summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk58
-rw-r--r--gnu/packages/admin.scm4
-rw-r--r--gnu/packages/algebra.scm2
-rw-r--r--gnu/packages/animation.scm10
-rw-r--r--gnu/packages/backup.scm5
-rw-r--r--gnu/packages/base.scm205
-rw-r--r--gnu/packages/bash.scm50
-rw-r--r--gnu/packages/bdw-gc.scm20
-rw-r--r--gnu/packages/bioinformatics.scm7
-rw-r--r--gnu/packages/boost.scm12
-rw-r--r--gnu/packages/bootloaders.scm4
-rw-r--r--gnu/packages/bootstrap.scm2
-rw-r--r--gnu/packages/commencement.scm30
-rw-r--r--gnu/packages/compression.scm142
-rw-r--r--gnu/packages/cups.scm10
-rw-r--r--gnu/packages/curl.scm18
-rw-r--r--gnu/packages/databases.scm11
-rw-r--r--gnu/packages/ed.scm4
-rw-r--r--gnu/packages/embedded.scm4
-rw-r--r--gnu/packages/file.scm4
-rw-r--r--gnu/packages/flex.scm8
-rw-r--r--gnu/packages/fontutils.scm52
-rw-r--r--gnu/packages/freedesktop.scm4
-rw-r--r--gnu/packages/gcc.scm3
-rw-r--r--gnu/packages/gd.scm5
-rw-r--r--gnu/packages/gettext.scm16
-rw-r--r--gnu/packages/ghostscript.scm259
-rw-r--r--gnu/packages/gl.scm14
-rw-r--r--gnu/packages/glib.scm1
-rw-r--r--gnu/packages/gnome.scm117
-rw-r--r--gnu/packages/gnupg.scm33
-rw-r--r--gnu/packages/golang.scm8
-rw-r--r--gnu/packages/groff.scm12
-rw-r--r--gnu/packages/guile.scm37
-rw-r--r--gnu/packages/icu4c.scm13
-rw-r--r--gnu/packages/image.scm77
-rw-r--r--gnu/packages/java.scm2
-rw-r--r--gnu/packages/kerberos.scm33
-rw-r--r--gnu/packages/ld-wrapper.in40
-rw-r--r--gnu/packages/libevent.scm12
-rw-r--r--gnu/packages/libffi.scm3
-rw-r--r--gnu/packages/libidn.scm38
-rw-r--r--gnu/packages/libsigsegv.scm17
-rw-r--r--gnu/packages/libunistring.scm8
-rw-r--r--gnu/packages/linux.scm51
-rw-r--r--gnu/packages/make-bootstrap.scm30
-rw-r--r--gnu/packages/maths.scm2
-rw-r--r--gnu/packages/mpd.scm11
-rw-r--r--gnu/packages/ncurses.scm13
-rw-r--r--gnu/packages/netpbm.scm23
-rw-r--r--gnu/packages/openldap.scm35
-rw-r--r--gnu/packages/package-management.scm4
-rw-r--r--gnu/packages/patches/ath9k-htc-firmware-binutils.patch20
-rw-r--r--gnu/packages/patches/binutils-mips-bash-bug.patch22
-rw-r--r--gnu/packages/patches/coreutils-cut-huge-range-test.patch29
-rw-r--r--gnu/packages/patches/coreutils-fix-cross-compilation.patch15
-rw-r--r--gnu/packages/patches/eudev-conflicting-declaration.patch31
-rw-r--r--gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch35
-rw-r--r--gnu/packages/patches/findutils-gnulib-multi-core.patch294
-rw-r--r--gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch82
-rw-r--r--gnu/packages/patches/fontconfig-path-max.patch124
-rw-r--r--gnu/packages/patches/freetype-CVE-2017-8105.patch56
-rw-r--r--gnu/packages/patches/freetype-CVE-2017-8287.patch44
-rw-r--r--gnu/packages/patches/gcc-asan-powerpc-missing-include.patch20
-rw-r--r--gnu/packages/patches/gettext-gnulib-multi-core.patch178
-rw-r--r--gnu/packages/patches/gettext-multi-core.patch185
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2013-5653.patch85
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2015-3228.patch32
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2016-7976.patch185
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2016-7978.patch25
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2016-7979.patch48
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2016-8602.patch47
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2017-8291.patch166
-rw-r--r--gnu/packages/patches/ghostscript-no-header-creationdate.patch22
-rw-r--r--gnu/packages/patches/ghostscript-no-header-id.patch57
-rw-r--r--gnu/packages/patches/ghostscript-no-header-uuid.patch50
-rw-r--r--gnu/packages/patches/ghostscript-runpath.patch17
-rw-r--r--gnu/packages/patches/grep-gnulib-lock.patch32
-rw-r--r--gnu/packages/patches/groff-source-date-epoch.patch299
-rw-r--r--gnu/packages/patches/guile-2.2-default-utf8.patch78
-rw-r--r--gnu/packages/patches/guile-relocatable.patch4
-rw-r--r--gnu/packages/patches/intltool-perl-compatibility.patch76
-rw-r--r--gnu/packages/patches/libffi-3.2.1-complex-alpha.patch28
-rw-r--r--gnu/packages/patches/libtasn1-CVE-2017-6891.patch51
-rw-r--r--gnu/packages/patches/libtiff-CVE-2016-10092.patch42
-rw-r--r--gnu/packages/patches/libtiff-CVE-2016-10093.patch53
-rw-r--r--gnu/packages/patches/libtiff-CVE-2016-10094.patch34
-rw-r--r--gnu/packages/patches/libtiff-CVE-2017-5225.patch86
-rw-r--r--gnu/packages/patches/libtiff-assertion-failure.patch60
-rw-r--r--gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch63
-rw-r--r--gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch104
-rw-r--r--gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch57
-rw-r--r--gnu/packages/patches/libtiff-divide-by-zero.patch67
-rw-r--r--gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch131
-rw-r--r--gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch132
-rw-r--r--gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch67
-rw-r--r--gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch60
-rw-r--r--gnu/packages/patches/libtiff-invalid-read.patch64
-rw-r--r--gnu/packages/patches/libtiff-null-dereference.patch42
-rw-r--r--gnu/packages/patches/libtiff-tiffcp-underflow.patch41
-rw-r--r--gnu/packages/patches/libunistring-gnulib-multi-core.patch178
-rw-r--r--gnu/packages/patches/mesa-fix-32bit-test-failures.patch58
-rw-r--r--gnu/packages/patches/mesa-skip-disk-cache-test.patch7
-rw-r--r--gnu/packages/patches/metabat-fix-boost-issue.patch27
-rw-r--r--gnu/packages/patches/pcre-CVE-2017-7186.patch56
-rw-r--r--gnu/packages/patches/perl-net-ssleay-disable-ede-test.patch23
-rw-r--r--gnu/packages/patches/perl-no-sys-dirs.patch73
-rw-r--r--gnu/packages/patches/poppler-CVE-2017-9776.patch34
-rw-r--r--gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch61
-rw-r--r--gnu/packages/patches/python-file-double-encoding-bug.patch50
-rw-r--r--gnu/packages/patches/shishi-fix-libgcrypt-detection.patch32
-rw-r--r--gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch18
-rw-r--r--gnu/packages/patches/wget-perl-5.26.patch96
-rw-r--r--gnu/packages/pciutils.scm19
-rw-r--r--gnu/packages/pcre.scm1
-rw-r--r--gnu/packages/pdf.scm17
-rw-r--r--gnu/packages/perl.scm485
-rw-r--r--gnu/packages/pkg-config.scm4
-rw-r--r--gnu/packages/pulseaudio.scm17
-rw-r--r--gnu/packages/python.scm26
-rw-r--r--gnu/packages/swig.scm12
-rw-r--r--gnu/packages/tex.scm130
-rw-r--r--gnu/packages/tls.scm92
-rw-r--r--gnu/packages/web.scm46
-rw-r--r--gnu/packages/wget.scm20
-rw-r--r--gnu/packages/wine.scm3
-rw-r--r--gnu/packages/wm.scm4
-rw-r--r--gnu/packages/xdisorg.scm4
-rw-r--r--gnu/packages/xml.scm11
-rw-r--r--gnu/packages/xorg.scm40
-rw-r--r--gnu/system.scm8
-rw-r--r--gnu/tests/ssh.scm2
-rw-r--r--guix/build-system/cmake.scm160
-rw-r--r--guix/build-system/gnu.scm1
-rw-r--r--guix/build/cmake-build-system.scm11
-rw-r--r--guix/build/gnu-build-system.scm43
-rw-r--r--guix/build/syscalls.scm16
-rw-r--r--guix/build/utils.scm17
-rw-r--r--guix/packages.scm7
139 files changed, 3474 insertions, 3558 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 8c00b00208..ddfe96433c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -2,7 +2,7 @@
 # Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 # Copyright © 2013, 2014, 2015, 2016, 2017 Andreas Enge <andreas@enge.fr>
 # Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
-# Copyright © 2013, 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
+# Copyright © 2013, 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
 # Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
 # Copyright © 2016, 2017 Kei Kebreau <kei@openmailbox.org>
 # Copyright © 2016, 2017 Rene Saavedra <rennes@openmailbox.org>
@@ -526,7 +526,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/bash-completion-directories.patch	\
   %D%/packages/patches/binutils-ld-new-dtags.patch		\
   %D%/packages/patches/binutils-loongson-workaround.patch	\
-  %D%/packages/patches/binutils-mips-bash-bug.patch		\
   %D%/packages/patches/blast+-fix-makefile.patch		\
   %D%/packages/patches/byobu-writable-status.patch		\
   %D%/packages/patches/cairo-CVE-2016-9082.patch			\
@@ -553,7 +552,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/cool-retro-term-memory-leak-1.patch	\
   %D%/packages/patches/cool-retro-term-remove-non-free-fonts.patch	\
   %D%/packages/patches/coreutils-cut-huge-range-test.patch	\
-  %D%/packages/patches/coreutils-fix-cross-compilation.patch    \
   %D%/packages/patches/cpio-CVE-2016-2037.patch			\
   %D%/packages/patches/cpufrequtils-fix-aclocal.patch		\
   %D%/packages/patches/cracklib-CVE-2016-6318.patch		\
@@ -583,9 +581,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/emacs-source-date-epoch.patch		\
   %D%/packages/patches/erlang-man-path.patch			\
   %D%/packages/patches/eudev-rules-directory.patch		\
-  %D%/packages/patches/eudev-conflicting-declaration.patch	\
   %D%/packages/patches/evilwm-lost-focus-bug.patch		\
-  %D%/packages/patches/expat-CVE-2016-0718-fix-regression.patch	\
   %D%/packages/patches/exim-CVE-2017-1000369.patch		\
   %D%/packages/patches/fastcap-mulGlobal.patch			\
   %D%/packages/patches/fastcap-mulSetup.patch			\
@@ -597,22 +593,20 @@ dist_patch_DATA =						\
   %D%/packages/patches/fcgi-2.4.0-gcc44-fixes.patch		\
   %D%/packages/patches/fcgi-2.4.0-poll.patch			\
   %D%/packages/patches/findutils-localstatedir.patch		\
+  %D%/packages/patches/findutils-gnulib-multi-core.patch	\
   %D%/packages/patches/findutils-test-xargs.patch		\
   %D%/packages/patches/flint-ldconfig.patch			\
   %D%/packages/patches/fltk-shared-lib-defines.patch		\
   %D%/packages/patches/fltk-xfont-on-demand.patch		\
-  %D%/packages/patches/fontconfig-charwidth-symbol-conflict.patch	\
-  %D%/packages/patches/fontconfig-path-max.patch		\
   %D%/packages/patches/fontforge-svg-modtime.patch		\
   %D%/packages/patches/freeimage-CVE-2015-0852.patch		\
   %D%/packages/patches/freeimage-CVE-2016-5684.patch		\
   %D%/packages/patches/freeimage-fix-build-with-gcc-5.patch	\
-  %D%/packages/patches/freetype-CVE-2017-8105.patch		\
-  %D%/packages/patches/freetype-CVE-2017-8287.patch		\
   %D%/packages/patches/fuse-overlapping-headers.patch				\
   %D%/packages/patches/gawk-shell.patch				\
   %D%/packages/patches/gcc-arm-bug-71399.patch			\
   %D%/packages/patches/gcc-arm-link-spec-fix.patch		\
+  %D%/packages/patches/gcc-asan-powerpc-missing-include.patch	\
   %D%/packages/patches/gcc-cross-environment-variables.patch	\
   %D%/packages/patches/gcc-libvtv-runpath.patch			\
   %D%/packages/patches/gcc-strmov-store-file-names.patch	\
@@ -634,14 +628,13 @@ dist_patch_DATA =						\
   %D%/packages/patches/gegl-CVE-2012-4433.patch			\
   %D%/packages/patches/gemma-intel-compat.patch			\
   %D%/packages/patches/geoclue-config.patch			\
+  %D%/packages/patches/gettext-multi-core.patch          	\
+  %D%/packages/patches/gettext-gnulib-multi-core.patch          \
   %D%/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch	\
-  %D%/packages/patches/ghostscript-CVE-2013-5653.patch		\
-  %D%/packages/patches/ghostscript-CVE-2015-3228.patch		\
-  %D%/packages/patches/ghostscript-CVE-2016-7976.patch		\
-  %D%/packages/patches/ghostscript-CVE-2016-7978.patch		\
-  %D%/packages/patches/ghostscript-CVE-2016-7979.patch		\
-  %D%/packages/patches/ghostscript-CVE-2016-8602.patch		\
   %D%/packages/patches/ghostscript-CVE-2017-8291.patch		\
+  %D%/packages/patches/ghostscript-no-header-id.patch		\
+  %D%/packages/patches/ghostscript-no-header-uuid.patch		\
+  %D%/packages/patches/ghostscript-no-header-creationdate.patch \
   %D%/packages/patches/ghostscript-runpath.patch		\
   %D%/packages/patches/glib-networking-ssl-cert-file.patch	\
   %D%/packages/patches/glib-tests-timer.patch			\
@@ -671,10 +664,13 @@ dist_patch_DATA =						\
   %D%/packages/patches/gobject-introspection-cc.patch		\
   %D%/packages/patches/gobject-introspection-girepository.patch	\
   %D%/packages/patches/graphite2-ffloat-store.patch		\
+  %D%/packages/patches/grep-gnulib-lock.patch                   \
   %D%/packages/patches/grep-timing-sensitive-test.patch		\
+  %D%/packages/patches/groff-source-date-epoch.patch		\
   %D%/packages/patches/gsl-test-i686.patch			\
   %D%/packages/patches/gspell-dash-test.patch			\
   %D%/packages/patches/guile-1.8-cpp-4.5.patch			\
+  %D%/packages/patches/guile-2.2-default-utf8.patch		\
   %D%/packages/patches/guile-bytestructures-name-clash.patch	\
   %D%/packages/patches/guile-default-utf8.patch			\
   %D%/packages/patches/guile-linux-syscalls.patch		\
@@ -711,6 +707,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/icu4c-reset-keyword-list-iterator.patch	\
   %D%/packages/patches/id3lib-CVE-2007-4460.patch			\
   %D%/packages/patches/ilmbase-fix-tests.patch			\
+  %D%/packages/patches/intltool-perl-compatibility.patch	\
   %D%/packages/patches/isl-0.11.1-aarch64-support.patch	\
   %D%/packages/patches/jacal-fix-texinfo.patch			\
   %D%/packages/patches/jbig2dec-ignore-testtest.patch		\
@@ -759,6 +756,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libgit2-0.25.1-mtime-0.patch		\
   %D%/packages/patches/libgdata-fix-tests.patch			\
   %D%/packages/patches/libgdata-glib-duplicate-tests.patch	\
+  %D%/packages/patches/libffi-3.2.1-complex-alpha.patch		\
   %D%/packages/patches/libjxr-fix-function-signature.patch	\
   %D%/packages/patches/libjxr-fix-typos.patch			\
   %D%/packages/patches/liboop-mips64-deplibs-fix.patch		\
@@ -775,27 +773,10 @@ dist_patch_DATA =						\
   %D%/packages/patches/libssh-hostname-parser-bug.patch		\
   %D%/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch	\
   %D%/packages/patches/libtar-CVE-2013-4420.patch 		\
-  %D%/packages/patches/libtasn1-CVE-2017-6891.patch 		\
-  %D%/packages/patches/libtasn1-CVE-2017-10790.patch 		\
+  %D%/packages/patches/libtasn1-CVE-2017-10790.patch		\
   %D%/packages/patches/libtheora-config-guess.patch		\
-  %D%/packages/patches/libtiff-CVE-2016-10092.patch		\
-  %D%/packages/patches/libtiff-CVE-2016-10093.patch		\
-  %D%/packages/patches/libtiff-CVE-2016-10094.patch		\
   %D%/packages/patches/libtiff-CVE-2016-10688.patch		\
-  %D%/packages/patches/libtiff-CVE-2017-5225.patch		\
   %D%/packages/patches/libtiff-CVE-2017-9936.patch		\
-  %D%/packages/patches/libtiff-assertion-failure.patch		\
-  %D%/packages/patches/libtiff-divide-by-zero-ojpeg.patch	\
-  %D%/packages/patches/libtiff-divide-by-zero-tiffcp.patch	\
-  %D%/packages/patches/libtiff-divide-by-zero-tiffcrop.patch	\
-  %D%/packages/patches/libtiff-divide-by-zero.patch		\
-  %D%/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch	\
-  %D%/packages/patches/libtiff-heap-overflow-tif-dirread.patch	\
-  %D%/packages/patches/libtiff-heap-overflow-tiffcp.patch	\
-  %D%/packages/patches/libtiff-heap-overflow-tiffcrop.patch	\
-  %D%/packages/patches/libtiff-invalid-read.patch		\
-  %D%/packages/patches/libtiff-null-dereference.patch		\
-  %D%/packages/patches/libtiff-tiffcp-underflow.patch		\
   %D%/packages/patches/libtiff-tiffgetfield-bugs.patch		\
   %D%/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch	\
   %D%/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch	\
@@ -803,6 +784,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libtorrent-rasterbar-boost-compat.patch	\
   %D%/packages/patches/libtool-skip-tests2.patch		\
   %D%/packages/patches/libunwind-CVE-2015-3239.patch		\
+  %D%/packages/patches/libunistring-gnulib-multi-core.patch	\
   %D%/packages/patches/libusb-0.1-disable-tests.patch		\
   %D%/packages/patches/libvpx-CVE-2016-2818.patch		\
   %D%/packages/patches/libxcb-python-3.5-compat.patch		\
@@ -842,11 +824,11 @@ dist_patch_DATA =						\
   %D%/packages/patches/mcrypt-CVE-2012-4409.patch			\
   %D%/packages/patches/mcrypt-CVE-2012-4426.patch			\
   %D%/packages/patches/mcrypt-CVE-2012-4527.patch			\
-  %D%/packages/patches/mesa-fix-32bit-test-failures.patch	\
   %D%/packages/patches/mesa-skip-disk-cache-test.patch		\
   %D%/packages/patches/mesa-wayland-egl-symbols-check-mips.patch	\
   %D%/packages/patches/metabat-remove-compilation-date.patch	\
   %D%/packages/patches/metabat-fix-compilation.patch		\
+  %D%/packages/patches/metabat-fix-boost-issue.patch		\
   %D%/packages/patches/mhash-keygen-test-segfault.patch		\
   %D%/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch		\
   %D%/packages/patches/mpc123-initialize-ao.patch		\
@@ -903,6 +885,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/patchelf-rework-for-arm.patch		\
   %D%/packages/patches/patchutils-xfail-gendiff-tests.patch	\
   %D%/packages/patches/patch-hurd-path-max.patch		\
+  %D%/packages/patches/pcre-CVE-2017-7186.patch			\
   %D%/packages/patches/pcre2-CVE-2017-7186.patch		\
   %D%/packages/patches/pcre2-CVE-2017-8786.patch		\
   %D%/packages/patches/perl-file-path-CVE-2017-6512.patch	\
@@ -913,7 +896,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/perl-gd-options-passthrough-and-fontconfig.patch \
   %D%/packages/patches/perl-io-socket-ssl-openssl-1.0.2f-fix.patch \
   %D%/packages/patches/perl-net-amazon-s3-moose-warning.patch	\
-  %D%/packages/patches/perl-net-ssleay-disable-ede-test.patch	\
   %D%/packages/patches/perl-net-dns-resolver-programmable-fix.patch	\
   %D%/packages/patches/perl-no-sys-dirs.patch			\
   %D%/packages/patches/perl-module-pluggable-search.patch	\
@@ -932,8 +914,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/plotutils-libpng-jmpbuf.patch		\
   %D%/packages/patches/polkit-drop-test.patch			\
   %D%/packages/patches/policycoreutils-make-sepolicy-use-python3.patch	\
-  %D%/packages/patches/poppler-CVE-2017-9776.patch		\
-  %D%/packages/patches/poppler-fix-crash-with-broken-documents.patch	\
   %D%/packages/patches/portaudio-audacity-compat.patch		\
   %D%/packages/patches/portmidi-modular-build.patch		\
   %D%/packages/patches/procmail-ambiguous-getline-debian.patch  \
@@ -957,7 +937,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/python-3.5-fix-tests.patch		\
   %D%/packages/patches/python-3.5-getentropy-on-old-kernels.patch	\
   %D%/packages/patches/python-dendropy-fix-tests.patch		\
-  %D%/packages/patches/python-file-double-encoding-bug.patch	\
   %D%/packages/patches/python-fix-tests.patch			\
   %D%/packages/patches/python-genshi-add-support-for-python-3.4-AST.patch	\
   %D%/packages/patches/python-genshi-buildable-on-python-2.7.patch	\
@@ -1014,6 +993,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/scotch-test-threading.patch		\
   %D%/packages/patches/sdl-libx11-1.6.patch			\
   %D%/packages/patches/seq24-rename-mutex.patch			\
+  %D%/packages/patches/shishi-fix-libgcrypt-detection.patch	\
   %D%/packages/patches/slim-session.patch			\
   %D%/packages/patches/slim-config.patch			\
   %D%/packages/patches/slim-sigusr1.patch			\
@@ -1042,7 +1022,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/tcsh-fix-out-of-bounds-read.patch	\
   %D%/packages/patches/teensy-loader-cli-help.patch		\
   %D%/packages/patches/teeworlds-use-latest-wavpack.patch	\
-  %D%/packages/patches/texlive-texmf-CVE-2016-10243.patch	\
   %D%/packages/patches/texi2html-document-encoding.patch	\
   %D%/packages/patches/texi2html-i18n.patch			\
   %D%/packages/patches/thefuck-test-environ.patch		\
@@ -1084,6 +1063,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/weechat-python.patch			\
   %D%/packages/patches/wget-CVE-2017-6508.patch			\
   %D%/packages/patches/wget-fix-504-test-timeout.patch			\
+  %D%/packages/patches/wget-perl-5.26.patch			\
   %D%/packages/patches/wicd-bitrate-none-fix.patch		\
   %D%/packages/patches/wicd-get-selected-profile-fix.patch	\
   %D%/packages/patches/wicd-urwid-1.3.patch			\
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index c4aa108f89..e8a1cb552c 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -167,10 +167,10 @@ and provides a \"top-like\" mode (monitoring).")
      `(("pkg-config" ,pkg-config)
 
        ;; This is the Guile we use as a cross-compiler...
-       ("guile" ,guile-2.0)))
+       ("guile" ,guile-2.2)))
     (inputs
      ;; ... and this is the one that appears in shebangs when cross-compiling.
-     `(("guile" ,guile-2.0)))
+     `(("guile" ,guile-2.2)))
     (synopsis "System service manager")
     (description
      "The GNU Shepherd is a daemon-managing daemon, meaning that it supervises
diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm
index d4405a5bf9..c57c703700 100644
--- a/gnu/packages/algebra.scm
+++ b/gnu/packages/algebra.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2016, 2017 Nicolas Goaziou <mail@nicolasgoaziou.fr>
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
@@ -479,7 +480,6 @@ binary.")
               (base32
                "0amh9ik44jfg66csyvf4zz1l878c4755kjndq9j0270akflgrbb2"))))
     (build-system gnu-build-system)
-    (inputs `(("readline" ,readline)))
     (native-inputs
      `(("ed" ,ed)
        ("flex" ,flex)
diff --git a/gnu/packages/animation.scm b/gnu/packages/animation.scm
index 3c590950fd..faa0d17230 100644
--- a/gnu/packages/animation.scm
+++ b/gnu/packages/animation.scm
@@ -78,6 +78,16 @@ C++ @dfn{Standard Template Library} (STL).")
                             "/lib"))
        #:phases
        (modify-phases %standard-phases
+         (add-after 'unpack 'fix-boost-build-error
+           ;; A chain of Boost headers leads to this error: "make_array" is
+           ;; not a member of "boost::serialization".  This can be avoided by
+           ;; loading the "array_wrapper" header first.
+           (lambda _
+             (substitute* "src/synfig/valuenodes/valuenode_dynamic.cpp"
+               (("#include <boost/numeric/odeint/integrate/integrate.hpp>" match)
+                (string-append
+                 "#include <boost/serialization/array_wrapper.hpp>\n" match)))
+             #t))
          (add-after 'unpack 'adapt-to-libxml++-changes
           (lambda _
             (substitute* "configure"
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index 227660a099..157b6a7cc5 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -184,8 +184,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
 (define-public libarchive
   (package
     (name "libarchive")
-    (replacement libarchive-3.3.1)
-    (version "3.2.2")
+    (version "3.3.1")
     (source
      (origin
        (method url-fetch)
@@ -193,7 +192,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
                            version ".tar.gz"))
        (sha256
         (base32
-         "03q6y428rg723c9fj1vidzjw46w1vf8z0h95lkvz1l9jw571j739"))))
+         "1rr40hxlm9vy5z2zb5w7pyfkgd1a4s061qapm83s19accb8mpji9"))))
     (build-system gnu-build-system)
     ;; TODO: Add -L/path/to/nettle in libarchive.pc.
     (inputs
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index da2c6dead6..1ccff1fcf5 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -7,6 +7,8 @@
 ;;; Copyright © 2014, 2015 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2017 Rene Saavedra <rennes@openmailbox.org>
+;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -87,7 +89,8 @@ command-line arguments, multiple languages, and so on.")
             (sha256
              (base32
               "1dcasjp3a578nrvzrcn38mpizb8w1q6mvfzhjmcqqgkf0nsivj72"))
-            (patches (search-patches "grep-timing-sensitive-test.patch"))))
+            (patches (search-patches "grep-timing-sensitive-test.patch"
+                                     "grep-gnulib-lock.patch"))))
    (build-system gnu-build-system)
    (native-inputs `(("perl" ,perl)))             ;some of the tests require it
    (arguments
@@ -228,14 +231,14 @@ differences.")
 (define-public diffutils
   (package
    (name "diffutils")
-   (version "3.5")
+   (version "3.6")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/diffutils/diffutils-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "0csmqfz8ks23kdjsq0v2ll1acqiz8lva06dj19mwmymrsp69ilys"))))
+              "1mivg0fy3a6fcn535ln8nkgfj6vxh5hsxxs5h6692wxmsjyyh8fn"))))
    (build-system gnu-build-system)
    (synopsis "Comparing and merging files")
    (description
@@ -258,8 +261,13 @@ interactive means to merge two files.")
             (sha256
              (base32
               "178nn4dl7wbcw499czikirnkniwnx36argdnqgz4ik9i6zvwkm6y"))
-            (patches (search-patches "findutils-localstatedir.patch"
-                                     "findutils-test-xargs.patch"))))
+            (patches (search-patches
+                      "findutils-localstatedir.patch"
+                      "findutils-test-xargs.patch"
+                      ;; test-lock has performance issues on multi-core
+                      ;; machines, it hangs or takes a long time to complete.
+                      ;; This is a commit from gnulib to fix this issue.
+                      "findutils-gnulib-multi-core.patch"))))
    (build-system gnu-build-system)
    (arguments
     `(#:configure-flags (list
@@ -285,15 +293,15 @@ used to apply commands with arbitrarily long arguments.")
 (define-public coreutils
   (package
    (name "coreutils")
-   (version "8.26")
+   (version "8.27")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/coreutils/coreutils-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "13lspazc7xkviy93qz7ks9jv4sldvgmwpq36ghrbrqpq93br8phm"))
-            (patches (search-patches "coreutils-fix-cross-compilation.patch"))))
+              "0sv547572iq8ayy8klir4hnngnx92a9nsazmf1wgzfc7xr4x74c8"))
+            (patches (search-patches "coreutils-cut-huge-range-test.patch"))))
    (build-system gnu-build-system)
    (inputs `(("acl"  ,acl)                        ; TODO: add SELinux
              ("gmp"  ,gmp)                        ;bignums in 'expr', yay!
@@ -308,21 +316,12 @@ used to apply commands with arbitrarily long arguments.")
     ;; copy of help2man.  However, don't pass it when cross-compiling since
     ;; that would lead it to try to run programs to get their '--help' output
     ;; for help2man.
-    `(,@(if (%current-target-system)
-            '()
-            `(("perl" ,perl)))
-
-      ;; Apply this patch only on ARM to avoid a full rebuild.
-      ;; TODO: Move to 'patches' in the next update cycle.
-      ,@(if (string-prefix? "arm" (or (%current-target-system)
-                                      (%current-system)))
-            `(("cut-test.patch"
-               ,(search-patch "coreutils-cut-huge-range-test.patch")))
-            '())))
+    (if (%current-target-system)
+        '()
+        `(("perl" ,perl))))
    (outputs '("out" "debug"))
    (arguments
     `(#:parallel-build? #f            ; help2man may be called too early
-      #:parallel-tests? #f            ; race condition fixed after 8.26
       #:phases (alist-cons-before
                 'build 'patch-shell-references
                 (lambda* (#:key inputs #:allow-other-keys)
@@ -337,22 +336,7 @@ used to apply commands with arbitrarily long arguments.")
                     (substitute* (find-files "tests" "\\.sh$")
                       (("#!/bin/sh")
                        (format #f "#!~a/bin/sh" bash)))))
-
-                ,@(if (string-prefix? "arm" (or (%current-target-system)
-                                                (%current-system)))
-                      '((alist-cons-before
-                         'build 'patch-cut-test
-                         (lambda* (#:key inputs native-inputs
-                                   #:allow-other-keys)
-                           (let ((patch (or (assoc-ref inputs
-                                                       "cut-test.patch")
-                                            (assoc-ref native-inputs
-                                                       "cut-test.patch"))))
-                             (zero?
-                              (system* "patch" "-p1" "--force"
-                                       "--input" patch))))
-                         %standard-phases))
-                      '(%standard-phases)))))
+                %standard-phases)))
    (synopsis "Core GNU utilities (file, text, shell)")
    (description
     "GNU Coreutils includes all of the basic command-line tools that are
@@ -362,29 +346,6 @@ functionality beyond that which is outlined in the POSIX standard.")
    (license gpl3+)
    (home-page "https://www.gnu.org/software/coreutils/")))
 
-;; We add version 8.27 here for use in (gnu system) due to a time
-;; zone bug in `date' versions 8.25 - 8.26.
-;; https://debbugs.gnu.org/cgi/bugreport.cgi?bug=23035
-;; https://debbugs.gnu.org/cgi/bugreport.cgi?bug=26238
-(define-public coreutils-8.27
-  (package
-    (inherit coreutils)
-    (version "8.27")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "mirror://gnu/coreutils/coreutils-"
-                                  version ".tar.xz"))
-              (sha256
-               (base32
-                "0sv547572iq8ayy8klir4hnngnx92a9nsazmf1wgzfc7xr4x74c8"))))
-    (arguments
-     (if (string-prefix? "arm" (or (%current-target-system)
-                                   (%current-system)))
-         (substitute-keyword-arguments (package-arguments coreutils)
-           ((#:phases phases)
-            `(alist-delete 'patch-cut-test ,phases)))
-         (package-arguments coreutils)))))
-
 (define-public coreutils-minimal
   ;; Coreutils without its optional dependencies.
   (package
@@ -434,17 +395,16 @@ change.  GNU make offers many powerful extensions over the standard utility.")
 (define-public binutils
   (package
    (name "binutils")
-   (version "2.27")
+   (version "2.28")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/binutils/binutils-"
                                 version ".tar.bz2"))
             (sha256
              (base32
-              "125clslv17xh1sab74343fg6v31msavpmaa1c1394zsqa773g5rn"))
+              "0wiasgns7i8km8nrxas265sh2dfpsw93b3qw195ipc90w4z475v2"))
             (patches (search-patches "binutils-ld-new-dtags.patch"
-                                     "binutils-loongson-workaround.patch"
-                                     "binutils-mips-bash-bug.patch"))))
+                                     "binutils-loongson-workaround.patch"))))
    (build-system gnu-build-system)
 
    ;; TODO: Add dependency on zlib + those for Gold.
@@ -456,10 +416,6 @@ change.  GNU make offers many powerful extensions over the standard utility.")
                           ;; Don't search under /usr/lib & co.
                           "--with-lib-path=/no-ld-lib-path"
 
-                          ;; Glibc 2.17 has a "comparison of unsigned
-                          ;; expression >= 0 is always true" in wchar.h.
-                          "--disable-werror"
-
                           ;; Install BFD.  It ends up in a hidden directory,
                           ;; but it's here.
                           "--enable-install-libbfd"
@@ -482,7 +438,7 @@ included.")
 (define* (make-ld-wrapper name #:key
                           (target (const #f))
                           binutils
-                          (guile (canonical-package guile-2.0))
+                          (guile (canonical-package guile-2.2))
                           (bash (canonical-package bash))
                           (guile-for-build guile))
   "Return a package called NAME that contains a wrapper for the 'ld' program
@@ -558,7 +514,6 @@ store.")
   (package
    (name "glibc")
    (version "2.25")
-   (replacement glibc-2.25-patched)
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/glibc/glibc-"
@@ -576,7 +531,12 @@ store.")
             (modules '((guix build utils)))
             (patches (search-patches "glibc-ldd-x86_64.patch"
                                      "glibc-versioned-locpath.patch"
-                                     "glibc-o-largefile.patch"))))
+                                     "glibc-o-largefile.patch"
+                                     "glibc-memchr-overflow-i686.patch"
+                                     "glibc-vectorized-strcspn-guards.patch"
+                                     "glibc-CVE-2017-1000366-pt1.patch"
+                                     "glibc-CVE-2017-1000366-pt2.patch"
+                                     "glibc-CVE-2017-1000366-pt3.patch"))))
    (build-system gnu-build-system)
 
    ;; Glibc's <limits.h> refers to <linux/limit.h>, for instance, so glibc
@@ -588,10 +548,6 @@ store.")
    (arguments
     `(#:out-of-source? #t
 
-      ;; In version 2.21, there a race in the 'elf' directory, see
-      ;; <http://lists.gnu.org/archive/html/guix-devel/2015-02/msg00709.html>.
-      #:parallel-build? #f
-
       ;; The libraries have an empty RUNPATH, but some, such as the versioned
       ;; libraries (libdl-2.24.so, etc.) have ld.so marked as NEEDED.  Since
       ;; these libraries are always going to be found anyway, just skip
@@ -667,19 +623,6 @@ store.")
                         ;; 4.7.1.
                         ((" -lgcc_s") ""))
 
-                      ;; Apply patch only on i686.
-                      ;; TODO: Move the patch to 'patches' in the next update cycle.
-                      ,@(if (string-prefix? "i686" (or (%current-target-system)
-                                                       (%current-system)))
-                            `((unless (zero? (system* "patch" "-p1" "--force"
-                                                      "--input"
-                                                      (or (assoc-ref native-inputs
-                                                                     "glibc-memchr-overflow-i686.patch")
-                                                          (assoc-ref inputs
-                                                                     "glibc-memchr-overflow-i686.patch"))))
-                                (error "patch failed for glibc-memchr-overflow-i686.patch")))
-                            '())
-
                       ;; Have `system' use that Bash.
                       (substitute* "sysdeps/posix/system.c"
                         (("#define[[:blank:]]+SHELL_PATH.*$")
@@ -723,15 +666,7 @@ store.")
    ;; install the message catalogs, with 'msgfmt'.
    (native-inputs `(("texinfo" ,texinfo)
                     ("perl" ,perl)
-                    ("gettext" ,gettext-minimal)
-
-                    ;; Apply this patch only on i686 to avoid a full rebuild.
-                    ;; TODO: Move to 'patches' in the next update cycle.
-                    ,@(if (string-prefix? "i686" (or (%current-target-system)
-                                                     (%current-system)))
-                          `(("glibc-memchr-overflow-i686.patch"
-                             ,(search-patch "glibc-memchr-overflow-i686.patch")))
-                          '())))
+                    ("gettext" ,gettext-minimal)))
 
    (native-search-paths
     ;; Search path for packages that provide locale data.  This is useful
@@ -780,71 +715,6 @@ with the Linux kernel.")
         ;; Add libmachuser.so and libhurduser.so to libc.so's search path.
         ;; See <http://lists.gnu.org/archive/html/bug-hurd/2015-07/msg00051.html>.
         `(modify-phases ,original-phases
-           ;; TODO: This is almost an exact copy of the phase of the same name
-           ;; in glibc/linux.  The only difference is that the i686 patch is
-           ;; not applied here.  In the next update cycle the patch moves to
-           ;; the patches field and this overwritten phase won't be needed any
-           ;; more.
-           (replace 'pre-configure
-             (lambda* (#:key inputs native-inputs outputs
-                       #:allow-other-keys)
-               (let* ((out  (assoc-ref outputs "out"))
-                      (bin  (string-append out "/bin"))
-                      ;; FIXME: Normally we would look it up only in INPUTS
-                      ;; but cross-base uses it as a native input.
-                      (bash (or (assoc-ref inputs "static-bash")
-                                (assoc-ref native-inputs "static-bash"))))
-                 ;; Install the rpc data base file under `$out/etc/rpc'.
-                 ;; FIXME: Use installFlags = [ "sysconfdir=$(out)/etc" ];
-                 (substitute* "sunrpc/Makefile"
-                   (("^\\$\\(inst_sysconfdir\\)/rpc(.*)$" _ suffix)
-                    (string-append out "/etc/rpc" suffix "\n"))
-                   (("^install-others =.*$")
-                    (string-append "install-others = " out "/etc/rpc\n")))
-
-                 (substitute* "Makeconfig"
-                   ;; According to
-                   ;; <http://www.linuxfromscratch.org/lfs/view/stable/chapter05/glibc.html>,
-                   ;; linking against libgcc_s is not needed with GCC
-                   ;; 4.7.1.
-                   ((" -lgcc_s") ""))
-
-                 ;; Have `system' use that Bash.
-                 (substitute* "sysdeps/posix/system.c"
-                   (("#define[[:blank:]]+SHELL_PATH.*$")
-                    (format #f "#define SHELL_PATH \"~a/bin/bash\"\n"
-                            bash)))
-
-                 ;; Same for `popen'.
-                 (substitute* "libio/iopopen.c"
-                   (("/bin/sh")
-                    (string-append bash "/bin/sh")))
-
-                 ;; Same for the shell used by the 'exec' functions for
-                 ;; scripts that lack a shebang.
-                 (substitute* (find-files "." "^paths\\.h$")
-                   (("#define[[:blank:]]+_PATH_BSHELL[[:blank:]].*$")
-                    (string-append "#define _PATH_BSHELL \""
-                                   bash "/bin/sh\"\n")))
-
-                 ;; Nscd uses __DATE__ and __TIME__ to create a string to
-                 ;; make sure the client and server come from the same
-                 ;; libc.  Use something deterministic instead.
-                 (substitute* "nscd/nscd_stat.c"
-                   (("static const char compilation\\[21\\] =.*$")
-                    (string-append
-                     "static const char compilation[21] = \""
-                     (string-take (basename out) 20) "\";\n")))
-
-                 ;; Make sure we don't retain a reference to the
-                 ;; bootstrap Perl.
-                 (substitute* "malloc/mtrace.pl"
-                   (("^#!.*")
-                    ;; The shebang can be omitted, because there's the
-                    ;; "bilingual" eval/exec magic at the top of the file.
-                    "")
-                   (("exec @PERL@")
-                    "exec perl")))))
            (add-after 'install 'augment-libc.so
              (lambda* (#:key outputs #:allow-other-keys)
                (let* ((out (assoc-ref outputs "out")))
@@ -902,19 +772,6 @@ GLIBC/HURD for a Hurd host"
 (define-syntax glibc
   (identifier-syntax (glibc-for-target)))
 
-(define glibc-2.25-patched
-  (package
-    (inherit glibc)
-    (source (origin
-              (inherit (package-source glibc))
-              (patches (search-patches "glibc-ldd-x86_64.patch"
-                                       "glibc-versioned-locpath.patch"
-                                       "glibc-o-largefile.patch"
-                                       "glibc-vectorized-strcspn-guards.patch"
-                                       "glibc-CVE-2017-1000366-pt1.patch"
-                                       "glibc-CVE-2017-1000366-pt2.patch"
-                                       "glibc-CVE-2017-1000366-pt3.patch"))))))
-
 ;; Below are old libc versions, which we use mostly to build locale data in
 ;; the old format (which the new libc cannot cope with.)
 
diff --git a/gnu/packages/bash.scm b/gnu/packages/bash.scm
index 9e93dfc491..b8b0ae58f6 100644
--- a/gnu/packages/bash.scm
+++ b/gnu/packages/bash.scm
@@ -211,33 +211,33 @@ without modification.")
     (outputs (delete "include" (package-outputs bash)))
 
     (arguments
-     (let ((args `(#:modules ((guix build gnu-build-system)
-                              (guix build utils)
-                              (srfi srfi-1)
-                              (srfi srfi-26))
-                   ,@(package-arguments bash))))
-       (substitute-keyword-arguments args
-         ((#:configure-flags flags)
-          `(list "--without-bash-malloc"
-                 "--disable-readline"
-                 "--disable-history"
-                 "--disable-help-builtin"
-                 "--disable-progcomp"
-                 "--disable-net-redirections"
-                 "--disable-nls"
+     (substitute-keyword-arguments (package-arguments bash)
+       ((#:modules _ '())
+        '((guix build gnu-build-system)
+          (guix build utils)
+          (srfi srfi-1)
+          (srfi srfi-26)))
+       ((#:configure-flags flags '())
+        `(list "--without-bash-malloc"
+               "--disable-readline"
+               "--disable-history"
+               "--disable-help-builtin"
+               "--disable-progcomp"
+               "--disable-net-redirections"
+               "--disable-nls"
 
-                 ;; Pretend 'dlopen' is missing so we don't build loadable
-                 ;; modules and related code.
-                 "ac_cv_func_dlopen=no"
+               ;; Pretend 'dlopen' is missing so we don't build loadable
+               ;; modules and related code.
+               "ac_cv_func_dlopen=no"
 
-                 ,@(if (%current-target-system)
-                       '("bash_cv_job_control_missing=no"
-                         "bash_cv_getcwd_malloc=yes")
-                       '())))
-         ((#:phases phases)
-          `(modify-phases ,phases
-             ;; No loadable modules.
-             (delete 'move-development-files))))))))
+               ,@(if (%current-target-system)
+                     '("bash_cv_job_control_missing=no"
+                       "bash_cv_getcwd_malloc=yes")
+                     '())))
+       ((#:phases phases)
+        `(modify-phases ,phases
+           ;; No loadable modules.
+           (delete 'move-development-files)))))))
 
 (define-public static-bash
   ;; Statically-linked Bash that contains nothing but the 'bash' binary and
diff --git a/gnu/packages/bdw-gc.scm b/gnu/packages/bdw-gc.scm
index b9732374d7..790a238579 100644
--- a/gnu/packages/bdw-gc.scm
+++ b/gnu/packages/bdw-gc.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2012, 2013, 2014, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2017 Rene Saavedra <rennes@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -23,7 +24,8 @@
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
-  #:use-module (gnu packages pkg-config))
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages hurd))
 
 (define-public libgc
   (package
@@ -38,8 +40,20 @@
               "143x7g0d0k6250ai6m2x3l4y352mzizi4wbgrmahxscv2aqjhjm1"))))
    (build-system gnu-build-system)
    (arguments
-    '(#:configure-flags '(;; Install gc_cpp.h et al.
-                          "--enable-cplusplus")))
+    `(#:configure-flags
+      (list
+       ;; Install gc_cpp.h et al.
+       "--enable-cplusplus"
+       ;; In GNU/Hurd systems during the 'Check' phase,
+       ;; there is a deadlock caused by the 'gctest' test.
+       ;; To disable the error set "--disable-gcj-support"
+       ;; to configure script. See bug report and discussion:
+       ;; <https://lists.opendylan.org/pipermail/bdwgc/2017-April/006275.html>
+       ;; <https://lists.gnu.org/archive/html/bug-hurd/2017-01/msg00008.html>
+       ,@(if (hurd-triplet? (or (%current-system)
+                                (%current-target-system)))
+             '("--disable-gcj-support")
+             '()))))
    (native-inputs `(("pkg-config" ,pkg-config)))
    (inputs `(("libatomic-ops" ,libatomic-ops)))
    (outputs '("out" "debug"))
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index c08297d7b6..8d508c6ce1 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -3484,7 +3484,8 @@ form of assemblies or reads.")
         (base32
          "0rws9r1ziv6way8cf49jg8bzj7x2131kfqkhj8byf0z5hnrq3bwv"))
        (patches (search-patches "metabat-remove-compilation-date.patch"
-                                "metabat-fix-compilation.patch"))))
+                                "metabat-fix-compilation.patch"
+                                "metabat-fix-boost-issue.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -4683,6 +4684,10 @@ Roche 454, Ion Torrent and Pacific BioSciences SMRT.")
         'configure
         (lambda* (#:key outputs #:allow-other-keys)
           (let ((out (assoc-ref outputs "out")))
+            ;; Allow 'konfigure.perl' to find 'package.prl'.
+            (setenv "PERL5LIB"
+                    (string-append ".:" (getenv "PERL5LIB")))
+
             ;; The 'configure' script doesn't recognize things like
             ;; '--enable-fast-install'.
             (zero? (system* "./configure"
diff --git a/gnu/packages/boost.scm b/gnu/packages/boost.scm
index dfaa853533..4c7308e9d6 100644
--- a/gnu/packages/boost.scm
+++ b/gnu/packages/boost.scm
@@ -28,14 +28,15 @@
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages perl)
   #:use-module (gnu packages python)
-  #:use-module (gnu packages shells)
-  #:use-module (gnu packages perl))
+  #:use-module (gnu packages shells))
 
 (define-public boost
   (package
     (name "boost")
-    (version "1.63.0")
+    (version "1.64.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -44,9 +45,10 @@
                     ".tar.bz2"))
               (sha256
                (base32
-                "1c5kzhcqahnic55dxcnw7r80qvwx5sfa2sa97yzv7xjrywljbbmy"))))
+                "0cikd35xfkpg9nnl76yqqnqxnf3hyfjjww8xjd4akflprsm5rk3v"))))
     (build-system gnu-build-system)
-    (inputs `(("zlib" ,zlib)))
+    (inputs `(("icu4c" ,icu4c)
+              ("zlib" ,zlib)))
     (native-inputs
      `(("perl" ,perl)
        ("python" ,python-2)
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
index ac18884385..f66d0bb3f4 100644
--- a/gnu/packages/bootloaders.scm
+++ b/gnu/packages/bootloaders.scm
@@ -122,7 +122,7 @@
        ("bison" ,bison)
        ;; Due to a bug in flex >= 2.6.2, GRUB must be built with an older flex:
        ;; <http://lists.gnu.org/archive/html/grub-devel/2017-02/msg00133.html>
-       ;; TODO Try building with flex > 2.6.3.
+       ;; TODO Try building with flex > 2.6.4.
        ("flex" ,flex-2.6.1)
        ("texinfo" ,texinfo)
        ("help2man" ,help2man)
@@ -292,7 +292,7 @@ menu to select one of the installed operating systems.")
     (build-system gnu-build-system)
     (native-inputs
      `(("bison" ,bison)
-       ("flex" ,flex-2.6.1))) ; A bug in flex prevents building with flex-2.6.3.
+       ("flex" ,flex)))
     (arguments
      `(#:make-flags
        (list "CC=gcc"
diff --git a/gnu/packages/bootstrap.scm b/gnu/packages/bootstrap.scm
index f43decc96e..ba733b3a9e 100644
--- a/gnu/packages/bootstrap.scm
+++ b/gnu/packages/bootstrap.scm
@@ -162,6 +162,7 @@ successful, or false to signal an error."
                                         gnu-triplet->nix-system)
                                  (%current-system))))
   "Return the name of Glibc's dynamic linker for SYSTEM."
+  ;; See the 'SYSDEP_KNOWN_INTERPRETER_NAMES' cpp macro in libc.
   (cond ((string=? system "x86_64-linux") "/lib/ld-linux-x86-64.so.2")
         ((string=? system "i686-linux") "/lib/ld-linux.so.2")
         ((string=? system "armhf-linux") "/lib/ld-linux-armhf.so.3")
@@ -170,6 +171,7 @@ successful, or false to signal an error."
         ((string=? system "i686-gnu") "/lib/ld.so.1")
         ((string=? system "aarch64-linux") "/lib/ld-linux-aarch64.so.1")
         ((string=? system "powerpc-linux") "/lib/ld.so.1")
+        ((string=? system "powerpc64le-linux") "/lib/ld64.so.2")
         ((string=? system "alpha-linux") "/lib/ld-linux.so.2")
 
         ;; XXX: This one is used bare-bones, without a libc, so add a case
diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm
index 54cf89bf47..2b67881ede 100644
--- a/gnu/packages/commencement.scm
+++ b/gnu/packages/commencement.scm
@@ -509,14 +509,7 @@ the bootstrap environment."
      (propagated-inputs `(("kernel-headers" ,(kernel-headers-boot0))))
      (native-inputs
       `(("texinfo" ,texinfo-boot0)
-        ("perl" ,perl-boot0)
-        ;; Apply this patch only on i686 to avoid a full rebuild.
-        ;; TODO: Remove in the next update cycle.
-        ,@(if (string-prefix? "i686" (or (%current-target-system)
-                                         (%current-system)))
-              `(("glibc-memchr-overflow-i686.patch"
-                 ,(search-patch "glibc-memchr-overflow-i686.patch")))
-              '())))
+        ("perl" ,perl-boot0)))
      (inputs
       `(;; The boot inputs.  That includes the bootstrap libc.  We don't want
         ;; it in $CPATH, hence the 'pre-configure' phase above.
@@ -806,13 +799,14 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
 
 (define bash-final
   ;; Link with `-static-libgcc' to make sure we don't retain a reference
-  ;; to the bootstrap GCC.
+  ;; to the bootstrap GCC.  Use "bash-minimal" to avoid an extra dependency
+  ;; on Readline and ncurses.
   (let ((bash (package
-                (inherit bash)
+                (inherit bash-minimal)
                 (arguments
                  `(#:disallowed-references
                    ,(assoc-ref %boot3-inputs "coreutils&co")
-                   ,@(package-arguments bash))))))
+                   ,@(package-arguments bash-minimal))))))
     (package-with-bootstrap-guile
      (package-with-explicit-inputs (static-libgcc-package bash)
                                    %boot3-inputs
@@ -828,7 +822,7 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
   ;; This package must be public because other modules refer to it.  However,
   ;; mark it as hidden so that 'fold-packages' ignores it.
   (package-with-bootstrap-guile
-   (package-with-explicit-inputs (hidden-package guile-2.0/fixed)
+   (package-with-explicit-inputs (hidden-package guile-2.2/fixed)
                                  %boot4-inputs
                                  (current-source-location)
                                  #:guile %bootstrap-guile)))
@@ -849,12 +843,10 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
 
 (define-public ld-wrapper
   ;; The final 'ld' wrapper, which uses the final Guile and Binutils.
-  (package (inherit ld-wrapper-boot3)
-    (name "ld-wrapper")
-    (inputs `(("guile" ,guile-final)
-              ("bash"  ,bash-final)
-              ,@(fold alist-delete (package-inputs ld-wrapper-boot3)
-                      '("guile" "bash"))))))
+  (make-ld-wrapper "ld-wrapper"
+                   #:binutils binutils-final
+                   #:guile guile-final
+                   #:bash bash-final))
 
 (define %boot5-inputs
   ;; Now with UTF-8 locales.  Remember that the bootstrap binaries were built
@@ -947,7 +939,7 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
 the implicit inputs of 'gnu-build-system', return that one, otherwise return
 PACKAGE.
 
