
++	 */
++	uintptr_t high_bit_mask = ((uintptr_t)1 << LG_VADDR) - 1;
++	/* Mask off the slab bit. */
++	uintptr_t low_bit_mask = ~(uintptr_t)1;
++	uintptr_t mask = high_bit_mask & low_bit_mask;
++	return (extent_t *)(bits & mask);
++#    else
+ 	/* Restore sign-extended high bits, mask slab bit. */
+ 	return (extent_t *)((uintptr_t)((intptr_t)(bits << RTREE_NHIB) >>
+ 	    RTREE_NHIB) & ~((uintptr_t)0x1));
++#    endif
+ }
+ 
+ JEMALLOC_ALWAYS_INLINE szind_t
diff --git a/gnu/packages/patches/libvdpau-va-gl-unbundle.patch b/gnu/packages/patches/libvdpau-va-gl-unbundle.patch
new file mode 100644
index 0000000000..b15e15c2a3
--- /dev/null
+++ b/gnu/packages/patches/libvdpau-va-gl-unbundle.patch
@@ -0,0 +1,35 @@
+From 18e3ff648356cf06a39372aa4a4bbf2732d9d0f4 Mon Sep 17 00:00:00 2001
+From: Efraim Flashner <efraim@flashner.co.il>
+Date: Tue, 12 Dec 2017 21:36:44 +0200
+Subject: [PATCH] don't use bundled libvdpau headers
+
+---
+ CMakeLists.txt | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 0484179..e950707 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -9,16 +9,17 @@ find_package(PkgConfig REQUIRED)
+ find_package(X11 REQUIRED)
+ pkg_check_modules(LIBVA      libva-x11  REQUIRED)
+ pkg_check_modules(LIBGL      gl         REQUIRED)
++pkg_check_modules(LIBVDPAU   vdpau      REQUIRED)
+ 
+ set(DRIVER_NAME "vdpau_va_gl" CACHE STRING "driver name")
+ set(LIB_SUFFIX "" CACHE STRING "library path suffix (if needed)")
+ set(LIB_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/lib${LIB_SUFFIX}/vdpau" CACHE PATH "library installation path")
+ 
+ include_directories (
+-    3rdparty
+     ${X11_INCLUDE_DIRS}
+     ${LIBVA_INCLUDE_DIRS}
+     ${LIBGL_INCLUDE_DIRS}
++    ${LIBVDPAU_INCLUDE_DIRS}
+     ${GENERATED_INCLUDE_DIRS}
+     ${CMAKE_BINARY_DIR}
+ )
+-- 
+2.15.1
+
diff --git a/gnu/packages/patches/picprog-non-intel-support.patch b/gnu/packages/patches/picprog-non-intel-support.patch
new file mode 100644
index 0000000000..8908207011
--- /dev/null
+++ b/gnu/packages/patches/picprog-non-intel-support.patch
@@ -0,0 +1,74 @@
+https://sources.debian.org/data/main/p/picprog/1.9.1-3/debian/patches/20_iopl.patch
+
+Description: Avoid some functions in some architectures
+ Upstream uses iopl() function and other architecture-dependent
+ codes. This patch adds building switches to avoid them in
+ some architectures.
+Author: Koichi Akabe <vbkaisetsu@gmail.com>
+Last-Update: 2011-11-30
+
+--- picprog-1.9.1.orig/picport.cc
++++ picprog-1.9.1/picport.cc
+@@ -38,7 +38,12 @@
+ #include <ctime>
+ 
+ #include <sys/ioctl.h>
+-#include <sys/io.h>
++
++#if defined(__i386__) || defined(__x86_64__)
++  #include <sys/io.h>
++  #define HAVE_IOPL
++#endif
++
+ #include <fcntl.h>
+ #include <sys/time.h>
+ #include <unistd.h>
+@@ -160,8 +165,12 @@
+     // Not root.  Cannot use realtime scheduling.
+     use_nanosleep = 0;
+   }
++#ifdef HAVE_IOPL
+   if (iopl (3))
+     disable_interrupts = 0;
++#else
++  disable_interrupts = 0;
++#endif
+ 
+ #ifdef CPU_SETSIZE
+   // When computing the delay loops, we do not want the cpu's to change.
+@@ -403,13 +412,17 @@
+ {
+   struct timeval tv1, tv2;
+   gettimeofday (&tv1, 0);
++#if defined(__i386__) or defined(__x86_64__)
+   if (tsc_1000ns > 1 && disable_interrupts)
+     asm volatile("pushf; cli");
++#endif
+   set_clock_data (1, b); // set data, clock up
+   delay (cable_delay);
+   set_clock_data (0, b); // clock down
++#if defined(__i386__) or defined(__x86_64__)
+   if (tsc_1000ns > 1 && disable_interrupts)
+     asm volatile("popf");
++#endif
+   gettimeofday (&tv2, 0);
+ 
+   // We may have spent a long time in an interrupt or in another task
+@@ -428,13 +441,17 @@
+ {
+   struct timeval tv1, tv2;
+   gettimeofday (&tv1, 0);
++#if defined(__i386__) or defined(__x86_64__)
+   if (tsc_1000ns > 1 && disable_interrupts)
+     asm volatile("pushf; cli");
++#endif
+   set_clock_data (1, 1); // clock up
+   delay (cable_delay);
+   set_clock_data (0, 1); // set data up, clock down
++#if defined(__i386__) or defined(__x86_64__)
+   if (tsc_1000ns > 1 && disable_interrupts)
+     asm volatile("popf");
++#endif
+   gettimeofday (&tv2, 0);
+ 
+   // We may have spent a long time in an interrupt or in another task
diff --git a/gnu/packages/patches/python-scikit-learn-fix-test-non-determinism.patch b/gnu/packages/patches/python-scikit-learn-fix-test-non-determinism.patch
new file mode 100644
index 0000000000..90328cc0eb
--- /dev/null
+++ b/gnu/packages/patches/python-scikit-learn-fix-test-non-determinism.patch
@@ -0,0 +1,25 @@
+This patch stops a test sometimes failing because of non-determinism.  See
+https://github.com/scikit-learn/scikit-learn/pull/9542
+
+From ff9f6db6e8b59c2b3528c8137ed4054f57c1d7c4 Mon Sep 17 00:00:00 2001
+From: Hanmin Qin <qinhanmin2005@sina.com>
+Date: Sun, 13 Aug 2017 22:13:49 +0800
+Subject: [PATCH] add random_state
+
+---
+ sklearn/tests/test_kernel_ridge.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sklearn/tests/test_kernel_ridge.py b/sklearn/tests/test_kernel_ridge.py
+index 4750a096ac6..979875870b6 100644
+--- a/sklearn/tests/test_kernel_ridge.py
++++ b/sklearn/tests/test_kernel_ridge.py
+@@ -10,7 +10,7 @@
+ from sklearn.utils.testing import assert_array_almost_equal
+ 
+ 
+-X, y = make_regression(n_features=10)
++X, y = make_regression(n_features=10, random_state=0)
+ Xcsr = sp.csr_matrix(X)
+ Xcsc = sp.csc_matrix(X)
+ Y = np.array([y, y]).T
diff --git a/gnu/packages/patches/qemu-CVE-2017-15118.patch b/gnu/packages/patches/qemu-CVE-2017-15118.patch
deleted file mode 100644
index d427317be9..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-15118.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-Fix CVE-2017-15118:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15118
-https://bugzilla.redhat.com/show_bug.cgi?id=1516922
-
-Patch copied from upstream source repository:
-
-https://git.qemu.org/?p=qemu.git;a=commitdiff;h=51ae4f8455c9e32c54770c4ebc25bf86a8128183
-
-From 51ae4f8455c9e32c54770c4ebc25bf86a8128183 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Wed, 22 Nov 2017 15:07:22 -0600
-Subject: [PATCH] nbd/server: CVE-2017-15118 Stack smash on large export name
-
-Introduced in commit f37708f6b8 (2.10).  The NBD spec says a client
-can request export names up to 4096 bytes in length, even though
-they should not expect success on names longer than 256.  However,
-qemu hard-codes the limit of 256, and fails to filter out a client
-that probes for a longer name; the result is a stack smash that can
-potentially give an attacker arbitrary control over the qemu
-process.
-
-The smash can be easily demonstrated with this client:
-$ qemu-io f raw nbd://localhost:10809/$(printf %3000d 1 | tr ' ' a)
-
-If the qemu NBD server binary (whether the standalone qemu-nbd, or
-the builtin server of QMP nbd-server-start) was compiled with
--fstack-protector-strong, the ability to exploit the stack smash
-into arbitrary execution is a lot more difficult (but still
-theoretically possible to a determined attacker, perhaps in
-combination with other CVEs).  Still, crashing a running qemu (and
-losing the VM) is bad enough, even if the attacker did not obtain
-full execution control.
-
-CC: qemu-stable@nongnu.org
-Signed-off-by: Eric Blake <eblake@redhat.com>
----
- nbd/server.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/nbd/server.c b/nbd/server.c
-index a81801e3bc..92c0fdd03b 100644
---- a/nbd/server.c
-+++ b/nbd/server.c
-@@ -386,6 +386,10 @@ static int nbd_negotiate_handle_info(NBDClient *client, uint32_t length,
-         msg = "name length is incorrect";
-         goto invalid;
-     }
-+    if (namelen >= sizeof(name)) {
-+        msg = "name too long for qemu";
-+        goto invalid;
-+    }
-     if (nbd_read(client->ioc, name, namelen, errp) < 0) {
-         return -EIO;
-     }
--- 
-2.15.0
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-15119.patch b/gnu/packages/patches/qemu-CVE-2017-15119.patch
deleted file mode 100644
index 6265ecf8d6..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-15119.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-Fix CVE-2017-15119:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15119
-https://bugzilla.redhat.com/show_bug.cgi?id=1516925
-
-Patch copied from upstream source repository:
-
-https://git.qemu.org/?p=qemu.git;a=commitdiff;h=fdad35ef6c5839d50dfc14073364ac893afebc30
-
-From fdad35ef6c5839d50dfc14073364ac893afebc30 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Wed, 22 Nov 2017 16:25:16 -0600
-Subject: [PATCH] nbd/server: CVE-2017-15119 Reject options larger than 32M
-
-The NBD spec gives us permission to abruptly disconnect on clients
-that send outrageously large option requests, rather than having
-to spend the time reading to the end of the option.  No real
-option request requires that much data anyways; and meanwhile, we
-already have the practice of abruptly dropping the connection on
-any client that sends NBD_CMD_WRITE with a payload larger than 32M.
-
-For comparison, nbdkit drops the connection on any request with
-more than 4096 bytes; however, that limit is probably too low
-(as the NBD spec states an export name can theoretically be up
-to 4096 bytes, which means a valid NBD_OPT_INFO could be even
-longer) - even if qemu doesn't permit exports longer than 256
-bytes.
-
-It could be argued that a malicious client trying to get us to
-read nearly 4G of data on a bad request is a form of denial of
-service.  In particular, if the server requires TLS, but a client
-that does not know the TLS credentials sends any option (other
-than NBD_OPT_STARTTLS or NBD_OPT_EXPORT_NAME) with a stated
-payload of nearly 4G, then the server was keeping the connection
-alive trying to read all the payload, tying up resources that it
-would rather be spending on a client that can get past the TLS
-handshake.  Hence, this warranted a CVE.
-
-Present since at least 2.5 when handling known options, and made
-worse in 2.6 when fixing support for NBD_FLAG_C_FIXED_NEWSTYLE
-to handle unknown options.
-
-CC: qemu-stable@nongnu.org
-Signed-off-by: Eric Blake <eblake@redhat.com>
----
- nbd/server.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/nbd/server.c b/nbd/server.c
-index 7d6801b427..a81801e3bc 100644
---- a/nbd/server.c
-+++ b/nbd/server.c
-@@ -673,6 +673,12 @@ static int nbd_negotiate_options(NBDClient *client, uint16_t myflags,
-         }
-         length = be32_to_cpu(length);
- 
-+        if (length > NBD_MAX_BUFFER_SIZE) {
-+            error_setg(errp, "len (%" PRIu32" ) is larger than max len (%u)",
-+                       length, NBD_MAX_BUFFER_SIZE);
-+            return -EINVAL;
-+        }
-+
-         trace_nbd_negotiate_options_check_option(option,
-                                                  nbd_opt_lookup(option));
-         if (client->tlscreds &&
--- 
-2.15.0
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-15268.patch b/gnu/packages/patches/qemu-CVE-2017-15268.patch
deleted file mode 100644
index 8238c3059f..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-15268.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-Fix CVE-2017-15268:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15268
-
-Patch copied from upstream source repository:
-
-https://git.qemu.org/?p=qemu.git;a=commitdiff;h=a7b20a8efa28e5f22c26c06cd06c2f12bc863493
-
-From a7b20a8efa28e5f22c26c06cd06c2f12bc863493 Mon Sep 17 00:00:00 2001
-From: "Daniel P. Berrange" <berrange@redhat.com>
-Date: Mon, 9 Oct 2017 14:43:42 +0100
-Subject: [PATCH] io: monitor encoutput buffer size from websocket GSource
-
-The websocket GSource is monitoring the size of the rawoutput
-buffer to determine if the channel can accepts more writes.
-The rawoutput buffer, however, is merely a temporary staging
-buffer before data is copied into the encoutput buffer. Thus
-its size will always be zero when the GSource runs.
-
-This flaw causes the encoutput buffer to grow without bound
-if the other end of the underlying data channel doesn't
-read data being sent. This can be seen with VNC if a client
-is on a slow WAN link and the guest OS is sending many screen
-updates. A malicious VNC client can act like it is on a slow
-link by playing a video in the guest and then reading data
-very slowly, causing QEMU host memory to expand arbitrarily.
-
-This issue is assigned CVE-2017-15268, publically reported in
-
-  https://bugs.launchpad.net/qemu/+bug/1718964
-
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
----
- io/channel-websock.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/io/channel-websock.c b/io/channel-websock.c
-index d1d471f86e..04bcc059cd 100644
---- a/io/channel-websock.c
-+++ b/io/channel-websock.c
-@@ -28,7 +28,7 @@
- #include <time.h>
- 
- 
--/* Max amount to allow in rawinput/rawoutput buffers */
-+/* Max amount to allow in rawinput/encoutput buffers */
- #define QIO_CHANNEL_WEBSOCK_MAX_BUFFER 8192
- 
- #define QIO_CHANNEL_WEBSOCK_CLIENT_KEY_LEN 24
-@@ -1208,7 +1208,7 @@ qio_channel_websock_source_check(GSource *source)
-     if (wsource->wioc->rawinput.offset || wsource->wioc->io_eof) {
-         cond |= G_IO_IN;
-     }
--    if (wsource->wioc->rawoutput.offset < QIO_CHANNEL_WEBSOCK_MAX_BUFFER) {
-+    if (wsource->wioc->encoutput.offset < QIO_CHANNEL_WEBSOCK_MAX_BUFFER) {
-         cond |= G_IO_OUT;
-     }
- 
--- 
-2.15.0
-
diff --git a/gnu/packages/patches/rsync-CVE-2017-16548.patch b/gnu/packages/patches/rsync-CVE-2017-16548.patch
new file mode 100644
index 0000000000..52a75ea241
--- /dev/null
+++ b/gnu/packages/patches/rsync-CVE-2017-16548.patch
@@ -0,0 +1,31 @@
+https://bugzilla.samba.org/show_bug.cgi?id=13112
+https://git.samba.org/rsync.git/?p=rsync.git;a=patch;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1
+
+From 47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1 Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayned@samba.org>
+Date: Sun, 5 Nov 2017 11:33:15 -0800
+Subject: [PATCH] Enforce trailing \0 when receiving xattr name values. Fixes
+ bug 13112.
+
+---
+ xattrs.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/xattrs.c b/xattrs.c
+index 68305d7..4867e6f 100644
+--- a/xattrs.c
++++ b/xattrs.c
+@@ -824,6 +824,10 @@ void receive_xattr(int f, struct file_struct *file)
+ 			out_of_memory("receive_xattr");
+ 		name = ptr + dget_len + extra_len;
+ 		read_buf(f, name, name_len);
++		if (name_len < 1 || name[name_len-1] != '\0') {
++			rprintf(FERROR, "Invalid xattr name received (missing trailing \\0).\n");
++			exit_cleanup(RERR_FILEIO);
++		}
+ 		if (dget_len == datum_len)
+ 			read_buf(f, ptr, dget_len);
+ 		else {
+-- 
+1.9.1
+
diff --git a/gnu/packages/patches/rsync-CVE-2017-17433-fix-tests.patch b/gnu/packages/patches/rsync-CVE-2017-17433-fix-tests.patch
new file mode 100644
index 0000000000..74bac0fc33
--- /dev/null
+++ b/gnu/packages/patches/rsync-CVE-2017-17433-fix-tests.patch
@@ -0,0 +1,42 @@
+https://git.samba.org/?p=rsync.git;a=patch;h=f5e8a17e093065fb20fea00a29540fe2c7896441
+minor edits were made to get the patch to apply
+
+From f5e8a17e093065fb20fea00a29540fe2c7896441 Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayned@samba.org>
+Date: Sun, 3 Dec 2017 15:49:56 -0800
+Subject: [PATCH] Fix issue with earlier path-check (fixes "make check") and
+ make a BOOL more explicit.
+
+---
+ checksum.c |  2 +-
+ receiver.c | 10 +++++-----
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/receiver.c b/receiver.c
+index 9c46242..75cb00d 100644
+--- a/receiver.c
++++ b/receiver.c
+@@ -574,15 +574,15 @@ int recv_files(int f_in, int f_out, char *local_name)
+ 			file = dir_flist->files[cur_flist->parent_ndx];
+ 		fname = local_name ? local_name : f_name(file, fbuf);
+ 
+-		if (daemon_filter_list.head
+-		    && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
++		if (DEBUG_GTE(RECV, 1))
++			rprintf(FINFO, "recv_files(%s)\n", fname);
++
++		if (daemon_filter_list.head && (*fname != '.' || fname[1] != '\0')
++		 && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
+ 			rprintf(FERROR, "attempt to hack rsync failed.\n");
+ 			exit_cleanup(RERR_PROTOCOL);
+ 		}
+ 
+-		if (DEBUG_GTE(RECV, 1))
+-			rprintf(FINFO, "recv_files(%s)\n", fname);
+-
+ #ifdef SUPPORT_XATTRS
+ 		if (preserve_xattrs && iflags & ITEM_REPORT_XATTR && do_xfers
+ 		 && !(want_xattr_optim && BITS_SET(iflags, ITEM_XNAME_FOLLOWS|ITEM_LOCAL_CHANGE)))
+-- 
+1.9.1
+
diff --git a/gnu/packages/patches/rsync-CVE-2017-17433.patch b/gnu/packages/patches/rsync-CVE-2017-17433.patch
new file mode 100644
index 0000000000..84e4067509
--- /dev/null
+++ b/gnu/packages/patches/rsync-CVE-2017-17433.patch
@@ -0,0 +1,45 @@
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17433
+https://git.samba.org/?p=rsync.git;a=patch;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51
+
+From 3e06d40029cfdce9d0f73d87cfd4edaf54be9c51 Mon Sep 17 00:00:00 2001
+From: Jeriko One <jeriko.one@gmx.us>
+Date: Thu, 2 Nov 2017 23:44:19 -0700
+Subject: [PATCH] Check fname in recv_files sooner.
+
+---
+ receiver.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/receiver.c b/receiver.c
+index baae3a9..9fdafa1 100644
+--- a/receiver.c
++++ b/receiver.c
+@@ -574,6 +574,12 @@ int recv_files(int f_in, int f_out, char *local_name)
+ 			file = dir_flist->files[cur_flist->parent_ndx];
+ 		fname = local_name ? local_name : f_name(file, fbuf);
+ 
++		if (daemon_filter_list.head
++		    && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
++			rprintf(FERROR, "attempt to hack rsync failed.\n");
++			exit_cleanup(RERR_PROTOCOL);
++		}
++
+ 		if (DEBUG_GTE(RECV, 1))
+ 			rprintf(FINFO, "recv_files(%s)\n", fname);
+ 
+@@ -645,12 +651,6 @@ int recv_files(int f_in, int f_out, char *local_name)
+ 
+ 		cleanup_got_literal = 0;
+ 
+-		if (daemon_filter_list.head
+-		    && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
+-			rprintf(FERROR, "attempt to hack rsync failed.\n");
+-			exit_cleanup(RERR_PROTOCOL);
+-		}
+-
+ 		if (read_batch) {
+ 			int wanted = redoing
+ 				   ? we_want_redo(ndx)
+-- 
+1.9.1
+
diff --git a/gnu/packages/patches/rsync-CVE-2017-17434-pt1.patch b/gnu/packages/patches/rsync-CVE-2017-17434-pt1.patch
new file mode 100644
index 0000000000..0d9298743d
--- /dev/null
+++ b/gnu/packages/patches/rsync-CVE-2017-17434-pt1.patch
@@ -0,0 +1,28 @@
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17434
+https://git.samba.org/?p=rsync.git;a=patch;h=5509597decdbd7b91994210f700329d8a35e70a1
+
+From 5509597decdbd7b91994210f700329d8a35e70a1 Mon Sep 17 00:00:00 2001
+From: Jeriko One <jeriko.one@gmx.us>
+Date: Thu, 16 Nov 2017 17:26:03 -0800
+Subject: [PATCH] Check daemon filter against fnamecmp in recv_files().
+
+---
+ receiver.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/receiver.c b/receiver.c
+index 9fdafa1..9c46242 100644
+--- a/receiver.c
++++ b/receiver.c
+@@ -722,7 +722,7 @@ int recv_files(int f_in, int f_out, char *local_name)
+ 				break;
+ 			}
+ 			if (!fnamecmp || (daemon_filter_list.head
+-			  && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0)) {
++			  && check_filter(&daemon_filter_list, FLOG, fnamecmp, 0) < 0)) {
+ 				fnamecmp = fname;
+ 				fnamecmp_type = FNAMECMP_FNAME;
+ 			}
+-- 
+1.9.1
+
diff --git a/gnu/packages/patches/rsync-CVE-2017-17434-pt2.patch b/gnu/packages/patches/rsync-CVE-2017-17434-pt2.patch
new file mode 100644
index 0000000000..fad19d01fb
--- /dev/null
+++ b/gnu/packages/patches/rsync-CVE-2017-17434-pt2.patch
@@ -0,0 +1,39 @@
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17434
+https://git.samba.org/?p=rsync.git;a=patch;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9
+
+From 70aeb5fddd1b2f8e143276f8d5a085db16c593b9 Mon Sep 17 00:00:00 2001
+From: Jeriko One <jeriko.one@gmx.us>
+Date: Thu, 16 Nov 2017 17:05:42 -0800
+Subject: [PATCH] Sanitize xname in read_ndx_and_attrs.
+
+---
+ rsync.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/rsync.c b/rsync.c
+index b82e598..a0945ba 100644
+--- a/rsync.c
++++ b/rsync.c
+@@ -49,6 +49,7 @@ extern int flist_eof;
+ extern int file_old_total;
+ extern int keep_dirlinks;
+ extern int make_backups;
++extern int sanitize_paths;
+ extern struct file_list *cur_flist, *first_flist, *dir_flist;
+ extern struct chmod_mode_struct *daemon_chmod_modes;
+ #ifdef ICONV_OPTION
+@@ -396,6 +397,11 @@ int read_ndx_and_attrs(int f_in, int f_out, int *iflag_ptr, uchar *type_ptr,
+ 	if (iflags & ITEM_XNAME_FOLLOWS) {
+ 		if ((len = read_vstring(f_in, buf, MAXPATHLEN)) < 0)
+ 			exit_cleanup(RERR_PROTOCOL);
++
++		if (sanitize_paths) {
++			sanitize_path(buf, buf, "", 0, SP_DEFAULT);
++			len = strlen(buf);
++		}
+ 	} else {
+ 		*buf = '\0';
+ 		len = -1;
+-- 
+1.9.1
+
diff --git a/gnu/packages/patches/t1lib-CVE-2011-1552+CVE-2011-1553+CVE-2011-1554.patch b/gnu/packages/patches/t1lib-CVE-2011-1552+.patch
index aaa31f7b93..aaa31f7b93 100644
--- a/gnu/packages/patches/t1lib-CVE-2011-1552+CVE-2011-1553+CVE-2011-1554.patch
+++ b/gnu/packages/patches/t1lib-CVE-2011-1552+.patch
diff --git a/gnu/packages/perl-check.scm b/gnu/packages/perl-check.scm
index 4ed633efef..b1d1f08150 100644
--- a/gnu/packages/perl-check.scm
+++ b/gnu/packages/perl-check.scm
@@ -10,6 +10,7 @@
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
 ;;; Copyright © 2017 Petter <petter@mykolab.ch>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -637,7 +638,7 @@ the behavior, just the input and the output.")
 (define-public perl-test-mocktime
   (package
     (name "perl-test-mocktime")
-    (version "0.13")
+    (version "0.15")
     (source
      (origin
        (method url-fetch)
@@ -645,7 +646,9 @@ the behavior, just the input and the output.")
                            "Test-MockTime-" version ".tar.gz"))
        (sha256
         (base32
-         "0yrqmjg33akannwz2f99rfm7dvvxpzsdj23lsvlvfi4qslrlqfvw"))))
+         "0j6cxmkj52i5xkwg8dg6klm0dh386fzc5v80n5nbdalpvq0h48c8"))))
+    (propagated-inputs
+     `(("perl-time-piece" ,perl-time-piece)))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/Test-MockTime/")
     (synopsis "Replaces actual time with simulated time")
@@ -659,7 +662,7 @@ to gmtime,time or localtime.")
 (define-public perl-test-most
   (package
     (name "perl-test-most")
-    (version "0.34")
+    (version "0.35")
     (source
      (origin
        (method url-fetch)
@@ -667,7 +670,7 @@ to gmtime,time or localtime.")
                            "Test-Most-" version ".tar.gz"))
        (sha256
         (base32
-         "0i72aih3pakm8gh73wx1n4dwq8lbx6dvxhla46gsapszws6hr0n2"))))
+         "0zv5dyzq55r28plffibcr7wd00abap0h2zh4s4p8snaiszsad5wq"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-test-differences" ,perl-test-differences)
@@ -809,15 +812,15 @@ as flexible as possible to the tester.")
 (define-public perl-test-pod
   (package
     (name "perl-test-pod")
-    (version "1.48")
+    (version "1.51")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/D/DW/DWHEELER/"
+       (uri (string-append "mirror://cpan/authors/id/E/ET/ETHER/"
                            "Test-Pod-" version ".tar.gz"))
        (sha256
         (base32
-         "1hmwwhabyng4jrnll926b4ab73r40w3pfchlrvs0yx6kh6kwwy14"))))
+         "1yvy5mc4j3s2h4aizryvark2nm58g2c6zhw9mlx9wmsavz7d78f1"))))
     (build-system perl-build-system)
     (native-inputs `(("perl-module-build" ,perl-module-build)))
     (home-page "http://search.cpan.org/dist/Test-Pod/")
@@ -850,7 +853,7 @@ checks for pod coverage of all appropriate files.")
 (define-public perl-test-requires
   (package
     (name "perl-test-requires")
-    (version "0.08")
+    (version "0.10")
     (source
      (origin
        (method url-fetch)
@@ -858,7 +861,7 @@ checks for pod coverage of all appropriate files.")
                            "Test-Requires-" version ".tar.gz"))
        (sha256
         (base32
-         "08c29m0dn34384mmmpqqlbb899zpbkkc01c2lsp31mch1frv9cg7"))))
+         "1d9f481lj12cw1ciil46xq9nq16p6a90nm7yrsalpf8asn8s6s17"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/Test-Requires/")
     (synopsis "Checks to see if the module can be loaded")
@@ -913,14 +916,14 @@ makes fork(2) safe to use in test cases.")
 (define-public perl-test-simple
   (package
     (name "perl-test-simple")
-    (version "1.302078")
+    (version "1.302120")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/E/EX/EXODIST/"
                                   "Test-Simple-" version ".tar.gz"))
               (sha256
                (base32
-                "05acl24kmz3dgr2nayy162yaf0kz92h1j5vkiavyv6mdh2lz6ixb"))))
+                "0v1l0hfza9zlw3qj5l2mrzljy1sk02h3yqcb4kixdb2d5l4n08y8"))))
     (build-system perl-build-system)
     (synopsis "Basic utilities for writing tests")
     (description
@@ -979,7 +982,7 @@ a minimum of effort.")
 (define-public perl-test-trap
   (package
     (name "perl-test-trap")
-    (version "0.3.2")
+    (version "0.3.3")
     (source
      (origin
        (method url-fetch)
@@ -987,7 +990,7 @@ a minimum of effort.")
                            "Test-Trap-v" version ".tar.gz"))
        (sha256
         (base32
-         "0jq54pkm4s61gk8gzxglix1ff9s0m9vi6bpfv7f63lb9qq4r76rr"))))
+         "1676gqjyk0zig3yyqv053y5j1pajp2af08ffmgx94n414whbhm5c"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-module-build" ,perl-module-build)
@@ -1119,7 +1122,7 @@ generation of tests in nested combinations of contexts.")
 (define-public perl-test-yaml
   (package
     (name "perl-test-yaml")
-    (version "1.05")
+    (version "1.06")
     (source
      (origin
        (method url-fetch)
@@ -1127,7 +1130,7 @@ generation of tests in nested combinations of contexts.")
                            "Test-YAML-" version ".tar.gz"))
        (sha256
         (base32
-         "079nayc0fp2fwjv8s2yr069bdffln699j6z3lqr5dpx1v2qg82ck"))))
+         "0hxrfs7p9hqkhvv5nhk2hd3kh32smwng4nz47b8xf4iw2q1n2dr7"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-test-base" ,perl-test-base)))
@@ -1140,7 +1143,7 @@ support.")
 (define-public perl-test-trailingspace
  (package
   (name "perl-test-trailingspace")
-  (version "0.0300")
+  (version "0.0301")
   (source
     (origin
       (method url-fetch)
@@ -1150,7 +1153,7 @@ support.")
              ".tar.gz"))
       (sha256
         (base32
-          "01slmrcjfq38mpdg3hlb7lnnbgsqbn26958y3hzx0zwrif40pigr"))))
+          "0w2rvsksv7cmf80v632xm2rwxrv933kzz97839yhwynvg9s7b252"))))
   (build-system perl-build-system)
   (native-inputs
     `(("perl-module-build" ,perl-module-build)
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index 14dab3a65c..5fe393e17d 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -7890,6 +7890,28 @@ six-element array, and return the corresponding time(2) value in seconds since
 the system epoch.")
     (license (package-license perl))))
 
