summary refs log tree commit diff
path: root/gnu/packages
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages')
-rw-r--r--gnu/packages/algebra.scm33
-rw-r--r--gnu/packages/base.scm57
-rw-r--r--gnu/packages/bash.scm9
-rw-r--r--gnu/packages/bdw-gc.scm12
-rw-r--r--gnu/packages/boost.scm33
-rw-r--r--gnu/packages/commencement.scm123
-rw-r--r--gnu/packages/compression.scm16
-rw-r--r--gnu/packages/cross-base.scm74
-rw-r--r--gnu/packages/databases.scm8
-rw-r--r--gnu/packages/docbook.scm27
-rw-r--r--gnu/packages/elf.scm16
-rw-r--r--gnu/packages/gcc.scm239
-rw-r--r--gnu/packages/ghostscript.scm6
-rw-r--r--gnu/packages/glib.scm23
-rw-r--r--gnu/packages/gnunet.scm1
-rw-r--r--gnu/packages/gnupg.scm4
-rw-r--r--gnu/packages/graphviz.scm13
-rw-r--r--gnu/packages/gtk.scm12
-rw-r--r--gnu/packages/guile.scm37
-rw-r--r--gnu/packages/indent.scm20
-rw-r--r--gnu/packages/less.scm4
-rw-r--r--gnu/packages/libbsd.scm4
-rw-r--r--gnu/packages/libevent.scm6
-rw-r--r--gnu/packages/libffi.scm40
-rw-r--r--gnu/packages/libsigsegv.scm4
-rw-r--r--gnu/packages/linux.scm37
-rw-r--r--gnu/packages/m4.scm26
-rw-r--r--gnu/packages/make-bootstrap.scm97
-rw-r--r--gnu/packages/multiprecision.scm4
-rw-r--r--gnu/packages/ncurses.scm57
-rw-r--r--gnu/packages/patches/lcms-CVE-2016-10165.patch36
-rw-r--r--gnu/packages/patches/libtasn1-CVE-2017-10790.patch63
-rw-r--r--gnu/packages/patches/libtasn1-CVE-2018-6003.patch73
-rw-r--r--gnu/packages/patches/tar-CVE-2016-6321.patch51
-rw-r--r--gnu/packages/tls.scm20
-rw-r--r--gnu/packages/xorg.scm31
36 files changed, 539 insertions, 777 deletions
diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm
index 2bc8431033..8c42ac31cc 100644
--- a/gnu/packages/algebra.scm
+++ b/gnu/packages/algebra.scm
@@ -5,7 +5,7 @@
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
 ;;;
@@ -516,31 +516,31 @@ a C program.")
     (license license:bsd-3)))
 
 (define-public fftw
-  ;; TODO: Make this 3.3.7 (see below) on the next upgrade cycle.
   (package
     (name "fftw")
-    (version "3.3.5")
+    (version "3.3.7")
     (source (origin
              (method url-fetch)
              (uri (string-append "ftp://ftp.fftw.org/pub/fftw/fftw-"
                                  version".tar.gz"))
              (sha256
               (base32
-               "1kwbx92ps0r7s2mqy7lxbxanslxdzj7dp7r7gmdkzv1j8yqf3kwf"))))
+               "0wsms8narnbhfsa8chdflv2j9hzspvflblnqdn7hw8x5xdzrnq1v"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags
        '("--enable-shared" "--enable-openmp" "--enable-threads")
-       #:phases (alist-cons-before
-                 'build 'no-native
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'no-native
                  (lambda _
                    ;; By default '-mtune=native' is used.  However, that may
                    ;; cause the use of ISA extensions (SSE2, etc.) that are
                    ;; not necessarily available on the user's machine when
                    ;; that package is built on a different machine.
                    (substitute* (find-files "." "Makefile$")
-                     (("-mtune=native") "")))
-                 %standard-phases)))
+                     (("-mtune=native") ""))
+                   #t)))))
     (native-inputs `(("perl" ,perl)))
     (home-page "http://fftw.org")
     (synopsis "Computing the discrete Fourier transform")
@@ -576,25 +576,12 @@ cosine/ sine transforms or DCT/DST).")
      (string-append (package-description fftw)
                     "  With OpenMPI parallelism support."))))
 
-(define-public fftw-3.3.7
-  ;; TODO: Make this the default 'fftw' on the next upgrade cycle.
-  (package
-    (inherit fftw)
-    (version "3.3.7")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "ftp://ftp.fftw.org/pub/fftw/fftw-"
-                                  version".tar.gz"))
-              (sha256
-               (base32
-                "0wsms8narnbhfsa8chdflv2j9hzspvflblnqdn7hw8x5xdzrnq1v"))))))
-
 (define-public fftw-avx
   (package
-    (inherit fftw-3.3.7)
+    (inherit fftw)
     (name "fftw-avx")
     (arguments
-     (substitute-keyword-arguments (package-arguments fftw-3.3.7)
+     (substitute-keyword-arguments (package-arguments fftw)
        ((#:configure-flags flags ''())
         ;; Enable AVX & co.  See details at:
         ;; <http://fftw.org/fftw3_doc/Installation-on-Unix.html>.
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index b2c1d232fb..56b586c8eb 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -7,11 +7,12 @@
 ;;; Copyright © 2014, 2015 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
-;;; Copyright © 2016 Alex Vong <alexvong1995@gmail.com>
+;;; Copyright © 2016, 2018 Alex Vong <alexvong1995@gmail.com>
 ;;; Copyright © 2017 Rene Saavedra <rennes@openmailbox.org>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -167,16 +168,15 @@ implementation offers several extensions over the standard utility.")
 (define-public tar
   (package
    (name "tar")
-   (version "1.29")
+   (version "1.30")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/tar/tar-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "097hx7sbzp8qirl4m930lw84kn0wmxhmq7v1qpra3mrg0b8cyba0"))
-            (patches (search-patches "tar-CVE-2016-6321.patch"
-                                     "tar-skip-unreliable-tests.patch"))))
+              "1lyjyk8z8hdddsxw0ikchrsfg3i0x3fsh7l63a8jgaz1n7dr5gzi"))
+            (patches (search-patches "tar-skip-unreliable-tests.patch"))))
    (build-system gnu-build-system)
    ;; Note: test suite requires ~1GiB of disk space.
    (arguments
@@ -303,14 +303,14 @@ used to apply commands with arbitrarily long arguments.")
 (define-public coreutils
   (package
    (name "coreutils")
-   (version "8.28")
+   (version "8.29")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/coreutils/coreutils-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "0r8c1bgm68kl70j1lgd0rv12iykw6143k4m9a56xip9rc2hv25qi"))))
+              "0plm1zs9il6bb5mk881qvbghq4glc8ybbgakk2lfzb0w64fgml4j"))))
    (build-system gnu-build-system)
    (inputs `(("acl"  ,acl)                        ; TODO: add SELinux
              ("gmp"  ,gmp)                        ;bignums in 'expr', yay!
@@ -1053,30 +1053,25 @@ command.")
                "--host=i586-pc-gnu"
                "--enable-obsolete-rpc"))
        ((#:phases _)
-        '(alist-replace
-          'install
-          (lambda* (#:key outputs #:allow-other-keys)
-            (and (zero? (system* "make" "install-headers"))
-
-                 ;; Make an empty stubs.h to work around not being able to
-                 ;; produce a valid stubs.h and causing the build to fail. See
-                 ;; <http://lists.gnu.org/archive/html/guix-devel/2014-04/msg00233.html>.
-                 (let ((out (assoc-ref outputs "out")))
-                   (close-port
-                    (open-output-file
-                     (string-append out "/include/gnu/stubs.h"))))))
-
-          ;; Nothing to build.
-          (alist-delete
-           'build
-
-           (alist-cons-before
-            'configure 'pre-configure
-            (lambda _
-              ;; Use the right 'pwd'.
-              (substitute* "configure"
-                (("/bin/pwd") "pwd")))
-            %standard-phases))))))))
+        '(modify-phases %standard-phases
+           (replace 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               (invoke "make" "install-headers")
+
+               ;; Make an empty stubs.h to work around not being able to
+               ;; produce a valid stubs.h and causing the build to fail. See
+               ;; <http://lists.gnu.org/archive/html/guix-devel/2014-04/msg00233.html>.
+               (let ((out (assoc-ref outputs "out")))
+                 (close-port
+                  (open-output-file
+                   (string-append out "/include/gnu/stubs.h"))))))
+           (delete 'build)              ; nothing to build
+           (add-before 'configure 'patch-configure-script
+             (lambda _
+               ;; Use the right 'pwd'.
+               (substitute* "configure"
+                 (("/bin/pwd") "pwd"))
+               #t))))))))
 
