summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--build-aux/build-self.scm11
-rw-r--r--gnu/local.mk17
-rw-r--r--gnu/packages/base.scm70
-rw-r--r--gnu/packages/bash.scm8
-rw-r--r--gnu/packages/bdw-gc.scm12
-rw-r--r--gnu/packages/bison.scm19
-rw-r--r--gnu/packages/boost.scm18
-rw-r--r--gnu/packages/build-tools.scm2
-rw-r--r--gnu/packages/check.scm40
-rw-r--r--gnu/packages/cmake.scm12
-rw-r--r--gnu/packages/compression.scm59
-rw-r--r--gnu/packages/cups.scm24
-rw-r--r--gnu/packages/curl.scm21
-rw-r--r--gnu/packages/databases.scm17
-rw-r--r--gnu/packages/docbook.scm10
-rw-r--r--gnu/packages/documentation.scm15
-rw-r--r--gnu/packages/file.scm5
-rw-r--r--gnu/packages/flex.scm16
-rw-r--r--gnu/packages/fontutils.scm19
-rw-r--r--gnu/packages/fribidi.scm7
-rw-r--r--gnu/packages/gcc.scm22
-rw-r--r--gnu/packages/gdb.scm1
-rw-r--r--gnu/packages/ghostscript.scm16
-rw-r--r--gnu/packages/glib.scm12
-rw-r--r--gnu/packages/gnome.scm28
-rw-r--r--gnu/packages/gnupg.scm41
-rw-r--r--gnu/packages/gtk.scm18
-rw-r--r--gnu/packages/guile.scm33
-rw-r--r--gnu/packages/icu4c.scm14
-rw-r--r--gnu/packages/image.scm20
-rw-r--r--gnu/packages/inkscape.scm21
-rw-r--r--gnu/packages/jemalloc.scm5
-rw-r--r--gnu/packages/kerberos.scm7
-rw-r--r--gnu/packages/libbsd.scm4
-rw-r--r--gnu/packages/libevent.scm13
-rw-r--r--gnu/packages/libffi.scm9
-rw-r--r--gnu/packages/libidn.scm25
-rw-r--r--gnu/packages/libsigsegv.scm33
-rw-r--r--gnu/packages/libunistring.scm29
-rw-r--r--gnu/packages/linux.scm37
-rw-r--r--gnu/packages/m4.scm1
-rw-r--r--gnu/packages/make-bootstrap.scm10
-rw-r--r--gnu/packages/nettle.scm18
-rw-r--r--gnu/packages/openldap.scm4
-rw-r--r--gnu/packages/openstack.scm8
-rw-r--r--gnu/packages/package-management.scm4
-rw-r--r--gnu/packages/patches/binutils-aarch64-symbol-relocation.patch36
-rw-r--r--gnu/packages/patches/doxygen-gcc-ice.patch25
-rw-r--r--gnu/packages/patches/findutils-gnulib-libio.patch114
-rw-r--r--gnu/packages/patches/findutils-makedev.patch22
-rw-r--r--gnu/packages/patches/freetype-CVE-2018-6942.patch31
-rw-r--r--gnu/packages/patches/gcc-libsanitizer-ustat.patch41
-rw-r--r--gnu/packages/patches/gcc-strmov-store-file-names.patch12
-rw-r--r--gnu/packages/patches/gdb-python-3.7.patch52
-rw-r--r--gnu/packages/patches/glibc-2.28-git-fixes.patch248
-rw-r--r--gnu/packages/patches/jemalloc-arm-address-bits.patch39
-rw-r--r--gnu/packages/patches/libgcrypt-make-yat2m-reproducible.patch32
-rw-r--r--gnu/packages/patches/libgpg-error-aarch64-logging-fix.patch58
-rw-r--r--gnu/packages/patches/m4-gnulib-libio.patch128
-rw-r--r--gnu/packages/patches/mariadb-gcc-ice.patch24
-rw-r--r--gnu/packages/patches/meson-for-build-rpath.patch6
-rw-r--r--gnu/packages/patches/perf-gcc-ice.patch13
-rw-r--r--gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch36
-rw-r--r--gnu/packages/patches/perl-deterministic-ordering.patch6
-rw-r--r--gnu/packages/patches/perl-file-path-CVE-2017-6512.patch173
-rw-r--r--gnu/packages/patches/texinfo-perl-compat.patch51
-rw-r--r--gnu/packages/pcre.scm21
-rw-r--r--gnu/packages/pdf.scm4
-rw-r--r--gnu/packages/perl.scm42
-rw-r--r--gnu/packages/python-crypto.scm4
-rw-r--r--gnu/packages/python-web.scm4
-rw-r--r--gnu/packages/python.scm448
-rw-r--r--gnu/packages/readline.scm4
-rw-r--r--gnu/packages/ssh.scm21
-rw-r--r--gnu/packages/tcl.scm16
-rw-r--r--gnu/packages/tex.scm126
-rw-r--r--gnu/packages/texinfo.scm1
-rw-r--r--gnu/packages/time.scm8
-rw-r--r--gnu/packages/tls.scm14
-rw-r--r--gnu/packages/web.scm8
-rw-r--r--gnu/packages/xml.scm20
-rw-r--r--guix/build-system/meson.scm1
-rw-r--r--guix/build/gnu-build-system.scm36
-rw-r--r--guix/build/gremlin.scm132
-rw-r--r--guix/build/haskell-build-system.scm43
-rw-r--r--guix/build/meson-build-system.scm58
-rw-r--r--guix/build/python-build-system.scm2
-rw-r--r--guix/build/r-build-system.scm2
-rw-r--r--guix/build/utils.scm8
-rw-r--r--guix/gexp.scm136
-rw-r--r--guix/packages.scm10
-rw-r--r--guix/self.scm13
-rw-r--r--tests/gexp.scm6
-rw-r--r--tests/gremlin.scm33
94 files changed, 1667 insertions, 1536 deletions
diff --git a/build-aux/build-self.scm b/build-aux/build-self.scm
index 3ecdc931a5..edb7f5d9c5 100644
--- a/build-aux/build-self.scm
+++ b/build-aux/build-self.scm
@@ -297,10 +297,15 @@ person's version identifier."
 ;; The procedure below is our return value.
 (define* (build source
                 #:key verbose? (version (date-version-string)) system
-                (guile-version (match ((@ (guile) version))
-                                 ("2.2.2" "2.2.2")
-                                 (_       (effective-version))))
                 (pull-version 0)
+
+                ;; For the standalone Guix, default to Guile 2.2.  For old
+                ;; versions of 'guix pull' (pre-0.15.0), we have to use the
+                ;; same Guile as the current one.
+                (guile-version (if (> pull-version 0)
+                                   "2.2"
+                                   (effective-version)))
+
                 #:allow-other-keys
                 #:rest rest)
   "Return a derivation that unpacks SOURCE into STORE and compiles Scheme
diff --git a/gnu/local.mk b/gnu/local.mk
index 60db25a60c..aac3a66577 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -590,7 +590,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/bash-completion-directories.patch	\
   %D%/packages/patches/bazaar-CVE-2017-14176.patch		\
   %D%/packages/patches/beignet-correct-file-names.patch		\
-  %D%/packages/patches/binutils-aarch64-symbol-relocation.patch	\
   %D%/packages/patches/binutils-loongson-workaround.patch	\
   %D%/packages/patches/blast+-fix-makefile.patch		\
   %D%/packages/patches/boost-fix-icu-build.patch		\
@@ -646,7 +645,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/doc++-include-directives.patch		\
   %D%/packages/patches/doc++-segfault-fix.patch			\
   %D%/packages/patches/dovecot-trees-support-dovecot-2.3.patch	\
-  %D%/packages/patches/doxygen-gcc-ice.patch			\
   %D%/packages/patches/doxygen-test.patch			\
   %D%/packages/patches/dvd+rw-tools-add-include.patch 		\
   %D%/packages/patches/elfutils-tests-ptrace.patch		\
@@ -677,7 +675,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/fcgi-2.4.0-poll.patch			\
   %D%/packages/patches/fifo-map-fix-flags-for-gcc.patch		\
   %D%/packages/patches/fifo-map-remove-catch.hpp.patch		\
+  %D%/packages/patches/findutils-gnulib-libio.patch		\
   %D%/packages/patches/findutils-localstatedir.patch		\
+  %D%/packages/patches/findutils-makedev.patch			\
   %D%/packages/patches/findutils-test-xargs.patch		\
   %D%/packages/patches/flann-cmake-3.11.patch			\
   %D%/packages/patches/flint-ldconfig.patch			\
@@ -687,7 +687,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/freeimage-CVE-2016-5684.patch		\
   %D%/packages/patches/freeimage-fix-build-with-gcc-5.patch	\
   %D%/packages/patches/freeimage-unbundle.patch		\
-  %D%/packages/patches/freetype-CVE-2018-6942.patch		\
   %D%/packages/patches/fuse-overlapping-headers.patch				\
   %D%/packages/patches/gawk-shell.patch				\
   %D%/packages/patches/gcc-arm-bug-71399.patch			\
@@ -698,6 +697,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/gcc-4.8-libsanitizer-fix.patch		\
   %D%/packages/patches/gcc-4.9-libsanitizer-fix.patch		\
   %D%/packages/patches/gcc-libsanitizer-fix.patch		\
+  %D%/packages/patches/gcc-libsanitizer-ustat.patch		\
   %D%/packages/patches/gcc-libvtv-runpath.patch			\
   %D%/packages/patches/gcc-strmov-store-file-names.patch	\
   %D%/packages/patches/gcc-4-compile-with-gcc-5.patch		 \
@@ -716,6 +716,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/gd-CVE-2018-5711.patch			\
   %D%/packages/patches/gd-fix-tests-on-i686.patch		\
   %D%/packages/patches/gd-freetype-test-failure.patch		\
+  %D%/packages/patches/gdb-python-3.7.patch			\
   %D%/packages/patches/gdm-CVE-2018-14424.patch			\
   %D%/packages/patches/gemma-intel-compat.patch			\
   %D%/packages/patches/geoclue-config.patch			\
@@ -748,6 +749,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/glibc-vectorized-strcspn-guards.patch	\
   %D%/packages/patches/glibc-versioned-locpath.patch		\
   %D%/packages/patches/glibc-2.27-git-fixes.patch		\
+  %D%/packages/patches/glibc-2.28-git-fixes.patch		\
   %D%/packages/patches/glusterfs-use-PATH-instead-of-hardcodes.patch		\
   %D%/packages/patches/glog-gcc-5-demangling.patch		\
   %D%/packages/patches/gmp-arm-asm-nothumb.patch		\
@@ -823,7 +825,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/java-xerces-bootclasspath.patch	\
   %D%/packages/patches/java-xerces-build_dont_unzip.patch	\
   %D%/packages/patches/java-xerces-xjavac_taskdef.patch	\
-  %D%/packages/patches/jemalloc-arm-address-bits.patch		\
   %D%/packages/patches/jbig2dec-ignore-testtest.patch		\
   %D%/packages/patches/json-glib-fix-tests-32bit.patch		\
   %D%/packages/patches/jq-CVE-2015-8863.patch			\
@@ -868,12 +869,12 @@ dist_patch_DATA =						\
   %D%/packages/patches/libevent-2.1-skip-failing-test.patch	\
   %D%/packages/patches/libexif-CVE-2016-6328.patch		\
   %D%/packages/patches/libexif-CVE-2017-7544.patch		\
+  %D%/packages/patches/libgcrypt-make-yat2m-reproducible.patch	\
   %D%/packages/patches/libgit2-mtime-0.patch			\
   %D%/packages/patches/libgdata-fix-tests.patch			\
   %D%/packages/patches/libgdata-glib-duplicate-tests.patch	\
   %D%/packages/patches/libgnome-encoding.patch			\
   %D%/packages/patches/libgnomeui-utf8.patch			\
-  %D%/packages/patches/libgpg-error-aarch64-logging-fix.patch	\
   %D%/packages/patches/libgxps-CVE-2017-11590.patch		\
   %D%/packages/patches/libffi-3.2.1-complex-alpha.patch		\
   %D%/packages/patches/libjxr-fix-function-signature.patch	\
@@ -934,7 +935,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/mailutils-uninitialized-memory.patch	\
   %D%/packages/patches/make-glibc-compat.patch			\
   %D%/packages/patches/make-impure-dirs.patch			\
-  %D%/packages/patches/mariadb-gcc-ice.patch			\
   %D%/packages/patches/mariadb-client-test-32bit.patch		\
   %D%/packages/patches/mars-install.patch			\
   %D%/packages/patches/mars-sfml-2.3.patch			\
@@ -967,6 +967,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/mupen64plus-video-z64-glew-correct-path.patch    \
   %D%/packages/patches/mutt-store-references.patch		\
   %D%/packages/patches/myrepos-CVE-2018-7032.patch		\
+  %D%/packages/patches/m4-gnulib-libio.patch			\
   %D%/packages/patches/net-tools-bitrot.patch			\
   %D%/packages/patches/netcdf-date-time.patch			\
   %D%/packages/patches/netcdf-tst_h_par.patch			\
@@ -1013,9 +1014,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/patchelf-rework-for-arm.patch		\
   %D%/packages/patches/patchutils-xfail-gendiff-tests.patch	\
   %D%/packages/patches/patch-hurd-path-max.patch		\
-  %D%/packages/patches/perf-gcc-ice.patch			\
-  %D%/packages/patches/perl-archive-tar-CVE-2018-12015.patch	\
-  %D%/packages/patches/perl-file-path-CVE-2017-6512.patch	\
   %D%/packages/patches/perl-autosplit-default-time.patch	\
   %D%/packages/patches/perl-deterministic-ordering.patch	\
   %D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \
@@ -1154,6 +1152,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/tcsh-fix-out-of-bounds-read.patch	\
   %D%/packages/patches/teensy-loader-cli-help.patch		\
   %D%/packages/patches/teeworlds-use-latest-wavpack.patch	\
+  %D%/packages/patches/texinfo-perl-compat.patch		\
   %D%/packages/patches/texi2html-document-encoding.patch	\
   %D%/packages/patches/texi2html-i18n.patch			\
   %D%/packages/patches/thefuck-test-environ.patch		\
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index 4065af0abc..3a1186673e 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -102,6 +102,15 @@ command-line arguments, multiple languages, and so on.")
    (arguments
     `(#:phases
       (modify-phases %standard-phases
+        (add-before 'check 'disable-failing-tests
+          (lambda _
+            ;; These tests are expected to fail due to a glibc bug which has
+            ;; been fixed in 2.28, so they are unexpectedly passing.  They
+            ;; should be fixed for grep versions > 3.1.
+            (substitute* "tests/Makefile.in"
+              (("^[[:blank:]]+backref-alt[[:blank:]]+\\\\") "\\")
+              (("^[[:blank:]]+triple-backref[[:blank:]]+\\\\") "\\"))
+            #t))
         (add-after 'install 'fix-egrep-and-fgrep
           ;; Patch 'egrep' and 'fgrep' to execute 'grep' via its
           ;; absolute file name instead of searching for it in $PATH.
@@ -289,7 +298,9 @@ interactive means to merge two files.")
              (base32
               "178nn4dl7wbcw499czikirnkniwnx36argdnqgz4ik9i6zvwkm6y"))
             (patches (search-patches
+                      "findutils-gnulib-libio.patch"
                       "findutils-localstatedir.patch"
+                      "findutils-makedev.patch"
                       "findutils-test-xargs.patch"))
             (modules '((guix build utils)))
             (snippet
@@ -326,14 +337,14 @@ used to apply commands with arbitrarily long arguments.")
 (define-public coreutils
   (package
    (name "coreutils")
-   (version "8.29")
+   (version "8.30")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/coreutils/coreutils-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "0plm1zs9il6bb5mk881qvbghq4glc8ybbgakk2lfzb0w64fgml4j"))))
+              "0mxhw43d4wpqmvg0l4znk1vm10fy92biyh90lzdnqjcic2lb6cg8"))))
    (build-system gnu-build-system)
    (inputs `(("acl"  ,acl)                        ; TODO: add SELinux
              ("gmp"  ,gmp)                        ;bignums in 'expr', yay!
@@ -364,7 +375,17 @@ used to apply commands with arbitrarily long arguments.")
                      (substitute* (find-files "gnulib-tests" "\\.c$")
                        (("/bin/sh") (which "sh")))
                      (substitute* (find-files "tests" "\\.sh$")
-                       (("#!/bin/sh") (which "sh")))
+                       (("#!/bin/sh") (string-append "#!" (which "sh"))))
+                     #t))
+                 (add-before 'check 'disable-broken-test
+                   (lambda _
+                     ;; This test hits the 127 character shebang limit in the build
+                     ;; environment due to the way "env -S" splits arguments into
+                     ;; shebangs.  Note that "env-S-script.sh" works around this
+                     ;; specific issue, but "env-S.pl" is not adjusted for build
+                     ;; environments with long prefixes (/tmp/guix-build-...).
+                     (substitute* "Makefile"
+                       (("^.*tests/misc/env-S.pl.*$") ""))
                      #t)))
 
       ;; Work around a cross-compilation bug whereby libcoreutils.a would
@@ -435,14 +456,14 @@ change.  GNU make offers many powerful extensions over the standard utility.")
 (define-public binutils
   (package
    (name "binutils")
-   (version "2.30")
+   (version "2.31.1")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/binutils/binutils-"
                                 version ".tar.bz2"))
             (sha256
              (base32
-              "028cklfqaab24glva1ks2aqa1zxa6w6xmc8q34zs1sb7h22dxspg"))
+              "1l34hn1zkmhr1wcrgf0d4z7r3najxnw3cx2y2fk7v55zjlk3ik7z"))
             (patches (search-patches "binutils-loongson-workaround.patch"))))
    (build-system gnu-build-system)
 
@@ -480,17 +501,6 @@ included.")
    (license gpl3+)
    (home-page "https://www.gnu.org/software/binutils/")))
 
-(define-public binutils/fixed
-  ;; TODO: Incorporate this in binutils during the next rebuild cycle.
-  (hidden-package
-   (package
-     (inherit binutils)
-     (source (origin
-               (inherit (package-source binutils))
-               (patches (append (origin-patches (package-source binutils))
-                                (search-patches
-                                 "binutils-aarch64-symbol-relocation.patch"))))))))
-
 (define* (make-ld-wrapper name #:key
                           (target (const #f))
                           binutils
@@ -572,13 +582,13 @@ store.")
    (name "glibc")
    ;; Note: Always use a dot after the minor version since various places rely
    ;; on "version-major+minor" to determine where locales are found.
-   (version "2.27")
+   (version "2.28")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz"))
             (sha256
              (base32
-              "0wpwq7gsm7sd6ysidv0z575ckqdg13cr2njyfgrbgh4f65adwwji"))
+              "10iha5ynvdj5m62vgpgqbq4cwvc2yhyl2w9yyyjgfxmdmx8h145i"))
             (snippet
              ;; Disable 'ldconfig' and /etc/ld.so.cache.  The latter is
              ;; required on LFS distros to avoid loading the distro's libc.so
@@ -590,7 +600,7 @@ store.")
                 #t))
             (modules '((guix build utils)))
             (patches (search-patches "glibc-ldd-x86_64.patch"
-                                     "glibc-2.27-git-fixes.patch"
+                                     "glibc-2.28-git-fixes.patch"
                                      "glibc-hidden-visibility-ldconfig.patch"
                                      "glibc-versioned-locpath.patch"
                                      "glibc-allow-kernel-2.6.32.patch"
@@ -873,25 +883,25 @@ GLIBC/HURD for a Hurd host"
 (define-syntax glibc
   (identifier-syntax (glibc-for-target)))
 
-;; The "next" libc.  Useful for populating locale data before reconfiguring the
-;; entire system on it.  Will be the default in the next rebuild cycle.
-(define-public glibc-2.28
+;; Below are old libc versions, which we use mostly to build locale data in
+;; the old format (which the new libc cannot cope with.)
+
+(define-public glibc-2.27
   (package
     (inherit glibc)
-    (version "2.28")
+    (version "2.27")
     (source (origin
               (inherit (package-source glibc))
               (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz"))
               (sha256
                (base32
-                "10iha5ynvdj5m62vgpgqbq4cwvc2yhyl2w9yyyjgfxmdmx8h145i"))
-              (patches (search-patches "glibc-allow-kernel-2.6.32.patch"
-                                       "glibc-ldd-x86_64.patch"
+                "0wpwq7gsm7sd6ysidv0z575ckqdg13cr2njyfgrbgh4f65adwwji"))
+              (patches (search-patches "glibc-ldd-x86_64.patch"
+                                       "glibc-2.27-git-fixes.patch"
                                        "glibc-hidden-visibility-ldconfig.patch"
-                                       "glibc-versioned-locpath.patch"))))))
-
-;; Below are old libc versions, which we use mostly to build locale data in
-;; the old format (which the new libc cannot cope with.)
+                                       "glibc-versioned-locpath.patch"
+                                       "glibc-allow-kernel-2.6.32.patch"
+                                       "glibc-reinstate-prlimit64-fallback.patch"))))))
 
 (define-public glibc-2.26
   (package
diff --git a/gnu/packages/bash.scm b/gnu/packages/bash.scm
index 64f7782f58..46cb13048d 100644
--- a/gnu/packages/bash.scm
+++ b/gnu/packages/bash.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2015, 2018 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015, 2017 Leo Famulari <leo@famulari.name>
-;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017, 2018 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -79,7 +79,11 @@
    (16 "1cgi1y6mifm8hsgv4avj5ih76535js3qba1sqwbfvp7si76927sh")
    (17 "0w6jpj2giakji1ir83rpkx1y7n7xqppah3j748m6dm38hywr0gvp")
    (18 "1k58h4wxbsg7r4rwhrvzx5hfbapba2nxjysbhh6qp6ki5ys99i2v")
-   (19 "07n1i5610lbs672x1s8g82qn3qfj06s0ip3z80sri0g8vxp0s5r7")))
+   (19 "07n1i5610lbs672x1s8g82qn3qfj06s0ip3z80sri0g8vxp0s5r7")
+   (20 "0b2jk5n1af1vh590qfc52hv65mafb4vl1xv26s8j5a3byb5y4h0q")
+   (21 "1hblcd2xmqqlp0idnavw66570n7m0yv5rbbr873c2gkn982mk3xx")
+   (22 "0yfbjzr79vzjs2hyi5m8iy2b38fq7vikdfa4zqdvjsp36q4iycs5")
+   (23 "1dlism6qdx60nvzj0v7ndr7lfahl4a8zmzckp13hqgdx7xpj7v2g")))
 
 (define (download-patches store count)
   "Download COUNT Bash patches into store.  Return a list of
diff --git a/gnu/packages/bdw-gc.scm b/gnu/packages/bdw-gc.scm
index eba30217da..c7491f845f 100644
--- a/gnu/packages/bdw-gc.scm
+++ b/gnu/packages/bdw-gc.scm
@@ -30,14 +30,14 @@
 (define-public libgc
   (package
    (name "libgc")
-   (version "7.6.4")
+   (version "7.6.6")
    (source (origin
             (method url-fetch)
-            (uri (string-append "http://www.hboehm.info/gc/gc_source/gc-"
-                                version ".tar.gz"))
+            (uri (string-append "https://github.com/ivmai/bdwgc/releases"
+                                "/download/v" version "/gc-" version ".tar.gz"))
             (sha256
              (base32
-              "076dzsqqyxd3nlzs0z277vvhqjp8nv5dqi763s0m90zr6ljiyk5r"))))
+              "1p1r015a7jbpvkkbgzv1y8nxrbbp6dg0mq3ksi6ji0qdz3wfss79"))))
    (build-system gnu-build-system)
    (arguments
     `(#:configure-flags
@@ -91,7 +91,7 @@ C or C++ programs, though that is not its primary goal.")
 (define-public libatomic-ops
   (package
     (name "libatomic-ops")
-    (version "7.6.4")
+    (version "7.6.6")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -99,7 +99,7 @@ C or C++ programs, though that is not its primary goal.")
                     version "/libatomic_ops-" version ".tar.gz"))
               (sha256
                (base32
-                "0knxncsjhbknlyy6lx7ycxhpzfk3sykhvicgxyp0rmsxd1d3v0jv"))))
+                "0x7071z707msvyrv9dmgahd1sghbkw8fpbagvcag6xs8yp2spzlr"))))
     (build-system gnu-build-system)
     (outputs '("out" "debug"))
     (synopsis "Accessing hardware atomic memory update operations")
diff --git a/gnu/packages/bison.scm b/gnu/packages/bison.scm
index 09c6481a16..71de47762d 100644
--- a/gnu/packages/bison.scm
+++ b/gnu/packages/bison.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -29,7 +30,7 @@
 (define-public bison
   (package
     (name "bison")
-    (version "3.0.4")
+    (version "3.0.5")
     (source
      (origin
       (method url-fetch)
@@ -37,10 +38,10 @@
                           version ".tar.xz"))
       (sha256
        (base32
-        "1qbgf6q1n2z17k8g33444m0q68kf3fbiq65q7jlrzpvvj73jh957"))))
+        "0f7kjygrckkx8vas2nm673592jif0a9mw5g8207f6hj6h4pfyp07"))))
     (build-system gnu-build-system)
     (native-inputs `(("perl" ,perl)
-                     ;; m4 is not present in PATH when cross-building
+                     ;; m4 is not present in PATH when cross-building.
                      ("m4" ,m4)))
     (inputs `(("flex" ,flex)))
     (propagated-inputs `(("m4" ,m4)))
@@ -52,15 +53,3 @@ deterministic or generalized LR parser from an annotated, context-free
 grammar.  It is versatile enough to have many applications, from parsers for
 simple tools through complex programming languages.")
     (license gpl3+)))
-
-(define-public bison-2.7
-  (package (inherit bison)
-    (version "2.7")
-    (source
-     (origin
-      (method url-fetch)
-      (uri (string-append "mirror://gnu/bison/bison-"
-                          version ".tar.xz"))
-      (sha256
-       (base32
-        "1zd77ilmpv5mi3kr55jrj6ncqlcnyhpianhrwzak2q28cv2cbn23"))))))
diff --git a/gnu/packages/boost.scm b/gnu/packages/boost.scm
index cf70a29775..d1b359b2cb 100644
--- a/gnu/packages/boost.scm
+++ b/gnu/packages/boost.scm
@@ -43,7 +43,7 @@
 (define-public boost
   (package
     (name "boost")
-    (version "1.66.0")
+    (version "1.68.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -52,7 +52,7 @@
                     ".tar.bz2"))
               (sha256
                (base32
-                "1aaw48cmimsskzgiclwn0iifp62a5iw9cbqrhfari876af1828ap"))
+                "1dyqsr9yb01y0nnjdq9b8q5s2kvhxbayk34832k5cpzn7jy30qbz"))
               (patches (search-patches "boost-fix-icu-build.patch"))))
     (build-system gnu-build-system)
     (inputs `(("icu4c" ,icu4c)
@@ -78,7 +78,6 @@
                    (out (assoc-ref outputs "out")))
                (substitute* '("libs/config/configure"
                               "libs/spirit/classic/phoenix/test/runtest.sh"
-                              "tools/build/doc/bjam.qbk"
                               "tools/build/src/engine/execunix.c"
                               "tools/build/src/engine/Jambase"
                               "tools/build/src/engine/jambase.c")
@@ -100,7 +99,18 @@
                     make-flags)))
          (replace 'install
            (lambda* (#:key make-flags #:allow-other-keys)
-             (apply invoke "./b2" "install" make-flags))))))
+             (apply invoke "./b2" "install" make-flags)))
+         (add-after 'install 'provide-libboost_python
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               ;; Boost can build support for both Python 2 and Python 3 since
+               ;; version 1.67.0, and suffixes each library with the Python
+               ;; version.  Many consumers only check for libboost_python
+               ;; however, so we provide it here as suggested in
+               ;; <https://github.com/boostorg/python/issues/203>.
+               (with-directory-excursion (string-append out "/lib")
+                 (symlink "libboost_python27.so" "libboost_python.so"))
+               #t))))))
 
     (home-page "https://www.boost.org")
     (synopsis "Peer-reviewed portable C++ source libraries")
diff --git a/gnu/packages/build-tools.scm b/gnu/packages/build-tools.scm
index 4fc2d5acf7..1c9b41ef5b 100644
--- a/gnu/packages/build-tools.scm
+++ b/gnu/packages/build-tools.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017, 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Corentin Bocquillon <corentin@nybble.fr>
 ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Fis Trivial <ybbs.daans@hotmail.com>
diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm
index 17a69bcd1c..ddd532528f 100644
--- a/gnu/packages/check.scm
+++ b/gnu/packages/check.scm
@@ -619,14 +619,14 @@ standard library.")
 (define-public python-pytest
   (package
     (name "python-pytest")
-    (version "3.5.0")
+    (version "3.7.2")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "pytest" version))
        (sha256
         (base32
-         "1q832zd07zak2lyxbycxjydh0jp7y3hvawjqzlvra6aghz8r3r7s"))))
+         "00jv750alrj62r586hcmvpqlmkqszqfm1x7n6qnqacjmmlis2n9l"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -642,9 +642,11 @@ standard library.")
                 (string-append "@pytest.mark.skip"
                                "(reason=\"Assumes that /usr exists.\")\n    "
                                line)))
-             #t)))))
+             #t))
+         (replace 'check (lambda _ (invoke "pytest" "-vv"))))))
     (propagated-inputs
-     `(("python-attrs" ,python-attrs-bootstrap)
+     `(("python-atomicwrites" ,python-atomicwrites)
+       ("python-attrs" ,python-attrs-bootstrap)
        ("python-more-itertools" ,python-more-itertools)
        ("python-pluggy" ,python-pluggy)
        ("python-py" ,python-py)
@@ -655,6 +657,7 @@ standard library.")
        ("python-hypothesis" ,python-hypothesis)
        ("python-nose" ,python-nose)
        ("python-mock" ,python-mock)
+       ("python-pytest" ,python-pytest-bootstrap)
        ("python-setuptools-scm" ,python-setuptools-scm)))
     (home-page "http://pytest.org")
     (synopsis "Python testing library")
@@ -672,6 +675,7 @@ and many external plugins.")
       (inherit pytest)
       (propagated-inputs
        `(("python2-funcsigs" ,python2-funcsigs)
+         ("python2-pathlib2" ,python2-pathlib2)
          ,@(package-propagated-inputs pytest))))))
 
 (define-public python-pytest-bootstrap
@@ -688,19 +692,20 @@ and many external plugins.")
     (package (inherit pytest)
              (propagated-inputs
               `(("python2-funcsigs" ,python2-funcsigs-bootstrap)
+                ("python2-pathlib2" ,python2-pathlib2-bootstrap)
                 ,@(package-propagated-inputs pytest))))))
 