+(define-public perl-time-piece
+  (package
+    (name "perl-time-piece")
+    (version "1.3203")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/E/ES/ESAYM/Time-Piece-"
+             version ".tar.gz"))
+       (sha256
+        (base32 "0hbg99v8xqy3nx6nrjpwh1w6xwqpfflz0djkbdd72kvf8zvglwb9"))))
+    (build-system perl-build-system)
+    (home-page "http://search.cpan.org/dist/Time-Piece/")
+    (synopsis "Object-Oriented time objects")
+    (description
+     "This module replaces the standard @code{localtime} and @code{gmtime}
+functions with implementations that return objects.  It does so in a
+backwards-compatible manner, so that using these functions as documented will
+still work as expected.")
+    (license perl-license)))
+
 (define-public perl-timedate
   (package
     (name "perl-timedate")
diff --git a/gnu/packages/photo.scm b/gnu/packages/photo.scm
index 666058c9dc..34a2180500 100644
--- a/gnu/packages/photo.scm
+++ b/gnu/packages/photo.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015, 2017 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
@@ -59,7 +59,7 @@
   #:use-module (gnu packages xfig)
   #:use-module (gnu packages xorg)
   #:use-module (gnu packages xml)
-  #:use-module (srfi srfi-1)
+  #:use-module ((srfi srfi-1) #:hide (zip))
   #:use-module (srfi srfi-26))
 
 (define-public libraw
@@ -337,7 +337,7 @@ photographic equipment.")
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f ; There are no tests.
-       #:configure-flags '("-DCMAKE_INSTALL_LIBDIR=lib")
+       #:configure-flags '("-DCMAKE_INSTALL_LIBDIR=lib" "-DBINARY_PACKAGE_BUILD=On")
        #:make-flags
        (list
         (string-append "CPATH=" (assoc-ref %build-inputs "ilmbase")
diff --git a/gnu/packages/popt.scm b/gnu/packages/popt.scm
index 9c125dcc4f..fbee08bd0b 100644
--- a/gnu/packages/popt.scm
+++ b/gnu/packages/popt.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -95,14 +96,14 @@ similar to getopt(3), it contains a number of enhancements, including:
 (define-public gflags
   (package
     (name "gflags")
-    (version "2.2.0")
+    (version "2.2.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/gflags/gflags"
                                   "/archive/v" version ".tar.gz"))
               (sha256
                (base32
-                "120z4w40zr4s8wvfyw1bdmqvincwrwjnimzlwhs1ficaa333cv26"))
+                "03lxc2ah8i392kh1naq99iip34k4fpv22kwflyx3byd2ssycs9xf"))
               (file-name (string-append name "-" version ".tar.gz"))))
     (build-system cmake-build-system)
     (arguments
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 4219e5c082..37aa43e2c4 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -1134,10 +1134,24 @@ Python 3.3+.")
     (synopsis "Python extension wrapping the ICU C++ API")
     (description
      "PyICU is a python extension wrapping the ICU C++ API.")
+    (properties `((python2-variant . ,(delay python2-pyicu))))
     (license license:x11)))
 
 (define-public python2-pyicu
-  (package-with-python2 python-pyicu))
+  (let ((base (package-with-python2
+                (strip-python2-variant python-pyicu))))
+    (package
+      (inherit base)
+      (arguments
+       `(,@(package-arguments base)
+         #:phases
+         (modify-phases %standard-phases
+           (add-before 'check 'delete-failing-test
+             (λ _
+               ;; XXX: This fails due to Unicode issues unique to Python 2,
+               ;; it seems: <https://github.com/ovalhub/pyicu/issues/61>.
+               (delete-file "test/test_Script.py")
+               #t))))))))
 
 (define-public python2-dogtail
   ;; Python 2 only, as it leads to "TabError: inconsistent use of tabs and
@@ -9954,7 +9968,7 @@ Features:
 (define-public python-dulwich
   (package
     (name "python-dulwich")
-    (version "0.16.3")
+    (version "0.18.6")
     (source
       (origin
         (method url-fetch)
@@ -9962,7 +9976,8 @@ Features:
                             "dulwich-" version ".tar.gz")
                    (pypi-uri "dulwich" version)))
         (sha256
-          (base32 "0fl47vzfgc3w3rmhn8naii905cjqcp0vc68iyvymxp7567hh6als"))))
+          (base32
+           "1aa1xfrxkc3j9s4xi0llhf5gndyi9ryprcxsqfa5fcb8ph34981q"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -11594,6 +11609,22 @@ related APIs.  The binding is created using the standard @code{ctypes}
 library.")
    (license license:bsd-3)))
 
+(define-public python2-pyopengl-accelerate
+  (package
+    (inherit python2-pyopengl)
+    (name "python2-pyopengl-accelerate")
+    (version "3.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "PyOpenGL-accelerate" version))
+       (sha256
+        (base32
+         "0464c1ifzk0k92lyndikmvzjgnx1y25r7bkkc8pnxm4kp1q4czwj"))))
+    (synopsis "Acceleration code for PyOpenGL")
+    (description
+     "This is the Cython-coded accelerator module for PyOpenGL.")))
+
 (define-public python-rencode
   (package
    (name "python-rencode")
diff --git a/gnu/packages/rsync.scm b/gnu/packages/rsync.scm
index dba4e89a05..d7fc188af2 100644
--- a/gnu/packages/rsync.scm
+++ b/gnu/packages/rsync.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -38,7 +39,15 @@
                                 version ".tar.gz"))
             (sha256
              (base32
-              "1hm1q04hz15509f0p9bflw4d6jzfvpm1d36dxjwihk1wzakn5ypc"))))
+              "1hm1q04hz15509f0p9bflw4d6jzfvpm1d36dxjwihk1wzakn5ypc"))
+            (patches (search-patches "rsync-CVE-2017-16548.patch"
+                                     "rsync-CVE-2017-17433.patch"
+                                     "rsync-CVE-2017-17433-fix-tests.patch"
+                                     "rsync-CVE-2017-17434-pt1.patch"
+                                     "rsync-CVE-2017-17434-pt2.patch"
+                                     ))
+            ))
+   (properties `((lint-hidden-cve . ("CVE-2017-15994")))) ; introduced after 3.1.2
    (build-system gnu-build-system)
    (inputs `(("perl" ,perl)
              ("acl" ,acl)))
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 5a7548df68..776f84e07a 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -50,6 +50,7 @@
 (define-public ruby
   (package
     (name "ruby")
+    (replacement ruby-2.4.3)
     (version "2.4.2")
     (source
      (origin
@@ -103,10 +104,30 @@ a focus on simplicity and productivity.")
     (home-page "https://ruby-lang.org")
     (license license:ruby)))
 
+(define-public ruby-2.4.3
+  (package
+    (inherit ruby)
+    (name "ruby")
+    (version "2.4.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://cache.ruby-lang.org/pub/ruby/"
+                           (version-major+minor version)
+                           "/ruby-" version ".tar.xz"))
+       (sha256
+        (base32
+         "0l9bv67dgsphk42lmiskhrnh47hbyj6rfg2rcjx22xivpx07srr3"))
+       (modules '((guix build utils)))
+       (snippet `(begin
+                   ;; Remove bundled libffi
+                   (delete-file-recursively "ext/fiddle/libffi-3.2.1")
+                   #t))))))
+
 (define-public ruby-2.3
   (package
     (inherit ruby)
-    (version "2.3.5")
+    (version "2.3.6")
     (source
      (origin
        (method url-fetch)
@@ -115,7 +136,7 @@ a focus on simplicity and productivity.")
                            "/ruby-" version ".tar.xz"))
        (sha256
         (base32
-         "1npzcnq5kh0f9y88w5gj4v6ln8csr91361k3r43dmhlhn6mpsfkx"))
+         "0mlz0mk7yyxia37k8fdv8m8a72h61nfbns28430h796l4an6kng0"))
        (modules '((guix build utils)))
        (snippet `(begin
                    ;; Remove bundled libffi
@@ -124,7 +145,7 @@ a focus on simplicity and productivity.")
 
 (define-public ruby-2.2
   (package (inherit ruby)
-    (version "2.2.8")
+    (version "2.2.9")
     (source
      (origin
        (method url-fetch)
@@ -133,7 +154,7 @@ a focus on simplicity and productivity.")
                            "/ruby-" version ".tar.xz"))
        (sha256
         (base32
-         "1c31slidv2bdnnir3qfmdjs193b5s2ycb9pnf1lc55kk0cazrsip"))))))
+         "0p18xykx8dm5mmlx5n5243z67lj4vbvwr70bnc5x12am22ql8fri"))))))
 
 (define-public ruby-2.1
   (package (inherit ruby)
diff --git a/gnu/packages/rust.scm b/gnu/packages/rust.scm
index 583ea37c86..b4d98ee342 100644
--- a/gnu/packages/rust.scm
+++ b/gnu/packages/rust.scm
@@ -3,6 +3,8 @@
 ;;; Copyright © 2016 Eric Le Bihan <eric.le.bihan.dev@free.fr>
 ;;; Copyright © 2016 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2017 Ben Woodcroft <donttrustben@gmail.com>
+;;; Copyright © 2017 Nikolai Merinov <nikolai.merinov@member.fsf.org>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -29,6 +31,7 @@
   #:use-module (gnu packages elf)
   #:use-module (gnu packages flex)
   #:use-module (gnu packages gcc)
+  #:use-module (gnu packages gdb)
   #:use-module (gnu packages jemalloc)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages llvm)
@@ -37,17 +40,19 @@
   #:use-module (gnu packages ssh)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages version-control)
+  #:use-module (gnu packages)
   #:use-module (guix build-system cargo)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system trivial)
   #:use-module (guix download)
+  #:use-module (guix base16)      ;for generated "cargo" native-inputs
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (ice-9 match)
   #:use-module (srfi srfi-26))
 
 ;; Should be one less than the current released version.
-(define %rust-bootstrap-binaries-version "1.15.0")
+(define %rust-bootstrap-binaries-version "1.21.0")
 
 (define %rust-bootstrap-binaries
   (origin
@@ -55,10 +60,25 @@
     (uri (string-append
           "https://static.rust-lang.org/dist/"
           "rust-" %rust-bootstrap-binaries-version
-          "-i686-unknown-linux-gnu.tar.gz"))
+          "-" %host-type ".tar.gz"))
     (sha256
      (base32
-      "0wmkfx8pxmkkw021mrq9s3xhra8f0daqdl6j56pxyn4w39i0rzrw"))))
+      (match %host-type
+        ("i686-unknown-linux-gnu"
+         "1vnvqwz30hvyjcfr1f602lg43v2vlqjr3yhb5vr8xnrcc07yvjmp")
+        ("x86_64-unknown-linux-gnu"
+         "1s0866qcy0645bqhsbs3pvk2hi52ps8jzs7x096w0as033h707ml")
+        ("armv7-unknown-linux-gnueabihf"
+         "1ml8fjq2b6j2vn1j314w93pf4wjl97n1mbz609h3i7md0zqscvs1")
+        ("aarch64-unknown-linux-gnu"
+         "1hv4m2m7xjcph39r6baryfg23hjcr4sbsrfnd1lh0wn67k2fc7j9")
+        ("mips64el-unknown-linux-gnuabi64"
+         "0p7fzkfcqg5yvj86v434z351dp7s7pgns8nzxj0fz3hmbfbvlvn9")
+        (_ "")))))) ; Catch-all for other systems.
+
+(define %cargo-reference-project-file "/dev/null")
+(define %cargo-reference-hash
+  "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855")
 