 (define-public tzdata
   (package
diff --git a/gnu/packages/bash.scm b/gnu/packages/bash.scm
index b8b0ae58f6..663a8a706e 100644
--- a/gnu/packages/bash.scm
+++ b/gnu/packages/bash.scm
@@ -71,7 +71,14 @@
    (9 "0g1l56kvw61rpw7dqa9fcl9llkl693h73g631hrhxlm030ddssqb")
    (10 "01lfhrkdsdkdz8ypzapr614ras23x7ckjnr60aa5bzkaqprccrc4")
    (11 "038p7mhnq9m65g505hi3827jkf9f35nd1cy00w8mwafpyxp44mnx")
-   (12 "0gh6lbb1rwpk44pvbamm6vzdfi50xnwkqd9v7s8cjwk3pz973hps")))
+   (12 "0gh6lbb1rwpk44pvbamm6vzdfi50xnwkqd9v7s8cjwk3pz973hps")
+   (13 "1djkx0w9v62q78gz3jsvamj1jq53i6hbfrfhhsw86ihwpjnfy98v")
+   (14 "0z5ikcq9zyxw79d0z36r5p0mspnb5piavbv03jmlan1wnknmrxx7")
+   (15 "09n307fi1j257abhm295k6ksmnzw47ka2zhnr0i5lbdnpvn04xnk")
+   (16 "1cgi1y6mifm8hsgv4avj5ih76535js3qba1sqwbfvp7si76927sh")
+   (17 "0w6jpj2giakji1ir83rpkx1y7n7xqppah3j748m6dm38hywr0gvp")
+   (18 "1k58h4wxbsg7r4rwhrvzx5hfbapba2nxjysbhh6qp6ki5ys99i2v")
+   (19 "07n1i5610lbs672x1s8g82qn3qfj06s0ip3z80sri0g8vxp0s5r7")))
 
 (define (download-patches store count)
   "Download COUNT Bash patches into store.  Return a list of
diff --git a/gnu/packages/bdw-gc.scm b/gnu/packages/bdw-gc.scm
index f9fda96bb2..10e8fe848f 100644
--- a/gnu/packages/bdw-gc.scm
+++ b/gnu/packages/bdw-gc.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013, 2014, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016, 2018 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017 Rene Saavedra <rennes@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -30,14 +30,14 @@
 (define-public libgc
   (package
    (name "libgc")
-   (version "7.6.0")
+   (version "7.6.4")
    (source (origin
             (method url-fetch)
             (uri (string-append "http://www.hboehm.info/gc/gc_source/gc-"
                                 version ".tar.gz"))
             (sha256
              (base32
-              "143x7g0d0k6250ai6m2x3l4y352mzizi4wbgrmahxscv2aqjhjm1"))))
+              "076dzsqqyxd3nlzs0z277vvhqjp8nv5dqi763s0m90zr6ljiyk5r"))))
    (build-system gnu-build-system)
    (arguments
     `(#:configure-flags
@@ -91,7 +91,7 @@ C or C++ programs, though that is not its primary goal.")
 (define-public libatomic-ops
   (package
     (name "libatomic-ops")
-    (version "7.4.8")
+    (version "7.6.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -99,13 +99,13 @@ C or C++ programs, though that is not its primary goal.")
                     version "/libatomic_ops-" version ".tar.gz"))
               (sha256
                (base32
-                "0sj3plzpbqgxrqpjq3w2zi3zxxqqps71ncdwk5s1k30i9d9da1f4"))))
+                "1rif2hjscq5mh639nsnjhb90c01gnmy1sbmj6x6hsn1xmpnj95r1"))))
     (build-system gnu-build-system)
     (outputs '("out" "debug"))
     (synopsis "Accessing hardware atomic memory update operations")
     (description
      "This C library provides semi-portable access to hardware-provided atomic
-memory update operations on a number architectures.  These might allow you to
+memory update operations on a number of architectures.  These might allow you to
 write code that does more interesting things in signal handlers, write
 lock-free code, experiment with thread programming paradigms, etc.")
     (home-page "https://github.com/ivmai/libatomic_ops/")
diff --git a/gnu/packages/boost.scm b/gnu/packages/boost.scm
index 91dd2f9156..bf584fa6c3 100644
--- a/gnu/packages/boost.scm
+++ b/gnu/packages/boost.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -37,7 +38,7 @@
 (define-public boost
   (package
     (name "boost")
-    (version "1.64.0")
+    (version "1.66.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -46,7 +47,7 @@
                     ".tar.bz2"))
               (sha256
                (base32
-                "0cikd35xfkpg9nnl76yqqnqxnf3hyfjjww8xjd4akflprsm5rk3v"))))
+                "1aaw48cmimsskzgiclwn0iifp62a5iw9cbqrhfari876af1828ap"))))
     (build-system gnu-build-system)
     (inputs `(("icu4c" ,icu4c)
               ("zlib" ,zlib)))
@@ -73,8 +74,7 @@
                    '()))
        #:phases
        (modify-phases %standard-phases
-         (replace
-             'configure
+         (replace 'configure
            (lambda* (#:key outputs #:allow-other-keys)
              (let ((out (assoc-ref outputs "out")))
                (substitute* '("libs/config/configure"
@@ -88,21 +88,22 @@
                (setenv "SHELL" (which "sh"))
                (setenv "CONFIG_SHELL" (which "sh"))
 
-               (zero? (system* "./bootstrap.sh"
-                               (string-append "--prefix=" out)
-                               "--with-toolset=gcc")))))
-         (replace
-             'build
+               (invoke "./bootstrap.sh"
+                       (string-append "--prefix=" out)
+                       "--with-toolset=gcc")
+               #t)))
+         (replace 'build
            (lambda* (#:key outputs make-flags #:allow-other-keys)
-             (zero? (apply system* "./b2"
-                           (format #f "-j~a" (parallel-job-count))
-                           make-flags))))
-         (replace
-             'install
+             (apply invoke "./b2"
+                    (format #f "-j~a" (parallel-job-count))
+                    make-flags)
+             #t))
+         (replace 'install
            (lambda* (#:key outputs make-flags #:allow-other-keys)
-             (zero? (apply system* "./b2" "install" make-flags)))))))
+             (apply invoke "./b2" "install" make-flags)
+             #t)))))
 
