summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk19
-rw-r--r--gnu/packages/acl.scm2
-rw-r--r--gnu/packages/admin.scm4
-rw-r--r--gnu/packages/algebra.scm4
-rw-r--r--gnu/packages/apl.scm2
-rw-r--r--gnu/packages/attr.scm2
-rw-r--r--gnu/packages/audio.scm4
-rw-r--r--gnu/packages/backup.scm17
-rw-r--r--gnu/packages/base.scm68
-rw-r--r--gnu/packages/bash.scm161
-rw-r--r--gnu/packages/cdrom.scm2
-rw-r--r--gnu/packages/cmake.scm16
-rw-r--r--gnu/packages/commencement.scm206
-rw-r--r--gnu/packages/cross-base.scm169
-rw-r--r--gnu/packages/crypto.scm2
-rw-r--r--gnu/packages/cups.scm225
-rw-r--r--gnu/packages/curl.scm22
-rw-r--r--gnu/packages/databases.scm16
-rw-r--r--gnu/packages/disk.scm6
-rw-r--r--gnu/packages/documentation.scm2
-rw-r--r--gnu/packages/education.scm2
-rw-r--r--gnu/packages/engineering.scm5
-rw-r--r--gnu/packages/enlightenment.scm2
-rw-r--r--gnu/packages/fcitx.scm2
-rw-r--r--gnu/packages/file.scm5
-rw-r--r--gnu/packages/flex.scm1
-rw-r--r--gnu/packages/fonts.scm5
-rw-r--r--gnu/packages/fontutils.scm14
-rw-r--r--gnu/packages/freedesktop.scm2
-rw-r--r--gnu/packages/games.scm12
-rw-r--r--gnu/packages/gawk.scm52
-rw-r--r--gnu/packages/gcc.scm13
-rw-r--r--gnu/packages/gettext.scm56
-rw-r--r--gnu/packages/ghostscript.scm41
-rw-r--r--gnu/packages/gkrellm.scm2
-rw-r--r--gnu/packages/gl.scm149
-rw-r--r--gnu/packages/glib.scm16
-rw-r--r--gnu/packages/gnome.scm177
-rw-r--r--gnu/packages/gnupg.scm56
-rw-r--r--gnu/packages/grub.scm2
-rw-r--r--gnu/packages/gtk.scm23
-rw-r--r--gnu/packages/guile.scm9
-rw-r--r--gnu/packages/gv.scm3
-rw-r--r--gnu/packages/ibus.scm2
-rw-r--r--gnu/packages/image.scm37
-rw-r--r--gnu/packages/irc.scm2
-rw-r--r--gnu/packages/iso-codes.scm2
-rw-r--r--gnu/packages/kde-frameworks.scm2
-rw-r--r--gnu/packages/kodi.scm2
-rw-r--r--gnu/packages/libidn.scm21
-rw-r--r--gnu/packages/linux.scm118
-rw-r--r--gnu/packages/lout.scm3
-rw-r--r--gnu/packages/man.scm2
-rw-r--r--gnu/packages/maths.scm6
-rw-r--r--gnu/packages/mit-krb5.scm20
-rw-r--r--gnu/packages/mono.scm2
-rw-r--r--gnu/packages/mp3.scm2
-rw-r--r--gnu/packages/multiprecision.scm4
-rw-r--r--gnu/packages/music.scm12
-rw-r--r--gnu/packages/nano.scm2
-rw-r--r--gnu/packages/networking.scm2
-rw-r--r--gnu/packages/ocaml.scm2
-rw-r--r--gnu/packages/openldap.scm5
-rw-r--r--gnu/packages/package-management.scm2
-rw-r--r--gnu/packages/patches/binutils-mips-bash-bug.patch22
-rw-r--r--gnu/packages/patches/cmake-fix-tests.patch83
-rw-r--r--gnu/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch142
-rw-r--r--gnu/packages/patches/expat-CVE-2015-1283-refix.patch39
-rw-r--r--gnu/packages/patches/expat-CVE-2016-0718.patch761
-rw-r--r--gnu/packages/patches/flex-CVE-2016-6354.patch30
-rw-r--r--gnu/packages/patches/fontconfig-CVE-2016-5384.patch170
-rw-r--r--gnu/packages/patches/gawk-fts-test.patch51
-rw-r--r--gnu/packages/patches/gcc-arm-bug-71399.patch55
-rw-r--r--gnu/packages/patches/guile-relocatable.patch14
-rw-r--r--gnu/packages/patches/linux-pam-no-setfsuid.patch75
-rw-r--r--gnu/packages/patches/perl-CVE-2015-8607.patch68
-rw-r--r--gnu/packages/patches/perl-CVE-2016-2381.patch116
-rw-r--r--gnu/packages/patches/perl-no-build-time.patch26
-rw-r--r--gnu/packages/patches/perl-reproducible-build-date.patch50
-rw-r--r--gnu/packages/patches/perl-source-date-epoch.patch19
-rw-r--r--gnu/packages/patches/procps-non-linux.patch40
-rw-r--r--gnu/packages/patches/python-3.4-fix-tests.patch12
-rw-r--r--gnu/packages/patches/python-3.5-fix-tests.patch46
-rw-r--r--gnu/packages/patches/python-disable-ssl-test.patch12
-rw-r--r--gnu/packages/patches/python-fix-tests.patch15
-rw-r--r--gnu/packages/pdf.scm53
-rw-r--r--gnu/packages/perl.scm68
-rw-r--r--gnu/packages/plotutils.scm3
-rw-r--r--gnu/packages/python.scm54
-rw-r--r--gnu/packages/readline.scm4
-rw-r--r--gnu/packages/sawfish.scm2
-rw-r--r--gnu/packages/scheme.scm2
-rw-r--r--gnu/packages/shishi.scm3
-rw-r--r--gnu/packages/skribilo.scm3
-rw-r--r--gnu/packages/statistics.scm8
-rw-r--r--gnu/packages/terminals.scm2
-rw-r--r--gnu/packages/texinfo.scm16
-rw-r--r--gnu/packages/tls.scm30
-rw-r--r--gnu/packages/version-control.scm6
-rw-r--r--gnu/packages/video.scm4
-rw-r--r--gnu/packages/vpn.scm2
-rw-r--r--gnu/packages/w3m.scm2
-rw-r--r--gnu/packages/webkit.scm2
-rw-r--r--gnu/packages/wicd.scm2
-rw-r--r--gnu/packages/wine.scm2
-rw-r--r--gnu/packages/xdisorg.scm10
-rw-r--r--gnu/packages/xml.scm21
-rw-r--r--gnu/packages/xorg.scm54
-rw-r--r--gnu/system.scm7
-rw-r--r--guix/build/gnu-build-system.scm96
-rw-r--r--guix/build/utils.scm134
-rw-r--r--guix/packages.scm7
-rw-r--r--guix/profiles.scm21
-rw-r--r--m4/guix.m43
-rw-r--r--tests/build-utils.scm88
115 files changed, 1766 insertions, 2637 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 867946dc24..db3762278c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -5,6 +5,7 @@
 # Copyright © 2013, 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 # Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
 # Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+# Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
 #
 # This file is part of GNU Guix.
 #
@@ -467,6 +468,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/bigloo-gc-shebangs.patch			\
   %D%/packages/patches/binutils-ld-new-dtags.patch		\
   %D%/packages/patches/binutils-loongson-workaround.patch	\
+  %D%/packages/patches/binutils-mips-bash-bug.patch		\
   %D%/packages/patches/byobu-writable-status.patch		\
   %D%/packages/patches/calibre-drop-unrar.patch			\
   %D%/packages/patches/calibre-no-updates-dialog.patch		\
@@ -505,9 +507,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/emacs-source-date-epoch.patch		\
   %D%/packages/patches/eudev-rules-directory.patch		\
   %D%/packages/patches/evilwm-lost-focus-bug.patch		\
-  %D%/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch	\
-  %D%/packages/patches/expat-CVE-2015-1283-refix.patch		\
-  %D%/packages/patches/expat-CVE-2016-0718.patch		\
   %D%/packages/patches/expat-CVE-2016-0718-fix-regression.patch	\
   %D%/packages/patches/fastcap-mulGlobal.patch			\
   %D%/packages/patches/fastcap-mulSetup.patch			\
@@ -518,14 +517,14 @@ dist_patch_DATA =						\
   %D%/packages/patches/fasthenry-spFactor.patch			\
   %D%/packages/patches/findutils-localstatedir.patch		\
   %D%/packages/patches/findutils-test-xargs.patch		\
+  %D%/packages/patches/flex-CVE-2016-6354.patch			\
   %D%/packages/patches/flint-ldconfig.patch			\
   %D%/packages/patches/fltk-shared-lib-defines.patch		\
   %D%/packages/patches/fltk-xfont-on-demand.patch		\
-  %D%/packages/patches/fontconfig-CVE-2016-5384.patch		\
   %D%/packages/patches/fontforge-svg-modtime.patch		\
   %D%/packages/patches/freeimage-CVE-2015-0852.patch		\
-  %D%/packages/patches/gawk-fts-test.patch			\
   %D%/packages/patches/gawk-shell.patch				\
+  %D%/packages/patches/gcc-arm-bug-71399.patch			\
   %D%/packages/patches/gcc-arm-link-spec-fix.patch		\
   %D%/packages/patches/gcc-cross-environment-variables.patch	\
   %D%/packages/patches/gcc-libvtv-runpath.patch			\
@@ -680,6 +679,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libxv-CVE-2016-5407.patch		\
   %D%/packages/patches/libxvmc-CVE-2016-7953.patch		\
   %D%/packages/patches/libxslt-generated-ids.patch		\
+  %D%/packages/patches/linux-pam-no-setfsuid.patch		\
   %D%/packages/patches/lirc-localstatedir.patch			\
   %D%/packages/patches/llvm-for-extempore.patch			\
   %D%/packages/patches/lm-sensors-hwmon-attrs.patch		\
@@ -746,8 +746,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/patch-hurd-path-max.patch		\
   %D%/packages/patches/pcre-CVE-2016-3191.patch			\
   %D%/packages/patches/pcre2-CVE-2016-3191.patch		\
-  %D%/packages/patches/perl-CVE-2015-8607.patch			\
-  %D%/packages/patches/perl-CVE-2016-2381.patch			\
   %D%/packages/patches/perl-autosplit-default-time.patch	\
   %D%/packages/patches/perl-deterministic-ordering.patch	\
   %D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \
@@ -756,10 +754,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/perl-net-amazon-s3-moose-warning.patch	\
   %D%/packages/patches/perl-net-ssleay-disable-ede-test.patch	\
   %D%/packages/patches/perl-net-dns-resolver-programmable-Fix-broken-interface.patch	\
-  %D%/packages/patches/perl-no-build-time.patch			\
   %D%/packages/patches/perl-no-sys-dirs.patch			\
   %D%/packages/patches/perl-module-pluggable-search.patch	\
-  %D%/packages/patches/perl-source-date-epoch.patch		\
+  %D%/packages/patches/perl-reproducible-build-date.patch	\
   %D%/packages/patches/pidgin-add-search-path.patch		\
   %D%/packages/patches/pinball-const-fix.patch			\
   %D%/packages/patches/pinball-cstddef.patch			\
@@ -775,7 +772,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/portmidi-modular-build.patch		\
   %D%/packages/patches/procmail-ambiguous-getline-debian.patch  \
   %D%/packages/patches/procmail-CVE-2014-3618.patch		\
-  %D%/packages/patches/procps-non-linux.patch			\
   %D%/packages/patches/pt-scotch-build-parallelism.patch	\
   %D%/packages/patches/pulseaudio-fix-mult-test.patch		\
   %D%/packages/patches/pulseaudio-longer-test-timeout.patch	\
@@ -789,8 +785,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/python-2.7-source-date-epoch.patch	\
   %D%/packages/patches/python-3-deterministic-build-info.patch	\
   %D%/packages/patches/python-3-search-paths.patch		\
+  %D%/packages/patches/python-3.4-fix-tests.patch		\
+  %D%/packages/patches/python-3.5-fix-tests.patch		\
   %D%/packages/patches/python-dendropy-exclude-failing-tests.patch \
-  %D%/packages/patches/python-disable-ssl-test.patch		\
   %D%/packages/patches/python-django-fix-testcase.patch		\
   %D%/packages/patches/python-fix-tests.patch			\
   %D%/packages/patches/python-ipython-inputhook-ctype.patch	\
diff --git a/gnu/packages/acl.scm b/gnu/packages/acl.scm
index 415fae496b..ae6764993b 100644
--- a/gnu/packages/acl.scm
+++ b/gnu/packages/acl.scm
@@ -59,7 +59,7 @@
           %standard-phases))))
     (inputs `(("attr" ,attr)))
     (native-inputs
-     `(("gettext" ,gnu-gettext)
+     `(("gettext" ,gettext-minimal)
        ("perl" ,perl)))
     (home-page "http://savannah.nongnu.org/projects/acl")
     (synopsis
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index cfb33c40c3..f608259382 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -178,7 +178,7 @@ interface and is based on GNU Guile.")
         "0zk1ppx93ijimf4sbgqilxxikpsa2gmpbynknyh41xy7jbdjxp0b"))))
    (build-system cmake-build-system)
    (arguments '(#:tests? #f)) ; There are no tests.
-   (native-inputs `(("gettext" ,gnu-gettext)))
+   (native-inputs `(("gettext" ,gettext-minimal)))
    (home-page "http://projects.gw-computing.net/projects/dfc")
    (synopsis "Display file system space usage using graphs and colors")
    (description
@@ -1771,7 +1771,7 @@ highly portable.  Great for heterogenous networks.")
          (delete 'configure)))) ; no configure script
     (inputs
      `(("gtk+" ,gtk+)
-       ("gnu-gettext" ,gnu-gettext)
+       ("gettext" ,gettext-minimal)
        ("libnotify" ,libnotify)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm
index 9e19d5552f..32f23597ae 100644
--- a/gnu/packages/algebra.scm
+++ b/gnu/packages/algebra.scm
@@ -534,14 +534,14 @@ a C program.")
 (define-public fftw
   (package
     (name "fftw")
-    (version "3.3.4")
+    (version "3.3.5")
     (source (origin
              (method url-fetch)
              (uri (string-append "ftp://ftp.fftw.org/pub/fftw/fftw-"
                                  version".tar.gz"))
              (sha256
               (base32
-               "10h9mzjxnwlsjziah4lri85scc05rlajz39nqf3mbh4vja8dw34g"))))
+               "1kwbx92ps0r7s2mqy7lxbxanslxdzj7dp7r7gmdkzv1j8yqf3kwf"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--enable-shared" "--enable-openmp")
diff --git a/gnu/packages/apl.scm b/gnu/packages/apl.scm
index 5b55c9cef3..1c7d42b713 100644
--- a/gnu/packages/apl.scm
+++ b/gnu/packages/apl.scm
@@ -41,7 +41,7 @@
     (build-system gnu-build-system)
     (home-page "http://www.gnu.org/software/apl/")
     (inputs
-     `(("gettext" ,gnu-gettext)
+     `(("gettext" ,gettext-minimal)
        ("lapack" ,lapack)
        ("sqlite" ,sqlite)
        ("readline" ,readline)))
diff --git a/gnu/packages/attr.scm b/gnu/packages/attr.scm
index 53766af06f..907a568bdd 100644
--- a/gnu/packages/attr.scm
+++ b/gnu/packages/attr.scm
@@ -69,7 +69,7 @@
          '()
          `(("perl" ,perl))))
     (native-inputs
-     `(("gettext" ,gnu-gettext)))
+     `(("gettext" ,gettext-minimal)))
 
     (home-page "http://savannah.nongnu.org/projects/attr/")
     (synopsis "Library and tools for manipulating extended attributes")
diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index 3d889ee4d0..192fb0e231 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -364,7 +364,7 @@ tools (analyzer, mono/stereo tools, crossovers).")
        ("liblo" ,liblo)
        ("ladspa" ,ladspa)
        ("jack" ,jack-1)
-       ("gettext" ,gnu-gettext)))
+       ("gettext" ,gettext-minimal)))
     (native-inputs
      `(("bison" ,bison)
        ("flex" ,flex)
@@ -915,7 +915,7 @@ patches that can be used with softsynths such as Timidity and WildMidi.")
      `(("gperf" ,gperf)
        ("faust" ,faust)
        ("intltool" ,intltool)
-       ("gettext" ,gnu-gettext)
+       ("gettext" ,gettext-minimal)
        ("pkg-config" ,pkg-config)))
     (native-search-paths
      (list (search-path-specification
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index 797c06e149..fca601fef3 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -172,13 +172,17 @@ backups (called chunks) to allow easy burning to CD/DVD.")
 (define-public libarchive
   (package
     (name "libarchive")
-    (replacement libarchive/fixed)
     (version "3.2.1")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "http://libarchive.org/downloads/libarchive-"
                            version ".tar.gz"))
+       (patches (search-patches
+                  "libarchive-7zip-heap-overflow.patch"
+                  "libarchive-fix-symlink-check.patch"
+                  "libarchive-fix-filesystem-attacks.patch"
+                  "libarchive-safe_fprintf-buffer-overflow.patch"))
        (sha256
         (base32
          "1lngng84k1kkljl74q0cdqc3s82vn2kimfm02dgm4d6m7x71mvkj"))))
@@ -228,17 +232,6 @@ archive.  In particular, note that there is currently no built-in support for
 random access nor for in-place modification.")
     (license license:bsd-2)))
 
-(define libarchive/fixed
-  (package
-    (inherit libarchive)
-    (source (origin
-              (inherit (package-source libarchive))
-              (patches (search-patches
-                         "libarchive-7zip-heap-overflow.patch"
-                         "libarchive-fix-symlink-check.patch"
-                         "libarchive-fix-filesystem-attacks.patch"
-                         "libarchive-safe_fprintf-buffer-overflow.patch"))))))
-
 (define-public rdup
   (package
     (name "rdup")
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index a476837102..0ea6114830 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -88,6 +88,20 @@ command-line arguments, multiple languages, and so on.")
             (patches (search-patches "grep-timing-sensitive-test.patch"))))
    (build-system gnu-build-system)
    (native-inputs `(("perl" ,perl)))             ;some of the tests require it
+   (arguments
+    `(#:phases
+      (modify-phases %standard-phases
+        (add-after 'install 'fix-egrep-and-fgrep
+          ;; Patch 'egrep' and 'fgrep' to execute 'grep' via its
+          ;; absolute file name instead of searching for it in $PATH.
+          (lambda* (#:key outputs #:allow-other-keys)
+            (let* ((out (assoc-ref outputs "out"))
+                   (bin (string-append out "/bin")))
+              (substitute* (list (string-append bin "/egrep")
+                                 (string-append bin "/fgrep"))
+                (("^exec grep")
+                 (string-append "exec " bin "/grep")))
+              #t))))))
    (synopsis "Print lines matching a pattern")
    (description
      "grep is a tool for finding text inside files.  Text is found by
@@ -205,14 +219,14 @@ differences.")
 (define-public diffutils
   (package
    (name "diffutils")
-   (version "3.3")
+   (version "3.5")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/diffutils/diffutils-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "1761vymxbp4wb5rzjvabhdkskk95pghnn67464byvzb5mfl8jpm2"))))
+              "0csmqfz8ks23kdjsq0v2ll1acqiz8lva06dj19mwmymrsp69ilys"))))
    (build-system gnu-build-system)
    (synopsis "Comparing and merging files")
    (description
@@ -325,30 +339,30 @@ functionality beyond that which is outlined in the POSIX standard.")
 (define-public gnu-make
   (package
    (name "make")
-   (version "4.2")
+   (version "4.2.1")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/make/make-" version
                                 ".tar.bz2"))
             (sha256
              (base32
-              "0pv5rvz5pp4njxiz3syf786d2xp4j7gzddwjvgw5zmz55yvf6p2f"))
+              "12f5zzyq2w56g95nni65hc0g5p7154033y2f3qmjvd016szn5qnn"))
             (patches (search-patches "make-impure-dirs.patch"))))
    (build-system gnu-build-system)
    (native-inputs `(("pkg-config" ,pkg-config)))  ; to detect Guile
    (inputs `(("guile" ,guile-2.0)))
    (outputs '("out" "debug"))
    (arguments
-    '(#:phases (alist-cons-before
-                'build 'set-default-shell
-                (lambda* (#:key inputs #:allow-other-keys)
-                  ;; Change the default shell from /bin/sh.
-                  (let ((bash (assoc-ref inputs "bash")))
-                    (substitute* "job.c"
-                      (("default_shell =.*$")
-                       (format #f "default_shell = \"~a/bin/bash\";\n"
-                               bash)))))
-                %standard-phases)))
+    '(#:phases
+      (modify-phases %standard-phases
+        (add-before 'build 'set-default-shell
+          (lambda* (#:key inputs #:allow-other-keys)
+            ;; Change the default shell from /bin/sh.
+            (let ((bash (assoc-ref inputs "bash")))
+              (substitute* "job.c"
+                (("default_shell =.*$")
+                 (format #f "default_shell = \"~a/bin/bash\";\n"
+                         bash)))))))))
    (synopsis "Remake files automatically")
    (description
     "Make is a program that is used to control the production of
@@ -363,16 +377,17 @@ change.  GNU make offers many powerful extensions over the standard utility.")
 (define-public binutils
   (package
    (name "binutils")
-   (version "2.25.1")
+   (version "2.27")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/binutils/binutils-"
                                 version ".tar.bz2"))
             (sha256
              (base32
-              "08lzmhidzc16af1zbx34f8cy4z7mzrswpdbhrb8shy3xxpflmcdm"))
+              "125clslv17xh1sab74343fg6v31msavpmaa1c1394zsqa773g5rn"))
             (patches (search-patches "binutils-ld-new-dtags.patch"
-                                     "binutils-loongson-workaround.patch"))))
+                                     "binutils-loongson-workaround.patch"
+                                     "binutils-mips-bash-bug.patch"))))
    (build-system gnu-build-system)
 
    ;; TODO: Add dependency on zlib + those for Gold.
@@ -476,14 +491,14 @@ store.")
 (define-public glibc/linux
   (package
    (name "glibc")
-   (version "2.23")
+   (version "2.24")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/glibc/glibc-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "1s8krs3y2n6pzav7ic59dz41alqalphv7vww4138ag30wh0fpvwl"))
+              "1lxmprg9gm73gvafxd503x70z32phwjzcy74i0adfi6ixzla7m4r"))
             (snippet
              ;; Disable 'ldconfig' and /etc/ld.so.cache.  The latter is
              ;; required on LFS distros to avoid loading the distro's libc.so
@@ -511,7 +526,7 @@ store.")
       #:parallel-build? #f
 
       ;; The libraries have an empty RUNPATH, but some, such as the versioned
-      ;; libraries (libdl-2.23.so, etc.) have ld.so marked as NEEDED.  Since
+      ;; libraries (libdl-2.24.so, etc.) have ld.so marked as NEEDED.  Since
       ;; these libraries are always going to be found anyway, just skip
       ;; RUNPATH checks.
       #:validate-runpath? #f
@@ -527,7 +542,7 @@ store.")
             ;; Set the default locale path.  In practice, $LOCPATH may be
             ;; defined to point whatever locales users want.  However, setuid
             ;; binaries don't honor $LOCPATH, so they'll instead look into
-            ;; $libc_cv_localedir; we choose /run/current-system/locale/X.Y,
+            ;; $libc_cv_complocaledir; we choose /run/current-system/locale/X.Y,
             ;; with the idea that it is going to be populated by the sysadmin.
             ;; The "X.Y" sub-directory is because locale data formats are
             ;; incompatible across libc versions; see
@@ -535,8 +550,7 @@ store.")
             ;;
             ;; `--localedir' is not honored, so work around it.
             ;; See <http://sourceware.org/ml/libc-alpha/2013-03/msg00093.html>.
-            ;; FIXME: This hack no longer works on 2.23!
-            (string-append "libc_cv_localedir=/run/current-system/locale/"
+            (string-append "libc_cv_complocaledir=/run/current-system/locale/"
                            ,version)
 
             (string-append "--with-headers="
@@ -629,7 +643,7 @@ store.")
    ;; install the message catalogs, with 'msgfmt'.
    (native-inputs `(("texinfo" ,texinfo)
                     ("perl" ,perl)
-                    ("gettext" ,gnu-gettext)))
+                    ("gettext" ,gettext-minimal)))
 
    (native-search-paths
     ;; Search path for packages that provide locale data.  This is useful
@@ -905,7 +919,7 @@ command.")
 (define-public tzdata
   (package
     (name "tzdata")
-    (version "2015g")
+    (version "2016f")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -913,7 +927,7 @@ command.")
                    version ".tar.gz"))
              (sha256
               (base32
-               "0qb1awqrn3215zd2jikpqnmkzrxwfjf0d3dw2xmnk4c40yzws8xr"))))
+               "1c024mg4gy572vgdj9rk4dqnb33iap06zs8ibasisbyi1089b37d"))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f
@@ -960,7 +974,7 @@ command.")
                                 version ".tar.gz"))
                           (sha256
                            (base32
-                            "1i3y1kzjiz2j62c7vd4wf85983sqk9x9lg3473njvbdz4kph5r0q"))))))
+                            "1vb6n29ik7dzhffzzcnskbhmn6h1dxzan3zanbp118wh8hw5yckj"))))))
     (home-page "http://www.iana.org/time-zones")
     (synopsis "Database of current and historical time zones")
     (description "The Time Zone Database (often called tz or zoneinfo)
diff --git a/gnu/packages/bash.scm b/gnu/packages/bash.scm
index bddb83046a..01168ade16 100644
--- a/gnu/packages/bash.scm
+++ b/gnu/packages/bash.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
 ;;;
@@ -51,52 +51,10 @@
   (list (bash-patch seqno (base32 hash))
         ...))
 
-(define %patch-series-4.3
-  ;; This is the current patches series for 4.3, generated using
+(define %patch-series-4.4
+  ;; This is the current patches series for 4.4, generated using
   ;; 'download-patches' below.
-  (patch-series
-   (1 "0hip2n2s5hws8p4nfcz37379zn6cak83ljsm64z52rw6ckrdzczc")
-   (2 "0ashj5d1g3zbyr7zf0r72s5wnk96cz1xj919y3jajadbc9qcvrzf")
-   (3 "0z88q4daq7dmw93iqd9c5i5d1sndklih3nrh0v75746da2n6w3h0")
-   (4 "0f0kh9j5k4ym6knshscx31przm50x5cc7ifkwqk0swh6clna982y")
-   (5 "1ym3b8b7lgmdp3dklp8qaqhyq965wd5392namq8mz7rb0d231j0s")
-   (6 "04q20igq49py49ynb0f83f6f52cdkyqwd9bpic6akr0m5pkqwr50")
-   (7 "18zkz23d9myshrwfcwcdjk7qmkqp8az5n91ni9jaixlwqlhy64qi")
-   (8 "0pprcwvh7ngdli0x95pc1cpssg4qg7layi9xrv2jq6c7965ajhcr")
-   (9 "19a0pf0alp30d1bjj0zf3zq2f5n0s6y91w7brm9jyswl51kns8n0")
-   (10 "1dzhr5ammyijisz48cqi5vaw26hfr5vh9smnqxq4qc9p06f7j1ff")
-   (11 "0fvzdzzi142a8rf3v965r6gbpn0k7fv2gif1yq8a4160vcn40qvw")
-   (12 "04lcgfcyz7p3zagb4hkia3hkpd7lii9m8ycy9qqwzyrm1c1pj4ry")
-   (13 "0y9cqi378z6flapkd5k5lfl4lq3ivzg4njj3i3wmw7xb6r9wma5z")
-   (14 "04xcb0k9fxxq4vashgzb98567xzdnm4655nlm4jvfvjv6si6ykas")
-   (15 "13ay6lldy1p00xj41nfjpq8lai3vw2qwca79gx6s80z04j53wa8k")
-   (16 "0wq7bvx3pfw90pnfb86yg5nr9jgjsvm2nq5rrkqxf6zn977hpmlj")
-   (17 "103p7sibihv6cshqj12k546zsbz0dnd5cv5vlx1719avddfc4rqj")
-   (18 "0n1x3812y1brb9xbabaj3fvr4cpvm2225iwckmqk2fcpkq5b9a3s")
-   (19 "08rd1p7zpzgbpmmmnj2im8wj2pcwmbbx51psr9vdc5c049si9ad7")
-   (20 "163c6g05qpag2plx5q795pmw3f3m904jy7z93xj2i08pgzc8cpna")
-   (21 "1a90cl3h10dh8k9f2ddrsjmw5ywaw2d5x78xb4fd2sryi039yhs1")
-   (22 "120s0s4qcqd0q12j1iv0hkpf9fp3w5jnqw646kv66n66jnxlfkgx")
-   (23 "1m00sfi88p2akgiyrg4hw0gvz3s1586pkzjdr3dm73vs773m1hls")
-   (24 "0v0gjqzjsqjfgj5x17fq7g649k94jn8zq92qsxkhc2d6l215hl1v")
-   (25 "0lcj96i659q35f1jcmwwbnw3p7w7vvlxjxqi989vn6d6qksqcl8y") ;CVE-2014-6271
-   (26 "0k919ir0inwn4wai2vdzpbwqq5h54fnrlkmgccxjg91v3ch15k1f") ;CVE-2014-7169
-   (27 "1gnsfvq6bhb3srlbh0cannj2hackdsipcg7z0ds7zlk1hp96mdqy")
-   (28 "17a65c4fn4c5rgsiw9gqqnzhznh3gwnd2xzzv2dppyi48znxpc78") ;CVE-2014-7186
-   (29 "14k27p28r5l2fz3r03kd0x72vvsq8bja8c6hjz5kxikbzsbs7i2c") ;CVE-2014-6277
-   (30 "0nrqb0m7s89qsrbfaffpilc5gcf82bx9yvgzld4hr79p5y54yhw5") ;CVE-2014-6278
-   (31 "07d62bl3z7qa8v6kgk47vzzazw563mlk9zhrsr4xsbqgvmcrylnd")
-   (32 "0jjgapfq4qhmndfrw8c3q3lva8xjdhlbd9cc631v41b0kb95g4w8")
-   (33 "05ma5rlxiadnfh925p4y7s0vvk917kmsdb1mfdx05gizl63pfapv")
-   (34 "12gq9whkq3naa3iy7c7x5pfpvrg7d0kwqld8609zxphhy424ysgi")
-   (35 "1qy1jflmbazjykq766gwabkaiswnx7pwa66whqiny0w02zjqa39p")
-   (36 "0z6jbyy70lfdm6d3x0sbazbqdxb3xnpn9bmz7madpvrnbd284pxc")
-   (37 "04sqr8zkl6s5fccfvb775ppn3ldij5imria9swc39aq0fkfp1w9k")
-   (38 "0rv3g14mpgv8br267bf7rmgqlgwnc4v6g3g8y0sjba571i8amgmd")
-   (39 "1v3l3vkc3g2b6fjycqwlakr8xhiw6bmw6q0zd6bi0m0m4bnxr55b")
-   (40 "0sypv66vsldmc95gwvf7ylz1k7y37vnvdsjg8ajjr6b2j9mkkfw4")
-   (41 "06ic2gdpbi1afik3wqf9d4vh95if4bz8bmhcgr555621dsb35i2f")
-   (42 "06a90k0p6bqc4wk2dsmapna69124an76xvlnlj3xm497vci968dc")))
+  (patch-series))
 
 (define (download-patches store count)
   "Download COUNT Bash patches into store.  Return a list of
@@ -134,34 +92,7 @@ number/base32-hash tuples, directly usable in the 'patch-series' form."
                " -Wl,-rpath -Wl,"
                (assoc-ref %build-inputs "ncurses")
                "/lib")))
-         (post-install-phase
-          '(lambda* (#:key outputs #:allow-other-keys)
-             ;; Add a `bash' -> `sh' link.
-             (let ((out (assoc-ref outputs "out")))
-               (with-directory-excursion (string-append out "/bin")
-                 (symlink "bash" "sh")))))
-         (install-headers-phase
-          '(lambda* (#:key outputs #:allow-other-keys)
-             ;; Install Bash headers so that packages that provide extensions
-             ;; can use them.  We install them in include/bash; that's what
-             ;; Debian does and what Bash extensions like recutils or
-             ;; guile-bash expect.
-             (let ((include (string-append (assoc-ref outputs "include")
-                                            "/include/bash"))
-                   (includes "^\\./include/[^/]+\\.h$")
-                   (headers "^\\./(builtins/|lib/glob/|lib/tilde/|)[^/]+\\.h$"))
-               (mkdir-p include)
-               (for-each (lambda (file)
-                           (when (string-match includes file)
-                             (install-file file include))
-                           (when (string-match headers file)
-                             (install-file file
-                                           (string-append include "/"
-                                                          (dirname file)))))
-                         (find-files "." "\\.h$"))
-               (delete-file (string-append include "/" "y.tab.h"))
-               #t)))
-         (version "4.3"))
+         (version "4.4"))
     (package
      (name "bash")
      (source (origin
@@ -170,22 +101,16 @@ number/base32-hash tuples, directly usable in the 'patch-series' form."
                     "mirror://gnu/bash/bash-" version ".tar.gz"))
               (sha256
                (base32
-                "1m14s1f61mf6bijfibcjm9y6pkyvz6gibyl8p4hxq90fisi8gimg"))
+                "1jyz6snd63xjn6skk7za6psgidsd53k05cr3lksqybi0q6936syq"))
               (patch-flags '("-p0"))
-              (patches %patch-series-4.3)
-
-              ;; The patches above modify 'parse.y', so force a rebuild of the
-              ;; parser.
-              (snippet '(for-each delete-file
-                                  '("y.tab.c" "y.tab.h" "parser-built")))))
+              (patches %patch-series-4.4)))
      (version (string-append version "."
-                             (number->string (length %patch-series-4.3))))
+                             (number->string (length %patch-series-4.4))))
      (build-system gnu-build-system)
 
      (outputs '("out"
                 "doc"                         ;1.7 MiB of HTML and extra files
                 "include"))                   ;headers used by extensions
-     (native-inputs `(("bison" ,bison)))      ;to rebuild the parser
      (inputs `(("readline" ,readline)
                ("ncurses" ,ncurses)))             ;TODO: add texinfo
      (arguments
@@ -206,14 +131,41 @@ number/base32-hash tuples, directly usable in the 'patch-series' form."
         ;; for now.
         #:tests? #f
 
-        #:modules ((ice-9 regex)
+        #:modules ((srfi srfi-26)
                    (guix build utils)
                    (guix build gnu-build-system))
 
-        #:phases (modify-phases %standard-phases
-                   (add-after 'install 'post-install ,post-install-phase)
-                   (add-after 'install 'install-headers
-                     ,install-headers-phase))))
+        #:phases
+        (modify-phases %standard-phases
+          (add-after 'install 'install-sh-symlink
+            (lambda* (#:key outputs #:allow-other-keys)
+              ;; Add a `sh' -> `bash' link.
+              (let ((out (assoc-ref outputs "out")))
+                (with-directory-excursion (string-append out "/bin")
+                  (symlink "bash" "sh")))))
+
+          (add-after 'install 'move-development-files
+            (lambda* (#:key outputs #:allow-other-keys)
+              ;; Move 'Makefile.inc' and 'bash.pc' to "include" to avoid
+              ;; circular references among the outputs.
+              (let ((out     (assoc-ref outputs "out"))
+                    (include (assoc-ref outputs "include"))
+                    (lib     (cut string-append <> "/lib/bash")))
+                (mkdir-p (lib include))
+                (rename-file (string-append (lib out)
+                                            "/Makefile.inc")
+                             (string-append (lib include)
+                                            "/Makefile.inc"))
+                (rename-file (string-append out "/lib/pkgconfig")
+                             (string-append include
+                                            "/lib/pkgconfig"))
+                #t))))))
+
+     (native-search-paths
+      (list (search-path-specification            ;new in 4.4
+             (variable "BASH_LOADABLES_PATH")
+             (files '("lib/bash")))))
+
      (synopsis "The GNU Bourne-Again SHell")
      (description
       "Bash is the shell, or command-line interpreter, of the GNU system.  It
@@ -246,9 +198,17 @@ without modification.")
                  "--disable-net-redirections"
                  "--disable-nls"
 
+                 ;; Pretend 'dlopen' is missing so we don't build loadable
+                 ;; modules and related code.
+                 "ac_cv_func_dlopen=no"
+
                  ,@(if (%current-target-system)
                        '("bash_cv_job_control_missing=no")
-                       '()))))))))
+                       '())))
+         ((#:phases phases)
+          `(modify-phases ,phases
+             ;; No loadable modules.
+             (delete 'move-development-files))))))))
 
 (define-public static-bash
   ;; Statically-linked Bash that contains nothing but the 'bash' binary and
@@ -257,20 +217,23 @@ without modification.")
     (package
       (inherit bash)
       (name "bash-static")
+
+      ;; No "include" output because there's no support for loadable modules.
+      (outputs (delete "include" (package-outputs bash)))
+
       (arguments
        (substitute-keyword-arguments
            `(#:allowed-references ("out") ,@(package-arguments bash))
          ((#:phases phases)
-          `(alist-cons-after
-            'strip 'remove-everything-but-the-binary
-            (lambda* (#:key outputs #:allow-other-keys)
-              (let* ((out (assoc-ref outputs "out"))
-                     (bin (string-append out "/bin")))
-                (remove-store-references (string-append bin "/bash"))
-                (delete-file (string-append bin "/bashbug"))
-                (delete-file-recursively (string-append out "/share"))
-                #t))
-            ,phases)))))))
+          `(modify-phases ,phases
+             (add-after 'strip 'remove-everything-but-the-binary
+               (lambda* (#:key outputs #:allow-other-keys)
+                 (let* ((out (assoc-ref outputs "out"))
+                        (bin (string-append out "/bin")))
+                   (remove-store-references (string-append bin "/bash"))
+                   (delete-file (string-append bin "/bashbug"))
+                   (delete-file-recursively (string-append out "/share"))
+                   #t))))))))))
 
 (define-public bash-completion
   (package
diff --git a/gnu/packages/cdrom.scm b/gnu/packages/cdrom.scm
index 90a6a2e7a5..cdf0a4932e 100644
--- a/gnu/packages/cdrom.scm
+++ b/gnu/packages/cdrom.scm
@@ -205,7 +205,7 @@ reconstruction capability.")
     (inputs
      `(("gtk+" ,gtk+-2)))
     (native-inputs
-     `(("gettext" ,gnu-gettext)
+     `(("gettext" ,gettext-minimal)
        ("pkg-config" ,pkg-config)
        ("which" ,which)))
     (arguments
diff --git a/gnu/packages/cmake.scm b/gnu/packages/cmake.scm
index ac88e59ec1..86667ed6d1 100644
--- a/gnu/packages/cmake.scm
+++ b/gnu/packages/cmake.scm
@@ -37,7 +37,7 @@
 (define-public cmake
   (package
     (name "cmake")
-    (version "3.5.2")
+    (version "3.6.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://www.cmake.org/files/v"
@@ -45,7 +45,7 @@
                                  "/cmake-" version ".tar.gz"))
              (sha256
               (base32
-               "0ap6nlmv6nda942db43k9k9mhnm5dm3fsapzvy0vh6wq7l6l3n4j"))
+               "04ggm9c0zklxypm6df1v4klrrd85m6vpv13kasj42za283n9ivi8"))
              (patches (search-patches "cmake-fix-tests.patch"))))
     (build-system gnu-build-system)
     (arguments
@@ -97,15 +97,7 @@
                        "--mandir=share/man"
                        ,(string-append
                          "--docdir=share/doc/cmake-"
-                         (version-major+minor version)))))))
-         (add-after 'unpack 'remove-libarchive-version-test
-           ; This test check has been failing consistantly over libarchive 3.2.x
-           ; and cmake 3.4.x and 3.5.x so we disable it for now
-           (lambda _
-               (substitute*
-               "Tests/CMakeOnly/AllFindModules/CMakeLists.txt"
-               (("LibArchive") ""))
-               #t)))))
+                         (version-major+minor version))))))))))
     (inputs
      `(("file"       ,file)
        ("curl"       ,curl)
@@ -117,7 +109,7 @@
      (list (search-path-specification
              (variable "CMAKE_PREFIX_PATH")
              (files '("")))))
-    (home-page "http://www.cmake.org/")
+    (home-page "https://www.cmake.org/")
     (synopsis "Cross-platform build system")
     (description
      "CMake is a family of tools designed to build, test and package software.
diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm
index cce831bfb6..53ba7189b4 100644
--- a/gnu/packages/commencement.scm
+++ b/gnu/packages/commencement.scm
@@ -27,15 +27,18 @@
   #:use-module (gnu packages bash)
   #:use-module (gnu packages gcc)
   #:use-module (gnu packages m4)
+  #:use-module (gnu packages indent)
   #:use-module (gnu packages file)
   #:use-module (gnu packages gawk)
   #:use-module (gnu packages bison)
+  #:use-module (gnu packages flex)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages multiprecision)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages linux)
+  #:use-module (gnu packages hurd)
   #:use-module (gnu packages texinfo)
   #:use-module (gnu packages pkg-config)
   #:use-module (guix packages)
@@ -46,7 +49,8 @@
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-26)
   #:use-module (ice-9 vlist)
-  #:use-module (ice-9 match))
+  #:use-module (ice-9 match)
+  #:use-module (ice-9 regex))
 
