summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--HACKING12
-rw-r--r--doc/contributing.texi9
-rw-r--r--doc/guix.texi32
-rw-r--r--gnu/local.mk3
-rw-r--r--gnu/packages/backup.scm3
-rw-r--r--gnu/packages/compression.scm37
-rw-r--r--gnu/packages/cook.scm4
-rw-r--r--gnu/packages/cups.scm6
-rw-r--r--gnu/packages/emacs.scm8
-rw-r--r--gnu/packages/fish.scm8
-rw-r--r--gnu/packages/geeqie.scm6
-rw-r--r--gnu/packages/gnupg.scm40
-rw-r--r--gnu/packages/gnuzilla.scm8
-rw-r--r--gnu/packages/guile.scm57
-rw-r--r--gnu/packages/haskell.scm5
-rw-r--r--gnu/packages/java.scm39
-rw-r--r--gnu/packages/lisp.scm77
-rw-r--r--gnu/packages/mail.scm8
-rw-r--r--gnu/packages/parallel.scm4
-rw-r--r--gnu/packages/patches/openssh-CVE-2016-6210-1.patch114
-rw-r--r--gnu/packages/patches/openssh-CVE-2016-6210-2.patch111
-rw-r--r--gnu/packages/patches/openssh-CVE-2016-6210-3.patch60
-rw-r--r--gnu/packages/python.scm15
-rw-r--r--gnu/packages/samba.scm83
-rw-r--r--gnu/packages/shellutils.scm42
-rw-r--r--gnu/packages/ssh.scm5
-rw-r--r--gnu/packages/statistics.scm4
-rw-r--r--gnu/packages/version-control.scm6
-rw-r--r--gnu/packages/video.scm13
-rw-r--r--gnu/packages/web.scm9
-rw-r--r--gnu/packages/wxwidgets.scm8
-rw-r--r--gnu/packages/xdisorg.scm23
-rw-r--r--gnu/packages/xorg.scm104
-rw-r--r--guix/download.scm2
-rw-r--r--guix/profiles.scm43
-rw-r--r--guix/scripts/lint.scm25
-rw-r--r--tests/lint.scm12
37 files changed, 867 insertions, 178 deletions
diff --git a/HACKING b/HACKING
index d5828f6836..28948b3e23 100644
--- a/HACKING
+++ b/HACKING
@@ -2,7 +2,7 @@
 
 #+TITLE: Hacking GNU Guix and Its Incredible Distro
 
-Copyright © 2012, 2013, 2014 Ludovic Courtès <ludo@gnu.org>
+Copyright © 2012, 2013, 2014, 2016 Ludovic Courtès <ludo@gnu.org>
 Copyright © 2015 Mathieu Lirzin <mthl@openmailbox.org>
 
   Copying and distribution of this file, with or without modification,
@@ -35,9 +35,13 @@ upgrading GnuTLS or GLib.)  We have a mailing list for commit notifications
 (guix-commits@gnu.org), so people can notice.  Before pushing your changes,
 make sure to run ‘git pull --rebase’.
 
-All commits that are pushed to the central repository on Savannah should be
-signed with a PGP key, and the public key should be uploaded to your user
-account on Savannah.
+All commits that are pushed to the central repository on Savannah must be
+signed with an OpenPGP key, and the public key should be uploaded to your user
+account on Savannah and to public key servers, such as ‘pgp.mit.edu’.  To
+configure Git to automatically sign commits, run:
+
+  git config commit.gpgsign true
+  git config user.signingkey CABBA6EA1DC0FF33
 
 For anything else, please post to guix-devel@gnu.org and leave time for a
 review, without committing anything.  If you didn’t receive any reply
diff --git a/doc/contributing.texi b/doc/contributing.texi
index dc554d2c76..c0755bb895 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -15,6 +15,10 @@ our project uses a ``Contributor Covenant'', which was adapted from
 @url{http://contributor-covenant.org/}.  You can find a local version in
 the @file{CODE-OF-CONDUCT} file in the source tree.
 
+Contributors are not required to use their legal name in patches and
+on-line communication; they can use any name or pseudonym of their
+choice.
+
 @menu
 * Building from Git::           The latest and greatest.
 * Running Guix Before It Is Installed::  Hacker tricks.
@@ -333,4 +337,7 @@ referring to people, such as
 
 When posting a patch to the mailing list, use @samp{[PATCH] @dots{}} as
 a subject.  You may use your email client or the @command{git
-send-email} command.
+send-email} command.  We prefer to get patches in plain text messages,
+either inline or as MIME attachments.  You are advised to pay attention if
+your email client changes anything like line breaks or indentation which
+could could potentially break the patches.
diff --git a/doc/guix.texi b/doc/guix.texi
index 0d6739adc3..dd2004dd63 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -13,6 +13,7 @@
 Copyright @copyright{} 2012, 2013, 2014, 2015, 2016 Ludovic Courtès@*
 Copyright @copyright{} 2013, 2014, 2016 Andreas Enge@*
 Copyright @copyright{} 2013 Nikita Karetnikov@*
+Copyright @copyright{} 2014, 2015, 2016 Alex Kost@*
 Copyright @copyright{} 2015, 2016 Mathieu Lirzin@*
 Copyright @copyright{} 2014 Pierre-Antoine Rault@*
 Copyright @copyright{} 2015 Taylan Ulrich Bayırlı/Kammer@*
@@ -1208,6 +1209,24 @@ for Chinese languages:
 guix package -i font-adobe-source-han-sans:cn
 @end example
 
+Older programs such as @command{xterm} do not use Fontconfig and instead
+rely on server-side font rendering.  Such programs require to specify a
+full name of a font using XLFD (X Logical Font Description), like this:
+
+@example
+-*-dejavu sans-medium-r-normal-*-*-100-*-*-*-*-*-1
+@end example
+
+To be able to use such full names for the TrueType fonts installed in
+your Guix profile, you need to extend the font path of the X server:
+
+@example
+xset +fp ~/.guix-profile/share/fonts/truetype
+@end example
+
+After that, you can run @code{xlsfonts} (from @code{xlsfonts} package)
+to make sure your TrueType fonts are listed there.
+
 @subsection X.509 Certificates
 
 The @code{nss-certs} package provides X.509 certificates, which allow
@@ -4517,8 +4536,9 @@ You can freely access a huge library of build logs!
 
 @cindex package definition, editing
 So many packages, so many source files!  The @command{guix edit} command
-facilitates the life of packagers by pointing their editor at the source
-file containing the definition of the specified packages.  For instance:
+facilitates the life of users and packagers by pointing their editor at
+the source file containing the definition of the specified packages.
+For instance:
 
 @example
 guix edit gcc@@4.9 vim
@@ -4526,9 +4546,15 @@ guix edit gcc@@4.9 vim
 
 @noindent
 launches the program specified in the @code{VISUAL} or in the
-@code{EDITOR} environment variable to edit the recipe of GCC@tie{}4.9.3
+@code{EDITOR} environment variable to view the recipe of GCC@tie{}4.9.3
 and that of Vim.
 