-    (home-page "http://boost.org")
+    (home-page "http://www.boost.org")
     (synopsis "Peer-reviewed portable C++ source libraries")
     (description
      "A collection of libraries intended to be widely useful, and usable
diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm
index 7286e954c5..3636b54b0b 100644
--- a/gnu/packages/commencement.scm
+++ b/gnu/packages/commencement.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org>
 ;;; Copyright © 2014, 2015, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2017, 2018 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -81,12 +82,14 @@
              `(modify-phases ,phases
                 (replace 'build
                   (lambda _
-                    (zero? (system* "./build.sh"))))
+                    (invoke "./build.sh")
+                    #t))
                 (replace 'install
                   (lambda* (#:key outputs #:allow-other-keys)
                     (let* ((out (assoc-ref outputs "out"))
                            (bin (string-append out "/bin")))
-                      (install-file "make" bin)))))))))
+                      (install-file "make" bin)
+                      #t))))))))
      (native-inputs '())                          ; no need for 'pkg-config'
      (inputs %bootstrap-inputs))))
 
@@ -253,42 +256,40 @@
                                 "--(with-system-zlib|enable-languages.*)" <>)
                               ,flags)))
             ((#:phases phases)
-             `(alist-cons-after
-               'unpack 'unpack-gmp&co
-               (lambda* (#:key inputs #:allow-other-keys)
-                 (let ((gmp  (assoc-ref %build-inputs "gmp-source"))
-                       (mpfr (assoc-ref %build-inputs "mpfr-source"))
-                       (mpc  (assoc-ref %build-inputs "mpc-source")))
-
-                   ;; To reduce the set of pre-built bootstrap inputs, build
-                   ;; GMP & co. from GCC.
-                   (for-each (lambda (source)
-                               (or (zero? (system* "tar" "xvf" source))
-                                   (error "failed to unpack tarball"
-                                          source)))
-                             (list gmp mpfr mpc))
-
-                   ;; Create symlinks like `gmp' -> `gmp-x.y.z'.
-                   ,@(map (lambda (lib)
-                            ;; Drop trailing letters, as gmp-6.0.0a unpacks
-                            ;; into gmp-6.0.0.
-                            `(symlink ,(string-trim-right
-                                        (package-full-name lib)
-                                        char-set:letter)
-                                      ,(package-name lib)))
-                          (list gmp-6.0 mpfr mpc))))
-               (alist-cons-after
-                'install 'symlink-libgcc_eh
-                (lambda* (#:key outputs #:allow-other-keys)
-                  (let ((out (assoc-ref outputs "lib")))
-                    ;; Glibc wants to link against libgcc_eh, so provide
-                    ;; it.
-                    (with-directory-excursion
-                        (string-append out "/lib/gcc/"
-                                       ,(boot-triplet)
-                                       "/" ,(package-version gcc))
-                      (symlink "libgcc.a" "libgcc_eh.a"))))
-                ,phases))))))
+             `(modify-phases ,phases
+                (add-after 'unpack 'unpack-gmp&co
+                  (lambda* (#:key inputs #:allow-other-keys)
+                    (let ((gmp  (assoc-ref %build-inputs "gmp-source"))
+                          (mpfr (assoc-ref %build-inputs "mpfr-source"))
+                          (mpc  (assoc-ref %build-inputs "mpc-source")))
+
+                      ;; To reduce the set of pre-built bootstrap inputs, build
+                      ;; GMP & co. from GCC.
+                      (for-each (lambda (source)
+                                  (invoke "tar" "xvf" source))
+                                (list gmp mpfr mpc))
+
+                      ;; Create symlinks like `gmp' -> `gmp-x.y.z'.
+                      ,@(map (lambda (lib)
+                               ;; Drop trailing letters, as gmp-6.0.0a unpacks
+                               ;; into gmp-6.0.0.
+                               `(symlink ,(string-trim-right
+                                           (package-full-name lib)
+                                           char-set:letter)
+                                         ,(package-name lib)))
+                             (list gmp-6.0 mpfr mpc))
+                      #t)))
+                (add-after 'install 'symlink-libgcc_eh
+                  (lambda* (#:key outputs #:allow-other-keys)
+                    (let ((out (assoc-ref outputs "lib")))
+                      ;; Glibc wants to link against libgcc_eh, so provide
+                      ;; it.
+                      (with-directory-excursion
+                          (string-append out "/lib/gcc/"
+                                         ,(boot-triplet)
+                                         "/" ,(package-version gcc))
+                        (symlink "libgcc.a" "libgcc_eh.a"))
+                      #t))))))))
 
      (inputs `(("gmp-source" ,(package-source gmp-6.0))
                ("mpfr-source" ,(package-source mpfr))
@@ -503,29 +504,29 @@ the bootstrap environment."
                             "--enable-obsolete-rpc")
                       ,flags))
             ((#:phases phases)
-             `(alist-cons-before
-               'configure 'pre-configure
-               (lambda* (#:key inputs #:allow-other-keys)
-                 ;; Don't clobber CPATH with the bootstrap libc.
-                 (setenv "NATIVE_CPATH" (getenv "CPATH"))
-                 (unsetenv "CPATH")
-
-                 ;; Tell 'libpthread' where to find 'libihash' on Hurd systems.
-                 ,@(if (hurd-triplet? (%current-system))
-                       `((substitute* "libpthread/Makefile"
-                           (("LDLIBS-pthread.so =.*")
-                            (string-append "LDLIBS-pthread.so = "
-                                           (assoc-ref %build-inputs "kernel-headers")
-                                           "/lib/libihash.a\n"))))
-                       '())
-
-                 ;; 'rpcgen' needs native libc headers to be built.
-                 (substitute* "sunrpc/Makefile"
-                   (("sunrpc-CPPFLAGS =.*" all)
-                    (string-append "CPATH = $(NATIVE_CPATH)\n"
-                                   "export CPATH\n"
-                                   all "\n"))))
-               ,phases)))))
+             `(modify-phases ,phases
+                (add-before 'configure 'pre-configure
+                  (lambda* (#:key inputs #:allow-other-keys)
+                    ;; Don't clobber CPATH with the bootstrap libc.
+                    (setenv "NATIVE_CPATH" (getenv "CPATH"))
+                    (unsetenv "CPATH")
+
+                    ;; Tell 'libpthread' where to find 'libihash' on Hurd systems.
+                    ,@(if (hurd-triplet? (%current-system))
+                          `((substitute* "libpthread/Makefile"
+                              (("LDLIBS-pthread.so =.*")
+                               (string-append "LDLIBS-pthread.so = "
+                                              (assoc-ref %build-inputs "kernel-headers")
+                                              "/lib/libihash.a\n"))))
+                          '())
+
+                    ;; 'rpcgen' needs native libc headers to be built.
+                    (substitute* "sunrpc/Makefile"
+                      (("sunrpc-CPPFLAGS =.*" all)
+                       (string-append "CPATH = $(NATIVE_CPATH)\n"
+                                      "export CPATH\n"
+                                      all "\n")))
+                    #t)))))))
      (propagated-inputs `(("kernel-headers" ,(kernel-headers-boot0))))
      (native-inputs
       `(("texinfo" ,texinfo-boot0)
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index f25c4bba3a..dfdebdb1b3 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -200,14 +200,14 @@ adding and extracting files to/from a tar archive.")
 (define-public gzip
   (package
    (name "gzip")
-   (version "1.8")
+   (version "1.9")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/gzip/gzip-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "1lxv3p4iyx7833mlihkn5wfwmz4cys5nybwpz3dfawag8kn6f5zz"))))
+              "16h8g4acy7fgfxcjacr3wijjsnixwsfd2jhz3zwdi2qrzi262l5f"))))
    (build-system gnu-build-system)
    (synopsis "General file (de)compression (using lzw)")
    (arguments
@@ -272,11 +272,9 @@ file; as a result, it is often used in conjunction with \"tar\", resulting in
              (let* ((out    (assoc-ref outputs "out"))
                     (libdir (string-append out "/lib")))
                (for-each (lambda (file)
-                           (let ((base (basename file)))
-                             (format #t "installing `~a' to `~a'~%"
-                                     base libdir)
-                             (copy-file file
-                                        (string-append libdir "/" base))))
+                           (format #t "installing `~a' to `~a'~%"
+                                   (basename file) libdir)
+                           (install-file file libdir))
                          (find-files "." "^libbz2\\.so")))
              #t))
          (add-after 'install-shared-lib 'patch-scripts
@@ -475,14 +473,14 @@ some compression ratio).")
 (define-public lzip
   (package
     (name "lzip")
-    (version "1.19")
+    (version "1.20")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://savannah/lzip/lzip-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "1abbch762gv8rjr579q3qyyk6c80plklbv2mw4x0vg71dgsw9bgz"))))
+               "0319q59kb8g324wnj7xzbr7vvlx5bcs13lr34j0zb3kqlyjq2fy9"))))
     (build-system gnu-build-system)
     (home-page "https://www.nongnu.org/lzip/lzip.html")
     (synopsis "Lossless data compressor based on the LZMA algorithm")
diff --git a/gnu/packages/cross-base.scm b/gnu/packages/cross-base.scm
index 0f5997951c..8dede7791f 100644
--- a/gnu/packages/cross-base.scm
+++ b/gnu/packages/cross-base.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;; Copyright © 2016 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -314,14 +315,14 @@ target that libc."
        `(#:modules ((guix build gnu-build-system)
                     (guix build utils)
                     (srfi srfi-26))
-         #:phases (alist-cons-before
-                   'configure 'set-cross-headers-path
-                   (lambda* (#:key inputs #:allow-other-keys)
-                     (let* ((mach (assoc-ref inputs "cross-gnumach-headers"))
-                            (cpath (string-append mach "/include")))
-                       (for-each (cut setenv <> cpath)
-                                 ',%gcc-cross-include-paths)))
-                   %standard-phases)
+         #:phases (modify-phases %standard-phases
+                    (add-before 'configure 'set-cross-headers-path
+                      (lambda* (#:key inputs #:allow-other-keys)
+                        (let* ((mach (assoc-ref inputs "cross-gnumach-headers"))
+                               (cpath (string-append mach "/include")))
+                          (for-each (cut setenv <> cpath)
+                                    ',%gcc-cross-include-paths)
+                          #t))))
          #:configure-flags (list ,(string-append "--target=" target))
          ,@(package-arguments mig)))
 