 (define (increment-rust-version rust-version major patch)
   (match (string-split rust-version #\.)
@@ -92,7 +112,6 @@
     (arguments
      `(#:tests? #f
        #:strip-binaries? #f
-       #:system "i686-linux"
        #:phases
        (modify-phases %standard-phases
          (delete 'configure)
@@ -103,8 +122,7 @@
                     (gcc:lib (assoc-ref inputs "gcc:lib"))
                     (libc (assoc-ref inputs "libc"))
                     (zlib (assoc-ref inputs "zlib"))
-                    (ld-so (string-append libc
-                                          ,(glibc-dynamic-linker "i686-linux")))
+                    (ld-so (string-append libc ,(glibc-dynamic-linker)))
                     (rpath (string-append out "/lib:" zlib "/lib:"
                                           libc "/lib:" gcc:lib "/lib"))
                     (rustc (string-append out "/bin/rustc"))
@@ -112,14 +130,13 @@
                (system* "bash" "install.sh"
                         (string-append "--prefix=" out)
                         (string-append "--components=rustc,"
-                                       "rust-std-i686-unknown-linux-gnu"))
+                                       "rust-std-" %host-type))
                (for-each (lambda (file)
                            (system* "patchelf" "--set-rpath" rpath file))
                          (cons* rustc rustdoc (find-files out "\\.so$")))
                (for-each (lambda (file)
                            (system* "patchelf" "--set-interpreter" ld-so file))
                          (list rustc rustdoc))))))))
-    (supported-systems '("i686-linux" "x86_64-linux"))
     (home-page "https://www.rust-lang.org")
     (synopsis "Prebuilt rust compiler")
     (description "This package provides a pre-built @command{rustc} compiler,
@@ -129,7 +146,7 @@ which can in turn be used to build the final Rust compiler.")
 (define cargo-bootstrap
   (package
     (name "cargo-bootstrap")
-    (version (cargo-version %rust-bootstrap-binaries-version))
+    (version (cargo-version %rust-bootstrap-binaries-version 1))
     (source %rust-bootstrap-binaries)
     (build-system gnu-build-system)
     (native-inputs
@@ -139,7 +156,6 @@ which can in turn be used to build the final Rust compiler.")
     (arguments
      `(#:tests? #f
        #:strip-binaries? #f
-       #:system "i686-linux"
        #:phases
        (modify-phases %standard-phases
          (delete 'configure)
@@ -149,8 +165,7 @@ which can in turn be used to build the final Rust compiler.")
              (let* ((out (assoc-ref outputs "out"))
                     (gcc:lib (assoc-ref inputs "gcc:lib"))
                     (libc (assoc-ref inputs "libc"))
-                    (ld-so (string-append libc
-                                          ,(glibc-dynamic-linker "i686-linux")))
+                    (ld-so (string-append libc ,(glibc-dynamic-linker)))
                     (rpath (string-append out "/lib:" libc "/lib:"
                                           gcc:lib "/lib"))
                     (cargo (string-append out "/bin/cargo")))
@@ -161,7 +176,6 @@ which can in turn be used to build the final Rust compiler.")
                         "--set-interpreter" ld-so
                         "--set-rpath" rpath
                         cargo)))))))
-    (supported-systems '("i686-linux" "x86_64-linux"))
     (home-page "https://www.rust-lang.org")
     (synopsis "Prebuilt cargo package manager")
     (description "This package provides a pre-built @command{cargo} package
@@ -196,11 +210,11 @@ manager, which is required to build itself.")
     (description "Meta package for a rust environment. Provides pre-compiled
 rustc-bootstrap and cargo-bootstrap packages.")
     (license license:asl2.0)))
-
+
 (define-public rustc
   (package
     (name "rustc")
-    (version (rustc-version %rust-bootstrap-binaries-version))
+    (version (rustc-version %rust-bootstrap-binaries-version 1))
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -208,99 +222,139 @@ rustc-bootstrap and cargo-bootstrap packages.")
                     "rustc-" version "-src.tar.gz"))
               (sha256
                (base32
-                "1d78jq7mc34n265by68amr9r4nzbiqrilfbwh7gx56ydn4gb6rpr"))
-            (modules '((guix build utils)))
-            (snippet
-             `(begin
-                (delete-file-recursively "src/llvm")
-                #t))))
+                "1lrzzp0nh7s61wgfs2h6ilaqi6iq89f1pd1yaf65l87bssyl4ylb"))
+              (modules '((guix build utils)))
+              (snippet
+               `(begin
+                  (delete-file-recursively "src/llvm")
+                  #t))))
     (build-system gnu-build-system)
     (native-inputs
      `(("bison" ,bison) ; For the tests
        ("cmake" ,cmake)
        ("flex" ,flex) ; For the tests
+       ("gdb" ,gdb)   ; For the tests
        ("git" ,git)
        ("procps" ,procps) ; For the tests
        ("python-2" ,python-2)
        ("rust-bootstrap" ,rust-bootstrap)
        ("which" ,which)))
     (inputs
-     `(("jemalloc" ,jemalloc)
+     `(("jemalloc" ,jemalloc-4.5.0)
        ("llvm" ,llvm-3.9.1)))
     (arguments
-     `(#:phases
+     `(#:imported-modules ,%cargo-build-system-modules ;for `generate-checksums'
+       #:phases
        (modify-phases %standard-phases
-         (add-after 'unpack 'patch-configure
-           (lambda _
-             (substitute* "configure"
-               (("/usr/bin/env") (which "env")) ; Detect target CPU correctly.
-               (("probe_need CFG_CURL curl") "") ; Avoid curl build dependency.
-               ;; Newer LLVM has a NVPTX (NVIDIA) backend which the Rust
-               ;; Makefiles don't know about, causing a linker failure
-               ;; if we don't intervene.
-               ;; Therefore, we add NVPTX here.
-               ;; See <https://github.com/rust-lang/rust/issues/40698>.
-               ;; For the next release, we will have to use rustbuild.
-               ;; Right now, rustbuild doesn't work yet.
-               (("-DLLVM_TARGETS_TO_BUILD='")
-                "-DLLVM_TARGETS_TO_BUILD='NVPTX;")) ; Make LLVM >= 3.8.1 work.
-             (substitute* "src/tools/compiletest/src/util.rs"
-               (("(\"amd64\", \"x86_64\"),") "(\"amd64\", \"x86_64\"),
-(\"nvptx\", \"nvptx\"),")) ; Make LLVM >= 3.8.1 work.
-             (substitute* "mk/main.mk"
-               (("LLVM_OPTIONAL_COMPONENTS=")
-                "LLVM_OPTIONAL_COMPONENTS=nvptx ")) ; Make LLVM >= 3.8.1 work.
-             #t))
          (add-after 'unpack 'set-env
            (lambda _
              (setenv "SHELL" (which "sh"))
              (setenv "CONFIG_SHELL" (which "sh"))
+             ;; guix llvm-3.9.1 package installs only shared libraries
+             (setenv "LLVM_LINK_SHARED" "1")
              #t))
          (add-after 'unpack 'patch-tests
            (lambda* (#:key inputs #:allow-other-keys)
              (let ((bash (assoc-ref inputs "bash")))
-               (substitute* "src/tools/tidy/src/main.rs"
-                 (("^.*cargo.*::check.*$") ""))
+               (substitute* "src/build_helper/lib.rs"
+                 ;; In same folder as gcc there is only "gcc-ar" utility
+                 (("file\\.push_str\\(\"ar\"\\);") "file.push_str(\"gcc-ar\");"))
                (substitute* "src/libstd/process.rs"
                  ;; The newline is intentional.
                  ;; There's a line length "tidy" check in Rust which would
                  ;; fail otherwise.
-                 (("\"/bin/sh\"") (string-append "
-\"" bash "/bin/sh\"")))
-               ;; See <https://lists.gnu.org/archive/html/guix-devel/2017-06/msg00222.html>.
+                 (("\"/bin/sh\"") (string-append "\n\"" bash "/bin/sh\"")))
+               (substitute* "src/libstd/net/tcp.rs"
+                 ;; There is no network in build environment
+                 (("fn connect_timeout_unroutable")
+                  "#[ignore]\nfn connect_timeout_unroutable"))
+               ;; <https://lists.gnu.org/archive/html/guix-devel/2017-06/msg00222.html>
                (substitute* "src/libstd/sys/unix/process/process_common.rs"
-                 (("fn test_process_mask") "#[cfg_attr(target_os = \"linux\", ignore)]
-fn test_process_mask"))
+                 (("fn test_process_mask") "#[ignore]\nfn test_process_mask"))
                ;; Our ld-wrapper cannot process non-UTF8 bytes in LIBRARY_PATH.
-               ;; See <https://lists.gnu.org/archive/html/guix-devel/2017-06/msg00193.html>.
+               ;; <https://lists.gnu.org/archive/html/guix-devel/2017-06/msg00193.html>
                (delete-file-recursively "src/test/run-make/linker-output-non-utf8")
+               (substitute* "src/build_helper/lib.rs"
+                 ;; Bug in Rust code.
+                 ;; Current implementation assume that if dst not exist then it's mtime
+                 ;; is 0, but in same time "src" have 0 mtime in guix build!
+                 (("let threshold = mtime\\(dst\\);")
+                  "if !dst.exists() {\nreturn false\n}\n let threshold = mtime(dst);"))
                #t)))
+         (add-after 'patch-source-shebangs 'patch-cargo-checksums
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "src/Cargo.lock"
+               (("(\"checksum .* = )\".*\"" all name)
+                (string-append name "\"" ,%cargo-reference-hash "\"")))
+             (for-each
+              (lambda (filename)
+                (use-modules (guix build cargo-build-system))
+                (delete-file filename)
+                (let* ((dir (dirname filename)))
+                  (display (string-append
+                            "patch-cargo-checksums: generate-checksums for "
+                            dir "\n"))
+                  (generate-checksums dir ,%cargo-reference-project-file)))
+              (find-files "src/vendor" ".cargo-checksum.json"))
+             #t))
          (replace 'configure
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out"))
                     (gcc (assoc-ref inputs "gcc"))
+                    (gdb (assoc-ref inputs "gdb"))
                     (binutils (assoc-ref inputs "binutils"))
                     (python (assoc-ref inputs "python-2"))
                     (rustc (assoc-ref inputs "rustc-bootstrap"))
+                    (cargo (assoc-ref inputs "cargo-bootstrap"))
                     (llvm (assoc-ref inputs "llvm"))
-                    (jemalloc (assoc-ref inputs "jemalloc"))
-                    (flags (list
-                            (string-append "--prefix=" out)
-                            (string-append "--datadir=" out "/share")
-                            (string-append "--infodir=" out "/share/info")
-                            (string-append "--default-linker=" gcc "/bin/gcc")
-                            (string-append "--default-ar=" binutils "/bin/ar")
-                            (string-append "--python=" python "/bin/python2")
-                            (string-append "--local-rust-root=" rustc)
-                            (string-append "--llvm-root=" llvm)
-                            (string-append "--jemalloc-root=" jemalloc "/lib")
-                            "--release-channel=stable"
-                            "--enable-rpath"
-                            "--enable-local-rust"
-                            "--disable-rustbuild" ; rustbuild doesn't work yet.
-                            "--disable-manage-submodules")))
-               ;; Rust uses a custom configure script (no autoconf).
-               (zero? (apply system* "./configure" flags)))))
+                    (jemalloc (assoc-ref inputs "jemalloc")))
+               (call-with-output-file "config.toml"
+                 (lambda (port)
+                   (display (string-append "
+[llvm]
+[build]
+cargo = \"" cargo "/bin/cargo" "\"
+rustc = \"" rustc "/bin/rustc" "\"
+python = \"" python "/bin/python2" "\"
+gdb = \"" gdb "/bin/gdb" "\"
+vendor = true
+submodules = false
+[install]
+prefix = \"" out "\"
+[rust]
+default-linker = \"" gcc "/bin/gcc" "\"
+default-ar = \"" binutils "/bin/ar" "\"
+channel = \"stable\"
+rpath = true
+# There is 2 failed codegen tests:
+# codegen/mainsubprogram.rs and codegen/mainsubprogramstart.rs
+# This tests required patched LLVM
+codegen-tests = false
+[target." %host-type "]
+llvm-config = \"" llvm "/bin/llvm-config" "\"
+cc = \"" gcc "/bin/gcc" "\"
+cxx = \"" gcc "/bin/g++" "\"
+jemalloc = \"" jemalloc "/lib/libjemalloc_pic.a" "\"
+[dist]
+") port)))
+               #t)))
+         (add-before 'build 'reset-timestamps-after-changes
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (define ref (stat "README.md"))
+             (for-each
+              (lambda (filename)
+                (set-file-time filename ref))
+              (find-files "." #:directories? #t))
+             #t))
+         (replace 'build
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (zero? (system* "./x.py" "build"))))
+         (replace 'check
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (zero? (system* "./x.py" "test"))))
+         (replace 'install
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (zero? (system* "./x.py" "install"))))
          (add-after 'install 'wrap-rustc
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (let ((out (assoc-ref outputs "out"))
@@ -325,7 +379,7 @@ safety and thread safety guarantees.")
 (define-public cargo
   (package
     (name "cargo")
-    (version (cargo-version (rustc-version %rust-bootstrap-binaries-version)))
+    (version (cargo-version (rustc-version %rust-bootstrap-binaries-version) 0))
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/rust-lang/cargo/archive/"
@@ -333,7 +387,7 @@ safety and thread safety guarantees.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1y0zy8gk1ly0wh57y78fisk7cdd92qk0x7z664f6l7lzl2krqs7w"))))
+                "0kr7rml7v2bm7zl8jcb3056h63zpyy9m08s212i8vfwxf6lf5fzl"))))
     (build-system cargo-build-system)
     (propagated-inputs
      `(("cmake" ,cmake)
@@ -346,506 +400,992 @@ safety and thread safety guarantees.")
        ("python-2" ,python-2)
        ("zlib" ,zlib)))
     (native-inputs
-     `(("rust-openssl"
+     `(("git" ,git) ; required for tests
+       ;; Next dependencies generated with next command:
+       ;; cat Cargo.lock | awk '
+       ;;   /^"checksum/
+       ;;   { oname=name=$2; vers=$3; hash=$6;
+       ;;     if (ns[name] != 1) { ns[name]=1; } else { name = name "-" vers; }
+       ;;     print "       (\"rust-" name "\"";
+       ;;     print "        ,(origin";
+       ;;     print "           (method url-fetch)";
+       ;;     print "           (uri (crate-uri \"" oname "\" \"" vers "\"))";
+       ;;     print "           (file-name \"rust-" oname "\-\" vers "\")
+       ;;     print "           (sha256";
+       ;;     print "            (base16-string->bytevector";
+       ;;     print "             " hash "))))"
+       ;;   }'
+       ("rust-advapi32-sys"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "openssl" "0.9.6"))
+           (uri (crate-uri "advapi32-sys" "0.2.0"))
+           (file-name "rust-advapi32-sys-0.2.0")
            (sha256
-            (base32
-             "0g28g692gby6izp9qmnwnyxyhf9b0870yhd500p18j9l69lxl00c"))))
-       ("rust-strsim"
+            (base16-string->bytevector
+             "e06588080cb19d0acb6739808aafa5f26bfb2ca015b2b6370028b44cf7cb8a9a"))))
+       ("rust-aho-corasick"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "strsim" "0.5.1"))
+           (uri (crate-uri "aho-corasick" "0.5.3"))
+           (file-name "rust-aho-corasick-0.5.3")
            (sha256
-            (base32
-             "0bj4fsm1l2yqbfpspyvjf9m3m50pskapcddzm0ji9c74jbgnkh2h"))))
-       ("rust-libc"
+            (base16-string->bytevector
+             "ca972c2ea5f742bfce5687b9aef75506a764f61d37f8f649047846a9686ddb66"))))
+       ("rust-aho-corasick-0.6.3"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "libc" "0.2.18"))
+           (uri (crate-uri "aho-corasick" "0.6.3"))
+           (file-name "rust-aho-corasick-0.6.3")
            (sha256
-            (base32
-             "0w5cghr0wx3hi2sclk8r9iyzlbxsakil87ada40q2ykyhky24655"))))
+            (base16-string->bytevector
+             "500909c4f87a9e52355b26626d890833e9e1d53ac566db76c36faa984b889699"))))
+       ("rust-atty"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "atty" "0.2.3"))
+           (file-name "rust-atty-0.2.3")
+           (sha256
+            (base16-string->bytevector
+             "21e50800ec991574876040fff8ee46b136a53e985286fbe6a3bdfe6421b78860"))))
+       ("rust-backtrace"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "backtrace" "0.3.3"))
+           (file-name "rust-backtrace-0.3.3")
+           (sha256
+            (base16-string->bytevector
+             "99f2ce94e22b8e664d95c57fff45b98a966c2252b60691d0b7aeeccd88d70983"))))
+       ("rust-backtrace-sys"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "backtrace-sys" "0.1.14"))
+           (file-name "rust-backtrace-sys-0.1.14")
+           (sha256
+            (base16-string->bytevector
+             "c63ea141ef8fdb10409d0f5daf30ac51f84ef43bff66f16627773d2a292cd189"))))
        ("rust-bitflags"
         ,(origin
            (method url-fetch)
            (uri (crate-uri "bitflags" "0.7.0"))
+           (file-name "rust-bitflags-0.7.0")
            (sha256
-            (base32
-             "0v8hh6wdkpk9my8z8442g4hqrqf05h0qj53dsay6mv18lqvqklda"))))
-       ("rust-unicode-normalization"
+            (base16-string->bytevector
+             "aad18937a628ec6abcd26d1489012cc0e18c21798210f491af69ded9b881106d"))))
+       ("rust-bitflags-0.9.1"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "unicode-normalization" "0.1.2"))
+           (uri (crate-uri "bitflags" "0.9.1"))
+           (file-name "rust-bitflags-0.9.1")
            (sha256
-            (base32
-             "0whi4xxqcjfsz6ywyrfd5lhgk1a44c86qwgvfqcmzidshcpklr16"))))
-       ("rust-rand"
+            (base16-string->bytevector
+             "4efd02e230a02e18f92fc2735f44597385ed02ad8f831e7c1c1156ee5e1ab3a5"))))
+       ("rust-bufstream"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "rand" "0.3.14"))
+           (uri (crate-uri "bufstream" "0.1.3"))
+           (file-name "rust-bufstream-0.1.3")
            (sha256
-            (base32
-             "1984zvj8572ig28fz6idc4r96fx39h4lzmr07yf7kb7gdn6di497"))))
-       ("rust-gcc"
+            (base16-string->bytevector
+             "f2f382711e76b9de6c744cc00d0497baba02fb00a787f088c879f01d09468e32"))))
+       ("rust-cc"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "gcc" "0.3.39"))
+           (uri (crate-uri "cc" "1.0.0"))
+           (file-name "rust-cc-1.0.0")
            (sha256
-            (base32
-             "1q0idjvmhp6shkb9hqabh51rgfr8dqpi1xfmyzq7q8vgzybll7kp"))))
-       ("rust-tempdir"
+            (base16-string->bytevector
+             "7db2f146208d7e0fbee761b09cd65a7f51ccc38705d4e7262dad4d73b12a76b1"))))
+       ("rust-cfg-if"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "tempdir" "0.3.5"))
+           (uri (crate-uri "cfg-if" "0.1.2"))
+           (file-name "rust-cfg-if-0.1.2")
            (sha256
-            (base32
-             "1mij45kgzflkja0h8q9avrik76h5a0b60m9hfd6k9yqxbiplm5w7"))))
-       ("rust-memchr"
+            (base16-string->bytevector
+             "d4c819a1287eb618df47cc647173c5c4c66ba19d888a6e50d605672aed3140de"))))
+       ("rust-cmake"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "memchr" "0.1.11"))
+           (uri (crate-uri "cmake" "0.1.26"))
+           (file-name "rust-cmake-0.1.26")
            (sha256
-            (base32
-             "084d85hjfa3xf5kwdms2mhbkh78m1gl2254cp5swcxj3a7xjkdnq"))))
-       ("rust-rustc-serialize"
+            (base16-string->bytevector
+             "357c07e7a1fc95732793c1edb5901e1a1f305cfcf63a90eb12dbd22bdb6b789d"))))
+       ("rust-commoncrypto"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "rustc-serialize" "0.3.21"))
+           (uri (crate-uri "commoncrypto" "0.2.0"))
+           (file-name "rust-commoncrypto-0.2.0")
            (sha256
-            (base32
-             "064qmyr2508qf78dwcpiv25rfjp9h9vd0wrj4mmwgppjg4fgrydz"))))
-       ("rust-cmake"
+            (base16-string->bytevector
+             "d056a8586ba25a1e4d61cb090900e495952c7886786fc55f909ab2f819b69007"))))
+       ("rust-commoncrypto-sys"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "cmake" "0.1.19"))
+           (uri (crate-uri "commoncrypto-sys" "0.2.0"))
+           (file-name "rust-commoncrypto-sys-0.2.0")
            (sha256
-            (base32
-             "0am8c8ns1h6b1a5x9z2r1m3rszvya5nccl2pzszzjv5aiiaydgcf"))))
-       ("rust-matches"
+            (base16-string->bytevector
+             "1fed34f46747aa73dfaa578069fd8279d2818ade2b55f38f22a9401c7f4083e2"))))
+       ("rust-conv"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "matches" "0.1.4"))
+           (uri (crate-uri "conv" "0.3.3"))
+           (file-name "rust-conv-0.3.3")
            (sha256
-            (base32
-             "1c8190j84hbicy8jwscw5icfam12j6lcxi02lvmadq9260p65mzg"))))
-       ("rust-winapi"
+            (base16-string->bytevector
+             "78ff10625fd0ac447827aa30ea8b861fead473bb60aeb73af6c1c58caf0d1299"))))
+       ("rust-core-foundation"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "winapi" "0.2.8"))
+           (uri (crate-uri "core-foundation" "0.4.4"))
+           (file-name "rust-core-foundation-0.4.4")
            (sha256
-            (base32
-             "0yh816lh6lf56dpsgxy189c2ai1z3j8mw9si6izqb6wsjkbcjz8n"))))
-       ("rust-pkg-config"
+            (base16-string->bytevector
+             "5909502e547762013619f4c4e01cc7393c20fe2d52d7fa471c1210adb2320dc7"))))
+       ("rust-core-foundation-sys"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "pkg-config" "0.3.8"))
+           (uri (crate-uri "core-foundation-sys" "0.4.4"))
+           (file-name "rust-core-foundation-sys-0.4.4")
            (sha256
-            (base32
-             "1ypj4nj2z9z27qg06v3g40jyhw685i3l2wi098d21bvyri781vlc"))))
-       ("rust-libssh2-sys"
+            (base16-string->bytevector
+             "bc9fb3d6cb663e6fd7cf1c63f9b144ee2b1e4a78595a0451dd34bff85b9a3387"))))
+       ("rust-crossbeam"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "libssh2-sys" "0.2.5"))
+           (uri (crate-uri "crossbeam" "0.2.10"))
+           (file-name "rust-crossbeam-0.2.10")
            (sha256
-            (base32
-             "0d2r36hrh9vc1821r0v4kywv30svpf37d31calwql69fbij3bqci"))))
-       ("rust-libz-sys"
+            (base16-string->bytevector
+             "0c5ea215664ca264da8a9d9c3be80d2eaf30923c259d03e870388eb927508f97"))))
+       ("rust-crossbeam-0.3.0"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "crossbeam" "0.3.0"))
+           (file-name "rust-crossbeam-0.3.0")
+           (sha256
+            (base16-string->bytevector
+             "8837ab96533202c5b610ed44bc7f4183e7957c1c8f56e8cc78bb098593c8ba0a"))))
+       ("rust-crypto-hash"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "crypto-hash" "0.3.0"))
+           (file-name "rust-crypto-hash-0.3.0")
+           (sha256
+            (base16-string->bytevector
+             "34903878eec1694faf53cae8473a088df333181de421d4d3d48061d6559fe602"))))
+       ("rust-curl"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "libz-sys" "1.0.13"))
+           (uri (crate-uri "curl" "0.4.8"))
+           (file-name "rust-curl-0.4.8")
            (sha256
-            (base32
-             "034pgvxzgsv37iafgs0lmvd1ifm0bg0zm1xcsn9x71nn8lm93vp5"))))
+            (base16-string->bytevector
+             "7034c534a1d7d22f7971d6088aa9d281d219ef724026c3428092500f41ae9c2c"))))
        ("rust-curl-sys"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "curl-sys" "0.3.6"))
+           (uri (crate-uri "curl-sys" "0.3.15"))
+           (file-name "rust-curl-sys-0.3.15")
            (sha256
-            (base32
-             "0fi8kjz3f8m8vfazycs3ddm0h6j3x78hw78gwbvybx71129192i1"))))
-       ("rust-error-chain"
+            (base16-string->bytevector
+             "4bee31aa3a079d5f3ff9579ea4dcfb1b1a17a40886f5f467436d383e78134b55"))))
+       ("rust-custom_derive"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "error-chain" "0.7.2"))
+           (uri (crate-uri "custom_derive" "0.1.7"))
+           (file-name "rust-custom_derive-0.1.7")
            (sha256
-            (base32
-             "03qjh6l2a9fkiyg0428p7q3dcpi47cbmrqf9zmlymkg43v3v731i"))))
-       ("rust-metadeps"
+            (base16-string->bytevector
+             "ef8ae57c4978a2acd8b869ce6b9ca1dfe817bff704c220209fdef2c0b75a01b9"))))
+       ("rust-dbghelp-sys"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "metadeps" "1.1.1"))
+           (uri (crate-uri "dbghelp-sys" "0.2.0"))
+           (file-name "rust-dbghelp-sys-0.2.0")
            (sha256
-            (base32
-             "0l818461bslb7nrs7r1amkqv45n53fcp5sabyqipwx0xxbkzz7w2"))))
-       ("rust-openssl-sys"
+            (base16-string->bytevector
+             "97590ba53bcb8ac28279161ca943a924d1fd4a8fb3fa63302591647c4fc5b850"))))
+       ("rust-docopt"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "openssl-sys" "0.9.6"))
+           (uri (crate-uri "docopt" "0.8.1"))
+           (file-name "rust-docopt-0.8.1")
            (sha256
-            (base32
-             "1hzpyf9z8xg1yn5r9g17bl5j20nifd6s2zp10xh90v7m0sd2yj5i"))))
-       ("rust-fs2"
+            (base16-string->bytevector
+             "3b5b93718f8b3e5544fcc914c43de828ca6c6ace23e0332c6080a2977b49787a"))))
+       ("rust-dtoa"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "fs2" "0.3.0"))
+           (uri (crate-uri "dtoa" "0.4.2"))
+           (file-name "rust-dtoa-0.4.2")
            (sha256
-            (base32
-             "0lg57mgcm1r0m8jm4nqpcrl6lmxg8lj854k2h0r7qp46pphh2034"))))
-       ("rust-log"
+            (base16-string->bytevector
+             "09c3753c3db574d215cba4ea76018483895d7bff25a31b49ba45db21c48e50ab"))))
+       ("rust-env_logger"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "env_logger" "0.4.3"))
+           (file-name "rust-env_logger-0.4.3")
+           (sha256
+            (base16-string->bytevector
+             "3ddf21e73e016298f5cb37d6ef8e8da8e39f91f9ec8b0df44b7deb16a9f8cd5b"))))
+       ("rust-error-chain"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "log" "0.3.6"))
+           (uri (crate-uri "error-chain" "0.11.0"))
+           (file-name "rust-error-chain-0.11.0")
            (sha256
-            (base32
-             "0m40hgs3cg57dd5kk1mabfk6gk8z6l1cihar8akx4kmzz1xlk0xb"))))
+            (base16-string->bytevector
+             "ff511d5dc435d703f4971bc399647c9bc38e20cb41452e3b9feb4765419ed3f3"))))
        ("rust-filetime"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "filetime" "0.1.10"))
+           (uri (crate-uri "filetime" "0.1.12"))
+           (file-name "rust-filetime-0.1.12")
            (sha256
-            (base32
-             "08p9scgv30i1141cnp5xi4pqlnkfci455nrpca55df1r867anqsk"))))
-       ("rust-tar"
+            (base16-string->bytevector
+             "6ab199bf38537c6f38792669e081e0bb278b9b7405bba2642e4e5d15bf732c0e"))))
+       ("rust-flate2"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "flate2" "0.2.20"))
+           (file-name "rust-flate2-0.2.20")
+           (sha256
+            (base16-string->bytevector
+             "e6234dd4468ae5d1e2dbb06fe2b058696fdc50a339c68a393aefbf00bc81e423"))))
+       ("rust-fnv"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "tar" "0.4.9"))
+           (uri (crate-uri "fnv" "1.0.5"))
+           (file-name "rust-fnv-1.0.5")
            (sha256
-            (base32
-             "1vi3nl8s3jjf5l20ni47gmh1p4bdjfh7q50fbg7izzqrf7i4i40c"))))
+            (base16-string->bytevector
+             "6cc484842f1e2884faf56f529f960cc12ad8c71ce96cc7abba0a067c98fee344"))))
+       ("rust-foreign-types"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "foreign-types" "0.2.0"))
+           (file-name "rust-foreign-types-0.2.0")
+           (sha256
+            (base16-string->bytevector
+             "3e4056b9bd47f8ac5ba12be771f77a0dae796d1bbaaf5fd0b9c2d38b69b8a29d"))))
+       ("rust-fs2"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "fs2" "0.4.2"))
+           (file-name "rust-fs2-0.4.2")
+           (sha256
+            (base16-string->bytevector
+             "9ab76cfd2aaa59b7bf6688ad9ba15bbae64bff97f04ea02144cfd3443e5c2866"))))
+       ("rust-git2"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "git2" "0.6.8"))
+           (file-name "rust-git2-0.6.8")
+           (sha256
+            (base16-string->bytevector
+             "0c1c0203d653f4140241da0c1375a404f0a397249ec818cd2076c6280c50f6fa"))))
+       ("rust-git2-curl"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "git2-curl" "0.7.0"))
+           (file-name "rust-git2-curl-0.7.0")
+           (sha256
+            (base16-string->bytevector
+             "68676bc784bf0bef83278898929bf64a251e87c0340723d0b93fa096c9c5bf8e"))))
        ("rust-glob"
         ,(origin
            (method url-fetch)
            (uri (crate-uri "glob" "0.2.11"))
+           (file-name "rust-glob-0.2.11")
            (sha256
-            (base32
-             "1ysvi72slkw784fcsymgj4308c3y03gwjjzqxp80xdjnkbh8vqcb"))))
-       ("rust-cfg-if"
+            (base16-string->bytevector
+             "8be18de09a56b60ed0edf84bc9df007e30040691af7acd1c41874faac5895bfb"))))
+       ("rust-globset"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "cfg-if" "0.1.0"))
+           (uri (crate-uri "globset" "0.2.0"))
+           (file-name "rust-globset-0.2.0")
            (sha256
-            (base32
-             "137qikjcal4h75frzcn6mknygqk8vy5bva7w851aydb5gc6pc7ny"))))
-       ("rust-winapi-build"
+            (base16-string->bytevector
+             "feeb1b6840809ef5efcf7a4a990bc4e1b7ee3df8cf9e2379a75aeb2ba42ac9c3"))))
+       ("rust-hamcrest"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "winapi-build" "0.1.1"))
+           (uri (crate-uri "hamcrest" "0.1.1"))
+           (file-name "rust-hamcrest-0.1.1")
            (sha256
-            (base32
-             "1g4rqsgjky0a7530qajn2bbfcrl2v0zb39idgdws9b1l7gp5wc9d"))))
-       ("rust-advapi32-sys"
+            (base16-string->bytevector
+             "bf088f042a467089e9baa4972f57f9247e42a0cc549ba264c7a04fbb8ecb89d4"))))
+       ("rust-hex"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "advapi32-sys" "0.2.0"))
+           (uri (crate-uri "hex" "0.2.0"))
+           (file-name "rust-hex-0.2.0")
            (sha256
-            (base32
-             "16largvlrd1800vvdchml0ngnszjlnpqm01rcz5hm7di1h48hrg0"))))
-       ("rust-gdi32-sys"
+            (base16-string->bytevector
+             "d6a22814455d41612f41161581c2883c0c6a1c41852729b17d5ed88f01e153aa"))))
+       ("rust-home"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "gdi32-sys" "0.2.0"))
+           (uri (crate-uri "home" "0.3.0"))
+           (file-name "rust-home-0.3.0")
            (sha256
-            (base32
-             "0605d4ngjsspghwjv4jicajich1gnl0aik9f880ajjzjixd524h9"))))
-       ("rust-ws2_32-sys"
+            (base16-string->bytevector
+             "9f25ae61099d8f3fee8b483df0bd4ecccf4b2731897aad40d50eca1b641fe6db"))))
+       ("rust-idna"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "ws2_32-sys" "0.2.1"))
+           (uri (crate-uri "idna" "0.1.4"))
+           (file-name "rust-idna-0.1.4")
            (sha256
-            (base32
-             "0ppscg5qfqaw0gzwv2a4nhn5bn01ff9iwn6ysqnzm4n8s3myz76m"))))
-       ("rust-user32-sys"
+            (base16-string->bytevector
+             "014b298351066f1512874135335d62a789ffe78a9974f94b43ed5621951eaf7d"))))
+       ("rust-ignore"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "user32-sys" "0.2.0"))
+           (uri (crate-uri "ignore" "0.2.2"))
+           (file-name "rust-ignore-0.2.2")
            (sha256
-            (base32
-             "0ivxc7hmsxax9crdhxdd1nqwik4s9lhb2x59lc8b88bv20fp3x2f"))))
-       ("rust-unicode-bidi"
+            (base16-string->bytevector
+             "b3fcaf2365eb14b28ec7603c98c06cc531f19de9eb283d89a3dff8417c8c99f5"))))
+       ("rust-itoa"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "itoa" "0.3.4"))
+           (file-name "rust-itoa-0.3.4")
+           (sha256
+            (base16-string->bytevector
+             "8324a32baf01e2ae060e9de58ed0bc2320c9a2833491ee36cd3b4c414de4db8c"))))
+       ("rust-jobserver"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "unicode-bidi" "0.2.3"))
+           (uri (crate-uri "jobserver" "0.1.6"))
+           (file-name "rust-jobserver-0.1.6")
            (sha256
-            (base32
-             "0gqbyf6slkgzr14nf6v8dw8a19l5snh6bpms8bpfvzpxdawwxxy1"))))
+            (base16-string->bytevector
+             "443ae8bc0af6c106e6e8b77e04684faecc1a5ce94e058f4c2b0a037b0ea1b133"))))
+       ("rust-kernel32-sys"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "kernel32-sys" "0.2.2"))
+           (file-name "rust-kernel32-sys-0.2.2")
+           (sha256
+            (base16-string->bytevector
+             "7507624b29483431c0ba2d82aece8ca6cdba9382bff4ddd0f7490560c056098d"))))
+       ("rust-lazy_static"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "lazy_static" "0.2.9"))
+           (file-name "rust-lazy_static-0.2.9")
+           (sha256
+            (base16-string->bytevector
+             "c9e5e58fa1a4c3b915a561a78a22ee0cac6ab97dca2504428bc1cb074375f8d5"))))
+       ("rust-libc"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "libc" "0.2.31"))
+           (file-name "rust-libc-0.2.31")
+           (sha256
+            (base16-string->bytevector
+             "d1419b2939a0bc44b77feb34661583c7546b532b192feab36249ab584b86856c"))))
+       ("rust-libgit2-sys"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "libgit2-sys" "0.6.16"))
+           (file-name "rust-libgit2-sys-0.6.16")
+           (sha256
+            (base16-string->bytevector
+             "6f74b4959cef96898f5123148724fc7dee043b9a6b99f219d948851bfbe53cb2"))))
+       ("rust-libssh2-sys"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "libssh2-sys" "0.2.6"))
+           (file-name "rust-libssh2-sys-0.2.6")
+           (sha256
+            (base16-string->bytevector
+             "0db4ec23611747ef772db1c4d650f8bd762f07b461727ec998f953c614024b75"))))
+       ("rust-libz-sys"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "libz-sys" "1.0.17"))
+           (file-name "rust-libz-sys-1.0.17")
+           (sha256
+            (base16-string->bytevector
+             "44ebbc760fd2d2f4d93de09a0e13d97e057612052e871da9985cedcb451e6bd5"))))
+       ("rust-log"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "log" "0.3.8"))
+           (file-name "rust-log-0.3.8")
+           (sha256
+            (base16-string->bytevector
+             "880f77541efa6e5cc74e76910c9884d9859683118839d6a1dc3b11e63512565b"))))
+       ("rust-magenta"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "magenta" "0.1.1"))
+           (file-name "rust-magenta-0.1.1")
+           (sha256
+            (base16-string->bytevector
+             "4bf0336886480e671965f794bc9b6fce88503563013d1bfb7a502c81fe3ac527"))))
+       ("rust-magenta-sys"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "magenta-sys" "0.1.1"))
+           (file-name "rust-magenta-sys-0.1.1")
+           (sha256
+            (base16-string->bytevector
+             "40d014c7011ac470ae28e2f76a02bfea4a8480f73e701353b49ad7a8d75f4699"))))
+       ("rust-matches"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "matches" "0.1.6"))
+           (file-name "rust-matches-0.1.6")
+           (sha256
+            (base16-string->bytevector
+             "100aabe6b8ff4e4a7e32c1c13523379802df0772b82466207ac25b013f193376"))))
+       ("rust-memchr"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "memchr" "0.1.11"))
+           (file-name "rust-memchr-0.1.11")
+           (sha256
+            (base16-string->bytevector
+             "d8b629fb514376c675b98c1421e80b151d3817ac42d7c667717d282761418d20"))))
+       ("rust-memchr-1.0.1"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "memchr" "1.0.1"))
+           (file-name "rust-memchr-1.0.1")
+           (sha256
+            (base16-string->bytevector
+             "1dbccc0e46f1ea47b9f17e6d67c5a96bd27030519c519c9c91327e31275a47b4"))))
+       ("rust-miniz-sys"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "miniz-sys" "0.1.10"))
+           (file-name "rust-miniz-sys-0.1.10")
+           (sha256
+            (base16-string->bytevector
+             "609ce024854aeb19a0ef7567d348aaa5a746b32fb72e336df7fcc16869d7e2b4"))))
+       ("rust-miow"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "miow" "0.2.1"))
+           (file-name "rust-miow-0.2.1")
+           (sha256
+            (base16-string->bytevector
+             "8c1f2f3b1cf331de6896aabf6e9d55dca90356cc9960cca7eaaf408a355ae919"))))
        ("rust-net2"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "net2" "0.2.26"))
+           (uri (crate-uri "net2" "0.2.31"))
+           (file-name "rust-net2-0.2.31")
            (sha256
-            (base32
-             "1qp3q6xynb481rsp3ig1nmqb6qlxfba3shfrmqij88cppsv9rpsy"))))
-       ("rust-utf8-ranges"
+            (base16-string->bytevector
+             "3a80f842784ef6c9a958b68b7516bc7e35883c614004dd94959a4dca1b716c09"))))
+       ("rust-num"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "utf8-ranges" "0.1.3"))
+           (uri (crate-uri "num" "0.1.40"))
+           (file-name "rust-num-0.1.40")
            (sha256
-            (base32
-             "03xf604b2v51ag3jgzw92l97xnb10kw9zv948bhc7ja1ik017jm1"))))
-       ("rust-crossbeam"
+            (base16-string->bytevector
+             "a311b77ebdc5dd4cf6449d81e4135d9f0e3b153839ac90e648a8ef538f923525"))))
+       ("rust-num-bigint"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "crossbeam" "0.2.10"))
+           (uri (crate-uri "num-bigint" "0.1.40"))
+           (file-name "rust-num-bigint-0.1.40")
            (sha256
-            (base32
-             "15wga0kvk3iqf3l077957j931brf1pl3p74xibd698jccqas4phc"))))
-       ("rust-toml"
+            (base16-string->bytevector
+             "8fd0f8dbb4c0960998958a796281d88c16fbe68d87b1baa6f31e2979e81fd0bd"))))
+       ("rust-num-complex"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "toml" "0.2.1"))
+           (uri (crate-uri "num-complex" "0.1.40"))
+           (file-name "rust-num-complex-0.1.40")
            (sha256
-            (base32
-             "1d1cz43bxrx4fd6j2p6myckf81f72bp47akg36y3flxjkhj60svk"))))
-       ("rust-aho-corasick"
+            (base16-string->bytevector
+             "503e668405c5492d67cf662a81e05be40efe2e6bcf10f7794a07bd9865e704e6"))))
+       ("rust-num-integer"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "aho-corasick" "0.5.3"))
+           (uri (crate-uri "num-integer" "0.1.35"))
+           (file-name "rust-num-integer-0.1.35")
+           (sha256
+            (base16-string->bytevector
+             "d1452e8b06e448a07f0e6ebb0bb1d92b8890eea63288c0b627331d53514d0fba"))))
+       ("rust-num-iter"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "num-iter" "0.1.34"))
+           (file-name "rust-num-iter-0.1.34")
+           (sha256
+            (base16-string->bytevector
+             "7485fcc84f85b4ecd0ea527b14189281cf27d60e583ae65ebc9c088b13dffe01"))))
+       ("rust-num-rational"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "num-rational" "0.1.39"))
+           (file-name "rust-num-rational-0.1.39")
+           (sha256
+            (base16-string->bytevector
+             "288629c76fac4b33556f4b7ab57ba21ae202da65ba8b77466e6d598e31990790"))))
+       ("rust-num-traits"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "num-traits" "0.1.40"))
+           (file-name "rust-num-traits-0.1.40")
+           (sha256
+            (base16-string->bytevector
+             "99843c856d68d8b4313b03a17e33c4bb42ae8f6610ea81b28abe076ac721b9b0"))))
+       ("rust-num_cpus"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "num_cpus" "1.7.0"))
+           (file-name "rust-num_cpus-1.7.0")
+           (sha256
+            (base16-string->bytevector
+             "514f0d73e64be53ff320680ca671b64fe3fb91da01e1ae2ddc99eb51d453b20d"))))
+       ("rust-openssl"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "openssl" "0.9.19"))
+           (file-name "rust-openssl-0.9.19")
+           (sha256
+            (base16-string->bytevector
+             "816914b22eb15671d62c73442a51978f311e911d6a6f6cbdafa6abce1b5038fc"))))
+       ("rust-openssl-probe"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "openssl-probe" "0.1.1"))
+           (file-name "rust-openssl-probe-0.1.1")
+           (sha256
+            (base16-string->bytevector
+             "d98df0270d404ccd3c050a41d579c52d1db15375168bb3471e04ec0f5f378daf"))))
+       ("rust-openssl-sys"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "openssl-sys" "0.9.19"))
+           (file-name "rust-openssl-sys-0.9.19")
+           (sha256
+            (base16-string->bytevector
+             "1e4c63a7d559c1e5afa6d6a9e6fa34bbc5f800ffc9ae08b72c605420b0c4f5e8"))))
+       ("rust-percent-encoding"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "percent-encoding" "1.0.0"))
+           (file-name "rust-precent-encoding-1.0.0")
+           (sha256
+            (base16-string->bytevector
+             "de154f638187706bde41d9b4738748933d64e6b37bdbffc0b47a97d16a6ae356"))))
+       ("rust-pkg-config"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "pkg-config" "0.3.9"))
+           (file-name "rust-pkg-config-0.3.9")
            (sha256
-            (base32
-             "0rnvdmlajikq0i4zdy1p3pv699q6apvsxfc7av7byhppllp2r5ya"))))
+            (base16-string->bytevector
+             "3a8b4c6b8165cd1a1cd4b9b120978131389f64bdaf456435caa41e630edba903"))))
        ("rust-psapi-sys"
         ,(origin
            (method url-fetch)
            (uri (crate-uri "psapi-sys" "0.1.0"))
+           (file-name "rust-psapi-sys-0.1.0")
            (sha256
-            (base32
-             "0y14g8qshsfnmb7nk2gs1rpbrs1wrggajmzp4yby4q6k0wd5vkdb"))))
-       ("rust-idna"
+            (base16-string->bytevector
+             "abcd5d1a07d360e29727f757a9decb3ce8bc6e0efa8969cfaad669a8317a2478"))))
+       ("rust-quote"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "idna" "0.1.0"))
+           (uri (crate-uri "quote" "0.3.15"))
+           (file-name "rust-quote-0.3.15")
            (sha256
-            (base32
-             "049c2rmlydrrrgrxdaq2v21adx9vkfh6k9x4xj56ckyf01p26lqh"))))
-       ("rust-url"
+            (base16-string->bytevector
+             "7a6e920b65c65f10b2ae65c831a81a073a89edd28c7cce89475bff467ab4167a"))))
+       ("rust-rand"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "rand" "0.3.16"))
+           (file-name "rust-rand-0.3.16")
+           (sha256
+            (base16-string->bytevector
+             "eb250fd207a4729c976794d03db689c9be1d634ab5a1c9da9492a13d8fecbcdf"))))
+       ("rust-redox_syscall"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "redox_syscall" "0.1.31"))
+           (file-name "rust-redox_syscall-0.1.31")
+           (sha256
+            (base16-string->bytevector
+             "8dde11f18c108289bef24469638a04dce49da56084f2d50618b226e47eb04509"))))
+       ("rust-redox_termios"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "url" "1.2.3"))
+           (uri (crate-uri "redox_termios" "0.1.1"))
+           (file-name "rust-redox_termios-0.1.1")
            (sha256
-            (base32
-             "1myr1i8djbl2bhvvrm6n3h7bj7sl6kh5dmaaz2f7c6x8hyyzgk28"))))
+            (base16-string->bytevector
+             "7e891cfe48e9100a70a3b6eb652fef28920c117d366339687bd5576160db0f76"))))
+       ("rust-regex"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "regex" "0.1.80"))
+           (file-name "rust-regex-0.1.80")
+           (sha256
+            (base16-string->bytevector
+             "4fd4ace6a8cf7860714a2c2280d6c1f7e6a413486c13298bbc86fd3da019402f"))))
+       ("rust-regex-0.2.2"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "regex" "0.2.2"))
+           (file-name "rust-regex-0.2.2")
+           (sha256
+            (base16-string->bytevector
+             "1731164734096285ec2a5ec7fea5248ae2f5485b3feeb0115af4fda2183b2d1b"))))
        ("rust-regex-syntax"
         ,(origin
            (method url-fetch)
            (uri (crate-uri "regex-syntax" "0.3.9"))
+           (file-name "rust-regex-syntax-0.3.9")
            (sha256
-            (base32
-             "0ms9hgdhhsxw9w920i7gipydvagf100bb56jbs192rz86ln01v7r"))))
-       ("rust-kernel32-sys"
+            (base16-string->bytevector
+             "f9ec002c35e86791825ed294b50008eea9ddfc8def4420124fbc6b08db834957"))))
+       ("rust-regex-syntax-0.4.1"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "kernel32-sys" "0.2.2"))
+           (uri (crate-uri "regex-syntax" "0.4.1"))
+           (file-name "rust-regex-syntax-0.4.1")
            (sha256
-            (base32
-             "1389av0601a9yz8dvx5zha9vmkd6ik7ax0idpb032d28555n41vm"))))
-       ("rust-term"
+            (base16-string->bytevector
+             "ad890a5eef7953f55427c50575c680c42841653abd2b028b68cd223d157f62db"))))
+       ("rust-rustc-demangle"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "term" "0.4.4"))
+           (uri (crate-uri "rustc-demangle" "0.1.5"))
+           (file-name "rust-rustc-demangle-0.1.5")
            (sha256
-            (base32
-             "0jpr7jb1xidadh0arklwr99r8w1k1dfc4an3ginpsq5nnfigivrx"))))
-       ("rust-thread-id"
+            (base16-string->bytevector
+             "aee45432acc62f7b9a108cc054142dac51f979e69e71ddce7d6fc7adf29e817e"))))
+       ("rust-rustc-serialize"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "thread-id" "2.0.0"))
+           (uri (crate-uri "rustc-serialize" "0.3.24"))
+           (file-name "rust-rustc-serialize-0.3.24")
            (sha256
-            (base32
-             "00zzs2bx1xw8aqm5plqqgr7bc2zz6zkqrdxq8vpiqb8hc2srslx9"))))
-       ("rust-thread_local"
+            (base16-string->bytevector
+             "dcf128d1287d2ea9d80910b5f1120d0b8eede3fbf1abe91c40d39ea7d51e6fda"))))
+       ("rust-same-file"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "thread_local" "0.2.7"))
+           (uri (crate-uri "same-file" "0.1.3"))
+           (file-name "rust-same-file-0.1.3")
            (sha256
-            (base32
-             "1mgxikqvhpsic6xk7pan95lvgsky1sdxzw2w5m2l35pgrazxnxl5"))))
-       ("rust-miow"
+            (base16-string->bytevector
+             "d931a44fdaa43b8637009e7632a02adc4f2b2e0733c08caa4cf00e8da4a117a7"))))
+       ("rust-scoped-tls"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "miow" "0.1.3"))
+           (uri (crate-uri "scoped-tls" "0.1.0"))
+           (file-name "rust-scoped-tls-0.1.0")
            (sha256
-            (base32
-             "16jvfjsp6fr4mbd2sw5hcdmi4dsa0m0aa45gjz78mb1h4mwcdgym"))))
-       ("rust-regex"
+            (base16-string->bytevector
+             "f417c22df063e9450888a7561788e9bd46d3bb3c1466435b4eccb903807f147d"))))
+       ("rust-scopeguard"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "regex" "0.1.80"))
+           (uri (crate-uri "scopeguard" "0.1.2"))
+           (file-name "rust-scopeguard-0.1.2")
            (sha256
-            (base32
-             "0bs036h3vzc6pj5jj4vc909s9rppq7b808ic99qn0y6gm3karm2g"))))
-       ("rust-num_cpus"
+            (base16-string->bytevector
+             "59a076157c1e2dc561d8de585151ee6965d910dd4dcb5dabb7ae3e83981a6c57"))))
+       ("rust-semver"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "num_cpus" "1.1.0"))
+           (uri (crate-uri "semver" "0.8.0"))
+           (file-name "rust-semver-0.8.0")
            (sha256
-            (base32
-             "1bfwcn3yhwa31rinjw9yr7b6gvn6c06hnwnjz06pvm938w4fd448"))))
-       ("rust-libgit2-sys"
+            (base16-string->bytevector
+             "bee2bc909ab2d8d60dab26e8cad85b25d795b14603a0dcb627b78b9d30b6454b"))))
+       ("rust-semver-parser"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "libgit2-sys" "0.6.6"))
+           (uri (crate-uri "semver-parser" "0.7.0"))
+           (file-name "rust-semver-parser-0.7.0")
            (sha256
-            (base32
-             "074h9q4p60xh6canb0sj4vrc801wqv6p53l9lp0q724bkwzf7967"))))
-       ("rust-env_logger"
+            (base16-string->bytevector
+             "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3"))))
+       ("rust-serde"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "env_logger" "0.3.5"))
+           (uri (crate-uri "serde" "1.0.15"))
+           (file-name "rust-serde-1.0.15")
            (sha256
-            (base32
-             "0bvcjgkw4s3k1rd7glpflgc8s9a393zjd6jfdgvs8gjvwj0dgaqm"))))
-       ("rust-openssl-probe"
+            (base16-string->bytevector
+             "6a7046c9d4c6c522d10b2d098f9bebe2bef227e0e74044d8c1bfcf6b476af799"))))
+       ("rust-serde_derive"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "openssl-probe" "0.1.0"))
+           (uri (crate-uri "serde_derive" "1.0.15"))
+           (file-name "rust-serde_derive-1.0.15")
            (sha256
-            (base32
-             "0689h6rhzy6dypqr90lsxnf108nsnh952wsx7ggs70s48b44jvbm"))))
-       ("rust-lazy_static"
+            (base16-string->bytevector
+             "1afcaae083fd1c46952a315062326bc9957f182358eb7da03b57ef1c688f7aa9"))))
+       ("rust-serde_derive_internals"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "lazy_static" "0.2.2"))
+           (uri (crate-uri "serde_derive_internals" "0.16.0"))
+           (file-name "rust-serde_derive_internals-0.16.0")
            (sha256
-            (base32
-             "16z1h7w702sxnscak38jykxlhxq0b5ip4mndlb46pkaqwzi0xgka"))))
-       ("rust-semver-parser"
+            (base16-string->bytevector
+             "bd381f6d01a6616cdba8530492d453b7761b456ba974e98768a18cad2cd76f58"))))
+       ("rust-serde_ignored"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "semver-parser" "0.6.1"))
+           (uri (crate-uri "serde_ignored" "0.0.4"))
+           (file-name "rust-serde_ignored-0.0.4")
            (sha256
-            (base32
-             "1s8s7a7yg8xhgci17y0xhyyncg229byivhpr0wbs3ljdlyjl73p8"))))
-       ("rust-semver"
+            (base16-string->bytevector
+             "190e9765dcedb56be63b6e0993a006c7e3b071a016a304736e4a315dc01fb142"))))
+       ("rust-serde_json"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "semver" "0.5.1"))
+           (uri (crate-uri "serde_json" "1.0.3"))
+           (file-name "rust-serde_json-1.0.3")
            (sha256
-            (base32
-             "1xbiv8l72rmngb3lgbmk3vd4lalcbzxcnrn085c2b75irl7gcbxf"))))
-       ("rust-docopt"
+            (base16-string->bytevector
+             "d243424e06f9f9c39e3cd36147470fd340db785825e367625f79298a6ac6b7ac"))))
+       ("rust-shell-escape"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "docopt" "0.6.86"))
+           (uri (crate-uri "shell-escape" "0.1.3"))
+           (file-name "rust-shell-escape-0.1.3")
            (sha256
-            (base32
-             "1nf4f4zf5yk0d0l4kl7hkii4na22fhn0l2hgfb46yzv08l2g6zja"))))
-       ("rust-miniz-sys"
+            (base16-string->bytevector
+             "dd5cc96481d54583947bfe88bf30c23d53f883c6cd0145368b69989d97b84ef8"))))
+       ("rust-socket2"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "miniz-sys" "0.1.7"))
+           (uri (crate-uri "socket2" "0.2.3"))
+           (file-name "rust-socket2-0.2.3")
            (sha256
-            (base32
-             "0m7dlggsxash0k5jkx576p556g9r8vnhyl9244gjxhq1g8rls7wx"))))
-       ("rust-curl"
+            (base16-string->bytevector
+             "9e76b159741052c7deaa9fd0b5ca6b5f79cecf525ed665abfe5002086c6b2791"))))
+       ("rust-strsim"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "curl" "0.4.1"))
+           (uri (crate-uri "strsim" "0.6.0"))
+           (file-name "rust-strsim-0.6.0")
            (sha256
-            (base32
-             "1b0y27b6vpqffgzm2kxc1s2i6bgdzxk3wn65g2asbcdxrvys3mcg"))))
-       ("rust-flate2"
+            (base16-string->bytevector
+             "b4d15c810519a91cf877e7e36e63fe068815c678181439f2f29e2562147c3694"))))
+       ("rust-syn"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "flate2" "0.2.14"))
+           (uri (crate-uri "syn" "0.11.11"))
+           (file-name "rust-syn-0.11.11")
            (sha256
-            (base32
-             "1fx3zsls5bb1zfx87s5sxkgk853z4nhjsbvq5s6if13kjlg4isry"))))
-       ("rust-git2"
+            (base16-string->bytevector
+             "d3b891b9015c88c576343b9b3e41c2c11a51c219ef067b264bd9c8aa9b441dad"))))
+       ("rust-synom"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "git2" "0.6.3"))
+           (uri (crate-uri "synom" "0.11.3"))
+           (file-name "rust-synom-0.11.3")
            (sha256
-            (base32
-             "06b1bw3pwszs8617xn8js6h0j983qjgfwsychw33lshccj3cld05"))))
-       ("rust-crates-io"
+            (base16-string->bytevector
+             "a393066ed9010ebaed60b9eafa373d4b1baac186dd7e008555b0f702b51945b6"))))
+       ("rust-tar"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "crates-io" "0.4.0"))
+           (uri (crate-uri "tar" "0.4.13"))
+           (file-name "rust-tar-0.4.13")
            (sha256
-            (base32
-             "0kk6abp1qbpv44hkq1yjp7xgpzjzafs83i1l26ycr0aph1gbwig9"))))
-       ("rust-git2-curl"
+            (base16-string->bytevector
+             "281285b717926caa919ad905ef89c63d75805c7d89437fb873100925a53f2b1b"))))
+       ("rust-tempdir"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "git2-curl" "0.7.0"))
+           (uri (crate-uri "tempdir" "0.3.5"))
+           (file-name "rust-tempdir-0.3.5")
            (sha256
-            (base32
-             "13mzqp4rd81zp78261rlq23iw9aaysdr56484y1yy2xzhk3nnrv8"))))
-       ("rust-bufstream"
+            (base16-string->bytevector
+             "87974a6f5c1dfb344d733055601650059a3363de2a6104819293baff662132d6"))))
+       ("rust-termcolor"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "bufstream" "0.1.2"))
+           (uri (crate-uri "termcolor" "0.3.3"))
+           (file-name "rust-termcolor-0.3.3")
            (sha256
-            (base32
-             "0x6h27md1fwabbhbycfldj0wklrpjr520z9p0cpzm60fzzidnj3v"))))
-       ("rust-hamcrest"
+            (base16-string->bytevector
+             "9065bced9c3e43453aa3d56f1e98590b8455b341d2fa191a1090c0dd0b242c75"))))
+       ("rust-termion"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "hamcrest" "0.1.1"))
+           (uri (crate-uri "termion" "1.5.1"))
+           (file-name "rust-termion-1.5.1")
            (sha256
-            (base32
-             "1m49rf7bnkx0qxja56slrjh44zi4z5bjz5x4pblqjw265828y25z"))))
-       ("rust-num"
+            (base16-string->bytevector
+             "689a3bdfaab439fd92bc87df5c4c78417d3cbe537487274e9b0b2dce76e92096"))))
+       ("rust-thread-id"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "num" "0.1.36"))
+           (uri (crate-uri "thread-id" "2.0.0"))
+           (file-name "rust-thread-id-2.0.0")
            (sha256
-            (base32
-             "081i1r3mdz6jasqd7qwraqqfqa3sdpvdvxl1xq0s7ip714xw1rxx"))))
-       ("rust-num-traits"
+            (base16-string->bytevector
+             "a9539db560102d1cef46b8b78ce737ff0bb64e7e18d35b2a5688f7d097d0ff03"))))
+       ("rust-thread_local"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "num-traits" "0.1.36"))
+           (uri (crate-uri "thread_local" "0.2.7"))
+           (file-name "rust-thread_local-0.2.7")
            (sha256
-            (base32
-             "07688sp4z40p14lh5ywvrpm4zq8kcxzhjks8sg33jsr5da2l4sm1"))))
-       ("rust-num-integer"
+            (base16-string->bytevector
+             "8576dbbfcaef9641452d5cf0df9b0e7eeab7694956dd33bb61515fb8f18cfdd5"))))
+       ("rust-thread_local-0.3.4"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "num-integer" "0.1.32"))
+           (uri (crate-uri "thread_local" "0.3.4"))
+           (file-name "rust-thread_local-0.3.4")
            (sha256
-            (base32
-             "14pvaaawl0pgdcgh4dfdd67lz58yxlfl95bry86h28pjnfzxj97v"))))
-       ("rust-num-bigint"
+            (base16-string->bytevector
+             "1697c4b57aeeb7a536b647165a2825faddffb1d3bad386d507709bd51a90bb14"))))
+       ("rust-toml"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "num-bigint" "0.1.35"))
+           (uri (crate-uri "toml" "0.4.5"))
+           (file-name "rust-toml-0.4.5")
            (sha256
-            (base32
-             "0jayfkdm33p4zvcahlv46zdfhlzg053mpw32abf2lz0z8xw47cc8"))))
-       ("rust-num-rational"
+            (base16-string->bytevector
+             "a7540f4ffc193e0d3c94121edb19b055670d369f77d5804db11ae053a45b6e7e"))))
+       ("rust-unicode-bidi"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "num-rational" "0.1.35"))
+           (uri (crate-uri "unicode-bidi" "0.3.4"))
+           (file-name "rust-unicode-bidi-0.3.4")
            (sha256
-            (base32
-             "1bwaygv64qg7i78yqg0v4d0amfhamj598rpy4yxjz9rlhcxn1zsl"))))
-       ("rust-num-iter"
+            (base16-string->bytevector
+             "49f2bd0c6468a8230e1db229cff8029217cf623c767ea5d60bfbd42729ea54d5"))))
+       ("rust-unicode-normalization"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "num-iter" "0.1.32"))
+           (uri (crate-uri "unicode-normalization" "0.1.5"))
+           (file-name "rust-unicode-normalization-0.1.5")
            (sha256
-            (base32
-             "0p74nj5c1mc33h9lx4wpmlmggmn5lnkhxv1225g0aix8d6ciqyi8"))))
-       ("rust-num-complex"
+            (base16-string->bytevector
+             "51ccda9ef9efa3f7ef5d91e8f9b83bbe6955f9bf86aec89d5cce2c874625920f"))))
+       ("rust-unicode-xid"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "num-complex" "0.1.35"))
+           (uri (crate-uri "unicode-xid" "0.0.4"))
+           (file-name "rust-unicode-xid-0.0.4")
            (sha256
-            (base32
-             "0bzrjfppnnzf9vmkpklhp2dw9sb1lqzydb8r6k83z76i9l2qxizh"))))
-       ("rust-shell-escape"
+            (base16-string->bytevector
+             "8c1f860d7d29cf02cb2f3f359fd35991af3d30bac52c57d265a3c461074cb4dc"))))
+       ("rust-unreachable"
         ,(origin
            (method url-fetch)
-           (uri (crate-uri "shell-escape" "0.1.3"))
+           (uri (crate-uri "unreachable" "1.0.0"))
+           (file-name "rust-unreachable-1.0.0")
+           (sha256
+            (base16-string->bytevector
+             "382810877fe448991dfc7f0dd6e3ae5d58088fd0ea5e35189655f84e6814fa56"))))
+       ("rust-url"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "url" "1.5.1"))
+           (file-name "rust-url-1.5.1")
+           (sha256
+            (base16-string->bytevector
+             "eeb819346883532a271eb626deb43c4a1bb4c4dd47c519bd78137c3e72a4fe27"))))
+       ("rust-userenv-sys"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "userenv-sys" "0.2.0"))
+           (file-name "rust-userenv-sys-0.2.0")
            (sha256
-            (base32
-             "1y2fp2brv639icv4a0fdqs1zhlrxq8qbz27ygfa86ifmh5jcjp6x"))))))
+            (base16-string->bytevector
+             "71d28ea36bbd9192d75bd9fa9b39f96ddb986eaee824adae5d53b6e51919b2f3"))))
+       ("rust-utf8-ranges"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "utf8-ranges" "0.1.3"))
+           (file-name "rust-utf8-ranges-0.1.3")
+           (sha256
+            (base16-string->bytevector
+             "a1ca13c08c41c9c3e04224ed9ff80461d97e121589ff27c753a16cb10830ae0f"))))
+       ("rust-utf8-ranges-1.0.0"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "utf8-ranges" "1.0.0"))
+           (file-name "rust-utf8-ranges-1.0.0")
+           (sha256
+            (base16-string->bytevector
+             "662fab6525a98beff2921d7f61a39e7d59e0b425ebc7d0d9e66d316e55124122"))))
+       ("rust-vcpkg"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "vcpkg" "0.2.2"))
+           (file-name "rust-vcpkg-0.2.2")
+           (sha256
+            (base16-string->bytevector
+             "9e0a7d8bed3178a8fb112199d466eeca9ed09a14ba8ad67718179b4fd5487d0b"))))
+       ("rust-void"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "void" "1.0.2"))
+           (file-name "rust-void-1.0.2")
+           (sha256
+            (base16-string->bytevector
+             "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d"))))
+       ("rust-walkdir"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "walkdir" "1.0.7"))
+           (file-name "rust-walkdir-1.0.7")
+           (sha256
+            (base16-string->bytevector
+             "bb08f9e670fab86099470b97cd2b252d6527f0b3cc1401acdb595ffc9dd288ff"))))
+       ("rust-winapi"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "winapi" "0.2.8"))
+           (file-name "rust-winapi-0.2.8")
+           (sha256
+            (base16-string->bytevector
+             "167dc9d6949a9b857f3451275e911c3f44255842c1f7a76f33c55103a909087a"))))
+       ("rust-winapi-build"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "winapi-build" "0.1.1"))
+           (file-name "rust-winapi-build-0.1.1")
+           (sha256
+            (base16-string->bytevector
+             "2d315eee3b34aca4797b2da6b13ed88266e6d612562a0c46390af8299fc699bc"))))
+       ("rust-wincolor"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "wincolor" "0.1.4"))
+           (file-name "rust-wincolor-0.1.4")
+           (sha256
+            (base16-string->bytevector
+             "a39ee4464208f6430992ff20154216ab2357772ac871d994c51628d60e58b8b0"))))
+       ("rust-ws2_32-sys"
+        ,(origin
+           (method url-fetch)
+           (uri (crate-uri "ws2_32-sys" "0.2.1"))
+           (file-name "rust-ws2_32-sys-0.2.1")
+           (sha256
+            (base16-string->bytevector
+             "d59cefebd0c892fa2dd6de581e937301d8552cb44489cdff035c6187cb63fa5e"))))))
     (arguments
      `(#:cargo ,cargo-bootstrap
-       #:tests? #f ; FIXME
+       #:rustc ,rustc ; Force to use rustc from current file
        #:modules
        ((ice-9 match)
         (srfi srfi-1) ; 'every
@@ -853,12 +1393,8 @@ safety and thread safety guarantees.")
         (guix build cargo-build-system))
        #:phases
        (modify-phases %standard-phases
-         ;; Avoid cargo complaining about missmatched checksums.
-         (delete 'patch-source-shebangs)
-         (delete 'patch-generated-file-shebangs)
-         (delete 'patch-usr-bin-file)
-         (add-after 'unpack 'unpack-submodule-sources
-           (lambda* (#:key inputs #:allow-other-keys)
+         (add-after 'unpack 'unpack-dependencies
+           (lambda* (#:key inputs outputs #:allow-other-keys)
              (define (unpack source target)
                (mkdir-p target)
                (with-directory-excursion target
@@ -871,37 +1407,58 @@ safety and thread safety guarantees.")
                (match entry
                  ((name . src)
                   (if (string-prefix? "rust-" name)
-                    (let* ((rust-length (string-length "rust-"))
-                           (rust-name (string-drop name
-                                                   rust-length))
-                           (rsrc (string-append "vendor/"
-                                                rust-name))
-                           (unpack-status (unpack src rsrc)))
-                      (touch (string-append rsrc "/.cargo-ok"))
-                      (generate-checksums rsrc src)
-                      unpack-status)))
+                      (let* ((rust-length (string-length "rust-"))
+                             (rust-name (string-drop name rust-length))
+                             (rsrc (string-append "vendor/" rust-name))
+                             (unpack-status (unpack src rsrc)))
+                        (touch (string-append rsrc "/.cargo-ok"))
+                        (generate-checksums rsrc src)
+                        unpack-status)))
                  (_ #t)))
-               (mkdir "vendor")
-               (every install-rust-library inputs)))
-         (add-after 'unpack 'set-environment-up
+             (mkdir "vendor")
+             (every install-rust-library inputs)))
+         (add-after 'patch-generated-file-shebangs 'patch-cargo-checksums
            (lambda* (#:key inputs #:allow-other-keys)
-             (let* ((gcc (assoc-ref inputs "gcc"))
-                    (cc (string-append gcc "/bin/gcc")))
-               (mkdir ".cargo")
-               (call-with-output-file ".cargo/config"
-                 (lambda (p)
-                   (format p "
+             (substitute* "Cargo.lock"
+               (("(\"checksum .* = )\".*\"" all name)
+                (string-append name "\"" ,%cargo-reference-hash "\"")))
+             (for-each
+              (lambda (filename)
+                (use-modules (guix build cargo-build-system))
+                (delete-file filename)
+                (let* ((dir (dirname filename)))
+                  (display (string-append
+                            "patch-cargo-checksums: generate-checksums for "
+                            dir "\n"))
+                  (generate-checksums dir ,%cargo-reference-project-file)))
+              (find-files "vendor" ".cargo-checksum.json"))
+             #t))
+         (replace 'configure
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (substitute* "tests/build.rs"
+               (("/usr/bin/env") (which "env"))
+               ;; Guix llvm compiled without asmjs-unknown-emscripten at all
+               (("fn wasm32_final_outputs") "#[ignore]\nfn wasm32_final_outputs"))
+             (substitute* "tests/death.rs"
+               ;; Stuck when built in container
+               (("fn ctrl_c_kills_everyone") "#[ignore]\nfn ctrl_c_kills_everyone"))
+             (mkdir ".cargo")
+             (call-with-output-file ".cargo/config"
+               (lambda (port)
+                 (display "
 [source.crates-io]
 registry = 'https://github.com/rust-lang/crates.io-index'
 replace-with = 'vendored-sources'
 