 ;;; Commentary:
 ;;;
@@ -71,17 +75,15 @@
         #:tests? #f                  ; cannot run "make check"
         ,@(substitute-keyword-arguments (package-arguments gnu-make)
             ((#:phases phases)
-             `(alist-replace
-               'build (lambda _
-                        (zero? (system* "./build.sh")))
-               (alist-replace
-                'install (lambda* (#:key outputs #:allow-other-keys)
-                           (let* ((out (assoc-ref outputs "out"))
-                                  (bin (string-append out "/bin")))
-                             (mkdir-p bin)
-                             (copy-file "make"
-                                        (string-append bin "/make"))))
-                ,phases))))))
+             `(modify-phases ,phases
+                (replace 'build
+                  (lambda _
+                    (zero? (system* "./build.sh"))))
+                (replace 'install
+                  (lambda* (#:key outputs #:allow-other-keys)
+                    (let* ((out (assoc-ref outputs "out"))
+                           (bin (string-append out "/bin")))
+                      (install-file "make" bin)))))))))
      (native-inputs '())                          ; no need for 'pkg-config'
      (inputs %bootstrap-inputs))))
 
@@ -282,13 +284,55 @@
                            (lambda _
                              (substitute* "Configure"
                                (("^libswanted=(.*)pthread" _ before)
-                                (string-append "libswanted=" before)))))))))))))
+                                (string-append "libswanted=" before)))))))
+                     ;; Do not configure with '-Dusethreads' since pthread
+                     ;; support is missing.
+                     ((#:configure-flags configure-flags)
+                      `(delete "-Dusethreads" ,configure-flags))))))))
     (package-with-bootstrap-guile
      (package-with-explicit-inputs perl
                                    %boot0-inputs
                                    (current-source-location)
                                    #:guile %bootstrap-guile))))
 
+(define bison-boot0
+  ;; This Bison is needed to build MiG so we need it early in the process.
+  ;; It is also needed to rebuild Bash's parser, which is modified by
+  ;; its CVE patches.  Remove it when it's no longer needed.
+  (let* ((m4    (package-with-bootstrap-guile
+                 (package-with-explicit-inputs m4 %boot0-inputs
+                                               (current-source-location)
+                                               #:guile %bootstrap-guile)))
+         (bison (package (inherit bison)
+                  (propagated-inputs `(("m4" ,m4)))
+                  (inputs '())                    ;remove Flex...
+                  (arguments
+                   '(#:tests? #f                  ;... and thus disable tests
+
+                     ;; Zero timestamps in liby.a; this must be done
+                     ;; explicitly here because the bootstrap Binutils don't
+                     ;; do that (default is "cru".)
+                     #:make-flags '("ARFLAGS=crD" "RANLIB=ranlib -D"
+                                    "V=1"))))))
+    (package
+      (inherit (package-with-bootstrap-guile
+                (package-with-explicit-inputs bison %boot0-inputs
+                                              (current-source-location)
+                                              #:guile %bootstrap-guile)))
+      (native-inputs `(("perl" ,perl-boot0))))))
+
+(define flex-boot0
+  ;; This Flex is needed to build MiG.
+  (let* ((flex (package (inherit flex)
+                 (native-inputs `(("bison" ,bison-boot0)))
+                 (propagated-inputs `(("m4" ,m4)))
+                 (inputs `(("indent" ,indent)))
+                 (arguments '(#:tests? #f)))))
+    (package-with-bootstrap-guile
+     (package-with-explicit-inputs flex %boot0-inputs
+                                   (current-source-location)
+                                   #:guile %bootstrap-guile))))
+
 (define (linux-libre-headers-boot0)
   "Return Linux-Libre header files for the bootstrap environment."
   ;; Note: this is wrapped in a thunk to nicely handle circular dependencies
@@ -302,6 +346,63 @@
       `(("perl" ,perl-boot0)
         ,@%boot0-inputs)))))
 
+(define gnumach-headers-boot0
+  (package-with-bootstrap-guile
+   (package-with-explicit-inputs gnumach-headers
+                                 %boot0-inputs
+                                 (current-source-location)
+                                 #:guile %bootstrap-guile)))
+
+(define mig-boot0
+  (let* ((mig (package (inherit mig)
+                 (native-inputs `(("bison" ,bison-boot0)
+                                  ("flex" ,flex-boot0)))
+                 (inputs `(("flex" ,flex-boot0)))
+                 (arguments
+                  `(#:configure-flags
+                    `(,(string-append "LDFLAGS=-Wl,-rpath="
+                                      (assoc-ref %build-inputs "flex") "/lib/")))))))
+    (package-with-bootstrap-guile
+     (package-with-explicit-inputs mig %boot0-inputs
+                                   (current-source-location)
+                                   #:guile %bootstrap-guile))))
+
+(define hurd-headers-boot0
+  (let ((hurd-headers (package (inherit hurd-headers)
+                        (native-inputs `(("mig" ,mig-boot0)))
+                        (inputs '()))))
+    (package-with-bootstrap-guile
+     (package-with-explicit-inputs hurd-headers %boot0-inputs
+                                   (current-source-location)
+                                   #:guile %bootstrap-guile))))
+
+(define hurd-minimal-boot0
+  (let ((hurd-minimal (package (inherit hurd-minimal)
+                        (native-inputs `(("mig" ,mig-boot0)))
+                        (inputs '()))))
+    (package-with-bootstrap-guile
+     (package-with-explicit-inputs hurd-minimal %boot0-inputs
+                                   (current-source-location)
+                                   #:guile %bootstrap-guile))))
+
+(define (hurd-core-headers-boot0)
+  "Return the Hurd and Mach headers as well as initial Hurd libraries for
+the bootstrap environment."
+  (package-with-bootstrap-guile
+   (package (inherit hurd-core-headers)
+            (arguments `(#:guile ,%bootstrap-guile
+                                 ,@(package-arguments hurd-core-headers)))
+            (inputs
+             `(("gnumach-headers" ,gnumach-headers-boot0)
+               ("hurd-headers" ,hurd-headers-boot0)
+               ("hurd-minimal" ,hurd-minimal-boot0)
+               ,@%boot0-inputs)))))
+
+(define* (kernel-headers-boot0 #:optional (system (%current-system)))
+  (match system
+    ("i586-gnu" (hurd-core-headers-boot0))
+    (_ (linux-libre-headers-boot0))))
+
 (define texinfo-boot0
   ;; Texinfo used to build libc's manual.
   ;; We build without ncurses because it fails to build at this stage, and
@@ -320,9 +421,19 @@
                                    (current-source-location)
                                    #:guile %bootstrap-guile))))
 
+(define ld-wrapper-boot0
+  ;; We need this so binaries on Hurd will have libmachuser and libhurduser
+  ;; in their RUNPATH, otherwise validate-runpath will fail.
+  (make-ld-wrapper (string-append "ld-wrapper-" (boot-triplet))
+                   #:target (boot-triplet)
+                   #:binutils binutils-boot0
+                   #:guile %bootstrap-guile
+                   #:bash (car (assoc-ref %boot0-inputs "bash"))))
+
 (define %boot1-inputs
   ;; 2nd stage inputs.
   `(("gcc" ,gcc-boot0)
+    ("ld-wrapper-cross" ,ld-wrapper-boot0)
     ("binutils-cross" ,binutils-boot0)
     ,@(alist-delete "binutils" %boot0-inputs)))
 
@@ -356,6 +467,15 @@
                  (setenv "NATIVE_CPATH" (getenv "CPATH"))
                  (unsetenv "CPATH")
 
+                 ;; Tell 'libpthread' where to find 'libihash' on Hurd systems.
+                 ,@(if (string-match "i586-gnu" (%current-system))
+                       `((substitute* "libpthread/Makefile"
+                           (("LDLIBS-pthread.so =.*")
+                            (string-append "LDLIBS-pthread.so = "
+                                           (assoc-ref %build-inputs "kernel-headers")
+                                           "/lib/libihash.a\n"))))
+                       '())
+
                  ;; 'rpcgen' needs native libc headers to be built.
                  (substitute* "sunrpc/Makefile"
                    (("sunrpc-CPPFLAGS =.*" all)
@@ -363,7 +483,7 @@
                                    "export CPATH\n"
                                    all "\n"))))
                ,phases)))))
-     (propagated-inputs `(("kernel-headers" ,(linux-libre-headers-boot0))))
+     (propagated-inputs `(("kernel-headers" ,(kernel-headers-boot0))))
      (native-inputs
       `(("texinfo" ,texinfo-boot0)
         ("perl" ,perl-boot0)))
@@ -372,6 +492,11 @@
         ;; it in $CPATH, hence the 'pre-configure' phase above.
         ,@%boot1-inputs
 
+        ;; A native MiG is needed to build Glibc on Hurd.
+        ,@(if (string-match "i586-gnu" (%current-system))
+              `(("mig" ,mig-boot0))
+              '())
+
         ;; A native GCC is needed to build `cross-rpcgen'.
         ("native-gcc" ,@(assoc-ref %boot0-inputs "gcc"))
 
@@ -430,31 +555,6 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
        ("bash" ,bash)))
     (inputs '())))
 
-(define bison-boot1
-  ;; XXX: This Bison is needed to rebuild Bash's parser, which is modified by
-  ;; its CVE patches.  Remove it when it's no longer needed.
-  (let* ((m4    (package-with-bootstrap-guile
-                 (package-with-explicit-inputs m4 %boot0-inputs
-                                               (current-source-location)
-                                               #:guile %bootstrap-guile)))
-         (bison (package (inherit bison)
-                  (propagated-inputs `(("m4" ,m4)))
-                  (inputs '())                    ;remove Flex...
-                  (arguments
-                   '(#:tests? #f                  ;... and thus disable tests
-
-                     ;; Zero timestamps in liby.a; this must be done
-                     ;; explicitly here because the bootstrap Binutils don't
-                     ;; do that (default is "cru".)
-                     #:make-flags '("ARFLAGS=crD" "RANLIB=ranlib -D"
-                                    "V=1"))))))
-    (package
-      (inherit (package-with-bootstrap-guile
-                (package-with-explicit-inputs bison %boot0-inputs
-                                              (current-source-location)
-                                              #:guile %bootstrap-guile)))
-      (native-inputs `(("perl" ,perl-boot0))))))
-
 (define static-bash-for-glibc
   ;; A statically-linked Bash to be used by GLIBC-FINAL in system(3) & co.
   (let* ((gcc  (cross-gcc-wrapper gcc-boot0 binutils-boot0
@@ -468,23 +568,21 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
                    ("libc" ,glibc-final-with-bootstrap-bash)
                    ,@(fold alist-delete %boot1-inputs
                            '("gcc" "libc")))))
-    (package
-      (inherit (package-with-bootstrap-guile
-                (package-with-explicit-inputs bash inputs
-                                              (current-source-location)
-                                              #:guile %bootstrap-guile)))
-      (native-inputs `(("bison" ,bison-boot1))))))
+    (package-with-bootstrap-guile
+     (package-with-explicit-inputs bash inputs
+                                   (current-source-location)
+                                   #:guile %bootstrap-guile))))
 
 (define gettext-boot0
   ;; A minimal gettext used during bootstrap.
   (let ((gettext-minimal
-         (package (inherit gnu-gettext)
+         (package (inherit gettext-minimal)
            (name "gettext-boot0")
            (inputs '())                           ;zero dependencies
            (arguments
             (substitute-keyword-arguments
                 `(#:tests? #f
-                  ,@(package-arguments gnu-gettext))
+                  ,@(package-arguments gettext-minimal))
               ((#:phases phases)
                `(modify-phases ,phases
                   ;; Build only the tools.
@@ -527,7 +625,7 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
     ;; if 'allowed-references' were per-output.
     (arguments
      `(#:allowed-references
-       ,(cons* `(,gcc-boot0 "lib") (linux-libre-headers-boot0)
+       ,(cons* `(,gcc-boot0 "lib") (kernel-headers-boot0)
                static-bash-for-glibc
                (package-outputs glibc-final-with-bootstrap-bash))
 
@@ -679,13 +777,11 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
 (define bash-final
   ;; Link with `-static-libgcc' to make sure we don't retain a reference
   ;; to the bootstrap GCC.
-  (package
-    (inherit (package-with-bootstrap-guile
-              (package-with-explicit-inputs (static-libgcc-package bash)
-                                            %boot3-inputs
-                                            (current-source-location)
-                                            #:guile %bootstrap-guile)))
-    (native-inputs `(("bison" ,bison-boot1)))))
+  (package-with-bootstrap-guile
+   (package-with-explicit-inputs (static-libgcc-package bash)
+                                 %boot3-inputs
+                                 (current-source-location)
+                                 #:guile %bootstrap-guile)))
 
 (define %boot4-inputs
   ;; Now use the final Bash.
diff --git a/gnu/packages/cross-base.scm b/gnu/packages/cross-base.scm
index 3bd30fd78c..b4324c2aeb 100644
--- a/gnu/packages/cross-base.scm
+++ b/gnu/packages/cross-base.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2016 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -25,6 +26,7 @@
   #:use-module (gnu packages base)
   #:use-module (gnu packages commencement)
   #:use-module (gnu packages linux)
+  #:use-module (gnu packages hurd)
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix utils)
@@ -33,6 +35,7 @@
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-26)
   #:use-module (ice-9 match)
+  #:use-module (ice-9 regex)
   #:export (cross-binutils
             cross-libc
             cross-gcc))
@@ -292,12 +295,12 @@ GCC that does not target a libc; otherwise, target that libc."
             (files '("lib" "lib64")))))
     (native-search-paths '())))
 
-(define* (cross-libc target
-                     #:optional
-                     (xgcc (cross-gcc target))
-                     (xbinutils (cross-binutils target)))
-  "Return a libc cross-built for TARGET, a GNU triplet.  Use XGCC and
-XBINUTILS and the cross tool chain."
+(define* (cross-kernel-headers target
+                               #:optional
+                               (xgcc (cross-gcc target))
+                               (xbinutils (cross-binutils target)))
+  "Return headers depending on TARGET."
+
   (define xlinux-headers
     (package (inherit linux-libre-headers)
       (name (string-append (package-name linux-libre-headers)
@@ -320,6 +323,147 @@ XBINUTILS and the cross tool chain."
                        ("cross-binutils" ,xbinutils)
                        ,@(package-native-inputs linux-libre-headers)))))
 
+  (define xgnumach-headers
+    (package (inherit gnumach-headers)
+      (name (string-append (package-name gnumach-headers)
+                           "-cross-" target))
+
+      (native-inputs `(("cross-gcc" ,xgcc)
+                       ("cross-binutils" ,xbinutils)
+                       ,@(package-native-inputs gnumach-headers)))))
+
+  (define xmig
+    (package (inherit mig)
+      (name (string-append "mig-cross"))
+      (arguments
+       `(#:modules ((guix build gnu-build-system)
+                    (guix build utils)
+                    (srfi srfi-26))
+         #:phases (alist-cons-before
+                   'configure 'set-cross-headers-path
+                   (lambda* (#:key inputs #:allow-other-keys)
+                     (let* ((mach (assoc-ref inputs "cross-gnumach-headers"))
+                            (cpath (string-append mach "/include")))
+                       (for-each (cut setenv <> cpath)
+                                 '("CROSS_C_INCLUDE_PATH"
+                                   "CROSS_CPLUS_INCLUDE_PATH"
+                                   "CROSS_OBJC_INCLUDE_PATH"
+                                   "CROSS_OBJCPLUS_INCLUDE_PATH"))))
+                   %standard-phases)
+         #:configure-flags (list ,(string-append "--target=" target))
+         ,@(package-arguments mig)))
+
+      (propagated-inputs `(("cross-gnumach-headers" ,xgnumach-headers)))
+      (native-inputs `(("cross-gcc" ,xgcc)
+                       ("cross-binutils" ,xbinutils)
+                       ,@(package-native-inputs mig)))))
+
+  (define xhurd-headers
+    (package (inherit hurd-headers)
+      (name (string-append (package-name hurd-headers)
+                           "-cross-" target))
+
+      (propagated-inputs `(("cross-mig" ,xmig)))
+      (native-inputs `(("cross-gcc" ,xgcc)
+                       ("cross-binutils" ,xbinutils)
+                       ("cross-mig" ,xmig)
+                       ,@(alist-delete "mig"(package-native-inputs hurd-headers))))))
+
+   (define xglibc/hurd-headers
+    (package (inherit glibc/hurd-headers)
+      (name (string-append (package-name glibc/hurd-headers)
+                           "-cross-" target))
+
+      (arguments
+       (substitute-keyword-arguments
+           `(#:modules ((guix build gnu-build-system)
+                        (guix build utils)
+                        (srfi srfi-26))
+             ,@(package-arguments glibc/hurd-headers))
+         ((#:phases phases)
+          `(alist-cons-before
+            'pre-configure 'set-cross-headers-path
+            (lambda* (#:key inputs #:allow-other-keys)
+              (let* ((mach (assoc-ref inputs "gnumach-headers"))
+                     (hurd (assoc-ref inputs "hurd-headers"))
+                     (cpath (string-append mach "/include:"
+                                           hurd "/include")))
+                (for-each (cut setenv <> cpath)
+                          '("CROSS_C_INCLUDE_PATH"
+                            "CROSS_CPLUS_INCLUDE_PATH"
+                            "CROSS_OBJC_INCLUDE_PATH"
+                            "CROSS_OBJCPLUS_INCLUDE_PATH"))))
+            ,phases))))
+
+      (propagated-inputs `(("gnumach-headers" ,xgnumach-headers)
+                           ("hurd-headers" ,xhurd-headers)))
+
+      (native-inputs `(("cross-gcc" ,xgcc)
+                       ("cross-binutils" ,xbinutils)
+                       ("cross-mig" ,xmig)
+                       ,@(alist-delete "mig"(package-native-inputs glibc/hurd-headers))))))
+
+  (define xhurd-minimal
+    (package (inherit hurd-minimal)
+      (name (string-append (package-name hurd-minimal)
+                           "-cross-" target))
+      (arguments
+       (substitute-keyword-arguments
+         `(#:modules ((guix build gnu-build-system)
+                      (guix build utils)
+                      (srfi srfi-26))
+           ,@(package-arguments hurd-minimal))
+         ((#:phases phases)
+          `(alist-cons-before
+            'configure 'set-cross-headers-path
+            (lambda* (#:key inputs #:allow-other-keys)
+              (let* ((glibc-headers (assoc-ref inputs "cross-glibc-hurd-headers"))
+                    (cpath (string-append glibc-headers "/include")))
+                (for-each (cut setenv <> cpath)
+                          '("CROSS_C_INCLUDE_PATH"
+                            "CROSS_CPLUS_INCLUDE_PATH"
+                            "CROSS_OBJC_INCLUDE_PATH"
+                            "CROSS_OBJCPLUS_INCLUDE_PATH"))))
+            ,phases))))
+
+      (inputs `(("cross-glibc-hurd-headers" ,xglibc/hurd-headers)))
+
+      (native-inputs `(("cross-gcc" ,xgcc)
+                       ("cross-binutils" ,xbinutils)
+                       ("cross-mig" ,xmig)
+                       ,@(alist-delete "mig"(package-native-inputs hurd-minimal))))))
+
+  (define xhurd-core-headers
+    (package (inherit hurd-core-headers)
+      (name (string-append (package-name hurd-core-headers)
+                           "-cross-" target))
+
+      (inputs `(("gnumach-headers" ,xgnumach-headers)
+                ("hurd-headers" ,xhurd-headers)
+                ("hurd-minimal" ,xhurd-minimal)))
+
+      (native-inputs `(("cross-gcc" ,xgcc)
+                       ("cross-binutils" ,xbinutils)
+                       ("cross-mig" ,xmig)
+                       ,@(package-native-inputs hurd-core-headers)))))
+
+  (match target
+    ((or "i586-pc-gnu" "i586-gnu") xhurd-core-headers)
+    (_ xlinux-headers)))
+
+(define* (cross-libc target
+                     #:optional
+                     (xgcc (cross-gcc target))
+                     (xbinutils (cross-binutils target))
+                     (xheaders (cross-kernel-headers target)))
+  "Return a libc cross-built for TARGET, a GNU triplet.  Use XGCC and
+XBINUTILS and the cross tool chain."
+  (define (cross-libc-for-target target)
+    "Return libc depending on TARGET."
+    (match target
+      ((or "i586-pc-gnu" "i586-gnu") glibc/hurd)
+      (_ glibc/linux)))
+
   (package (inherit glibc)
     (name (string-append "glibc-cross-" target))
     (arguments
@@ -337,7 +481,9 @@ XBINUTILS and the cross tool chain."
                       (guix build utils)
                       (srfi srfi-26))
 
-           ,@(package-arguments glibc))
+           ;; Package-arguments does not use the correct libc, so we use
+           ;; (cross-libc-for-target ...) to determine the correct one.
+           ,@(package-arguments (cross-libc-for-target target)))
        ((#:configure-flags flags)
         `(cons ,(string-append "--host=" target)
                ,flags))
@@ -352,12 +498,14 @@ XBINUTILS and the cross tool chain."
                           "CROSS_CPLUS_INCLUDE_PATH"
                           "CROSS_OBJC_INCLUDE_PATH"
                           "CROSS_OBJCPLUS_INCLUDE_PATH"))
+              (setenv "CROSS_LIBRARY_PATH"
+                      (string-append kernel "/lib")) ;for Hurd's libihash
               #t))
           ,phases))))
 
     ;; Shadow the native "kernel-headers" because glibc's recipe expects the
     ;; "kernel-headers" input to point to the right thing.
-    (propagated-inputs `(("kernel-headers" ,xlinux-headers)))
+    (propagated-inputs `(("kernel-headers" ,xheaders)))
 
     ;; FIXME: 'static-bash' should really be an input, not a native input, but
     ;; to do that will require building an intermediate cross libc.
@@ -365,6 +513,11 @@ XBINUTILS and the cross tool chain."
 
     (native-inputs `(("cross-gcc" ,xgcc)
                      ("cross-binutils" ,xbinutils)
+                     ,@(if (string-match (or "i586-pc-gnu" "i586-gnu") target)
+                           `(("cross-mig"
+                              ,@(assoc-ref (package-native-inputs xheaders)
+                                           "cross-mig")))
+                           '())
                      ,@(package-inputs glibc)     ;FIXME: static-bash
                      ,@(package-native-inputs glibc)))))
 
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index 14084c91b1..88e9038dc3 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -189,7 +189,7 @@ communication.")
                                        #:directories? #t)))))
     (build-system cmake-build-system)
     (native-inputs
-     `(("gettext" ,gnu-gettext)
+     `(("gettext" ,gettext-minimal)
 
        ;; Test dependencies.
        ("expect" ,expect)
diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index e51dcb5e8c..1818220b4f 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -43,7 +43,7 @@
 (define-public cups-filters
   (package
     (name "cups-filters")
-    (version "1.4.0")
+    (version "1.11.2")
     (source (origin
               (method url-fetch)
               (uri
@@ -51,7 +51,7 @@
                               "cups-filters-" version ".tar.xz"))
               (sha256
                (base32
-                "16jpqqlixlv2dxqv8gak5qg4qnsnw4p745xr6rhw9dgylf13z9ha"))
+                "0x864p794m10kn157n6iv1q9nix5f7x82a8xwjf8hlvri4458j2b"))
               (modules '((guix build utils)))
               (snippet
                ;; install backends, banners and filters to cups-filters output
@@ -80,7 +80,8 @@
      `(("glib" ,glib "bin") ; for gdbus-codegen
        ("pkg-config" ,pkg-config)))
     (inputs
-     `(("fontconfig"   ,fontconfig)
+     `(("avahi"        ,avahi)
+       ("fontconfig"   ,fontconfig)
        ("freetype"     ,freetype)
        ("font-dejavu"  ,font-dejavu) ;needed by test suite
        ("ghostscript"  ,ghostscript)
@@ -94,7 +95,7 @@
        ("qpdf"         ,qpdf)
        ("poppler"      ,poppler)
        ("cups-minimal" ,cups-minimal)))
-    (home-page "http://www.linuxfoundation.org/collaborate/workgroups/openprinting/cups-filters")
+    (home-page "https://wiki.linuxfoundation.org/openprinting/cups-filters")
     (synopsis "OpenPrinting CUPS filters and backends")
     (description
      "Contains backends, filters, and other software that was once part of the
@@ -116,14 +117,18 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
 (define-public cups-minimal
   (package
     (name "cups-minimal")
-    (version "2.1.0")
+    (version "2.1.4")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://www.cups.org/software/"
-                                  version "/cups-" version "-source.tar.bz2"))
+              (uri (list (string-append "https://www.cups.org/software/"
+                                        version "/cups-"
+                                        version "-source.tar.gz")
+                         (string-append "https://github.com/apple/cups/releases"
+                                        "/download/release-" version
+                                        "/cups-" version "-source.tar.gz")))
               (sha256
                (base32
-                "1jfjqsw9l7jbn5kb9i96k0wj12kjdbgx0rd8157dif22hi0kh0ms"))))
+                "13bjxw256wd1nff22vj2z25mdhllj2h6d9xypsg55b40661zs52b"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
@@ -151,7 +156,7 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
     (inputs
      `(("zlib"  ,zlib)
        ("gnutls" ,gnutls)))
-    (home-page "http://www.cups.org")
+    (home-page "https://www.cups.org")
     (synopsis "The Common Unix Printing System")
     (description
      "CUPS is a printing system that uses the Internet Printing
@@ -178,122 +183,116 @@ device-specific programs to convert and print many types of files.")
        '("--disable-launchd"
          "--disable-systemd")
        #:phases
-       (alist-cons-before
-        'configure
-        'patch-makedefs
-        (lambda _
-          (substitute* "Makedefs.in"
-            (("INITDIR.*=.*@INITDIR@") "INITDIR = @prefix@/@INITDIR@")
-            (("/bin/sh") (which "sh"))))
-        (alist-cons-before
-         'check
-         'patch-tests
-         (lambda _
-           (let ((filters (assoc-ref %build-inputs "cups-filters"))
-                 (catpath (string-append
-                           (assoc-ref %build-inputs "coreutils") "/bin/"))
-                 (testdir (string-append (getcwd) "/tmp/")))
-             (mkdir testdir)
-             (substitute* "test/run-stp-tests.sh"
-               ((" *BASE=/tmp/") (string-append "BASE=" testdir))
+       (modify-phases %standard-phases
+         (add-before 'configure 'patch-makedefs
+           (lambda _
+             (substitute* "Makedefs.in"
+               (("INITDIR.*=.*@INITDIR@") "INITDIR = @prefix@/@INITDIR@")
+               (("/bin/sh") (which "sh")))))
+         (add-before 'check 'patch-tests
+           (lambda _
+             (let ((filters (assoc-ref %build-inputs "cups-filters"))
+                   (catpath (string-append
+                             (assoc-ref %build-inputs "coreutils") "/bin/"))
+                   (testdir (string-append (getcwd) "/tmp/")))
+               (mkdir testdir)
+               (substitute* "test/run-stp-tests.sh"
+                 ((" *BASE=/tmp/") (string-append "BASE=" testdir))
 
-               ;; allow installation of filters from output dir and from
-               ;; cups-filters
-               (("for dir in /usr/libexec/cups/filter /usr/lib/cups/filter")
-                (string-append
-                 "for dir in "
-                 (assoc-ref %outputs "out") "/lib/cups/filter "
-                 filters "/lib/cups/filter"))
+                 ;; allow installation of filters from output dir and from
+                 ;; cups-filters
+                 (("for dir in /usr/libexec/cups/filter /usr/lib/cups/filter")
+                  (string-append
+                   "for dir in "
+                   (assoc-ref %outputs "out") "/lib/cups/filter "
+                   filters "/lib/cups/filter"))
 
-               ;; check for charsets in cups-filters output
-               (("/usr/share/cups/charsets")
-                (string-append filters "/share/cups/charsets"))
+                 ;; check for charsets in cups-filters output
+                 (("/usr/share/cups/charsets")
+                  (string-append filters "/share/cups/charsets"))
 
-               ;; install additional required filters
-               (("instfilter texttopdf texttopdf pdf")
-                (string-append
-                 "instfilter texttopdf texttopdf pdf;"
-                 "instfilter imagetoraster imagetoraster raster;"
-                 "instfilter gstoraster gstoraster raster;"
-                 "instfilter urftopdf urftopdf pdf;"
-                 "instfilter rastertopdf rastertopdf pdf;"
-                 "instfilter pstopdf pstopdf pdf"))
+                 ;; install additional required filters
+                 (("instfilter texttopdf texttopdf pdf")
+                  (string-append
+                   "instfilter texttopdf texttopdf pdf;"
+                   "instfilter imagetoraster imagetoraster raster;"
+                   "instfilter gstoraster gstoraster raster;"
+                   "instfilter urftopdf urftopdf pdf;"
+                   "instfilter rastertopdf rastertopdf pdf;"
+                   "instfilter pstopdf pstopdf pdf"))
 
-               ;; specify location of lpstat binary
-               (("description=\"`lpstat -l")
-                "description=\"`../systemv/lpstat -l")
+                 ;; specify location of lpstat binary
+                 (("description=\"`lpstat -l")
+                  "description=\"`../systemv/lpstat -l")
 
-               ;; patch shebangs of embedded scripts
-               (("#!/bin/sh") (string-append "#!" (which "sh")))
+                 ;; patch shebangs of embedded scripts
+                 (("#!/bin/sh") (string-append "#!" (which "sh")))
 
-               ;; also link mime definitions from cups-filters
-               ;; to enable the additional filters for the test suite
-               (("ln -s \\$root/conf/mime\\.types")
-                (string-append
-                 "ln -s " filters
-                 "/share/cups/mime/cupsfilters.types $BASE/share/mime; "
-                 "ln -s $root/conf/mime.types"))
-               (("ln -s \\$root/conf/mime\\.convs")
-                (string-append
-                 "ln -s " filters
-                 "/share/cups/mime/cupsfilters.convs $BASE/share/mime; "
-                 "ln -s $root/conf/mime.convs")))
+                 ;; also link mime definitions from cups-filters
+                 ;; to enable the additional filters for the test suite
+                 (("ln -s \\$root/conf/mime\\.types")
+                  (string-append
+                   "ln -s " filters
+                   "/share/cups/mime/cupsfilters.types $BASE/share/mime; "
+                   "ln -s $root/conf/mime.types"))
+                 (("ln -s \\$root/conf/mime\\.convs")
+                  (string-append
+                   "ln -s " filters
+                   "/share/cups/mime/cupsfilters.convs $BASE/share/mime; "
+                   "ln -s $root/conf/mime.convs")))
 
-             ;; fix search path for "cat"
-             (substitute* "cups/testfile.c"
-               (("cupsFileFind\\(\"cat\", \"/bin\"")
-                (string-append "cupsFileFind(\"cat\", \"" catpath "\""))
-               (("cupsFileFind\\(\"cat\", \"/bin:/usr/bin\"")
-                (string-append "cupsFileFind(\"cat\", \"" catpath "\"")))))
-         (alist-cons-after
-          'install
-          'install-cups-filters-symlinks
-          (lambda* (#:key inputs outputs #:allow-other-keys)
-            (let ((out (assoc-ref outputs "out"))
-                  (cups-filters (assoc-ref inputs "cups-filters")))
-              ;; charsets
-              (symlink
-               (string-append cups-filters "/share/cups/charsets")
-               (string-append out "/share/charsets"))
+               ;; fix search path for "cat"
+               (substitute* "cups/testfile.c"
+                 (("cupsFileFind\\(\"cat\", \"/bin\"")
+                  (string-append "cupsFileFind(\"cat\", \"" catpath "\""))
+                 (("cupsFileFind\\(\"cat\", \"/bin:/usr/bin\"")
+                  (string-append "cupsFileFind(\"cat\", \"" catpath "\""))))))
+         (add-after 'install 'install-cups-filters-symlinks
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out"))
+                   (cups-filters (assoc-ref inputs "cups-filters")))
+               ;; charsets
+               (symlink
+                (string-append cups-filters "/share/cups/charsets")
+                (string-append out "/share/charsets"))
 
-              ;; mime types, driver file, ppds
-              (for-each
-               (lambda (f)
-                 (symlink (string-append cups-filters f)
-                          (string-append out f)))
-               '("/share/cups/mime/cupsfilters.types"
-                 "/share/cups/mime/cupsfilters.convs"
-                 "/share/cups/drv/cupsfilters.drv"
-                 "/share/ppd"))
+               ;; mime types, driver file, ppds
+               (for-each
+                (lambda (f)
+                  (symlink (string-append cups-filters f)
+                           (string-append out f)))
+                '("/share/cups/mime/cupsfilters.types"
+                  "/share/cups/mime/cupsfilters.convs"
+                  "/share/cups/drv/cupsfilters.drv"
+                  "/share/ppd"))
 
-              ;; filters
-              (for-each
-               (lambda (f)
-                 (symlink f
-                          (string-append out "/lib/cups/filter" (basename f))))
-               (find-files (string-append cups-filters "/lib/cups/filter")))
+               ;; filters
+               (for-each
+                (lambda (f)
+                  (symlink f
+                           (string-append out "/lib/cups/filter" (basename f))))
+                (find-files (string-append cups-filters "/lib/cups/filter")))
 
-              ;; backends
-              (for-each
-               (lambda (f)
-                 (symlink (string-append cups-filters f)
-                          (string-append out "/lib/cups/backend/"
-                                         (basename f))))
-               '("/lib/cups/backend/parallel"
-                 "/lib/cups/backend/serial"))
+               ;; backends
+               (for-each
+                (lambda (f)
+                  (symlink (string-append cups-filters f)
+                           (string-append out "/lib/cups/backend/"
+                                          (basename f))))
+                '("/lib/cups/backend/parallel"
+                  "/lib/cups/backend/serial"))
 
-              ;; banners
-              (let ((banners "/share/cups/banners"))
-                (delete-file-recursively (string-append out banners))
-                (symlink (string-append cups-filters banners)
-                         (string-append out banners)))
+               ;; banners
+               (let ((banners "/share/cups/banners"))
+                 (delete-file-recursively (string-append out banners))
+                 (symlink (string-append cups-filters banners)
+                          (string-append out banners)))
 
-              ;; assorted data
-              (let ((data "/share/cups/data"))
-                (delete-file-recursively (string-append out data))
-                (symlink (string-append cups-filters data)
-                         (string-append out data)))))
-          %standard-phases)))))
+               ;; assorted data
+               (let ((data "/share/cups/data"))
+                 (delete-file-recursively (string-append out data))
+                 (symlink (string-append cups-filters data)
+                          (string-append out data)))))))))
     (inputs
      `(("avahi" ,avahi)
        ("gnutls" ,gnutls)
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 5cd80868f7..b267497c7c 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -40,15 +40,14 @@
 (define-public curl
   (package
    (name "curl")
-   (replacement curl-7.50.3)
-   (version "7.47.0")
+   (version "7.50.3")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://curl.haxx.se/download/curl-"
                                 version ".tar.lzma"))
             (sha256
              (base32
-              "1n284wdqzwb4bkmv0fnh36zl6lhlzy3clw2b7pn28kpgdy09ly7p"))))
+              "1spmk0345hq0sgpwxs8d410268lmg3wf1x9v23hxff7wxki5fm4c"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"))                             ;1.2 MiB of man3 pages
@@ -84,10 +83,6 @@
          (lambda _
            (substitute* "tests/runtests.pl"
              (("/bin/sh") (which "sh")))
-           ;; Test #1135 requires extern-scan.pl, which is not part of the
-           ;; tarball due to a mistake.  It has been fixed upstream.  We can
-           ;; simply disable the test as it is specific to VMS and OS/400.
-           (delete-file "tests/data/test1135")
 