@@ -352,16 +353,16 @@ target that libc."
                         (srfi srfi-26))
              ,@(package-arguments glibc/hurd-headers))
          ((#:phases phases)
-          `(alist-cons-before
-            'pre-configure 'set-cross-headers-path
-            (lambda* (#:key inputs #:allow-other-keys)
-              (let* ((mach (assoc-ref inputs "gnumach-headers"))
-                     (hurd (assoc-ref inputs "hurd-headers"))
-                     (cpath (string-append mach "/include:"
-                                           hurd "/include")))
-                (for-each (cut setenv <> cpath)
-                          ',%gcc-cross-include-paths)))
-            ,phases))))
+          `(modify-phases ,phases
+             (add-before 'pre-configure 'set-cross-headers-path
+               (lambda* (#:key inputs #:allow-other-keys)
+                 (let* ((mach (assoc-ref inputs "gnumach-headers"))
+                        (hurd (assoc-ref inputs "hurd-headers"))
+                        (cpath (string-append mach "/include:"
+                                              hurd "/include")))
+                   (for-each (cut setenv <> cpath)
+                             ',%gcc-cross-include-paths)
+                   #t)))))))
 
       (propagated-inputs `(("gnumach-headers" ,xgnumach-headers)
                            ("hurd-headers" ,xhurd-headers)))
@@ -382,14 +383,14 @@ target that libc."
                       (srfi srfi-26))
            ,@(package-arguments hurd-minimal))
          ((#:phases phases)
-          `(alist-cons-before
-            'configure 'set-cross-headers-path
-            (lambda* (#:key inputs #:allow-other-keys)
-              (let* ((glibc-headers (assoc-ref inputs "cross-glibc-hurd-headers"))
-                    (cpath (string-append glibc-headers "/include")))
-                (for-each (cut setenv <> cpath)
-                          ',%gcc-cross-include-paths)))
-            ,phases))))
+          `(modify-phases ,phases
+             (add-before 'configure 'set-cross-headers-path
+               (lambda* (#:key inputs #:allow-other-keys)
+                 (let* ((glibc-headers (assoc-ref inputs "cross-glibc-hurd-headers"))
+                        (cpath (string-append glibc-headers "/include")))
+                   (for-each (cut setenv <> cpath)
+                             ',%gcc-cross-include-paths)
+                   #t)))))))
 
       (inputs `(("cross-glibc-hurd-headers" ,xglibc/hurd-headers)))
 
@@ -456,17 +457,16 @@ XBINUTILS and the cross tool chain."
               `(cons ,(string-append "--host=" target)
                    ,flags))
              ((#:phases phases)
-              `(alist-cons-before
-                'configure 'set-cross-kernel-headers-path
-                (lambda* (#:key inputs #:allow-other-keys)
-                  (let* ((kernel (assoc-ref inputs "kernel-headers"))
-                         (cpath (string-append kernel "/include")))
-                    (for-each (cut setenv <> cpath)
-                              ',%gcc-cross-include-paths)
-                    (setenv "CROSS_LIBRARY_PATH"
-                            (string-append kernel "/lib")) ;for Hurd's libihash
-                    #t))
-                ,phases))))
+              `(modify-phases ,phases
+                 (add-before 'configure 'set-cross-kernel-headers-path
+                   (lambda* (#:key inputs #:allow-other-keys)
+                     (let* ((kernel (assoc-ref inputs "kernel-headers"))
+                            (cpath (string-append kernel "/include")))
+                       (for-each (cut setenv <> cpath)
+                                 ',%gcc-cross-include-paths)
+                       (setenv "CROSS_LIBRARY_PATH"
+                               (string-append kernel "/lib")) ; for Hurd's libihash
+                       #t)))))))
 