+If you are using a Guix Git checkout (@pxref{Building from Git}), or
+have created your own packages on @code{GUIX_PACKAGE_PATH}
+(@pxref{Defining Packages}), you will be able to edit the package
+recipes. Otherwise, you will be able to examine the read-only recipes
+for packages currently in the store.
+
 If you are using Emacs, note that the Emacs user interface provides the
 @kbd{M-x guix-edit} command and a similar functionality in the ``package
 info'' and ``package list'' buffers created by the @kbd{M-x
diff --git a/gnu/local.mk b/gnu/local.mk
index 65834897dc..911b89f14b 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -683,6 +683,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/openjpeg-CVE-2015-6581.patch		\
   %D%/packages/patches/openjpeg-use-after-free-fix.patch	\
   %D%/packages/patches/openssh-CVE-2015-8325.patch		\
+  %D%/packages/patches/openssh-CVE-2016-6210-1.patch		\
+  %D%/packages/patches/openssh-CVE-2016-6210-2.patch		\
+  %D%/packages/patches/openssh-CVE-2016-6210-3.patch		\
   %D%/packages/patches/openssl-runpath.patch			\
   %D%/packages/patches/openssl-c-rehash-in.patch		\
   %D%/packages/patches/openssl-CVE-2016-2177.patch		\
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index 956ead4d5a..0a2e9b1b90 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -106,8 +106,7 @@ spying and/or modification by the server.")
     (source
      (origin
       (method url-fetch)
-      ;; Source tarballs are not versioned
-      (uri "http://archive.miek.nl/projects/hdup2/hdup.tar.bz2")
+      (uri "https://fossies.org/linux/privat/old/hdup-2.0.14.tar.bz2")
       (sha256
        (base32
         "02bnczg01cyhajmm4rhbnc0ja0dd9ikv9fwv28asxh1rlx9yr0b7"))))
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 01b32a2ac3..e63c1af048 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -36,6 +36,7 @@
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system perl)
   #:use-module (gnu packages)
+  #:use-module (gnu packages assembly)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages backup)
   #:use-module (gnu packages base)
@@ -834,3 +835,39 @@ also be used to apply such patches.  xdelta is similar to @command{diff} and
 @command{patch}, but is not limited to plain text and does not generate
 human-readable output.")
     (license license:asl2.0)))
+
+(define-public lrzip
+  (package
+    (name "lrzip")
+    (version "0.630")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "http://ck.kolivas.org/apps/lrzip/lrzip-" version ".tar.bz2"))
+       (sha256
+        (base32
+         "01ykxliqw4cavx9f2gawxfa9wf52cjy1qx28cnkrh6i3lfzzcq94"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(;; nasm is only required when building for 32-bit x86 platforms
+       ,@(if (string-prefix? "i686" (or (%current-target-system)
+                                        (%current-system)))
+             `(("nasm" ,nasm))
+             '())
+       ("perl" ,perl)))
+    (inputs
+     `(("bzip2" ,bzip2)
+       ("lzo" ,lzo)
+       ("zlib" ,zlib)))
+    (home-page "http://ck.kolivas.org/apps/lrzip/")
+    (synopsis "Large file compressor with a very high compression ratio")
+    (description "lrzip is a compression utility that uses long-range
+redundancy reduction to improve the subsequent compression ratio of
+larger files.  It can then further compress the result with the ZPAQ or
+LZMA algorithms for maximum compression, or LZO for maximum speed.  This
+choice between size or speed allows for either better compression than
+even LZMA can provide, or a higher speed than gzip while compressing as
+well as bzip2.")
+    (license (list license:gpl3+
+                   license:public-domain)))) ; most files in lzma/
diff --git a/gnu/packages/cook.scm b/gnu/packages/cook.scm
index d0dd80dc40..e149968f24 100644
--- a/gnu/packages/cook.scm
+++ b/gnu/packages/cook.scm
@@ -33,9 +33,7 @@
     (source
      (origin
        (method url-fetch)
-       (uri (string-append
-             "http://miller.emu.id.au/pmiller/software/cook/cook-" version
-             ".tar.gz"))
+       (uri "http://fossies.org/linux/misc/old/cook-2.34.tar.gz")
        (sha256
         (base32
          "104saqnqql1l7zr2pm3f718fdky3ds8j07c6xvwrs1rfkhrw58yw"))))
diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index 2865ff1494..09b804f39a 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -303,14 +303,14 @@ device-specific programs to convert and print many types of files.")
 (define-public hplip
   (package
     (name "hplip")
-    (version "3.16.3")
+    (version "3.16.7")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/hplip/hplip/" version
                                   "/hplip-" version ".tar.gz"))
               (sha256
                (base32
-                "1501qdnkjp1ybgagy5188fmf6cgmj5555ygjl3543nlbwcp31lj2"))))
+                "1hpzyf9ifs0vilsbwxcgpv8g9557p1x8w5qwgz5l0avgcd10dzlx"))))
     (build-system gnu-build-system)
     (home-page "http://hplipopensource.com/")
     (synopsis "HP Printer Drivers")
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index 926db42a46..5a718fa341 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -117,9 +117,7 @@
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (let* ((guix-src (assoc-ref inputs "guix-src"))
                     (out      (assoc-ref outputs "out"))
-                    (lisp-dir (string-append out "/share/emacs/"
-                                             ,(version-major+minor version)
-                                             "/site-lisp"))
+                    (lisp-dir (string-append out "/share/emacs/site-lisp"))
                     (unpack   (assoc-ref %standard-phases 'unpack)))
                (mkdir "guix")
                (with-directory-excursion "guix"
@@ -2079,9 +2077,7 @@ It is built on top of the custom theme support in Emacs 24 or later.")
                 "1ha3slc6d9wi9ilkhmwrzkvf308n6ph7b0k69pk369s9304awxzx"))))
     (build-system emacs-build-system)
     (propagated-inputs
-     `(("emacs-dash" ,emacs-dash)
-       ("emacs-f" ,emacs-f)
-       ("emacs-s" ,emacs-s)))
+     `(("emacs-dash" ,emacs-dash)))
     (home-page "http://github.com/bbatsov/solarized-emacs")
     (synopsis "Port of the Solarized theme for Emacs")
     (description
diff --git a/gnu/packages/fish.scm b/gnu/packages/fish.scm
index 7abaaf0ecd..a8b88e7c10 100644
--- a/gnu/packages/fish.scm
+++ b/gnu/packages/fish.scm
@@ -29,14 +29,14 @@
 (define-public fish
   (package
     (name "fish")
-    (version "2.3.0")
+    (version "2.3.1")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://fishshell.com/files/"
+              (uri (string-append "https://fishshell.com/files/"
                                   version "/fish-" version ".tar.gz"))
               (sha256
                (base32
-                "1ralmp7lavdl0plc09ppm232aqsn0crxx6m3hgaa06ibam3sqawi"))
+                "0r46p64lg6da3v6chsa4gisvl04kd3rpy60yih8r870kbp9wm2ij"))
               (modules '((guix build utils)))
               ;; Don't try to install /etc/fish/config.fish.
               (snippet
@@ -61,5 +61,5 @@ has extensive and discoverable help.  A special help command gives access to
 all the fish documentation in your web browser.  Other features include smart
 terminal handling based on terminfo, an easy to search history, and syntax
 highlighting.")
-    (home-page "http://fishshell.com/")
+    (home-page "https://fishshell.com/")
     (license gpl2)))
diff --git a/gnu/packages/geeqie.scm b/gnu/packages/geeqie.scm
index 110fb68ea0..509819e780 100644
--- a/gnu/packages/geeqie.scm
+++ b/gnu/packages/geeqie.scm
@@ -37,8 +37,10 @@
     (version "0.25")
     (source (origin
              (method url-fetch)
-             (uri (string-append "http://www.exiv2.org/exiv2-"
-                                 version ".tar.gz"))
+             (uri (list (string-append "http://www.exiv2.org/exiv2-"
+                                       version ".tar.gz")
+                        (string-append "https://fossies.org/linux/misc/exiv2-"
+                                       version ".tar.gz")))
              (sha256
               (base32
                "197g6vgcpyf9p2cwn5p5hb1r714xsk1v4p96f5pv1z8mi9vzq2y8"))))
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index 2b4ce71866..9bc7b65108 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -235,13 +235,14 @@ compatible to GNU Pth.")
        ("sqlite" ,sqlite)
        ("zlib" ,zlib)))
    (arguments
-    `(#:phases
-       (alist-cons-before
-        'configure 'patch-config-files
-        (lambda _
-          (substitute* "tests/openpgp/defs.inc"
-            (("/bin/pwd") (which "pwd"))))
-       %standard-phases)))
+    `(#:configure-flags '("--enable-gpg2-is-gpg")
+      #:phases
+      (modify-phases %standard-phases
+        (add-before 'configure 'patch-config-files
+          (lambda _
+            (substitute* "tests/openpgp/defs.inc"
+              (("/bin/pwd") (which "pwd")))
+            #t)))))
     (home-page "https://gnupg.org/")
     (synopsis "GNU Privacy Guard")
     (description
@@ -280,12 +281,25 @@ libskba (working with X.509 certificates and CMS data).")
        ("readline" ,readline)))
    (arguments
     `(#:phases
-       (alist-cons-before
-        'configure 'patch-config-files
-        (lambda _
-          (substitute* "tests/openpgp/Makefile.in"
-            (("/bin/sh") (which "bash"))))
-       %standard-phases)))))
+      (modify-phases %standard-phases
+        (add-before 'configure 'patch-config-files
+          (lambda _
+            (substitute* "tests/openpgp/Makefile.in"
+              (("/bin/sh") (which "bash")))
+            #t))
+        (add-after 'install 'rename-v2-commands
+          (lambda* (#:key outputs #:allow-other-keys)
+            ;; Upstream suggests removing the trailing '2' from command names:
+            ;; <http://debbugs.gnu.org/cgi/bugreport.cgi?bug=22883#58>.
+            (let ((out (assoc-ref outputs "out")))
+              (with-directory-excursion (string-append out "/bin")
+                (rename-file "gpgv2" "gpgv")
+                (rename-file "gpg2" "gpg")
+
+                ;; Keep the old name around to ease transition.
+                (symlink "gpgv" "gpgv2")
+                (symlink "gpg" "gpg2")
+                #t)))))))))
 