            ;; XXX FIXME: Test #1510 seems to work on some machines and not
            ;; others, possibly based on the kernel version.  It works on GuixSD
@@ -124,16 +119,3 @@ tunneling, and so on.")
    (license (license:non-copyleft "file://COPYING"
                                   "See COPYING in the distribution."))
    (home-page "http://curl.haxx.se/")))
-
-(define curl-7.50.3
-  (package
-    (inherit curl)
-    (source
-      (let ((version "7.50.3"))
-        (origin
-          (method url-fetch)
-          (uri (string-append "https://curl.haxx.se/download/curl-"
-                              version ".tar.lzma"))
-          (sha256
-           (base32
-            "1spmk0345hq0sgpwxs8d410268lmg3wf1x9v23hxff7wxki5fm4c")))))))
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 971c57c42d..8970ea1c03 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -88,7 +88,7 @@
        ("python" ,python-2)
        ("autoconf" ,autoconf)
        ("automake" ,automake)
-       ("gettext" ,gnu-gettext)
+       ("gettext" ,gettext-minimal)
        ("libtool" ,libtool)
        ("pcre" ,pcre "bin")                       ;for 'pcre-config'
        ("pkg-config" ,pkg-config)))
@@ -487,7 +487,7 @@ for example from a shell script.")
 (define-public sqlite
   (package
    (name "sqlite")
-   (version "3.12.2")
+   (version "3.14.1")
    (source (origin
             (method url-fetch)
             ;; TODO: Download from sqlite.org once this bug :
@@ -518,15 +518,17 @@ for example from a shell script.")
                    ))
             (sha256
              (base32
-              "1fwss0i2lixv39b27gkqiibdd2syym90wh3qbiaxnfgxk867f07x"))))
+              "19j73j44akqgc6m82wm98yvnmm3mfzmfqr8mp3n7n080d53q4wdw"))))
    (build-system gnu-build-system)
    (inputs `(("readline" ,readline)))
    (arguments
     `(#:configure-flags
-      ;; Add -DSQLITE_SECURE_DELETE and -DSQLITE_ENABLE_UNLOCK_NOTIFY to
-      ;; CFLAGS.  GNU Icecat will refuse to use the system SQLite unless these
-      ;; options are enabled.
-      '("CFLAGS=-O2 -DSQLITE_SECURE_DELETE -DSQLITE_ENABLE_UNLOCK_NOTIFY")))
+      ;; Add -DSQLITE_SECURE_DELETE, -DSQLITE_ENABLE_UNLOCK_NOTIFY and
+      ;; -DSQLITE_ENABLE_DBSTAT_VTAB to CFLAGS.  GNU Icecat will refuse
+      ;; to use the system SQLite unless these options are enabled.
+      (list (string-append "CFLAGS=-O2 -DSQLITE_SECURE_DELETE "
+                           "-DSQLITE_ENABLE_UNLOCK_NOTIFY "
+                           "-DSQLITE_ENABLE_DBSTAT_VTAB"))))
    (home-page "http://www.sqlite.org/")
    (synopsis "The SQLite database management system")
    (description
diff --git a/gnu/packages/disk.scm b/gnu/packages/disk.scm
index a3ace8ab16..e75eb081ed 100644
--- a/gnu/packages/disk.scm
+++ b/gnu/packages/disk.scm
@@ -72,7 +72,7 @@
        ("readline" ,readline)
        ("util-linux" ,util-linux)))
     (native-inputs
-     `(("gettext" ,gnu-gettext)
+     `(("gettext" ,gettext-minimal)
        ;; For the tests.
        ("perl" ,perl)
        ("python" ,python-2)))
@@ -97,7 +97,7 @@ tables.  It includes a library and command-line utility.")
         "04nd7civ561x2lwcmxhsqbprml3178jfc58fy1v7hzqg5k4nbhy3"))))
     (build-system gnu-build-system)
     (inputs
-     `(("gettext" ,gnu-gettext)
+     `(("gettext" ,gettext-minimal)
        ("guile" ,guile-1.8)
        ("util-linux" ,util-linux)
        ("parted" ,parted)))
@@ -123,7 +123,7 @@ tables, and it understands a variety of different formats.")
         "1izazbyv5n2d81qdym77i8mg9m870hiydmq4d0s51npx5vp8lk46"))))
     (build-system gnu-build-system)
     (inputs
-     `(("gettext" ,gnu-gettext)
+     `(("gettext" ,gettext-minimal)
        ("ncurses" ,ncurses)
        ("popt" ,popt)
        ("util-linux" ,util-linux))) ; libuuid
diff --git a/gnu/packages/documentation.scm b/gnu/packages/documentation.scm
index 080c0dba8e..bbc25e8797 100644
--- a/gnu/packages/documentation.scm
+++ b/gnu/packages/documentation.scm
@@ -126,7 +126,7 @@ and to some extent D.")
     (build-system gnu-build-system)
     (native-inputs
      `(("flex" ,flex)
-       ("gettext" ,gnu-gettext)))
+       ("gettext" ,gettext-minimal)))
     (home-page "http://docpp.sourceforge.net/")
     (synopsis "Documentation system for C, C++, IDL, and Java")
     (description
diff --git a/gnu/packages/education.scm b/gnu/packages/education.scm
index 14c1bac322..3a883079fe 100644
--- a/gnu/packages/education.scm
+++ b/gnu/packages/education.scm
@@ -59,7 +59,7 @@
         ("zlib" ,zlib)
         ("qtserialport" ,qtserialport)
         ("qtscript" ,qtscript)
-        ("gettext" ,gnu-gettext)))
+        ("gettext" ,gettext-minimal)))
     (native-inputs
       `(("qtbase" ,qtbase)                   ;Qt MOC is needed at compile time
         ("qttools" ,qttools)
diff --git a/gnu/packages/engineering.scm b/gnu/packages/engineering.scm
index dad38e0310..c8391f0798 100644
--- a/gnu/packages/engineering.scm
+++ b/gnu/packages/engineering.scm
@@ -233,8 +233,7 @@ optimizer; and it can produce photorealistic and design review images.")
     (build-system gnu-build-system)
     (native-inputs
      `(("texlive" ,texlive)
-       ("ghostscript" ,ghostscript)
-       ("ghostscript" ,ghostscript-gs)))
+       ("ghostscript" ,ghostscript)))
     (arguments
      `(#:make-flags '("CC=gcc" "RM=rm" "SHELL=sh" "all")
        #:parallel-build? #f
@@ -444,7 +443,7 @@ ready for production.")
      `(("autoconf" ,autoconf)
        ("automake" ,automake)
        ("libtool" ,libtool)
-       ("gettext" ,gnu-gettext)
+       ("gettext" ,gettext-minimal)
        ("po4a" ,po4a)
        ("pkg-config" ,pkg-config)))
     (inputs
diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm
index e8bd387ef3..f642943892 100644
--- a/gnu/packages/enlightenment.scm
+++ b/gnu/packages/enlightenment.scm
@@ -209,7 +209,7 @@ Libraries with some extra bells and whistles.")
     (arguments
      `(#:configure-flags '("--enable-mount-eeze")))
     (native-inputs
-     `(("gettext" ,gnu-gettext)
+     `(("gettext" ,gettext-minimal)
        ("pkg-config" ,pkg-config)))
     (inputs
      `(("alsa-lib" ,alsa-lib)
diff --git a/gnu/packages/fcitx.scm b/gnu/packages/fcitx.scm
index c89896eafe..dd8eead7fb 100644
--- a/gnu/packages/fcitx.scm
+++ b/gnu/packages/fcitx.scm
@@ -70,7 +70,7 @@
     (inputs
      `(("dbus"             ,dbus)
        ("enchant"          ,enchant)
-       ("gettext"          ,gnu-gettext)
+       ("gettext"          ,gettext-minimal)
        ("gtk2"             ,gtk+-2)
        ("gtk3"             ,gtk+)
        ("icu4c"            ,icu4c)
diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm
index 90e9a70626..a6239877a0 100644
--- a/gnu/packages/file.scm
+++ b/gnu/packages/file.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -27,14 +28,14 @@
 (define-public file
   (package
    (name "file")
-    (version "5.25")
+    (version "5.28")
     (source (origin
               (method url-fetch)
               (uri (string-append "ftp://ftp.astron.com/pub/file/file-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1jhfi5mivdnqvry5la5q919l503ahwdwbf3hjhiv97znccakhd9p"))))
+                "04p0w9ggqq6cqvwhyni0flji1z0rwrz896hmhkxd2mc6dca5xjqf"))))
    (build-system gnu-build-system)
 
    ;; When cross-compiling, this package depends upon a native install of
diff --git a/gnu/packages/flex.scm b/gnu/packages/flex.scm
index 20aff196e9..c2135a1bc0 100644
--- a/gnu/packages/flex.scm
+++ b/gnu/packages/flex.scm
@@ -36,6 +36,7 @@
              (method url-fetch)
              (uri (string-append "mirror://sourceforge/flex/flex-"
                                  version ".tar.bz2"))
+             (patches (search-patches "flex-CVE-2016-6354.patch"))
              (sha256
               (base32
                "1sdqx63yadindzafrq1w31ajblf9gl1c301g068s20s7bbpi3ri4"))))
diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm
index fe6c227029..e28598d421 100644
--- a/gnu/packages/fonts.scm
+++ b/gnu/packages/fonts.scm
@@ -11,6 +11,7 @@
 ;;; Copyright © 2016 Jookia <166291@gmail.com>
 ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2016 Dmitry Nikolaev <cameltheman@gmail.com>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -126,7 +127,7 @@ TrueType (TTF) files.")
 (define-public font-dejavu
   (package
     (name "font-dejavu")
-    (version "2.35")
+    (version "2.37")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://sourceforge/dejavu/dejavu/"
@@ -134,7 +135,7 @@ TrueType (TTF) files.")
                                  version ".tar.bz2"))
              (sha256
               (base32
-               "122d35y93r820zhi6d7m9xhakdib10z51v63lnlg67qhhrardmzn"))))
+               "1mqpds24wfs5cmfhj57fsfs07mji2z8812i5c4pi5pbi738s977s"))))
     (build-system trivial-build-system)
     (arguments
      `(#:modules ((guix build utils))
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index c528e61ad5..5054df8fca 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -223,15 +223,14 @@ fonts to/from the WOFF2 format.")
 (define-public fontconfig
   (package
    (name "fontconfig")
-   (replacement fontconfig/fixed)
-   (version "2.11.94")
+   (version "2.12.1")
    (source (origin
             (method url-fetch)
             (uri (string-append
                    "https://www.freedesktop.org/software/fontconfig/release/fontconfig-"
                    version ".tar.bz2"))
             (sha256 (base32
-                     "1psrl4b4gi4wmbvwwh43lk491wsl8lgvqj146prlcha3vwjc0qyp"))))
+                     "1wy7svvp7df6bjpg1m5vizb3ngd7rhb20vpclv3x3qa71khs6jdl"))))
    (build-system gnu-build-system)
    (propagated-inputs `(("expat" ,expat)
                         ("freetype" ,freetype)))
@@ -276,13 +275,6 @@ high quality, anti-aliased and subpixel rendered text on a display.")
                        "See COPYING in the distribution."))
    (home-page "http://www.freedesktop.org/wiki/Software/fontconfig")))
 
-(define fontconfig/fixed
-  (package
-    (inherit fontconfig)
-    (source (origin
-              (inherit (package-source fontconfig))
-              (patches (search-patches "fontconfig-CVE-2016-5384.patch"))))))
-
 (define-public t1lib
   (package
    (name "t1lib")
@@ -530,7 +522,7 @@ definitions.")
    (inputs `(("cairo"           ,cairo)
              ("fontconfig"      ,fontconfig) ;dlopen'd
              ("freetype"        ,freetype)
-             ("gettext"         ,gnu-gettext)
+             ("gettext"         ,gettext-minimal)
              ("glib"            ,glib) ;needed for pango detection
              ("libICE"          ,libice)
              ("libSM"           ,libsm)
diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm
index 84154b309b..4bef23c1ae 100644
--- a/gnu/packages/freedesktop.scm
+++ b/gnu/packages/freedesktop.scm
@@ -191,7 +191,7 @@ the freedesktop.org XDG Base Directory specification.")
                                         "/libexec/elogind/elogind\n"))))))))
     (native-inputs
      `(("intltool" ,intltool)
-       ("gettext" ,gnu-gettext)
+       ("gettext" ,gettext-minimal)
        ("docbook-xsl" ,docbook-xsl)
        ("docbook-xml" ,docbook-xml)
        ("xsltproc" ,libxslt)
diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index 443c3ecc7e..8c8a35b121 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -160,7 +160,7 @@ representation of the playing board.")
               ("libx11" ,libx11)
               ("guile" ,guile-2.0)
               ("gtkglext" ,gtkglext)))
-    (native-inputs `(("gettext" ,gnu-gettext)
+    (native-inputs `(("gettext" ,gettext-minimal)
                      ("pkg-config" ,pkg-config)))
     (home-page "https://www.gnu.org/software/gnubik/")
     (synopsis "3d Rubik's cube game")
@@ -356,7 +356,7 @@ interface or via an external visual interface such as GNU XBoard.")
                 "08c51imfjfcydm7h0va09z8qfw5nc837bi2x754ni2z737hb5kw2"))))
     (build-system gnu-build-system)
     (arguments `(#:configure-flags '("--disable-embedded-resources")))
-    (native-inputs `(("gettext" ,gnu-gettext)
+    (native-inputs `(("gettext" ,gettext-minimal)
                      ("pkg-config" ,pkg-config)))
     (inputs `(("sdl" ,sdl)
               ("sdl-image" ,sdl-image)
@@ -732,7 +732,7 @@ match, cannon keep, and grave-itation pit.")
        ("freetype" ,(@ (gnu packages fontutils) freetype))
        ("curl" ,curl)
        ("luajit" ,luajit)
-       ("gettext" ,gnu-gettext)
+       ("gettext" ,gettext-minimal)
        ("sqlite" ,sqlite)))
     (propagated-inputs
      `(("minetest-data" ,minetest-data)))
@@ -1052,7 +1052,7 @@ falling, themeable graphics and sounds, and replays.")
        ;;   cc1plus: all warnings being treated as errors
        '("-DENABLE_STRICT_COMPILATION=OFF")))
     (native-inputs
-     `(("gettext" ,gnu-gettext)
+     `(("gettext" ,gettext-minimal)
        ("pkg-config" ,pkg-config)))
     (inputs
      `(("boost" ,boost)
@@ -2575,7 +2575,7 @@ safety of the Chromium vessel.")
     (inputs
      `(("cairo" ,cairo)
        ("fribidi" ,fribidi)
-       ("gettext" ,gnu-gettext)
+       ("gettext" ,gettext-minimal)
        ("libpng" ,libpng)
        ("librsvg" ,librsvg)
        ("libpaper" ,libpaper)
@@ -2671,7 +2671,7 @@ with the \"Stamp\" tool within Tux Paint.")
          "1z12s46mvy87qs3vgq9m0ki9pp21zqc52mmgphahpihw3s7haf6v"))))
     (build-system gnu-build-system)
     (native-inputs
-     `(("gettext" ,gnu-gettext)))
+     `(("gettext" ,gettext-minimal)))
     (inputs
      `(("fltk" ,fltk)
        ("libpaper" ,libpaper)
diff --git a/gnu/packages/gawk.scm b/gnu/packages/gawk.scm
index c6d322b708..86f01335a8 100644
--- a/gnu/packages/gawk.scm
+++ b/gnu/packages/gawk.scm
@@ -29,37 +29,49 @@
 (define-public gawk
   (package
    (name "gawk")
-   (version "4.1.3")
+   (version "4.1.4")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/gawk/gawk-" version
                                 ".tar.xz"))
             (sha256
-             (base32 "09d6pmx6h3i2glafm0jd1v1iyrs03vcyv2rkz12jisii3vlmbkz3"))
-            (patches (search-patches "gawk-fts-test.patch"))))
+             (base32 "0rn2mmjxm767zliqzd67j7h2ncjn4j0321c60y9fy3grs3i89qak"))))
    (build-system gnu-build-system)
    (arguments
     `(#:parallel-tests? #f                ; test suite fails in parallel
 
-      #:phases (alist-cons-before
-                'configure 'set-shell-file-name
-                (lambda* (#:key inputs #:allow-other-keys)
-                  ;; Refer to the right shell.
-                  (let ((bash (assoc-ref inputs "bash")))
-                    (substitute* "io.c"
-                      (("/bin/sh")
-                       (string-append bash "/bin/bash")))
+      #:phases (modify-phases %standard-phases
+                 (add-before 'configure 'set-shell-file-name
+                   (lambda* (#:key inputs #:allow-other-keys)
+                     ;; Refer to the right shell.
+                     (let ((bash (assoc-ref inputs "bash")))
+                       (substitute* "io.c"
+                         (("/bin/sh")
+                          (string-append bash "/bin/bash")))
 
-                    ;; When cross-compiling, remove dependencies on the
-                    ;; `check-for-shared-lib-support' target, which tries to
-                    ;; run the cross-built `gawk'.
-                    ,@(if (%current-target-system)
-                          '((substitute* "extension/Makefile.in"
-                              (("^.*: check-for-shared-lib-support" match)
-                               (string-append "### " match))))
-                          '())))
+                       ;; When cross-compiling, remove dependencies on the
+                       ;; `check-for-shared-lib-support' target, which tries
+                       ;; to run the cross-built `gawk'.
+                       ,@(if (%current-target-system)
+                             '((substitute* "extension/Makefile.in"
+                                 (("^.*: check-for-shared-lib-support" match)
+                                  (string-append "### " match))))
+                             '()))))
+
+                 (add-before 'check 'adjust-test-infrastructure
+                   (lambda _
+                     ;; Remove dependency on 'more' (from util-linux), which
+                     ;; would needlessly complicate bootstrapping.
+                     (substitute* "test/Makefile"
+                       (("\\| more") ""))
+
+                     ;; Adjust the shebang in that file since it is then diff'd
+                     ;; against the actual test output.
+                     (substitute* "test/watchpoint1.ok"
+                       (("#! /usr/bin/gawk")
+                        (string-append "#!" (which "gawk"))))
+                     #t)))))
 
-                %standard-phases)))
    (inputs `(("libsigsegv" ,libsigsegv)
 
              ,@(if (%current-target-system)
diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index 3880cab52b..4a1a309b66 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -3,7 +3,7 @@
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014, 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -332,28 +332,29 @@ Go.  It also includes runtime support libraries for these languages.")
 
 (define-public gcc-4.9
   (package (inherit gcc-4.8)
-    (version "4.9.3")
+    (version "4.9.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnu/gcc/gcc-"
                                   version "/gcc-" version ".tar.bz2"))
               (sha256
                (base32
-                "0zmnm00d2a1hsd41g34bhvxzvxisa2l584q3p447bd91lfjv4ci3"))
-              (patches (search-patches "gcc-libvtv-runpath.patch"))))))
+                "14l06m7nvcvb0igkbip58x59w3nq6315k6jcz3wr9ch1rn9d44bc"))
+              (patches (search-patches "gcc-arm-bug-71399.patch"
+                                       "gcc-libvtv-runpath.patch"))))))
 
 (define-public gcc-5
   ;; Note: GCC >= 5 ships with .info files but 'make install' fails to install
   ;; them in a VPATH build.
   (package (inherit gcc-4.9)
-    (version "5.3.0")
+    (version "5.4.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnu/gcc/gcc-"
                                   version "/gcc-" version ".tar.bz2"))
               (sha256
                (base32
-                "1ny4smkp5bzs3cp8ss7pl6lk8yss0d9m4av1mvdp72r1x695akxq"))
+                "0fihlcy5hnksdxk0sn6bvgnyq8gfrgs8m794b1jxwd1dxinzg3b0"))
               (patches (search-patches "gcc-5.0-libvtv-runpath.patch"))))))
 
 (define-public gcc-6
diff --git a/gnu/packages/gettext.scm b/gnu/packages/gettext.scm
index bf38543178..26ab6777fe 100644
--- a/gnu/packages/gettext.scm
+++ b/gnu/packages/gettext.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -27,28 +28,23 @@
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system perl)
   #:use-module (gnu packages docbook)
+  #:use-module (gnu packages emacs)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages tex)
-  #:use-module (gnu packages xml))
+  #:use-module (gnu packages xml)
+  #:use-module (guix utils))
 
-;; Use that name to avoid clashes with Guile's 'gettext' procedure.
-;;
-;; We used to resort to #:renamer on the user side, but that prevented
-;; circular dependencies involving (gnu packages gettext).  This is because
-;; 'resolve-interface' (as of Guile 2.0.9) iterates eagerly over the used
-;; module when there's a #:renamer, and that module may be empty at that point
-;; in case or circular dependencies.
-(define-public gnu-gettext
+(define-public gettext-minimal
   (package
-    (name "gettext")
-    (version "0.19.8")
+    (name "gettext-minimal")
+    (version "0.19.8.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/gettext/gettext-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "13ylc6n3hsk919c7xl0yyibc3pfddzb53avdykn4hmk8g6yzd91x"))))
+               "0hsw28f9q9xaggjlsdp2qmbp2rbd1mp0njzan2ld9kiqwkq2m57z"))))
     (build-system gnu-build-system)
     (outputs '("out"
                "doc"))                            ;8 MiB of HTML
@@ -90,15 +86,41 @@
        ;; When tests fail, we want to know the details.
        #:make-flags '("VERBOSE=yes")))
     (home-page "http://www.gnu.org/software/gettext/")
-    (synopsis "Tools and documentation for translation")
+    (synopsis
+     "Tools and documentation for translation (used to build other packages)")
     (description
      "GNU Gettext is a package providing a framework for translating the
 textual output of programs into multiple languages.  It provides translators
-with the means to create message catalogs, as well as an Emacs mode to work
-with them, and a runtime library to load translated messages from the
-catalogs.  Nearly all GNU packages use Gettext.")
+with the means to create message catalogs, and a runtime library to load
+translated messages from the catalogs.  Nearly all GNU packages use Gettext.")
     (license gpl3+)))                             ;some files are under GPLv2+
 
+;; Use that name to avoid clashes with Guile's 'gettext' procedure.
+;;
+;; We used to resort to #:renamer on the user side, but that prevented
+;; circular dependencies involving (gnu packages gettext).  This is because
+;; 'resolve-interface' (as of Guile 2.0.9) iterates eagerly over the used
+;; module when there's a #:renamer, and that module may be empty at that point
+;; in case or circular dependencies.
+(define-public gnu-gettext
+  (package
+    (inherit gettext-minimal)
+    (name "gettext")
+    (arguments
+     (substitute-keyword-arguments (package-arguments gettext-minimal)
+       ((#:phases phases)
+        `(modify-phases ,phases
+           (add-after 'install 'add-emacs-autoloads
+             (lambda* (#:key outputs #:allow-other-keys)
+               ;; Make 'po-mode' and other things available by default.
+               (with-directory-excursion
+                   (string-append (assoc-ref outputs "out")
+                                  "/share/emacs/site-lisp")
+                 (symlink "start-po.el" "gettext-autoloads.el")
+                 #t)))))))
+    (native-inputs `(("emacs" ,emacs-minimal))) ; for Emacs tools
+    (synopsis "Tools and documentation for translation")))
+
 (define-public po4a
   (package
     (name "po4a")
@@ -140,7 +162,7 @@ catalogs.  Nearly all GNU packages use Gettext.")
                         (find-files bin "\\.*$"))
               #t))))))
     (native-inputs
-     `(("gettext" ,gnu-gettext)
+     `(("gettext" ,gettext-minimal)
        ("perl-module-build" ,perl-module-build)
        ("docbook-xsl" ,docbook-xsl)
        ("docbook-xml" ,docbook-xml) ;for tests
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index f013a734e5..8f10b18074 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -182,7 +182,12 @@ printing, and psresize, for adjusting page sizes.")
                             (number->string (parallel-job-count))))))
         (replace 'install
           (lambda _
-            (zero? (system* "make" "soinstall")))))))
+            (zero? (system* "make" "soinstall"))))
+        (add-after 'install 'create-gs-symlink
+          (lambda* (#:key outputs #:allow-other-keys)
+            (let ((out (assoc-ref outputs "out")))
+              ;; some programs depend on having a 'gs' binary available
+              (symlink "gsc" (string-append out "/bin/gs"))))))))
    (synopsis "PostScript and PDF interpreter")
    (description
     "Ghostscript is an interpreter for the PostScript language and the PDF
@@ -199,40 +204,6 @@ output file formats and printers.")
               ("libxt" ,libxt)
               ,@(package-inputs ghostscript)))))
 
-(define (ghostscript-wrapper name ghostscript)
-  ;; Return a GHOSTSCRIPT wrapper that provides the 'gs' command.
-  ;; See <https://lists.gnu.org/archive/html/guix-devel/2016-07/msg00987.html>.
-  (package
-    (name name)
-    (version (package-version ghostscript))
-    (source #f)
-    (build-system trivial-build-system)
-    (inputs `(("ghostscript" ,ghostscript)))
-    (arguments
-     `(#:modules ((guix build utils))
-       #:builder (begin
-                   (use-modules (guix build utils))
-
-                   (let* ((out (assoc-ref %outputs "out"))
-                          (bin (string-append out "/bin"))
-                          (gs  (assoc-ref %build-inputs "ghostscript")))
-                     (mkdir-p bin)
-                     (with-directory-excursion bin
-                       (symlink (string-append gs "/bin/gsc") "gs")
-                       #t)))))
-    (synopsis "Wrapper providing Ghostscript's 'gs' command")
-    (description
-     "This package provides the @command{gs} command, which used to be
-provided by Ghostscript itself and no longer is.")
-    (license (package-license ghostscript))
-    (home-page (package-home-page ghostscript))))
-
-(define-public ghostscript-gs
-  (ghostscript-wrapper "ghostscript-gs" ghostscript))
-
-(define-public ghostscript-gs/x
-  (ghostscript-wrapper "ghostscript-gs-with-x" ghostscript/x))
-
 (define-public ijs
   (package
    (name "ijs")
diff --git a/gnu/packages/gkrellm.scm b/gnu/packages/gkrellm.scm
index ed83186ae8..68853eb8fc 100644
--- a/gnu/packages/gkrellm.scm
+++ b/gnu/packages/gkrellm.scm
@@ -41,7 +41,7 @@
         "12rc6zaa7kb60b9744lbrlfkxxfniprm6x0mispv63h4kh75navh"))))
     (build-system gnu-build-system)
     (inputs
-     `(("gettext" ,gnu-gettext)
+     `(("gettext" ,gettext-minimal)
        ("gtk+" ,gtk+-2)
        ("libice" ,libice)
        ("libsm" ,libsm)))
diff --git a/gnu/packages/gl.scm b/gnu/packages/gl.scm
index a4ec3a3536..ee56998da7 100644
--- a/gnu/packages/gl.scm
+++ b/gnu/packages/gl.scm
@@ -195,7 +195,7 @@ also known as DXTn or DXTC) for Mesa.")
 (define-public mesa
   (package
     (name "mesa")
-    (version "11.0.9")
+    (version "12.0.1")
     (source
       (origin
         (method url-fetch)
@@ -203,44 +203,50 @@ also known as DXTn or DXTC) for Mesa.")
                             version "/mesa-" version ".tar.xz"))
         (sha256
          (base32
-          "009b3nq8ly5nzy9cxi9cxf4qasrhggjz0v0q87rwq5kaqvqjy9m1"))))
+          "12b3i59xdn2in2hchrkgh4fwij8zhznibx976l3pdj3qkyvlzcms"))))
     (build-system gnu-build-system)
     (propagated-inputs
       `(("glproto" ,glproto)
         ;; The following are in the Requires.private field of gl.pc.
         ("libdrm" ,libdrm)
+        ("libvdpau" ,libvdpau)
         ("libx11" ,libx11)
         ("libxdamage" ,libxdamage)
         ("libxfixes" ,libxfixes)
         ("libxshmfence" ,libxshmfence)
         ("libxxf86vm" ,libxxf86vm)))
-    ;; TODO: Add vdpau.
     (inputs
-      `(("udev" ,eudev)
+      `(("expat" ,expat)
         ("dri2proto" ,dri2proto)
         ("dri3proto" ,dri3proto)
-        ("presentproto" ,presentproto)
-        ("expat" ,expat)
         ("libva" ,(force libva-without-mesa))
         ("libxml2" ,libxml2)
         ;; TODO: Add 'libxml2-python' for OpenGL ES 1.1 and 2.0 support
         ("libxvmc" ,libxvmc)
         ("makedepend" ,makedepend)
-        ("s2tc" ,s2tc)))
+        ("presentproto" ,presentproto)
+        ("s2tc" ,s2tc)
+        ("udev" ,eudev)
+        ("wayland" ,wayland)))
     (native-inputs
-      `(("pkg-config" ,pkg-config)))
+      `(("pkg-config" ,pkg-config)
+        ("python" ,python-2)))
     (arguments
      `(#:configure-flags
        '(;; drop r300 from default gallium drivers, as it requires llvm
-         "--with-gallium-drivers=r600,svga,swrast,nouveau"
+         "--with-gallium-drivers=r600,svga,swrast,nouveau,virgl"
          ;; Enable various optional features.  TODO: opencl requires libclc,
          ;; omx requires libomxil-bellagio
-         "--with-egl-platforms=x11,drm"
+         "--with-egl-platforms=x11,drm,wayland"
          "--enable-glx-tls"        ;Thread Local Storage, improves performance
          ;; "--enable-opencl"
          ;; "--enable-omx"
          "--enable-osmesa"
          "--enable-xa"
+         ;; features required by wayland
+         "--enable-gles2"
+         "--enable-gbm"
+         "--enable-shared-glapi"
 
          ;; on non-intel systems, drop i915 and i965
          ;; from the default dri drivers
@@ -249,41 +255,44 @@ also known as DXTn or DXTC) for Mesa.")
               '())
              (_
               '("--with-dri-drivers=nouveau,r200,radeon,swrast"))))
-       #:phases (alist-cons-after
-                 'unpack 'patch-create_test_cases
-                 (lambda _
-                   (substitute* "src/glsl/tests/lower_jumps/create_test_cases.py"
-                     (("/usr/bin/env bash") (which "bash"))))
-                 (alist-cons-before
-                  'build 'fix-dlopen-libnames
-                  (lambda* (#:key inputs outputs #:allow-other-keys)
-                    (let ((s2tc (assoc-ref inputs "s2tc"))
-                          (udev (assoc-ref inputs "udev"))
-                          (out (assoc-ref outputs "out")))
-                      ;; Remain agnostic to .so.X.Y.Z versions while doing
-                      ;; the substitutions so we're future-safe.
-                      (substitute*
-                          '("src/gallium/auxiliary/util/u_format_s3tc.c"
-                            "src/mesa/main/texcompress_s3tc.c")
-                        (("\"libtxc_dxtn\\.so")
-                         (string-append "\"" s2tc "/lib/libtxc_dxtn.so")))
-                      (substitute* "src/loader/loader.c"
-                        (("udev_handle = dlopen\\(name")
-                         (string-append "udev_handle = dlopen(\""
-                                        udev "/lib/libudev.so\"")))
-                      (substitute* "src/glx/dri_common.c"
-                        (("dlopen\\(\"libGL\\.so")
-                         (string-append "dlopen(\"" out "/lib/libGL.so")))
-                      (substitute* "src/egl/drivers/dri2/egl_dri2.c"
-                        (("\"libglapi\\.so")
-                         (string-append "\"" out "/lib/libglapi.so")))
-                      (substitute* "src/gbm/main/backend.c"
-                        ;; No need to patch the gbm_gallium_drm.so reference;
-                        ;; it's never installed since Mesa removed its
-                        ;; egl_gallium support.
-                        (("\"gbm_dri\\.so")
-                         (string-append "\"" out "/lib/dri/gbm_dri.so")))))
-                  %standard-phases))))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after
+           'unpack 'patch-create_test_cases
+           (lambda _
+             (substitute* "src/compiler/glsl/tests/lower_jumps/create_test_cases.py"
+               (("/usr/bin/env bash") (which "bash")))
+             (substitute* "src/intel/genxml/gen_pack_header.py"
+               (("/usr/bin/env python2") (which "python")))))
+         (add-before
+           'build 'fix-dlopen-libnames
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((s2tc (assoc-ref inputs "s2tc"))
+                   (udev (assoc-ref inputs "udev"))
+                   (out (assoc-ref outputs "out")))
+               ;; Remain agnostic to .so.X.Y.Z versions while doing
+               ;; the substitutions so we're future-safe.
+               (substitute*
+                   '("src/gallium/auxiliary/util/u_format_s3tc.c"
+                     "src/mesa/main/texcompress_s3tc.c")
+                 (("\"libtxc_dxtn\\.so")
+                  (string-append "\"" s2tc "/lib/libtxc_dxtn.so")))
+               (substitute* "src/loader/loader.c"
+                 (("udev_handle = dlopen\\(name")
+                  (string-append "udev_handle = dlopen(\""
+                                 udev "/lib/libudev.so\"")))
+               (substitute* "src/glx/dri_common.c"
+                 (("dlopen\\(\"libGL\\.so")
+                  (string-append "dlopen(\"" out "/lib/libGL.so")))
+               (substitute* "src/egl/drivers/dri2/egl_dri2.c"
+                 (("\"libglapi\\.so")
+                  (string-append "\"" out "/lib/libglapi.so")))
+               (substitute* "src/gbm/main/backend.c"
+                 ;; No need to patch the gbm_gallium_drm.so reference;
+                 ;; it's never installed since Mesa removed its
+                 ;; egl_gallium support.
+                 (("\"gbm_dri\\.so")
+                  (string-append "\"" out "/lib/dri/gbm_dri.so")))))))))
     (home-page "http://mesa3d.org/")
     (synopsis "OpenGL implementation")
     (description "Mesa is a free implementation of the OpenGL specification -
@@ -459,32 +468,32 @@ OpenGL graphics API.")
                 "1d1brhwfmlzgnphmdwlvn5wbcrxsdyzf1qfcf8nb89xqzznxs037"))))
     (arguments
      `(#:phases
-       (alist-cons-after
-        'unpack 'autoreconf
-        (lambda _
-          (zero? (system* "autoreconf" "-vif")))
-        (alist-cons-before
-         'configure 'patch-paths
-         (lambda* (#:key inputs #:allow-other-keys)
-           (let ((python (assoc-ref inputs "python"))
-                 (mesa (assoc-ref inputs "mesa")))
-             (substitute* "src/gen_dispatch.py"
-               (("/usr/bin/env python") python))
-             (substitute* (find-files "." "\\.[ch]$")
-               (("libGL.so.1") (string-append mesa "/lib/libGL.so.1"))
-               (("libEGL.so.1") (string-append mesa "/lib/libEGL.so.1")))
+       (modify-phases %standard-phases
+         (add-after
+           'unpack 'autoreconf
+           (lambda _
+             (zero? (system* "autoreconf" "-vif"))))
+         (add-before
+           'configure 'patch-paths
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let ((python (assoc-ref inputs "python"))
+                   (mesa (assoc-ref inputs "mesa")))
+               (substitute* "src/gen_dispatch.py"
+                 (("/usr/bin/env python") python))
+               (substitute* (find-files "." "\\.[ch]$")
+                 (("libGL.so.1") (string-append mesa "/lib/libGL.so.1"))
+                 (("libEGL.so.1") (string-append mesa "/lib/libEGL.so.1")))
 
-             ;; XXX On armhf systems, we must add "GLIBC_2.4" to the list of
-             ;; versions in test/dlwrap.c:dlwrap_real_dlsym.  It would be
-             ;; better to make this a normal patch, but for now we do it here
-             ;; to prevent rebuilding on other platforms.
-             ,@(if (string-prefix? "arm" (or (%current-target-system)
-                                             (%current-system)))
-                   '((substitute* '"test/dlwrap.c"
-                       (("\"GLIBC_2\\.0\"") "\"GLIBC_2.0\", \"GLIBC_2.4\"")))
-                   '())
-             #t))
-         %standard-phases))))
+               ;; XXX On armhf systems, we must add "GLIBC_2.4" to the list of
+               ;; versions in test/dlwrap.c:dlwrap_real_dlsym.  It would be
+               ;; better to make this a normal patch, but for now we do it here
+               ;; to prevent rebuilding on other platforms.
+               ,@(if (string-prefix? "arm" (or (%current-target-system)
+                                               (%current-system)))
+                     '((substitute* '"test/dlwrap.c"
+                         (("\"GLIBC_2\\.0\"") "\"GLIBC_2.0\", \"GLIBC_2.4\"")))
+                     '())
+               #t))))))
     (build-system gnu-build-system)
     (native-inputs
      `(("autoconf" ,autoconf)
diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm
index 9ac67c6b2b..7e247d3299 100644
--- a/gnu/packages/glib.scm
+++ b/gnu/packages/glib.scm
@@ -64,7 +64,7 @@
 (define dbus
   (package
     (name "dbus")
-    (version "1.10.8")
+    (version "1.10.10")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -72,7 +72,7 @@
                     version ".tar.gz"))
               (sha256
                (base32
-                "0560y3hxpgh346w6avcrcz79c8ansmn771y5xpcvvlr6m8mx5wxs"))
+                "0hwsfczhx2djmc9116vj5v230i7gpjihwh3vbljs1ldlk831v3wx"))
               (patches (search-patches "dbus-helper-search-path.patch"))))
     (build-system gnu-build-system)
     (arguments
@@ -134,7 +134,7 @@ shared NFS home directories.")
 (define glib
   (package
    (name "glib")
-   (version "2.48.0")
+   (version "2.48.2")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/"
@@ -142,7 +142,7 @@ shared NFS home directories.")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "0d3w2hblrw7vvpx60l1kbvb830ygn3v8zhwdz65cc5593j9ycjvl"))
+              "1x6kwrk1zyd3csv0ca3pmwc4bnkc33agn95cds15h6nbi4apappj"))
             (patches (search-patches "glib-tests-timer.patch"))))
    (build-system gnu-build-system)
    (outputs '("out"           ; everything
@@ -156,7 +156,7 @@ shared NFS home directories.")
       ("zlib" ,zlib)
       ("tzdata" ,tzdata)))     ; for tests/gdatetime.c
    (native-inputs
-    `(("gettext" ,gnu-gettext)
+    `(("gettext" ,gettext-minimal)
       ("dbus" ,dbus)                              ; for GDBus tests
       ("pkg-config" ,pkg-config)
       ("python" ,python-wrapper)
@@ -346,7 +346,7 @@ bindings to call into the C library.")
     (propagated-inputs
      `(;; Propagate gettext because users expect it to be there, and so does
        ;; the `intltool-update' script.
-       ("gettext" ,gnu-gettext)
+       ("gettext" ,gettext-minimal)
 
        ("perl-xml-parser" ,perl-xml-parser)
        ("perl" ,perl)))
@@ -427,7 +427,7 @@ translated.")
 (define dbus-glib
   (package
     (name "dbus-glib")
-    (version "0.104")
+    (version "0.106")
     (source (origin
              (method url-fetch)
              (uri
@@ -435,7 +435,7 @@ translated.")
                              version ".tar.gz"))
              (sha256
               (base32
-               "1xi1v1msz75qs0s4lkyf1psrksdppa3hwkg0mznc6gpw5flg3hdz"))))
+               "0in0i6v68ixcy0ip28i84hdczf10ykq9x682qgcvls6gdmq552dk"))))
     (build-system gnu-build-system)
     (propagated-inputs ; according to dbus-glib-1.pc
      `(("dbus" ,dbus)
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index e33f744759..7d66ac97b8 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -243,7 +243,7 @@ commonly used macros.")
 (define-public gnome-desktop
   (package
     (name "gnome-desktop")
-    (version "3.20.1")
+    (version "3.20.2")
     (source
      (origin
       (method url-fetch)
@@ -252,7 +252,7 @@ commonly used macros.")
                           name "-" version ".tar.xz"))
       (sha256
        (base32
-        "0h6185lmkaf49dr43pb6gsb9yi25rc32n7dq5186hwln38mppb3f"))))
+        "1cp2c6q1ybirfq6rqyfj5lr5vyqdizy730bfg5jqnflcmakjsb29"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("gobject-introspection" ,gobject-introspection)
@@ -465,7 +465,7 @@ forgotten when the session ends.")
 (define-public evince
   (package
     (name "evince")
-    (version "3.20.0")
+    (version "3.20.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnome/sources/" name "/"
@@ -473,7 +473,7 @@ forgotten when the session ends.")
                                  name "-" version ".tar.xz"))
              (sha256
               (base32
-               "1052lm4i5qq27sgk6ck5xc1cxh0qx4zzhifjhmzjlv38afj5i0yg"))))
+               "0m80s98k4i463dclpyk01fqb91cawbb6vvcz5vq2974k6qqc4ypw"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(#:configure-flags '("--disable-nautilus")
@@ -481,7 +481,15 @@ forgotten when the session ends.")
        ;; FIXME: Tests fail with:
        ;;   ImportError: No module named gi.repository
        ;; Where should that module come from?
-       #:tests? #f))
+       #:tests? #f
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'install 'skip-gtk-update-icon-cache
+           ;; Don't create 'icon-theme.cache'.
+           (lambda _
+             (substitute* "data/Makefile"
+               (("gtk-update-icon-cache") "true"))
+             #t)))))
     (inputs
      `(("libspectre" ,libspectre)
        ("djvulibre" ,djvulibre)
@@ -638,9 +646,14 @@ update-desktop-database: updates the database containing a cache of MIME types
        (base32
         "0fjh9qmmgj34zlgxb09231ld7khys562qxbpsjlaplq2j85p57im"))))
     (build-system gnu-build-system)
+    (arguments
+     '(#:configure-flags
+       ;; Don't create 'icon-theme.cache'.
+       (let* ((coreutils (assoc-ref %build-inputs "coreutils"))
+              (true      (string-append coreutils "/bin/true")))
+         (list (string-append "GTK_UPDATE_ICON_CACHE=" true)))))
     (native-inputs
-     `(("gtk+" ,gtk+) ; for gtk-update-icon-cache
-       ("icon-naming-utils" ,icon-naming-utils)
+     `(("icon-naming-utils" ,icon-naming-utils)
        ("intltool" ,intltool)
        ("pkg-config" ,pkg-config)))
     (home-page "http://art.gnome.org/")
@@ -662,7 +675,9 @@ update-desktop-database: updates the database containing a cache of MIME types
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0ddfwwqx8s63qbqimmbb015lqsab4s0rvy1j81jdsh7k95rqh2ks"))))))
+                "0ddfwwqx8s63qbqimmbb015lqsab4s0rvy1j81jdsh7k95rqh2ks"))))
+    (native-inputs
+     `(("gtk-encode-symbolic-svg" ,gtk+ "bin")))))
 