           ;; Shadow the native "kernel-headers" because glibc's recipe expects the
           ;; "kernel-headers" input to point to the right thing.
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 29b6ca1698..d14fb67446 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -159,14 +159,14 @@ either single machines or networked clusters.")
 (define-public gdbm
   (package
     (name "gdbm")
-    (version "1.13")
+    (version "1.14")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnu/gdbm/gdbm-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0lx201q20dvc70f8a3c9s7s18z15inlxvbffph97ngvrgnyjq9cx"))))
+                "02dakgrq93xwgln8qfv3vs5jyz5yvds5nyzkx6rhg9v585x478dd"))))
     (arguments `(#:configure-flags '("--enable-libgdbm-compat")))
     (build-system gnu-build-system)
     (home-page "http://www.gnu.org.ua/software/gdbm")
@@ -992,7 +992,7 @@ for example from a shell script.")
 (define-public sqlite
   (package
    (name "sqlite")
-   (version "3.21.0")
+   (version "3.22.0")
    (source (origin
             (method url-fetch)
             (uri (let ((numeric-version
@@ -1008,7 +1008,7 @@ for example from a shell script.")
                                   numeric-version ".tar.gz")))
             (sha256
              (base32
-              "1qxvzdjwzw6k0kqjfabj86rnq87xdbwbca7laxxdhnh0fmkm3pfp"))))
+              "04n6hnw2g818d7r92cp2608kd5mhzyysy83k29kbq1mp709an918"))))
    (build-system gnu-build-system)
    (inputs `(("readline" ,readline)))
    (arguments
diff --git a/gnu/packages/docbook.scm b/gnu/packages/docbook.scm
index ed1e60a7a3..03fc54450e 100644
--- a/gnu/packages/docbook.scm
+++ b/gnu/packages/docbook.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2014 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -236,19 +237,19 @@ by no means limited to these applications.)  This package provides XML DTDs.")
        #:use-setuptools? #f
        #:tests? #f                      ;no 'test' command
        #:phases
-       (alist-cons-after
-        'wrap 'set-path
-        (lambda* (#:key inputs outputs #:allow-other-keys)
-          (let ((out (assoc-ref outputs "out")))
-            ;; dblatex executes helper programs at runtime.
-            (wrap-program (string-append out "/bin/dblatex")
-                          `("PATH" ":" prefix
-                            ,(map (lambda (input)
-                                    (string-append (assoc-ref inputs input)
-                                                   "/bin"))
-                                  '("libxslt" "texlive"
-                                    "imagemagick" "inkscape"))))))
-        %standard-phases)))
+       (modify-phases %standard-phases
+         (add-after 'wrap 'set-path
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               ;; dblatex executes helper programs at runtime.
+               (wrap-program (string-append out "/bin/dblatex")
+                 `("PATH" ":" prefix
+                   ,(map (lambda (input)
+                           (string-append (assoc-ref inputs input)
+                                          "/bin"))
+                         '("libxslt" "texlive"
+                           "imagemagick" "inkscape"))))
+               #t))))))
     (home-page "http://dblatex.sourceforge.net")
     (synopsis "DocBook to LaTeX Publishing")
     (description
diff --git a/gnu/packages/elf.scm b/gnu/packages/elf.scm
index 8fb568b841..7ec189820d 100644
--- a/gnu/packages/elf.scm
+++ b/gnu/packages/elf.scm
@@ -127,14 +127,14 @@ Executable and Linkable Format (@dfn{ELF}).  This includes @command{ld},
          '()))
     (arguments
      (if (string-prefix? "arm" (or (%current-target-system) (%current-system)))
-         `(#:phases (alist-cons-after
-                     'unpack 'patch/rework-for-arm
-                     (lambda* (#:key inputs #:allow-other-keys)
-                       (let ((patch-file
-                              (assoc-ref inputs "patch/rework-for-arm")))
-                         (zero? (system* "patch" "--force" "-p1"
-                                         "--input" patch-file))))
-                     %standard-phases))
+         `(#:phases (modify-phases %standard-phases
+                      (add-after 'unpack 'patch/rework-for-arm
+                        (lambda* (#:key inputs #:allow-other-keys)
+                          (let ((patch-file
+                                 (assoc-ref inputs "patch/rework-for-arm")))
+                            (invoke "patch" "--force" "-p1"
+                                    "--input" patch-file)
+                            #t)))))
          '()))
 
     (home-page "https://nixos.org/patchelf.html")
diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index 62b8968823..e9c83997ab 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015, 2016, 2017, 2018 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Carlos Sánchez de La Lama <csanchezdll@gmail.com>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -200,131 +201,131 @@ where the OS part is overloaded to denote a specific ABI---into GCC
          #:tests? #f
 
