summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--doc/guix.texi2
-rw-r--r--gnu-system.am9
-rw-r--r--gnu/packages/admin.scm6
-rw-r--r--gnu/packages/base.scm5
-rw-r--r--gnu/packages/bash.scm8
-rw-r--r--gnu/packages/bootstrap.scm38
-rw-r--r--gnu/packages/commencement.scm1
-rw-r--r--gnu/packages/cross-base.scm8
-rw-r--r--gnu/packages/ed.scm4
-rw-r--r--gnu/packages/emacs.scm3
-rw-r--r--gnu/packages/fontutils.scm4
-rw-r--r--gnu/packages/gcc.scm12
-rw-r--r--gnu/packages/gettext.scm5
-rw-r--r--gnu/packages/gnome.scm6
-rw-r--r--gnu/packages/gnupg.scm4
-rw-r--r--gnu/packages/gnuzilla.scm1
-rw-r--r--gnu/packages/haskell.scm5
-rw-r--r--gnu/packages/libidn.scm4
-rw-r--r--gnu/packages/libunistring.scm4
-rw-r--r--gnu/packages/linux.scm38
-rw-r--r--gnu/packages/lisp.scm5
-rw-r--r--gnu/packages/make-bootstrap.scm4
-rw-r--r--gnu/packages/multiprecision.scm14
-rw-r--r--gnu/packages/ninja.scm54
-rw-r--r--gnu/packages/patches/coreutils-dummy-man.patch21
-rw-r--r--gnu/packages/patches/gettext-msgunfmt.patch58
-rw-r--r--gnu/packages/patches/icecat-freetype-2.6.patch14
-rw-r--r--gnu/packages/patches/ninja-zero-mtime.patch19
-rw-r--r--gnu/packages/patches/subversion-sqlite-3.8.9-fix.patch73
-rw-r--r--gnu/packages/patches/unzip-CVE-2014-9636.patch41
-rw-r--r--gnu/packages/patches/unzip-allow-greater-hostver-values.patch16
-rw-r--r--gnu/packages/patches/unzip-increase-size-of-cfactorstr.patch18
-rw-r--r--gnu/packages/patches/unzip-initialize-symlink-flag.patch22
-rw-r--r--gnu/packages/patches/unzip-remove-build-date.patch19
-rw-r--r--gnu/packages/pcre.scm3
-rw-r--r--gnu/packages/perl.scm10
-rw-r--r--gnu/packages/python.scm50
-rw-r--r--gnu/packages/qt.scm3
-rw-r--r--gnu/packages/ssh.scm7
-rw-r--r--gnu/packages/texinfo.scm28
-rw-r--r--gnu/packages/tls.scm40
-rw-r--r--gnu/packages/version-control.scm20
-rw-r--r--gnu/packages/video.scm31
-rw-r--r--gnu/packages/web.scm23
-rw-r--r--gnu/packages/xdisorg.scm7
-rw-r--r--gnu/packages/zip.scm36
-rw-r--r--guix/build-system/gnu.scm4
-rw-r--r--guix/build/gnu-build-system.scm5
-rw-r--r--guix/build/python-build-system.scm15
-rw-r--r--guix/packages.scm48
-rw-r--r--tests/gexp.scm7
-rw-r--r--tests/packages.scm30
-rw-r--r--tests/size.scm19
53 files changed, 615 insertions, 316 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index d098e68eab..822aefa3a8 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -4455,7 +4455,7 @@ Intel/AMD @code{x86_64} architecture, Linux-Libre kernel;
 Intel 32-bit architecture (IA32), Linux-Libre kernel;
 
 @item armhf-linux
-ARMv7-A architecture with hard float, Thumb-2 and VFP3D16 coprocessor,
+ARMv7-A architecture with hard float, Thumb-2 and NEON,
 using the EABI hard-float ABI, and Linux-Libre kernel.
 
 @item mips64el-linux
diff --git a/gnu-system.am b/gnu-system.am
index fb661d4544..f67e0776c8 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -403,7 +403,6 @@ dist_patch_DATA =						\
   gnu/packages/patches/clang-libc-search-path.patch		\
   gnu/packages/patches/clucene-pkgconfig.patch			\
   gnu/packages/patches/cmake-fix-tests.patch			\
-  gnu/packages/patches/coreutils-dummy-man.patch		\
   gnu/packages/patches/cpio-CVE-2014-9112-pt1.patch		\
   gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch		\
   gnu/packages/patches/cpio-CVE-2014-9112-pt3.patch		\
@@ -441,7 +440,6 @@ dist_patch_DATA =						\
   gnu/packages/patches/gcc-libvtv-runpath.patch			\
   gnu/packages/patches/gcc-5.0-libvtv-runpath.patch		\
   gnu/packages/patches/geoclue-config.patch			\
-  gnu/packages/patches/gettext-msgunfmt.patch			\
   gnu/packages/patches/ghostscript-runpath.patch		\
   gnu/packages/patches/gitolite-openssh-6.8-compat.patch	\
   gnu/packages/patches/glib-tests-desktop.patch			\
@@ -473,6 +471,7 @@ dist_patch_DATA =						\
   gnu/packages/patches/hydra-automake-1.15.patch		\
   gnu/packages/patches/hydra-disable-darcs-test.patch		\
   gnu/packages/patches/icecat-enable-acceleration-and-webgl.patch \
+  gnu/packages/patches/icecat-freetype-2.6.patch		\
   gnu/packages/patches/icecat-libvpx-1.4.patch			\
   gnu/packages/patches/irrlicht-mesa-10.patch			\
   gnu/packages/patches/jbig2dec-ignore-testtest.patch		\
@@ -540,6 +539,7 @@ dist_patch_DATA =						\
   gnu/packages/patches/ngircd-handle-zombies.patch		\
   gnu/packages/patches/ngircd-no-dns-in-tests.patch		\
   gnu/packages/patches/ninja-tests.patch			\
+  gnu/packages/patches/ninja-zero-mtime.patch			\
   gnu/packages/patches/nss-pkgconfig.patch			\
   gnu/packages/patches/nvi-assume-preserve-path.patch		\
   gnu/packages/patches/nvi-dbpagesize-binpower.patch		\
@@ -625,6 +625,11 @@ dist_patch_DATA =						\
   gnu/packages/patches/unzip-CVE-2014-8139.patch		\
   gnu/packages/patches/unzip-CVE-2014-8140.patch		\
   gnu/packages/patches/unzip-CVE-2014-8141.patch		\
+  gnu/packages/patches/unzip-CVE-2014-9636.patch		\
+  gnu/packages/patches/unzip-allow-greater-hostver-values.patch	\
+  gnu/packages/patches/unzip-increase-size-of-cfactorstr.patch	\
+  gnu/packages/patches/unzip-initialize-symlink-flag.patch	\
+  gnu/packages/patches/unzip-remove-build-date.patch		\
   gnu/packages/patches/util-linux-tests.patch			\
   gnu/packages/patches/upower-builddir.patch			\
   gnu/packages/patches/valgrind-glibc-2.21.patch		\
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index b34a22806b..e1bb74c8cd 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -412,7 +412,11 @@ connection alive.")
                      (for-each patch-shebang
                                (find-files "bind-9.9.5-P1" ".*"))
                      (zero? (system* "tar" "cf" "bind.tar.gz"
-                                     "bind-9.9.5-P1"))))
+                                     "bind-9.9.5-P1"
+                                     ;; avoid non-determinism in the archive
+                                     "--mtime=@0"
+                                     "--owner=root:0"
+                                     "--group=root:0"))))
                  (alist-cons-after
                   'install 'post-install
                   (lambda* (#:key inputs outputs #:allow-other-keys)
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index c5b1a2226a..f35f619201 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -238,15 +238,14 @@ used to apply commands with arbitrarily long arguments.")
 (define-public coreutils
   (package
    (name "coreutils")
-   (version "8.23")
+   (version "8.24")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/coreutils/coreutils-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "0bdq6yggyl7nkc2pbl6pxhhyx15nyqhz3ds6rfn448n6rxdwlhzc"))
-            (patches (list (search-patch "coreutils-dummy-man.patch")))))
+              "0w11jw3fb5sslf0f72kxy7llxgk1ia3a6bcw0c9kmvxrlj355mx2"))))
    (build-system gnu-build-system)
    (inputs `(("acl"  ,acl)                        ; TODO: add SELinux
              ("gmp"  ,gmp)))
diff --git a/gnu/packages/bash.scm b/gnu/packages/bash.scm
index 45676f568b..6b2d0b855d 100644
--- a/gnu/packages/bash.scm
+++ b/gnu/packages/bash.scm
@@ -86,7 +86,13 @@
    (30 "0nrqb0m7s89qsrbfaffpilc5gcf82bx9yvgzld4hr79p5y54yhw5") ;CVE-2014-6278
    (31 "07d62bl3z7qa8v6kgk47vzzazw563mlk9zhrsr4xsbqgvmcrylnd")
    (32 "0jjgapfq4qhmndfrw8c3q3lva8xjdhlbd9cc631v41b0kb95g4w8")
-   (33 "05ma5rlxiadnfh925p4y7s0vvk917kmsdb1mfdx05gizl63pfapv")))
+   (33 "05ma5rlxiadnfh925p4y7s0vvk917kmsdb1mfdx05gizl63pfapv")
+   (34 "12gq9whkq3naa3iy7c7x5pfpvrg7d0kwqld8609zxphhy424ysgi")
+   (35 "1qy1jflmbazjykq766gwabkaiswnx7pwa66whqiny0w02zjqa39p")
+   (36 "0z6jbyy70lfdm6d3x0sbazbqdxb3xnpn9bmz7madpvrnbd284pxc")
+   (37 "04sqr8zkl6s5fccfvb775ppn3ldij5imria9swc39aq0fkfp1w9k")
+   (38 "0rv3g14mpgv8br267bf7rmgqlgwnc4v6g3g8y0sjba571i8amgmd")
+   (39 "1v3l3vkc3g2b6fjycqwlakr8xhiw6bmw6q0zd6bi0m0m4bnxr55b")))
 (define (download-patches store count)
   "Download COUNT Bash patches into store.  Return a list of
 number/base32-hash tuples, directly usable in the 'patch-series' form."
diff --git a/gnu/packages/bootstrap.scm b/gnu/packages/bootstrap.scm
index 1f0fe16688..f3c1c5a617 100644
--- a/gnu/packages/bootstrap.scm
+++ b/gnu/packages/bootstrap.scm
@@ -197,6 +197,33 @@ successful, or false to signal an error."
                             "guile-2.0.11.tar.xz")
                            (_
                             "guile-2.0.9.tar.xz"))))
+         ;; The following code, run by the bootstrap guile after it is
+         ;; unpacked, creates a wrapper for itself to set its load path.
+         ;; This replaces the previous non-portable method based on
+         ;; reading the /proc/self/exe symlink.
+         (make-guile-wrapper
+          '(begin
+             (use-modules (ice-9 match))
+             (match (command-line)
+               ((_ out bash)
+                (let ((bin-dir    (string-append out "/bin"))
+                      (guile      (string-append out "/bin/guile"))
+                      (guile-real (string-append out "/bin/.guile-real"))
+                      ;; We must avoid using a bare dollar sign in this code,
+                      ;; because it would be interpreted by the shell.
+                      (dollar     (string (integer->char 36))))
+                  (chmod bin-dir #o755)
+                  (rename-file guile guile-real)
+                  (call-with-output-file guile
+                    (lambda (p)
+                      (format p "\
+#!~a
+export GUILE_SYSTEM_PATH=~a/share/guile/2.0
+export GUILE_SYSTEM_COMPILED_PATH=~a/lib/guile/2.0/ccache
+exec -a \"~a0\" ~a \"~a@\"\n"
+                              bash out out dollar guile-real dollar)))
+                  (chmod guile   #o555)
+                  (chmod bin-dir #o555))))))
          (builder
           (add-text-to-store store
                              "build-bootstrap-guile.sh"
@@ -206,10 +233,17 @@ echo \"unpacking bootstrap Guile to '$out'...\"
 cd $out
 ~a -dc < ~a | ~a xv
 