 (define-public python-pytest-cov
   (package
     (name "python-pytest-cov")
-    (version "2.4.0")
+    (version "2.5.1")
     (source
       (origin
         (method url-fetch)
         (uri (pypi-uri "pytest-cov" version))
         (sha256
          (base32
-          "03c2qc42r4bczyw93gd7n0qi1h1jfhw7fnbhi33c3vp1hs81gm2k"))))
+          "0bbfpwdh9k3636bxc88vz9fa7vf4akchgn513ql1vd0xy4n7bah3"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -729,26 +734,15 @@ supports coverage of subprocesses.")
 (define-public python-pytest-runner
   (package
     (name "python-pytest-runner")
-    (version "2.11.1")
+    (version "4.2")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "pytest-runner" version))
        (sha256
         (base32
-         "1cw978kqqcq916b9gfns1qjqvg33c5ail5jhw9054dsynkm32flq"))))
+         "1gkpyphawxz38ni1gdq1fmwyqcg02m7ypzqvv46z06crwdxi2gyj"))))
     (build-system python-build-system)
-    (arguments
-     `(#:phases
-       (modify-phases %standard-phases
-         ;; The fancy way of setting the version with setuptools_scm does not
-         ;; seem to work here.
-         (add-after 'unpack 'set-version
-          (lambda _
-            (substitute* "docs/conf.py"
-              (("version = setuptools_scm\\.get_version\\(root='\\.\\.')")
-               (string-append "version = \"" ,version "\"")))
-            #t)))))
     (native-inputs
      `(("python-pytest" ,python-pytest-bootstrap)
        ("python-setuptools-scm" ,python-setuptools-scm)))
@@ -765,14 +759,14 @@ supports coverage of subprocesses.")
 (define-public python-pytest-mock
   (package
     (name "python-pytest-mock")
-    (version "1.6.3")
+    (version "1.10.0")
     (source
       (origin
         (method url-fetch)
         (uri (pypi-uri "pytest-mock" version))
         (sha256
          (base32
-          "075v7b2wm5f839r1a30n21wfk5rfqp3d05q7zb9jlb2wmxki23cj"))))
+          "1h6lgpmsvs9s8j2s80v06f9f3iaw1n1rc51mbrxk1f12sw4q56nq"))))
     (build-system python-build-system)
     (native-inputs
      `(("python-setuptools-scm" ,python-setuptools-scm)))
@@ -1421,13 +1415,13 @@ normally the case.")
 (define-public python-hypothesis
   (package
     (name "python-hypothesis")
-    (version "3.52.0")
+    (version "3.68.2")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "hypothesis" version))
               (sha256
                (base32
-                "0g54cypfi5qj6cgxfr7l1nb41r1cqhhngx4qxn4ga9h720rcsbr8"))))
+                "15wlbdy148h3z0ckylf7zkszrfnnk254a6ld3qaf37lkf7hyp4r0"))))
     (build-system python-build-system)
     (native-inputs
      `(("python-flake8" ,python-flake8)
diff --git a/gnu/packages/cmake.scm b/gnu/packages/cmake.scm
index 06b1cab82c..03bce8b68d 100644
--- a/gnu/packages/cmake.scm
+++ b/gnu/packages/cmake.scm
@@ -7,6 +7,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -43,7 +44,7 @@
 (define-public cmake
   (package
     (name "cmake")
-    (version "3.11.0")
+    (version "3.12.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.cmake.org/files/v"
@@ -51,7 +52,7 @@
                                   "/cmake-" version ".tar.gz"))
               (sha256
                (base32
-                "0sv5k9q6braa8hhw0y3w19avqn0xn5czv5jf5fz5blnlf7ivw4y3"))
+                "1ckswlaid3p2is1a80fmr4hgwpfsiif66giyx1z9ayhxx0n5qgf5"))
               (modules '((guix build utils)))
               (snippet
                '(begin
@@ -86,6 +87,13 @@
            " --exclude-regex ^\\(" (string-join skipped-tests "\\|") "\\)$")))
        #:phases
        (modify-phases %standard-phases
+         (add-after 'unpack 'split-package
+           ;; Remove files that have been packaged in other package recipes.
+           (lambda _
+             (delete-file "Auxiliary/cmake-mode.el")
+             (substitute* "Auxiliary/CMakeLists.txt"
+               ((".*cmake-mode.el.*") ""))
+             #t))
          (add-before 'configure 'patch-bin-sh
            (lambda _
              ;; Replace "/bin/sh" by the right path in... a lot of
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 8104b9d55c..ac8c1fdbc0 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -85,6 +85,7 @@
        (base32
         "18dighcs333gsvajvvgqp8l4cx7h1x7yx9gd5xacnk80spyykrf3"))))
     (build-system gnu-build-system)
+    (outputs '("out" "static"))
     (arguments
      `(#:phases
        (modify-phases %standard-phases
@@ -99,7 +100,15 @@
                      `((setenv "CHOST" ,(%current-target-system)))
                      '())
                (invoke "./configure"
-                       (string-append "--prefix=" out))))))))
+                       (string-append "--prefix=" out)))))
+         (add-after 'install 'move-static-library
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out"))
+                   (static (assoc-ref outputs "static")))
+               (with-directory-excursion (string-append out "/lib")
+                 (install-file "libz.a" (string-append static "/lib"))
+                 (delete-file "libz.a")
+                 #t)))))))
     (home-page "https://zlib.net/")
     (synopsis "Compression library")
     (description
@@ -216,6 +225,21 @@ adding and extracting files to/from a tar archive.")
     '(#:tests? #f
       #:phases
       (modify-phases %standard-phases
+        (add-after 'unpack 'patch-for-glibc-2.28
+          (lambda _
+            ;; Adjust the bundled gnulib to work with glibc 2.28.  See e.g.
+            ;; "m4-gnulib-libio.patch".  This is a phase rather than patch
+            ;; or snippet to work around <https://bugs.gnu.org/32347>.
+            (substitute* (find-files "lib" "\\.c$")
+              (("#if defined _IO_ftrylockfile")
+               "#if defined _IO_EOF_SEEN"))
+            (substitute* "lib/stdio-impl.h"
+              (("^/\\* BSD stdio derived implementations")
+               (string-append "#if !defined _IO_IN_BACKUP && defined _IO_EOF_SEEN\n"
+                              "# define _IO_IN_BACKUP 0x100\n"
+                              "#endif\n\n"
+                              "/* BSD stdio derived implementations")))
+            #t))
         (add-after 'unpack 'use-absolute-name-of-gzip
           (lambda* (#:key outputs #:allow-other-keys)
             (substitute* "gunzip.in"
@@ -248,6 +272,7 @@ file; as a result, it is often used in conjunction with \"tar\", resulting in
     (arguments
      `(#:modules ((guix build gnu-build-system)
                   (guix build utils)
+                  (ice-9 ftw)
                   (srfi srfi-1))
        #:phases
        (modify-phases %standard-phases
@@ -276,25 +301,32 @@ file; as a result, it is often used in conjunction with \"tar\", resulting in
              ;; it create all the (un)versioned symlinks, so we handle it here.
              (let* ((out    (assoc-ref outputs "out"))
                     (libdir (string-append out "/lib"))
-                    ;; Find the actual library (e.g. "libbz2.so.1.0.6").
-                    (lib (string-drop
-                          (car (find-files
-                                "."
-                                (lambda (file stat)
-                                  (and (string-prefix? "./libbz2.so" file)
-                                       (eq? 'regular (stat:type stat))))))
-                          2))
-                    (soversion (string-drop lib (string-length "libbz2.so."))))
+                    (soname "libbz2.so")
+                    ;; Locate the built library (e.g. "libbz2.so.1.0.6").
+                    (lib (car (scandir "."
+                                       (lambda (file)
+                                         (and (string-prefix? soname file)
+                                              (eq? 'regular
+                                                   (stat:type (lstat file))))))))
+                    (soversion (string-drop lib (+ 1 (string-length soname)))))
                (install-file lib libdir)
                (with-directory-excursion libdir
                  ;; Create symlinks libbz2.so.1 -> libbz2.so.1.0, etc.
-                 (let loop ((base "libbz2.so")
+                 (let loop ((base soname)
                             (numbers (string-split soversion #\.)))
                    (unless (null? numbers)
                      (let ((so-file (string-append base "." (car numbers))))
                        (symlink so-file base)
                        (loop so-file (cdr numbers))))))
                #t)))
+         (add-after 'install-shared-lib 'move-static-lib
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out"))
+                   (static (assoc-ref outputs "static")))
+               (with-directory-excursion (string-append out "/lib")
+                 (install-file "libbz2.a" (string-append static "/lib"))
+                 (delete-file "libbz2.a")
+                 #t))))
          (add-after 'install-shared-lib 'patch-scripts
            (lambda* (#:key outputs inputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out")))
@@ -309,6 +341,7 @@ file; as a result, it is often used in conjunction with \"tar\", resulting in
        ,@(if (%current-target-system)
              '(#:tests? #f)
              '())))
+    (outputs '("out" "static"))
     (synopsis "High-quality data compression program")
     (description
      "bzip2 is a freely available, patent free (see below), high-quality data
@@ -376,7 +409,7 @@ compressed with pbzip2 can be decompressed with bzip2).")
 (define-public xz
   (package
    (name "xz")
-   (version "5.2.3")
+   (version "5.2.4")
    (source (origin
             (method url-fetch)
             (uri (list (string-append "http://tukaani.org/xz/xz-" version
@@ -385,7 +418,7 @@ compressed with pbzip2 can be decompressed with bzip2).")
                                       version ".tar.gz")))
             (sha256
              (base32
-              "1jr8pxnz55ifc8cvp3ivgl79ph9iik5aypsc9cma228aglsqp4ki"))))
+              "0ibi2zsfaz6l756spjwc5rayf4ckgc9hwmy8qinppcyk4svz64mm"))))
    (build-system gnu-build-system)
    (synopsis "General-purpose data compression")
    (description
diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index 3150c25019..b4034dfad8 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -53,7 +53,7 @@
 (define-public cups-filters
   (package
     (name "cups-filters")
-    (version "1.20.1")
+    (version "1.21.0")
     (source(origin
               (method url-fetch)
               (uri
@@ -61,7 +61,7 @@
                               "cups-filters-" version ".tar.xz"))
               (sha256
                (base32
-                "0qix1whz5n4ijnl6d44f1v8nzkpv99wqjyrby8vx6xnpskw5hsxk"))
+                "0fs90xx9i4h8gbpligf5kkh21llv4kf5g3bgfbx4z272xkm7bsfi"))
               (modules '((guix build utils)))
               (snippet
                ;; install backends, banners and filters to cups-filters output
@@ -176,8 +176,7 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
 (define-public cups-minimal
   (package
     (name "cups-minimal")
-    (replacement cups-minimal-2.2.8)
-    (version "2.2.6")
+    (version "2.2.8")
     (source
      (origin
        (method url-fetch)
@@ -185,7 +184,7 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
                            version "/cups-" version "-source.tar.gz"))
        (sha256
         (base32
-         "16qn41b84xz6khrr2pa2wdwlqxr29rrrkjfi618gbgdkq9w5ff20"))))
+         "1r7r7b3nqpzc1a9dczqpj2mr8rkcwf01676v11sp4j7w4qfzqs1r"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
@@ -237,21 +236,8 @@ describe printer capabilities and features, and a wide variety of generic and
 device-specific programs to convert and print many types of files.")
     (license license:gpl2)))
 
-(define-public cups-minimal-2.2.8
-  (package
-    (inherit cups-minimal)
-    (version "2.2.8")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (string-append "https://github.com/apple/cups/releases/download/v"
-                           version "/cups-" version "-source.tar.gz"))
-       (sha256
-        (base32
-         "1r7r7b3nqpzc1a9dczqpj2mr8rkcwf01676v11sp4j7w4qfzqs1r"))))))
-
 (define-public cups
-  (package/inherit cups-minimal
+  (package (inherit cups-minimal)
     (name "cups")
     (arguments
      `(;; Three tests fail:
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 1907d2dc3d..a0fbd7738a 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -50,15 +50,14 @@
 (define-public curl
   (package
    (name "curl")
-   (version "7.59.0")
-   (replacement curl-7.61.0)
+   (version "7.61.0")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://curl.haxx.se/download/curl-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "1z310hrjm2vmbcpkyp81dcmj9rk127zkjyawpy2pah0nz6yslkp4"))))
+              "080p9r2kln8cbfj0rqfn6wqp5kdn9k5wp720nirkcw845lcmavpg"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"))                             ;1.2 MiB of man3 pages
@@ -85,7 +84,8 @@
            (separator #f)                         ;single entry
            (files '("etc/ssl/certs/ca-certificates.crt")))))
    (arguments
-    `(#:configure-flags '("--with-gnutls" "--with-gssapi")
+    `(#:configure-flags '("--with-gnutls" "--with-gssapi"
+                          "--disable-static")
       ;; Add a phase to patch '/bin/sh' occurances in tests/runtests.pl
       #:phases
       (modify-phases %standard-phases
@@ -141,19 +141,6 @@ tunneling, and so on.")
                                   "See COPYING in the distribution."))
    (home-page "https://curl.haxx.se/")))
 
-(define-public curl-7.61.0
-  (package
-    (inherit curl)
-    (version "7.61.0")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append "https://curl.haxx.se/download/curl-"
-                            version ".tar.xz"))
-        (sha256
-         (base32
-          "080p9r2kln8cbfj0rqfn6wqp5kdn9k5wp720nirkcw845lcmavpg"))))))
-
 (define-public kurly
   (package
     (name "kurly")
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index dc8e52036c..c652f39b12 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -164,14 +164,14 @@ either single machines or networked clusters.")
 (define-public gdbm
   (package
     (name "gdbm")
-    (version "1.14.1")
+    (version "1.18")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnu/gdbm/gdbm-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0pxwz3jlwvglq2mrbxvrjgr8pa0aj73p3v9sxmdlj570zw0gzknd"))))
+                "1kimnv12bzjjhaqk4c8w2j6chdj9c6bg21lchaf7abcyfss2r0mq"))))
     (arguments `(#:configure-flags '("--enable-libgdbm-compat")))
     (build-system gnu-build-system)
     (home-page "http://www.gnu.org.ua/software/gdbm")
@@ -630,8 +630,7 @@ Language.")
               (sha256
                (base32
                 "0k9walaglwmwdwmkq48ir17g98n83vliyyg5wck22rjgxn2xk4cy"))
-              (patches (search-patches "mariadb-gcc-ice.patch"
-                                       "mariadb-client-test-32bit.patch"))
+              (patches (search-patches "mariadb-client-test-32bit.patch"))
               (modules '((guix build utils)))
               (snippet
                '(begin
@@ -1169,7 +1168,7 @@ changes.")
 (define-public sqlite
   (package
    (name "sqlite")
-   (version "3.23.0")
+   (version "3.24.0")
    (source (origin
             (method url-fetch)
             (uri (let ((numeric-version
@@ -1185,7 +1184,7 @@ changes.")
                                   numeric-version ".tar.gz")))
             (sha256
              (base32
-              "0jbf78g3cm5wq77k7sfg8fb6rz44hnp9hs7p5d66fwd000c1lwdp"))))
+              "0jmprv2vpggzhy7ma4ynmv1jzn3pfiwzkld0kkg6hvgvqs44xlfr"))))
    (build-system gnu-build-system)
    (inputs `(("readline" ,readline)))
    (arguments
@@ -2289,7 +2288,7 @@ Database API 2.0T.")
 (define-public python-sqlalchemy
   (package
     (name "python-sqlalchemy")
-    (version "1.0.12")
+    (version "1.2.11")
     (source
      (origin
       (method url-fetch)
@@ -2297,7 +2296,7 @@ Database API 2.0T.")
                           "SQLAlchemy/SQLAlchemy-" version ".tar.gz"))
       (sha256
        (base32
-        "1l8qclhd0s90w3pvwhi5mjxdwr5j7gw7cjka2fx6f2vqmq7f4yb6"))))
+        "094mmbs4igrxplfyqd59j90jb83ixpbbzqc0w49yw81m82nnjrgg"))))
     (build-system python-build-system)
     (native-inputs
      `(("python-cython" ,python-cython) ;for c extensions
@@ -2307,7 +2306,7 @@ Database API 2.0T.")
      `(#:phases
        (modify-phases %standard-phases
          (replace 'check
-           (lambda _ (zero? (system* "py.test")))))))
+           (lambda _ (invoke "py.test"))))))
     (home-page "http://www.sqlalchemy.org")
     (synopsis "Database abstraction library")
     (description
diff --git a/gnu/packages/docbook.scm b/gnu/packages/docbook.scm
index 1c00e56d6d..1e5379b020 100644
--- a/gnu/packages/docbook.scm
+++ b/gnu/packages/docbook.scm
@@ -138,11 +138,15 @@ by no means limited to these applications.)  This package provides XML DTDs.")
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/docbook/docbook-xsl/"
                                   version "/docbook-xsl-" version ".tar.bz2"))
-              ;; Note: If removing all patches, the XZ dependency is no longer needed.
               (patches (search-patches "docbook-xsl-nonrecursive-string-subst.patch"))
               (sha256
                (base32
-                "0s59lihif2fr7rznckxr2kfyrvkirv76r1zvidp9b5mj28p4apvj"))))
+                "0s59lihif2fr7rznckxr2kfyrvkirv76r1zvidp9b5mj28p4apvj"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  (for-each delete-file (find-files "." "\\.jar$"))
+                  #t))))
     (build-system trivial-build-system)
     (arguments
      `(#:builder (let ((name-version (string-append ,name "-" ,version)))
@@ -168,7 +172,7 @@ by no means limited to these applications.)  This package provides XML DTDs.")
                      #t))
        #:modules ((guix build utils))))
     (native-inputs `(("bzip2" ,bzip2)
-                     ("xz" ,xz)
+                     ("xz" ,xz)         ;needed for repacked tarballs
                      ("tar" ,tar)))
     (home-page "http://docbook.org")
     (synopsis "DocBook XSL style sheets for document authoring")
diff --git a/gnu/packages/documentation.scm b/gnu/packages/documentation.scm
index f533535f03..9425df707c 100644
--- a/gnu/packages/documentation.scm
+++ b/gnu/packages/documentation.scm
@@ -139,23 +139,10 @@ markup) can be customized and extended by the user.")
        ("libxml2" ,libxml2) ; provides xmllint for the tests
        ("python" ,python-2))) ; for creating the documentation
     (inputs
-     `(("bash" ,bash-minimal)
-       ,@(if (string-prefix? "armhf-" (%current-system))
-             `(("gcc-ice-patch" ,@(search-patches "doxygen-gcc-ice.patch")))
-             '())))
+     `(("bash" ,bash-minimal)))
     (arguments
      `(#:test-target "tests"
        #:phases (modify-phases %standard-phases
-                  ;; Work around an ICE that shows up on native compiles for
-                  ;; armhf-linux.
-                  ,@(if (string-prefix? "armhf-" (%current-system))
-                        `((add-after 'unpack 'apply-gcc-patch
-                            (lambda* (#:key inputs #:allow-other-keys)
-                              (let ((patch (assoc-ref inputs "gcc-ice-patch")))
-                                (invoke "patch" "-p1" "--force"
-                                        "--input" patch)))))
-                        '())
-
                   (add-before 'configure 'patch-sh
                               (lambda* (#:key inputs #:allow-other-keys)
                                 (substitute* "src/portable.cpp"
diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm
index 0473c519d5..78f0360c2e 100644
--- a/gnu/packages/file.scm
+++ b/gnu/packages/file.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -28,14 +29,14 @@
 (define-public file
   (package
     (name "file")
-    (version "5.32")
+    (version "5.33")
     (source (origin
               (method url-fetch)
               (uri (string-append "ftp://ftp.astron.com/pub/file/file-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0l1bfa0icng9vdwya00ff48fhvjazi5610ylbhl35qi13d6xqfc6"))))
+                "1iipnwjkag7q04zjkaqic41r9nlw0ml6mhqian6qkkbisb1whlhw"))))
    (build-system gnu-build-system)
 
    ;; When cross-compiling, this package depends upon a native install of
diff --git a/gnu/packages/flex.scm b/gnu/packages/flex.scm
index 29c5c92766..e08b0c13db 100644
--- a/gnu/packages/flex.scm
+++ b/gnu/packages/flex.scm
@@ -45,22 +45,10 @@
     (build-system gnu-build-system)
     (inputs
      (let ((bison-for-tests
-            ;; Work around an incompatibility with Bison 3.0:
-            ;; <http://lists.gnu.org/archive/html/bug-bison/2013-09/msg00014.html>.
             (package
               (inherit bison)
-              (version "2.7.1")
-              (source (origin
-                        (method url-fetch)
-                        (uri (string-append
-                              "mirror://gnu/bison/"
-                              "bison-" version ".tar.xz"))
-                        (sha256
-                         (base32
-                          "1yx7isx67sdmyijvihgyra1f59fwdz7sqriginvavfj5yb5ss2dl"))))
-
-              ;; Unlike Bison 3.0, this version did not need Flex for its
-              ;; tests, so it allows us to break the cycle.
+              ;; Disable tests, since they require flex.
+              (arguments '(#:tests? #f))
               (inputs (alist-delete "flex" (package-inputs bison))))))
        `(("bison" ,bison-for-tests)
          ("indent" ,indent))))
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index 30143eba34..69e35cda0e 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -7,6 +7,7 @@
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017 Nils Gillmann <ng0@n0.is>
 ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -54,15 +55,18 @@
 (define-public freetype
   (package
    (name "freetype")
-   (version "2.9")
+   (version "2.9.1")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://savannah/freetype/freetype-"
                                 version ".tar.bz2"))
             (sha256 (base32
-                     "12jcdz1in20yaa55izxalg3hm1pf7nydfrzps5bzb4zgihybmzz6"))
-            (patches (search-patches "freetype-CVE-2018-6942.patch"))))
+                     "0kg8w6qyiizlyzh4a8lpzslipcbv96hcg3rqqpnxba8ffbm8g3fv"))))
    (build-system gnu-build-system)
+   (arguments
+    ;; The use of "freetype-config" is deprecated, but other packages still
+    ;; depend on it.
+    `(#:configure-flags (list "--enable-freetype-config")))
    (native-inputs
     `(("pkg-config" ,pkg-config)))
    (propagated-inputs
@@ -375,7 +379,7 @@ applications should be.")
 (define-public graphite2
   (package
    (name "graphite2")
-   (version "1.3.11")
+   (version "1.3.12")
    (source
      (origin
        (method url-fetch)
@@ -383,7 +387,7 @@ applications should be.")
                            "download/" version "/" name "-" version ".tgz"))
        (sha256
         (base32
-         "0z5dcgh8r3678awq6fb8igik7xmar5m6z9xxwpkkhradhk8jxfds"))))
+         "1l1940d8fz67jm6a0x8cjb5p2dv48cvz3wcskwa83hamd70k15fd"))))
    (build-system cmake-build-system)
    (native-inputs
     `(("python" ,python-2) ; because of "import imap" in tests
@@ -533,7 +537,10 @@ definitions.")
              ("libxml2"         ,libxml2)
              ("pango"           ,pango)
              ("potrace"         ,potrace)
-             ("python"          ,python-wrapper)
+             ;; FIXME: We use Python 2 here because there is a bug in Python
+             ;; 3.7 that is triggered when Py_Main is called after Py_Init, as
+             ;; is done by fontforge.  This will be fixed in Python 3.7.1.
+             ("python"          ,python-2)
              ("zlib"            ,zlib)))
    (arguments
     '(#:phases
diff --git a/gnu/packages/fribidi.scm b/gnu/packages/fribidi.scm
index 0368779240..dfd2a77c20 100644
--- a/gnu/packages/fribidi.scm
+++ b/gnu/packages/fribidi.scm
@@ -27,7 +27,7 @@
 (define-public fribidi
   (package
     (name "fribidi")
-    (version "1.0.2")
+    (version "1.0.5")
     (source
       (origin
         (method url-fetch)
@@ -36,11 +36,8 @@
                         "/download/v" version "/fribidi-" version
                          ".tar.bz2"))
         (sha256
-          (base32 "0aw3i1g96axbr96flw4543dvhb8zlgb0w8314ks6cq2g1i9invdx"))))
+          (base32 "1kp4b1hpx2ky20ixgy2xhj5iygfl7ps5k9kglh1z5i7mhykg4r3a"))))
     (build-system gnu-build-system)
-    (arguments
-     `(#:configure-flags
-       (list "--disable-docs")))        ; TODO: enable; requires c2man
     (synopsis "Implementation of the Unicode bidirectional algorithm")
     (description
      "GNU FriBidi is an implementation of the Unicode Bidirectional
diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index bdff2ddada..2f4198fdea 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -432,6 +432,7 @@ Go.  It also includes runtime support libraries for these languages.")
                (base32
                 "11zd1hgzkli3b2v70qsm2hyqppngd4616qc96lmm9zl2kl9yl32k"))
               (patches (search-patches "gcc-arm-bug-71399.patch"
+                                       "gcc-libsanitizer-ustat.patch"
                                        "gcc-strmov-store-file-names.patch"
                                        "gcc-5.0-libvtv-runpath.patch"
                                        "gcc-5-source-date-epoch-1.patch"
@@ -452,7 +453,8 @@ Go.  It also includes runtime support libraries for these languages.")
                      "$OBJDUMP_FOR_TARGET -T"))
                   #t))))
     (inputs
-     `(("isl" ,isl)
+     `(;; GCC5 needs <isl/band.h> which is removed in later versions.
+       ("isl" ,isl-0.18)
        ,@(package-inputs gcc-4.7)))))
 
 (define-public gcc-6
@@ -832,7 +834,7 @@ as the 'native-search-paths' field."
 (define-public isl
   (package
     (name "isl")
-    (version "0.18")
+    (version "0.19")
     (source (origin
              (method url-fetch)
              (uri (list (string-append
@@ -843,7 +845,7 @@ as the 'native-search-paths' field."
                                        name "-" version ".tar.gz")))
              (sha256
               (base32
-               "06ybml6llhi4i56q90jnimbcgk1lpcdwhy9nxdxra2hxz3bhz2vb"))))
+               "1n4yz9rj24mv226hqbpw210ifvqkn8dgvpnkzf0s0lkq9zrjd5ym"))))
     (build-system gnu-build-system)
     (inputs `(("gmp" ,gmp)))
     (home-page "http://isl.gforge.inria.fr/")
@@ -861,6 +863,20 @@ reduction, transitive closures on maps (which may encode infinite graphs),
 dependence analysis and bounds on piecewise step-polynomials.")
     (license lgpl2.1+)))
 
+(define-public isl-0.18
+  (package
+    (inherit isl)
+    (version "0.18")
+    (source (origin
+              (method url-fetch)
+              (uri (list (string-append "http://isl.gforge.inria.fr/isl-"
+                                        version ".tar.bz2")
+                         (string-append %gcc-infrastructure
+                                        "isl-" version ".tar.gz")))
+              (sha256
+               (base32
+                "06ybml6llhi4i56q90jnimbcgk1lpcdwhy9nxdxra2hxz3bhz2vb"))))))
+
 (define-public isl-0.11
   (package
     (inherit isl)
diff --git a/gnu/packages/gdb.scm b/gnu/packages/gdb.scm
index f0c4c8b804..d7b194685c 100644
--- a/gnu/packages/gdb.scm
+++ b/gnu/packages/gdb.scm
@@ -42,6 +42,7 @@
              (method url-fetch)
              (uri (string-append "mirror://gnu/gdb/gdb-"
                                  version ".tar.xz"))
+             (patches (search-patches "gdb-python-3.7.patch"))
              (sha256
               (base32
                "0g6hv9xk12aa58w77fydaldqr9a6b0a6bnwsq87jfc6lkcbc7p4p"))))
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 1240b1dc16..cd7cd604fd 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -4,7 +4,7 @@
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2013, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
-;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017, 2018 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
@@ -52,7 +52,7 @@
             (sha256 (base32
                      "083xisy6z01zhm7p7rgk4bx9d6zlr8l20qkfv1g29ylnhgwzvij8"))))
    (build-system gnu-build-system)
-   (inputs `(("libjpeg-8" ,libjpeg-8)
+   (inputs `(("libjpeg" ,libjpeg)
              ("libtiff" ,libtiff)
              ("zlib" ,zlib)))
    (synopsis "Little CMS, a small-footprint colour management engine")
@@ -132,7 +132,6 @@ printing, and psresize, for adjusting page sizes.")
 (define-public ghostscript
   (package
     (name "ghostscript")
-    (replacement ghostscript/fixed)
     (version "9.23")
     (source
       (origin
@@ -145,6 +144,7 @@ printing, and psresize, for adjusting page sizes.")
          (base32
           "1ng8d9fm5lza7k1f7ybc791275c07z5hcmpkrl2i226nshkxrkhz"))
         (patches (search-patches "ghostscript-runpath.patch"
+                                 "ghostscript-CVE-2018-10194.patch"
                                  "ghostscript-no-header-creationdate.patch"
                                  "ghostscript-no-header-id.patch"
                                  "ghostscript-no-header-uuid.patch"))
@@ -251,16 +251,6 @@ output file formats and printers.")
     (home-page "https://www.ghostscript.com/")
     (license license:agpl3+)))
 
-(define-public ghostscript/fixed
-  (hidden-package
-    (package
-      (inherit ghostscript)
-      (source
-        (origin
-          (inherit (package-source ghostscript))
-          (patches (append (origin-patches (package-source ghostscript))
-                           (search-patches "ghostscript-CVE-2018-10194.patch"))))))))
-
 (define-public ghostscript/x
   (package/inherit ghostscript
     (name (string-append (package-name ghostscript) "-with-x"))
diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm
index 33b77555b5..2687ece081 100644
--- a/gnu/packages/glib.scm
+++ b/gnu/packages/glib.scm
@@ -80,7 +80,7 @@
 (define dbus
   (package
     (name "dbus")
-    (version "1.12.6")
+    (version "1.12.10")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -88,7 +88,7 @@
                     version ".tar.gz"))
               (sha256
                (base32
-                "05picaq8j60wlwyi84qvw5liw3nd0cws9va3krnc3pms0wm906v2"))
+                "1xywijmgfad4m3cxp0b4l6kvypwc53ckmhwwzbrc6n32jwj3ssab"))
               (patches (search-patches "dbus-helper-search-path.patch"))))
     (build-system gnu-build-system)
     (arguments
@@ -150,7 +150,7 @@ shared NFS home directories.")
 (define glib
   (package
    (name "glib")
-   (version "2.56.0")
+   (version "2.56.2")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/"
@@ -158,7 +158,7 @@ shared NFS home directories.")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "1iqgi90fmpl3l23jm2iv44qp7hqsxvnv7978s18933bvx4bnxvzc"))
+              "12d738n1wpvrn39zvy9xazg5h6vzyiwsw8z1qibcj09mh4bbsjnn"))
             (patches (search-patches "glib-tests-timer.patch"))))
    (build-system gnu-build-system)
    (outputs '("out"           ; everything
@@ -303,14 +303,14 @@ dynamic loading, and an object system.")
 (define gobject-introspection
   (package
     (name "gobject-introspection")
-    (version "1.56.0")
+    (version "1.56.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnome/sources/"
                    "gobject-introspection/" (version-major+minor version)
                    "/gobject-introspection-" version ".tar.xz"))
              (sha256
-              (base32 "1y50pbn5qqbcv2h9rkz96wvv5jls2gma9bkqjq6wapmaszx5jw0d"))
+              (base32 "0jx2kryjd7l0vl5gb3qp1qjfy3cjiizvcd1snsm7pzwrzz67aa2v"))
              (modules '((guix build utils)))
              (snippet
               '(begin
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index c172a6a2be..9e72c7ae39 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -122,6 +122,7 @@
   #:use-module (gnu packages ssh)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages gl)
+  #:use-module (gnu packages graphviz)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages spice)
   #:use-module (gnu packages tex)
@@ -938,14 +939,14 @@ guidelines.")
 (define-public shared-mime-info
   (package
     (name "shared-mime-info")
-    (version "1.8")
+    (version "1.9")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://freedesktop.org/~hadess/"
                                  "shared-mime-info-" version ".tar.xz"))
              (sha256
               (base32
-               "1sc96lv9dp1lkvs8dh3ngm3hbjb274d363dl9avhb61il3qmxx9a"))))
+               "10ywzhzg8v1xmb9sz5xbqaci90id38knswigynyl33i29vn360aw"))))
     (build-system gnu-build-system)
     (arguments
      ;; The build system appears not to be parallel-safe.
@@ -2034,7 +2035,7 @@ passwords in the GNOME keyring.")
 (define-public vala
   (package
     (name "vala")
-    (version "0.36.3")
+    (version "0.40.7")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -2042,7 +2043,7 @@ passwords in the GNOME keyring.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0706izk9prxqclm7gv4f63diwnlc1llvfl5sc9ghqbgn076lx2mc"))))
+                "1v0ak68lrnbb5lyd48j6sxa35vfrii86zmhxdhkdb85k1bv65rmy"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -2050,20 +2051,25 @@ passwords in the GNOME keyring.")
          (add-before 'check 'pre-check
                      (lambda _
                        (setenv "CC" "gcc")
+                       (substitute* "valadoc/tests/testrunner.sh"
+                         (("export PKG_CONFIG_PATH=" m)
+                          (string-append m "$PKG_CONFIG_PATH:")))
                        ;; For missing '/etc/machine-id'.
                        (setenv "DBUS_FATAL_WARNINGS" "0")
-                       #t)))
-       ;; Build the Vala API generator
-       #:configure-flags '("--enable-vapigen")))
+                       #t)))))
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("flex" ,flex)
        ("bison" ,bison)
        ("xsltproc" ,libxslt)
+       ("grep" ,grep)
+       ("sed" ,sed)
        ("dbus" ,dbus)                                     ; for dbus tests
        ("gobject-introspection" ,gobject-introspection))) ; for gir tests
+    (inputs
+     `(("graphviz" ,graphviz)))
     (propagated-inputs
-     `(("glib" ,glib))) ; required by libvala-0.26.pc
+     `(("glib" ,glib))) ; required by libvala-0.40.pc
     (home-page "https://live.gnome.org/Vala/")
     (synopsis "Compiler for the GObject type system")
     (description
@@ -5860,7 +5866,7 @@ is complete it provides a graphical representation of each selected folder.")
 (define-public gnome-backgrounds
   (package
     (name "gnome-backgrounds")
-    (version "3.26.2")
+    (version "3.28.0")
     (source
      (origin
        (method url-fetch)
@@ -5869,8 +5875,8 @@ is complete it provides a graphical representation of each selected folder.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "0kzrh5h0cfby3rhsy31d1w1c0rr3wcc845kv6zibqw1x8v9si2rs"))))
-    (build-system glib-or-gtk-build-system)
+         "1qgim0yhzjgcq172y4vp5hqz4rh1ak38a7pgi6s7dq0wklyrcnxj"))))
+    (build-system meson-build-system)
     (native-inputs
      `(("intltool" ,intltool)))
     (home-page "https://git.gnome.org/browse/gnome-backgrounds")
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index d5fb12650f..1da48bfa66 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -72,7 +72,7 @@
 (define-public libgpg-error
   (package
     (name "libgpg-error")
-    (version "1.28")
+    (version "1.32")
     (source
      (origin
       (method url-fetch)
@@ -80,8 +80,7 @@
                           version ".tar.bz2"))
       (sha256
        (base32
-        "0jfsfnh9bxlxiwxws60yah4ybjw2hshmvqp31pri4m4h8ivrbnry"))
-      (patches (search-patches "libgpg-error-aarch64-logging-fix.patch"))))
+        "1jj08ns4sh1hmafqp1giskvdicdz18la516va26jycy27kkwaif3"))))
     (build-system gnu-build-system)
     (home-page "https://gnupg.org")
     (synopsis "Library of error values for GnuPG components")
@@ -94,32 +93,19 @@ Daemon and possibly more in the future.")
     (properties '((ftp-server . "ftp.gnupg.org")
                   (ftp-directory . "/gcrypt/libgpg-error")))))
 