 [source.vendored-sources]
 directory = 'vendor'
-")))
-               (setenv "CMAKE_C_COMPILER" cc)
-               (setenv "CC" cc))
-             #t))
-         (delete 'configure))))
+" port)))
+             ;; Disable test for cross compilation support
+             (setenv "CFG_DISABLE_CROSS_TESTS" "1")
+             (setenv "SHELL" (which "sh"))
+             (setenv "CONFIG_SHELL" (which "sh"))
+             (setenv "CC" (string-append (assoc-ref inputs "gcc") "/bin/gcc"))
+             #t)))))
     (home-page "https://github.com/rust-lang/cargo")
     (synopsis "Build tool and package manager for Rust")
     (description "Cargo is a tool that allows Rust projects to declare their
diff --git a/gnu/packages/search.scm b/gnu/packages/search.scm
index 62da3be0fd..1986b07217 100644
--- a/gnu/packages/search.scm
+++ b/gnu/packages/search.scm
@@ -38,13 +38,14 @@
 (define-public xapian
   (package
     (name "xapian")
-    (version "1.4.4")
+    (version "1.4.5")
+    ;; Note: When updating Xapian, remember to update xapian-bindings below.
     (source (origin
               (method url-fetch)
               (uri (string-append "https://oligarchy.co.uk/xapian/" version
                                   "/xapian-core-" version ".tar.xz"))
               (sha256
-               (base32 "1n9j2w2as0flih3hgim7gprfxsx6gimijs91rxsjsi8shjlqbad6"))))
+               (base32 "0axhqrj202hbll9mcx1qdm8gsqj19216w3z02gyjbycxvr9gkdc5"))))
     (build-system gnu-build-system)
     (inputs `(("zlib" ,zlib)
               ("util-linux" ,util-linux)))
@@ -82,7 +83,7 @@ rich set of boolean query operators.")
                                   "/xapian-bindings-" version ".tar.xz"))
               (sha256
                (base32
-                "0fca9nsf7pj3fq991xcm5iainz3s8yqik4ycvavm09y486n3wciv"))))
+                "0cwx39764w24xd25w271had4w78lnw1dgz36yvlw1g3i19rqcy34"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags '("--with-python3")
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index fa910a92aa..7c6b957411 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -145,18 +145,19 @@ the low-level development kit for the Yubico YubiKey authentication device.")
 (define-public pcsc-lite
   (package
     (name "pcsc-lite")
-    (version "1.8.22")
+    (version "1.8.23")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                    "https://alioth.debian.org/frs/download.php/file/4225/"
+                    "https://alioth.debian.org/frs/download.php/file/4235/"
                     "pcsc-lite-" version ".tar.bz2"))
               (sha256
                (base32
-                "01flkdyqs7kr6c63dv2qg8dwir3v9jlr9rzlw7vafrivxmhqydba"))))
+                "1jc9ws5ra6v3plwraqixin0w0wfxj64drahrbkyrrwzghqjjc9ss"))))
     (build-system gnu-build-system)
     (arguments
-     `(#:configure-flags '("--enable-usbdropdir=/var/lib/pcsc/drivers")))
+     `(#:configure-flags '("--enable-usbdropdir=/var/lib/pcsc/drivers"
+                           "--disable-libsystemd")))
     (native-inputs
      `(("perl" ,perl)                   ; for pod2man
        ("pkg-config" ,pkg-config)))
@@ -169,7 +170,6 @@ the low-level development kit for the Yubico YubiKey authentication device.")
 readers using the SCard API.  pcsc-lite is used to connect to the PC/SC daemon
 from a client application and provide access to the desired reader.")
     (license (list license:bsd-3                ; pcsc-lite
-                   license:expat                ; src/sd-daemon.[ch]
                    license:isc                  ; src/strlcat.c src/strlcpy.c
                    license:gpl3+))))            ; src/spy/*
 
diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm
index 1f076999cb..343f50d6d7 100644
--- a/gnu/packages/shells.scm
+++ b/gnu/packages/shells.scm
@@ -511,11 +511,11 @@ Its features include:
       (license bsd-2))))
 
 (define-public s-shell
-  (let ((commit "6604341edb3a775ff94415762af3ee9bd86bfb3c")
-        (revision "1"))
+  (let ((commit "da2e5c20c0c5f477ec3426dc2584889a789b1659")
+        (revision "2"))
     (package
       (name "s-shell")
-      (version (string-append "0.0.0-" revision "." (string-take commit 7)))
+      (version (git-version "0.0.0" revision commit))
       (source
        (origin
          (method git-fetch)
@@ -525,13 +525,15 @@ Its features include:
          (file-name (string-append name "-" version "-checkout"))
          (sha256
           (base32
-           "1075cml6dl15d770j3m12yz90cjacsdslbv3gank1nxd76vmpdcr"))))
+           "0qiny71ww5nhzy4mnc8652hn0mlxyb67h333gbdxp4j4qxsi13q4"))))
       (build-system gnu-build-system)
       (inputs
        `(("linenoise" ,linenoise)))
       (arguments
        `(#:tests? #f
-         #:make-flags (list "CC=gcc")
+         #:make-flags (list "CC=gcc"
+                            (string-append "PREFIX="
+                                           (assoc-ref %outputs "out")))
          #:phases
          (modify-phases %standard-phases
            (add-after 'unpack 'install-directory-fix
diff --git a/gnu/packages/skarnet.scm b/gnu/packages/skarnet.scm
index 5a46b0db64..ce6fdc709d 100644
--- a/gnu/packages/skarnet.scm
+++ b/gnu/packages/skarnet.scm
@@ -47,8 +47,8 @@
                       ;; Sort source files deterministically so that the *.a
                       ;; and *.so files are reproducible.
                       (substitute* "Makefile"
-                        (("\\$\\(ALL_SRCS:%.c=%.o\\)")
-                         "$(sort $(ALL_SRCS:%.c=%.o))"))
+                        (("\\$\\(wildcard src/lib\\*/\\*.c\\)")
+                         "$(sort $(wildcard src/lib*/*.c))"))
                       #t)))))
     (home-page "http://skarnet.org/software/skalibs/")
     (synopsis "Platform abstraction libraries for skarnet.org software")
diff --git a/gnu/packages/sml.scm b/gnu/packages/sml.scm
index 6e57c4a4a0..b9bd7a7e82 100644
--- a/gnu/packages/sml.scm
+++ b/gnu/packages/sml.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Andy Patterson <ajpatter@uwaterloo.ca>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -29,14 +30,14 @@
 (define-public polyml
   (package
     (name "polyml")
-    (version "5.7")
+    (version "5.7.1")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://github.com/polyml/polyml/archive/v"
                            version ".tar.gz"))
        (sha256
-        (base32 "0ycjl746h0m22w9nsdssjl47d56jih12gpkdg3yw65gakj70sd0r"))
+        (base32 "0a3hcv80p9j0fny6726kvgmzjzdmak9xw7f7rv8sxv96nhjdi3fi"))
        (file-name (string-append name "-" version ".tar.gz"))))
     (build-system gnu-build-system)
     (inputs
diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm
index bfa7e05f9d..d4d9c0e786 100644
--- a/gnu/packages/statistics.scm
+++ b/gnu/packages/statistics.scm
@@ -8,6 +8,7 @@
 ;;; Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
 ;;; Copyright © 2016, 2017 Raoul Bonnal <ilpuccio.febo@gmail.com>
 ;;; Copyright © 2017 Kyle Meyer <kyle@kyleam.com>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -114,7 +115,7 @@ be output in text, PostScript, PDF or HTML.")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cran/src/base/R-"
-                                  (version-prefix version 1) "/R-"
+                                  (version-major version) "/R-"
                                   version ".tar.gz"))
               (sha256
                (base32
@@ -2942,14 +2943,14 @@ data.")
 (define-public r-foreach
   (package
     (name "r-foreach")
-    (version "1.4.3")
+    (version "1.4.4")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "foreach" version))
        (sha256
         (base32
-         "10aqsd3rxz03s1qdb6gsb1cj89mj4vmh491zfpin4skj1xvkzw0y"))))
+         "0j2yj0rn0d5nbzz9nq5rqqgnxhp9pbd92q4klsarl2xpsn8119y0"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-codetools" ,r-codetools)
@@ -2993,14 +2994,14 @@ using the parallel package.")
 (define-public r-domc
   (package
     (name "r-domc")
-    (version "1.3.4")
+    (version "1.3.5")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "doMC" version))
        (sha256
         (base32
-         "0y47jl6g4f83r14pj8bafdzq1phj7bxy5dwyz3k43d2rr8phk8bn"))))
+         "1vfrykvfvsyq12mypd266867ml1dcwc3rj5k9c3wrn5bddcm88kr"))))
     (properties `((upstream-name . "doMC")))
     (build-system r-build-system)
     (propagated-inputs
@@ -5121,14 +5122,14 @@ to Applied regression, Second Edition, Sage, 2011.")
 (define-public r-caret
   (package
     (name "r-caret")
-    (version "6.0-77")
+    (version "6.0-78")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "caret" version))
        (sha256
         (base32
-         "05c504567s2nppzfgi36mhszbym2pr80nf50dgxcxfx030721v5y"))))
+         "0h1nxzii2h80aslp1zsjczrlfmaks44sskabk4yq9c5rafc7ka6y"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-foreach" ,r-foreach)
diff --git a/gnu/packages/tcl.scm b/gnu/packages/tcl.scm
index 8e94c67e47..5310655ce2 100644
--- a/gnu/packages/tcl.scm
+++ b/gnu/packages/tcl.scm
@@ -86,7 +86,7 @@
 (define-public expect
   (package
     (name "expect")
-    (version "5.45")
+    (version "5.45.3")
     (source
      (origin
       (method url-fetch)
@@ -94,7 +94,7 @@
                           version "/expect" version ".tar.gz"))
       (sha256
        (base32
-        "0h60bifxj876afz4im35rmnbnxjx4lbdqp2ja3k30fwa8a8cm3dj"))))
+        "1s9ba7m0bmg6brn4x030y2xg7hqara1fr4hlrrllm54mf5xp2865"))))
     (build-system gnu-build-system)
     (inputs
      `(;; TODO: Add these optional dependencies.
diff --git a/gnu/packages/terminals.scm b/gnu/packages/terminals.scm
index 215511864a..68507cf645 100644
--- a/gnu/packages/terminals.scm
+++ b/gnu/packages/terminals.scm
@@ -97,7 +97,7 @@ configurable through a graphical wizard.")
 (define-public termite
   (package
     (name "termite")
-    (version "12")
+    (version "13")
     (source
       (origin
         (method git-fetch)
@@ -109,7 +109,7 @@ configurable through a graphical wizard.")
         (file-name (string-append name "-" version "-checkout"))
         (sha256
          (base32
-          "0s6dyg3vcqk5qcx90bs24wdnd3p56rdjdcanx4pcxvp6ksjl61jz"))))
+          "02cn70ygl93ghhkhs3xdxn5b1yadc255v3yp8cmhhyzsv5027hvj"))))
     (build-system gnu-build-system)
     (arguments
       `(#:phases
diff --git a/gnu/packages/tex.scm b/gnu/packages/tex.scm
index adafdfd08b..4e8efc8faf 100644
--- a/gnu/packages/tex.scm
+++ b/gnu/packages/tex.scm
@@ -9,6 +9,7 @@
 ;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -161,10 +162,12 @@
          "--with-system-zlib"
          "--with-system-zziplib")
 
-      ;; Disable tests on mips64 to cope with a failure of luajiterr.test.
-      ;; XXX FIXME fix luajit properly on mips64.
-      #:tests? ,(not (string-prefix? "mips64" (or (%current-target-system)
-                                                  (%current-system))))
+      ;; Disable tests on mips64/aarch64 to cope with a failure of luajiterr.test.
+      ;; XXX FIXME fix luajit properly on mips64 and aarch64.
+      #:tests? ,(let ((s (or (%current-target-system)
+                             (%current-system))))
+                  (not (or (string-prefix? "aarch64" s)
+                           (string-prefix? "mips64" s))))
       #:phases
        (modify-phases %standard-phases
          (add-after 'install 'postint
@@ -3917,7 +3920,7 @@ This package contains the complete TeX Live distribution.")
 (define-public perl-text-bibtex
   (package
     (name "perl-text-bibtex")
-    (version "0.77")
+    (version "0.85")
     (source
      (origin
        (method url-fetch)
@@ -3925,7 +3928,7 @@ This package contains the complete TeX Live distribution.")
                            version ".tar.gz"))
        (sha256
         (base32
-         "0kkfx8skk763pivz6h2ffy2zdp1lvy6d5sz0kjaj0mdbjffvnnb4"))))
+         "036kxgbn1jf70pfm2lmjlzjwnhbkd888fp5lyvmkjpdd15gla18h"))))
     (build-system perl-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/text-editors.scm b/gnu/packages/text-editors.scm
index 7843c120aa..44b42ce9b6 100644
--- a/gnu/packages/text-editors.scm
+++ b/gnu/packages/text-editors.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2017 Feng Shu <tumashu@163.com>
 ;;; Copyright © 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2014 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.org>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -40,6 +41,7 @@
   #:use-module (gnu packages lua)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages regex)
   #:use-module (gnu packages ruby)
   #:use-module (gnu packages terminals)
   #:use-module (gnu packages xml))
@@ -47,17 +49,19 @@
 (define-public vis
   (package
     (name "vis")
-    (version "0.3")
+    (version "0.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/martanne/"
                                   name "/archive/v" version ".tar.gz"))
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
-               (base32 "0xvhkj4j8pcmpnsx7f93d6n2f068xnl7wacfs97vr0agxwrfvn5y"))))
+               (base32
+                "1iclfsc9vn40fqfiz56vrw6dmr4x8q9gvav0b53kkpc6zcfa86zi"))))
     (build-system gnu-build-system)
     (arguments
-     `(#:tests? #f ; No tests.
+     `(#:test-target "test"
+       #:tests? #f                  ; no releases; snapshots are missing tests
        #:phases
        (modify-phases %standard-phases
          (add-after 'install 'wrap-binary
@@ -80,7 +84,8 @@
     (inputs `(("lua", lua)
               ("ncurses", ncurses)
               ("libtermkey", libtermkey)
-              ("lua-lpeg", lua-lpeg)))
+              ("lua-lpeg", lua-lpeg)
+              ("tre" ,tre)))
     (synopsis "Vim-like text editor")
     (description
      "Vis aims to be a modern, legacy free, simple yet efficient vim-like text
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index d0948ab555..8eff723543 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -247,6 +247,7 @@ required structures.")
   (package
    (name "openssl")
    (version "1.0.2m")
+   (replacement openssl-1.0.2n)
    (source (origin
              (method url-fetch)
              (uri (list (string-append "https://www.openssl.org/source/openssl-"
@@ -390,6 +391,25 @@ required structures.")
    (license license:openssl)
    (home-page "http://www.openssl.org/")))
 