 (define-public gnupg-1
   (package (inherit gnupg)
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 506ab98e91..34b4040458 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -293,16 +293,16 @@ standards.")
 (define-public icecat
   (package
     (name "icecat")
-    (version "38.8.0-gnu1")
+    (version "38.8.0-gnu2")
     (source
      (origin
       (method url-fetch)
       (uri (string-append "mirror://gnu/gnuzilla/"
-                          (first (string-split version #\-)) "/"
+                          version "/"
                           name "-" version ".tar.bz2"))
       (sha256
        (base32
-        "0v4k47ziqsyfksv9sn4v1xvk4q414rc883hb1qzld63grj2nxxwp"))
+        "1yb7a1zsqpra9cgq8hrzrbm5v31drb9367cwvwiksz0ngqy342hb"))
       (patches (search-patches
                 "icecat-avoid-bundled-includes.patch"
                 "icecat-CVE-2016-2818-pt1.patch"
@@ -405,7 +405,7 @@ standards.")
     (arguments
      `(#:tests? #f          ; no check target
        #:out-of-source? #t  ; must be built outside of the source directory
-
+       #:parallel-build? #f
 
        ;; XXX: There are RUNPATH issues such as
        ;; $prefix/lib/icecat-31.6.0/plugin-container NEEDing libmozalloc.so,
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index 4bea9aad76..f50605a7fb 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Erik Edrosa <erik.edrosa@gmail.com>
 ;;; Copyright © 2016 Eraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -50,6 +51,8 @@
   #:use-module (gnu packages sdl)
   #:use-module (gnu packages maths)
   #:use-module (gnu packages image)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xorg)
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix git-download)
@@ -1123,4 +1126,58 @@ It currently supports MySQL, Postgres and SQLite3.")
 SQL databases.  This package implements the interface for SQLite.")
     (license gpl2+)))
 
+(define-public guile-xosd
+  (package
+    (name "guile-xosd")
+    (version "0.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/alezost/" name
+                                  "/releases/download/v" version
+                                  "/" name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1j0b07kycccfslp5n6q0hz7adwc7k41fpzds2dvrly67gavjqljv"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("guile" ,guile-2.0)
+       ("libx11" ,libx11)
+       ("libxext" ,libxext)
+       ("libxinerama" ,libxinerama)
+       ("xosd" ,xosd)))
+    (home-page "https://github.com/alezost/guile-xosd")
+    (synopsis "XOSD bindings for Guile")
+    (description
+     "Guile-XOSD provides Guile bindings for @code{libxosd},
+@uref{http://sourceforge.net/projects/libxosd/, the X On Screen Display
+library}.")
+    (license gpl3+)))
+
+(define-public guile-daemon
+  (package
+    (name "guile-daemon")
+    (version "0.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/alezost/" name
+                                  "/releases/download/v" version
+                                  "/" name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1s90h8qhblhhz4ahn3p5d573a24px6cdjq2w311ibpgwnsni4qvq"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("guile" ,guile-2.0)))
+    (home-page "https://github.com/alezost/guile-daemon")
+    (synopsis "Evaluate code in a running Guile process")
+    (description
+     "Guile-Daemon is a small Guile program that loads your initial
+configuration file, and then reads and evaluates Guile expressions that
+you send to a FIFO file.")
+    (license gpl3+)))
+
 ;;; guile.scm ends here
diff --git a/gnu/packages/haskell.scm b/gnu/packages/haskell.scm
index ba8f48d677..f41157332d 100644
--- a/gnu/packages/haskell.scm
+++ b/gnu/packages/haskell.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -6008,14 +6009,14 @@ generators, and more.")
 (define-public ghc-memory
   (package
     (name "ghc-memory")
-    (version "0.10")
+    (version "0.13")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://hackage.haskell.org/package/"
                                   "memory/memory-" version ".tar.gz"))
               (sha256
                (base32
-                "1xqs9zmjbjihb7gfbk25f2q00m2lsi4kc3jv672175ac8a36pgag"))))
+                "02l742qxjqy3jw1a347gb7sn7pn7a5qha1vzi2qqbvgafcjn0wyw"))))
     (build-system haskell-build-system)
     (native-inputs
      `(("ghc-tasty" ,ghc-tasty)
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index 2d50ad84fa..83ffba4f4c 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -535,17 +535,38 @@ build process and its dependencies, whereas Make uses Makefile format.")
                                               "/etc/ssl/certs"))
                     (keytool   (string-append (assoc-ref outputs "jdk")
                                               "/bin/keytool")))
+               (define (extract-cert file target)
+                 (call-with-input-file file
+                   (lambda (in)
+                     (call-with-output-file target
+                       (lambda (out)
+                         (let loop ((line (read-line in 'concat))
+                                    (copying? #f))
+                           (cond
+                            ((eof-object? line) #t)
+                            ((string-prefix? "-----BEGIN" line)
+                             (display line out)
+                             (loop (read-line in 'concat) #t))
+                            ((string-prefix? "-----END" line)
+                             (display line out)
+                             #t)
+                            (else
+                             (when copying? (display line out))
+                             (loop (read-line in 'concat) copying?)))))))))
                (define (import-cert cert)
                  (format #t "Importing certificate ~a\n" (basename cert))
-                 (let* ((port (open-pipe* OPEN_WRITE keytool
-                                          "-import"
-                                          "-alias" (basename cert)
-                                          "-keystore" keystore
-                                          "-storepass" "changeit"
-                                          "-file" cert)))
-                   (display "yes\n" port)
-                   (when (not (zero? (status:exit-val (close-pipe port))))
-                     (error "failed to import" cert))))
+                 (let ((temp "tmpcert"))
+                   (extract-cert cert temp)
+                   (let ((port (open-pipe* OPEN_WRITE keytool
+                                           "-import"
+                                           "-alias" (basename cert)
+                                           "-keystore" keystore
+                                           "-storepass" "changeit"
+                                           "-file" temp)))
+                     (display "yes\n" port)
+                     (when (not (zero? (status:exit-val (close-pipe port))))
+                       (error "failed to import" cert)))
+                   (delete-file temp)))
 