-;; Some packages (e.g. GPGME) require a newer libgpg-error to deal with
-;; error codes from recent GnuPG.  Remove this in the next rebuild cycle.
-(define-public libgpg-error-1.31
-  (package
-    (inherit libgpg-error)
-    (version "1.31")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "mirror://gnupg/libgpg-error/libgpg-error-"
-                                  version ".tar.bz2"))
-              (sha256
-               (base32
-                "1vx4nw6rxh2biy3h8n96fyr86q29h8gjl6837437i51jr4isil20"))))))
-
 (define-public libgcrypt
   (package
-    (replacement libgcrypt/fixed)
     (name "libgcrypt")
-    (version "1.8.2")
+    (version "1.8.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
                                  version ".tar.bz2"))
              (sha256
               (base32
-               "01sca9m8hm6b5v8hmqsfdjhyz013869p1f0fxw9ln52qfnp4q1n8"))))
+               "0z5gs1khzyknyfjr19k8gk4q148s6q987ya85cpn0iv70fz91v36"))
+             (patches
+              (search-patches "libgcrypt-make-yat2m-reproducible.patch"))))
     (build-system gnu-build-system)
     (propagated-inputs
      `(("libgpg-error-host" ,libgpg-error)))
@@ -145,19 +131,6 @@ generation.")
     (properties '((ftp-server . "ftp.gnupg.org")
                   (ftp-directory . "/gcrypt/libgcrypt")))))
 
-(define libgcrypt/fixed
-  (package
-    (inherit libgcrypt)
-    (name "libgcrypt")
-    (version "1.8.3")
-    (source (origin
-             (method url-fetch)
-             (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
-                                 version ".tar.bz2"))
-             (sha256
-              (base32
-               "0z5gs1khzyknyfjr19k8gk4q148s6q987ya85cpn0iv70fz91v36"))))))
-
 (define-public libassuan
   (package
     (name "libassuan")
@@ -406,7 +379,7 @@ libskba (working with X.509 certificates and CMS data).")
      `(("gnupg" ,gnupg)))
     (propagated-inputs
      ;; Needs to be propagated because gpgme.h includes gpg-error.h.
-     `(("libgpg-error" ,libgpg-error-1.31)))
+     `(("libgpg-error" ,libgpg-error)))
     (inputs
      `(("libassuan" ,libassuan)))
     (home-page "https://www.gnupg.org/related_software/gpgme/")
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index 3dbc84a643..38b65946b8 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -8,7 +8,7 @@
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2015 Andy Wingo <wingo@igalia.com>
 ;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com>
-;;; Copyright © 2015, 2016, 2017, 2018 Ricardo Wurmus <rekado@elephly.net>
+;;; Coypright © 2015, 2016, 2017, 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Fabian Harfert <fhmgufs@web.de>
 ;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
@@ -112,14 +112,14 @@ tools have full access to view and control running applications.")
 (define-public cairo
   (package
    (name "cairo")
-   (version "1.14.10")
+   (version "1.14.12")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://cairographics.org/releases/cairo-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "02banr0wxckq62nbhc3mqidfdh2q956i2r7w2hd9bjgjb238g1vy"))
+              "05mzyxkvsfc1annjw2dja8vka01ampp9pp93lg09j8hba06g144c"))
             (patches (search-patches "cairo-CVE-2016-9082.patch"))))
    (build-system gnu-build-system)
    (propagated-inputs
@@ -178,7 +178,7 @@ affine transformation (scale, rotation, shear, etc.).")
 (define-public harfbuzz
   (package
    (name "harfbuzz")
-   (version "1.7.6")
+   (version "1.8.8")
    (source (origin
              (method url-fetch)
              (uri (string-append "https://www.freedesktop.org/software/"
@@ -186,7 +186,7 @@ affine transformation (scale, rotation, shear, etc.).")
                                  version ".tar.bz2"))
              (sha256
               (base32
-               "16rf7qwgy1gza74v2ws79zdwwb1lpvgz2abwwm8ws9j82cwysyys"))))
+               "1ag3scnm1fcviqgx2p4858y433mr0ndqw6zccnccrqcr9mpcird8"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "bin")) ; 160K, only hb-view depend on cairo
@@ -217,7 +217,7 @@ affine transformation (scale, rotation, shear, etc.).")
 (define-public pango
   (package
    (name "pango")
-   (version "1.42.0")
+   (version "1.42.4")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/pango/"
@@ -225,18 +225,18 @@ affine transformation (scale, rotation, shear, etc.).")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "0illn78nfwpa8y5knh9ir74wa1skc2hi8f3ny19zgpyf7n5dh94r"))))
+              "17bwb7dgbncrfsmchlib03k9n3xaalirb39g3yb43gg8cg6p8aqx"))))
    (build-system gnu-build-system)
    (propagated-inputs
     ;; These are all in Requires or Requires.private of the '.pc' files.
     `(("cairo" ,cairo)
+      ("fribidi" ,fribidi)
       ("fontconfig" ,fontconfig)
       ("freetype" ,freetype)
       ("glib" ,glib)
       ("harfbuzz" ,harfbuzz)))
    (inputs
-    `(("fribidi" ,fribidi)
-      ("zlib" ,zlib)
+    `(("zlib" ,zlib)
 
       ;; Some packages, such as Openbox, expect Pango to be built with the
       ;; optional libxft support.
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index f2a252b8d3..b44db6a6bf 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -228,7 +228,7 @@ without requiring the source code to be rewritten.")
 (define-public guile-2.2
   (package (inherit guile-2.0)
     (name "guile")
-    (version "2.2.3")
+    (version "2.2.4")
     (source (origin
               (method url-fetch)
 
@@ -238,7 +238,7 @@ without requiring the source code to be rewritten.")
                                   ".tar.xz"))
               (sha256
                (base32
-                "11j01agvnci2cx32wwpqs9078856yxmvs15gcsz7ganpkj2ahlw3"))
+                "07p3g0v2ba2vlfbfidqzlgbhnzdx46wh2rgc5gszq1mjyx5bks6r"))
               (modules '((guix build utils)))
 
               ;; Remove the pre-built object files.  Instead, build everything
@@ -287,35 +287,6 @@ without requiring the source code to be rewritten.")
                   (max-silent-time . 36000))))) ;10 hours (needed on ARM
                                                 ;  when heavily loaded)
 
-(define-public guile-2.2.2
-  ;; Keep it so that, when 'guix' runs on 2.2.2, 'guix pull' compiles objects
-  ;; with 2.2.2, thereby avoiding the ABI incompatibility issues described in
-  ;; <https://bugs.gnu.org/29570>.
-  (package
-    (inherit guile-2.2)
-    (version "2.2.2")
-    (source (origin
-              (inherit (package-source guile-2.2))
-              (uri (string-append "mirror://gnu/guile/guile-" version
-                                  ".tar.xz"))
-              (sha256
-               (base32
-                "1azm25zcmxif0skxfrp11d2wc89nrzpjaann9yxdw6pvjxhs948w"))))))
-
-(define-public guile-2.2.4
-  ;; This version contains important bug fixes, in particular wrt. to crashes
-  ;; of multi-threaded code as used by 'guix pull' and grafting.
-  (package
-    (inherit guile-2.2)
-    (version "2.2.4")
-    (source (origin
-              (inherit (package-source guile-2.2))
-              (uri (string-append "mirror://gnu/guile/guile-" version
-                                  ".tar.xz"))
-              (sha256
-               (base32
-                "07p3g0v2ba2vlfbfidqzlgbhnzdx46wh2rgc5gszq1mjyx5bks6r"))))))
-
 (define-public guile-next
   (deprecated-package "guile-next" guile-2.2))
 
diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm
index c4d3703794..cbba9aa42a 100644
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@@ -32,7 +32,7 @@
 (define-public icu4c
   (package
    (name "icu4c")
-   (version "61.1")
+   (version "62.1")
    (source (origin
             (method url-fetch)
             (uri (string-append
@@ -42,7 +42,7 @@
                   (string-map (lambda (x) (if (char=? x #\.) #\_ x)) version)
                   "-src.tgz"))
             (sha256
-             (base32 "1vxgkx0cyvdy00a9yd5khkx14r5kcndkax2wa99klm52x2dgh1yh"))))
+             (base32 "18ssgnwzzpm1g1fvbm9h1fvryiwxvvn5wc3fdakdsl33cs6qdn9x"))))
    (build-system gnu-build-system)
    (inputs
     `(("perl" ,perl)))
@@ -58,7 +58,15 @@
       #:phases
       (modify-phases %standard-phases
         (add-after 'unpack 'chdir-to-source
-          (lambda _ (chdir "source") #t)))))
+          (lambda _ (chdir "source") #t))
+        (add-after 'install 'avoid-coreutils-reference
+          ;; Don't keep a reference to the build tools.
+          (lambda* (#:key outputs #:allow-other-keys)
+            (let ((out (assoc-ref outputs "out")))
+              (substitute* (find-files (string-append out "/lib/icu")
+                                       "\\.inc$")
+                (("INSTALL_CMD=.*/bin/install") "INSTALL_CMD=install"))
+              #t))))))
    (synopsis "International Components for Unicode")
    (description
     "ICU is a set of C/C++ and Java libraries providing Unicode and
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index e50802d24f..d70811bccf 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -253,13 +253,13 @@ files.  It can compress them as much as 40% losslessly.")
 (define-public libjpeg
   (package
    (name "libjpeg")
-   (version "9b")
+   (version "9c")
    (source (origin
             (method url-fetch)
             (uri (string-append "http://www.ijg.org/files/jpegsrc.v"
                    version ".tar.gz"))
             (sha256 (base32
-                     "0lnhpahgdwlrkd41lx6cr90r199f8mc6ydlh7jznj5klvacd63r4"))))
+                     "08kixcf3a7s9x91174abjnk1xbvj4v8crdc73zi4k9h3jfbm00k5"))))
    (build-system gnu-build-system)
    (synopsis "Library for handling JPEG files")
    (description
@@ -393,7 +393,6 @@ extracting icontainer icon files.")
 (define-public libtiff
   (package
    (name "libtiff")
-   (replacement libtiff/fixed)
    (version "4.0.9")
    (source
      (origin
@@ -404,7 +403,9 @@ extracting icontainer icon files.")
         (base32
          "1kfg4q01r4mqn7dj63ifhi6pmqzbf4xax6ni6kkk81ri5kndwyvf"))
        (patches (search-patches "libtiff-CVE-2017-9935.patch"
-                                "libtiff-CVE-2017-18013.patch"))))
+                                "libtiff-CVE-2017-18013.patch"
+                                "libtiff-CVE-2018-8905.patch"
+                                "libtiff-CVE-2018-10963.patch"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"))                           ;1.3 MiB of HTML documentation
@@ -426,17 +427,6 @@ collection of tools for doing simple manipulations of TIFF images.")
                                   "See COPYRIGHT in the distribution."))
    (home-page "http://www.simplesystems.org/libtiff/")))
 
-(define libtiff/fixed
-  (package
-    (inherit libtiff)
-    (source
-      (origin
-        (inherit (package-source libtiff))
-        (patches
-          (append (origin-patches (package-source libtiff))
-                  (search-patches "libtiff-CVE-2018-8905.patch"
-                                  "libtiff-CVE-2018-10963.patch")))))))
-
 (define-public leptonica
   (package
     (name "leptonica")
diff --git a/gnu/packages/inkscape.scm b/gnu/packages/inkscape.scm
index de9940df1c..1673cc602e 100644
--- a/gnu/packages/inkscape.scm
+++ b/gnu/packages/inkscape.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2014, 2016 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2016, 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
@@ -54,7 +54,24 @@
                                   "inkscape-" version ".tar.bz2"))
               (sha256
                (base32
-                "1chng2yw8dsjxc9gf92aqv7plj11cav8ax321wmakmv5bb09cch6"))))
+                "1chng2yw8dsjxc9gf92aqv7plj11cav8ax321wmakmv5bb09cch6"))
+              (patches
+               (list (origin
+                       (method url-fetch)
+                       (uri (string-append "https://gitlab.com/inkscape/inkscape/commit/"
+                                           "a600c6438fef2f4c06f9a4a7d933d99fb054a973.diff"))
+                       (file-name "inkscape-poppler-compat.patch")
+                       (sha256
+                        (base32
+                         "19dam5vsy571xszgjddl5g0958dmcsv0wvgxidp4bhj2lban222i")))
+                     (origin
+                       (method url-fetch)
+                       (uri (string-append "https://gitlab.com/inkscape/inkscape/commit/"
+                                           "fa1c469aa8c005e07bb8676d72af9f7c16fae3e0.diff"))
+                       (file-name "inkscape-poppler-compat2.patch")
+                       (sha256
+                        (base32
+                         "14k9yrfjz4nx3bz9dk91q74mc0i7rvl2qzkwhcy1br71yqjvngn5")))))))
     (build-system cmake-build-system)
     (inputs
      `(("aspell" ,aspell)
diff --git a/gnu/packages/jemalloc.scm b/gnu/packages/jemalloc.scm
index 5086df7a1b..cb870208e4 100644
--- a/gnu/packages/jemalloc.scm
+++ b/gnu/packages/jemalloc.scm
@@ -32,7 +32,7 @@
 (define-public jemalloc
   (package
     (name "jemalloc")
-    (version "5.0.1")
+    (version "5.1.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -40,8 +40,7 @@
                     version "/jemalloc-" version ".tar.bz2"))
               (sha256
                (base32
-                "1sf3lzgb0y8nnyzmp4zrca3sngdxw3kfh20sna9z03jv74fph528"))
-              (patches (search-patches "jemalloc-arm-address-bits.patch"))))
+                "0s3jpcyhzia8d4k0xyc67is78kg416p9yc3c2f9w6fhhqqffd5jk"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
index 22d74d32df..508f9c4bd2 100644
--- a/gnu/packages/kerberos.scm
+++ b/gnu/packages/kerberos.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2012, 2013 Nikita Karetnikov <nikita@karetnikov.org>
 ;;; Copyright © 2012, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -47,7 +48,7 @@
 (define-public mit-krb5
   (package
     (name "mit-krb5")
-    (version "1.16")
+    (version "1.16.1")
     (source (origin
               (method url-fetch)
               (uri (list
@@ -59,7 +60,7 @@
                                    "/krb5-" version ".tar.gz")))
               (sha256
                (base32
-                "024yjr15ij0qdnay0bcqfpclgfri0qa8iw4r5zdlryxhhdgi5szs"))))
+                "05qis9l93hhxaknbp0a2v5cr24fsy52fqx20aqqcgl1s9qwzwkr1"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("bison" ,bison)
@@ -116,7 +117,7 @@ cryptography.")
      '(;; This is required since we patch some of the build scripts.
        ;; Remove for the next Shishi release after 1.0.2 or when
        ;; removing 'shishi-fix-libgcrypt-detection.patch'.
-       #:configure-flags '("ac_cv_libgcrypt=yes")))
+       #:configure-flags '("ac_cv_libgcrypt=yes" "--disable-static")))
     (native-inputs `(("pkg-config" ,pkg-config)))
     (inputs
      `(("gnutls" ,gnutls)
diff --git a/gnu/packages/libbsd.scm b/gnu/packages/libbsd.scm
index 58b0be872c..a616de70bd 100644
--- a/gnu/packages/libbsd.scm
+++ b/gnu/packages/libbsd.scm
@@ -25,14 +25,14 @@
 (define-public libbsd
   (package
     (name "libbsd")
-    (version "0.8.7")
+    (version "0.9.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://libbsd.freedesktop.org/releases/"
                                   "libbsd-" version ".tar.xz"))
               (sha256
                (base32
-                "0c9bl49zs0xdddcwj5dh0lay9sxi2m1yi74848g8p87mb87g2j7m"))))
+                "1957w2wi7iqar978qlfsm220dwywnrh5m58nrnn9zmi74ds3bn2n"))))
     (build-system gnu-build-system)
     (synopsis "Utility functions from BSD systems")
     (description "This library provides useful functions commonly found on BSD
diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm
index a7752dc5f0..bc7f6c670d 100644
--- a/gnu/packages/libevent.scm
+++ b/gnu/packages/libevent.scm
@@ -122,24 +122,17 @@ limited support for fork events.")
 (define-public libuv
   (package
     (name "libuv")
-    (version "1.19.2")
+    (version "1.23.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://dist.libuv.org/dist/v" version
                                   "/libuv-v" version ".tar.gz"))
               (sha256
                (base32
-                "1msk9ac1z69whww88ibrwjqkd1apdla6l77cm2fwy5kigq0z5g3w"))))
+                "09yf7c71n8b80nbsv4lsmq5nqmb0rylhpx3z9jgkv5za9lr6sx6i"))))
     (build-system gnu-build-system)
     (arguments
-     '(#:phases (modify-phases %standard-phases
-                  (add-after 'unpack 'autogen
-                    (lambda _
-                      ;; Fashionable people don't run 'make dist' these days, so
-                      ;; we need to do that ourselves.
-                      (invoke "sh" "autogen.sh"))))
-
-       ;; XXX: Some tests want /dev/tty, attempt to make connections, etc.
+     '(;; XXX: Some tests want /dev/tty, attempt to make connections, etc.
        #:tests? #f))
     (native-inputs `(("autoconf" ,autoconf-wrapper)
                      ("automake" ,automake)
diff --git a/gnu/packages/libffi.scm b/gnu/packages/libffi.scm
index 0d54c305b2..d1b910bd07 100644
--- a/gnu/packages/libffi.scm
+++ b/gnu/packages/libffi.scm
@@ -50,7 +50,10 @@
               (patches (search-patches "libffi-3.2.1-complex-alpha.patch"))))
     (build-system gnu-build-system)
     (arguments
-     `(#:phases
+     `(;; Prevent the build system from passing -march and -mtune to the
+       ;; compiler.  See "ax_cc_maxopt.m4" and "ax_gcc_archflag.m4".
+       #:configure-flags '("--enable-portable-binary" "--without-gcc-arch")
+       #:phases
        (modify-phases %standard-phases
          (add-after 'install 'post-install
            (lambda* (#:key outputs #:allow-other-keys)
@@ -79,13 +82,13 @@ conversions for values passed between the two languages.")
 (define-public python-cffi
   (package
     (name "python-cffi")
-    (version "1.11.4")
+    (version "1.11.5")
     (source
      (origin
       (method url-fetch)
       (uri (pypi-uri "cffi" version))
       (sha256
-       (base32 "07fiy4wqg8g08x38r04ydjr8n6g0g74gb8si8b6jhymijalq746z"))))
+       (base32 "1x3lrj928dcxx1k8k9gf3s4s3jwvzv8mc3kkyg1g7c3a1sc1f3z9"))))
     (build-system python-build-system)
     (outputs '("out" "doc"))
     (inputs
diff --git a/gnu/packages/libidn.scm b/gnu/packages/libidn.scm
index 249c3f8458..719a0f0b4b 100644
--- a/gnu/packages/libidn.scm
+++ b/gnu/packages/libidn.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -32,26 +33,18 @@
 (define-public libidn
   (package
    (name "libidn")
-   (version "1.34")
+   (version "1.35")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/libidn/libidn-" version
                                 ".tar.gz"))
             (sha256
              (base32
-              "0g3fzypp0xjcgr90c5cyj57apx1cmy0c6y9lvw2qdcigbyby469p"))
-            (modules '((guix build utils)))
-            (snippet
-             '(begin
-                ;; The gnulib test-lock test is prone to writer starvation
-                ;; with our glibc@2.25, which prefers readers, so disable it.
-                ;; The gnulib commit b20e8afb0b2 should fix this once
-                ;; incorporated here.
-                (substitute* "lib/gltests/Makefile.in"
-                  (("test-lock\\$\\(EXEEXT\\) ") ""))
-                #t))))
+              "07pyy0afqikfq51z5kbzbj9ldbd12mri0zvx0mfv3ds6bc0g26pi"))))
    (build-system gnu-build-system)
-;; FIXME: No Java and C# libraries are currently built.
+   ;; FIXME: No Java and C# libraries are currently built.
+   (arguments
+    `(#:configure-flags '("--disable-static")))
    (synopsis "Internationalized string processing library")
    (description
      "libidn is a library implementing of the Stringprep, Punycode and IDNA
@@ -66,19 +59,21 @@ Java libraries.")
 (define-public libidn2
   (package
     (name "libidn2")
-    (version "2.0.4")
+    (version "2.0.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnu/libidn/" name "-" version
                                   ".tar.lz"))
               (sha256
                (base32
-                "00f2fyw5kwr9is3cdn5h9arzxp0lnvg0z9bb9zyfs0dq81gaqim4"))))
+                "0s4nkazy1xbs6bbq4farby1xhmhzk5bdclbil5gqdwyzxsgabxqg"))))
     (native-inputs
      `(("lzip" ,lzip)))
     (inputs
      `(("libunistring" ,libunistring)))
     (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags '("--disable-static")))
     (synopsis "Internationalized domain name library for IDNA2008")
     (description "Libidn2 is an internationalized domain library implementing
 the IDNA2008 specifications.   Libidn2 is believed to be a complete IDNA2008
diff --git a/gnu/packages/libsigsegv.scm b/gnu/packages/libsigsegv.scm
index 7f63bb26c4..927a12f4cf 100644
--- a/gnu/packages/libsigsegv.scm
+++ b/gnu/packages/libsigsegv.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2018 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -38,20 +38,23 @@
    (home-page "https://www.gnu.org/software/libsigsegv/")
    (synopsis "Library for handling page faults")
    (arguments
-    ;; On MIPS, work around this error:
-    ;;
-    ;; In file included from fault-linux-mips-old.h:18:0,
-    ;;    [...]
-    ;; linux-libre-headers-cross-mips64el-linux-gnu-3.3.8/include/asm/sigcontext.h:57:8: error: redefinition of 'struct sigcontext'
-    (if (string-contains (or (%current-target-system) (%current-system))
-                         "mips64el")
-        `(#:phases (modify-phases %standard-phases
-                     (add-before 'configure 'patch-mips-old-h
-                       (lambda _
-                         (substitute* "src/fault-linux-mips-old.h"
-                           (("#include <asm/sigcontext\\.h>") ""))
-                         #t))))
-        '()))
+    `(;; The shared library isn't built by default but some packages need it.
+      #:configure-flags '("--enable-shared")
+
+      ;; On MIPS, work around this error:
+      ;;
+      ;; In file included from fault-linux-mips-old.h:18:0,
+      ;;    [...]
+      ;; linux-libre-headers-cross-mips64el-linux-gnu-3.3.8/include/asm/sigcontext.h:57:8: error: redefinition of 'struct sigcontext'
+      ,@(if (string-contains (or (%current-target-system) (%current-system))
+                             "mips64el")
+            `(#:phases (modify-phases %standard-phases
+                         (add-before 'configure 'patch-mips-old-h
+                           (lambda _
+                             (substitute* "src/fault-linux-mips-old.h"
+                               (("#include <asm/sigcontext\\.h>") ""))
+                             #t))))
+            '())))
    (description
     "GNU libsigsegv is a library to handle page faults, which occur when a
 program tries to access an unavailable region of memory, in user mode.  By
diff --git a/gnu/packages/libunistring.scm b/gnu/packages/libunistring.scm
index 6a3afd4f05..fda839be54 100644
--- a/gnu/packages/libunistring.scm
+++ b/gnu/packages/libunistring.scm
@@ -5,6 +5,8 @@
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -32,7 +34,7 @@
 (define-public libunistring
   (package
    (name "libunistring")
-   (version "0.9.9")
+   (version "0.9.10")
    (source (origin
             (method url-fetch)
             (uri (string-append
@@ -40,24 +42,25 @@
                   version ".tar.xz"))
             (sha256
              (base32
-              "0cx8v6862w7vvacbkcvg49kfx731ckdgaybmzw1zav71zkn97nd4"))
-            (modules '((guix build utils)))
-            (snippet
-             '(begin
-                ;; The gnulib test-lock test is prone to writer starvation
-                ;; with our glibc@2.25, which prefers readers, so disable it.
-                ;; The gnulib commit b20e8afb0b2 should fix this once
-                ;; incorporated here.
-                (substitute* "tests/Makefile.in"
-                  (("test-lock\\$\\(EXEEXT\\) ") ""))
-                #t))))
+              "1mq57h06622m6qc5cv347fc3qk5mj840axw3c0vd7qmnwk1v53zb"))))
    (propagated-inputs (libiconv-if-needed))
+   (outputs '("out" "static"))
    (build-system gnu-build-system)
    (arguments
     ;; Work around parallel build issue whereby C files may be compiled before
     ;; config.h is built: see <http://hydra.gnu.org/build/59381/nixlog/2/raw> and
     ;; <http://lists.openembedded.org/pipermail/openembedded-core/2012-April/059850.html>.
-    '(#:parallel-build? #f))
+    '(#:parallel-build? #f
+      #:phases (modify-phases %standard-phases
+                 (add-after 'install 'move-static-library
+                   (lambda* (#:key outputs #:allow-other-keys)
+                     (let ((out (assoc-ref outputs "out"))
+                           (static (assoc-ref outputs "static")))
+                       (with-directory-excursion (string-append out "/lib")
+                         (install-file "libunistring.a"
+                                       (string-append static "/lib"))
+                         (delete-file "libunistring.a")
+                         #t)))))))
    (synopsis "C library for manipulating Unicode strings")
    (description
     "GNU libunistring is a library providing functions to manipulate
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 9b9cf01560..8bb0162a47 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -163,13 +163,13 @@ defconfig.  Return the appropriate make target if applicable, otherwise return
 (define-public linux-libre-headers
   (package
     (name "linux-libre-headers")
-    (version "4.14.26")
+    (version "4.14.67")
     (source (origin
              (method url-fetch)
              (uri (linux-libre-urls version))
              (sha256
               (base32
-               "1m2zr17wpasg5riysbaa4g5i492jzr93py2jm088ki818s4a9cm3"))))
+               "050zvdxjy6sc64q75pr1gxsmh49chwav2pwxz8xlif39bvahnrpg"))))
     (build-system gnu-build-system)
     (native-inputs `(("perl" ,perl)))
     (arguments
@@ -298,12 +298,6 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration."
                  (or (%current-target-system) (%current-system)))
            ((or "x86_64" "i386")
             `(("gcc" ,gcc-7)))
-           ("arm64"
-            ;; Work around a binutils 2.30 bug where some kernel symbols would
-            ;; be incorrectly marked as relocatable:
-            ;; <https://sourceware.org/bugzilla/show_bug.cgi?id=22764>.
-            `(("ld-wrapper" ,(make-ld-wrapper "ld-wrapper"
-                                              #:binutils binutils/fixed))))
            (_
             '()))
        ,@(match (and configuration-file
@@ -494,17 +488,17 @@ It has been modified to remove all non-free binary blobs.")
 (define-public linux-pam
   (package
     (name "linux-pam")
-    (version "1.3.0")
+    (version "1.3.1")
     (source
      (origin
-      (method url-fetch)
-      (uri (string-append
-            "http://www.linux-pam.org/library/"
-            "Linux-PAM-" version ".tar.bz2"))
-      (sha256
-       (base32
-        "1fyi04d5nsh8ivd0rn2y0z83ylgc0licz7kifbb6xxi2ylgfs6i4"))
-      (patches (search-patches "linux-pam-no-setfsuid.patch"))))
+       (method url-fetch)
+       (uri (string-append
+             "https://github.com/linux-pam/linux-pam/releases/download/v"
+             version "/Linux-PAM-" version ".tar.xz"))
+       (sha256
+        (base32
+         "1nyh9kdi3knhxcbv5v4snya0g3gff0m671lnvqcbygw3rm77mx7g"))
+       (patches (search-patches "linux-pam-no-setfsuid.patch"))))
 
     (build-system gnu-build-system)
     (native-inputs
@@ -586,7 +580,7 @@ providing the system administrator with some help in common tasks.")
 (define-public util-linux
   (package
     (name "util-linux")
-    (version "2.32")
+    (version "2.32.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://kernel.org/linux/utils/"
@@ -594,7 +588,7 @@ providing the system administrator with some help in common tasks.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0d2758kjll5xqm5fpp3sww1h66aahx161sf2b60jxqv4qymrfwvc"))
+                "1ck7d8srw5szpjq7v0gpmjahnjs6wgqzm311ki4gazww6xx71rl6"))
               (patches (search-patches "util-linux-tests.patch"))
               (modules '((guix build utils)))
               (snippet
@@ -2542,9 +2536,7 @@ in a digital read-out.")
   (package
     (name "perf")
     (version (package-version linux-libre))
-    (source (origin
-              (inherit (package-source linux-libre))
-              (patches (search-patches "perf-gcc-ice.patch"))))
+    (source (package-source linux-libre))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -3307,6 +3299,7 @@ and copy/paste text in the console and in xterm.")
               ("libuuid:static" ,util-linux "static")
               ("lzo" ,lzo)
               ("zlib" ,zlib)
+              ("zlib:static" ,zlib "static")
               ("zstd" ,zstd)))
     (native-inputs `(("pkg-config" ,pkg-config)
                      ("asciidoc" ,asciidoc)
diff --git a/gnu/packages/m4.scm b/gnu/packages/m4.scm
index b223ce91d1..090f5578e3 100644
--- a/gnu/packages/m4.scm
+++ b/gnu/packages/m4.scm
@@ -32,6 +32,7 @@
             (method url-fetch)
             (uri (string-append "mirror://gnu/m4/m4-"
                                 version ".tar.xz"))
+            (patches (search-patches "m4-gnulib-libio.patch"))
             (sha256
              (base32
               "01sfjd5a4waqw83bibvmn522g69qfqvwig9i2qlgy154l1nfihgj"))))
diff --git a/gnu/packages/make-bootstrap.scm b/gnu/packages/make-bootstrap.scm
index 475749bbf6..65d632f64e 100644
--- a/gnu/packages/make-bootstrap.scm
+++ b/gnu/packages/make-bootstrap.scm
@@ -22,7 +22,7 @@
 (define-module (gnu packages make-bootstrap)
   #:use-module (guix utils)
   #:use-module (guix packages)
-  #:use-module (guix licenses)
+  #:use-module ((guix licenses) #:select (gpl3+))
   #:use-module (guix build-system trivial)
   #:use-module (guix build-system gnu)
   #:use-module ((gnu packages) #:select (search-patch))
@@ -34,6 +34,7 @@
   #:use-module (gnu packages gcc)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages bdw-gc)
+  #:use-module (gnu packages libunistring)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages hurd)
   #:use-module (gnu packages multiprecision)
@@ -440,6 +441,9 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
                                                    "^gnu-user.*\\.h$"))
                       ((" -lgcc_s}}") "}}"))
                     #t)))))))
+     (inputs
+      `(("zlib:static" ,zlib "static")
+        ,@(package-inputs gcc)))
      (native-inputs
       (if (%current-target-system)
           `(;; When doing a Canadian cross, we need GMP/MPFR/MPC both
@@ -525,6 +529,10 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
                   ;; Remove the 'debug' output (see above for the reason.)
                   (outputs (delete "debug" (package-outputs guile-2.2)))
 