+# Use the bootstrap guile to create its own wrapper to set the load path.
+GUILE_SYSTEM_PATH=$out/share/guile/2.0 \
+GUILE_SYSTEM_COMPILED_PATH=$out/lib/guile/2.0/ccache \
+$out/bin/guile -c ~s $out ~a
+
 # Sanity check.
 $out/bin/guile --version~%"
-                                     mkdir xz guile tar)
-                             (list mkdir xz guile tar))))
+                                     mkdir xz guile tar
+                                     (format #f "~s" make-guile-wrapper)
+                                     bash)
+                             (list mkdir xz guile tar bash))))
     (derivation store name
                 bash `(,builder)
                 #:system system
diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm
index 02a9a3632c..d3f239f5f7 100644
--- a/gnu/packages/commencement.scm
+++ b/gnu/packages/commencement.scm
@@ -284,6 +284,7 @@
   ;; because we don't need the stand-alone Info reader.
   ;; Also, use %BOOT0-INPUTS to avoid building Perl once more.
   (let ((texinfo (package (inherit texinfo)
+                   (native-inputs '())
                    (inputs (alist-delete "ncurses" (package-inputs texinfo))))))
     (package-with-bootstrap-guile
      (package-with-explicit-inputs texinfo %boot0-inputs
diff --git a/gnu/packages/cross-base.scm b/gnu/packages/cross-base.scm
index b5e07b81f0..eda44cea41 100644
--- a/gnu/packages/cross-base.scm
+++ b/gnu/packages/cross-base.scm
@@ -165,8 +165,7 @@ may be either a libc package or #f.)"
                   ;; Add the cross Linux headers to CROSS_CPATH, and remove them
                   ;; from CPATH.
                   (let ((libc  (assoc-ref inputs "libc"))
-                        (linux (assoc-ref inputs
-                                          "libc/linux-headers")))
+                        (linux (assoc-ref inputs "xlinux-headers")))
                     (define (cross? x)
                       ;; Return #t if X is a cross-libc or cross Linux.
                       (or (string-prefix? libc x)
@@ -245,6 +244,9 @@ GCC that does not target a libc; otherwise, target that libc."
                                (alist-delete "libc" %final-inputs))))
            (if libc
                `(("libc" ,libc)
+                 ("xlinux-headers"                ;the target headers
+                  ,@(assoc-ref (package-propagated-inputs libc)
+                               "linux-headers"))
                  ,@inputs)
                inputs))))
 
@@ -314,7 +316,7 @@ XBINUTILS and the cross tool chain."
               #t))
           ,phases))))
 
-    ;; Shadow the native "linux-headers" because glibc's recipe expect the
+    ;; Shadow the native "linux-headers" because glibc's recipe expects the
     ;; "linux-headers" input to point to the right thing.
     (propagated-inputs `(("linux-headers" ,xlinux-headers)))
 
diff --git a/gnu/packages/ed.scm b/gnu/packages/ed.scm
index 0d2b24cf8d..7cd1fcd71d 100644
--- a/gnu/packages/ed.scm
+++ b/gnu/packages/ed.scm
@@ -27,14 +27,14 @@
 (define-public ed
   (package
     (name "ed")
-    (version "1.11")
+    (version "1.12")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/ed/ed-"
                                  version ".tar.lz"))
              (sha256
               (base32
-               "0d518yhs3kpdpv9fbpa1rhxk2fbry2yzcknrdaa20pi2bzg6w55x"))))
+               "0bw0187a311rci58vznvncsj6pfp8bhs5phrlrqn03sa2i1mfrfj"))))
     (build-system gnu-build-system)
     (native-inputs `(("lzip" ,lzip)))
     (arguments
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index e71d180ab6..d393e69c49 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -410,8 +410,7 @@ operations.")
                                          "/bin/emacs"))
                 (magit    (string-append (assoc-ref %build-inputs "magit")
                                          "/share/emacs/site-lisp"))
-                (commit   (string-append (assoc-ref %build-inputs
-                                                    "magit/git-modes")
+                (commit   (string-append (assoc-ref %build-inputs "git-modes")
                                          "/share/emacs/site-lisp"))
                 (source   (assoc-ref %build-inputs "source"))
                 (lisp-dir (string-append %output "/share/emacs/site-lisp")))
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index c04f24b83c..5953caa87a 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -40,13 +40,13 @@
 (define-public freetype
   (package
    (name "freetype")
-   (version "2.5.5")
+   (version "2.6")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://savannah/freetype/freetype-"
                                 version ".tar.bz2"))
             (sha256 (base32
-                     "1fdgl7js99xv1yy5zx1ravmqd0jxlnqpv7zcl954h4hbg15wqyrq"))))
+                     "0zilx15fwcpa8hmcxpc423jwb8ijw4qpq968kh18akvn4j0znsc4"))))
    (build-system gnu-build-system)
    (arguments
     `(#:phases
diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index e41fd43e63..d0a92786ff 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -59,9 +59,7 @@ where the OS part is overloaded to denote a specific ABI---into GCC
          '("--with-arch=armv7-a"
            "--with-float=hard"
            "--with-mode=thumb"
-
-           ;; See <https://wiki.debian.org/ArmHardFloatPort/VfpComparison#FPU>
-           "--with-fpu=vfpv3-d16"))
+           "--with-fpu=neon"))
 
         (else
          ;; TODO: Add `arm.*-gnueabi', etc.
@@ -323,17 +321,15 @@ Go.  It also includes runtime support libraries for these languages.")
 
 (define-public gcc-4.9
   (package (inherit gcc-4.8)
-    (version "4.9.2")
+    (version "4.9.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnu/gcc/gcc-"
                                   version "/gcc-" version ".tar.bz2"))
               (sha256
                (base32
-                "1pbjp4blk2ycaa6r3jmw4ky5f1s9ji3klbqgv8zs2sl5jn1cj810"))
-              (patches (map search-patch
-                            '("gcc-arm-link-spec-fix.patch"
-                              "gcc-libvtv-runpath.patch")))))))
+                "0zmnm00d2a1hsd41g34bhvxzvxisa2l584q3p447bd91lfjv4ci3"))
+              (patches (list (search-patch "gcc-libvtv-runpath.patch")))))))
 
 (define-public gcc-5.1
   (package (inherit gcc-4.9)
diff --git a/gnu/packages/gettext.scm b/gnu/packages/gettext.scm
index 9289946178..6be3093bd6 100644
--- a/gnu/packages/gettext.scm
+++ b/gnu/packages/gettext.scm
@@ -35,15 +35,14 @@
 (define-public gnu-gettext
   (package
     (name "gettext")
-    (version "0.19.4")
+    (version "0.19.5")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/gettext/gettext-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "0gvz86m4cs8bdf3mwmwsyx6lrq4ydfxgadrgd9jlx32z3bnz3jca"))
-             (patches (list (search-patch "gettext-msgunfmt.patch")))))
+               "0fppvj4l9maa9q1swvhnv96hsqxx90vcjbdyjhqpir3ll55q2n0j"))))
     (build-system gnu-build-system)
     (inputs
      `(("expat" ,expat)))
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 74841bc953..410a0f9083 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -1110,8 +1110,7 @@ to access local and remote files with a single consistent API.")
           (substitute* "libgnome/Makefile.in"
             (("-DG_DISABLE_DEPRECATED") "-DGLIB_DISABLE_DEPRECATION_WARNINGS")))
         %standard-phases)))
-    (inputs `(("popt" ,popt)
-              ("libxml2" ,libxml2)))
+    (inputs `(("libxml2" ,libxml2)))
     (native-inputs
      `(("glib" ,glib "bin")             ; for glib-mkenums, etc.
        ("intltool" ,intltool)
@@ -1124,7 +1123,8 @@ to access local and remote files with a single consistent API.")
      `(("libcanberra" ,libcanberra)
        ("libbonobo" ,libbonobo)
        ("gconf" ,gconf)
-       ("gnome-vfs" ,gnome-vfs)))
+       ("gnome-vfs" ,gnome-vfs)
+       ("popt" ,popt)))                       ;gnome-program.h includes popt.h
     (home-page "https://developer.gnome.org/libgnome/")
     (synopsis "Useful routines for building applications")
     (description  "The libgnome library provides a number of useful routines
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index 8aea3dabb9..1c2b567d89 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -41,7 +41,7 @@
 (define-public libgpg-error
   (package
     (name "libgpg-error")
-    (version "1.18")
+    (version "1.19")
     (source
      (origin
       (method url-fetch)
@@ -49,7 +49,7 @@
                           version ".tar.bz2"))
       (sha256
        (base32
-        "0408v19h3h0q6w61g51hgbdg6cyw81nyzkh70qfprvsc3pkddwcz"))))
+        "12wpqhjlsw4iaanifbqm2kich6c7x7lm8a7zhy6x5ifm6c9hw4jk"))))
     (build-system gnu-build-system)
     (home-page "http://gnupg.org")
     (synopsis "Library of error values for GnuPG components")
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 8be3d48871..dfa1d5d8a4 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -279,6 +279,7 @@ standards.")
                       "db/sqlite3"))
           #t))
       (patches (map search-patch '("icecat-enable-acceleration-and-webgl.patch"
+                                   "icecat-freetype-2.6.patch"
                                    "icecat-libvpx-1.4.patch")))))
     (build-system gnu-build-system)
     (inputs
diff --git a/gnu/packages/haskell.scm b/gnu/packages/haskell.scm
index 39664c387b..33eb1b5f1c 100644
--- a/gnu/packages/haskell.scm
+++ b/gnu/packages/haskell.scm
@@ -116,6 +116,11 @@
        ;; gremlin) doesn't support it yet, so skip this phase.
        #:validate-runpath? #f
 