 (define-public shared-mime-info
   (package
@@ -890,7 +905,7 @@ XML/CSS rendering engine.")
 (define-public libgsf
   (package
     (name "libgsf")
-    (version "1.14.36")
+    (version "1.14.40")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -898,7 +913,7 @@ XML/CSS rendering engine.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0h19ssxzz0cmznwga2xy55kjibm24mwxqarnpd0w7xy0hrzm1dvi"))))
+                "1q2i5p9s5zw0y0502risykrzkfma7p24n3mmh244scjy9f4kh1im"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("intltool" ,intltool)
@@ -923,7 +938,7 @@ dealing with different structured file formats.")
 (define-public librsvg
   (package
     (name "librsvg")
-    (version "2.40.15")
+    (version "2.40.16")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -931,7 +946,7 @@ dealing with different structured file formats.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1x05vd2llpmskq3prkp7kbpmshmpp9whj4kfl99ybipf4fhw9jnr"))))
+                "0bpz6gsq8xi1pb5k9ax6vinph460v14znch3y5yz167s0dmwz2yl"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -1478,14 +1493,14 @@ controls using the Bonobo component framework.")
 (define-public libwnck
   (package
     (name "libwnck")
-    (version "3.14.1")
+    (version "3.20.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
                                   (version-major+minor version) "/"
                                   name "-" version ".tar.xz"))
               (sha256
-               (base32 "1ymya8gkjygvg0i901wr3q6ihfqxx5yf4g4pb6fag2iw8af3qr5v"))))
+               (base32 "0wms3hli6y0b9l3cszq6maqi6fyy6kss9gryvzgmhw27phb3gc0w"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
@@ -1524,14 +1539,14 @@ Hints specification (EWMH).")
 (define-public goffice
   (package
     (name "goffice")
-    (version "0.10.28")
+    (version "0.10.32")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
                                   (version-major+minor version)  "/"
                                   name "-" version ".tar.xz"))
               (sha256
-               (base32 "12rsgxrixkfpk420gv026i74pnlgqjzsvm6vffrmih54w46hd3q6"))))
+               (base32 "1hvs5558x98yzm43dc3f93v596x45lfmv1vkp4jjgfagynlpvcq2"))))
     (build-system gnu-build-system)
     (outputs '("out"
                "doc"))                            ;4.1 MiB of gtk-doc
@@ -1589,7 +1604,7 @@ Hints specification (EWMH).")
 (define-public gnumeric
   (package
     (name "gnumeric")
-    (version "1.12.31")
+    (version "1.12.32")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -1597,7 +1612,7 @@ Hints specification (EWMH).")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1rvadlgikklwb6rccqc3rlhqv3m9qx27rchm7znxr062fn7fgb68"))))
+                "1s3dxvdwzmppsp2dfg90rccilf4hknhwjdy7lazr9sys58zchyx0"))))
     (build-system gnu-build-system)
     (arguments
      `(;; The gnumeric developers don't worry much about failing tests.
@@ -1648,7 +1663,7 @@ engineering.")
 (define-public gnome-themes-standard
   (package
     (name "gnome-themes-standard")
-    (version "3.20")
+    (version "3.20.2")
     (source
      (origin
        (method url-fetch)
@@ -1657,8 +1672,14 @@ engineering.")
                            version ".tar.xz"))
        (sha256
         (base32
-         "1p1vvmzfky1ax3yv9ld10xgqwydhmglxpgq3skrfc4539nrq9phw"))))
+         "05br99z67f82i18nljpxnwssfnaqp7mph61w3hq0i44z5i5rq3cx"))))
     (build-system gnu-build-system)
+    (arguments
+     '(#:configure-flags
+       ;; Don't create 'icon-theme.cache'.
+       (let* ((coreutils (assoc-ref %build-inputs "coreutils"))
+              (true      (string-append coreutils "/bin/true")))
+         (list (string-append "GTK_UPDATE_ICON_CACHE=" true)))))
     (inputs
      `(("gtk+" ,gtk+)
        ("gtk+-2" ,gtk+-2)
@@ -1714,7 +1735,7 @@ passwords in the GNOME keyring.")
 (define-public vala
   (package
     (name "vala")
-    (version "0.32.0")
+    (version "0.32.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -1722,7 +1743,7 @@ passwords in the GNOME keyring.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0vpvq403vdd25irvgk7zibz3nw4x4i17m0dgnns8j1q4vr7am8h7"))))
+                "1ab1l44abf9fj1wznzq5956431ia136rl5049cggnk5393jlf3fx"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -1756,7 +1777,7 @@ libraries written in C.")
 (define-public vte
   (package
     (name "vte")
-    (version "0.44.1")
+    (version "0.44.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -1764,7 +1785,7 @@ libraries written in C.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0kjxzqcwqxky0l7bl8ydn9hl6fm1f0k2pl91wbbhyq4z6d4dabbi"))))
+                "0j899ccrkzh7208w29c835m1yms0cas5cxkck8x6l4xv2i45ksm1"))))
     (build-system gnu-build-system)
     (arguments
      ;; XXX: fails to compile tests with the default flags.
@@ -1930,7 +1951,7 @@ configuration storage systems.")
 (define-public json-glib
   (package
     (name "json-glib")
-    (version "1.2.0")
+    (version "1.2.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -1938,7 +1959,7 @@ configuration storage systems.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1lx7p1c7cl21byvfgw92n8dhm09vi6qxrs0zkx9dg3y096zdzmlr"))
+                "08d6449sgnwfh92x8rhwsm03g8frv0mvp3s4wl3cskw25asql4pa"))
               (modules '((guix build utils)))
               (snippet
                ;; Don't duplicate test names.
@@ -2037,7 +2058,7 @@ library.")
 (define-public glib-networking
   (package
     (name "glib-networking")
-    (version "2.48.1")
+    (version "2.48.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/glib-networking/"
@@ -2045,7 +2066,7 @@ library.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0jm4pr91kbq7rcyll08840zkagb9vfhhm2ymyrd1q0b0k2mj76fg"))
+                "111spcar6wbp6m0rdxzjscc7vfqx5nawscrfbxlvbf5jsr4hqp4j"))
               (patches
                (search-patches "glib-networking-ssl-cert-file.patch"))))
     (build-system gnu-build-system)
@@ -2237,7 +2258,7 @@ and other secrets.  It communicates with the \"Secret Service\" using DBus.")
 (define-public gnome-mines
   (package
     (name "gnome-mines")
-    (version "3.20.0")
+    (version "3.20.1")
     (source
      (origin
        (method url-fetch)
@@ -2246,7 +2267,7 @@ and other secrets.  It communicates with the \"Secret Service\" using DBus.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "19khp4ckqbdgk6828gprxy52fsg8klf957dnwsin75nskk8whxbp"))))
+         "0frb1r0f55giz7yqxl9920vvzqlirdivz54ygc9d85r8v63fh5aq"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:phases
@@ -2274,7 +2295,7 @@ floating in an ocean using only your brain and a little bit of luck.")
 (define-public gnome-sudoku
   (package
     (name "gnome-sudoku")
-    (version "3.20.0")
+    (version "3.20.5")
     (source
      (origin
        (method url-fetch)
@@ -2283,7 +2304,7 @@ floating in an ocean using only your brain and a little bit of luck.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "1n8hp3pl56p9s0c5kldk11zg1vg7ykhgn3ndp8nf375h1q49ldh8"))))
+         "166bbv5k50v7pjp3wbl2rmxcmv1adwr14hxg5rw2ws8kams8151k"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
@@ -2309,7 +2330,7 @@ more fun.")
 (define-public gnome-terminal
   (package
     (name "gnome-terminal")
-    (version "3.20.1")
+    (version "3.20.2")
     (source
      (origin
        (method url-fetch)
@@ -2318,7 +2339,7 @@ more fun.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "1508nm35znlfq9v1s2j4ypx5x608yq391c565b4hazxk2f5z9dwq"))))
+         "08ssch8h1y85wyhddkyr7ab4v8dnsn17z4ayyc5ff78gfdh30f7m"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:configure-flags
@@ -2560,7 +2581,7 @@ service via the system message bus.")
 (define-public libgweather
   (package
     (name "libgweather")
-    (version "3.20.0")
+    (version "3.20.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -2568,7 +2589,7 @@ service via the system message bus.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1mmqg7wf0bhk450akyj0x71x75kh1v7j68isyivr75ydky79nqjj"))))
+                "15ycgvdvika57rhnb46j6pj1907nj5y5nyy7sgj0yvpjbqsiskzp"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
@@ -2701,7 +2722,7 @@ playlists in a variety of formats.")
 (define-public aisleriot
   (package
     (name "aisleriot")
-    (version "3.20.1")
+    (version "3.20.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -2709,7 +2730,7 @@ playlists in a variety of formats.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1nipky336jj81mhm8wwxp96zilgcrarihf95dnyj3r1pw8kpg7gy"))))
+                "0vhpi7bzm4gbraky1d3ma26rbwnylcqdakav82j67bpqd7f6n0v2"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:configure-flags
@@ -3048,7 +3069,7 @@ GNOME Games, but it may be used by others.")
 (define-public gnome-klotski
   (package
     (name "gnome-klotski")
-    (version "3.20.1")
+    (version "3.20.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3056,7 +3077,7 @@ GNOME Games, but it may be used by others.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1130v6sk9h74b3xgv0bq43anaw7xs9x8vdab3q7p9db6w0px02wj"))))
+                "14w40a1gjlg4l1vhcy0qcf3scmwm2v3vhxnxj269pfqlv8s7alaw"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("desktop-file-utils" ,desktop-file-utils)
@@ -3352,7 +3373,7 @@ supports playlists, song ratings, and any codecs installed through gstreamer.")
 (define-public eog
  (package
    (name "eog")
-   (version "3.20.1")
+   (version "3.20.4")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3360,7 +3381,7 @@ supports playlists, song ratings, and any codecs installed through gstreamer.")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "0ll3vz1kyjagiqmrpypk1a4nwjhrjsapiz45bxblsjxjy641j0jg"))))
+              "1qsv3brhi8l8fr22nd3d0fwq5xhwspqw0bammhkkq3ga0z6791wn"))))
    (build-system glib-or-gtk-build-system)
    (arguments
     `(#:phases
@@ -3547,7 +3568,7 @@ USB transfers with your high-level application or system daemon.")
        ("gusb" ,gusb)
        ("libsane" ,sane-backends)))
     (native-inputs
-     `(("gettext" ,gnu-gettext)
+     `(("gettext" ,gettext-minimal)
        ("itstool" ,itstool)
        ("colord" ,colord)
        ("glib" ,glib "bin")                       ; glib-compile-schemas, etc.
@@ -3856,7 +3877,7 @@ metadata in photo and video files of various formats.")
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("itstool" ,itstool)
-       ("gettext" ,gnu-gettext)
+       ("gettext" ,gettext-minimal)
        ("itstool" ,itstool)
        ("vala" ,vala)))
     (inputs
@@ -3895,6 +3916,15 @@ share them with others via social networking and more.")
                (base32
                 "1sa46vjx78d670m6bikpibgz39a5zb6ri8yjmj632lmxqvj2sp3b"))))
     (build-system glib-or-gtk-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-before 'install 'skip-gtk-update-icon-cache
+           (lambda _
+             ;; Don't create 'icon-theme.cache'
+             (substitute* (find-files "data" "^Makefile$")
+               (("gtk-update-icon-cache") (which "true")))
+             #t)))))
     (native-inputs
      `(("intltool" ,intltool)
        ("pkg-config" ,pkg-config)))
@@ -4050,7 +4080,7 @@ javascript engine and the GObject introspection framework.")
 (define-public gedit
   (package
     (name "gedit")
-    (version "3.20.1")
+    (version "3.20.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4058,7 +4088,7 @@ javascript engine and the GObject introspection framework.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1i0x1jd9x1vpv8lwdlzwf0ml8jxh3b3l6nlg6pbnfjw47w3y6iws"))))
+                "1y330hanqfld3kssf77wfphah2qpfg17pa109spsbm50f5m2g89j"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(#:configure-flags '("--disable-spell") ; XXX: gspell not packaged yet
@@ -4121,7 +4151,7 @@ powerful general purpose text editor.")
                 "0j2sy6imwp41l75hy3fwr68n35drvanbwgmr42kc04zqjy9pbs02"))))
     (build-system gnu-build-system)
     (native-inputs
-     `(("gettext" ,gnu-gettext)
+     `(("gettext" ,gettext-minimal)
        ("itstool" ,itstool)
        ("pkg-config" ,pkg-config)))
     (inputs
@@ -4137,7 +4167,7 @@ to display dialog boxes from the commandline and shell scripts.")
 (define-public mutter
   (package
     (name "mutter")
-    (version "3.20.1")
+    (version "3.20.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4145,7 +4175,7 @@ to display dialog boxes from the commandline and shell scripts.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0752vkkmaaay8ziczqrf7z3735bq3brx2djw36arqsdhwawh6jba"))))
+                "05pr78vgq52bkkqpbfnp9mxw14ij2wk91l2yfa69dpjbvxqm4b0l"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags
@@ -4187,7 +4217,7 @@ window manager.")
 (define-public gnome-online-accounts
   (package
     (name "gnome-online-accounts")
-    (version "3.20.1")
+    (version "3.20.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4195,7 +4225,7 @@ window manager.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "14qcih1g136sn2aklzagv83jl82d3qc598rkdm8zac9gw70ynyn3"))))
+                "0ip0q539bik3wqwl867rjc63w2d5rjyvbqzwczkard70yd6c0kq9"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin") ; for glib-compile-schemas, etc.
@@ -4225,7 +4255,7 @@ Exchange, Last.fm, IMAP/SMTP, Jabber, SIP and Kerberos.")
 (define-public evolution-data-server
   (package
     (name "evolution-data-server")
-    (version "3.20.1")
+    (version "3.20.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4233,7 +4263,7 @@ Exchange, Last.fm, IMAP/SMTP, Jabber, SIP and Kerberos.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0lsbhzacr2bs90z8sx44vf403r0h2yqsy4l2svrh5hjnassgdyqx"))))
+                "0zmybf63y0d5zn48q3xjgkh2p2c3ka9xvzd6labp96bd6b6qc58d"))))
     (build-system gnu-build-system)
     (arguments
      '(;; XXX: fails with:
@@ -4289,7 +4319,7 @@ Evolution (hence the name), but is now used by other packages as well.")
 (define-public caribou
   (package
     (name "caribou")
-    (version "0.4.20")
+    (version "0.4.21")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4297,7 +4327,7 @@ Evolution (hence the name), but is now used by other packages as well.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1nahpfs5ap9f9wsvn93kg8isqffk60v785f1q6k64awcd7an8ris"))))
+                "0mfychh1q3dx0b96pjz9a9y112bm9yqyim40yykzxx1hppsdjhww"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:phases
@@ -4472,7 +4502,7 @@ services.")
 (define-public network-manager-applet
   (package
     (name "network-manager-applet")
-    (version "1.2.0")
+    (version "1.2.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4480,7 +4510,7 @@ services.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0dhvk3dvy6djn6blpkv46dn6yfh28wsh6mpl0v53qxfip97j8kwk"))))
+                "0ym31m55hj65mmbq2yihy49z5x5z1qpx7jalk64kwx1rr5b2kxyz"))))
     (build-system glib-or-gtk-build-system)
     (arguments '(#:configure-flags '("--disable-migration")))
     (native-inputs
@@ -4608,7 +4638,7 @@ providing graphical log-ins and managing local and remote displays.")
 (define-public libgtop
   (package
     (name "libgtop")
-    (version "2.34.0")
+    (version "2.34.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4616,7 +4646,7 @@ providing graphical log-ins and managing local and remote displays.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0apfnh9k6vmbdm8ms5wxyhagrrl8r88fv48k7q5qq70df2gf72ld"))))
+                "1qh9srg8pqmrsl12mwnclncs7agmjjvx3q6v5qwqvcb2cskpi6f8"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("gobject-introspection" ,gobject-introspection)
@@ -4635,7 +4665,7 @@ usage and information about running processes.")
 (define-public gnome-bluetooth
   (package
     (name "gnome-bluetooth")
-    (version "3.18.3")
+    (version "3.20.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4643,7 +4673,7 @@ usage and information about running processes.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1qwc9q7x22sc71zhqv4db78rqzxl6fqfw6d978ydqap54c2bg0g4"))))
+                "0lzbwk2kn7kp39sv5bf4ja92mfkxkc27gxxk8k86i8a8ncbcmcwk"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin") ; for gdbus-codegen, etc.
@@ -4738,7 +4768,7 @@ properties, screen resolution, and other GNOME parameters.")
 (define-public gnome-shell
   (package
     (name "gnome-shell")
-    (version "3.20.1")
+    (version "3.20.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4746,7 +4776,7 @@ properties, screen resolution, and other GNOME parameters.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "08cgbr15cim3rgcngrv98rm48pkdxwj4nqx5za1lsnv376m4x5bs"))))
+                "0kd9y847pw9v3zl0g52ly7xdcjz0b9v37aqmi19iddfkxjjyn4qc"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:phases
@@ -4820,7 +4850,7 @@ like switching to windows and launching applications.")
 (define-public gtk-vnc
   (package
     (name "gtk-vnc")
-    (version "0.5.4")
+    (version "0.6.0")
     (source
      (origin
        (method url-fetch)
@@ -4829,7 +4859,7 @@ like switching to windows and launching applications.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "1rwwdh7lb16xdmy76ca6mpqfc3zfl3a4bkcr0qb6hs6ffrxak2j8"))))
+         "0cq42dghjp4bhsxlj9hd2nz5s5rhd53fx7snmq6i6kg60n438ncm"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--with-gtk=3.0")))
@@ -4858,7 +4888,7 @@ as SASL, TLS and VeNCrypt.  Additionally it supports encoding extensions.")
 (define-public nautilus
   (package
     (name "nautilus")
-    (version "3.20.1")
+    (version "3.20.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4866,7 +4896,7 @@ as SASL, TLS and VeNCrypt.  Additionally it supports encoding extensions.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1s41bsihacs7cywm60vqgv46m22gmga4b0bwxnki4r02jjwhgagj"))))
+                "1bnalv0ljdjzqzvh3rfyg7r4z8vdbq1gdard5q68riqdi2dnfvld"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:configure-flags
@@ -4994,7 +5024,7 @@ beautifying border effects.")
 (define-public dconf-editor
   (package
     (name "dconf-editor")
-    (version "3.20.1")
+    (version "3.20.3")
     (source
      (origin
        (method url-fetch)
@@ -5003,8 +5033,17 @@ beautifying border effects.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "0pfpmvpv57a01nsd1fah3np33avihm5ic43fi6b60dyw6c5z953p"))))
+         "0yf553bd9l030shhs0jkl5gvkzkfxbxxm56xv0l0nmbplaci8wm8"))))
     (build-system glib-or-gtk-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-before 'install 'skip-gtk-update-icon-cache
+           (lambda _
+             ;; Don't create 'icon-theme.cache'.
+             (substitute* "editor/Makefile"
+               (("gtk-update-icon-cache") "true"))
+             #t)))))
     (native-inputs
      `(("glib:bin" ,glib "bin") ; for glib-compile-schemas, gio-2.0.
        ("intltool" ,intltool)
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index 38a1dc9db6..c15a4afcd6 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -7,7 +7,7 @@
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
-;;; Copyright © 2016 Nils Gillmann <ng0@libertad.pw>
+;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -51,7 +51,7 @@
 (define-public libgpg-error
   (package
     (name "libgpg-error")
-    (version "1.22")
+    (version "1.24")
     (source
      (origin
       (method url-fetch)
@@ -59,7 +59,7 @@
                           version ".tar.bz2"))
       (sha256
        (base32
-        "0ywxwswizmkyciy480kzczxn6nhbgzf3z8my4nk43nvv67k4x87j"))))
+        "0h75sf1ngr750c3fjfn4583q7wz40qm63jhg8vjfdrbx936f2s4j"))))
     (build-system gnu-build-system)
     (home-page "https://gnupg.org")
     (synopsis "Library of error values for GnuPG components")
@@ -75,15 +75,14 @@ Daemon and possibly more in the future.")
 (define-public libgcrypt
   (package
     (name "libgcrypt")
-    (replacement libgcrypt-1.7.3)
-    (version "1.7.0")
+    (version "1.7.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
                                  version ".tar.bz2"))
              (sha256
               (base32
-               "14pspxwrqcgfklw3dgmywbxqwdzcym7fznfrqh9rk4vl8jkpxrmh"))))
+               "0wbh6fq5zi9wg2xcfvfpwh7dv52jihivx1vm4h91c2kx0w8n3b6x"))))
     (build-system gnu-build-system)
     (propagated-inputs
      `(("libgpg-error-host" ,libgpg-error)))
@@ -109,22 +108,9 @@ generation.")
     (properties '((ftp-server . "ftp.gnupg.org")
                   (ftp-directory . "/gcrypt/libgcrypt")))))
 
-(define libgcrypt-1.7.3
-  (package
-    (inherit libgcrypt)
-    (version "1.7.3")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
-                                  version ".tar.bz2"))
-              (sha256
-               (base32
-                "0wbh6fq5zi9wg2xcfvfpwh7dv52jihivx1vm4h91c2kx0w8n3b6x"))))))
-
 (define-public libgcrypt-1.5
   (package (inherit libgcrypt)
-    (replacement libgcrypt-1.5.6)
-    (version "1.5.4")
+    (version "1.5.6")
     (source
      (origin
       (method url-fetch)
@@ -132,20 +118,7 @@ generation.")
                           version ".tar.bz2"))
       (sha256
        (base32
-        "0czvqxkzd5y872ipy6s010ifwdwv29sqbnqc4pf56sd486gqvy6m"))))))
-
-(define libgcrypt-1.5.6
-  (package
-    (inherit libgcrypt-1.5)
-    (source
-     (let ((version "1.5.6"))
-       (origin
-         (method url-fetch)
-         (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
-                             version ".tar.bz2"))
-         (sha256
-          (base32
-           "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h")))))))
+        "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h"))))))
 
 (define-public libassuan
   (package
@@ -237,7 +210,7 @@ compatible to GNU Pth.")
 (define-public gnupg
   (package
     (name "gnupg")
-    (version "2.1.13")
+    (version "2.1.15")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
@@ -245,7 +218,7 @@ compatible to GNU Pth.")
               (patches (search-patches "gnupg-fix-expired-test.patch"))
               (sha256
                (base32
-                "0xcn46vcb5x5qx0bc803vpzhzhnn6wfhp7x71w9n1ahx4ak877ag"))))
+                "1pgz02gd84ab94w4xdg67p9z8kvkyr9d523bvcxxd2hviwh1m362"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -271,6 +244,17 @@ compatible to GNU Pth.")
           (lambda _
             (substitute* "tests/openpgp/defs.inc"
               (("/bin/pwd") (which "pwd")))
+            #t))
+        (add-after 'build 'patch-scheme-tests
+          (lambda _
+            (substitute* (find-files "tests" ".\\.scm$")
+              (("/usr/bin/env gpgscm")
+               (string-append (getcwd) "/tests/gpgscm/gpgscm")))))
+        (add-before 'check 'set-home
+          ;; Some tests require write access to $HOME, otherwise leading to
+          ;; 'failed to create directory /homeless-shelter/.asy' error.
+          (lambda _
+            (setenv "HOME" "/tmp")
             #t)))))
     (home-page "https://gnupg.org/")
     (synopsis "GNU Privacy Guard")
diff --git a/gnu/packages/grub.scm b/gnu/packages/grub.scm
index ffce1bf86b..b920be9ea2 100644
--- a/gnu/packages/grub.scm
+++ b/gnu/packages/grub.scm
@@ -128,8 +128,8 @@
                      #t)))))
     (inputs
      `(;; ("lvm2" ,lvm2)
+       ("gettext" ,gettext-minimal)
        ("mdadm" ,mdadm)
-       ("gettext" ,gnu-gettext)
        ("freetype" ,freetype)
        ;; ("libusb" ,libusb)
        ;; ("fuse" ,fuse)
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index df79239951..569d8d1591 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -357,7 +357,7 @@ printing and other features typical of a source code editor.")
 (define-public gtksourceview
  (package
    (name "gtksourceview")
-   (version "3.20.2")
+   (version "3.20.4")
    (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnome/sources/" name "/"
@@ -365,7 +365,7 @@ printing and other features typical of a source code editor.")
                                  name "-" version ".tar.xz"))
              (sha256
               (base32
-               "03vxirdbjpgjrkl5ph0p9b1saq17xxr4kvhz1ijpg40a9jf3ci4y"))))
+               "009xag7df07ngav2wzs0rdrrx4s2m6ahx93pxzc2p1pkbz4nl3ks"))))
    (build-system gnu-build-system)
    (arguments
     '(#:phases
@@ -486,7 +486,7 @@ in the GNOME project.")
 (define-public at-spi2-core
   (package
    (name "at-spi2-core")
-   (version "2.20.1")
+   (version "2.20.2")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/" name "/"
@@ -494,7 +494,7 @@ in the GNOME project.")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "0039y6bj1zfzhmfjbj5g830dlczphbpvbgmkcab9mapmh7kmin3f"))))
+              "0hx12snd9as4cq99ka3bn056xdf13f87pd1ilp6177qk8ffxx948"))))
    (build-system gnu-build-system)
    (outputs '("out" "doc"))
    (arguments
@@ -594,7 +594,7 @@ is part of the GNOME accessibility project.")
       ("libxrandr" ,libxrandr)))
    (native-inputs
     `(("perl" ,perl)
-      ("gettext" ,gnu-gettext)
+      ("gettext" ,gettext-minimal)
       ("glib" ,glib "bin")
       ("gobject-introspection" ,gobject-introspection)
       ("pkg-config" ,pkg-config)
@@ -629,7 +629,7 @@ application suites.")
 (define-public gtk+
   (package (inherit gtk+-2)
    (name "gtk+")
-   (version "3.20.3")
+   (version "3.20.9")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/" name "/"
@@ -640,6 +640,7 @@ application suites.")
               "157nh9gg0p2avw765hrnkvr8lsh2w811397yxgjv6q5j4fzz6d1q"))
             (patches (search-patches "gtk3-respect-GUIX_GTK3_PATH.patch"
                                      "gtk3-respect-GUIX_GTK3_IM_MODULE_FILE.patch"))))
+   (outputs '("out" "bin" "doc"))
    (propagated-inputs
     `(("at-spi2-atk" ,at-spi2-atk)
       ("atk" ,atk)
@@ -662,7 +663,7 @@ application suites.")
    (native-inputs
     `(("perl" ,perl)
       ("glib" ,glib "bin")
-      ("gettext" ,gnu-gettext)
+      ("gettext" ,gettext-minimal)
       ("pkg-config" ,pkg-config)
       ("gobject-introspection" ,gobject-introspection)
       ("python-wrapper" ,python-wrapper)
@@ -928,7 +929,7 @@ library.")
 (define-public pangomm
   (package
     (name "pangomm")
-    (version "2.40.0")
+    (version "2.40.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnome/sources/" name "/"
@@ -936,7 +937,7 @@ library.")
                                  name "-" version ".tar.xz"))
              (sha256
               (base32
-               "03fpqdjp7plybf4zsgszbm8yhgl28vmajzfpmaqcsmyfvjlszl3x"))))
+               "1bz3gciff23bpw9bqc4v2l3lkq9w7394v3a4jxkvx0ap5lmfwqlp"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)))
     (propagated-inputs
@@ -1177,7 +1178,7 @@ write GNOME applications.")
                (base32
                 "03wsxj27hvcbs3x96nah7j3paclifwlfag8kdph4kldl48srp9pb"))))
     (native-inputs `(("pkg-config" ,pkg-config)
-                     ("gettext" ,gnu-gettext)))
+                     ("gettext" ,gettext-minimal)))
     (inputs `(("gtk+" ,gtk+)
               ("check" ,check)))
     (arguments
@@ -1241,7 +1242,7 @@ information.")
      `(("pkg-config" ,pkg-config)
        ("itstool" ,itstool)
        ("libxml" ,libxml2)
-       ("gettext" ,gnu-gettext)
+       ("gettext" ,gettext-minimal)
        ("bc" ,bc)))
     (inputs
      `(("perl" ,perl)
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index 0890f19025..e1b27519e0 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -130,15 +130,14 @@ without requiring the source code to be rewritten.")
 (define-public guile-2.0
   (package
    (name "guile")
-   (version "2.0.11")
+   (version "2.0.12")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/guile/guile-" version
                                 ".tar.xz"))
             (sha256
              (base32
-              "1qh3j7308qvsjgwf7h94yqgckpbgz2k3yqdkzsyhqcafvfka9l5f"))
-            (patches (search-patches "guile-arm-fixes.patch"))))
+              "1sdpjq0jf1h65w29q0zprj4x6kdp5jskkvbnlwphy9lvdxrqg0fy"))))
    (build-system gnu-build-system)
    (native-inputs `(("pkgconfig" ,pkg-config)))
    (inputs `(("libffi" ,libffi)
@@ -183,7 +182,7 @@ without requiring the source code to be rewritten.")
            (files '("share/guile/site/2.0")))
           (search-path-specification
            (variable "GUILE_LOAD_COMPILED_PATH")
-           (files '("lib/guile/2.0/ccache"
+           (files '("lib/guile/2.0/site-ccache"
                     "share/guile/site/2.0")))))
 
    (synopsis "Scheme implementation intended especially for extensions")
@@ -277,7 +276,7 @@ applicable."
        ("libtool" ,libtool)
        ("flex" ,flex)
        ("texinfo" ,texinfo)
-       ("gettext" ,gnu-gettext)
+       ("gettext" ,gettext-minimal)
        ,@(package-native-inputs guile-next)))
     ;; Same as in guile-2.0
     (native-search-paths
diff --git a/gnu/packages/gv.scm b/gnu/packages/gv.scm
index 240e3fc96c..e1e86a83a6 100644
--- a/gnu/packages/gv.scm
+++ b/gnu/packages/gv.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2013, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -39,7 +40,7 @@
             (sha256 (base32
                      "0q8s43z14vxm41pfa8s5h9kyyzk1fkwjhkiwbf2x70alm6rv6qi1"))))
    (build-system gnu-build-system)
-   (propagated-inputs `(("ghostscript" ,ghostscript-gs/x)))
+   (propagated-inputs `(("ghostscript" ,ghostscript/x)))
    (inputs `(("libx11" ,libx11)
              ("libxaw3d" ,libxaw3d)
              ("libxinerama" ,libxinerama)
diff --git a/gnu/packages/ibus.scm b/gnu/packages/ibus.scm
index 814984f16f..8dc5cdb742 100644
--- a/gnu/packages/ibus.scm
+++ b/gnu/packages/ibus.scm
@@ -265,7 +265,7 @@ Chinese pinyin input methods.")
                 '("ibus-engine-anthy" "ibus-setup-anthy"))
                #t))))))
     (native-inputs
-     `(("gettext" ,gnu-gettext)
+     `(("gettext" ,gettext-minimal)
        ("intltool" ,intltool)
        ("pkg-config" ,pkg-config)
        ("python" ,python)))
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 4039c1a00b..920a293dbf 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -58,18 +58,18 @@
 (define-public libpng
   (package
    (name "libpng")
-   (version "1.5.26")
+   (version "1.6.25")
    (source (origin
             (method url-fetch)
 
             ;; Note: upstream removes older tarballs.
-            (uri (list (string-append "mirror://sourceforge/libpng/libpng15/"
+            (uri (list (string-append "mirror://sourceforge/libpng/libpng16/"
                                       version "/libpng-" version ".tar.xz")
                        (string-append
                         "ftp://ftp.simplesystems.org/pub/libpng/png/src"
                         "/libpng15/libpng-" version ".tar.xz")))
             (sha256
-             (base32 "0kbissyd7d4ahwdpm968nnzl7q15p6hadg44i9x0vrkrzdgdi93v"))))
+             (base32 "04c8inn745hw25wz2dc5vll5n5d2gsndj01i4srwzgz8861qvzh9"))))
    (build-system gnu-build-system)
 
    ;; libpng.la says "-lz", so propagate it.
@@ -101,13 +101,13 @@ library.  It supports almost all PNG features and is extensible.")
 (define-public libjpeg
   (package
    (name "libjpeg")
-   (version "9a")
+   (version "9b")
    (source (origin
             (method url-fetch)
             (uri (string-append "http://www.ijg.org/files/jpegsrc.v"
                    version ".tar.gz"))
             (sha256 (base32
-                     "19q5zr4n60sjcvfbyv06n4pcl1mai3ipvnd2akflayciinj3wx9s"))))
+                     "0lnhpahgdwlrkd41lx6cr90r199f8mc6ydlh7jznj5klvacd63r4"))))
    (build-system gnu-build-system)
    (synopsis "Library for handling JPEG files")
    (description
@@ -186,7 +186,6 @@ extracting icontainer icon files.")
 (define-public libtiff
   (package
    (name "libtiff")
-   (replacement libtiff/fixed)
    (version "4.0.6")
    (source (origin
             (method url-fetch)
@@ -197,7 +196,14 @@ extracting icontainer icon files.")
             (patches (search-patches
                       "libtiff-oob-accesses-in-decode.patch"
                       "libtiff-oob-write-in-nextdecode.patch"
-                      "libtiff-CVE-2015-8665+CVE-2015-8683.patch"))))
+                      "libtiff-CVE-2015-8665+CVE-2015-8683.patch"
+                      "libtiff-CVE-2016-3623.patch"
+                      "libtiff-CVE-2016-3945.patch"
+                      "libtiff-CVE-2016-3990.patch"
+                      "libtiff-CVE-2016-3991.patch"
+                      "libtiff-CVE-2016-5314.patch"
+                      "libtiff-CVE-2016-5321.patch"
+                      "libtiff-CVE-2016-5323.patch"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"))                           ;1.3 MiB of HTML documentation
@@ -219,23 +225,6 @@ collection of tools for doing simple manipulations of TIFF images.")
                                   "See COPYRIGHT in the distribution."))
    (home-page "http://www.remotesensing.org/libtiff/")))
 
-(define libtiff/fixed
-  (package
-    (inherit libtiff)
-    (source (origin
-              (inherit (package-source libtiff))
-              (patches (search-patches
-                         "libtiff-oob-accesses-in-decode.patch"
-                         "libtiff-oob-write-in-nextdecode.patch"
-                         "libtiff-CVE-2015-8665+CVE-2015-8683.patch"
-                         "libtiff-CVE-2016-3623.patch"
-                         "libtiff-CVE-2016-3945.patch"
-                         "libtiff-CVE-2016-3990.patch"
-                         "libtiff-CVE-2016-3991.patch"
-                         "libtiff-CVE-2016-5314.patch"
-                         "libtiff-CVE-2016-5321.patch"
-                         "libtiff-CVE-2016-5323.patch"))))))
-
 (define-public libwmf
   (package
     (name "libwmf")
diff --git a/gnu/packages/irc.scm b/gnu/packages/irc.scm
index 786cfbc42c..ba073bc771 100644
--- a/gnu/packages/irc.scm
+++ b/gnu/packages/irc.scm
@@ -155,7 +155,7 @@ SILC and ICB protocols via plugins.")
                      ("libtool" ,libtool)))
     (inputs `(("ncurses" ,ncurses)
               ("diffutils" ,diffutils)
-              ("gettext" ,gnu-gettext)
+              ("gettext" ,gettext-minimal)
               ("libltdl" ,libltdl)
               ("libgcrypt" ,libgcrypt "out")
               ("zlib" ,zlib)
diff --git a/gnu/packages/iso-codes.scm b/gnu/packages/iso-codes.scm
index 0a9427cef2..dbdd868b3b 100644
--- a/gnu/packages/iso-codes.scm
+++ b/gnu/packages/iso-codes.scm
@@ -40,7 +40,7 @@
                "037hmfs5pk3g36psm378vap1mbrkk86vv8wsdnv65mzbnph52gv0"))))
     (build-system gnu-build-system)
     (inputs
-     `(("gettext" ,gnu-gettext)
+     `(("gettext" ,gettext-minimal)
        ("perl" ,perl)
        ("python" ,python-wrapper)))
     (home-page "https://pkg-isocodes.alioth.debian.org/")
diff --git a/gnu/packages/kde-frameworks.scm b/gnu/packages/kde-frameworks.scm
index 011f9e0deb..3790e8f63f 100644
--- a/gnu/packages/kde-frameworks.scm
+++ b/gnu/packages/kde-frameworks.scm
@@ -601,7 +601,7 @@ interfaces in the areas of colors, fonts, text, images, keyboard input.")
           "0cw24spmwsqa3ppkw03cm6yjd3sfll0dbbk2ya76fd4nw9hb00dv"))))
     (build-system cmake-build-system)
     (propagated-inputs
-     `(("gettext" ,gnu-gettext)
+     `(("gettext" ,gettext-minimal)
        ("python" ,python)))
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)))
diff --git a/gnu/packages/kodi.scm b/gnu/packages/kodi.scm
index ec4e72e8ba..929894d61e 100644
--- a/gnu/packages/kodi.scm
+++ b/gnu/packages/kodi.scm
@@ -199,7 +199,7 @@ generator library for C++.")
        ("cmake" ,cmake)
        ("doxygen" ,doxygen)
        ("gawk" ,gawk)
-       ("gettext" ,gnu-gettext)
+       ("gettext" ,gettext-minimal)
        ("icedtea" ,icedtea) ; needed at build-time only, mandatory
        ("libtool" ,libtool)
        ("pkg-config" ,pkg-config)
diff --git a/gnu/packages/libidn.scm b/gnu/packages/libidn.scm
index 432c1fe675..0c9d0af3c8 100644
--- a/gnu/packages/libidn.scm
+++ b/gnu/packages/libidn.scm
@@ -27,14 +27,14 @@
 (define-public libidn
   (package
    (name "libidn")
-   (replacement libidn-1.33)
-   (version "1.32")
+   (version "1.33")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/libidn/libidn-" version
                                 ".tar.gz"))
-            (sha256 (base32
-                     "1xf4hphhahcjm2xwx147lfpsavjwv9l4c2gf6hx71zxywbz5lpds"))))
+            (sha256
+             (base32
+              "068fjg2arlppjqqpzd714n1lf6gxkpac9v5yyvp1qwmv6nvam9s4"))))
    (build-system gnu-build-system)
 ;; FIXME: No Java and C# libraries are currently built.
    (synopsis "Internationalized string processing library")
@@ -46,16 +46,3 @@ names.  It includes native C, C# and Java libraries.")
    ;; the command line tool is gpl3+.
    (license (list gpl2+ gpl3+ lgpl3+ fdl1.3+))
    (home-page "http://www.gnu.org/software/libidn/")))
-
-(define libidn-1.33
-  (package
-    (inherit libidn)
-    (source
-      (let ((version "1.33"))
-        (origin
-          (method url-fetch)
-          (uri (string-append "mirror://gnu/libidn/libidn-" version
-                              ".tar.gz"))
-          (sha256
-           (base32
-            "068fjg2arlppjqqpzd714n1lf6gxkpac9v5yyvp1qwmv6nvam9s4")))))))
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 52c7c7d027..b77ca774b4 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -15,6 +15,7 @@
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
+;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -109,17 +110,36 @@
          version "-gnu.tar.xz")))
 
 (define-public linux-libre-headers
-  (let* ((version "4.1.18")
-         (build-phase
-          (lambda (arch)
-            `(lambda _
-               (setenv "ARCH" ,(system->linux-architecture arch))
+  (package
+    (name "linux-libre-headers")
+    (version "4.4.18")
+    (source (origin
+             (method url-fetch)
+             (uri (linux-libre-urls version))
+             (sha256
+              (base32
+               "0k8k17in7dkjd9d8zg3i8l1ax466dba6bxw28flxizzyq8znljps"))))
+    (build-system gnu-build-system)
+    (native-inputs `(("perl" ,perl)))
+    (arguments
+     `(#:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (srfi srfi-1))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (replace 'build
+           (lambda _
+             (let ((arch ,(system->linux-architecture
+                          (or (%current-target-system)
+                              (%current-system)))))
+               (setenv "ARCH" arch)
                (format #t "`ARCH' set to `~a'~%" (getenv "ARCH"))
 
                (and (zero? (system* "make" "defconfig"))
                     (zero? (system* "make" "mrproper" "headers_check"))))))
-         (install-phase
-          `(lambda* (#:key outputs #:allow-other-keys)
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
              (let ((out (assoc-ref outputs "out")))
                (and (zero? (system* "make"
                                     (string-append "INSTALL_HDR_PATH=" out)
@@ -139,33 +159,12 @@
                       (for-each delete-file (find-files out "\\.install"))
 
                       #t))))))
-   (package
-    (name "linux-libre-headers")
-    (version version)
-    (source (origin
-             (method url-fetch)
-             (uri (linux-libre-urls version))
-             (sha256
-              (base32
-               "1bddh2rg645lavhjkk9z75vflba5y0g73z2fjwgbfrj5jb44x9i7"))))
-    (build-system gnu-build-system)
-    (native-inputs `(("perl" ,perl)))
-    (arguments
-     `(#:modules ((guix build gnu-build-system)
-                  (guix build utils)
-                  (srfi srfi-1))
-       #:phases (alist-replace
-                 'build ,(build-phase (or (%current-target-system)
-                                          (%current-system)))
-                 (alist-replace
-                  'install ,install-phase
-                  (alist-delete 'configure %standard-phases)))
        #:allowed-references ()
        #:tests? #f))
+    (home-page "http://www.gnu.org/software/linux-libre")
     (synopsis "GNU Linux-Libre kernel headers")
     (description "Headers of the Linux-Libre kernel.")
-    (license license:gpl2)
-    (home-page "http://www.gnu.org/software/linux-libre/"))))
+    (license license:gpl2)))
 