+;; Fixes CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, and CVE-2017-3738.
+;; See <https://www.openssl.org/news/cl102.txt>.
+(define-public openssl-1.0.2n
+  (package
+    (inherit openssl)
+    (version "1.0.2n")
+    (source (origin
+              (inherit (package-source openssl))
+              (uri (list (string-append "https://www.openssl.org/source/openssl-"
+                                        version ".tar.gz")
+                         (string-append "ftp://ftp.openssl.org/source/openssl-"
+                                        version ".tar.gz")
+                         (string-append "ftp://ftp.openssl.org/source/old/"
+                                        (string-trim-right version char-set:letter)
+                                        "/openssl-" version ".tar.gz")))
+              (sha256
+               (base32
+                "1zm82pyq5a9jm10q6iv7d3dih3xwjds4x30fqph3k317byvsn2rp"))))))
+
 (define-public openssl-next
   (package
     (inherit openssl)
@@ -681,7 +701,7 @@ OpenSSL libraries).")
 (define-public perl-crypt-openssl-bignum
  (package
   (name "perl-crypt-openssl-bignum")
-  (version "0.08")
+  (version "0.09")
   (source
     (origin
       (method url-fetch)
@@ -691,7 +711,7 @@ OpenSSL libraries).")
              ".tar.gz"))
       (sha256
         (base32
-          "0gamn4dff1bz77nswacy1dlpn9fkwahzw7yvvik4nbwwy2s63hc8"))))
+          "1p22znbajq91lbk2k3yg12ig7hy5b4vy8igxwqkmbm4nhgxp4ki3"))))
   (build-system perl-build-system)
   (inputs `(("openssl" ,openssl)))
   (arguments perl-crypt-arguments)
diff --git a/gnu/packages/upnp.scm b/gnu/packages/upnp.scm
index 8fa62c9896..f2669f11a8 100644
--- a/gnu/packages/upnp.scm
+++ b/gnu/packages/upnp.scm
@@ -28,14 +28,14 @@
 (define-public miniupnpc
   (package
     (name "miniupnpc")
-    (version "2.0.20171102")
+    (version "2.0.20171212")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://miniupnp.tuxfamily.org/files/"
                            name "-" version ".tar.gz"))
        (sha256
-        (base32 "1m1552kkdxkyyb5gyykp0j8falxwf1424cm55y50q9l10l11g18l"))))
+        (base32 "0za7pr6hrr3ajkifirhhxfn3hlhl06f622g8hnj5h8y18sp3bwff"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("python" ,python-2)))
@@ -59,7 +59,8 @@
            (lambda* (#:key outputs #:allow-other-keys)
              (substitute* "external-ip.sh"
                (("upnpc")
-                (string-append (assoc-ref outputs "out") "/bin/upnpc"))))))))
+                (string-append (assoc-ref outputs "out") "/bin/upnpc")))
+             #t)))))
     (home-page "http://miniupnp.free.fr/")
     (synopsis "UPnP protocol client library")
     (description
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index a41ddf8da3..cbf5ce7d87 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -17,6 +17,7 @@
 ;;; Copyright © 2017 André <eu@euandre.org>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Stefan Reichör <stefan@xsteve.at>
+;;; Copyright © 2017 Oleg Pykhalov <go.wigust@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -50,6 +51,7 @@
   #:use-module (gnu packages documentation)
   #:use-module (gnu packages base)
   #:use-module (gnu packages bison)
+  #:use-module (gnu packages boost)
   #:use-module (gnu packages cook)
   #:use-module (gnu packages curl)
   #:use-module (gnu packages docbook)
@@ -57,18 +59,22 @@
   #:use-module (gnu packages file)
   #:use-module (gnu packages flex)
   #:use-module (gnu packages gettext)
+  #:use-module (gnu packages gl)
   #:use-module (gnu packages groff)
   #:use-module (gnu packages haskell)
   #:use-module (gnu packages haskell-check)
   #:use-module (gnu packages haskell-crypto)
   #:use-module (gnu packages haskell-web)
+  #:use-module (gnu packages image)
   #:use-module (gnu packages java)
   #:use-module (gnu packages linux)
+  #:use-module (gnu packages maths)
   #:use-module (gnu packages nano)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages ssh)
   #:use-module (gnu packages web)
   #:use-module (gnu packages openstack)
+  #:use-module (gnu packages pcre)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages perl-check)
   #:use-module (gnu packages pkg-config)
@@ -80,6 +86,7 @@
   #:use-module (gnu packages xml)
   #:use-module (gnu packages emacs)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages sdl)
   #:use-module (gnu packages swig)
   #:use-module (gnu packages tcl)
   #:use-module (gnu packages time)
@@ -532,6 +539,18 @@ collaboration using typical untrusted file hosts or services.")
              (zero? (system*
                      "tar" "--strip-components=1" "-C" "git" "-xf"
                      (assoc-ref inputs "git:src")))))
+         (add-after 'unpack 'patch-absolute-file-names
+           (lambda* (#:key inputs #:allow-other-keys)
+             (define (quoted-file-name input path)
+               (string-append "\"" input path "\""))
+             (substitute* "ui-snapshot.c"
+               (("\"gzip\"")
+                (quoted-file-name (assoc-ref inputs "gzip") "/bin/gzip"))
+               (("\"bzip2\"")
+                (quoted-file-name (assoc-ref inputs "bzip2") "/bin/bzip2"))
+               (("\"xz\"")
+                (quoted-file-name (assoc-ref inputs "xz") "/bin/xz")))
+             #t))
          (delete 'configure) ; no configure script
          (add-after 'build 'build-man
            (lambda* (#:key make-flags #:allow-other-keys)
@@ -552,7 +571,10 @@ collaboration using typical untrusted file hosts or services.")
                     #t)))))))
     (native-inputs
      ;; For building manpage.
-     `(("asciidoc" ,asciidoc)))
+     `(("asciidoc" ,asciidoc)
+       ("gzip" ,gzip)
+       ("bzip2" ,bzip2)
+       ("xz" ,xz)))
     (inputs
      `(;; Cgit directly accesses some internal Git interfaces that changed in
        ;; Git 2.12.  Try removing this special input and using the source of the
@@ -1723,3 +1745,42 @@ network protocols, and core version control algorithms.")
      `(("java-javaewah" ,java-javaewah)
        ("java-jsch" ,java-jsch)
        ("java-slf4j-api" ,java-slf4j-api)))))
+
+(define-public gource
+  (package
+    (name "gource")
+    (version "0.47")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/acaudwell/Gource/archive/"
+                    "gource-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1llqwdnfa1pff8bxk27qsqff1fcg0a9kfdib0rn7p28vl21n1cgj"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags
+       (list (string-append "--with-boost-libdir="
+                            (assoc-ref %build-inputs "boost")
+                            "/lib"))))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("boost"     ,boost)
+       ("ftgl"      ,ftgl)
+       ("glew"      ,glew)
+       ("glm"       ,glm)
+       ("glu"       ,glu)
+       ("libpng"    ,libpng)
+       ("mesa"      ,mesa)
+       ("pcre"      ,pcre)
+       ("sdl-union" ,(sdl-union (list sdl2 sdl2-image)))))
+    (home-page "http://gource.io/")
+    (synopsis "3D visualisation tool for source control repositories")
+    (description "@code{gource} provides a software version control
+visualization.  The repository is displayed as a tree where the root of the
+repository is the centre, directories are branches and files are leaves.
+Contributors to the source code appear and disappear as they contribute to
+specific files and directories.")
+    (license license:gpl3+)))
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 2ad0565db3..ed090107b3 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -589,14 +589,14 @@ standards (MPEG-2, MPEG-4 ASP/H.263, MPEG-4 AVC/H.264, and VC-1/VMW3).")
 (define-public ffmpeg
   (package
     (name "ffmpeg")
-    (version "3.4")
+    (version "3.4.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://ffmpeg.org/releases/ffmpeg-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1vzvpx8ixy8m44f8qwp833hv253hpghybgzbc4n8b3div3j0dvmf"))))
+               "1h4iz7q10wj04awr2wvmp60n7b09pfwrgwbbw9sgl7klcf52fxss"))))
     (build-system gnu-build-system)
     (inputs
      `(("fontconfig" ,fontconfig)
@@ -762,19 +762,6 @@ convert and stream audio and video.  It includes the libavcodec
 audio/video codec library.")
     (license license:gpl2+)))
 
-;; XXX: Remove this when gst-libav and qtox supports 3.4.
-(define-public ffmpeg-3.3
-  (package
-    (inherit ffmpeg)
-    (version "3.3.5")
-    (source (origin
-             (method url-fetch)
-             (uri (string-append "https://ffmpeg.org/releases/ffmpeg-"
-                                 version ".tar.xz"))
-             (sha256
-              (base32
-               "00nq8ng2p16yb48acargaz1hlp9kq24vfwvkqjlslz4a7864k4x8"))))))
-
 (define-public ffmpeg-2.8
   (package
     (inherit ffmpeg)
@@ -1142,7 +1129,7 @@ access to mpv's powerful playback capabilities.")
 (define-public youtube-dl
   (package
     (name "youtube-dl")
-    (version "2017.12.02")
+    (version "2017.12.14")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://yt-dl.org/downloads/"
@@ -1150,7 +1137,7 @@ access to mpv's powerful playback capabilities.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1qf5gz00cnxzab3cwh9kxzhs08mddm0nwvb7j5z5xxzhi6wkslha"))))
+                "01hvsch7ybff0amivl86m6klz156bm3hfh66zz5q8ha2af5j44hj"))))
     (build-system python-build-system)
     (arguments
      ;; The problem here is that the directory for the man page and completion
@@ -1877,6 +1864,41 @@ present in modern GPUs.")
 implementation.")
     (license (license:x11-style "file://COPYING"))))
 
+(define-public libvdpau-va-gl
+  (package
+    (name "libvdpau-va-gl")
+    (version "0.4.2")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://github.com/i-rinat/libvdpau-va-gl/"
+                            "releases/download/v" version "/libvdpau-va-gl-"
+                            version ".tar.gz"))
+        (sha256
+         (base32
+          "1x2ag1f2fwa4yh1g5spv99w9x1m33hbxlqwyhm205ssq0ra234bx"))
+        (patches (search-patches "libvdpau-va-gl-unbundle.patch"))
+        (modules '((guix build utils)))
+        (snippet '(delete-file-recursively "3rdparty"))))
+    (build-system cmake-build-system)
+    (arguments
+     '(#:tests? #f)) ; Tests require a running X11 server, with VA-API support.
+    (native-inputs
+     `(("libvdpau" ,libvdpau)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("libva" ,libva)
+       ("mesa" ,mesa)))
+    (home-page "https://github.com/i-rinat/libvdpau-va-gl")
+    (synopsis "VDPAU driver with VA-API/OpenGL backend")
+    (description
+     "Many applications can use VDPAU to accelerate portions of the video
+decoding process and video post-processing to the GPU video hardware.  Since
+there is no VDPAU available on Intel chips, they fall back to different drawing
+techniques.  This driver uses OpenGL under the hood to accelerate drawing and
+scaling and VA-API (if available) to accelerate video decoding.")
+    (license license:expat)))
+
 (define-public recordmydesktop
   (package
     (name "recordmydesktop")
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index d9fae08b25..a1709b0b6d 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -36,6 +36,7 @@
   #:use-module (gnu packages dns)
   #:use-module (gnu packages docbook)
   #:use-module (gnu packages documentation)
+  #:use-module (gnu packages fontutils)
   #:use-module (gnu packages gl)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnome)
@@ -62,7 +63,7 @@
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system python)
   #:use-module (guix download)
-  #:use-module ((guix licenses) #:select (gpl2 gpl2+ lgpl2.1 lgpl2.1+))
+  #:use-module ((guix licenses) #:select (gpl2 gpl2+ gpl3+ lgpl2.1 lgpl2.1+))
   #:use-module (guix packages)
   #:use-module (guix utils)
   #:use-module (srfi srfi-1))
@@ -80,19 +81,16 @@
 (define-public qemu
   (package
     (name "qemu")
-    (version "2.10.1")
+    (version "2.10.2")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qemu.org/qemu-"
                                  version ".tar.xz"))
              (patches (search-patches "qemu-CVE-2017-15038.patch"
-                                      "qemu-CVE-2017-15118.patch"
-                                      "qemu-CVE-2017-15119.patch"
-                                      "qemu-CVE-2017-15268.patch"
                                       "qemu-CVE-2017-15289.patch"))
              (sha256
               (base32
-               "1ahwl7r18iw2ds0q3c51nlivqsan9hcgnc8bbf9pv366iy81mm8x"))))
+               "17w21spvaxaidi2am5lpsln8yjpyp2zi3s3gc6nsxj5arlgamzgw"))))
     (build-system gnu-build-system)
     (arguments
      '(;; Running tests in parallel can occasionally lead to failures, like:
@@ -687,3 +685,70 @@ mainly implemented in user space.")
     ;; The project is licensed under GPLv2; files in the lib/ directory are
     ;; LGPLv2.1.
     (license (list gpl2 lgpl2.1))))
+
+(define-public qmpbackup
+  (package
+    (name "qmpbackup")
+    (version "0.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/abbbi/qmpbackup/archive/"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "10k9mnb1yrg4gw1rvz4kw4dxc4aajl8gnjrpm3axqkg63qmxj3qn"))
+              (file-name (string-append name "-" version ".tar.gz"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:python ,python-2))
+    (home-page "https://github.com/abbbi/qmpbackup")
+    (synopsis "Backup and restore QEMU machines")
+    (description "qmpbackup is designed to create and restore full and
+incremental backups of running QEMU virtual machines via QMP, the QEMU
+Machine Protocol.")
+    (license gpl3+)))
+
+(define-public lookingglass
+  (package
+   (name "lookingglass")
+   (version "a5")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://github.com/gnif/LookingGlass/archive/"
+                         version ".tar.gz"))
+     (file-name (string-append name "-" version))
+     (sha256
+      (base32
+       "0lrb821914fp27xaq0spwhbblssz55phiygvdlvcrkifa138v8pf"))))
+   (build-system gnu-build-system)
+   (inputs `(("fontconfig" ,fontconfig)
+             ("glu" ,glu)
+             ("mesa" ,mesa)
+             ("openssl" ,openssl)
+             ("sdl2" ,sdl2)
+             ("sdl2-ttf" ,sdl2-ttf)
+             ("spice-protocol" ,spice-protocol)))
+   (native-inputs `(("pkg-config", pkg-config)))
+   (arguments
+    `(#:tests? #f ;; No tests are available.
+      #:phases (modify-phases %standard-phases
+                 (replace 'configure
+                   (lambda* (#:key outputs #:allow-other-keys)
+                     (chdir "client")
+                     #t))
+                 (replace 'install
+                   (lambda* (#:key outputs #:allow-other-keys)
+                     (install-file "bin/looking-glass-client"
+                                   (string-append (assoc-ref outputs "out")
+                                                  "/bin"))
+                     #t)))))
+   (home-page "https://looking-glass.hostfission.com")
+   (synopsis "KVM Frame Relay (KVMFR) implementation")
+   (description "Looking Glass allows the use of a KVM (Kernel-based Virtual
+Machine) configured for VGA PCI Pass-through without an attached physical
+monitor, keyboard or mouse.  It displays the VM's rendered contents on your main
+monitor/GPU.")
+   ;; This package requires SSE instructions.
+   (supported-systems '("i686-linux" "x86_64-linux"))
+   (license gpl2+)))
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index fff4b767ca..8eb4b885bd 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -145,6 +145,36 @@ and its related documentation.")
     (license l:asl2.0)
     (home-page "https://httpd.apache.org/")))
 
+(define-public mod-wsgi
+  (package
+    (name "mod-wsgi")
+    (version "4.5.22")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/GrahamDumpleton/mod_wsgi/archive/"
+                    version ".tar.gz"))
+              (sha256
+               (base32
+                "0n1yhmrfp8mjbsngmyjl937c6rc0069p6wdi1lknrbn1q42hzw6q"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:tests? #f ;; TODO: Can't figure out if there are tests
+       #:make-flags (list
+                     (string-append "DESTDIR="
+                                    (assoc-ref %outputs "out"))
+                     "LIBEXECDIR=/modules")))
+    (inputs
+     `(("httpd" ,httpd)
+       ("python" ,python-wrapper)))
+    (synopsis "Apache HTTPD module for Python WSGI applications")
+    (description
+     "The mod_wsgi module for the Apache HTTPD Server adds support for running
+applications that support the Python @acronym{WSGI, Web Server Gateway
+Interface} specification.")
+    (license l:asl2.0)
+    (home-page "https://modwsgi.readthedocs.io/")))
+
 (define-public nginx
   (package
     (name "nginx")
diff --git a/gnu/packages/wine.scm b/gnu/packages/wine.scm
index b4c3c194f8..b4f6573cf5 100644
--- a/gnu/packages/wine.scm
+++ b/gnu/packages/wine.scm
@@ -26,6 +26,7 @@
   #:use-module (guix utils)
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages)
+  #:use-module (gnu packages admin)
   #:use-module (gnu packages audio)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages compression)
@@ -38,6 +39,7 @@
   #:use-module (gnu packages ghostscript)
   #:use-module (gnu packages gl)
   #:use-module (gnu packages glib)
+  #:use-module (gnu packages gstreamer)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages openldap)
   #:use-module (gnu packages perl)
@@ -49,6 +51,7 @@
   #:use-module (gnu packages samba)
   #:use-module (gnu packages scanner)
   #:use-module (gnu packages tls)
+  #:use-module (gnu packages video)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages xorg))
 
@@ -73,10 +76,12 @@
      `(("alsa-lib" ,alsa-lib)
        ("dbus" ,dbus)
        ("cups" ,cups)
+       ("eudev" ,eudev)
        ("fontconfig" ,fontconfig)
        ("freetype" ,freetype)
        ("glu" ,glu)
        ("gnutls" ,gnutls)
+       ("gst-plugins-base" ,gst-plugins-base)
        ("lcms" ,lcms)
        ("libxml2" ,libxml2)
        ("libxslt" ,libxslt)
@@ -85,6 +90,7 @@
        ("libldap" ,openldap)
        ("libnetapi" ,samba)
        ("libsane" ,sane-backends)
+       ("libpcap" ,libpcap)
        ("libpng" ,libpng)
        ("libjpeg" ,libjpeg)
        ("libtiff" ,libtiff)
@@ -102,6 +108,7 @@
        ("openal" ,openal)
        ("pulseaudio" ,pulseaudio)
        ("unixodbc" ,unixodbc)
+       ("v4l-utils" ,v4l-utils)
        ("zlib" ,zlib)))
     (arguments
      `(;; Force a 32-bit build (under the assumption that this package is
@@ -151,10 +158,13 @@ integrate Windows applications into your desktop.")
     (inherit wine)
     (name "wine64")
     (arguments
-     `(#:configure-flags
+     `(#:make-flags
+       (list "SHELL=bash"
+             (string-append "libdir=" %output "/lib"))
+       #:configure-flags
        (list "--enable-win64"
-             (string-append "LDFLAGS=-Wl,-rpath=" %output "/lib64"))
-       ,@(strip-keyword-arguments '(#:configure-flags #:system)
+             (string-append "LDFLAGS=-Wl,-rpath=" %output "/lib"))
+       ,@(strip-keyword-arguments '(#:configure-flags #:make-flags #:system)
                                   (package-arguments wine))))
     (synopsis "Implementation of the Windows API (64-bit version)")
     (supported-systems '("x86_64-linux" "aarch64-linux"))))
diff --git a/gnu/packages/wm.scm b/gnu/packages/wm.scm
index 6912d6f2d9..8098560e4c 100644
--- a/gnu/packages/wm.scm
+++ b/gnu/packages/wm.scm
@@ -8,8 +8,8 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Al McElrath <hello@yrns.org>
 ;;; Copyright © 2016 Carlo Zancanaro <carlo@zancanaro.id.au>
-;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
+;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016, 2017 ng0 <ng0@n0.is>
 ;;; Copyright © 2016 doncatnip <gnopap@gmail.com>
 ;;; Copyright © 2016 Ivan Vilata i Balaguer <ivan@selidor.net>
 ;;; Copyright © 2017 Mekeor Melire <mekeor.melire@gmail.com>
@@ -44,6 +44,8 @@
   #:use-module (gnu packages haskell)
   #:use-module (gnu packages haskell-check)
   #:use-module (gnu packages haskell-web)
+  #:use-module (gnu packages autotools)
+  #:use-module (gnu packages gawk)
   #:use-module (gnu packages base)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages perl)
@@ -68,6 +70,7 @@
   #:use-module (gnu packages gperf)
   #:use-module (gnu packages imagemagick)
   #:use-module (gnu packages lua)
+  #:use-module (gnu packages linux)
   #:use-module (gnu packages suckless)
   #:use-module (guix download)
   #:use-module (guix git-download))
@@ -335,6 +338,118 @@ and locate windows on all your workspaces, using an interactive dmenu
 prompt.")
       (license (license:non-copyleft "http://www.wtfpl.net/txt/copying/")))))
 