          #:phases
-         (alist-cons-before
-          'configure 'pre-configure
-          (lambda* (#:key inputs outputs #:allow-other-keys)
-            (let ((libdir ,(libdir))
-                  (libc   (assoc-ref inputs "libc")))
-              (when libc
-                ;; The following is not performed for `--without-headers'
-                ;; cross-compiler builds.
-
-                ;; Join multi-line definitions of GLIBC_DYNAMIC_LINKER* into a
-                ;; single line, to allow the next step to work properly.
-                (for-each
-                 (lambda (x)
-                   (substitute* (find-files "gcc/config"
-                                            "^(linux|gnu|sysv4)(64|-elf|-eabi)?\\.h$")
-                     (("(#define (GLIBC|GNU_USER)_DYNAMIC_LINKER.*)\\\\\n$" _ line)
-                      line)))
-                 '(1 2 3))
-
-                ;; Fix the dynamic linker's file name.
-                (substitute* (find-files "gcc/config"
-                                         "^(linux|gnu|sysv4)(64|-elf|-eabi)?\\.h$")
-                  (("#define (GLIBC|GNU_USER)_DYNAMIC_LINKER([^ \t]*).*$"
-                    _ gnu-user suffix)
-                   (format #f "#define ~a_DYNAMIC_LINKER~a \"~a\"~%"
-                           gnu-user suffix
-                           (string-append libc ,(glibc-dynamic-linker)))))
-
-                ;; Tell where to find libstdc++, libc, and `?crt*.o', except
-                ;; `crt{begin,end}.o', which come with GCC.
-                (substitute* (find-files "gcc/config"
-                                         "^gnu-user.*\\.h$")
-                  (("#define GNU_USER_TARGET_LIB_SPEC (.*)$" _ suffix)
-                   ;; Help libgcc_s.so be found (see also below.)  Always use
-                   ;; '-lgcc_s' so that libgcc_s.so is always found by those
-                   ;; programs that use 'pthread_cancel' (glibc dlopens
-                   ;; libgcc_s.so when pthread_cancel support is needed, but
-                   ;; having it in the application's RUNPATH isn't enough; see
-                   ;; <http://sourceware.org/ml/libc-help/2013-11/msg00023.html>.)
-                   ;;
-                   ;; NOTE: The '-lgcc_s' added below needs to be removed in a
-                   ;; later phase of %gcc-static.  If you change the string
-                   ;; below, make sure to update the relevant code in
-                   ;; %gcc-static package as needed.
-                   (format #f "#define GNU_USER_TARGET_LIB_SPEC \
+         (modify-phases %standard-phases
+           (add-before 'configure 'pre-configure
+             (lambda* (#:key inputs outputs #:allow-other-keys)
+               (let ((libdir ,(libdir))
+                     (libc   (assoc-ref inputs "libc")))
+                 (when libc
+                       ;; The following is not performed for `--without-headers'
+                       ;; cross-compiler builds.
+
+                       ;; Join multi-line definitions of GLIBC_DYNAMIC_LINKER* into a
+                       ;; single line, to allow the next step to work properly.
+                       (for-each
+                        (lambda (x)
+                          (substitute* (find-files "gcc/config"
+                                                   "^(linux|gnu|sysv4)(64|-elf|-eabi)?\\.h$")
+                            (("(#define (GLIBC|GNU_USER)_DYNAMIC_LINKER.*)\\\\\n$" _ line)
+                             line)))
+                        '(1 2 3))
+
+                       ;; Fix the dynamic linker's file name.
+                       (substitute* (find-files "gcc/config"
+                                                "^(linux|gnu|sysv4)(64|-elf|-eabi)?\\.h$")
+                         (("#define (GLIBC|GNU_USER)_DYNAMIC_LINKER([^ \t]*).*$"
+                           _ gnu-user suffix)
+                          (format #f "#define ~a_DYNAMIC_LINKER~a \"~a\"~%"
+                                  gnu-user suffix
+                                  (string-append libc ,(glibc-dynamic-linker)))))
+
+                       ;; Tell where to find libstdc++, libc, and `?crt*.o', except
+                       ;; `crt{begin,end}.o', which come with GCC.
+                       (substitute* (find-files "gcc/config"
+                                                "^gnu-user.*\\.h$")
+                         (("#define GNU_USER_TARGET_LIB_SPEC (.*)$" _ suffix)
+                          ;; Help libgcc_s.so be found (see also below.)  Always use
+                          ;; '-lgcc_s' so that libgcc_s.so is always found by those
+                          ;; programs that use 'pthread_cancel' (glibc dlopens
+                          ;; libgcc_s.so when pthread_cancel support is needed, but
+                          ;; having it in the application's RUNPATH isn't enough; see
+                          ;; <http://sourceware.org/ml/libc-help/2013-11/msg00023.html>.)
+                          ;;
+                          ;; NOTE: The '-lgcc_s' added below needs to be removed in a
+                          ;; later phase of %gcc-static.  If you change the string
+                          ;; below, make sure to update the relevant code in
+                          ;; %gcc-static package as needed.
+                          (format #f "#define GNU_USER_TARGET_LIB_SPEC \
 \"-L~a/lib %{!static:-rpath=~a/lib %{!static-libgcc:-rpath=~a/lib -lgcc_s}} \" ~a"
-                           libc libc libdir suffix))
-                  (("#define GNU_USER_TARGET_STARTFILE_SPEC.*$" line)
-                   (format #f "#define STANDARD_STARTFILE_PREFIX_1 \"~a/lib\"
+                                  libc libc libdir suffix))
+                         (("#define GNU_USER_TARGET_STARTFILE_SPEC.*$" line)
+                          (format #f "#define STANDARD_STARTFILE_PREFIX_1 \"~a/lib\"
 #define STANDARD_STARTFILE_PREFIX_2 \"\"
 ~a"
-                           libc line)))
-
-              ;; The rs6000 (a.k.a. powerpc) config in GCC does not use
-              ;; GNU_USER_* defines.  Do the above for this case.
-              (substitute*
-                  "gcc/config/rs6000/sysv4.h"
-                (("#define LIB_LINUX_SPEC (.*)$" _ suffix)
-                 (format #f "#define LIB_LINUX_SPEC \
+                                  libc line)))
+
+                       ;; The rs6000 (a.k.a. powerpc) config in GCC does not use
+                       ;; GNU_USER_* defines.  Do the above for this case.
+                       (substitute*
+                           "gcc/config/rs6000/sysv4.h"
+                         (("#define LIB_LINUX_SPEC (.*)$" _ suffix)
+                          (format #f "#define LIB_LINUX_SPEC \
 \"-L~a/lib %{!static:-rpath=~a/lib %{!static-libgcc:-rpath=~a/lib -lgcc_s}} \" ~a"
-                         libc libc libdir suffix))
-                (("#define	STARTFILE_LINUX_SPEC.*$" line)
-                 (format #f "#define STANDARD_STARTFILE_PREFIX_1 \"~a/lib\"
+                                  libc libc libdir suffix))
+                         (("#define	STARTFILE_LINUX_SPEC.*$" line)
+                          (format #f "#define STANDARD_STARTFILE_PREFIX_1 \"~a/lib\"
 #define STANDARD_STARTFILE_PREFIX_2 \"\"
 ~a"
-                         libc line))))
-
-              ;; Don't retain a dependency on the build-time sed.
-              (substitute* "fixincludes/fixincl.x"
-                (("static char const sed_cmd_z\\[\\] =.*;")
-                 "static char const sed_cmd_z[] = \"sed\";"))
-
-              ;; Aarch64 support didn't land in GCC until the 4.8 series.
-              (when (file-exists? "gcc/config/aarch64")
-                ;; Force Aarch64 libdir to be /lib and not /lib64
-                (substitute* "gcc/config/aarch64/t-aarch64-linux"
-                  (("lib64") "lib")))
-
-              (when (file-exists? "libbacktrace")
-                ;; GCC 4.8+ comes with libbacktrace.  By default it builds
-                ;; with -Werror, which fails with a -Wcast-qual error in glibc
-                ;; 2.21's stdlib-bsearch.h.  Remove -Werror.
-                (substitute* "libbacktrace/configure"
-                  (("WARN_FLAGS=(.*)-Werror" _ flags)
-                   (string-append "WARN_FLAGS=" flags)))
-
-                (when (file-exists? "libsanitizer/libbacktrace")
-                  ;; Same in libsanitizer's bundled copy (!) found in 4.9+.
-                  (substitute* "libsanitizer/libbacktrace/Makefile.in"
-                    (("-Werror")
-                     ""))))
-
-              ;; Add a RUNPATH to libstdc++.so so that it finds libgcc_s.
-              ;; See <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=32354>
-              ;; and <http://bugs.gnu.org/20358>.
-              (substitute* "libstdc++-v3/src/Makefile.in"
-                (("^OPT_LDFLAGS = ")
-                 "OPT_LDFLAGS = -Wl,-rpath=$(libdir) "))
-
-              ;; Move libstdc++*-gdb.py to the "lib" output to avoid a
-              ;; circularity between "out" and "lib".  (Note:
-              ;; --with-python-dir is useless because it imposes $(prefix) as
-              ;; the parent directory.)
-              (substitute* "libstdc++-v3/python/Makefile.in"
-                (("pythondir = .*$")
-                 (string-append "pythondir = " libdir "/share"
-                                "/gcc-$(gcc_version)/python\n")))
-
-              ;; Avoid another circularity between the outputs: this #define
-              ;; ends up in auto-host.h in the "lib" output, referring to
-              ;; "out".  (This variable is used to augment cpp's search path,
-              ;; but there's nothing useful to look for here.)
-              (substitute* "gcc/config.in"
-                (("PREFIX_INCLUDE_DIR")
-                 "PREFIX_INCLUDE_DIR_isnt_necessary_here"))))
-
-          (alist-cons-after
-           'configure 'post-configure
-           (lambda _
-             ;; Don't store configure flags, to avoid retaining references to
-             ;; build-time dependencies---e.g., `--with-ppl=/gnu/store/xxx'.
-             (substitute* "Makefile"
-               (("^TOPLEVEL_CONFIGURE_ARGUMENTS=(.*)$" _ rest)
-                "TOPLEVEL_CONFIGURE_ARGUMENTS=\n")))
-           %standard-phases))))
+                                  libc line))))
+
+                 ;; Don't retain a dependency on the build-time sed.
+                 (substitute* "fixincludes/fixincl.x"
+                   (("static char const sed_cmd_z\\[\\] =.*;")
+                    "static char const sed_cmd_z[] = \"sed\";"))
+
+                 ;; Aarch64 support didn't land in GCC until the 4.8 series.
+                 (when (file-exists? "gcc/config/aarch64")
+                       ;; Force Aarch64 libdir to be /lib and not /lib64
+                       (substitute* "gcc/config/aarch64/t-aarch64-linux"
+                         (("lib64") "lib")))
+
+                 (when (file-exists? "libbacktrace")
+                       ;; GCC 4.8+ comes with libbacktrace.  By default it builds
+                       ;; with -Werror, which fails with a -Wcast-qual error in glibc
+                       ;; 2.21's stdlib-bsearch.h.  Remove -Werror.
+                       (substitute* "libbacktrace/configure"
+                         (("WARN_FLAGS=(.*)-Werror" _ flags)
+                          (string-append "WARN_FLAGS=" flags)))
+
+                       (when (file-exists? "libsanitizer/libbacktrace")
+                             ;; Same in libsanitizer's bundled copy (!) found in 4.9+.
+                             (substitute* "libsanitizer/libbacktrace/Makefile.in"
+                               (("-Werror")
+                                ""))))
+
+                 ;; Add a RUNPATH to libstdc++.so so that it finds libgcc_s.
+                 ;; See <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=32354>
+                 ;; and <http://bugs.gnu.org/20358>.
+                 (substitute* "libstdc++-v3/src/Makefile.in"
+                   (("^OPT_LDFLAGS = ")
+                    "OPT_LDFLAGS = -Wl,-rpath=$(libdir) "))
+
+                 ;; Move libstdc++*-gdb.py to the "lib" output to avoid a
+                 ;; circularity between "out" and "lib".  (Note:
+                 ;; --with-python-dir is useless because it imposes $(prefix) as
+                 ;; the parent directory.)
+                 (substitute* "libstdc++-v3/python/Makefile.in"
+                   (("pythondir = .*$")
+                    (string-append "pythondir = " libdir "/share"
+                                   "/gcc-$(gcc_version)/python\n")))
+
+                 ;; Avoid another circularity between the outputs: this #define
+                 ;; ends up in auto-host.h in the "lib" output, referring to
+                 ;; "out".  (This variable is used to augment cpp's search path,
+                 ;; but there's nothing useful to look for here.)
+                 (substitute* "gcc/config.in"
+                   (("PREFIX_INCLUDE_DIR")
+                    "PREFIX_INCLUDE_DIR_isnt_necessary_here"))
+                 #t)))
+
+           (add-after 'configure 'post-configure
+             (lambda _
+               ;; Don't store configure flags, to avoid retaining references to
+               ;; build-time dependencies---e.g., `--with-ppl=/gnu/store/xxx'.
+               (substitute* "Makefile"
+                 (("^TOPLEVEL_CONFIGURE_ARGUMENTS=(.*)$" _ rest)
+                  "TOPLEVEL_CONFIGURE_ARGUMENTS=\n"))
+               #t)))))
 