                ;; This is necessary because the certificate directory contains
                ;; files with non-ASCII characters in their names.
diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm
index 22f542ccc5..5c0df4e1ff 100644
--- a/gnu/packages/lisp.scm
+++ b/gnu/packages/lisp.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Federico Beffa <beffa@fbengineering.ch>
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016 Andy Patterson <ajpatter@uwaterloo.ca>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -102,15 +103,15 @@ interface to the Tk widget system.")
 (define-public ecl
   (package
     (name "ecl")
-    (version "15.2.21")
+    (version "16.1.2")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://sourceforge/ecls/ecls/"
-                           (version-major+minor version)
-                           "/ecl-" version ".tgz"))
+       (uri (string-append
+             "https://common-lisp.net/project/ecl/static/files/release/"
+             name "-" version ".tgz"))
        (sha256
-        (base32 "05di23v977byf67rq5bdshw8lqbby1ycbscdcl1vca0z6r1s204j"))))
+        (base32 "16ab8qs3awvdxy8xs8jy82v8r04x4wr70l9l2j45vgag18d2nj1d"))))
     (build-system gnu-build-system)
     ;; src/configure uses 'which' to confirm the existence of 'gzip'.
     (native-inputs `(("which" ,which)))
@@ -119,30 +120,38 @@ interface to the Tk widget system.")
               ("libgc" ,libgc)
               ("libffi" ,libffi)))
     (arguments
-     '(;; During 'make check', ECL fails to initialize with "protocol not
-       ;; supported", presumably because /etc/protocols is missing in the
-       ;; build environment.  See <http://sourceforge.net/p/ecls/bugs/300/>.
-       ;;
-       ;; Should the test suite be re-enabled, it might be necessary to add
-       ;; '#:parallel-tests #f'.  See the same bug report as above.
-       ;;
-       ;; The following might also be necessary, due to 'make check' assuming
-       ;; ECL is installed.  See <http://sourceforge.net/p/ecls/bugs/299/>.
-       ;;
-       ;; #:phases
-       ;; (let* ((check-phase (assq-ref %standard-phases 'check))
-       ;;        (rearranged-phases
-       ;;         (alist-cons-after 'install 'check check-phase
-       ;;                           (alist-delete 'check %standard-phases))))
-       ;;   (alist-cons-before
-       ;;    'check 'pre-check
-       ;;    (lambda* (#:key outputs #:allow-other-keys)
-       ;;      (substitute* '("build/tests/Makefile")
-       ;;        (("ECL=ecl")
-       ;;         (string-append
-       ;;          "ECL=" (assoc-ref outputs "out") "/bin/ecl"))))
-       ;;    rearranged-phases))
-       #:tests? #f))
+     '(#:tests? #t
+       #:make-flags `(,(string-append "ECL="
+                                      (assoc-ref %outputs "out")
+                                      "/bin/ecl"))
+       #:parallel-tests? #f
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'check)
+         (add-after 'install 'wrap
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((ecl (assoc-ref outputs "out"))
+                    (input-path (lambda (lib path)
+                                  (string-append
+                                   (assoc-ref inputs lib) path)))
+                    (libraries '("gmp" "libatomic-ops" "libgc" "libffi" "libc"))
+                    (binaries  '("gcc" "ld-wrapper" "binutils"))
+                    (library-directories
+                     (map (lambda (lib) (input-path lib "/lib"))
+                          libraries)))
+
+               (wrap-program (string-append ecl "/bin/ecl")
+                 `("PATH" prefix
+                   ,(map (lambda (binary)
+                           (input-path binary "/bin"))
+                         binaries))
+                 `("CPATH" suffix
+                   ,(map (lambda (lib)
+                           (input-path lib "/include"))
+                         `("linux-headers" ,@libraries)))
+                 `("LIBRARY_PATH" suffix ,library-directories)
+                 `("LD_LIBRARY_PATH" suffix ,library-directories)))))
+         (add-after 'wrap 'check (assoc-ref %standard-phases 'check)))))
     (home-page "http://ecls.sourceforge.net/")
     (synopsis "Embeddable Common Lisp")
     (description "ECL is an implementation of the Common Lisp language as
@@ -209,14 +218,14 @@ an interpreter, a compiler, a debugger, and much more.")
 (define-public sbcl
   (package
     (name "sbcl")
-    (version "1.2.8")
+    (version "1.3.7")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "mirror://sourceforge/sbcl/sbcl/" version "/sbcl-"
                            version "-source.tar.bz2"))
        (sha256
-        (base32 "0ab9lw056yf6y0rjmx3iirn5n59pmssqxf00fbmpyl6qsnpaja1d"))))
+        (base32 "0fjdqnb2rsm2vi9794ywp27jr239ddvzc4xfr0dk49jd4v7p2kc5"))))
     (build-system gnu-build-system)
     (outputs '("out" "doc"))
     ;; Bootstrap with CLISP.
@@ -243,7 +252,11 @@ an interpreter, a compiler, a debugger, and much more.")
                ;; occurs in some .sh files too (which contain Lisp code).  Use
                ;; ISO-8859-1 because some of the files are ISO-8859-1 encoded.
                (with-fluids ((%default-port-encoding #f))
-                 (substitute* (find-files "." "\\.(lisp|sh)$")
+                 ;; The removed file is utf-16-be encoded, which gives substitute*
+                 ;; trouble. It does not contain references to the listed programs.
+                 (substitute* (delete
+                               "./tests/data/compile-file-pos-utf16be.lisp"
+                               (find-files "." "\\.(lisp|sh)$"))
                    (("\"/bin/sh\"") (quoted-path bash "/bin/sh"))
                    (("\"/usr/bin/env\"") (quoted-path coreutils "/usr/bin/env"))
                    (("\"/bin/cat\"") (quoted-path coreutils "/bin/cat"))
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index f99c16b405..aed7db0dae 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -293,7 +293,7 @@ and corrections.  It is based on a Bayesian filter.")
 (define-public offlineimap
   (package
     (name "offlineimap")
-    (version "6.7.0.1")
+    (version "7.0.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/OfflineIMAP/offlineimap/"
@@ -301,10 +301,10 @@ and corrections.  It is based on a Bayesian filter.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1ys26v2w3vws08acjs7w5irjgahdxyad00pmj7fhcx91hbvizs80"))))
+                "0hnyfby6ib7i7yblg7qpabdyl35n9l3n0a6agk47w1crpn2lsric"))))
     (build-system python-build-system)
-    (native-inputs `(("python" ,python-2)))
-    (inputs `(("python2-pysqlite" ,python2-pysqlite)))
+    (inputs `(("python2-pysqlite" ,python2-pysqlite)
+              ("python2-six" ,python2-six)))
     (arguments
      ;; The setup.py script expects python-2.
      `(#:python ,python-2
diff --git a/gnu/packages/parallel.scm b/gnu/packages/parallel.scm
index 766167d6e9..12f0028a34 100644
--- a/gnu/packages/parallel.scm
+++ b/gnu/packages/parallel.scm
@@ -44,7 +44,7 @@
 (define-public parallel
   (package
     (name "parallel")
-    (version "20160622")
+    (version "20160722")
     (source
      (origin
       (method url-fetch)
@@ -52,7 +52,7 @@
                           version ".tar.bz2"))
       (sha256
        (base32
-        "1axng9bwapmb0vrrv67pp787gv7r5g02zyrfwnrhpxhi8zmm1jmg"))))
+        "08gm0i9vj2nz8qgqi98z00myypgb3dni0s5yf3l17fp8h78fp4g3"))))
     (build-system gnu-build-system)
     (inputs `(("perl" ,perl)))
     (home-page "http://www.gnu.org/software/parallel/")
diff --git a/gnu/packages/patches/openssh-CVE-2016-6210-1.patch b/gnu/packages/patches/openssh-CVE-2016-6210-1.patch
new file mode 100644
index 0000000000..9b46ec12a9
--- /dev/null
+++ b/gnu/packages/patches/openssh-CVE-2016-6210-1.patch
@@ -0,0 +1,114 @@
+From e5ef9d3942cebda819a6fd81647b51c8d87d23df Mon Sep 17 00:00:00 2001
+From: Darren Tucker <dtucker@zip.com.au>
+Date: Fri, 15 Jul 2016 13:32:45 +1000
+Subject: Determine appropriate salt for invalid users.
+
+When sshd is processing a non-PAM login for a non-existent user it uses
+the string from the fakepw structure as the salt for crypt(3)ing the
+password supplied by the client.  That string has a Blowfish prefix, so on
+systems that don't understand that crypt will fail fast due to an invalid
+salt, and even on those that do it may have significantly different timing
+from the hash methods used for real accounts (eg sha512).  This allows
+user enumeration by, eg, sending large password strings.  This was noted
+by EddieEzra.Harari at verint.com (CVE-2016-6210).
+
+To mitigate, use the same hash algorithm that root uses for hashing
+passwords for users that do not exist on the system.  ok djm@
+
+Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=9286875a73b2de7736b5e50692739d314cd8d9dc
+Bug-Debian: https://bugs.debian.org/831902
+Last-Update: 2016-07-22
+
+Patch-Name: CVE-2016-6210-1.patch
+---
+ auth-passwd.c           | 12 ++++++++----
+ openbsd-compat/xcrypt.c | 34 ++++++++++++++++++++++++++++++++++
+ 2 files changed, 42 insertions(+), 4 deletions(-)
+
+diff --git a/auth-passwd.c b/auth-passwd.c
+index 63ccf3c..530b5d4 100644
+--- a/auth-passwd.c
++++ b/auth-passwd.c
+@@ -193,7 +193,7 @@ int
+ sys_auth_passwd(Authctxt *authctxt, const char *password)
+ {
+ 	struct passwd *pw = authctxt->pw;
+-	char *encrypted_password;
++	char *encrypted_password, *salt = NULL;
+ 
+ 	/* Just use the supplied fake password if authctxt is invalid */
+ 	char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
+@@ -202,9 +202,13 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
+ 	if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
+ 		return (1);
+ 
+-	/* Encrypt the candidate password using the proper salt. */
+-	encrypted_password = xcrypt(password,
+-	    (pw_password[0] && pw_password[1]) ? pw_password : "xx");
++	/*
++	 * Encrypt the candidate password using the proper salt, or pass a
++	 * NULL and let xcrypt pick one.
++	 */
++	if (authctxt->valid && pw_password[0] && pw_password[1])
++		salt = pw_password;
++	encrypted_password = xcrypt(password, salt);
+ 
+ 	/*
+ 	 * Authentication is accepted if the encrypted passwords
+diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
+index 8577cbd..8913bb8 100644
+--- a/openbsd-compat/xcrypt.c
++++ b/openbsd-compat/xcrypt.c
+@@ -25,6 +25,7 @@
+ #include "includes.h"
+ 
+ #include <sys/types.h>
++#include <string.h>
+ #include <unistd.h>
+ #include <pwd.h>
+ 
+@@ -62,11 +63,44 @@
+ #  define crypt DES_crypt
+ # endif
+ 
++/*
++ * Pick an appropriate password encryption type and salt for the running
++ * system.
++ */
++static const char *
++pick_salt(void)
++{
++	struct passwd *pw;
++	char *passwd, *p;
++	size_t typelen;
++	static char salt[32];
++
++	if (salt[0] != '\0')
++		return salt;
++	strlcpy(salt, "xx", sizeof(salt));
++	if ((pw = getpwuid(0)) == NULL)
++		return salt;
++	passwd = shadow_pw(pw);
++	if (passwd[0] != '$' || (p = strrchr(passwd + 1, '$')) == NULL)
++		return salt;  /* no $, DES */
++	typelen = p - passwd + 1;
++	strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
++	explicit_bzero(passwd, strlen(passwd));
++	return salt;
++}
++
+ char *
+ xcrypt(const char *password, const char *salt)
+ {
+ 	char *crypted;
+ 
++	/*
++	 * If we don't have a salt we are encrypting a fake password for
++	 * for timing purposes.  Pick an appropriate salt.
++	 */
++	if (salt == NULL)
++		salt = pick_salt();
++
+ # ifdef HAVE_MD5_PASSWORDS
+         if (is_md5_salt(salt))
+                 crypted = md5_crypt(password, salt);
diff --git a/gnu/packages/patches/openssh-CVE-2016-6210-2.patch b/gnu/packages/patches/openssh-CVE-2016-6210-2.patch
new file mode 100644
index 0000000000..1c580f90b9
--- /dev/null
+++ b/gnu/packages/patches/openssh-CVE-2016-6210-2.patch
@@ -0,0 +1,111 @@
+From dde63f7f998ac3812a26bbb2c1b2947f24fcd060 Mon Sep 17 00:00:00 2001
+From: Darren Tucker <dtucker@zip.com.au>
+Date: Fri, 15 Jul 2016 13:49:44 +1000
+Subject: Mitigate timing of disallowed users PAM logins.
+
+When sshd decides to not allow a login (eg PermitRootLogin=no) and
+it's using PAM, it sends a fake password to PAM so that the timing for
+the failure is not noticeably different whether or not the password
+is correct.  This behaviour can be detected by sending a very long
+password string which is slower to hash than the fake password.