+(define-public i3lock-color
+  (package
+    (name "i3lock-color")
+    (version "2.10.1c")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/PandorasFox/i3lock-color/"
+                           "archive/" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "119xvdm4r6irqk0mar80hx6s8ydw26y35h7712rd7nbg7pb7i053"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ;No tests included.
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'bootstrap
+           (lambda _
+             (zero? (system* "autoreconf" "-vfi")))))))
+    (inputs
+     `(("xcb-util-image" ,xcb-util-image)
+       ("xcb-util" ,xcb-util)
+       ("libxcb" ,libxcb)
+       ("linux-pam" ,linux-pam)
+       ("libxkbcommon" ,libxkbcommon)
+       ("libev" ,libev)
+       ("cairo" ,cairo)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("autoconf" ,autoconf)
+        ("automake" ,automake)))
+    (home-page "https://github.com/PandorasFox/i3lock-color")
+    (synopsis "Screen locker with color configuration support")
+    (description
+     "i3lock-color is a simpler X11 screen locker derived from i3lock.
+Features include:
+
+@enumerate
+@item forking process, the locked screen is preserved when you suspend to RAM;
+@item specify background color or image to be displayed in the lock screen;
+@item many additional color options.
+@end enumerate")
+    (license license:bsd-3)))
+
+(define-public i3lock-fancy
+  (package
+    (name "i3lock-fancy")
+    (version "0.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/meskarune/i3lock-fancy/archive/"
+                           version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "020m7mnfq5cvir7p9v3hkb7cvb4cai33wppxl2zdwscwwjnchc5y"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ;No tests included
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (icons (string-append out "/share/i3lock-fancy/icons/"))
+                    (wmctrl (string-append (assoc-ref inputs "wmctrl")
+                                           "/bin/wmctrl"))
+                    (mconvert (string-append (assoc-ref inputs "imagemagick")
+                                             "/bin/convert"))
+                    (mimport (string-append (assoc-ref inputs "imagemagick")
+                                            "/bin/import"))
+                    (awk (string-append (assoc-ref inputs "gawk")
+                                        "/bin/gawk")))
+
+               (substitute* "lock"
+                 (("$(which wmctrl)") wmctrl)
+                 (("convert") mconvert)
+                 (("shot=\\(import") (string-append "shot=\(" mimport))
+                 (("awk -F") (string-append awk " -F"))
+                 ((" awk") awk)
+                 (("\\$scriptpath/icons/") icons))
+               #t)))
+         (delete 'build)
+         (replace 'install
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin"))
+                    (icons (string-append out "/share/i3lock-fancy/icons/")))
+
+               (install-file "lock" bin)
+               (rename-file (string-append bin "/lock")
+                            (string-append bin "/i3lock-fancy"))
+               (copy-recursively "icons" icons)
+               #t))))))
+    (native-inputs
+     `(("imagemagick" ,imagemagick)
+       ("wmctrl" ,wmctrl)
+       ("gawk" ,gawk)))
+    (home-page "https://github.com/meskarune/i3lock-fancy")
+    (synopsis "Screen locker with screenshot function")
+    (description
+     "@code{i3lock-fancy} is a Bash script that takes a screenshot of
+the desktop, blurs the background and adds a lock icon and text.
+It requires @code{i3lock-color} or @code{i3lock} and can optionally
+be passed any screenshot util like @code{scrot}.
+This screen locker can be used with any window manager or
+desktop environment.")
+    (license license:expat)))
+
 (define-public xmonad
   (package
     (name "xmonad")
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 3a1cd9293c..6a4407c772 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -858,14 +858,14 @@ Escape key when Left Control is pressed and released on its own.")
 (define-public libwacom
   (package
     (name "libwacom")
-    (version "0.25")
+    (version "0.26")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/linuxwacom/libwacom/"
                                   name "-" version ".tar.bz2"))
               (sha256
                (base32
-                "1k20w2fkql3yr0dpdg51jjwzv7d4kp53ajmpyhcjxa08s0n8dl19"))))
+                "0xpvkjvzaj9blcmw8ha46616bzfivj99kwzvr91clxd6iaf11r63"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -890,7 +890,7 @@ Wacom tablet applet.")
 (define-public xf86-input-wacom
   (package
     (name "xf86-input-wacom")
-    (version "0.34.2")
+    (version "0.35.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -898,7 +898,7 @@ Wacom tablet applet.")
                     name "-" version ".tar.bz2"))
               (sha256
                (base32
-                "073bf12ka1mcqvr1sviixb51bsfx37jalrj9xw53f10i2kdvkl9a"))))
+                "0za44snc0zirq65a4lxsmg7blp1bynj6j835hm459x8yx1qhmxjm"))))
     (arguments
      `(#:configure-flags
        (list (string-append "--with-sdkdir="
diff --git a/gnu/packages/xfig.scm b/gnu/packages/xfig.scm
index e51558e0be..3bb839f6e4 100644
--- a/gnu/packages/xfig.scm
+++ b/gnu/packages/xfig.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2014 Federico Beffa <beffa@fbengineering.ch>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -23,106 +24,44 @@
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages)
+  #:use-module (gnu packages freedesktop)
   #:use-module (gnu packages xorg)
   #:use-module (gnu packages image)
-  #:use-module (gnu packages groff)
   #:use-module (gnu packages compression))
 
 (define-public xfig
   (package
     (name "xfig")
-    (version "3.2.5c")
+    (version "3.2.6a")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://sourceforge/mcj/mcj-source/xfig."
-                           version ".full.tar.gz"))
+       (uri (string-append "mirror://sourceforge/mcj/"
+                           name "-" version ".tar.xz"))
        (sha256
         (base32
-         "1yd1jclvw5w3ja4jjzr1ysbn8iklh88wq84jn9d1gavrbfbqyqpa"))))
+         "0z1636w27hvgjpq98z40k8h535b4x2xr2whkvr7bibaa89fynym8"))))
     (build-system gnu-build-system)
     (native-inputs
-     `(("imake" ,imake)
-       ("makedepend" ,makedepend)
-       ("groff" ,groff)))               ;for creating some doc
+     ;; For tests.
+     `(("desktop-file-utils" ,desktop-file-utils)))
     (inputs
      `(("libxaw3d" ,libxaw3d)
-       ;; Requires libjpeg>=9a, otherwise jmorecfg.h define an enum FALSE that
-       ;; conflicts with the FALSE macro from X11/Intrinsic.h
-       ("libjpeg"  ,libjpeg)
-       ("libpng"   ,libpng)
-       ("libxpm"   ,libxpm)
-       ("libx11"   ,libx11)
-       ("libxmu"   ,libxmu)
-       ("libxt"    ,libxt)
-       ("zlib"     ,zlib)))
+       ("libjpeg" ,libjpeg)
+       ("libpng" ,libpng)
+       ("libxpm" ,libxpm)
+       ("libx11" ,libx11)
+       ("libxt" ,libxt)))
     (arguments
-     `(#:tests? #f
-       #:phases
+     `(#:phases
        (modify-phases %standard-phases
-         (replace 'configure
-                  (lambda* (#:key inputs outputs #:allow-other-keys)
-                    (let ((imake (assoc-ref inputs "imake"))
-                          (out   (assoc-ref outputs "out")))
-                      (substitute* "Imakefile"
-                        (("XCOMM XAPPLOADDIR = /home/user/xfig *")
-                         (string-append "XAPPLOADDIR = " out ,%app-defaults-dir))
-                        (("XCOMM (BINDIR = )[[:graph:]]*" _ front)
-                         (string-append front out "/bin"))
-                        (("(PNGLIBDIR = )[[:graph:]]*" _ front)
-                         (string-append front (assoc-ref inputs "libpng") "/lib"))
-                        (("(PNGINC = -I)[[:graph:]]*" _ front)
-                         (string-append front (assoc-ref inputs "libpng") "/include"))
-                        (("(JPEGLIBDIR = )[[:graph:]]*" _ front)
-                         (string-append front (assoc-ref inputs "libjpeg") "/lib"))
-                        (("(JPEGINC = -I)[[:graph:]]*" _ front)
-                         (string-append front (assoc-ref inputs "libjpeg") "/include"))
-                        (("(ZLIBDIR = )[[:graph:]]*" _ front)
-                         (string-append front (assoc-ref inputs "zlib") "/lib"))
-                        (("(XPMLIBDIR = )[[:graph:]]*" _ front)
-                         (string-append front (assoc-ref inputs "libxpm") "/lib"))
-                        (("(XPMINC = -I)[[:graph:]]*" _ front)
-                         (string-append front (assoc-ref inputs "libxpm") "/include"))
-                        (("(XFIGLIBDIR = )[[:graph:]]*" _ front)
-                         (string-append front out "/lib"))
-                        (("(XFIGDOCDIR = )[[:graph:]]*" _ front)
-                         (string-append front out "/share/doc"))
-                        (("XCOMM USEINLINE") "USEINLINE"))
-                      ;; The -a argument is required in order to pick up the correct paths
-                      ;; to several X header files.
-                      (invoke "xmkmf" "-a")
-                      ;; Reset some variables that are inherited from imake templates
-                      (substitute* "Makefile"
-                        ;; These imake variables somehow remain undefined
-                        (("DefaultGcc2[[:graph:]]*Opt") "-O2")
-                        ;; Reset a few variable defaults that are set in imake templates
-                        ((imake) out)
-                        (("(MANPATH = )[[:graph:]]*" _ front)
-                         (string-append front out "/share/man"))
-                        (("(CONFDIR = )([[:graph:]]*)" _ front default)
-                         (string-append front out default))))
-                    #t))
-         (add-after
-          'install 'install/libs
-          (lambda _
-            (zero? (system* "make" "install.libs"))))
-         (add-after
-          'install 'install/doc
-          (lambda _
-            (begin
-              ;; The Doc/xfig_man.html file is expected by the install.html
-              ;; target, but is not present in the tarball, so generate it.
-              (use-modules (ice-9 popen))
-              (let* ((in  (open-pipe* OPEN_READ
-                                      "groff" "-mandoc" "-Thtml"
-                                      "Doc/xfig.man"))
-                     (out (open-output-file "Doc/xfig_man.html")))
-                (begin
-                  (dump-port in out)
-                  (close-pipe in)
-                  (close-port out)))
-              (zero? (system* "make" "install.doc"))))))))
-    (home-page "http://xfig.org/")
+         (add-before 'install 'strip-bogus-exec-prefix
+           (lambda* (#:key outputs #:allow-other-keys)
+             (substitute* "xfig.desktop"
+               ;; The patch-dot-desktop-files phase requires a relative name.
+               (("Exec=/usr/bin/xfig") "Exec=xfig"))
+             #t)))))
+    (home-page "http://mcj.sourceforge.net/")
     (synopsis "Interactive drawing tool")
     (description
      "Xfig is an interactive drawing tool which runs under X Window System.
@@ -195,7 +134,7 @@ selected in various ways.  For text, 35 fonts are available.")
          (add-after 'install 'install/doc
            (lambda _
              (zero? (system* "make" "install.man")))))))
-    (home-page "http://www.xfig.org/")
+    (home-page "http://mcj.sourceforge.net/")
     (synopsis "Create portable LaTeX figures")
     (description
      "Transfig creates a makefile to translate figures described in Fig code
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 4ed2c010c4..bbf7e0a5f6 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5920,7 +5920,7 @@ basic eye-candy effects.")
 (define-public xpra
   (package
     (name "xpra")
-    (version "2.1.3")
+    (version "2.2")
     (source
      (origin
        (method url-fetch)
@@ -5928,41 +5928,42 @@ basic eye-candy effects.")
                            version ".tar.xz"))
        (sha256
         (base32
-         "0r0l3p59q05fmvkp3jv8vmny2v8m1vyhqkg6b9r2qgxn1kcxx7rm"))))
+         "0gi0i5pbhfzr5j4mbngjxvrk6r4lvigw4w2104znplmmrf1mw6y2"))))
     (build-system python-build-system)
-    (inputs `(("ffmpeg", ffmpeg)
-              ("flac", flac)
+    (inputs `(("ffmpeg" ,ffmpeg)
+              ("flac" ,flac)
               ("gtk+-2" ,gtk+-2) ;; no full GTK3 support yet
-              ("libjpeg", libjpeg)
-              ("libpng", libpng)
-              ("libvpx", libvpx)
-              ("libx264", libx264)
-              ("libxcomposite", libxcomposite)
-              ("libxdamage", libxdamage)
-              ("libxkbfile", libxkbfile)
-              ("libxrandr", libxrandr)
-              ("libxtst", libxtst)
-              ("lzo", lzo)
-              ("python2-cryptography", python2-cryptography)
-              ("python2-dbus", python2-dbus)
-              ("python2-lz4", python2-lz4)
-              ("python2-lzo", python2-lzo)
-              ("python2-numpy", python2-numpy)
+              ("libjpeg" ,libjpeg)
+              ("libpng" ,libpng)
+              ("libvpx" ,libvpx)
+              ("libx264" ,libx264)
+              ("libxcomposite" ,libxcomposite)
+              ("libxdamage" ,libxdamage)
+              ("libxkbfile" ,libxkbfile)
+              ("libxrandr" ,libxrandr)
+              ("libxtst" ,libxtst)
+              ("lzo" ,lzo)
+              ("python2-cryptography" ,python2-cryptography)
+              ("python2-dbus" ,python2-dbus)
+              ("python2-lz4" ,python2-lz4)
+              ("python2-lzo" ,python2-lzo)
+              ("python2-netifaces" ,python2-netifaces)
+              ("python2-numpy" ,python2-numpy)
               ("python2-pillow" ,python2-pillow)
-              ("python2-pycairo", python2-pycairo)
-              ("python2-pycrypto", python2-pycrypto)
-              ("python2-pygobject", python2-pygobject)
-              ("python2-pyopengl", python2-pyopengl)
-              ("python2-pygtk", python2-pygtk)
-              ("python2-rencode", python2-rencode)
-              ("xorg-server", xorg-server)))
+              ("python2-pycairo" ,python2-pycairo)
+              ("python2-pycrypto" ,python2-pycrypto)
+              ("python2-pygobject" ,python2-pygobject)
+              ("python2-pyopengl" ,python2-pyopengl)
+              ("python2-pyopengl-accelerate" ,python2-pyopengl-accelerate)
+              ("python2-pygtk" ,python2-pygtk)
+              ("python2-rencode" ,python2-rencode)
+              ("xorg-server" ,xorg-server)))
     (native-inputs `(("pkg-config" ,pkg-config)
                      ("python2-cython", python2-cython)))
     (arguments
      `(#:python ,python-2 ;; no full Python 3 support yet
        #:configure-flags '("--with-tests"
                            "--with-bundle_tests"
-                           "--without-opengl" ;; TODO: pygtkglext needed.
                            "--without-Xdummy" ;; We use Xvfb instead.
                            "--without-Xdummy_wrapper"
                            "--without-strict")
diff --git a/gnu/services.scm b/gnu/services.scm
index 016ff08e0b..15fc6dcb49 100644
--- a/gnu/services.scm
+++ b/gnu/services.scm
@@ -392,7 +392,8 @@ boot."
                      (mkdir "/tmp")
                      (chmod "/tmp" #o1777)
                      (mkdir "/var/run")
-                     (chmod "/var/run" #o755))))))))
+                     (chmod "/var/run" #o755)
+                     (delete-file-recursively "/run/udev/watch.old"))))))))
 
 (define cleanup-service-type
   ;; Service that cleans things up in /tmp and similar.
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 291dd63256..5e08927af3 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1727,6 +1727,17 @@ item of @var{packages}."
                     (setenv "EUDEV_RULES_DIRECTORY"
                             #$(file-append rules "/lib/udev/rules.d"))
 
+                    (let* ((kernel-release
+                            (utsname:release (uname)))
+                           (linux-module-directory
+                            (getenv "LINUX_MODULE_DIRECTORY"))
+                           (directory
+                            (string-append linux-module-directory "/"
+                                           kernel-release))
+                           (old-umask (umask #o022)))
+                      (make-static-device-nodes directory)
+                      (umask old-umask))
+
                     (let ((pid (primitive-fork)))
                       (case pid
                         ((0)
@@ -1750,7 +1761,10 @@ item of @var{packages}."
          ;; When halting the system, 'udev' is actually killed by
          ;; 'user-processes', i.e., before its own 'stop' method was called.
          ;; Thus, make sure it is not respawned.
-         (respawn? #f)))))))
+         (respawn? #f)
+         ;; We need additional modules.
+         (modules `((gnu build linux-boot)
+                    ,@%default-modules))))))))
 
 (define udev-service-type
   (service-type (name 'udev)
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index dc072ea8da..8aac2638b3 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Copyright © 2016 Sou Bunnbu <iyzsong@member.fsf.org>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -72,7 +73,7 @@
                                (string-concatenate
                                 (map (lambda (host)
                                        (string-append " -d " host))
-                                     #$hosts))))))))))
+                                     '#$hosts))))))))))
 
 (define certbot-activation
   (match-lambda
@@ -97,8 +98,7 @@
      (map
       (lambda (host)
         (nginx-server-configuration
-         (http-port 80)
-         (https-port #f)
+         (listen '("80"))
          (ssl-certificate #f)
          (ssl-certificate-key #f)
          (server-name (list host))
diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
index fce2ce1c25..6bf656949a 100644
--- a/gnu/services/version-control.scm
+++ b/gnu/services/version-control.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Copyright © 2016 Sou Bunnbu <iyzsong@member.fsf.org>
 ;;; Copyright © 2017 Oleg Pykhalov <go.wigust@gmail.com>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -231,7 +232,7 @@ access to exported repositories under @file{/srv/git}."
                "fastcgi_param HTTP_HOST $server_name;"
                "fastcgi_pass 127.0.0.1:9000;")))))
     (try-files (list "$uri" "@cgit"))
-    (https-port #f)
+    (listen '("80"))
     (ssl-certificate #f)
     (ssl-certificate-key #f))))
 
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 9d713003c3..2371ddb6d0 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -4,6 +4,8 @@
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Copyright © 2016, 2017 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
+;;; Copyright © 2017 nee <nee-git@hidamari.blue>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -26,8 +28,11 @@
   #:use-module (gnu system shadow)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages web)
+  #:use-module (gnu packages php)
   #:use-module (guix records)
   #:use-module (guix gexp)
+  #:use-module ((guix utils) #:select (version-major))
+  #:use-module ((guix packages) #:select (package-version))
   #:use-module (srfi srfi-1)
   #:use-module (ice-9 match)
   #:export (<nginx-configuration>
@@ -38,13 +43,14 @@
             nginx-configuration-run-directory
             nginx-configuration-server-blocks
             nginx-configuration-upstream-blocks
+            nginx-configuration-server-names-hash-bucket-size
+            nginx-configuration-server-names-hash-bucket-max-size
             nginx-configuration-file
 
             <nginx-server-configuration>
             nginx-server-configuration
             nginx-server-configuration?
-            nginx-server-configuration-http-port
-            nginx-server-configuartion-https-port
+            nginx-server-configuration-listen
             nginx-server-configuration-server-name
             nginx-server-configuration-root
             nginx-server-configuration-locations
@@ -52,6 +58,7 @@
             nginx-server-configuration-ssl-certificate
             nginx-server-configuration-ssl-certificate-key
             nginx-server-configuration-server-tokens?
+            nginx-server-configuration-raw-content
 
             <nginx-upstream-configuration>
             nginx-upstream-configuration
@@ -76,7 +83,49 @@
 
             fcgiwrap-configuration
             fcgiwrap-configuration?
-            fcgiwrap-service-type))
+            fcgiwrap-service-type
+
+            <php-fpm-configuration>
+            php-fpm-configuration
+            make-php-fpm-configuration
+            php-fpm-configuration?
+            php-fpm-configuration-php
+            php-fpm-configuration-socket
+            php-fpm-configuration-user
+            php-fpm-configuration-group
+            php-fpm-configuration-socket-user
+            php-fpm-configuration-socket-group
+            php-fpm-configuration-pid-file
+            php-fpm-configuration-log-file
+            php-fpm-configuration-process-manager
+            php-fpm-configuration-display-errors
+            php-fpm-configuration-workers-log-file
+            php-fpm-configuration-file
+
+            <php-fpm-dynamic-process-manager-configuration>
+            php-fpm-dynamic-process-manager-configuration
+            make-php-fpm-dynamic-process-manager-configuration
+            php-fpm-dynamic-process-manager-configuration?
+            php-fpm-dynamic-process-manager-configuration-max-children
+            php-fpm-dynamic-process-manager-configuration-start-servers
+            php-fpm-dynamic-process-manager-configuration-min-spare-servers
+            php-fpm-dynamic-process-manager-configuration-max-spare-servers
+
+            <php-fpm-static-process-manager-configuration>
+            php-fpm-static-process-manager-configuration
+            make-php-fpm-static-process-manager-configuration
+            php-fpm-static-process-manager-configuration?
+            php-fpm-static-process-manager-configuration-max-children
+
+            <php-fpm-on-demand-process-manager-configuration>
+            php-fpm-on-demand-process-manager-configuration
+            make-php-fpm-on-demand-process-manager-configuration
+            php-fpm-on-demand-process-manager-configuration?
+            php-fpm-on-demand-process-manager-configuration-max-children
+            php-fpm-on-demand-process-manager-configuration-process-idle-timeout
+
+            php-fpm-service-type
+            nginx-php-location))
 
 ;;; Commentary:
 ;;;
@@ -87,10 +136,8 @@
 (define-record-type* <nginx-server-configuration>
   nginx-server-configuration make-nginx-server-configuration
   nginx-server-configuration?
-  (http-port           nginx-server-configuration-http-port
-                       (default 80))
-  (https-port          nginx-server-configuration-https-port
-                       (default 443))
+  (listen              nginx-server-configuration-listen
+                       (default '("80" "443 ssl")))
   (server-name         nginx-server-configuration-server-name
                        (default (list 'default)))
   (root                nginx-server-configuration-root
@@ -102,11 +149,13 @@
   (try-files           nginx-server-configuration-try-files
                        (default '()))
   (ssl-certificate     nginx-server-configuration-ssl-certificate
-                       (default "/etc/nginx/cert.pem"))
+                       (default #f))
   (ssl-certificate-key nginx-server-configuration-ssl-certificate-key
-                       (default "/etc/nginx/key.pem"))
+                       (default #f))
   (server-tokens?      nginx-server-configuration-server-tokens?
-                       (default #f)))
+                       (default #f))
+  (raw-content         nginx-server-configuration-raw-content
+                       (default '())))
 
 (define-record-type* <nginx-upstream-configuration>
   nginx-upstream-configuration make-nginx-upstream-configuration
@@ -141,6 +190,10 @@
                  (default '()))          ;list of <nginx-server-configuration>
   (upstream-blocks nginx-configuration-upstream-blocks
                    (default '()))      ;list of <nginx-upstream-configuration>
+  (server-names-hash-bucket-size nginx-configuration-server-names-hash-bucket-size
+                                 (default #f))
+  (server-names-hash-bucket-max-size nginx-configuration-server-names-hash-bucket-max-size
+                                     (default #f))
   (file          nginx-configuration-file         ;#f | string | file-like
                  (default #f)))
 
@@ -173,8 +226,7 @@ of index files."
       "      }\n"))))
 
 (define (emit-nginx-server-config server)
-  (let ((http-port (nginx-server-configuration-http-port server))
-        (https-port (nginx-server-configuration-https-port server))
+  (let ((listen (nginx-server-configuration-listen server))
         (server-name (nginx-server-configuration-server-name server))
         (ssl-certificate (nginx-server-configuration-ssl-certificate server))
         (ssl-certificate-key
@@ -183,7 +235,8 @@ of index files."
         (index (nginx-server-configuration-index server))
         (try-files (nginx-server-configuration-try-files server))
         (server-tokens? (nginx-server-configuration-server-tokens? server))
-        (locations (nginx-server-configuration-locations server)))
+        (locations (nginx-server-configuration-locations server))
+        (raw-content (nginx-server-configuration-raw-content server)))
     (define-syntax-parameter <> (syntax-rules ()))
     (define-syntax-rule (and/l x tail ...)
       (let ((x* x))
@@ -191,20 +244,9 @@ of index files."
             (syntax-parameterize ((<> (identifier-syntax x*)))
               (list tail ...))
             '())))
-    (for-each
-     (match-lambda
-      ((record-key . file)
-       (if (and file (not (file-exists? file)))
-           (error
-            (simple-format
-             #f
-             "~A in the nginx configuration for the server with name \"~A\" does not exist" record-key server-name)))))
-     `(("ssl-certificate"     . ,ssl-certificate)
-       ("ssl-certificate-key" . ,ssl-certificate-key)))
     (list
      "    server {\n"
-     (and/l http-port  "      listen " (number->string <>) ";\n")
-     (and/l https-port "      listen " (number->string <>) " ssl;\n")
+     (map (lambda (directive) (list "      listen " directive ";\n")) listen)
      "      server_name " (config-domain-strings server-name) ";\n"
      (and/l ssl-certificate     "      ssl_certificate " <> ";\n")
      (and/l ssl-certificate-key "      ssl_certificate_key " <> ";\n")
@@ -217,6 +259,7 @@ of index files."
      "\n"
      (map emit-nginx-location-config locations)
      "\n"
+     (map (lambda (x) (list "      " x "\n")) raw-content)
      "    }\n")))
 
 (define (emit-nginx-upstream-config upstream)
@@ -235,25 +278,43 @@ of index files."
         (cons head out)))
   (fold-right flatten1 '() lst))
 
-(define (default-nginx-config nginx log-directory run-directory server-list upstream-list)
-  (apply mixed-text-file "nginx.conf"
-         (flatten
-          "user nginx nginx;\n"
-          "pid " run-directory "/pid;\n"
-          "error_log " log-directory "/error.log info;\n"
-          "http {\n"
-          "    client_body_temp_path " run-directory "/client_body_temp;\n"
-          "    proxy_temp_path " run-directory "/proxy_temp;\n"
-          "    fastcgi_temp_path " run-directory "/fastcgi_temp;\n"
-          "    uwsgi_temp_path " run-directory "/uwsgi_temp;\n"
-          "    scgi_temp_path " run-directory "/scgi_temp;\n"
-          "    access_log " log-directory "/access.log;\n"
-          "    include " nginx "/share/nginx/conf/mime.types;\n"
-          "\n"
-          (map emit-nginx-upstream-config upstream-list)
-          (map emit-nginx-server-config server-list)
-          "}\n"
-          "events {}\n")))
+(define (default-nginx-config config)
+  (match-record config
+                <nginx-configuration>
+                (nginx log-directory run-directory
+                 server-blocks upstream-blocks
+                 server-names-hash-bucket-size
+                 server-names-hash-bucket-max-size)
+   (apply mixed-text-file "nginx.conf"
+          (flatten
+           "user nginx nginx;\n"
+           "pid " run-directory "/pid;\n"
+           "error_log " log-directory "/error.log info;\n"
+           "http {\n"
+           "    client_body_temp_path " run-directory "/client_body_temp;\n"
+           "    proxy_temp_path " run-directory "/proxy_temp;\n"
+           "    fastcgi_temp_path " run-directory "/fastcgi_temp;\n"
+           "    uwsgi_temp_path " run-directory "/uwsgi_temp;\n"
+           "    scgi_temp_path " run-directory "/scgi_temp;\n"
+           "    access_log " log-directory "/access.log;\n"
+           "    include " nginx "/share/nginx/conf/mime.types;\n"
+           (if server-names-hash-bucket-size
+               (string-append
+                "    server_names_hash_bucket_size "
+                (number->string server-names-hash-bucket-size)
+                ";\n")
+               "")
+           (if server-names-hash-bucket-max-size
+               (string-append
+                "    server_names_hash_bucket_max_size "
+                (number->string server-names-hash-bucket-max-size)
+                ";\n")
+               "")
+           "\n"
+           (map emit-nginx-upstream-config upstream-blocks)
+           (map emit-nginx-server-config server-blocks)
+           "}\n"
+           "events {}\n"))))
 