-The goal is to avoid duplication in cases like GUILE-FINAL vs. GUILE-2.0,
+The goal is to avoid duplication in cases like GUILE-FINAL vs. GUILE-2.2,
 COREUTILS-FINAL vs. COREUTILS, etc."
       ;; XXX: This doesn't handle dependencies of the final inputs, such as
       ;; libunistring, GMP, etc.
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index a732ca26de..f2989d9c15 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -212,84 +212,78 @@ file; as a result, it is often used in conjunction with \"tar\", resulting in
    (home-page "https://www.gnu.org/software/gzip/")))
 
 (define-public bzip2
-  (let ((build-shared-lib
-         ;; Build a shared library.
-         '(lambda* (#:key inputs #:allow-other-keys)
-            (patch-makefile-SHELL "Makefile-libbz2_so")
-            (zero? (system* "make" "-f" "Makefile-libbz2_so"))))
-        (install-shared-lib
-         '(lambda* (#:key outputs #:allow-other-keys)
-            (let* ((out    (assoc-ref outputs "out"))
-                   (libdir (string-append out "/lib")))
-              (for-each (lambda (file)
-                          (let ((base (basename file)))
-                            (format #t "installing `~a' to `~a'~%"
-                                    base libdir)
-                            (copy-file file
-                                       (string-append libdir "/" base))))
-                        (find-files "." "^libbz2\\.so")))))
-        (set-cross-environment
-         '(lambda* (#:key target #:allow-other-keys)
-            (substitute* (find-files "." "Makefile")
-              (("CC=.*$")
-               (string-append "CC = " target "-gcc\n"))
-              (("AR=.*$")
-               (string-append "AR = " target "-ar\n"))
-              (("RANLIB=.*$")
-               (string-append "RANLIB = " target "-ranlib\n"))
-              (("^all:(.*)test" _ prerequisites)
-               ;; Remove 'all' -> 'test' dependency.
-               (string-append "all:" prerequisites "\n"))))))
-    (package
-      (name "bzip2")
-      (version "1.0.6")
-      (source (origin
-               (method url-fetch)
-               (uri (string-append "http://www.bzip.org/" version "/bzip2-"
-                                   version ".tar.gz"))
-               (sha256
-                (base32
-                 "1kfrc7f0ja9fdn6j1y6yir6li818npy6217hvr3wzmnmzhs8z152"))))
-      (build-system gnu-build-system)
-      (arguments
-       `(#:modules ((guix build gnu-build-system)
-                    (guix build utils)
-                    (srfi srfi-1))
-         #:phases
-         ,(if (%current-target-system)
-
-              ;; Cross-compilation: use the cross tools.
-              `(alist-cons-before
-                'build 'build-shared-lib ,build-shared-lib
-                (alist-cons-after
-                 'install 'install-shared-lib ,install-shared-lib
-                 (alist-replace 'configure ,set-cross-environment
-                                %standard-phases)))
-
-              ;; Native compilation: build the shared library.
-              `(alist-cons-before
-                'build 'build-shared-lib ,build-shared-lib
-                (alist-cons-after
-                 'install 'install-shared-lib ,install-shared-lib
-                 (alist-delete 'configure %standard-phases))))
+  (package
+    (name "bzip2")
+    (version "1.0.6")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://www.bzip.org/" version "/bzip2-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "1kfrc7f0ja9fdn6j1y6yir6li818npy6217hvr3wzmnmzhs8z152"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (srfi srfi-1))
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda* (#:key target #:allow-other-keys)
+             (if ,(%current-target-system)
+                 ;; Cross-compilation: use the cross tools.
+                 (substitute* (find-files "." "Makefile")
+                   (("CC=.*$")
+                    (string-append "CC = " target "-gcc\n"))
+                   (("AR=.*$")
+                    (string-append "AR = " target "-ar\n"))
+                   (("RANLIB=.*$")
+                    (string-append "RANLIB = " target "-ranlib\n"))
+                   (("^all:(.*)test" _ prerequisites)
+                    ;; Remove 'all' -> 'test' dependency.
+                    (string-append "all:" prerequisites "\n")))
+                 #t)))
+         (add-before 'build 'build-shared-lib
+           (lambda* (#:key inputs #:allow-other-keys)
+             (patch-makefile-SHELL "Makefile-libbz2_so")
+             (zero? (system* "make" "-f" "Makefile-libbz2_so"))))
+         (add-after 'install 'install-shared-lib
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out    (assoc-ref outputs "out"))
+                    (libdir (string-append out "/lib")))
+               (for-each (lambda (file)
+                           (let ((base (basename file)))
+                             (format #t "installing `~a' to `~a'~%"
+                                     base libdir)
+                             (copy-file file
+                                        (string-append libdir "/" base))))
+                         (find-files "." "^libbz2\\.so")))
+             #t))
+         (add-after 'install-shared-lib 'patch-scripts
+           (lambda* (#:key outputs inputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out")))
+               (substitute* (string-append out "/bin/bzdiff")
+                 (("/bin/rm") "rm")))
+             #t)))
 
-         #:make-flags (list (string-append "PREFIX="
-                                           (assoc-ref %outputs "out")))
+       #:make-flags (list (string-append "PREFIX="
+                                         (assoc-ref %outputs "out")))
 
-         ;; Don't attempt to run the tests when cross-compiling.
-         ,@(if (%current-target-system)
-               '(#:tests? #f)
-               '())))
-      (synopsis "High-quality data compression program")
-      (description
-       "bzip2 is a freely available, patent free (see below), high-quality data
+       ;; Don't attempt to run the tests when cross-compiling.
+       ,@(if (%current-target-system)
+             '(#:tests? #f)
+             '())))
+    (synopsis "High-quality data compression program")
+    (description
+     "bzip2 is a freely available, patent free (see below), high-quality data
 compressor.  It typically compresses files to within 10% to 15% of the best
 available techniques (the PPM family of statistical compressors), whilst
 being around twice as fast at compression and six times faster at
 decompression.")
-      (license (license:non-copyleft "file://LICENSE"
-                                  "See LICENSE in the distribution."))
-      (home-page "http://www.bzip.org/"))))
+    (license (license:non-copyleft "file://LICENSE"
+                                   "See LICENSE in the distribution."))
+    (home-page "http://www.bzip.org/")))
 
 (define-public lbzip2
   (package
@@ -462,14 +456,14 @@ some compression ratio).")
 (define-public lzip
   (package
     (name "lzip")
-    (version "1.16")
+    (version "1.18")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://savannah/lzip/lzip-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "0l9724rw1l3hg2ldr3n7ihqich4m9nc6y7l302bvdj4jmxdw530j"))))
+               "1p8lvc22sv3damld9ng8y6i8z2dvvpsbi9v7yhr5bc2a20m8iya7"))))
     (build-system gnu-build-system)
     (home-page "http://www.nongnu.org/lzip/lzip.html")
     (synopsis "Lossless data compressor based on the LZMA algorithm")
diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index fec328cda6..aba8ce7eb1 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017 Mark H Weaver <mhw@netris.org>
@@ -53,7 +53,7 @@
 (define-public cups-filters
   (package
     (name "cups-filters")
-    (version "1.13.1")
+    (version "1.14.1")
     (source(origin
               (method url-fetch)
               (uri
@@ -61,7 +61,7 @@
                               "cups-filters-" version ".tar.xz"))
               (sha256
                (base32
-                "0s7hylp2lcvc1vrqpywpv7lspkrh4xf7cyi4nbg10cf38rshj474"))
+                "0175jhqpsyn7bkh7w43ydhyws5zsdak05hr1fsadvzslvwqkffgi"))
               (modules '((guix build utils)))
               (snippet
                ;; install backends, banners and filters to cups-filters output
@@ -141,7 +141,7 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
 (define-public cups-minimal
   (package
     (name "cups-minimal")
-    (version "2.2.1")
+    (version "2.2.4")
     (source
      (origin
        (method url-fetch)
@@ -149,7 +149,7 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
                            version "/cups-" version "-source.tar.gz"))
        (sha256
         (base32
-         "1m8rwhbk0l8n19iwm51r2569jj15d0x6mpqhfig0bk3pm4577f43"))))
+         "1k4qxafmapq6hzbkh273fdyzkj9alw6ppwz5k933bhsi4svlsvar"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index a9f219b621..af15aa38c4 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -40,15 +40,14 @@
 (define-public curl
   (package
    (name "curl")
-   (replacement curl-7.54.1)
-   (version "7.53.0")
+   (version "7.54.1")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://curl.haxx.se/download/curl-"
                                 version ".tar.lzma"))
             (sha256
              (base32
-              "1k0i31xygb804c61llhin5wbpcscg4gfqmbxcfkpdr1alwh7igrq"))))
+              "0vnv3cz0s1l5cjby86hm0x6pgzqijmdm97qa9q5px200956z6yib"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"))                             ;1.2 MiB of man3 pages
@@ -120,16 +119,3 @@ tunneling, and so on.")
    (license (license:non-copyleft "file://COPYING"
                                   "See COPYING in the distribution."))
    (home-page "https://curl.haxx.se/")))
-
-(define curl-7.54.1
-  (package
-    (inherit curl)
-    (version "7.54.1")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append "https://curl.haxx.se/download/curl-"
-                            version ".tar.lzma"))
-        (sha256
-         (base32
-          "0vnv3cz0s1l5cjby86hm0x6pgzqijmdm97qa9q5px200956z6yib"))))))
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 13efc5edca..b77270e11e 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -127,14 +127,14 @@ either single machines or networked clusters.")
 (define-public gdbm
   (package
     (name "gdbm")
-    (version "1.12")
+    (version "1.13")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnu/gdbm/gdbm-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1smwz4x5qa4js0zf1w3asq6z7mh20zlgwbh2bk5dczw6xrk22yyr"))))
+                "0lx201q20dvc70f8a3c9s7s18z15inlxvbffph97ngvrgnyjq9cx"))))
     (arguments `(#:configure-flags '("--enable-libgdbm-compat")))
     (build-system gnu-build-system)
     (home-page "http://www.gnu.org.ua/software/gdbm")
@@ -753,7 +753,7 @@ for example from a shell script.")
 (define-public sqlite
   (package
    (name "sqlite")
-   (version "3.17.0")
+   (version "3.19.3")
    (source (origin
             (method url-fetch)
             (uri (let ((numeric-version
@@ -769,7 +769,7 @@ for example from a shell script.")
                                   numeric-version ".tar.gz")))
             (sha256
              (base32
-              "0k472gq0p706jq4529p60znvw02hdf172qxgbdv59q0n7anqbr54"))))
+              "00b3l2qglpl1inx21fckiwxnfq5xf6441flc79rqg7zdvh1rq4h6"))))
    (build-system gnu-build-system)
    (inputs `(("readline" ,readline)))
    (arguments
@@ -1089,7 +1089,8 @@ module, and nothing else.")
          "17sgwq3mvqjhv3b77cnvrq60xgp8harjhlnvpwmxc914rqc5ckaz"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-test-deep" ,perl-test-deep)
+     `(("perl-module-install" ,perl-module-install)
+       ("perl-test-deep" ,perl-test-deep)
        ("perl-test-exception" ,perl-test-exception)
        ("perl-test-warn" ,perl-test-warn)))
     (propagated-inputs
diff --git a/gnu/packages/ed.scm b/gnu/packages/ed.scm
index 5014229952..d30d7bcfa8 100644
--- a/gnu/packages/ed.scm
+++ b/gnu/packages/ed.scm
@@ -28,14 +28,14 @@
 (define-public ed
   (package
     (name "ed")
-    (version "1.14.1")
+    (version "1.14.2")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/ed/ed-"
                                  version ".tar.lz"))
              (sha256
               (base32
-               "0ajm69pma7gigddlrq2qi4dsllz9vhm8gqwpkcdagdd2yaw7xfgz"))))
+               "1nqhk3n1s1p77g2bjnj55acicsrlyb2yasqxqwpx0w0djfx64ygm"))))
     (build-system gnu-build-system)
     (native-inputs `(("lzip" ,lzip)))
     (arguments
diff --git a/gnu/packages/embedded.scm b/gnu/packages/embedded.scm
index cf4ac5351a..1f7176ae78 100644
--- a/gnu/packages/embedded.scm
+++ b/gnu/packages/embedded.scm
@@ -447,7 +447,7 @@ with a layered architecture of JTAG interface and TAP support.")
          ,@(package-arguments xbinutils)))
       (native-inputs
        `(("bison" ,bison)
-         ("flex" ,flex-2.6.1) ; needed because of yywrap error
+         ("flex" ,flex)
          ("texinfo" ,texinfo)
          ("dejagnu" ,dejagnu)
          ,@(package-native-inputs xbinutils))))))
@@ -828,7 +828,7 @@ simulator.")
                  (base32
                   "14b3h2ji740s8zq5vwm4qdcxs4aa4wxi6wb9di3bv1h39x14nyr9"))))
          ("texinfo" ,texinfo)
-         ("flex" ,flex-2.6.1) ; A bug in flex prevents building with flex-2.6.3.
+         ("flex" ,flex)
          ("bison" ,bison)
          ("guile-1.8" ,guile-1.8)
          ("which" ,base:which)))
diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm
index a6239877a0..050e6715b1 100644
--- a/gnu/packages/file.scm
+++ b/gnu/packages/file.scm
@@ -28,14 +28,14 @@
 (define-public file
   (package
    (name "file")
-    (version "5.28")
+    (version "5.30")
     (source (origin
               (method url-fetch)
               (uri (string-append "ftp://ftp.astron.com/pub/file/file-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "04p0w9ggqq6cqvwhyni0flji1z0rwrz896hmhkxd2mc6dca5xjqf"))))
+                "057jpcyy8ws7q4s4sm8r1rxb8xycdbng2z4y9i98f094wlr28k39"))))
    (build-system gnu-build-system)
 
    ;; When cross-compiling, this package depends upon a native install of
diff --git a/gnu/packages/flex.scm b/gnu/packages/flex.scm
index 1470b967da..b09ac0bb89 100644
--- a/gnu/packages/flex.scm
+++ b/gnu/packages/flex.scm
@@ -32,7 +32,7 @@
 (define-public flex
   (package
     (name "flex")
-    (version "2.6.3")
+    (version "2.6.4")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -41,7 +41,7 @@
                     "flex-" version ".tar.gz"))
               (sha256
                (base32
-                "1an2cn2z85mkpgqcinh1fhhcd7993qm2lil1yxic8iz76ci79ck8"))))
+                "15g9bv236nzi665p9ggqjlfn4dwck5835vf0bbw2cz7h5c1swyp8"))))
     (build-system gnu-build-system)
     (inputs
      (let ((bison-for-tests
@@ -86,10 +86,6 @@ executes the corresponding C code.")
     (license (non-copyleft "file://COPYING"
                            "See COPYING in the distribution."))))
 
-;;; Many packages fail to build with flex > 2.6.1, due to this bug in flex:
-;;; <https://github.com/westes/flex/issues/162>
-;;; We must not use a flex before 2.6.1, due to CVE-2016-6354.
-;;; TODO Try using flex > 2.6.3.
 (define-public flex-2.6.1
   (package
     (inherit flex)
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index 75736a73d0..bd74c4d6aa 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -34,6 +34,7 @@
   #:use-module (gnu packages bison)
   #:use-module (gnu packages flex)
   #:use-module (gnu packages glib)
+  #:use-module (gnu packages gperf)
   #:use-module (gnu packages xorg)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages xml)
@@ -48,14 +49,13 @@
 (define-public freetype
   (package
    (name "freetype")
-   (replacement freetype/fixed)
-   (version "2.7.1")
+   (version "2.8")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://savannah/freetype/freetype-"
                                 version ".tar.bz2"))
             (sha256 (base32
-                     "121gm15ayfg3rglby8ifh8384mcjb9dhmx9j40zl7yszw72b4frs"))))
+                     "02xlj611alpvl3h33hvfw1jyxc1vp9mzwcckkiglkhn3hknh7im3"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("pkg-config" ,pkg-config)))
@@ -74,15 +74,6 @@ anti-aliased glyph bitmap generation with 256 gray levels.")
    (license license:freetype)           ; some files have other licenses
    (home-page "https://www.freetype.org/")))
 
-(define freetype/fixed
-  (package
-    (inherit freetype)
-    (source
-      (origin
-        (inherit (package-source freetype))
-        (patches (search-patches "freetype-CVE-2017-8105.patch"
-                                 "freetype-CVE-2017-8287.patch"))))))
-
 (define-public ttfautohint
   (package
     (name "ttfautohint")
@@ -235,22 +226,21 @@ fonts to/from the WOFF2 format.")
 (define-public fontconfig
   (package
    (name "fontconfig")
-   (version "2.12.1")
+   (version "2.12.3")
    (source (origin
             (method url-fetch)
             (uri (string-append
                    "https://www.freedesktop.org/software/fontconfig/release/fontconfig-"
                    version ".tar.bz2"))
-            (patches (search-patches "fontconfig-charwidth-symbol-conflict.patch"
-                                     "fontconfig-path-max.patch"))
             (sha256 (base32
-                     "1wy7svvp7df6bjpg1m5vizb3ngd7rhb20vpclv3x3qa71khs6jdl"))))
+                     "1ggq6jmz3mlzk4xjs615aqw9h3hq33chjn82bhli26kk09kby95x"))))
    (build-system gnu-build-system)
    (propagated-inputs `(("expat" ,expat)
                         ("freetype" ,freetype)))
    (inputs `(("gs-fonts" ,gs-fonts)))
    (native-inputs
-      `(("pkg-config" ,pkg-config)))
+    `(("gperf" ,gperf) ; Try dropping this for > 2.12.3.
+      ("pkg-config" ,pkg-config)))
    (arguments
     `(#:configure-flags
       (list "--with-cache-dir=/var/cache/fontconfig"
@@ -268,10 +258,12 @@ fonts to/from the WOFF2 format.")
             "PYTHON=false")
       #:phases
       (modify-phases %standard-phases
-        (add-after 'unpack 'fix-tests-for-freetype-2.7.1
+        (add-before 'configure 'regenerate-fcobjshash
+          ;; XXX The pre-generated gperf files are broken.
+          ;; See <https://bugs.freedesktop.org/show_bug.cgi?id=101280>.
           (lambda _
-            (substitute* "test/run-test.sh"
-              (("\\\| sort") "| cut -d' ' -f2 | sort"))
+            (delete-file "src/fcobjshash.h")
+            (delete-file "src/fcobjshash.gperf")
             #t))
         (replace 'install
                  (lambda _
@@ -385,8 +377,7 @@ applications should be.")
 (define-public graphite2
   (package
    (name "graphite2")
-   (version "1.3.9")
-   (replacement graphite2/fixed)
+   (version "1.3.10")
    (source
      (origin
        (method url-fetch)
@@ -395,7 +386,7 @@ applications should be.")
        (patches (search-patches "graphite2-ffloat-store.patch"))
        (sha256
         (base32
-         "0rs5h7m340z75kygx8d72cps0q6yvvqa9i788vym7585cfv8a0gc"))))
+         "1bm1rl2ww0m8rvmknh8fpajyz9xqv43qs9qrzf7xd5gaz6rf7zch"))))
    (build-system cmake-build-system)
    (native-inputs
     `(("python" ,python-2) ; because of "import imap" in tests
@@ -411,21 +402,6 @@ and returns a sequence of positioned glyphids from the font.")
    (license license:lgpl2.1+)
    (home-page "https://github.com/silnrsi/graphite")))
 
-(define graphite2/fixed
-  (package
-    (inherit graphite2)
-    (name "graphite2")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (let ((version "1.3.10"))
-              (string-append "https://github.com/silnrsi/graphite/releases/"
-                             "download/" version "/" name "-" version ".tgz")))
-       (patches (search-patches "graphite2-ffloat-store.patch"))
-       (sha256
-        (base32
-         "1bm1rl2ww0m8rvmknh8fpajyz9xqv43qs9qrzf7xd5gaz6rf7zch"))))))
-
 (define-public potrace
   (package
     (name "potrace")
diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm
index a9a7e08da1..9dbb8c0869 100644
--- a/gnu/packages/freedesktop.scm
+++ b/gnu/packages/freedesktop.scm
@@ -393,7 +393,7 @@ applications, X servers (rootless or fullscreen) or other display servers.")
 (define-public wayland-protocols
   (package
     (name "wayland-protocols")
-    (version "1.7")
+    (version "1.9")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -401,7 +401,7 @@ applications, X servers (rootless or fullscreen) or other display servers.")
                     "wayland-protocols-" version ".tar.xz"))
               (sha256
                (base32
-                "07qw166s6bm81zfnhf4lmww6wj0il960fm3vp7n1z3rign9jlpv3"))))
+                "0xag2yci0l13brmq2k12vdv0wlnb2j0rxk2cnp170fya63g74sv6"))))
     (build-system gnu-build-system)
     (inputs
      `(("wayland" ,wayland)))
diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index bb8570bec5..eee91c32bf 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -213,7 +213,7 @@ where the OS part is overloaded to denote a specific ABI---into GCC
                 ;; Fix the dynamic linker's file name.
                 (substitute* (find-files "gcc/config"
                                          "^(linux|gnu|sysv4)(64|-elf|-eabi)?\\.h$")
-                  (("#define (GLIBC|GNU_USER)_DYNAMIC_LINKER([^ ]*).*$"
+                  (("#define (GLIBC|GNU_USER)_DYNAMIC_LINKER([^ \t]*).*$"
                     _ gnu-user suffix)
                    (format #f "#define ~a_DYNAMIC_LINKER~a \"~a\"~%"
                            gnu-user suffix
@@ -385,6 +385,7 @@ Go.  It also includes runtime support libraries for these languages.")
                 "0fihlcy5hnksdxk0sn6bvgnyq8gfrgs8m794b1jxwd1dxinzg3b0"))
               (patches (search-patches "gcc-arm-bug-71399.patch"
                                        "gcc-strmov-store-file-names.patch"
+                                       "gcc-asan-powerpc-missing-include.patch"
                                        "gcc-5.0-libvtv-runpath.patch"
                                        "gcc-5-source-date-epoch-1.patch"
                                        "gcc-5-source-date-epoch-2.patch"))))))
diff --git a/gnu/packages/gd.scm b/gnu/packages/gd.scm
index aac0f9664c..b4e6ce435b 100644
--- a/gnu/packages/gd.scm
+++ b/gnu/packages/gd.scm
@@ -154,6 +154,11 @@ you can create PNG images on the fly or modify existing files.")
         (base32
          "1kaxs67rfd4w46lxgcg3pa05a596l0h1k8n4zk2gwrrar4022wpx"))))
     (build-system perl-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'set-env
+           (lambda _ (setenv "PERL_USE_UNSAFE_INC" "1"))))))
     (native-inputs
      `(("perl-module-build" ,perl-module-build)))
     (propagated-inputs
diff --git a/gnu/packages/gettext.scm b/gnu/packages/gettext.scm
index 0484b8089e..76c01b1e09 100644
--- a/gnu/packages/gettext.scm
+++ b/gnu/packages/gettext.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -45,7 +46,13 @@
                                  version ".tar.gz"))
              (sha256
               (base32
-               "0hsw28f9q9xaggjlsdp2qmbp2rbd1mp0njzan2ld9kiqwkq2m57z"))))
+               "0hsw28f9q9xaggjlsdp2qmbp2rbd1mp0njzan2ld9kiqwkq2m57z"))
+             ;; test-lock has performance issues on multi-core machines,
+             ;; it hangs or takes a long time to complete.
+             ;; There is one commit in gettext and one commit
+             ;; in gettext's embedded gnulib to fix this issue.
+             (patches (search-patches "gettext-multi-core.patch"
+                                      "gettext-gnulib-multi-core.patch"))))
     (build-system gnu-build-system)
     (outputs '("out"
                "doc"))                            ;8 MiB of HTML
@@ -137,6 +144,13 @@ translated messages from the catalogs.  Nearly all GNU packages use Gettext.")
     (arguments
      `(#:phases
        (modify-phases %standard-phases
+         (add-before 'configure 'set-search-path
+           (lambda _
+             ;; Work around "dotless @INC" build failure.
+             (setenv "PERL5LIB"
+                     (string-append (getcwd) ":"
+                                    (getenv "PERL5LIB")))
+             #t))
          ;; FIXME: One test fails as we don't have SGMLS.pm
          (add-before 'check 'disable-sgml-test
           (lambda _
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index dc5dbcc856..d5d5aa2dff 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -2,9 +2,10 @@
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2013, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -129,85 +130,129 @@ printing, and psresize, for adjusting page sizes.")
 
 (define-public ghostscript
   (package
-   (name "ghostscript")
-   (replacement ghostscript/fixed)
-   (version "9.14.0")
-   ;; XXX Try removing the bundled copy of jbig2dec.
-   (source (origin
-            (method url-fetch)
-            (uri (string-append "mirror://gnu/ghostscript/gnu-ghostscript-"
-                                version ".tar.xz"))
-            (sha256
-             (base32
-              "0q4jj41p0qbr4mgcc9q78f5zs8cm1g57wgryhsm2yq4lfslm3ib1"))
-            (patches (search-patches "ghostscript-CVE-2013-5653.patch"
-                                     "ghostscript-CVE-2015-3228.patch"
-                                     "ghostscript-CVE-2016-7976.patch"
-                                     "ghostscript-CVE-2016-7978.patch"
-                                     "ghostscript-CVE-2016-7979.patch"
-                                     "ghostscript-CVE-2016-8602.patch"
-                                     "ghostscript-runpath.patch"))
-            (modules '((guix build utils)))
-            (snippet
-             ;; Honor --docdir.
-             '(substitute* "Makefile.in"
-                (("^docdir=.*$") "docdir = @docdir@\n")
-                (("^exdir=.*$") "exdir = $(docdir)/examples\n")))))
-   (build-system gnu-build-system)
-   (outputs '("out" "doc"))                  ;16 MiB of HTML/PS doc + examples
-   (inputs `(("freetype" ,freetype)
-             ("lcms" ,lcms)
-             ("libjpeg-8" ,libjpeg-8)
-             ("libpng" ,libpng)
-             ("libpaper" ,libpaper)
-             ("libtiff" ,libtiff)
-             ("zlib" ,zlib)))
-   (native-inputs
-      `(("perl" ,perl)
-        ("pkg-config" ,pkg-config) ; needed to find libtiff
-        ("python" ,python-wrapper)
-        ("tcl" ,tcl)))
-   (arguments
-    `(#:disallowed-references ("doc")
-      #:phases
-      (modify-phases %standard-phases
-        (add-after 'configure 'patch-config-files
-                   (lambda _
-                     (substitute* "base/all-arch.mak"
-                       (("/bin/sh") (which "sh")))
-                     (substitute* "base/unixhead.mak"
-                       (("/bin/sh") (which "sh")))))
-        (add-after 'configure 'remove-doc-reference
-                   (lambda _
-                     ;; Don't retain a reference to the 'doc' output in 'gs'.
-                     ;; The only use of this definition is in the output of
-                     ;; 'gs --help', so this change is fine.
-                     (substitute* "base/gscdef.c"
-                       (("GS_DOCDIR")
-                        "\"~/.guix-profile/share/doc/ghostscript\""))))
-        (replace 'build
+    (name "ghostscript")
+    (version "9.21")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://github.com/ArtifexSoftware/"
+                            "ghostpdl-downloads/releases/download/gs"
+                            (string-delete #\. version)
+                            "/ghostscript-" version ".tar.xz"))
+        (sha256
+         (base32
+          "0lyhjcrkmd5fcmh8h56bs4xr9k4jasmikv5vsix1hd4ai0ad1q9b"))
+        (patches (search-patches "ghostscript-runpath.patch"
+                                 "ghostscript-CVE-2017-8291.patch"
+                                 "ghostscript-no-header-creationdate.patch"
+                                 "ghostscript-no-header-id.patch"
+                                 "ghostscript-no-header-uuid.patch"))
+        (modules '((guix build utils)))
+        (snippet
+          ;; Remove bundled libraries. The bundled OpenJPEG is a patched fork so
+          ;; we leave it, at least for now.
+          ;; TODO Try unbundling ijs, which is developed alongside Ghostscript.
+         '(begin
+            (for-each delete-file-recursively '("freetype" "jbig2dec" "jpeg"
+                                                "lcms2" "libpng"
+                                                "tiff" "zlib"))))))
+    (build-system gnu-build-system)
+    (outputs '("out" "doc"))                  ;19 MiB of HTML/PS doc + examples
+    (arguments
+     `(#:disallowed-references ("doc")
+       #:configure-flags
+       (list "--with-system-libtiff"
+             "LIBS=-lz"
+             (string-append "ZLIBDIR="
+                            (assoc-ref %build-inputs "zlib") "/include")
+             "--enable-dynamic"
+
+             ,@(if (%current-target-system)
+                   '(;; Specify the native compiler, which is used to build 'echogs'
+                     ;; and other intermediary tools when cross-compiling; see
+                     ;; <https://ghostscript.com/FAQ.html>.
+                     "CCAUX=gcc"
+
+                     ;; Save 'config.log' etc. of the native build under
+                     ;; auxtmp/, useful for debugging.
+                     "--enable-save_confaux")
+                   '()))
+       #:phases
+       (modify-phases %standard-phases
+        (add-after 'unpack 'fix-doc-dir
           (lambda _
-            ;; Build 'libgs.so', but don't build the statically-linked 'gs'
-            ;; binary (saves 18 MiB).
-            (zero? (system* "make" "so" "-j"
-                            (number->string (parallel-job-count))))))
-        (replace 'install
+            ;; Honor --docdir.
+            (substitute* "Makefile.in"
+              (("^docdir=.*$") "docdir = @docdir@\n")
+              (("^exdir=.*$") "exdir = $(docdir)/examples\n"))
+            #t))
+        (add-after 'configure 'remove-doc-reference
           (lambda _
-            (zero? (system* "make" "soinstall"))))
-        (add-after 'install 'create-gs-symlink
-          (lambda* (#:key outputs #:allow-other-keys)
-            (let ((out (assoc-ref outputs "out")))
-              ;; some programs depend on having a 'gs' binary available
-              (symlink "gsc" (string-append out "/bin/gs"))))))))
-   (synopsis "PostScript and PDF interpreter")
-   (description
-    "Ghostscript is an interpreter for the PostScript language and the PDF
+            ;; Don't retain a reference to the 'doc' output in 'gs'.
+            ;; The only use of this definition is in the output of
+            ;; 'gs --help', so this change is fine.
+            (substitute* "base/gscdef.c"
+              (("GS_DOCDIR")
+               "\"~/.guix-profile/share/doc/ghostscript\""))
+            #t))
+         (add-after 'configure 'patch-config-files
+           (lambda _
+             (substitute* "base/unixhead.mak"
+               (("/bin/sh") (which "sh")))
+             #t))
+         ,@(if (%current-target-system)
+               `((add-after 'configure 'add-native-lz
+                   (lambda _
+                     ;; Add missing '-lz' for native tools such as 'mkromfs'.
+                     (substitute* "Makefile"
+                       (("^AUXEXTRALIBS=(.*)$" _ value)
+                        (string-append "AUXEXTRALIBS = -lz " value "\n")))
+                     #t)))
+               '())
+         (replace 'build
+           (lambda _
+             ;; Build 'libgs.so', but don't build the statically-linked 'gs'
+             ;; binary (saves 22 MiB).
+             (zero? (system* "make" "so" "-j"
+                             (number->string (parallel-job-count))))))
+         (replace 'install
+           (lambda _
+             (zero? (system* "make" "soinstall"))))
+         (add-after 'install 'create-gs-symlink
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               ;; Some programs depend on having a 'gs' binary available.
+               (symlink "gsc" (string-append out "/bin/gs"))
+               #t))))))
+    (native-inputs
+     `(("perl" ,perl)
+       ("python" ,python-wrapper)
+       ("tcl" ,tcl)
+
+       ;; When cross-compiling, some of the natively-built tools require all
+       ;; these libraries.
+       ,@(if (%current-target-system)
+             `(("zlib/native" ,zlib)
+               ("libjpeg/native" ,libjpeg)
+               ("lcms2/native" ,lcms))
+             '())))
+    (inputs
+     `(("freetype" ,freetype)
+       ("jbig2dec" ,jbig2dec)
+       ("lcms2" ,lcms)
+       ("libjpeg" ,libjpeg)
+       ("libpaper" ,libpaper)
+       ("libpng" ,libpng)
+       ("libtiff" ,libtiff)
+       ("zlib" ,zlib)))
+    (synopsis "PostScript and PDF interpreter")
+    (description
+     "Ghostscript is an interpreter for the PostScript language and the PDF
 file format.  It also includes a C library that implements the graphics
 capabilities of the PostScript language.  It supports a wide variety of
 output file formats and printers.")
-   (license license:agpl3+)
-   (home-page "https://www.gnu.org/software/ghostscript/")
-   (properties '((upstream-name . "gnu-ghostscript")))))
+    (home-page "https://www.ghostscript.com/")
+    (license license:agpl3+)))
 
 (define-public ghostscript/x
   (package/inherit ghostscript
@@ -216,27 +261,11 @@ output file formats and printers.")
               ("libxt" ,libxt)
               ,@(package-inputs ghostscript)))))
 
-(define ghostscript/fixed
-  (package
-    (inherit ghostscript)
-    (source
-      (origin
-        (inherit (package-source ghostscript))
-        (patches
-          (append
-            (origin-patches (package-source ghostscript))
-            (search-patches "ghostscript-CVE-2017-8291.patch")))))))
-
 (define-public ijs
   (package
    (name "ijs")
-   (version "9.14.0")
-   (source (origin
-            (method url-fetch)
-            (uri (string-append "mirror://gnu/ghostscript/gnu-ghostscript-"
-                                version ".tar.xz"))
-            (sha256 (base32
-                     "0q4jj41p0qbr4mgcc9q78f5zs8cm1g57wgryhsm2yq4lfslm3ib1"))))
+   (version (package-version ghostscript))
+   (source (package-source ghostscript))
    (build-system gnu-build-system)
    (native-inputs
     `(("libtool"    ,libtool)
@@ -244,31 +273,29 @@ output file formats and printers.")
       ("autoconf"   ,autoconf)))
    (arguments
     `(#:phases
-      (alist-cons-after
-       'unpack 'autogen
-       (lambda _
-         ;; need to regenerate macros
-         (system* "autoreconf" "-if")
-         ;; do not run configure
-         (substitute* "autogen.sh"
-           (("^.*\\$srcdir/configure.*") ""))
-         (system* "bash" "autogen.sh")
-
-         ;; create configure script in ./ijs/
-         (chdir "ijs")
-         ;; do not run configure
-         (substitute* "autogen.sh"
-           (("^.*\\$srcdir/configure.*") "")
-           (("^ + && echo Now type.*$")  ""))
-         (zero? (system* "bash" "autogen.sh")))
-       %standard-phases)))
+      (modify-phases %standard-phases
+        (add-after 'unpack 'autogen
+          (lambda _
+            ;; need to regenerate macros
+            (system* "autoreconf" "-if")
+            ;; do not run configure
+            (substitute* "autogen.sh"
+              (("^.*\\$srcdir/configure.*") ""))
+            (system* "bash" "autogen.sh")
+            ;; create configure script in ./ijs/
+            (chdir "ijs")
+            ;; do not run configure
+            (substitute* "autogen.sh"
+              (("^.*\\$srcdir/configure.*") "")
+              (("^ + && echo Now type.*$")  ""))
+            (zero? (system* "bash" "autogen.sh")))))))
    (synopsis "IJS driver framework for inkjet and other raster devices")
    (description
     "IJS is a protocol for transmission of raster page images.  This package
 provides the reference implementation of the raster printer driver
 architecture.")
    (license license:expat)
-   (home-page "https://www.gnu.org/software/ghostscript/")))
+   (home-page (package-home-page ghostscript))))
 
 (define-public gs-fonts
   (package
@@ -286,6 +313,10 @@ architecture.")
    (build-system gnu-build-system)
    (arguments
     `(#:tests? #f ; nothing to check, just files to copy
+
+      #:modules ((guix build gnu-build-system)
+                 (guix build utils)
+                 (srfi srfi-1))
       #:phases
       (modify-phases %standard-phases
         (delete 'configure)
@@ -309,13 +340,13 @@ Ghostscript.  It currently includes the 35 standard PostScript fonts.")
 (define-public libspectre
   (package
    (name "libspectre")
-   (version "0.2.7")
+   (version "0.2.8")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://libspectre.freedesktop.org/releases/libspectre-"
                                 version ".tar.gz"))
             (sha256 (base32
-                     "1v63lqc6bhhxwkpa43qmz8phqs8ci4dhzizyy16d3vkb20m846z8"))))
+                     "1a67iglsc3r05mzngyg9kb1gy8whq4fgsnyjwi7bqfw2i7rnl9b5"))))
    (build-system gnu-build-system)
    (inputs `(("ghostscript" ,ghostscript)))
    (native-inputs `(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/gl.scm b/gnu/packages/gl.scm
index 08f6187f8a..d017e375c9 100644
--- a/gnu/packages/gl.scm
+++ b/gnu/packages/gl.scm
@@ -30,6 +30,7 @@
   #:use-module (gnu packages bison)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages documentation)
+  #:use-module (gnu packages elf)
   #:use-module (gnu packages flex)
   #:use-module (gnu packages fontutils)
   #:use-module (gnu packages freedesktop)
@@ -216,7 +217,7 @@ also known as DXTn or DXTC) for Mesa.")
 (define-public mesa
   (package
     (name "mesa")
-    (version "17.0.6")
+    (version "17.1.4")
     (source
       (origin
         (method url-fetch)
@@ -226,10 +227,9 @@ also known as DXTn or DXTC) for Mesa.")
                                   version "/mesa-" version ".tar.xz")))
         (sha256
          (base32
-          "17d60jjzg4ddm95gk2cqx0xz6b9anmmz6ax4majwr3gis2yg7v49"))
+          "1bcwxin7nmbnv92xav381b6qxscsx1zzc71ryfvj03cglbkb1wq6"))
         (patches
-         (search-patches "mesa-fix-32bit-test-failures.patch"
-                         "mesa-wayland-egl-symbols-check-mips.patch"
+         (search-patches "mesa-wayland-egl-symbols-check-mips.patch"
                          "mesa-skip-disk-cache-test.patch"))))
     (build-system gnu-build-system)
     (propagated-inputs
@@ -246,6 +246,7 @@ also known as DXTn or DXTC) for Mesa.")
       `(("expat" ,expat)
         ("dri2proto" ,dri2proto)
         ("dri3proto" ,dri3proto)
+        ("libelf" ,libelf)    ;required for r600 when using llvm
         ("libva" ,(force libva-without-mesa))
         ("libxml2" ,libxml2)
         ;; TODO: Add 'libxml2-python' for OpenGL ES 1.1 and 2.0 support
@@ -261,7 +262,8 @@ also known as DXTn or DXTC) for Mesa.")
         ("wayland" ,wayland)))
     (native-inputs
       `(("pkg-config" ,pkg-config)
-        ("python" ,python-2)))
+        ("python" ,python-2)
+        ("which" ,(@ (gnu packages base) which))))
     (arguments
      `(#:configure-flags
        '(,@(match (%current-system)
@@ -293,7 +295,7 @@ also known as DXTn or DXTC) for Mesa.")
          ,@(match (%current-system)
              ((or "x86_64-linux" "i686-linux")
               '("--with-dri-drivers=i915,i965,nouveau,r200,radeon,swrast"
-                "--enable-gallium-llvm")) ; default is x86/x86_64 only
+                "--enable-llvm"))         ; default is x86/x86_64 only
              (_
               '("--with-dri-drivers=nouveau,r200,radeon,swrast"))))
        #:phases
diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm
index fcd1daf5e8..926703e159 100644
--- a/gnu/packages/glib.scm
+++ b/gnu/packages/glib.scm
@@ -347,6 +347,7 @@ bindings to call into the C library.")
              (uri (string-append "https://launchpad.net/intltool/trunk/"
                                  version "/+download/intltool-"
                                  version ".tar.gz"))
+             (patches (search-patches "intltool-perl-compatibility.patch"))
              (sha256
               (base32
                "1karx4sb7bnm2j67q0q74hspkfn6lqprpy5r99vkn5bb36a4viv7"))))
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index d9d3fe7939..b334d7cbc0 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -1154,7 +1154,7 @@ dealing with different structured file formats.")
 (define-public librsvg
   (package
     (name "librsvg")
-    (version "2.40.16")
+    (version "2.40.17")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -1162,7 +1162,7 @@ dealing with different structured file formats.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0bpz6gsq8xi1pb5k9ax6vinph460v14znch3y5yz167s0dmwz2yl"))))
+                "1k39gyf7f5m9x0jvpcxvfcqswdb04xhm1lbwbjabn1f4xk5wbxp6"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -1366,6 +1366,17 @@ is intended for user preferences; not arbitrary data storage.")
     (native-inputs
      `(("perl" ,perl)
        ("intltool" ,intltool)))
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (add-after 'configure 'use-our-intltool
+                    (lambda _
+                      ;; Do not use the bundled intltool commands, which lack
+                      ;; the "dotless @INC" fixes of our 'intltool' package.
+                      (substitute* (find-files "." "^Makefile$")
+                        (("^INTLTOOL_(EXTRACT|UPDATE|MERGE) = .*$" _ tool)
+                         (string-append "INTLTOOL_" tool " = intltool-"
+                                        (string-downcase tool) "\n")))
+                      #t)))))
     (home-page "http://www.gnome.org")
     (synopsis "Base MIME and Application database for GNOME")
     (description  "GNOME Mime Data is a module which contains the base MIME
@@ -2395,7 +2406,11 @@ libxml to ease remote use of the RESTful API.")
     (build-system gnu-build-system)
     (outputs '("out" "doc"))
     (arguments
-     `(#:configure-flags
+     `(#:modules ((guix build utils)
+                  (guix build gnu-build-system)
+                  (ice-9 popen))
+
+       #:configure-flags
        (list (string-append "--with-html-dir="
                             (assoc-ref %outputs "doc")
                             "/share/gtk-doc/html")
@@ -2405,34 +2420,77 @@ libxml to ease remote use of the RESTful API.")
        #:phases
        (modify-phases %standard-phases
          (add-before 'configure 'disable-unconnected-socket-test
-                     ;; This test fails due to missing /etc/nsswitch.conf
-                     ;; in the build environment.
-                     (lambda _
-                       (substitute* "tests/socket-test.c"
-                         ((".*/sockets/unconnected.*") ""))
-                       #t))
+           ;; This test fails due to missing /etc/nsswitch.conf
+           ;; in the build environment.
+           (lambda _
+             (substitute* "tests/socket-test.c"
+               ((".*/sockets/unconnected.*") ""))
+             #t))
          (add-before 'check 'pre-check
-                     (lambda _
-                       ;; The 'check-local' target runs 'env LANG=C sort -u',
-                       ;; unset 'LC_ALL' to make 'LANG' working.
-                       (unsetenv "LC_ALL")
-                       ;; The ca-certificates.crt is not available in the build
-                       ;; environment.
-                       (setenv "SSL_CERT_FILE" "/dev/null")
-                       ;; HTTPD in Guix uses mod_event and does not build prefork.
-                       (substitute* "tests/httpd.conf"
-                         (("^LoadModule mpm_prefork_module.*$") "\n"))
-                       #t))
+           (lambda _
+             ;; The 'check-local' target runs 'env LANG=C sort -u',
+             ;; unset 'LC_ALL' to make 'LANG' working.
+             (unsetenv "LC_ALL")
+             ;; The ca-certificates.crt is not available in the build
+             ;; environment.
+             (setenv "SSL_CERT_FILE" "/dev/null")
+             ;; HTTPD in Guix uses mod_event and does not build prefork.
+             (substitute* "tests/httpd.conf"
+               (("^LoadModule mpm_prefork_module.*$") "\n"))
+
+             ;; Generate a self-signed certificate that has "localhost" as its
+             ;; 'dnsName'.  Failing to do that, and starting with GnuTLS
+             ;; 3.5.12, tests such as "ssl-tests" fail:
+             ;;
+             ;; ERROR:ssl-test.c:406:do_tls_interaction_test: Unexpected status 6 Unacceptable TLS certificate (expected 200 OK)
+             ;;
+             ;; 'certtool' is interactive so we have to pipe it the answers.
+             ;; Reported at <https://bugzilla.gnome.org/show_bug.cgi?id=784696>.
+             (let ((pipe (open-output-pipe "certtool --generate-self-signed \
+ --load-privkey tests/test-key.pem --outfile tests/test-cert.pem")))
+               (for-each (lambda (line)
+                           (display line pipe)
+                           (newline pipe))
+                         '(""               ;Common name
+                           ""               ;UID
+                           "Guix"           ;Organizational unit name
+                           "GNU"            ;Organization name
+                           ""               ;Locality name
+                           ""               ;State or province
+                           ""               ;Country
+                           ""               ;subject's domain component (DC)
+                           ""               ;E-mail
+                           ""               ;serial number
+                           "-1"             ;expiration time
+                           "N"              ;belong to authority?
+                           "N"              ;web client certificate?
+                           "N"              ;IPsec IKE?
+                           "Y"              ;web server certificate?
+                           "localhost"      ;dnsName of subject
+                           ""               ;dnsName of subject (end)
+                           ""               ;URI of subject
+                           "127.0.0.1"      ;IP address of subject
+                           ""               ;signing?
+                           ""               ;encryption?
+                           ""               ;sign OCSP requests?
+                           ""               ;sign code?
+                           ""               ;time stamping?
+                           ""               ;email protection?
+                           ""               ;URI of the CRL distribution point
+                           "y"              ;above info OK?
+                           ))
+               (close-pipe pipe))
+             #t))
          (replace 'install
-                  (lambda _
-                    (zero?
-                     (system* "make"
-                              ;; Install vala bindings into $out.
-                              (string-append "vapidir=" %output
-                                             "/share/vala/vapi")
-                              "install")))))))
-    (native-inputs
-     `(("glib:bin" ,glib "bin") ; for glib-mkenums
+           (lambda _
+             (zero?
+              (system* "make"
+                       ;; Install vala bindings into $out.
+                       (string-append "vapidir=" %output
+                                      "/share/vala/vapi")
+                       "install")))))))
+    (native-inputs
+     `(("glib:bin" ,glib "bin")                   ; for glib-mkenums
        ("gobject-introspection" ,gobject-introspection)
        ("intltool" ,intltool)
        ("pkg-config" ,pkg-config)
@@ -2441,6 +2499,7 @@ libxml to ease remote use of the RESTful API.")
        ;; These are needed for the tests.
        ;; FIXME: Add PHP once available.
        ("curl" ,curl)
+       ("gnutls" ,gnutls)                         ;for 'certtool'
        ("httpd" ,httpd)))
     (propagated-inputs
      ;; libsoup-2.4.pc refers to all these.
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index a9d8679a29..ca4f1d34f2 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -58,7 +58,7 @@
 (define-public libgpg-error
   (package
     (name "libgpg-error")
-    (version "1.26")
+    (version "1.27")
     (source
      (origin
       (method url-fetch)
@@ -66,7 +66,7 @@
                           version ".tar.bz2"))
       (sha256
        (base32
-        "0sgfia0syq78k1c9h10rkhc1nfv5v097icrprlx2x4qn074wnjsc"))))
+        "1li95ni122fzinzlmxbln63nmgij63irxfvi52ws4zfbzv3am4sg"))))
     (build-system gnu-build-system)
     (home-page "https://gnupg.org")
     (synopsis "Library of error values for GnuPG components")
@@ -82,15 +82,14 @@ Daemon and possibly more in the future.")
 (define-public libgcrypt
   (package
     (name "libgcrypt")
-    (replacement libgcrypt-1.7.8)
-    (version "1.7.6")
+    (version "1.7.8")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
                                  version ".tar.bz2"))
              (sha256
               (base32
-               "1g05prhgqw4ryd0w433q8nhds0h93kf47hfjagi2r7dghkpaysk2"))))
+               "16f1rsv4y4w2pk1il2jbcqggsb6mrlfva5vayd205fp68zm7d0ll"))))
     (build-system gnu-build-system)
     (propagated-inputs
      `(("libgpg-error-host" ,libgpg-error)))
@@ -116,30 +115,6 @@ generation.")
     (properties '((ftp-server . "ftp.gnupg.org")
                   (ftp-directory . "/gcrypt/libgcrypt")))))
 
-(define libgcrypt-1.7.8
-  (package
-    (inherit libgcrypt)
-    (version "1.7.8")
-    (source (origin
-             (method url-fetch)
-             (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
-                                 version ".tar.bz2"))
-             (sha256
-              (base32
-               "16f1rsv4y4w2pk1il2jbcqggsb6mrlfva5vayd205fp68zm7d0ll"))))))
-
-(define-public libgcrypt-1.5
-  (package (inherit libgcrypt)
-    (version "1.5.6")
-    (source
-     (origin
-      (method url-fetch)
-      (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
-                          version ".tar.bz2"))
-      (sha256
-       (base32
-        "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h"))))))
-
 (define-public libassuan
   (package
     (name "libassuan")
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 70cae6d871..e2d1abbbbf 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2016, 2017 Petter <petter@mykolab.ch>
 ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017 Sergei Trofimovich <slyfox@inbox.ru>
+;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -296,6 +297,13 @@ sequential processes (CSP) concurrent programming features added.")
                  (substitute* "../misc/cgo/testcarchive/carchive_test.go"
                    (("#!/usr/bin/env") (string-append "#!" (which "env"))))
 
+                 ;; Escape braces in test data to workaround test failure. For
+                 ;; more information:
+                 ;; https://github.com/golang/go/issues/20007
+                 ;; FIXME: remove this once we upgrade to 1.9
+                 (substitute* "cmd/vet/testdata/copylock_func.go"
+                   (("struct\\{lock sync.Mutex\\}") "struct\\{lock sync.Mutex\\}"))
+
                  (substitute* "net/lookup_unix.go"
                    (("/etc/protocols") (string-append net-base "/etc/protocols")))
                  (substitute* "net/port_unix.go"
diff --git a/gnu/packages/groff.scm b/gnu/packages/groff.scm
index 46e1ccf233..67dd1dbfa6 100644
--- a/gnu/packages/groff.scm
+++ b/gnu/packages/groff.scm
@@ -40,12 +40,18 @@
             (uri (string-append "mirror://gnu/groff/groff-" version
                                 ".tar.gz"))
             (sha256 (base32
-                     "1998v2kcs288d3y7kfxpvl369nqi06zbbvjzafyvyl3pr7bajj1s"))))
+                     "1998v2kcs288d3y7kfxpvl369nqi06zbbvjzafyvyl3pr7bajj1s"))
+            (patches (search-patches "groff-source-date-epoch.patch"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"))                    ;12MiB of PS, PDF, HTML, and examples
-   (inputs `(("ghostscript" ,ghostscript)
-             ("netpbm" ,netpbm)))
+
+   ;; Note: groff's HTML backend uses executables from netpbm when they are in
+   ;; $PATH.  In practice, not having them doesn't prevent it from install its
+   ;; own HTML doc, nor does it change its capabilities, so we removed netpbm
+   ;; from 'inputs'.
+
+   (inputs `(("ghostscript" ,ghostscript)))
    (native-inputs `(("bison" ,bison)
                     ("perl" ,perl)
                     ("psutils" ,psutils)
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index 74aea8e238..53304bd1a4 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -154,7 +154,11 @@ without requiring the source code to be rewritten.")
    (inputs `(("libffi" ,libffi)
              ("readline" ,readline)
              ,@(libiconv-if-needed)
-             ,@(if (target-mingw?) '() `(("bash" ,bash)))))
+
+             ;; We need Bash when cross-compiling because some of the scripts
+             ;; in bin/ refer to it.  Use 'bash-minimal' because we don't need
+             ;; an interactive Bash with Readline and all.
+             ,@(if (target-mingw?) '() `(("bash" ,bash-minimal)))))
    (propagated-inputs
     `( ;; These ones aren't normally needed here, but since `libguile-2.0.la'
        ;; reads `-lltdl -lunistring', adding them here will add the needed
@@ -213,24 +217,20 @@ without requiring the source code to be rewritten.")
    (home-page "https://www.gnu.org/software/guile/")
    (license license:lgpl3+)))
 
-(define-public guile-2.0/fixed
-  ;; A package of Guile 2.0 that's rarely changed.  It is the one used
-  ;; in the `base' module, and thus changing it entails a full rebuild.
-  (package
-    (inherit guile-2.0)
-    (properties '((hidden? . #t)))))        ;people should install 'guile-2.0'
-
 (define-public guile-2.2
   (package (inherit guile-2.0)
     (name "guile")
     (version "2.2.2")
     (source (origin
               (method url-fetch)
+
+              ;; Note: we are limited to one of the compression formats
+              ;; supported by the bootstrap binaries, so no lzip here.
               (uri (string-append "mirror://gnu/guile/guile-" version
-                                  ".tar.lz"))
+                                  ".tar.xz"))
               (sha256
                (base32
-                "1dnh75h4rkx1zflpsngznkwcd6afn6zrc5x3xq7n946pm5bnx5bq"))
+                "1azm25zcmxif0skxfrp11d2wc89nrzpjaann9yxdw6pvjxhs948w"))
               (modules '((guix build utils)))
 
               ;; Remove the pre-built object files.  Instead, build everything
@@ -250,6 +250,17 @@ without requiring the source code to be rewritten.")
             (files '("lib/guile/2.2/site-ccache"
                      "share/guile/site/2.2")))))))
 
+(define-public guile-2.2/fixed
+  ;; A package of Guile 2.2 that's rarely changed.  It is the one used
+  ;; in the `base' module, and thus changing it entails a full rebuild.
+  (package
+    (inherit guile-2.2)
+    (properties '((hidden? . #t)            ;people should install 'guile-2.2'
+                  (timeout . 72000)            ;20 hours
+                  (max-silent-time . 36000)))  ;10 hours (needed on ARM
+                                               ;  when heavily loaded)
+    (replacement #f)))
+
 (define-public guile-next
   (deprecated-package "guile-next" guile-2.2))
 