 (define %boot-logo-patch
   ;; Linux-Libre boot logo featuring Freedo and a gnu.
@@ -358,17 +357,18 @@ It has been modified to remove all non-free binary blobs.")
 (define-public linux-pam
   (package
     (name "linux-pam")
-    (version "1.2.1")
+    (version "1.3.0")
     (source
      (origin
       (method url-fetch)
-      (uri (list (string-append "http://www.linux-pam.org/library/Linux-PAM-"
-                                version ".tar.bz2")
-                 (string-append "mirror://kernel.org/linux/libs/pam/library/Linux-PAM-"
-                                version ".tar.bz2")))
+      (uri (string-append
+            "http://www.linux-pam.org/library/"
+            "Linux-PAM-" version ".tar.bz2"))
       (sha256
        (base32
-        "1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl"))))
+        "1fyi04d5nsh8ivd0rn2y0z83ylgc0licz7kifbb6xxi2ylgfs6i4"))
+      (patches (search-patches "linux-pam-no-setfsuid.patch"))))
+
     (build-system gnu-build-system)
     (native-inputs
      `(("flex" ,flex)
@@ -396,6 +396,21 @@ be used through the PAM API to perform tasks, like authenticating a user
 at login.  Local and dynamic reconfiguration are its key features.")
     (license license:bsd-3)))
 
+(define-public linux-pam-1.2
+  (package
+    (inherit linux-pam)
+    (version "1.2.1")
+    (source
+     (origin
+      (method url-fetch)
+      (uri (string-append
+            "http://www.linux-pam.org/library/"
+            "Linux-PAM-" version ".tar.bz2"))
+      (sha256
+       (base32
+        "1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl"))
+      (patches (search-patches "linux-pam-no-setfsuid.patch"))))))
+
 
 ;;;
 ;;; Miscellaneous.
@@ -427,7 +442,7 @@ providing the system administrator with some help in common tasks.")
 (define-public util-linux
   (package
     (name "util-linux")
-    (version "2.27")
+    (version "2.28.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://kernel.org/linux/utils/"
@@ -435,7 +450,7 @@ providing the system administrator with some help in common tasks.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1ivdx1bhjbakf77agm9dn3wyxia1wgz9lzxgd61zqxw3xzih9gzw"))
+                "03xnaw3c7pavxvvh1vnimcr44hlhhf25whawiyv8dxsflfj4xkiy"))
               (patches (search-patches "util-linux-tests.patch"))
               (modules '((guix build utils)))
               (snippet
@@ -510,16 +525,14 @@ block devices, UUIDs, TTYs, and many other tools.")
 (define-public procps
   (package
     (name "procps")
-    (version "3.3.11")
+    (version "3.3.12")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/procps-ng/Production/"
                                   "procps-ng-" version ".tar.xz"))
               (sha256
                (base32
-                "1va4n0mpsq327ca9dqp4hnrpgs6821rp0f2m0jyc1bfjl9lk2jg9"))
-              (patches
-               (list (search-patch "procps-non-linux.patch")))))
+                "1m57w6jmry84njd5sgk5afycbglql0al80grx027kwqqcfw5mmkf"))))
     (build-system gnu-build-system)
     (arguments
      '(#:modules ((guix build utils)
@@ -528,6 +541,15 @@ block devices, UUIDs, TTYs, and many other tools.")
                   (srfi srfi-26))
        #:phases
        (modify-phases %standard-phases
+         (add-before 'check 'disable-strtod-test
+           (lambda _
+             ;; Disable the 'strtod' test, which fails on 32-bit systems.
+             ;; This is what upstream does:
+             ;; <https://gitlab.com/procps-ng/procps/commit/100afbc1491be388f1429021ff65d969f4b1e08f>.
+             (substitute* "Makefile"
+               (("^(TESTS|check_PROGRAMS) = .*$" all)
+                (string-append "# " all "\n")))
+             #t))
          (add-after
           'install 'post-install
           ;; Remove commands and man pages redudant with
@@ -854,7 +876,7 @@ MIDI functionality to the Linux-based operating system.")
        ("ncurses" ,ncurses)
        ("alsa-lib" ,alsa-lib)
        ("xmlto" ,xmlto)
-       ("gettext" ,gnu-gettext)))
+       ("gettext" ,gettext-minimal)))
     (home-page "http://www.alsa-project.org/")
     (synopsis "Utilities for the Advanced Linux Sound Architecture (ALSA)")
     (description
@@ -1043,7 +1065,7 @@ manpages.")
                          (sha256
                           (base32
                            "0p93lsqx23v5fv4hpbrydmfvw1ha2rgqpn2zqbs2jhxkzhjc030p"))))))
-    (native-inputs `(("gettext" ,gnu-gettext)))
+    (native-inputs `(("gettext" ,gettext-minimal)))
 
     (synopsis "Tools for controlling the network subsystem in Linux")
     (description
@@ -1604,7 +1626,7 @@ from the module-init-tools project.")
   ;; The post-systemd fork, maintained by Gentoo.
   (package
     (name "eudev")
-    (version "3.1.5")
+    (version "3.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1612,7 +1634,7 @@ from the module-init-tools project.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "0akg9gcc3c2p56xbhlvbybqavcprly5q0bvk655zwl6d62j8an7p"))
+                "099w62ncq78nxpxizf910mx18hc8x4qvzw3azjd00fir89wmyjnq"))
               (patches (search-patches "eudev-rules-directory.patch"))))
     (build-system gnu-build-system)
     (native-inputs
@@ -2459,7 +2481,7 @@ Bluetooth audio output devices like headphones or loudspeakers.")
                #t))))))
     (native-inputs
      `(("pkg-config" ,pkg-config)
-       ("gettext" ,gnu-gettext)))
+       ("gettext" ,gettext-minimal)))
     (inputs
      `(("glib" ,glib)
        ("dbus" ,dbus)
@@ -2799,7 +2821,7 @@ from that to the system kernel's @file{/dev/random} machinery.")
                             "DEBUG=false"
                             "PACKAGE_BUGREPORT=bug-guix@gnu.org"))
        #:tests? #f)) ;no tests
-    (native-inputs `(("gettext" ,gnu-gettext)))
+    (native-inputs `(("gettext" ,gettext-minimal)))
     (inputs `(("pciutils" ,pciutils)))
     (home-page (package-home-page linux-libre))
     (synopsis "CPU frequency and voltage scaling tools for Linux")
diff --git a/gnu/packages/lout.scm b/gnu/packages/lout.scm
index 1355e0387a..f2c724ae07 100644
--- a/gnu/packages/lout.scm
+++ b/gnu/packages/lout.scm
@@ -88,8 +88,7 @@
     (build-system gnu-build-system)               ; actually, just a makefile
     (outputs '("out" "doc"))
     (native-inputs
-     `(("ghostscript" ,ghostscript)
-       ("ghostscript-gs" ,ghostscript-gs)))
+     `(("ghostscript" ,ghostscript)))
     (arguments `(#:modules ((guix build utils)
                             (guix build gnu-build-system)
                             (srfi srfi-1))        ; we need SRFI-1
diff --git a/gnu/packages/man.scm b/gnu/packages/man.scm
index 865851982f..ddb7a3e283 100644
--- a/gnu/packages/man.scm
+++ b/gnu/packages/man.scm
@@ -189,7 +189,7 @@ Linux kernel and C library interfaces employed by user-space programs.")
      `(("perl" ,perl)
        ;; TODO: Add these optional dependencies.
        ;; ("perl-LocaleGettext" ,perl-LocaleGettext)
-       ;; ("gettext" ,gnu-gettext)
+       ;; ("gettext" ,gettext-minimal)
        ))
     (home-page "http://www.gnu.org/software/help2man/")
     (synopsis "Automatically generate man pages from program --help")
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 6442564ddb..3bb2a386b0 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -1886,7 +1886,7 @@ parts of it.")
 (define-public openblas
   (package
     (name "openblas")
-    (version "0.2.15")
+    (version "0.2.19")
     (source
      (origin
        (method url-fetch)
@@ -1895,7 +1895,7 @@ parts of it.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1k5f6vjlk54qlplk5m7xkbaw6g2y7dl50lwwdv6xsbcsgsbxfcpy"))))
+         "071zqnmnxhh0c9phzyn3f198yxa0hjxda7016azdbq2056sm70w7"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f  ;no "check" target
@@ -2456,7 +2456,7 @@ evaluates expressions using the standard order of operations.")
                (base32
                 "15cd1cx1dyygw6g2nhjqq3bsfdj8sj8m4va9n75i0f3ryww3x7wq"))))
     (build-system gnu-build-system)
-    (native-inputs `(("gettext" ,gnu-gettext)))
+    (native-inputs `(("gettext" ,gettext-minimal)))
     (inputs `(("libx11" ,libx11)
               ("zlib" ,zlib)
               ("libpng" ,libpng)
diff --git a/gnu/packages/mit-krb5.scm b/gnu/packages/mit-krb5.scm
index 3d11f3a450..3299c7b5c4 100644
--- a/gnu/packages/mit-krb5.scm
+++ b/gnu/packages/mit-krb5.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2012, 2013 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -31,8 +32,7 @@
 (define-public mit-krb5
   (package
     (name "mit-krb5")
-    (replacement mit-krb5-1.14.3)
-    (version "1.14.2")
+    (version "1.14.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
@@ -40,7 +40,7 @@
                                   "/krb5-" version ".tar.gz"))
               (sha256
                (base32
-                "09wbv969ak4fqlqr1ip5bi62fny1zlp1vwjarvj6a6cdfzkdgjkb"))))
+                "1jgjiyh1sp72lkxvk437lz5hzcibvw99jc4ihzfz03fg43aj0ind"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("bison" ,bison)
@@ -84,17 +84,3 @@ cryptography.")
     (license (non-copyleft "file://NOTICE"
                            "See NOTICE in the distribution."))
     (home-page "http://web.mit.edu/kerberos/")))
-
-(define mit-krb5-1.14.3
-  (package
-    (inherit mit-krb5)
-    (source
-      (let ((version "1.14.3"))
-        (origin
-          (method url-fetch)
-          (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
-                              (version-major+minor version)
-                              "/krb5-" version ".tar.gz"))
-          (sha256
-           (base32
-            "1jgjiyh1sp72lkxvk437lz5hzcibvw99jc4ihzfz03fg43aj0ind")))))))
diff --git a/gnu/packages/mono.scm b/gnu/packages/mono.scm
index 75e39afdf0..343cebc99f 100644
--- a/gnu/packages/mono.scm
+++ b/gnu/packages/mono.scm
@@ -44,7 +44,7 @@
                 "0jibyvyv2jy8dq5ij0j00iq3v74r0y90dcjc3dkspcfbnn37cphn"))))
     (build-system gnu-build-system)
     (native-inputs
-     `(("gettext" ,gnu-gettext)
+     `(("gettext" ,gettext-minimal)
        ("glib" ,glib)
        ("libxslt" ,libxslt)
        ("perl" ,perl)
diff --git a/gnu/packages/mp3.scm b/gnu/packages/mp3.scm
index 37407cdc17..73a9a23efd 100644
--- a/gnu/packages/mp3.scm
+++ b/gnu/packages/mp3.scm
@@ -443,7 +443,7 @@ format.")
                (install-file "mpc123" bin)))))
        #:tests? #f))
     (native-inputs
-     `(("gettext" ,gnu-gettext)))
+     `(("gettext" ,gettext-minimal)))
     (inputs
      `(("libao" ,ao)
        ("libmpcdec" ,libmpcdec)))
diff --git a/gnu/packages/multiprecision.scm b/gnu/packages/multiprecision.scm
index 46540be5c4..23ae68a28f 100644
--- a/gnu/packages/multiprecision.scm
+++ b/gnu/packages/multiprecision.scm
@@ -31,7 +31,7 @@
 (define-public gmp
   (package
    (name "gmp")
-   (version "6.1.0")
+   (version "6.1.1")
    (source (origin
             (method url-fetch)
             (uri
@@ -39,7 +39,7 @@
                             version ".tar.xz"))
             (sha256
              (base32
-              "12b9s4jn48gbar6dbs5qrlmljdmnq43xy3ji9yjzic0mwp6dmnk8"))
+              "0cg84n482gcvl0s4xq4wgwsk4r0x0m8dnzpizwqdd2j8vw2rqvnk"))
             (patches (search-patches "gmp-faulty-test.patch"))))
    (build-system gnu-build-system)
    (native-inputs `(("m4" ,m4)))
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index 796ec7a1af..adaf78e4a3 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -493,7 +493,7 @@ for path in [path for path in sys.path if 'site-packages' in path]: site.addsite
        ("python2-pyliblo" ,python2-pyliblo)
        ("python2-pygtk" ,python2-pygtk)))
     (native-inputs
-     `(("gettext" ,gnu-gettext)))
+     `(("gettext" ,gettext-minimal)))
     (home-page "http://das.nasophon.de/gtklick/")
     (synopsis "Simple metronome with an easy-to-use graphical interface")
     (description
@@ -555,7 +555,7 @@ interface.  It is implemented as a frontend to @code{klick}.")
        ("font-tex-gyre" ,font-tex-gyre)
        ("fontconfig" ,fontconfig)
        ("freetype" ,freetype)
-       ("ghostscript" ,ghostscript-gs)
+       ("ghostscript" ,ghostscript)
        ("pango" ,pango)
        ("python" ,python-2)))
     (native-inputs
@@ -564,7 +564,7 @@ interface.  It is implemented as a frontend to @code{klick}.")
        ("flex" ,flex)
        ("fontforge" ,fontforge)
        ("dblatex" ,dblatex)
-       ("gettext" ,gnu-gettext)
+       ("gettext" ,gettext-minimal)
        ("imagemagick" ,imagemagick)
        ("netpbm" ,netpbm) ;for pngtopnm
        ("texlive" ,texlive) ;metafont and metapost
@@ -712,7 +712,7 @@ for path in [path for path in sys.path if 'site-packages' in path]: site.addsite
     (inputs
      `(("python" ,python-2)
        ("pygtk" ,python2-pygtk)
-       ("gettext" ,gnu-gettext)
+       ("gettext" ,gettext-minimal)
        ("gtk" ,gtk+)
        ("lilypond" ,lilypond)
        ;; players needed at runtime
@@ -987,7 +987,7 @@ Laurens Hammond and Don Leslie.")
        ("flac" ,flac)
        ("alsa-lib" ,alsa-lib)
        ("libvorbis" ,libvorbis)
-       ("gettext" ,gnu-gettext)))
+       ("gettext" ,gettext-minimal)))
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("glib:bin" ,glib "bin")
@@ -1180,7 +1180,7 @@ export.")
      `(("autoconf" ,autoconf)
        ("automake" ,automake)
        ("libtool" ,libtool)
-       ("gettext" ,gnu-gettext)
+       ("gettext" ,gettext-minimal)
        ("pkg-config" ,pkg-config)))
     (inputs
      `(("tk" ,tk)
diff --git a/gnu/packages/nano.scm b/gnu/packages/nano.scm
index 3c4c699983..01ef5dc800 100644
--- a/gnu/packages/nano.scm
+++ b/gnu/packages/nano.scm
@@ -40,7 +40,7 @@
         "1hzazcrbwjqiw89jjvlj97q0wf385qqkzcm0870pdrixiv7yklax"))))
     (build-system gnu-build-system)
     (inputs
-     `(("gettext" ,gnu-gettext)
+     `(("gettext" ,gettext-minimal)
        ("ncurses" ,ncurses)))
     (home-page "http://www.nano-editor.org/")
     (synopsis "Small, user-friendly console text editor")
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index ba8d08227c..1cf6b052b8 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -485,7 +485,7 @@ network frames.")
          "1110r3gpsj9xmybdw7w4zkhj3zmn5mnv2nq0ijbvrywbn019zdfs"))))
     (build-system gnu-build-system)
     (native-inputs
-     `(("gettext" ,gnu-gettext)))
+     `(("gettext" ,gettext-minimal)))
     (inputs
      `(("fftw" ,fftw)
        ("ncurses" ,ncurses)
diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm
index f6f7308ff0..f1b4bdbf6f 100644
--- a/gnu/packages/ocaml.scm
+++ b/gnu/packages/ocaml.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com>
 ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -573,7 +574,6 @@ libpanel, librsvg and quartz.")
     (native-inputs
      `(("ocaml" ,ocaml)
        ;; For documentation
-       ("ghostscript-gs" ,ghostscript-gs)
        ("ghostscript" ,ghostscript)
        ("texlive" ,texlive)
        ("hevea" ,hevea)
diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm
index 4bbc6a6bf8..627319bda8 100644
--- a/gnu/packages/openldap.scm
+++ b/gnu/packages/openldap.scm
@@ -55,14 +55,11 @@
               "0044p20hx07fwgw2mbwj1fkx04615hhs1qyx4mawj2bhqvrnppnp"))))
    (build-system gnu-build-system)
    (inputs `(("bdb" ,bdb-5.3)
-             ("openssl" ,openssl)
              ("cyrus-sasl" ,cyrus-sasl)
+             ("gnutls" ,gnutls)
              ("groff" ,groff)
              ("icu4c" ,icu4c)
              ("libgcrypt" ,libgcrypt)
-             ;; FIXME: currently, openldap requires openssl or gnutls<3, see
-             ;; http://www.openldap.org/its/index.cgi/Incoming?id=7430;page=17
-             ;; Once this is fixed, switch to gnutls.
              ("zlib" ,zlib)))
    (native-inputs `(("libtool" ,libtool)))
    (arguments
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 70a6a49921..34515f1d22 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -247,7 +247,7 @@ the Nix package manager.")
       (native-inputs
        `(("autoconf" ,(autoconf-wrapper))
          ("automake" ,automake)
-         ("gettext" ,gnu-gettext)
+         ("gettext" ,gettext-minimal)
          ("texinfo" ,texinfo)
          ("graphviz" ,graphviz)
          ("help2man" ,help2man)
diff --git a/gnu/packages/patches/binutils-mips-bash-bug.patch b/gnu/packages/patches/binutils-mips-bash-bug.patch
new file mode 100644
index 0000000000..08d3a79749
--- /dev/null
+++ b/gnu/packages/patches/binutils-mips-bash-bug.patch
@@ -0,0 +1,22 @@
+Bash 4.2.0(1)-release, which we use during bootstrap, does not yield the
+"x" case in:
+
+  case x"$EMULATION_NAME" in x) ;; *) ;; esac
+
+when 'EMULATION_NAME' is undefined.  Bash 4.3.30(1)-release doesn't have this
+problem.  Work around it.
+
+This Bash bug was fixed
+in <http://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-007>.
+
+--- a/ld/emulparams/elf32bmipn32-defs.sh
++++ b/ld/emulparams/elf32bmipn32-defs.sh
+@@ -13,7 +13,7 @@ LITTLE_OUTPUT_FORMAT="elf32-littlemips"
+ TEMPLATE_NAME=elf32
+ EXTRA_EM_FILE=mipself
+ 
+-case x"$EMULATION_NAME" in
++case "x$EMULATION_NAME" in
+ xelf32*n32*) ELFSIZE=32 ;;
+ xelf64*) ELFSIZE=64 ;;
+ x) ;;
diff --git a/gnu/packages/patches/cmake-fix-tests.patch b/gnu/packages/patches/cmake-fix-tests.patch
index f59e2cd625..732b0023ab 100644
--- a/gnu/packages/patches/cmake-fix-tests.patch
+++ b/gnu/packages/patches/cmake-fix-tests.patch
@@ -1,6 +1,17 @@
---- cmake-3.2.2.orig/Tests/CMakeLists.txt	2015-04-14 01:09:00.000000000 +0800
-+++ cmake-3.2.2/Tests/CMakeLists.txt	2015-04-28 15:02:34.913039742 +0800
-@@ -342,10 +342,12 @@
+From af0a62dadfb3db25880bc653e2e4c97435a604c9 Mon Sep 17 00:00:00 2001
+From: Efraim Flashner <efraim@flashner.co.il>
+Date: Mon, 29 Aug 2016 20:07:58 +0300
+Subject: [PATCH] cmake-fix-tests
+
+---
+ Tests/CMakeLists.txt | 83 ++++++++++++++++++++++++++++------------------------
+ 1 file changed, 44 insertions(+), 39 deletions(-)
+
+diff --git a/Tests/CMakeLists.txt b/Tests/CMakeLists.txt
+index f21e430..56014a2 100644
+--- a/Tests/CMakeLists.txt
++++ b/Tests/CMakeLists.txt
+@@ -416,10 +416,12 @@ if(BUILD_TESTING)
    endif()
  
    # run test for BundleUtilities on supported platforms/compilers
@@ -17,7 +28,7 @@
    if(NOT "${CMAKE_GENERATOR}" STREQUAL "Watcom WMake")
  
      add_test(BundleUtilities ${CMAKE_CTEST_COMMAND}
-@@ -2257,16 +2259,17 @@
+@@ -2481,30 +2483,32 @@ ${CMake_BINARY_DIR}/bin/cmake -DDIR=dev -P ${CMake_SOURCE_DIR}/Utilities/Release
      PASS_REGULAR_EXPRESSION "Could not find executable"
      FAIL_REGULAR_EXPRESSION "SegFault")
  
@@ -31,6 +42,20 @@
 -    )
 -  set_tests_properties(CTestTestUpload PROPERTIES
 -    PASS_REGULAR_EXPRESSION "Upload\\.xml")
+-
+-  configure_file(
+-    "${CMake_SOURCE_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake.in"
+-    "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake"
+-    @ONLY ESCAPE_QUOTES)
+-  add_test(CTestCoverageCollectGCOV ${CMAKE_CTEST_COMMAND}
+-    -C \${CTEST_CONFIGURATION_TYPE}
+-    -S "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake" -VV
+-    --output-log "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/testOut.log"
+-    )
+-  set_tests_properties(CTestCoverageCollectGCOV PROPERTIES
+-    PASS_REGULAR_EXPRESSION
+-    "PASSED with correct output.*Testing/CoverageInfo/main.cpp.gcov")
+-  set_property(TEST CTestCoverageCollectGCOV PROPERTY ENVIRONMENT CTEST_PARALLEL_LEVEL=)
 +# This test requires network connectivity: skip it.
 +#  configure_file(
 +#    "${CMake_SOURCE_DIR}/Tests/CTestTestUpload/test.cmake.in"
@@ -42,6 +67,54 @@
 +#    )
 +#  set_tests_properties(CTestTestUpload PROPERTIES
 +#    PASS_REGULAR_EXPRESSION "Upload\\.xml")
++
++# This test times out
++#  configure_file(
++#    "${CMake_SOURCE_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake.in"
++#    "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake"
++#    @ONLY ESCAPE_QUOTES)
++#  add_test(CTestCoverageCollectGCOV ${CMAKE_CTEST_COMMAND}
++#    -C \${CTEST_CONFIGURATION_TYPE}
++#    -S "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake" -VV
++#    --output-log "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/testOut.log"
++#    )
++#  set_tests_properties(CTestCoverageCollectGCOV PROPERTIES
++#    PASS_REGULAR_EXPRESSION
++#    "PASSED with correct output.*Testing/CoverageInfo/main.cpp.gcov")
++#  set_property(TEST CTestCoverageCollectGCOV PROPERTY ENVIRONMENT CTEST_PARALLEL_LEVEL=)
+ 
+   configure_file(
+     "${CMake_SOURCE_DIR}/Tests/CTestTestEmptyBinaryDirectory/test.cmake.in"
+@@ -2860,17 +2864,18 @@ ${CMake_BINARY_DIR}/bin/cmake -DDIR=dev -P ${CMake_SOURCE_DIR}/Utilities/Release
+   set_tests_properties(CTestTestStopTime PROPERTIES
+     PASS_REGULAR_EXPRESSION "The stop time has been passed")
+ 
+-  configure_file(
+-    "${CMake_SOURCE_DIR}/Tests/CTestTestSubdir/test.cmake.in"
+-    "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/test.cmake"
+-    @ONLY ESCAPE_QUOTES)
+-  add_test(CTestTestSubdir ${CMAKE_CTEST_COMMAND}
+-    -S "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/test.cmake" -V
+-    --output-log "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/testOutput.log"
+-    )
+-  #make sure all 3 subdirs were added
+-  set_tests_properties(CTestTestSubdir PROPERTIES
+-    PASS_REGULAR_EXPRESSION "0 tests failed out of 3")
++# This test fails to build 2 of the 3 tests
++#  configure_file(
++#    "${CMake_SOURCE_DIR}/Tests/CTestTestSubdir/test.cmake.in"
++#    "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/test.cmake"
++#    @ONLY ESCAPE_QUOTES)
++#  add_test(CTestTestSubdir ${CMAKE_CTEST_COMMAND}
++#    -S "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/test.cmake" -V
++#    --output-log "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/testOutput.log"
++#    )
++#  #make sure all 3 subdirs were added
++#  set_tests_properties(CTestTestSubdir PROPERTIES
++#    PASS_REGULAR_EXPRESSION "0 tests failed out of 3")
  
    configure_file(
-     "${CMake_SOURCE_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake.in"
+     "${CMake_SOURCE_DIR}/Tests/CTestTestTimeout/test.cmake.in"
+-- 
+2.9.3
+
diff --git a/gnu/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch b/gnu/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch
deleted file mode 100644
index edc43f84f1..0000000000
--- a/gnu/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch
+++ /dev/null
@@ -1,142 +0,0 @@
-Fix CVE-2012-6702 and CVE-2016-5300.
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300
-
-Patch copied from:
-https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u3/debian/patches/cve-2012-6702-plus-cve-2016-5300-v1.patch/
-
-From cb31522769d11a375078a073cba94e7176cb48a4 Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Wed, 16 Mar 2016 15:30:12 +0100
-Subject: [PATCH] Resolve call to srand, use more entropy (patch version 1.0)
-
-Squashed backport against vanilla Expat 2.1.1, addressing:
-* CVE-2012-6702 -- unanticipated internal calls to srand
-* CVE-2016-5300 -- use of too little entropy
-
-Since commit e3e81a6d9f0885ea02d3979151c358f314bf3d6d
-(released with Expat 2.1.0) Expat called srand by itself
-from inside generate_hash_secret_salt for an instance
-of XML_Parser if XML_SetHashSalt was either (a) not called
-for that instance or if (b) salt 0 was passed to XML_SetHashSalt
-prior to parsing.  That call to srand passed (rather litle)
-entropy extracted from the current time as a seed for srand.
-
-That call to srand (1) broke repeatability for code calling
-srand with a non-random seed prior to parsing with Expat,
-and (2) resulted in a rather small set of hashing salts in
-Expat in total.
-
-For a short- to mid-term fix, the new approach avoids calling
-srand altogether, extracts more entropy out of the clock and
-other sources, too.
-
-For a long term fix, we may want to read sizeof(long) bytes
-from a source like getrandom(..) on Linux, and from similar
-sources on other supported architectures.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1197087
----
- CMakeLists.txt |  3 +++
- lib/xmlparse.c | 48 +++++++++++++++++++++++++++++++++++++++++-------
- 2 files changed, 44 insertions(+), 7 deletions(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 353627e..524d514 100755
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -41,6 +41,9 @@ include_directories(${CMAKE_BINARY_DIR} ${CMAKE_SOURCE_DIR}/lib)
- if(MSVC)

-     add_definitions(-D_CRT_SECURE_NO_WARNINGS -wd4996)

- endif(MSVC)

-+if(WIN32)

-+    add_definitions(-DCOMPILED_FROM_DSP)

-+endif(WIN32)