+
+Mitigate by constructing an invalid password that is the same length
+as the one from the client and thus takes the same time to hash.
+Diff from djm@
+
+Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=283b97ff33ea2c641161950849931bd578de6946
+Bug-Debian: https://bugs.debian.org/831902
+Last-Update: 2016-07-22
+
+Patch-Name: CVE-2016-6210-2.patch
+---
+ auth-pam.c | 35 +++++++++++++++++++++++++++++++----
+ 1 file changed, 31 insertions(+), 4 deletions(-)
+
+diff --git a/auth-pam.c b/auth-pam.c
+index 8425af1..abd6a5e 100644
+--- a/auth-pam.c
++++ b/auth-pam.c
+@@ -232,7 +232,6 @@ static int sshpam_account_status = -1;
+ static char **sshpam_env = NULL;
+ static Authctxt *sshpam_authctxt = NULL;
+ static const char *sshpam_password = NULL;
+-static char badpw[] = "\b\n\r\177INCORRECT";
+ 
+ /* Some PAM implementations don't implement this */
+ #ifndef HAVE_PAM_GETENVLIST
+@@ -810,12 +809,35 @@ sshpam_query(void *ctx, char **name, char **info,
+ 	return (-1);
+ }
+ 
++/*
++ * Returns a junk password of identical length to that the user supplied.
++ * Used to mitigate timing attacks against crypt(3)/PAM stacks that
++ * vary processing time in proportion to password length.
++ */
++static char *
++fake_password(const char *wire_password)
++{
++	const char junk[] = "\b\n\r\177INCORRECT";
++	char *ret = NULL;
++	size_t i, l = wire_password != NULL ? strlen(wire_password) : 0;
++
++	if (l >= INT_MAX)
++		fatal("%s: password length too long: %zu", __func__, l);
++
++	ret = malloc(l + 1);
++	for (i = 0; i < l; i++)
++		ret[i] = junk[i % (sizeof(junk) - 1)];
++	ret[i] = '\0';
++	return ret;
++}
++
+ /* XXX - see also comment in auth-chall.c:verify_response */
+ static int
+ sshpam_respond(void *ctx, u_int num, char **resp)
+ {
+ 	Buffer buffer;
+ 	struct pam_ctxt *ctxt = ctx;
++	char *fake;
+ 
+ 	debug2("PAM: %s entering, %u responses", __func__, num);
+ 	switch (ctxt->pam_done) {
+@@ -836,8 +858,11 @@ sshpam_respond(void *ctx, u_int num, char **resp)
+ 	    (sshpam_authctxt->pw->pw_uid != 0 ||
+ 	    options.permit_root_login == PERMIT_YES))
+ 		buffer_put_cstring(&buffer, *resp);
+-	else
+-		buffer_put_cstring(&buffer, badpw);
++	else {
++		fake = fake_password(*resp);
++		buffer_put_cstring(&buffer, fake);
++		free(fake);
++	}
+ 	if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) {
+ 		buffer_free(&buffer);
+ 		return (-1);
+@@ -1181,6 +1206,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
+ {
+ 	int flags = (options.permit_empty_passwd == 0 ?
+ 	    PAM_DISALLOW_NULL_AUTHTOK : 0);
++	char *fake = NULL;
+ 
+ 	if (!options.use_pam || sshpam_handle == NULL)
+ 		fatal("PAM: %s called when PAM disabled or failed to "
+@@ -1196,7 +1222,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
+ 	 */
+ 	if (!authctxt->valid || (authctxt->pw->pw_uid == 0 &&
+ 	    options.permit_root_login != PERMIT_YES))
+-		sshpam_password = badpw;
++		sshpam_password = fake = fake_password(password);
+ 
+ 	sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
+ 	    (const void *)&passwd_conv);
+@@ -1206,6 +1232,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
+ 
+ 	sshpam_err = pam_authenticate(sshpam_handle, flags);
+ 	sshpam_password = NULL;
++	free(fake);
+ 	if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
+ 		debug("PAM: password authentication accepted for %.100s",
+ 		    authctxt->user);
diff --git a/gnu/packages/patches/openssh-CVE-2016-6210-3.patch b/gnu/packages/patches/openssh-CVE-2016-6210-3.patch
new file mode 100644
index 0000000000..303c34ee1b
--- /dev/null
+++ b/gnu/packages/patches/openssh-CVE-2016-6210-3.patch
@@ -0,0 +1,60 @@
+From abde8dda29c2db2405d6fbca2fe022430e2c1177 Mon Sep 17 00:00:00 2001
+From: Darren Tucker <dtucker@zip.com.au>
+Date: Thu, 21 Jul 2016 14:17:31 +1000
+Subject: Search users for one with a valid salt.
+
+If the root account is locked (eg password "!!" or "*LK*") keep looking
+until we find a user with a valid salt to use for crypting passwords of
+invalid users.  ok djm@
+
+Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=dbf788b4d9d9490a5fff08a7b09888272bb10fcc
+Bug-Debian: https://bugs.debian.org/831902
+Last-Update: 2016-07-22
+
+Patch-Name: CVE-2016-6210-3.patch
+---
+ openbsd-compat/xcrypt.c | 24 +++++++++++++++---------
+ 1 file changed, 15 insertions(+), 9 deletions(-)
+
+diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
+index 8913bb8..cf6a9b9 100644
+--- a/openbsd-compat/xcrypt.c
++++ b/openbsd-compat/xcrypt.c
+@@ -65,7 +65,9 @@
+ 
+ /*
+  * Pick an appropriate password encryption type and salt for the running
+- * system.
++ * system by searching through accounts until we find one that has a valid
++ * salt.  Usually this will be root unless the root account is locked out.
++ * If we don't find one we return a traditional DES-based salt.
+  */
+ static const char *
+ pick_salt(void)
+@@ -78,14 +80,18 @@ pick_salt(void)
+ 	if (salt[0] != '\0')
+ 		return salt;
+ 	strlcpy(salt, "xx", sizeof(salt));
+-	if ((pw = getpwuid(0)) == NULL)
+-		return salt;
+-	passwd = shadow_pw(pw);
+-	if (passwd[0] != '$' || (p = strrchr(passwd + 1, '$')) == NULL)
+-		return salt;  /* no $, DES */
+-	typelen = p - passwd + 1;
+-	strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
+-	explicit_bzero(passwd, strlen(passwd));
++	setpwent();
++	while ((pw = getpwent()) != NULL) {
++		passwd = shadow_pw(pw);
++		if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) {
++			typelen = p - passwd + 1;
++			strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
++			explicit_bzero(passwd, strlen(passwd));
++			goto out;
++		}
++	}
++ out:
++	endpwent();
+ 	return salt;
+ }
+ 
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 00f7803897..a5260f2bff 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -5028,14 +5028,14 @@ connection to each user.")
 (define-public python-waf
   (package
     (name "python-waf")
-    (version "1.8.8")
+    (version "1.9.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://waf.io/"
                                   "waf-" version ".tar.bz2"))
               (sha256
                (base32
-                "0b5q307fgn6a5d8yjia2d1l4bk1q3ilvc0w8k4isfrrx2gbcw8wn"))))
+                "1nc4qaqx2vsanlpp9mcwvf91xjqpkvcc6fcxd5sb4fwvaxamw5v6"))))
     (build-system python-build-system)
     (arguments
      '(#:phases
@@ -5627,17 +5627,14 @@ and MAC network addresses.")
 (define-public python-iso8601
   (package
   (name "python-iso8601")
-  (version "0.1.10")
+  (version "0.1.11")
   (source
     (origin
       (method url-fetch)
-      (uri (string-append
-             "https://pypi.python.org/packages/source/i/iso8601/iso8601-"
-             version
-             ".tar.gz"))
+      (uri (pypi-uri "iso8601" version))
       (sha256
-        (base32
-          "1qf01afxh7j4gja71vxv345if8avg6nnm0ry0zsk6j3030xgy4p7"))))
+       (base32
+        "0c7gh3lsdjds262h0v1sqc66l7hqgfwbakn96qrhdbl0i3vm5yz8"))))
   (build-system python-build-system)
   (inputs
     `(("python-setuptools" ,python-setuptools)))
diff --git a/gnu/packages/samba.scm b/gnu/packages/samba.scm
index 9f0b57c739..d089167312 100644
--- a/gnu/packages/samba.scm
+++ b/gnu/packages/samba.scm
@@ -39,55 +39,54 @@
 (define-public iniparser
   (package
     (name "iniparser")
-    (version "3.1")
+    (version "4.0")
     (source (origin
              (method url-fetch)
-             (uri (string-append "http://ndevilla.free.fr/iniparser/iniparser-"
+             (uri (string-append "https://github.com/ndevilla/iniparser/archive/v"
                                  version ".tar.gz"))
+             (file-name (string-append name "-" version ".tar.gz"))
              (sha256
               (base32
-               "1igmxzcy0s25zcy9vmcw0kd13lh60r0b4qg8lnp1jic33f427pxf"))))
+               "1flj7srvh2hp9ls96qz922bklyhw7f27mmn23b16839zpdjddfz0"))))
     (build-system gnu-build-system)
     (arguments
-     '(#:phases (alist-replace
-                 'configure
-                 (lambda* (#:key outputs #:allow-other-keys)
-                   (substitute* "Makefile"
-                     (("/usr/lib")
-                      (string-append (assoc-ref outputs "out") "/lib"))))
-                 (alist-replace
-                  'build
-                  (lambda _
-                    (and (zero? (system* "make" "libiniparser.so"))
-                         (symlink "libiniparser.so.0" "libiniparser.so")))
-                  (alist-replace
-                   'install
-                   (lambda* (#:key outputs #:allow-other-keys)
-                     (let* ((out  (assoc-ref outputs "out"))
-                            (lib  (string-append out "/lib"))
-                            (inc  (string-append out "/include"))
-                            (doc  (string-append out "/share/doc"))
-                            (html (string-append doc "/html")))
-                       (define (copy dir)
-                         (lambda (file)
-                           (copy-file file
-                                      (string-append dir "/"
-                                                     (basename file)))))
-                       (mkdir-p lib)
-                       (for-each (copy lib)
-                                 (find-files "." "^lib.*\\.(so\\.|a)"))
-                       (with-directory-excursion lib
-                         (symlink "libiniparser.so.0" "libiniparser.so"))
-                       (mkdir-p inc)
-                       (for-each (copy inc)
-                                 (find-files "src" "\\.h$"))
-                       (mkdir-p html)
-                       (for-each (copy html)
-                                 (find-files "html" ".*"))
-                       (for-each (copy doc)
-                                 '("AUTHORS" "INSTALL" "LICENSE"
-                                   "README"))))
-                   %standard-phases)))))
+     '(#:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda* (#:key outputs #:allow-other-keys)
+             (substitute* '("Makefile" "test/Makefile")
+               (("/usr/lib")
+                (string-append (assoc-ref outputs "out") "/lib"))
+               (("\\?= gcc") "= gcc"))))
+         (replace 'build
+           (lambda _
+             (and (zero? (system* "make" "libiniparser.so"))
+                         (symlink "libiniparser.so.0" "libiniparser.so"))))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out  (assoc-ref outputs "out"))
+                    (lib  (string-append out "/lib"))
+                    (inc  (string-append out "/include"))
+                    (doc  (string-append out "/share/doc"))
+                    (html (string-append doc "/html")))
+               (define (copy dir)
+                 (lambda (file)
+                   (copy-file file
+                              (string-append dir "/"
+                                             (basename file)))))
+               (mkdir-p lib)
+               (for-each (copy lib)
+                         (find-files "." "^lib.*\\.(so\\.|a)"))
+               (with-directory-excursion lib
+                 (symlink "libiniparser.so.0" "libiniparser.so"))
+               (mkdir-p inc)
+               (for-each (copy inc)
+                         (find-files "src" "\\.h$"))
+               (mkdir-p html)
+               (for-each (copy html)
+                         (find-files "html" ".*"))
+               (for-each (copy doc)
+                         '("AUTHORS" "INSTALL" "LICENSE" "README.md"))))))))
     (home-page "http://ndevilla.free.fr/iniparser")
     (synopsis "Standalone ini file parsing library")
     (description
diff --git a/gnu/packages/shellutils.scm b/gnu/packages/shellutils.scm
index 8108b0465d..27f45bab9b 100644
--- a/gnu/packages/shellutils.scm
+++ b/gnu/packages/shellutils.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Matthew Jordan <matthewjordandevops@yandex.com>
+;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -17,11 +18,14 @@
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
 (define-module (gnu packages shellutils)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages python)
   #:use-module (guix licenses)
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix utils)
-  #:use-module (guix build-system gnu))
+  #:use-module (guix build-system gnu)
+  #:use-module (guix build-system python))
 