@@ -1742,7 +1753,11 @@ dictionary and suggesting spelling corrections.")
                        ("automake" ,automake)
                        ("libtool" ,libtool)
                        ;; Gettext brings 'AC_LIB_LINKFLAGS_FROM_LIBS'.
-                       ("gettext" ,gettext-minimal)))
+                       ("gettext" ,gettext-minimal)
+
+                       ;; Bash with loadable module support, for the test
+                       ;; suite.
+                       ("bash-full" ,bash)))
       (inputs `(("guile" ,guile-2.0)
                 ("bash:include" ,bash "include")))
       (synopsis "Extend Bash using Guile")
diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm
index 224319f84f..3461285850 100644
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@@ -33,7 +33,6 @@
   (package
    (name "icu4c")
    (version "58.2")
-   (replacement icu4c/fixed)
    (source (origin
             (method url-fetch)
             (uri (string-append
@@ -42,6 +41,9 @@
                   "/icu4c-"
                   (string-map (lambda (x) (if (char=? x #\.) #\_ x)) version)
                   "-src.tgz"))
+            (patches
+             (search-patches "icu4c-CVE-2017-7867-CVE-2017-7868.patch"
+                             "icu4c-reset-keyword-list-iterator.patch"))
             (sha256
              (base32 "036shcb3f8bm1lynhlsb4kpjm9s9c2vdiir01vg216rs2l8482ib"))))
    (build-system gnu-build-system)
@@ -68,15 +70,6 @@ C/C++ part.")
    (license x11)
    (home-page "http://site.icu-project.org/")))
 
-(define icu4c/fixed
-  (package
-    (inherit icu4c)
-    (source (origin
-              (inherit (package-source icu4c))
-              (patches
-               (search-patches "icu4c-CVE-2017-7867-CVE-2017-7868.patch"
-                               "icu4c-reset-keyword-list-iterator.patch"))))))
-
 (define-public java-icu4j
   (package
     (name "java-icu4j")
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 63e3fa5049..b9e16a11c3 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -66,7 +66,7 @@
 (define-public libpng
   (package
    (name "libpng")
-   (version "1.6.28")
+   (version "1.6.29")
    (source (origin
             (method url-fetch)
             (uri (list (string-append "mirror://sourceforge/libpng/libpng16/"
@@ -78,7 +78,8 @@
                         "ftp://ftp.simplesystems.org/pub/libpng/png/src/history"
                         "/libpng16/libpng-" version ".tar.xz")))
             (sha256
-             (base32 "0ylgyx93hnk38haqrh8prd3ax5ngzwvjqw5cxw7p9nxmwsfyrlyq"))))
+             (base32
+              "0fgjqp7x6jynacmqh6dj72cn6nnf6yxjfqqqfsxrx0pyx22bcia2"))))
    (build-system gnu-build-system)
 
    ;; libpng.la says "-lz", so propagate it.
@@ -355,31 +356,21 @@ extracting icontainer icon files.")
 (define-public libtiff
   (package
    (name "libtiff")
-   (replacement libtiff-4.0.8)
-   (version "4.0.7")
-   (source (origin
-            (method url-fetch)
-            (uri (string-append "ftp://download.osgeo.org/libtiff/tiff-"
-                                version ".tar.gz"))
-            (patches (search-patches "libtiff-heap-overflow-tiffcp.patch"
-                                     "libtiff-null-dereference.patch"
-                                     "libtiff-heap-overflow-tif-dirread.patch"
-                                     "libtiff-heap-overflow-pixarlog-luv.patch"
-                                     "libtiff-divide-by-zero.patch"
-                                     "libtiff-divide-by-zero-ojpeg.patch"
-                                     "libtiff-tiffcp-underflow.patch"
-                                     "libtiff-invalid-read.patch"
-                                     "libtiff-CVE-2016-10092.patch"
-                                     "libtiff-heap-overflow-tiffcrop.patch"
-                                     "libtiff-divide-by-zero-tiffcrop.patch"
-                                     "libtiff-CVE-2016-10093.patch"
-                                     "libtiff-divide-by-zero-tiffcp.patch"
-                                     "libtiff-assertion-failure.patch"
-                                     "libtiff-CVE-2016-10094.patch"
-                                     "libtiff-CVE-2017-5225.patch"))
-            (sha256
-             (base32
-              "06ghqhr4db1ssq0acyyz49gr8k41gzw6pqb6mbn5r7jqp77s4hwz"))))
+   (version "4.0.8")
+   (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "ftp://download.osgeo.org/libtiff/tiff-"
+                           version ".tar.gz"))
+       (patches
+         (search-patches "libtiff-tiffgetfield-bugs.patch"
+                         "libtiff-CVE-2016-10688.patch"
+                         "libtiff-CVE-2017-9936.patch"
+                         "libtiff-tiffycbcrtorgb-integer-overflow.patch"
+                         "libtiff-tiffycbcrtorgbinit-integer-overflow.patch"))
+       (sha256
+        (base32
+         "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"))                           ;1.3 MiB of HTML documentation
@@ -389,9 +380,6 @@ extracting icontainer icon files.")
                                              (assoc-ref %outputs "doc")
                                              "/share/doc/"
                                              ,name "-" ,version))))
-   ;; Build with a patched GCC to work around <http://bugs.gnu.org/24703>.
-   (native-inputs
-    `(("gcc@5" ,gcc-5)))
    (inputs `(("zlib" ,zlib)
              ("libjpeg" ,libjpeg)))
    (synopsis "Library for handling TIFF files")
@@ -404,24 +392,6 @@ collection of tools for doing simple manipulations of TIFF images.")
                                   "See COPYRIGHT in the distribution."))
    (home-page "http://www.simplesystems.org/libtiff/")))
 
-(define libtiff-4.0.8
-  (package
-    (inherit libtiff)
-    (version "4.0.8")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (string-append "ftp://download.osgeo.org/libtiff/tiff-"
-                           version ".tar.gz"))
-       (patches (search-patches "libtiff-tiffgetfield-bugs.patch"
-                                "libtiff-CVE-2016-10688.patch"
-                                "libtiff-CVE-2017-9936.patch"
-                                "libtiff-tiffycbcrtorgb-integer-overflow.patch"
-                                "libtiff-tiffycbcrtorgbinit-integer-overflow.patch"))
-       (sha256
-        (base32
-         "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr"))))))
-
 (define-public leptonica
   (package
     (name "leptonica")
@@ -1038,7 +1008,16 @@ differences in file encoding, image quality, and other small variations.")
        ("libjpeg" ,libjpeg)
        ("zlib" ,zlib)))
     (arguments
-     `(#:make-flags '("CXXFLAGS=-fpermissive"))) ;required for MHashPP.cc
+     `(#:make-flags '("CXXFLAGS=-fpermissive")    ;required for MHashPP.cc
+
+       #:phases (modify-phases %standard-phases
+                  (add-before 'configure 'set-perl-search-path
+                    (lambda _
+                      ;; Work around "dotless @INC" build failure.
+                      (setenv "PERL5LIB"
+                              (string-append (getcwd) "/tests:"
+                                             (getenv "PERL5LIB")))
+                      #t)))))
     (home-page "http://steghide.sourceforge.net")
     (synopsis "Image and audio steganography")
     (description
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index 5744db6ebc..47dd4f256b 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -1602,7 +1602,7 @@ IcedTea build harness.")
                                          (string-append "lib" name ".so")))))
                    (for-each
                     (lambda (file)
-                      (catch 'encoding-error
+                      (catch 'decoding-error
                         (lambda ()
                           (substitute* file
                             (("VERSIONED_JNI_LIB_NAME\\(\"(.*)\", \"(.*)\"\\)"
diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
index 59fd944c69..48b2204190 100644
--- a/gnu/packages/kerberos.scm
+++ b/gnu/packages/kerberos.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2012, 2013 Nikita Karetnikov <nikita@karetnikov.org>
 ;;; Copyright © 2012, 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -23,8 +24,10 @@
 
 (define-module (gnu packages kerberos)
   #:use-module (gnu packages)
+  #:use-module (gnu packages autotools)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages perl)
+  #:use-module (gnu packages gettext)
   #:use-module (gnu packages gnupg)
   #:use-module (gnu packages libidn)
   #:use-module (gnu packages linux)
@@ -32,6 +35,7 @@
   #:use-module (gnu packages compression)
   #:use-module (gnu packages databases)
   #:use-module (gnu packages readline)
+  #:use-module (gnu packages texinfo)
   #:use-module (gnu packages tls)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
@@ -42,7 +46,7 @@
 (define-public mit-krb5
   (package
     (name "mit-krb5")
-    (version "1.14.4")
+    (version "1.15.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
@@ -50,20 +54,13 @@
                                   "/krb5-" version ".tar.gz"))
               (sha256
                (base32
-                "158bgq9xcg5ljgzia1880ak7m9g6vf2r009rzdqif5n9h111m9h3"))))
+                "0igbi5d095c2hgpn2cixpc4q2ij8vgg2bx7yjfly5zfmvlqqhz23"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("bison" ,bison)
        ("perl" ,perl)))
     (arguments
-     `(;; Work around "No rule to make target '../../include/gssapi/gssapi.h',
-       ;; needed by 'authgss_prot.so'."
-       #:parallel-build? #f
-
-       ;; Likewise with tests.
-       #:parallel-tests? #f
-
-       ;; XXX: On 32-bit systems, 'kdb5_util' hangs on an fcntl/F_SETLKW call
+     `(;; XXX: On 32-bit systems, 'kdb5_util' hangs on an fcntl/F_SETLKW call
        ;; while running the tests in 'src/tests'.
        #:tests? ,(string=? (%current-system) "x86_64-linux")
 
@@ -105,25 +102,23 @@ cryptography.")
       (method url-fetch)
       (uri (string-append "mirror://gnu/shishi/shishi-"
                           version ".tar.gz"))
+      (patches (search-patches "shishi-fix-libgcrypt-detection.patch"))
       (sha256
        (base32
         "032qf72cpjdfffq1yq54gz3ahgqf2ijca4vl31sfabmjzq9q370d"))))
     (build-system gnu-build-system)
+    (arguments
+     '(;; This is required since we patch some of the build scripts.
+       ;; Remove for the next Shishi release after 1.0.2 or when
+       ;; removing 'shishi-fix-libgcrypt-detection.patch'.
+       #:configure-flags '("ac_cv_libgcrypt=yes")))
     (native-inputs `(("pkg-config" ,pkg-config)))
     (inputs
      `(("gnutls" ,gnutls)
        ("libidn" ,libidn)
        ("linux-pam" ,linux-pam-1.2)
        ("zlib" ,zlib)
-       ;; libgcrypt 1.6 fails because of the following test:
-       ;;  #include <gcrypt.h>
-       ;; /* GCRY_MODULE_ID_USER was added in 1.4.4 and gc-libgcrypt.c
-       ;;    will fail on startup if we don't have 1.4.4 or later, so
-       ;;    test for it early. */
-       ;; #if !defined GCRY_MODULE_ID_USER
-       ;; error too old libgcrypt
-       ;; #endif
-       ("libgcrypt" ,libgcrypt-1.5)
+       ("libgcrypt" ,libgcrypt)
        ("libtasn1" ,libtasn1)))
     (home-page "https://www.gnu.org/software/shishi/")
     (synopsis "Implementation of the Kerberos 5 network security system")
diff --git a/gnu/packages/ld-wrapper.in b/gnu/packages/ld-wrapper.in
index ebfd8332c4..82bd2196cf 100644
--- a/gnu/packages/ld-wrapper.in
+++ b/gnu/packages/ld-wrapper.in
@@ -15,7 +15,7 @@ main="(@ (gnu build-support ld-wrapper) ld-wrapper)"
 exec @GUILE@ -c "(load-compiled \"@SELF@.go\") (apply $main (cdr (command-line)))" "$@"
 !#
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -35,6 +35,7 @@ exec @GUILE@ -c "(load-compiled \"@SELF@.go\") (apply $main (cdr (command-line))
 (define-module (gnu build-support ld-wrapper)
   #:use-module (srfi srfi-1)
   #:use-module (ice-9 match)
+  #:autoload   (ice-9 rdelim) (read-string)
   #:export (ld-wrapper))
 
 ;;; Commentary:
@@ -222,9 +223,44 @@ impure library ~s~%"
               '()
               library-files))
 
+(define (expand-arguments args)
+  ;; Expand ARGS such that "response file" arguments, such as "@args.txt", are
+  ;; expanded (info "(gcc) Overall Options").
+  (define (response-file-arguments file)
+    (when %debug?
+      (format (current-error-port)
+              "ld-wrapper: attempting to read arguments from '~a'~%" file))
+
+    ;; FIXME: Options can contain whitespace if they are protected by single
+    ;; or double quotes; this is not implemented here.
+    (string-tokenize (call-with-input-file file read-string)))
+
+  (define result
+    (fold-right (lambda (arg result)
+                  (if (string-prefix? "@" arg)
+                      (let ((file (string-drop arg 1)))
+                        (append (catch 'system-error
+                                  (lambda ()
+                                    (response-file-arguments file))
+                                  (lambda args
+                                    ;; FILE doesn't exist or cannot be read so
+                                    ;; leave ARG as is.
+                                    (list arg)))
+                                result))
+                      (cons arg result)))
+                '()
+                args))
+
+  ;; If there are "@" arguments in RESULT *and* we can expand them (they don't
+  ;; refer to nonexistent files), then recurse.
+  (if (equal? result args)
+      result
+      (expand-arguments result)))
+
 (define (ld-wrapper . args)
   ;; Invoke the real `ld' with ARGS, augmented with `-rpath' switches.
-  (let* ((path (library-search-path args))
+  (let* ((args (expand-arguments args))
+         (path (library-search-path args))
          (libs (library-files-linked args path))
          (args (append args (rpath-arguments libs))))
     (when %debug?
diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm
index c903352bbc..4f6064e939 100644
--- a/gnu/packages/libevent.scm
+++ b/gnu/packages/libevent.scm
@@ -121,7 +121,7 @@ programs.")
 (define-public libuv
   (package
     (name "libuv")
-    (version "1.11.0")
+    (version "1.12.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/libuv/libuv/archive/v"
@@ -129,7 +129,7 @@ programs.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0yhw86011l2dg2prms0d86szygrix4pxpgnyzs7iljy2xk3fxivf"))))
+                "0l0jrb5q3i8br10c8skc6xdwlxkmlpn3n0kngaqd68fsi1593kj1"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases (alist-cons-after
@@ -157,20 +157,20 @@ similar IOCP, and event ports, asynchronous TCP/UDP sockets, asynchronous DNS
 resolution, asynchronous file system operations, and threading primitives.")
 
     ;; A few files fall under other non-copyleft licenses; see 'LICENSE' for
-    ;; details.
-    (license x11)))
+    ;; details.  Documentation is CC-BY 4.0 as of 1.12.0; see 'LICENSE-docs'.
+    (license (list expat cc-by4.0))))
 
 (define-public perl-anyevent
   (package
     (name "perl-anyevent")
-    (version "7.13")
+    (version "7.14")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/M/ML/MLEHMANN/"
                                   "AnyEvent-" version ".tar.gz"))
               (sha256
                (base32
-                "1b84ilkbrfbzqapv25x8z6gva92skbrf2srybdabb1wnxx6ky454"))))
+                "0akxr9y0q9yjkl614x4clbiiayvh5a67y8gmci54plxs4p95i4sk"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-canary-stability" ,perl-canary-stability)))
diff --git a/gnu/packages/libffi.scm b/gnu/packages/libffi.scm
index 13938f7ee8..16475affe6 100644
--- a/gnu/packages/libffi.scm
+++ b/gnu/packages/libffi.scm
@@ -42,7 +42,8 @@
                              name "-" version ".tar.gz"))
              (sha256
               (base32
-               "0dya49bnhianl0r65m65xndz6ls2jn1xngyn72gd28ls3n7bnvnh"))))
+               "0dya49bnhianl0r65m65xndz6ls2jn1xngyn72gd28ls3n7bnvnh"))
+             (patches (search-patches "libffi-3.2.1-complex-alpha.patch"))))
     (build-system gnu-build-system)
     (arguments `(#:phases (alist-cons-after 'install 'post-install
                                             ,post-install-phase
diff --git a/gnu/packages/libidn.scm b/gnu/packages/libidn.scm
index da6c7efb6f..fc91fe263e 100644
--- a/gnu/packages/libidn.scm
+++ b/gnu/packages/libidn.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -20,6 +20,7 @@
 
 (define-module (gnu packages libidn)
   #:use-module (gnu packages)
+  #:use-module (gnu packages compression)
   #:use-module (gnu packages libunistring)
   #:use-module (guix licenses)
   #:use-module (guix packages)
@@ -53,42 +54,19 @@ Java libraries.")
 (define-public libidn2
   (package
     (name "libidn2")
-    (version "0.16")
+    (version "2.0.2")
     (source (origin
               (method url-fetch)
-              (uri (string-append "ftp://alpha.gnu.org/gnu/libidn/libidn2-"
-                                  version ".tar.gz"))
+              (uri (string-append "mirror://gnu/libidn/" name "-" version
+                                  ".tar.lz"))
               (sha256
                (base32
-                "13v8kh4d5nfkymai88zlw3h7k4x9khrpdpv97waf4ah8ykzrxb9g"))))
-    ;; XXX: Make sure to remove the 'create-pkg-config' phase
-    ;; below when this package is updated to >= 0.17.
+                "0pqaj8d01aj4i110669fincqs10kgynyqcrmq2q7pss8v9dcd1jq"))))
+    (native-inputs
+     `(("lzip" ,lzip)))
     (inputs
      `(("libunistring" ,libunistring)))
     (build-system gnu-build-system)
-    (arguments
-     `(#:phases
-       (modify-phases %standard-phases
-         (add-after 'install 'create-pkgconfig-file
-           (lambda* (#:key outputs #:allow-other-keys)
-             (let* ((out (assoc-ref outputs "out"))
-                    (pkgconfig (string-append out "/lib/pkgconfig")))
-               (mkdir-p pkgconfig)
-               (call-with-output-file (string-append pkgconfig "/libidn2.pc")
-                 (lambda (port)
-                   (format port "prefix=~a
-exec_prefix=${prefix}
-libdir=${exec_prefix}/lib
-includedir=${prefix}/include
-
-Name: Libidn2
-Description: Library implementing IDNA2008 and TR46
-Version: ~a
-Libs: -L${libdir} -lidn2
-Cflags: -I${includedir}
-"
-                           out ,version)))
-               #t))))))
     (synopsis "Internationalized domain name library for IDNA2008")
     (description "Libidn2 is an internationalized domain library implementing
 the IDNA2008 specifications.   Libidn2 is believed to be a complete IDNA2008
diff --git a/gnu/packages/libsigsegv.scm b/gnu/packages/libsigsegv.scm
index 41e7345351..2a44819820 100644
--- a/gnu/packages/libsigsegv.scm
+++ b/gnu/packages/libsigsegv.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -25,14 +26,14 @@
 (define-public libsigsegv
   (package
    (name "libsigsegv")
-   (version "2.10")
+   (version "2.11")
    (source (origin
             (method url-fetch)
             (uri (string-append
                   "mirror://gnu/libsigsegv/libsigsegv-"
                   version ".tar.gz"))
             (sha256
-             (base32 "16hrs8k3nmc7a8jam5j1fpspd6sdpkamskvsdpcw6m29vnis8q44"))))
+             (base32 "063swdvq7mbmc1clv0rnh20grwln1zfc2qnm0sa1hivcxyr2wz6x"))))
    (build-system gnu-build-system)
    (home-page "https://www.gnu.org/software/libsigsegv/")
    (synopsis "Library for handling page faults")
@@ -44,12 +45,12 @@
     ;; linux-libre-headers-cross-mips64el-linux-gnu-3.3.8/include/asm/sigcontext.h:57:8: error: redefinition of 'struct sigcontext'
     (if (string-contains (or (%current-target-system) (%current-system))
                          "mips64el")
-        `(#:phases (alist-cons-before
-                    'configure 'patch-mips-old-h
-                    (lambda _
-                      (substitute* "src/fault-linux-mips-old.h"
-                        (("#include <asm/sigcontext\\.h>") "")))
-                    %standard-phases))
+        `(#:phases (modify-phases %standard-phases
+                     (add-before 'configure 'patch-mips-old-h
+                       (lambda _
+                         (substitute* "src/fault-linux-mips-old.h"
+                           (("#include <asm/sigcontext\\.h>") ""))
+                         #t))))
         '()))
    (description
     "GNU libsigsegv is a library to handle page faults, which occur when a
diff --git a/gnu/packages/libunistring.scm b/gnu/packages/libunistring.scm
index 212bec4b49..df02f68cea 100644
--- a/gnu/packages/libunistring.scm
+++ b/gnu/packages/libunistring.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -24,6 +25,7 @@
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
+  #:use-module (gnu packages)
   #:use-module (gnu packages base))
 
 (define-public libunistring
@@ -37,7 +39,11 @@
                   version ".tar.xz"))
             (sha256
              (base32
-              "15z76qrmrvkc3c6hfq2lzzqysgd21s682f2smycfab5g598n8drf"))))
+              "15z76qrmrvkc3c6hfq2lzzqysgd21s682f2smycfab5g598n8drf"))
+             ;; test-lock has performance issues on multi-core machines,
+             ;; it hangs or takes a long time to complete.
+             ;; This is a commit from gnulib to fix this issue.
+            (patches (search-patches "libunistring-gnulib-multi-core.patch"))))
    (propagated-inputs (libiconv-if-needed))
    (build-system gnu-build-system)
    (arguments
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index ed53b79ee9..5a8201e80e 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -124,6 +124,7 @@
           ((string-prefix? "arm" arch) "arm")
           ((string-prefix? "aarch64" arch) "arm64")
           ((string-prefix? "alpha" arch) "alpha")
+          ((string-prefix? "powerpc" arch) "powerpc") ;including "powerpc64le"
           (else arch))))
 
 (define-public (system->defconfig system)
@@ -131,6 +132,7 @@
 defconfig.  Return the appropiate make target if applicable, otherwise return
 \"defconfig\"."
   (cond ((string-prefix? "powerpc-" system) "pmac32_defconfig")
+        ((string-prefix? "powerpc64le-" system) "ppc64_defconfig")
         (else "defconfig")))
 
 (define (linux-libre-urls version)
@@ -498,7 +500,7 @@ providing the system administrator with some help in common tasks.")
 (define-public util-linux
   (package
     (name "util-linux")
-    (version "2.29.2")
+    (version "2.30")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://kernel.org/linux/utils/"
@@ -506,7 +508,7 @@ providing the system administrator with some help in common tasks.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1qz81w8vzrmy8xn9yx7ls4amkbgwx6vr62pl6kv9g7r0g3ba9kmc"))
+                "13d0ax8bcapga8phj2nclx86w57ddqxbr98ajibpzjq6d7zs8262"))
               (patches (search-patches "util-linux-tests.patch"))
               (modules '((guix build utils)))
               (snippet
@@ -667,7 +669,7 @@ slabtop, and skill.")
     (build-system gnu-build-system)
     (inputs
      `(("libusb" ,libusb)
-       ("eudev" ,eudev-with-hwdb)))
+       ("eudev" ,eudev)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (home-page "http://www.linux-usb.org/")
@@ -909,7 +911,7 @@ intercept and print the system calls executed by the program.")
 (define-public alsa-lib
   (package
     (name "alsa-lib")
-    (version "1.1.3")
+    (version "1.1.4.1")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -917,7 +919,7 @@ intercept and print the system calls executed by the program.")
                    version ".tar.bz2"))
              (sha256
               (base32
-               "174n2psp0328xcy2f1ayls67598bxli6q9cf00d2qnac3012aa3i"))))
+               "0xjvi381105gldhv0z872a0x58sghznyx19j45lw5iyi2h68gfwi"))))
     (build-system gnu-build-system)
     (home-page "https://www.alsa-project.org/")
     (synopsis "The Advanced Linux Sound Architecture libraries")
@@ -1995,7 +1997,7 @@ from the module-init-tools project.")
   ;; The post-systemd fork, maintained by Gentoo.
   (package
     (name "eudev")
-    (version "3.2.1")
+    (version "3.2.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2003,10 +2005,18 @@ from the module-init-tools project.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "06gyyl90n85x8i7lfhns514y1kg1ians13l467admyzy3kjxkqsp"))
-              (patches (search-patches "eudev-rules-directory.patch"
-                                       "eudev-conflicting-declaration.patch"))))
+                "0qqgbgpm5wdllk0s04pf80nwc8pr93xazwri1bylm1f15zn5ck1y"))
+              (patches (search-patches "eudev-rules-directory.patch"))))
     (build-system gnu-build-system)
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (add-after 'install 'build-hwdb
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      ;; Build OUT/etc/udev/hwdb.bin.  This allows 'lsusb' and
+                      ;; similar tools to display product names.
+                      (let ((out (assoc-ref outputs "out")))
+                        (zero? (system* (string-append out "/bin/udevadm")
+                                        "hwdb" "--update"))))))))
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("perl" ,perl)
@@ -2025,19 +2035,7 @@ time.")
     (license license:gpl2+)))
 
 (define-public eudev-with-hwdb
-  ;; TODO: Merge with 'eudev'.
-  (package
-    (inherit eudev)
-    (name "eudev-with-hwdb")
-    (arguments
-     '(#:phases (modify-phases %standard-phases
-                  (add-after 'install 'build-hwdb
-                    (lambda* (#:key outputs #:allow-other-keys)
-                      ;; Build OUT/etc/udev/hwdb.bin.  This allows 'lsusb' and
-                      ;; similar tools to display product names.
-                      (let ((out (assoc-ref outputs "out")))
-                        (zero? (system* (string-append out "/bin/udevadm")
-                                        "hwdb" "--update"))))))))))
+  (deprecated-package "eudev-with-hwdb" eudev))
 
 (define-public lvm2
   (package
@@ -2977,7 +2975,7 @@ Bluetooth audio output devices like headphones or loudspeakers.")
                 "1sb4aflgyrl7apricjipa8wx95qm69yja0lmn2f19g560c3v1b2c"))))
     (build-system gnu-build-system)
     (arguments
-     '(#:configure-flags
+     `(#:configure-flags
        (let ((out (assoc-ref %outputs "out")))
          (list "--sysconfdir=/etc"
                "--localstatedir=/var"
@@ -3006,7 +3004,12 @@ Bluetooth audio output devices like headphones or loudspeakers.")
                   (string-append out "/lib/udev/hid2hci --method"))
                  (("/sbin/udevadm")
                   (string-append (assoc-ref inputs "eudev") "/bin/udevadm")))
-               #t))))))
+               #t))))
+
+       ;; FIXME: Skip one test that segfaults on ARM.
+       ,@(if (string=? (%current-system) "armhf-linux")
+             '(#:make-flags '("XFAIL_TESTS=unit/test-gatt"))
+             '())))
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("gettext" ,gettext-minimal)))
diff --git a/gnu/packages/make-bootstrap.scm b/gnu/packages/make-bootstrap.scm
index 844b110eb1..492ccb8114 100644
--- a/gnu/packages/make-bootstrap.scm
+++ b/gnu/packages/make-bootstrap.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -502,23 +502,23 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
   ;; .scm and .go files relative to its installation directory, rather
   ;; than in hard-coded configure-time paths.
   (let* ((patches (cons* (search-patch "guile-relocatable.patch")
-                         (search-patch "guile-default-utf8.patch")
+                         (search-patch "guile-2.2-default-utf8.patch")
                          (search-patch "guile-linux-syscalls.patch")
-                         (origin-patches (package-source guile-2.0))))
-         (source  (origin (inherit (package-source guile-2.0))
+                         (origin-patches (package-source guile-2.2))))
+         (source  (origin (inherit (package-source guile-2.2))
                     (patches patches)))
-         (guile (package (inherit guile-2.0)
-                  (name (string-append (package-name guile-2.0) "-static"))
+         (guile (package (inherit guile-2.2)
+                  (name (string-append (package-name guile-2.2) "-static"))
                   (source source)
                   (synopsis "Statically-linked and relocatable Guile")
 
                   ;; Remove the 'debug' output (see above for the reason.)
-                  (outputs (delete "debug" (package-outputs guile-2.0)))
+                  (outputs (delete "debug" (package-outputs guile-2.2)))
 
                   (propagated-inputs
                    `(("bdw-gc" ,libgc)
                      ,@(alist-delete "bdw-gc"
-                                     (package-propagated-inputs guile-2.0))))
+                                     (package-propagated-inputs guile-2.2))))
                   (arguments
                    `(;; When `configure' checks for ltdl availability, it
                      ;; doesn't try to link using libtool, and thus fails
@@ -534,7 +534,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
                                    (("^guile_LDFLAGS =")
                                     "guile_LDFLAGS = -all-static")
 
-                                   ;; Add `-ldl' *after* libguile-2.0.la.
+                                   ;; Add `-ldl' *after* libguile-2.2.la.
                                    (("^guile_LDADD =(.*)$" _ ldadd)
                                     (string-append "guile_LDADD = "
                                                    (string-trim-right ldadd)
@@ -561,13 +561,13 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
                 (out    (assoc-ref %outputs "out"))
                 (guile1 (string-append in "/bin/guile"))
                 (guile2 (string-append out "/bin/guile")))
-           (mkdir-p (string-append out "/share/guile/2.0"))
-           (copy-recursively (string-append in "/share/guile/2.0")
-                             (string-append out "/share/guile/2.0"))
+           (mkdir-p (string-append out "/share/guile/2.2"))
+           (copy-recursively (string-append in "/share/guile/2.2")
+                             (string-append out "/share/guile/2.2"))
 
-           (mkdir-p (string-append out "/lib/guile/2.0/ccache"))
-           (copy-recursively (string-append in "/lib/guile/2.0/ccache")
-                             (string-append out "/lib/guile/2.0/ccache"))
+           (mkdir-p (string-append out "/lib/guile/2.2/ccache"))
+           (copy-recursively (string-append in "/lib/guile/2.2/ccache")
+                             (string-append out "/lib/guile/2.2/ccache"))
 
            (mkdir (string-append out "/bin"))
            (copy-file guile1 guile2)
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index e204588dd5..e29a3864df 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -1850,7 +1850,7 @@ implemented in ANSI C, and MPI for communications.")
     (build-system gnu-build-system)
     (inputs
      `(("zlib" ,zlib)
-       ("flex" ,flex-2.6.1) ; A bug in flex prevents building with flex-2.6.3.
+       ("flex" ,flex)
        ("bison" ,bison)))
     (arguments
      `(#:phases
diff --git a/gnu/packages/mpd.scm b/gnu/packages/mpd.scm
index 5692ff6766..eb45974f6c 100644
--- a/gnu/packages/mpd.scm
+++ b/gnu/packages/mpd.scm
@@ -195,22 +195,23 @@ terminal using ncurses.")
 (define-public ncmpcpp
   (package
     (name "ncmpcpp")
-    (version "0.7.7")
+    (version "0.8")
     (source (origin
               (method url-fetch)
               (uri
-               (string-append "http://ncmpcpp.rybczak.net/stable/ncmpcpp-"
+               (string-append "https://ncmpcpp.rybczak.net/stable/ncmpcpp-"
                               version ".tar.bz2"))
               (sha256
                (base32
-                "1vq19m36608pvw1g8nbcaqqb89wsw05v35pi45xwr20z7g4bxg5p"))))
+                "0nj6ky805a55acj0w57sbn3vfmmkbqp97rhbi0q9848n10f2l3rg"))))
     (build-system gnu-build-system)
     (inputs `(("libmpdclient" ,libmpdclient)
               ("boost"  ,boost)
               ("readline" ,readline)
               ("ncurses" ,ncurses)
               ("taglib" ,taglib)
-              ("icu4c" ,icu4c)))
+              ("icu4c" ,icu4c)
+              ("curl" ,curl)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (arguments
@@ -221,7 +222,7 @@ terminal using ncurses.")
 but it provides new useful features such as support for regular expressions
 for library searches, extended song format, items filtering, the ability to
 sort playlists, and a local file system browser.")
-    (home-page "http://ncmpcpp.rybczak.net/")
+    (home-page "https://ncmpcpp.rybczak.net/")
     (license license:gpl2+)))
 
 (define-public mpdscribble
diff --git a/gnu/packages/ncurses.scm b/gnu/packages/ncurses.scm
index ae4548bb6b..9f5905bc89 100644
--- a/gnu/packages/ncurses.scm
+++ b/gnu/packages/ncurses.scm
@@ -38,12 +38,12 @@
 (define-public ncurses
   (package
     (name "ncurses")
-    (replacement ncurses/fixed)
     (version "6.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnu/ncurses/ncurses-"
                                   version ".tar.gz"))
+              (patches (search-patches "ncurses-CVE-2017-10684-10685.patch"))
               (sha256
                (base32
                 "0q3jck7lna77z5r42f13c4xglc7azd19pxfrjrpgp2yf615w4lgm"))))
@@ -190,17 +190,6 @@ ncursesw library provides wide character support.")
     (license x11)
     (home-page "https://www.gnu.org/software/ncurses/")))
 
-(define ncurses/fixed
-  (package
-    (inherit ncurses)
-    (source
-      (origin
-        (inherit (package-source ncurses))
-        (patches
-          (append
-            (origin-patches (package-source ncurses))
-            (search-patches "ncurses-CVE-2017-10684-10685.patch")))))))
-
 (define-public ncurses/gpm
   (package/inherit ncurses
     (name "ncurses-with-gpm")
diff --git a/gnu/packages/netpbm.scm b/gnu/packages/netpbm.scm
index cd0c3d950d..2d76d7e067 100644
--- a/gnu/packages/netpbm.scm
+++ b/gnu/packages/netpbm.scm
@@ -36,7 +36,7 @@
 (define-public netpbm
   (package
    (name "netpbm")
-   (version "10.61.01")
+   (version "10.78.3")
    (source (origin
             (method svn-fetch)
             ;; At the time of first packaging, the "super-stable" and
@@ -48,10 +48,10 @@
             ;; To determine the correct release: "svn log version.mk".
             (uri (svn-reference
                    (url "http://svn.code.sf.net/p/netpbm/code/advanced")
-                   (revision 1832)))
+                   (revision 2965)))
             (sha256
               (base32
-               "1mj1pqq18yj0yb6l24zfjls7axhqmiv0pvcaabl5xvc4a0dm543j"))
+               "1k7as9qi1942wyjxpvbf02wg0h4braw44m3m3vvi8sm9y5z1m967"))
             (file-name (string-append name "-" version "-checkout"))
             (modules '((guix build utils)))
             (snippet
@@ -87,6 +87,9 @@
                 (drop "ppmtopjxl" in "converter/ppm")
 
                 ;; Remove timestamps from the generated code.
+                (substitute* "buildtools/makepointerman"
+                  (("gmctime[(][)]")
+                   "\"Thu Jan 1 00:00:00 1970\""))
                 (substitute* "buildtools/stamp-date"
                   (("^DATE=.*")
                    "DATE=\"Thu Jan 01 00:00:00+0000 1970\"\n")
@@ -124,8 +127,8 @@
 
            (let ((rgb (string-append (assoc-ref inputs "xorg-rgb")
                                      "/share/X11/rgb.txt")))
-             (substitute* "pm_config.in.h"
-               (("/usr/share/X11/rgb.txt") rgb))
+             (substitute* "config.mk"
+               (("/usr/share/netpbm/rgb.txt") rgb))
 
              ;; Our Ghostscript no longer provides the 'gs' command, only
              ;; 'gsc', so look for that instead.
@@ -146,7 +149,15 @@
              (("all-in-place.test") "")
              (("pnmpsnr.test") "")
              (("pnmremap1.test") "")
-             (("gif-roundtrip.test") ""))
+             (("gif-roundtrip.test") "")
+
+             ;; These two tests started failing in netpbm-10.78.3.
+             (("jpeg-roundtrip.test") "")
+             (("pbmtext.test") "")
+
+             ;; Skip tests that use nonfree programs that we don't build.
+             (("ps-alt-roundtrip.test") "" )
+             (("pbm-misc-converters.test") ""))
            #t))
        (replace 'install
          (lambda* (#:key outputs make-flags #:allow-other-keys)
diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm
index b7e13f0a68..08307e37b9 100644
--- a/gnu/packages/openldap.scm
+++ b/gnu/packages/openldap.scm
@@ -40,8 +40,7 @@
 (define-public openldap
   (package
    (name "openldap")
-   (replacement openldap/fixed)
-   (version "2.4.44")
+   (version "2.4.45")
    (source (origin
             (method url-fetch)
 
@@ -51,14 +50,14 @@
                         "ftp://mirror.switch.ch/mirror/OpenLDAP/"
                         "openldap-release/openldap-" version ".tgz")
                        (string-append
-                        "ftp://ftp.OpenLDAP.org/pub/OpenLDAP/"
+                        "https://www.openldap.org/software/download/OpenLDAP/"
                         "openldap-release/openldap-" version ".tgz")
                        (string-append
                         "ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/"
                         "openldap-release/openldap-" version ".tgz")))
             (sha256
              (base32
-              "0044p20hx07fwgw2mbwj1fkx04615hhs1qyx4mawj2bhqvrnppnp"))))
+              "091qvwk5dkcpp17ziabcnh3rg3m7qwzw2pihfcd1d5fdxgywzmnd"))))
    (build-system gnu-build-system)
    (inputs `(("bdb" ,bdb-5.3)
              ("cyrus-sasl" ,cyrus-sasl)
@@ -71,23 +70,25 @@
    (arguments
     `(#:tests? #f
       #:phases
-       (alist-cons-after
-        'configure 'provide-libtool
-        (lambda _ (copy-file (which "libtool") "libtool"))
-       %standard-phases)))
+      (modify-phases %standard-phases
+        (add-after 'configure 'provide-libtool
+          (lambda _ (copy-file (which "libtool") "libtool")
+            #t))
+        (add-after 'install 'patch-sasl-path
+          ;; Give -L arguments for cyrus-sasl to avoid propagation.
+          (lambda* (#:key inputs outputs #:allow-other-keys)
+            (let ((out (assoc-ref outputs "out"))
+                  (sasl (assoc-ref inputs "cyrus-sasl")))
+              (substitute* (map (lambda (f) (string-append out "/" f))
+                                '("lib/libldap.la" "lib/libldap_r.la"))
+                (("-lsasl2" lib)
+                 (string-append "-L" sasl "/lib " lib)))
+              #t))))))
    (synopsis "Implementation of the Lightweight Directory Access Protocol")
    (description
     "OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.")
    (license openldap2.8)
-   (home-page "http://www.openldap.org/")))
-
-(define openldap/fixed
-  (package
-    (inherit openldap)
-    (source
-      (origin
-        (inherit (package-source openldap))
-        (patches (search-patches "openldap-CVE-2017-9287.patch"))))))
+   (home-page "https://www.openldap.org/")))
 
 (define-public nss-pam-ldapd
   (package
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 1f65e21323..3c1a4d9567 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -261,7 +261,7 @@
                          (base32
                           "1giy2aprjmn5fp9c4s9r125fljw4wv6ixy5739i5bffw4jgr0f9r"))))))
       (propagated-inputs
-       `(("gnutls" ,gnutls/guile-2.2)             ;for 'guix download' & co.
+       `(("gnutls" ,gnutls)
          ("guile-json" ,guile-json)
          ("guile-ssh" ,guile-ssh)
          ("guile-git" ,guile-git)))
@@ -288,7 +288,7 @@ the Nix package manager.")
      `(("guile" ,guile-2.0)
        ,@(alist-delete "guile" (package-inputs guix))))
     (propagated-inputs
-     `(("gnutls" ,gnutls)
+     `(("gnutls" ,gnutls/guile-2.0)
        ("guile-json" ,guile2.0-json)
        ("guile-ssh" ,guile2.0-ssh)
        ("guile-git" ,guile2.0-git)))))
diff --git a/gnu/packages/patches/ath9k-htc-firmware-binutils.patch b/gnu/packages/patches/ath9k-htc-firmware-binutils.patch
index aa253e135f..7bb5d77dba 100644
--- a/gnu/packages/patches/ath9k-htc-firmware-binutils.patch
+++ b/gnu/packages/patches/ath9k-htc-firmware-binutils.patch
@@ -5,9 +5,6 @@ Not applying the first patch (apparently) leads to miscompiled firmware,
 and loading it fails with a "Target is unresponsive" message from the
 'ath9k_htc' module.
 
-The final hunk, applied to 'gas/config/tc-xtensa.c', is copied from the
-upstream file 'local/patches/binutils-2.27_fixup.patch'.
-
 From dbca73446265ce01b8e11462c3346b25953e3399 Mon Sep 17 00:00:00 2001
 From: Sujith Manoharan <c_manoha@qca.qualcomm.com>
 Date: Mon, 7 Jan 2013 15:59:53 +0530
@@ -28969,20 +28966,3 @@ index 30f4f41..fe9b051 100644
  #define XCHAL_MAX_INSTRUCTION_SIZE	3
 -- 
 1.8.1
-
-diff --git a/gas/config/tc-xtensa.c b/gas/config/tc-xtensa.c
-index d062044..ca261ae 100644
---- a/gas/config/tc-xtensa.c
-+++ b/gas/config/tc-xtensa.c
-@@ -2228,7 +2228,7 @@ xg_reverse_shift_count (char **cnt_argp)
-   cnt_arg = *cnt_argp;
- 
-   /* replace the argument with "31-(argument)" */
--  new_arg = concat ("31-(", cnt_argp, ")", (char *) NULL);
-+  new_arg = concat ("31-(", cnt_arg, ")", (char *) NULL);
- 
-   free (cnt_arg);
-   *cnt_argp = new_arg;
--- 
-2.10.1
-
diff --git a/gnu/packages/patches/binutils-mips-bash-bug.patch b/gnu/packages/patches/binutils-mips-bash-bug.patch
deleted file mode 100644
index 08d3a79749..0000000000
--- a/gnu/packages/patches/binutils-mips-bash-bug.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Bash 4.2.0(1)-release, which we use during bootstrap, does not yield the
-"x" case in:
-
-  case x"$EMULATION_NAME" in x) ;; *) ;; esac
-
-when 'EMULATION_NAME' is undefined.  Bash 4.3.30(1)-release doesn't have this
-problem.  Work around it.
-
-This Bash bug was fixed
-in <http://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-007>.
-
---- a/ld/emulparams/elf32bmipn32-defs.sh
-+++ b/ld/emulparams/elf32bmipn32-defs.sh
-@@ -13,7 +13,7 @@ LITTLE_OUTPUT_FORMAT="elf32-littlemips"
- TEMPLATE_NAME=elf32
- EXTRA_EM_FILE=mipself
- 
--case x"$EMULATION_NAME" in
-+case "x$EMULATION_NAME" in
- xelf32*n32*) ELFSIZE=32 ;;
- xelf64*) ELFSIZE=64 ;;
- x) ;;
diff --git a/gnu/packages/patches/coreutils-cut-huge-range-test.patch b/gnu/packages/patches/coreutils-cut-huge-range-test.patch
index 0be2cef2b8..e3a0ef28eb 100644
--- a/gnu/packages/patches/coreutils-cut-huge-range-test.patch
+++ b/gnu/packages/patches/coreutils-cut-huge-range-test.patch
@@ -1,22 +1,33 @@
 This patch fixes 100% reproducible test failures on arm-linux-gnueabihf in our
-the build environment chroot, as reported at <https://bugs.gnu.org/26253>.
-It is a followup to this upstream patch:
+the build environment chroot, as reported at <https://bugs.gnu.org/26253>,
+and now on x86_64-linux-gnu as well.  It is a variant of this upstream patch:
 
-   commit 28803c8a3144d5d4363cdbd148bbe067af1a67c2
-   Author: Pádraig Brady <P@draigBrady.com>
-   Date:   Fri Mar 3 00:25:54 2017 -0800
+  commit f5422009389678680dba9ff4ecb7d33632ee3383
+  Author: Ludovic Courtès <ludo@gnu.org>
+  Date:   Mon Mar 27 20:34:39 2017 -0700
 
-       tests: avoid a spurious failure on older debian
+      tests: avoid false ulimit failure on some systems
+
+      * tests/misc/cut-huge-range.sh: On some systems returns_ may
+      use more memory, so incorporate that in the determination
+      of the ulimit value to use.  Noticed on ARMv7 with bash-4.4.12,
+      and x86_64 with bash-4.2.37.
+      Fixes http://bugs.gnu.org/26253
 
 ... which appeared to be insufficient.
 
+diff --git a/tests/misc/cut-huge-range.sh b/tests/misc/cut-huge-range.sh
+index 6b3c5b6ed..55b7b640e 100755
 --- a/tests/misc/cut-huge-range.sh
 +++ b/tests/misc/cut-huge-range.sh
-@@ -22,6 +22,7 @@ getlimits_
+@@ -20,9 +20,9 @@
+ print_ver_ cut
+ getlimits_
  
- vm=$(get_min_ulimit_v_ cut -b1 /dev/null) \
+-vm=$(get_min_ulimit_v_ cut -b1 /dev/null) \
++vm=$(get_min_ulimit_v_ sh -c 'cut -b1 /dev/null') \
    || skip_ "this shell lacks ulimit support"
-+vm=$(($vm + $(getconf PAGESIZE))) # avoid spurious failures
+ vm=$(($vm + 1000)) # avoid spurious failures
  