- 

- set(expat_SRCS

-     lib/xmlparse.c

-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index e308c79..c5f942f 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -6,7 +6,14 @@
- #include <string.h>                     /* memset(), memcpy() */
- #include <assert.h>
- #include <limits.h>                     /* UINT_MAX */
--#include <time.h>                       /* time() */
-+
-+#ifdef COMPILED_FROM_DSP
-+#define getpid GetCurrentProcessId
-+#else
-+#include <sys/time.h>                   /* gettimeofday() */
-+#include <sys/types.h>                  /* getpid() */
-+#include <unistd.h>                     /* getpid() */
-+#endif
- 
- #define XML_BUILDING_EXPAT 1
- 
-@@ -432,7 +439,7 @@ static ELEMENT_TYPE *
- getElementType(XML_Parser parser, const ENCODING *enc,
-                const char *ptr, const char *end);
- 
--static unsigned long generate_hash_secret_salt(void);
-+static unsigned long generate_hash_secret_salt(XML_Parser parser);
- static XML_Bool startParsing(XML_Parser parser);
- 
- static XML_Parser
-@@ -691,11 +698,38 @@ static const XML_Char implicitContext[] = {
- };
- 
- static unsigned long
--generate_hash_secret_salt(void)
-+gather_time_entropy(void)
- {
--  unsigned int seed = time(NULL) % UINT_MAX;
--  srand(seed);
--  return rand();
-+#ifdef COMPILED_FROM_DSP
-+  FILETIME ft;
-+  GetSystemTimeAsFileTime(&ft); /* never fails */
-+  return ft.dwHighDateTime ^ ft.dwLowDateTime;
-+#else
-+  struct timeval tv;
-+  int gettimeofday_res;
-+
-+  gettimeofday_res = gettimeofday(&tv, NULL);
-+  assert (gettimeofday_res == 0);
-+
-+  /* Microseconds time is <20 bits entropy */
-+  return tv.tv_usec;
-+#endif
-+}
-+
-+static unsigned long
-+generate_hash_secret_salt(XML_Parser parser)
-+{
-+  /* Process ID is 0 bits entropy if attacker has local access
-+   * XML_Parser address is few bits of entropy if attacker has local access */
-+  const unsigned long entropy =
-+      gather_time_entropy() ^ getpid() ^ (unsigned long)parser;
-+
-+  /* Factors are 2^31-1 and 2^61-1 (Mersenne primes M31 and M61) */
-+  if (sizeof(unsigned long) == 4) {
-+    return entropy * 2147483647;
-+  } else {
-+    return entropy * 2305843009213693951;
-+  }
- }
- 
- static XML_Bool  /* only valid for root parser */
-@@ -703,7 +737,7 @@ startParsing(XML_Parser parser)
- {
-     /* hash functions must be initialized before setContext() is called */
-     if (hash_secret_salt == 0)
--      hash_secret_salt = generate_hash_secret_salt();
-+      hash_secret_salt = generate_hash_secret_salt(parser);
-     if (ns) {
-       /* implicit context only set for root parser, since child
-          parsers (i.e. external entity parsers) will inherit it
--- 
-2.8.2
-
diff --git a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch b/gnu/packages/patches/expat-CVE-2015-1283-refix.patch
deleted file mode 100644
index fc8d6291f5..0000000000
--- a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Follow-up upstream fix for CVE-2015-1283 to not rely on undefined
-behavior.
-
-Adapted from a patch from Debian (found in Debian package version
-2.1.0-6+deb8u2) to apply to upstream code:
-
-https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u2/debian/patches/CVE-2015-1283-refix.patch/
-
----
- lib/xmlparse.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 0f6f4cd..5c70c17 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -1727,7 +1727,8 @@ XML_GetBuffer(XML_Parser parser, int len)
-   }
- 
-   if (len > bufferLim - bufferEnd) {
--    int neededSize = len + (int)(bufferEnd - bufferPtr);
-+    /* Do not invoke signed arithmetic overflow: */
-+    int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr));
-     if (neededSize < 0) {
-       errorCode = XML_ERROR_NO_MEMORY;
-       return NULL;
-@@ -1759,7 +1760,8 @@ XML_GetBuffer(XML_Parser parser, int len)
-       if (bufferSize == 0)
-         bufferSize = INIT_BUFFER_SIZE;
-       do {
--        bufferSize *= 2;
-+        /* Do not invoke signed arithmetic overflow: */
-+        bufferSize = (int) (2U * (unsigned) bufferSize);
-       } while (bufferSize < neededSize && bufferSize > 0);
-       if (bufferSize <= 0) {
-         errorCode = XML_ERROR_NO_MEMORY;
--- 
-2.8.3
-
diff --git a/gnu/packages/patches/expat-CVE-2016-0718.patch b/gnu/packages/patches/expat-CVE-2016-0718.patch
deleted file mode 100644
index 22436c20cc..0000000000
--- a/gnu/packages/patches/expat-CVE-2016-0718.patch
+++ /dev/null
@@ -1,761 +0,0 @@
-Fix CVE-2016-0718.
-
-Copied from Debian, as found in Debian package version 2.1.0-6+deb8u2.
-
-https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u2/debian/patches/CVE-2016-0718-v2-2-1.patch/
-
-From cdfcb1b5c95e93b00ae9e9d25708b4a3bee72c15 Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Mon, 2 May 2016 00:02:44 +0200
-Subject: [PATCH] Address CVE-2016-0718 (/patch/ version 2.2.1)
-
-* Out of bounds memory access when doing text conversion on malformed input
-* Integer overflow related to memory allocation
-
-Reported by Gustavo Grieco
-
-Patch credits go to
-* Christian Heimes
-* Karl Waclawek
-* Gustavo Grieco
-* Sebastian Pipping
-* Pascal Cuoq
----
- expat/lib/xmlparse.c    |  34 +++++++++-----
- expat/lib/xmltok.c      | 115 +++++++++++++++++++++++++++++++++++-------------
- expat/lib/xmltok.h      |  10 ++++-
- expat/lib/xmltok_impl.c |  62 +++++++++++++-------------
- 4 files changed, 146 insertions(+), 75 deletions(-)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index e308c79..13e080d 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -2436,11 +2436,11 @@ doContent(XML_Parser parser,
-           for (;;) {
-             int bufSize;
-             int convLen;
--            XmlConvert(enc,
-+            const enum XML_Convert_Result convert_res = XmlConvert(enc,
-                        &fromPtr, rawNameEnd,
-                        (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1);
-             convLen = (int)(toPtr - (XML_Char *)tag->buf);
--            if (fromPtr == rawNameEnd) {
-+            if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
-               tag->name.strLen = convLen;
-               break;
-             }
-@@ -2661,11 +2661,11 @@ doContent(XML_Parser parser,
-           if (MUST_CONVERT(enc, s)) {
-             for (;;) {
-               ICHAR *dataPtr = (ICHAR *)dataBuf;
--              XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd);
-+              const enum XML_Convert_Result convert_res = XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd);
-               *eventEndPP = s;
-               charDataHandler(handlerArg, dataBuf,
-                               (int)(dataPtr - (ICHAR *)dataBuf));
--              if (s == next)
-+              if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE))
-                 break;
-               *eventPP = s;
-             }
-@@ -3269,11 +3269,11 @@ doCdataSection(XML_Parser parser,
-           if (MUST_CONVERT(enc, s)) {
-             for (;;) {
-               ICHAR *dataPtr = (ICHAR *)dataBuf;
--              XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd);
-+              const enum XML_Convert_Result convert_res = XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd);
-               *eventEndPP = next;
-               charDataHandler(handlerArg, dataBuf,
-                               (int)(dataPtr - (ICHAR *)dataBuf));
--              if (s == next)
-+              if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE))
-                 break;
-               *eventPP = s;
-             }
-@@ -5350,6 +5350,7 @@ reportDefault(XML_Parser parser, const ENCODING *enc,
-               const char *s, const char *end)
- {
-   if (MUST_CONVERT(enc, s)) {
-+    enum XML_Convert_Result convert_res;
-     const char **eventPP;
-     const char **eventEndPP;
-     if (enc == encoding) {
-@@ -5362,11 +5363,11 @@ reportDefault(XML_Parser parser, const ENCODING *enc,
-     }
-     do {
-       ICHAR *dataPtr = (ICHAR *)dataBuf;
--      XmlConvert(enc, &s, end, &dataPtr, (ICHAR *)dataBufEnd);
-+      convert_res = XmlConvert(enc, &s, end, &dataPtr, (ICHAR *)dataBufEnd);
-       *eventEndPP = s;
-       defaultHandler(handlerArg, dataBuf, (int)(dataPtr - (ICHAR *)dataBuf));
-       *eventPP = s;
--    } while (s != end);
-+    } while ((convert_res != XML_CONVERT_COMPLETED) && (convert_res != XML_CONVERT_INPUT_INCOMPLETE));
-   }
-   else
-     defaultHandler(handlerArg, (XML_Char *)s, (int)((XML_Char *)end - (XML_Char *)s));
-@@ -6169,8 +6170,8 @@ poolAppend(STRING_POOL *pool, const ENCODING *enc,
-   if (!pool->ptr && !poolGrow(pool))
-     return NULL;
-   for (;;) {
--    XmlConvert(enc, &ptr, end, (ICHAR **)&(pool->ptr), (ICHAR *)pool->end);
--    if (ptr == end)
-+    const enum XML_Convert_Result convert_res = XmlConvert(enc, &ptr, end, (ICHAR **)&(pool->ptr), (ICHAR *)pool->end);
-+    if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE))
-       break;
-     if (!poolGrow(pool))
-       return NULL;
-@@ -6254,8 +6255,13 @@ poolGrow(STRING_POOL *pool)
-     }
-   }
-   if (pool->blocks && pool->start == pool->blocks->s) {
--    int blockSize = (int)(pool->end - pool->start)*2;
--    BLOCK *temp = (BLOCK *)
-+    BLOCK *temp;
-+    int blockSize = (int)((unsigned)(pool->end - pool->start)*2U);
-+
-+    if (blockSize < 0)
-+      return XML_FALSE;
-+
-+    temp = (BLOCK *)
-       pool->mem->realloc_fcn(pool->blocks,
-                              (offsetof(BLOCK, s)
-                               + blockSize * sizeof(XML_Char)));
-@@ -6270,6 +6276,10 @@ poolGrow(STRING_POOL *pool)
-   else {
-     BLOCK *tem;
-     int blockSize = (int)(pool->end - pool->start);
-+
-+    if (blockSize < 0)
-+      return XML_FALSE;
-+
-     if (blockSize < INIT_BLOCK_SIZE)
-       blockSize = INIT_BLOCK_SIZE;
-     else
-diff --git a/lib/xmltok.c b/lib/xmltok.c
-index bf09dfc..cb98ce1 100644
---- a/lib/xmltok.c
-+++ b/lib/xmltok.c
-@@ -318,39 +318,55 @@ enum {  /* UTF8_cvalN is value of masked first byte of N byte sequence */
-   UTF8_cval4 = 0xf0
- };
- 
--static void PTRCALL
-+static enum XML_Convert_Result PTRCALL
- utf8_toUtf8(const ENCODING *enc,
-             const char **fromP, const char *fromLim,
-             char **toP, const char *toLim)
- {
-+  enum XML_Convert_Result res = XML_CONVERT_COMPLETED;
-   char *to;
-   const char *from;
-   if (fromLim - *fromP > toLim - *toP) {
-     /* Avoid copying partial characters. */
-+    res = XML_CONVERT_OUTPUT_EXHAUSTED;
-     for (fromLim = *fromP + (toLim - *toP); fromLim > *fromP; fromLim--)
-       if (((unsigned char)fromLim[-1] & 0xc0) != 0x80)
-         break;
-   }
--  for (to = *toP, from = *fromP; from != fromLim; from++, to++)
-+  for (to = *toP, from = *fromP; (from < fromLim) && (to < toLim); from++, to++)
-     *to = *from;
-   *fromP = from;
-   *toP = to;
-+
-+  if ((to == toLim) && (from < fromLim))
-+    return XML_CONVERT_OUTPUT_EXHAUSTED;
-+  else
-+    return res;
- }
- 
--static void PTRCALL
-+static enum XML_Convert_Result PTRCALL
- utf8_toUtf16(const ENCODING *enc,
-              const char **fromP, const char *fromLim,
-              unsigned short **toP, const unsigned short *toLim)
- {
-+  enum XML_Convert_Result res = XML_CONVERT_COMPLETED;
-   unsigned short *to = *toP;
-   const char *from = *fromP;
--  while (from != fromLim && to != toLim) {
-+  while (from < fromLim && to < toLim) {
-     switch (((struct normal_encoding *)enc)->type[(unsigned char)*from]) {
-     case BT_LEAD2:
-+      if (fromLim - from < 2) {
-+        res = XML_CONVERT_INPUT_INCOMPLETE;
-+        break;
-+      }
-       *to++ = (unsigned short)(((from[0] & 0x1f) << 6) | (from[1] & 0x3f));
-       from += 2;
-       break;
-     case BT_LEAD3:
-+      if (fromLim - from < 3) {
-+        res = XML_CONVERT_INPUT_INCOMPLETE;
-+        break;
-+      }
-       *to++ = (unsigned short)(((from[0] & 0xf) << 12)
-                                | ((from[1] & 0x3f) << 6) | (from[2] & 0x3f));
-       from += 3;
-@@ -358,8 +374,14 @@ utf8_toUtf16(const ENCODING *enc,
-     case BT_LEAD4:
-       {
-         unsigned long n;
--        if (to + 1 == toLim)
-+        if (toLim - to < 2) {
-+          res = XML_CONVERT_OUTPUT_EXHAUSTED;
-           goto after;
-+        }
-+        if (fromLim - from < 4) {
-+          res = XML_CONVERT_INPUT_INCOMPLETE;
-+          goto after;
-+        }
-         n = ((from[0] & 0x7) << 18) | ((from[1] & 0x3f) << 12)
-             | ((from[2] & 0x3f) << 6) | (from[3] & 0x3f);
-         n -= 0x10000;
-@@ -377,6 +399,7 @@ utf8_toUtf16(const ENCODING *enc,
- after:
-   *fromP = from;
-   *toP = to;
-+  return res;
- }
- 
- #ifdef XML_NS
-@@ -425,7 +448,7 @@ static const struct normal_encoding internal_utf8_encoding = {
-   STANDARD_VTABLE(sb_) NORMAL_VTABLE(utf8_)
- };
- 
--static void PTRCALL
-+static enum XML_Convert_Result PTRCALL
- latin1_toUtf8(const ENCODING *enc,
-               const char **fromP, const char *fromLim,
-               char **toP, const char *toLim)
-@@ -433,30 +456,35 @@ latin1_toUtf8(const ENCODING *enc,
-   for (;;) {
-     unsigned char c;
-     if (*fromP == fromLim)
--      break;
-+      return XML_CONVERT_COMPLETED;
-     c = (unsigned char)**fromP;
-     if (c & 0x80) {
-       if (toLim - *toP < 2)
--        break;
-+        return XML_CONVERT_OUTPUT_EXHAUSTED;
-       *(*toP)++ = (char)((c >> 6) | UTF8_cval2);
-       *(*toP)++ = (char)((c & 0x3f) | 0x80);
-       (*fromP)++;
-     }
-     else {
-       if (*toP == toLim)
--        break;
-+        return XML_CONVERT_OUTPUT_EXHAUSTED;
-       *(*toP)++ = *(*fromP)++;
-     }
-   }
- }
- 
--static void PTRCALL
-+static enum XML_Convert_Result PTRCALL
- latin1_toUtf16(const ENCODING *enc,
-                const char **fromP, const char *fromLim,
-                unsigned short **toP, const unsigned short *toLim)
- {
--  while (*fromP != fromLim && *toP != toLim)
-+  while (*fromP < fromLim && *toP < toLim)
-     *(*toP)++ = (unsigned char)*(*fromP)++;
-+
-+  if ((*toP == toLim) && (*fromP < fromLim))
-+    return XML_CONVERT_OUTPUT_EXHAUSTED;
-+  else
-+    return XML_CONVERT_COMPLETED;
- }
- 
- #ifdef XML_NS
-@@ -483,13 +511,18 @@ static const struct normal_encoding latin1_encoding = {
-   STANDARD_VTABLE(sb_)
- };
- 
--static void PTRCALL
-+static enum XML_Convert_Result PTRCALL
- ascii_toUtf8(const ENCODING *enc,
-              const char **fromP, const char *fromLim,
-              char **toP, const char *toLim)
- {
--  while (*fromP != fromLim && *toP != toLim)
-+  while (*fromP < fromLim && *toP < toLim)
-     *(*toP)++ = *(*fromP)++;
-+
-+  if ((*toP == toLim) && (*fromP < fromLim))
-+    return XML_CONVERT_OUTPUT_EXHAUSTED;
-+  else
-+    return XML_CONVERT_COMPLETED;
- }
- 
- #ifdef XML_NS
-@@ -536,13 +569,14 @@ unicode_byte_type(char hi, char lo)
- }
- 
- #define DEFINE_UTF16_TO_UTF8(E) \
--static void  PTRCALL \
-+static enum XML_Convert_Result  PTRCALL \
- E ## toUtf8(const ENCODING *enc, \
-             const char **fromP, const char *fromLim, \
-             char **toP, const char *toLim) \
- { \
--  const char *from; \
--  for (from = *fromP; from != fromLim; from += 2) { \
-+  const char *from = *fromP; \
-+  fromLim = from + (((fromLim - from) >> 1) << 1);  /* shrink to even */ \
-+  for (; from < fromLim; from += 2) { \
-     int plane; \
-     unsigned char lo2; \
-     unsigned char lo = GET_LO(from); \
-@@ -552,7 +586,7 @@ E ## toUtf8(const ENCODING *enc, \
-       if (lo < 0x80) { \
-         if (*toP == toLim) { \
-           *fromP = from; \
--          return; \
-+          return XML_CONVERT_OUTPUT_EXHAUSTED; \
-         } \
-         *(*toP)++ = lo; \
-         break; \
-@@ -562,7 +596,7 @@ E ## toUtf8(const ENCODING *enc, \
-     case 0x4: case 0x5: case 0x6: case 0x7: \
-       if (toLim -  *toP < 2) { \
-         *fromP = from; \
--        return; \
-+        return XML_CONVERT_OUTPUT_EXHAUSTED; \
-       } \
-       *(*toP)++ = ((lo >> 6) | (hi << 2) |  UTF8_cval2); \
-       *(*toP)++ = ((lo & 0x3f) | 0x80); \
-@@ -570,7 +604,7 @@ E ## toUtf8(const ENCODING *enc, \
-     default: \
-       if (toLim -  *toP < 3)  { \
-         *fromP = from; \
--        return; \
-+        return XML_CONVERT_OUTPUT_EXHAUSTED; \
-       } \
-       /* 16 bits divided 4, 6, 6 amongst 3 bytes */ \
-       *(*toP)++ = ((hi >> 4) | UTF8_cval3); \
-@@ -580,7 +614,11 @@ E ## toUtf8(const ENCODING *enc, \
-     case 0xD8: case 0xD9: case 0xDA: case 0xDB: \
-       if (toLim -  *toP < 4) { \
-         *fromP = from; \
--        return; \
-+        return XML_CONVERT_OUTPUT_EXHAUSTED; \
-+      } \
-+      if (fromLim - from < 4) { \
-+        *fromP = from; \
-+        return XML_CONVERT_INPUT_INCOMPLETE; \
-       } \
-       plane = (((hi & 0x3) << 2) | ((lo >> 6) & 0x3)) + 1; \
-       *(*toP)++ = ((plane >> 2) | UTF8_cval4); \
-@@ -596,20 +634,32 @@ E ## toUtf8(const ENCODING *enc, \
-     } \
-   } \
-   *fromP = from; \
-+  if (from < fromLim) \
-+    return XML_CONVERT_INPUT_INCOMPLETE; \
-+  else \
-+    return XML_CONVERT_COMPLETED; \
- }
- 
- #define DEFINE_UTF16_TO_UTF16(E) \
--static void  PTRCALL \
-+static enum XML_Convert_Result  PTRCALL \
- E ## toUtf16(const ENCODING *enc, \
-              const char **fromP, const char *fromLim, \
-              unsigned short **toP, const unsigned short *toLim) \
- { \
-+  enum XML_Convert_Result res = XML_CONVERT_COMPLETED; \
-+  fromLim = *fromP + (((fromLim - *fromP) >> 1) << 1);  /* shrink to even */ \
-   /* Avoid copying first half only of surrogate */ \
-   if (fromLim - *fromP > ((toLim - *toP) << 1) \
--      && (GET_HI(fromLim - 2) & 0xF8) == 0xD8) \
-+      && (GET_HI(fromLim - 2) & 0xF8) == 0xD8) { \
-     fromLim -= 2; \
--  for (; *fromP != fromLim && *toP != toLim; *fromP += 2) \
-+    res = XML_CONVERT_INPUT_INCOMPLETE; \
-+  } \
-+  for (; *fromP < fromLim && *toP < toLim; *fromP += 2) \
-     *(*toP)++ = (GET_HI(*fromP) << 8) | GET_LO(*fromP); \
-+  if ((*toP == toLim) && (*fromP < fromLim)) \
-+    return XML_CONVERT_OUTPUT_EXHAUSTED; \
-+  else \
-+    return res; \
- }
- 
- #define SET2(ptr, ch) \
-@@ -1288,7 +1338,7 @@ unknown_isInvalid(const ENCODING *enc, const char *p)
-   return (c & ~0xFFFF) || checkCharRefNumber(c) < 0;
- }
- 
--static void PTRCALL
-+static enum XML_Convert_Result PTRCALL
- unknown_toUtf8(const ENCODING *enc,
-                const char **fromP, const char *fromLim,
-                char **toP, const char *toLim)
-@@ -1299,21 +1349,21 @@ unknown_toUtf8(const ENCODING *enc,
-     const char *utf8;
-     int n;
-     if (*fromP == fromLim)
--      break;
-+      return XML_CONVERT_COMPLETED;
-     utf8 = uenc->utf8[(unsigned char)**fromP];
-     n = *utf8++;
-     if (n == 0) {
-       int c = uenc->convert(uenc->userData, *fromP);
-       n = XmlUtf8Encode(c, buf);
-       if (n > toLim - *toP)
--        break;
-+        return XML_CONVERT_OUTPUT_EXHAUSTED;
-       utf8 = buf;
-       *fromP += (AS_NORMAL_ENCODING(enc)->type[(unsigned char)**fromP]
-                  - (BT_LEAD2 - 2));
-     }
-     else {
-       if (n > toLim - *toP)
--        break;
-+        return XML_CONVERT_OUTPUT_EXHAUSTED;
-       (*fromP)++;
-     }
-     do {
-@@ -1322,13 +1372,13 @@ unknown_toUtf8(const ENCODING *enc,
-   }
- }
- 
--static void PTRCALL
-+static enum XML_Convert_Result PTRCALL
- unknown_toUtf16(const ENCODING *enc,
-                 const char **fromP, const char *fromLim,
-                 unsigned short **toP, const unsigned short *toLim)
- {
-   const struct unknown_encoding *uenc = AS_UNKNOWN_ENCODING(enc);
--  while (*fromP != fromLim && *toP != toLim) {
-+  while (*fromP < fromLim && *toP < toLim) {
-     unsigned short c = uenc->utf16[(unsigned char)**fromP];
-     if (c == 0) {
-       c = (unsigned short)
-@@ -1340,6 +1390,11 @@ unknown_toUtf16(const ENCODING *enc,
-       (*fromP)++;
-     *(*toP)++ = c;
-   }
-+
-+  if ((*toP == toLim) && (*fromP < fromLim))
-+    return XML_CONVERT_OUTPUT_EXHAUSTED;
-+  else
-+    return XML_CONVERT_COMPLETED;
- }
- 
- ENCODING *
-@@ -1503,7 +1558,7 @@ initScan(const ENCODING * const *encodingTable,
- {
-   const ENCODING **encPtr;
- 
--  if (ptr == end)
-+  if (ptr >= end)
-     return XML_TOK_NONE;
-   encPtr = enc->encPtr;
-   if (ptr + 1 == end) {
-diff --git a/lib/xmltok.h b/lib/xmltok.h
-index ca867aa..752007e 100644
---- a/lib/xmltok.h
-+++ b/lib/xmltok.h
-@@ -130,6 +130,12 @@ typedef int (PTRCALL *SCANNER)(const ENCODING *,
-                                const char *,
-                                const char **);
- 
-+enum XML_Convert_Result {
-+  XML_CONVERT_COMPLETED = 0,
-+  XML_CONVERT_INPUT_INCOMPLETE = 1,
-+  XML_CONVERT_OUTPUT_EXHAUSTED = 2  /* and therefore potentially input remaining as well */
-+};
-+
- struct encoding {
-   SCANNER scanners[XML_N_STATES];
-   SCANNER literalScanners[XML_N_LITERAL_TYPES];
-@@ -158,12 +164,12 @@ struct encoding {
-                             const char *ptr,
-                             const char *end,
-                             const char **badPtr);
--  void (PTRCALL *utf8Convert)(const ENCODING *enc,
-+  enum XML_Convert_Result (PTRCALL *utf8Convert)(const ENCODING *enc,
-                               const char **fromP,
-                               const char *fromLim,
-                               char **toP,
-                               const char *toLim);
--  void (PTRCALL *utf16Convert)(const ENCODING *enc,
-+  enum XML_Convert_Result (PTRCALL *utf16Convert)(const ENCODING *enc,
-                                const char **fromP,
-                                const char *fromLim,
-                                unsigned short **toP,
-diff --git a/lib/xmltok_impl.c b/lib/xmltok_impl.c
-index 9c2895b..6c5a3ba 100644
---- a/lib/xmltok_impl.c
-+++ b/lib/xmltok_impl.c
-@@ -93,13 +93,13 @@ static int PTRCALL
- PREFIX(scanComment)(const ENCODING *enc, const char *ptr,
-                     const char *end, const char **nextTokPtr)
- {
--  if (ptr != end) {
-+  if (ptr < end) {
-     if (!CHAR_MATCHES(enc, ptr, ASCII_MINUS)) {
-       *nextTokPtr = ptr;
-       return XML_TOK_INVALID;
-     }
-     ptr += MINBPC(enc);
--    while (ptr != end) {
-+    while (ptr < end) {
-       switch (BYTE_TYPE(enc, ptr)) {
-       INVALID_CASES(ptr, nextTokPtr)
-       case BT_MINUS:
-@@ -147,7 +147,7 @@ PREFIX(scanDecl)(const ENCODING *enc, const char *ptr,
-     *nextTokPtr = ptr;
-     return XML_TOK_INVALID;
-   }
--  while (ptr != end) {
-+  while (ptr < end) {
-     switch (BYTE_TYPE(enc, ptr)) {
-     case BT_PERCNT:
-       if (ptr + MINBPC(enc) == end)
-@@ -233,7 +233,7 @@ PREFIX(scanPi)(const ENCODING *enc, const char *ptr,
-     *nextTokPtr = ptr;
-     return XML_TOK_INVALID;
-   }
--  while (ptr != end) {
-+  while (ptr < end) {
-     switch (BYTE_TYPE(enc, ptr)) {
-     CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
-     case BT_S: case BT_CR: case BT_LF:
-@@ -242,7 +242,7 @@ PREFIX(scanPi)(const ENCODING *enc, const char *ptr,
-         return XML_TOK_INVALID;
-       }
-       ptr += MINBPC(enc);
--      while (ptr != end) {
-+      while (ptr < end) {
-         switch (BYTE_TYPE(enc, ptr)) {
-         INVALID_CASES(ptr, nextTokPtr)
-         case BT_QUEST:
-@@ -305,7 +305,7 @@ static int PTRCALL
- PREFIX(cdataSectionTok)(const ENCODING *enc, const char *ptr,
-                         const char *end, const char **nextTokPtr)
- {
--  if (ptr == end)
-+  if (ptr >= end)
-     return XML_TOK_NONE;
-   if (MINBPC(enc) > 1) {
-     size_t n = end - ptr;
-@@ -348,7 +348,7 @@ PREFIX(cdataSectionTok)(const ENCODING *enc, const char *ptr,
-     ptr += MINBPC(enc);
-     break;
-   }
--  while (ptr != end) {
-+  while (ptr < end) {
-     switch (BYTE_TYPE(enc, ptr)) {
- #define LEAD_CASE(n) \
-     case BT_LEAD ## n: \
-@@ -391,11 +391,11 @@ PREFIX(scanEndTag)(const ENCODING *enc, const char *ptr,
-     *nextTokPtr = ptr;
-     return XML_TOK_INVALID;
-   }
--  while (ptr != end) {
-+  while (ptr < end) {
-     switch (BYTE_TYPE(enc, ptr)) {
-     CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
-     case BT_S: case BT_CR: case BT_LF:
--      for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) {
-+      for (ptr += MINBPC(enc); ptr < end; ptr += MINBPC(enc)) {
-         switch (BYTE_TYPE(enc, ptr)) {
-         case BT_S: case BT_CR: case BT_LF:
-           break;
-@@ -432,7 +432,7 @@ static int PTRCALL
- PREFIX(scanHexCharRef)(const ENCODING *enc, const char *ptr,
-                        const char *end, const char **nextTokPtr)
- {
--  if (ptr != end) {
-+  if (ptr < end) {
-     switch (BYTE_TYPE(enc, ptr)) {
-     case BT_DIGIT:
-     case BT_HEX:
-@@ -441,7 +441,7 @@ PREFIX(scanHexCharRef)(const ENCODING *enc, const char *ptr,
-       *nextTokPtr = ptr;
-       return XML_TOK_INVALID;
-     }
--    for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) {
-+    for (ptr += MINBPC(enc); ptr < end; ptr += MINBPC(enc)) {
-       switch (BYTE_TYPE(enc, ptr)) {
-       case BT_DIGIT:
-       case BT_HEX:
-@@ -464,7 +464,7 @@ static int PTRCALL
- PREFIX(scanCharRef)(const ENCODING *enc, const char *ptr,
-                     const char *end, const char **nextTokPtr)
- {
--  if (ptr != end) {
-+  if (ptr < end) {
-     if (CHAR_MATCHES(enc, ptr, ASCII_x))
-       return PREFIX(scanHexCharRef)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-     switch (BYTE_TYPE(enc, ptr)) {
-@@ -474,7 +474,7 @@ PREFIX(scanCharRef)(const ENCODING *enc, const char *ptr,
-       *nextTokPtr = ptr;
-       return XML_TOK_INVALID;
-     }
--    for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) {
-+    for (ptr += MINBPC(enc); ptr < end; ptr += MINBPC(enc)) {
-       switch (BYTE_TYPE(enc, ptr)) {
-       case BT_DIGIT:
-         break;
-@@ -506,7 +506,7 @@ PREFIX(scanRef)(const ENCODING *enc, const char *ptr, const char *end,
-     *nextTokPtr = ptr;
-     return XML_TOK_INVALID;
-   }
--  while (ptr != end) {
-+  while (ptr < end) {
-     switch (BYTE_TYPE(enc, ptr)) {
-     CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
-     case BT_SEMI:
-@@ -529,7 +529,7 @@ PREFIX(scanAtts)(const ENCODING *enc, const char *ptr, const char *end,
- #ifdef XML_NS
-   int hadColon = 0;
- #endif
--  while (ptr != end) {
-+  while (ptr < end) {
-     switch (BYTE_TYPE(enc, ptr)) {
-     CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
- #ifdef XML_NS
-@@ -716,7 +716,7 @@ PREFIX(scanLt)(const ENCODING *enc, const char *ptr, const char *end,
-   hadColon = 0;
- #endif
-   /* we have a start-tag */
--  while (ptr != end) {
-+  while (ptr < end) {
-     switch (BYTE_TYPE(enc, ptr)) {
-     CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
- #ifdef XML_NS
-@@ -740,7 +740,7 @@ PREFIX(scanLt)(const ENCODING *enc, const char *ptr, const char *end,
-     case BT_S: case BT_CR: case BT_LF:
-       {
-         ptr += MINBPC(enc);
--        while (ptr != end) {
-+        while (ptr < end) {
-           switch (BYTE_TYPE(enc, ptr)) {
-           CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)
-           case BT_GT:
-@@ -785,7 +785,7 @@ static int PTRCALL
- PREFIX(contentTok)(const ENCODING *enc, const char *ptr, const char *end,
-                    const char **nextTokPtr)
- {
--  if (ptr == end)
-+  if (ptr >= end)
-     return XML_TOK_NONE;
-   if (MINBPC(enc) > 1) {
-     size_t n = end - ptr;
-@@ -832,7 +832,7 @@ PREFIX(contentTok)(const ENCODING *enc, const char *ptr, const char *end,
-     ptr += MINBPC(enc);
-     break;
-   }
--  while (ptr != end) {
-+  while (ptr < end) {
-     switch (BYTE_TYPE(enc, ptr)) {
- #define LEAD_CASE(n) \
-     case BT_LEAD ## n: \
-@@ -895,7 +895,7 @@ PREFIX(scanPercent)(const ENCODING *enc, const char *ptr, const char *end,
-     *nextTokPtr = ptr;
-     return XML_TOK_INVALID;
-   }
--  while (ptr != end) {
-+  while (ptr < end) {
-     switch (BYTE_TYPE(enc, ptr)) {
-     CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
-     case BT_SEMI:
-@@ -921,7 +921,7 @@ PREFIX(scanPoundName)(const ENCODING *enc, const char *ptr, const char *end,
-     *nextTokPtr = ptr;
-     return XML_TOK_INVALID;
-   }
--  while (ptr != end) {
-+  while (ptr < end) {
-     switch (BYTE_TYPE(enc, ptr)) {
-     CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
-     case BT_CR: case BT_LF: case BT_S:
-@@ -941,7 +941,7 @@ PREFIX(scanLit)(int open, const ENCODING *enc,
-                 const char *ptr, const char *end,
-                 const char **nextTokPtr)
- {
--  while (ptr != end) {
-+  while (ptr < end) {
-     int t = BYTE_TYPE(enc, ptr);
-     switch (t) {
-     INVALID_CASES(ptr, nextTokPtr)
-@@ -973,7 +973,7 @@ PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end,
-                   const char **nextTokPtr)
- {
-   int tok;
--  if (ptr == end)
-+  if (ptr >= end)
-     return XML_TOK_NONE;
-   if (MINBPC(enc) > 1) {
-     size_t n = end - ptr;
-@@ -1141,7 +1141,7 @@ PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end,
-     *nextTokPtr = ptr;
-     return XML_TOK_INVALID;
-   }
--  while (ptr != end) {
-+  while (ptr < end) {
-     switch (BYTE_TYPE(enc, ptr)) {
-     CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
-     case BT_GT: case BT_RPAR: case BT_COMMA:
-@@ -1204,10 +1204,10 @@ PREFIX(attributeValueTok)(const ENCODING *enc, const char *ptr,
-                           const char *end, const char **nextTokPtr)
- {
-   const char *start;
--  if (ptr == end)
-+  if (ptr >= end)
-     return XML_TOK_NONE;
-   start = ptr;
--  while (ptr != end) {
-+  while (ptr < end) {
-     switch (BYTE_TYPE(enc, ptr)) {
- #define LEAD_CASE(n) \
-     case BT_LEAD ## n: ptr += n; break;
-@@ -1262,10 +1262,10 @@ PREFIX(entityValueTok)(const ENCODING *enc, const char *ptr,
-                        const char *end, const char **nextTokPtr)
- {
-   const char *start;
--  if (ptr == end)
-+  if (ptr >= end)
-     return XML_TOK_NONE;
-   start = ptr;
--  while (ptr != end) {
-+  while (ptr < end) {
-     switch (BYTE_TYPE(enc, ptr)) {
- #define LEAD_CASE(n) \
-     case BT_LEAD ## n: ptr += n; break;
-@@ -1326,7 +1326,7 @@ PREFIX(ignoreSectionTok)(const ENCODING *enc, const char *ptr,
-       end = ptr + n;
-     }
-   }
--  while (ptr != end) {
-+  while (ptr < end) {
-     switch (BYTE_TYPE(enc, ptr)) {
-     INVALID_CASES(ptr, nextTokPtr)
-     case BT_LT:
-@@ -1373,7 +1373,7 @@ PREFIX(isPublicId)(const ENCODING *enc, const char *ptr, const char *end,
- {
-   ptr += MINBPC(enc);
-   end -= MINBPC(enc);
--  for (; ptr != end; ptr += MINBPC(enc)) {
-+  for (; ptr < end; ptr += MINBPC(enc)) {
-     switch (BYTE_TYPE(enc, ptr)) {
-     case BT_DIGIT:
-     case BT_HEX:
-@@ -1760,7 +1760,7 @@ PREFIX(updatePosition)(const ENCODING *enc,
-     case BT_CR:
-       pos->lineNumber++;
-       ptr += MINBPC(enc);
--      if (ptr != end && BYTE_TYPE(enc, ptr) == BT_LF)
-+      if (ptr < end && BYTE_TYPE(enc, ptr) == BT_LF)
-         ptr += MINBPC(enc);
-       pos->columnNumber = (XML_Size)-1;
-       break;
--- 
-2.8.2
-
diff --git a/gnu/packages/patches/flex-CVE-2016-6354.patch b/gnu/packages/patches/flex-CVE-2016-6354.patch
new file mode 100644
index 0000000000..1f3cb028d4
--- /dev/null
+++ b/gnu/packages/patches/flex-CVE-2016-6354.patch
@@ -0,0 +1,30 @@
+Fix CVE-2016-6354 (Buffer overflow in generated code (yy_get_next_buffer).
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354
+https://security-tracker.debian.org/tracker/CVE-2016-6354
+
+Patch copied from upstream source repository:
+https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466
+
+From a5cbe929ac3255d371e698f62dc256afe7006466 Mon Sep 17 00:00:00 2001
+From: Will Estes <westes575@gmail.com>
+Date: Sat, 27 Feb 2016 11:56:05 -0500
+Subject: [PATCH] Fixed incorrect integer type
+
+---
+ src/flex.skl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/flex.skl b/src/flex.skl
+index 36a526a..64f853d 100644
+--- a/src/flex.skl
++++ b/src/flex.skl
+@@ -1703,7 +1703,7 @@ int yyFlexLexer::yy_get_next_buffer()
+ 
+ 	else
+ 		{
+-			yy_size_t num_to_read =
++			int num_to_read =
+ 			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
+ 
+ 		while ( num_to_read <= 0 )
diff --git a/gnu/packages/patches/fontconfig-CVE-2016-5384.patch b/gnu/packages/patches/fontconfig-CVE-2016-5384.patch
deleted file mode 100644
index 617d5afbaf..0000000000
--- a/gnu/packages/patches/fontconfig-CVE-2016-5384.patch
+++ /dev/null
@@ -1,170 +0,0 @@
-Fix CVE-2016-5384 (double-free resulting in arbitrary code execution):
-
-<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5384>
-
-Copied from upstream code repository:
-
-<https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940>
-
-From 7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Sat, 25 Jun 2016 19:18:53 +0200
-Subject: Properly validate offsets in cache files.
-
-The cache files are insufficiently validated. Even though the magic
-number at the beginning of the file as well as time stamps are checked,
-it is not verified if contained offsets are in legal ranges or are
-even pointers.
-
-The lack of validation allows an attacker to trigger arbitrary free()
-calls, which in turn allows double free attacks and therefore arbitrary
-code execution. Due to the conversion from offsets into pointers through
-macros, this even allows to circumvent ASLR protections.
-
-This attack vector allows privilege escalation when used with setuid
-binaries like fbterm. A user can create ~/.fonts or any other
-system-defined user-private font directory, run fc-cache and adjust
-cache files in ~/.cache/fontconfig. The execution of setuid binaries will
-scan these files and therefore are prone to attacks.
-
-If it's not about code execution, an endless loop can be created by
-letting linked lists become circular linked lists.
-
-This patch verifies that:
-
-- The file is not larger than the maximum addressable space, which
-  basically only affects 32 bit systems. This allows out of boundary
-  access into unallocated memory.
-- Offsets are always positive or zero
-- Offsets do not point outside file boundaries
-- No pointers are allowed in cache files, every "pointer or offset"
-  field must be an offset or NULL
-- Iterating linked lists must not take longer than the amount of elements
-  specified. A violation of this rule can break a possible endless loop.
-
-If one or more of these points are violated, the cache is recreated.
-This is current behaviour.
-
-Even though this patch fixes many issues, the use of mmap() shall be
-forbidden in setuid binaries. It is impossible to guarantee with these
-checks that a malicious user does not change cache files after
-verification. This should be handled in a different patch.
-
-Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
-
-diff --git a/src/fccache.c b/src/fccache.c
-index 71e8f03..02ec301 100644
---- a/src/fccache.c
-+++ b/src/fccache.c
-@@ -27,6 +27,7 @@
- #include <fcntl.h>
- #include <dirent.h>
- #include <string.h>
-+#include <limits.h>
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <assert.h>
-@@ -587,6 +588,82 @@ FcCacheTimeValid (FcConfig *config, FcCache *cache, struct stat *dir_stat)
-     return cache->checksum == (int) dir_stat->st_mtime && fnano;
- }
- 
-+static FcBool
-+FcCacheOffsetsValid (FcCache *cache)
-+{
-+    char		*base = (char *)cache;
-+    char		*end = base + cache->size;
-+    intptr_t		*dirs;
-+    FcFontSet		*fs;
-+    int			 i, j;
-+
-+    if (cache->dir < 0 || cache->dir > cache->size - sizeof (intptr_t) ||
-+        memchr (base + cache->dir, '\0', cache->size - cache->dir) == NULL)
-+        return FcFalse;
-+
-+    if (cache->dirs < 0 || cache->dirs >= cache->size ||
-+        cache->dirs_count < 0 ||
-+        cache->dirs_count > (cache->size - cache->dirs) / sizeof (intptr_t))
-+        return FcFalse;
-+
-+    dirs = FcCacheDirs (cache);
-+    if (dirs)
-+    {
-+        for (i = 0; i < cache->dirs_count; i++)
-+        {
-+            FcChar8	*dir;
-+
-+            if (dirs[i] < 0 ||
-+                dirs[i] > end - (char *) dirs - sizeof (intptr_t))
-+                return FcFalse;
-+
-+            dir = FcOffsetToPtr (dirs, dirs[i], FcChar8);
-+            if (memchr (dir, '\0', end - (char *) dir) == NULL)
-+                return FcFalse;
-+         }
-+    }
-+
-+    if (cache->set < 0 || cache->set > cache->size - sizeof (FcFontSet))
-+        return FcFalse;
-+
-+    fs = FcCacheSet (cache);
-+    if (fs)
-+    {
-+        if (fs->nfont > (end - (char *) fs) / sizeof (FcPattern))
-+            return FcFalse;
-+
-+        if (fs->fonts != 0 && !FcIsEncodedOffset(fs->fonts))
-+            return FcFalse;
-+
-+        for (i = 0; i < fs->nfont; i++)
-+        {
-+            FcPattern		*font = FcFontSetFont (fs, i);
-+            FcPatternElt	*e;
-+            FcValueListPtr	 l;
-+
-+            if ((char *) font < base ||
-+                (char *) font > end - sizeof (FcFontSet) ||
-+                font->elts_offset < 0 ||
-+                font->elts_offset > end - (char *) font ||
-+                font->num > (end - (char *) font - font->elts_offset) / sizeof (FcPatternElt))
-+                return FcFalse;
-+
-+
-+            e = FcPatternElts(font);
-+            if (e->values != 0 && !FcIsEncodedOffset(e->values))
-+                return FcFalse;
-+
-+            for (j = font->num, l = FcPatternEltValues(e); j >= 0 && l; j--, l = FcValueListNext(l))
-+                if (l->next != NULL && !FcIsEncodedOffset(l->next))
-+                    break;
-+            if (j < 0)
-+                return FcFalse;
-+        }
-+    }
-+
-+    return FcTrue;
-+}
-+
- /*
-  * Map a cache file into memory
-  */
-@@ -596,7 +673,8 @@ FcDirCacheMapFd (FcConfig *config, int fd, struct stat *fd_stat, struct stat *di
-     FcCache	*cache;
-     FcBool	allocated = FcFalse;
- 
--    if (fd_stat->st_size < (int) sizeof (FcCache))
-+    if (fd_stat->st_size > INTPTR_MAX ||
-+        fd_stat->st_size < (int) sizeof (FcCache))
- 	return NULL;
-     cache = FcCacheFindByStat (fd_stat);
-     if (cache)
-@@ -652,6 +730,7 @@ FcDirCacheMapFd (FcConfig *config, int fd, struct stat *fd_stat, struct stat *di
-     if (cache->magic != FC_CACHE_MAGIC_MMAP ||
- 	cache->version < FC_CACHE_VERSION_NUMBER ||
- 	cache->size != (intptr_t) fd_stat->st_size ||
-+        !FcCacheOffsetsValid (cache) ||
- 	!FcCacheTimeValid (config, cache, dir_stat) ||
- 	!FcCacheInsert (cache, fd_stat))
-     {
--- 
-cgit v0.10.2
-
diff --git a/gnu/packages/patches/gawk-fts-test.patch b/gnu/packages/patches/gawk-fts-test.patch
deleted file mode 100644
index de1f5c431c..0000000000
--- a/gnu/packages/patches/gawk-fts-test.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-This is upstream commit c9a018c.  We have observed random failures of
-this test on i686 that seem related to load.
-
-2015-05-21         Arnold D. Robbins     <arnold@skeeve.com>
-
-	* fts.awk: Really remove atime from the output. 
-	This avoids spurious failures on heavily loaded systems.
-
-diff --git a/test/fts.awk b/test/fts.awk
-index b1df060..dea5b68 100644
---- a/test/fts.awk
-+++ b/test/fts.awk
-@@ -50,6 +50,11 @@ function sort_traverse(data,	sorted, i)
- {
- 	asorti(data, sorted)
- 	for (i = 1; i in sorted; i++) {
-+		# 5/2015: skip for atime, since there can
-+		# occasionally be small differences.
-+		if (sorted[i] == "atime")
-+			continue
-+
- 		indent()
- 		printf("%s --> %s\n", sorted[i], data[sorted[i]]) > output
- 	}
-@@ -63,17 +68,20 @@ function traverse(data,         i)
- 			printf("%s:\n", i) > output
- 
- 			Level++
--			if (("mtime" in data[i]) && ! isarray(data[i][mtime])) {
-+			if (("mtime" in data[i]) && ! isarray(data[i]["mtime"])) {
- 				sort_traverse(data[i])
- 			} else {
- 				traverse(data[i])
- 			}
- 			Level--
--		} else if (data[i] != "atime") {
--			# 4/2015: skip for atime, since there can
--			# occasionally be small differences.
--			indent()
--			printf("%s --> %s\n", i, data[i]) > output
-+#		} else {
-+#			JUNK = 1
-+#			if (i != "atime") {
-+#				# 4/2015: skip for atime, since there can
-+#				# occasionally be small differences.
-+#				indent()
-+#				printf("%s --> %s\n", i, data[i]) > output
-+#			}
- 		}
- 	}
- }
diff --git a/gnu/packages/patches/gcc-arm-bug-71399.patch b/gnu/packages/patches/gcc-arm-bug-71399.patch
new file mode 100644
index 0000000000..6f04fece0e
--- /dev/null
+++ b/gnu/packages/patches/gcc-arm-bug-71399.patch
@@ -0,0 +1,55 @@
+Revert the following commit to work around a bootstrap comparison failure on
+ARMv7, as reported at <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71399>.
+
+commit f6ab85b7049a03962ea98924d00802da357a1ad3
+Author: renlin <renlin@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date:   Wed Dec 2 14:06:31 2015 +0000
+
+    [PR67383][ARM][4.9]Backport of "Allow any register for DImode values in Thumb2"
+    
+    This partially fix PR67383. It allows the reload more flexibility to choose
+    spilling pseudo registers.
+    
+    
+    gcc/ChangeLog:
+    
+    2015-12-02  Renlin Li  <renlin.li@arm.com>
+    
+            Backport from mainline.
+            2014-04-22  Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>
+    
+            * config/arm/arm.c (arm_hard_regno_mode_ok): Loosen
+            restrictions on core registers for DImode values in Thumb2.
+    
+    
+    git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-4_9-branch@231177 138bc75d-0d04-0410-961f-82ee72b054a4
+
+diff --git a/gcc/config/arm/arm.c b/gcc/config/arm/arm.c
+index 8ba6060..d9028a1 100644
+--- b/gcc/config/arm/arm.c
++++ a/gcc/config/arm/arm.c
+@@ -22624,19 +22624,12 @@
+     }
+ 
+   /* We allow almost any value to be stored in the general registers.
+-     Restrict doubleword quantities to even register pairs in ARM state
+-     so that we can use ldrd.  Do not allow very large Neon structure
+-     opaque modes in general registers; they would use too many.  */
++     Restrict doubleword quantities to even register pairs so that we can
++     use ldrd.  Do not allow very large Neon structure opaque modes in
++     general registers; they would use too many.  */
+   if (regno <= LAST_ARM_REGNUM)
+-    {
+-      if (ARM_NUM_REGS (mode) > 4)
+-	  return FALSE;
+-
+-      if (TARGET_THUMB2)
+-	return TRUE;
+-
+-      return !(TARGET_LDRD && GET_MODE_SIZE (mode) > 4 && (regno & 1) != 0);
+-    }
++    return !(TARGET_LDRD && GET_MODE_SIZE (mode) > 4 && (regno & 1) != 0)
++      && ARM_NUM_REGS (mode) <= 4;
+ 
+   if (regno == FRAME_POINTER_REGNUM
+       || regno == ARG_POINTER_REGNUM)
diff --git a/gnu/packages/patches/guile-relocatable.patch b/gnu/packages/patches/guile-relocatable.patch
index 077394cdde..2431495f24 100644
--- a/gnu/packages/patches/guile-relocatable.patch
+++ b/gnu/packages/patches/guile-relocatable.patch
@@ -1,8 +1,6 @@
 This patch changes Guile to use a default search path relative to the
 location of the `guile' binary, allowing it to be relocated.
 