+                  (inputs
+                   `(("libunistring:static" ,libunistring "static")
+                     ,@(package-inputs guile-2.2)))
+
                   (propagated-inputs
                    `(("bdw-gc" ,libgc)
                      ,@(alist-delete "bdw-gc"
diff --git a/gnu/packages/nettle.scm b/gnu/packages/nettle.scm
index 67a3062a5a..1212f32812 100644
--- a/gnu/packages/nettle.scm
+++ b/gnu/packages/nettle.scm
@@ -44,8 +44,22 @@
      ;; $libdir, which is not the case by default.  Work around it.
      '(#:configure-flags (list (string-append "LDFLAGS=-Wl,-rpath="
                                               (assoc-ref %outputs "out")
-                                              "/lib"))))
-    (outputs '("out" "debug"))
+                                              "/lib"))
+       #:phases (modify-phases %standard-phases
+                  (add-after 'install 'move-static-libraries
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      (let ((out (assoc-ref outputs "out"))
+                            (slib (string-append (assoc-ref outputs "static")
+                                                 "/lib")))
+                        (mkdir-p slib)
+                        (with-directory-excursion (string-append out "/lib")
+                          (for-each (lambda (ar)
+                                      (rename-file ar (string-append
+                                                       slib "/"
+                                                       (basename ar))))
+                                    (find-files "." "\\.a$")))
+                        #t))))))
+    (outputs '("out" "debug" "static"))
     (native-inputs `(("m4" ,m4)))
     (propagated-inputs `(("gmp" ,gmp)))
     (home-page "https://www.lysator.liu.se/~nisse/nettle/")
diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm
index 12964e302a..1cdce999b3 100644
--- a/gnu/packages/openldap.scm
+++ b/gnu/packages/openldap.scm
@@ -84,11 +84,9 @@
    (native-inputs `(("libtool" ,libtool)))
    (arguments
     `(#:tests? #f
+      #:configure-flags '("--disable-static")
       #:phases
       (modify-phases %standard-phases
-        (add-after 'configure 'provide-libtool
-          (lambda _ (copy-file (which "libtool") "libtool")
-            #t))
         (add-after 'install 'patch-sasl-path
           ;; Give -L arguments for cyrus-sasl to avoid propagation.
           (lambda* (#:key inputs outputs #:allow-other-keys)
diff --git a/gnu/packages/openstack.scm b/gnu/packages/openstack.scm
index 64e05c4b0e..c07f011c9d 100644
--- a/gnu/packages/openstack.scm
+++ b/gnu/packages/openstack.scm
@@ -182,7 +182,7 @@ guidelines}.")
        ("python-pbr" ,python-pbr)))
     (native-inputs
       `(("python-openstackdocstheme" ,python-openstackdocstheme)
-        ("python-sphinx" ,python-sphinx-1.6)
+        ("python-sphinx" ,python-sphinx)
         ("python-subunit" ,python-subunit)
         ("python-testrepository" ,python-testrepository)
         ("python-testtools" ,python-testtools)))
@@ -216,7 +216,7 @@ with mox as possible, but small enhancements have been made.")
      `(("python-dulwich" ,python-dulwich)
        ("python-pbr" ,python-pbr)))
     (native-inputs
-     `(("python-sphinx" ,python-sphinx-1.6)))
+     `(("python-sphinx" ,python-sphinx)))
     (home-page "https://docs.openstack.org/openstackdocstheme/latest/")
     (synopsis "OpenStack Docs Theme")
     (description
@@ -313,7 +313,7 @@ to docs.openstack.org and developer.openstack.org.")
        ("python-six" ,python-six)))
     (native-inputs
      `(("python-mock" ,python-mock)
-       ("python-sphinx" ,python-sphinx-1.6)
+       ("python-sphinx" ,python-sphinx)
        ("python-testrepository" ,python-testrepository)))
     (home-page "https://github.com/dreamhost/stevedore")
     (synopsis "Manage dynamic plugins for Python applications")
@@ -405,7 +405,7 @@ common features used in Tempest.")
        ("python-openstackdocstheme" ,python-openstackdocstheme)
        ("python-oslotest" ,python-oslotest)
        ("python-reno" ,python-reno)
-       ("python-sphinx" ,python-sphinx-1.6)
+       ("python-sphinx" ,python-sphinx)
        ("python-testrepository" ,python-testrepository)
        ("python-testscenarios" ,python-testscenarios)
        ("python-testtools" ,python-testtools)))
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 78db0abfa8..6c3d245058 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -264,9 +264,7 @@
          ("sqlite" ,sqlite)
          ("libgcrypt" ,libgcrypt)
 
-         ;; Use 2.2.4 to avoid various thread-safety issues while building
-         ;; code in parallel.
-         ("guile" ,guile-2.2.4)
+         ("guile" ,guile-2.2)
 
          ;; Many tests rely on the 'guile-bootstrap' package, which is why we
          ;; have it here.
diff --git a/gnu/packages/patches/binutils-aarch64-symbol-relocation.patch b/gnu/packages/patches/binutils-aarch64-symbol-relocation.patch
deleted file mode 100644
index fbd596862b..0000000000
--- a/gnu/packages/patches/binutils-aarch64-symbol-relocation.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix a regression in Binutils 2.30 where some symbols are incorrectly assumed
-to be addresses:
-
-https://sourceware.org/bugzilla/show_bug.cgi?id=22764
-
-Patch taken from upstream (with ChangeLog entries and tests omitted):
-
-https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=279b2f94168ee91e02ccd070d27c983fc001fe12
-
-diff --git a/bfd/elfnn-aarch64.c b/bfd/elfnn-aarch64.c
-index af448f9..2737773 100644
---- a/bfd/elfnn-aarch64.c
-+++ b/bfd/elfnn-aarch64.c
-@@ -7189,10 +7189,19 @@ elfNN_aarch64_check_relocs (bfd *abfd, struct bfd_link_info *info,
- #if ARCH_SIZE == 64
- 	case BFD_RELOC_AARCH64_32:
- #endif
--	  if (bfd_link_pic (info)
--	      && (sec->flags & SEC_ALLOC) != 0
--	      && (sec->flags & SEC_READONLY) != 0)
-+	  if (bfd_link_pic (info) && (sec->flags & SEC_ALLOC) != 0)
- 	    {
-+	      if (h != NULL
-+		  /* This is an absolute symbol.  It represents a value instead
-+		     of an address.  */
-+		  && ((h->root.type == bfd_link_hash_defined
-+		       && bfd_is_abs_section (h->root.u.def.section))
-+		      /* This is an undefined symbol.  */
-+		      || h->root.type == bfd_link_hash_undefined))
-+		break;
-+
-+	      /* For local symbols, defined global symbols in a non-ABS section,
-+		 it is assumed that the value is an address.  */
- 	      int howto_index = bfd_r_type - BFD_RELOC_AARCH64_RELOC_START;
- 	      _bfd_error_handler
- 		/* xgettext:c-format */
diff --git a/gnu/packages/patches/doxygen-gcc-ice.patch b/gnu/packages/patches/doxygen-gcc-ice.patch
deleted file mode 100644
index fbfedcb7ab..0000000000
--- a/gnu/packages/patches/doxygen-gcc-ice.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Work around this GCC ICE: <https://bugs.gnu.org/31708>.  It shows up
-only when doing native compiles on armhf-linux.
-
-Yes it's a terrible patch, but it does the job.
-
---- doxygen-1.8.13/qtools/qutfcodec.cpp	1970-01-01 01:00:00.000000000 +0100
-+++ doxygen-1.8.13/qtools/qutfcodec.cpp	2018-06-08 14:14:29.614009929 +0200
-@@ -189,7 +189,7 @@ int QUtf16Codec::heuristicContentMatch(c
- }
- 
- 
--
-+volatile const void *bomPointer = &QChar::byteOrderMark;
- 
- class QUtf16Encoder : public QTextEncoder {
-     bool headerdone;
-@@ -209,7 +209,7 @@ public:
- 	    headerdone = TRUE;
- 	    len_in_out = (1+uc.length())*(int)sizeof(QChar);
- 	    QCString d(len_in_out);
--	    memcpy(d.rawData(),&QChar::byteOrderMark,sizeof(QChar));
-+	    memcpy(d.rawData(),(void *)bomPointer,sizeof(QChar));
- 	    memcpy(d.rawData()+sizeof(QChar),uc.unicode(),uc.length()*sizeof(QChar));
- 	    return d;
- 	}
diff --git a/gnu/packages/patches/findutils-gnulib-libio.patch b/gnu/packages/patches/findutils-gnulib-libio.patch
new file mode 100644
index 0000000000..79f9fd914d
--- /dev/null
+++ b/gnu/packages/patches/findutils-gnulib-libio.patch
@@ -0,0 +1,114 @@
+Adjust to removal of libio interface in glibc 2.28.
+
+Based on this gnulib commit:
+https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=4af4a4a71827c0bc5e0ec67af23edef4f15cee8e
+
+diff --git a/gl/lib/fflush.c b/gl/lib/fflush.c
+index 5ae3e41..7a82470 100644
+--- a/gl/lib/fflush.c
++++ b/gl/lib/fflush.c
+@@ -33,7 +33,7 @@
+ #undef fflush
+ 
+ 
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+ 
+ /* Clear the stream's ungetc buffer, preserving the value of ftello (fp).  */
+ static void
+@@ -72,7 +72,7 @@ clear_ungetc_buffer (FILE *fp)
+ 
+ #endif
+ 
+-#if ! (defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */)
++#if ! (defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */)
+ 
+ # if (defined __sferror || defined __DragonFly__ || defined __ANDROID__) && defined __SNPT
+ /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Android */
+@@ -148,7 +148,7 @@ rpl_fflush (FILE *stream)
+   if (stream == NULL || ! freading (stream))
+     return fflush (stream);
+ 
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+ 
+   clear_ungetc_buffer_preserving_position (stream);
+ 
+diff --git a/gl/lib/fpurge.c b/gl/lib/fpurge.c
+index f313b22..ecdf82d 100644
+--- a/gl/lib/fpurge.c
++++ b/gl/lib/fpurge.c
+@@ -62,7 +62,7 @@ fpurge (FILE *fp)
+   /* Most systems provide FILE as a struct and the necessary bitmask in
+      <stdio.h>, because they need it for implementing getc() and putc() as
+      fast macros.  */
+-# if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++# if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+   fp->_IO_read_end = fp->_IO_read_ptr;
+   fp->_IO_write_ptr = fp->_IO_write_base;
+   /* Avoid memory leak when there is an active ungetc buffer.  */
+diff --git a/gl/lib/freadahead.c b/gl/lib/freadahead.c
+index 094daab..3f8101e 100644
+--- a/gl/lib/freadahead.c
++++ b/gl/lib/freadahead.c
+@@ -25,7 +25,7 @@
+ size_t
+ freadahead (FILE *fp)
+ {
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+   if (fp->_IO_write_ptr > fp->_IO_write_base)
+     return 0;
+   return (fp->_IO_read_end - fp->_IO_read_ptr)
+diff --git a/gl/lib/freading.c b/gl/lib/freading.c
+index 0512b19..8c48fe4 100644
+--- a/gl/lib/freading.c
++++ b/gl/lib/freading.c
+@@ -31,7 +31,7 @@ freading (FILE *fp)
+   /* Most systems provide FILE as a struct and the necessary bitmask in
+      <stdio.h>, because they need it for implementing getc() and putc() as
+      fast macros.  */
+-# if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++# if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+   return ((fp->_flags & _IO_NO_WRITES) != 0
+           || ((fp->_flags & (_IO_NO_READS | _IO_CURRENTLY_PUTTING)) == 0
+               && fp->_IO_read_base != NULL));
+diff --git a/gl/lib/fseeko.c b/gl/lib/fseeko.c
+index 1c65d2a..9026408 100644
+--- a/gl/lib/fseeko.c
++++ b/gl/lib/fseeko.c
+@@ -47,7 +47,7 @@ fseeko (FILE *fp, off_t offset, int whence)
+ #endif
+ 
+   /* These tests are based on fpurge.c.  */
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+   if (fp->_IO_read_end == fp->_IO_read_ptr
+       && fp->_IO_write_ptr == fp->_IO_write_base
+       && fp->_IO_save_base == NULL)
+@@ -123,7 +123,7 @@ fseeko (FILE *fp, off_t offset, int whence)
+           return -1;
+         }
+ 
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+       fp->_flags &= ~_IO_EOF_SEEN;
+       fp->_offset = pos;
+ #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__
+diff --git a/gl/lib/stdio-impl.h b/gl/lib/stdio-impl.h
+index 502d891..ea38ee2 100644
+--- a/gl/lib/stdio-impl.h
++++ b/gl/lib/stdio-impl.h
+@@ -18,6 +18,12 @@
+    the same implementation of stdio extension API, except that some fields
+    have different naming conventions, or their access requires some casts.  */
+ 
++/* Glibc 2.28 made _IO_IN_BACKUP private.  For now, work around this
++   problem by defining it ourselves.  FIXME: Do not rely on glibc
++   internals.  */
++#if !defined _IO_IN_BACKUP && defined _IO_EOF_SEEN
++# define _IO_IN_BACKUP 0x100
++#endif
+ 
+ /* BSD stdio derived implementations.  */
+ 
diff --git a/gnu/packages/patches/findutils-makedev.patch b/gnu/packages/patches/findutils-makedev.patch
new file mode 100644
index 0000000000..2f16c625d8
--- /dev/null
+++ b/gnu/packages/patches/findutils-makedev.patch
@@ -0,0 +1,22 @@
+Include <sys/sysmacros.h> for "makedev".
+
+Taken from this gnulib commit:
+https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=4da63c5881f60f71999a943612da9112232b9161
+
+diff --git a/gl/lib/mountlist.c b/gl/lib/mountlist.c
+index bb4e4ee21..cf4020e2a 100644
+--- a/gl/lib/mountlist.c
++++ b/gl/lib/mountlist.c
+@@ -37,6 +37,12 @@
+ # include <sys/param.h>
+ #endif
+ 
++#if MAJOR_IN_MKDEV
++# include <sys/mkdev.h>
++#elif MAJOR_IN_SYSMACROS
++# include <sys/sysmacros.h>
++#endif
++
+ #if defined MOUNTED_GETFSSTAT   /* OSF_1 and Darwin1.3.x */
+ # if HAVE_SYS_UCRED_H
+ #  include <grp.h> /* needed on OSF V4.0 for definition of NGROUPS,
diff --git a/gnu/packages/patches/freetype-CVE-2018-6942.patch b/gnu/packages/patches/freetype-CVE-2018-6942.patch
deleted file mode 100644
index 680f357765..0000000000
--- a/gnu/packages/patches/freetype-CVE-2018-6942.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-Fix CVE-2018-6942:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942
-https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6942.html
-
-Copied from upstream (ChangeLog section removed):
-https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef
-
-diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
-index d855aaa..551f14a 100644
---- a/src/truetype/ttinterp.c
-+++ b/src/truetype/ttinterp.c
-@@ -7532,8 +7532,16 @@
-       return;
-     }
- 
--    for ( i = 0; i < num_axes; i++ )
--      args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */
-+    if ( coords )
-+    {
-+      for ( i = 0; i < num_axes; i++ )
-+        args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */
-+    }
-+    else
-+    {
-+      for ( i = 0; i < num_axes; i++ )
-+        args[i] = 0;
-+    }
-   }
- 
- 
diff --git a/gnu/packages/patches/gcc-libsanitizer-ustat.patch b/gnu/packages/patches/gcc-libsanitizer-ustat.patch
new file mode 100644
index 0000000000..a4e0c6affa
--- /dev/null
+++ b/gnu/packages/patches/gcc-libsanitizer-ustat.patch
@@ -0,0 +1,41 @@
+Remove use of deprecated ustat interface in glibc 2.28:
+
+https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85835
+
+Taken from upstream:
+
+https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=260684
+
+diff --git a/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc b/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc
+index 858bb2184505..de18e56d11cf 100644
+--- a/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc
++++ b/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc
+@@ -157,7 +157,6 @@ typedef struct user_fpregs elf_fpregset_t;
+ # include <sys/procfs.h>
+ #endif
+ #include <sys/user.h>
+-#include <sys/ustat.h>
+ #include <linux/cyclades.h>
+ #include <linux/if_eql.h>
+ #include <linux/if_plip.h>
+@@ -250,7 +249,19 @@ namespace __sanitizer {
+ #endif // SANITIZER_LINUX || SANITIZER_FREEBSD
+ 
+ #if SANITIZER_LINUX && !SANITIZER_ANDROID
+-  unsigned struct_ustat_sz = sizeof(struct ustat);
++  // Use pre-computed size of struct ustat to avoid <sys/ustat.h> which
++  // has been removed from glibc 2.28.
++#if defined(__aarch64__) || defined(__s390x__) || defined (__mips64) \
++  || defined(__powerpc64__) || defined(__arch64__) || defined(__sparcv9) \
++  || defined(__x86_64__)
++#define SIZEOF_STRUCT_USTAT 32
++#elif defined(__arm__) || defined(__i386__) || defined(__mips__) \
++  || defined(__powerpc__) || defined(__s390__)
++#define SIZEOF_STRUCT_USTAT 20
++#else
++#error Unknown size of struct ustat
++#endif
++  unsigned struct_ustat_sz = SIZEOF_STRUCT_USTAT;
+   unsigned struct_rlimit64_sz = sizeof(struct rlimit64);
+   unsigned struct_statvfs64_sz = sizeof(struct statvfs64);
+ #endif // SANITIZER_LINUX && !SANITIZER_ANDROID
diff --git a/gnu/packages/patches/gcc-strmov-store-file-names.patch b/gnu/packages/patches/gcc-strmov-store-file-names.patch
index 9f9162855d..7358de3326 100644
--- a/gnu/packages/patches/gcc-strmov-store-file-names.patch
+++ b/gnu/packages/patches/gcc-strmov-store-file-names.patch
@@ -15,7 +15,7 @@ and <https://bugs.gnu.org/30395>.
 
 --- gcc-5.3.0/gcc/builtins.c	2016-10-18 10:50:46.080616285 +0200
 +++ gcc-5.3.0/gcc/builtins.c	2016-11-09 15:26:43.693042737 +0100
-@@ -3192,6 +3192,54 @@ determine_block_size (tree len, rtx len_
+@@ -3192,6 +3192,58 @@ determine_block_size (tree len, rtx len_
  			  GET_MODE_MASK (GET_MODE (len_rtx)));
  }
  