+       ;; Don't pass --build=<triplet>, because the configure script
+       ;; auto-detects slightly different triplets for --host and --target and
+       ;; then complains that they don't match.
+       #:build #f
+
        #:modules ((guix build gnu-build-system)
                   (guix build utils)
                   (guix build rpath)
diff --git a/gnu/packages/libidn.scm b/gnu/packages/libidn.scm
index 49dafbeb6d..4a7840c78c 100644
--- a/gnu/packages/libidn.scm
+++ b/gnu/packages/libidn.scm
@@ -26,13 +26,13 @@
 (define-public libidn
   (package
    (name "libidn")
-   (version "1.30")
+   (version "1.31")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/libidn/libidn-" version
                                 ".tar.gz"))
             (sha256 (base32
-                     "0lxh5r1z8gsk4jxx3rv8aasjv8p53j4y04kvfn2w30a0syagrf9r"))))
+                     "026z12mczlag443ms9n954h36pi3m7iva9jfw8y4ispsj772zpxg"))))
    (build-system gnu-build-system)
 ;; FIXME: No Java and C# libraries are currently built.
    (synopsis "Internationalized string processing library")
diff --git a/gnu/packages/libunistring.scm b/gnu/packages/libunistring.scm
index aa053711a9..f29b7424de 100644
--- a/gnu/packages/libunistring.scm
+++ b/gnu/packages/libunistring.scm
@@ -26,7 +26,7 @@
 (define-public libunistring
   (package
    (name "libunistring")
-   (version "0.9.5")
+   (version "0.9.6")
    (source (origin
             (method url-fetch)
             (uri (string-append
@@ -34,7 +34,7 @@
                   version ".tar.gz"))
             (sha256
              (base32
-              "05va4x47ik006nd13grwm276gfxb8igsj63k37vvwl3q8rr0g30s"))))
+              "0ixxmgpgh2v8ifm6hbwsjxl023myk3dfnj7wnvmqjivza31fw9cn"))))
    (propagated-inputs '())                  ; FIXME: add libiconv when !glibc
    (build-system gnu-build-system)
    (arguments
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 71614dee89..17ba1e439b 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -428,17 +428,26 @@ providing the system administrator with some help in common tasks.")
                                (string-append "--with-bashcompletiondir="
                                               (assoc-ref %outputs "out")
                                               "/etc/bash_completion.d"))
-       #:phases (alist-cons-before
-                 'check 'pre-check
-                 (lambda* (#:key inputs outputs #:allow-other-keys)
-                   (let ((out (assoc-ref outputs "out"))
-                         (net (assoc-ref inputs "net-base")))
-                     ;; Change the test to refer to the right file.
-                     (substitute* "tests/ts/misc/mcookie"
-                       (("/etc/services")
-                        (string-append net "/etc/services")))
-                     #t))
-                 %standard-phases)))
+       #:phases (modify-phases %standard-phases
+                  (add-before
+                   'build 'set-umount-file-name
+                   (lambda* (#:key outputs #:allow-other-keys)
+                     ;; Tell 'eject' the right file name of 'umount'.
+                     (let ((out (assoc-ref outputs "out")))
+                       (substitute* "sys-utils/eject.c"
+                         (("\"/bin/umount\"")
+                          (string-append "\"" out "/bin/umount\"")))
+                       #t)))
+                  (add-before
+                   'check 'pre-check
+                   (lambda* (#:key inputs outputs #:allow-other-keys)
+                     (let ((out (assoc-ref outputs "out"))
+                           (net (assoc-ref inputs "net-base")))
+                       ;; Change the test to refer to the right file.
+                       (substitute* "tests/ts/misc/mcookie"
+                         (("/etc/services")
+                          (string-append net "/etc/services")))
+                       #t))))))
     (inputs `(("zlib" ,zlib)
               ("ncurses" ,ncurses)))
     (native-inputs
@@ -2132,13 +2141,6 @@ also contains the libsysfs library.")
            (substitute* "configure"
              (("includedir='(\\$\\{prefix\\}/include)'" all orig)
               (string-append "includedir='" orig "/sysfs'")))))))
-    ;; XXX sysfsutils-1.3.0's config.guess fails on mips64el
-    (arguments `(#:configure-flags
-                 '(,@(if (%current-target-system)
-                         '()
-                         (let ((triplet
-                                (nix-system->gnu-triplet (%current-system))))
-                           (list (string-append "--build=" triplet)))))))
     (synopsis "System utilities based on Linux sysfs (version 1.x)")))
 
 (define-public cpufrequtils
diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm
index feaa08af38..78ff83de15 100644
--- a/gnu/packages/lisp.scm
+++ b/gnu/packages/lisp.scm
@@ -168,7 +168,10 @@ supporting ASDF, Sockets, Gray streams, MOP, and other useful components.")
               ("readline" ,readline)
               ("libsigsegv" ,libsigsegv)))
     (arguments
-     '(#:phases
+     '(;; XXX The custom configure script does not cope well when passed
+       ;; --build=<triplet>.
+       #:build #f
+       #:phases
        (alist-cons-after
         'unpack 'patch-sh-and-pwd
         (lambda _
diff --git a/gnu/packages/make-bootstrap.scm b/gnu/packages/make-bootstrap.scm
index e140582a4a..07e8b5160b 100644
--- a/gnu/packages/make-bootstrap.scm
+++ b/gnu/packages/make-bootstrap.scm
@@ -629,7 +629,9 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
                                               ,(or (%current-target-system)
                                                    (%current-system))
                                               ".tar.xz")
-                               "."))))))))))
+                               "."
+                               ;; avoid non-determinism in the archive
+                               "--mtime=@0" "--owner=root:0" "--group=root:0"))))))))))
 