  # sed script to subtract one from the input.
  # Each input line should consist of a positive decimal number.
diff --git a/gnu/packages/patches/coreutils-fix-cross-compilation.patch b/gnu/packages/patches/coreutils-fix-cross-compilation.patch
deleted file mode 100644
index 3f0d35c33e..0000000000
--- a/gnu/packages/patches/coreutils-fix-cross-compilation.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Coreutils fails to cross compile for other platforms because cu_install_program
-is not being evaluated properly. This patch fixes it.
-See <https://lists.gnu.org/archive/html/coreutils/2017-01/msg00039.html>
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -5023,7 +5023,7 @@ pr = progs-readme
- @CROSS_COMPILING_FALSE@cu_install_program = src/ginstall
- 
- # Use the just-built 'ginstall', when not cross-compiling.
--@CROSS_COMPILING_TRUE@cu_install_program = @INSTALL_PROGRAM@
-+@CROSS_COMPILING_TRUE@cu_install_program := @INSTALL@
- info_TEXINFOS = doc/coreutils.texi
- doc_coreutils_TEXINFOS = \
-   doc/perm.texi \
-
diff --git a/gnu/packages/patches/eudev-conflicting-declaration.patch b/gnu/packages/patches/eudev-conflicting-declaration.patch
deleted file mode 100644
index f5399e20d3..0000000000
--- a/gnu/packages/patches/eudev-conflicting-declaration.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-Fix build failure due to conflicting declaration of
-keyboard_lookup_key() in gperf-3.1:
-
-https://bugs.gentoo.org/show_bug.cgi?id=604864
-
-Patch copied from upstream source repository:
-
-https://github.com/gentoo/eudev/commit/5bab4d8de0dcbb8e2e7d4d5125b4aea1652a0d60
-
-From 5bab4d8de0dcbb8e2e7d4d5125b4aea1652a0d60 Mon Sep 17 00:00:00 2001
-From: "Anthony G. Basile" <blueness@gentoo.org>
-Date: Thu, 5 Jan 2017 16:21:17 -0500
-Subject: [PATCH] src/udev/udev-builtin-keyboard.c: fix build with gperf 3.1
-
-Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
----
- src/udev/udev-builtin-keyboard.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/src/udev/udev-builtin-keyboard.c b/src/udev/udev-builtin-keyboard.c
-index 73171c3..fad3520 100644
---- a/src/udev/udev-builtin-keyboard.c
-+++ b/src/udev/udev-builtin-keyboard.c
-@@ -28,7 +28,6 @@
- 
- #include "udev.h"
- 
--static const struct key *keyboard_lookup_key(const char *str, unsigned len);
- #include "keyboard-keys-from-name.h"
- #include "keyboard-keys-to-name.h"
- 
diff --git a/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch b/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch
deleted file mode 100644
index b489401fea..0000000000
--- a/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Fix regression caused by fix for CVE-2016-0718 when building with -DXML_UNICODE.
-
-Discussion:
-
-https://sourceforge.net/p/expat/bugs/539/
-
-Patch copied from upstream source repository:
-
-https://sourceforge.net/p/expat/code_git/ci/af507cef2c93cb8d40062a0abe43a4f4e9158fb2/
-
-From af507cef2c93cb8d40062a0abe43a4f4e9158fb2 Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Sun, 17 Jul 2016 20:22:29 +0200
-Subject: [PATCH 1/2] Fix regression bug #539 (needs -DXML_UNICODE)
-
-Thanks to Andy Wang and Karl Waclawek!
----
- expat/lib/xmlparse.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
-index b308e67..0d5dd7b 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -2468,7 +2468,7 @@ doContent(XML_Parser parser,
-                        &fromPtr, rawNameEnd,
-                        (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1);
-             convLen = (int)(toPtr - (XML_Char *)tag->buf);
--            if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
-+            if ((fromPtr >= rawNameEnd) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
-               tag->name.strLen = convLen;
-               break;
-             }
--- 
-2.10.0
diff --git a/gnu/packages/patches/findutils-gnulib-multi-core.patch b/gnu/packages/patches/findutils-gnulib-multi-core.patch
new file mode 100644
index 0000000000..5a37f4f1f9
--- /dev/null
+++ b/gnu/packages/patches/findutils-gnulib-multi-core.patch
@@ -0,0 +1,294 @@
+This patch fixes performance problems on multi-core machines
+as reported at <https://bugs.gnu.org/26441>.
+
+See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib
+by Bruno Haible <bruno@clisp.org>.
+
+diff --git a/tests/test-lock.c b/tests/test-lock.c
+index a992f64..fb18dee 100644
+--- a/tests/test-lock.c
++++ b/tests/test-lock.c
+@@ -1,5 +1,5 @@
+ /* Test of locking in multithreaded situations.
+-   Copyright (C) 2005, 2008-2015 Free Software Foundation, Inc.
++   Copyright (C) 2005, 2008-2017 Free Software Foundation, Inc.
+ 
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+@@ -50,6 +50,28 @@
+    Uncomment this to see if the operating system has a fair scheduler.  */
+ #define EXPLICIT_YIELD 1
+ 
++/* Whether to use 'volatile' on some variables that communicate information
++   between threads.  If set to 0, a semaphore or a lock is used to protect
++   these variables.  If set to 1, 'volatile' is used; this is theoretically
++   equivalent but can lead to much slower execution (e.g. 30x slower total
++   run time on a 40-core machine), because 'volatile' does not imply any
++   synchronization/communication between different CPUs.  */
++#define USE_VOLATILE 0
++
++#if USE_POSIX_THREADS && HAVE_SEMAPHORE_H
++/* Whether to use a semaphore to communicate information between threads.
++   If set to 0, a lock is used. If set to 1, a semaphore is used.
++   Uncomment this to reduce the dependencies of this test.  */
++# define USE_SEMAPHORE 1
++/* Mac OS X provides only named semaphores (sem_open); its facility for
++   unnamed semaphores (sem_init) does not work.  */
++# if defined __APPLE__ && defined __MACH__
++#  define USE_NAMED_SEMAPHORE 1
++# else
++#  define USE_UNNAMED_SEMAPHORE 1
++# endif
++#endif
++
+ /* Whether to print debugging messages.  */
+ #define ENABLE_DEBUGGING 0
+ 
+@@ -90,6 +112,12 @@
+ 
+ #include "glthread/thread.h"
+ #include "glthread/yield.h"
++#if USE_SEMAPHORE
++# include <errno.h>
++# include <fcntl.h>
++# include <semaphore.h>
++# include <unistd.h>
++#endif
+ 
+ #if ENABLE_DEBUGGING
+ # define dbgprintf printf
+@@ -103,6 +131,132 @@
+ # define yield()
+ #endif
+ 
++#if USE_VOLATILE
++struct atomic_int {
++  volatile int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  return ai->value;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  ai->value = new_value;
++}
++#elif USE_SEMAPHORE
++/* This atomic_int implementation can only support the values 0 and 1.
++   It is initially 0 and can be set to 1 only once.  */
++# if USE_UNNAMED_SEMAPHORE
++struct atomic_int {
++  sem_t semaphore;
++};
++#define atomic_int_semaphore(ai) (&(ai)->semaphore)
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++  sem_init (&ai->semaphore, 0, 0);
++}
++# endif
++# if USE_NAMED_SEMAPHORE
++struct atomic_int {
++  sem_t *semaphore;
++};
++#define atomic_int_semaphore(ai) ((ai)->semaphore)
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++  sem_t *s;
++  unsigned int count;
++  for (count = 0; ; count++)
++    {
++      char name[80];
++      /* Use getpid() in the name, so that different processes running at the
++         same time will not interfere.  Use ai in the name, so that different
++         atomic_int in the same process will not interfere.  Use a count in
++         the name, so that even in the (unlikely) case that a semaphore with
++         the specified name already exists, we can try a different name.  */
++      sprintf (name, "test-lock-%lu-%p-%u",
++               (unsigned long) getpid (), ai, count);
++      s = sem_open (name, O_CREAT | O_EXCL, 0600, 0);
++      if (s == SEM_FAILED)
++        {
++          if (errno == EEXIST)
++            /* Retry with a different name.  */
++            continue;
++          else
++            {
++              perror ("sem_open failed");
++              abort ();
++            }
++        }
++      else
++        {
++          /* Try not to leave a semaphore hanging around on the file system
++             eternally, if we can avoid it.  */
++          sem_unlink (name);
++          break;
++        }
++    }
++  ai->semaphore = s;
++}
++# endif
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  if (sem_trywait (atomic_int_semaphore (ai)) == 0)
++    {
++      if (sem_post (atomic_int_semaphore (ai)))
++        abort ();
++      return 1;
++    }
++  else if (errno == EAGAIN)
++    return 0;
++  else
++    abort ();
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  if (new_value == 0)
++    /* It's already initialized with 0.  */
++    return;
++  /* To set the value 1: */
++  if (sem_post (atomic_int_semaphore (ai)))
++    abort ();
++}
++#else
++struct atomic_int {
++  gl_lock_define (, lock)
++  int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++  gl_lock_init (ai->lock);
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  gl_lock_lock (ai->lock);
++  int ret = ai->value;
++  gl_lock_unlock (ai->lock);
++  return ret;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  gl_lock_lock (ai->lock);
++  ai->value = new_value;
++  gl_lock_unlock (ai->lock);
++}
++#endif
++
+ #define ACCOUNT_COUNT 4
+ 
+ static int account[ACCOUNT_COUNT];
+@@ -170,12 +324,12 @@ lock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int lock_checker_done;
++static struct atomic_int lock_checker_done;
+ 
+ static void *
+ lock_checker_thread (void *arg)
+ {
+-  while (!lock_checker_done)
++  while (get_atomic_int_value (&lock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_lock_lock (my_lock);
+@@ -200,7 +354,8 @@ test_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  lock_checker_done = 0;
++  init_atomic_int (&lock_checker_done);
++  set_atomic_int_value (&lock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (lock_checker_thread, NULL);
+@@ -210,7 +365,7 @@ test_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  lock_checker_done = 1;
++  set_atomic_int_value (&lock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
+@@ -254,12 +409,12 @@ rwlock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int rwlock_checker_done;
++static struct atomic_int rwlock_checker_done;
+ 
+ static void *
+ rwlock_checker_thread (void *arg)
+ {
+-  while (!rwlock_checker_done)
++  while (get_atomic_int_value (&rwlock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ());
+       gl_rwlock_rdlock (my_rwlock);
+@@ -284,7 +439,8 @@ test_rwlock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  rwlock_checker_done = 0;
++  init_atomic_int (&rwlock_checker_done);
++  set_atomic_int_value (&rwlock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+@@ -295,7 +451,7 @@ test_rwlock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  rwlock_checker_done = 1;
++  set_atomic_int_value (&rwlock_checker_done, 1);
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (checkerthreads[i], NULL);
+   check_accounts ();
+@@ -356,12 +512,12 @@ reclock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int reclock_checker_done;
++static struct atomic_int reclock_checker_done;
+ 
+ static void *
+ reclock_checker_thread (void *arg)
+ {
+-  while (!reclock_checker_done)
++  while (get_atomic_int_value (&reclock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_recursive_lock_lock (my_reclock);
+@@ -386,7 +542,8 @@ test_recursive_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  reclock_checker_done = 0;
++  init_atomic_int (&reclock_checker_done);
++  set_atomic_int_value (&reclock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (reclock_checker_thread, NULL);
+@@ -396,7 +553,7 @@ test_recursive_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  reclock_checker_done = 1;
++  set_atomic_int_value (&reclock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
diff --git a/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch b/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch
deleted file mode 100644
index 8ebe33bc6c..0000000000
--- a/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-The first patch is copied from the upstream source repository:
-
-https://cgit.freedesktop.org/fontconfig/commit/?id=1ab5258f7c2abfafcd63a760ca08bf93591912da
-
-The second patch is adapted from a message to from the OpenEmbedded mailing list:
-
-http://lists.openembedded.org/pipermail/openembedded-core/2016-December/130213.html
-
-From 1ab5258f7c2abfafcd63a760ca08bf93591912da Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 14 Dec 2016 16:11:05 -0800
-Subject: Avoid conflicts with integer width macros from TS 18661-1:2014
-
-glibc 2.25+ has now defined these macros in <limits.h>
-https://sourceware.org/git/?p=glibc.git;a=commit;h=5b17fd0da62bf923cb61d1bb7b08cf2e1f1f9c1a
-
-Create an alias for FC_CHAR_WIDTH for ABI compatibility
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-diff --git a/fontconfig/fontconfig.h b/fontconfig/fontconfig.h
-index 5c72b22..070a557 100644
---- a/fontconfig/fontconfig.h
-+++ b/fontconfig/fontconfig.h
-@@ -128,7 +128,8 @@ typedef int		FcBool;
- #define FC_USER_CACHE_FILE	    ".fonts.cache-" FC_CACHE_VERSION
- 
- /* Adjust outline rasterizer */
--#define FC_CHAR_WIDTH	    "charwidth"	/* Int */
-+#define FC_CHARWIDTH	    "charwidth"	/* Int */
-+#define FC_CHAR_WIDTH	    FC_CHARWIDTH
- #define FC_CHAR_HEIGHT	    "charheight"/* Int */
- #define FC_MATRIX	    "matrix"    /* FcMatrix */
- 
-diff --git a/src/fcobjs.h b/src/fcobjs.h
-index 1fc4f65..d27864b 100644
---- a/src/fcobjs.h
-+++ b/src/fcobjs.h
-@@ -51,7 +51,7 @@ FC_OBJECT (DPI,			FcTypeDouble,	NULL)
- FC_OBJECT (RGBA,		FcTypeInteger,	NULL)
- FC_OBJECT (SCALE,		FcTypeDouble,	NULL)
- FC_OBJECT (MINSPACE,		FcTypeBool,	NULL)
--FC_OBJECT (CHAR_WIDTH,		FcTypeInteger,	NULL)
-+FC_OBJECT (CHARWIDTH,		FcTypeInteger,	NULL)
- FC_OBJECT (CHAR_HEIGHT,		FcTypeInteger,	NULL)
- FC_OBJECT (MATRIX,		FcTypeMatrix,	NULL)
- FC_OBJECT (CHARSET,		FcTypeCharSet,	FcCompareCharSet)
--- 
-cgit v0.10.2
-
-From 20cddc824c6501c2082cac41b162c34cd5fcc530 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem at gmail.com>
-Date: Sun, 11 Dec 2016 14:32:00 -0800
-Subject: [PATCH] Avoid conflicts with integer width macros from TS
- 18661-1:2014
-
-glibc 2.25+ has now defined these macros in <limits.h>
-https://sourceware.org/git/?p=glibc.git;a=commit;h=5b17fd0da62bf923cb61d1bb7b08cf2e1f1f9c1a
-
-Signed-off-by: Khem Raj <raj.khem at gmail.com>
----
-Upstream-Status: Submitted
-
- fontconfig/fontconfig.h | 2 +-
- src/fcobjs.h            | 2 +-
- src/fcobjshash.gperf    | 2 +-
- src/fcobjshash.h        | 2 +-
- 4 files changed, 4 insertions(+), 4 deletions(-)
-
-Index: fontconfig-2.12.1/src/fcobjshash.h
-===================================================================
---- fontconfig-2.12.1.orig/src/fcobjshash.h
-+++ fontconfig-2.12.1/src/fcobjshash.h
-@@ -284,7 +284,7 @@ FcObjectTypeLookup (register const char
-       {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str43,FC_CHARSET_OBJECT},
-       {-1},
- #line 47 "fcobjshash.gperf"
--      {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str45,FC_CHAR_WIDTH_OBJECT},
-+      {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str45,FC_CHARWIDTH_OBJECT},
- #line 48 "fcobjshash.gperf"
-       {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str46,FC_CHAR_HEIGHT_OBJECT},
- #line 55 "fcobjshash.gperf"
diff --git a/gnu/packages/patches/fontconfig-path-max.patch b/gnu/packages/patches/fontconfig-path-max.patch
deleted file mode 100644
index e12f60ef00..0000000000
--- a/gnu/packages/patches/fontconfig-path-max.patch
+++ /dev/null
@@ -1,124 +0,0 @@
-This patch fix the build on GNU/Hurd, due to PATH_MAX isn't defined.
-
-The patch was adapted from upstream source repository:
-'<https://cgit.freedesktop.org/fontconfig/commit/?id=abdb6d658e1a16410dd1c964e365a3ebd5039e7c>'
-Commit: abdb6d658e1a16410dd1c964e365a3ebd5039e7c
-
----
- src/fcdefault.c | 34 +++++++++++++++++++++++++++-------
- src/fcint.h     |  6 ++++++
- src/fcstat.c    | 12 +++++++++++-
- 3 files changed, 44 insertions(+), 8 deletions(-)
-
-diff --git a/src/fcdefault.c b/src/fcdefault.c
-index 6647a8f..5afd7ec 100644
---- a/src/fcdefault.c
-+++ b/src/fcdefault.c
-@@ -148,17 +148,34 @@ retry:
- 	    prgname = FcStrdup ("");
- #else
- # if defined (HAVE_GETEXECNAME)
--	const char *p = getexecname ();
-+	char *p = FcStrdup(getexecname ());
- # elif defined (HAVE_READLINK)
--	char buf[PATH_MAX + 1];
--	int len;
-+	size_t size = FC_PATH_MAX;
- 	char *p = NULL;
- 
--	len = readlink ("/proc/self/exe", buf, sizeof (buf) - 1);
--	if (len != -1)
-+	while (1)
- 	{
--	    buf[len] = '\0';
--	    p = buf;
-+	    char *buf = malloc (size);
-+	    ssize_t len;
-+
-+	    if (!buf)
-+		break;
-+
-+	    len = readlink ("/proc/self/exe", buf, size - 1);
-+	    if (len < 0)
-+	    {
-+		free (buf);
-+		break;
-+	    }
-+	    if (len < size - 1)
-+	    {
-+		buf[len] = 0;
-+		p = buf;
-+		break;
-+	    }
-+
-+	    free (buf);
-+	    size *= 2;
- 	}
- # else
- 	char *p = NULL;
-@@ -176,6 +193,9 @@ retry:
- 
- 	if (!prgname)
- 	    prgname = FcStrdup ("");
-+
-+	if (p)
-+	    free (p);
- #endif
- 
- 	if (!fc_atomic_ptr_cmpexch (&default_prgname, NULL, prgname)) {
-diff --git a/src/fcint.h b/src/fcint.h
-index ac911ad..dad34c5 100644
---- a/src/fcint.h
-+++ b/src/fcint.h
-@@ -70,6 +70,12 @@ extern pfnSHGetFolderPathA pSHGetFolderPathA;
- #  define FC_DIR_SEPARATOR_S       "/"
- #endif
- 
-+#ifdef PATH_MAX
-+#define FC_PATH_MAX	PATH_MAX
-+#else
-+#define FC_PATH_MAX	128
-+#endif
-+
- #if __GNUC__ >= 4
- #define FC_UNUSED	__attribute__((unused))
- #else
-diff --git a/src/fcstat.c b/src/fcstat.c
-index 1734fa4..f6e1aaa 100644
---- a/src/fcstat.c
-+++ b/src/fcstat.c
-@@ -278,8 +278,13 @@ FcDirChecksum (const FcChar8 *dir, time_t *checksum)
- 	{
- #endif
- 	struct stat statb;
--	char f[PATH_MAX + 1];
-+	char *f = malloc (len + 1 + dlen + 1);
- 
-+	if (!f)
-+	{
-+	    ret = -1;
-+	    goto bail;
-+	}
- 	memcpy (f, dir, len);
- 	f[len] = FC_DIR_SEPARATOR;
- 	memcpy (&f[len + 1], files[n]->d_name, dlen);
-@@ -287,11 +292,16 @@ FcDirChecksum (const FcChar8 *dir, time_t *checksum)
- 	if (lstat (f, &statb) < 0)
- 	{
- 	    ret = -1;
-+	    free (f);
- 	    goto bail;
- 	}
- 	if (S_ISDIR (statb.st_mode))
-+	{
-+	    free (f);
- 	    goto bail;
-+	}
- 
-+	free (f);
- 	dtype = statb.st_mode;
- #ifdef HAVE_STRUCT_DIRENT_D_TYPE
- 	}
--- 
-2.11.0
-
diff --git a/gnu/packages/patches/freetype-CVE-2017-8105.patch b/gnu/packages/patches/freetype-CVE-2017-8105.patch
deleted file mode 100644
index 1891c4ab5f..0000000000
--- a/gnu/packages/patches/freetype-CVE-2017-8105.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-Fix CVE-2017-8105:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105
-https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
-
-Patch copied from upstream source repository:
-
-https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791
-
-From f958c48ee431bef8d4d466b40c9cb2d4dbcb7791 Mon Sep 17 00:00:00 2001
-From: Werner Lemberg <wl@gnu.org>
-Date: Fri, 24 Mar 2017 09:15:10 +0100
-Subject: [PATCH] [psaux] Better protect `flex' handling.
-
-Reported as
-
-  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
-
-* src/psaux/t1decode.c (t1_decoder_parse_charstrings)
-<callothersubr>: Since there is not a single flex operator but a
-series of subroutine calls, malformed fonts can call arbitrary other
-operators after the start of a flex, possibly adding points.  For
-this reason we have to check the available number of points before
-inserting a point.
----
- ChangeLog            | 15 +++++++++++++++
- src/psaux/t1decode.c |  9 +++++++++
- 2 files changed, 24 insertions(+)
-
-diff --git a/src/psaux/t1decode.c b/src/psaux/t1decode.c
-index af7b465e..7dd45135 100644
---- a/src/psaux/t1decode.c
-+++ b/src/psaux/t1decode.c
-@@ -780,10 +780,19 @@
-             /* point without adding any point to the outline    */
-             idx = decoder->num_flex_vectors++;
-             if ( idx > 0 && idx < 7 )
-+            {
-+              /* in malformed fonts it is possible to have other */
-+              /* opcodes in the middle of a flex (which don't    */
-+              /* increase `num_flex_vectors'); we thus have to   */
-+              /* check whether we can add a point                */
-+              if ( FT_SET_ERROR( t1_builder_check_points( builder, 1 ) ) )
-+                goto Syntax_Error;
-+
-               t1_builder_add_point( builder,
-                                     x,
-                                     y,
-                                     (FT_Byte)( idx == 3 || idx == 6 ) );
-+            }
-           }
-           break;
- 
--- 
-2.12.2
-
diff --git a/gnu/packages/patches/freetype-CVE-2017-8287.patch b/gnu/packages/patches/freetype-CVE-2017-8287.patch
deleted file mode 100644
index d1145a87ee..0000000000
--- a/gnu/packages/patches/freetype-CVE-2017-8287.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-Fix CVE-2017-8287:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287
-https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941
-
-Patch copied from upstream source repository:
-https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0
-
-From 3774fc08b502c3e685afca098b6e8a195aded6a0 Mon Sep 17 00:00:00 2001
-From: Werner Lemberg <wl@gnu.org>
-Date: Sun, 26 Mar 2017 08:32:09 +0200
-Subject: [PATCH] * src/psaux/psobjs.c (t1_builder_close_contour): Add safety
- guard.
-
-Reported as
-
-  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941
----
- ChangeLog          | 8 ++++++++
- src/psaux/psobjs.c | 8 ++++++++
- 2 files changed, 16 insertions(+)
-
-diff --git a/src/psaux/psobjs.c b/src/psaux/psobjs.c
-index d18e821a..0baf8368 100644
---- a/src/psaux/psobjs.c
-+++ b/src/psaux/psobjs.c
-@@ -1718,6 +1718,14 @@
-     first = outline->n_contours <= 1
-             ? 0 : outline->contours[outline->n_contours - 2] + 1;
- 
-+    /* in malformed fonts it can happen that a contour was started */
-+    /* but no points were added                                    */
-+    if ( outline->n_contours && first == outline->n_points )
-+    {
-+      outline->n_contours--;
-+      return;
-+    }
-+
-     /* We must not include the last point in the path if it */
-     /* is located on the first point.                       */
-     if ( outline->n_points > 1 )
--- 
-2.12.2
-
diff --git a/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch b/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch
new file mode 100644
index 0000000000..74b10c4a44
--- /dev/null
+++ b/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch
@@ -0,0 +1,20 @@
+Add missing include that triggers a build failure on PowerPC:
+
+  ../../../../gcc-5.4.0/libsanitizer/asan/asan_linux.cc: In function ‘bool __asan::AsanInterceptsSignal(int)’:
+  ../../../../gcc-5.4.0/libsanitizer/asan/asan_linux.cc:222:20: error: ‘SIGSEGV’ was not declared in this scope
+     return signum == SIGSEGV && common_flags()->handle_segv;
+		      ^
+From <https://patchwork.ozlabs.org/patch/725596/>.
+
+diff --git a/libsanitizer/asan/asan_linux.cc b/libsanitizer/asan/asan_linux.cc
+index c504168..59087b9 100644
+--- a/libsanitizer/asan/asan_linux.cc
++++ b/libsanitizer/asan/asan_linux.cc
+@@ -29,6 +29,7 @@
+ #include <dlfcn.h>
+ #include <fcntl.h>
+ #include <pthread.h>
++#include <signal.h>
+ #include <stdio.h>
+ #include <unistd.h>
+ #include <unwind.h>
diff --git a/gnu/packages/patches/gettext-gnulib-multi-core.patch b/gnu/packages/patches/gettext-gnulib-multi-core.patch
new file mode 100644
index 0000000000..5ccdbe4ca1
--- /dev/null
+++ b/gnu/packages/patches/gettext-gnulib-multi-core.patch
@@ -0,0 +1,178 @@
+This patch fixes performance problems on multi-core machines
+as reported at <https://bugs.gnu.org/26441>.
+
+See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib
+by Bruno Haible <bruno@clisp.org>.
+
+diff --git a/gettext-tools/gnulib-tests/test-lock.c b/gettext-tools/gnulib-tests/test-lock.c
+index cb734b4e6..aa6de2739 100644
+--- a/gettext-tools/gnulib-tests/test-lock.c
++++ b/gettext-tools/gnulib-tests/test-lock.c
+@@ -50,6 +50,13 @@
+    Uncomment this to see if the operating system has a fair scheduler.  */
+ #define EXPLICIT_YIELD 1
+ 
++/* Whether to use 'volatile' on some variables that communicate information
++   between threads.  If set to 0, a lock is used to protect these variables.
++   If set to 1, 'volatile' is used; this is theoretically equivalent but can
++   lead to much slower execution (e.g. 30x slower total run time on a 40-core
++   machine.  */
++#define USE_VOLATILE 0
++
+ /* Whether to print debugging messages.  */
+ #define ENABLE_DEBUGGING 0
+ 
+@@ -103,6 +110,51 @@
+ # define yield()
+ #endif
+ 
++#if USE_VOLATILE
++struct atomic_int {
++  volatile int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  return ai->value;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  ai->value = new_value;
++}
++#else
++struct atomic_int {
++  gl_lock_define (, lock)
++  int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++  gl_lock_init (ai->lock);
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  gl_lock_lock (ai->lock);
++  int ret = ai->value;
++  gl_lock_unlock (ai->lock);
++  return ret;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  gl_lock_lock (ai->lock);
++  ai->value = new_value;
++  gl_lock_unlock (ai->lock);
++}
++#endif
++
+ #define ACCOUNT_COUNT 4
+ 
+ static int account[ACCOUNT_COUNT];
+@@ -170,12 +222,12 @@ lock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int lock_checker_done;
++static struct atomic_int lock_checker_done;
+ 
+ static void *
+ lock_checker_thread (void *arg)
+ {
+-  while (!lock_checker_done)
++  while (get_atomic_int_value (&lock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_lock_lock (my_lock);
+@@ -200,7 +252,8 @@ test_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  lock_checker_done = 0;
++  init_atomic_int (&lock_checker_done);
++  set_atomic_int_value (&lock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (lock_checker_thread, NULL);
+@@ -210,7 +263,7 @@ test_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  lock_checker_done = 1;
++  set_atomic_int_value (&lock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
+@@ -254,12 +307,12 @@ rwlock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int rwlock_checker_done;
++static struct atomic_int rwlock_checker_done;
+ 
+ static void *
+ rwlock_checker_thread (void *arg)
+ {
+-  while (!rwlock_checker_done)
++  while (get_atomic_int_value (&rwlock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ());
+       gl_rwlock_rdlock (my_rwlock);
+@@ -284,7 +337,8 @@ test_rwlock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  rwlock_checker_done = 0;
++  init_atomic_int (&rwlock_checker_done);
++  set_atomic_int_value (&rwlock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+@@ -295,7 +349,7 @@ test_rwlock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  rwlock_checker_done = 1;
++  set_atomic_int_value (&rwlock_checker_done, 1);
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (checkerthreads[i], NULL);
+   check_accounts ();
+@@ -356,12 +410,12 @@ reclock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int reclock_checker_done;
++static struct atomic_int reclock_checker_done;
+ 
+ static void *
+ reclock_checker_thread (void *arg)
+ {
+-  while (!reclock_checker_done)
++  while (get_atomic_int_value (&reclock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_recursive_lock_lock (my_reclock);
+@@ -386,7 +440,8 @@ test_recursive_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  reclock_checker_done = 0;
++  init_atomic_int (&reclock_checker_done);
++  set_atomic_int_value (&reclock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (reclock_checker_thread, NULL);
+@@ -396,7 +451,7 @@ test_recursive_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  reclock_checker_done = 1;
++  set_atomic_int_value (&reclock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
diff --git a/gnu/packages/patches/gettext-multi-core.patch b/gnu/packages/patches/gettext-multi-core.patch
new file mode 100644
index 0000000000..31a378cfd0
--- /dev/null
+++ b/gnu/packages/patches/gettext-multi-core.patch
@@ -0,0 +1,185 @@
+This patch fixes performance problems on multi-core machines
+as reported at <https://bugs.gnu.org/26441>.
+
+See commit 1afbcb06fded2a427b761dd1615b1e48e1e853cc in Gettext
+by Bruno Haible <bruno@clisp.org>.
+
+diff --git a/gettext-runtime/tests/test-lock.c b/gettext-runtime/tests/test-lock.c
+index d279d1d60..51cec3d6b 100644
+--- a/gettext-runtime/tests/test-lock.c
++++ b/gettext-runtime/tests/test-lock.c
+@@ -1,5 +1,5 @@
+ /* Test of locking in multithreaded situations.
+-   Copyright (C) 2005, 2008-2016 Free Software Foundation, Inc.
++   Copyright (C) 2005, 2008-2017 Free Software Foundation, Inc.
+ 
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Lesser General Public License as published by
+@@ -50,6 +50,13 @@
+    Uncomment this to see if the operating system has a fair scheduler.  */
+ #define EXPLICIT_YIELD 1
+ 
++/* Whether to use 'volatile' on some variables that communicate information
++   between threads.  If set to 0, a lock is used to protect these variables.
++   If set to 1, 'volatile' is used; this is theoretically equivalent but can
++   lead to much slower execution (e.g. 30x slower total run time on a 40-core
++   machine.  */
++#define USE_VOLATILE 0
++
+ /* Whether to print debugging messages.  */
+ #define ENABLE_DEBUGGING 0
+ 
+@@ -214,6 +221,51 @@ static inline void * gl_thread_self_pointer (void)
+ # define yield()
+ #endif
+ 
++#if USE_VOLATILE
++struct atomic_int {
++  volatile int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  return ai->value;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  ai->value = new_value;
++}
++#else
++struct atomic_int {
++  gl_lock_define (, lock)
++  int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++  gl_lock_init (ai->lock);
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  gl_lock_lock (ai->lock);
++  int ret = ai->value;
++  gl_lock_unlock (ai->lock);
++  return ret;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  gl_lock_lock (ai->lock);
++  ai->value = new_value;
++  gl_lock_unlock (ai->lock);
++}
++#endif
++
+ #define ACCOUNT_COUNT 4
+ 
+ static int account[ACCOUNT_COUNT];
+@@ -281,12 +333,12 @@ lock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int lock_checker_done;
++static struct atomic_int lock_checker_done;
+ 
+ static void *
+ lock_checker_thread (void *arg)
+ {
+-  while (!lock_checker_done)
++  while (get_atomic_int_value (&lock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_lock_lock (my_lock);
+@@ -311,7 +363,8 @@ test_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  lock_checker_done = 0;
++  init_atomic_int (&lock_checker_done);
++  set_atomic_int_value (&lock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (lock_checker_thread, NULL);
+@@ -321,7 +374,7 @@ test_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  lock_checker_done = 1;
++  set_atomic_int_value (&lock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
+@@ -365,12 +418,12 @@ rwlock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int rwlock_checker_done;
++static struct atomic_int rwlock_checker_done;
+ 
+ static void *
+ rwlock_checker_thread (void *arg)
+ {
+-  while (!rwlock_checker_done)
++  while (get_atomic_int_value (&rwlock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ());
+       gl_rwlock_rdlock (my_rwlock);
+@@ -395,7 +448,8 @@ test_rwlock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  rwlock_checker_done = 0;
++  init_atomic_int (&rwlock_checker_done);
++  set_atomic_int_value (&rwlock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+@@ -406,7 +460,7 @@ test_rwlock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  rwlock_checker_done = 1;
++  set_atomic_int_value (&rwlock_checker_done, 1);
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (checkerthreads[i], NULL);
+   check_accounts ();
+@@ -467,12 +521,12 @@ reclock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int reclock_checker_done;
++static struct atomic_int reclock_checker_done;
+ 
+ static void *
+ reclock_checker_thread (void *arg)
+ {
+-  while (!reclock_checker_done)
++  while (get_atomic_int_value (&reclock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_recursive_lock_lock (my_reclock);
+@@ -497,7 +551,8 @@ test_recursive_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  reclock_checker_done = 0;
++  init_atomic_int (&reclock_checker_done);
++  set_atomic_int_value (&reclock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (reclock_checker_thread, NULL);
+@@ -507,7 +562,7 @@ test_recursive_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  reclock_checker_done = 1;
++  set_atomic_int_value (&reclock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
diff --git a/gnu/packages/patches/ghostscript-CVE-2013-5653.patch b/gnu/packages/patches/ghostscript-CVE-2013-5653.patch
deleted file mode 100644
index 622266b176..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2013-5653.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-The following patch was adapted for GNU Ghostscript
-by Mark H Weaver <mhw@netris.org> based on:
-
-http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8
-
-From ab109aaeb3ddba59518b036fb288402a65cf7ce8 Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Sat, 5 Mar 2016 14:56:03 -0800
-Subject: [PATCH] Bug 694724: Have filenameforall and getenv honor SAFER
-
----
- Resource/Init/gs_init.ps |  2 ++
- psi/zfile.c              | 36 ++++++++++++++++++++----------------
- 2 files changed, 22 insertions(+), 16 deletions(-)
-
-diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
-index fa33d88..99888ac 100644
---- a/Resource/Init/gs_init.ps
-+++ b/Resource/Init/gs_init.ps
-@@ -2018,6 +2018,7 @@ readonly def
- 
- /.locksafe {
-   .locksafe_userparams
-+  systemdict /getenv {pop //false} put
-   % setpagedevice has the side effect of clearing the page, but
-   % we will just document that. Using setpagedevice keeps the device
-   % properties and pagedevice .LockSafetyParams in agreement even
-@@ -2036,6 +2037,7 @@ readonly def
- %%
- /.locksafeglobal {
-   .locksafe_userparams
-+  systemdict /getenv {pop //false} put
-   % setpagedevice has the side effect of clearing the page, but
-   % we will just document that. Using setpagedevice keeps the device
-   % properties and pagedevice .LockSafetyParams in agreement even
-diff --git a/psi/zfile.c b/psi/zfile.c
-index 320ecd5..0b9f299 100644
---- a/psi/zfile.c
-+++ b/psi/zfile.c
-@@ -371,22 +371,26 @@ file_continue(i_ctx_t *i_ctx_p)
- 
-     if (len < devlen)
-         return_error(e_rangecheck);     /* not even room for device len */
--    memcpy((char *)pscratch->value.bytes, iodev->dname, devlen);
--    code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen,
--                len - devlen);
--    if (code == ~(uint) 0) {    /* all done */
--        esp -= 5;               /* pop proc, pfen, devlen, iodev , mark */
--        return o_pop_estack;
--    } else if (code > len)      /* overran string */
--        return_error(e_rangecheck);
--    else {
--        push(1);
--        ref_assign(op, pscratch);
--        r_set_size(op, code + devlen);
--        push_op_estack(file_continue);  /* come again */
--        *++esp = pscratch[2];   /* proc */
--        return o_push_estack;
--    }
-+
-+    do {
-+        memcpy((char *)pscratch->value.bytes, iodev->dname, devlen);
-+        code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen,
-+                    len - devlen);
-+        if (code == ~(uint) 0) {    /* all done */
-+            esp -= 5;               /* pop proc, pfen, devlen, iodev , mark */
-+            return o_pop_estack;
-+        } else if (code > len)      /* overran string */
-+            return_error(e_rangecheck);
-+        else if (iodev != iodev_default(imemory)
-+              || (check_file_permissions_reduced(i_ctx_p, (char *)pscratch->value.bytes, code + devlen, "PermitFileReading")) == 0) {
-+            push(1);
-+            ref_assign(op, pscratch);
-+            r_set_size(op, code + devlen);
-+            push_op_estack(file_continue);  /* come again */
-+            *++esp = pscratch[2];   /* proc */
-+            return o_push_estack;
-+        }
-+    } while(1);
- }
- /* Cleanup procedure for enumerating files */
- static int
--- 
-2.9.1
-
diff --git a/gnu/packages/patches/ghostscript-CVE-2015-3228.patch b/gnu/packages/patches/ghostscript-CVE-2015-3228.patch
deleted file mode 100644
index c19fdb1d43..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2015-3228.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-The file names in the upstream patch below were modified to apply to GNU
-ghostscript.
-
-From 0c0b0859ae1aba64861599f0e7f74f143f305932 Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Tue, 7 Jul 2015 16:57:41 +0100
-Subject: [PATCH] Bug 696041: sanity check for memory allocation.
-
-In gs_heap_alloc_bytes(), add a sanity check to ensure we don't overflow the
-variable holding the actual number of bytes we allocate.
-
-No cluster differences
----
- gs/base/gsmalloc.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/base/gsmalloc.c b/base/gsmalloc.c
-index 624552d..cad79c2 100644
---- a/base/gsmalloc.c
-+++ b/base/gsmalloc.c
-@@ -178,7 +178,7 @@ gs_heap_alloc_bytes(gs_memory_t * mem, uint size, client_name_t cname)
-     } else {
-         uint added = size + sizeof(gs_malloc_block_t);
- 
--        if (mmem->limit - added < mmem->used)
-+        if (added <= size || mmem->limit - added < mmem->used)
-             set_msg("exceeded limit");
-         else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0)
-             set_msg("failed");
--- 
-2.4.6
-
diff --git a/gnu/packages/patches/ghostscript-CVE-2016-7976.patch b/gnu/packages/patches/ghostscript-CVE-2016-7976.patch
deleted file mode 100644
index 0a09f89016..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2016-7976.patch
+++ /dev/null
@@ -1,185 +0,0 @@
-The following patch was adapted for GNU Ghostscript
-by Mark H Weaver <mhw@netris.org> based on:
-
-http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d
-
-From 6d444c273da5499a4cd72f21cb6d4c9a5256807d Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Wed, 5 Oct 2016 09:55:55 +0100
-Subject: [PATCH] Bug 697178: Add a file permissions callback
-
-For the rare occasions when the graphics library directly opens a file
-(currently for reading), this allows us to apply any restrictions on
-file access normally applied in the interpteter.
----
- base/gsicc_manage.c | 10 ++++++----
- base/gslibctx.c     | 12 +++++++++++-
- base/gslibctx.h     |  7 +++++++
- psi/imain.c         |  2 ++
- psi/int.mak         |  2 +-
- psi/zfile.c         | 19 +++++++++++++++++++
- psi/zfile.h         |  7 +++++++
- 7 files changed, 53 insertions(+), 6 deletions(-)
-
-diff --git a/base/gsicc_manage.c b/base/gsicc_manage.c
-index 931c2a6..e9c09c3 100644
---- a/base/gsicc_manage.c
-+++ b/base/gsicc_manage.c
-@@ -1028,10 +1028,12 @@ gsicc_open_search(const char* pname, int namelen, gs_memory_t *mem_gc,
-     }
- 
-     /* First just try it like it is */
--    str = sfopen(pname, "rb", mem_gc);
--    if (str != NULL) {
--        *strp = str;
--        return 0;
-+    if (gs_check_file_permission(mem_gc, pname, namelen, "r") >= 0) {
-+        str = sfopen(pname, "rb", mem_gc);
-+        if (str != NULL) {
-+            *strp = str;
-+            return 0;
-+        }
-     }
- 
-     /* If that fails, try %rom% */ /* FIXME: Not sure this is needed or correct */
-diff --git a/base/gslibctx.c b/base/gslibctx.c
-index eaa0458..37ce1ca 100644
---- a/base/gslibctx.c
-+++ b/base/gslibctx.c
-@@ -121,7 +121,7 @@ int gs_lib_ctx_init( gs_memory_t *mem )
-         mem->gs_lib_ctx = NULL;
-         return -1;
-     }
-- 
-+    pio->client_check_file_permission = NULL;
-     gp_get_realtime(pio->real_time_0);
- 
-     return 0;
-@@ -262,3 +262,13 @@ void errflush(const gs_memory_t *mem)
-         fflush(mem->gs_lib_ctx->fstderr);
-     /* else nothing to flush */
- }
-+
-+int
-+gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission)
-+{
-+    int code = 0;
-+    if (mem->gs_lib_ctx->client_check_file_permission != NULL) {
-+        code = mem->gs_lib_ctx->client_check_file_permission(mem, fname, len, permission);
-+    }
-+    return code;
-+}
-diff --git a/base/gslibctx.h b/base/gslibctx.h
-index 7a4e110..020e2d9 100644
---- a/base/gslibctx.h
-+++ b/base/gslibctx.h
-@@ -32,6 +32,9 @@ typedef struct gs_fapi_server_s gs_fapi_server;
- #  define gs_font_dir_DEFINED
- typedef struct gs_font_dir_s gs_font_dir;
- #endif
-+
-+typedef int (*client_check_file_permission_t) (gs_memory_t *mem, const char *fname, const int len, const char *permission);
-+
- typedef struct gs_lib_ctx_s
- {
-     gs_memory_t *memory;  /* mem->gs_lib_ctx->memory == mem */
-@@ -59,6 +62,7 @@ typedef struct gs_lib_ctx_s
-     bool dict_auto_expand;  /* ps dictionary: false level 1 true level 2 or 3 */
-     /* A table of local copies of the IODevices */
-     struct gx_io_device_s **io_device_table;
-+    client_check_file_permission_t client_check_file_permission;
-     /* Define the default value of AccurateScreens that affects setscreen
-        and setcolorscreen. */
-     bool screen_accurate_screens;
-@@ -108,6 +112,9 @@ int
- void gs_lib_ctx_set_icc_directory(const gs_memory_t *mem_gc, const char* pname,
-                         int dir_namelen);
- 
-+int
-+gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission);
-+
- #define IS_LIBCTX_STDOUT(mem, f) (f == mem->gs_lib_ctx->fstdout)
- #define IS_LIBCTX_STDERR(mem, f) (f == mem->gs_lib_ctx->fstderr)
- 
-diff --git a/psi/imain.c b/psi/imain.c
-index 9a9bb5d..6874128 100644
---- a/psi/imain.c
-+++ b/psi/imain.c
-@@ -57,6 +57,7 @@
- #include "ivmspace.h"
- #include "idisp.h"              /* for setting display device callback */
- #include "iplugin.h"
-+#include "zfile.h"
- 
- #ifdef PACIFY_VALGRIND
- #include "valgrind.h"
-@@ -215,6 +216,7 @@ gs_main_init1(gs_main_instance * minst)
-                                            "the_gs_name_table");
-             if (code < 0)
-                 return code;
-+            mem->gs_lib_ctx->client_check_file_permission = z_check_file_permissions;
-         }
-         code = obj_init(&minst->i_ctx_p, &idmem);  /* requires name_init */
-         if (code < 0)
-diff --git a/psi/int.mak b/psi/int.mak
-index 4654afc..bb30d51 100644
---- a/psi/int.mak
-+++ b/psi/int.mak
-@@ -1868,7 +1868,7 @@ $(PSOBJ)imain.$(OBJ) : $(PSSRC)imain.c $(GH) $(memory__h) $(string__h)\
-  $(ialloc_h) $(iconf_h) $(idebug_h) $(idict_h) $(idisp_h) $(iinit_h)\
-  $(iname_h) $(interp_h) $(iplugin_h) $(isave_h) $(iscan_h) $(ivmspace_h)\
-  $(iinit_h) $(main_h) $(oper_h) $(ostack_h)\
-- $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h)
-+ $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h) $(zfile_h)
- 	$(PSCC) $(PSO_)imain.$(OBJ) $(C_) $(PSSRC)imain.c
- 
- #****** $(CCINT) interp.c
-diff --git a/psi/zfile.c b/psi/zfile.c
-index 2c6c958..2f27f82 100644
---- a/psi/zfile.c
-+++ b/psi/zfile.c
-@@ -197,6 +197,25 @@ check_file_permissions(i_ctx_t *i_ctx_p, const char *fname, int len,
-     return check_file_permissions_reduced(i_ctx_p, fname_reduced, rlen, permitgroup);
- }
- 
-+/* z_check_file_permissions: see zfile.h for explanation
-+ */
-+int
-+z_check_file_permissions(gs_memory_t *mem, const char *fname, const int len, const char *permission)
-+{
-+    i_ctx_t *i_ctx_p = get_minst_from_memory(mem)->i_ctx_p;
-+    gs_parsed_file_name_t pname;
-+    const char *permitgroup = permission[0] == 'r' ? "PermitFileReading" : "PermitFileWriting";
-+    int code = gs_parse_file_name(&pname, fname, len, imemory);
-+    if (code < 0)
-+        return code;
-+
-+    if (pname.iodev && i_ctx_p->LockFilePermissions && strcmp(pname.iodev->dname, "%pipe%") == 0)
-+        return e_invalidfileaccess;
-+        
-+    code = check_file_permissions(i_ctx_p, fname, len, permitgroup);
-+    return code;
-+}
-+
- /* <name_string> <access_string> file <file> */
- int                             /* exported for zsysvm.c */
- zfile(i_ctx_t *i_ctx_p)
-diff --git a/psi/zfile.h b/psi/zfile.h
-index fdf1373..a9399c7 100644
---- a/psi/zfile.h
-+++ b/psi/zfile.h
-@@ -22,4 +22,11 @@
- int zopen_file(i_ctx_t *i_ctx_p, const gs_parsed_file_name_t *pfn,
-            const char *file_access, stream **ps, gs_memory_t *mem);
- 
-+/* z_check_file_permissions: a callback (via mem->gs_lib_ctx->client_check_file_permission)
-+ * to allow applying the above permissions checks when opening file(s) from
-+ * the graphics library
-+ */
-+int
-+z_check_file_permissions(gs_memory_t *mem, const char *fname,
-+                                 const int len, const char *permission);
- #endif
--- 
-2.9.1
-
diff --git a/gnu/packages/patches/ghostscript-CVE-2016-7978.patch b/gnu/packages/patches/ghostscript-CVE-2016-7978.patch
deleted file mode 100644
index 81cb26e9ed..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2016-7978.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 6f749c0c44e7b9e09737b9f29edf29925a34f0cf Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Wed, 5 Oct 2016 09:59:25 +0100
-Subject: [PATCH] Bug 697179: Reference count device icc profile
-
-when copying a device
----
- base/gsdevice.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/base/gsdevice.c b/base/gsdevice.c
-index 778106f..aea986a 100644
---- a/base/gsdevice.c
-+++ b/base/gsdevice.c
-@@ -614,6 +614,7 @@ gx_device_init(gx_device * dev, const gx_device * proto, gs_memory_t * mem,
-     dev->memory = mem;
-     dev->retained = !internal;
-     rc_init(dev, mem, (internal ? 0 : 1));
-+    rc_increment(dev->icc_struct);
- }
- 
- void
--- 
-2.9.1
-
diff --git a/gnu/packages/patches/ghostscript-CVE-2016-7979.patch b/gnu/packages/patches/ghostscript-CVE-2016-7979.patch
deleted file mode 100644
index a557adfdea..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2016-7979.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-The following patch was adapted for GNU Ghostscript
-by Mark H Weaver <mhw@netris.org> based on:
-
-http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=875a0095f37626a721c7ff57d606a0f95af03913
-
-From 875a0095f37626a721c7ff57d606a0f95af03913 Mon Sep 17 00:00:00 2001
-From: Ken Sharp <ken.sharp@artifex.com>
-Date: Wed, 5 Oct 2016 10:10:58 +0100
-Subject: [PATCH] DSC parser - validate parameters
-
-Bug #697190 ".initialize_dsc_parser doesn't validate the parameter is a dict type before using it."
-
-Regardless of any security implications, its simply wrong for a PostScript
-operator not to validate its parameter(s).
-
-No differences expected.
----
- psi/zdscpars.c | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/psi/zdscpars.c b/psi/zdscpars.c
-index c05e154..9b4b605 100644
---- a/psi/zdscpars.c
-+++ b/psi/zdscpars.c
-@@ -150,11 +150,16 @@ zinitialize_dsc_parser(i_ctx_t *i_ctx_p)
-     ref local_ref;
-     int code;
-     os_ptr const op = osp;
--    dict * const pdict = op->value.pdict;
--    gs_memory_t * const mem = (gs_memory_t *)dict_memory(pdict);
--    dsc_data_t * const data =
--        gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init");
-+    dict *pdict;
-+    gs_memory_t *mem;
-+    dsc_data_t *data;
- 
-+    check_read_type(*op, t_dictionary);
-+
-+    pdict = op->value.pdict;
-+    mem = (gs_memory_t *)dict_memory(pdict);
-+
-+    data = gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init");
-     if (!data)
-         return_error(e_VMerror);
-     data->document_level = 0;
--- 
-2.9.1
-
diff --git a/gnu/packages/patches/ghostscript-CVE-2016-8602.patch b/gnu/packages/patches/ghostscript-CVE-2016-8602.patch
deleted file mode 100644
index aaf20b6c6c..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2016-8602.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-The following patch was adapted for GNU Ghostscript
-by Mark H Weaver <mhw@netris.org> based on:
-
-http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78
-
-From f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Sat, 8 Oct 2016 16:10:27 +0100
-Subject: [PATCH] Bug 697203: check for sufficient params in .sethalftone5
-
-and param types
----
- psi/zht2.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/psi/zht2.c b/psi/zht2.c
-index fb4a264..dfa27a4 100644
---- a/psi/zht2.c
-+++ b/psi/zht2.c
-@@ -82,14 +82,22 @@ zsethalftone5(i_ctx_t *i_ctx_p)
-     gs_memory_t *mem;
-     uint edepth = ref_stack_count(&e_stack);
-     int npop = 2;
--    int dict_enum = dict_first(op);
-+    int dict_enum;
-     ref rvalue[2];
-     int cname, colorant_number;
-     byte * pname;
-     uint name_size;
-     int halftonetype, type = 0;
-     gs_state *pgs = igs;
--    int space_index = r_space_index(op - 1);
-+    int space_index;
-+
-+    if (ref_stack_count(&o_stack) < 2)
-+        return_error(e_stackunderflow);
-+    check_type(*op, t_dictionary);
-+    check_type(*(op - 1), t_dictionary);
-+
-+    dict_enum = dict_first(op);
-+    space_index = r_space_index(op - 1);
- 
-     mem = (gs_memory_t *) idmemory->spaces_indexed[space_index];
- 
--- 
-2.9.1
-
diff --git a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch
index db80b6ddec..d38bd593c0 100644
--- a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch
+++ b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch
@@ -1,15 +1,60 @@
 Fix CVE-2017-8291:
 
-https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8291
+https://bugs.ghostscript.com/show_bug.cgi?id=697799
+https://bugs.ghostscript.com/show_bug.cgi?id=697808 (duplicate)
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8291
 
-This patch is adapted from these two Artifex Ghostscript commits by Leo
-Famulari <leo@famulari.name>:
+Patches copied from upstream source repository:
 
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d;hp=4f83478c88c2e05d6e8d79ca4557eb039354d2f3
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3;hp=5603e8fc3e59c435318877efe627967ee6baebb8
+https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3
+https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d
+https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e
+https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad
+
+From 4f83478c88c2e05d6e8d79ca4557eb039354d2f3 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 27 Apr 2017 13:03:33 +0100
+Subject: [PATCH] Bug 697799: have .eqproc check its parameters
+
+The Ghostscript custom operator .eqproc was not check the number or type of
+the parameters it was given.
+---
+ psi/zmisc3.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/psi/zmisc3.c b/psi/zmisc3.c
+index 54b304246..37293ff4b 100644
+--- a/psi/zmisc3.c
++++ b/psi/zmisc3.c
+@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p)
+     ref2_t stack[MAX_DEPTH + 1];
+     ref2_t *top = stack;
+ 
++    if (ref_stack_count(&o_stack) < 2)
++        return_error(gs_error_stackunderflow);
++    if (!r_is_array(op - 1) || !r_is_array(op)) {
++        return_error(gs_error_typecheck);
++    }
++
+     make_array(&stack[0].proc1, 0, 1, op - 1);
+     make_array(&stack[0].proc2, 0, 1, op);
+     for (;;) {
+-- 
+2.13.0
+
+From 04b37bbce174eed24edec7ad5b920eb93db4d47d Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 27 Apr 2017 13:21:31 +0100
+Subject: [PATCH] Bug 697799: have .rsdparams check its parameters
+
+The Ghostscript internal operator .rsdparams wasn't checking the number or
+type of the operands it was being passed. Do so.
+---
+ psi/zfrsd.c | 22 +++++++++++++++-------
+ 1 file changed, 15 insertions(+), 7 deletions(-)
 
 diff --git a/psi/zfrsd.c b/psi/zfrsd.c
-index fb4bce9..2629afa 100644
+index 191107d8a..950588d69 100644
 --- a/psi/zfrsd.c
 +++ b/psi/zfrsd.c
 @@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p)
@@ -24,9 +69,9 @@ index fb4bce9..2629afa 100644
 +    int code = 0;
 +
 +    if (ref_stack_count(&o_stack) < 1)
-+        return_error(e_stackunderflow);
++        return_error(gs_error_stackunderflow);
 +    if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
-+        return_error(e_typecheck);
++        return_error(gs_error_typecheck);
 +    }
  
      make_empty_array(&empty_array, a_readonly);
@@ -35,15 +80,15 @@ index fb4bce9..2629afa 100644
 +        && dict_find_string(op, "Filter", &pFilter) > 0) {
          if (!r_is_array(pFilter)) {
              if (!r_has_type(pFilter, t_name))
-                 return_error(e_typecheck);
+                 return_error(gs_error_typecheck);
 @@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p)
-                 return_error(e_typecheck);
+                 return_error(gs_error_typecheck);
          }
      }
 -    code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
 +    if (r_has_type(op, t_dictionary))
 +        code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
-     if (code < 0 && code != e_rangecheck) /* out-of-range int is ok, use 0 */
+     if (code < 0 && code != gs_error_rangecheck) /* out-of-range int is ok, use 0 */
          return code;
 -    if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0
 -        )
@@ -54,20 +99,97 @@ index fb4bce9..2629afa 100644
      push(1);
      op[-1] = *pFilter;
      if (pDecodeParms)
+-- 
+2.13.0
+
+From 57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Wed, 3 May 2017 12:05:45 +0100
+Subject: [PATCH] Bug 697846: revision to commit 4f83478c88 (.eqproc)
+
+When using the "DELAYBIND" feature, it turns out that .eqproc can be called with
+parameters that are not both procedures. In this case, it turns out, the
+expectation is for the operator to return 'false', rather than throw an error.
+---
+ psi/zmisc3.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
 diff --git a/psi/zmisc3.c b/psi/zmisc3.c
-index 54b3042..0d357f1 100644
+index 37293ff4b..3f01d39a3 100644
 --- a/psi/zmisc3.c
 +++ b/psi/zmisc3.c
-@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p)
-     ref2_t stack[MAX_DEPTH + 1];
-     ref2_t *top = stack;
+@@ -38,6 +38,15 @@ zcliprestore(i_ctx_t *i_ctx_p)
+     return gs_cliprestore(igs);
+ }
  