@@ -35,9 +35,13 @@ and <https://bugs.gnu.org/30395>.
 +  if (TREE_CODE (str) == VAR_DECL
 +      && TREE_STATIC (str)
 +      && TREE_READONLY (str))
-+    /* STR may be a 'static const' variable whose initial value
-+       is a string constant.  See <https://bugs.gnu.org/30395>.  */
-+    str = DECL_INITIAL (str);
++    {
++      /* STR may be a 'static const' variable whose initial value
++         is a string constant.  See <https://bugs.gnu.org/30395>.  */
++      str = DECL_INITIAL (str);
++      if (str == NULL_TREE)
++        return false;
++    }
 +
 +  if (TREE_CODE (str) != STRING_CST)
 +    return false;
diff --git a/gnu/packages/patches/gdb-python-3.7.patch b/gnu/packages/patches/gdb-python-3.7.patch
new file mode 100644
index 0000000000..c51442c8b2
--- /dev/null
+++ b/gnu/packages/patches/gdb-python-3.7.patch
@@ -0,0 +1,52 @@
+Fix build failure with Python 3.7 and newer.
+
+Taken from this upstream commit, sans ChangeLog update:
+
+https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=aeab512851bf6ed623d1c6c4305b6ce05e51a10c
+
+diff --git a/gdb/python/python.c b/gdb/python/python.c
+index 1805c90..20fc674 100644
+--- a/gdb/python/python.c
++++ b/gdb/python/python.c
+@@ -1667,6 +1667,17 @@ finalize_python (void *ignore)
+   restore_active_ext_lang (previous_active);
+ }
+ 
++#ifdef IS_PY3K
++/* This is called via the PyImport_AppendInittab mechanism called
++   during initialization, to make the built-in _gdb module known to
++   Python.  */
++PyMODINIT_FUNC
++init__gdb_module (void)
++{
++  return PyModule_Create (&python_GdbModuleDef);
++}
++#endif
++
+ static bool
+ do_start_initialization ()
+ {
+@@ -1707,6 +1718,9 @@ do_start_initialization ()
+      remain alive for the duration of the program's execution, so
+      it is not freed after this call.  */
+   Py_SetProgramName (progname_copy);
++
++  /* Define _gdb as a built-in module.  */
++  PyImport_AppendInittab ("_gdb", init__gdb_module);
+ #else
+   Py_SetProgramName (progname.release ());
+ #endif
+@@ -1716,9 +1730,7 @@ do_start_initialization ()
+   PyEval_InitThreads ();
+ 
+ #ifdef IS_PY3K
+-  gdb_module = PyModule_Create (&python_GdbModuleDef);
+-  /* Add _gdb module to the list of known built-in modules.  */
+-  _PyImport_FixupBuiltin (gdb_module, "_gdb");
++  gdb_module = PyImport_ImportModule ("_gdb");
+ #else
+   gdb_module = Py_InitModule ("_gdb", python_GdbMethods);
+ #endif
+-- 
+2.9.3
+
diff --git a/gnu/packages/patches/glibc-2.28-git-fixes.patch b/gnu/packages/patches/glibc-2.28-git-fixes.patch
new file mode 100644
index 0000000000..7e370ef0b1
--- /dev/null
+++ b/gnu/packages/patches/glibc-2.28-git-fixes.patch
@@ -0,0 +1,248 @@
+This file contains fixes from the "release/2.28/master" branch:
+https://sourceware.org/git/?p=glibc.git;a=shortlog;h=refs/heads/release/2.28/master
+
+Currently we have these commits (sans tests and ChangeLog updates):
+7f11842e7483da7aa9fa3031be122021978ef600
+726e1554ce4db5e35af41cb0110c54c5e1232054
+4b25485f03158959cff45379eecc1d73c7dcdd11
+d05b05d1570ba3ae354a2f5a3cfeefb373b09979
+bfcfa22589f2b4277a65e60c6b736b6bbfbd87d0
+2f498f3d140ab5152bd784df2be7af7d9c5e63ed
+
+diff --git a/htl/Versions b/htl/Versions
+index 6a63a1b8a1..c5a616da10 100644
+--- a/htl/Versions
++++ b/htl/Versions
+@@ -150,6 +150,8 @@ libpthread {
+     __cthread_keycreate;
+     __cthread_getspecific;
+     __cthread_setspecific;
++    __pthread_getspecific;
++    __pthread_setspecific;
+     __pthread_getattr_np;
+     __pthread_attr_getstack;
+   }
+
+diff --git a/sysdeps/htl/pt-getspecific.c b/sysdeps/htl/pt-getspecific.c
+index a0227a67f6..64ddf9551a 100644
+--- a/sysdeps/htl/pt-getspecific.c
++++ b/sysdeps/htl/pt-getspecific.c
+@@ -36,3 +36,4 @@ __pthread_getspecific (pthread_key_t key)
+   return self->thread_specifics[key];
+ }
+ strong_alias (__pthread_getspecific, pthread_getspecific);
++hidden_def (__pthread_getspecific)
+diff --git a/sysdeps/htl/pt-setspecific.c b/sysdeps/htl/pt-setspecific.c
+index a46a12f157..02aff417ef 100644
+--- a/sysdeps/htl/pt-setspecific.c
++++ b/sysdeps/htl/pt-setspecific.c
+@@ -48,3 +48,4 @@ __pthread_setspecific (pthread_key_t key, const void *value)
+   return 0;
+ }
+ strong_alias (__pthread_setspecific, pthread_setspecific);
++hidden_def (__pthread_setspecific)
+diff --git a/sysdeps/htl/pthreadP.h b/sysdeps/htl/pthreadP.h
+index 132ac1718e..71c2fcd9c6 100644
+--- a/sysdeps/htl/pthreadP.h
++++ b/sysdeps/htl/pthreadP.h
+@@ -68,6 +68,8 @@ struct __pthread_cancelation_handler **___pthread_get_cleanup_stack (void) attri
+ 
+ #if IS_IN (libpthread)
+ hidden_proto (__pthread_key_create)
++hidden_proto (__pthread_getspecific)
++hidden_proto (__pthread_setspecific)
+ hidden_proto (_pthread_mutex_init)
+ #endif
+ 
+diff --git a/sysdeps/unix/sysv/linux/getdents64.c b/sysdeps/unix/sysv/linux/getdents64.c
+index 3bde0cf4f0..bc140b5a7f 100644
+--- a/sysdeps/unix/sysv/linux/getdents64.c
++++ b/sysdeps/unix/sysv/linux/getdents64.c
+@@ -33,41 +33,80 @@ strong_alias (__getdents64, __getdents)
+ # include <shlib-compat.h>
+ 
+ # if SHLIB_COMPAT(libc, GLIBC_2_1, GLIBC_2_2)
+-# include <olddirent.h>
++#  include <olddirent.h>
++#  include <unistd.h>
+ 
+-/* kernel definition of as of 3.2.  */
+-struct compat_linux_dirent
++static ssize_t
++handle_overflow (int fd, __off64_t offset, ssize_t count)
+ {
+-  /* Both d_ino and d_off are compat_ulong_t which are defined in all
+-     architectures as 'u32'.  */
+-  uint32_t        d_ino;
+-  uint32_t        d_off;
+-  unsigned short  d_reclen;
+-  char            d_name[1];
+-};
++  /* If this is the first entry in the buffer, we can report the
++     error.  */
++  if (count == 0)
++    {
++      __set_errno (EOVERFLOW);
++      return -1;
++    }
++
++  /* Otherwise, seek to the overflowing entry, so that the next call
++     will report the error, and return the data read so far..  */
++  if (__lseek64 (fd, offset, SEEK_SET) != 0)
++    return -1;
++  return count;
++}
+ 
+ ssize_t
+ __old_getdents64 (int fd, char *buf, size_t nbytes)
+ {
+-  ssize_t retval = INLINE_SYSCALL_CALL (getdents, fd, buf, nbytes);
++  /* We do not move the individual directory entries.  This is only
++     possible if the target type (struct __old_dirent64) is smaller
++     than the source type.  */
++  _Static_assert (offsetof (struct __old_dirent64, d_name)
++		  <= offsetof (struct dirent64, d_name),
++		  "__old_dirent64 is larger than dirent64");
++  _Static_assert (__alignof__ (struct __old_dirent64)
++		  <= __alignof__ (struct dirent64),
++		  "alignment of __old_dirent64 is larger than dirent64");
+ 
+-  /* The kernel added the d_type value after the name.  Change this now.  */
+-  if (retval != -1)
++  ssize_t retval = INLINE_SYSCALL_CALL (getdents64, fd, buf, nbytes);
++  if (retval > 0)
+     {
+-      union
+-      {
+-	struct compat_linux_dirent k;
+-	struct dirent u;
+-      } *kbuf = (void *) buf;
+-
+-      while ((char *) kbuf < buf + retval)
++      char *p = buf;
++      char *end = buf + retval;
++      while (p < end)
+ 	{
+-	  char d_type = *((char *) kbuf + kbuf->k.d_reclen - 1);
+-	  memmove (kbuf->u.d_name, kbuf->k.d_name,
+-		   strlen (kbuf->k.d_name) + 1);
+-	  kbuf->u.d_type = d_type;
++	  struct dirent64 *source = (struct dirent64 *) p;
++
++	  /* Copy out the fixed-size data.  */
++	  __ino_t ino = source->d_ino;
++	  __off64_t offset = source->d_off;
++	  unsigned int reclen = source->d_reclen;
++	  unsigned char type = source->d_type;
++
++	  /* Check for ino_t overflow.  */
++	  if (__glibc_unlikely (ino != source->d_ino))
++	    return handle_overflow (fd, offset, p - buf);
++
++	  /* Convert to the target layout.  Use a separate struct and
++	     memcpy to side-step aliasing issues.  */
++	  struct __old_dirent64 result;
++	  result.d_ino = ino;
++	  result.d_off = offset;
++	  result.d_reclen = reclen;
++	  result.d_type = type;
++
++	  /* Write the fixed-sized part of the result to the
++	     buffer.  */
++	  size_t result_name_offset = offsetof (struct __old_dirent64, d_name);
++	  memcpy (p, &result, result_name_offset);
++
++	  /* Adjust the position of the name if necessary.  Copy
++	     everything until the end of the record, including the
++	     terminating NUL byte.  */
++	  if (result_name_offset != offsetof (struct dirent64, d_name))
++	    memmove (p + result_name_offset, source->d_name,
++		     reclen - offsetof (struct dirent64, d_name));
+ 
+-	  kbuf = (void *) ((char *) kbuf + kbuf->k.d_reclen);
++	  p += reclen;
+ 	}
+      }
+   return retval;
+
+diff --git a/misc/error.c b/misc/error.c
+index b4e8b6c938..03378e2f2a 100644
+--- a/misc/error.c
++++ b/misc/error.c
+@@ -319,6 +319,7 @@ error (int status, int errnum, const char *message, ...)
+ 
+   va_start (args, message);
+   error_tail (status, errnum, message, args);
++  va_end (args);
+ 
+ #ifdef _LIBC
+   _IO_funlockfile (stderr);
+@@ -390,6 +391,7 @@ error_at_line (int status, int errnum, const char *file_name,
+ 
+   va_start (args, message);
+   error_tail (status, errnum, message, args);
++  va_end (args);
+ 
+ #ifdef _LIBC
+   _IO_funlockfile (stderr);
+
+diff --git a/nscd/nscd_conf.c b/nscd/nscd_conf.c
+index 265a02434d..7293b795b6 100644
+--- a/nscd/nscd_conf.c
++++ b/nscd/nscd_conf.c
+@@ -190,7 +190,10 @@ nscd_parse_file (const char *fname, struct database_dyn dbs[lastdb])
+ 	  if (!arg1)
+ 	    error (0, 0, _("Must specify user name for server-user option"));
+ 	  else
+-	    server_user = xstrdup (arg1);
++	    {
++	      free ((char *) server_user);
++	      server_user = xstrdup (arg1);
++	    }
+ 	}
+       else if (strcmp (entry, "stat-user") == 0)
+ 	{
+@@ -198,6 +201,7 @@ nscd_parse_file (const char *fname, struct database_dyn dbs[lastdb])
+ 	    error (0, 0, _("Must specify user name for stat-user option"));
+ 	  else
+ 	    {
++	      free ((char *) stat_user);
+ 	      stat_user = xstrdup (arg1);
+ 
+ 	      struct passwd *pw = getpwnam (stat_user);
+
+diff --git a/nss/nss_files/files-alias.c b/nss/nss_files/files-alias.c
+index cfd34b66b9..35b0bfc5d2 100644
+--- a/nss/nss_files/files-alias.c
++++ b/nss/nss_files/files-alias.c
+@@ -221,6 +221,13 @@ get_next_alias (FILE *stream, const char *match, struct aliasent *result,
+ 			{
+ 			  while (! feof_unlocked (listfile))
+ 			    {
++			      if (room_left < 2)
++				{
++				  free (old_line);
++				  fclose (listfile);
++				  goto no_more_room;
++				}
++
+ 			      first_unused[room_left - 1] = '\xff';
+ 			      line = fgets_unlocked (first_unused, room_left,
+ 						     listfile);
+@@ -229,6 +236,7 @@ get_next_alias (FILE *stream, const char *match, struct aliasent *result,
+ 			      if (first_unused[room_left - 1] != '\xff')
+ 				{
+ 				  free (old_line);
++				  fclose (listfile);
+ 				  goto no_more_room;
+ 				}
+ 
+@@ -256,6 +264,7 @@ get_next_alias (FILE *stream, const char *match, struct aliasent *result,
+ 						       + __alignof__ (char *)))
+ 					{
+ 					  free (old_line);
++					  fclose (listfile);
+ 					  goto no_more_room;
+ 					}
+ 				      room_left -= ((first_unused - cp)
+
diff --git a/gnu/packages/patches/jemalloc-arm-address-bits.patch b/gnu/packages/patches/jemalloc-arm-address-bits.patch
deleted file mode 100644
index f2ef24c25a..0000000000
--- a/gnu/packages/patches/jemalloc-arm-address-bits.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 8cfc9dec37b312a2686f602bbcdd102ca07cca99 Mon Sep 17 00:00:00 2001
-From: David Goldblatt <davidgoldblatt@fb.com>
-Date: Fri, 29 Sep 2017 13:54:08 -0700
-Subject: [PATCH] ARM: Don't extend bit LG_VADDR to compute high address bits.
-
-In userspace ARM on Linux, zero-ing the high bits is the correct way to do this.
-This doesn't fix the fact that we currently set LG_VADDR to 48 on ARM, when in
-fact larger virtual address sizes are coming soon.  We'll cross that bridge when
-we come to it.
----
- include/jemalloc/internal/rtree.h | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/include/jemalloc/internal/rtree.h b/include/jemalloc/internal/rtree.h
-index b5d4db39..4563db23 100644
---- a/include/jemalloc/internal/rtree.h
-+++ b/include/jemalloc/internal/rtree.h
-@@ -178,9 +178,21 @@ rtree_leaf_elm_bits_read(tsdn_t *tsdn, rtree_t *rtree, rtree_leaf_elm_t *elm,
- 
- JEMALLOC_ALWAYS_INLINE extent_t *
- rtree_leaf_elm_bits_extent_get(uintptr_t bits) {
-+#    ifdef __aarch64__
-+	/*
-+	 * aarch64 doesn't sign extend the highest virtual address bit to set
-+	 * the higher ones.  Instead, the high bits gets zeroed.
-+	 */
-+	uintptr_t high_bit_mask = ((uintptr_t)1 << LG_VADDR) - 1;
-+	/* Mask off the slab bit. */
-+	uintptr_t low_bit_mask = ~(uintptr_t)1;
-+	uintptr_t mask = high_bit_mask & low_bit_mask;
-+	return (extent_t *)(bits & mask);
-+#    else
- 	/* Restore sign-extended high bits, mask slab bit. */
- 	return (extent_t *)((uintptr_t)((intptr_t)(bits << RTREE_NHIB) >>
- 	    RTREE_NHIB) & ~((uintptr_t)0x1));
-+#    endif
- }
- 
- JEMALLOC_ALWAYS_INLINE szind_t
diff --git a/gnu/packages/patches/libgcrypt-make-yat2m-reproducible.patch b/gnu/packages/patches/libgcrypt-make-yat2m-reproducible.patch
new file mode 100644
index 0000000000..3056f0baad
--- /dev/null
+++ b/gnu/packages/patches/libgcrypt-make-yat2m-reproducible.patch
@@ -0,0 +1,32 @@
+Make yat2m in libgcrypt respect SOURCE_DATE_EPOCH, making
+the build reproducible.
+
+This was already fixed upstream in GnuPG:
+https://dev.gnupg.org/rG139de02b93773615bdd95e04a7f0c1ad73b4f6fb
+
+and in libgpg-error:
+https://dev.gnupg.org/rE5494a5728418938d2e42158bb646b07124184e64
+
+
+--- a/doc/yat2m.c 2017-11-23 19:16:58.000000000 +0100
++++ b/doc/yat2m.c 2017-08-28 12:22:54.000000000 +0200
+@@ -1475,6 +1484,7 @@
+ main (int argc, char **argv)
+ {
+   int last_argc = -1;
++  const char *s;
+ 
+   opt_source = "GNU";
+   opt_release = "";
+@@ -1608,6 +1618,11 @@
+   if (argc > 1)
+     die ("usage: " PGM " [OPTION] [FILE] (try --help for more information)\n");
+ 
++  /* Take care of supplied timestamp for reproducible builds.  See
++   * https://reproducible-builds.org/specs/source-date-epoch/  */
++  if (!opt_date && (s = getenv ("SOURCE_DATE_EPOCH")) && *s)
++    opt_date = s;
++
+   /* Start processing. */
+   if (argc && strcmp (*argv, "-"))
+     {
diff --git a/gnu/packages/patches/libgpg-error-aarch64-logging-fix.patch b/gnu/packages/patches/libgpg-error-aarch64-logging-fix.patch
deleted file mode 100644
index d848d639b2..0000000000
--- a/gnu/packages/patches/libgpg-error-aarch64-logging-fix.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=patch;h=791177de023574223eddf7288eb7c5a0721ac623
-
-From 791177de023574223eddf7288eb7c5a0721ac623 Mon Sep 17 00:00:00 2001
-From: Werner Koch <wk@gnupg.org>
-Date: Sun, 18 Mar 2018 17:39:43 +0100
-Subject: [PATCH] core: Fix regression on arm64 due to invalid use of va_list.
-
-* src/logging.c (_gpgrt_log_printhex): Provide a dummy arg instead of
-NULL.
---
-
-Fix
-Suggested-by: Jakub Wilk <jwilk@jwilk.net>
-
-Signed-off-by: Werner Koch <wk@gnupg.org>
----
- src/logging.c | 18 ++++++++++++++----
- 1 file changed, 14 insertions(+), 4 deletions(-)
-
-diff --git a/src/logging.c b/src/logging.c
-index 1a4f620..d01f974 100644
---- a/src/logging.c
-+++ b/src/logging.c
-@@ -1090,9 +1090,10 @@ _gpgrt_log_flush (void)
- 
- 
- /* Print a hexdump of (BUFFER,LENGTH).  With FMT passed as NULL print
-- * just the raw dump, with FMT being an empty string, print a trailing
-- * linefeed, otherwise print an entire debug line with the expanded
-- * FMT followed by a possible wrapped hexdump and a final LF.  */
-+ * just the raw dump (in this case ARG_PTR is not used), with FMT
-+ * being an empty string, print a trailing linefeed, otherwise print
-+ * an entire debug line with the expanded FMT followed by a possible
-+ * wrapped hexdump and a final LF.  */
- void
- _gpgrt_logv_printhex (const void *buffer, size_t length,
-                       const char *fmt, va_list arg_ptr)
-@@ -1150,7 +1151,16 @@ _gpgrt_log_printhex (const void *buffer, size_t length,
-       va_end (arg_ptr);
-     }
-   else
--    _gpgrt_logv_printhex (buffer, length, NULL, NULL);
-+    {
-+      /* va_list is not necessary a pointer and thus we can't use NULL
-+       * because that would conflict with platforms using a straight
-+       * struct for it (e.g. arm64).  We use a dummy variable instead;
-+       * the static is a simple way zero it out so to not get
-+       * complains about uninitialized use.  */
-+      static va_list dummy_argptr;
-+
-+      _gpgrt_logv_printhex (buffer, length, NULL, dummy_argptr);
-+    }
- }
- 
- 
--- 
-2.8.0.rc3
-
diff --git a/gnu/packages/patches/m4-gnulib-libio.patch b/gnu/packages/patches/m4-gnulib-libio.patch
new file mode 100644
index 0000000000..a26622ccf3
--- /dev/null
+++ b/gnu/packages/patches/m4-gnulib-libio.patch
@@ -0,0 +1,128 @@
+Adjust the bundled gnulib to cope with removal of libio interface in
+glibc 2.28.
+
+Based on this upstream patch, without hunks that do not apply to m4:
+https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=4af4a4a71827c0bc5e0ec67af23edef4f15cee8e
+
+diff --git a/lib/fflush.c b/lib/fflush.c
+index 983ade0..a6edfa1 100644
+--- a/lib/fflush.c
++++ b/lib/fflush.c
+@@ -33,7 +33,7 @@
+ #undef fflush
+ 
+ 
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+ 
+ /* Clear the stream's ungetc buffer, preserving the value of ftello (fp).  */
+ static void
+@@ -72,7 +72,7 @@ clear_ungetc_buffer (FILE *fp)
+ 
+ #endif
+ 
+-#if ! (defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */)
++#if ! (defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */)
+ 
+ # if (defined __sferror || defined __DragonFly__ || defined __ANDROID__) && defined __SNPT
+ /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */
+@@ -148,7 +148,7 @@ rpl_fflush (FILE *stream)
+   if (stream == NULL || ! freading (stream))
+     return fflush (stream);
+ 
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+ 
+   clear_ungetc_buffer_preserving_position (stream);
+ 
+diff --git a/lib/fpending.c b/lib/fpending.c
+index c84e3a5..789f50e 100644
+--- a/lib/fpending.c
++++ b/lib/fpending.c
+@@ -32,7 +32,7 @@ __fpending (FILE *fp)
+   /* Most systems provide FILE as a struct and the necessary bitmask in
+      <stdio.h>, because they need it for implementing getc() and putc() as
+      fast macros.  */
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+   return fp->_IO_write_ptr - fp->_IO_write_base;
+ #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__
+   /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */
+diff --git a/lib/fpurge.c b/lib/fpurge.c
+index b1d417c..3aedcc3 100644
+--- a/lib/fpurge.c
++++ b/lib/fpurge.c
+@@ -62,7 +62,7 @@ fpurge (FILE *fp)
+   /* Most systems provide FILE as a struct and the necessary bitmask in
+      <stdio.h>, because they need it for implementing getc() and putc() as
+      fast macros.  */
+-# if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++# if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+   fp->_IO_read_end = fp->_IO_read_ptr;
+   fp->_IO_write_ptr = fp->_IO_write_base;
+   /* Avoid memory leak when there is an active ungetc buffer.  */
+diff --git a/lib/freadahead.c b/lib/freadahead.c
+index c2ecb5b..23ec76e 100644
+--- a/lib/freadahead.c
++++ b/lib/freadahead.c
+@@ -30,7 +30,7 @@ extern size_t __sreadahead (FILE *);
+ size_t
+ freadahead (FILE *fp)
+ {
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+   if (fp->_IO_write_ptr > fp->_IO_write_base)
+     return 0;
+   return (fp->_IO_read_end - fp->_IO_read_ptr)
+diff --git a/lib/freading.c b/lib/freading.c
+index 73c28ac..c24d0c8 100644
+--- a/lib/freading.c
++++ b/lib/freading.c
+@@ -31,7 +31,7 @@ freading (FILE *fp)
+   /* Most systems provide FILE as a struct and the necessary bitmask in
+      <stdio.h>, because they need it for implementing getc() and putc() as
+      fast macros.  */
+-# if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++# if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+   return ((fp->_flags & _IO_NO_WRITES) != 0
+           || ((fp->_flags & (_IO_NO_READS | _IO_CURRENTLY_PUTTING)) == 0
+               && fp->_IO_read_base != NULL));
+diff --git a/lib/fseeko.c b/lib/fseeko.c
+index 0101ab5..193f4e8 100644
+--- a/lib/fseeko.c
++++ b/lib/fseeko.c
+@@ -47,7 +47,7 @@ fseeko (FILE *fp, off_t offset, int whence)
+ #endif
+ 
+   /* These tests are based on fpurge.c.  */
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+   if (fp->_IO_read_end == fp->_IO_read_ptr
+       && fp->_IO_write_ptr == fp->_IO_write_base
+       && fp->_IO_save_base == NULL)
+@@ -123,7 +123,7 @@ fseeko (FILE *fp, off_t offset, int whence)
+           return -1;
+         }
+ 
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+       fp->_flags &= ~_IO_EOF_SEEN;
+       fp->_offset = pos;
+ #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__
+diff --git a/lib/stdio-impl.h b/lib/stdio-impl.h
+index 78d896e..05c5752 100644
+--- a/lib/stdio-impl.h
++++ b/lib/stdio-impl.h
+@@ -18,6 +18,12 @@
+    the same implementation of stdio extension API, except that some fields
+    have different naming conventions, or their access requires some casts.  */
+ 
++/* Glibc 2.28 made _IO_IN_BACKUP private.  For now, work around this
++   problem by defining it ourselves.  FIXME: Do not rely on glibc
++   internals.  */
++#if !defined _IO_IN_BACKUP && defined _IO_EOF_SEEN
++# define _IO_IN_BACKUP 0x100
++#endif
+ 
+ /* BSD stdio derived implementations.  */
+ 
diff --git a/gnu/packages/patches/mariadb-gcc-ice.patch b/gnu/packages/patches/mariadb-gcc-ice.patch
deleted file mode 100644
index 59b188f45a..0000000000
--- a/gnu/packages/patches/mariadb-gcc-ice.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Work around this GCC ICE: <https://bugs.gnu.org/31708>.  It shows up
-only when doing native compiles on armhf-linux.
-
---- mariadb-10.1.33/plugin/semisync/semisync_master.cc	2018-07-28 02:13:12.604020250 +0200
-+++ mariadb-10.1.33/plugin/semisync/semisync_master.cc	2018-07-28 02:14:11.907753417 +0200
-@@ -847,6 +847,8 @@
-   return function_exit(kWho, 0);
- }
- 
-+volatile const void *kSyncHeaderPtr = &ReplSemiSyncMaster::kSyncHeader;
-+
- int ReplSemiSyncMaster::reserveSyncHeader(unsigned char *header,
- 					  unsigned long size)
- {
-@@ -873,7 +875,7 @@
-     /* Set the magic number and the sync status.  By default, no sync
-      * is required.
-      */
--    memcpy(header, kSyncHeader, sizeof(kSyncHeader));
-+    memcpy(header, (void *)kSyncHeaderPtr, sizeof(kSyncHeader));
-     hlen= sizeof(kSyncHeader);
-   }
-   return function_exit(kWho, hlen);
-
diff --git a/gnu/packages/patches/meson-for-build-rpath.patch b/gnu/packages/patches/meson-for-build-rpath.patch
index 59249e294d..ef9a73f07c 100644
--- a/gnu/packages/patches/meson-for-build-rpath.patch
+++ b/gnu/packages/patches/meson-for-build-rpath.patch
@@ -2,10 +2,10 @@ This patch removes a part of meson that clears the rpath upon installation.
 This will only be applied to a special version of meson, used for the
 meson-build-system.
 
-Patch by Peter Mikkelsen <petermikkelsen10@gmail.com>
+Original patch for Meson 0.42.0 by Peter Mikkelsen <petermikkelsen10@gmail.com>
 
---- meson-0.42.0/mesonbuild/minstall.py.orig	2017-09-09 01:49:39.147374148 +0200
-+++ meson-0.42.0/mesonbuild/minstall.py	2017-09-09 01:51:01.209134717 +0200
+--- meson-0.47.1/mesonbuild/minstall.py.old	2018-08-10 11:01:27.812327013 +0200
++++ meson-0.47.1/mesonbuild/minstall.py	2018-08-10 11:01:51.940368505 +0200
 @@ -436,15 +436,6 @@
                          print("Symlink creation does not work on this platform. "
                                "Skipping all symlinking.")
diff --git a/gnu/packages/patches/perf-gcc-ice.patch b/gnu/packages/patches/perf-gcc-ice.patch
deleted file mode 100644
index 58ab5359c2..0000000000
--- a/gnu/packages/patches/perf-gcc-ice.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Work around this GCC ICE: <https://bugs.gnu.org/31708>.
-
---- linux-4.16.13/tools/perf/util/header.c	2018-06-04 11:30:39.368146035 +0200
-+++ linux-4.16.13/tools/perf/util/header.c	2018-06-04 11:34:04.667212378 +0200
-@@ -135,7 +135,7 @@ int do_write(struct feat_fd *ff, const v
- int write_padded(struct feat_fd *ff, const void *bf,
- 		 size_t count, size_t count_aligned)
- {
--	static const char zero_buf[NAME_ALIGN];
-+	static const char zero_buf[NAME_ALIGN] = { 0 };
- 	int err = do_write(ff, bf, count);
- 
- 	if (!err)
diff --git a/gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch b/gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch
deleted file mode 100644
index 6460cf5855..0000000000
--- a/gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix CVE-2018-12015:
-
-https://security-tracker.debian.org/tracker/CVE-2018-12015
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12015
-https://rt.cpan.org/Ticket/Display.html?id=125523
-
-Patch taken from this upstream commit and adapted to apply to
-the bundled copy in the Perl distribution:
-
-https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5
-
-diff --git a/cpan/Archive-Tar/lib/Archive/Tar.pm b/cpan/Archive-Tar/lib/Archive/Tar.pm
-index 6244369..a83975f 100644
---- a/cpan/Archive-Tar/lib/Archive/Tar.pm
-+++ b/cpan/Archive-Tar/lib/Archive/Tar.pm
-@@ -845,6 +845,20 @@ sub _extract_file {
-         return;
-     }
- 
-+    ### If a file system already contains a block device with the same name as
-+    ### the being extracted regular file, we would write the file's content
-+    ### to the block device. So remove the existing file (block device) now.
-+    ### If an archive contains multiple same-named entries, the last one
-+    ### should replace the previous ones. So remove the old file now.
-+    ### If the old entry is a symlink to a file outside of the CWD, the new
-+    ### entry would create a file there. This is CVE-2018-12015
-+    ### <https://rt.cpan.org/Ticket/Display.html?id=125523>.
-+    if (-l $full || -e _) {
-+	if (!unlink $full) {
-+	    $self->_error( qq[Could not remove old file '$full': $!] );
-+	    return;
-+	}
-+    }
-     if( length $entry->type && $entry->is_file ) {
-         my $fh = IO::File->new;
-         $fh->open( $full, '>' ) or (
diff --git a/gnu/packages/patches/perl-deterministic-ordering.patch b/gnu/packages/patches/perl-deterministic-ordering.patch
index 92e33ef135..be63d5cde3 100644
--- a/gnu/packages/patches/perl-deterministic-ordering.patch
+++ b/gnu/packages/patches/perl-deterministic-ordering.patch
@@ -12,10 +12,10 @@ reproducibility.
  cpan/Devel-PPPort/PPPort_xs.PL | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/cpan/Devel-PPPort/PPPort_xs.PL b/cpan/Devel-PPPort/PPPort_xs.PL
+diff --git a/dist/Devel-PPPort/PPPort_xs.PL b/dist/Devel-PPPort/PPPort_xs.PL
 index 5f18940..149f2fe 100644
---- a/cpan/Devel-PPPort/PPPort_xs.PL
-+++ b/cpan/Devel-PPPort/PPPort_xs.PL
+--- a/dist/Devel-PPPort/PPPort_xs.PL
++++ b/dist/Devel-PPPort/PPPort_xs.PL
 @@ -38,7 +38,7 @@ END
  my $file;
  my $sec;
diff --git a/gnu/packages/patches/perl-file-path-CVE-2017-6512.patch b/gnu/packages/patches/perl-file-path-CVE-2017-6512.patch
deleted file mode 100644
index 28ab067599..0000000000
--- a/gnu/packages/patches/perl-file-path-CVE-2017-6512.patch
+++ /dev/null
@@ -1,173 +0,0 @@
-Fix CVE-2017-6512:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6512
-https://rt.cpan.org/Public/Bug/Display.html?id=121951
-
-Patch copied from Debian, adapted to apply to the copy of File::Path in Perl
-5.24.0.
-
-https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2
-https://anonscm.debian.org/cgit/perl/perl.git/diff/debian/patches/fixes/file_path_chmod_race.diff?id=e7b50f8fb6413f8ddfbbfda2d531615fb029e2d3
-
-From d760748be0efca7c05454440e24f3df77bf7cf5d Mon Sep 17 00:00:00 2001
-From: John Lightsey <john@nixnuts.net>
-Date: Tue, 2 May 2017 12:03:52 -0500
-Subject: Prevent directory chmod race attack.
-
-CVE-2017-6512 is a race condition attack where the chmod() of directories
-that cannot be entered is misused to change the permissions on other
-files or directories on the system. This has been corrected by limiting
-the directory-permission loosening logic to systems where fchmod() is
-supported.
-
-[Backported (whitespace adjustments) to File-Path 2.12 / perl 5.24 by
-Dominic Hargreaves for Debian.]
-
-Bug: https://rt.cpan.org/Public/Bug/Display.html?id=121951
-Bug-Debian: https://bugs.debian.org/863870
-Patch-Name: fixes/file_path_chmod_race.diff
----
- cpan/File-Path/lib/File/Path.pm | 39 +++++++++++++++++++++++++--------------
- cpan/File-Path/t/Path.t         | 40 ++++++++++++++++++++++++++--------------
- 2 files changed, 51 insertions(+), 28 deletions(-)
-
-diff --git a/cpan/File-Path/lib/File/Path.pm b/cpan/File-Path/lib/File/Path.pm
-index 034da1e..a824cc8 100644
---- a/cpan/File-Path/lib/File/Path.pm
-+++ b/cpan/File-Path/lib/File/Path.pm
-@@ -354,21 +354,32 @@ sub _rmtree {
- 
-                 # see if we can escalate privileges to get in
-                 # (e.g. funny protection mask such as -w- instead of rwx)
--                $perm &= oct '7777';
--                my $nperm = $perm | oct '700';
--                if (
--                    !(
--                           $arg->{safe}
--                        or $nperm == $perm
--                        or chmod( $nperm, $root )
--                    )
--                  )
--                {
--                    _error( $arg,
--                        "cannot make child directory read-write-exec", $canon );
--                    next ROOT_DIR;
-+                # This uses fchmod to avoid traversing outside of the proper
-+                # location (CVE-2017-6512)
-+                my $root_fh;
-+                if (open($root_fh, '<', $root)) {
-+                    my ($fh_dev, $fh_inode) = (stat $root_fh )[0,1];
-+                    $perm &= oct '7777';
-+                    my $nperm = $perm | oct '700';
-+                    local $@;
-+                    if (
-+                        !(
-+                            $arg->{safe}
-+                           or $nperm == $perm
-+                           or !-d _
-+                           or $fh_dev ne $ldev
-+                           or $fh_inode ne $lino
-+                           or eval { chmod( $nperm, $root_fh ) }
-+                        )
-+                      )
-+                    {
-+                        _error( $arg,
-+                            "cannot make child directory read-write-exec", $canon );
-+                        next ROOT_DIR;
-+                    }
-+                    close $root_fh;
-                 }
--                elsif ( !chdir($root) ) {
-+                if ( !chdir($root) ) {
-                     _error( $arg, "cannot chdir to child", $canon );
-                     next ROOT_DIR;
-                 }
-diff --git a/cpan/File-Path/t/Path.t b/cpan/File-Path/t/Path.t
-index ff52fd6..956ca09 100644
---- a/cpan/File-Path/t/Path.t
-+++ b/cpan/File-Path/t/Path.t
-@@ -3,7 +3,7 @@
- 
- use strict;
- 
--use Test::More tests => 127;
-+use Test::More tests => 126;
- use Config;
- use Fcntl ':mode';
- use lib 't/';
-@@ -18,6 +18,13 @@ BEGIN {
- 
- my $Is_VMS = $^O eq 'VMS';
- 
-+my $fchmod_supported = 0;
-+if (open my $fh, curdir()) {
-+    my ($perm) = (stat($fh))[2];
-+    $perm &= 07777;
-+    eval { $fchmod_supported = chmod( $perm, $fh); };
-+}
-+
- # first check for stupid permissions second for full, so we clean up
- # behind ourselves
- for my $perm (0111,0777) {
-@@ -299,16 +306,19 @@ is($created[0], $dir, "created directory (old style 3 mode undef) cross-check");
- 
- is(rmtree($dir, 0, undef), 1, "removed directory 3 verbose undef");
- 
--$dir = catdir($tmp_base,'G');
--$dir = VMS::Filespec::unixify($dir) if $Is_VMS;
-+SKIP: {
-+    skip "fchmod of directories not supported on this platform", 3 unless $fchmod_supported;
-+    $dir = catdir($tmp_base,'G');
-+    $dir = VMS::Filespec::unixify($dir) if $Is_VMS;
- 
--@created = mkpath($dir, undef, 0200);
-+    @created = mkpath($dir, undef, 0400);
- 
--is(scalar(@created), 1, "created write-only dir");
-+    is(scalar(@created), 1, "created read-only dir");
- 
--is($created[0], $dir, "created write-only directory cross-check");
-+    is($created[0], $dir, "created read-only directory cross-check");
- 
--is(rmtree($dir), 1, "removed write-only dir");
-+    is(rmtree($dir), 1, "removed read-only dir");
-+}
- 
- # borderline new-style heuristics
- if (chdir $tmp_base) {
-@@ -450,26 +460,28 @@ SKIP: {
- }
- 
- SKIP : {
--    my $skip_count = 19;
-+    my $skip_count = 18;
-     # this test will fail on Windows, as per:
-     #   http://perldoc.perl.org/perlport.html#chmod
- 
-     skip "Windows chmod test skipped", $skip_count
-         if $^O eq 'MSWin32';
-+    skip "fchmod() on directories is not supported on this platform", $skip_count
-+        unless $fchmod_supported;
-     my $mode;
-     my $octal_mode;
-     my @inputs = (
--      0777, 0700, 0070, 0007,
--      0333, 0300, 0030, 0003,
--      0111, 0100, 0010, 0001,
--      0731, 0713, 0317, 0371, 0173, 0137,
--      00 );
-+      0777, 0700, 0470, 0407,
-+      0433, 0400, 0430, 0403,
-+      0111, 0100, 0110, 0101,
-+      0731, 0713, 0317, 0371,
-+      0173, 0137);
-     my $input;
-     my $octal_input;
--    $dir = catdir($tmp_base, 'chmod_test');
- 
-     foreach (@inputs) {
-         $input = $_;
-+        $dir = catdir($tmp_base, sprintf("chmod_test%04o", $input));
-         # We can skip from here because 0 is last in the list.
-         skip "Mode of 0 means assume user defaults on VMS", 1
-           if ($input == 0 && $Is_VMS);
diff --git a/gnu/packages/patches/texinfo-perl-compat.patch b/gnu/packages/patches/texinfo-perl-compat.patch
new file mode 100644
index 0000000000..a7348fde0d
--- /dev/null
+++ b/gnu/packages/patches/texinfo-perl-compat.patch
@@ -0,0 +1,51 @@
+Fix compatibility with newer Perls.
+
+The first patch is taken from upstream:
+https://svn.savannah.gnu.org/viewvc/texinfo?view=revision&revision=8008
+
+The second gets rid of a deprecation warning that breaks some tests.
+Taken from Fedora: <https://bugzilla.redhat.com/show_bug.cgi?id=1590308>.
+
+--- trunk/tp/Texinfo/Convert/XSParagraph/xspara.c	2017/04/30 14:57:26	7765
++++ trunk/tp/Texinfo/Convert/XSParagraph/xspara.c	2018/07/13 15:39:29	8008
+@@ -248,6 +248,11 @@
+ 
+   dTHX;
+ 
++#if PERL_VERSION > 27 || (PERL_VERSION == 27 && PERL_SUBVERSION > 8)
++  /* needed due to thread-safe locale handling in newer perls */
++  switch_to_global_locale();
++#endif
++
+   if (setlocale (LC_CTYPE, "en_US.UTF-8")
+       || setlocale (LC_CTYPE, "en_US.utf8"))
+     goto success;
+@@ -320,6 +325,10 @@
+     {
+ success: ;
+       free (utf8_locale);
++#if PERL_VERSION > 27 || (PERL_VERSION == 27 && PERL_SUBVERSION > 8)
++      /* needed due to thread-safe locale handling in newer perls */
++      sync_locale();
++#endif
+       /*
+       fprintf (stderr, "tried to set LC_CTYPE to UTF-8.\n");
+       fprintf (stderr, "character encoding is: %s\n",
+
+diff -up texinfo-6.5/tp/Texinfo/Parser.pm.orig texinfo-6.5/tp/Texinfo/Parser.pm
+--- texinfo-6.5/tp/Texinfo/Parser.pm.orig	2018-06-12 13:40:29.356030136 +0200
++++ texinfo-6.5/tp/Texinfo/Parser.pm	2018-06-12 13:41:28.357725639 +0200
+@@ -5478,11 +5478,11 @@ sub _parse_special_misc_command($$$$)
+     }
+   } elsif ($command eq 'clickstyle') {
+     # REMACRO
+-    if ($line =~ /^\s+@([[:alnum:]][[:alnum:]\-]*)({})?\s*/) {
++    if ($line =~ /^\s+@([[:alnum:]][[:alnum:]\-]*)(\{})?\s*/) {
+       $args = ['@'.$1];
+       $self->{'clickstyle'} = $1;
+       $remaining = $line;
+-      $remaining =~ s/^\s+@([[:alnum:]][[:alnum:]\-]*)({})?\s*(\@(c|comment)((\@|\s+).*)?)?//;
++      $remaining =~ s/^\s+@([[:alnum:]][[:alnum:]\-]*)(\{})?\s*(\@(c|comment)((\@|\s+).*)?)?//;
+       $has_comment = 1 if (defined($4));
+     } else {
+       $self->line_error (sprintf($self->__(
diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm
index 5719b7bb45..564a23d012 100644
--- a/gnu/packages/pcre.scm
+++ b/gnu/packages/pcre.scm
@@ -35,7 +35,7 @@
 (define-public pcre
   (package
    (name "pcre")
-   (version "8.41")
+   (version "8.42")
    (source (origin
             (method url-fetch)
             (uri (list
@@ -46,11 +46,12 @@
                                  version "/pcre-" version ".tar.bz2")))
             (sha256
              (base32
-              "0c5m469p5pd7jip621ipq6hbgh7128lzh7xndllfgh77ban7wb76"))))
+              "00ckpzlgyr16bnqx8fawa3afjgqxw5yxgs2l081vw23qi1y4pl1c"))))
    (build-system gnu-build-system)
    (outputs '("out"           ;library & headers
               "bin"           ;depends on Readline (adds 20MiB to the closure)
-              "doc"))         ;1.8 MiB of HTML
+              "doc"           ;1.8 MiB of HTML
+              "static"))      ;1.8 MiB static libraries
    (inputs `(("bzip2" ,bzip2)
              ("readline" ,readline)
              ("zlib" ,zlib)))
@@ -63,7 +64,19 @@
                           "--enable-unicode-properties"
                           "--enable-pcre16"
                           "--enable-pcre32"
-                          "--enable-jit")))
+                          "--enable-jit")
+      #:phases (modify-phases %standard-phases
+                 (add-after 'install 'move-static-libs
+                   (lambda* (#:key outputs #:allow-other-keys)
+                     (let ((source (string-append (assoc-ref outputs "out") "/lib"))
+                           (static (string-append (assoc-ref outputs "static") "/lib")))
+                       (mkdir-p static)
+                       (for-each (lambda (lib)
+                                   (link lib (string-append static "/"
+                                                            (basename lib)))
+                                   (delete-file lib))
+                                 (find-files source "\\.a$"))
+                       #t))))))
    (synopsis "Perl Compatible Regular Expressions")
    (description
     "The PCRE library is a set of functions that implement regular expression
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index 2778f1d6a3..b82222c2fe 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -80,14 +80,14 @@
 (define-public poppler
   (package
    (name "poppler")
-   (version "0.63.0")
+   (version "0.67.0")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://poppler.freedesktop.org/poppler-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "04d1z1ygyb3llzc6s6c99wxafvljj2sc5b76djif34f7mzfqmk17"))))
+              "1yb6agmcxf0ixqm65d4aknl0hgmswf94x0k59ic0qqav1wd4yjm3"))))
    (build-system cmake-build-system)
    ;; FIXME:
    ;;  use libcurl:        no
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index 9f62608860..8bdd221a53 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -45,7 +45,6 @@
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system perl)
-  #:use-module (guix utils) ;substitute-keyword-arguments for perl-5.26.2
   #:use-module (gnu packages base)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages freedesktop)
@@ -62,17 +61,15 @@
   ;; Yeah, Perl...  It is required early in the bootstrap process by Linux.
   (package
     (name "perl")
-    (version "5.26.1")
-    (replacement perl/fixed)
+    (version "5.28.0")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://cpan/src/5.0/perl-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "1p81wwvr5jb81m41d07kfywk5gvbk0axdrnvhc2aghcdbr4alqz7"))
+               "1a3f822lcl8dr8v0hk80yyhpzqlljg49z9flb48rs3nbsij9z4ky"))
              (patches (search-patches
-                       "perl-file-path-CVE-2017-6512.patch"
                        "perl-no-sys-dirs.patch"
                        "perl-autosplit-default-time.patch"
                        "perl-deterministic-ordering.patch"
@@ -161,41 +158,6 @@
     (home-page "http://www.perl.org/")
     (license gpl1+)))                          ; or "Artistic"
 