 (define %bootstrap-binaries-tarball
   ;; A tarball with the statically-linked bootstrap binaries.
diff --git a/gnu/packages/multiprecision.scm b/gnu/packages/multiprecision.scm
index da52b2b1e9..903d160b24 100644
--- a/gnu/packages/multiprecision.scm
+++ b/gnu/packages/multiprecision.scm
@@ -47,15 +47,7 @@
                 '(;; Build a "fat binary", with routines for several
                   ;; sub-architectures.
                   "--enable-fat"
-                  "--enable-cxx"
-
-                  ;; FIXME: gmp-6.0.0a's config.guess fails on
-                  ;; multi-core armhf systems.
-                  ,@(if (%current-target-system)
-                        '()
-                        (let ((triplet
-                               (nix-system->gnu-triplet (%current-system))))
-                          (list (string-append "--build=" triplet)))))))
+                  "--enable-cxx")))
    (synopsis "Multiple-precision arithmetic library")
    (description
     "GMP is a library for arbitrary precision arithmetic, operating on
@@ -69,13 +61,13 @@ cryptography and computational algebra.")
 (define-public mpfr
   (package
    (name "mpfr")
-   (version "3.1.2")
+   (version "3.1.3")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/mpfr/mpfr-" version
                                 ".tar.xz"))
             (sha256 (base32
-                     "0fs501qi8l523gs3cpy4jjcnvwxggyfbklcys80wq236xx3hz79r"))))
+                     "05jaa5z78lvrayld09nyr0v27c1m5dm9l7kr85v2bj4jv65s0db8"))))
    (build-system gnu-build-system)
    (outputs '("out" "debug"))
    (propagated-inputs `(("gmp" ,gmp)))            ; <mpfr.h> refers to <gmp.h>
diff --git a/gnu/packages/ninja.scm b/gnu/packages/ninja.scm
index 2483cc51fe..a0eb109bbb 100644
--- a/gnu/packages/ninja.scm
+++ b/gnu/packages/ninja.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
+;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -36,38 +37,41 @@
               (sha256
                (base32
                 "1h3yfwcfl61v493vna6jia2fizh8rpig7qw2504cvkr6gid3p5bw"))
-              (patches (list (search-patch "ninja-tests.patch")))))
+              (patches (map search-patch
+                            '("ninja-zero-mtime.patch" "ninja-tests.patch")))))
     (build-system gnu-build-system)
+    (native-inputs `(("python" ,python-2)))
     (arguments
      '(#:phases
-       (alist-replace
-        'configure
-        (lambda _
-          (substitute* "src/subprocess-posix.cc"
-            (("/bin/sh") (which "sh"))))
-        (alist-replace
-         'build
-         (lambda _
-           (zero? (system* "./configure.py" "--bootstrap")))
-         (alist-replace
+       (modify-phases %standard-phases
+         (replace
+          'configure
+          (lambda _
+            (substitute* "src/subprocess-posix.cc"
+              (("/bin/sh") (which "sh")))
+            #t))
+         (replace
+          'build
+          (lambda _
+            (zero? (system* "./configure.py" "--bootstrap"))))
+         (replace
           'check
           (lambda _
             (and (zero? (system* "./configure.py"))
                  (zero? (system* "./ninja" "ninja_test"))
-                 (zero? (system* "./ninja_test"))))
-          (alist-replace
-           'install
-           (lambda* (#:key outputs #:allow-other-keys)
-             (let* ((out (assoc-ref outputs "out"))
-                    (bin (string-append out "/bin"))
-                    (doc (string-append out "/share/doc/ninja")))
-               (mkdir-p bin)
-               (copy-file "ninja" (string-append bin "/ninja"))
-               (mkdir-p doc)
-               (copy-file "doc/manual.asciidoc"
-                          (string-append doc "/manual.asciidoc"))))
-           %standard-phases))))))
-    (native-inputs `(("python" ,python-2)))
+                 (zero? (system* "./ninja_test")))))
+         (replace
+          'install
+          (lambda* (#:key outputs #:allow-other-keys)
+            (let* ((out (assoc-ref outputs "out"))
+                   (bin (string-append out "/bin"))
+                   (doc (string-append out "/share/doc/ninja")))
+              (mkdir-p bin)
+              (copy-file "ninja" (string-append bin "/ninja"))
+              (mkdir-p doc)
+              (copy-file "doc/manual.asciidoc"
+                         (string-append doc "/manual.asciidoc"))
+              #t))))))
     (home-page "http://martine.github.io/ninja/")
     (synopsis "Small build system")
     (description
diff --git a/gnu/packages/patches/coreutils-dummy-man.patch b/gnu/packages/patches/coreutils-dummy-man.patch
deleted file mode 100644
index a43cfc47c3..0000000000
--- a/gnu/packages/patches/coreutils-dummy-man.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Patch adapted from <http://git.yoctoproject.org/cgit.cgi/poky/plain/meta/recipes-core/coreutils/coreutils-8.22/fix-for-dummy-man-usage.patch>.
-
-Fix for 'dummy-man' usage, when cross-compiling.
-
-The options should be before the final argument, otherwise, the following error
-would appear when compiling:
-
-  dummy-man: too many non-option arguments
-
---- coreutils-8.23/Makefile.in	2014-07-18 18:22:24.000000000 -0400
-+++ coreutils-8.23/Makefile.in	2014-08-03 20:21:10.849158313 -0400
-@@ -14076,8 +14076,8 @@
- 	  && $(run_help2man)						\
- 		     --source='$(PACKAGE_STRING)'			\
- 		     --include=$(srcdir)/man/$$name.x			\
--		     --output=$$t/$$name.1 $$t/$$argv			\
- 		     --info-page='coreutils \(aq'$$name' invocation\(aq' \
-+		     --output=$$t/$$name.1 $$t/$$argv			\
- 	  && sed \
- 	       -e 's|$*\.td/||g' \
- 	       -e '/For complete documentation/d' \
diff --git a/gnu/packages/patches/gettext-msgunfmt.patch b/gnu/packages/patches/gettext-msgunfmt.patch
deleted file mode 100644
index 4a50abddc2..0000000000
--- a/gnu/packages/patches/gettext-msgunfmt.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From <http://git.savannah.gnu.org/cgit/gettext.git/patch/?id=5d3eeaa0d3b7f4f6932bd29d859925a940b69459>.
-
-2015-03-11  Daiki Ueno  <ueno@gnu.org>
-
-	msgunfmt: Check allocated size for static segment
-	Reported by Max Lin in:
-	http://lists.gnu.org/archive/html/bug-gettext/2015-03/msg00005.html
-	* read-mo.c (get_sysdep_string): Check if the embedded segment
-	size is valid, before adding it to the string length.
-
-diff --git a/gettext-tools/src/read-mo.c b/gettext-tools/src/read-mo.c
-index b97bbad..1c024a8 100644
---- a/gettext-tools/src/read-mo.c
-+++ b/gettext-tools/src/read-mo.c
-@@ -149,6 +149,7 @@ get_sysdep_string (const struct binary_mo_file *bfp, size_t offset,
-   nls_uint32 s_offset;
- 
-   /* Compute the length.  */
-+  s_offset = get_uint32 (bfp, offset);
-   length = 0;
-   for (i = 4; ; i += 8)
-     {
-@@ -158,9 +159,14 @@ get_sysdep_string (const struct binary_mo_file *bfp, size_t offset,
-       nls_uint32 ss_length;
-       nls_uint32 ss_offset;
-       size_t ss_end;
-+      size_t s_end;
-       size_t n;
- 
-+      s_end = xsum (s_offset, segsize);
-+      if (size_overflow_p (s_end) || s_end > bfp->size)
-+        error (EXIT_FAILURE, 0, _("file \"%s\" is truncated"), bfp->filename);
-       length += segsize;
-+      s_offset += segsize;
- 
-       if (sysdepref == SEGMENTS_END)
-         break;
-@@ -175,7 +181,7 @@ get_sysdep_string (const struct binary_mo_file *bfp, size_t offset,
-       ss_end = xsum (ss_offset, ss_length);
-       if (size_overflow_p (ss_end) || ss_end > bfp->size)
-         error (EXIT_FAILURE, 0, _("file \"%s\" is truncated"), bfp->filename);
--      if (!(ss_length > 0 && bfp->data[ss_offset + ss_length - 1] == '\0'))
-+      if (!(ss_length > 0 && bfp->data[ss_end - 1] == '\0'))
-         {
-           char location[30];
-           sprintf (location, "sysdep_segment[%u]", (unsigned int) sysdepref);
-@@ -198,11 +204,8 @@ get_sysdep_string (const struct binary_mo_file *bfp, size_t offset,
-       nls_uint32 sysdep_segment_offset;
-       nls_uint32 ss_length;
-       nls_uint32 ss_offset;
--      size_t s_end = xsum (s_offset, segsize);
-       size_t n;
- 
--      if (size_overflow_p (s_end) || s_end > bfp->size)
--        error (EXIT_FAILURE, 0, _("file \"%s\" is truncated"), bfp->filename);
-       memcpy (p, bfp->data + s_offset, segsize);
-       p += segsize;
-       s_offset += segsize;
diff --git a/gnu/packages/patches/icecat-freetype-2.6.patch b/gnu/packages/patches/icecat-freetype-2.6.patch
new file mode 100644
index 0000000000..ef69f2f715
--- /dev/null
+++ b/gnu/packages/patches/icecat-freetype-2.6.patch
@@ -0,0 +1,14 @@
+Adapt to freetype 2.6.  This patch copied from upstream, see:
+https://bugzilla.mozilla.org/show_bug.cgi?id=1143411
+https://hg.mozilla.org/mozilla-central/rev/afd840d66e6a
+
+--- a/config/system-headers
++++ b/config/system-headers
+@@ -415,6 +415,7 @@ freetype/ftbitmap.h
+ freetype/ftxf86.h
+ freetype.h
+ ftcache.h
++ftfntfmt.h
+ ftglyph.h
+ ftsynth.h
+ ftoutln.h
diff --git a/gnu/packages/patches/ninja-zero-mtime.patch b/gnu/packages/patches/ninja-zero-mtime.patch
new file mode 100644
index 0000000000..c9b9e8d798
--- /dev/null
+++ b/gnu/packages/patches/ninja-zero-mtime.patch
@@ -0,0 +1,19 @@
+Work around a design defect in Ninja whereby a zero mtime is used to
+denote missing files (we happen to produce files that have a zero mtime
+and yet really do exist.)
+
+--- ninja-1.5.3/src/disk_interface.cc	2014-11-24 18:37:47.000000000 +0100
++++ ninja-1.5.3/src/disk_interface.cc	2015-07-18 23:20:38.572290139 +0200
+@@ -194,6 +194,12 @@ TimeStamp RealDiskInterface::Stat(const
+     }
+     return -1;
+   }
++
++  if (st.st_mtime == 0)
++    // All the code assumes that mtime == 0 means "file missing".  Here we
++    // know the file is not missing, so tweak the mtime.
++    st.st_mtime = 1;
++
+   return st.st_mtime;
+ #endif
+ }
diff --git a/gnu/packages/patches/subversion-sqlite-3.8.9-fix.patch b/gnu/packages/patches/subversion-sqlite-3.8.9-fix.patch
index 92d8a85c8f..2f7bcee344 100644
--- a/gnu/packages/patches/subversion-sqlite-3.8.9-fix.patch
+++ b/gnu/packages/patches/subversion-sqlite-3.8.9-fix.patch
@@ -1,7 +1,25 @@
+Despite all the efforts below, the 'wc-queries-test.c' still fails,
+both with SQLite 3.8.9 and 3.8.10.2.  We choose to just skip it
+until a better solution arises.
+
+--- subversion/tests/libsvn_wc/wc-queries-test.c	2015-07-16 23:24:03.458279053 +0200
++++ subversion/tests/libsvn_wc/wc-queries-test.c	2015-07-16 23:24:18.866423439 +0200
+@@ -898,8 +898,6 @@ struct svn_test_descriptor_t test_funcs[
+                    "sqlite up-to-date"),
+     SVN_TEST_PASS2(test_parsable,
+                    "queries are parsable"),
+-    SVN_TEST_PASS2(test_query_expectations,
+-                   "test query expectations"),
+     SVN_TEST_PASS2(test_schema_statistics,
+                    "test schema statistics"),
+     SVN_TEST_NULL
+
+
 This upstream patch (r1672295) is needed to fix a test failure when built
 against sqlite 3.8.9.  See:
 
   https://mail-archives.apache.org/mod_mbox/subversion-dev/201504.mbox/%3C5526D197.6020808@gmx.de%3E
+  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785496
 
 
 r1672295 | rhuijben | 2015-04-09 07:31:12 -0400 (Thu, 09 Apr 2015) | 15 lines
@@ -57,3 +75,58 @@ Index: subversion/libsvn_wc/wc-metadata.sql
  /* sqlite_autoindex_WORK_QUEUE_1 doesn't exist because WORK_QUEUE is
     a INTEGER PRIMARY KEY AUTOINCREMENT table */
  