-+    if (ref_stack_count(&o_stack) < 2)
-+        return_error(e_stackunderflow);
-+    if (!r_is_array(op - 1) || !r_is_array(op)) {
-+        return_error(e_typecheck);
-+    }
++static inline bool
++eqproc_check_type(ref *r)
++{
++    return r_has_type(r, t_array)
++           || r_has_type(r, t_mixedarray)
++           || r_has_type(r, t_shortarray)
++           || r_has_type(r, t_oparray);
++}
 +
+ /* <proc1> <proc2> .eqproc <bool> */
+ /*
+  * Test whether two procedures are equal to depth 10.
+@@ -58,8 +67,10 @@ zeqproc(i_ctx_t *i_ctx_p)
+ 
+     if (ref_stack_count(&o_stack) < 2)
+         return_error(gs_error_stackunderflow);
+-    if (!r_is_array(op - 1) || !r_is_array(op)) {
+-        return_error(gs_error_typecheck);
++    if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) {
++        make_false(op - 1);
++        pop(1);
++        return 0;
+     }
+ 
      make_array(&stack[0].proc1, 0, 1, op - 1);
-     make_array(&stack[0].proc2, 0, 1, op);
-     for (;;) {
+-- 
+2.13.0
+
+From ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 11 May 2017 14:07:48 +0100
+Subject: [PATCH] Bug 697892: fix check for op stack underflow.
+
+In the original fix, I used the wrong method to check for stack underflow, this
+is using the correct method.
+---
+ psi/zfrsd.c  | 3 +--
+ psi/zmisc3.c | 3 +--
+ 2 files changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/psi/zfrsd.c b/psi/zfrsd.c
+index 950588d69..9c035b96d 100644
+--- a/psi/zfrsd.c
++++ b/psi/zfrsd.c
+@@ -54,8 +54,7 @@ zrsdparams(i_ctx_t *i_ctx_p)
+     uint i;
+     int code = 0;
+ 
+-    if (ref_stack_count(&o_stack) < 1)
+-        return_error(gs_error_stackunderflow);
++    check_op(1);
+     if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
+         return_error(gs_error_typecheck);
+     }
+diff --git a/psi/zmisc3.c b/psi/zmisc3.c
+index 3f01d39a3..43803b55b 100644
+--- a/psi/zmisc3.c
++++ b/psi/zmisc3.c
+@@ -65,8 +65,7 @@ zeqproc(i_ctx_t *i_ctx_p)
+     ref2_t stack[MAX_DEPTH + 1];
+     ref2_t *top = stack;
+ 
+-    if (ref_stack_count(&o_stack) < 2)
+-        return_error(gs_error_stackunderflow);
++    check_op(2);
+     if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) {
+         make_false(op - 1);
+         pop(1);
+-- 
+2.13.0
+
diff --git a/gnu/packages/patches/ghostscript-no-header-creationdate.patch b/gnu/packages/patches/ghostscript-no-header-creationdate.patch
new file mode 100644
index 0000000000..92ddbdade0
--- /dev/null
+++ b/gnu/packages/patches/ghostscript-no-header-creationdate.patch
@@ -0,0 +1,22 @@
+This patch makes emission of /CreationDate and /ModDate headers optional.
+
+If the environment variable GS_GENERATE_UUIDS is set to "0" or "no", it will
+not write out the "/ID" field (if that's permissible).
+
+Upstream does not want to do this.
+
+See: https://bugs.ghostscript.com/show_bug.cgi?id=698208
+diff --git a/orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c b/bb/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c
+index 0fb067e..b342e2c 100644
+--- orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c
++++ gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c
+@@ -305,6 +305,9 @@ pdf_initialize_ids(gx_device_pdf * pdev)
+      * date and time, rather than (for example) %%CreationDate from the
+      * PostScript file.  We think this is wrong, but we do the same.
+      */
++    if (!getenv("GS_GENERATE_UUIDS") ||
++        (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 &&
++         strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))
+     {
+         struct tm tms;
+         time_t t;
diff --git a/gnu/packages/patches/ghostscript-no-header-id.patch b/gnu/packages/patches/ghostscript-no-header-id.patch
new file mode 100644
index 0000000000..19b71aadb5
--- /dev/null
+++ b/gnu/packages/patches/ghostscript-no-header-id.patch
@@ -0,0 +1,57 @@
+This patch makes the "/ID" field optional.
+
+If the environment variable GS_GENERATE_UUIDS is set to "0" or "no", it will
+not write out the "/ID" field (if that's permissible).
+
+Upstream does not want to do this.
+
+See: https://bugs.ghostscript.com/show_bug.cgi?id=698208
+diff -ur orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c
+--- orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c	2017-07-09 23:30:28.960479189 +0200
++++ gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c	2017-07-09 23:34:34.306524488 +0200
+@@ -1580,8 +1580,11 @@
+      * +1 for the linearisation dict and +1 for the primary hint stream.
+      */
+     linear_params->FirsttrailerOffset = gp_ftell_64(linear_params->Lin_File.file);
+-    gs_sprintf(LDict, "\ntrailer\n<</Size %ld/Info %d 0 R/Root %d 0 R/ID[%s%s]/Prev %d>>\nstartxref\r\n0\n%%%%EOF\n        \n",
+-        linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber, fileID, fileID, 0);
++    gs_sprintf(LDict, "\ntrailer\n<</Size %ld/Info %d 0 R/Root %d 0 R",
++        linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber);
++    if (pdev->OwnerPassword.size > 0 || !(!getenv("GS_GENERATE_UUIDS") || (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 && strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))) /* ID is mandatory when encrypting */
++        gs_sprintf(LDict, "/ID[%s%s]", fileID, fileID);
++    gs_sprintf(LDict, "/Prev %d>>\nstartxref\r\n0\n%%%%EOF\n        \n", 0);
+     fwrite(LDict, strlen(LDict), 1, linear_params->Lin_File.file);
+ 
+     /* Write document catalog (Part 4) */
+@@ -2102,8 +2105,11 @@
+      * in the missing values.
+      */
+     code = gp_fseek_64(linear_params->sfile, linear_params->FirsttrailerOffset, SEEK_SET);
+-    gs_sprintf(LDict, "\ntrailer\n<</Size %ld/Info %d 0 R/Root %d 0 R/ID[%s%s]/Prev %"PRId64">>\nstartxref\r\n0\n%%%%EOF\n",
+-        linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber, fileID, fileID, mainxref);
++    gs_sprintf(LDict, "\ntrailer\n<</Size %ld/Info %d 0 R/Root %d 0 R",
++        linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber);
++    if (pdev->OwnerPassword.size > 0 || !(!getenv("GS_GENERATE_UUIDS") || (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 || strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))) /* ID is mandatory when encrypting */
++        gs_sprintf(LDict, "/ID[%s%s]", fileID, fileID);
++    gs_sprintf(LDict, "/Prev %"PRId64">>\nstartxref\r\n0\n%%%%EOF\n", mainxref);
+     fwrite(LDict, strlen(LDict), 1, linear_params->sfile);
+ 
+     code = gp_fseek_64(linear_params->sfile, pdev->ResourceUsage[HintStreamObj].LinearisedOffset, SEEK_SET);
+@@ -2674,10 +2680,12 @@
+             stream_puts(s, "trailer\n");
+             pprintld3(s, "<< /Size %ld /Root %ld 0 R /Info %ld 0 R\n",
+                   pdev->next_id, Catalog_id, Info_id);
+-            stream_puts(s, "/ID [");
+-            psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0);
+-            psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0);
+-            stream_puts(s, "]\n");
++            if (pdev->OwnerPassword.size > 0 || !(!getenv("GS_GENERATE_UUIDS") || (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 || strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))) { /* ID is mandatory when encrypting */
++                stream_puts(s, "/ID [");
++                psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0);
++                psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0);
++                stream_puts(s, "]\n");
++            }
+             if (pdev->OwnerPassword.size > 0) {
+                 pprintld1(s, "/Encrypt %ld 0 R ", Encrypt_id);
+             }
+Nur in gnu-ghostscript-9.14.0/devices/vector: gdevpdf.c.orig.
diff --git a/gnu/packages/patches/ghostscript-no-header-uuid.patch b/gnu/packages/patches/ghostscript-no-header-uuid.patch
new file mode 100644
index 0000000000..473531220c
--- /dev/null
+++ b/gnu/packages/patches/ghostscript-no-header-uuid.patch
@@ -0,0 +1,50 @@
+This patch makes the UUIDs in the XMP header optional, depending on the
+setting of the environment variable GS_GENERATE_UUIDS.
+
+If the environment variable GS_GENERATE_UUIDS is set to "0" or "no", it will
+not write out the Document UUID field and also will write the Instance ID
+field value as "".
+
+Upstream does not want to do this.
+
+See: https://bugs.ghostscript.com/show_bug.cgi?id=698208
+diff -ur orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdfe.c aa/gnu-ghostscript-9.14.0/devices/vector/gdevpdfe.c
+--- orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdfe.c	2017-07-09 23:30:28.960479189 +0200
++++ gnu-ghostscript-9.14.0/devices/vector/gdevpdfe.c	2017-07-10 01:04:12.252478276 +0200
+@@ -617,7 +617,7 @@
+         return code;
+ 
+     /* PDF/A XMP reference recommends setting UUID to empty. If not empty must be a URI */
+-    if (pdev->PDFA != 0)
++    if (pdev->PDFA != 0 || (getenv("GS_GENERATE_UUIDS") && (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") == 0 || strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") == 0)))
+         instance_uuid[0] = 0x00;
+ 
+     cre_date_time_len = pdf_get_docinfo_item(pdev, "/CreationDate", cre_date_time, sizeof(cre_date_time));
+@@ -719,15 +719,18 @@
+             pdf_xml_tag_close(s, "rdf:Description");
+             pdf_xml_newline(s);
+ 
+-            pdf_xml_tag_open_beg(s, "rdf:Description");
+-            pdf_xml_attribute_name(s, "rdf:about");
+-            pdf_xml_attribute_value(s, instance_uuid);
+-            pdf_xml_attribute_name(s, "xmlns:xapMM");
+-            pdf_xml_attribute_value(s, "http://ns.adobe.com/xap/1.0/mm/");
+-            pdf_xml_attribute_name(s, "xapMM:DocumentID");
+-            pdf_xml_attribute_value(s, document_uuid);
+-            pdf_xml_tag_end_empty(s);
+-            pdf_xml_newline(s);
++            if (!getenv("GS_GENERATE_UUIDS") || (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 && strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))
++            {
++                pdf_xml_tag_open_beg(s, "rdf:Description");
++                pdf_xml_attribute_name(s, "rdf:about");
++                pdf_xml_attribute_value(s, instance_uuid);
++                pdf_xml_attribute_name(s, "xmlns:xapMM");
++                pdf_xml_attribute_value(s, "http://ns.adobe.com/xap/1.0/mm/");
++                pdf_xml_attribute_name(s, "xapMM:DocumentID");
++                pdf_xml_attribute_value(s, document_uuid);
++                pdf_xml_tag_end_empty(s);
++                pdf_xml_newline(s);
++            }
+ 
+             pdf_xml_tag_open_beg(s, "rdf:Description");
+             pdf_xml_attribute_name(s, "rdf:about");
diff --git a/gnu/packages/patches/ghostscript-runpath.patch b/gnu/packages/patches/ghostscript-runpath.patch
index c7dcfd4529..9f161e45b3 100644
--- a/gnu/packages/patches/ghostscript-runpath.patch
+++ b/gnu/packages/patches/ghostscript-runpath.patch
@@ -1,17 +1,18 @@
-This patch adds $(libdir) to the RUNPATH of 'gsc' and 'gsx'.
-
---- gnu-ghostscript-9.14.0/base/unix-dll.mak	2015-04-05 15:12:45.386957927 +0200
-+++ gnu-ghostscript-9.14.0/base/unix-dll.mak	2015-04-05 15:12:49.222982359 +0200
-@@ -91,11 +91,11 @@ $(GS_SO_MAJOR): $(GS_SO_MAJOR_MINOR)
+diff --git a/base/unix-dll.mak b/base/unix-dll.mak
+index 9d57a99..36ef1ff 100644
+--- a/base/unix-dll.mak
++++ b/base/unix-dll.mak
+@@ -171,11 +171,11 @@ gpdl-so-links-subtarget: $(GPDL_SO) $(UNIX_DLL_MAK) $(MAKEDIRS)
  # Build the small Ghostscript loaders, with Gtk+ and without
- $(GSSOC_XE): $(GS_SO) $(PSSRC)$(SOC_LOADER)
+ $(GSSOC_XE): gs-so-links-subtarget $(PSSRC)$(SOC_LOADER) $(UNIX_DLL_MAK) $(MAKEDIRS)
  	$(GLCC) -g -o $(GSSOC_XE) $(PSSRC)dxmainc.c \
 -	-L$(BINDIR) -l$(GS_SO_BASE)
 +	-L$(BINDIR) -l$(GS_SO_BASE) -Wl,-rpath=$(libdir)
  
- $(GSSOX_XE): $(GS_SO) $(PSSRC)$(SOC_LOADER)
+ $(GSSOX_XE): gs-so-links-subtarget $(PSSRC)$(SOC_LOADER) $(UNIX_DLL_MAK) $(MAKEDIRS)
  	$(GLCC) -g $(SOC_CFLAGS) -o $(GSSOX_XE) $(PSSRC)$(SOC_LOADER) \
 -	-L$(BINDIR) -l$(GS_SO_BASE) $(SOC_LIBS)
 +	-L$(BINDIR) -l$(GS_SO_BASE) $(SOC_LIBS) -Wl,-rpath=$(libdir)
  
- # ------------------------- Recursive make targets ------------------------- #
+ $(PCLSOC_XE): gpcl6-so-links-subtarget $(PLSRC)$(REALMAIN_SRC).c $(UNIX_DLL_MAK) $(MAKEDIRS)
+ 	$(GLCC) -g -o $(PCLSOC_XE) $(PLSRC)$(REALMAIN_SRC).c -L$(BINDIR) -l$(PCL_SO_BASE)
diff --git a/gnu/packages/patches/grep-gnulib-lock.patch b/gnu/packages/patches/grep-gnulib-lock.patch
new file mode 100644
index 0000000000..68c33f1031
--- /dev/null
+++ b/gnu/packages/patches/grep-gnulib-lock.patch
@@ -0,0 +1,32 @@
+This patch fix error on 'gnulib' library required to build
+'grep' package on GNU/Hurd.
+The patch was adapted from upstream source repository:
+'<http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=4084b3a1094372b960ce4a97634e08f4538c8bdd>'
+
+Commit: 4084b3a1094372b960ce4a97634e08f4538c8bdd
+
+diff --git a/lib/glthread/lock.c b/lib/glthread/lock.c
+index 061562b..afc86f4 100644
+--- a/lib/glthread/lock.c
++++ b/lib/glthread/lock.c
+@@ -30,7 +30,7 @@
+ 
+ /* ------------------------- gl_rwlock_t datatype ------------------------- */
+ 
+-# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (__GNU_LIBRARY__ > 1))
++# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (defined PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP && (__GNU_LIBRARY__ > 1)))
+ 
+ #  ifdef PTHREAD_RWLOCK_INITIALIZER
+ 
+diff --git a/lib/glthread/lock.h b/lib/glthread/lock.h
+index ec16d39..67932aa 100644
+--- a/lib/glthread/lock.h
++++ b/lib/glthread/lock.h
+@@ -179,7 +179,7 @@ typedef pthread_mutex_t gl_lock_t;
+ 
+ /* ------------------------- gl_rwlock_t datatype ------------------------- */
+ 
+-# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (__GNU_LIBRARY__ > 1))
++# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (defined PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP && (__GNU_LIBRARY__ > 1)))
+ 
+ #  ifdef PTHREAD_RWLOCK_INITIALIZER
diff --git a/gnu/packages/patches/groff-source-date-epoch.patch b/gnu/packages/patches/groff-source-date-epoch.patch
new file mode 100644
index 0000000000..53c590b049
--- /dev/null
+++ b/gnu/packages/patches/groff-source-date-epoch.patch
@@ -0,0 +1,299 @@
+Adds support for the environment variable SOURCE_DATE_EPOCH.
+
+See: https://sources.debian.net/patches/groff/1.22.3-9/source-date-epoch.patch/
+
+From abc23bc9245e18468817f2838361c3a08f7521e2 Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@debian.org>
+Date: Thu, 5 Nov 2015 11:47:34 +0000
+Subject: Implement `SOURCE_DATE_EPOCH' for reproducible builds.
+
+Author: Colin Watson <cjwatson@debian.org>
+Forwarded: yes
+Last-Update: 2015-11-05
+
+Patch-Name: source-date-epoch.patch
+---
+ doc/groff.texinfo                 |  6 +++++
+ src/devices/grohtml/grohtml.man   |  7 ++++++
+ src/devices/grohtml/post-html.cpp |  5 ++--
+ src/devices/gropdf/gropdf.man     |  7 ++++++
+ src/devices/gropdf/gropdf.pl      |  3 ++-
+ src/devices/grops/grops.man       |  7 ++++++
+ src/devices/grops/ps.cpp          |  3 ++-
+ src/include/curtime.h             | 23 ++++++++++++++++++
+ src/libs/libgroff/Makefile.sub    |  2 ++
+ src/libs/libgroff/curtime.cpp     | 51 +++++++++++++++++++++++++++++++++++++++
+ src/roff/troff/input.cpp          |  3 ++-
+ 11 files changed, 112 insertions(+), 5 deletions(-)
+ create mode 100644 src/include/curtime.h
+ create mode 100644 src/libs/libgroff/curtime.cpp
+
+diff --git a/doc/groff.texinfo b/doc/groff.texinfo
+index 066b5274..1d3c7a9f 100644
+--- a/doc/groff.texinfo
++++ b/doc/groff.texinfo
+@@ -1453,6 +1453,12 @@ default directory (on Unix and GNU/Linux systems, this is usually
+ @item GROFF_TYPESETTER
+ @tindex GROFF_TYPESETTER@r{, environment variable}
+ The default output device.
++
++@item SOURCE_DATE_EPOCH
++@tindex SOURCE_DATE_EPOCH@r{, environment variable}
++A timestamp (expressed as seconds since the Unix epoch) to use in place of
++the current time when initializing time-based built-in registers such as
++@code{\n[seconds]}.
+ @end table
+ 
+ Note that MS-DOS and MS-Windows ports of @code{groff} use semi-colons,
+diff --git a/src/devices/grohtml/grohtml.man b/src/devices/grohtml/grohtml.man
+index 51eae224..4be4abbc 100644
+--- a/src/devices/grohtml/grohtml.man
++++ b/src/devices/grohtml/grohtml.man
+@@ -419,6 +419,13 @@ and
+ for more details.
+ .
+ .
++.TP
++.SM
++.B SOURCE_DATE_EPOCH
++A timestamp (expressed as seconds since the Unix epoch) to use as the
++creation timestamp in place of the current time.
++.
++.
+ .\" --------------------------------------------------------------------
+ .SH BUGS
+ .\" --------------------------------------------------------------------
+diff --git a/src/devices/grohtml/post-html.cpp b/src/devices/grohtml/post-html.cpp
+index fefbf014..b5fc5167 100644
+--- a/src/devices/grohtml/post-html.cpp
++++ b/src/devices/grohtml/post-html.cpp
+@@ -28,6 +28,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+ #include "html.h"
+ #include "html-text.h"
+ #include "html-table.h"
++#include "curtime.h"
+ 
+ #include <time.h>
+ 
+@@ -5013,7 +5014,7 @@ void html_printer::do_file_components (void)
+ 	.put_string(Version_string)
+ 	.end_comment();
+ 
+-      t = time(0);
++      t = current_time();
+       html.begin_comment("CreationDate: ")
+ 	.put_string(ctime(&t), strlen(ctime(&t))-1)
+ 	.end_comment();
+@@ -5126,7 +5127,7 @@ html_printer::~html_printer()
+     .put_string(Version_string)
+     .end_comment();
+ 
+-  t = time(0);
++  t = current_time();
+   html.begin_comment("CreationDate: ")
+     .put_string(ctime(&t), strlen(ctime(&t))-1)
+     .end_comment();
+diff --git a/src/devices/gropdf/gropdf.man b/src/devices/gropdf/gropdf.man
+index 3bbace6a..cc0c82f1 100644
+--- a/src/devices/gropdf/gropdf.man
++++ b/src/devices/gropdf/gropdf.man
+@@ -1029,6 +1029,13 @@ and
+ for more details.
+ .
+ .
++.TP
++.SM
++.B SOURCE_DATE_EPOCH
++A timestamp (expressed as seconds since the Unix epoch) to use as the
++creation timestamp in place of the current time.
++.
++.
+ .\" --------------------------------------------------------------------
+ .SH FILES
+ .\" --------------------------------------------------------------------
+diff --git a/src/devices/gropdf/gropdf.pl b/src/devices/gropdf/gropdf.pl
+index 035d1238..c25c4c67 100644
+--- a/src/devices/gropdf/gropdf.pl
++++ b/src/devices/gropdf/gropdf.pl
+@@ -239,13 +239,14 @@ elsif (exists($ppsz{$papersz}))
+     @defaultmb=@mediabox=(0,0,$ppsz{$papersz}->[0],$ppsz{$papersz}->[1]);
+ }
+ 
+-my (@dt)=localtime(time);
++my (@dt)=localtime($ENV{SOURCE_DATE_EPOCH} || time);
+ my $dt=PDFDate(\@dt);
+ 
+ my %info=('Creator' => "(groff version $cfg{GROFF_VERSION})",
+ 				'Producer' => "(gropdf version $cfg{GROFF_VERSION})",
+ 				'ModDate' => "($dt)",
+ 				'CreationDate' => "($dt)");
++
+ while (<>)
+ {
+     chomp;
+diff --git a/src/devices/grops/grops.man b/src/devices/grops/grops.man
+index 99fb7486..272c2d18 100644
+--- a/src/devices/grops/grops.man
++++ b/src/devices/grops/grops.man
+@@ -1419,6 +1419,13 @@ and
+ for more details.
+ .
+ .
++.TP
++.SM
++.B SOURCE_DATE_EPOCH
++A timestamp (expressed as seconds since the Unix epoch) to use as the
++creation timestamp in place of the current time.
++.
++.
+ .\" --------------------------------------------------------------------
+ .SH FILES
+ .\" --------------------------------------------------------------------
+diff --git a/src/devices/grops/ps.cpp b/src/devices/grops/ps.cpp
+index 745a503b..03e65372 100644
+--- a/src/devices/grops/ps.cpp
++++ b/src/devices/grops/ps.cpp
+@@ -28,6 +28,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+ #include "cset.h"
+ #include "nonposix.h"
+ #include "paper.h"
++#include "curtime.h"
+ 
+ #include "ps.h"
+ #include <time.h>
+@@ -1390,7 +1391,7 @@ ps_printer::~ps_printer()
+ #else
+     time_t
+ #endif
+-    t = time(0);
++    t = current_time();
+     fputs(ctime(&t), out.get_file());
+   }
+   for (font_pointer_list *f = font_list; f; f = f->next) {
+diff --git a/src/include/curtime.h b/src/include/curtime.h
+new file mode 100644
+index 00000000..a4105196
+--- /dev/null
++++ b/src/include/curtime.h
+@@ -0,0 +1,23 @@
++/* Copyright (C) 2015  Free Software Foundation, Inc.
++
++This file is part of groff.
++
++groff is free software; you can redistribute it and/or modify it under
++the terms of the GNU General Public License as published by the Free
++Software Foundation, either version 2 of the License, or
++(at your option) any later version.
++
++groff is distributed in the hope that it will be useful, but WITHOUT ANY
++WARRANTY; without even the implied warranty of MERCHANTABILITY or
++FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
++for more details.
++
++The GNU General Public License version 2 (GPL2) is available in the
++internet at <http://www.gnu.org/licenses/gpl-2.0.txt>. */
++
++#ifdef LONG_FOR_TIME_T
++long
++#else
++time_t
++#endif
++current_time();
+diff --git a/src/libs/libgroff/Makefile.sub b/src/libs/libgroff/Makefile.sub
+index 840d9934..4cb4937a 100644
+--- a/src/libs/libgroff/Makefile.sub
++++ b/src/libs/libgroff/Makefile.sub
+@@ -32,6 +32,7 @@ OBJS=\
+   cmap.$(OBJEXT) \
+   color.$(OBJEXT) \
+   cset.$(OBJEXT) \
++  curtime.$(OBJEXT) \
+   device.$(OBJEXT) \
+   errarg.$(OBJEXT) \
+   error.$(OBJEXT) \
+@@ -82,6 +83,7 @@ CCSRCS=\
+   $(srcdir)/cmap.cpp \
+   $(srcdir)/color.cpp \
+   $(srcdir)/cset.cpp \
++  $(srcdir)/curtime.cpp \
+   $(srcdir)/device.cpp \
+   $(srcdir)/errarg.cpp \
+   $(srcdir)/error.cpp \
+diff --git a/src/libs/libgroff/curtime.cpp b/src/libs/libgroff/curtime.cpp
+new file mode 100644
+index 00000000..00821b7f
+--- /dev/null
++++ b/src/libs/libgroff/curtime.cpp
+@@ -0,0 +1,51 @@
++/* Copyright (C) 2015  Free Software Foundation, Inc.
++
++This file is part of groff.
++
++groff is free software; you can redistribute it and/or modify it under
++the terms of the GNU General Public License as published by the Free
++Software Foundation, either version 2 of the License, or
++(at your option) any later version.
++
++groff is distributed in the hope that it will be useful, but WITHOUT ANY
++WARRANTY; without even the implied warranty of MERCHANTABILITY or
++FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
++for more details.
++
++The GNU General Public License version 2 (GPL2) is available in the
++internet at <http://www.gnu.org/licenses/gpl-2.0.txt>. */
++
++#include <errno.h>
++#include <limits.h>
++#include <stdlib.h>
++#include <string.h>
++#include <time.h>
++
++#include "errarg.h"
++#include "error.h"
++
++#ifdef LONG_FOR_TIME_T
++long
++#else
++time_t
++#endif
++current_time()
++{
++  char *source_date_epoch = getenv("SOURCE_DATE_EPOCH");
++
++  if (source_date_epoch) {
++    errno = 0;
++    char *endptr;
++    long epoch = strtol(source_date_epoch, &endptr, 10);
++
++    if ((errno == ERANGE && (epoch == LONG_MAX || epoch == LONG_MIN)) ||
++	(errno != 0 && epoch == 0))
++      fatal("$SOURCE_DATE_EPOCH: strtol: %1", strerror(errno));
++    if (endptr == source_date_epoch)
++      fatal("$SOURCE_DATE_EPOCH: no digits found: %1", endptr);
++    if (*endptr != '\0')
++      fatal("$SOURCE_DATE_EPOCH: trailing garbage: %1", endptr);
++    return epoch;
++  } else
++    return time(0);
++}
+diff --git a/src/roff/troff/input.cpp b/src/roff/troff/input.cpp
+index 9594f074..f7d2c18a 100644
+--- a/src/roff/troff/input.cpp
++++ b/src/roff/troff/input.cpp
+@@ -36,6 +36,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+ #include "input.h"
+ #include "defs.h"
+ #include "unicode.h"
++#include "curtime.h"
+ 
+ // Needed for getpid() and isatty()
+ #include "posix.h"
+@@ -8138,7 +8139,7 @@ static void init_registers()
+ #else /* not LONG_FOR_TIME_T */
+   time_t
+ #endif /* not LONG_FOR_TIME_T */
+-    t = time(0);
++    t = current_time();
+   // Use struct here to work around misfeature in old versions of g++.
+   struct tm *tt = localtime(&t);
+   set_number_reg("seconds", int(tt->tm_sec));
diff --git a/gnu/packages/patches/guile-2.2-default-utf8.patch b/gnu/packages/patches/guile-2.2-default-utf8.patch
new file mode 100644
index 0000000000..3233388874
--- /dev/null
+++ b/gnu/packages/patches/guile-2.2-default-utf8.patch
@@ -0,0 +1,78 @@
+This hack makes Guile default to UTF-8.  This avoids calls to
+`iconv_open'; `iconv_open' tries to open shared objects that aren't
+available during bootstrap, so using UTF-8 avoids that (and UTF-8 has
+built-in conversions in glibc, too.)
+
+diff --git a/libguile/bytevectors.c b/libguile/bytevectors.c
+index 7cd753009..de92653a4 100644
+--- a/libguile/bytevectors.c
++++ b/libguile/bytevectors.c
+@@ -1918,7 +1918,7 @@ utf_encoding_name (char *name, size_t utf_width, SCM endianness)
+   if (scm_i_is_narrow_string (str))                                     \
+     {                                                                   \
+       err = mem_iconveh (scm_i_string_chars (str), c_strlen,            \
+-                         "ISO-8859-1", c_utf_name,                      \
++                         "UTF-8", c_utf_name,                      \
+                          iconveh_question_mark, NULL,                   \
+                          &c_utf, &c_utf_len);                           \
+       if (SCM_UNLIKELY (err))                                           \
+diff --git a/libguile/ports.c b/libguile/ports.c
+index 2a25cd58e..bdaf921ca 100644
+--- a/libguile/ports.c
++++ b/libguile/ports.c
+@@ -959,7 +959,9 @@ canonicalize_encoding (const char *enc)
+   char *ret;
+   int i;
+ 
+-  if (!enc || encoding_matches (enc, sym_ISO_8859_1))
++  if (enc == NULL)
++    return sym_UTF_8;
++  if (encoding_matches (enc, sym_ISO_8859_1))
+     return sym_ISO_8859_1;
+   if (encoding_matches (enc, sym_UTF_8))
+     return sym_UTF_8;
+@@ -4182,7 +4184,7 @@ scm_init_ports (void)
+     scm_c_define ("%default-port-conversion-strategy",
+                   scm_make_fluid_with_default (sym_substitute));
+   /* Use the locale as the default port encoding.  */
+-  scm_i_set_default_port_encoding (locale_charset ());
++  scm_i_set_default_port_encoding ("UTF-8");
+ 
+   scm_c_register_extension ("libguile-" SCM_EFFECTIVE_VERSION,
+                             "scm_init_ice_9_ports",
+diff --git a/libguile/strings.c b/libguile/strings.c
+index 5c49e33d8..0131e6dc8 100644
+--- a/libguile/strings.c
++++ b/libguile/strings.c
+@@ -1561,7 +1561,7 @@ scm_i_default_string_failed_conversion_handler (void)
+ SCM
+ scm_from_locale_stringn (const char *str, size_t len)
+ {
+-  return scm_from_stringn (str, len, locale_charset (),
++  return scm_from_stringn (str, len, "UTF-8",
+                            scm_i_default_string_failed_conversion_handler ());
+ }
+ 
+@@ -1885,7 +1885,7 @@ char *
+ scm_to_locale_stringn (SCM str, size_t *lenp)
+ {
+   return scm_to_stringn (str, lenp,
+-                         locale_charset (),
++                         "UTF-8",
+                          scm_i_default_string_failed_conversion_handler ());
+ }
+ 
+@@ -2216,11 +2216,11 @@ scm_to_stringn (SCM str, size_t *lenp, const char *encoding,
+   len = 0;
+   enc = encoding;
+   if (enc == NULL)
+-    enc = "ISO-8859-1";
++    enc = "UTF-8";
+   if (scm_i_is_narrow_string (str))
+     {
+       ret = mem_iconveh (scm_i_string_chars (str), ilen,
+-                         "ISO-8859-1", enc,
++                         "UTF-8", enc,
+                          (enum iconv_ilseq_handler) handler, NULL,
+                          &buf, &len);
+ 
diff --git a/gnu/packages/patches/guile-relocatable.patch b/gnu/packages/patches/guile-relocatable.patch
index 2431495f24..95bddcce88 100644
--- a/gnu/packages/patches/guile-relocatable.patch
+++ b/gnu/packages/patches/guile-relocatable.patch
@@ -35,11 +35,11 @@ location of the `guile' binary, allowing it to be relocated.
 +
 +  module_dir = scm_gc_malloc_pointerless (strlen (prefix) + 50, "string");
 +  strcpy (module_dir, prefix);
-+  strcat (module_dir, "/share/guile/2.0");
++  strcat (module_dir, "/share/guile/" SCM_EFFECTIVE_VERSION);
 +
 +  ccache_dir = scm_gc_malloc_pointerless (strlen (prefix) + 50, "string");
 +  strcpy (ccache_dir, prefix);
-+  strcat (ccache_dir, "/lib/guile/2.0/ccache");
++  strcat (ccache_dir, "/lib/guile/" SCM_EFFECTIVE_VERSION "/ccache");
 +
    env = scm_i_mirror_backslashes (getenv ("GUILE_SYSTEM_PATH"));
    if (env && strcmp (env, "") == 0)
diff --git a/gnu/packages/patches/intltool-perl-compatibility.patch b/gnu/packages/patches/intltool-perl-compatibility.patch
new file mode 100644
index 0000000000..b895ca7cb9
--- /dev/null
+++ b/gnu/packages/patches/intltool-perl-compatibility.patch
@@ -0,0 +1,76 @@
+This patch fixes a regex parsing compatibility issue with Perl 5.26.0.
+It manifests during the configure phase of at-spi2-core like this:
+
+------
+Unescaped left brace in regex is illegal here in regex; marked by <-- HERE in m/^(.*)\${ <-- HERE ?([A-Z_]+)}?(.*)$/ at /gnu/store/...-intltool-0.51.0/bin/intltool-update line 1065.
+------
+
+Copied from Gentoo and MSYS2:
+
+https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-util/intltool/files/intltool-0.51.0-perl-5.26.patch?id=1105187fc65d8bf643e682fcef39620dcfd9326a
+https://github.com/Alexpux/MSYS2-packages/blob/0d3f442553ae4fc8798e32cbf44c4252fa8f3c07/intltool/perl-5.22-compatibility.patch
+
+#diff -ruN intltool-0.51.0.orig/intltool-update.in intltool-0.51.0/intltool-update.in
+#--- intltool-0.51.0.orig/intltool-update.in	2017-06-28 00:47:20.889269294 +0200
+#+++ intltool-0.51.0/intltool-update.in	2017-06-28 00:48:14.592271529 +0200
+#@@ -1068,7 +1068,7 @@
+# 	my $untouched = $1;
+# 	my $sub = "";
+#         # Ignore recursive definitions of variables
+#-        $sub = $varhash{$2} if defined $varhash{$2} and $varhash{$2} !~ /\${?$2}?/;
+#+        $sub = $varhash{$2} if defined $varhash{$2} and $varhash{$2} !~ /\$\{?$2}?/;
+# 
+# 	return SubstituteVariable ("$untouched$sub$rest");
+#     }
+--- intltool-0.51.0.orig/intltool-update.in	2015-03-09 02:39:54.000000000 +0100
++++ intltool-0.51.0.orig/intltool-update.in	2015-06-19 01:52:07.171228154 +0200
+@@ -1062,7 +1062,7 @@ 
+ 	}
+     }
+ 
+-    if ($str =~ /^(.*)\${?([A-Z_]+)}?(.*)$/)
++    if ($str =~ /^(.*)\$\{?([A-Z_]+)}?(.*)$/)
+     {
+ 	my $rest = $3;
+ 	my $untouched = $1;
+@@ -1068,7 +1068,7 @@
+ 	my $untouched = $1;
+ 	my $sub = "";
+         # Ignore recursive definitions of variables
+-        $sub = $varhash{$2} if defined $varhash{$2} and $varhash{$2} !~ /\${?$2}?/;
++        $sub = $varhash{$2} if defined $varhash{$2} and $varhash{$2} !~ /\$\{?$2}?/;
+ 
+ 	return SubstituteVariable ("$untouched$sub$rest");
+     }
+@@ -1190,10 +1190,10 @@ 
+ 	$name    =~ s/\(+$//g;
+ 	$version =~ s/\(+$//g;
+ 
+-	$varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\${?AC_PACKAGE_NAME}?/);
+-	$varhash{"PACKAGE"} = $name if (not $name =~ /\${?PACKAGE}?/);
+-	$varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\${?AC_PACKAGE_VERSION}?/);
+-	$varhash{"VERSION"} = $version if (not $name =~ /\${?VERSION}?/);
++	$varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\$\{?AC_PACKAGE_NAME}?/);
++	$varhash{"PACKAGE"} = $name if (not $name =~ /\$\{?PACKAGE}?/);
++	$varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\$\{?AC_PACKAGE_VERSION}?/);
++	$varhash{"VERSION"} = $version if (not $name =~ /\$\{?VERSION}?/);
+     }
+ 
+     if ($conf_source =~ /^AC_INIT\(([^,\)]+),([^,\)]+)[,]?([^,\)]+)?/m)
+@@ -1219,11 +1219,11 @@ 
+ 	$version =~ s/\(+$//g;
+         $bugurl  =~ s/\(+$//g if (defined $bugurl);
+ 
+-	$varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\${?AC_PACKAGE_NAME}?/);
+-	$varhash{"PACKAGE"} = $name if (not $name =~ /\${?PACKAGE}?/);
+-	$varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\${?AC_PACKAGE_VERSION}?/);
+-	$varhash{"VERSION"} = $version if (not $name =~ /\${?VERSION}?/);
+-        $varhash{"PACKAGE_BUGREPORT"} = $bugurl if (defined $bugurl and not $bugurl =~ /\${?\w+}?/);
++	$varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\$\{?AC_PACKAGE_NAME}?/);
++	$varhash{"PACKAGE"} = $name if (not $name =~ /\$\{?PACKAGE}?/);
++	$varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\$\{?AC_PACKAGE_VERSION}?/);
++	$varhash{"VERSION"} = $version if (not $name =~ /\$\{?VERSION}?/);
++        $varhash{"PACKAGE_BUGREPORT"} = $bugurl if (defined $bugurl and not $bugurl =~ /\$\{?\w+}?/);
+     }
+ 
+     # \s makes this not work, why?
diff --git a/gnu/packages/patches/libffi-3.2.1-complex-alpha.patch b/gnu/packages/patches/libffi-3.2.1-complex-alpha.patch
new file mode 100644
index 0000000000..ebbc0635a5
--- /dev/null
+++ b/gnu/packages/patches/libffi-3.2.1-complex-alpha.patch
@@ -0,0 +1,28 @@
+The patch fixes build failure of form:
+     ../src/alpha/osf.S:298:2: error: #error "osf.S out of sync with ffi.h"
+Upstream fixed the bug in a more invasive way
+but didn't have releases since 3.2.1.
+
+The patch is taken from Gentoo:
+https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/libffi/files/libffi-3.2.1-complex_alpha.patch
+
+--- libffi-3.2.1/src/alpha/osf.S	2015-01-16 10:46:15.000000000 +0100
++++ libffi-3.2.1/src/alpha/osf.S	2015-01-16 10:46:24.000000000 +0100
+@@ -279,6 +279,7 @@
+ 	.gprel32 $load_64	# FFI_TYPE_SINT64
+ 	.gprel32 $load_none	# FFI_TYPE_STRUCT
+ 	.gprel32 $load_64	# FFI_TYPE_POINTER
++	.gprel32 $load_none	# FFI_TYPE_COMPLEX
+ 
+ /* Assert that the table above is in sync with ffi.h.  */
+ 
+@@ -294,7 +295,8 @@
+ 	|| FFI_TYPE_SINT64 != 12	\
+ 	|| FFI_TYPE_STRUCT != 13	\
+ 	|| FFI_TYPE_POINTER != 14	\
+-	|| FFI_TYPE_LAST != 14
++	|| FFI_TYPE_COMPLEX != 15       \
++	|| FFI_TYPE_LAST != 15
+ #error "osf.S out of sync with ffi.h"
+ #endif
+ 
diff --git a/gnu/packages/patches/libtasn1-CVE-2017-6891.patch b/gnu/packages/patches/libtasn1-CVE-2017-6891.patch
deleted file mode 100644
index 1f847ed025..0000000000
--- a/gnu/packages/patches/libtasn1-CVE-2017-6891.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-Fix CVE-2017-6891:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891
-
-Patch copied from upstream source repository:
-
-https://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=5520704d075802df25ce4ffccc010ba1641bd484
-
-From 5520704d075802df25ce4ffccc010ba1641bd484 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@redhat.com>
-Date: Thu, 18 May 2017 18:03:34 +0200
-Subject: [PATCH] asn1_find_node: added safety check on asn1_find_node()
-
-This prevents a stack overflow in asn1_find_node() which
-is triggered by too long variable names in the definitions
-files. That means that applications have to deliberately
-pass a too long 'name' constant to asn1_write_value()
-and friends.  Reported by Jakub Jirasek.
-
-Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
----
- lib/parser_aux.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/lib/parser_aux.c b/lib/parser_aux.c
-index b4a7370..976ab38 100644
---- a/lib/parser_aux.c
-+++ b/lib/parser_aux.c
-@@ -120,6 +120,9 @@ asn1_find_node (asn1_node pointer, const char *name)
-       if (n_end)
- 	{
- 	  nsize = n_end - n_start;
-+	  if (nsize >= sizeof(n))
-+		return NULL;
-+
- 	  memcpy (n, n_start, nsize);
- 	  n[nsize] = 0;
- 	  n_start = n_end;
-@@ -158,6 +161,9 @@ asn1_find_node (asn1_node pointer, const char *name)
-       if (n_end)
- 	{
- 	  nsize = n_end - n_start;
-+	  if (nsize >= sizeof(n))
-+		return NULL;
-+
- 	  memcpy (n, n_start, nsize);
- 	  n[nsize] = 0;
- 	  n_start = n_end;
--- 
-2.13.0
-
diff --git a/gnu/packages/patches/libtiff-CVE-2016-10092.patch b/gnu/packages/patches/libtiff-CVE-2016-10092.patch
deleted file mode 100644
index d5fd796169..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2016-10092.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Fix CVE-2016-10092:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2620
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10092
-https://security-tracker.debian.org/tracker/CVE-2016-10092
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcrop.c: fix readContigStripsIntoBuffer() in -i (ignore)
-	mode so that the output buffer is correctly incremented to avoid write
-	outside bounds.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2620
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1178; previous revision: 1.1177
-/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v  <--  tools/tiffcrop.c
-new revision: 1.47; previous revision: 1.46
-
-Index: libtiff/tools/tiffcrop.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v
-retrieving revision 1.46
-retrieving revision 1.47
-diff -u -r1.46 -r1.47
---- libtiff/tools/tiffcrop.c	18 Nov 2016 14:58:46 -0000	1.46
-+++ libtiff/tools/tiffcrop.c	3 Dec 2016 11:35:56 -0000	1.47
-@@ -1,4 +1,4 @@
--/* $Id: tiffcrop.c,v 1.46 2016-11-18 14:58:46 erouault Exp $ */
-+/* $Id: tiffcrop.c,v 1.47 2016-12-03 11:35:56 erouault Exp $ */
- 
- /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of
-  * the image data through additional options listed below
-@@ -3698,7 +3698,7 @@
-                                   (unsigned long) strip, (unsigned long)rows);
-                         return 0;
-                 }
--                bufp += bytes_read;
-+                bufp += stripsize;
-         }
- 
-         return 1;
diff --git a/gnu/packages/patches/libtiff-CVE-2016-10093.patch b/gnu/packages/patches/libtiff-CVE-2016-10093.patch
deleted file mode 100644
index 5897ec1029..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2016-10093.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-Fix CVE-2016-10093:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2610
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10093
-https://security-tracker.debian.org/tracker/CVE-2016-10093
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcp.c: fix uint32 underflow/overflow that can cause
-	heap-based buffer overflow.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2610
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1187; previous revision: 1.1186
-/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
-new revision: 1.59; previous revision: 1.58
-
-Index: libtiff/tools/tiffcp.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
-retrieving revision 1.58
-retrieving revision 1.59
-diff -u -r1.58 -r1.59
---- libtiff/tools/tiffcp.c	3 Dec 2016 15:44:15 -0000	1.58
-+++ libtiff/tools/tiffcp.c	3 Dec 2016 16:40:01 -0000	1.59
-@@ -1163,7 +1163,7 @@
- 
- static void
- cpStripToTile(uint8* out, uint8* in,
--    uint32 rows, uint32 cols, int outskew, int inskew)
-+    uint32 rows, uint32 cols, int outskew, int64 inskew)
- {
- 	while (rows-- > 0) {
- 		uint32 j = cols;
-@@ -1320,7 +1320,7 @@
- 	tdata_t tilebuf;
- 	uint32 imagew = TIFFScanlineSize(in);
- 	uint32 tilew  = TIFFTileRowSize(in);
--	int iskew = imagew - tilew;
-+	int64 iskew = (int64)imagew - (int64)tilew;
- 	uint8* bufp = (uint8*) buf;
- 	uint32 tw, tl;
- 	uint32 row;
-@@ -1348,7 +1348,7 @@
- 				status = 0;
- 				goto done;
- 			}
--			if (colb + tilew > imagew) {
-+			if (colb > iskew) {
- 				uint32 width = imagew - colb;
- 				uint32 oskew = tilew - width;
- 				cpStripToTile(bufp + colb,
diff --git a/gnu/packages/patches/libtiff-CVE-2016-10094.patch b/gnu/packages/patches/libtiff-CVE-2016-10094.patch
deleted file mode 100644
index 9018773565..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2016-10094.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Fix CVE-2016-10094:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2640
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10094
-https://security-tracker.debian.org/tracker/CVE-2016-10094
-
-2016-12-20 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiff2pdf.c: avoid potential heap-based overflow in
-        t2p_readwrite_pdf_image_tile().
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2640
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1199; previous revision: 1.1198
-/cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v  <--  tools/tiff2pdf.c
-new revision: 1.101; previous revision: 1.100
-
-Index: libtiff/tools/tiff2pdf.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v
-retrieving revision 1.100
-retrieving revision 1.101
-diff -u -r1.100 -r1.101
---- libtiff/tools/tiff2pdf.c	20 Dec 2016 17:24:35 -0000	1.100
-+++ libtiff/tools/tiff2pdf.c	20 Dec 2016 17:28:17 -0000	1.101
-@@ -2895,7 +2895,7 @@
- 				return(0);
- 			}
- 			if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) {
--				if (count >= 4) {
-+				if (count > 4) {
-                                         int retTIFFReadRawTile;
-                     /* Ignore EOI marker of JpegTables */
- 					_TIFFmemcpy(buffer, jpt, count - 2);
diff --git a/gnu/packages/patches/libtiff-CVE-2017-5225.patch b/gnu/packages/patches/libtiff-CVE-2017-5225.patch
deleted file mode 100644
index 3158b49360..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2017-5225.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-Fix CVE-2017-5225 (Heap based buffer overflow in tools/tiffcp):
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2656
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5225
-https://security-tracker.debian.org/tracker/CVE-2017-5225
-
-2017-01-11 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow and
-        cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based
-overflow.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and
-        http://bugzilla.maptools.org/show_bug.cgi?id=2657
-
-
-less C/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1210; previous revision: 1.1209
-/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
-new revision: 1.61; previous revision: 1.60
-
-Index: libtiff/tools/tiffcp.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
-retrieving revision 1.60
-retrieving revision 1.61
-diff -u -r1.60 -r1.61
---- libtiff/tools/tiffcp.c	3 Dec 2016 16:50:02 -0000	1.60
-+++ libtiff/tools/tiffcp.c	11 Jan 2017 19:26:14 -0000	1.61
-#@@ -1,4 +1,4 @@
-#-/* $Id: tiffcp.c,v 1.60 2016-12-03 16:50:02 erouault Exp $ */
-#+/* $Id: tiffcp.c,v 1.61 2017-01-11 19:26:14 erouault Exp $ */
-# 
-# /*
-#  * Copyright (c) 1988-1997 Sam Leffler
-@@ -591,7 +591,7 @@
- static int
- tiffcp(TIFF* in, TIFF* out)
- {
--	uint16 bitspersample, samplesperpixel = 1;
-+	uint16 bitspersample = 1, samplesperpixel = 1;
- 	uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK;
- 	copyFunc cf;
- 	uint32 width, length;
-@@ -1067,6 +1067,16 @@
- 	register uint32 n;
- 	uint32 row;
- 	tsample_t s;
-+        uint16 bps = 0;
-+
-+        (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
-+        if( bps != 8 )
-+        {
-+            TIFFError(TIFFFileName(in),
-+                      "Error, can only handle BitsPerSample=8 in %s",
-+                      "cpContig2SeparateByRow");
-+            return 0;
-+        }
- 
- 	inbuf = _TIFFmalloc(scanlinesizein);
- 	outbuf = _TIFFmalloc(scanlinesizeout);
-@@ -1120,6 +1130,16 @@
- 	register uint32 n;
- 	uint32 row;
- 	tsample_t s;
-+        uint16 bps = 0;
-+
-+        (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
-+        if( bps != 8 )
-+        {
-+            TIFFError(TIFFFileName(in),
-+                      "Error, can only handle BitsPerSample=8 in %s",
-+                      "cpSeparate2ContigByRow");
-+            return 0;
-+        }
- 
- 	inbuf = _TIFFmalloc(scanlinesizein);
- 	outbuf = _TIFFmalloc(scanlinesizeout);
-@@ -1784,7 +1804,7 @@
- 	uint32 w, l, tw, tl;
- 	int bychunk;
- 
--	(void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv);
-+	(void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv);
- 	if (shortv != config && bitspersample != 8 && samplesperpixel > 1) {
- 		fprintf(stderr,
- 		    "%s: Cannot handle different planar configuration w/ bits/sample != 8\n",
diff --git a/gnu/packages/patches/libtiff-assertion-failure.patch b/gnu/packages/patches/libtiff-assertion-failure.patch
deleted file mode 100644
index ef747fbdd7..0000000000
--- a/gnu/packages/patches/libtiff-assertion-failure.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-Fix assertion failure in readSeparateTilesIntoBuffer():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2605
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcp.c: replace assert( (bps % 8) == 0 ) by a non assert
-check.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2605
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1188; previous revision: 1.1187
-/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
-new revision: 1.60; previous revision: 1.59
-
-Index: libtiff/tools/tiffcp.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
-retrieving revision 1.59
-retrieving revision 1.60
-diff -u -r1.59 -r1.60
---- libtiff/tools/tiffcp.c	3 Dec 2016 16:40:01 -0000	1.59
-+++ libtiff/tools/tiffcp.c	3 Dec 2016 16:50:02 -0000	1.60
-@@ -45,7 +45,6 @@
- #include <string.h>
- 
- #include <ctype.h>
--#include <assert.h>
- 
- #ifdef HAVE_UNISTD_H
- # include <unistd.h>
-@@ -1393,7 +1392,12 @@
-             status = 0;
-             goto done;
-         }
--	assert( bps % 8 == 0 );
-+        if( (bps % 8) != 0 )
-+        {
-+            TIFFError(TIFFFileName(in), "Error, cannot handle BitsPerSample that is not a multiple of 8");
-+            status = 0;
-+            goto done;
-+        }
- 	bytes_per_sample = bps/8;
- 
- 	for (row = 0; row < imagelength; row += tl) {
-@@ -1584,7 +1588,12 @@
-             _TIFFfree(obuf);
-             return 0;
-         }
--	assert( bps % 8 == 0 );
-+        if( (bps % 8) != 0 )
-+        {
-+            TIFFError(TIFFFileName(out), "Error, cannot handle BitsPerSample that is not a multiple of 8");
-+            _TIFFfree(obuf);
-+            return 0;
-+        }
- 	bytes_per_sample = bps/8;
- 
- 	for (row = 0; row < imagelength; row += tl) {
diff --git a/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch b/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch
deleted file mode 100644
index 2a96b68521..0000000000
--- a/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-Fix divide-by-zero in OJPEGDecodeRaw():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2611
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case of failure
-in
-        OJPEGPreDecode(). This will avoid a divide by zero, and potential other
-issues.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2611
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1177; previous revision: 1.1176
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v  <--  libtiff/tif_ojpeg.c
-new revision: 1.66; previous revision: 1.65
-
-Index: libtiff/libtiff/tif_ojpeg.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v
-retrieving revision 1.65
-retrieving revision 1.66
-diff -u -r1.65 -r1.66
---- libtiff/libtiff/tif_ojpeg.c	4 Sep 2016 21:32:56 -0000	1.65
-+++ libtiff/libtiff/tif_ojpeg.c	3 Dec 2016 11:15:18 -0000	1.66
-@@ -1,4 +1,4 @@
--/* $Id: tif_ojpeg.c,v 1.65 2016-09-04 21:32:56 erouault Exp $ */
-+/* $Id: tif_ojpeg.c,v 1.66 2016-12-03 11:15:18 erouault Exp $ */
- 
- /* WARNING: The type of JPEG encapsulation defined by the TIFF Version 6.0
-    specification is now totally obsolete and deprecated for new applications and
-@@ -244,6 +244,7 @@
- 
- typedef struct {
- 	TIFF* tif;
-+        int decoder_ok;
- 	#ifndef LIBJPEG_ENCAP_EXTERNAL
- 	JMP_BUF exit_jmpbuf;
- 	#endif
-@@ -722,6 +723,7 @@
- 		}
- 		sp->write_curstrile++;
- 	}
-+	sp->decoder_ok = 1;
- 	return(1);
- }
- 
-@@ -784,8 +786,14 @@
- static int
- OJPEGDecode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s)
- {
-+        static const char module[]="OJPEGDecode";
- 	OJPEGState* sp=(OJPEGState*)tif->tif_data;
- 	(void)s;
-+        if( !sp->decoder_ok )
-+        {
-+            TIFFErrorExt(tif->tif_clientdata,module,"Cannot decode: decoder not correctly initialized");
-+            return 0;
-+        }
- 	if (sp->libjpeg_jpeg_query_style==0)
- 	{
- 		if (OJPEGDecodeRaw(tif,buf,cc)==0)
diff --git a/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch b/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch
deleted file mode 100644
index d3f1c2b60e..0000000000
--- a/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-Fix two divide-by-zero bugs in readSeparateTilesIntoBuffer():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2597
-http://bugzilla.maptools.org/show_bug.cgi?id=2607
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples
-tag is
-        missing.
-        Reported by Agostino sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2597
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1183; previous revision: 1.1182
-/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
-new revision: 1.57; previous revision: 1.56
-
-Index: libtiff/tools/tiffcp.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
-retrieving revision 1.56
-retrieving revision 1.57
-diff -u -r1.56 -r1.57
---- libtiff/tools/tiffcp.c	2 Dec 2016 22:13:32 -0000	1.56
-+++ libtiff/tools/tiffcp.c	3 Dec 2016 14:42:40 -0000	1.57
-@@ -1,4 +1,4 @@
--/* $Id: tiffcp.c,v 1.56 2016-12-02 22:13:32 erouault Exp $ */
-+/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -1378,7 +1378,7 @@
- 	uint8* bufp = (uint8*) buf;
- 	uint32 tw, tl;
- 	uint32 row;
--	uint16 bps, bytes_per_sample;
-+	uint16 bps = 0, bytes_per_sample;
- 
- 	tilebuf = _TIFFmalloc(tilesize);
- 	if (tilebuf == 0)
-@@ -1387,6 +1387,12 @@
- 	(void) TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw);
- 	(void) TIFFGetField(in, TIFFTAG_TILELENGTH, &tl);
- 	(void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
-+        if( bps == 0 )
-+        {
-+            TIFFError(TIFFFileName(in), "Error, cannot read BitsPerSample");
-+            status = 0;
-+            goto done;
-+        }
- 	assert( bps % 8 == 0 );
- 	bytes_per_sample = bps/8;
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples
-tag is
-        missing.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2607
-
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1186; previous revision: 1.1185
-/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
-new revision: 1.58; previous revision: 1.57
- 
-Index: libtiff/tools/tiffcp.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
-retrieving revision 1.57
-retrieving revision 1.58
-diff -u -r1.57 -r1.58
---- libtiff/tools/tiffcp.c	3 Dec 2016 14:42:40 -0000	1.57
-+++ libtiff/tools/tiffcp.c	3 Dec 2016 15:44:15 -0000	1.58
-@@ -1,4 +1,4 @@
--/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */
-+/* $Id: tiffcp.c,v 1.58 2016-12-03 15:44:15 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -1569,7 +1569,7 @@
- 	uint8* bufp = (uint8*) buf;
- 	uint32 tl, tw;
- 	uint32 row;
--	uint16 bps, bytes_per_sample;
-+	uint16 bps = 0, bytes_per_sample;
- 
- 	obuf = _TIFFmalloc(TIFFTileSize(out));
- 	if (obuf == NULL)
-@@ -1578,6 +1578,12 @@
- 	(void) TIFFGetField(out, TIFFTAG_TILELENGTH, &tl);
- 	(void) TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw);
- 	(void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps);
-+        if( bps == 0 )
-+        {
-+            TIFFError(TIFFFileName(out), "Error, cannot read BitsPerSample");
-+            _TIFFfree(obuf);
-+            return 0;
-+        }
- 	assert( bps % 8 == 0 );
- 	bytes_per_sample = bps/8;
- 
diff --git a/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch b/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch
deleted file mode 100644
index 823293f1cf..0000000000
--- a/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-Fix divide-by-zero in readSeparateStripsIntoBuffer():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2619
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcrop.c: fix integer division by zero when BitsPerSample is
-missing.
-        Reported by Agostina Sarubo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2619
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1180; previous revision: 1.1179
-/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v  <--  tools/tiffcrop.c
-new revision: 1.49; previous revision: 1.48
-
-Index: libtiff/tools/tiffcrop.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v
-retrieving revision 1.48
-retrieving revision 1.49
-diff -u -r1.48 -r1.49
---- libtiff/tools/tiffcrop.c	3 Dec 2016 12:19:32 -0000	1.48
-+++ libtiff/tools/tiffcrop.c	3 Dec 2016 13:00:04 -0000	1.49
-@@ -1,4 +1,4 @@
--/* $Id: tiffcrop.c,v 1.48 2016-12-03 12:19:32 erouault Exp $ */
-+/* $Id: tiffcrop.c,v 1.49 2016-12-03 13:00:04 erouault Exp $ */
- 
- /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of
-  * the image data through additional options listed below
-@@ -1164,7 +1164,7 @@
-   tdata_t  obuf;
- 
-   (void) TIFFGetFieldDefaulted(out, TIFFTAG_ROWSPERSTRIP, &rowsperstrip);
--  (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps);
-+  (void) TIFFGetFieldDefaulted(out, TIFFTAG_BITSPERSAMPLE, &bps);
-   bytes_per_sample = (bps + 7) / 8;
-   if( width == 0 ||
-       (uint32)bps * (uint32)spp > TIFF_UINT32_MAX / width ||
-@@ -4760,7 +4760,7 @@
-   int i, bytes_per_sample, bytes_per_pixel, shift_width, result = 1;
-   uint32 j;
-   int32  bytes_read = 0;
--  uint16 bps, planar;
-+  uint16 bps = 0, planar;
-   uint32 nstrips;
-   uint32 strips_per_sample;
-   uint32 src_rowsize, dst_rowsize, rows_processed, rps;
-@@ -4780,7 +4780,7 @@
-     }
- 
-   memset (srcbuffs, '\0', sizeof(srcbuffs));
--  TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
-+  TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps);
-   TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &planar);
-   TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rps);
-   if (rps > length)
diff --git a/gnu/packages/patches/libtiff-divide-by-zero.patch b/gnu/packages/patches/libtiff-divide-by-zero.patch
deleted file mode 100644
index 6dbd4666cd..0000000000
--- a/gnu/packages/patches/libtiff-divide-by-zero.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-Fix an integer overflow in TIFFReadEncodedStrip() that led to division-by-zero:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2596
-
-2016-12-02 Even Rouault <even.rouault at spatialys.com>
-
-        * libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow in
-        TIFFReadEncodedStrip() that caused an integer division by zero.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2596
-
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1173; previous revision: 1.1172
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v  <--  libtiff/tif_read.c
-new revision: 1.50; previous revision: 1.49
-/cvs/maptools/cvsroot/libtiff/libtiff/tiffiop.h,v  <--  libtiff/tiffiop.h
-new revision: 1.90; previous revision: 1.89
-
-Index: libtiff/libtiff/tif_read.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v
-retrieving revision 1.49
-retrieving revision 1.50
-diff -u -r1.49 -r1.50
---- libtiff/libtiff/tif_read.c	10 Jul 2016 18:00:21 -0000	1.49
-+++ libtiff/libtiff/tif_read.c	2 Dec 2016 21:56:56 -0000	1.50
-@@ -1,4 +1,4 @@
--/* $Id: tif_read.c,v 1.49 2016-07-10 18:00:21 erouault Exp $ */
-+/* $Id: tif_read.c,v 1.50 2016-12-02 21:56:56 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -346,7 +346,7 @@
- 	rowsperstrip=td->td_rowsperstrip;
- 	if (rowsperstrip>td->td_imagelength)
- 		rowsperstrip=td->td_imagelength;
--	stripsperplane=((td->td_imagelength+rowsperstrip-1)/rowsperstrip);
-+	stripsperplane= TIFFhowmany_32_maxuint_compat(td->td_imagelength, rowsperstrip);
- 	stripinplane=(strip%stripsperplane);
- 	plane=(uint16)(strip/stripsperplane);
- 	rows=td->td_imagelength-stripinplane*rowsperstrip;
-Index: libtiff/libtiff/tiffiop.h
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tiffiop.h,v
-retrieving revision 1.89
-retrieving revision 1.90
-diff -u -r1.89 -r1.90
---- libtiff/libtiff/tiffiop.h	23 Jan 2016 21:20:34 -0000	1.89
-+++ libtiff/libtiff/tiffiop.h	2 Dec 2016 21:56:56 -0000	1.90
-@@ -1,4 +1,4 @@
--/* $Id: tiffiop.h,v 1.89 2016-01-23 21:20:34 erouault Exp $ */
-+/* $Id: tiffiop.h,v 1.90 2016-12-02 21:56:56 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -250,6 +250,10 @@
- #define TIFFhowmany_32(x, y) (((uint32)x < (0xffffffff - (uint32)(y-1))) ? \
- 			   ((((uint32)(x))+(((uint32)(y))-1))/((uint32)(y))) : \
- 			   0U)
-+/* Variant of TIFFhowmany_32() that doesn't return 0 if x close to MAXUINT. */
-+/* Caution: TIFFhowmany_32_maxuint_compat(x,y)*y might overflow */
-+#define TIFFhowmany_32_maxuint_compat(x, y) \
-+			   (((uint32)(x) / (uint32)(y)) + ((((uint32)(x) % (uint32)(y)) != 0) ? 1 : 0))
- #define TIFFhowmany8_32(x) (((x)&0x07)?((uint32)(x)>>3)+1:(uint32)(x)>>3)
- #define TIFFroundup_32(x, y) (TIFFhowmany_32(x,y)*(y))
- #define TIFFhowmany_64(x, y) ((((uint64)(x))+(((uint64)(y))-1))/((uint64)(y)))
diff --git a/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch b/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch
deleted file mode 100644
index 2d5e23586d..0000000000
--- a/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch
+++ /dev/null
@@ -1,131 +0,0 @@
-Fix heap-based buffer overflow in _TIFFmemcpy():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2604
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * libtiff/tif_pixarlog.c, libtiff/tif_luv.c: fix heap-based buffer
-        overflow on generation of PixarLog / LUV compressed files, with
-        ColorMap, TransferFunction attached and nasty plays with bitspersample.
-        The fix for LUV has not been tested, but suffers from the same kind
-        of issue of PixarLog.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2604
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1175; previous revision: 1.1174
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_luv.c,v  <--  libtiff/tif_luv.c
-new revision: 1.44; previous revision: 1.43
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v  <-- 
-libtiff/tif_pixarlog.c
-new revision: 1.49; previous revision: 1.48
-
-Index: libtiff/libtiff/tif_luv.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_luv.c,v
-retrieving revision 1.43
-retrieving revision 1.44
-diff -u -r1.43 -r1.44
---- libtiff/libtiff/tif_luv.c	4 Sep 2016 21:32:56 -0000	1.43
-+++ libtiff/libtiff/tif_luv.c	2 Dec 2016 23:05:51 -0000	1.44
-@@ -1,4 +1,4 @@
--/* $Id: tif_luv.c,v 1.43 2016-09-04 21:32:56 erouault Exp $ */
-+/* $Id: tif_luv.c,v 1.44 2016-12-02 23:05:51 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1997 Greg Ward Larson
-@@ -158,6 +158,7 @@
- typedef struct logLuvState LogLuvState;
- 
- struct logLuvState {
-+        int                     encoder_state;  /* 1 if encoder correctly initialized */
- 	int                     user_datafmt;   /* user data format */
- 	int                     encode_meth;    /* encoding method */
- 	int                     pixel_size;     /* bytes per pixel */
-@@ -1552,6 +1553,7 @@
- 		    td->td_photometric, "must be either LogLUV or LogL");
- 		break;
- 	}
-+	sp->encoder_state = 1;
- 	return (1);
- notsupported:
- 	TIFFErrorExt(tif->tif_clientdata, module,
-@@ -1563,19 +1565,27 @@
- static void
- LogLuvClose(TIFF* tif)
- {
-+        LogLuvState* sp = (LogLuvState*) tif->tif_data;
- 	TIFFDirectory *td = &tif->tif_dir;
- 
-+	assert(sp != 0);
- 	/*
- 	 * For consistency, we always want to write out the same
- 	 * bitspersample and sampleformat for our TIFF file,
- 	 * regardless of the data format being used by the application.
- 	 * Since this routine is called after tags have been set but
- 	 * before they have been recorded in the file, we reset them here.
-+         * Note: this is really a nasty approach. See PixarLogClose
- 	 */
--	td->td_samplesperpixel =
--	    (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
--	td->td_bitspersample = 16;
--	td->td_sampleformat = SAMPLEFORMAT_INT;
-+        if( sp->encoder_state )
-+        {
-+            /* See PixarLogClose. Might avoid issues with tags whose size depends
-+             * on those below, but not completely sure this is enough. */
-+            td->td_samplesperpixel =
-+                (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
-+            td->td_bitspersample = 16;
-+            td->td_sampleformat = SAMPLEFORMAT_INT;
-+        }
- }
- 
- static void
-Index: libtiff/libtiff/tif_pixarlog.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v
-retrieving revision 1.48
-retrieving revision 1.49
-diff -u -r1.48 -r1.49
---- libtiff/libtiff/tif_pixarlog.c	23 Sep 2016 22:12:18 -0000	1.48
-+++ libtiff/libtiff/tif_pixarlog.c	2 Dec 2016 23:05:51 -0000	1.49
-@@ -1,4 +1,4 @@
--/* $Id: tif_pixarlog.c,v 1.48 2016-09-23 22:12:18 erouault Exp $ */
-+/* $Id: tif_pixarlog.c,v 1.49 2016-12-02 23:05:51 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1996-1997 Sam Leffler
-@@ -1233,8 +1233,10 @@
- static void
- PixarLogClose(TIFF* tif)
- {
-+        PixarLogState* sp = (PixarLogState*) tif->tif_data;
- 	TIFFDirectory *td = &tif->tif_dir;
- 
-+	assert(sp != 0);
- 	/* In a really sneaky (and really incorrect, and untruthful, and
- 	 * troublesome, and error-prone) maneuver that completely goes against
- 	 * the spirit of TIFF, and breaks TIFF, on close, we covertly
-@@ -1243,8 +1245,19 @@
- 	 * readers that don't know about PixarLog, or how to set
- 	 * the PIXARLOGDATFMT pseudo-tag.
- 	 */
--	td->td_bitspersample = 8;
--	td->td_sampleformat = SAMPLEFORMAT_UINT;
-+
-+        if (sp->state&PLSTATE_INIT) {
-+            /* We test the state to avoid an issue such as in
-+             * http://bugzilla.maptools.org/show_bug.cgi?id=2604
-+             * What appends in that case is that the bitspersample is 1 and
-+             * a TransferFunction is set. The size of the TransferFunction
-+             * depends on 1<<bitspersample. So if we increase it, an access
-+             * out of the buffer will happen at directory flushing.
-+             * Another option would be to clear those targs. 
-+             */
-+            td->td_bitspersample = 8;
-+            td->td_sampleformat = SAMPLEFORMAT_UINT;
-+        }
- }
- 
- static void
diff --git a/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch b/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch
deleted file mode 100644
index 68889b121b..0000000000
--- a/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-Fix heap-based buffer overflow in TIFFFillStrip():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2608
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * libtiff/tif_dirread.c: modify ChopUpSingleUncompressedStrip() to
-        instanciate compute ntrips as TIFFhowmany_32(td->td_imagelength,
-rowsperstrip),
-        instead of a logic based on the total size of data. Which is faulty is
-        the total size of data is not sufficient to fill the whole image, and
-thus
-        results in reading outside of the StripByCounts/StripOffsets arrays
-when
-        using TIFFReadScanline().
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2608.
-
-        * libtiff/tif_strip.c: revert the change in TIFFNumberOfStrips() done
-        for http://bugzilla.maptools.org/show_bug.cgi?id=2587 / CVE-2016-9273
-since
-        the above change is a better fix that makes it unnecessary.
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1176; previous revision: 1.1175
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v  <-- 
-libtiff/tif_dirread.c
-new revision: 1.205; previous revision: 1.204
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_strip.c,v  <--  libtiff/tif_strip.c
-new revision: 1.38; previous revision: 1.37
-
-Index: libtiff/libtiff/tif_dirread.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v
-retrieving revision 1.204
-retrieving revision 1.205
-diff -u -r1.204 -r1.205
---- libtiff/libtiff/tif_dirread.c	16 Nov 2016 15:14:15 -0000	1.204
-+++ libtiff/libtiff/tif_dirread.c	3 Dec 2016 11:02:15 -0000	1.205
-@@ -1,4 +1,4 @@
--/* $Id: tif_dirread.c,v 1.204 2016-11-16 15:14:15 erouault Exp $ */
-+/* $Id: tif_dirread.c,v 1.205 2016-12-03 11:02:15 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -5502,8 +5502,7 @@
- 	uint64 rowblockbytes;
- 	uint64 stripbytes;
- 	uint32 strip;
--	uint64 nstrips64;
--	uint32 nstrips32;
-+	uint32 nstrips;
- 	uint32 rowsperstrip;
- 	uint64* newcounts;
- 	uint64* newoffsets;
-@@ -5534,18 +5533,17 @@
- 	    return;
- 
- 	/*
--	 * never increase the number of strips in an image
-+	 * never increase the number of rows per strip
- 	 */
- 	if (rowsperstrip >= td->td_rowsperstrip)
- 		return;
--	nstrips64 = TIFFhowmany_64(bytecount, stripbytes);
--	if ((nstrips64==0)||(nstrips64>0xFFFFFFFF)) /* something is wonky, do nothing. */
--	    return;
--	nstrips32 = (uint32)nstrips64;
-+        nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip);
-+        if( nstrips == 0 )
-+            return;
- 
--	newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
-+	newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
- 				"for chopped \"StripByteCounts\" array");
--	newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
-+	newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
- 				"for chopped \"StripOffsets\" array");
- 	if (newcounts == NULL || newoffsets == NULL) {
- 		/*
-@@ -5562,18 +5560,18 @@
- 	 * Fill the strip information arrays with new bytecounts and offsets
- 	 * that reflect the broken-up format.
- 	 */
--	for (strip = 0; strip < nstrips32; strip++) {
-+	for (strip = 0; strip < nstrips; strip++) {
- 		if (stripbytes > bytecount)
- 			stripbytes = bytecount;
- 		newcounts[strip] = stripbytes;
--		newoffsets[strip] = offset;
-+		newoffsets[strip] = stripbytes ? offset : 0;
- 		offset += stripbytes;
- 		bytecount -= stripbytes;
- 	}
- 	/*
- 	 * Replace old single strip info with multi-strip info.
- 	 */
--	td->td_stripsperimage = td->td_nstrips = nstrips32;
-+	td->td_stripsperimage = td->td_nstrips = nstrips;
- 	TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip);
- 
- 	_TIFFfree(td->td_stripbytecount);
-Index: libtiff/libtiff/tif_strip.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_strip.c,v
-retrieving revision 1.37
-retrieving revision 1.38
-diff -u -r1.37 -r1.38
---- libtiff/libtiff/tif_strip.c	9 Nov 2016 23:00:49 -0000	1.37
-+++ libtiff/libtiff/tif_strip.c	3 Dec 2016 11:02:15 -0000	1.38
-@@ -1,4 +1,4 @@
--/* $Id: tif_strip.c,v 1.37 2016-11-09 23:00:49 erouault Exp $ */
-+/* $Id: tif_strip.c,v 1.38 2016-12-03 11:02:15 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1991-1997 Sam Leffler
-@@ -63,15 +63,6 @@
- 	TIFFDirectory *td = &tif->tif_dir;
- 	uint32 nstrips;
- 
--    /* If the value was already computed and store in td_nstrips, then return it,
--       since ChopUpSingleUncompressedStrip might have altered and resized the
--       since the td_stripbytecount and td_stripoffset arrays to the new value
--       after the initial affectation of td_nstrips = TIFFNumberOfStrips() in
--       tif_dirread.c ~line 3612.
--       See http://bugzilla.maptools.org/show_bug.cgi?id=2587 */
--    if( td->td_nstrips )
--        return td->td_nstrips;
--
- 	nstrips = (td->td_rowsperstrip == (uint32) -1 ? 1 :
- 	     TIFFhowmany_32(td->td_imagelength, td->td_rowsperstrip));
- 	if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
diff --git a/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch b/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch
deleted file mode 100644
index f0fef08bf3..0000000000
--- a/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-Fix heap buffer overflow in tiffcp when parsing number of inks:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2599
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tif_dir.c: when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is
-called,
-        limit the return number of inks to SamplesPerPixel, so that code that
-parses
-        ink names doesn't go past the end of the buffer.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599
-
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1184; previous revision: 1.1183
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v  <--  libtiff/tif_dir.c
-new revision: 1.128; previous revision: 1.127
-
-Index: libtiff/libtiff/tif_dir.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v
-retrieving revision 1.127
-retrieving revision 1.128
-diff -u -r1.127 -r1.128
---- libtiff/libtiff/tif_dir.c	25 Oct 2016 21:35:15 -0000	1.127
-+++ libtiff/libtiff/tif_dir.c	3 Dec 2016 15:30:31 -0000	1.128
-@@ -1,4 +1,4 @@
--/* $Id: tif_dir.c,v 1.127 2016-10-25 21:35:15 erouault Exp $ */
-+/* $Id: tif_dir.c,v 1.128 2016-12-03 15:30:31 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -854,6 +854,32 @@
- 	if( fip == NULL ) /* cannot happen since TIFFGetField() already checks it */
- 	    return 0;
- 	
-+        if( tag == TIFFTAG_NUMBEROFINKS )
-+        {
-+            int i;
-+            for (i = 0; i < td->td_customValueCount; i++) {
-+                uint16 val;
-+                TIFFTagValue *tv = td->td_customValues + i;
-+                if (tv->info->field_tag != tag)
-+                    continue;
-+                val = *(uint16 *)tv->value;
-+                /* Truncate to SamplesPerPixel, since the */
-+                /* setting code for INKNAMES assume that there are SamplesPerPixel */
-+                /* inknames. */
-+                /* Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 */
-+                if( val > td->td_samplesperpixel )
-+                {
-+                    TIFFWarningExt(tif->tif_clientdata,"_TIFFVGetField",
-+                                   "Truncating NumberOfInks from %u to %u",
-+                                   val, td->td_samplesperpixel);
-+                    val = td->td_samplesperpixel;
-+                }
-+                *va_arg(ap, uint16*) = val;
-+                return 1;
-+            }
-+            return 0;
-+        }
-+
- 	/*
- 	 * We want to force the custom code to be used for custom
- 	 * fields even if the tag happens to match a well known 
diff --git a/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch b/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch
deleted file mode 100644
index 8166c55758..0000000000
--- a/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-Fix heap-based buffer overflow in combineSeparateSamples16bits():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2621
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcrop.c: add 3 extra bytes at end of strip buffer in
-        readSeparateStripsIntoBuffer() to avoid read outside of heap allocated
-buffer.
-        Reported by Agostina Sarubo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2621
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1179; previous revision: 1.1178
-/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v  <--  tools/tiffcrop.c
-new revision: 1.48; previous revision: 1.47
-
-Index: libtiff/tools/tiffcrop.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v
-retrieving revision 1.47
-retrieving revision 1.48
-diff -u -r1.47 -r1.48
---- libtiff/tools/tiffcrop.c	3 Dec 2016 11:35:56 -0000	1.47
-+++ libtiff/tools/tiffcrop.c	3 Dec 2016 12:19:32 -0000	1.48
-@@ -1,4 +1,4 @@
--/* $Id: tiffcrop.c,v 1.47 2016-12-03 11:35:56 erouault Exp $ */
-+/* $Id: tiffcrop.c,v 1.48 2016-12-03 12:19:32 erouault Exp $ */
- 
- /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of
-  * the image data through additional options listed below
-@@ -4815,10 +4815,17 @@
-   nstrips = TIFFNumberOfStrips(in);
-   strips_per_sample = nstrips /spp;
- 
-+  /* Add 3 padding bytes for combineSeparateSamples32bits */
-+  if( (size_t) stripsize > 0xFFFFFFFFU - 3U )
-+  {
-+      TIFFError("readSeparateStripsIntoBuffer", "Integer overflow when calculating buffer size.");
-+      exit(-1);
-+  }
-+
-   for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
-     {
-     srcbuffs[s] = NULL;
--    buff = _TIFFmalloc(stripsize);
-+    buff = _TIFFmalloc(stripsize + 3);
-     if (!buff)
-       {
-       TIFFError ("readSeparateStripsIntoBuffer", 
-@@ -4827,6 +4834,9 @@
-         _TIFFfree (srcbuffs[i]);
-       return 0;
-       }
-+    buff[stripsize] = 0;
-+    buff[stripsize+1] = 0;
-+    buff[stripsize+2] = 0;
-     srcbuffs[s] = buff;
-     }
- 
diff --git a/gnu/packages/patches/libtiff-invalid-read.patch b/gnu/packages/patches/libtiff-invalid-read.patch
deleted file mode 100644
index 92742d8757..0000000000
--- a/gnu/packages/patches/libtiff-invalid-read.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-Fix invalid read in t2p_writeproc():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2639
-
-2016-12-20 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiff2pdf.c: avoid potential invalid memory read in
-        t2p_writeproc.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2639
-
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1198; previous revision: 1.1197
-/cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v  <--  tools/tiff2pdf.c
-new revision: 1.100; previous revision: 1.99
-
-Index: libtiff/tools/tiff2pdf.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v
-retrieving revision 1.99
-retrieving revision 1.100
-diff -u -r1.99 -r1.100
---- libtiff/tools/tiff2pdf.c	20 Dec 2016 17:13:26 -0000	1.99
-+++ libtiff/tools/tiff2pdf.c	20 Dec 2016 17:24:35 -0000	1.100
-@@ -2896,6 +2896,7 @@
- 			}
- 			if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) {
- 				if (count >= 4) {
-+                                        int retTIFFReadRawTile;
-                     /* Ignore EOI marker of JpegTables */
- 					_TIFFmemcpy(buffer, jpt, count - 2);
- 					bufferoffset += count - 2;
-@@ -2903,22 +2904,23 @@
- 					table_end[0] = buffer[bufferoffset-2];
- 					table_end[1] = buffer[bufferoffset-1];
- 					xuint32 = bufferoffset;
--                    bufferoffset -= 2;
--					bufferoffset += TIFFReadRawTile(
-+                                        bufferoffset -= 2;
-+                                        retTIFFReadRawTile= TIFFReadRawTile(
- 						input, 
- 						tile, 
- 						(tdata_t) &(((unsigned char*)buffer)[bufferoffset]), 
- 						-1);
-+                                        if( retTIFFReadRawTile < 0 )
-+                                        {
-+                                            _TIFFfree(buffer);
-+                                            t2p->t2p_error = T2P_ERR_ERROR;
-+                                            return(0);
-+                                        }
-+					bufferoffset += retTIFFReadRawTile;
-                     /* Overwrite SOI marker of image scan with previously */
-                     /* saved end of JpegTables */
- 					buffer[xuint32-2]=table_end[0];
- 					buffer[xuint32-1]=table_end[1];
--				} else {
--					bufferoffset += TIFFReadRawTile(
--						input, 
--						tile, 
--						(tdata_t) &(((unsigned char*)buffer)[bufferoffset]), 
--						-1);
- 				}
- 			}
- 			t2pWriteFile(output, (tdata_t) buffer, bufferoffset);
diff --git a/gnu/packages/patches/libtiff-null-dereference.patch b/gnu/packages/patches/libtiff-null-dereference.patch
deleted file mode 100644
index 8c6345b804..0000000000
--- a/gnu/packages/patches/libtiff-null-dereference.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Fix NULL pointer dereference in TIFFReadRawData():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2594
-
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffinfo.c: fix null pointer dereference in -r mode when
-        * the
-image has
-        no StripByteCount tag.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2594
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1182; previous revision: 1.1181
-/cvs/maptools/cvsroot/libtiff/tools/tiffinfo.c,v  <--  tools/tiffinfo.c
-new revision: 1.26; previous revision: 1.25
-
-Index: libtiff/tools/tiffinfo.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffinfo.c,v
-retrieving revision 1.25
-retrieving revision 1.26
-diff -u -r1.25 -r1.26
---- libtiff/tools/tiffinfo.c	12 Nov 2016 20:06:05 -0000	1.25
-+++ libtiff/tools/tiffinfo.c	3 Dec 2016 14:18:49 -0000	1.26
-@@ -1,4 +1,4 @@
--/* $Id: tiffinfo.c,v 1.25 2016-11-12 20:06:05 bfriesen Exp $ */
-+/* $Id: tiffinfo.c,v 1.26 2016-12-03 14:18:49 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -417,7 +417,7 @@
- 	uint64* stripbc=NULL;
- 
- 	TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &stripbc);
--	if (nstrips > 0) {
-+	if (stripbc != NULL && nstrips > 0) {
- 		uint32 bufsize = (uint32) stripbc[0];
- 		tdata_t buf = _TIFFmalloc(bufsize);
- 		tstrip_t s;
diff --git a/gnu/packages/patches/libtiff-tiffcp-underflow.patch b/gnu/packages/patches/libtiff-tiffcp-underflow.patch
deleted file mode 100644
index 5615cbb3e1..0000000000
--- a/gnu/packages/patches/libtiff-tiffcp-underflow.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-Fix a integer underflow in tiffcp that led to heap overflows in
-TIFFReverseBits():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2598
-
-2016-12-02 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips that 
-        can cause various issues, such as buffer overflows in the library.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2598
-
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1174; previous revision: 1.1173
-/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
-new revision: 1.56; previous revision: 1.55
-
-Index: libtiff/tools/tiffcp.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
-retrieving revision 1.55
-retrieving revision 1.56
-diff -u -r1.55 -r1.56
---- libtiff/tools/tiffcp.c	8 Oct 2016 15:54:57 -0000	1.55
-+++ libtiff/tools/tiffcp.c	2 Dec 2016 22:13:32 -0000	1.56
-@@ -1,4 +1,4 @@
--/* $Id: tiffcp.c,v 1.55 2016-10-08 15:54:57 erouault Exp $ */
-+/* $Id: tiffcp.c,v 1.56 2016-12-02 22:13:32 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -985,7 +985,7 @@
- 		tstrip_t s, ns = TIFFNumberOfStrips(in);
- 		uint32 row = 0;
- 		_TIFFmemset(buf, 0, stripsize);
--		for (s = 0; s < ns; s++) {
-+		for (s = 0; s < ns && row < imagelength; s++) {
- 			tsize_t cc = (row + rowsperstrip > imagelength) ?
- 			    TIFFVStripSize(in, imagelength - row) : stripsize;
- 			if (TIFFReadEncodedStrip(in, s, buf, cc) < 0
diff --git a/gnu/packages/patches/libunistring-gnulib-multi-core.patch b/gnu/packages/patches/libunistring-gnulib-multi-core.patch
new file mode 100644
index 0000000000..709b20c6d2
--- /dev/null
+++ b/gnu/packages/patches/libunistring-gnulib-multi-core.patch
@@ -0,0 +1,178 @@
+This patch fixes performance problems on multi-core machines
+as reported at <https://bugs.gnu.org/26441>.
+
+See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib
+by Bruno Haible <bruno@clisp.org>.
+
+diff --git a/tests/test-lock.c b/tests/test-lock.c
+index cb734b4e6..aa6de2739 100644
+--- a/tests/test-lock.c
++++ b/tests/test-lock.c
+@@ -50,6 +50,13 @@
+    Uncomment this to see if the operating system has a fair scheduler.  */
+ #define EXPLICIT_YIELD 1
+ 
++/* Whether to use 'volatile' on some variables that communicate information
++   between threads.  If set to 0, a lock is used to protect these variables.
++   If set to 1, 'volatile' is used; this is theoretically equivalent but can
++   lead to much slower execution (e.g. 30x slower total run time on a 40-core
++   machine.  */
++#define USE_VOLATILE 0
++
+ /* Whether to print debugging messages.  */
+ #define ENABLE_DEBUGGING 0
+ 
+@@ -103,6 +110,51 @@
+ # define yield()
+ #endif
+ 
++#if USE_VOLATILE
++struct atomic_int {
++  volatile int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  return ai->value;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  ai->value = new_value;
++}
++#else
++struct atomic_int {
++  gl_lock_define (, lock)
++  int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++  gl_lock_init (ai->lock);
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  gl_lock_lock (ai->lock);
++  int ret = ai->value;
++  gl_lock_unlock (ai->lock);
++  return ret;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  gl_lock_lock (ai->lock);
++  ai->value = new_value;
++  gl_lock_unlock (ai->lock);
++}
++#endif
++
+ #define ACCOUNT_COUNT 4
+ 
+ static int account[ACCOUNT_COUNT];
+@@ -170,12 +222,12 @@ lock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int lock_checker_done;
++static struct atomic_int lock_checker_done;
+ 
+ static void *
+ lock_checker_thread (void *arg)
+ {
+-  while (!lock_checker_done)
++  while (get_atomic_int_value (&lock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_lock_lock (my_lock);
+@@ -200,7 +252,8 @@ test_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  lock_checker_done = 0;
++  init_atomic_int (&lock_checker_done);
++  set_atomic_int_value (&lock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (lock_checker_thread, NULL);
+@@ -210,7 +263,7 @@ test_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  lock_checker_done = 1;
++  set_atomic_int_value (&lock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
+@@ -254,12 +307,12 @@ rwlock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int rwlock_checker_done;
++static struct atomic_int rwlock_checker_done;
+ 
+ static void *
+ rwlock_checker_thread (void *arg)
+ {
+-  while (!rwlock_checker_done)
++  while (get_atomic_int_value (&rwlock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ());
+       gl_rwlock_rdlock (my_rwlock);
+@@ -284,7 +337,8 @@ test_rwlock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  rwlock_checker_done = 0;
++  init_atomic_int (&rwlock_checker_done);
++  set_atomic_int_value (&rwlock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+@@ -295,7 +349,7 @@ test_rwlock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  rwlock_checker_done = 1;
++  set_atomic_int_value (&rwlock_checker_done, 1);
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (checkerthreads[i], NULL);
+   check_accounts ();
+@@ -356,12 +410,12 @@ reclock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int reclock_checker_done;
++static struct atomic_int reclock_checker_done;
+ 
+ static void *
+ reclock_checker_thread (void *arg)
+ {
+-  while (!reclock_checker_done)
++  while (get_atomic_int_value (&reclock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_recursive_lock_lock (my_reclock);
+@@ -386,7 +440,8 @@ test_recursive_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  reclock_checker_done = 0;
++  init_atomic_int (&reclock_checker_done);
++  set_atomic_int_value (&reclock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (reclock_checker_thread, NULL);
+@@ -396,7 +451,7 @@ test_recursive_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  reclock_checker_done = 1;
++  set_atomic_int_value (&reclock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
diff --git a/gnu/packages/patches/mesa-fix-32bit-test-failures.patch b/gnu/packages/patches/mesa-fix-32bit-test-failures.patch
deleted file mode 100644
index e21e87cef6..0000000000
--- a/gnu/packages/patches/mesa-fix-32bit-test-failures.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-Fix a test failure when building for 32 bit architectures:
-
-http://lists.gnu.org/archive/html/guix-devel/2017-04/msg00381.html
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/mesa/mesa/commit/?id=61bbb25a080e48a8ca897ba7f6e73cc6a8e9b5b8
-
-From 61bbb25a080e48a8ca897ba7f6e73cc6a8e9b5b8 Mon Sep 17 00:00:00 2001
-From: Grazvydas Ignotas <notasas@gmail.com>
-Date: Thu, 9 Mar 2017 02:54:53 +0200
-Subject: [PATCH] util/disk_cache: fix size subtraction on 32bit
-
-Negating size_t on 32bit produces a 32bit result. This was effectively
-adding values close to UINT_MAX to the cache size (the files are usually
-small) instead of intended subtraction.
-Fixes 'make check' disk_cache failures on 32bit.
-
-Signed-off-by: Grazvydas Ignotas <notasas@gmail.com>
-Reviewed-by: Timothy Arceri <tarceri@itsqueeze.com>
----
- src/util/disk_cache.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/util/disk_cache.c b/src/util/disk_cache.c
-index 5470688df3..facdcecf7c 100644
---- a/src/util/disk_cache.c
-+++ b/src/util/disk_cache.c
-@@ -603,7 +603,7 @@ evict_random_item(struct disk_cache *cache)
-    free(dir_path);
- 
-    if (size) {
--      p_atomic_add(cache->size, - size);
-+      p_atomic_add(cache->size, - (uint64_t)size);
-       return;
-    }
- 
-@@ -624,7 +624,7 @@ evict_random_item(struct disk_cache *cache)
-    free(dir_path);
- 
-    if (size)
--      p_atomic_add(cache->size, - size);
-+      p_atomic_add(cache->size, - (uint64_t)size);
- }
- 
- void
-#@@ -646,7 +646,7 @@ disk_cache_remove(struct disk_cache *cache, const cache_key key)
-#    free(filename);
-# 
-#    if (sb.st_size)
-#-      p_atomic_add(cache->size, - sb.st_size);
-#+      p_atomic_add(cache->size, - (uint64_t)sb.st_size);
-# }
-# 
-# /* From the zlib docs:
--- 
-2.12.2
-
diff --git a/gnu/packages/patches/mesa-skip-disk-cache-test.patch b/gnu/packages/patches/mesa-skip-disk-cache-test.patch
index 4377110475..b3f9367fd5 100644
--- a/gnu/packages/patches/mesa-skip-disk-cache-test.patch
+++ b/gnu/packages/patches/mesa-skip-disk-cache-test.patch
@@ -5,16 +5,15 @@ for now.
 