 (define %nginx-accounts
   (list (user-group (name "nginx") (system? #t))
@@ -265,55 +326,53 @@ of index files."
          (home-directory "/var/empty")
          (shell (file-append shadow "/sbin/nologin")))))
 
-(define nginx-activation
-  (match-lambda
-    (($ <nginx-configuration> nginx log-directory run-directory server-blocks
-                              upstream-blocks file)
-     #~(begin
-         (use-modules (guix build utils))
+(define (nginx-activation config)
+  (match-record config
+                <nginx-configuration>
+                (nginx log-directory run-directory file)
+   #~(begin
+       (use-modules (guix build utils))
 
-         (format #t "creating nginx log directory '~a'~%" #$log-directory)
-         (mkdir-p #$log-directory)
-         (format #t "creating nginx run directory '~a'~%" #$run-directory)
-         (mkdir-p #$run-directory)
-         (format #t "creating nginx temp directories '~a/{client_body,proxy,fastcgi,uwsgi,scgi}_temp'~%" #$run-directory)
-         (mkdir-p (string-append #$run-directory "/client_body_temp"))
-         (mkdir-p (string-append #$run-directory "/proxy_temp"))
-         (mkdir-p (string-append #$run-directory "/fastcgi_temp"))
-         (mkdir-p (string-append #$run-directory "/uwsgi_temp"))
-         (mkdir-p (string-append #$run-directory "/scgi_temp"))
-         ;; Start-up logs. Once configuration is loaded, nginx switches to
-         ;; log-directory.
-         (mkdir-p (string-append #$run-directory "/logs"))
-         ;; Check configuration file syntax.
-         (system* (string-append #$nginx "/sbin/nginx")
-                  "-c" #$(or file
-                             (default-nginx-config nginx log-directory
-                               run-directory server-blocks upstream-blocks))
-                  "-t")))))
-
-(define nginx-shepherd-service
-  (match-lambda
-    (($ <nginx-configuration> nginx log-directory run-directory server-blocks
-                              upstream-blocks file)
-     (let* ((nginx-binary (file-append nginx "/sbin/nginx"))
-            (nginx-action
-             (lambda args
-               #~(lambda _
-                   (zero?
-                    (system* #$nginx-binary "-c"
-                             #$(or file
-                                   (default-nginx-config nginx log-directory
-                                     run-directory server-blocks upstream-blocks))
-                             #$@args))))))
-
-       ;; TODO: Add 'reload' action.
-       (list (shepherd-service
-              (provision '(nginx))
-              (documentation "Run the nginx daemon.")
-              (requirement '(user-processes loopback))
-              (start (nginx-action "-p" run-directory))
-              (stop (nginx-action "-s" "stop"))))))))
+       (format #t "creating nginx log directory '~a'~%" #$log-directory)
+       (mkdir-p #$log-directory)
+       (format #t "creating nginx run directory '~a'~%" #$run-directory)
+       (mkdir-p #$run-directory)
+       (format #t "creating nginx temp directories '~a/{client_body,proxy,fastcgi,uwsgi,scgi}_temp'~%" #$run-directory)
+       (mkdir-p (string-append #$run-directory "/client_body_temp"))
+       (mkdir-p (string-append #$run-directory "/proxy_temp"))
+       (mkdir-p (string-append #$run-directory "/fastcgi_temp"))
+       (mkdir-p (string-append #$run-directory "/uwsgi_temp"))
+       (mkdir-p (string-append #$run-directory "/scgi_temp"))
+       ;; Start-up logs. Once configuration is loaded, nginx switches to
+       ;; log-directory.
+       (mkdir-p (string-append #$run-directory "/logs"))
+       ;; Check configuration file syntax.
+       (system* (string-append #$nginx "/sbin/nginx")
+                "-c" #$(or file
+                           (default-nginx-config config))
+                  "-t"))))
+
+(define (nginx-shepherd-service config)
+  (match-record config
+                <nginx-configuration>
+                (nginx file run-directory)
+   (let* ((nginx-binary (file-append nginx "/sbin/nginx"))
+          (nginx-action
+           (lambda args
+             #~(lambda _
+                 (zero?
+                  (system* #$nginx-binary "-c"
+                           #$(or file
+                                 (default-nginx-config config))
+                           #$@args))))))
+
+     ;; TODO: Add 'reload' action.
+     (list (shepherd-service
+            (provision '(nginx))
+            (documentation "Run the nginx daemon.")
+            (requirement '(user-processes loopback))
+            (start (nginx-action "-p" run-directory))
+            (stop (nginx-action "-s" "stop")))))))
 
 (define nginx-service-type
   (service-type (name 'nginx)
@@ -385,3 +444,202 @@ of index files."
 		       (service-extension account-service-type
                                           fcgiwrap-accounts)))
                 (default-value (fcgiwrap-configuration))))
+
+(define-record-type* <php-fpm-configuration> php-fpm-configuration
+  make-php-fpm-configuration
+  php-fpm-configuration?
+  (php              php-fpm-configuration-php ;<package>
+                    (default php))
+  (socket           php-fpm-configuration-socket
+                    (default (string-append "/var/run/php"
+                                            (version-major (package-version php))
+                                            "-fpm.sock")))
+  (user             php-fpm-configuration-user
+                    (default "php-fpm"))
+  (group            php-fpm-configuration-group
+                    (default "php-fpm"))
+  (socket-user      php-fpm-configuration-socket-user
+                    (default "php-fpm"))
+  (socket-group     php-fpm-configuration-socket-group
+                    (default "nginx"))
+  (pid-file         php-fpm-configuration-pid-file
+                    (default (string-append "/var/run/php"
+                                            (version-major (package-version php))
+                                            "-fpm.pid")))
+  (log-file         php-fpm-configuration-log-file
+                    (default (string-append "/var/log/php"
+                                            (version-major (package-version php))
+                                            "-fpm.log")))
+  (process-manager  php-fpm-configuration-process-manager
+                    (default (php-fpm-dynamic-process-manager-configuration)))
+  (display-errors   php-fpm-configuration-display-errors
+                    (default #f))
+  (workers-log-file php-fpm-configuration-workers-log-file
+                    (default (string-append "/var/log/php"
+                                            (version-major (package-version php))
+                                            "-fpm.www.log")))
+  (file             php-fpm-configuration-file ;#f | file-like
+                    (default #f)))
+
+(define-record-type* <php-fpm-dynamic-process-manager-configuration>
+  php-fpm-dynamic-process-manager-configuration
+  make-php-fpm-dynamic-process-manager-configuration
+  php-fpm-dynamic-process-manager-configuration?
+  (max-children         php-fpm-dynamic-process-manager-configuration-max-children
+                        (default 5))
+  (start-servers        php-fpm-dynamic-process-manager-configuration-start-servers
+                        (default 2))
+  (min-spare-servers    php-fpm-dynamic-process-manager-configuration-min-spare-servers
+                        (default 1))
+  (max-spare-servers    php-fpm-dynamic-process-manager-configuration-max-spare-servers
+                        (default 3)))
+
+(define-record-type* <php-fpm-static-process-manager-configuration>
+  php-fpm-static-process-manager-configuration
+  make-php-fpm-static-process-manager-configuration
+  php-fpm-static-process-manager-configuration?
+  (max-children         php-fpm-static-process-manager-configuration-max-children
+                        (default 5)))
+
+(define-record-type* <php-fpm-on-demand-process-manager-configuration>
+  php-fpm-on-demand-process-manager-configuration
+  make-php-fpm-on-demand-process-manager-configuration
+  php-fpm-on-demand-process-manager-configuration?
+  (max-children         php-fpm-on-demand-process-manager-configuration-max-children
+                        (default 5))
+  (process-idle-timeout php-fpm-on-demand-process-manager-configuration-process-idle-timeout
+                        (default 10)))
+
+(define php-fpm-accounts
+  (match-lambda
+    (($ <php-fpm-configuration> php socket user group socket-user socket-group _ _ _ _ _ _)
+     (list
+      (user-group (name "php-fpm") (system? #t))
+      (user-group
+       (name group)
+       (system? #t))
+      (user-account
+       (name user)
+       (group group)
+       (supplementary-groups '("php-fpm"))
+       (system? #t)
+       (comment "php-fpm daemon user")
+       (home-directory "/var/empty")
+       (shell (file-append shadow "/sbin/nologin")))))))
+
+(define (default-php-fpm-config socket user group socket-user socket-group
+          pid-file log-file pm display-errors workers-log-file)
+  (apply mixed-text-file "php-fpm.conf"
+         (flatten
+          "[global]\n"
+          "pid =" pid-file "\n"
+          "error_log =" log-file "\n"
+          "[www]\n"
+          "user =" user "\n"
+          "group =" group "\n"
+          "listen =" socket "\n"
+          "listen.owner =" socket-user "\n"
+          "listen.group =" socket-group "\n"
+
+          (match pm
+            (($ <php-fpm-dynamic-process-manager-configuration>
+                pm.max-children
+                pm.start-servers
+                pm.min-spare-servers
+                pm.max-spare-servers)
+             (list
+              "pm = dynamic\n"
+              "pm.max_children =" (number->string pm.max-children) "\n"
+              "pm.start_servers =" (number->string pm.start-servers) "\n"
+              "pm.min_spare_servers =" (number->string pm.min-spare-servers) "\n"
+              "pm.max_spare_servers =" (number->string pm.max-spare-servers) "\n"))
+
+            (($ <php-fpm-static-process-manager-configuration>
+                pm.max-children)
+             (list
+              "pm = static\n"
+              "pm.max_children =" (number->string pm.max-children) "\n"))
+
+            (($ <php-fpm-on-demand-process-manager-configuration>
+                pm.max-children
+                pm.process-idle-timeout)
+             (list
+              "pm = ondemand\n"
+              "pm.max_children =" (number->string pm.max-children) "\n"
+              "pm.process_idle_timeout =" (number->string pm.process-idle-timeout) "s\n")))
+
+
+          "php_flag[display_errors] = " (if display-errors "on" "off") "\n"
+
+          (if workers-log-file
+              (list "catch_workers_output = yes\n"
+                    "php_admin_value[error_log] =" workers-log-file "\n"
+                    "php_admin_flag[log_errors] = on\n")
+              (list "catch_workers_output = no\n")))))
+
+(define php-fpm-shepherd-service
+  (match-lambda
+    (($ <php-fpm-configuration> php socket user group socket-user socket-group
+                                pid-file log-file pm display-errors workers-log-file file)
+     (list (shepherd-service
+            (provision '(php-fpm))
+            (documentation "Run the php-fpm daemon.")
+            (requirement '(networking))
+            (start #~(make-forkexec-constructor
+                      '(#$(file-append php "/sbin/php-fpm")
+                        "--fpm-config"
+                        #$(or file
+                              (default-php-fpm-config socket user group
+                                socket-user socket-group pid-file log-file
+                                pm display-errors workers-log-file)))
+                      #:pid-file #$pid-file))
+            (stop #~(make-kill-destructor)))))))
+
+(define php-fpm-activation
+  (match-lambda
+    (($ <php-fpm-configuration> _ _ user _ _ _ _ log-file _ _ workers-log-file _)
+     #~(begin
+         (use-modules (guix build utils))
+         (let* ((user (getpwnam #$user))
+                (touch (lambda (file-name)
+                         (call-with-output-file file-name (const #t))))
+                (init-log-file
+                 (lambda (file-name)
+                   (when #$workers-log-file
+                     (when (not (file-exists? file-name))
+                       (touch file-name))
+                     (chown file-name (passwd:uid user) (passwd:gid user))
+                     (chmod file-name #o660)))))
+           (init-log-file #$log-file)
+           (init-log-file #$workers-log-file))))))
+
+
+(define php-fpm-service-type
+  (service-type
+   (name 'php-fpm)
+   (description
+    "Run @command{php-fpm} to provide a fastcgi socket for calling php through
+a webserver.")
+   (extensions
+    (list (service-extension shepherd-root-service-type
+                             php-fpm-shepherd-service)
+          (service-extension activation-service-type
+                             php-fpm-activation)
+          (service-extension account-service-type
+                             php-fpm-accounts)))
+   (default-value (php-fpm-configuration))))
+
+(define* (nginx-php-location
+          #:key
+          (nginx-package nginx)
+          (socket (string-append "/var/run/php"
+                                 (version-major (package-version php))
+                                 "-fpm.sock")))
+  "Return a nginx-location-configuration that makes nginx run .php files."
+  (nginx-location-configuration
+   (uri "~ \\.php$")
+   (body (list
+          "fastcgi_split_path_info ^(.+\\.php)(/.+)$;"
+          (string-append "fastcgi_pass unix:" socket ";")
+          "fastcgi_index index.php;"
+          (list "include " nginx-package "/share/nginx/conf/fastcgi.conf;")))))
diff --git a/gnu/system/examples/beaglebone-black.tmpl b/gnu/system/examples/beaglebone-black.tmpl
new file mode 100644
index 0000000000..609b801cab
--- /dev/null
+++ b/gnu/system/examples/beaglebone-black.tmpl
@@ -0,0 +1,54 @@
+;; This is an operating system configuration template
+;; for a "bare bones" setup on BeagleBone Black board.
+
+(use-modules (gnu) (gnu bootloader u-boot))
+(use-service-modules networking)
+(use-package-modules bootloaders screen ssh)
+
+(operating-system
+  (host-name "komputilo")
+  (timezone "Europe/Berlin")
+  (locale "en_US.utf8")
+
+  ;; Assuming /dev/mmcblk1 is the eMMC, and "my-root" is
+  ;; the label of the target root file system.
+  (bootloader (bootloader-configuration
+               (bootloader u-boot-beaglebone-black-bootloader)
+               (target "/dev/mmcblk1")))
+  (file-systems (cons (file-system
+                        (device "my-root")
+                        (title 'label)
+                        (mount-point "/")
+                        (type "ext4"))
+                      %base-file-systems))
+
+  ;; This is where user accounts are specified.  The "root"
+  ;; account is implicit, and is initially created with the
+  ;; empty password.
+  (users (cons (user-account
+                (name "alice")
+                (comment "Bob's sister")
+                (group "users")
+
+                ;; Adding the account to the "wheel" group
+                ;; makes it a sudoer.  Adding it to "audio"
+                ;; and "video" allows the user to play sound
+                ;; and access the webcam.
+                (supplementary-groups '("wheel"
+                                        "audio" "video"))
+                (home-directory "/home/alice"))
+               %base-user-accounts))
+
+  ;; Globally-installed packages.
+  (packages (cons* screen openssh %base-packages))
+
+  (services (cons* (dhcp-client-service)
+                   ;; mingetty does not work on serial lines.
+                   ;; Use agetty with board-specific serial parameters.
+                   (agetty-service
+                    (agetty-configuration
+                     (extra-options '("-L"))
+                     (baud-rate "115200")
+                     (term "vt100")
+                     (tty "ttyO0")))
+                   %base-services)))
diff --git a/gnu/system/install.scm b/gnu/system/install.scm
index c2f73f7e8f..1cc3db1160 100644
--- a/gnu/system/install.scm
+++ b/gnu/system/install.scm
@@ -22,6 +22,7 @@
 
 (define-module (gnu system install)
   #:use-module (gnu)
+  #:use-module (gnu bootloader u-boot)
   #:use-module (guix gexp)
   #:use-module (guix store)
   #:use-module (guix monads)
@@ -42,7 +43,8 @@
   #:use-module (gnu packages nvi)
   #:use-module (ice-9 match)
   #:use-module (srfi srfi-26)
-  #:export (installation-os))
+  #:export (installation-os
+            beaglebone-black-installation-os))
 
 ;;; Commentary:
 ;;;
@@ -154,9 +156,11 @@ the user's target storage device rather than on the RAM disk."
                                                 (string-append #$output "/"
                                                                target)))
                                    '(#$(file "bare-bones.tmpl")
+                                     #$(file "beaglebone-black.tmpl")
                                      #$(file "desktop.tmpl")
                                      #$(file "lightweight-desktop.tmpl"))
                                    '("bare-bones.scm"
+                                     "beaglebone-black.scm"
                                      "desktop.scm"
                                      "lightweight-desktop.scm"))
                          #t))))
@@ -372,7 +376,30 @@ You have been warned.  Thanks for being so brave.\x1b[0m
                      nvi                          ;:wq!
                      %base-packages))))
 
-;; Return it here so 'guix system' can consume it directly.
+(define beaglebone-black-installation-os
+  (operating-system
+    (inherit installation-os)
+    (bootloader (bootloader-configuration
+                 (bootloader u-boot-beaglebone-black-bootloader)
+                 (target "/dev/sda")))
+    (kernel linux-libre)
+    (initrd (lambda (fs . rest)
+              (apply base-initrd fs
+                     ;; This module is required to mount the sd card.
+                     #:extra-modules (list "omap_hsmmc")
+                     rest)))
+    (services (append
+               ;; mingetty does not work on serial lines.
+               ;; Use agetty with board-specific serial parameters.
+               (list (agetty-service
+                      (agetty-configuration
+                       (extra-options '("-L"))
+                       (baud-rate "115200")
+                       (term "vt100")
+                       (tty "ttyO0"))))
+               (operating-system-user-services installation-os)))))
+
+;; Return the default os here so 'guix system' can consume it directly.
 installation-os
 
 ;;; install.scm ends here
diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm
index d754ac76f0..53629daa90 100644
--- a/gnu/system/vm.scm
+++ b/gnu/system/vm.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
-;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
@@ -175,6 +175,10 @@ made available under the /xchg CIFS share."
                                 #:memory-size #$memory-size
                                 #:make-disk-image? #$make-disk-image?
                                 #:single-file-output? #$single-file-output?
+                                ;; FIXME: ‘target-arm32?’ may not operate on
+                                ;; the right system/target values.  Rewrite
+                                ;; using ‘let-system’ when available.
+                                #:target-arm32? #$(target-arm32?)
                                 #:disk-image-format #$disk-image-format
                                 #:disk-image-size size
                                 #:references-graphs graphs)))))
@@ -273,10 +277,12 @@ register INPUTS in the store database of the image so that Guix can be used in
 the image."
   (expression->derivation-in-linux-vm
    name
-   (with-imported-modules (source-module-closure '((gnu build vm)
+   (with-imported-modules (source-module-closure '((gnu build bootloader)
+                                                   (gnu build vm)
                                                    (guix build utils)))
      #~(begin
-         (use-modules (gnu build vm)
+         (use-modules (gnu build bootloader)
+                      (gnu build vm)
                       (guix build utils)
                       (srfi srfi-26)
                       (ice-9 binary-ports))
@@ -548,7 +554,7 @@ of the GNU system as described by OS."
        (device (file-system->mount-tag source))
        (type "9p")
        (flags (if writable? '() '(read-only)))
-       (options (string-append "trans=virtio"))
+       (options "trans=virtio,cache=loose")
        (check? #f)
        (create-mount-point? #t)))))
 
@@ -660,6 +666,8 @@ with '-virtfs' options for the host file systems listed in SHARED-FS."
 
      "-no-reboot"
      "-net nic,model=virtio"
+     "-object" "rng-random,filename=/dev/urandom,id=guixsd-vm-rng"
+     "-device" "virtio-rng-pci,rng=guixsd-vm-rng"
 
      #$@(map virtfs-option shared-fs)
      "-vga std"
diff --git a/gnu/tests/version-control.scm b/gnu/tests/version-control.scm
index 2cbacf0ef9..7367861b05 100644
--- a/gnu/tests/version-control.scm
+++ b/gnu/tests/version-control.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Oleg Pykhalov <go.wigust@gmail.com>
 ;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -78,8 +79,7 @@
                "fastcgi_param HTTP_HOST $server_name;"
                "fastcgi_pass 127.0.0.1:9000;")))))
     (try-files (list "$uri" "@cgit"))
-    (http-port 19418)
-    (https-port #f)
+    (listen '("19418"))
     (ssl-certificate #f)
     (ssl-certificate-key #f))))
 
@@ -211,8 +211,7 @@ HTTP-PORT."
    (server-blocks
     (list
      (nginx-server-configuration
-      (http-port 19418)
-      (https-port #f)
+      (listen '("19418"))
       (ssl-certificate #f)
       (ssl-certificate-key #f)
       (locations
diff --git a/gnu/tests/web.scm b/gnu/tests/web.scm
index 3fa272c676..f1214fb5fd 100644
--- a/gnu/tests/web.scm
+++ b/gnu/tests/web.scm
@@ -1,5 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -27,7 +29,8 @@
   #:use-module (gnu services networking)
   #:use-module (guix gexp)
   #:use-module (guix store)
-  #:export (%test-nginx))
+  #:export (%test-nginx
+            %test-php-fpm))
 
 (define %index.html-contents
   ;; Contents of the /index.html file served by nginx.
@@ -45,10 +48,7 @@
   ;; Server blocks.
   (list (nginx-server-configuration
          (root "/srv")
-         (http-port 8042)
-         (https-port #f)
-         (ssl-certificate #f)
-         (ssl-certificate-key #f))))
+         (listen '("8042" "443 ssl")))))
 
 (define %nginx-os
   ;; Operating system under test.
@@ -132,3 +132,121 @@ HTTP-PORT."
    (name "nginx")
    (description "Connect to a running NGINX server.")
    (value (run-nginx-test))))
+
+
+;;;
+;;; PHP-FPM
+;;;
+
+(define %make-php-fpm-http-root
+  ;; Create our server root in /srv.
+  #~(begin
+      (mkdir "/srv")
+      (call-with-output-file "/srv/index.php"
+        (lambda (port)
+          (display "<?php
+phpinfo();
+echo(\"Computed by php:\".((string)(2+3)));
+?>\n" port)))))
+
+(define %php-fpm-nginx-server-blocks
+  (list (nginx-server-configuration
+         (root "/srv")
+         (locations
+          (list (nginx-php-location)))
+         (listen "8042")
+         (ssl-certificate #f)
+         (ssl-certificate-key #f))))
+
+(define %php-fpm-os
+  ;; Operating system under test.
+  (simple-operating-system
+   (dhcp-client-service)
+   (service php-fpm-service-type)
+   (service nginx-service-type
+            (nginx-configuration
+             (server-blocks %php-fpm-nginx-server-blocks)))
+   (simple-service 'make-http-root activation-service-type
+                   %make-php-fpm-http-root)))
+
+(define* (run-php-fpm-test #:optional (http-port 8042))
+  "Run tests in %PHP-FPM-OS, which has nginx running and listening on
+HTTP-PORT, along with php-fpm."
+  (define os
+    (marionette-operating-system
+     %php-fpm-os
+     #:imported-modules '((gnu services herd)
+                          (guix combinators))))
+
+  (define vm
+    (virtual-machine
+     (operating-system os)
+     (port-forwardings `((8080 . ,http-port)))))
+
+  (define test
+    (with-imported-modules '((gnu build marionette)
+                             (guix build utils))
+      #~(begin
+          (use-modules (srfi srfi-11) (srfi srfi-64)
+                       (gnu build marionette)
+                       (web uri)
+                       (web client)
+                       (web response))
+
+          (define marionette
+            (make-marionette (list #$vm)))
+
+          (mkdir #$output)
+          (chdir #$output)
+
+          (test-begin "php-fpm")
+
+          (test-assert "php-fpm running"
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (match (start-service 'php-fpm)
+                  (#f #f)
+                  (('service response-parts ...)
+                   (match (assq-ref response-parts 'running)
+                     ((pid) (number? pid))))))
+             marionette))
+
+          (test-eq "nginx running"
+            'running!
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (start-service 'nginx)
+                'running!)
+             marionette))
+
+          (test-equal "http-get"
+            200
+            (let-values (((response text)
+                          (http-get "http://localhost:8080/index.php"
+                                    #:decode-body? #t)))
+              (response-code response)))
+
+          (test-equal "php computed result is sent"
+            "Computed by php:5"
+            (let-values (((response text)
+                          (http-get "http://localhost:8080/index.php"
+                                    #:decode-body? #t)))
+              (begin
+                (use-modules (ice-9 regex))
+                (let ((matches (string-match "Computed by php:5" text)))
+                  (and matches
+                       (match:substring matches 0))))))
+
+          (test-end)
+
+          (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+  (gexp->derivation "php-fpm-test" test))
+
+(define %test-php-fpm
+  (system-test
+   (name "php-fpm")
+   (description "Test PHP-FPM through nginx.")
+   (value (run-php-fpm-test))))