-diff --git a/libguile/load.c b/libguile/load.c
-index af2ca45..19dd338 100644
 --- a/libguile/load.c
 +++ b/libguile/load.c
 @@ -26,6 +26,7 @@
@@ -12,8 +10,8 @@ index af2ca45..19dd338 100644
 +#include <libgen.h>
  
  #include "libguile/_scm.h"
- #include "libguile/private-gc.h" /* scm_getenv_int */
-@@ -255,6 +256,32 @@ scm_init_load_path ()
+ #include "libguile/alist.h"
+@@ -325,6 +326,32 @@
    SCM cpath = SCM_EOL;
  
  #ifdef SCM_LIBRARY_DIR
@@ -43,10 +41,10 @@ index af2ca45..19dd338 100644
 +  strcpy (ccache_dir, prefix);
 +  strcat (ccache_dir, "/lib/guile/2.0/ccache");
 +
-   env = getenv ("GUILE_SYSTEM_PATH");
+   env = scm_i_mirror_backslashes (getenv ("GUILE_SYSTEM_PATH"));
    if (env && strcmp (env, "") == 0)
      /* special-case interpret system-path=="" as meaning no system path instead
-@@ -263,10 +290,7 @@ scm_init_load_path ()
+@@ -333,10 +360,7 @@
    else if (env)
      path = scm_parse_path (scm_from_locale_string (env), path);
    else
@@ -56,9 +54,9 @@ index af2ca45..19dd338 100644
 -                       scm_from_locale_string (SCM_PKGDATA_DIR));
 +    path = scm_list_1 (scm_from_locale_string (module_dir));
  
-   env = getenv ("GUILE_SYSTEM_COMPILED_PATH");
+   env = scm_i_mirror_backslashes (getenv ("GUILE_SYSTEM_COMPILED_PATH"));
    if (env && strcmp (env, "") == 0)
-@@ -276,8 +300,7 @@ scm_init_load_path ()
+@@ -346,8 +370,7 @@
      cpath = scm_parse_path (scm_from_locale_string (env), cpath);
    else
      {
diff --git a/gnu/packages/patches/linux-pam-no-setfsuid.patch b/gnu/packages/patches/linux-pam-no-setfsuid.patch
new file mode 100644
index 0000000000..f92fbc057a
--- /dev/null
+++ b/gnu/packages/patches/linux-pam-no-setfsuid.patch
@@ -0,0 +1,75 @@
+On systems without 'setfsuid', use 'setreuid' instead.
+
+The patch originates from the Debian project for GNU/Hurd.
+Authors: Steve Langasek <vorlon@debian.org>
+Upstream status: A ticket was opened to request apply the patch,
+ticket: 'https://fedorahosted.org/linux-pam/ticket/64'.
+
+--- Linux-PAM-1.2.1/libpam/pam_modutil_priv.c	2015-03-24 06:02:32.000000000 -0600
++++ pam_modutil_priv-mod.c	2016-09-20 13:36:53.150663205 -0500
+@@ -14,7 +14,9 @@
+ #include <syslog.h>
+ #include <pwd.h>
+ #include <grp.h>
++#ifdef HAVE_SYS_FSUID_H
+ #include <sys/fsuid.h>
++#endif /* HAVE_SYS_FSUID_H */
+ 
+ /*
+  * Two setfsuid() calls in a row are necessary to check
+@@ -22,17 +24,55 @@
+  */
+ static int change_uid(uid_t uid, uid_t *save)
+ {
++#ifdef HAVE_SYS_FSUID_H
+ 	uid_t tmp = setfsuid(uid);
+ 	if (save)
+ 		*save = tmp;
+ 	return (uid_t) setfsuid(uid) == uid ? 0 : -1;
++#else
++	uid_t euid = geteuid();
++	uid_t ruid = getuid();
++	if (save)
++		*save = ruid;
++	if (ruid == uid && uid != 0)
++		if (setreuid(euid, uid))
++			return -1;
++	else {
++		setreuid(0, -1);
++		if (setreuid(-1, uid)) {
++			setreuid(-1, 0);
++			setreuid(0, -1);
++			if (setreuid(-1, uid))
++				return -1;
++		}
++	}
++#endif
+ }
+ static int change_gid(gid_t gid, gid_t *save)
+ {
++#ifdef HAVE_SYS_FSUID_H
+ 	gid_t tmp = setfsgid(gid);
+ 	if (save)
+ 		*save = tmp;
+ 	return (gid_t) setfsgid(gid) == gid ? 0 : -1;
++#else
++	gid_t egid = getegid();
++	gid_t rgid = getgid();
++	if (save)
++		*save = rgid;
++	if (rgid == gid)
++		if (setregid(egid, gid))
++			return -1;
++	else {
++		setregid(0, -1);
++		if (setregid(-1, gid)) {
++			setregid(-1, 0);
++			setregid(0, -1);
++			if (setregid(-1, gid))
++				return -1;
++		}
++	}
++#endif
+ }
+ 
+ static int cleanup(struct pam_modutil_privs *p)
diff --git a/gnu/packages/patches/perl-CVE-2015-8607.patch b/gnu/packages/patches/perl-CVE-2015-8607.patch
deleted file mode 100644
index 4c25d41740..0000000000
--- a/gnu/packages/patches/perl-CVE-2015-8607.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 3a629609084d147838368262171b923f0770e564 Mon Sep 17 00:00:00 2001
-From: Tony Cook <tony@develop-help.com>
-Date: Tue, 15 Dec 2015 10:56:54 +1100
-Subject: ensure File::Spec::canonpath() preserves taint
-
-Previously the unix specific XS implementation of canonpath() would
-return an untainted path when supplied a tainted path.
-
-For the empty string case, newSVpvs() already sets taint as needed on
-its result.
-
-This issue was assigned CVE-2015-8607.
-
-Bug: https://rt.perl.org/Ticket/Display.html?id=126862
-Bug-Debian: https://bugs.debian.org/810719
-Origin: upstream
-Patch-Name: fixes/CVE-2015-8607_file_spec_taint_fix.diff
----
- dist/PathTools/Cwd.xs    |  1 +
- dist/PathTools/t/taint.t | 19 ++++++++++++++++++-
- 2 files changed, 19 insertions(+), 1 deletion(-)
-
-diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs
-index 9d4dcf0..3d018dc 100644
---- a/dist/PathTools/Cwd.xs
-+++ b/dist/PathTools/Cwd.xs
-@@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path)
-     *o = 0;
-     SvPOK_on(retval);
-     SvCUR_set(retval, o - SvPVX(retval));
-+    SvTAINT(retval);
-     return retval;
- }
- 
-diff --git a/dist/PathTools/t/taint.t b/dist/PathTools/t/taint.t
-index 309b3e5..48f8c5b 100644
---- a/dist/PathTools/t/taint.t
-+++ b/dist/PathTools/t/taint.t
-@@ -12,7 +12,7 @@ use Test::More;
- BEGIN {
-     plan(
-         ${^TAINT}
--        ? (tests => 17)
-+        ? (tests => 21)
-         : (skip_all => "A perl without taint support")
-     );
- }
-@@ -34,3 +34,20 @@ foreach my $func (@Functions) {
- 
- # Previous versions of Cwd tainted $^O
- is !tainted($^O), 1, "\$^O should not be tainted";
-+
-+{
-+    # [perl #126862] canonpath() loses taint
-+    my $tainted = substr($ENV{PATH}, 0, 0);
-+    # yes, getcwd()'s result should be tainted, and is tested above
-+    # but be sure
-+    ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)),
-+        "canonpath() keeps taint on non-empty string";
-+    ok tainted(File::Spec->canonpath($tainted)),
-+        "canonpath() keeps taint on empty string";
-+
-+    (Cwd::getcwd() =~ /^(.*)/);
-+    my $untainted = $1;
-+    ok !tainted($untainted), "make sure our untainted value is untainted";
-+    ok !tainted(File::Spec->canonpath($untainted)),
-+        "canonpath() doesn't add taint to untainted string";
-+}
diff --git a/gnu/packages/patches/perl-CVE-2016-2381.patch b/gnu/packages/patches/perl-CVE-2016-2381.patch
deleted file mode 100644
index 99d1944a5d..0000000000
--- a/gnu/packages/patches/perl-CVE-2016-2381.patch
+++ /dev/null
@@ -1,116 +0,0 @@
-Fix CVE-2016-2381 (ambiguous handling of duplicated environment variables).
-
-Copied from upstream:
-http://perl5.git.perl.org/perl.git/commit/ae37b791a73a9e78dedb89fb2429d2628cf58076
-
-References:
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2381
-http://www.nntp.perl.org/group/perl.perl5.porters/2016/03/msg234747.html
-https://security-tracker.debian.org/tracker/CVE-2016-2381
-
----
-
-From 1237ea93fb2475a5ae576d5ee1358a5bb4ebe426 Mon Sep 17 00:00:00 2001
-From: Tony Cook <tony@develop-help.com>
-Date: Wed, 27 Jan 2016 11:52:15 +1100
-Subject: remove duplicate environment variables from environ
-
-If we see duplicate environment variables while iterating over
-environ[]:
-
-a) make sure we use the same value in %ENV that getenv() returns.
-
-Previously on a duplicate, %ENV would have the last entry for the name
-from environ[], but a typical getenv() would return the first entry.
-
-Rather than assuming all getenv() implementations return the first entry
-explicitly call getenv() to ensure they agree.
-
-b) remove duplicate entries from environ
-
-Previously if there was a duplicate definition for a name in environ[]
-setting that name in %ENV could result in an unsafe value being passed
-to a child process, so ensure environ[] has no duplicates.
-
-Patch-Name: fixes/CVE-2016-2381_duplicate_env.diff
----
- perl.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 49 insertions(+), 2 deletions(-)
-
-diff --git a/perl.c b/perl.c
-index 67d32ce..26aeb91 100644
---- a/perl.c
-+++ b/perl.c
-@@ -4277,23 +4277,70 @@ S_init_postdump_symbols(pTHX_ int argc, char **argv, char **env)
- 	}
- 	if (env) {
- 	  char *s, *old_var;
-+          STRLEN nlen;
- 	  SV *sv;
-+          HV *dups = newHV();
-+
- 	  for (; *env; env++) {
- 	    old_var = *env;
- 
- 	    if (!(s = strchr(old_var,'=')) || s == old_var)
- 		continue;
-+            nlen = s - old_var;
- 
- #if defined(MSDOS) && !defined(DJGPP)
- 	    *s = '\0';
- 	    (void)strupr(old_var);
- 	    *s = '=';
- #endif
--	    sv = newSVpv(s+1, 0);
--	    (void)hv_store(hv, old_var, s - old_var, sv, 0);
-+            if (hv_exists(hv, old_var, nlen)) {
-+                const char *name = savepvn(old_var, nlen);
-+
-+                /* make sure we use the same value as getenv(), otherwise code that
-+                   uses getenv() (like setlocale()) might see a different value to %ENV
-+                 */
-+                sv = newSVpv(PerlEnv_getenv(name), 0);
-+
-+                /* keep a count of the dups of this name so we can de-dup environ later */
-+                if (hv_exists(dups, name, nlen))
-+                    ++SvIVX(*hv_fetch(dups, name, nlen, 0));
-+                else
-+                    (void)hv_store(dups, name, nlen, newSViv(1), 0);
-+
-+                Safefree(name);
-+            }
-+            else {
-+                sv = newSVpv(s+1, 0);
-+            }
-+	    (void)hv_store(hv, old_var, nlen, sv, 0);
- 	    if (env_is_not_environ)
- 	        mg_set(sv);
- 	  }
-+          if (HvKEYS(dups)) {
-+              /* environ has some duplicate definitions, remove them */
-+              HE *entry;
-+              hv_iterinit(dups);
-+              while ((entry = hv_iternext_flags(dups, 0))) {
-+                  STRLEN nlen;
-+                  const char *name = HePV(entry, nlen);
-+                  IV count = SvIV(HeVAL(entry));
-+                  IV i;
-+                  SV **valp = hv_fetch(hv, name, nlen, 0);
-+
-+                  assert(valp);
-+
-+                  /* try to remove any duplicate names, depending on the
-+                   * implementation used in my_setenv() the iteration might
-+                   * not be necessary, but let's be safe.
-+                   */
-+                  for (i = 0; i < count; ++i)
-+                      my_setenv(name, 0);
-+
-+                  /* and set it back to the value we set $ENV{name} to */
-+                  my_setenv(name, SvPV_nolen(*valp));
-+              }
-+          }
-+          SvREFCNT_dec_NN(dups);
-       }
- #endif /* USE_ENVIRON_ARRAY */
- #endif /* !PERL_MICRO */
diff --git a/gnu/packages/patches/perl-no-build-time.patch b/gnu/packages/patches/perl-no-build-time.patch
deleted file mode 100644
index 5d78e8f462..0000000000
--- a/gnu/packages/patches/perl-no-build-time.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Do not record the configuration and build time so that builds can be
-reproduced bit-for-bit.
-
---- perl-5.22.0/Configure	1970-01-01 01:00:00.000000000 +0100
-+++ perl-5.22.0/Configure	2015-12-13 00:14:43.148165080 +0100
-@@ -3834,6 +3817,7 @@ esac
- 
- : who configured the system
- cf_time=`LC_ALL=C; LANGUAGE=C; export LC_ALL; export LANGUAGE; $date 2>&1`
-+cf_time='Thu Jan  1 00:00:01 UTC 1970'
- case "$cf_by" in
- "")
- 	cf_by=`(logname) 2>/dev/null`
-
---- perl-5.22.0/perl.c	2015-12-13 00:25:30.269156627 +0100
-+++ perl-5.22.0/perl.c	2015-12-13 00:25:38.265218175 +0100
-@@ -1795,7 +1795,7 @@ S_Internals_V(pTHX_ CV *cv)
-     PUSHs(Perl_newSVpvn_flags(aTHX_ non_bincompat_options,
- 			      sizeof(non_bincompat_options) - 1, SVs_TEMP));
- 
--#ifdef __DATE__
-+#if 0
- #  ifdef __TIME__
-     PUSHs(Perl_newSVpvn_flags(aTHX_
- 			      STR_WITH_LEN("Compiled at " __DATE__ " " __TIME__),
-
diff --git a/gnu/packages/patches/perl-reproducible-build-date.patch b/gnu/packages/patches/perl-reproducible-build-date.patch
new file mode 100644
index 0000000000..bf0d4b8f6d
--- /dev/null
+++ b/gnu/packages/patches/perl-reproducible-build-date.patch
@@ -0,0 +1,50 @@
+Don't encode the current timestamp.
+
+This affects the output of `perl -V`, specifically the message "Compiled
+at [...]".
+
+The 'cf_time' and 'cf_by' values show up in 'config.h' and
+in 'Config_heavy.pl'.
+
+Use the output of 'uname -s' instead of 'uname -a' to avoid recording
+the kernel version ('uname -o' leads to directory names like
+'x86_64-gnulinux' instead of 'x86_64-linux', which might cause breakage
+down the road.)
+
+diff --git a/perl.c b/perl.c
+index 228a0d8..ed38313 100644
+--- a/perl.c
++++ b/perl.c
+@@ -1825,6 +1825,7 @@ S_Internals_V(pTHX_ CV *cv)
+     PUSHs(Perl_newSVpvn_flags(aTHX_ non_bincompat_options,
+ 			      sizeof(non_bincompat_options) - 1, SVs_TEMP));
+ 
++#define PERL_BUILD_DATE "Jan  1 1970 00:00:00"
+ #ifndef PERL_BUILD_DATE
+ #  ifdef __DATE__
+ #    ifdef __TIME__
+
+--- a/Configure	1970-01-01 01:00:00.000000000 +0100
++++ b/Configure	2016-10-01 14:47:20.017319739 +0200
+@@ -3276,7 +3276,7 @@ $eunicefix tr
+ : Try to determine whether config.sh was made on this system
+ case "$config_sh" in
+ '')
+-myuname=`$uname -a 2>/dev/null`
++myuname=`$uname -s 2>/dev/null`
+ $test -z "$myuname" && myuname=`hostname 2>/dev/null`
+ # Downcase everything to avoid ambiguity.
+ # Remove slashes and single quotes so we can use parts of this in
+@@ -3845,10 +3845,10 @@
+ . ./posthint.sh
+ 
+ : who configured the system
+-cf_time=`LC_ALL=C; LANGUAGE=C; export LC_ALL; export LANGUAGE; $date 2>&1`
++cf_time="1970-01-01"
+ case "$cf_by" in
+ "")
+-	cf_by=`(logname) 2>/dev/null`
++	cf_by="guix"
+ 	case "$cf_by" in
+ 	"")
+ 		cf_by=`(whoami) 2>/dev/null`
diff --git a/gnu/packages/patches/perl-source-date-epoch.patch b/gnu/packages/patches/perl-source-date-epoch.patch
deleted file mode 100644
index 37330c9537..0000000000
--- a/gnu/packages/patches/perl-source-date-epoch.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-Adapted from <https://bugs.debian.org/801621>.
-Make Pod::Man honor the SOURCE_DATE_EPOCH environment variable.
-
---- perl-5.22.0/cpan/podlators/lib/Pod/Man.pm	2015-12-12 22:33:03.321787590 +0100
-+++ perl-5.22.0/cpan/podlators/lib/Pod/Man.pm	2015-12-12 22:36:33.367361338 +0100
-@@ -884,7 +884,12 @@ sub devise_date {
-     my ($self) = @_;
-     my $input = $self->source_filename;
-     my $time;
--    if ($input) {
-+
-+    if (defined($ENV{SOURCE_DATE_EPOCH}) &&
-+        $ENV{SOURCE_DATE_EPOCH} !~ /\D/) {
-+        $time = $ENV{SOURCE_DATE_EPOCH};
-+    }
-+    elsif ($input) {
-         $time = (stat $input)[9] || time;
-     } else {
-         $time = time;
diff --git a/gnu/packages/patches/procps-non-linux.patch b/gnu/packages/patches/procps-non-linux.patch
deleted file mode 100644
index 9d369aeb2c..0000000000
--- a/gnu/packages/patches/procps-non-linux.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From aa9bd38d0a6fe53aff7f78fb2d9f61e55677c7b5 Mon Sep 17 00:00:00 2001
-From: Craig Small <csmall@enc.com.au>
-Date: Sun, 17 Apr 2016 09:09:41 +1000
-Subject: [PATCH] tests: Conditionally add prctl to test process
-
-prctl was already bypassed on Cygwin systems. This extends to
-non-Linux systems such as kFreeBSD and Hurd.
-
----
- lib/test_process.c | 4 ++--
- 2 files changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/lib/test_process.c b/lib/test_process.c
-index 6e652ed..6a4776c 100644
---- a/lib/test_process.c
-+++ b/lib/test_process.c
-@@ -21,7 +21,9 @@
- #include <stdlib.h>
- #include <unistd.h>
- #include <signal.h>
-+#ifdef __linux__
- #include <sys/prctl.h>
-+#endif
- #include "c.h"
- 
- #define DEFAULT_SLEEPTIME 300
-@@ -78,8 +80,10 @@
-     sigaction(SIGUSR1, &signal_action, NULL);
-     sigaction(SIGUSR2, &signal_action, NULL);
- 
-+#ifdef __linux__
-     /* set process name */
-     prctl(PR_SET_NAME, MY_NAME, NULL, NULL, NULL);
-+#endif
- 
-     while (sleep_time > 0) {
- 	sleep_time = sleep(sleep_time);
--- 
-2.8.2
-
diff --git a/gnu/packages/patches/python-3.4-fix-tests.patch b/gnu/packages/patches/python-3.4-fix-tests.patch
new file mode 100644
index 0000000000..d1f8138e79
--- /dev/null
+++ b/gnu/packages/patches/python-3.4-fix-tests.patch
@@ -0,0 +1,12 @@
+--- Lib/test/test_posixpath.py  2014-03-01 05:46:56.984311000 +0100
++++ Lib/test/test_posixpath.py  2014-03-07 00:59:20.888311000 +0100
+@@ -319,7 +319,11 @@
+                 del env['HOME']
+                 home = pwd.getpwuid(os.getuid()).pw_dir
+                 # $HOME can end with a trailing /, so strip it (see #17809)
+-                self.assertEqual(posixpath.expanduser("~"), home.rstrip("/"))
++                # The Guix builders have '/' as a home directory, so
++                # home.rstrip("/") will be an empty string and the test will
++                # fail. Let's just disable it since it does not really make
++                # sense with such a bizarre setup.
++                # self.assertEqual(posixpath.expanduser("~"), home.rstrip("/"))
diff --git a/gnu/packages/patches/python-3.5-fix-tests.patch b/gnu/packages/patches/python-3.5-fix-tests.patch
new file mode 100644
index 0000000000..46d2a84efb
--- /dev/null
+++ b/gnu/packages/patches/python-3.5-fix-tests.patch
@@ -0,0 +1,46 @@
+Additional test fixes which affect Python 3.5 (and presumably later) but not
+prior revisions of Python.
+
+--- Lib/test/test_pathlib.py     2014-03-01 03:02:36.088311000 +0100
++++ Lib/test/test_pathlib.py     2014-03-01 04:56:37.768311000 +0100
+@@ -1986,8 +1986,9 @@
+         expect = set() if not support.fs_is_case_insensitive(BASE) else given
+         self.assertEqual(given, expect)
+         self.assertEqual(set(p.rglob("FILEd*")), set())
+ 
++    @unittest.skipIf(True, "Guix builder home is '/' which causes trouble for these tests")
+     def test_expanduser(self):
+         P = self.cls
+         support.import_module('pwd')
+         import pwd
+--- Lib/test/test_tarfile.py        2016-02-24 19:22:52.597208055 +0000
++++ Lib/test/test_tarfile.py     2016-02-24 20:50:48.941950135 +0000
+@@ -2305,11 +2305,14 @@
+     try:
+         import pwd, grp
+     except ImportError:
+         return False
+-    if pwd.getpwuid(0)[0] != 'root':
+-        return False
+-    if grp.getgrgid(0)[0] != 'root':
++    try:
++        if pwd.getpwuid(0)[0] != 'root':
++            return False
++        if grp.getgrgid(0)[0] != 'root':
++            return False
++    except KeyError:
+         return False
+     return True
+
+
+--- Lib/test/test_asyncio/test_base_events.py
++++ Lib/test/test_asyncio/test_base_events.py
+@@ -142,6 +142,8 @@ class BaseEventTests(test_utils.TestCase):
+             (INET, STREAM, TCP, '', ('1.2.3.4', 1)),
+             base_events._ipaddr_info('1.2.3.4', b'1', INET, STREAM, TCP))
+ 
++    @unittest.skipUnless(support.is_resource_enabled('network'),
++                         'network is not enabled')
+     def test_getaddrinfo_servname(self):
+         INET = socket.AF_INET
+         STREAM = socket.SOCK_STREAM
diff --git a/gnu/packages/patches/python-disable-ssl-test.patch b/gnu/packages/patches/python-disable-ssl-test.patch
deleted file mode 100644
index e351c77505..0000000000
--- a/gnu/packages/patches/python-disable-ssl-test.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-Disable a test that fails with openssl-1.0.2b.
-
---- Lib/test/test_ssl.py.orig	2015-02-25 06:27:45.000000000 -0500
-+++ Lib/test/test_ssl.py	2015-06-12 03:14:09.395212502 -0400
-@@ -2718,6 +2718,7 @@
-                                        chatty=True, connectionchatty=True)
-             self.assertIs(stats['compression'], None)
- 
-+        @unittest.skipIf(True, "openssl 1.0.2b complains: dh key too small")
-         def test_dh_params(self):
-             # Check we can get a connection with ephemeral Diffie-Hellman
-             context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
diff --git a/gnu/packages/patches/python-fix-tests.patch b/gnu/packages/patches/python-fix-tests.patch
index 82c19980f9..e093307c51 100644
--- a/gnu/packages/patches/python-fix-tests.patch
+++ b/gnu/packages/patches/python-fix-tests.patch
@@ -20,21 +20,6 @@ http://bugs.python.org/issue20868 .
      def test_tarfile_root_owner(self):
          tmpdir, tmpdir2, base_name =  self._create_files()
 
---- Lib/test/test_posixpath.py	2014-03-01 05:46:56.984311000 +0100
-+++ Lib/test/test_posixpath.py	2014-03-07 00:59:20.888311000 +0100
-@@ -319,7 +319,11 @@
-                 del env['HOME']
-                 home = pwd.getpwuid(os.getuid()).pw_dir
-                 # $HOME can end with a trailing /, so strip it (see #17809)
--                self.assertEqual(posixpath.expanduser("~"), home.rstrip("/"))
-+                # The Guix builders have '/' as a home directory, so
-+                # home.rstrip("/") will be an empty string and the test will
-+                # fail. Let's just disable it since it does not really make
-+                # sense with such a bizarre setup.
-+                # self.assertEqual(posixpath.expanduser("~"), home.rstrip("/"))
- 
-     def test_normpath(self):
-         self.assertEqual(posixpath.normpath(""), ".")
 --- Lib/test/test_socket.py.orig	2014-03-02 22:14:12.264311000 +0100
 +++ Lib/test/test_socket.py	2014-03-21 03:50:45.660311000 +0100
 @@ -819,6 +819,8 @@
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index 61fe84eed9..6f779feccb 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
 ;;; Coypright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Coypright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Coypright © 2016 Marius Bakke <mbakke@fastmail.com>
 ;;; Coypright © 2016 Ludovic Courtès <ludo@gnu.org>
 ;;;
@@ -64,14 +65,14 @@
 (define-public poppler
   (package
    (name "poppler")
-   (version "0.43.0")
+   (version "0.47.0")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://poppler.freedesktop.org/poppler-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "0mi4zf0pz3x3fx3ir7szz1n57nywgbpd4mp2r7mvf47f4rmf4867"))))
+              "0hnjkcqqk87dw3hlda4gh4l7brkslniax9a79g772jn3iwiffwmq"))))
    (build-system gnu-build-system)
    ;; FIXME:
    ;;  use libcurl:        no
@@ -103,19 +104,18 @@
         ;; Saves 8 MiB of .a files.
         "--disable-static")
       #:phases
-      (alist-cons-before
-       'configure 'setenv
-       (lambda _
-         (setenv "CPATH"
-                 (string-append (assoc-ref %build-inputs "openjpeg-1")
-                                "/include/openjpeg-1.5"
-                                ":" (or (getenv "CPATH") ""))))
-        %standard-phases)))
+      (modify-phases %standard-phases
+        (add-before 'configure 'setenv
+          (lambda _
+            (setenv "CPATH"
+                    (string-append (assoc-ref %build-inputs "openjpeg-1")
+                                   "/include/openjpeg-1.5"
+                                   ":" (or (getenv "CPATH") ""))))))))
    (synopsis "PDF rendering library")
    (description
     "Poppler is a PDF rendering library based on the xpdf-3.0 code base.")
    (license license:gpl2+)
-   (home-page "http://poppler.freedesktop.org/")))
+   (home-page "https://poppler.freedesktop.org/")))
 
 (define-public poppler-qt4
   (package (inherit poppler)
@@ -402,7 +402,7 @@ by using the poppler rendering engine.")
               (patches (search-patches
                         "zathura-plugindir-environment-variable.patch"))))
     (native-inputs `(("pkg-config" ,pkg-config)
-                     ("gettext" ,gnu-gettext)))
+                     ("gettext" ,gettext-minimal)))
     (inputs `(("girara" ,girara)
               ("sqlite" ,sqlite)
               ("gtk+" ,gtk+)))
@@ -535,13 +535,14 @@ and examining the file structure (pdfshow).")
 (define-public qpdf
   (package
    (name "qpdf")
-   (version "5.1.3")
+   (version "6.0.0")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://sourceforge/qpdf/qpdf/" version
                                 "/qpdf-" version ".tar.gz"))
-            (sha256 (base32
-                     "1lq1v7xghvl6p4hgrwbps3a13ad6lh4ib3myimb83hxgsgd4n5nm"))
+            (sha256
+             (base32
+              "0csj2p2gkxrc0rk8ykymlsdgfas96vzf1dip3y1x7z1q9plwgzd9"))
             (modules '((guix build utils)))
             (snippet
              ;; Replace shebang with the bi-lingual shell/Perl trick to remove
@@ -555,17 +556,17 @@ eval '(exit $?0)' && eval 'exec perl -wS \"$0\" ${1+\"$@\"}'
    (build-system gnu-build-system)
    (arguments
     `(#:disallowed-references (,perl)
-      #:phases (alist-cons-before
-                'configure 'patch-paths
-                (lambda _
-                  (substitute* "make/libtool.mk"
-                    (("SHELL=/bin/bash")
-                     (string-append "SHELL=" (which "bash"))))
-                  (substitute* (append
-                                '("qtest/bin/qtest-driver")
-                                (find-files "." "\\.test"))
-                    (("/usr/bin/env") (which "env"))))
-                %standard-phases)))
+      #:phases
+      (modify-phases %standard-phases
+        (add-before 'configure 'patch-paths
+          (lambda _
+            (substitute* "make/libtool.mk"
+              (("SHELL=/bin/bash")
+               (string-append "SHELL=" (which "bash"))))
+            (substitute* (append
+                          '("qtest/bin/qtest-driver")
+                          (find-files "." "\\.test"))
+              (("/usr/bin/env") (which "env"))))))))
    (native-inputs
     `(("pkg-config" ,pkg-config)
       ("perl" ,perl)))
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index ba6f71a412..b5e6e54f7f 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -45,55 +45,55 @@
   ;; Yeah, Perl...  It is required early in the bootstrap process by Linux.
   (package
     (name "perl")
-    (version "5.22.1")
+    (version "5.24.0")
     (source (origin
              (method url-fetch)
              (uri (string-append "http://www.cpan.org/src/5.0/perl-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "09wg24w5syyafyv87l6z8pxwz4bjgcdj996bx5844k6m9445sirb"))
+               "00jj8zr8fnihrxxhl8h936ssczv5x86qb618yz1ig40d1rp0qhvy"))
              (patches (search-patches
                        "perl-no-sys-dirs.patch"
                        "perl-autosplit-default-time.patch"
-                       "perl-source-date-epoch.patch"
                        "perl-deterministic-ordering.patch"
-                       "perl-no-build-time.patch"
-                       "perl-CVE-2015-8607.patch"
-                       "perl-CVE-2016-2381.patch"))))
+                       "perl-reproducible-build-date.patch"))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f
+       #:configure-flags
+       (let ((out  (assoc-ref %outputs "out"))
+             (libc (assoc-ref %build-inputs "libc")))
+         (list
+          (string-append "-Dprefix=" out)
+          (string-append "-Dman1dir=" out "/share/man/man1")
+          (string-append "-Dman3dir=" out "/share/man/man3")
+          "-de" "-Dcc=gcc"
+          "-Uinstallusrbinperl"
+          "-Dinstallstyle=lib/perl5"
+          "-Duseshrplib"
+          (string-append "-Dlocincpth=" libc "/include")
+          (string-append "-Dloclibpth=" libc "/lib")
+          "-Dusethreads"))
        #:phases
        (modify-phases %standard-phases
-         (replace
-          'configure
-          (lambda* (#:key inputs outputs #:allow-other-keys)
-            (let ((out  (assoc-ref outputs "out"))
-                  (libc (assoc-ref inputs "libc")))
-              ;; Use the right path for `pwd'.
-              (substitute* "dist/PathTools/Cwd.pm"
-                (("/bin/pwd")
-                 (which "pwd")))
-
-              ;; Build in GNU89 mode to tolerate C++-style comment in libc's
-              ;; <bits/string3.h>.
-              (substitute* "cflags.SH"
-                (("-std=c89")
-                 "-std=gnu89"))
-
-              (zero?
-               (system* "./Configure"
-                        (string-append "-Dprefix=" out)
-                        (string-append "-Dman1dir=" out "/share/man/man1")
-                        (string-append "-Dman3dir=" out "/share/man/man3")
-                        "-de" "-Dcc=gcc"
-                        "-Uinstallusrbinperl"
-                        "-Dinstallstyle=lib/perl5"
-                        "-Duseshrplib"
-                        (string-append "-Dlocincpth=" libc "/include")
-                        (string-append "-Dloclibpth=" libc "/lib"))))))
-
+         (add-before 'configure 'setup-configure
+           (lambda _
+             ;; Use the right path for `pwd'.
+             (substitute* "dist/PathTools/Cwd.pm"
+               (("/bin/pwd")
+                (which "pwd")))
+
+             ;; Build in GNU89 mode to tolerate C++-style comment in libc's
+             ;; <bits/string3.h>.
+             (substitute* "cflags.SH"
+               (("-std=c89")
+                "-std=gnu89"))
+             #t))
+         (replace 'configure
+           (lambda* (#:key configure-flags #:allow-other-keys)
+             (format #t "Perl configure flags: ~s~%" configure-flags)
+             (zero? (apply system* "./Configure" configure-flags))))
          (add-before
           'strip 'make-shared-objects-writable
           (lambda* (#:key outputs #:allow-other-keys)
diff --git a/gnu/packages/plotutils.scm b/gnu/packages/plotutils.scm
index c913955975..74d209192f 100644
--- a/gnu/packages/plotutils.scm
+++ b/gnu/packages/plotutils.scm
@@ -186,8 +186,7 @@ colors, styles, options and details.")
     ;; "help" command in interactive mode, so adding a "doc" output is not
     ;; currently useful.
     (native-inputs
-     `(("gs" ,ghostscript-gs)           ;For tests
-       ("gs-2" ,ghostscript)             ;For dvipdfm
+     `(("gs" ,ghostscript)              ;For tests
        ("texinfo" ,texinfo)             ;For generating documentation
        ("texlive" ,texlive)             ;For tests and documentation
        ("emacs" ,emacs-minimal)
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index cf86c71970..30b0bdd22f 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -106,7 +106,7 @@
 (define-public python-2.7
   (package
     (name "python")
-    (version "2.7.11")
+    (version "2.7.12")
     (source
      (origin
       (method url-fetch)
@@ -114,7 +114,7 @@
                           version "/Python-" version ".tar.xz"))
       (sha256
        (base32
-        "0iiz844riiznsyhhyy962710pz228gmhv8qi3yk4w4jhmx2lqawn"))
+        "0y7rl603vmwlxm6ilkhc51rx2mfj14ckcz40xxgs0ljnvlhp30yp"))
       (patches (search-patches "python-2.7-search-paths.patch"
                                "python-2-deterministic-build-info.patch"
                                "python-2.7-source-date-epoch.patch"))
@@ -126,6 +126,7 @@
        '(begin
           (for-each delete-file
                     '("Lib/test/test_compileall.py"
+                      "Lib/test/test_ctypes.py" ; fails on mips64el
                       "Lib/test/test_distutils.py"
                       "Lib/test/test_import.py"
                       "Lib/test/test_shutil.py"
@@ -201,13 +202,6 @@
            (lambda _
              ;; 'Lib/test/test_site.py' needs a valid $HOME
              (setenv "HOME" (getcwd))
-             ,@(if (string-prefix? "mips64el" (%current-system))
-
-                   ;; XXX: The following test fails on mips64el.
-                   '((false-if-exception
-                      (delete-file "Lib/test/test_ctypes.py")))
-
-                   '())
              #t))
           (add-after
            'unpack 'set-source-file-times-to-1980
@@ -289,7 +283,7 @@
      (list (search-path-specification
             (variable "PYTHONPATH")
             (files '("lib/python2.7/site-packages")))))
-    (home-page "http://python.org")
+    (home-page "https://www.python.org")
     (synopsis "High-level, dynamically-typed programming language")
     (description
      "Python is a remarkably powerful dynamic programming language that
@@ -304,23 +298,22 @@ data types.")
 ;; Current 2.x version.
 (define-public python-2 python-2.7)
 
-(define-public python-3.4
+(define-public python-3.5
   (package (inherit python-2)
-    (version "3.4.3")
+    (version "3.5.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.python.org/ftp/python/"
                                   version "/Python-" version ".tar.xz"))
               (patches (search-patches
                         "python-fix-tests.patch"
-                        ;; XXX Try removing this patch for python > 3.4.3
-                        "python-disable-ssl-test.patch"
+                        "python-3.5-fix-tests.patch"
                         "python-3-deterministic-build-info.patch"
                         "python-3-search-paths.patch"))
               (patch-flags '("-p0"))
               (sha256
                (base32
-                "1f4nm4z08sy0kqwisvv95l02crv6dyysdmx44p1mz3bn6csrdcxm"))))
+                "0h6a5fr7ram2s483lh0pnmc4ncijb8llnpfdxdcl5dxr01hza400"))))
     (arguments (substitute-keyword-arguments (package-arguments python-2)
                  ((#:tests? _) #t)))
     (native-search-paths
@@ -330,8 +323,25 @@ data types.")
                                         (version-major+minor version)
                                         "/site-packages"))))))))
 
+(define-public python-3.4
+  (package (inherit python-3.5)
+    (version "3.4.5")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://www.python.org/ftp/python/"
+                                  version "/Python-" version ".tar.xz"))
+              (patches (search-patches
+                        "python-fix-tests.patch"
+                        "python-3.4-fix-tests.patch"
+                        "python-3-deterministic-build-info.patch"
+                        "python-3-search-paths.patch"))
+              (patch-flags '("-p0"))
+              (sha256
+               (base32
+                "12l9klp778wklxmckhghniy5hklss8r26995pyd00qbllk4b2r7f"))))))
+
 ;; Current 3.x version.
-(define-public python-3 python-3.4)
+(define-public python-3 python-3.5)
 
 ;; Current major version.
 (define-public python python-3)
@@ -353,14 +363,12 @@ data types.")
   (package (inherit python)
     (name "python-minimal")
     (outputs '("out"))
-    (arguments
-     (substitute-keyword-arguments (package-arguments python)
-       ((#:configure-flags cf)
-        `(append ,cf '("--without-system-ffi")))))
 
+    ;; Build fails due to missing ctypes without libffi.
     ;; OpenSSL is a mandatory dependency of Python 3.x, for urllib;
     ;; zlib is required by 'zipimport', used by pip.
-    (inputs `(("openssl" ,openssl)
+    (inputs `(("libffi" ,libffi)
+              ("openssl" ,openssl)
               ("zlib" ,zlib)))))
 
 (define* (wrap-python3 python
@@ -384,8 +392,8 @@ data types.")
                   (lambda (old new)
                     (symlink (string-append python old)
                              (string-append bin "/" new)))
-                  '("python3" "pydoc3" "idle3")
-                  '("python"  "pydoc"  "idle"))))))
+                  `("python3" ,"pydoc3" ,"idle3" ,"pip3" ,"python3-config")
+                  `("python"  ,"pydoc"  ,"idle"  ,"pip"  ,"python-config"))))))
     (synopsis "Wrapper for the Python 3 commands")
     (description
      "This package provides wrappers for the commands of Python@tie{}3.x such
diff --git a/gnu/packages/readline.scm b/gnu/packages/readline.scm
index 169a7386c4..6435e98234 100644
--- a/gnu/packages/readline.scm
+++ b/gnu/packages/readline.scm
@@ -40,14 +40,14 @@
                         (find-files lib "\\.a"))))))
     (package
       (name "readline")
-      (version "6.3")
+      (version "7.0")
       (source (origin
                (method url-fetch)
                (uri (string-append "mirror://gnu/readline/readline-"
                                    version ".tar.gz"))
                (sha256
                 (base32
-                 "0hzxr9jxqqx5sxsv9vmlxdnvlr9vi4ih1avjb869hbs6p5qn1fjn"))
+                 "0d13sg9ksf982rrrmv5mb6a2p4ys9rvg9r71d6il0vr8hmql63bm"))
                (patches (search-patches "readline-link-ncurses.patch"))
                (patch-flags '("-p0"))))
       (build-system gnu-build-system)
diff --git a/gnu/packages/sawfish.scm b/gnu/packages/sawfish.scm
index 9b09b6171e..54b72ffe03 100644
--- a/gnu/packages/sawfish.scm
+++ b/gnu/packages/sawfish.scm
@@ -152,7 +152,7 @@ backend of Sawfish.")
                            "/lib/sawfish/sawfish-menu")))
          %standard-phases))))
     (native-inputs
-     `(("gettext"     ,gnu-gettext)
+     `(("gettext"     ,gettext-minimal)
        ("makeinfo"    ,texinfo)
        ("pkg-config"  ,pkg-config)
        ("which"       ,which)))
diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm
index 9597473ad4..9ad9e707e7 100644
--- a/gnu/packages/scheme.scm
+++ b/gnu/packages/scheme.scm
@@ -633,7 +633,7 @@ threads.")
        ("stex" ,stex)))
     (native-inputs
      `(("texlive" ,texlive)
-       ("ghostscript" ,ghostscript-gs)
+       ("ghostscript" ,ghostscript)
        ("netpbm" ,netpbm)))
     (outputs '("out" "doc"))
     (arguments
diff --git a/gnu/packages/shishi.scm b/gnu/packages/shishi.scm
index 30351fb517..7e02843d38 100644
--- a/gnu/packages/shishi.scm
+++ b/gnu/packages/shishi.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2012, 2013 Nikita Karetnikov <nikita@karetnikov.org>
 ;;; Copyright © 2012 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -48,7 +49,7 @@
     (inputs
      `(("gnutls" ,gnutls)
        ("libidn" ,libidn)
-       ("linux-pam" ,linux-pam)
+       ("linux-pam" ,linux-pam-1.2)
        ("zlib" ,zlib)
        ;; libgcrypt 1.6 fails because of the following test:
        ;;  #include <gcrypt.h>
diff --git a/gnu/packages/skribilo.scm b/gnu/packages/skribilo.scm
index 40bf659297..52ed1c34e3 100644
--- a/gnu/packages/skribilo.scm
+++ b/gnu/packages/skribilo.scm
@@ -63,8 +63,7 @@
 
        #:parallel-build? #f))
 
-    (native-inputs `(("pkg-config" ,pkg-config)
-                     ("ghostscript-gs" , ghostscript-gs)))
+    (native-inputs `(("pkg-config" ,pkg-config)))
 