       (native-search-paths
        ;; Use the language-specific variables rather than 'CPATH' because they
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 0561387931..6cad2ba93b 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -43,14 +44,13 @@
 (define-public lcms
   (package
    (name "lcms")
-   (version "2.8")
+   (version "2.9")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://sourceforge/lcms/lcms/" version
                                 "/lcms2-" version ".tar.gz"))
-            (patches (search-patches "lcms-CVE-2016-10165.patch"))
             (sha256 (base32
-                     "08pvl289g0mbznzx5l6ibhaldsgx41kwvdn2c974ga9fkli2pl36"))))
+                     "083xisy6z01zhm7p7rgk4bx9d6zlr8l20qkfv1g29ylnhgwzvij8"))))
    (build-system gnu-build-system)
    (inputs `(("libjpeg-8" ,libjpeg-8)
              ("libtiff" ,libtiff)
diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm
index d32472b85e..bc449e1f71 100644
--- a/gnu/packages/glib.scm
+++ b/gnu/packages/glib.scm
@@ -77,7 +77,7 @@
 (define dbus
   (package
     (name "dbus")
-    (version "1.12.2")
+    (version "1.12.4")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -85,7 +85,7 @@
                     version ".tar.gz"))
               (sha256
                (base32
-                "121xm3cy48vbv6nv522lfkk4zyiqc1g6v4lb3344gc3h2w4vaar7"))
+                "1ir18a4xg96mfim1z81ljmpb0k0bwhg1kwgwvbi5l1k8xil6nxgr"))
               (patches (search-patches "dbus-helper-search-path.patch"))))
     (build-system gnu-build-system)
     (arguments
@@ -147,7 +147,7 @@ shared NFS home directories.")
 (define glib
   (package
    (name "glib")
-   (version "2.54.2")
+   (version "2.54.3")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/"
@@ -155,7 +155,7 @@ shared NFS home directories.")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "0v4ffl172kbqgxrhgxyafhpw36bq3iklb2zjqyl6jcfkmb2yb2dv"))
+              "1a60p9m493mvm42rskg8ifr0jmsbr8arzyqx73jshgfwhmkdqgwn"))
             (patches (search-patches "glib-respect-datadir.patch"
                                      "glib-tests-timer.patch"))))
    (build-system gnu-build-system)
@@ -368,13 +368,14 @@ bindings to call into the C library.")
        ("perl-xml-parser" ,perl-xml-parser)
        ("perl" ,perl)))
     (arguments
-     `(#:phases (alist-cons-after
-                 'unpack 'patch-file-references
-                 (lambda* (#:key inputs #:allow-other-keys)
-                   (let ((file (assoc-ref inputs "file")))
-                     (substitute* "intltool-update.in"
-                       (("`file") (string-append "`" file "/bin/file")))))
-                 %standard-phases)))
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-file-references
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let ((file (assoc-ref inputs "file")))
+               (substitute* "intltool-update.in"
+                 (("`file") (string-append "`" file "/bin/file")))
+               #t))))))
     (home-page "https://launchpad.net/intltool/+download")
     (synopsis "Tools to centralise translations of different file formats")
     (description
diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 29bfc8199f..3b25bce661 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -198,6 +198,7 @@ authentication and support for SSL3 and TLS.")
               "doc"))                             ; 1.5 MiB of man3 pages
    (inputs `(("gnutls" ,gnutls/dane)
              ("libidn" ,libidn)
+             ("nghttp2" ,nghttp2 "lib")
              ("zlib" ,zlib)))
    (native-inputs
     `(("libtool" ,libtool)
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index eeab5c5afd..77f5771298 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -92,14 +92,14 @@ Daemon and possibly more in the future.")
 (define-public libgcrypt
   (package
     (name "libgcrypt")
-    (version "1.8.1")
+    (version "1.8.2")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
                                  version ".tar.bz2"))
              (sha256
               (base32
-               "1cvqd9jk5qshbh48yh3ixw4zyr4n5k50r3475rrh20xfn7w7aa3s"))))
+               "01sca9m8hm6b5v8hmqsfdjhyz013869p1f0fxw9ln52qfnp4q1n8"))))
     (build-system gnu-build-system)
     (propagated-inputs
      `(("libgpg-error-host" ,libgpg-error)))
diff --git a/gnu/packages/graphviz.scm b/gnu/packages/graphviz.scm
index 2fefb41c0a..5f236498b8 100644
--- a/gnu/packages/graphviz.scm
+++ b/gnu/packages/graphviz.scm
@@ -3,7 +3,7 @@
 ;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Theodoros Foradis <theodoros@foradis.org>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Gábor Boskovits <boskovits@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -148,11 +148,12 @@ visualization tool suite.")
                "07mqx09jxh8cv9753y2d2jsv7wp8vjmrd7zcfpbrddz3wc9kx705"))))
     (build-system gnu-build-system)
     (arguments
-     '(#:phases (alist-cons-before
-                 'check 'pre-check
-                 (lambda _
-                   (chmod "test/boolean/test.sh" #o777))
-                 %standard-phases)
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-before 'check 'pre-check
+           (lambda _
+             (chmod "test/boolean/test.sh" #o777)
+             #t)))
 