+
+r1673691 | rhuijben | 2015-04-15 05:30:04 -0400 (Wed, 15 Apr 2015) | 5 lines
+
+* subversion/libsvn_wc/wc-metadata.sql
+  (STMT_INSTALL_SCHEMA_STATISTICS): Delete existing sqlite_stat1 rows for
+    the externals table before installing new rows to avoid duplicate entries.
+    Remove unneeded 'OR REPLACE' from all inserts.
+
+
+Index: subversion/libsvn_wc/wc-metadata.sql
+===================================================================
+--- subversion/libsvn_wc/wc-metadata.sql	(revision 1673690)
++++ subversion/libsvn_wc/wc-metadata.sql	(revision 1673691)
+@@ -598,30 +598,30 @@
+ ANALYZE sqlite_master; /* Creates empty sqlite_stat1 if necessary */
+ 
+ DELETE FROM sqlite_stat1
+-WHERE tbl in ('NODES', 'ACTUAL_NODE', 'LOCK', 'WC_LOCK');
++WHERE tbl in ('NODES', 'ACTUAL_NODE', 'LOCK', 'WC_LOCK', 'EXTERNALS');
+ 
+-INSERT OR REPLACE INTO sqlite_stat1(tbl, idx, stat) VALUES
++INSERT INTO sqlite_stat1(tbl, idx, stat) VALUES
+     ('NODES', 'sqlite_autoindex_NODES_1',               '8000 8000 2 1');
+-INSERT OR REPLACE INTO sqlite_stat1(tbl, idx, stat) VALUES
++INSERT INTO sqlite_stat1(tbl, idx, stat) VALUES
+     ('NODES', 'I_NODES_PARENT',                         '8000 8000 10 2 1');
+ /* Tell a lie: We ignore that 99.9% of all moved_to values are NULL */
+-INSERT OR REPLACE INTO sqlite_stat1(tbl, idx, stat) VALUES
++INSERT INTO sqlite_stat1(tbl, idx, stat) VALUES
+     ('NODES', 'I_NODES_MOVED',                          '8000 8000 1 1');
+ 
+-INSERT OR REPLACE INTO sqlite_stat1(tbl, idx, stat) VALUES
++INSERT INTO sqlite_stat1(tbl, idx, stat) VALUES
+     ('ACTUAL_NODE', 'sqlite_autoindex_ACTUAL_NODE_1',   '8000 8000 1');
+-INSERT OR REPLACE INTO sqlite_stat1(tbl, idx, stat) VALUES
++INSERT INTO sqlite_stat1(tbl, idx, stat) VALUES
+     ('ACTUAL_NODE', 'I_ACTUAL_PARENT',                  '8000 8000 10 1');
+ 
+-INSERT OR REPLACE INTO sqlite_stat1(tbl, idx, stat) VALUES
++INSERT INTO sqlite_stat1(tbl, idx, stat) VALUES
+     ('LOCK', 'sqlite_autoindex_LOCK_1',                 '100 100 1');
+ 
+-INSERT OR REPLACE INTO sqlite_stat1(tbl, idx, stat) VALUES
++INSERT INTO sqlite_stat1(tbl, idx, stat) VALUES
+     ('WC_LOCK', 'sqlite_autoindex_WC_LOCK_1',           '100 100 1');
+ 
+-INSERT OR REPLACE INTO sqlite_stat1(tbl, idx, stat) VALUES
++INSERT INTO sqlite_stat1(tbl, idx, stat) VALUES
+     ('EXTERNALS','sqlite_autoindex_EXTERNALS_1',        '100 100 1');
+-INSERT OR REPLACE INTO sqlite_stat1(tbl, idx, stat) VALUES
++INSERT INTO sqlite_stat1(tbl, idx, stat) VALUES
+     ('EXTERNALS','I_EXTERNALS_DEFINED',                 '100 100 3 1');
+ 
+ /* sqlite_autoindex_WORK_QUEUE_1 doesn't exist because WORK_QUEUE is
+
diff --git a/gnu/packages/patches/unzip-CVE-2014-9636.patch b/gnu/packages/patches/unzip-CVE-2014-9636.patch
new file mode 100644
index 0000000000..a38c3da51c
--- /dev/null
+++ b/gnu/packages/patches/unzip-CVE-2014-9636.patch
@@ -0,0 +1,41 @@
+Copied from Debian.
+
+From: mancha <mancha1 AT zoho DOT com>
+Date: Mon, 3 Nov 2014
+Subject: Info-ZIP UnZip buffer overflow
+Bug-Debian: http://bugs.debian.org/776589
+
+By carefully crafting a corrupt ZIP archive with "extra fields" that
+purport to have compressed blocks larger than the corresponding
+uncompressed blocks in STORED no-compression mode, an attacker can
+trigger a heap overflow that can result in application crash or
+possibly have other unspecified impact.
+
+This patch ensures that when extra fields use STORED mode, the
+"compressed" and uncompressed block sizes match.
+
+--- a/extract.c
++++ b/extract.c
+@@ -2228,6 +2228,7 @@
+     ulg eb_ucsize;
+     uch *eb_ucptr;
+     int r;
++    ush eb_compr_method;
+ 
+     if (compr_offset < 4)                /* field is not compressed: */
+         return PK_OK;                    /* do nothing and signal OK */
+@@ -2244,6 +2245,14 @@
+      ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
+         return IZ_EF_TRUNC;             /* no/bad compressed data! */
+ 
++    /* 2014-11-03 Michal Zalewski, SMS.
++     * For STORE method, compressed and uncompressed sizes must agree.
++     * http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450
++     */
++    eb_compr_method = makeword( eb + (EB_HEADSIZE + compr_offset));
++    if ((eb_compr_method == STORED) && (eb_size - compr_offset != eb_ucsize))
++        return PK_ERR;
++
+     if (
+ #ifdef INT_16BIT
+         (((ulg)(extent)eb_ucsize) != eb_ucsize) ||
diff --git a/gnu/packages/patches/unzip-allow-greater-hostver-values.patch b/gnu/packages/patches/unzip-allow-greater-hostver-values.patch
new file mode 100644
index 0000000000..d98937f1cb
--- /dev/null
+++ b/gnu/packages/patches/unzip-allow-greater-hostver-values.patch
@@ -0,0 +1,16 @@
+Copied from Debian.
+
+From: Santiago Vila <sanvila@debian.org>
+Subject: zipinfo.c: Do not crash when hostver byte is >= 100
+
+--- a/zipinfo.c
++++ b/zipinfo.c
+@@ -2114,7 +2114,7 @@
+             else
+                 attribs[9] = (xattr & UNX_ISVTX)? 'T' : '-';  /* T==undefined */
+ 
+-            sprintf(&attribs[12], "%u.%u", hostver/10, hostver%10);
++            sprintf(&attribs[11], "%2u.%u", hostver/10, hostver%10);
+             break;
+ 
+     } /* end switch (hostnum: external attributes format) */
diff --git a/gnu/packages/patches/unzip-increase-size-of-cfactorstr.patch b/gnu/packages/patches/unzip-increase-size-of-cfactorstr.patch
new file mode 100644
index 0000000000..3417ad873d
--- /dev/null
+++ b/gnu/packages/patches/unzip-increase-size-of-cfactorstr.patch
@@ -0,0 +1,18 @@
+Copied from Debian.
+
+From: sms
+Subject: Increase size of cfactorstr array to avoid buffer overflow
+Bug-Debian: http://bugs.debian.org/741384
+X-Debian-version: 6.0-11
+
+--- a/list.c
++++ b/list.c
+@@ -97,7 +97,7 @@
+ {
+     int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL;
+ #ifndef WINDLL
+-    char sgn, cfactorstr[10];
++    char sgn, cfactorstr[12];
+     int longhdr=(uO.vflag>1);
+ #endif
+     int date_format;
diff --git a/gnu/packages/patches/unzip-initialize-symlink-flag.patch b/gnu/packages/patches/unzip-initialize-symlink-flag.patch
new file mode 100644
index 0000000000..3b0f391300
--- /dev/null
+++ b/gnu/packages/patches/unzip-initialize-symlink-flag.patch
@@ -0,0 +1,22 @@
+Copied from Debian.
+
+From: Andreas Schwab <schwab@linux-m68k.org>
+Subject: Initialize the symlink flag
+Bug-Debian: http://bugs.debian.org/717029
+X-Debian-version: 6.0-10
+
+--- a/process.c
++++ b/process.c
+@@ -1758,6 +1758,12 @@
+         = (G.crec.general_purpose_bit_flag & (1 << 11)) == (1 << 11);
+ #endif
+ 
++#ifdef SYMLINKS
++    /* Initialize the symlink flag, may be set by the platform-specific
++       mapattr function.  */
++    G.pInfo->symlink = 0;
++#endif
++
+     return PK_COOL;
+ 
+ } /* end function process_cdir_file_hdr() */
diff --git a/gnu/packages/patches/unzip-remove-build-date.patch b/gnu/packages/patches/unzip-remove-build-date.patch
new file mode 100644
index 0000000000..8beff92d1a
--- /dev/null
+++ b/gnu/packages/patches/unzip-remove-build-date.patch
@@ -0,0 +1,19 @@
+Copied from Debian.
+
+From: Jérémy Bobbio <lunar@debian.org>
+Subject: Remove build date
+Bug-Debian: http://bugs.debian.org/782851
+ In order to make unzip build reproducibly, we remove the
+ (already optional) build date from the binary.
+
+--- a/unix/unix.c
++++ b/unix/unix.c
+@@ -1705,7 +1705,7 @@
+ #endif /* Sun */
+ #endif /* SGI */
+ 
+-#ifdef __DATE__
++#if 0
+       " on ", __DATE__
+ #else
+       "", ""
diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm
index 86d3ca3874..d07e434190 100644
--- a/gnu/packages/pcre.scm
+++ b/gnu/packages/pcre.scm
@@ -45,6 +45,9 @@
                           "--enable-pcregrep-libz"
                           "--enable-pcregrep-libbz2"
                           "--enable-pcretest-libreadline"
+                          "--enable-unicode-properties"
+                          "--enable-pcre16"
+                          "--enable-pcre32"
                           "--enable-jit")))
    (synopsis "Perl Compatible Regular Expressions")
    (description
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index 900d25498c..7a8f832355 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -72,7 +72,15 @@
                         "-Dinstallstyle=lib/perl5"
                         "-Duseshrplib"
                         (string-append "-Dlocincpth=" libc "/include")
-                        (string-append "-Dloclibpth=" libc "/lib"))))))
+                        (string-append "-Dloclibpth=" libc "/lib")
+
+                        ;; Force the library search path to contain only libc
+                        ;; because it is recorded in Config.pm and
+                        ;; Config_heavy.pl; we don't want to keep a reference
+                        ;; to everything that's in $LIBRARY_PATH at build
+                        ;; time (Binutils, bzip2, file, etc.)
+                        (string-append "-Dlibpth=" libc "/lib")
+                        (string-append "-Dplibpth=" libc "/lib"))))))
 
          (add-before
           'strip 'make-shared-objects-writable
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 0788da0ff3..4fd5eef892 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -156,24 +156,40 @@
                 "-L" zlib "/lib "
                 "-Wl,-rpath=" out "/lib")))
 