 (define-public envstore
   (package
@@ -48,3 +52,39 @@
 between various shells or commands.")
     (license
      (non-copyleft "http://www.wtfpl.net/txt/copying/"))))
+
+(define-public trash-cli
+  (package
+    (name "trash-cli")
+    (version "0.12.9.14")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "trash-cli" version))
+       (sha256
+        (base32
+         "1p4v2qx0sy47d9c9axszq04wns63s4b7rrhmsavg948sklqdaf54"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:python ,python-2
+       #:tests? #f ; no tests
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'patch-path-constants
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let ((libc (assoc-ref inputs "libc"))
+                   (coreutils (assoc-ref inputs "coreutils")))
+               (substitute* "trashcli/list_mount_points.py"
+                 (("\"/lib/libc.so.6\".*")
+                  (string-append "\"" libc "/lib/libc.so.6\"\n"))
+                 (("\"df\"")
+                  (string-append "\"" coreutils "/bin/df\"")))))))))
+    (inputs `(("coreutils" ,coreutils)))
+    (home-page "https://github.com/andreafrancia/trash-cli")
+    (synopsis "Trash can management tool")
+    (description
+     "trash-cli is a command line utility for interacting with the
+FreeDesktop.org trash can used by GNOME, KDE, XFCE, and other common desktop
+environments.  It can move files to the trash, and remove or list files that
+are already there.")
+    (license gpl2+)))
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 71310ecf94..61a6a5b9d9 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -135,7 +135,10 @@ a server that supports the SSH-2 protocol.")
                                         tail))))
             (sha256 (base32
                      "132lh9aanb0wkisji1d6cmsxi520m8nh7c7i9wi6m1s3l38q29x7"))
-            (patches (search-patches "openssh-CVE-2015-8325.patch"))))
+            (patches (search-patches "openssh-CVE-2015-8325.patch"
+                                     "openssh-CVE-2016-6210-1.patch"
+                                     "openssh-CVE-2016-6210-2.patch"
+                                     "openssh-CVE-2016-6210-3.patch"))))
    (build-system gnu-build-system)
    (inputs `(("groff" ,groff)
              ("openssl" ,openssl)
diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm
index 45e50b651c..2365149fad 100644
--- a/gnu/packages/statistics.scm
+++ b/gnu/packages/statistics.scm
@@ -62,7 +62,7 @@
 (define-public pspp
   (package
     (name "pspp")
-    (version "0.10.1")
+    (version "0.10.2")
     (source
      (origin
       (method url-fetch)
@@ -70,7 +70,7 @@
                           version ".tar.gz"))
       (sha256
        (base32
-        "0xw61kq0hxh7f6a4yjhnqbhc0fj9r3wb3qnpq05qhdp79n30ik24"))))
+        "1afsq0a3iij64qacczvwhk81qg0q5rfqm055y5h9ls28d6paqz7p"))))
     (build-system gnu-build-system)
     (inputs
      `(("cairo" ,cairo)
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 705275242b..767715d1b1 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -113,14 +113,14 @@ as well as the classic centralized workflow.")
   ;; Keep in sync with 'git-manpages'!
   (package
    (name "git")
-   (version "2.9.1")
+   (version "2.9.2")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://kernel.org/software/scm/git/git-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "18l2jb4bkp9ljz6p2aviwzxqyzza9z3v6h1pnkz7kjf1fay61zp8"))))
+              "1d9dmhgzcnwc2jbib4q23ypjbnw1gh1w8gif63qldwkpixj4dxgq"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("native-perl" ,perl)
@@ -295,7 +295,7 @@ everything from small to very large projects with speed and efficiency.")
                     version ".tar.xz"))
               (sha256
                (base32
-                "1v9icsf85vvrrg7fakm91d11q23rvnh6dq4b4c4ya8v95z00mg8p"))))
+                "08y38w6yfvrpgj10dl3vghp05xjpl8jj37kkfna2nhf0wip52p2c"))))
     (build-system trivial-build-system)
     (arguments
      '(#:modules ((guix build utils))
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 948ab5ac8a..d5880c45e2 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -805,14 +805,7 @@ SVCD, DVD, 3ivx, DivX 3/4/5, WMV and H.264 movies.")
        ("pulseaudio" ,pulseaudio)
        ("rsound" ,rsound)
        ("vapoursynth" ,vapoursynth)
-       ("waf" ,(origin
-                 (method url-fetch)
-                 ;; Keep this in sync with the version in the bootstrap.py
-                 ;; script of the source tarball.
-                 (uri "http://www.freehackers.org/~tnagy/release/waf-1.8.12")
-                 (sha256
-                  (base32
-                   "12y9c352zwliw0zk9jm2lhynsjcf5jy0k1qch1c1av8hnbm2pgq1"))))
+       ("waf" ,python-waf)
        ("youtube-dl" ,youtube-dl)
        ("zlib" ,zlib)))
     (arguments
@@ -902,7 +895,7 @@ access to mpv's powerful playback capabilities.")
 (define-public youtube-dl
   (package
     (name "youtube-dl")
-    (version "2016.06.14")
+    (version "2016.07.22")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://youtube-dl.org/downloads/"
@@ -910,7 +903,7 @@ access to mpv's powerful playback capabilities.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0fmvpqipc1xwagvk7ih4slmv1xz1rb6s8wpndhypwvrq4pnnm9ns"))))
+                "02wcxpcbpvsbvyxcnhhf94ma0x5dcg4fygnxxca2h31dp47dkak9"))))
     (build-system python-build-system)
     (home-page "https://youtube-dl.org")
     (arguments
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index bbe33db32b..91186cdb19 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -2390,18 +2390,21 @@ and IPv6 sockets, intended as a replacement for IO::Socket::INET.")
 (define-public perl-io-socket-ssl
   (package
     (name "perl-io-socket-ssl")
-    (version "2.002")
+    (version "2.033")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/S/SU/SULLR/"
                                   "IO-Socket-SSL-" version ".tar.gz"))
               (sha256
                (base32
-                "1mph52lw6x5v44wf8mw00llzi8pp6k5c4jnrnrvlacrlfv260jb8"))
+                "01qggwmc97kpzx49fp4fxysrjyq8mpnx54nrb087ridj0ch3cf46"))
               (patches (search-patches
                         "perl-io-socket-ssl-openssl-1.0.2f-fix.patch"))))
     (build-system perl-build-system)
-    (propagated-inputs `(("perl-net-ssleay" ,perl-net-ssleay)))
+    (propagated-inputs
+     `(("perl-net-ssleay" ,perl-net-ssleay)
+       ;; for IDN support
+       ("perl-uri" ,perl-uri)))
     (synopsis "Nearly transparent SSL encapsulation for IO::Socket::INET")
     (description
      "IO::Socket::SSL makes using SSL/TLS much easier by wrapping the
diff --git a/gnu/packages/wxwidgets.scm b/gnu/packages/wxwidgets.scm
index c9eb1780d6..31da2a9eed 100644
--- a/gnu/packages/wxwidgets.scm
+++ b/gnu/packages/wxwidgets.scm
@@ -42,7 +42,8 @@
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://sourceforge/wxwindows/" version
+       (uri (string-append "https://github.com/wxWidgets/wxWidgets/"
+                           "releases/download/v" version
                            "/wxWidgets-" version ".tar.bz2"))
        (sha256
         (base32 "0paq27brw4lv8kspxh9iklpa415mxi8zc117vbbbhfjgapf7js1l"))))
@@ -88,8 +89,9 @@ and many other languages.")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://sourceforge/wxwindows/" version
-                           "/wxWidgets-" version ".tar.bz2"))
+       (uri (string-append "https://github.com/wxWidgets/wxWidgets/"
+                           "releases/download/v" version
+                           "/wxGTK-" version ".tar.gz"))
        (sha256
         (base32 "1gjs9vfga60mk4j4ngiwsk9h6c7j22pw26m3asxr1jwvqbr8kkqk"))))
     (inputs
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index f611518e86..226e5c1ca1 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -13,6 +13,7 @@
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -913,6 +914,28 @@ demos.  It also acts as a nice screen locker.")
                "http://metadata.ftp-master.debian.org/changelogs/"
                "/main/x/xscreensaver/xscreensaver_5.34-2_copyright")))))
 