     (inputs `(("guile" ,guile-2.0)
               ("imagemagick" ,imagemagick)
diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm
index cbaf026728..79fb0427fd 100644
--- a/gnu/packages/statistics.scm
+++ b/gnu/packages/statistics.scm
@@ -75,7 +75,7 @@
     (build-system gnu-build-system)
     (inputs
      `(("cairo" ,cairo)
-       ("gettext" ,gnu-gettext)
+       ("gettext" ,gettext-minimal)
        ("gsl" ,gsl)
        ("libxml2" ,libxml2)
        ("pango" ,pango)
@@ -101,7 +101,7 @@ be output in text, PostScript, PDF or HTML.")
 (define-public r
   (package
     (name "r")
-    (version "3.3.0")
+    (version "3.3.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cran/src/base/R-"
@@ -109,7 +109,7 @@ be output in text, PostScript, PDF or HTML.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1r0i0cqs3p0vrpiwq0zg5kbrmja9rmaijyzf9f23v6d5n5ab2mlj"))))
+                "1qm9znh8akfy9fkzzi6f1vz2w1dd0chsr6qn7kw80lqzhgjrmi9x"))))
     (build-system gnu-build-system)
     (arguments
      `(#:make-flags
@@ -137,6 +137,7 @@ be output in text, PostScript, PDF or HTML.")
           (lambda _ (zero? (system* "make" "install-info")))))
        #:configure-flags
        '("--with-cairo"
+         "--with-blas=-lopenblas"
          "--with-libpng"
          "--with-jpeglib"
          "--with-libtiff"
@@ -171,6 +172,7 @@ be output in text, PostScript, PDF or HTML.")
        ("pango" ,pango)
        ("curl" ,curl)
        ("tzdata" ,tzdata)
+       ("openblas" ,openblas)
        ("gfortran" ,gfortran)
        ("icu4c" ,icu4c)
        ("libjpeg" ,libjpeg)
diff --git a/gnu/packages/terminals.scm b/gnu/packages/terminals.scm
index 948906a2fa..5bea5ab536 100644
--- a/gnu/packages/terminals.scm
+++ b/gnu/packages/terminals.scm
@@ -69,7 +69,7 @@
     (native-inputs
      `(("autoconf" ,autoconf)
        ("automake" ,automake)
-       ("gettext" ,gnu-gettext)
+       ("gettext" ,gettext-minimal)
        ("pkg-config" ,pkg-config)))
     (inputs
      `(("glib" ,glib "bin")
diff --git a/gnu/packages/texinfo.scm b/gnu/packages/texinfo.scm
index 5b22e84fb8..d21394e74f 100644
--- a/gnu/packages/texinfo.scm
+++ b/gnu/packages/texinfo.scm
@@ -32,14 +32,14 @@
 (define-public texinfo
   (package
     (name "texinfo")
-    (version "6.1")
+    (version "6.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnu/texinfo/texinfo-"
                                   version ".tar.xz"))
               (sha256
                (base32
-                "1ll3d0l8izygdxqz96wfr2631kxahifwdknpgsx2090vw963js5c"))))
+                "0fpr9kdjjl6nj2pc50k2zr7134hvqz8bi8pfqa7131a9lpzz6v14"))))
     (build-system gnu-build-system)
     (native-inputs `(("procps" ,procps)))  ;one of the tests needs pgrep
     (inputs `(("ncurses" ,ncurses)
@@ -62,18 +62,6 @@ their source and the command-line Info reader.  The emphasis of the language
 is on expressing the content semantically, avoiding physical markup commands.")
     (license gpl3+)))
 
-(define-public texinfo-6.3
-  (package
-    (inherit texinfo)
-    (version "6.3")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "mirror://gnu/texinfo/texinfo-"
-                                  version ".tar.xz"))
-              (sha256
-               (base32
-                "0fpr9kdjjl6nj2pc50k2zr7134hvqz8bi8pfqa7131a9lpzz6v14"))))))
-
 (define-public texinfo-5
   (package (inherit texinfo)
     (version "5.2")
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index b98e479273..8e9c9287fa 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -4,7 +4,7 @@
 ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
-;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2015, 2016 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
@@ -50,7 +50,7 @@
 (define-public libtasn1
   (package
     (name "libtasn1")
-    (version "4.8")
+    (version "4.9")
     (source
      (origin
       (method url-fetch)
@@ -58,7 +58,7 @@
                           version ".tar.gz"))
       (sha256
        (base32
-        "04y5m29pqmvkfdbppmsdifyx89v8xclxzklpfc7a1fkr9p4jz07s"))))
+        "0869cp6jx7cajgv6cnddsh3vc7bimmdkdjn80y1jpb4iss7plvsg"))))
     (build-system gnu-build-system)
     (native-inputs `(("perl" ,perl)))
     (home-page "http://www.gnu.org/software/libtasn1/")
@@ -100,7 +100,7 @@ in intelligent transportation networks.")
 (define-public p11-kit
   (package
     (name "p11-kit")
-    (version "0.23.1")
+    (version "0.23.2")
     (source
      (origin
       (method url-fetch)
@@ -108,7 +108,7 @@ in intelligent transportation networks.")
                           version ".tar.gz"))
       (sha256
        (base32
-        "1i3a1wdpagm0p3y1bwaz5x5rjhcpqbcrnhkcp10p259vkxk72wz5"))
+        "1w7szm190phlkg7qx05ychlj2dbvkgkhx9gw6dx4d5rw62l6wwms"))
       (modules '((guix build utils))) ; for substitute*
       (snippet
         '(begin
@@ -138,8 +138,7 @@ living in the same process.")
 (define-public gnutls
   (package
     (name "gnutls")
-    (replacement gnutls-3.5.4)
-    (version "3.5.2")
+    (version "3.5.4")
     (source (origin
              (method url-fetch)
              (uri
@@ -150,7 +149,7 @@ living in the same process.")
                              "/gnutls-" version ".tar.xz"))
              (sha256
               (base32
-               "10l5pv7qc5c850aamih3pdkbqpc4v2a6g164dzd7c7fjpxffji9b"))))
+               "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags
@@ -212,20 +211,6 @@ required structures.")
     (properties '((ftp-server . "ftp.gnutls.org")
                   (ftp-directory . "/gcrypt/gnutls")))))
 
-(define gnutls-3.5.4
-  (package
-    (inherit gnutls)
-    (source
-      (let ((version "3.5.4"))
-        (origin
-          (method url-fetch)
-          (uri (string-append "mirror://gnupg/gnutls/v"
-                              (version-major+minor version)
-                              "/gnutls-" version ".tar.xz"))
-          (sha256
-           (base32
-            "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f")))))))
-
 (define-public openssl
   (package
    (name "openssl")
@@ -331,6 +316,7 @@ required structures.")
                                        (string-append target "/"
                                                       (basename file))))
                         (find-files man3))
+              (delete-file-recursively man3)
               #t)))
         (add-before
          'patch-source-shebangs 'patch-tests
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 9008d9fadc..a4db4e774a 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -89,7 +89,7 @@
     (inputs
      ;; Note: 'tools/packaging/lp-upload-release' and 'tools/weavemerge.sh'
      ;; require Zsh.
-     `(("gettext" ,gnu-gettext)))
+     `(("gettext" ,gettext-minimal)))
     (arguments
      `(#:tests? #f ; no test target
        #:python ,python-2   ; Python 3 apparently not yet supported, see
@@ -123,7 +123,7 @@ as well as the classic centralized workflow.")
    (build-system gnu-build-system)
    (native-inputs
     `(("native-perl" ,perl)
-      ("gettext" ,gnu-gettext)
+      ("gettext" ,gettext-minimal)
       ("git-manpages"
        ,(origin
           (method url-fetch)
@@ -938,7 +938,7 @@ accessed and migrated on modern systems.")
        ("file" ,file)
        ("libxml2" ,libxml2)
        ("zlib" ,zlib)
-       ("gettext" ,gnu-gettext)))
+       ("gettext" ,gettext-minimal)))
     (native-inputs
      `(("bison" ,bison)
        ("groff" ,groff)
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 5e1bdf123a..243a8fb44e 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -353,7 +353,7 @@ SMPTE 314M.")
 (define-public libva
   (package
     (name "libva")
-    (version "1.7.0")
+    (version "1.7.1")
     (source
      (origin
        (method url-fetch)
@@ -361,7 +361,7 @@ SMPTE 314M.")
              "https://www.freedesktop.org/software/vaapi/releases/libva/libva-"
              version".tar.bz2"))
        (sha256
-        (base32 "0py9igf4kicj7ji22bjawkpd6my013qpg0s4ir2np9l1rk5vr2d6"))))
+        (base32 "1j8mb3p9kafhp30r3kmndnrklvzycc2ym0w6xdqz6m7jap626028"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index 477b05189c..6449f0d57a 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -130,7 +130,7 @@ Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
       ("vpnc" ,vpnc)
       ("zlib" ,zlib)))
    (native-inputs
-    `(("gettext" ,gnu-gettext)
+    `(("gettext" ,gettext-minimal)
       ("pkg-config" ,pkg-config)))
    (arguments
     `(#:configure-flags
diff --git a/gnu/packages/w3m.scm b/gnu/packages/w3m.scm
index e7dd583c11..afda239356 100644
--- a/gnu/packages/w3m.scm
+++ b/gnu/packages/w3m.scm
@@ -69,7 +69,7 @@
        ("openssl" ,openssl)
        ("zlib" ,zlib)))
     (native-inputs
-     `(("gettext" ,gnu-gettext)
+     `(("gettext" ,gettext-minimal)
        ("perl" ,perl)
        ("pkg-config" ,pkg-config)))
     (home-page "http://w3m.sourceforge.net/")
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index 888838dbe6..cd3dd876cb 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -87,7 +87,7 @@
                                    "/include/gstreamer-1.0")))))))
     (native-inputs
      `(("bison" ,bison)
-       ("gettext" ,gnu-gettext)
+       ("gettext" ,gettext-minimal)
        ("glib:bin" ,glib "bin") ; for glib-mkenums, etc.
        ("gobject-introspection" ,gobject-introspection)
        ("gperf" ,gperf)
diff --git a/gnu/packages/wicd.scm b/gnu/packages/wicd.scm
index f9aa657e56..e70bf736a5 100644
--- a/gnu/packages/wicd.scm
+++ b/gnu/packages/wicd.scm
@@ -52,7 +52,7 @@
                  "wicd-urwid-1.3.patch"
                  "wicd-wpa2-ttls.patch"))))
     (build-system python-build-system)
-    (native-inputs `(("gettext" ,gnu-gettext)))
+    (native-inputs `(("gettext" ,gettext-minimal)))
     (inputs `(("dbus-glib" ,dbus-glib)
               ("python2-dbus" ,python2-dbus)
               ("python2-pygtk" ,python2-pygtk)
diff --git a/gnu/packages/wine.scm b/gnu/packages/wine.scm
index 03a896b8e1..9a1bd56608 100644
--- a/gnu/packages/wine.scm
+++ b/gnu/packages/wine.scm
@@ -63,7 +63,7 @@
                 "1nmd65knzyh8b0yhxlqqvzai5rpnmhhm0c46n789zr5hj74jm6fg"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)
-                     ("gettext" ,gnu-gettext)
+                     ("gettext" ,gettext-minimal)
                      ("flex" ,flex)
                      ("bison" ,bison)
                      ("perl" ,perl)))
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 323ff111d4..a26c716866 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -90,7 +90,7 @@
              #t)))))
     (inputs `(("pygtk" ,python2-pygtk)
               ("xrandr" ,xrandr)))
-    (native-inputs `(("gettext"           ,gnu-gettext)
+    (native-inputs `(("gettext"           ,gettext-minimal)
                      ("python-docutils"   ,python2-docutils)
                      ("python-setuptools" ,python2-setuptools)))
     (home-page "https://christian.amsuess.com/tools/arandr/")
@@ -266,7 +266,7 @@ rasterisation.")
 (define-public libdrm
   (package
     (name "libdrm")
-    (version "2.4.67")
+    (version "2.4.68")
     (source
       (origin
         (method url-fetch)
@@ -275,8 +275,8 @@ rasterisation.")
                version
                ".tar.bz2"))
         (sha256
-          (base32
-            "1gnf206zs8dwszvkv4z2hbvh23045z0q29kms127bqrv27hp2nzf"))
+         (base32
+          "1px91j6imaaq2fy8ksvgldmv0cdz3w379jqiciqvqa99jajxjjsv"))
         (patches (search-patches "libdrm-symbol-check.patch"))))
     (build-system gnu-build-system)
     (inputs
@@ -1010,7 +1010,7 @@ by name.")
        ("libxrandr" ,libxrandr)
        ("startup-notification" ,startup-notification)))
     (native-inputs
-     `(("gettext" ,gnu-gettext)
+     `(("gettext" ,gettext-minimal)
        ("pkg-config" ,pkg-config)))
     (home-page "https://gitlab.com/o9000/tint2")
     (synopsis "Lightweight task bar")
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 879b37a337..94a017d1d5 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -52,18 +52,16 @@
 (define-public expat
   (package
     (name "expat")
-    (replacement expat/fixed)
-    (version "2.1.1")
+    (version "2.2.0")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://sourceforge/expat/expat/"
                                  version "/expat-" version ".tar.bz2"))
-             (patches (search-patches "expat-CVE-2012-6702-and-CVE-2016-5300.patch"
-                                      "expat-CVE-2015-1283-refix.patch"
-                                      "expat-CVE-2016-0718.patch"))
+             (patches
+               (search-patches "expat-CVE-2016-0718-fix-regression.patch"))
              (sha256
               (base32
-               "0ryyjgvy7jq0qb7a9mhc1giy3bzn56aiwrs8dpydqngplbjq9xdg"))))
+               "1zq4lnwjlw8s9mmachwfvfjf2x3lk24jm41746ykhdcvs7r0zrfr"))))
     (build-system gnu-build-system)
     (home-page "http://www.libexpat.org/")
     (synopsis "Stream-oriented XML parser library written in C")
@@ -73,17 +71,6 @@ stream-oriented parser in which an application registers handlers for
 things the parser might find in the XML document (like start tags).")
     (license license:expat)))
 
-(define expat/fixed
-  (package
-    (inherit expat)
-    (source (origin
-              (inherit (package-source expat))
-              (patches (search-patches
-                         "expat-CVE-2012-6702-and-CVE-2016-5300.patch"
-                         "expat-CVE-2015-1283-refix.patch"
-                         "expat-CVE-2016-0718.patch"
-                         "expat-CVE-2016-0718-fix-regression.patch"))))))
-
 (define-public libxml2
   (package
     (name "libxml2")
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index aa2b99a720..3dac36a4d3 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -999,7 +999,7 @@ authentication records.")
 (define-public inputproto
   (package
     (name "inputproto")
-    (version "2.3.1")
+    (version "2.3.2")
     (source
       (origin
         (method url-fetch)
@@ -1009,7 +1009,7 @@ authentication records.")
                ".tar.bz2"))
         (sha256
           (base32
-            "1lf1jlxp0fc8h6fjdffhd084dqab94966l1zm3rwwsis0mifwiss"))))
+            "07gk7v006zqn3dcfh16l06gnccy7xnqywf3vl9c209ikazsnlfl9"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)))
     (home-page "https://www.x.org/wiki/")
@@ -1432,7 +1432,7 @@ treat it as part of their software base when porting.")
             "07041q4k8m4nirzl7lrqn8by2zylx0xvh6n0za301qqs3njszgf5"))))
     (build-system gnu-build-system)
     (inputs
-      `(("gettext" ,gnu-gettext)
+      `(("gettext" ,gettext-minimal)
         ("libxt" ,libxt)
         ("xproto" ,xproto)
         ("libxext" ,libxext)))
@@ -1920,7 +1920,7 @@ generate new versions of their configure scripts with autoconf.")
 (define-public videoproto
   (package
     (name "videoproto")
-    (version "2.3.2")
+    (version "2.3.3")
     (source
       (origin
         (method url-fetch)
@@ -1930,7 +1930,7 @@ generate new versions of their configure scripts with autoconf.")
                ".tar.bz2"))
         (sha256
           (base32
-            "1dnlkd9nb0m135lgd6hd61vc29sdyarsyya8aqpx7z10p261dbld"))))
+            "00m7rh3pwmsld4d5fpii3xfk5ciqn17kkk38gfpzrrh8zn4ki067"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)))
     (home-page "https://www.x.org/wiki/")
@@ -3675,7 +3675,7 @@ alternative implementations like XRandR or TwinView.")
 (define xkbcomp-intermediate ; used as input for xkeyboard-config
   (package
     (name "xkbcomp-intermediate")
-    (version "1.3.0")
+    (version "1.3.1")
     (source
       (origin
         (method url-fetch)
@@ -3684,8 +3684,8 @@ alternative implementations like XRandR or TwinView.")
                version
                ".tar.bz2"))
         (sha256
-          (base32
-            "0aibcbhhjlwcrxh943xg2dswwx5bz1x0pmhs28b55gzsg0vrgb6g"))))
+         (base32
+          "0gcjy70ppmcl610z8gxc7sydsx93f8cm8pggm4qhihaa1ngdq103"))))
     (build-system gnu-build-system)
     (inputs
       `(("xproto" ,xproto)
@@ -3789,7 +3789,7 @@ extension to the X11 protocol.  It includes:
 (define-public xkeyboard-config
   (package
     (name "xkeyboard-config")
-    (version "2.17")
+    (version "2.18")
     (source
       (origin
         (method url-fetch)
@@ -3799,10 +3799,10 @@ extension to the X11 protocol.  It includes:
               ".tar.bz2"))
         (sha256
           (base32
-            "00878f1v3034ki78pjpf2db0bh7jsmszsnxr3bf5qxripm2bxiny"))))
+            "1l6x2w357ja8vm94ns79s7yj9a5dlr01r9dxrjvzwncadiyr27f4"))))
     (build-system gnu-build-system)
     (inputs
-      `(("gettext" ,gnu-gettext)
+      `(("gettext" ,gettext-minimal)
         ("libx11" ,libx11)
         ("xkbcomp-intermediate" ,xkbcomp-intermediate)))
     (native-inputs
@@ -4008,7 +4008,7 @@ Font Description (XLFD) full name for a font.")
        ("libxmu" ,libxmu)
        ("libxrender" ,libxrender)))
     (native-inputs
-     `(("gettext" ,gnu-gettext)
+     `(("gettext" ,gettext-minimal)
        ("pkg-config" ,pkg-config)))
     (home-page "https://www.x.org/wiki/")
     (synopsis "Display all the characters in an X font")
@@ -4761,7 +4761,7 @@ script around the mkfontscale program.")
 (define-public xproto
   (package
     (name "xproto")
-    (version "7.0.28")
+    (version "7.0.29")
     (source
       (origin
         (method url-fetch)
@@ -4771,7 +4771,7 @@ script around the mkfontscale program.")
                ".tar.bz2"))
         (sha256
           (base32
-            "1jpnvm33vi2dar5y5zgz7jjh0m8fpkcxm0f0lbwfx37ns5l5bs19"))))
+            "12lzpa9mrzkyrhrphzpi1014np3328qg7mdq08wj6wyaj9q4f6kc"))))
     (build-system gnu-build-system)
     (propagated-inputs
       `(("util-macros" ,util-macros))) ; to get util-macros in (almost?) all package inputs
@@ -4849,7 +4849,7 @@ an X Window System display.")
   (package
     (name "libxfixes")
     (replacement libxfixes/fixed)
-    (version "5.0.1")
+    (version "5.0.2")
     (source
       (origin
         (method url-fetch)
@@ -4859,7 +4859,7 @@ an X Window System display.")
                ".tar.bz2"))
         (sha256
           (base32
-            "0rs7qgzr6dpr62db7sd91c1b47hzhzfr010qwnpcm8sg122w1gk3"))))
+            "1slsk898386xii0r3l7szwwq3s6y2m4dsj0x93ninjh8xkghxllv"))))
     (build-system gnu-build-system)
     (propagated-inputs
       `(("fixesproto" ,fixesproto)))
@@ -5111,7 +5111,7 @@ over Xlib, including:
 (define-public xorg-server
   (package
     (name "xorg-server")
-    (version "1.18.1")
+    (version "1.18.4")
     (source
       (origin
         (method url-fetch)
@@ -5120,7 +5120,7 @@ over Xlib, including:
               name "-" version ".tar.bz2"))
         (sha256
          (base32
-          "17bq40als48v12ld81jysc0gj5g572zkjkyzbhlm3ac9xgdmdv45"))))
+          "1j1i3n5xy1wawhk95kxqdc54h34kg7xp4nnramba2q8xqfr5k117"))))
     (build-system gnu-build-system)
     (propagated-inputs
       `(("dri2proto" ,dri2proto)
@@ -5169,7 +5169,13 @@ over Xlib, including:
         ("xkbcomp" ,xkbcomp)
         ("xkeyboard-config" ,xkeyboard-config)
         ("xtrans" ,xtrans)
-        ("zlib" ,zlib)))
+        ("zlib" ,zlib)
+        ;; Inputs for Xephyr
+        ("xcb-util" ,xcb-util)
+        ("xcb-util-image" ,xcb-util-image)
+        ("xcb-util-keysyms" ,xcb-util-keysyms)
+        ("xcb-util-renderutil" ,xcb-util-renderutil)
+        ("xcb-util-wm" ,xcb-util-wm)))
     (native-inputs
        `(("python" ,python-minimal-wrapper)
          ("pkg-config" ,pkg-config)))
@@ -5185,9 +5191,17 @@ over Xlib, including:
              (string-append "--with-xkb-bin-directory="
                             (assoc-ref %build-inputs "xkbcomp")
                             "/bin")
+             ;; By default, it ends up with invalid '${prefix}/...', causes:
+             ;;   _FontTransOpen: Unable to Parse address ${prefix}/share/...
+             ;; It's not used anyway, so set it to empty.
+             "--with-default-font-path="
+
 
              ;; For the log file, etc.
-             "--localstatedir=/var")
+             "--localstatedir=/var"
+             ;; For sddm
+             "--enable-kdrive"
+             "--enable-xephyr")
 
        #:phases (alist-cons-before
                  'configure 'pre-configure
diff --git a/gnu/system.scm b/gnu/system.scm
index 38ae8f1771..43117b1714 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -562,12 +562,7 @@ use 'plain-file' instead~%")
 
     ;; By default, applications that use D-Bus, such as Emacs, abort at startup
     ;; when /etc/machine-id is missing.  Make sure these warnings are non-fatal.
-    ("DBUS_FATAL_WARNINGS" . "0")
-
-    ;; XXX: Normally we wouldn't need to do this, but our glibc@2.23 package
-    ;; looks things up in 'PREFIX/lib/locale' instead of
-    ;; '/run/current-system/locale' as was intended.
-    ("GUIX_LOCPATH" . "/run/current-system/locale")))
+    ("DBUS_FATAL_WARNINGS" . "0")))
 
 (define %setuid-programs
   ;; Default set of setuid-root programs.
diff --git a/guix/build/gnu-build-system.scm b/guix/build/gnu-build-system.scm
index 34edff7f40..1dfd85450c 100644
--- a/guix/build/gnu-build-system.scm
+++ b/guix/build/gnu-build-system.scm
@@ -172,22 +172,23 @@ files such as `.in' templates.  Most scripts honor $SHELL and
 $CONFIG_SHELL, but some don't, such as `mkinstalldirs' or Automake's
 `missing' script."
   (for-each patch-shebang
-            (remove (lambda (file)
-                      (or (not (file-exists? file)) ;dangling symlink
-                          (file-is-directory? file)))
-                    (find-files "."))))
+            (find-files "."
+                        (lambda (file stat)
+                          ;; Filter out symlinks.
+                          (eq? 'regular (stat:type stat)))
+                        #:stat lstat)))
 
 (define (patch-generated-file-shebangs . rest)
   "Patch shebangs in generated files, including `SHELL' variables in
 makefiles."
-  ;; Patch executable files, some of which might have been generated by
-  ;; `configure'.
+  ;; Patch executable regular files, some of which might have been generated
+  ;; by `configure'.
   (for-each patch-shebang
-            (filter (lambda (file)
-                      (and (file-exists? file)
-                           (executable-file? file)
-                           (not (file-is-directory? file))))
-                    (find-files ".")))
+            (find-files "."
+                        (lambda (file stat)
+                          (and (eq? 'regular (stat:type stat))
+                               (not (zero? (logand (stat:mode stat) #o100)))))
+                        #:stat lstat))
 
   ;; Patch `SHELL' in generated makefiles.
   (for-each patch-makefile-SHELL (find-files "." "^(GNU)?[mM]akefile$")))
@@ -386,26 +387,17 @@ makefiles."
     (when debug-output
       (format #t "debugging output written to ~s using ~s~%"
               debug-output objcopy-command))
-    (file-system-fold (const #t)
-                      (lambda (path stat result)  ; leaf
-                        (and (file-exists? path)  ;discard dangling symlinks
-                             (or (elf-file? path) (ar-file? path))
-                             (or (not debug-output)
-                                 (make-debug-file path))
-                             (zero? (apply system* strip-command
-                                           (append strip-flags (list path))))
-                             (or (not debug-output)
-                                 (add-debug-link path))))
-                      (const #t)                  ; down
-                      (const #t)                  ; up
-                      (const #t)                  ; skip
-                      (lambda (path stat errno result)
-                        (format (current-error-port)
-                                "strip: failed to access `~a': ~a~%"
-                                path (strerror errno))
-                        #f)
-                      #t
-                      dir))
+
+    (for-each (lambda (file)
+                (and (file-exists? file)          ;discard dangling symlinks
+                     (or (elf-file? file) (ar-file? file))
+                     (or (not debug-output)
+                         (make-debug-file file))
+                     (zero? (apply system* strip-command
+                                   (append strip-flags (list file))))
+                     (or (not debug-output)
+                         (add-debug-link file))))
+              (find-files dir)))
 
   (or (not strip-binaries?)
       (every strip-dir
@@ -552,6 +544,47 @@ DOCUMENTATION-COMPRESSOR-FLAGS."
             outputs)
   #t)
 
+
+(define* (patch-dot-desktop-files #:key outputs inputs #:allow-other-keys)
+  "Replace any references to executables in '.desktop' files with their
+absolute file names."
+  (define bin-directories
+    (append-map (match-lambda
+                  ((_ . directory)
+                   (list (string-append directory "/bin")
+                         (string-append directory "/sbin"))))
+                outputs))
+
+  (define (which program)
+    (or (search-path bin-directories program)
+        (begin
+          (format (current-error-port)
+                  "warning: '.desktop' file refers to '~a', \
+which cannot be found~%"
+                  program)
+          program)))
+
+  (for-each (match-lambda
+              ((_ . directory)
+               (let ((applications (string-append directory
+                                                  "/share/applications")))
+                 (when (directory-exists? applications)
+                   (let ((files (find-files applications "\\.desktop$")))
+                     (format #t "adjusting ~a '.desktop' files in ~s~%"
+                             (length files) applications)
+
+                     ;; '.desktop' files contain translations and are always
+                     ;; UTF-8-encoded.
+                     (with-fluids ((%default-port-encoding "UTF-8"))
+                       (substitute* files
+                         (("^Exec=([^/[:blank:]\r\n]*)(.*)$" _ binary rest)
+                          (string-append "Exec=" (which binary) rest))
+                         (("^TryExec=([^/[:blank:]\r\n]*)(.*)$" _ binary rest)
+                          (string-append "TryExec="
+                                         (which binary) rest)))))))))
+            outputs)
+  #t)
+
 (define %standard-phases
   ;; Standard build phases, as a list of symbol/procedure pairs.
   (let-syntax ((phases (syntax-rules ()
@@ -564,6 +597,7 @@ DOCUMENTATION-COMPRESSOR-FLAGS."
             validate-runpath
             validate-documentation-location
             delete-info-dir-file
+            patch-dot-desktop-files
             compress-documentation)))
 
 
diff --git a/guix/build/utils.scm b/guix/build/utils.scm
index 2988193fce..bc6f114152 100644
--- a/guix/build/utils.scm
+++ b/guix/build/utils.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
@@ -518,8 +518,8 @@ following forms:
   (add-before <old-phase-name> <new-phase-name> <new-phase>)
   (add-after <old-phase-name> <new-phase-name> <new-phase>)
 
-Where every <*-phase-name> is an automatically quoted symbol, and <new-phase>
-an expression evaluating to a procedure."
+Where every <*-phase-name> is an expression evaluating to a symbol, and
+<new-phase> an expression evaluating to a procedure."
   (let* ((phases* phases)
          (phases* (%modify-phases phases* mod-spec))
          ...)
@@ -944,64 +944,76 @@ This is useful for scripts that expect particular programs to be in $PATH, for
 programs that expect particular shared libraries to be in $LD_LIBRARY_PATH, or
 modules in $GUILE_LOAD_PATH, etc.
 
-If PROG has previously been wrapped by wrap-program the wrapper will point to
-the previous wrapper."
-  (define (wrapper-file-name number)
-    (format #f "~a/.~a-wrap-~2'0d" (dirname prog) (basename prog) number))
-  (define (next-wrapper-number)
-    (let ((wrappers
-           (find-files (dirname prog)
-                       (string-append "\\." (basename prog) "-wrap-.*"))))
-      (if (null? wrappers)
-          0
-          (string->number (string-take-right (last wrappers) 2)))))
-  (define (wrapper-target number)
-    (if (zero? number)
-        (let ((prog-real (string-append (dirname prog) "/."
-                                        (basename prog) "-real")))
-          (rename-file prog prog-real)
-          prog-real)
-        (wrapper-file-name number)))
-
-  (let* ((number   (next-wrapper-number))
-         (target   (wrapper-target number))
-         (wrapper  (wrapper-file-name (1+ number)))
-         (prog-tmp (string-append target "-tmp")))
-    (define (export-variable lst)
-      ;; Return a string that exports an environment variable.
-      (match lst
-        ((var sep '= rest)
-         (format #f "export ~a=\"~a\""
-                 var (string-join rest sep)))
-        ((var sep 'prefix rest)
-         (format #f "export ~a=\"~a${~a~a+~a}$~a\""
-                 var (string-join rest sep) var sep sep var))
-        ((var sep 'suffix rest)
-         (format #f "export ~a=\"$~a${~a~a+~a}~a\""
-                 var var var sep sep (string-join rest sep)))
-        ((var '= rest)
-         (format #f "export ~a=\"~a\""
-                 var (string-join rest ":")))
-        ((var 'prefix rest)
-         (format #f "export ~a=\"~a${~a:+:}$~a\""
-                 var (string-join rest ":") var var))
-        ((var 'suffix rest)
-         (format #f "export ~a=\"$~a${~a:+:}~a\""
-                 var var var (string-join rest ":")))))
-
-    (with-output-to-file prog-tmp
-      (lambda ()
-        (format #t
-                "#!~a~%~a~%exec -a \"$0\" \"~a\" \"$@\"~%"
-                (which "bash")
-                (string-join (map export-variable vars)
-                             "\n")
-                (canonicalize-path target))))
-
-    (chmod prog-tmp #o755)
-    (rename-file prog-tmp wrapper)
-    (symlink wrapper prog-tmp)
-    (rename-file prog-tmp prog)))
+If PROG has previously been wrapped by 'wrap-program', the wrapper is extended
+with definitions for VARS."
+  (define wrapped-file
+    (string-append (dirname prog) "/." (basename prog) "-real"))
+
+  (define already-wrapped?
+    (file-exists? wrapped-file))
+
+  (define (last-line port)
+    ;; Return the last line read from PORT and leave PORT's cursor right
+    ;; before it.
+    (let loop ((previous-line-offset 0)
+               (previous-line "")
+               (position (seek port 0 SEEK_CUR)))
+      (match (read-line port 'concat)
+        ((? eof-object?)
+         (seek port previous-line-offset SEEK_SET)
+         previous-line)
+        ((? string? line)
+         (loop position line (+ (string-length line) position))))))
+
+  (define (export-variable lst)
+    ;; Return a string that exports an environment variable.
+    (match lst
+      ((var sep '= rest)
+       (format #f "export ~a=\"~a\""
+               var (string-join rest sep)))
+      ((var sep 'prefix rest)
+       (format #f "export ~a=\"~a${~a~a+~a}$~a\""
+               var (string-join rest sep) var sep sep var))
+      ((var sep 'suffix rest)
+       (format #f "export ~a=\"$~a${~a~a+~a}~a\""
+               var var var sep sep (string-join rest sep)))
+      ((var '= rest)
+       (format #f "export ~a=\"~a\""
+               var (string-join rest ":")))
+      ((var 'prefix rest)
+       (format #f "export ~a=\"~a${~a:+:}$~a\""
+               var (string-join rest ":") var var))
+      ((var 'suffix rest)
+       (format #f "export ~a=\"$~a${~a:+:}~a\""
+               var var var (string-join rest ":")))))
+
+  (if already-wrapped?
+
+      ;; PROG is already a wrapper: add the new "export VAR=VALUE" lines just
+      ;; before the last line.
+      (let* ((port (open-file prog "r+"))
+             (last (last-line port)))
+        (for-each (lambda (var)
+                    (display (export-variable var) port)
+                    (newline port))
+                  vars)
+        (display last port)
+        (close-port port))
+
+      ;; PROG is not wrapped yet: create a shell script that sets VARS.
+      (let ((prog-tmp (string-append wrapped-file "-tmp")))
+        (link prog wrapped-file)
+
+        (call-with-output-file prog-tmp
+          (lambda (port)
+            (format port
+                    "#!~a~%~a~%exec -a \"$0\" \"~a\" \"$@\"~%"
+                    (which "bash")
+                    (string-join (map export-variable vars) "\n")
+                    (canonicalize-path wrapped-file))))
+
+        (chmod prog-tmp #o755)
+        (rename-file prog-tmp prog))))
 
 
 ;;;
diff --git a/guix/packages.scm b/guix/packages.scm
index 2264c5acef..88b21f709d 100644
--- a/guix/packages.scm
+++ b/guix/packages.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -493,9 +494,11 @@ specifies modules in scope when evaluating SNIPPET."
               (format (current-error-port) "applying '~a'...~%" patch)
 
               ;; Use '--force' so that patches that do not apply perfectly are
-              ;; rejected.
+              ;; rejected.  Use '--no-backup-if-mismatch' to prevent making
+              ;; "*.orig" file if a patch is applied with offset.
               (zero? (system* (string-append #+patch "/bin/patch")
-                              "--force" #+@flags "--input" patch)))
+                              "--force" "--no-backup-if-mismatch"
+                              #+@flags "--input" patch)))
 
             (define (first-file directory)
               ;; Return the name of the first file in DIRECTORY.
diff --git a/guix/profiles.scm b/guix/profiles.scm
index e7319a8a10..d162f6241b 100644
--- a/guix/profiles.scm
+++ b/guix/profiles.scm
@@ -680,7 +680,18 @@ MANIFEST.  Single-file bundles are required by programs such as Git and Lynx."
 (define (gtk-icon-themes manifest)
   "Return a derivation that unions all icon themes from manifest entries and
 creates the GTK+ 'icon-theme.cache' file for each theme."
-  (mlet %store-monad ((gtk+ (manifest-lookup-package manifest "gtk+")))
+  (define gtk+  ; lazy reference
+    (module-ref (resolve-interface '(gnu packages gtk)) 'gtk+))
+
+  (mlet %store-monad ((%gtk+ (manifest-lookup-package manifest "gtk+"))
+                      ;; XXX: Can't use gtk-update-icon-cache corresponding
+                      ;; to the gtk+ referenced by 'manifest'.  Because
+                      ;; '%gtk+' can be either a package or store path, and
+                      ;; there's no way to get the "bin" output for the later.
+                      (gtk-update-icon-cache
+                       -> #~(string-append #+gtk+:bin
+                                           "/bin/gtk-update-icon-cache")))
+
     (define build
       (with-imported-modules '((guix build utils)
                                (guix build union)
@@ -697,9 +708,7 @@ creates the GTK+ 'icon-theme.cache' file for each theme."
             (let* ((destdir  (string-append #$output "/share/icons"))
                    (icondirs (filter file-exists?
                                      (map (cut string-append <> "/share/icons")
-                                          '#$(manifest-inputs manifest))))
-                   (update-icon-cache (string-append
-                                       #+gtk+ "/bin/gtk-update-icon-cache")))
+                                          '#$(manifest-inputs manifest)))))
 
               ;; Union all the icons.
               (mkdir-p (string-append #$output "/share"))
@@ -714,11 +723,11 @@ creates the GTK+ 'icon-theme.cache' file for each theme."
                    ;; "abiword_48.png".  Ignore these.
                    (when (file-is-directory? dir)
                      (ensure-writable-directory dir)
-                     (system* update-icon-cache "-t" dir "--quiet"))))
+                     (system* #+gtk-update-icon-cache "-t" dir "--quiet"))))
                (scandir destdir (negate (cut member <> '("." "..")))))))))
 
     ;; Don't run the hook when there's nothing to do.
-    (if gtk+
+    (if %gtk+
         (gexp->derivation "gtk-icon-themes" build
                           #:local-build? #t
                           #:substitutable? #f)
diff --git a/m4/guix.m4 b/m4/guix.m4
index 949ae4ca7c..6d8ec2e4e0 100644
--- a/m4/guix.m4
+++ b/m4/guix.m4
@@ -74,6 +74,9 @@ AC_DEFUN([GUIX_SYSTEM_TYPE], [
        linux-gnu*)
 	  # For backward compatibility, strip the `-gnu' part.
 	  guix_system="$machine_name-linux";;
+       gnu*)
+          # Always use i586 for GNU/Hurd.
+          guix_system="i586-gnu";;
        *)
 	  # Strip the version number from names such as `gnu0.3',
 	  # `darwin10.2.0', etc.
diff --git a/tests/build-utils.scm b/tests/build-utils.scm
index cc96738e36..7d49446f66 100644
--- a/tests/build-utils.scm
+++ b/tests/build-utils.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -19,12 +19,9 @@
 
 (define-module (test-build-utils)
   #:use-module (guix tests)
-  #:use-module (guix store)
-  #:use-module (guix derivations)
   #:use-module (guix build utils)
-  #:use-module (guix packages)
-  #:use-module (guix build-system)
-  #:use-module (guix build-system trivial)
+  #:use-module ((guix utils)
+                #:select (%current-system call-with-temporary-directory))
   #:use-module (gnu packages)
   #:use-module (gnu packages bootstrap)
   #:use-module (srfi srfi-34)
@@ -32,9 +29,6 @@
   #:use-module (rnrs io ports)
   #:use-module (ice-9 popen))
 
-(define %store
-  (open-connection-for-tests))
-
 
 (test-begin "build-utils")
 
@@ -95,49 +89,37 @@
                           port
                           cons)))))
 
-(test-assert "wrap-program, one input, multiple calls"
-  (let* ((p (package
-              (name "test-wrap-program") (version "0") (source #f)
-              (synopsis #f) (description #f) (license #f) (home-page #f)
-              (build-system trivial-build-system)
-              (arguments
-               `(#:guile ,%bootstrap-guile
-                 #:modules ((guix build utils))
-                 #:builder
-                 (let* ((out  (assoc-ref %outputs "out"))
-                        (bash (assoc-ref %build-inputs "bash"))
-                        (foo  (string-append out "/foo")))
-                   (begin
-                     (use-modules (guix build utils))
-                     (mkdir out)
-                     (call-with-output-file foo
-                       (lambda (p)
-                         (format p
-                                 "#!~a~%echo \"${GUIX_FOO} ${GUIX_BAR}\"~%"
-                                 bash)))
-                     (chmod foo #o777)
-                     ;; wrap-program uses `which' to find bash for the wrapper
-                     ;; shebang, but it can't know about the bootstrap bash in
-                     ;; the store, since it's not named "bash".  Help it out a
-                     ;; bit by providing a symlink it this package's output.
-                     (symlink bash (string-append out "/bash"))
-                     (setenv "PATH" out)
-                     (wrap-program foo `("GUIX_FOO" prefix ("hello")))
-                     (wrap-program foo `("GUIX_BAR" prefix ("world")))
-                     #t))))
-              (inputs `(("bash" ,(search-bootstrap-binary "bash"
-                                                          (%current-system)))))))
-         (d (package-derivation %store p)))
-
-    ;; The bootstrap Bash is linked against an old libc and would abort with
-    ;; an assertion failure when trying to load incompatible locale data.
-    (unsetenv "LOCPATH")
-
-    (and (build-derivations %store (pk 'drv d (list d)))
-         (let* ((p    (derivation->output-path d))
-                (foo  (string-append p "/foo"))
-                (pipe (open-input-pipe foo))
-                (str  (get-string-all pipe)))
-           (equal? str "hello world\n")))))
+(test-equal "wrap-program, one input, multiple calls"
+  "hello world\n"
+  (call-with-temporary-directory
+   (lambda (directory)
+     (let ((bash (search-bootstrap-binary "bash" (%current-system)))
+           (foo  (string-append directory "/foo")))
+
+       (call-with-output-file foo
+         (lambda (p)
+           (format p
+                   "#!~a~%echo \"${GUIX_FOO} ${GUIX_BAR}\"~%"
+                   bash)))
+       (chmod foo #o777)
+
+       ;; wrap-program uses `which' to find bash for the wrapper shebang, but
+       ;; it can't know about the bootstrap bash in the store, since it's not
+       ;; named "bash".  Help it out a bit by providing a symlink it this
+       ;; package's output.
+       (setenv "PATH" (dirname bash))
+       (wrap-program foo `("GUIX_FOO" prefix ("hello")))
+       (wrap-program foo `("GUIX_BAR" prefix ("world")))
+
+       ;; The bootstrap Bash is linked against an old libc and would abort with
+       ;; an assertion failure when trying to load incompatible locale data.
+       (unsetenv "LOCPATH")
+
+       (let* ((pipe (open-input-pipe foo))
+              (str  (get-string-all pipe)))
+         (with-directory-excursion directory
+           (for-each delete-file '("foo" ".foo-real")))
+         (and (zero? (close-pipe pipe))
+              str))))))
 
 (test-end)