 --- a/src/compiler/glsl/tests/cache_test.c
 +++ b/src/compiler/glsl/tests/cache_test.c
-@@ -137,11 +137,6 @@
+@@ -170,11 +170,6 @@
     unsetenv("MESA_GLSL_CACHE_DIR");
     unsetenv("XDG_CACHE_HOME");
 
--   cache = disk_cache_create();
+-   cache = disk_cache_create("test", "make_check");
 -   expect_non_null(cache, "disk_cache_create with no environment variables");
 -
 -   disk_cache_destroy(cache);
 -
     /* Test with XDG_CACHE_HOME set */
     setenv("XDG_CACHE_HOME", CACHE_TEST_TMP "/xdg-cache-home", 1);
-    cache = disk_cache_create();
-
+    cache = disk_cache_create("test", "make_check");
diff --git a/gnu/packages/patches/metabat-fix-boost-issue.patch b/gnu/packages/patches/metabat-fix-boost-issue.patch
new file mode 100644
index 0000000000..3382d84d66
--- /dev/null
+++ b/gnu/packages/patches/metabat-fix-boost-issue.patch
@@ -0,0 +1,27 @@
+This patch fixes the issue described at
+https://bitbucket.org/berkeleylab/metabat/issues/28/compilation-fail-with-boost-164
+
+diff --git a/src/metabat.h b/src/metabat.h
+index 32ae94c..2292c04 100644
+--- a/src/metabat.h
++++ b/src/metabat.h
+@@ -35,6 +35,7 @@ KSEQ_INIT(gzFile, gzread)
+ 
+ #include <boost/program_options.hpp>
+ #include <boost/algorithm/string.hpp>
++#include <boost/serialization/array_wrapper.hpp>
+ #include <boost/numeric/ublas/matrix.hpp>
+ #include <boost/math/distributions.hpp>
+ #include <boost/serialization/serialization.hpp>
+diff --git a/src/metabat2.h b/src/metabat2.h
+index 60a9998..19fa815 100644
+--- a/src/metabat2.h
++++ b/src/metabat2.h
+@@ -41,6 +41,7 @@ KSEQ_INIT(gzFile, gzread)
+ 
+ #include <boost/program_options.hpp>
+ #include <boost/algorithm/string.hpp>
++#include <boost/serialization/array_wrapper.hpp>
+ #include <boost/numeric/ublas/matrix.hpp>
+ #include <boost/numeric/ublas/matrix_sparse.hpp>
+ #include <boost/numeric/ublas/matrix_proxy.hpp>
diff --git a/gnu/packages/patches/pcre-CVE-2017-7186.patch b/gnu/packages/patches/pcre-CVE-2017-7186.patch
new file mode 100644
index 0000000000..d23aa10374
--- /dev/null
+++ b/gnu/packages/patches/pcre-CVE-2017-7186.patch
@@ -0,0 +1,56 @@
+Patch for <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-7186>
+from <https://vcs.pcre.org/pcre?view=revision&revision=1688>.
+
+--- trunk/pcre_internal.h	2016/05/21 13:34:44	1649
++++ trunk/pcre_internal.h	2017/02/24 17:30:30	1688
+@@ -2772,6 +2772,9 @@
+ extern const pcre_uint16 PRIV(ucd_stage2)[];
+ extern const pcre_uint32 PRIV(ucp_gentype)[];
+ extern const pcre_uint32 PRIV(ucp_gbtable)[];
++#ifdef COMPILE_PCRE32
++extern const ucd_record  PRIV(dummy_ucd_record)[];
++#endif
+ #ifdef SUPPORT_JIT
+ extern const int         PRIV(ucp_typerange)[];
+ #endif
+@@ -2780,9 +2783,15 @@
+ /* UCD access macros */
+ 
+ #define UCD_BLOCK_SIZE 128
+-#define GET_UCD(ch) (PRIV(ucd_records) + \
++#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \
+         PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \
+         UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE])
++        
++#ifdef COMPILE_PCRE32
++#define GET_UCD(ch) ((ch > 0x10ffff)? PRIV(dummy_ucd_record) : REAL_GET_UCD(ch))
++#else
++#define GET_UCD(ch) REAL_GET_UCD(ch)
++#endif 
+ 
+ #define UCD_CHARTYPE(ch)    GET_UCD(ch)->chartype
+ #define UCD_SCRIPT(ch)      GET_UCD(ch)->script
+
+--- trunk/pcre_ucd.c	2014/06/19 07:51:39	1490
++++ trunk/pcre_ucd.c	2017/02/24 17:30:30	1688
+@@ -38,6 +38,20 @@
+ const pcre_uint32 PRIV(ucd_caseless_sets)[] = {0};
+ #else
+ 
++/* If the 32-bit library is run in non-32-bit mode, character values
++greater than 0x10ffff may be encountered. For these we set up a
++special record. */
++
++#ifdef COMPILE_PCRE32
++const ucd_record PRIV(dummy_ucd_record)[] = {{
++  ucp_Common,    /* script */
++  ucp_Cn,        /* type unassigned */
++  ucp_gbOther,   /* grapheme break property */
++  0,             /* case set */
++  0,             /* other case */
++  }};
++#endif
++
+ /* When recompiling tables with a new Unicode version, please check the
+ types in this structure definition from pcre_internal.h (the actual
+ field names will be different):
diff --git a/gnu/packages/patches/perl-net-ssleay-disable-ede-test.patch b/gnu/packages/patches/perl-net-ssleay-disable-ede-test.patch
deleted file mode 100644
index 16f136fb54..0000000000
--- a/gnu/packages/patches/perl-net-ssleay-disable-ede-test.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-Disable a test that fails with openssl-1.0.2b.
-
---- Net-SSLeay-1.68/t/local/33_x509_create_cert.t.orig	2014-06-07 02:01:39.000000000 -0400
-+++ Net-SSLeay-1.68/t/local/33_x509_create_cert.t	2015-06-12 03:38:57.620286888 -0400
-@@ -2,7 +2,7 @@
- 
- use strict;
- use warnings;
--use Test::More tests => 123;
-+use Test::More tests => 122;
- use Net::SSLeay qw/MBSTRING_ASC MBSTRING_UTF8 EVP_PK_RSA EVP_PKT_SIGN EVP_PKT_ENC/;
- use File::Spec;
- use utf8;
-@@ -101,7 +101,8 @@
-   like(my $key_pem3 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg1), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg");
-   
-   ok(my $alg2 = Net::SSLeay::EVP_get_cipherbyname("DES-EDE3-OFB"), "EVP_get_cipherbyname");
--  like(my $key_pem4 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg2), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg");
-+  # This test fails with openssl-1.0.2b
-+  #like(my $key_pem4 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg2), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg");
-   
-   is(Net::SSLeay::X509_NAME_print_ex($name), "O=Company Name,C=UK,CN=Common name text X509", "X509_NAME_print_ex");  
- 
diff --git a/gnu/packages/patches/perl-no-sys-dirs.patch b/gnu/packages/patches/perl-no-sys-dirs.patch
index da91fef3b4..31d53e0353 100644
--- a/gnu/packages/patches/perl-no-sys-dirs.patch
+++ b/gnu/packages/patches/perl-no-sys-dirs.patch
@@ -1,6 +1,7 @@
 Don't look for headers and libraries in "traditional" locations.
 
-Patch from Nixpkgs by Eelco Dolstra <eelco.dolstra@logicblox.com>.
+Patch adapted from Nixpkgs, originally by Eelco Dolstra
+<eelco.dolstra@logicblox.com>.
 
 diff -ru -x '*~' -x '*.rej' perl-5.20.0-orig/Configure perl-5.20.0/Configure
 --- perl-5.20.0-orig/Configure	2014-05-26 15:34:18.000000000 +0200
@@ -185,39 +186,6 @@ diff -ru -x '*~' -x '*.rej' perl-5.20.0-orig/hints/linux.sh perl-5.20.0/hints/li
  case "$plibpth" in
  '') plibpth=`LANG=C LC_ALL=C $gcc $ccflags $ldflags -print-search-dirs | grep libraries |
  	cut -f2- -d= | tr ':' $trnl | grep -v 'gcc' | sed -e 's:/$::'`
-@@ -178,32 +159,6 @@
-     ;;
- esac
- 
--case "$libc" in
--'')
--# If you have glibc, then report the version for ./myconfig bug reporting.
--# (Configure doesn't need to know the specific version since it just uses
--# gcc to load the library for all tests.)
--# We don't use __GLIBC__ and  __GLIBC_MINOR__ because they
--# are insufficiently precise to distinguish things like
--# libc-2.0.6 and libc-2.0.7.
--    for p in $plibpth
--    do
--        for trylib in libc.so.6 libc.so
--        do
--            if $test -e $p/$trylib; then
--                libc=`ls -l $p/$trylib | awk '{print $NF}'`
--                if $test "X$libc" != X; then
--                    break
--                fi
--            fi
--        done
--        if $test "X$libc" != X; then
--            break
--        fi
--    done
--    ;;
--esac
--
- # Are we using ELF?  Thanks to Kenneth Albanowski <kjahds@kjahds.com>
- # for this test.
- cat >try.c <<'EOM'
 @@ -367,33 +322,6 @@
  	;;
  esac
@@ -252,3 +220,40 @@ diff -ru -x '*~' -x '*.rej' perl-5.20.0-orig/hints/linux.sh perl-5.20.0/hints/li
  # Linux on Synology.
  if [ -f /etc/synoinfo.conf -a -d /usr/syno ]; then
      # Tested on Synology DS213 and DS413
+diff --git a/hints/linux.sh b/hints/linux.sh
+index 3f38ea0..97aed11 100644
+--- a/hints/linux.sh
++++ b/hints/linux.sh
+@@ -195,32 +195,6 @@ case "$usequadmath" in
+   ;;
+ esac
+ 
+-case "$libc" in
+-'')
+-# If you have glibc, then report the version for ./myconfig bug reporting.
+-# (Configure doesn't need to know the specific version since it just uses
+-# gcc to load the library for all tests.)
+-# We don't use __GLIBC__ and  __GLIBC_MINOR__ because they
+-# are insufficiently precise to distinguish things like
+-# libc-2.0.6 and libc-2.0.7.
+-    for p in $plibpth
+-    do
+-        for trylib in libc.so.6 libc.so
+-        do
+-            if $test -e $p/$trylib; then
+-                libc=`ls -l $p/$trylib | awk '{print $NF}'`
+-                if $test "X$libc" != X; then
+-                    break
+-                fi
+-            fi
+-        done
+-        if $test "X$libc" != X; then
+-            break
+-        fi
+-    done
+-    ;;
+-esac
+-
+ if ${sh:-/bin/sh} -c exit; then
+   echo ''
+   echo 'You appear to have a working bash.  Good.'
diff --git a/gnu/packages/patches/poppler-CVE-2017-9776.patch b/gnu/packages/patches/poppler-CVE-2017-9776.patch
deleted file mode 100644
index 17a2807171..0000000000
--- a/gnu/packages/patches/poppler-CVE-2017-9776.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Fix CVE-2017-9776:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776
-https://bugs.freedesktop.org/show_bug.cgi?id=101541
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/poppler/poppler/commit/?id=a3a98a6d83dfbf49f565f5aa2d7c07153a7f62fc
-
-From 55db66c69fd56826b8523710046deab1a8d14ba2 Mon Sep 17 00:00:00 2001
-From: Albert Astals Cid <aacid@kde.org>
-Date: Wed, 21 Jun 2017 00:55:20 +0200
-Subject: [PATCH] Fix crash in malformed documents
-
----
- poppler/JBIG2Stream.cc | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
-index 48535883..d89108c8 100644
---- a/poppler/JBIG2Stream.cc
-+++ b/poppler/JBIG2Stream.cc
-@@ -896,7 +896,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y,
-   oneByte = x0 == ((x1 - 1) & ~7);
- 
-   for (yy = y0; yy < y1; ++yy) {
--    if (unlikely(y + yy) >= h)
-+    if (unlikely((y + yy >= h) || (y + yy < 0)))
-       continue;
- 
-     // one byte per line -- need to mask both left and right side
--- 
-2.13.2
-
diff --git a/gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch b/gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch
deleted file mode 100644
index 353a16e322..0000000000
--- a/gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-Copied from:
-
-  https://cgit.freedesktop.org/poppler/poppler/patch/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a
-
-From 5c9b08a875b07853be6c44e43ff5f7f059df666a Mon Sep 17 00:00:00 2001
-From: Albert Astals Cid <aacid@kde.org>
-Date: Sat, 27 May 2017 00:09:17 +0200
-Subject: pdfunite: Fix crash with broken documents
-
-Sometimes we can't parse pages so check before accessing them
-
-Thanks to Jiaqi Peng for the report
-
-Fixes bugs #101153 and #101149
-
-diff --git a/utils/pdfunite.cc b/utils/pdfunite.cc
-index dfe48bf..c32e201 100644
---- a/utils/pdfunite.cc
-+++ b/utils/pdfunite.cc
-@@ -7,7 +7,7 @@
- // Copyright (C) 2011-2015, 2017 Thomas Freitag <Thomas.Freitag@alfa.de>
- // Copyright (C) 2012 Arseny Solokha <asolokha@gmx.com>
- // Copyright (C) 2012 Fabio D'Urso <fabiodurso@hotmail.it>
--// Copyright (C) 2012, 2014 Albert Astals Cid <aacid@kde.org>
-+// Copyright (C) 2012, 2014, 2017 Albert Astals Cid <aacid@kde.org>
- // Copyright (C) 2013 Adrian Johnson <ajohnson@redneon.com>
- // Copyright (C) 2013 Hib Eris <hib@hiberis.nl>
- // Copyright (C) 2015 Arthur Stavisky <vovodroid@gmail.com>
-@@ -268,15 +268,15 @@ int main (int argc, char *argv[])
-     catDict->lookup("OutputIntents", &intents);
-     catDict->lookupNF("AcroForm", &afObj);
-     Ref *refPage = docs[0]->getCatalog()->getPageRef(1);
--    if (!afObj.isNull()) {
-+    if (!afObj.isNull() && refPage) {
-       docs[0]->markAcroForm(&afObj, yRef, countRef, 0, refPage->num, refPage->num);
-     }
-     catDict->lookupNF("OCProperties", &ocObj);
--    if (!ocObj.isNull() && ocObj.isDict()) {
-+    if (!ocObj.isNull() && ocObj.isDict() && refPage) {
-       docs[0]->markPageObjects(ocObj.getDict(), yRef, countRef, 0, refPage->num, refPage->num);
-     }
-     catDict->lookup("Names", &names);
--    if (!names.isNull() && names.isDict()) {
-+    if (!names.isNull() && names.isDict() && refPage) {
-       docs[0]->markPageObjects(names.getDict(), yRef, countRef, 0, refPage->num, refPage->num);
-     }
-     if (intents.isArray() && intents.arrayGetLength() > 0) {
-@@ -353,6 +353,10 @@ int main (int argc, char *argv[])
- 
-   for (i = 0; i < (int) docs.size(); i++) {
-     for (j = 1; j <= docs[i]->getNumPages(); j++) {
-+      if (!docs[i]->getCatalog()->getPage(j)) {
-+        continue;
-+      }
-+
-       PDFRectangle *cropBox = NULL;
-       if (docs[i]->getCatalog()->getPage(j)->isCropped())
-         cropBox = docs[i]->getCatalog()->getPage(j)->getCropBox();
--- 
-cgit v0.10.2
-
diff --git a/gnu/packages/patches/python-file-double-encoding-bug.patch b/gnu/packages/patches/python-file-double-encoding-bug.patch
deleted file mode 100644
index bbe825c36a..0000000000
--- a/gnu/packages/patches/python-file-double-encoding-bug.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-Fix bug that breaks file's Python bindings when using Python 3. This patch
-should not be applied when using Python 2.
-
-Copied from upstream source repository:
-
-https://github.com/file/file/commit/73e043d2a986234b187a00ed0c8d1f7bf83df372
-
-From 73e043d2a986234b187a00ed0c8d1f7bf83df372 Mon Sep 17 00:00:00 2001
-From: Christos Zoulas <christos@zoulas.com>
-Date: Tue, 28 Jun 2016 17:10:22 +0000
-Subject: [PATCH] PR/562: Reiner Herrmann: Avoid double encoding with python3
-
----
- python/magic.py | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/python/magic.py b/python/magic.py
-index c48f7d5..b0f7a17 100644
---- a/python/magic.py
-+++ b/python/magic.py
-@@ -134,7 +134,7 @@ class Magic(object):
-         if isinstance(r, str):
-             return r
-         else:
--            return str(r).encode('utf-8')
-+            return str(r, 'utf-8')
- 
-     def descriptor(self, fd):
-         """
-@@ -152,7 +152,7 @@ class Magic(object):
-         if isinstance(r, str):
-             return r
-         else:
--            return str(r).encode('utf-8')
-+            return str(r, 'utf-8')
- 
-     def error(self):
-         """
-@@ -163,7 +163,7 @@ class Magic(object):
-         if isinstance(e, str):
-             return e
-         else:
--            return str(e).encode('utf-8')
-+            return str(e, 'utf-8')
- 
-     def setflags(self, flags):
-         """
--- 
-2.10.1
-
diff --git a/gnu/packages/patches/shishi-fix-libgcrypt-detection.patch b/gnu/packages/patches/shishi-fix-libgcrypt-detection.patch
new file mode 100644
index 0000000000..3db42feac9
--- /dev/null
+++ b/gnu/packages/patches/shishi-fix-libgcrypt-detection.patch
@@ -0,0 +1,32 @@
+Fix building of Shishi with libgcrypt 1.6 and later.
+
+Patch copied from Debian:
+
+https://anonscm.debian.org/cgit/collab-maint/shishi.git/tree/debian/patches/fix_gcrypt_detection.diff?id=948301ae648a542a408da250755aeed58a6e3542
+
+Description: Fix autoconf gnutls detection to also accept gcrypt 1.6.
+Author: Andreas Metzler <ametzler@debian.org>
+Bug-Debian: http://bugs.debian.org/753150
+Origin: vendor
+Forwarded: no
+Last-Update: 2014-07-18
+
+--- shishi-1.0.2.orig/gl/m4/gc.m4
++++ shishi-1.0.2/gl/m4/gc.m4
+@@ -12,10 +12,12 @@ AC_DEFUN([gl_GC],
+   if test "$libgcrypt" != no; then
+     AC_LIB_HAVE_LINKFLAGS([gcrypt], [gpg-error], [
+ #include <gcrypt.h>
+-/* GCRY_MODULE_ID_USER was added in 1.4.4 and gc-libgcrypt.c
+-   will fail on startup if we don't have 1.4.4 or later, so
+-   test for it early. */
+-#if !defined GCRY_MODULE_ID_USER
++/* gc-libgcrypt.c will fail on startup if we don't have libgcrypt 1.4.4 or
++   later, test for it early. by checking for either
++   - GCRY_MODULE_ID_USER which was added in 1.4.4 and dropped in 1.6 or
++   - GCRYPT_VERSION_NUMBER which was added in 1.6.
++   */
++#if !defined GCRY_MODULE_ID_USER && !defined GCRYPT_VERSION_NUMBER
+ error too old libgcrypt
+ #endif
+ ])
diff --git a/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch b/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch
deleted file mode 100644
index 3a9ae993f6..0000000000
--- a/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Fix CVE-2016-10243:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10243
-
-Patch adapted from upstream commit:
-
-https://www.tug.org/svn/texlive?view=revision&revision=42605
-
---- trunk/Master/texmf-dist/web2c/texmf.cnf	2016/11/29 23:10:33	42604
-+++ trunk/Master/texmf-dist/web2c/texmf.cnf	2016/11/29 23:27:53	42605
-@@ -568,7 +568,6 @@ extractbb,\
- gregorio,\
- kpsewhich,\
- makeindex,\
--mpost,\
- repstopdf,\
- 
- % we'd like to allow:
diff --git a/gnu/packages/patches/wget-perl-5.26.patch b/gnu/packages/patches/wget-perl-5.26.patch
new file mode 100644
index 0000000000..ee3a984daa
--- /dev/null
+++ b/gnu/packages/patches/wget-perl-5.26.patch
@@ -0,0 +1,96 @@
+This upstream commit adjusts tests for Perl 5.26.
+
+commit 7ffe93cabb181f39ad5091c31ab9f61bd940a55f
+Author: Anton Yuzhaninov <citrin+github@citrin.ru>
+Date:   Wed Apr 5 19:06:42 2017 +0300
+
+    Fix perl warnings in tests
+    
+    * tests/FTPServer.pm: Escape '{' in RE to fix warnings
+    * tests/FTPTest.pm: Likewise
+    * tests/HTTPServer.pm: Likewise
+    * tests/HTTPTest.pm: Likewise
+    * tests/Test-proxied-https-auth-keepalive.px: Likewise
+    * tests/Test-proxied-https-auth.px: Likewise
+    Escape '{' in RE to fix warnings:
+    Unescaped left brace in regex is deprecated, passed through in regex;
+    marked by <-- HERE in m/{{ <-- HERE port}}/
+
+diff --git a/tests/FTPServer.pm b/tests/FTPServer.pm
+index a5185d66..cac80942 100644
+--- a/tests/FTPServer.pm
++++ b/tests/FTPServer.pm
+@@ -589,7 +589,7 @@ sub new
+     foreach my $file (keys %{$self->{_input}})
+     {
+         my $ref = \$self->{_input}{$file}{content};
+-        $$ref =~ s/{{port}}/$self->sockport/eg;
++        $$ref =~ s/\Q{{port}}/$self->sockport/eg;
+     }
+ 
+     return $self;
+diff --git a/tests/FTPTest.pm b/tests/FTPTest.pm
+index 50385ad0..0a1c768c 100644
+--- a/tests/FTPTest.pm
++++ b/tests/FTPTest.pm
+@@ -53,7 +53,7 @@ sub _substitute_port
+ {
+     my $self = shift;
+     my $ret  = shift;
+-    $ret =~ s/{{port}}/$self->{_server}->sockport/eg;
++    $ret =~ s/\Q{{port}}/$self->{_server}->sockport/eg;
+     return $ret;
+ }
+ 
+diff --git a/tests/HTTPServer.pm b/tests/HTTPServer.pm
+index dd8ec043..78609f65 100644
+--- a/tests/HTTPServer.pm
++++ b/tests/HTTPServer.pm
+@@ -310,7 +310,7 @@ sub _substitute_port
+ {
+     my $self = shift;
+     my $ret  = shift;
+-    $ret =~ s/{{port}}/$self->sockport/eg;
++    $ret =~ s/\Q{{port}}/$self->sockport/eg;
+     return $ret;
+ }
+ 
+diff --git a/tests/HTTPTest.pm b/tests/HTTPTest.pm
+index 00f079f8..6225c7f1 100644
+--- a/tests/HTTPTest.pm
++++ b/tests/HTTPTest.pm
+@@ -47,7 +47,7 @@ sub _substitute_port
+ {
+     my $self = shift;
+     my $ret  = shift;
+-    $ret =~ s/{{port}}/$self->{_server}->sockport/eg;
++    $ret =~ s/\Q{{port}}/$self->{_server}->sockport/eg;
+     return $ret;
+ }
+ 
+diff --git a/tests/Test-proxied-https-auth-keepalive.px b/tests/Test-proxied-https-auth-keepalive.px
+index 049bebec..2a18ccfd 100755
+--- a/tests/Test-proxied-https-auth-keepalive.px
++++ b/tests/Test-proxied-https-auth-keepalive.px
+@@ -153,7 +153,7 @@ my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee"
+     . " --password=Dodgson -e https_proxy=localhost:{{port}}"
+     . " --no-check-certificate"
+     . " https://no.such.domain/needs-auth.txt";
+-$cmdline =~ s/{{port}}/$SOCKET->sockport()/e;
++$cmdline =~ s/\Q{{port}}/$SOCKET->sockport()/e;
+ 
+ if (defined $srcdir) {
+     $VALGRIND_SUPP_FILE = $srcdir . '/valgrind-suppressions-ssl';
+diff --git a/tests/Test-proxied-https-auth.px b/tests/Test-proxied-https-auth.px
+index ce4e736c..878114e7 100755
+--- a/tests/Test-proxied-https-auth.px
++++ b/tests/Test-proxied-https-auth.px
+@@ -152,7 +152,7 @@ my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee"
+     . " --password=Dodgson -e https_proxy=localhost:{{port}}"
+     . " --no-check-certificate"
+     . " https://no.such.domain/needs-auth.txt";
+-$cmdline =~ s/{{port}}/$SOCKET->sockport()/e;
++$cmdline =~ s/\Q{{port}}/$SOCKET->sockport()/e;
+ 
+ if (defined $srcdir) {
+     $VALGRIND_SUPP_FILE = $srcdir . '/valgrind-suppressions-ssl';
diff --git a/gnu/packages/pciutils.scm b/gnu/packages/pciutils.scm
index 7c9856468d..e428aaedb0 100644
--- a/gnu/packages/pciutils.scm
+++ b/gnu/packages/pciutils.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -30,7 +30,7 @@
 (define-public pciutils
   (package
     (name "pciutils")
-    (version "3.5.4")
+    (version "3.5.5")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -38,7 +38,7 @@
                     version ".tar.xz"))
               (sha256
                (base32
-                "0rpy7kkb2y89wmbcbfjjjxsk2x89v5xxhxib4vpl131ip5m3qab4"))))
+                "1x9rb5y82rzg8b67lh42yy9ag9xr7kzibz566lffd41g37xghqhx"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -56,12 +56,18 @@
                  ;; $prefix/share/man, and wrongly so.
                 (string-append "MANDIR := " (assoc-ref outputs "out")
                                "/share/man\n"))
+
                (("^SHARED=.*$")
                 ;; Build libpciutils.so.
                 "SHARED := yes\n")
                (("^ZLIB=.*$")
-                ;; Ask for zlib support.
-                "ZLIB := yes\n"))))
+                ;; Ask for zlib support, for 'pci.ids.gz' decompression.
+                "ZLIB := yes\n")
+
+               (("^IDSDIR=.*$")
+                ;; Installation directory of 'pci.ids.gz'.
+                "IDSDIR = $(SHAREDIR)/hwdata\n"))
+             #t))
          (replace 'install
            (lambda* (#:key outputs #:allow-other-keys)
              ;; Install the commands, library, and .pc files.
@@ -85,5 +91,6 @@
      "The PCI Utilities are a collection of programs for inspecting and
 manipulating configuration of PCI devices, all based on a common portable
 library libpci which offers access to the PCI configuration space on a variety
-of operating systems.  This includes the 'lspci' and 'setpci' commands.")
+of operating systems.  This includes the @command{lspci} and @command{setpci}
+commands.")
     (license license:gpl2+)))
diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm
index 8dd5099314..574ae4a6ba 100644
--- a/gnu/packages/pcre.scm
+++ b/gnu/packages/pcre.scm
@@ -43,6 +43,7 @@
                                  "pcre-" version ".tar.bz2")
                   (string-append "mirror://sourceforge/pcre/pcre/"
                                  version "/pcre-" version ".tar.bz2")))
+            (patches (search-patches "pcre-CVE-2017-7186.patch"))
             (sha256
              (base32
               "1x7lpjn7jhk0n3sdvggxrlrhab8kkfjwl7qix0ypw9nlx8lpmqh0"))))
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index 7b76955e23..0993543c20 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -76,15 +76,14 @@
 (define-public poppler
   (package
    (name "poppler")
-   (replacement poppler/fixed)
-   (version "0.52.0")
+   (version "0.56.0")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://poppler.freedesktop.org/poppler-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "14hrrac2f1phi5j0qn283457w06vsp9gr075yqjrm7w370bnd2sj"))))
+              "0wviayidfv2ix2ql0d4nl9r1ia6qi5kc1nybd9vjx27dk7gvm7c6"))))
    (build-system gnu-build-system)
    ;; FIXME:
    ;;  use libcurl:        no
@@ -130,23 +129,15 @@
    (license license:gpl2+)
    (home-page "https://poppler.freedesktop.org/")))
 