-;; Fixes CVE-2018-6797, CVE-2018-6798, and CVE-2018-6913.
-;; See <https://metacpan.org/changes/release/SHAY/perl-5.26.2>.
-(define perl-5.26.2
-  (package
-    (inherit perl)
-    (version "5.26.2")
-    (source (origin
-              (inherit (package-source perl))
-              (uri (string-append "mirror://cpan/src/5.0/perl-"
-                                  version ".tar.gz"))
-              (patches (append (origin-patches (package-source perl))
-                               (search-patches "perl-archive-tar-CVE-2018-12015.patch")))
-              (sha256
-               (base32
-                "03gpnxx1g6hvlh0v4aqx00580h787sfywp1vlvw64q2xcbm9qbsp"))))))
-
-;; When grafting perl, complications arise when the replacement perl has a
-;; different version number than the original.  So, here we create a version
-;; of perl-5.26.2 that thinks it is version 5.26.1.  See
-;; <https://bugs.gnu.org/31210> and <https://bugs.gnu.org/31216>.
-(define perl/fixed
-  (package
-    (inherit perl-5.26.2)
-    (version "5.26.1")
-    (arguments
-     (substitute-keyword-arguments (package-arguments perl-5.26.2)
-       ((#:phases phases)
-        `(modify-phases ,phases
-           (add-after 'unpack 'revert-perl-subversion
-             (lambda _
-               (substitute* "patchlevel.h"
-                 (("^#define PERL_SUBVERSION	2")
-                  "#define PERL_SUBVERSION	1"))
-               #t))))))))
-
 (define-public perl-algorithm-c3
   (package
     (name "perl-algorithm-c3")
diff --git a/gnu/packages/python-crypto.scm b/gnu/packages/python-crypto.scm
index f612b99d01..176f044df1 100644
--- a/gnu/packages/python-crypto.scm
+++ b/gnu/packages/python-crypto.scm
@@ -340,13 +340,13 @@ password storage.")
 (define-public python-certifi
   (package
     (name "python-certifi")
-    (version "2017.1.23")
+    (version "2018.8.13")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "certifi" version))
               (sha256
                (base32
-                "1klrzl3hgvcf2mjk00g0k3kk1p2z27vzwnxivwar4vhjmjvpz1w1"))))
+                "1x7jy10rz3100g9iw7c2czcw2z4lqfaalsd8yg991l4d82hnh7ac"))))
     (build-system python-build-system)
     (home-page "https://certifi.io/")
     (synopsis "Python CA certificate bundle")
diff --git a/gnu/packages/python-web.scm b/gnu/packages/python-web.scm
index fd76c0c60c..1230f70572 100644
--- a/gnu/packages/python-web.scm
+++ b/gnu/packages/python-web.scm
@@ -1286,14 +1286,14 @@ authenticated session objects providing things like keep-alive.")
 (define-public python-urllib3
   (package
     (name "python-urllib3")
-    (version "1.18.1")
+    (version "1.23")
     (source
       (origin
         (method url-fetch)
         (uri (pypi-uri "urllib3" version))
         (sha256
          (base32
-          "1wb8aqnq53vzh2amrv8kc66f3h6fx217y0q62y6n30a64p2yqmam"))))
+          "1bvbd35q3zdcd7gsv38fwpizy7p06dr0154g5gfybrvnbvhwb2m6"))))
     (build-system python-build-system)
     (arguments `(#:tests? #f))
     (native-inputs
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 3c46102da1..244faa273a 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -145,7 +145,7 @@
 (define-public python-2.7
   (package
     (name "python2")
-    (version "2.7.14")
+    (version "2.7.15")
     (source
      (origin
       (method url-fetch)
@@ -153,7 +153,7 @@
                           version "/Python-" version ".tar.xz"))
       (sha256
        (base32
-        "0rka541ys16jwzcnnvjp2v12m4cwgd2jp6wj4kj511p715pb5zvi"))
+        "0x2mvz9dp11wj7p5ccvmk9s0hzjk2fa1m462p395l4r6bfnb3n92"))
       (patches (search-patches "python-2.7-search-paths.patch"
                                "python-2-deterministic-build-info.patch"
                                "python-2.7-site-prefixes.patch"
@@ -178,23 +178,7 @@
                "tk"))                     ;tkinter; adds 50 MiB to the closure
     (build-system gnu-build-system)
     (arguments
-     `(;; 356 tests OK.
-       ;; 6 tests failed:
-       ;;     test_compileall test_distutils test_import test_shutil test_socket
-       ;;     test_subprocess
-       ;; 39 tests skipped:
-       ;;     test_aepack test_al test_applesingle test_bsddb test_bsddb185
-       ;;     test_bsddb3 test_cd test_cl test_codecmaps_cn test_codecmaps_hk
-       ;;     test_codecmaps_jp test_codecmaps_kr test_codecmaps_tw test_curses
-       ;;     test_dl test_gdb test_gl test_imageop test_imgfile test_ioctl
-       ;;     test_kqueue test_linuxaudiodev test_macos test_macostools
-       ;;     test_msilib test_ossaudiodev test_scriptpackages test_smtpnet
-       ;;     test_socketserver test_startfile test_sunaudiodev test_timeout
-       ;;     test_tk test_ttk_guionly test_urllib2net test_urllibnet
-       ;;     test_winreg test_winsound test_zipfile64
-       ;; 4 skips unexpected on linux2:
-       ;;     test_bsddb test_bsddb3 test_gdb test_ioctl
-       #:test-target "test"
+     `(#:test-target "test"
        #:configure-flags
        (list "--enable-shared"                    ;allow embedding
              "--with-system-ffi"                  ;build ctypes
@@ -219,11 +203,6 @@
                                     "Lib/test/support/__init__.py"
                                     "Lib/test/test_subprocess.py"))
                (("/bin/sh") (which "sh")))
-
-             ;; Use zero as the timestamp in .pyc files so that builds are
-             ;; deterministic.  TODO: Remove it when this variable is set in
-             ;; gnu-build-system.scm.
-             (setenv "SOURCE_DATE_EPOCH" "1")
              #t))
           (add-before 'configure 'do-not-record-configure-flags
             (lambda* (#:key configure-flags #:allow-other-keys)
@@ -281,15 +260,6 @@
                                                               file))))))
                        (call-with-output-file "__init__.py" (const #t))
                        #t)))))))
-          (add-before 'strip 'make-libraries-writable
-            (lambda* (#:key outputs #:allow-other-keys)
-              ;; Make .so files writable so they can be stripped.
-              (let ((out (assoc-ref outputs "out")))
-                (for-each (lambda (file)
-                            (chmod file #o755))
-                          (find-files (string-append out "/lib")
-                                      "\\.so"))
-                #t)))
           (add-after 'install 'move-tk-inter
             (lambda* (#:key outputs #:allow-other-keys)
               ;; When Tkinter support is built move it to a separate output so
@@ -351,10 +321,10 @@ data types.")
     (name "python")
     (properties `((superseded . ,python-2)))))
 
-(define-public python-3.6
+(define-public python-3.7
   (package (inherit python-2)
     (name "python")
-    (version "3.6.5")
+    (version "3.7.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.python.org/ftp/python/"
@@ -367,66 +337,33 @@ data types.")
               (patch-flags '("-p0"))
               (sha256
                (base32
-                "19l7inxm056jjw33zz97z0m02hsi7jnnx5kyb76abj5ml4xhad7l"))
+                "0j9mic5c9lbd2b20wka7hily7szz740wy9ilfrczxap63rnrk0h3"))
               (snippet
                '(begin
                   (for-each delete-file
-                            '("Lib/ctypes/test/test_structures.py" ; fails on aarch64
-                              "Lib/ctypes/test/test_win32.py" ; fails on aarch64
-                              "Lib/test/test_fcntl.py")) ; fails on aarch64
+                            '("Lib/ctypes/test/test_win32.py" ; fails on aarch64
+                              "Lib/test/test_fcntl.py" ; fails on aarch64
+                              "Lib/test/test_posix.py")) ; fails on aarch64
                   #t))))
     (arguments
      (substitute-keyword-arguments (package-arguments python-2)
-       ((#:tests? _) #t)
        ((#:phases phases)
-        `(modify-phases ,phases
-           (add-after 'unpack 'patch-timestamp-for-pyc-files
-             (lambda _
-               ;; We set DETERMINISTIC_BUILD to only override the mtime when
-               ;; building with Guix, lest we break auto-compilation in
-               ;; environments.
-               (setenv "DETERMINISTIC_BUILD" "1")
-               (substitute* "Lib/py_compile.py"
-                 (("source_stats\\['mtime'\\]")
-                  "(1 if 'DETERMINISTIC_BUILD' in os.environ else source_stats['mtime'])"))
-
-               ;; Use deterministic hashes for strings, bytes, and datetime
-               ;; objects.
-               (setenv "PYTHONHASHSEED" "0")
-
-               ;; Reset mtime when validating bytecode header.
-               (substitute* "Lib/importlib/_bootstrap_external.py"
-                 (("source_mtime = int\\(source_stats\\['mtime'\\]\\)")
-                  "source_mtime = 1"))
-               #t))
-           ;; These tests fail because of our change to the bytecode
-           ;; validation.  They fail because expected exceptions do not get
-           ;; thrown.  This seems to be no problem.
-           (add-after 'unpack 'disable-broken-bytecode-tests
-             (lambda _
-               (substitute* "Lib/test/test_importlib/source/test_file_loader.py"
-                 (("test_bad_marshal")
-                  "disable_test_bad_marshal")
-                 (("test_no_marshal")
-                  "disable_test_no_marshal")
-                 (("test_non_code_marshal")
-                  "disable_test_non_code_marshal"))
-               #t))
-           ;; Unset DETERMINISTIC_BUILD to allow for tests that check that
-           ;; stale pyc files are rebuilt.
-           (add-before 'check 'allow-non-deterministic-compilation
-             (lambda _ (unsetenv "DETERMINISTIC_BUILD") #t))
-           ;; We need to rebuild all pyc files for three different
-           ;; optimization levels to replace all files that were not built
-           ;; deterministically.
-
-           ;; FIXME: Without this phase we have close to 2000 files that
+       `(modify-phases ,phases
+          ;; Unset SOURCE_DATE_EPOCH while running the test-suite and set it
+          ;; again afterwards.  See <https://bugs.python.org/issue34022>.
+          (add-before 'check 'unset-SOURCE_DATE_EPOCH
+            (lambda _ (unsetenv "SOURCE_DATE_EPOCH") #t))
+          (add-after 'check 'reset-SOURCE_DATE_EPOCH
+            (lambda _ (setenv "SOURCE_DATE_EPOCH" "1") #t))
+           ;; FIXME: Without this phase we have close to 400 files that
            ;; differ across different builds of this package.  With this phase
-           ;; there are about 500 files left that differ.
-           (add-after 'install 'rebuild-bytecode
+           ;; there are 44 files left that differ.
+           (add-after 'remove-tests 'rebuild-bytecode
              (lambda* (#:key outputs #:allow-other-keys)
-               (setenv "DETERMINISTIC_BUILD" "1")
                (let ((out (assoc-ref outputs "out")))
+                 ;; Disable hash randomization to ensure the generated .pycs
+                 ;; are reproducible.
+                 (setenv "PYTHONHASHSEED" "0")
                  (for-each
                   (lambda (opt)
                     (format #t "Compiling with optimization level: ~a\n"
@@ -438,8 +375,7 @@ data types.")
                                          "-m" "compileall"
                                          "-f" ; force rebuild
                                          ;; Don't build lib2to3, because it's Python 2 code.
-                                         ;; Also don't build obviously broken test code.
-                                         "-x" "(lib2to3|test/bad.*)"
+                                         "-x" "lib2to3/.*"
                                          ,file)))
                               (find-files out "\\.py$")))
                   (list '() '("-O") '("-OO")))
@@ -452,7 +388,7 @@ data types.")
                                         "/site-packages"))))))))
 
 ;; Current 3.x version.
-(define-public python-3 python-3.6)
+(define-public python-3 python-3.7)
 
 ;; Current major version.
 (define-public python python-3)
@@ -681,18 +617,24 @@ by @code{binstar}, @code{binstar-build} and @code{chalmers}.")
 (define-public python-babel
   (package
     (name "python-babel")
-    (version "2.3.4")
+    (version "2.6.0")
     (source
      (origin
       (method url-fetch)
       (uri (pypi-uri "Babel" version))
       (sha256
        (base32
-        "0x98qqqw35xllpcama013a9788ly84z8dm1w2wwfpxh2710c8df5"))))
+        "08rxmbx2s4irp0w0gmn498vns5xy0fagm0fg33xa772jiks51flc"))))
     (build-system python-build-system)
+    (native-inputs
+     `(("python-freezegun" ,python-freezegun)
+       ("python-pytest" ,python-pytest)))
     (propagated-inputs
      `(("python-pytz" ,python-pytz)))
-    (arguments `(#:tests? #f)) ; no test target
+    (arguments
+     `(#:phases (modify-phases %standard-phases
+                  (replace 'check
+                    (lambda _ (invoke "pytest" "-vv"))))))
     (home-page "http://babel.pocoo.org/")
     (synopsis
      "Tools for internationalizing Python applications")
@@ -908,14 +850,14 @@ API for locking files.")
 (define-public python-setuptools
   (package
     (name "python-setuptools")
-    (version "31.0.0")
+    (version "40.0.0")
     (source
      (origin
       (method url-fetch)
-      (uri (pypi-uri "setuptools" version))
+      (uri (pypi-uri "setuptools" version ".zip"))
       (sha256
        (base32
-        "0ypybh4hx3bv4vhg2dc74xpj1g56ggnaffm87k4abhwjwq6wq608"))
+        "0pq116lr14gnc62v76nk0npkm6krb2mpp7p9ab369zgv4n7dnah1"))
       (modules '((guix build utils)))
       (snippet
        '(begin
@@ -1750,14 +1692,14 @@ matching them against a list of media-ranges.")
 (define-public python-py
   (package
     (name "python-py")
-    (version "1.5.3")
+    (version "1.5.4")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "py" version))
        (sha256
         (base32
-         "10gq2lckvgwlk9w6yzijhzkarx44hsaknd0ypa08wlnpjnsgmj99"))))
+         "1xxvwfn82457djf55f5n2c94699rfqnk43br8fif2r2q8gvrmm9z"))))
     (build-system python-build-system)
     (arguments
      ;; FIXME: "ImportError: 'test' module incorrectly imported from
@@ -1765,7 +1707,9 @@ matching them against a list of media-ranges.")
      ;; Expected '/tmp/guix-build-python-py-1.4.31.drv-0/py-1.4.31/py'.
      ;; Is this module globally installed?"
      '(#:tests? #f))
-    (home-page "https://pylib.readthedocs.io/")
+    (native-inputs
+     `(("python-setuptools-scm" ,python-setuptools-scm)))
+    (home-page "https://github.com/pytest-dev/py")
     (synopsis "Python library for parsing, I/O, instrospection, and logging")
     (description
      "Py is a Python library for file name parsing, .ini file parsing, I/O,
@@ -2255,7 +2199,7 @@ object.")
 (define-public python-markupsafe
   (package
     (name "python-markupsafe")
-    (version "0.23")
+    (version "1.0")
     (source
      (origin
        (method url-fetch)
@@ -2264,7 +2208,7 @@ object.")
              version ".tar.gz"))
        (sha256
         (base32
-         "1hvip33wva3fnmvfp9x5klqri7hpl1hkgqmjbss18nmrb7zimv54"))))
+         "0rdn1s8x9ni7ss8rfiacj7x1085lx8mh2zdwqslnw8xc3l4nkgm6"))))
     (build-system python-build-system)
     (home-page "https://github.com/mitsuhiko/markupsafe")
     (synopsis "XML/HTML/XHTML markup safe string implementation for Python")
@@ -2279,14 +2223,14 @@ for Python.")
 (define-public python-jinja2
   (package
     (name "python-jinja2")
-    (version "2.9.6")
+    (version "2.10")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "Jinja2" version))
        (sha256
         (base32
-         "1zzrkywhziqffrzks14kzixz7nd4yh2vc0fb04a68vfd2ai03anx"))))
+         "190l36hfw3wb2n3n68yacjabxyb1pnxwn7vjx96cmjj002xy2jzq"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-markupsafe" ,python-markupsafe)))
@@ -2442,26 +2386,17 @@ reStructuredText.")
 (define-public python-sphinxcontrib-websupport
   (package
     (name "python-sphinxcontrib-websupport")
-    (version "1.0.1")
+    (version "1.1.0")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "sphinxcontrib-websupport" version))
               (sha256
                (base32
-                "1f9f0wjpi9nhikbyaz6d19s7qvzdf1nq2g5dsh640fma4q9rd1bs"))))
+                "1ff3ix76xi1y6m99qxhaq5161ix9swwzydilvdya07mgbcvpzr4x"))))
     (build-system python-build-system)
-    (propagated-inputs
-     `(("python-mock" ,python-mock)
-       ("python-pytest" ,python-pytest)
-       ("python-xapian-bindings" ,python-xapian-bindings)))
-    ;; Needed for running the test suite
-    (native-inputs
-     `(("python-six" ,python-six)
-       ("python-jinja2" ,python-jinja2)
-       ("python-docutils" ,python-docutils)
-       ("python-sphinx" ,python-sphinx)
-       ("python-sqlalchemy" ,python-sqlalchemy)
-       ("python-whoosh" ,python-whoosh)))
+    (arguments
+     ;; FIXME: Tests depend on Sphinx, which depends on this.
+     `(#:tests? #f))
     (home-page "http://sphinx-doc.org/")
     (synopsis "Sphinx API for web applications")
     (description "This package provides a Python API to easily integrate
@@ -2469,17 +2404,20 @@ Sphinx documentation into your web application.  It provides tools to
 integrate Sphinx documents in web templates and to handle searches.")
     (license license:bsd-3)))
 
+(define-public python2-sphinxcontrib-websupport
+  (package-with-python2 python-sphinxcontrib-websupport))
+
 (define-public python-sphinx
   (package
     (name "python-sphinx")
-    (version "1.5.1")
+    (version "1.7.7")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "Sphinx" version))
        (sha256
         (base32
-         "1i8p9idnli4gr0y4x67yakbdk5w6a0xjzhrg6bg51y9d1fi7fslf"))))
+         "0pkkbfj7cl157q550gcs45am5y78ps0h7q6455d64s1zmw01jlvi"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -2488,7 +2426,15 @@ integrate Sphinx documents in web templates and to handle searches.")
            (lambda _
              ;; Requires Internet access.
              (delete-file "tests/test_build_linkcheck.py")
-             (zero? (system* "make" "test")))))))
+             (substitute* "tests/test_build_latex.py"
+               (("@pytest.mark.sphinx\\('latex', testroot='images'\\)")
+                "@pytest.mark.skip()"))
+             (when (which "python")
+               ;; XXX: These tests are broken when using Python2:
+               ;; <https://github.com/sphinx-doc/sphinx/issues/4710>.
+               (delete-file "tests/test_api_translator.py")
+               (delete-file "tests/test_setup_command.py"))
+             (invoke "make" "test"))))))
     (propagated-inputs
      `(("python-imagesize" ,python-imagesize)
        ("python-sphinx-alabaster-theme"
@@ -2497,14 +2443,18 @@ integrate Sphinx documents in web templates and to handle searches.")
        ("python-snowballstemmer" ,python-snowballstemmer)
        ("python-docutils" ,python-docutils)
        ("python-jinja2" ,python-jinja2)
+       ("python-packaging" ,python-packaging)
        ("python-pygments" ,python-pygments)
        ("python-requests" ,python-requests)
-       ("python-six" ,python-six)))
+       ("python-six" ,python-six)
+       ("python-sphinxcontrib-websupport" ,python-sphinxcontrib-websupport)))
     (native-inputs
      `(("graphviz" ,graphviz)
+       ("imagemagick" ,imagemagick)                    ;for "convert"
        ("python-html5lib" ,python-html5lib)
        ("python-mock" ,python-mock)
-       ("python-nose" ,python-nose)))
+       ("python-nose" ,python-nose)
+       ("python-pytest" ,python-pytest)))
     (home-page "http://sphinx-doc.org/")
     (synopsis "Python documentation generator")
     (description "Sphinx is a tool that makes it easy to create documentation
@@ -2513,62 +2463,6 @@ sources.")
     (license license:bsd-3)
     (properties `((python2-variant . ,(delay python2-sphinx))))))
 
-(define-public python-sphinx-1.6
-  (package (inherit python-sphinx)
-    (name "python-sphinx")
-    (version "1.6.4")
-    (source (origin
-              (method url-fetch)
-              (uri (pypi-uri "Sphinx" version))
-              (sha256
-               (base32
-                "0gjakw9fv5pwqb5yyclxycs36sapxizk1vx6mkcdizmzgzcfy0gi"))))
-    (arguments
-     `(#:phases
-       (modify-phases %standard-phases
-         (replace 'check
-           (lambda _
-             ;; Requires Internet access.
-             (delete-file "tests/test_build_linkcheck.py")
-             (substitute* "tests/test_build_latex.py"
-               (("@pytest.mark.sphinx\\('latex', testroot='images'\\)")
-                "@pytest.mark.skip()"))
-             (zero? (system* "make" "test")))))))
-    (propagated-inputs
-     `(("python-sphinxcontrib-websupport" ,python-sphinxcontrib-websupport)
-       ,@(package-propagated-inputs python-sphinx)))
-    (native-inputs
-     `(("python-pytest" ,python-pytest)
-       ("imagemagick" ,imagemagick) ; for "convert"
-       ,@(package-native-inputs python-sphinx)))
-    (properties `((python2-variant . ,(delay python2-sphinx-1.6))))))
-
-(define-public python2-sphinx-1.6
-  (let ((base (package-with-python2 (strip-python2-variant python-sphinx-1.6))))
-    (package
-      (inherit base)
-      (propagated-inputs
-       `(("python2-typing" ,python2-typing)
-         ,@(package-propagated-inputs base)))
-      (native-inputs `(("python2-enum34" ,python2-enum34)
-                       ,@(package-native-inputs base))))))
-
-(define-public python-sphinx-1.5.3
-  (package
-    (inherit python-sphinx)
-    (name "python-sphinx")
-    (version "1.5.3")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (pypi-uri "Sphinx" version))
-       (sha256
-        (base32
-         "0kw1axswbvaavr8ggyf4qr6hnisnrzlbkkcdada69vk1x9xjassg"))))
-    (native-inputs
-     `(("python-pytest" ,python-pytest)
-       ,@(package-native-inputs python-sphinx)))))
-
 (define-public python2-sphinx
   (let ((base (package-with-python2 (strip-python2-variant python-sphinx))))
     (package
@@ -2577,6 +2471,7 @@ sources.")
                        ("python2-enum34" ,python2-enum34)
                        ,@(package-native-inputs base)))
       (propagated-inputs `(("python2-pytz" ,python2-pytz)
+                           ("python2-typing" ,python2-typing)
                        ,@(package-propagated-inputs base))))))
 
 (define-public python-sphinx-gallery
@@ -2864,7 +2759,11 @@ and is very extensible.")
                '())
 
          (replace 'check
-           (lambda _ (invoke "python" "runtests.py" "-vv"))))))
+           (lambda _
+             ;; The "with_outer_raising" test fails with Python 3.7.  See
+             ;; https://github.com/cython/cython/issues/2454
+             (delete-file "tests/run/generators_py.py")
+             (invoke "python" "runtests.py" "-vv"))))))
     (home-page "http://cython.org/")
     (synopsis "C extensions for Python")
     (description "Cython is an optimising static compiler for both the Python
@@ -3341,25 +3240,14 @@ that client code uses to construct the grammar directly in Python code.")
 (define-public python-numpydoc
   (package
     (name "python-numpydoc")
-    (version "0.5")
+    (version "0.8.0")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append
-             "https://pypi.python.org/packages/source/n/numpydoc/numpydoc-"
-             version ".tar.gz"))
+       (uri (pypi-uri "numpydoc" version))
        (sha256
         (base32
-         "0d4dnifaxkll50jx6czj05y8cb4ny60njd2wz299sj2jxfy51w4k"))
-       (modules '((guix build utils)))
-       (snippet
-        '(begin
-           ;; Drop a test requiring matplotlib, which we cannot add as an
-           ;; input since it would create a circular dependency: Extend the
-           ;; test for Python 3, where it is already dropped, to Python 2.
-           (substitute* "numpydoc/tests/test_plot_directive.py"
-             (("3") "2"))
-           #t))))
+         "1zazxg3m8j4fksv3f7v7vpf4bj9qb1vj3r326am0vdip141vzx31"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-sphinx" ,python-sphinx)))
@@ -3578,7 +3466,7 @@ toolkits.")
     (native-inputs
      `(("python-matplotlib" ,python-matplotlib)
        ("python-colorspacious" ,python-colorspacious)
-       ("python-sphinx" ,python-sphinx-1.6)
+       ("python-sphinx" ,python-sphinx)
        ("python-sphinx-gallery" ,python-sphinx-gallery)
        ("python-numpydoc" ,python-numpydoc)
        ("python-ipython" ,python-ipython)
@@ -3853,14 +3741,14 @@ as the original project seems to have been abandoned circa 2007.")
 (define-public python-pycodestyle
   (package
     (name "python-pycodestyle")
-    (version "2.3.1")
+    (version "2.4.0")
     (source
       (origin
         (method url-fetch)
         (uri (pypi-uri "pycodestyle" version))
         (sha256
           (base32
-            "0rk78b66p57ala26mdldl9lafr48blv5s659sah9q50qnfjmc8k8"))))
+            "0fhy4vnlgpjq4qd1wdnl6pvdw7rah0ypmn8c9mkhz8clsndskz6b"))))
     (build-system python-build-system)
     (home-page "https://pycodestyle.readthedocs.io/")
     (synopsis "Python style guide checker")
@@ -4013,7 +3901,7 @@ services for your Python modules and applications.")
 (define-public python-olefile
   (package
     (name "python-olefile")
-    (version "0.44")
+    (version "0.45.1")
     (source
      (origin
        (method url-fetch)
@@ -4022,7 +3910,7 @@ services for your Python modules and applications.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1wmxbrhyqjry2000zx0zdhqdqxhgi06nz7sbzjlh222q2zjv1gpj"))))
+         "18ai19zwagm6nli14k8bii31ipbab2rp7plrvsm6gmfql551a8ai"))))
     (build-system python-build-system)
     (home-page
      "https://www.decalage.info/python/olefileio")
@@ -4095,14 +3983,14 @@ a general image processing tool.")
 (define-public python-pycparser
   (package
     (name "python-pycparser")
-    (version "2.17")
+    (version "2.18")
     (source
      (origin
       (method url-fetch)
       (uri (pypi-uri "pycparser" version))
       (sha256
        (base32
-        "1dkkjri0miidqb1zcqhqljfa34fcy9k5akasgwsv6k622zlk3b0a"))))
+        "09mjyw82ibqzl449g7swy8bfxnfpmas0815d2rkdjlcqw81wma4r"))))
     (outputs '("out" "doc"))
     (build-system python-build-system)
     (native-inputs
@@ -4481,13 +4369,13 @@ child application and control it as if a human were typing commands.")
 (define-public python-setuptools-scm
   (package
     (name "python-setuptools-scm")
-    (version "1.15.6")
+    (version "3.1.0")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "setuptools_scm" version))
               (sha256
                (base32
-                "0pzvfmx8s20yrgkgwfbxaspz2x1g38qv61jpm0ns91lrb22ldas9"))))
+                "0h4bglwfz8b9prqljv8z3w9rgydfyxzaj05bm1y6zs5m6shz548i"))))
     (build-system python-build-system)
     (home-page "https://github.com/pypa/setuptools_scm/")
     (synopsis "Manage Python package versions in SCM metadata")
@@ -4940,15 +4828,15 @@ toolkit.  Use it to build trees of widgets.")
 (define-public python-dbus
   (package
     (name "python-dbus")
-    (version "1.2.0")
+    (version "1.2.8")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append
-             "https://dbus.freedesktop.org/releases/dbus-python/dbus-python-"
-             version ".tar.gz"))
+       (uri (string-append "https://dbus.freedesktop.org/releases/dbus-python/"
+                           "dbus-python-" version ".tar.gz"))
        (sha256
-        (base32 "1py62qir966lvdkngg0v8k1khsqxwk5m4s8nflpk1agk5f5nqb71"))))
+        (base32
+         "0vvvjmiwnc9cjlks3gcdk43ap7llhlpz7cm1wbw0nc2yfsxjpwdb"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -4964,7 +4852,7 @@ toolkit.  Use it to build trees of widgets.")
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (inputs
-     `(("python" ,python)
+     `(("python" ,python-wrapper)
        ("dbus-glib" ,dbus-glib)))
     (synopsis "Python bindings for D-bus")
     (description "python-dbus provides bindings for libdbus, the reference
@@ -4986,14 +4874,14 @@ implementation of D-Bus.")
 (define-public python-lxml
   (package
     (name "python-lxml")
-    (version "3.8.0")
+    (version "4.2.4")
     (source
       (origin
         (method url-fetch)
         (uri (pypi-uri "lxml" version))
         (sha256
          (base32
-          "15nvf6n285n282682qyw3wihsncb0x5amdhyi4b83bfa2nz74vvk"))))
+          "1jk336k0kw616gfhqk1wwxsjjwz0flld0n294lz8kxch610bxbz2"))))
     (build-system python-build-system)
     (inputs
       `(("libxml2" ,libxml2)
@@ -5609,14 +5497,14 @@ PEP 8.")
 (define-public python-pyflakes
   (package
     (name "python-pyflakes")
-    (version "1.5.0")
+    (version "2.0.0")
     (source
       (origin
         (method url-fetch)
         (uri (pypi-uri "pyflakes" version))
         (sha256
           (base32
-            "1x1pcca4a24k4pw8x1c77sgi58cg1wl2k38mp8a25k608pzls3da"))))
+            "0jba28czyvimdc72llms3f17swp3i8jdcabf5w0j00adfbn64xls"))))
     (build-system python-build-system)
     (home-page
       "https://github.com/pyflakes/pyflakes")
@@ -5714,33 +5602,44 @@ complexity of Python source code.")
 (define-public python-flake8
   (package
     (name "python-flake8")
-    (version "3.4.1")
+    (version "3.5.0")
     (source
       (origin
         (method url-fetch)
         (uri (pypi-uri "flake8" version))
         (sha256
           (base32
-            "1n0i38592vy3q0x2a9bf8z6rhhn04i30wsn5i5zzcj7qkxvl8062"))))
+            "184b33grvvjmiwlv9kyd7yng9qv5ld24154j70z332xxg9gjclvj"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
        (modify-phases %standard-phases
+         ;; Two errors don't seem to have assigned codes.
+         (add-after 'unpack 'delete-broken-test
+           (lambda _ (delete-file "tests/unit/test_pyflakes_codes.py") #t))
+         (add-after 'unpack 'fix-problem-with-pycodestyle
+           (lambda _
+             ;; See https://gitlab.com/pycqa/flake8/merge_requests/230
+             ;; This should no longer be needed with the next release.
+             (substitute* "setup.py"
+               (("PEP8_PLUGIN\\('break_around_binary_operator'\\),")
+                "PEP8_PLUGIN('break_after_binary_operator'),\
+PEP8_PLUGIN('break_before_binary_operator'),"))
+             #t))
          (delete 'check)
          (add-after 'install 'check
-          (lambda* (#:key inputs outputs #:allow-other-keys)
-            (add-installed-pythonpath inputs outputs)
-            (zero? (system* "pytest" "-v")))))))
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (add-installed-pythonpath inputs outputs)
+             (invoke "pytest" "-v")
+             #t)))))
     (propagated-inputs
-      `(("python-pycodestyle" ,python-pycodestyle)
-        ("python-pyflakes" ,python-pyflakes)
-        ;; flake8 depends on a newer setuptools than provided by python.
-        ("python-setuptools" ,python-setuptools)
-        ("python-mccabe" ,python-mccabe)))
+     `(("python-pycodestyle" ,python-pycodestyle)
+       ("python-pyflakes" ,python-pyflakes)
+       ("python-mccabe" ,python-mccabe)))
     (native-inputs
-      `(("python-mock" ,python-mock) ; TODO: only required for < 3.3
-        ("python-pytest" ,python-pytest-bootstrap)
-        ("python-pytest-runner" ,python-pytest-runner)))
+     `(("python-mock" ,python-mock)
+       ("python-pytest" ,python-pytest-bootstrap)
+       ("python-pytest-runner" ,python-pytest-runner)))
     (home-page "https://gitlab.com/pycqa/flake8")
     (synopsis
       "The modular source code checker: pep8, pyflakes and co")
@@ -5991,28 +5890,18 @@ add functionality and customization to your projects with their own plugins.")
 (define-public python-fonttools
   (package
     (name "python-fonttools")
-    (version "3.15.1")
+    (version "3.28.0")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "fonttools" version ".zip"))
               (sha256
                (base32
-                "1hhj97izwliy0vybmza72d90l5d4mcn50y8akq7kyccfl82vdx4d"))))
+                "0vsvjhidpb5kywpjgz1j3fywzkddxkb0afqai18qa3h6lqjyxwpb"))))
     (build-system python-build-system)
-    (arguments
-     '(#:test-target "check"
-       #:phases
-       (modify-phases %standard-phases
-         (add-after 'unpack 'patch-setuppy
-           ;; Remove the undocumented "extra_path" argument, which adds an
-           ;; intervening directories between site-packages and the package
-           ;; directory.
-           (lambda _
-             (substitute* "setup.py"
-               (("^[ \t]*extra_path *= *'FontTools',") ""))
-             #t)))))
     (native-inputs
-     `(("unzip" ,unzip)))
+     `(("unzip" ,unzip)
+       ("python-pytest" ,python-pytest)
+       ("python-pytest-runner" ,python-pytest-runner)))
     (home-page "https://github.com/behdad/fonttools")
     (synopsis "Tools to manipulate font files")
     (description
@@ -6021,9 +5910,7 @@ supports reading and writing of TrueType/OpenType fonts, reading and writing
 of AFM files, reading (and partially writing) of PS Type 1 fonts.  The package
 also contains a tool called “TTX” which converts TrueType/OpenType fonts to and
 from an XML-based format.")
-    (license (license:non-copyleft
-              "file://LICENSE.txt"
-              "See LICENSE.txt in the distribution."))))
+    (license license:expat)))
 