+(define-public xdpyprobe
+  (package
+    (name "xdpyprobe")
+    (version "0.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/alezost/" name
+                                  "/releases/download/v" version
+                                  "/" name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1h09wd2qcg08rj5hcakvdh9q01hkrj8vxly94ax3ch2x06lm0zq8"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("libx11" ,libx11)))
+    (home-page "https://github.com/alezost/xdpyprobe")
+    (synopsis "Probe X server for connectivity")
+    (description
+     "Xdpyprobe is a tiny C program whose only purpose is to probe a
+connectivity of the X server running on a particular @code{DISPLAY}.")
+    (license license:gpl3+)))
+
 (define-public rofi
   (package
     (name "rofi")
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 61479bef47..59c8d1c871 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -8,6 +8,7 @@
 ;;; Copyright © 2015 Cyrill Schenkel <cyrill.schenkel@gmail.com>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -3870,6 +3871,97 @@ running on X server.")
 protocol.")
     (license license:x11)))
 
+(define-public xfontsel
+  (package
+    (name "xfontsel")
+    (version "1.0.5")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "mirror://xorg/individual/app/xfontsel-"
+                    version ".tar.bz2"))
+              (sha256
+               (base32
+                "1grir464hy52a71r3mpm9mzvkf7nwr3vk0b1vc27pd3gp588a38p"))))
+    (build-system gnu-build-system)
+    (arguments
+     ;; By default, it tries to install XFontSel file in
+     ;; "/gnu/store/<libxt>/share/X11/app-defaults": it defines this
+     ;; directory from 'libxt' (using 'pkg-config').  To put this file
+     ;; inside output dir and to use it properly, we need to configure
+     ;; --with-appdefaultdir and to wrap 'xfontsel' binary.
+     (let ((app-defaults-dir "/share/X11/app-defaults"))
+       `(#:configure-flags
+         (list (string-append "--with-appdefaultdir="
+                              %output ,app-defaults-dir))
+         #:phases
+         (modify-phases %standard-phases
+           (add-after 'install 'wrap-xfontsel
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let ((out (assoc-ref outputs "out")))
+                 (wrap-program (string-append out "/bin/xfontsel")
+                   `("XAPPLRESDIR" =
+                     (,(string-append out ,app-defaults-dir)))))))))))
+    (inputs
+     `(("libx11" ,libx11)
+       ("libxaw" ,libxaw)
+       ("libxmu" ,libxmu)
+       ("libxt" ,libxt)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "https://www.x.org/wiki/")
+    (synopsis "Browse and select X font names")
+    (description
+     "XFontSel provides a simple way to display the X11 core protocol fonts
+known to your X server, examine samples of each, and retrieve the X Logical
+Font Description (XLFD) full name for a font.")
+    (license license:x11)))
+
+(define-public xfd
+  (package
+    (name "xfd")
+    (version "1.1.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "mirror://xorg/individual/app/xfd-"
+                    version ".tar.bz2"))
+              (sha256
+               (base32
+                "0n97iqqap9wyxjan2n520vh4rrf5bc0apsw2k9py94dqzci258y1"))))
+    (build-system gnu-build-system)
+    (arguments
+     ;; The same 'app-defaults' problem as with 'xfontsel' package.
+     (let ((app-defaults-dir "/share/X11/app-defaults"))
+       `(#:configure-flags
+         (list (string-append "--with-appdefaultdir="
+                              %output ,app-defaults-dir))
+         #:phases
+         (modify-phases %standard-phases
+           (add-after 'install 'wrap-xfd
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let ((out (assoc-ref outputs "out")))
+                 (wrap-program (string-append out "/bin/xfd")
+                   `("XAPPLRESDIR" =
+                     (,(string-append out ,app-defaults-dir)))))))))))
+    (inputs
+     `(("fontconfig" ,fontconfig)
+       ("libx11" ,libx11)
+       ("libxaw" ,libxaw)
+       ("libxft" ,libxft)
+       ("libxmu" ,libxmu)
+       ("libxrender" ,libxrender)))
+    (native-inputs
+     `(("gettext" ,gnu-gettext)
+       ("pkg-config" ,pkg-config)))
+    (home-page "https://www.x.org/wiki/")
+    (synopsis "Display all the characters in an X font")
+    (description
+     "XFD (X Font Display) package provides an utility that displays a
+window containing the name of the font being displayed, a row of command
+buttons, several lines of text for displaying character metrics, and a grid
+containing one glyph per cell.")
+    (license license:x11)))
 