-(define poppler/fixed
-  (package (inherit poppler)
-  (source
-    (origin
-      (inherit (package-source poppler))
-      (patches (search-patches "poppler-fix-crash-with-broken-documents.patch"
-                               "poppler-CVE-2017-9776.patch"))))))
-
 (define-public poppler-qt4
-  (package/inherit poppler
+  (package (inherit poppler)
    (name "poppler-qt4")
    (inputs `(("qt-4" ,qt-4)
              ,@(package-inputs poppler)))
    (synopsis "Qt4 frontend for the Poppler PDF rendering library")))
 
 (define-public poppler-qt5
-  (package/inherit poppler
+  (package (inherit poppler)
    (name "poppler-qt5")
    (inputs `(("qtbase" ,qtbase)
              ,@(package-inputs poppler)))
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index 6a59e6bf86..4a87d0ae63 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -1,12 +1,12 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015, 2016 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2015 Eric Dvorsak <eric@dvorsak.fr>
 ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Jochem Raat <jchmrt@riseup.net>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Coypright © 2016 ng0 <ng0@libertad.pw>
 ;;; Copyright © 2016 Alex Sassmannshausen <alex@pompo.co>
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
@@ -16,6 +16,7 @@
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Adriano Peluso <catonano@gmail.com>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -51,16 +52,16 @@
   ;; Yeah, Perl...  It is required early in the bootstrap process by Linux.
   (package
     (name "perl")
-    (replacement perl/fixed)
-    (version "5.24.0")
+    (version "5.26.0")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://cpan/src/5.0/perl-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "00jj8zr8fnihrxxhl8h936ssczv5x86qb618yz1ig40d1rp0qhvy"))
+               "0zxn9hd7mqgq06ikyi6k70ngbvjf01z1paw0jd25byyl0rlwdrzb"))
              (patches (search-patches
+                       "perl-file-path-CVE-2017-6512.patch"
                        "perl-no-sys-dirs.patch"
                        "perl-autosplit-default-time.patch"
                        "perl-deterministic-ordering.patch"
@@ -148,17 +149,6 @@
     (home-page "http://www.perl.org/")
     (license gpl1+)))                          ; or "Artistic"
 
-(define perl/fixed
-  (package
-    (inherit perl)
-    (source
-      (origin
-        (inherit (package-source perl))
-        (patches
-          (append
-            (origin-patches (package-source perl))
-            (search-patches "perl-file-path-CVE-2017-6512.patch")))))))
-
 (define-public perl-algorithm-c3
   (package
     (name "perl-algorithm-c3")
@@ -426,6 +416,8 @@ compiling the surrounding scope.")
                (base32
                 "1gl9ybm9hgia3ld5s11b7bv2p2hmx5rss5hxcfy6rmbzrjcnci01"))))
     (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)))
     ;; The optional input module Statistics::PointEstimation (from
     ;; Statistics-TTest) lists no license.
     (synopsis "Benchmarking with statistical confidence")
@@ -700,15 +692,15 @@ Perl.")
 (define-public perl-carp-clan
   (package
     (name "perl-carp-clan")
-    (version "6.04")
+    (version "6.06")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/S/ST/STBEY/"
+       (uri (string-append "mirror://cpan/authors/id/K/KE/KENTNL/"
                            "Carp-Clan-" version ".tar.gz"))
        (sha256
         (base32
-         "1v71k8s1pi16l5y579gnrg372c6pdvy6qqm6iddm8h1dx7n16bjl"))))
+         "1m6902n6s627nsvyn2vyrk29q7lh6808hsdk7ka5cirm27vchjpa"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-test-exception" ,perl-test-exception)))
@@ -801,7 +793,8 @@ the same mk_accessors interface.")
          "1zp74yv023q3macrf4rv3i82z8pkffqyhh7xk9xg8fbr63ikwqf4"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-test-exception" ,perl-test-exception)))
+     `(("perl-module-install" ,perl-module-install)
+       ("perl-test-exception" ,perl-test-exception)))
     (propagated-inputs
      `(("perl-class-xsaccessor" ,perl-class-xsaccessor)
        ("perl-module-runtime" ,perl-module-runtime)
@@ -872,7 +865,8 @@ supporting the same interface, but using Class::C3 to do the hard work.")
          "1nzav8arxll0rya7r2vp032s3acliihbb9mjlfa13rywhh77bzvl"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-test-exception" ,perl-test-exception)))
+     `(("perl-module-install" ,perl-module-install)
+       ("perl-test-exception" ,perl-test-exception)))
     (propagated-inputs
      `(("perl-class-c3" ,perl-class-c3)
        ("perl-class-inspector" ,perl-class-inspector)
@@ -967,15 +961,15 @@ to the calling program.")
 (define-public perl-class-inspector
   (package
     (name "perl-class-inspector")
-    (version "1.28")
+    (version "1.31")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/A/AD/ADAMK/"
+       (uri (string-append "mirror://cpan/authors/id/P/PL/PLICEASE/"
                            "Class-Inspector-" version ".tar.gz"))
        (sha256
         (base32
-         "04iij8dbcgaim7g109frpyf7mh4ydsd8zh53r53chk0zxnivg91w"))))
+         "1sqfjgzxx1f951fykc6vgfvys4j8rxaw2zf3jq26yrvs3ygn8pq6"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/Class-Inspector")
     (synopsis "Get information about a class and its structure")
@@ -1207,15 +1201,15 @@ as defined by two typical specimens of Perl coders.")
 (define-public perl-config-any
   (package
     (name "perl-config-any")
-    (version "0.24")
+    (version "0.32")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/B/BR/BRICAS/"
+       (uri (string-append "mirror://cpan/authors/id/H/HA/HAARG/"
                            "Config-Any-" version ".tar.gz"))
        (sha256
         (base32
-         "06n6jn3q3xhk57icwip0ihzqixxav6sgp6rrb35hahj1z748y3vi"))))
+         "0l31sg7dwh4dwwnql42hp7arkhcm15bhsgfg4i6xvbjzy9f2mnk8"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-module-pluggable" ,perl-module-pluggable)))
@@ -1297,7 +1291,7 @@ and writing of @code{.ini}-style configuration files.")
 (define-public perl-context-preserve
   (package
     (name "perl-context-preserve")
-    (version "0.01")
+    (version "0.02")
     (source
      (origin
        (method url-fetch)
@@ -1305,7 +1299,7 @@ and writing of @code{.ini}-style configuration files.")
                            "Context-Preserve-" version ".tar.gz"))
        (sha256
         (base32
-         "0gssillawjknqks81x7fg7w2x94bnyklgd8ry2pr1k6ifkjhwz46"))))
+         "0qkjj1qifr87zlfpfnn21gdyrpfgilh8zp3b53008m2ax02k87gc"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-test-exception" ,perl-test-exception)
@@ -1320,7 +1314,7 @@ the caller.")
 (define-public perl-cpan-meta-check
   (package
     (name "perl-cpan-meta-check")
-    (version "0.011")
+    (version "0.014")
     (source
      (origin
        (method url-fetch)
@@ -1328,7 +1322,7 @@ the caller.")
                            "CPAN-Meta-Check-" version ".tar.gz"))
        (sha256
         (base32
-         "0nxi0xhhd3dwhgri3l8z8gpz2ibvhm5k7jjls8xmnlh0v84p04kh"))))
+         "07rmdbz1rbnb7w33vswn1wixlyh947sqr93xrvcph1hwzhmmg818"))))
     (build-system perl-build-system)
     (native-inputs `(("perl-test-deep" ,perl-test-deep)))
     (propagated-inputs `(("perl-cpan-meta" ,perl-cpan-meta)))
@@ -1529,15 +1523,15 @@ code that, when \"eval\"ed, produces a deep copy of the original arguments.")
 (define-public perl-data-dumper-concise
   (package
     (name "perl-data-dumper-concise")
-    (version "2.022")
+    (version "2.023")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/F/FR/FREW/"
+       (uri (string-append "mirror://cpan/authors/id/E/ET/ETHER/"
                            "Data-Dumper-Concise-" version ".tar.gz"))
        (sha256
         (base32
-         "0z7vxgk1f2kw2zpiimdsyf7jq9f4s5dhh3dlimq5yrirypnk03sc"))))
+         "0lsqbl1mxhkj0qnjfa1jrvx8wwbyi81bgwfyj1si6cdg7h8jzhm6"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/Data-Dumper-Concise")
     (synopsis "Concise data dumper")
@@ -1799,7 +1793,7 @@ hours, minutes, seconds, and time zones.")
 (define-public perl-datetime
   (package
     (name "perl-datetime")
-    (version "1.18")
+    (version "1.43")
     (source
      (origin
        (method url-fetch)
@@ -1807,15 +1801,17 @@ hours, minutes, seconds, and time zones.")
                            "DateTime-" version ".tar.gz"))
        (sha256
         (base32
-         "0fli1ls298qa8nfki15myxqqqfpxvslxk4j5r3vjk577wfgjrnms"))))
+         "0xgrcqs7zza7646g81j54z3fcxb8rw11ynlfm02afr436lgfnfql"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-module-build" ,perl-module-build)
+     `(("perl-cpan-meta-check" ,perl-cpan-meta-check)
+       ("perl-module-build" ,perl-module-build)
        ("perl-test-fatal" ,perl-test-fatal)
        ("perl-test-warnings" ,perl-test-warnings)))
     (propagated-inputs
      `(("perl-datetime-locale" ,perl-datetime-locale)
        ("perl-datetime-timezone" ,perl-datetime-timezone)
+       ("perl-file-sharedir" ,perl-file-sharedir)
        ("perl-params-validate" ,perl-params-validate)
        ("perl-try-tiny" ,perl-try-tiny)))
     (home-page "http://search.cpan.org/dist/DateTime")
@@ -1852,7 +1848,7 @@ precise.")
 (define-public perl-datetime-set
   (package
     (name "perl-datetime-set")
-    (version "0.3400")
+    (version "0.3900")
     (source
      (origin
        (method url-fetch)
@@ -1860,7 +1856,7 @@ precise.")
                            "DateTime-Set-" version ".tar.gz"))
        (sha256
         (base32
-         "1b27699zkj68w5ll9chjhs52vmf39f9via6x5r5844as30qh9zxb"))))
+         "0ih9pi6myg5i26hjpmpzqn58s0yljl2qxdd6gzpy9zda4hwirx4l"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-module-build" ,perl-module-build)))
@@ -1879,7 +1875,7 @@ within a time range.")
 (define-public perl-datetime-event-ical
   (package
     (name "perl-datetime-event-ical")
-    (version "0.12")
+    (version "0.13")
     (source
      (origin
        (method url-fetch)
@@ -1887,7 +1883,7 @@ within a time range.")
                            "DateTime-Event-ICal-" version ".tar.gz"))
        (sha256
         (base32
-         "1rfrjhczfmasf7aaz8rfd89vhwjj2nkxlnirxxrmy75z10nmrpjk"))))
+         "1skmykxbrf98ldi72d5s1v6228gfdr5iy4y0gpl0xwswxy247njk"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-datetime" ,perl-datetime)
@@ -1901,7 +1897,7 @@ create DateTime::Set objects for RFC 2445 style recurrences.")
 (define-public perl-datetime-event-recurrence
   (package
     (name "perl-datetime-event-recurrence")
-    (version "0.16")
+    (version "0.19")
     (source
      (origin
        (method url-fetch)
@@ -1909,7 +1905,7 @@ create DateTime::Set objects for RFC 2445 style recurrences.")
                            "DateTime-Event-Recurrence-" version ".tar.gz"))
        (sha256
         (base32
-         "02c6ky3k26r0c8r87rcsd8gbn7rd6j2pylryin8pllnrdh9f0wiq"))))
+         "19dms2vg9hvfx80p85m8gkn2ww0yxjrjn8qsr9k7f431lj4qfh7r"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-datetime" ,perl-datetime)
@@ -1951,7 +1947,7 @@ to do this without writing reams of structural code.")
 (define-public perl-datetime-format-flexible
   (package
     (name "perl-datetime-format-flexible")
-    (version "0.26")
+    (version "0.28")
     (source
      (origin
        (method url-fetch)
@@ -1959,7 +1955,7 @@ to do this without writing reams of structural code.")
                            "DateTime-Format-Flexible-" version ".tar.gz"))
        (sha256
         (base32
-         "0gb9dsn178dpvgbbgwnaf3v2v8zy4xj36i0w5q8qbhvwx32znvj3"))))
+         "1g63zs0q2x40h29r7in50c55g6kxiw3m2faw2p6c4rg74sj2k2b5"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-datetime" ,perl-datetime)
@@ -2005,7 +2001,7 @@ order to create the appropriate objects.")
 (define-public perl-datetime-format-natural
   (package
     (name "perl-datetime-format-natural")
-    (version "1.02")
+    (version "1.05")
     (source
      (origin
        (method url-fetch)
@@ -2013,7 +2009,7 @@ order to create the appropriate objects.")
                            "DateTime-Format-Natural-" version ".tar.gz"))
        (sha256
         (base32
-         "1qq3adq1y08d0jlmwk9059s5d39hb26f3zjag099gjjyvs5c8yal"))))
+         "10ldrhz5rnpsd8qmqn1a4s0w5hhfbjrr13a93yx7kpp89g85pxqv"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-module-build" ,perl-module-build)
@@ -2038,7 +2034,7 @@ parsing logic.")
 (define-public perl-datetime-format-strptime
   (package
     (name "perl-datetime-format-strptime")
-    (version "1.56")
+    (version "1.73")
     (source
      (origin
        (method url-fetch)
@@ -2046,13 +2042,16 @@ parsing logic.")
                            "DateTime-Format-Strptime-" version ".tar.gz"))
        (sha256
         (base32
-         "0a4bszmff16rw6fz1yr4v9001q9vxrdxnxkj9sqaln83b87rvxig"))))
+         "1gmjcmvh81cla6yn2pvlkr7i25bspg90pzzsizrfb0c5xc37h1vd"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-datetime" ,perl-datetime)
        ("perl-datetime-locale" ,perl-datetime-locale)
        ("perl-datetime-timezone" ,perl-datetime-timezone)
-       ("perl-params-validate" ,perl-params-validate)))
+       ("perl-package-deprecationmanager" ,perl-package-deprecationmanager)
+       ("perl-params-validate" ,perl-params-validate)
+       ("perl-sub-name" ,perl-sub-name)
+       ("perl-test-warnings" ,perl-test-warnings)))
     (home-page "http://search.cpan.org/dist/DateTime-Format-Strptime")
     (synopsis "Parse and format strp and strf time patterns")
     (description "This module implements most of `strptime(3)`, the POSIX
@@ -2064,7 +2063,7 @@ takes a string and a pattern and returns the `DateTime` object associated.")
 (define-public perl-datetime-locale
   (package
     (name "perl-datetime-locale")
-    (version "0.45")
+    (version "1.16")
     (source
      (origin
        (method url-fetch)
@@ -2072,13 +2071,20 @@ takes a string and a pattern and returns the `DateTime` object associated.")
                            "DateTime-Locale-" version ".tar.gz"))
        (sha256
         (base32
-         "175grkrxiv012n6ch3z1sip4zprcili6m5zqi3njdk5c1gdvi8ca"))))
+         "1zkc0wggbsczbj4qadahh197imr9fa6knxr10zl241lw2i14rbyz"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-module-build" ,perl-module-build)))
+     `(("perl-file-sharedir" ,perl-file-sharedir)
+       ("perl-test-file-sharedir-dist" ,perl-test-file-sharedir-dist)
+       ("perl-test-warnings" ,perl-test-warnings)
+       ("perl-test-requires" ,perl-test-requires)
+       ("perl-namespace-autoclean" ,perl-namespace-autoclean)
+       ("perl-file-sharedir-install" ,perl-file-sharedir-install)
+       ("perl-cpan-meta-check" ,perl-cpan-meta-check)
+       ("perl-module-build" ,perl-module-build)))
     (propagated-inputs
      `(("perl-list-moreutils" ,perl-list-moreutils)
-       ("perl-params-validate" ,perl-params-validate)))
+       ("perl-params-validationcompiler" ,perl-params-validationcompiler)))
     (home-page "http://search.cpan.org/dist/DateTime-Locale")
     (synopsis "Localization support for DateTime.pm")
     (description "The DateTime::Locale modules provide localization data for
@@ -2088,7 +2094,7 @@ the DateTime.pm class.")
 (define-public perl-datetime-timezone
   (package
     (name "perl-datetime-timezone")
-    (version "1.86")
+    (version "2.13")
     (source
      (origin
        (method url-fetch)
@@ -2096,7 +2102,7 @@ the DateTime.pm class.")
                            "DateTime-TimeZone-" version ".tar.gz"))
        (sha256
         (base32
-         "1aj5liy9as7yci2s9cqv9gqna5wggah8yg2jqrc89dnrin25s26z"))))
+         "1371sk4p9clygfwxzvivfqz6q9dy8gn3n4dr1424d0xqsv63jg9k"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-test-fatal" ,perl-test-fatal)
@@ -2105,7 +2111,8 @@ the DateTime.pm class.")
      `(("perl-class-singleton" ,perl-class-singleton)
        ("perl-list-allutils" ,perl-list-allutils)
        ("perl-module-runtime" ,perl-module-runtime)
-       ("perl-params-validate" ,perl-params-validate)
+       ("perl-namespace-autoclean" ,perl-namespace-autoclean)
+       ("perl-params-validationcompiler" ,perl-params-validationcompiler)
        ("perl-try-tiny" ,perl-try-tiny)))
     (home-page "http://search.cpan.org/dist/DateTime-TimeZone")
     (synopsis "Time zone object for Perl")
@@ -2169,14 +2176,14 @@ This module parses and emits such dates.")
 (define-public perl-datetime-format-w3cdtf
   (package
     (name "perl-datetime-format-w3cdtf")
-    (version "0.06")
+    (version "0.07")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/G/GW/GWILLIAMS/"
                                   "DateTime-Format-W3CDTF-" version ".tar.gz"))
               (sha256
                (base32
-                "0ymxizwd2zfx8b4bmrmv4k439qwfwf2522jrvn4hlay5v6z459dr"))))
+                "0s32lb1k80p3b3sb7w234zgxnrmadrwbcg41lhaal7dz3dk2p839"))))
     (build-system perl-build-system)
     (inputs
      `(("perl-datetime" ,perl-datetime)))
@@ -2372,7 +2379,7 @@ providing a simple interface to this data.")
 (define-public perl-devel-stacktrace-ashtml
   (package
     (name "perl-devel-stacktrace-ashtml")
-    (version "0.14")
+    (version "0.15")
     (source
      (origin
        (method url-fetch)
@@ -2380,7 +2387,7 @@ providing a simple interface to this data.")
                            "Devel-StackTrace-AsHTML-" version ".tar.gz"))
        (sha256
         (base32
-         "0yl296y0qfwybwjgqjzd4j2w2bj5a2nz342qqgxchnf5bqynl1c9"))))
+         "0iri5nb2lb76qv5l9z0vjpfrq5j2fyclkd64kh020bvy37idp0v2"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-devel-stacktrace" ,perl-devel-stacktrace)))
@@ -2396,7 +2403,7 @@ each stack frame.")
 (define-public perl-devel-symdump
   (package
     (name "perl-devel-symdump")
-    (version "2.17")
+    (version "2.18")
     (source
      (origin
        (method url-fetch)
@@ -2404,7 +2411,7 @@ each stack frame.")
                            "Devel-Symdump-" version ".tar.gz"))
        (sha256
         (base32
-         "0qkfjk7bm7jwn9d9qaldg298zvkqh2f19fgvfh5j1rp66mwzql1c"))))
+         "1h3n0w23camhj20a97nw7v40rqa7xcxx8vkn2qjjlngm0yhq2vw2"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/Devel-Symdump")
     (synopsis "Dump symbol names or the symbol table")
@@ -2572,6 +2579,11 @@ also known as JIS 2000.")
         (base32
          "0fj4vd8iva2i0j6s2fyhwgr9afrvhr6gjlzi7805h257mmnb1m0z"))))
     (build-system perl-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'set-env
+           (lambda _ (setenv "PERL_USE_UNSAFE_INC" "1"))))))
     (home-page "http://search.cpan.org/dist/Encode-HanExtra")
     (synopsis "Additional Chinese encodings")
     (description "This Perl module provides Chinese encodings that are not
@@ -2926,15 +2938,15 @@ directories.")
 (define-public perl-file-find-rule-perl
   (package
     (name "perl-file-find-rule-perl")
-    (version "1.13")
+    (version "1.15")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/A/AD/ADAMK/"
+       (uri (string-append "mirror://cpan/authors/id/E/ET/ETHER/"
                            "File-Find-Rule-Perl-" version ".tar.gz"))
        (sha256
         (base32
-         "0xi4ppqr6r57l5xlkwxpvkvpb9p7dvz053d76v2m9pwdfxqb5v6j"))))
+         "19iy8spzrvh71x33b5yi16wjw5jjvs12jvjj0f7f3370hqzl6j4s"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-file-find-rule" ,perl-file-find-rule)
@@ -2973,19 +2985,18 @@ provide a quick dropin when such functionality is needed.")
 (define-public perl-file-homedir
   (package
     (name "perl-file-homedir")
-    (version "1.00")
+    (version "1.002")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/A/AD/ADAMK/"
+       (uri (string-append "mirror://cpan/authors/id/R/RE/REHSACK/"
                            "File-HomeDir-" version ".tar.gz"))
        (sha256
         (base32
-         "0hvihydd0y4gdxafi8dpybk9ll8q35bz5ycibfic0gh92cslzfc5"))))
+         "0x62hn8rc7ninf9nlp69h61yh21g4cbq2g81sh64cf2ify2hqk7b"))))
     (build-system perl-build-system)
     (propagated-inputs
-     `(("perl-file-which" ,perl-file-which)
-       ("perl-file-temp" ,perl-file-temp)))
+     `(("perl-file-which" ,perl-file-which)))
     (arguments `(#:tests? #f))          ;Not appropriate for chroot
     (home-page "http://search.cpan.org/dist/File-HomeDir")
     (synopsis "Find your home and other directories on any platform")
@@ -3077,15 +3088,15 @@ matching a regular expression.")
 (define-public perl-file-remove
   (package
     (name "perl-file-remove")
-    (version "1.52")
+    (version "1.57")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/A/AD/ADAMK/"
+       (uri (string-append "mirror://cpan/authors/id/S/SH/SHLOMIF/"
                            "File-Remove-" version ".tar.gz"))
        (sha256
         (base32
-         "1p8bal9qhwkjbghivxn1d5m3qdj2qwm1agrjbmakm6la9dbxqm21"))))
+         "1b814lw181kkqh6c1n4p2zlzzsq6ic5pfpr831nphf2w2rhcvgmk"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/File-Remove")
     (synopsis "Remove files and directories in Perl")
@@ -3098,7 +3109,7 @@ accepts wildcards, * and ?, as arguments for file names.")
 (define-public perl-file-sharedir
   (package
     (name "perl-file-sharedir")
-    (version "1.102")
+    (version "1.104")
     (source
      (origin
        (method url-fetch)
@@ -3106,7 +3117,7 @@ accepts wildcards, * and ?, as arguments for file names.")
                            "File-ShareDir-" version ".tar.gz"))
        (sha256
         (base32
-         "04blqn4cms9zjmhlfvwyx6mrglaaq1mmy4xwv7xqf9c8fjwk8wvw"))))
+         "1bqwhk3qfg60bkpi5b83bh93sng8jx20i3ka5sixc0prrppjidh7"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-file-sharedir-install" ,perl-file-sharedir-install)))
@@ -3122,19 +3133,40 @@ correct directory, you can use File::ShareDir to find your files again after
 the installation.")
     (license (package-license perl))))
 
+(define-public perl-file-sharedir-dist
+  (package
+    (name "perl-file-sharedir-dist")
+    (version "0.04")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/P/PL/PLICEASE/"
+                           "File-ShareDir-Dist-" version ".tar.gz"))
+       (sha256
+        (base32
+         "028vnjw3fdmwk540w3b07cmr93ap0s13ni2b4c7iv56mgyy6gfc1"))))
+    (build-system perl-build-system)
+    (home-page "http://search.cpan.org/dist/File-ShareDir-Dist")
+    (synopsis "Locate per-dist shared files")
+    (description "File::ShareDir::Dist finds share directories for
+distributions.  It is a companion module to File::ShareDir.")
+    (license (package-license perl))))
+
 (define-public perl-file-sharedir-install
   (package
     (name "perl-file-sharedir-install")
-    (version "0.10")
+    (version "0.11")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/G/GW/GWYN/"
+       (uri (string-append "mirror://cpan/authors/id/E/ET/ETHER/"
                            "File-ShareDir-Install-" version ".tar.gz"))
        (sha256
         (base32
-         "1xz60bi7x8755lq24rx7y1jkyk3icssn7s55z665mysdxhfzg2kh"))))
+         "1j0cw1aq9fdv9kl1a6fnfa4zihsvmcqzy9sb0xk0i9pyx5r8ggrj"))))
     (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-build" ,perl-module-build)))
     (home-page "http://search.cpan.org/dist/File-ShareDir-Install")
     (synopsis "Install shared files")
     (description "File::ShareDir::Install allows you to install read-only data
@@ -3259,6 +3291,8 @@ shell.")
                (base32
                 "16v61rn0yimpv5kp6b20z2f1c93n5kpsyjvr0gq4w2dc43gfvc8w"))))
     (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)))
     (home-page "http://search.cpan.org/dist/File-Zglob")
     (synopsis "Extended Unix style glob functionality")
     (description "@code{File::Zglob} provides a traditional Unix @code{glob}
@@ -3427,6 +3461,29 @@ merged.")
 that may contain multiple values per key, inspired by MultiDict of WebOb.")
     (license (package-license perl))))
 
+(define-public perl-importer
+  (package
+    (name "perl-importer")
+    (version "0.024")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "mirror://cpan/authors/id/E/EX/EXODIST/Importer-"
+                            version ".tar.gz"))
+        (sha256
+         (base32
+          "0mx50xds7iphxykbr9b0w2qki92l3gpagsdchm4ncsrnxc67c68x"))))
+    (build-system perl-build-system)
+    (home-page "http://search.cpan.org/dist/Importer/")
+    (synopsis "Alternative but compatible interface to modules that export symbols")
+    (description "This module acts as a layer between Exporter and modules which
+consume exports.  It is feature-compatible with Exporter, plus some much needed
+extras.  You can use this to import symbols from any exporter that follows
+Exporters specification.  The exporter modules themselves do not need to use or
+inherit from the Exporter module, they just need to set @EXPORT and/or other
+variables.")
+    (license (package-license perl))))
+
 (define-public perl-import-into
   (package
     (name "perl-import-into")
@@ -4066,14 +4123,14 @@ the argument to the CACHESIZE parameter, will be cached.")
 (define-public perl-mime-charset
   (package
     (name "perl-mime-charset")
-    (version "1.012")
+    (version "1.012.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/N/NE/NEZUMI/"
                                   "MIME-Charset-" version ".tar.gz"))
               (sha256
                (base32
-                "1kfc5p4g1x9c0ffhg125wvhravcviny3alwrgnhnrm2a33ad3rff"))))
+                "04qxgcg9mvia121i3zcqxgp20y0d9kg0qv6hddk93ian0af7g347"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/MIME-Charset")
     (synopsis "Charset information for MIME messages")
@@ -4130,17 +4187,16 @@ file names are added for you.")
 (define-public perl-modern-perl
   (package
     (name "perl-modern-perl")
-    (version "1.20150127")
+    (version "1.20170117")
     (source
      (origin
        (method url-fetch)
        (uri (string-append
              "mirror://cpan/authors/id/C/CH/CHROMATIC/Modern-Perl-"
-             version
-             ".tar.gz"))
+             version ".tar.gz"))
        (sha256
         (base32
-         "0iv2crfxl3xh6mq36g1gv9fr8iqq3kpbj8afxy5qi60hh7v3xhcl"))))
+         "0a1n9c04zhs1a1km1zi0d1hj78d10qv3bhxr4bdi4chnc4saiwjx"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-module-build" ,perl-module-build)))
@@ -4384,7 +4440,7 @@ from Moose::Conflicts and moose-outdated.")
 (define-public perl-module-scandeps
   (package
     (name "perl-module-scandeps")
-    (version "1.18")
+    (version "1.24")
     (source
      (origin
        (method url-fetch)
@@ -4392,7 +4448,7 @@ from Moose::Conflicts and moose-outdated.")
                            "Module-ScanDeps-" version ".tar.gz"))
        (sha256
         (base32
-         "17mbyqwd8c20nqw01hjshl524vkw8pq6y2lwndmw36xkqr945npz"))))
+         "0s6cj90ckhy351gql52ksh4ms1x8piv26iadl09fcpzkx7j0srw9"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-test-requires" ,perl-test-requires)))
@@ -4552,7 +4608,8 @@ sentences.")
          "1lkn1h4sxr1483jicsgsgzclbfw63g2i2c3m4v4j9ar75yrb0kh8"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-test-exception" ,perl-test-exception)))
+     `(("perl-module-install" ,perl-module-install)
+       ("perl-test-exception" ,perl-test-exception)))
     (propagated-inputs
      `(("perl-moose" ,perl-moose)))
     (home-page "http://search.cpan.org/dist/MooseX-Emulate-Class-Accessor-Fast")
@@ -5052,6 +5109,7 @@ subset of the functionality for reduced startup time.")
     (build-system perl-build-system)
     (native-inputs
      `(("perl-any-moose" ,perl-any-moose)
+       ("perl-module-install" ,perl-module-install)
        ("perl-test-fatal" ,perl-test-fatal)))
     (propagated-inputs
      `(("perl-mouse" ,perl-mouse)))
@@ -5087,15 +5145,15 @@ and libraries based on OpenSSL.")
 (define-public perl-mro-compat
   (package
     (name "perl-mro-compat")
-    (version "0.12")
+    (version "0.13")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/B/BO/BOBTFISH/"
+       (uri (string-append "mirror://cpan/authors/id/H/HA/HAARG/"
                            "MRO-Compat-" version ".tar.gz"))
        (sha256
         (base32
-         "1mhma2g83ih9f8nkmg2k9l0x6izhhbb6k5lli4rpllxad4wbk9dv"))))
+         "1y547lr6zccf7919vx01v22zsajy528psanhg5aqschrrin3nb4a"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/MRO-Compat")
     (synopsis "MRO interface compatibility for Perls < 5.9.5")
@@ -5214,6 +5272,8 @@ subroutine, which you can call with a value to be tested against.")
         (base32
          "0c8l7195bjvx0v6zmkgdnxvwg7yj2zq8hi7xd25a3iikd12dc4f6"))))
     (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)))
     (home-page "http://search.cpan.org/dist/Object-Signature")
     (synopsis "Generate cryptographic signatures for objects")
     (description "Object::Signature is an abstract base class that you can
@@ -5440,6 +5500,36 @@ checking parameters easier.")
 function call parameters to an arbitrary level of specificity.")
     (license artistic2.0)))
 
+(define-public perl-params-validationcompiler
+  (package
+    (name "perl-params-validationcompiler")
+    (version "0.24")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "mirror://cpan/authors/id/D/DR/DROLSKY/"
+                            "Params-ValidationCompiler-" version ".tar.gz"))
+        (sha256
+         (base32
+          "11s29wd7gci4c7gcksxw7pzxfzganvr8x4f1dsww4676p93kg5m8"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-test-without-module" ,perl-test-without-module)
+       ("perl-test2-bundle-extended" ,perl-test2-bundle-extended)
+       ("perl-test2-plugin-nowarnings" ,perl-test2-plugin-nowarnings)))
+    (propagated-inputs
+     `(("perl-eval-closure" ,perl-eval-closure)
+       ("perl-exception-class" ,perl-exception-class)
+       ("perl-specio" ,perl-specio)))
+    (home-page "https://github.com/houseabsolute/Params-ValidationCompiler")
+    (synopsis "Build an optimized subroutine parameter validator")
+    (description "This module creates a customized, highly efficient
+parameter checking subroutine.  It can handle named or positional
+parameters, and can return the parameters as key/value pairs or a list
+of values.  In addition to type checks, it also supports parameter
+defaults, optional parameters, and extra \"slurpy\" parameters.")
+    (license artistic2.0)))
+
 (define-public perl-par-dist
   (package
     (name "perl-par-dist")
@@ -5655,14 +5745,14 @@ variables that should not be changed.")
 (define-public perl-regexp-common
   (package
     (name "perl-regexp-common")
-    (version "2013031301")
+    (version "2017060201")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/A/AB/ABIGAIL/"
                                   "Regexp-Common-" version ".tar.gz"))
               (sha256
                (base32
-                "112wybsm0vr8yfannx6sdfvgp5vza28gjgr3pgn69ak4sac836kj"))))
+                "16q8d7mx0c4nbjrvj69jdn4q33d1k40imgxn83h11wq6xqx8a1zf"))))
     (build-system perl-build-system)
     (synopsis "Provide commonly requested regular expressions")
     (description
@@ -5823,6 +5913,38 @@ compact.")
 arrays by one or multiple calculated keys.")
     (license (package-license perl))))
 
+(define-public perl-specio
+  (package
+    (name "perl-specio")
+    (version "0.38")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/D/DR/DROLSKY/"
+                           "Specio-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1s5xd9awwrzc94ymimjkxqs6jq513wwlmwwarxaklvg2hk4lps0l"))))
+    (build-system perl-build-system)
+    (propagated-inputs
+     `(("perl-devel-stacktrace" ,perl-devel-stacktrace)
+       ("perl-eval-closure" ,perl-eval-closure)
+       ("perl-module-runtime" ,perl-module-runtime)
+       ("perl-mro-compat" ,perl-mro-compat)
+       ("perl-role-tiny" ,perl-role-tiny)
+       ("perl-test-fatal" ,perl-test-fatal)
+       ("perl-test-needs" ,perl-test-needs)))
+    (home-page "http://search.cpan.org/dist/Specio/")
+    (synopsis "Classes for representing type constraints and coercion")
+    (description "The Specio distribution provides classes for representing type
+constraints and coercion, along with syntax sugar for declaring them.  Note that
+this is not a proper type system for Perl. Nothing in this distribution will
+magically make the Perl interpreter start checking a value's type on assignment
+to a variable. In fact, there's no built-in way to apply a type to a variable at
+all.  Instead, you can explicitly check a value against a type, and optionally
+coerce values to that type.")
+    (license artistic2.0)))
+
 (define-public perl-spiffy
   (package
     (name "perl-spiffy")
@@ -6015,6 +6137,27 @@ renaming exports, if they try to use them.")
 references.")
     (license (package-license perl))))
 
+(define-public perl-sub-info
+  (package
+    (name "perl-sub-info")
+    (version "0.002")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "mirror://cpan/authors/id/E/EX/EXODIST/Sub-Info-"
+                            version ".tar.gz"))
+        (sha256
+         (base32
+          "1snhrmc6gpw2zjnj7zvvqj69mlw711bxah6kk4dg5vxxjvb5cc7a"))))
+    (build-system perl-build-system)
+    (propagated-inputs
+     `(("perl-importer" ,perl-importer)))
+    (home-page "http://search.cpan.org/dist/Sub-Info/")
+    (synopsis "Tool to inspect subroutines")
+    (description "This package provides tools for inspecting subroutines
+in Perl.")
+    (license (package-license perl))))
+
 (define-public perl-sub-install
   (package
     (name "perl-sub-install")
@@ -6174,6 +6317,15 @@ of a system.")
         (base32
          "1i7kd9v8fjsqyhr4rx4a1jv7n5vfjjm1v4agb24pizh0b72p3qk7"))))
     (build-system perl-build-system)
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (add-before 'configure 'set-search-path
+                    (lambda _
+                      ;; Work around "dotless @INC" build failure.
+                      (setenv "PERL5LIB"
+                              (string-append (getcwd) ":"
+                                             (getenv "PERL5LIB")))
+                      #t)))))
     (home-page "http://search.cpan.org/dist/Task-Weaken")
     (synopsis "Ensure that a platform has weaken support")
     (description "One recurring problem in modules that use Scalar::Util's
@@ -6243,6 +6395,8 @@ processing in Perl code.")
         (base32
          "1k6g4q7snxggv5fdqnzw29al4mwbwg0hl0skzfnczh508qiyfx7j"))))
     (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)))
     (home-page "http://search.cpan.org/dist/Term-Encoding")
     (synopsis "Detect encoding of the current terminal")
     (description "Term::Encoding is a simple module to detect the encoding of
@@ -6343,6 +6497,77 @@ other terminal related features, including retrieval/modification of the
 screen size, and retrieval/modification of the control characters.")
     (license (package-license perl))))
 
+(define-public perl-term-table
+  (package
+    (name "perl-term-table")
+    (version "0.008")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "mirror://cpan/authors/id/E/EX/EXODIST/Term-Table-"
+                            version ".tar.gz"))
+        (sha256
+         (base32
+          "0gi4lyvs6n8y6hjwmflfpamfl65y7mb1g39zi0rx35nclj8xb370"))))
+    (build-system perl-build-system)
+    (propagated-inputs
+     `(("perl-importer" ,perl-importer)))
+    (home-page "http://search.cpan.org/dist/Term-Table/")
+    (synopsis "Format a header and rows into a table")
+    (description "This module is able to generically format rows of data
+into tables.")
+    (license (package-license perl))))
+
+(define-public perl-test2-bundle-extended
+  (package
+    (name "perl-test2-bundle-extended")
+    (version "0.000072")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "mirror://cpan/authors/id/E/EX/EXODIST/Test2-Suite-"
+                            version ".tar.gz"))
+        (sha256
+         (base32
+          "0hgd6n29qjh1pwqvbglm2kb852yqshmixqqjhsr2kvvibdr58qpf"))))
+    (build-system perl-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'set-env
+           (lambda _ (setenv "PERL_USE_UNSAFE_INC" "1"))))))
+    (propagated-inputs
+     `(("perl-importer" ,perl-importer)
+       ("perl-term-table" ,perl-term-table)
+       ("perl-sub-info" ,perl-sub-info)))
+    (home-page "http://search.cpan.org/~exodist/Test2-Suite/lib/Test2/Bundle/Extended.pm")
+    (synopsis "Full set of tools for Test2::Suite")
+    (description "This package provides a rich set of tools, plugins, bundles,
+etc built upon the Test2 testing library.")
+    (license (package-license perl))))
+
+(define-public perl-test2-plugin-nowarnings
+  (package
+    (name "perl-test2-plugin-nowarnings")
+    (version "0.06")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "mirror://cpan/authors/id/D/DR/DROLSKY/Test2-Plugin-NoWarnings-"
+                            version ".tar.gz"))
+        (sha256
+         (base32
+          "002qk6qsm0l6r2kaxywvc38w0yf0mlavgywq8li076pn6kcw3242"))))
+    (build-system perl-build-system)
+    (propagated-inputs
+     `(("perl-test2-bundle-extended" ,perl-test2-bundle-extended)))
+    (home-page "http://search.cpan.org/dist/Test2-Plugin-NoWarnings/")
+    (synopsis "Fail if tests warn")
+    (description "Loading this plugin causes your tests to fail if there any
+warnings while they run.  Each warning generates a new failing test and the
+warning content is outputted via diag.")
+    (license (package-license perl))))
+
 (define-public perl-test-base
   (package
     (name "perl-test-base")
@@ -6582,6 +6807,32 @@ Test::Exception.  It does much less, but should allow greater flexibility in
 testing exception-throwing code with about the same amount of typing.")
     (license (package-license perl))))
 
+(define-public perl-test-file-sharedir-dist
+  (package
+    (name "perl-test-file-sharedir-dist")
+    (version "1.001002")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "mirror://cpan/authors/id/K/KE/KENTNL/"
+                            "Test-File-ShareDir-" version ".tar.gz"))
+        (sha256
+         (base32
+          "1bbs6cx69wcinq77gif4i4pmrj8a7lwb92sgvvxzrwmjnk5lfdmk"))))
+    (build-system perl-build-system)
+    (propagated-inputs
+     `(("perl-class-tiny" ,perl-class-tiny)
+       ("perl-file-copy-recursive" ,perl-file-copy-recursive)
+       ("perl-file-sharedir" ,perl-file-sharedir)
+       ("perl-path-tiny" ,perl-path-tiny)
+       ("perl-scope-guard" ,perl-scope-guard)
+       ("perl-test-fatal" ,perl-test-fatal)))
+    (home-page "https://github.com/kentnl/Test-File-ShareDir")
+    (synopsis "Dist oriented ShareDir tester")
+    (description "This module creates a Fake ShareDir for your modules
+for testing.")
+    (license (package-license perl))))
+
 (define-public perl-test-files
   (package
     (name "perl-test-files")
@@ -6610,7 +6861,7 @@ contents of a file is equal to a particular string.")
 (define-public perl-test-harness
   (package
     (name "perl-test-harness")
-    (version "3.36")
+    (version "3.39")
     (source
      (origin
        (method url-fetch)
@@ -6618,7 +6869,7 @@ contents of a file is equal to a particular string.")
                            "Test-Harness-" version ".tar.gz"))
        (sha256
         (base32
-         "0gmnjss0hjkyiwvgby50nl5nzv254pn7fjqqdysjil21n09nymp7"))))
+         "0chiqnzmna2mglm37nzxvn9qhq2j31iwz3i9isqjs7bf3k449gb9"))))
     (build-system perl-build-system)
     (arguments
      `(#:phases (alist-cons-before
@@ -6640,15 +6891,15 @@ automatically aggregated and output to STDOUT.")
 (define-public perl-test-leaktrace
   (package
     (name "perl-test-leaktrace")
-    (version "0.15")
+    (version "0.16")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/G/GF/GFUJI/"
+       (uri (string-append "mirror://cpan/authors/id/L/LE/LEEJO/"
                            "Test-LeakTrace-" version ".tar.gz"))
        (sha256
         (base32
-         "0pp6ip012c474ibw0mwd7jgig34gf98bb8xlqk4wdvw1d65vbf7g"))))
+         "00z4hcjra5nk700f3fgpy8fs036d7ry7glpn8g3wh7jzj7nrw22z"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/Test-LeakTrace")
     (synopsis "Traces memory leaks in Perl")
@@ -6940,25 +7191,24 @@ If this fails, then rather than failing tests this skips all tests.")
 (define-public perl-test-script
   (package
     (name "perl-test-script")
-    (version "1.07")
+    (version "1.20")
     (source (origin
               (method url-fetch)
-              (uri (string-append "mirror://cpan/authors/id/A/AD/ADAMK/"
+              (uri (string-append "mirror://cpan/authors/id/P/PL/PLICEASE/"
                                   "Test-Script-" version ".tar.gz"))
               (sha256
                (base32
-                "15pb4zzsnm33msc1syhig2bk05xqc0pckmfyahdwbd177bj5w7p2"))))
+                "1msavbi6przkxq3npm90nv925v58iym9jrk677wn46x19whwzwzm"))))
     (build-system perl-build-system)
     (propagated-inputs
-     `(("probe-perl" ,perl-probe-perl)
-       ("ipc-run3"   ,perl-ipc-run3)))
+     `(("perl-capture-tiny" ,perl-capture-tiny)
+       ("perl-probe-perl" ,perl-probe-perl)))
     (synopsis "Basic cross-platform tests for scripts")
     (description
      "The intent of the Test::Script module is to provide a series of basic
 tests for 80% of the testing you will need to do for scripts in the script (or
 bin as is also commonly used) paths of your Perl distribution.")
-    (home-page (string-append "http://search.cpan.org/~adamk/"
-                              "Test-Script-" version))
+    (home-page "http://search.cpan.org/dist/Test-Script")
     (license (package-license perl))))
 