 (define-public python2-fonttools
   (package-with-python2 python-fonttools))
@@ -6395,13 +6282,13 @@ implementations of ASN.1-based codecs and protocols.")
 (define-public python-ipaddress
   (package
     (name "python-ipaddress")
-    (version "1.0.19")
+    (version "1.0.22")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "ipaddress" version))
               (sha256
                (base32
-                "10agaa1cys1bk1ycpl2w8lky9vjx8h1xh1z29mg0niqx0638c390"))))
+                "0b570bm6xqpjwqis15pvdy6lyvvzfndjvkynilcddjj5x98wfimi"))))
     (build-system python-build-system)
     (home-page "https://github.com/phihag/ipaddress")
     (synopsis "IP address manipulation library")
@@ -6447,14 +6334,14 @@ versions of Python.")
 (define-public python-idna
   (package
     (name "python-idna")
-    (version "2.6")
+    (version "2.7")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "idna" version))
        (sha256
         (base32
-         "13qaab6d0s15gknz8v3zbcfmbj6v86hn9pjxgkdf62ch13imssic"))))
+         "05jam7d31767dr12x0rbvvs8lxnpb1mhdb2zdlfxgh83z6k3hjk8"))))
     (build-system python-build-system)
     (home-page "https://github.com/kjd/idna")
     (synopsis "Internationalized domain names in applications")
@@ -7761,15 +7648,17 @@ library as well as on the command line.")
 (define-public python-pluggy
   (package
    (name "python-pluggy")
-   (version "0.6.0")
+   (version "0.7.1")
    (source
     (origin
      (method url-fetch)
      (uri (pypi-uri "pluggy" version))
      (sha256
       (base32
-       "1zqckndfn85l1cd8pndw212zg1bq9fkg1nnj32kp2mppppsyg2kz"))))
+       "1qbn70mksmr03hac6jgp6fiqc4l7859z8dchx2x950vhlij87swm"))))
    (build-system python-build-system)
+   (native-inputs
+    `(("python-setuptools-scm" ,python-setuptools-scm)))
    (synopsis "Plugin and hook calling mechanism for Python")
    (description "Pluggy is an extraction of the plugin manager as used by
 Pytest but stripped of Pytest specific details.")
@@ -8477,6 +8366,15 @@ ambiguities (forward vs. backward slashes, etc.).
 @end enumerate")
     (license license:expat)))
 
+(define-public python2-pathlib2-bootstrap
+  (hidden-package
+   (package
+     (inherit python2-pathlib2)
+     (name "python2-pathlib2-bootstrap")
+     (propagated-inputs
+      `(("python2-scandir" ,python2-scandir)
+        ("python2-six" ,python2-six-bootstrap))))))
+
 (define-public python-jellyfish
   (package
     (name "python-jellyfish")
@@ -8958,13 +8856,13 @@ multiple processes (imagine multiprocessing, billiard, futures, celery etc).
 (define-public python-greenlet
   (package
     (name "python-greenlet")
-    (version "0.4.11")
+    (version "0.4.14")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "greenlet" version))
               (sha256
                (base32
-                "1xhik26j4f3kc4qw9xmj0c567rb5h1zryb4ijwqnqwwjvfhbv59h"))))
+                "1bsij3bwdhz2chq4ar2v6jqbh69yc7k9ymh41jd8vrdd2n52dk7i"))))
     (build-system python-build-system)
     (home-page "https://greenlet.readthedocs.io/")
     (synopsis "Lightweight in-process concurrent programming")
@@ -10432,21 +10330,17 @@ useful as a validator for JSON data.")
 (define-public python-imagesize
   (package
     (name "python-imagesize")
-    (version "0.7.1")
+    (version "1.0.0")
     (source
       (origin
       (method url-fetch)
       (uri (pypi-uri "imagesize" version))
       (sha256
         (base32
-          "0qk07k0z4241lkzzjji7z4da04pcvg7bfc4xz1934zlqhwmwdcha"))))
+          "05b3p62r7rbcvvbk5vknr3bhcq9b2airysn6ric534mng136wcjv"))))
     (build-system python-build-system)
-    (arguments
-     '(;; Test files are not distributed on PyPi:
-       ;; https://github.com/shibukawa/imagesize_py/issues/7
-       #:tests? #f))
     (home-page "https://github.com/shibukawa/imagesize_py")
-    (synopsis "Gets image size of files in variaous formats in Python")
+    (synopsis "Gets image size of files in various formats in Python")
     (description
       "This package allows determination of image size from
 PNG, JPEG, JPEG2000 and GIF files in pure Python.")
@@ -10882,6 +10776,32 @@ projects.")
 (define-public python2-incremental
   (package-with-python2 python-incremental))
 
+(define-public python-invoke
+  (package
+    (name "python-invoke")
+    (home-page "http://www.pyinvoke.org/")
+    (version "1.1.0")
+    (source (origin
+              (method url-fetch)
+              (uri (pypi-uri "invoke" version))
+              (sha256
+               (base32
+                "0aiy1xvk1f91246zxd1zqrm679vdvd10h843a2na41cqr3cflpi6"))))
+    (build-system python-build-system)
+    (arguments
+     ;; XXX: Requires many dependencies that are not yet in Guix.
+     `(#:tests? #f))
+    (synopsis "Pythonic task execution")
+    (description
+     "Invoke is a Python task execution tool and library, drawing inspiration
+from various sources to arrive at a powerful and clean feature set.  It is
+evolved from the Fabric project, but focuses on local and abstract concerns
+instead of servers and network commands.")
+    (license license:bsd-3)))
+
+(define-public python2-invoke
+  (package-with-python2 python-invoke))
+
 (define-public python-automat
   (package
     (name "python-automat")
@@ -11498,13 +11418,13 @@ It supports both normal and Unicode strings.")
 (define-public python-scandir
   (package
     (name "python-scandir")
-    (version "1.7")
+    (version "1.9.0")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "scandir" version))
        (sha256
-        (base32 "0gbnhjzg42rj87ljv9kb648rfxph69ly3c8r9841dxy4d7l5pmdj"))))
+        (base32 "0r3hvf1a9jm1rkqgx40gxkmccknkaiqjavs8lccgq9s8khh5x5s4"))))
     (build-system python-build-system)
     (arguments
      `(#:phases (modify-phases %standard-phases
@@ -11624,15 +11544,19 @@ several utilities, as well as an API for building localization tools.")
 (define-public python-packaging
   (package
     (name "python-packaging")
-    (version "16.8")
+    (version "17.1")
     (source
       (origin
         (method url-fetch)
         (uri (pypi-uri "packaging" version))
         (sha256
          (base32
-          "17k1xbjshackwvbsnxqixbph8rbqhz4bf4g3al5xyzhavxgq6l2x"))))
+          "0nrpayk8kij1zm9sjnk38ldz3a6705ggvw8ljylqbrb4vmqbf6gh"))))
     (build-system python-build-system)
+    (arguments
+     `(#:phases (modify-phases %standard-phases
+                  (replace 'check
+                    (lambda _ (invoke "py.test" "-vv"))))))
     (native-inputs
      `(("python-pretend" ,python-pretend)
        ("python-pytest" ,python-pytest)))
@@ -13414,14 +13338,14 @@ file system events on Linux.")
 (define-public python-more-itertools
   (package
     (name "python-more-itertools")
-    (version "4.1.0")
+    (version "4.3.0")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "more-itertools" version))
        (sha256
         (base32
-         "0i3ch700g5fyjp692gprlnzbysl8w0sa2vijbp3s40drvk67xkn9"))))
+         "17h3na0rdh8xq30w4b9pizgkdxmm51896bxw600x84jflg9vaxn4"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-six" ,python-six-bootstrap)))
diff --git a/gnu/packages/readline.scm b/gnu/packages/readline.scm
index 4695e9fc71..59fa8af8af 100644
--- a/gnu/packages/readline.scm
+++ b/gnu/packages/readline.scm
@@ -48,7 +48,9 @@
   (patch-series
    (1 "0xm3sxvwmss7ddyfb11n6pgcqd1aglnpy15g143vzcf75snb7hcs")
    (2 "0n1dxmqsbjgrfxb1hgk5c6lsraw4ncbnzxlsx7m35nym6lncjiw7")
-   (3 "1027kmymniizcy0zbdlrczxfx3clxcdln5yq05q9yzlc6y9slhwy")))
+   (3 "1027kmymniizcy0zbdlrczxfx3clxcdln5yq05q9yzlc6y9slhwy")
+   (4 "0r3bbaf12iz8m02z6p3fzww2m365fhn71xmzab2p62gj54s6h9gr")
+   (5 "0lxpa4f72y2nsgj6fgrhjk2nmmxvccys6aciwfxwchb5f21rq5fa")))
 
 (define-public readline
   (package
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index a58ebff481..66cacff12f 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -117,23 +117,10 @@ remote applications.")
    (propagated-inputs `(("libgcrypt" ,libgcrypt)
                         ("zlib" ,zlib)))
    (arguments `(#:configure-flags `("--with-libgcrypt")
-                #:phases
-                ;; FIXME: In the next core-updates cycle, replace the entire
-                ;; following ,(...) form with its first 'modify-phases'
-                ;; subform.  The change made here is only strictly needed on
-                ;; MIPS, but should work on any system.  For now, we apply it
-                ;; only to MIPS to avoid forcing thousands of rebuilds on
-                ;; other systems.
-                ,(if (string-prefix? "mips" (or (%current-target-system)
-                                                (%current-system)))
-                     '(modify-phases %standard-phases
-                        (replace 'bootstrap
-                          (lambda _
-                            (invoke "autoreconf" "-v"))))
-                     '(modify-phases %standard-phases
-                        (add-before 'configure 'autoreconf
-                          (lambda _
-                            (invoke "autoreconf" "-v")))))))
+                #:phases (modify-phases %standard-phases
+                           (replace 'bootstrap
+                             (lambda _
+                               (invoke "autoreconf" "-v"))))))
    (native-inputs `(("autoconf" ,autoconf)
                     ("automake" ,automake)))
    (synopsis "Client-side C library implementing the SSH2 protocol")
diff --git a/gnu/packages/tcl.scm b/gnu/packages/tcl.scm
index f7d3e0ec7d..b8c85eb844 100644
--- a/gnu/packages/tcl.scm
+++ b/gnu/packages/tcl.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2015, 2018 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2018 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;; Copyright © 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
@@ -25,6 +25,7 @@
 (define-module (gnu packages tcl)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix utils)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system perl)
   #:use-module (gnu packages)
@@ -145,13 +146,22 @@ X11 GUIs.")
              (patches (search-patches "tk-find-library.patch"))))
     (build-system gnu-build-system)
     (arguments
-     '(#:phases (modify-phases %standard-phases
+     `(#:phases (modify-phases %standard-phases
                   (add-before
                    'configure 'pre-configure
                    (lambda _
                      (chdir "unix")
                      #t))
                   (add-after
+                   'install 'create-wish-symlink
+                   (lambda* (#:key outputs #:allow-other-keys)
+                     (let ((out (assoc-ref outputs "out")))
+                       (symlink (string-append out "/bin/wish"
+                                               ,(version-major+minor
+                                                  (package-version tk)))
+                                (string-append out "/bin/wish")))
+                     #t))
+                  (add-after
                    'install 'add-fontconfig-flag
                    (lambda* (#:key inputs outputs #:allow-other-keys)
                      ;; Add the missing -L flag for Fontconfig in 'tk.pc' and
@@ -179,7 +189,7 @@ X11 GUIs.")
     (propagated-inputs `(("libx11" ,libx11)
                          ("libxext" ,libxext)))
 
-    (home-page "http://www.tcl.tk/")
+    (home-page "https://www.tcl.tk/")
     (synopsis "Graphical user interface toolkit for Tcl")
     (description
      "Tk is a graphical toolkit for building graphical user
diff --git a/gnu/packages/tex.scm b/gnu/packages/tex.scm
index 6ab999b2d5..ed85950bb6 100644
--- a/gnu/packages/tex.scm
+++ b/gnu/packages/tex.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2016, 2018 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Federico Beffa <beffa@fbengineering.ch>
 ;;; Copyright © 2016 Thomas Danckaert <post@thomasdanckaert.be>
-;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2016, 2017, 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
@@ -76,42 +76,41 @@
 (define texlive-extra-src
   (origin
     (method url-fetch)
-    (uri "ftp://tug.org/historic/systems/texlive/2017/texlive-20170524-extra.tar.xz")
+    (uri "ftp://tug.org/historic/systems/texlive/2018/texlive-20180414-extra.tar.xz")
     (sha256 (base32
-              "0zvd2zskk78ig114mfj24g15qys41hzqv59fmqpirdbgq9c9gr5g"))))
+             "0a83kymxc8zmlxjb0y1gf6mx7qnf0hxffwkivwh5yh138y2rfhsv"))))
 
 (define texlive-texmf-src
   (origin
     (method url-fetch)
-    (uri "ftp://tug.org/historic/systems/texlive/2017/texlive-20170524-texmf.tar.xz")
+    (uri "ftp://tug.org/historic/systems/texlive/2018/texlive-20180414-texmf.tar.xz")
     (sha256 (base32
-              "1v69y3kgkbk24f7s4dfkknwd317mqmck5jgpyb35wqgqfy5p0qrz"))))
+             "1b8zigzg8raxkhhzphcmynf84rbdbj2ym2qkz24v8n0qx82zmqms"))))
 
 (define-public texlive-bin
   (package
    (name "texlive-bin")
-   (version "20170524")
+   (version "20180414")
    (source
     (origin
-     (method url-fetch)
-      (uri (string-append "ftp://tug.org/historic/systems/texlive/2017/"
+      (method url-fetch)
+      (uri (string-append "ftp://tug.org/historic/systems/texlive/2018/"
                           "texlive-" version "-source.tar.xz"))
+      (sha256
+       (base32
+        "0khyi6h015r2zfqgg0a44a2j7vmr1cy42knw7jbss237yvakc07y"))
       (patches
        (list
-        ;; This is required for compatibility with Poppler >= 0.58.
-        ;; See <http://tutex.tug.org/pipermail/tex-k/2017-September/002809.html>
-        ;; and <https://bugs.archlinux.org/task/55720> for some discussion.
+        ;; This is required for compatibility with Poppler 0.64.0 and to fix a
+        ;; segmentation fault in dvipdfm-x from XeTeX.
         (origin
           (method url-fetch)
-          (uri (string-append "https://git.archlinux.org/svntogit/packages.git/plain"
-                              "/trunk/texlive-poppler-0.59.patch?h=packages/texlive-bin"
-                              "&id=ba2de374e2b21ecc4b85cc9777f2f15c4d356c61"))
+          (uri (string-append "http://www.linuxfromscratch.org/patches/blfs/"
+                              "svn/texlive-" version "-source-upstream_fixes-1.patch"))
           (file-name "texlive-poppler-compat.patch")
           (sha256
            (base32
-            "1c4ikq4kxw48bi3i33bzpabrjvbk01fwjr2lz20gkc9kv8l0bg3n")))))
-      (sha256 (base32
-               "1amjrxyasplv4alfwcxwnw4nrx7dz2ydmddkq16k6hg90i9njq81"))))
+            "0f8vhyj167y4xj0jx47vkybrcacfpxw0wdn1b777yq3xmhlahhlg")))))))
    (build-system gnu-build-system)
    (inputs
     `(("texlive-extra-src" ,texlive-extra-src)
@@ -175,47 +174,54 @@
                   (not (or (string-prefix? "aarch64" s)
                            (string-prefix? "mips64" s))))
       #:phases
-       (modify-phases %standard-phases
-         (add-after 'unpack 'configure-ghostscript-executable
-           ;; ps2eps.pl uses the "gswin32c" ghostscript executable on Windows,
-           ;; and the "gs" ghostscript executable on Unix. It detects Unix by
-           ;; checking for the existence of the /usr/bin directory. Since
-           ;; GuixSD does not have /usr/bin, it is also detected as Windows.
-           (lambda* (#:key inputs #:allow-other-keys)
-             (substitute* "utils/ps2eps/ps2eps-src/bin/ps2eps.pl"
-               (("gswin32c") "gs"))
-             (substitute* "texk/texlive/linked_scripts/epstopdf/epstopdf.pl"
-               (("\"gs\"")
-                (string-append "\"" (assoc-ref inputs "ghostscript") "/bin/gs\"")))
-             #t))
-         (add-after 'install 'postint
-           (lambda* (#:key inputs outputs #:allow-other-keys #:rest args)
-             (let* ((out (assoc-ref outputs "out"))
-                    (share (string-append out "/share"))
-                    (texlive-extra (assoc-ref inputs "texlive-extra-src"))
-                    (unpack (assoc-ref %standard-phases 'unpack))
-                    (patch-source-shebangs
-                      (assoc-ref %standard-phases 'patch-source-shebangs)))
-               ;; Create symbolic links for the latex variants and their
-               ;; man pages.
-               (with-directory-excursion (string-append out "/bin/")
-                 (for-each symlink
-                 '("pdftex" "pdftex"   "xetex"   "luatex")
-                 '("latex"  "pdflatex" "xelatex" "lualatex")))
-               (with-directory-excursion (string-append share "/man/man1/")
-                 (symlink "luatex.1" "lualatex.1"))
-               ;; Unpack texlive-extra and install tlpkg.
-               (mkdir "texlive-extra")
-               (with-directory-excursion "texlive-extra"
-                 (apply unpack (list #:source texlive-extra))
-                 (apply patch-source-shebangs (list #:source texlive-extra))
-                 (invoke "mv" "tlpkg" share))
-               ;; texlua shebangs are not patched by the patch-source-shebangs
-               ;; phase because the texlua executable does not exist at that
-               ;; time.
-               (setenv "PATH" (string-append (getenv "PATH") ":" out "/bin"))
-               (with-directory-excursion out
-                 (patch-source-shebangs))))))))
+      (modify-phases %standard-phases
+        (add-after 'unpack 'configure-ghostscript-executable
+          ;; ps2eps.pl uses the "gswin32c" ghostscript executable on Windows,
+          ;; and the "gs" ghostscript executable on Unix. It detects Unix by
+          ;; checking for the existence of the /usr/bin directory. Since
+          ;; GuixSD does not have /usr/bin, it is also detected as Windows.
+          (lambda* (#:key inputs #:allow-other-keys)
+            (substitute* "utils/ps2eps/ps2eps-src/bin/ps2eps.pl"
+              (("gswin32c") "gs"))
+            (substitute* "texk/texlive/linked_scripts/epstopdf/epstopdf.pl"
+              (("\"gs\"")
+               (string-append "\"" (assoc-ref inputs "ghostscript") "/bin/gs\"")))
+            #t))
+        (add-after 'unpack 'use-code-for-new-poppler
+          (lambda _
+            (copy-file "texk/web2c/pdftexdir/pdftoepdf-newpoppler.cc"
+                       "texk/web2c/pdftexdir/pdftoepdf.cc")
+            (copy-file "texk/web2c/pdftexdir/pdftosrc-newpoppler.cc"
+                       "texk/web2c/pdftexdir/pdftosrc.cc")
+            #t))
+        (add-after 'install 'postint
+          (lambda* (#:key inputs outputs #:allow-other-keys #:rest args)
+            (let* ((out (assoc-ref outputs "out"))
+                   (share (string-append out "/share"))
+                   (texlive-extra (assoc-ref inputs "texlive-extra-src"))
+                   (unpack (assoc-ref %standard-phases 'unpack))
+                   (patch-source-shebangs
+                    (assoc-ref %standard-phases 'patch-source-shebangs)))
+              ;; Create symbolic links for the latex variants and their
+              ;; man pages.
+              (with-directory-excursion (string-append out "/bin/")
+                (for-each symlink
+                          '("pdftex" "pdftex"   "xetex"   "luatex")
+                          '("latex"  "pdflatex" "xelatex" "lualatex")))
+              (with-directory-excursion (string-append share "/man/man1/")
+                (symlink "luatex.1" "lualatex.1"))
+              ;; Unpack texlive-extra and install tlpkg.
+              (mkdir "texlive-extra")
+              (with-directory-excursion "texlive-extra"
+                (apply unpack (list #:source texlive-extra))
+                (apply patch-source-shebangs (list #:source texlive-extra))
+                (invoke "mv" "tlpkg" share))
+              ;; texlua shebangs are not patched by the patch-source-shebangs
+              ;; phase because the texlua executable does not exist at that
+              ;; time.
+              (setenv "PATH" (string-append (getenv "PATH") ":" out "/bin"))
+              (with-directory-excursion out
+                (patch-source-shebangs))))))))
    (synopsis "TeX Live, a package of the TeX typesetting system")
    (description
     "TeX Live provides a comprehensive TeX document production system.
@@ -3957,7 +3963,7 @@ directly generate PDF documents instead of DVI.")
 (define texlive-texmf
   (package
    (name "texlive-texmf")
-   (version "2017")
+   (version "20180414")
    (source texlive-texmf-src)
    (build-system gnu-build-system)
    (inputs
@@ -4029,7 +4035,7 @@ This package contains the complete tree of texmf-dist data.")
 (define-public texlive
   (package
    (name "texlive")
-   (version "2017")
+   (version "20180414")
    (source #f)
    (build-system trivial-build-system)
    (inputs `(("bash" ,bash) ; for wrap-program
diff --git a/gnu/packages/texinfo.scm b/gnu/packages/texinfo.scm
index 109a24bf62..5fe7f1ec9c 100644
--- a/gnu/packages/texinfo.scm
+++ b/gnu/packages/texinfo.scm
@@ -37,6 +37,7 @@
               (method url-fetch)
               (uri (string-append "mirror://gnu/texinfo/texinfo-"
                                   version ".tar.xz"))
+              (patches (search-patches "texinfo-perl-compat.patch"))
               (sha256
                (base32
                 "0qjzvbvnv9003xdrcpi3jp7y68j4hq2ciw9frh2hghh698zlnxvp"))))
diff --git a/gnu/packages/time.scm b/gnu/packages/time.scm
index fc831ab6cc..13eded4179 100644
--- a/gnu/packages/time.scm
+++ b/gnu/packages/time.scm
@@ -88,17 +88,15 @@ to a file.")
 (define-public python-pytz
   (package
     (name "python-pytz")
-    (version "2017.3")
+    (version "2018.5")
     (source
      (origin
       (method url-fetch)
-      (uri (pypi-uri "pytz" version ".zip"))
+      (uri (pypi-uri "pytz" version ".tar.gz"))
       (sha256
        (base32
-        "1dw5l527vcafvdqq4wadwl7ikhb2sssz0v0cssibh8890kyczr7s"))))
+        "0xzj5gkpdn2da8m6j47chlp6zrzcypv9m0fjv4236q3jw4fyzfgz"))))
     (build-system python-build-system)
-    (native-inputs
-     `(("unzip" ,unzip)))
     (home-page "http://pythonhosted.org/pytz")
     (synopsis "Python timezone library")
     (description "This library brings the Olson tz database into Python.  It
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 28d2ea5fd5..02c12c9446 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -80,6 +80,8 @@
        (base32
         "1jlc1iahj8k3haz28j55nzg7sgni5h41vqy461i1bpbx6668wlky"))))
     (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags '("--disable-static")))
     (native-inputs `(("perl" ,perl)))
     (home-page "https://www.gnu.org/software/libtasn1/")
     (synopsis "ASN.1 library")
@@ -260,7 +262,6 @@ required structures.")
 (define-public openssl
   (package
    (name "openssl")
-   (replacement openssl/fixed)
    (version "1.0.2o")
    (source (origin
              (method url-fetch)
@@ -275,6 +276,8 @@ required structures.")
               (base32
                "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc"))
              (patches (search-patches "openssl-runpath.patch"
+                                      "openssl-1.0.2-CVE-2018-0495.patch"
+                                      "openssl-1.0.2-CVE-2018-0732.patch"
                                       "openssl-c-rehash-in.patch"))))
    (build-system gnu-build-system)
    (outputs '("out"
@@ -397,15 +400,6 @@ required structures.")
    (license license:openssl)
    (home-page "https://www.openssl.org/")))
 
-(define openssl/fixed
-  (package
-    (inherit openssl)
-    (source (origin
-              (inherit (package-source openssl))
-              (patches (append (origin-patches (package-source openssl))
-                               (search-patches "openssl-1.0.2-CVE-2018-0495.patch"
-                                               "openssl-1.0.2-CVE-2018-0732.patch")))))))
-
 (define-public openssl-next
   (package
     (inherit openssl)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index aea75654be..f3412c275e 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -508,7 +508,7 @@ libraries for working with JNLP applets.")
 (define-public jansson
   (package
     (name "jansson")
-    (version "2.10")
+    (version "2.11")
     (source (origin
              (method url-fetch)
              (uri
@@ -516,7 +516,7 @@ libraries for working with JNLP applets.")
                              version ".tar.gz"))
              (sha256
               (base32
-               "0iv4rxsnamqm3ldpg7dyhjq0x9cp023nc7ac820jdd3pwb8ml8bq"))))
+               "1x5jllzzqamq6kahx9d9a5mrarm9m3f30vfxvcqpi6p4mcnz91bf"))))
     (build-system gnu-build-system)
     (home-page "http://www.digip.org/jansson/")
     (synopsis "JSON C library")
@@ -6626,7 +6626,7 @@ derivation by David Revoy from the original MonsterID by Andreas Gohr.")
 (define-public nghttp2
   (package
     (name "nghttp2")
-    (version "1.31.1")
+    (version "1.32.0")
     (source
      (origin
        (method url-fetch)
@@ -6635,7 +6635,7 @@ derivation by David Revoy from the original MonsterID by Andreas Gohr.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "00z1687m4wi2gbgkijbv099l9hs1sjlyzbhh8jhn0xssx4xcifb5"))))
+         "0zbgp8f80h2zlfn8cd2ldrmgl81jzcdh1141n71aqmfckzaqj2kh"))))
     (build-system gnu-build-system)
     (outputs (list "out"
                    "lib"))              ; only libnghttp2
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 9c8e3cef08..0cecb5bf7c 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -64,14 +64,14 @@
 (define-public expat
   (package
     (name "expat")
-    (version "2.2.5")
+    (version "2.2.6")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://sourceforge/expat/expat/"
                                  version "/expat-" version ".tar.bz2"))
              (sha256
               (base32
-               "1xpd78sp7m34jqrw5x13bz7kgz0n6aj15wn4zj4gfx3ypbpk5p6r"))))
+               "1wl1x93b5w457ddsdgj0lh7yjq4q6l7wfbgwhagkc8fm2qkkrd0p"))))
     (build-system gnu-build-system)
     (home-page "https://libexpat.github.io/")
     (synopsis "Stream-oriented XML parser library written in C")
@@ -129,8 +129,23 @@ hierarchical form with variable field lengths.")
               (base32
                "0ci7is75bwqqw2p32vxvrk6ds51ik7qgx73m920rakv5jlayax0b"))))
     (build-system gnu-build-system)
+    (outputs '("out" "static"))
+    (arguments
+     `(#:phases (modify-phases %standard-phases
+                  (add-after 'install 'move-static-libs
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      (let ((src (string-append (assoc-ref outputs "out") "/lib"))
+                            (dst (string-append (assoc-ref outputs "static")
+                                                "/lib")))
+                        (mkdir-p dst)
+                        (for-each (lambda (ar)
+                                    (rename-file ar (string-append dst "/"
+                                                                   (basename ar))))
+                                  (find-files src "\\.a$"))
+                        #t))))))
     (home-page "http://www.xmlsoft.org/")
     (synopsis "C parser for XML")
+    (inputs `(("xz" ,xz)))
     (propagated-inputs `(("zlib" ,zlib))) ; libxml2.la says '-lz'.
     (native-inputs `(("perl" ,perl)))
     ;; $XML_CATALOG_FILES lists 'catalog.xml' files found in under the 'xml'
@@ -151,6 +166,7 @@ project (but it is usable outside of the Gnome platform).")
   (package/inherit libxml2
     (name "python-libxml2")
     (build-system python-build-system)
+    (outputs '("out"))
     (arguments
      `(;; XXX: Tests are specified in 'Makefile.am', but not in 'setup.py'.
        #:tests? #f
diff --git a/guix/build-system/meson.scm b/guix/build-system/meson.scm
index fddf899092..8d49020454 100644
--- a/guix/build-system/meson.scm
+++ b/guix/build-system/meson.scm
@@ -41,7 +41,6 @@
 (define %meson-build-system-modules
   ;; Build-side modules imported by default.
   `((guix build meson-build-system)
-    (guix build rpath)
     ;; The modules from glib-or-gtk contains the modules from gnu-build-system,
     ;; so there is no need to import that too.
     ,@%glib-or-gtk-build-system-modules))
diff --git a/guix/build/gnu-build-system.scm b/guix/build/gnu-build-system.scm
index be5ad78b93..e5f3197b0a 100644
--- a/guix/build/gnu-build-system.scm
+++ b/guix/build/gnu-build-system.scm
@@ -792,26 +792,26 @@ in order.  Return #t if all the PHASES succeeded, #f otherwise."
 