+        #:modules ((ice-9 ftw)
+                   ,@%gnu-build-system-modules)
         #:phases
-        (alist-cons-before
-         'configure 'patch-lib-shells
-         (lambda _
-           ;; Filter for existing files, since some may not exist in all
-           ;; versions of python that are built with this recipe.
-           (substitute* (filter file-exists?
-                                '("Lib/subprocess.py"
-                                  "Lib/popen2.py"
-                                  "Lib/distutils/tests/test_spawn.py"
-                                  "Lib/test/test_subprocess.py"))
-             (("/bin/sh") (which "sh"))))
-         (alist-cons-before
-          'check 'pre-check
-          (lambda _
-            ;; 'Lib/test/test_site.py' needs a valid $HOME
-            (setenv "HOME" (getcwd)))
-          %standard-phases))))
+        (modify-phases %standard-phases
+          (add-before
+           'configure 'patch-lib-shells
+           (lambda _
+             ;; Filter for existing files, since some may not exist in all
+             ;; versions of python that are built with this recipe.
+             (substitute* (filter file-exists?
+                                  '("Lib/subprocess.py"
+                                    "Lib/popen2.py"
+                                    "Lib/distutils/tests/test_spawn.py"
+                                    "Lib/test/test_subprocess.py"))
+               (("/bin/sh") (which "sh")))
+             #t))
+          (add-before
+           'check 'pre-check
+           (lambda _
+             ;; 'Lib/test/test_site.py' needs a valid $HOME
+             (setenv "HOME" (getcwd))
+             #t))
+          (add-after
+           'unpack 'set-source-file-times-to-1980
+           ;; XXX One of the tests uses a ZIP library to pack up some of the
+           ;; source tree, and fails with "ZIP does not support timestamps
+           ;; before 1980".  Work around this by setting the file times in the
+           ;; source tree to sometime in early 1980.
+           (lambda _
+             (let ((circa-1980 (* 10 366 24 60 60)))
+               (ftw "." (lambda (file stat flag)
+                          (utime file circa-1980 circa-1980)
+                          #t))
+               #t))))))
     (inputs
      `(("bzip2" ,bzip2)
        ("gdbm" ,gdbm)
diff --git a/gnu/packages/qt.scm b/gnu/packages/qt.scm
index 340462dba3..313d63993a 100644
--- a/gnu/packages/qt.scm
+++ b/gnu/packages/qt.scm
@@ -297,8 +297,7 @@ developers using C++ or QML, a CSS & JavaScript like language.")
                       "-no-ssse3"
                       "-no-sse4.1"
                       "-no-sse4.2"
-                      "-no-avx"
-                      "-no-neon")))))
+                      "-no-avx")))))
          (add-after
           'install 'move-doc
           (lambda* (#:key outputs #:allow-other-keys)
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index bf2e8896d6..a827aa1d90 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -262,7 +262,7 @@ libssh library.")
      '(#:phases
        (alist-replace
         'configure
-        (lambda* (#:key outputs inputs system target
+        (lambda* (#:key outputs inputs system build target
                         #:allow-other-keys #:rest args)
           (let* ((configure (assoc-ref %standard-phases 'configure))
                  (prefix (assoc-ref outputs "out"))
@@ -270,9 +270,8 @@ libssh library.")
                  ;; Set --build and --host flags as the provided config.guess
                  ;; is not able to detect them
                  (flags `(,(string-append "--prefix=" prefix)
-                          ,(string-append "--build=" system)
-                          ,(string-append "--host="
-                                          (or target system)))))
+                          ,(string-append "--build=" build)
+                          ,(string-append "--host=" (or target build)))))
             (setenv "CONFIG_SHELL" bash)
             (zero? (apply system* bash
                           (string-append "." "/configure")
diff --git a/gnu/packages/texinfo.scm b/gnu/packages/texinfo.scm
index ca411a95ac..92bd9471dd 100644
--- a/gnu/packages/texinfo.scm
+++ b/gnu/packages/texinfo.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013, 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -25,20 +26,22 @@
   #:use-module (gnu packages)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages perl)
+  #:use-module (gnu packages linux)
   #:use-module (gnu packages ncurses))
 
 (define-public texinfo
   (package
     (name "texinfo")
-    (version "5.2")
+    (version "6.0")
     (source (origin
-             (method url-fetch)
-             (uri (string-append "mirror://gnu/texinfo/texinfo-"
-                                 version ".tar.xz"))
-             (sha256
-              (base32
-               "1njfwh2z34r2c4r0iqa7v24wmjzvsfyz4vplzry8ln3479lfywal"))))
+              (method url-fetch)
+              (uri (string-append "mirror://gnu/texinfo/texinfo-"
+                                  version ".tar.xz"))
+              (sha256
+               (base32
+                "1r3i6jyynn6ab45fxw5bms8mflk9ry4qpj6gqyry72vfd5c47fhi"))))
     (build-system gnu-build-system)
+    (native-inputs `(("procps" ,procps)))  ;one of the tests needs pgrep
     (inputs `(("ncurses" ,ncurses)
               ("xz" ,xz)
               ("perl" ,perl)))
@@ -53,17 +56,17 @@ their source and the command-line Info reader.  The emphasis of the language
 is on expressing the content semantically, avoiding physical markup commands.")
     (license gpl3+)))
 
-(define-public texinfo-6
-  (package
-    (inherit texinfo)
-    (version "6.0")
+(define-public texinfo-5
+  (package (inherit texinfo)
+    (version "5.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnu/texinfo/texinfo-"
                                   version ".tar.xz"))
               (sha256
                (base32
-                "1r3i6jyynn6ab45fxw5bms8mflk9ry4qpj6gqyry72vfd5c47fhi"))))))
+                "1njfwh2z34r2c4r0iqa7v24wmjzvsfyz4vplzry8ln3479lfywal"))))
+    (native-inputs '())))
 
 (define-public texinfo-4
   (package (inherit texinfo)
@@ -77,6 +80,7 @@ is on expressing the content semantically, avoiding physical markup commands.")
               (sha256
                (base32
                 "1rf9ckpqwixj65bw469i634897xwlgkm5i9g2hv3avl6mv7b0a3d"))))
+    (native-inputs '())
     (inputs `(("ncurses" ,ncurses) ("xz" ,xz)))))
 
 (define-public texi2html
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 68771c7957..3212d8040e 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -190,7 +190,7 @@ required structures.")
    (build-system gnu-build-system)
    (native-inputs `(("perl" ,perl)))
    (arguments
-    '(#:parallel-build? #f
+    `(#:parallel-build? #f
       #:parallel-tests? #f
       #:test-target "test"
       #:phases
@@ -202,7 +202,13 @@ required structures.")
             (system* "./config"
                      "shared"                   ; build shared libraries
                      "--libdir=lib"
-                     (string-append "--prefix=" out)))))
+                     (string-append "--prefix=" out)
+                     ;; XXX FIXME: Work around a code generation bug in GCC
+                     ;; 4.9.3 on ARM when compiled with -mfpu=neon.
+                     ,@(if (and (not (%current-target-system))
+                                (string-prefix? "armhf" (%current-system)))
+                           '("-mfpu=vfpv3")
+                           '())))))
        (alist-cons-before
         'patch-source-shebangs 'patch-tests
         (lambda* (#:key inputs native-inputs #:allow-other-keys)
@@ -276,18 +282,30 @@ security, and applying best practice development processes.")
                                   "Net-SSLeay-" version ".tar.gz"))
               (sha256
                (base32
-                "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p"))
-              (patches
-               ;; XXX Try removing this patch for perl-net-ssleay > 1.68
-               (list (search-patch "perl-net-ssleay-disable-ede-test.patch")))))
+                "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p"))))
     (build-system perl-build-system)
+    (native-inputs
+     `(("patch" ,patch)
+       ("patch/disable-ede-test"
+        ,(search-patch "perl-net-ssleay-disable-ede-test.patch"))))
     (inputs `(("openssl" ,openssl)))
     (arguments
-     `(#:phases (alist-cons-before
-                 'configure 'set-ssl-prefix
-                 (lambda* (#:key inputs #:allow-other-keys)
-                   (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl")))
-                 %standard-phases)))
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after
+          'unpack 'apply-patch
+          (lambda* (#:key inputs #:allow-other-keys)
+            ;; XXX We apply this patch here instead of in the 'origin' because
+            ;; this package's build system fails badly when the source file
+            ;; times are zeroed.
+            ;; XXX Try removing this patch for perl-net-ssleay > 1.68
+            (zero? (system* "patch" "--force" "-p1" "-i"
+                            (assoc-ref inputs "patch/disable-ede-test")))))
+         (add-before
+          'configure 'set-ssl-prefix
+          (lambda* (#:key inputs #:allow-other-keys)
+            (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
+            #t)))))
     (synopsis "Perl extension for using OpenSSL")
     (description
      "This module offers some high level convenience functions for accessing
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index eac0235da9..c3f501b4a4 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -104,7 +104,7 @@ as well as the classic centralized workflow.")
     `(,name
       ,@(map (match-lambda
                ((label (? package? _) . _)
-                (string-append name "/" label)))
+                label))
              (package-transitive-propagated-inputs package)))))
 
 (define (package-propagated-input-refs inputs packages)
@@ -112,8 +112,9 @@ as well as the classic centralized workflow.")
 PACKAGES and their propagated inputs."
   (map (lambda (l)
          `(assoc-ref ,inputs ,l))
-       (append-map package-transitive-propagated-labels*
-                   packages)))
+       (delete-duplicates                  ;XXX: efficiency
+        (append-map package-transitive-propagated-labels*
+                    packages))))
 
 (define-public git
   ;; Keep in sync with 'git-manpages'!
@@ -236,13 +237,12 @@ PACKAGES and their propagated inputs."
               (wrap-program git-se*
                 `("PERL5LIB" ":" prefix
                   ,(map (lambda (o) (string-append o "/lib/perl5/site_perl"))
-                        (delete-duplicates
-                         (list
-                          ,@(package-propagated-input-refs
-                             'inputs
-                             `(,perl-authen-sasl
-                               ,perl-net-smtp-ssl
-                               ,perl-io-socket-ssl)))))))
+                        (list
+                         ,@(package-propagated-input-refs
+                            'inputs
+                            (list perl-authen-sasl
+                                  perl-net-smtp-ssl
+                                  perl-io-socket-ssl))))))
 