 (define-public perl-test-sharedfork
@@ -7061,6 +7311,8 @@ from boxed blocks of test code.")
         (base32
          "0yhvf735v334qqvp9zg7i66qyk6r4cbk5s2psv93d3fdd4bindzg"))))
     (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)))
     (home-page "http://search.cpan.org/dist/Test-utf8")
     (synopsis "UTF-8 testing in Perl")
     (description "This module is a collection of tests useful for dealing with
@@ -7539,7 +7791,8 @@ $object->TIEHASH are avoided.")
          "0klg33yzb7pr9ra76s6gj5k7nravqnw2lbh022x1xwlj92f43756"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-test-pod" ,perl-test-pod)
+     `(("perl-module-install" ,perl-module-install)
+       ("perl-test-pod" ,perl-test-pod)
        ("perl-test-pod-coverage" ,perl-test-pod-coverage)))
     (home-page "http://search.cpan.org/dist/Time-Duration")
     (synopsis "English expression of durations")
@@ -7736,6 +7989,15 @@ common serialisation formats such as JSON or CBOR.")
         (base32
          "0v04bcyjfcfap4kfpc8q3ikq3j7s68nym4ckw3iasmmksdskmcq0"))))
     (build-system perl-build-system)
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (add-before 'configure 'set-search-path
+                    (lambda _
+                      ;; Work around "dotless @INC" build failure.
+                      (setenv "PERL5LIB"
+                              (string-append (getcwd) ":"
+                                             (getenv "PERL5LIB")))
+                      #t)))))
     (home-page "http://search.cpan.org/dist/Unicode-Normalize")
     (synopsis "Unicode normalization forms")
     (description "This Perl module provides Unicode normalization forms.")
@@ -7789,14 +8051,14 @@ defined by Annex #11 is used to determine breaking positions.")
 (define-public perl-unicode-utf8
   (package
     (name "perl-unicode-utf8")
-    (version "0.60")
+    (version "0.62")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/C/CH/CHANSEN/"
                                   "Unicode-UTF8-" version ".tar.gz"))
               (sha256
                (base32
-                "1g3fp47slsk7wbz3189kpg342lfs7lpsy570jxnx7s9v59dg5k7n"))))
+                "1xnhazbdvpyfpnxd90krzhxkvabf8fa2ji6xzlrf75j6nz8251zs"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-test-fatal" ,perl-test-fatal)
@@ -7913,6 +8175,7 @@ attribute names.")
     (build-system perl-build-system)
     (native-inputs
      `(("perl-extutils-depends" ,perl-extutils-depends)
+       ("perl-module-install" ,perl-module-install)
        ("perl-test-fatal" ,perl-test-fatal)))
     (home-page "http://search.cpan.org/dist/XS-Object-Magic")
     (synopsis "Opaque, extensible XS pointer backed objects using sv_magic")
@@ -7972,17 +8235,17 @@ and memory overhead.")
 (define-public perl-parse-yapp
   (package
     (name "perl-parse-yapp")
-    (version "1.05")
+    (version "1.2")
     (source
      (origin
        (method url-fetch)
        (uri (string-append
-             "mirror://cpan/authors/id/F/FD/FDESAR/Parse-Yapp-"
+             "mirror://cpan/authors/id/W/WB/WBRASWELL/Parse-Yapp-"
              version
              ".tar.gz"))
        (sha256
         (base32
-         "0azjqqf4m7nkfgmmj4q77vy9sdgg01wn8xxv40bq3pis93xnr2i2"))))
+         "16p4qgqg28cy76ylcf4wq1r693gqpx8xq0w32b3564i67h49zljb"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/Parse-Yapp")
     (synopsis "Generate and use LALR parsers")
diff --git a/gnu/packages/pkg-config.scm b/gnu/packages/pkg-config.scm
index 01069d27a5..12f17f1e3c 100644
--- a/gnu/packages/pkg-config.scm
+++ b/gnu/packages/pkg-config.scm
@@ -30,7 +30,7 @@
 (define-public %pkg-config
   (package
    (name "pkg-config")
-   (version "0.29.1")
+   (version "0.29.2")
    (source (origin
             (method url-fetch)
             (uri (list
@@ -46,7 +46,7 @@
                    version ".tar.gz")))
             (sha256
              (base32
-              "00dh1jn8rbppmgbhhgqhmbh3c58b0gccy39rsjdlcma50sg3rd5y"))))
+              "14fmwzki1rlz8bs2p810lk6jqdxsk966d8drgsjmi54cd00rrikg"))))
    (build-system gnu-build-system)
    (arguments `(#:configure-flags '("--with-internal-glib")))
    (native-search-paths
diff --git a/gnu/packages/pulseaudio.scm b/gnu/packages/pulseaudio.scm
index 92ebe6f3eb..846c174fa7 100644
--- a/gnu/packages/pulseaudio.scm
+++ b/gnu/packages/pulseaudio.scm
@@ -45,13 +45,14 @@
 (define-public libsndfile
   (package
     (name "libsndfile")
-    (replacement libsndfile/fixed)
     (version "1.0.28")
     (source (origin
              (method url-fetch)
              (uri (string-append "http://www.mega-nerd.com/libsndfile/files/libsndfile-"
                                  version ".tar.gz"))
-             (patches (search-patches "libsndfile-armhf-type-checks.patch"))
+             (patches (search-patches "libsndfile-armhf-type-checks.patch"
+                                      "libsndfile-CVE-2017-8361-8363-8365.patch"
+                                      "libsndfile-CVE-2017-8362.patch"))
              (sha256
               (base32
                "1afzm7jx34jhqn32clc5xghyjglccam2728yxlx37yj2y0lkkwqz"))))
@@ -77,18 +78,6 @@ SPARC.  Hopefully the design of the library will also make it easy to extend
 for reading and writing new sound file formats.")
     (license l:gpl2+)))
 
-(define libsndfile/fixed
-  (package
-    (inherit libsndfile)
-    (source
-      (origin
-        (inherit (package-source libsndfile))
-        (patches
-          (append
-            (origin-patches (package-source libsndfile))
-            (search-patches "libsndfile-CVE-2017-8361-8363-8365.patch"
-                            "libsndfile-CVE-2017-8362.patch")))))))
-
 (define-public libsamplerate
   (package
     (name "libsamplerate")                     ; aka. Secret Rabbit Code (SRC)
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 79c6eca00f..bc00c021a1 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -344,8 +344,11 @@ data types.")
                (base32
                 "1c6v1n9nz4mlx9mw1125fxpmbrgniqdbbx9hnqx44maqazb2mzpf"))
               (snippet
-               '(delete-file
-                  "Lib/ctypes/test/test_win32.py")))) ; fails on aarch64
+               '(begin
+                  (for-each delete-file
+                            '("Lib/ctypes/test/test_win32.py" ; fails on aarch64
+                              "Lib/test/test_fcntl.py"))
+                  #t))))
     (arguments (substitute-keyword-arguments (package-arguments python-2)
                  ((#:tests? _) #t)))
     (native-search-paths
@@ -1900,7 +1903,9 @@ code introspection, and logging.")
     (propagated-inputs
      `(("python-py" ,python-py)))
     (native-inputs
-     `(("python-nose" ,python-nose)
+     `(;; Tests need the "regular" bash since 'bash-final' lacks `compgen`.
+       ("bash" ,bash)
+       ("python-nose" ,python-nose)
        ("python-mock" ,python-mock)))
     (home-page "http://pytest.org")
     (synopsis "Python testing library")
@@ -1937,9 +1942,8 @@ and many external plugins.")
                                line)))
              #t)))))
     (native-inputs
-     `(("python-nose" ,python-nose)
-       ("python-mock" ,python-mock)
-       ("python-hypothesis" ,python-hypothesis)))
+     `(("python-hypothesis" ,python-hypothesis)
+       ,@(package-native-inputs python-pytest)))
     (properties `((python2-variant . ,(delay python2-pytest-3.0))))))
 
 (define-public python2-pytest-3.0
@@ -5260,7 +5264,8 @@ cluster without needing to write any wrapper code yourself.")
      `(("python-nose" ,python-nose)
        ("python-pytest" ,python-pytest-3.0)
        ("man-db" ,man-db)
-       ("which" ,which)))
+       ("which" ,which)
+       ("bash-full" ,bash)))                 ;full Bash for 'test_replwrap.py'
     (propagated-inputs
      `(("python-ptyprocess" ,python-ptyprocess)))
     (home-page "http://pexpect.readthedocs.org/")
@@ -7910,10 +7915,6 @@ Python's @code{ctypes} foreign function interface (FFI).")
   (package
     (inherit file)
     (name "python-file")
-    (source (origin
-              (inherit (package-source file))
-              ;; This patch should not be applied to python2-file.
-              (patches (search-patches "python-file-double-encoding-bug.patch"))))
     (build-system python-build-system)
     (arguments
      '(#:tests? #f                                ;no tests
@@ -13527,7 +13528,8 @@ specs from your Flask-Restful projects.")
     (build-system python-build-system)
     (native-inputs
      `(("python-pexpect" ,python-pexpect)
-       ("tcsh" ,tcsh)))
+       ("tcsh" ,tcsh)
+       ("bash-full" ,bash)))             ;full Bash for 'test_file_completion'
     (home-page "https://github.com/kislyuk/argcomplete")
     (synopsis "Shell tab completion for Python argparse")
     (description "argcomplete provides extensible command line tab completion
diff --git a/gnu/packages/swig.scm b/gnu/packages/swig.scm
index acf0529377..b931db412b 100644
--- a/gnu/packages/swig.scm
+++ b/gnu/packages/swig.scm
@@ -31,7 +31,7 @@
 (define-public swig
   (package
     (name "swig")
-    (version "3.0.10")
+    (version "3.0.12")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://sourceforge/" name "/" name "/"
@@ -39,8 +39,16 @@
                                  name "-" version ".tar.gz"))
              (sha256
               (base32
-               "0k7ljh07rla6223lhvljgg881b2qr7hmrfgic9a0j1pckpislf99"))))
+               "0kf99ygrjs5616gsqhz1l7bib3a12izmxi7g48bwblbymr3z9ybw"))))
     (build-system gnu-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'set-env
+           ;; Required since Perl 5.26.0's removal of the current
+           ;; working directory from @INC.
+           ;; TODO Try removing this for later versions of SWIG.
+           (lambda _ (setenv "PERL_USE_UNSAFE_INC" "1") #t)))))
     (native-inputs `(("boost" ,boost)
                      ("pcre" ,pcre "bin")))       ;for 'pcre-config'
     (inputs `(;; Provide these to run the corresponding tests.
diff --git a/gnu/packages/tex.scm b/gnu/packages/tex.scm
index 601705e98a..f12746c83f 100644
--- a/gnu/packages/tex.scm
+++ b/gnu/packages/tex.scm
@@ -7,6 +7,7 @@
 ;;; Copyright © 2016 Federico Beffa <beffa@fbengineering.ch>
 ;;; Copyright © 2016 Thomas Danckaert <post@thomasdanckaert.be>
 ;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -66,29 +67,28 @@
 (define texlive-extra-src
   (origin
     (method url-fetch)
-    (uri "ftp://tug.org/historic/systems/texlive/2016/texlive-20160523-extra.tar.xz")
+    (uri "ftp://tug.org/historic/systems/texlive/2017/texlive-20170524-extra.tar.xz")
     (sha256 (base32
-              "0q4a92zmwhn4ry6xgrp4k8wq11ax2sg9rg9yrsrdkr719y0x887a"))))
+              "0zvd2zskk78ig114mfj24g15qys41hzqv59fmqpirdbgq9c9gr5g"))))
 
 (define texlive-texmf-src
   (origin
     (method url-fetch)
-    (uri "ftp://tug.org/historic/systems/texlive/2016/texlive-20160523b-texmf.tar.xz")
-    (patches (search-patches "texlive-texmf-CVE-2016-10243.patch"))
-    (patch-flags '("-p2"))
+    (uri "ftp://tug.org/historic/systems/texlive/2017/texlive-20170524-texmf.tar.xz")
     (sha256 (base32
-              "1dv8vgfzpczqw82hv9g7a8djhhyzywljmrarlcyy6g2qi5q51glr"))))
+              "1v69y3kgkbk24f7s4dfkknwd317mqmck5jgpyb35wqgqfy5p0qrz"))))
 
 (define-public texlive-bin
   (package
    (name "texlive-bin")
-   (version "2016")
+   (version "20170524")
    (source
     (origin
      (method url-fetch)
-      (uri "ftp://tug.org/historic/systems/texlive/2016/texlive-20160523b-source.tar.xz")
+      (uri (string-append "ftp://tug.org/historic/systems/texlive/2017/"
+                          "texlive-" version "-source.tar.xz"))
       (sha256 (base32
-               "1v91vahxlxkdra0qz3f132vvx5d9cx2jy84yl1hkch0agyj2rcx8"))))
+               "1amjrxyasplv4alfwcxwnw4nrx7dz2ydmddkq16k6hg90i9njq81"))))
    (build-system gnu-build-system)
    (inputs
     `(("texlive-extra-src" ,texlive-extra-src)
@@ -3808,7 +3808,7 @@ directly generate PDF documents instead of DVI.")
 (define texlive-texmf
   (package
    (name "texlive-texmf")
-   (version "2016")
+   (version "2017")
    (source texlive-texmf-src)
    (build-system gnu-build-system)
    (inputs
@@ -3880,7 +3880,7 @@ This package contains the complete tree of texmf-dist data.")
 (define-public texlive
   (package
    (name "texlive")
-   (version "2016")
+   (version "2017")
    (source #f)
    (build-system trivial-build-system)
    (inputs `(("bash" ,bash) ; for wrap-program
@@ -3939,81 +3939,6 @@ This package contains the complete TeX Live distribution.")
    (license (license:fsf-free "https://www.tug.org/texlive/copying.html"))
    (home-page "https://www.tug.org/texlive/")))
 
-
-;; texlive-texmf-minimal is a pruned, small version of the texlive tree,
-;; in particular dropping documentation and fonts.  It weighs in at 470 MiB
-;; instead of 4 GiB.
-(define texlive-texmf-minimal
-  (package (inherit texlive-texmf)
-   (name "texlive-texmf-minimal")
-   (arguments
-    (substitute-keyword-arguments
-     (package-arguments texlive-texmf)
-     ((#:modules modules)
-      `((ice-9 ftw)
-        (srfi srfi-1)
-        ,@modules))
-     ((#:phases phases)
-      `(modify-phases ,phases
-         (add-after 'unpack 'prune
-           (lambda _
-             (define (delete subdir exclude)
-               "Delete all files and directories in SUBDIR except for those
-given in the list EXCLUDE."
-               (with-directory-excursion subdir
-                 (for-each delete-file-recursively
-                           (lset-difference equal?
-                                            (scandir ".")
-                                            (append '("." "..")
-                                                    exclude)))))
-             (with-directory-excursion "texmf-dist"
-               (for-each delete-file-recursively
-                         '("doc" "source" "tex4ht"))
-               ;; Delete all subdirectories of "fonts", except for "tfm" and
-               ;; any directories named "cm".
-               (delete "fonts" '("afm" "map" "pk" "source" "tfm" "type1"))
-               (delete "fonts/afm" '("public"))
-               (delete "fonts/afm/public" '("amsfonts"))
-               (delete "fonts/afm/public/amsfonts" '("cm"))
-               (delete "fonts/map" '("dvips"))
-               (delete "fonts/map/dvips" '("cm"))
-               (delete "fonts/source" '("public"))
-               (delete "fonts/source/public" '("cm"))
-               (delete "fonts/tfm" '("public"))
-               (delete "fonts/type1" '("public"))
-               (delete "fonts/type1/public" '("amsfonts"))
-               (delete "fonts/type1/public/amsfonts" '("cm")))
-             #t))))))
-   (description
-    "TeX Live provides a comprehensive TeX document production system.
-It includes all the major TeX-related programs, macro packages, and fonts
-that are free software, including support for many languages around the
-world.
-
-This package contains a small subset of the texmf-dist data.")))
-
-
-;; texlive-minimal is the same as texlive, but using texlive-texmf-minimal
-;; instead of the full texlive-texmf. It can be used, for instance, as a
-;; native input to packages that need texlive to build their documentation.
-(define-public texlive-minimal
-  (package (inherit texlive)
-   (name "texlive-minimal")
-   (inputs
-    `(("texlive-texmf" ,texlive-texmf-minimal)
-      ,@(alist-delete "texlive-texmf" (package-inputs texlive))))
-   (native-search-paths
-    (list (search-path-specification
-           (variable "TEXMFLOCAL")
-           (files '("share/texmf-local")))))
-   (description
-    "TeX Live provides a comprehensive TeX document production system.
-It includes all the major TeX-related programs, macro packages, and fonts
-that are free software, including support for many languages around the
-world.
-
-This package contains a small working part of the TeX Live distribution.")))
-
 (define-public perl-text-bibtex
   (package
     (name "perl-text-bibtex")
@@ -4058,8 +3983,8 @@ values (strings, macros, or numbers) pasted together.")
 
 (define-public biber
   (package
-    (name "biber-next")
-    (version "2.6")
+    (name "biber")
+    (version "2.7")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/plk/biber/archive/v"
@@ -4067,7 +3992,7 @@ values (strings, macros, or numbers) pasted together.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "158smzgjhjvyabdv97si5q88zjj5l8j1zbfnddvzy6fkpfhskgkp"))))
+                "17wd80jg98qyddhvz4cin8779ycvppaf2va77r1lyvymjz6w9bx0"))))
     (build-system perl-build-system)
     (arguments
      `(#:phases
@@ -4136,33 +4061,6 @@ values (strings, macros, or numbers) pasted together.")
 other things it comes with full Unicode support.")
     (license license:artistic2.0)))
 
-;; Our version of texlive comes with biblatex 3.4, which is only compatible
-;; with biber 2.5 according to the compatibility matrix in the biber
-;; documentation.
-(define-public biber-2.5
-  (package (inherit biber)
-    (name "biber")
-    (version "2.5")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "https://github.com/plk/biber/archive/v"
-                                  version ".tar.gz"))
-              (file-name (string-append name "-" version ".tar.gz"))
-              (sha256
-               (base32
-                "163sd343wkrzwnvj2003m2j0kz517jmjr4savw6f8bjxhj8fdrqv"))))
-    (arguments
-     (substitute-keyword-arguments (package-arguments biber)
-       ((#:phases phases)
-        `(modify-phases ,phases
-           (add-before 'check 'delete-failing-test
-             (lambda _
-               (delete-file "t/sort-order.t")
-               #t))))))
-    (inputs
-     `(("perl-date-simple" ,perl-date-simple)
-       ,@(package-inputs biber)))))
-
 (define-public rubber
   (package
     (name "rubber")
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 58ec9ff5ec..9d3e9d9e97 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
@@ -8,6 +8,7 @@
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -53,8 +54,8 @@
 (define-public libtasn1
   (package
     (name "libtasn1")
+    (version "4.12")
     (replacement libtasn1/fixed)
-    (version "4.10")
     (source
      (origin
       (method url-fetch)
@@ -62,7 +63,7 @@
                           version ".tar.gz"))
       (sha256
        (base32
-        "00jsix5hny0g768zv4hk78dib7w0qmk5fbizf4jj37r51nd4s6k8"))))
+        "0ls7jdq3y5fnrwg0pzhq11m21r8pshac2705bczz6mqjc8pdllv7"))))
     (build-system gnu-build-system)
     (native-inputs `(("perl" ,perl)))
     (home-page "https://www.gnu.org/software/libtasn1/")
@@ -77,12 +78,9 @@ specifications.")
 (define libtasn1/fixed
   (package
     (inherit libtasn1)
-    (source
-      (origin
-        (inherit (package-source libtasn1))
-        (patches
-          (search-patches "libtasn1-CVE-2017-6891.patch"
-                          "libtasn1-CVE-2017-10790.patch"))))))
+    (source (origin
+              (inherit (package-source libtasn1))
+              (patches (search-patches "libtasn1-CVE-2017-10790.patch"))))))
 
 (define-public asn1c
   (package
@@ -147,8 +145,7 @@ living in the same process.")
 (define-public gnutls
   (package
     (name "gnutls")
-    (replacement gnutls-3.5.13)
-    (version "3.5.9")
+    (version "3.5.13")
     (source (origin
              (method url-fetch)
              (uri
@@ -157,15 +154,16 @@ living in the same process.")
               (string-append "mirror://gnupg/gnutls/v"
                              (version-major+minor version)
                              "/gnutls-" version ".tar.xz"))
+             (patches
+              (search-patches "gnutls-skip-trust-store-test.patch"
+                              "gnutls-skip-pkgconfig-test.patch"))
              (sha256
               (base32
-               "0l9971841jsfdcvcyhas17sk5rsby6x5vvwcmmj4x3zi9q60zcc2"))))
+               "15ihq6p0hnnhs8cnjrkj40dmlcaa1jjg8xg0g2ydbnlqs454ixbr"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags
-       (list (string-append "--with-guile-site-dir="
-                            (assoc-ref %outputs "out")
-                            "/share/guile/site/2.0")
+       (list
              ;; GnuTLS doesn't consult any environment variables to specify
              ;; the location of the system-wide trust store.  Instead it has a
              ;; configure-time option.  Unless specified, its configure script
@@ -202,7 +200,7 @@ living in the same process.")
        ("pkg-config" ,pkg-config)
        ("which" ,which)))
     (inputs
-     `(("guile" ,guile-2.0)))
+     `(("guile" ,guile-2.2)))
     (propagated-inputs
      ;; These are all in the 'Requires.private' field of gnutls.pc.
      `(("libtasn1" ,libtasn1)
@@ -220,43 +218,21 @@ required structures.")
     (properties '((ftp-server . "ftp.gnutls.org")
                   (ftp-directory . "/gcrypt/gnutls")))))
 
-(define gnutls-3.5.13               ;GNUTLS-SA-2017-{3,4}
-  (package
-    (inherit gnutls)
-    ;; We use 'D' instead of '13' here to keep the store file name at
-    ;; the same length. See <https://bugs.gnu.org/27308>.
-    (version "3.5.D")
-    (source (origin
-              (method url-fetch)
-              (uri
-               (string-append "mirror://gnupg/gnutls/v"
-                              (version-major+minor version)
-                              "/gnutls-3.5.13.tar.xz"))
-              (patches
-               (search-patches "gnutls-skip-trust-store-test.patch"
-                               "gnutls-skip-pkgconfig-test.patch"))
-              (sha256
-               (base32
-                "15ihq6p0hnnhs8cnjrkj40dmlcaa1jjg8xg0g2ydbnlqs454ixbr"))))))
-
 (define-public gnutls/guile-2.2
-  ;; GnuTLS for Guile 2.2.  This is supported by GnuTLS >= 3.5.5.
+  (deprecated-package "guile2.2-gnutls" gnutls))
+
+(define-public gnutls/guile-2.0
+  ;; GnuTLS for Guile 2.0.
   (package
     (inherit gnutls)
-    (source (package-source gnutls-3.5.13))
-    (name "guile2.2-gnutls")
-    (arguments
-     ;; Remove '--with-guile-site-dir=…/2.0'.
-     (substitute-keyword-arguments (package-arguments gnutls)
-       ((#:configure-flags flags)
-        `(cdr ,flags))))
-    (inputs `(("guile" ,guile-2.2)
+    (name "guile2.0-gnutls")
+    (inputs `(("guile" ,guile-2.0)
               ,@(alist-delete "guile" (package-inputs gnutls))))))
 
 (define-public openssl
   (package
    (name "openssl")
-   (version "1.0.2k")
+   (version "1.0.2l")
    (source (origin
              (method url-fetch)
              (uri (list (string-append "ftp://ftp.openssl.org/source/"
@@ -266,7 +242,14 @@ required structures.")
                                        "/" name "-" version ".tar.gz")))
              (sha256
               (base32
-               "1h6qi35w6hv6rd73p4cdgdzg732pdrfgpp37cgwz1v9a3z37ffbb"))
+               "037kvpisc6qh5dkppcwbm5bg2q800xh2hma3vghz8xcycmdij1yf"))
+             (snippet
+              '(begin
+                 ;; Remove ELF files.  'substitute*' can't read them.
+                 (delete-file "test/ssltest_old")
+                 (delete-file "test/v3ext")
+                 (delete-file "test/x509aux")
+                 #t))
              (patches (search-patches "openssl-runpath.patch"
                                       "openssl-c-rehash-in.patch"))))
    (build-system gnu-build-system)
@@ -615,32 +598,19 @@ certificates for free.")
 (define-public perl-net-ssleay
   (package
     (name "perl-net-ssleay")
-    (version "1.68")
+    (version "1.81")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
                                   "Net-SSLeay-" version ".tar.gz"))
               (sha256
                (base32
-                "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p"))))
+                "0z8vya34g88bc41kx955sv7y4niwbbywji8liqbl52v29qbvdjq0"))))
     (build-system perl-build-system)
-    (native-inputs
-     `(("patch" ,patch)
-       ("patch/disable-ede-test"
-        ,(search-patch "perl-net-ssleay-disable-ede-test.patch"))))
     (inputs `(("openssl" ,openssl)))
     (arguments
      `(#:phases
        (modify-phases %standard-phases
-         (add-after
-          'unpack 'apply-patch
-          (lambda* (#:key inputs #:allow-other-keys)
-            ;; XXX We apply this patch here instead of in the 'origin' because
-            ;; this package's build system fails badly when the source file
-            ;; times are zeroed.
-            ;; XXX Try removing this patch for perl-net-ssleay > 1.68
-            (zero? (system* "patch" "--force" "-p1" "-i"
-                            (assoc-ref inputs "patch/disable-ede-test")))))
          (add-before
           'configure 'set-ssl-prefix
           (lambda* (#:key inputs #:allow-other-keys)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 5459a3051d..54fd410df7 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -1025,6 +1025,13 @@ to perl-code, for faster generation of access_log lines.")
         (base32
          "02afhlrdq5hh5g8b32fa79fqq5i76qzwfqqvfi9zi57h31szl536"))))
     (build-system perl-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'set-env
+           ;; Fix the build with Perl 5.26.0. Try removing this phase for later
+           ;; versions of perl-authen-sasl.
+           (lambda _ (setenv "PERL_USE_UNSAFE_INC" "1") #t)))))
     (propagated-inputs
      `(("perl-digest-hmac" ,perl-digest-hmac)
        ("perl-gssapi" ,perl-gssapi)))
@@ -1969,7 +1976,11 @@ with Encode::decode(locale => $string).")
     (build-system perl-build-system)
     (arguments
      ;; Tests expect to query files at http://stupidfool.org/perl/feeds/
-     `(#:tests? #f))
+     `(#:tests? #f
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'set-env
+           (lambda _ (setenv "PERL_USE_UNSAFE_INC" "1"))))))
     (inputs
      `(("perl-class-errorhandler" ,perl-class-errorhandler)
        ("perl-html-parser" ,perl-html-parser)
@@ -2157,15 +2168,15 @@ in tables within an HTML document, either as text or encoded element trees.")
 (define-public perl-html-tree
   (package
     (name "perl-html-tree")
-    (version "5.03")
+    (version "5.06")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/C/CJ/CJM/"
+       (uri (string-append "mirror://cpan/authors/id/K/KE/KENTNL/"
                            "HTML-Tree-" version ".tar.gz"))
        (sha256
         (base32
-         "13qlqbpixw470gnck0xgny8hyjj576m8y24bba2p9ai2lvy76vbx"))))
+         "0vjk4xrybjqs511qrh9cymhpbg9m3jjqr52qr035k6nzrccyndlw"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-module-build" ,perl-module-build)
@@ -2458,6 +2469,8 @@ supported.")
         (base32
          "02d84xq1mm53c7jl33qyb7v5w4372vydp74z6qj0vc96wcrnhkkr"))))
     (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)))
     (home-page "http://search.cpan.org/dist/HTTP-Parser-XS")
     (synopsis "Fast HTTP request parser")
     (description "HTTP::Parser::XS is a fast, primitive HTTP request/response
@@ -2504,7 +2517,16 @@ environment from an HTTP::Request.")
     (arguments
      ;; See the discussion of a related tests issue at
      ;; https://lists.gnu.org/archive/html/guix-devel/2015-01/msg00346.html
-     `(#:tests? #f))
+     `(#:tests? #f
+
+       #:phases (modify-phases %standard-phases
+                   (add-before 'configure 'set-search-path
+                     (lambda _
+                       ;; Work around "dotless @INC" build failure.
+                       (setenv "PERL5LIB"
+                               (string-append (getcwd) ":"
+                                              (getenv "PERL5LIB")))
+                       #t)))))
     (home-page "http://search.cpan.org/dist/HTTP-Server-Simple")
     (synopsis "Lightweight HTTP server")
     (description "HTTP::Server::Simple is a simple standalone HTTP daemon with
@@ -3206,6 +3228,7 @@ methods for WebSocket URIs as it does for HTTP URIs.")
     (native-inputs
      `(("perl-test-pod-coverage" ,perl-test-pod-coverage)
        ("perl-test-pod" ,perl-test-pod)
+       ("perl-module-install" ,perl-module-install)
        ("perl-json" ,perl-json)))
     (home-page "http://search.cpan.org/dist/URI-Template")
     (synopsis "Object for handling URI templates")
@@ -3228,7 +3251,18 @@ RFC 6570.")
                 "1fmp9aib1kaps9vhs4dwxn7b15kgnlz9f714bxvqsd1j1q8spzsj"))))
     (build-system perl-build-system)
     (arguments
-     '(#:tests? #f))                        ;XXX: tests require network access
+     '(#:tests? #f                          ;XXX: tests require network access
+
+       #:phases (modify-phases %standard-phases
+                   (add-before 'configure 'set-search-path
+                     (lambda _
+                       ;; Work around "dotless @INC" build failure.
+                       (setenv "PERL5LIB"
+                               (string-append (getcwd) ":"
+                                              (getenv "PERL5LIB")))
+                       #t)))))
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)))
     (inputs `(("curl" ,curl)))
     (synopsis "Perl extension interface for libcurl")
     (description
diff --git a/gnu/packages/wget.scm b/gnu/packages/wget.scm
index a73c68004d..3673ad5cc4 100644
--- a/gnu/packages/wget.scm
+++ b/gnu/packages/wget.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org>
-;;; Copyright © 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -41,11 +41,27 @@
       (uri (string-append "mirror://gnu/wget/wget-"
                           version ".tar.xz"))
       (patches (search-patches "wget-CVE-2017-6508.patch"
-                               "wget-fix-504-test-timeout.patch"))
+                               "wget-fix-504-test-timeout.patch"
+                               "wget-perl-5.26.patch"))
       (sha256
        (base32
         "1ljcfhbkdsd0zjfm520rbl1ai62fc34i7c45sfj244l8f6b0p58c"))))
     (build-system gnu-build-system)
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (add-before 'check 'disable-https-tests
+                    (lambda _
+                      ;; XXX: Skip TLS tests, which fail with "The
+                      ;; certificate's owner does not match hostname" as
+                      ;; reported at:
+                      ;; <https://lists.gnu.org/archive/html/bug-wget/2017-07/msg00012.html>.
+                      ;; The problem appears to be due to a change in GnuTLS
+                      ;; 3.5.12, whereby 'gnutls_x509_crt_check_hostname2' no
+                      ;; longer matches IP address against the 'CN' or
+                      ;; 'DNSname' fields of certificates.
+                      (substitute* "testenv/Makefile"
+                        (("SSL_TESTS=1") ""))
+                      #t)))))
     (inputs
      `(("gnutls" ,gnutls)
        ("libidn2" ,libidn2)
diff --git a/gnu/packages/wine.scm b/gnu/packages/wine.scm
index 650352f58f..513b0eb999 100644
--- a/gnu/packages/wine.scm
+++ b/gnu/packages/wine.scm
@@ -66,8 +66,7 @@
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)
                      ("gettext" ,gettext-minimal)
-                     ; A bug in flex prevents building with flex-2.6.3.
-                     ("flex" ,flex-2.6.1)
+                     ("flex" ,flex)
                      ("bison" ,bison)
                      ("perl" ,perl)))
     (inputs
diff --git a/gnu/packages/wm.scm b/gnu/packages/wm.scm
index 6e458bfdef..2b6ea4f235 100644
--- a/gnu/packages/wm.scm
+++ b/gnu/packages/wm.scm
@@ -225,14 +225,14 @@ developers.")
 (define-public perl-anyevent-i3
   (package
     (name "perl-anyevent-i3")
-    (version "0.16")
+    (version "0.17")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/M/MS/MSTPLBG/"
                                   "AnyEvent-I3-" version ".tar.gz"))
               (sha256
                (base32
-                "1qwva5vmmn929l6k9wzhp4h80ad4qm4m1g2dyv4nlas624003hig"))))
+                "0qvd9bq16jyy7v3ma82qcnvz9j503bw0mh7h55gkjf7ir62ck0jk"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-anyevent" ,perl-anyevent)
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 31d39ea1ff..7150fb28da 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -279,7 +279,7 @@ rasterisation.")
 (define-public libdrm
   (package
     (name "libdrm")
-    (version "2.4.80")
+    (version "2.4.81")
     (source
       (origin
         (method url-fetch)
@@ -289,7 +289,7 @@ rasterisation.")
                ".tar.bz2"))
         (sha256
          (base32
-          "1wa9cnzf60xwx67zq9ay48xr3j3sn1z80q77jpbzmkg906b52am8"))
+          "1bhimr6za2ddisrvrv1qqd7c2a59s7jc954sjycq2w68b8cmrh4c"))
         (patches (search-patches "libdrm-symbol-check.patch"))))
     (build-system gnu-build-system)
     (inputs
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 143b8d1f6a..44fa48af8c 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -55,17 +55,15 @@
 (define-public expat
   (package
     (name "expat")
-    (version "2.2.0")
+    (version "2.2.1")
     (replacement expat-2.2.2)
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://sourceforge/expat/expat/"
                                  version "/expat-" version ".tar.bz2"))
-             (patches
-               (search-patches "expat-CVE-2016-0718-fix-regression.patch"))
              (sha256
               (base32
-               "1zq4lnwjlw8s9mmachwfvfjf2x3lk24jm41746ykhdcvs7r0zrfr"))))
+               "11c8jy1wvllvlk7xdc5cm8hdhg0hvs8j0aqy6s702an8wkdcls0q"))))
     (build-system gnu-build-system)
     (home-page "http://www.libexpat.org/")
     (synopsis "Stream-oriented XML parser library written in C")
@@ -241,6 +239,7 @@ the @code{Graph} class and write it out in a specific file format.")
     (native-inputs
      `(("perl-datetime" ,perl-datetime)
        ;; TODO package: perl-datetime-format-atom
+       ("perl-module-install" ,perl-module-install)
        ("perl-xml-xpath" ,perl-xml-xpath)))
     (inputs
      `(("perl-class-data-inheritable" ,perl-class-data-inheritable)
@@ -436,7 +435,7 @@ libxslt library.")
 (define-public perl-xml-namespacesupport
   (package
     (name "perl-xml-namespacesupport")
-    (version "1.11")
+    (version "1.12")
     (source
      (origin
        (method url-fetch)
@@ -444,7 +443,7 @@ libxslt library.")
                            "XML-NamespaceSupport-" version ".tar.gz"))
        (sha256
         (base32
-         "1sklgcldl3w6gn706vx1cgz6pm4y5lfgsjxnfqyk20pilgq530bd"))))
+         "1vz5pbi4lm5fhq2slrs2hlp6bnk29863abgjlcx43l4dky2rbsa7"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/XML-NamespaceSupport")
     (synopsis "XML namespace support class")
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index b50807702b..9e003bb51b 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -57,6 +57,7 @@
   #:use-module (gnu packages llvm)
   #:use-module (gnu packages m4)
   #:use-module (gnu packages ncurses)
+  #:use-module (gnu packages pciutils)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
@@ -1112,8 +1113,29 @@ themselves.")
           (base32
             "16dr80rdw5bzdyhahvilfjrflj7scs2yl2mmghsb84f3nglm8b3m"))))
     (build-system gnu-build-system)
+    (arguments
+     '(;; Make sure libpciaccess can read compressed 'pci.ids' files as
+       ;; provided by pciutils.
+       #:configure-flags
+       (list "--with-zlib"
+             (string-append "--with-pciids-path="
+                            (assoc-ref %build-inputs "pciutils")
+                            "/share/hwdata"))
+
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'add-L-zlib
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             ;; Provide '-LZLIB/lib' next to '-lz' in the .la file.
+             (let ((zlib (assoc-ref inputs "zlib"))
+                   (out  (assoc-ref outputs "out")))
+               (substitute* (string-append out "/lib/libpciaccess.la")
+                 (("-lz")
+                  (string-append "-L" zlib "/lib -lz")))
+               #t))))))
     (inputs
-      `(("zlib" ,zlib)))
+     `(("zlib" ,zlib)
+       ("pciutils" ,pciutils)))                   ;for 'pci.ids.gz'
     (native-inputs
        `(("pkg-config" ,pkg-config)))
     (home-page "https://www.x.org/wiki/")
@@ -1125,7 +1147,7 @@ themselves.")
 (define-public libpthread-stubs
   (package
     (name "libpthread-stubs")
-    (version "0.3")
+    (version "0.4")
     (source
       (origin
         (method url-fetch)
@@ -1135,7 +1157,7 @@ themselves.")
                ".tar.bz2"))
         (sha256
           (base32
-            "16bjv3in19l84hbri41iayvvg4ls9gv1ma0x0qlbmwy67i7dbdim"))))
+            "0cz7s9w8lqgzinicd4g36rjg08zhsbyngh0w68c3np8nlc8mkl74"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)))
     (home-page "https://www.x.org/wiki/")
@@ -1558,7 +1580,7 @@ by the legacy X11 font system.")
 (define-public presentproto
   (package
     (name "presentproto")
-    (version "1.0")
+    (version "1.1")
     (source
       (origin
         (method url-fetch)
@@ -1568,7 +1590,7 @@ by the legacy X11 font system.")
                ".tar.bz2"))
         (sha256
           (base32
-            "1kir51aqg9cwazs14ivcldcn3mzadqgykc9cg87rm40zf947sb41"))))
+            "1f96dlgfwhsd0834z8ydjzjnb0cwha5r6lxgia4say4zhsl276zn"))))
     (build-system gnu-build-system)
     (home-page "https://www.x.org/wiki/")
     (synopsis "Xorg PresentProto protocol headers")
@@ -1819,7 +1841,7 @@ management to participate in an X11R6 session.")
 (define-public util-macros
   (package
     (name "util-macros")
-    (version "1.19.0")
+    (version "1.19.1")
     (source
       (origin
         (method url-fetch)
@@ -1829,7 +1851,7 @@ management to participate in an X11R6 session.")
                ".tar.bz2"))
         (sha256
           (base32
-            "1fnhpryf55l0yqajxn0cxan3kvsjzi67nlanz8clwqzf54cb2d98"))))
+            "19h6wflpmh7xxqr6lk5z8pds6r9r0dn7ijbvaacymx2q0m05km0q"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)))
     (arguments
@@ -3792,7 +3814,7 @@ extension to the X11 protocol.  It includes:
 (define-public xkeyboard-config
   (package
     (name "xkeyboard-config")
-    (version "2.20")
+    (version "2.21")
     (source
       (origin
         (method url-fetch)
@@ -3802,7 +3824,7 @@ extension to the X11 protocol.  It includes:
               ".tar.bz2"))
         (sha256
           (base32
-            "0d619g4r0w1f6q5qmaqjnsc0956gi02fqgpisqffzqy4acjwggyi"))))
+            "1iffxpchy6dfgbby23nfsqqk17h9lfddlmjnhwagqag1z94p1h9h"))))
     (build-system gnu-build-system)
     (inputs
       `(("gettext" ,gettext-minimal)
diff --git a/gnu/system.scm b/gnu/system.scm
index fdb5be287e..6b35e3c0c7 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -514,10 +514,16 @@ explicitly appear in OS."
 
          bash-completion
 
+         ;; XXX: We don't use (canonical-package guile-2.2) here because that
+         ;; would create a collision in the global profile between the GMP
+         ;; variant propagated by 'guile-final' and the GMP variant propagated
+         ;; by 'gnutls', itself propagated by 'guix'.
+         guile-2.2
+
          ;; The packages below are also in %FINAL-INPUTS, so take them from
          ;; there to avoid duplication.
          (map canonical-package
-              (list guile-2.2 bash coreutils-8.27 findutils grep sed
+              (list bash coreutils findutils grep sed
                     diffutils patch gawk tar gzip bzip2 xz lzip))))
 
 (define %default-issue
diff --git a/gnu/tests/ssh.scm b/gnu/tests/ssh.scm
index 05a8d35476..41be360355 100644
--- a/gnu/tests/ssh.scm
+++ b/gnu/tests/ssh.scm
@@ -52,7 +52,7 @@ When SFTP? is true, run an SFTP server test."
           (eval-when (expand load eval)
             ;; Prepare to use Guile-SSH.
             (set! %load-path
-              (cons (string-append #+guile2.0-ssh "/share/guile/site/"
+              (cons (string-append #+guile-ssh "/share/guile/site/"
                                    (effective-version))
                     %load-path)))
 
diff --git a/guix/build-system/cmake.scm b/guix/build-system/cmake.scm
index 25ac262d5d..ee116c5a4c 100644
--- a/guix/build-system/cmake.scm
+++ b/guix/build-system/cmake.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013 Cyril Roelandt <tipecaml@gmail.com>
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -56,24 +57,38 @@
                 #:rest arguments)
   "Return a bag for NAME."
   (define private-keywords
-    '(#:source #:target #:cmake #:inputs #:native-inputs))
-
-  (and (not target)                               ;XXX: no cross-compilation
-       (bag
-         (name name)
-         (system system)
-         (host-inputs `(,@(if source
-                              `(("source" ,source))
-                              '())
-                        ,@inputs
-
-                        ;; Keep the standard inputs of 'gnu-build-system'.
-                        ,@(standard-packages)))
-         (build-inputs `(("cmake" ,cmake)
-                         ,@native-inputs))
-         (outputs outputs)
-         (build cmake-build)
-         (arguments (strip-keyword-arguments private-keywords arguments)))))
+    `(#:source #:cmake #:inputs #:native-inputs #:outputs
+      ,@(if target '() '(#:target))))
+
+  (bag
+    (name name)
+    (system system)
+    (target target)
+    (build-inputs `(,@(if source
+                          `(("source" ,source))
+                          '())
+                    ,@`(("cmake" ,cmake))
+                    ,@native-inputs
+                    ,@(if target
+                          ;; Use the standard cross inputs of
+                          ;; 'gnu-build-system'.
+                          (standard-cross-packages target 'host)
+                          '())
+                    ;; Keep the standard inputs of 'gnu-build-system'.
+                    ,@(standard-packages)))
+    (host-inputs inputs)
+
+    ;; The cross-libc is really a target package, but for bootstrapping
+    ;; reasons, we can't put it in 'host-inputs'.  Namely, 'cross-gcc' is a
+    ;; native package, so it would end up using a "native" variant of
+    ;; 'cross-libc' (built with 'gnu-build'), whereas all the other packages
+    ;; would use a target variant (built with 'gnu-cross-build'.)
+    (target-inputs (if target
+                       (standard-cross-packages target 'target)
+                       '()))
+    (outputs outputs)
+    (build (if target cmake-cross-build cmake-build))
+    (arguments (strip-keyword-arguments private-keywords arguments))))
 
 (define* (cmake-build store name inputs
                       #:key (guile #f)
@@ -145,6 +160,115 @@ provides a 'CMakeLists.txt' file as its build system."
                                 #:outputs outputs
                                 #:guile-for-build guile-for-build))
 
+
+;;;
+;;; Cross-compilation.
+;;;
+
+(define* (cmake-cross-build store name
+                            #:key
+                            target native-drvs target-drvs
+                            (guile #f)
+                            (outputs '("out"))
+                            (configure-flags ''())
+                            (search-paths '())
+                            (native-search-paths '())
+                            (make-flags ''())
+                            (out-of-source? #t)
+                            (build-type "RelWithDebInfo")
+                            (tests? #f) ; nothing can be done
+                            (test-target "test")
+                            (parallel-build? #t) (parallel-tests? #f)
+                            (validate-runpath? #t)
+                            (patch-shebangs? #t)
+                            (strip-binaries? #t)
+                            (strip-flags ''("--strip-debug"
+                                            "--enable-deterministic-archives"))
+                            (strip-directories ''("lib" "lib64" "libexec"
+                                                  "bin" "sbin"))
+                            (phases '(@ (guix build cmake-build-system)
+                                        %standard-phases))
+                            (system (%current-system))
+                            (build (nix-system->gnu-triplet system))
+                            (imported-modules %cmake-build-system-modules)
+                            (modules '((guix build cmake-build-system)
+                                       (guix build utils))))
+  "Cross-build NAME using CMAKE for TARGET, where TARGET is a GNU triplet and
+with INPUTS.  This assumes that SOURCE provides a 'CMakeLists.txt' file as its
+build system."
+  (define builder
+    `(begin
+       (use-modules ,@modules)
+       (let ()
+         (define %build-host-inputs
+           ',(map (match-lambda
+                    ((name (? derivation? drv) sub ...)
+                     `(,name . ,(apply derivation->output-path drv sub)))
+                    ((name path)
+                     `(,name . ,path)))
+                  native-drvs))
+
+         (define %build-target-inputs
+           ',(map (match-lambda
+                    ((name (? derivation? drv) sub ...)
+                     `(,name . ,(apply derivation->output-path drv sub)))
+                    ((name (? package? pkg) sub ...)
+                     (let ((drv (package-cross-derivation store pkg
+                                                          target system)))
+                       `(,name . ,(apply derivation->output-path drv sub))))
+                    ((name path)
+                     `(,name . ,path)))
+                  target-drvs))
+
+         (cmake-build #:source ,(match (assoc-ref native-drvs "source")
+                                  (((? derivation? source))
+                                   (derivation->output-path source))
+                                  ((source)
+                                   source)
+                                  (source
+                                   source))
+                      #:system ,system
+                      #:build ,build
+                      #:target ,target
+                      #:outputs %outputs
+                      #:inputs %build-target-inputs
+                      #:native-inputs %build-host-inputs
+                      #:search-paths ',(map search-path-specification->sexp
+                                            search-paths)
+                      #:native-search-paths ',(map
+                                               search-path-specification->sexp
+                                               native-search-paths)
+                      #:phases ,phases
+                      #:configure-flags ,configure-flags
+                      #:make-flags ,make-flags
+                      #:out-of-source? ,out-of-source?
+                      #:build-type ,build-type
+                      #:tests? ,tests?
+                      #:test-target ,test-target
+                      #:parallel-build? ,parallel-build?
+                      #:parallel-tests? ,parallel-tests?
+                      #:validate-runpath? ,validate-runpath?
+                      #:patch-shebangs? ,patch-shebangs?
+                      #:strip-binaries? ,strip-binaries?
+                      #:strip-flags ,strip-flags
+                      #:strip-directories ,strip-directories))))
+
+  (define guile-for-build
+    (match guile
+      ((? package?)
+       (package-derivation store guile system #:graft? #f))
+      (#f                               ; the default
+       (let* ((distro (resolve-interface '(gnu packages commencement)))
+              (guile  (module-ref distro 'guile-final)))
+         (package-derivation store guile system #:graft? #f)))))
+
+  (build-expression->derivation store name builder
+                                #:system system
+                                #:inputs (append native-drvs target-drvs)
+                                #:outputs outputs
+                                #:modules imported-modules
+                                #:guile-for-build guile-for-build))
+
 (define cmake-build-system
   (build-system
     (name 'cmake)
diff --git a/guix/build-system/gnu.scm b/guix/build-system/gnu.scm
index 7cf0cafc0f..047ace7e6b 100644
--- a/guix/build-system/gnu.scm
+++ b/guix/build-system/gnu.scm
@@ -30,6 +30,7 @@
             gnu-build
             gnu-build-system
             standard-packages
+            standard-cross-packages
             package-with-explicit-inputs
             package-with-extra-configure-variable
             static-libgcc-package
diff --git a/guix/build/cmake-build-system.scm b/guix/build/cmake-build-system.scm
index 27f2b5c872..128ab28fe5 100644
--- a/guix/build/cmake-build-system.scm
+++ b/guix/build/cmake-build-system.scm
@@ -32,7 +32,7 @@
 ;; Code:
 
 (define* (configure #:key outputs (configure-flags '()) (out-of-source? #t)
-                    build-type
+                    build-type target
                     #:allow-other-keys)
   "Configure the given package."
   (let* ((out        (assoc-ref outputs "out"))
@@ -59,6 +59,15 @@
                   ,(string-append "-DCMAKE_INSTALL_RPATH=" out "/lib")
                   ;; enable verbose output from builds
                   "-DCMAKE_VERBOSE_MAKEFILE=ON"
+
+                  ;;  Cross-build
+                  ,@(if target
+                        (list (string-append "-DCMAKE_C_COMPILER="
+                                             target "-gcc")
+                              (if (string-contains target "mingw")
+                                  "-DCMAKE_SYSTEM_NAME=Windows"
+                                  "-DCMAKE_SYSTEM_NAME=Linux"))
+                        '())
                   ,@configure-flags)))
       (format #t "running 'cmake' with arguments ~s~%" args)
       (zero? (apply system* "cmake" args)))))
diff --git a/guix/build/gnu-build-system.scm b/guix/build/gnu-build-system.scm
index 1786e2e3c9..e37b751403 100644
--- a/guix/build/gnu-build-system.scm
+++ b/guix/build/gnu-build-system.scm
@@ -39,6 +39,13 @@
 ;;
 ;; Code:
 
+(cond-expand
+  (guile-2.2
+   ;; Guile 2.2.2 has a bug whereby 'time-monotonic' objects have seconds and
+   ;; nanoseconds swapped (fixed in Guile commit 886ac3e).  Work around it.
+   (define time-monotonic time-tai))
+  (else #t))
+
 (define* (set-SOURCE-DATE-EPOCH #:rest _)
   "Set the 'SOURCE_DATE_EPOCH' environment variable.  This is used by tools
 that incorporate timestamps as a way to tell them to use a fixed timestamp.
@@ -521,6 +528,25 @@ DOCUMENTATION-COMPRESSOR-FLAGS."
     ;; Return #t if FILE has hard links.
     (> (stat:nlink (lstat file)) 1))
 
+  (define (points-to-symlink? symlink)
+    ;; Return #t if SYMLINK points to another symbolic link.
+    (let* ((target (readlink symlink))
+           (target-absolute (if (string-prefix? "/" target)
+                                target
+                                (string-append (dirname symlink)
+                                               "/" target))))
+      (catch 'system-error
+        (lambda ()
+          (symbolic-link? target-absolute))
+        (lambda args
+          (if (= ENOENT (system-error-errno args))
+              (begin
+                (format (current-error-port)
+                        "The symbolic link '~a' target is missing: '~a'\n"
+                        symlink target-absolute)
+                #f)
+              (apply throw args))))))
+
   (define (maybe-compress-directory directory regexp)
     (or (not (directory-exists? directory))
         (match (find-files directory regexp)
@@ -538,12 +564,17 @@ DOCUMENTATION-COMPRESSOR-FLAGS."
                ;; Compress the non-symlink files, and adjust symlinks to refer
                ;; to the compressed files.  Leave files that have hard links
                ;; unchanged ('gzip' would refuse to compress them anyway.)
-               (and (zero? (apply system* documentation-compressor
-                                  (append documentation-compressor-flags
-                                          (remove has-links? regular-files))))
-                    (every retarget-symlink
-                           (filter (cut string-match regexp <>)
-                                   symlinks)))))))))
+               ;; Also, do not retarget symbolic links pointing to other
+               ;; symbolic links, since these are not compressed.
+               (and (every retarget-symlink
+                           (filter (lambda (symlink)
+                                     (and (not (points-to-symlink? symlink))
+                                          (string-match regexp symlink)))
+                                   symlinks))
+                    (zero?
+                     (apply system* documentation-compressor
+                            (append documentation-compressor-flags
+                                    (remove has-links? regular-files)))))))))))
 
   (define (maybe-compress output)
     (and (maybe-compress-directory (string-append output "/share/man")
diff --git a/guix/build/syscalls.scm b/guix/build/syscalls.scm
index 33a23edaac..55b0df3911 100644
--- a/guix/build/syscalls.scm
+++ b/guix/build/syscalls.scm
@@ -726,15 +726,19 @@ mounted at FILE."
 (cond-expand
   (guile-2.2
    (define %set-automatic-finalization-enabled?!
-     (let ((proc (pointer->procedure int
-                                     (dynamic-func
-                                      "scm_set_automatic_finalization_enabled"
-                                      (dynamic-link))
-                                     (list int))))
+     ;; When using a statically-linked Guile, for instance in the initrd, we
+     ;; cannot resolve this symbol, but most of the time we don't need it
+     ;; anyway.  Thus, delay it.
+     (let ((proc (delay
+                   (pointer->procedure int
+                                       (dynamic-func
+                                        "scm_set_automatic_finalization_enabled"
+                                        (dynamic-link))
+                                       (list int)))))
        (lambda (enabled?)
          "Switch on or off automatic finalization in a separate thread.
 Turning finalization off shuts down the finalization thread as a side effect."
-         (->bool (proc (if enabled? 1 0))))))
+         (->bool ((force proc) (if enabled? 1 0))))))
 
    (define-syntax-rule (without-automatic-finalization exp)
      "Turn off automatic finalization within the dynamic extent of EXP."
diff --git a/guix/build/utils.scm b/guix/build/utils.scm
index e8efb0653a..7391307c87 100644
--- a/guix/build/utils.scm
+++ b/guix/build/utils.scm
@@ -32,7 +32,12 @@
   #:use-module (rnrs bytevectors)
   #:use-module (rnrs io ports)
   #:re-export (alist-cons
-               alist-delete)
+               alist-delete
+
+               ;; Note: Re-export 'delete' to allow for proper syntax matching
+               ;; in 'modify-phases' forms.  See
+               ;; <https://debbugs.gnu.org/cgi/bugreport.cgi?bug=26805#16>.
+               delete)
   #:export (%store-directory
             store-file-name?
             strip-store-file-name
@@ -79,6 +84,7 @@
             fold-port-matches
             remove-store-references
             wrap-program
+            invoke
 
             locale-category->string))
 
@@ -574,6 +580,15 @@ Where every <*-phase-name> is an expression evaluating to a symbol, and
     ((_ phases (add-after old-phase-name new-phase-name new-phase))
      (alist-cons-after old-phase-name new-phase-name new-phase phases))))
 
+(define (invoke program . args)
+  "Invoke PROGRAM with the given ARGS.  Raise an error if the exit
+code is non-zero; otherwise return #t."
+  (let ((status (apply system* program args)))
+    (unless (zero? status)
+      (error (format #f "program ~s exited with non-zero code" program)
+             status))
+    #t))
+
 
 ;;;
 ;;; Text substitution (aka. sed).
diff --git a/guix/packages.scm b/guix/packages.scm
index f60303404f..3528db442f 100644
--- a/guix/packages.scm
+++ b/guix/packages.scm
@@ -581,7 +581,12 @@ specifies modules in scope when evaluating SNIPPET."
                                                     #:fail-on-error? #t)))))
                         (zero? (apply system*
                                       (string-append #+tar "/bin/tar")
-                                      "cvfa" #$output
+                                      "cvf" #$output
+                                      ;; The bootstrap xz does not support
+                                      ;; threaded compression (introduced in
+                                      ;; 5.2.0), but it ignores the extra flag.
+                                      (string-append "--use-compress-program="
+                                                     #+xz "/bin/xz --threads=0")
                                       ;; avoid non-determinism in the archive
                                       "--mtime=@0"
                                       "--owner=root:0"