 (define-public xmodmap
   (package
@@ -4562,7 +4654,17 @@ protocol and arbitrary X extension protocol.")
           (base32
             "0c3563kw9fg15dpgx4dwvl12qz6sdqdns1pxa574hc7i5m42mman"))))
     (build-system gnu-build-system)
-    (propagated-inputs
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'wrap-mkfontdir
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (wrap-program (string-append (assoc-ref outputs "out")
+                                          "/bin/mkfontdir")
+               `("PATH" ":" prefix
+                 (,(string-append (assoc-ref inputs "mkfontscale")
+                                  "/bin")))))))))
+    (inputs
       `(("mkfontscale" ,mkfontscale)))
     (native-inputs
       `(("pkg-config" ,pkg-config)))
diff --git a/guix/download.scm b/guix/download.scm
index 8f38a4f552..73c0e897b4 100644
--- a/guix/download.scm
+++ b/guix/download.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013, 2014, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch>
+;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -99,6 +100,7 @@
        "http://www.centervenus.com/mirrors/nongnu/"
        "http://download.savannah.gnu.org/releases-noredirect/")
       (sourceforge ; https://sourceforge.net/p/forge/documentation/Mirrors/
+       "http://downloads.sourceforge.net/project/"
        "http://ufpr.dl.sourceforge.net/project/"
        "http://heanet.dl.sourceforge.net/project/"
        "http://freefr.dl.sourceforge.net/project/"
diff --git a/guix/profiles.scm b/guix/profiles.scm
index 77df6ad185..1adb143c16 100644
--- a/guix/profiles.scm
+++ b/guix/profiles.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
-;;; Copyright © 2014 Alex Kost <alezost@gmail.com>
+;;; Copyright © 2014, 2016 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;;
@@ -756,10 +756,51 @@ entries.  It's used to query the MIME type of a given file."
                           #:substitutable? #f)
         (return #f))))
 
+(define (fonts-dir-file manifest)
+  "Return a derivation that builds the @file{fonts.dir} and @file{fonts.scale}
+files for the truetype fonts of the @var{manifest} entries."
+  (define mkfontscale
+    (module-ref (resolve-interface '(gnu packages xorg)) 'mkfontscale))
+
+  (define mkfontdir
+    (module-ref (resolve-interface '(gnu packages xorg)) 'mkfontdir))
+
+  (define build
+    #~(begin
+        (use-modules (srfi srfi-26)
+                     (guix build utils)
+                     (guix build union))
+        (let ((ttf-dirs (filter file-exists?
+                                (map (cut string-append <>
+                                          "/share/fonts/truetype")
+                                     '#$(manifest-inputs manifest)))))
+          (mkdir #$output)
+          (if (null? ttf-dirs)
+              (exit #t)
+              (let* ((fonts-dir   (string-append #$output "/share/fonts"))
+                     (ttf-dir     (string-append fonts-dir "/truetype"))
+                     (mkfontscale (string-append #+mkfontscale
+                                                 "/bin/mkfontscale"))
+                     (mkfontdir   (string-append #+mkfontdir
+                                                 "/bin/mkfontdir")))
+                (mkdir-p fonts-dir)
+                (union-build ttf-dir ttf-dirs
+                             #:log-port (%make-void-port "w"))
+                (with-directory-excursion ttf-dir
+                  (exit (and (zero? (system* mkfontscale))
+                             (zero? (system* mkfontdir))))))))))
+
+  (gexp->derivation "fonts-dir" build
+                    #:modules '((guix build utils)
+                                (guix build union))
+                    #:local-build? #t
+                    #:substitutable? #f))
+
 (define %default-profile-hooks
   ;; This is the list of derivation-returning procedures that are called by
   ;; default when making a non-empty profile.
   (list info-dir-file
+        fonts-dir-file
         ghc-package-cache-file
         ca-certificate-bundle
         gtk-icon-themes
diff --git a/guix/scripts/lint.scm b/guix/scripts/lint.scm
index d5e9197cc9..8aab1febb2 100644
--- a/guix/scripts/lint.scm
+++ b/guix/scripts/lint.scm
@@ -203,14 +203,25 @@ by two spaces; possible infraction~p at ~{~a~^, ~}")
 (define (check-inputs-should-be-native package)
   ;; Emit a warning if some inputs of PACKAGE are likely to belong to its
   ;; native inputs.
-  (let ((inputs (package-inputs package)))
+  (let ((linted package)
+        (inputs (package-inputs package))
+        (native-inputs '("pkg-config" "glib:bin" "intltool" "itstool")))
     (match inputs
-      (((labels packages . _) ...)
-       (when (member "pkg-config"
-                     (map package-name (filter package? packages)))
-        (emit-warning package
-                      (_ "pkg-config should probably be a native input")
-                      'inputs))))))
+      (((labels packages . outputs) ...)
+       (for-each (lambda (package output)
+                   (when (package? package)
+                     (let ((input (string-append
+                                   (package-name package)
+                                   (if (> (length output) 0)
+                                       (string-append ":" (car output))
+                                       ""))))
+                       (when (member input native-inputs)
+                         (emit-warning linted
+                                       (format #f (_ "'~a' should probably \
+be a native input")
+                                               input)
+                                       'inputs)))))
+                 packages outputs)))))
 
 (define (package-name-regexp package)
   "Return a regexp that matches PACKAGE's name as a word at the beginning of a
diff --git a/tests/lint.scm b/tests/lint.scm
index ce751c42c9..770f43e57f 100644
--- a/tests/lint.scm
+++ b/tests/lint.scm
@@ -31,6 +31,7 @@
   #:use-module (guix scripts lint)
   #:use-module (guix ui)
   #:use-module (gnu packages)
+  #:use-module (gnu packages glib)
   #:use-module (gnu packages pkg-config)
   #:use-module (web server)
   #:use-module (web server http)
@@ -319,7 +320,16 @@ string) on HTTP requests."
        (let ((pkg (dummy-package "x"
                     (inputs `(("pkg-config" ,pkg-config))))))
          (check-inputs-should-be-native pkg)))
-         "pkg-config should probably be a native input")))
+         "'pkg-config' should probably be a native input")))
+
+(test-assert "inputs: glib:bin is probably a native input"
+  (->bool
+    (string-contains
+      (with-warnings
+        (let ((pkg (dummy-package "x"
+                     (inputs `(("glib" ,glib "bin"))))))
+          (check-inputs-should-be-native pkg)))
+          "'glib:bin' should probably be a native input")))
 
 (test-assert "patches: file names"
   (->bool