               ;; Tell 'git-submodule' where Perl is.
               (wrap-program git-sm
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 9472b4e91c..6b6d9ec9af 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -139,14 +139,7 @@ old-fashioned output methods with powerful ascii-art renderer.")
      `(("autoconf" ,autoconf)
        ("automake" ,automake)
        ("libtool" ,libtool)))
-    (arguments `(#:configure-flags
-                 '("--enable-shared"
-                   ;; FIXME: liba52-0.7.4's config.guess fails on mips64el.
-                   ,@(if (%current-target-system)
-                         '()
-                         (let ((triplet
-                                (nix-system->gnu-triplet (%current-system))))
-                           (list (string-append "--build=" triplet)))))
+    (arguments `(#:configure-flags '("--enable-shared")
                  #:phases
                  (modify-phases %standard-phases
                    ;; XXX We need to run ./bootstrap because of the build
@@ -665,7 +658,6 @@ treaming protocols.")
                                     (or (%current-target-system)
                                         (nix-system->gnu-triplet
                                          (%current-system)))))))
-                      "--disable-neon"
                       "--disable-iwmmxt"))))
           %standard-phases)))
     (home-page "http://www.mplayerhq.hu/design7/news.html")
@@ -905,23 +897,6 @@ projects while introducing many more.")
                      (zero? (system* "./configure"
                                      "--enable-shared"
                                      "--as=yasm"
-                                     ,@(if (and (not (%current-target-system))
-                                                (string-prefix?
-                                                 "armhf-"
-                                                 (%current-system)))
-                                           ;; When building on ARMv7, libvpx
-                                           ;; assumes that NEON will be
-                                           ;; available.  On Guix, armhf
-                                           ;; does not require NEON, so we
-                                           ;; build for ARMv6 and -marm (since
-                                           ;; no thumb2 on ARMv6) to ensure
-                                           ;; compatibility with all ARMv7
-                                           ;; cores we support.  Based on
-                                           ;; the Debian libvpx package.
-                                           '("--target=armv6-linux-gcc"
-                                             "--extra-cflags=-marm"
-                                             "--enable-small")
-                                           '())
                                      (string-append "--prefix=" out)))))
                  %standard-phases)
        #:tests? #f)) ; no check target
@@ -1157,7 +1132,9 @@ for use with HTML5 video.")
            (with-directory-excursion "avidemux_core/ffmpeg_package"
              (substitute* "ffmpeg-1.2.1/configure"
                (("#! /bin/sh") (string-append "#!" (which "bash"))))
-             (system* "tar" "cjf" "ffmpeg-1.2.1.tar.bz2" "ffmpeg-1.2.1")
+             (system* "tar" "cjf" "ffmpeg-1.2.1.tar.bz2" "ffmpeg-1.2.1"
+                      ;; avoid non-determinism in the archive
+                      "--mtime=@0" "--owner=root:0" "--group=root:0")
              (delete-file-recursively "ffmpeg-1.2.1")))
          (alist-replace 'configure
           (lambda _
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 6c24b6253a..28bd2c7c68 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -272,7 +272,13 @@ parse JSON formatted strings back into the C representation of JSON objects.")
              (file-name (string-append name "-" version ".tar.gz"))
              (sha256
               (base32
-               "0rl6s0vg5y1dhh9vfl1lqay3sxf69sxjh0czxrjmasn7ng91wwf3"))))
+               "0rl6s0vg5y1dhh9vfl1lqay3sxf69sxjh0czxrjmasn7ng91wwf3"))
+             (modules '((guix build utils)))
+             (snippet
+              ;; Building with GCC 4.8 with -Werror was fine, but 4.9.3
+              ;; complains in new ways, so turn of -Werror.
+              '(substitute* (find-files "." "^CMakeLists\\.txt$")
+                 (("-Werror") "")))))
     (build-system cmake-build-system)
     (home-page "https://github.com/miloyip/rapidjson")
     (synopsis "JSON parser/generator for C++ with both SAX/DOM style API")
@@ -320,20 +326,14 @@ for efficient socket-like bidirectional reliable communication channels.")
 (define-public libpsl
   (package
     (name "libpsl")
-    (version "0.6.0")
+    (version "0.7.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/rockdaboot/libpsl/"
-                                  "archive/" version ".tar.gz"))
+                                  "archive/libpsl-" version ".tar.gz"))
               (sha256
                (base32
-                "10s7xxxx6pp4ydp3san69sa6q379ih3pv92fyi565ggmlw8igv7a"))
-              (file-name (string-append name "-" version ".tar.gz"))
-              (modules '((guix build utils)))
-              (snippet
-               ;; Believe it or not, the .pc is invalid.  Fix it.
-               '(substitute* "libpsl.pc.in"
-                  (("-llibpsl") "-lpsl")))))
+                "1k0klj668c9v0r4993vfs3kq773mzdz61vsigqw6v1mjcwnf1si3"))))
     (build-system gnu-build-system)
     (inputs `(("icu4c" ,icu4c)))
     ;; The release tarball lacks the generated files.
@@ -341,7 +341,8 @@ for efficient socket-like bidirectional reliable communication channels.")
                      ("automake" ,automake)
                      ("gettext"  ,gnu-gettext)
                      ("which"    ,which)
-                     ("libtool"  ,libtool)))
+                     ("libtool"  ,libtool)
+                     ("pkg-config" ,pkg-config)))
     (arguments
      `(#:phases (alist-cons-after
                  'unpack 'bootstrap
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 1ed33e1629..9fd9f4a321 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -447,13 +447,6 @@ transparent text on your screen.")
     (inputs
      `(("libx11" ,libx11)
        ("guile" ,guile-2.0)))
-    (arguments `(#:configure-flags
-                 '(;; FIXME: xbindkeys-1.8.6's config.guess fails on mips64el.
-                   ,@(if (%current-target-system)
-                         '()
-                         (let ((triplet
-                                (nix-system->gnu-triplet (%current-system))))
-                           (list (string-append "--build=" triplet)))))))
     (home-page "http://www.nongnu.org/xbindkeys/")
     (synopsis "Associate a combination of keys with a shell command")
     (description
diff --git a/gnu/packages/zip.scm b/gnu/packages/zip.scm
index e6f5067295..f0f27ddfe2 100644
--- a/gnu/packages/zip.scm
+++ b/gnu/packages/zip.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -81,23 +81,29 @@ Compression ratios of 2:1 to 3:1 are common for text files.")
       (sha256
        (base32
         "0dxx11knh3nk95p2gg2ak777dd11pr7jx5das2g49l262scrcv83"))
-      (patches (list (search-patch "unzip-CVE-2014-8139.patch")
-                     (search-patch "unzip-CVE-2014-8140.patch")
-                     (search-patch "unzip-CVE-2014-8141.patch")))))
+      (patches (map search-patch '("unzip-CVE-2014-8139.patch"
+                                   "unzip-CVE-2014-8140.patch"
+                                   "unzip-CVE-2014-8141.patch"
+                                   "unzip-CVE-2014-9636.patch"
+                                   "unzip-allow-greater-hostver-values.patch"
+                                   "unzip-increase-size-of-cfactorstr.patch"
+                                   "unzip-initialize-symlink-flag.patch"
+                                   "unzip-remove-build-date.patch")))))
     (build-system gnu-build-system)
     ;; no inputs; bzip2 is not supported, since not compiled with BZ_NO_STDIO
     (arguments
-     `(#:make-flags '("generic_gcc")
-       #:phases
-        (alist-replace
-         'configure
-         (lambda* (#:key inputs outputs #:allow-other-keys)
-           (let* ((out (assoc-ref outputs "out")))
-             (copy-file "unix/Makefile" "Makefile")
-             (substitute* "Makefile"
-               (("/usr/local") out)
-               (("/man/") "/share/man/"))))
-        %standard-phases)))
+     `(#:phases (modify-phases %standard-phases
+                  (delete 'configure)
+                  (replace 'build
+                           (lambda* (#:key make-flags #:allow-other-keys)
+                             (zero? (apply system* "make"
+                                           `("-j" ,(number->string
+                                                    (parallel-job-count))
+                                             ,@make-flags
+                                             "generic_gcc"))))))
+       #:make-flags (list "-f" "unix/Makefile"
+                          (string-append "prefix=" %output)
+                          (string-append "MANDIR=" %output "/share/man/man1"))))
     (home-page "http://www.info-zip.org/UnZip.html")
     (synopsis "Decompression and file extraction utility")
     (description
diff --git a/guix/build-system/gnu.scm b/guix/build-system/gnu.scm
index 8702c6c915..1f302447c2 100644
--- a/guix/build-system/gnu.scm
+++ b/guix/build-system/gnu.scm
@@ -289,6 +289,7 @@ standard packages used as implicit inputs of the GNU build system."
                     (phases '%standard-phases)
                     (locale "en_US.UTF-8")
                     (system (%current-system))
+                    (build (nix-system->gnu-triplet system))
                     (imported-modules %gnu-build-system-modules)
                     (modules %default-modules)
                     (substitutable? #t)
@@ -333,6 +334,7 @@ are allowed to refer to."
                               (source
                                source))
                   #:system ,system
+                  #:build ,build
                   #:outputs %outputs
                   #:inputs %build-inputs
                   #:search-paths ',(map search-path-specification->sexp
@@ -422,6 +424,7 @@ is one of `host' or `target'."
                           (phases '%standard-phases)
                           (locale "en_US.UTF-8")
                           (system (%current-system))
+                          (build (nix-system->gnu-triplet system))
                           (imported-modules %gnu-build-system-modules)
                           (modules %default-modules)
                           (substitutable? #t)
@@ -472,6 +475,7 @@ platform."
                                 (source
                                  source))
                     #:system ,system
+                    #:build ,build
                     #:target ,target
                     #:outputs %outputs
                     #:inputs %build-target-inputs
diff --git a/guix/build/gnu-build-system.scm b/guix/build/gnu-build-system.scm
index 5062479360..102207b022 100644
--- a/guix/build/gnu-build-system.scm
+++ b/guix/build/gnu-build-system.scm
@@ -184,7 +184,7 @@ makefiles."
   ;; Patch `SHELL' in generated makefiles.
   (for-each patch-makefile-SHELL (find-files "." "^(GNU)?[mM]akefile$")))
 