   ;; The trick is to #:allow-other-keys everywhere, so that each procedure in
   ;; PHASES can pick the keyword arguments it's interested in.
-  (for-each (match-lambda
-              ((name . proc)
-               (let ((start (current-time time-monotonic)))
-                 (format #t "starting phase `~a'~%" name)
-                 (let ((result (apply proc args))
-                       (end    (current-time time-monotonic)))
-                   (format #t "phase `~a' ~:[failed~;succeeded~] after ~,1f seconds~%"
-                           name result
-                           (elapsed-time end start))
-
-                   ;; Issue a warning unless the result is #t.
-                   (unless (eqv? result #t)
-                     (format (current-error-port) "\
+  (every (match-lambda
+           ((name . proc)
+            (let ((start (current-time time-monotonic)))
+              (format #t "starting phase `~a'~%" name)
+              (let ((result (apply proc args))
+                    (end    (current-time time-monotonic)))
+                (format #t "phase `~a' ~:[failed~;succeeded~] after ~,1f seconds~%"
+                        name result
+                        (elapsed-time end start))
+
+                ;; Issue a warning unless the result is #t.
+                (unless (eqv? result #t)
+                  (format (current-error-port) "\
 ## WARNING: phase `~a' returned `~s'.  Return values other than #t
 ## are deprecated.  Please migrate this package so that its phase
 ## procedures report errors by raising an exception, and otherwise
 ## always return #t.~%"
-                             name result))
+                          name result))
 
-                   ;; Dump the environment variables as a shell script, for handy debugging.
-                   (system "export > $NIX_BUILD_TOP/environment-variables")
-                   result))))
-            phases))
+                ;; Dump the environment variables as a shell script, for handy debugging.
+                (system "export > $NIX_BUILD_TOP/environment-variables")
+                result))))
+         phases))
diff --git a/guix/build/gremlin.scm b/guix/build/gremlin.scm
index bb019967e5..e8ea66dfb3 100644
--- a/guix/build/gremlin.scm
+++ b/guix/build/gremlin.scm
@@ -41,7 +41,8 @@
             elf-dynamic-info-runpath
             expand-origin
 
-            validate-needed-in-runpath))
+            validate-needed-in-runpath
+            strip-runpath))
 
 ;;; Commentary:
 ;;;
@@ -99,10 +100,16 @@ dynamic linking information."
 ;;     } d_un;
 ;; } Elf64_Dyn;
 
+(define-record-type <dynamic-entry>
+  (dynamic-entry type value offset)
+  dynamic-entry?
+  (type   dynamic-entry-type)                     ;DT_*
+  (value  dynamic-entry-value)                    ;string | number | ...
+  (offset dynamic-entry-offset))                  ;integer
+
 (define (raw-dynamic-entries elf segment)
-  "Return as a list of type/value pairs all the dynamic entries found in
-SEGMENT, the 'PT_DYNAMIC' segment of ELF.  In the result, each car is a DT_
-value, and the interpretation of the cdr depends on the type."
+  "Return as a list of <dynamic-entry> for the dynamic entries found in
+SEGMENT, the 'PT_DYNAMIC' segment of ELF."
   (define start
     (elf-segment-offset segment))
   (define bytes
@@ -123,7 +130,9 @@ value, and the interpretation of the cdr depends on the type."
           (if (= type DT_NULL)                    ;finished?
               (reverse result)
               (loop (+ offset (* 2 word-size))
-                    (alist-cons type value result)))))))
+                    (cons (dynamic-entry type value
+                                         (+ start offset word-size))
+                          result)))))))
 
 (define (vma->offset elf vma)
   "Convert VMA, a virtual memory address, to an offset within ELF.
@@ -148,35 +157,33 @@ offset."
 
 (define (dynamic-entries elf segment)
   "Return all the dynamic entries found in SEGMENT, the 'PT_DYNAMIC' segment
-of ELF, as a list of type/value pairs.  The type is a DT_ value, and the value
-may be a string or an integer depending on the entry type (for instance, the
-value of DT_NEEDED entries is a string.)"
+of ELF, as a list of <dynamic-entry>.  The value of each entry may be a string
+or an integer depending on the entry type (for instance, the value of
+DT_NEEDED entries is a string.)  Likewise the offset is the offset within the
+string table if the type is a string."
   (define entries
     (raw-dynamic-entries elf segment))
 
   (define string-table-offset
-    (any (match-lambda
-            ((type . value)
-             (and (= type DT_STRTAB) value))
-            (_ #f))
+    (any (lambda (entry)
+           (and (= (dynamic-entry-type entry) DT_STRTAB)
+                (dynamic-entry-value entry)))
          entries))
 
-  (define (interpret-dynamic-entry type value)
-    (cond ((memv type (list DT_NEEDED DT_SONAME DT_RPATH DT_RUNPATH))
-           (if string-table-offset
-               (pointer->string
-                (bytevector->pointer (elf-bytes elf)
-                                     (vma->offset
-                                      elf
-                                      (+ string-table-offset value))))
-               value))
-          (else
-           value)))
-
-  (map (match-lambda
-         ((type . value)
-          (cons type (interpret-dynamic-entry type value))))
-       entries))
+  (define (interpret-dynamic-entry entry)
+    (let ((type  (dynamic-entry-type entry))
+          (value (dynamic-entry-value entry)))
+      (cond ((memv type (list DT_NEEDED DT_SONAME DT_RPATH DT_RUNPATH))
+             (if string-table-offset
+                 (let* ((offset (vma->offset elf (+ string-table-offset value)))
+                        (value  (pointer->string
+                                 (bytevector->pointer (elf-bytes elf) offset))))
+                   (dynamic-entry type value offset))
+                 (dynamic-entry type value (dynamic-entry-offset entry))))
+            (else
+             (dynamic-entry type value (dynamic-entry-offset entry))))))
+
+  (map interpret-dynamic-entry entries))
 
 
 ;;;
@@ -200,21 +207,29 @@ value of DT_NEEDED entries is a string.)"
 (define (elf-dynamic-info elf)
   "Return dynamic-link information for ELF as an <elf-dynamic-info> object, or
 #f if ELF lacks dynamic-link information."
+  (define (matching-entry type)
+    (lambda (entry)
+      (= type (dynamic-entry-type entry))))
+
   (match (dynamic-link-segment elf)
     (#f #f)
     ((? elf-segment? dynamic)
      (let ((entries (dynamic-entries elf dynamic)))
-       (%elf-dynamic-info (assv-ref entries DT_SONAME)
-                          (filter-map (match-lambda
-                                        ((type . value)
-                                         (and (= type DT_NEEDED) value))
-                                        (_ #f))
+       (%elf-dynamic-info (find (matching-entry DT_SONAME) entries)
+                          (filter-map (lambda (entry)
+                                        (and (= (dynamic-entry-type entry)
+                                                DT_NEEDED)
+                                             (dynamic-entry-value entry)))
                                       entries)
-                          (or (and=> (assv-ref entries DT_RPATH)
-                                     search-path->list)
+                          (or (and=> (find (matching-entry DT_RPATH)
+                                           entries)
+                                     (compose search-path->list
+                                              dynamic-entry-value))
                               '())
-                          (or (and=> (assv-ref entries DT_RUNPATH)
-                                     search-path->list)
+                          (or (and=> (find (matching-entry DT_RUNPATH)
+                                           entries)
+                                     (compose search-path->list
+                                              dynamic-entry-value))
                               '()))))))
 
 (define %libc-libraries
@@ -306,4 +321,47 @@ be found in RUNPATH ~s~%"
           ;;   (format (current-error-port) "~a is OK~%" file))
           (null? not-found))))))
 
+(define (strip-runpath file)
+  "Remove from the DT_RUNPATH of FILE any entries that are not necessary
+according to DT_NEEDED."
+  (define (minimal-runpath needed runpath)
+    (filter (lambda (directory)
+              (and (string-prefix? "/" directory)
+                   (any (lambda (lib)
+                          (file-exists? (string-append directory "/" lib)))
+                        needed)))
+            runpath))
+
+  (define port
+    (open-file file "r+b"))
+
+  (catch #t
+    (lambda ()
+      (let* ((elf      (parse-elf (get-bytevector-all port)))
+             (entries  (dynamic-entries elf (dynamic-link-segment elf)))
+             (needed   (filter-map (lambda (entry)
+                                     (and (= (dynamic-entry-type entry)
+                                             DT_NEEDED)
+                                          (dynamic-entry-value entry)))
+                                   entries))
+             (runpath  (find (lambda (entry)
+                               (= DT_RUNPATH (dynamic-entry-type entry)))
+                             entries))
+             (old      (search-path->list
+                        (dynamic-entry-value runpath)))
+             (new      (minimal-runpath needed old)))
+        (unless (equal? old new)
+          (format (current-error-port)
+                  "~a: stripping RUNPATH to ~s (removed ~s)~%"
+                  file new
+                  (lset-difference string=? old new))
+          (seek port (dynamic-entry-offset runpath) SEEK_SET)
+          (put-bytevector port (string->utf8 (string-join new ":")))
+          (put-u8 port 0))
+        (close-port port)
+        new))
+    (lambda (key . args)
+      (false-if-exception (close-port port))
+      (apply throw key args))))
+
 ;;; gremlin.scm ends here
diff --git a/guix/build/haskell-build-system.scm b/guix/build/haskell-build-system.scm
index 26519ce5a6..5a72d22842 100644
--- a/guix/build/haskell-build-system.scm
+++ b/guix/build/haskell-build-system.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch>
 ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
+;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -178,9 +179,10 @@ first match and return the content of the group."
                   (unless (file-exists? dest)
                     (copy-file file dest))))
               conf-files)
-    (zero? (system* "ghc-pkg"
-                    (string-append "--package-db=" %tmp-db-dir)
-                    "recache"))))
+    (invoke "ghc-pkg"
+            (string-append "--package-db=" %tmp-db-dir)
+            "recache")
+    #t))
 
 (define* (register #:key name system inputs outputs #:allow-other-keys)
   "Generate the compiler registration and binary package database files for a
@@ -238,32 +240,31 @@ given Haskell package."
           (list (string-append "--gen-pkg-config=" config-file))))
     (run-setuphs "register" params)
     ;; The conf file is created only when there is a library to register.
-    (or (not (file-exists? config-file))
-        (begin
-          (mkdir-p config-dir)
-          (let* ((config-file-name+id
-                  (call-with-ascii-input-file config-file (cut grep id-rx <>))))
-            (install-transitive-deps config-file %tmp-db-dir config-dir)
-            (rename-file config-file
-                         (string-append config-dir "/"
-                                        config-file-name+id ".conf"))
-            (zero? (system* "ghc-pkg"
-                            (string-append "--package-db=" config-dir)
-                            "recache")))))))
+    (unless (file-exists? config-file)
+      (mkdir-p config-dir)
+      (let* ((config-file-name+id
+              (call-with-ascii-input-file config-file (cut grep id-rx <>))))
+        (install-transitive-deps config-file %tmp-db-dir config-dir)
+        (rename-file config-file
+                     (string-append config-dir "/"
+                                    config-file-name+id ".conf"))
+        (invoke "ghc-pkg"
+                (string-append "--package-db=" config-dir)
+                "recache")))
+    #t))
 
 (define* (check #:key tests? test-target #:allow-other-keys)
   "Run the test suite of a given Haskell package."
   (if tests?
       (run-setuphs test-target '())
-      (begin
-        (format #t "test suite not run~%")
-        #t)))
+      (format #t "test suite not run~%"))
+  #t)
 
 (define* (haddock #:key outputs haddock? haddock-flags #:allow-other-keys)
   "Run the test suite of a given Haskell package."
-  (if haddock?
-      (run-setuphs "haddock" haddock-flags)
-      #t))
+  (when haddock?
+    (run-setuphs "haddock" haddock-flags))
+  #t)
 
 (define %standard-phases
   (modify-phases gnu:%standard-phases
diff --git a/guix/build/meson-build-system.scm b/guix/build/meson-build-system.scm
index 80e54723c5..d0975fcab0 100644
--- a/guix/build/meson-build-system.scm
+++ b/guix/build/meson-build-system.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Peter Mikkelsen <petermikkelsen10@gmail.com>
+;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -21,7 +22,6 @@
   #:use-module ((guix build gnu-build-system) #:prefix gnu:)
   #:use-module ((guix build glib-or-gtk-build-system) #:prefix glib-or-gtk:)
   #:use-module (guix build utils)
-  #:use-module (guix build rpath)
   #:use-module (guix build gremlin)
   #:use-module (guix elf)
   #:use-module (ice-9 match)
@@ -71,49 +71,19 @@
               "1"))
   (if tests?
       (invoke "ninja" test-target)
-      (begin
-        (format #t "test suite not run~%")
-        #t)))
+      (format #t "test suite not run~%"))
+  #t)
 
 (define* (install #:rest args)
   (invoke "ninja" "install"))
 
-(define* (fix-runpath #:key (elf-directories '("lib" "lib64" "libexec"
-                                               "bin" "sbin"))
-                      outputs #:allow-other-keys)
-  "Try to make sure all ELF files in ELF-DIRECTORIES are able to find their
-local dependencies in their RUNPATH, by searching for the needed libraries in
-the directories of the package, and adding them to the RUNPATH if needed.
-Also shrink the RUNPATH to what is needed,
+(define* (shrink-runpath #:key (elf-directories '("lib" "lib64" "libexec"
+                                                  "bin" "sbin"))
+                         outputs #:allow-other-keys)
+  "Go through all ELF files from ELF-DIRECTORIES and shrink the RUNPATH
 since a lot of directories are left over from the build phase of meson,
 for example libraries only needed for the tests."
 
-  ;; Find the directories (if any) that contains DEP-NAME.  The directories
-  ;; searched are the ones that ELF-FILES are in.
-  (define (find-deps dep-name elf-files)
-    (map dirname (filter (lambda (file)
-                           (string=? dep-name (basename file)))
-                         elf-files)))
-
-  ;; Return a list of libraries that FILE needs.
-  (define (file-needed file)
-    (let* ((elf (call-with-input-file file
-                  (compose parse-elf get-bytevector-all)))
-           (dyninfo (elf-dynamic-info elf)))
-      (if dyninfo
-          (elf-dynamic-info-needed dyninfo)
-          '())))
-
-
-  ;; If FILE needs any libs that are part of ELF-FILES, the RUNPATH
-  ;; is modified accordingly.
-  (define (handle-file file elf-files)
-    (let* ((dep-dirs (concatenate (map (lambda (dep-name)
-                                         (find-deps dep-name elf-files))
-                                       (file-needed file)))))
-      (unless (null? dep-dirs)
-        (augment-rpath file (string-join dep-dirs ":")))))
-
   (define handle-output
     (match-lambda
       ((output . directory)
@@ -129,10 +99,7 @@ for example libraries only needed for the tests."
               (elf-list (concatenate (map (lambda (dir)
                                             (find-files dir elf-pred))
                                           existing-elf-dirs))))
-         (for-each (lambda (elf-file)
-                     (invoke "patchelf" "--shrink-rpath" elf-file)
-                     (handle-file elf-file elf-list))
-                   elf-list)))))
+         (for-each strip-runpath elf-list)))))
   (for-each handle-output outputs)
   #t)
 
@@ -144,13 +111,8 @@ for example libraries only needed for the tests."
     (replace 'configure configure)
     (replace 'build build)
     (replace 'check check)
-    ;; XXX: We used to have 'fix-runpath' here, but it appears no longer
-    ;; necessary with newer Meson.  However on 'core-updates' there is a
-    ;; useful 'strip-runpath' procedure to ensure no bogus directories in
-    ;; RUNPATH (remember that we tell Meson to not touch RUNPATH in
-    ;; (@ (gnu packages build-tools) meson-for-build)), so it should be
-    ;; re-added there sans the augment-rpath calls (which are not needed).
-    (replace 'install install)))
+    (replace 'install install)
+    (add-after 'strip 'shrink-runpath shrink-runpath)))
 
 (define* (meson-build #:key inputs phases
                       #:allow-other-keys #:rest args)
diff --git a/guix/build/python-build-system.scm b/guix/build/python-build-system.scm
index 376ea81f1a..5bb0ba49d5 100644
--- a/guix/build/python-build-system.scm
+++ b/guix/build/python-build-system.scm
@@ -246,8 +246,6 @@ installed with setuptools."
 
 (define* (enable-bytecode-determinism #:rest _)
   "Improve determinism of pyc files."
-  ;; Set DETERMINISTIC_BUILD to override the embedded mtime in pyc files.
-  (setenv "DETERMINISTIC_BUILD" "1")
   ;; Use deterministic hashes for strings, bytes, and datetime objects.
   (setenv "PYTHONHASHSEED" "0")
   #t)
diff --git a/guix/build/r-build-system.scm b/guix/build/r-build-system.scm
index 4d8ac5b479..2c0b322da9 100644
--- a/guix/build/r-build-system.scm
+++ b/guix/build/r-build-system.scm
@@ -44,7 +44,7 @@
       (unless (zero? code)
         (raise (condition ((@@ (guix build utils) &invoke-error)
                            (program "R")
-                           (arguments (string-append params " " command))
+                           (arguments (cons command params))
                            (exit-status (status:exit-val code))
                            (term-signal (status:term-sig code))
                            (stop-signal (status:stop-sig code)))))))))
diff --git a/guix/build/utils.scm b/guix/build/utils.scm
index c58a1afd1c..5fe3286843 100644
--- a/guix/build/utils.scm
+++ b/guix/build/utils.scm
@@ -1057,11 +1057,11 @@ with definitions for VARS."
        (format #f "export ~a=\"~a\""
                var (string-join rest sep)))
       ((var sep 'prefix rest)
-       (format #f "export ~a=\"~a${~a~a+~a}$~a\""
-               var (string-join rest sep) var sep sep var))
+       (format #f "export ~a=\"~a${~a:+~a}$~a\""
+               var (string-join rest sep) var sep var))
       ((var sep 'suffix rest)
-       (format #f "export ~a=\"$~a${~a~a+~a}~a\""
-               var var var sep sep (string-join rest sep)))
+       (format #f "export ~a=\"$~a${~a+~a}~a\""
+               var var var sep (string-join rest sep)))
       ((var '= rest)
        (format #f "export ~a=\"~a\""
                var (string-join rest ":")))
diff --git a/guix/gexp.scm b/guix/gexp.scm
index ffc976d61b..3a600c3830 100644
--- a/guix/gexp.scm
+++ b/guix/gexp.scm
@@ -601,12 +601,6 @@ names and file names suitable for the #:allowed-references argument to
                            allowed-references disallowed-references
                            leaked-env-vars
                            local-build? (substitutable? #t)
-
-                           ;; TODO: This parameter is transitional; it's here
-                           ;; to avoid a full rebuild.  Remove it on the next
-                           ;; rebuild cycle.
-                           import-creates-derivation?
-
                            deprecation-warnings
                            (script-name (string-append name "-builder")))
   "Return a derivation NAME that runs EXP (a gexp) with GUILE-FOR-BUILD (a
@@ -701,18 +695,12 @@ The other arguments are as for 'derivation'."
                                        extensions))
                        (modules  (if (pair? %modules)
                                      (imported-modules %modules
-                                                       #:derivation?
-                                                       import-creates-derivation?
                                                        #:system system
                                                        #:module-path module-path
-                                                       #:guile guile-for-build
-                                                       #:deprecation-warnings
-                                                       deprecation-warnings)
+                                                       #:guile guile-for-build)
                                      (return #f)))
                        (compiled (if (pair? %modules)
                                      (compiled-modules %modules
-                                                       #:derivation?
-                                                       import-creates-derivation?
                                                        #:system system
                                                        #:module-path module-path
                                                        #:extensions extensions
@@ -1080,15 +1068,7 @@ to a tree suitable for 'interned-file-tree'."
                                     #:key (name "file-import")
                                     (symlink? #f)
                                     (system (%current-system))
-                                    (guile (%guile-for-build))
-
-                                    ;; XXX: The only reason we have
-                                    ;; #:deprecation-warnings is because (guix
-                                    ;; build utils), which we use here, relies
-                                    ;; on _IO*, which is deprecated in 2.2.  On
-                                    ;; the next full-rebuild cycle, we should
-                                    ;; disable such warnings unconditionally.
-                                    (deprecation-warnings #f))
+                                    (guile (%guile-for-build)))
   "Return a derivation that imports FILES into STORE.  FILES must be a list
 of (FINAL-PATH . FILE) pairs.  Each FILE is mapped to FINAL-PATH in the
 resulting store path.  FILE can be either a file name, or a file-like object,
@@ -1128,54 +1108,38 @@ to the source files instead of copying them."
                       #:guile-for-build guile
                       #:local-build? #t
 
-                      ;; TODO: On the next rebuild cycle, set to "no"
-                      ;; unconditionally.
+                      ;; Avoid deprecation warnings about the use of the _IO*
+                      ;; constants in (guix build utils).
                       #:env-vars
-                      (case deprecation-warnings
-                        ((#f)
-                         '(("GUILE_WARN_DEPRECATED" . "no")))
-                        ((detailed)
-                         '(("GUILE_WARN_DEPRECATED" . "detailed")))
-                        (else
-                         '())))))
+                      '(("GUILE_WARN_DEPRECATED" . "no")))))
 
 (define* (imported-files files
                          #:key (name "file-import")
-
-                         ;; TODO: Remove this parameter on the next rebuild
-                         ;; cycle.
-                         (derivation? #f)
-
                          ;; The following parameters make sense when creating
                          ;; an actual derivation.
                          (system (%current-system))
-                         (guile (%guile-for-build))
-                         (deprecation-warnings #f))
+                         (guile (%guile-for-build)))
   "Import FILES into the store and return the resulting derivation or store
 file name (a derivation is created if and only if some elements of FILES are
 file-like objects and not local file names.)  FILES must be a list
 of (FINAL-PATH . FILE) pairs.  Each FILE is mapped to FINAL-PATH in the
 resulting store path.  FILE can be either a file name, or a file-like object,
 as returned by 'local-file' for example."
-  (if (or derivation?
-          (any (match-lambda
-                 ((_ . (? struct? source)) #t)
-                 (_ #f))
-               files))
+  (if (any (match-lambda
+             ((_ . (? struct? source)) #t)
+             (_ #f))
+           files)
       (imported-files/derivation files #:name name
                                  #:symlink? derivation?
-                                 #:system system #:guile guile
-                                 #:deprecation-warnings deprecation-warnings)
+                                 #:system system #:guile guile)
       (interned-file-tree `(,name directory
                                   ,@(file-mapping->tree files)))))
 
 (define* (imported-modules modules
                            #:key (name "module-import")
-                           (derivation? #f)      ;TODO: remove on next rebuild
                            (system (%current-system))
                            (guile (%guile-for-build))
-                           (module-path %load-path)
-                           (deprecation-warnings #f))
+                           (module-path %load-path))
   "Return a derivation that contains the source files of MODULES, a list of
 module names such as `(ice-9 q)'.  All of MODULES must be either names of
 modules to be found in the MODULE-PATH search path, or a module name followed
@@ -1196,14 +1160,11 @@ last one is created from the given <scheme-file> object."
                          (cons f (search-path* module-path f)))))
                     modules)))
     (imported-files files #:name name
-                    #:derivation? derivation?
                     #:system system
-                    #:guile guile
-                    #:deprecation-warnings deprecation-warnings)))
+                    #:guile guile)))
 
 (define* (compiled-modules modules
                            #:key (name "module-import-compiled")
-                           (derivation? #f)      ;TODO: remove on next rebuild
                            (system (%current-system))
                            (guile (%guile-for-build))
                            (module-path %load-path)
@@ -1214,22 +1175,11 @@ corresponding to MODULES.  All the MODULES are built in a context where
 they can refer to each other."
   (define total (length modules))
 
-  (define build-utils-hack?
-    ;; To avoid a full rebuild, we limit the fix below to the case where
-    ;; MODULE-PATH is different from %LOAD-PATH.  This happens when building
-    ;; modules for 'compute-guix-derivation' upon 'guix pull'.  TODO: Make
-    ;; this unconditional on the next rebuild cycle.
-    (and (member '(guix build utils) modules)
-         (not (equal? module-path %load-path))))
-
   (mlet %store-monad ((modules (imported-modules modules
-                                                 #:derivation? derivation?
                                                  #:system system
                                                  #:guile guile
                                                  #:module-path
-                                                 module-path
-                                                 #:deprecation-warnings
-                                                 deprecation-warnings)))
+                                                 module-path)))
     (define build
       (gexp
        (begin
@@ -1268,46 +1218,34 @@ they can refer to each other."
          (setvbuf (current-output-port)
                   (cond-expand (guile-2.2 'line) (else _IOLBF)))
 
-         (ungexp-splicing
-          (if build-utils-hack?
-              (gexp ((define mkdir-p
-                       ;; Capture 'mkdir-p'.
-                       (@ (guix build utils) mkdir-p))))
-              '()))
+         (define mkdir-p
+           ;; Capture 'mkdir-p'.
+           (@ (guix build utils) mkdir-p))
 
          ;; Add EXTENSIONS to the search path.
-         ;; TODO: Remove the outer 'ungexp-splicing' on the next rebuild cycle.
-         (ungexp-splicing
-          (if (null? extensions)
-              '()
-              (gexp ((set! %load-path
-                       (append (map (lambda (extension)
-                                      (string-append extension
-                                                     "/share/guile/site/"
-                                                     (effective-version)))
-                                    '((ungexp-native-splicing extensions)))
-                               %load-path))
-                     (set! %load-compiled-path
-                       (append (map (lambda (extension)
-                                      (string-append extension "/lib/guile/"
-                                                     (effective-version)
-                                                     "/site-ccache"))
-                                    '((ungexp-native-splicing extensions)))
-                               %load-compiled-path))))))
+         (set! %load-path
+           (append (map (lambda (extension)
+                          (string-append extension
+                                         "/share/guile/site/"
+                                         (effective-version)))
+                        '((ungexp-native-splicing extensions)))
+                   %load-path))
+         (set! %load-compiled-path
+           (append (map (lambda (extension)
+                          (string-append extension "/lib/guile/"
+                                         (effective-version)
+                                         "/site-ccache"))
+                        '((ungexp-native-splicing extensions)))
+                   %load-compiled-path))
 
          (set! %load-path (cons (ungexp modules) %load-path))
 
-         (ungexp-splicing
-          (if build-utils-hack?
-              ;; Above we loaded our own (guix build utils) but now we may
-              ;; need to load a compile a different one.  Thus, force a
-              ;; reload.
-              (gexp ((let ((utils (ungexp
-                                   (file-append modules
-                                                "/guix/build/utils.scm"))))
-                       (when (file-exists? utils)
-                         (load utils)))))
-              '()))
+         ;; Above we loaded our own (guix build utils) but now we may need to
+         ;; load a compile a different one.  Thus, force a reload.
+         (let ((utils (string-append (ungexp modules)
+                                     "/guix/build/utils.scm")))
+           (when (file-exists? utils)
+             (load utils)))
 
          (mkdir (ungexp output))
          (chdir (ungexp modules))
diff --git a/guix/packages.scm b/guix/packages.scm
index a220b9c476..eab0b3404c 100644
--- a/guix/packages.scm
+++ b/guix/packages.scm
@@ -628,12 +628,7 @@ specifies modules in scope when evaluating SNIPPET."
                                           #:fail-on-error? #t)))))
               (apply invoke
                      (string-append #+tar "/bin/tar")
-                     "cvf" #$output
-                     ;; The bootstrap xz does not support
-                     ;; threaded compression (introduced in
-                     ;; 5.2.0), but it ignores the extra flag.
-                     (string-append "--use-compress-program="
-                                    #+xz "/bin/xz --threads=0")
+                     "cvfa" #$output
                      ;; avoid non-determinism in the archive
                      "--mtime=@0"
                      "--owner=root:0"
@@ -646,9 +641,6 @@ specifies modules in scope when evaluating SNIPPET."
 
     (let ((name (tarxz-name original-file-name)))
       (gexp->derivation name build
-                        ;; TODO: Remove this on the next rebuild cycle.
-                        #:import-creates-derivation? #t
-
                         #:graft? #f
                         #:system system
                         #:deprecation-warnings #t ;to avoid a rebuild
diff --git a/guix/self.scm b/guix/self.scm
index 5ad644b1df..c800c452e6 100644
--- a/guix/self.scm
+++ b/guix/self.scm
@@ -890,16 +890,9 @@ running Guile."
                 'canonical-package))
 
   (match version
-    ("2.2.2"
-     ;; Gross hack to avoid ABI incompatibilities (see
-     ;; <https://bugs.gnu.org/29570>.)
-     (module-ref (resolve-interface '(gnu packages guile))
-                 'guile-2.2.2))
     ("2.2"
-     ;; Use the latest version, which has fixes for
-     ;; <https://bugs.gnu.org/30602> and VM stack-marking issues.
      (canonical-package (module-ref (resolve-interface '(gnu packages guile))
-                                    'guile-2.2.4)))
+                                    'guile-2.2)))
     ("2.0"
      (module-ref (resolve-interface '(gnu packages guile))
                  'guile-2.0))))
@@ -927,9 +920,7 @@ is not supported."
                                #:name (string-append "guix-"
                                                      (shorten version))
                                #:pull-version pull-version
-                               #:guile-version (match guile-version
-                                                 ("2.2.2" "2.2")
-                                                 (version version))
+                               #:guile-version guile-version
                                #:guile-for-build guile)))
       (if guix
           (lower-object guix)
diff --git a/tests/gexp.scm b/tests/gexp.scm
index b22e635805..a0ed34aa6d 100644
--- a/tests/gexp.scm
+++ b/tests/gexp.scm
@@ -654,11 +654,11 @@
                        (drv      (imported-files files)))
     (define (file=? file1 file2)
       ;; Assume deduplication is in place.
-      (= (stat:ino (lstat file1))
-         (stat:ino (lstat file2))))
+      (= (stat:ino (stat file1))
+         (stat:ino (stat file2))))
 
     (mbegin %store-monad
-      (built-derivations (list drv))
+      (built-derivations (list (pk 'drv drv)))
       (mlet %store-monad ((dir -> (derivation->output-path drv))
                           (plain* (text-file "foo" "bar!"))
                           (q-scm* (interned-file q-scm "c")))
diff --git a/tests/gremlin.scm b/tests/gremlin.scm
index f1089e7da6..77a5dc1998 100644
--- a/tests/gremlin.scm
+++ b/tests/gremlin.scm
@@ -18,12 +18,14 @@
 
 (define-module (test-gremlin)
   #:use-module (guix elf)
+  #:use-module ((guix utils) #:select (call-with-temporary-directory))
   #:use-module (guix build utils)
   #:use-module (guix build gremlin)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-26)
   #:use-module (srfi srfi-64)
   #:use-module (rnrs io ports)
+  #:use-module (ice-9 popen)
   #:use-module (ice-9 match))
 
 (define %guile-executable
@@ -37,6 +39,9 @@
 (define read-elf
   (compose parse-elf get-bytevector-all))
 
+(define c-compiler
+  (or (which "gcc") (which "cc") (which "g++")))
+
 
 (test-begin "gremlin")
 
@@ -63,4 +68,32 @@
          "../${ORIGIN}/bar/$ORIGIN/baz"
          "ORIGIN/foo")))
 
+(unless c-compiler
+  (test-skip 1))
+(test-equal "strip-runpath"
+  "hello\n"
+  (call-with-temporary-directory
+   (lambda (directory)
+     (with-directory-excursion directory
+       (call-with-output-file "t.c"
+         (lambda (port)
+           (display "int main () { puts(\"hello\"); }" port)))
+       (invoke c-compiler "t.c"
+               "-Wl,-rpath=/foo" "-Wl,-rpath=/bar")
+       (let* ((dyninfo (elf-dynamic-info
+                        (parse-elf (call-with-input-file "a.out"
+                                     get-bytevector-all))))
+              (old     (elf-dynamic-info-runpath dyninfo))
+              (new     (strip-runpath "a.out"))
+              (new*    (strip-runpath "a.out")))
+         (validate-needed-in-runpath "a.out")
+         (and (member "/foo" old) (member "/bar" old)
+              (not (member "/foo" new))
+              (not (member "/bar" new))
+              (equal? new* new)
+              (let* ((pipe (open-input-pipe "./a.out"))
+                     (str  (get-string-all pipe)))
+                (close-pipe pipe)
+                str)))))))
+
 (test-end "gremlin")