-(define* (configure #:key target native-inputs inputs outputs
+(define* (configure #:key build target native-inputs inputs outputs
                     (configure-flags '()) out-of-source?
                     #:allow-other-keys)
   (define (package-name)
@@ -234,6 +234,9 @@ makefiles."
                              (list (string-append "--docdir=" docdir
                                                   "/share/doc/" (package-name)))
                              '())
+                       ,@(if build
+                             (list (string-append "--build=" build))
+                             '())
                        ,@(if target               ; cross building
                              (list (string-append "--host=" target))
                              '())
diff --git a/guix/build/python-build-system.scm b/guix/build/python-build-system.scm
index 26a7254db9..d008ac2c69 100644
--- a/guix/build/python-build-system.scm
+++ b/guix/build/python-build-system.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2013, 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
+;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -119,10 +120,24 @@ installed with setuptools."
       (rename-file easy-install-pth new-pth))
     #t))
 
+(define* (ensure-no-mtimes-pre-1980 #:rest _)
+  "Ensure that there are no mtimes before 1980-01-02 in the source tree."
+  ;; Rationale: patch-and-repack creates tarballs with timestamps at the POSIX
+  ;; epoch, 1970-01-01 UTC.  This causes problems with Python packages,
+  ;; because Python eggs are ZIP files, and the ZIP format does not support
+  ;; timestamps before 1980.
+  (let ((early-1980 315619200))  ; 1980-01-02 UTC
+    (ftw "." (lambda (file stat flag)
+               (unless (<= early-1980 (stat:mtime stat))
+                 (utime file early-1980 early-1980))
+               #t))
+    #t))
+
 (define %standard-phases
   ;; 'configure' and 'build' phases are not needed.  Everything is done during
   ;; 'install'.
   (modify-phases gnu:%standard-phases
+    (add-after 'unpack 'ensure-no-mtimes-pre-1980 ensure-no-mtimes-pre-1980)
     (delete 'configure)
     (replace 'install install)
     (replace 'check check)
diff --git a/guix/packages.scm b/guix/packages.scm
index 5a280857ea..3983d1409a 100644
--- a/guix/packages.scm
+++ b/guix/packages.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -480,7 +480,11 @@ IMPORTED-MODULES specify modules to use/import for use by SNIPPET."
 
                       (begin (chdir "..") #t)
                       (zero? (system* (string-append #+tar "/bin/tar")
-                                      "cvfa" #$output directory)))))))
+                                      "cvfa" #$output directory
+                                      ;; avoid non-determinism in the archive
+                                      "--mtime=@0"
+                                      "--owner=root:0"
+                                      "--group=root:0")))))))
 
     (let ((name    (tarxz-name original-file-name))
           (modules (delete-duplicates (cons '(guix build utils) modules))))
@@ -491,21 +495,37 @@ IMPORTED-MODULES specify modules to use/import for use by SNIPPET."
                         #:guile-for-build guile-for-build))))
 
 (define (transitive-inputs inputs)
-  (let loop ((inputs  inputs)
-             (result '()))
+  "Return the closure of INPUTS when considering the 'propagated-inputs'
+edges.  Omit duplicate inputs, except for those already present in INPUTS
+itself.
+
+This is implemented as a breadth-first traversal such that INPUTS is
+preserved, and only duplicate propagated inputs are removed."
+  (define (seen? seen item outputs)
+    (match (vhash-assq item seen)
+      ((_ . o) (equal? o outputs))
+      (_       #f)))
+
+  (let loop ((inputs     inputs)
+             (result     '())
+             (propagated '())
+             (first?     #t)
+             (seen       vlist-null))
     (match inputs
       (()
-       (delete-duplicates (reverse result)))      ; XXX: efficiency
-      (((and i (name (? package? p) sub ...)) rest ...)
-       (let ((t (map (match-lambda
-                      ((dep-name derivation ...)
-                       (cons (string-append name "/" dep-name)
-                             derivation)))
-                     (package-propagated-inputs p))))
-         (loop (append t rest)
-               (append t (cons i result)))))
+       (if (null? propagated)
+           (reverse result)
+           (loop (reverse (concatenate propagated)) result '() #f seen)))
+      (((and input (label (? package? package) outputs ...)) rest ...)
+       (if (and (not first?) (seen? seen package outputs))
+           (loop rest result propagated first? seen)
+           (loop rest
+                 (cons input result)
+                 (cons (package-propagated-inputs package) propagated)
+                 first?
+                 (vhash-consq package outputs seen))))
       ((input rest ...)
-       (loop rest (cons input result))))))
+       (loop rest (cons input result) propagated first? seen)))))
 
 (define (package-direct-sources package)
   "Return all source origins associated with PACKAGE; including origins in
diff --git a/tests/gexp.scm b/tests/gexp.scm
index 5c9a4fc031..740d74620e 100644
--- a/tests/gexp.scm
+++ b/tests/gexp.scm
@@ -536,6 +536,9 @@
                                           (guix build utils))))
        (ok? (built-derivations (list drv)))
        (guile-drv  (package->derivation %bootstrap-guile))
+       (bash       (interned-file (search-bootstrap-binary "bash"
+                                                           (%current-system))
+                                  "bash" #:recursive? #t))
        (g-one   -> (derivation->output-path drv "one"))
        (g-two   -> (derivation->output-path drv "two"))
        (g-guile -> (derivation->output-path drv)))
@@ -543,8 +546,10 @@
                  (equal? (call-with-input-file g-one read) (list one))
                  (equal? (call-with-input-file g-two read)
                          (list one (derivation->output-path two "chbouib")))
+
+                 ;; Note: %BOOTSTRAP-GUILE depends on the bootstrap Bash.
                  (equal? (call-with-input-file g-guile read)
-                         (list (derivation->output-path guile-drv)))))))
+                         (list (derivation->output-path guile-drv) bash))))))
 
 (test-assertm "gexp->derivation #:allowed-references"
   (mlet %store-monad ((drv (gexp->derivation "allowed-refs"
diff --git a/tests/packages.scm b/tests/packages.scm
index 511ad78b6c..3cb532df1a 100644
--- a/tests/packages.scm
+++ b/tests/packages.scm
@@ -118,10 +118,32 @@
          (equal? `(("a" ,a)) (package-transitive-inputs c))
          (equal? (package-propagated-inputs d)
                  (package-transitive-inputs d))
-         (equal? `(("b" ,b) ("b/a" ,a) ("c" ,c)
-                   ("d" ,d) ("d/x" "something.drv"))
+         (equal? `(("b" ,b) ("c" ,c) ("d" ,d)
+                   ("a" ,a) ("x" "something.drv"))
                  (pk 'x (package-transitive-inputs e))))))
 
+(test-assert "package-transitive-inputs, no duplicates"
+  (let* ((a (dummy-package "a"))
+         (b (dummy-package "b"
+              (inputs `(("a+" ,a)))
+              (native-inputs `(("a*" ,a)))
+              (propagated-inputs `(("a" ,a)))))
+         (c (dummy-package "c"
+              (propagated-inputs `(("b" ,b)))))
+         (d (dummy-package "d"
+              (inputs `(("a" ,a) ("c" ,c)))))
+         (e (dummy-package "e"
+              (inputs `(("b" ,b) ("c" ,c))))))
+    (and (null? (package-transitive-inputs a))
+         (equal? `(("a*" ,a) ("a+" ,a) ("a" ,a))   ;here duplicates are kept
+                 (package-transitive-inputs b))
+         (equal? `(("b" ,b) ("a" ,a))
+                 (package-transitive-inputs c))
+         (equal? `(("a" ,a) ("c" ,c) ("b" ,b))     ;duplicate A removed
+                 (package-transitive-inputs d))
+         (equal? `(("b" ,b) ("c" ,c) ("a" ,a))
+                 (package-transitive-inputs e))))) ;ditto
+
 (test-equal "package-transitive-supported-systems"
   '(("x" "y" "z")                                 ;a
     ("x" "y")                                     ;b
@@ -573,8 +595,8 @@
          (dummy  (dummy-package "dummy"
                    (inputs `(("prop" ,prop)))))
          (inputs (bag-transitive-inputs (package->bag dummy #:graft? #f))))
-    (match (assoc "prop/dep" inputs)
-      (("prop/dep" package)
+    (match (assoc "dep" inputs)
+      (("dep" package)
        (eq? package dep)))))
 
 (test-assert "bag->derivation"
diff --git a/tests/size.scm b/tests/size.scm
index 95b99a88ef..a1106045f8 100644
--- a/tests/size.scm
+++ b/tests/size.scm
@@ -24,6 +24,7 @@
   #:use-module (guix gexp)
   #:use-module (guix tests)
   #:use-module (guix scripts size)
+  #:use-module (gnu packages)
   #:use-module (gnu packages bootstrap)
   #:use-module (ice-9 match)
   #:use-module (srfi srfi-1)
@@ -54,9 +55,15 @@
       (built-derivations (list file2))
       (mlet %store-monad ((profiles (store-profile
                                      (derivation->output-path file2)))
+                          (bash     (interned-file
+                                     (search-bootstrap-binary
+                                      "bash" (%current-system)) "bash"
+                                      #:recursive? #t))
                           (guile    (package->derivation %bootstrap-guile)))
-        (define (lookup-profile drv)
-          (find (matching-profile (derivation->output-path drv))
+        (define (lookup-profile item)
+          (find (matching-profile (if (derivation? item)
+                                      (derivation->output-path item)
+                                      item))
                 profiles))
 
         (letrec-syntax ((match* (syntax-rules (=>)
@@ -67,15 +74,17 @@
                                   ((_ () body)
                                    body))))
           ;; Make sure we get all three profiles with sensible values.
-          (return (and (= (length profiles) 3)
+          (return (and (= (length profiles) 4)
                        (match* ((file1 => profile1)
                                 (file2 => profile2)
-                                (guile => profile3))
+                                (guile => profile3)
+                                (bash  => profile4)) ;dependency of GUILE
                          (and (> (profile-closure-size profile2) 0)
                               (= (profile-closure-size profile2)
                                  (+ (profile-self-size profile1)
                                     (profile-self-size profile2)
-                                    (profile-self-size profile3))))))))))))
+                                    (profile-self-size profile3)
+                                    (profile-self-size profile4))))))))))))
 
 (test-end "size")