        ;; Some data files used by the test suite are missing.
        ;; See <http://sourceforge.net/p/gts/bugs/41/>.
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index 2939e4f648..d83a5227f0 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -53,6 +53,7 @@
   #:use-module (gnu packages enchant)
   #:use-module (gnu packages fontutils)
   #:use-module (gnu packages freedesktop)
+  #:use-module (gnu packages fribidi)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages ghostscript)
   #:use-module (gnu packages gl)
@@ -173,7 +174,7 @@ affine transformation (scale, rotation, shear, etc.).")
 (define-public harfbuzz
   (package
    (name "harfbuzz")
-   (version "1.7.3")
+   (version "1.7.5")
    (source (origin
              (method url-fetch)
              (uri (string-append "https://www.freedesktop.org/software/"
@@ -181,7 +182,7 @@ affine transformation (scale, rotation, shear, etc.).")
                                  version ".tar.bz2"))
              (sha256
               (base32
-               "1zh5n3q3mb6y6kr5m7zz1ags9z1vjwai57d6warx8qhzfrwn8lyd"))))
+               "0qwmybi6x27zz1bj6ccay653dh35jqq0asgvp166kjk53wdlwmw4"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "bin")) ; 160K, only hb-view depend on cairo
@@ -211,7 +212,7 @@ affine transformation (scale, rotation, shear, etc.).")
 (define-public pango
   (package
    (name "pango")
-   (version "1.40.14")
+   (version "1.41.1")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/pango/"
@@ -219,13 +220,14 @@ affine transformation (scale, rotation, shear, etc.).")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "1qqpd8x1pl483ynj3mc5q4n8y2pxqhg2bv19vd94r7mzlzm1pbwh"))))
+              "1hxbwb9aak6m85i4kimsgq46nd3b68r6432xjna94a97ab7s8lqk"))))
    (build-system gnu-build-system)
    (propagated-inputs
     `(("cairo" ,cairo)
       ("harfbuzz" ,harfbuzz)))
    (inputs
-    `(("zlib" ,zlib)
+    `(("fribidi" ,fribidi)
+      ("zlib" ,zlib)
 
       ;; Some packages, such as Openbox, expect Pango to be built with the
       ;; optional libxft support.
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index 5dc66c1625..1025ea48ad 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -15,7 +15,7 @@
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;; Copyright © 2017 Theodoros Foradis <theodoros@foradis.org>
 ;;; Copyright © 2017 ng0 <ng0@infotropique.org>
-;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Maxim Cournoyer <maxim.cournoyer@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -183,23 +183,24 @@ without requiring the source code to be rewritten.")
    (outputs '("out" "debug"))
 
    (arguments
-    `(#:configure-flags '("--disable-static")     ;saves 3MiB
-      #:phases (alist-cons-before
-                'configure 'pre-configure
-                (lambda* (#:key inputs #:allow-other-keys)
-                  ;; Tell (ice-9 popen) the file name of Bash.
-                  (let ((bash (assoc-ref inputs "bash")))
-                    (substitute* "module/ice-9/popen.scm"
-                      ;; If bash is #f allow fallback for user to provide
-                      ;; "bash" in PATH.  This happens when cross-building to
-                      ;; MinGW for which we do not have Bash yet.
-                      (("/bin/sh")
-                       ,@(if (target-mingw?)
-                             '((if bash
-                                   (string-append bash "/bin/bash")
-                                   "bash"))
-                             '((string-append bash "/bin/bash")))))))
-                %standard-phases)))
+    `(#:configure-flags '("--disable-static") ; saves 3 MiB
+      #:phases
+      (modify-phases %standard-phases
+        (add-before 'configure 'pre-configure
+          (lambda* (#:key inputs #:allow-other-keys)
+            ;; Tell (ice-9 popen) the file name of Bash.
+            (let ((bash (assoc-ref inputs "bash")))
+              (substitute* "module/ice-9/popen.scm"
+                ;; If bash is #f allow fallback for user to provide
+                ;; "bash" in PATH.  This happens when cross-building to
+                ;; MinGW for which we do not have Bash yet.
+                (("/bin/sh")
+                 ,@(if (target-mingw?)
+                       '((if bash
+                             (string-append bash "/bin/bash")
+                             "bash"))
+                       '((string-append bash "/bin/bash")))))
+              #t))))))
 
    (native-search-paths
     (list (search-path-specification
diff --git a/gnu/packages/indent.scm b/gnu/packages/indent.scm
index 4950a26121..3465d63c01 100644
--- a/gnu/packages/indent.scm
+++ b/gnu/packages/indent.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -36,15 +37,16 @@
                      "0f9655vqdvfwbxvs1gpa7py8k1z71aqh8hp73f65vazwbfz436wa"))))
    (build-system gnu-build-system)
    (arguments
-    `(#:phases (alist-cons-after
-                'unpack 'fix-docdir
-                (lambda _
-                  ;; Although indent uses a modern autoconf in which docdir
-                  ;; defaults to PREFIX/share/doc, the doc/Makefile.am
-                  ;; overrides this to be in PREFIX/doc.  Fix this.
-                  (substitute* "doc/Makefile.in"
-                    (("^docdir = .*$") "docdir = @docdir@\n")))
-                %standard-phases)))
+    `(#:phases
+      (modify-phases %standard-phases
+        (add-after 'unpack 'fix-docdir
+          (lambda _
+            ;; Although indent uses a modern autoconf in which docdir
+            ;; defaults to PREFIX/share/doc, the doc/Makefile.am
+            ;; overrides this to be in PREFIX/doc.  Fix this.
+            (substitute* "doc/Makefile.in"
+              (("^docdir = .*$") "docdir = @docdir@\n"))
+            #t)))))
    (synopsis "Code reformatter")
    (description
     "Indent is a program that makes source code easier to read by
diff --git a/gnu/packages/less.scm b/gnu/packages/less.scm
index 0aa4665840..2827951280 100644
--- a/gnu/packages/less.scm
+++ b/gnu/packages/less.scm
@@ -26,7 +26,7 @@
 (define-public less
   (package
     (name "less")
-    (version "487")
+    (version "530")
     (source
      (origin
       (method url-fetch)
@@ -34,7 +34,7 @@
                           version ".tar.gz"))
       (sha256
        (base32
-        "01i7n6jaxwmww3pasy3hg38zc6x7jw0w05mqqvh6caqbrdaq9p7k"))))
+        "1qpj2z38c53qmvqn8jaa0kq26q989cfbfjj4y0s6z17l1amr2gsh"))))
     (build-system gnu-build-system)
     (inputs `(("ncurses" ,ncurses)))
     (home-page "https://www.gnu.org/software/less/")
diff --git a/gnu/packages/libbsd.scm b/gnu/packages/libbsd.scm
index 3bfa2a3fec..58b0be872c 100644
--- a/gnu/packages/libbsd.scm
+++ b/gnu/packages/libbsd.scm
@@ -25,14 +25,14 @@
 (define-public libbsd
   (package
     (name "libbsd")
-    (version "0.8.3")
+    (version "0.8.7")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://libbsd.freedesktop.org/releases/"
                                   "libbsd-" version ".tar.xz"))
               (sha256
                (base32
-                "1a1l7afchlvvj2zfi7ajcg26bbkh5i98y2v5h9j5p1px9m7n6jwk"))))
+                "0c9bl49zs0xdddcwj5dh0lay9sxi2m1yi74848g8p87mb87g2j7m"))))
     (build-system gnu-build-system)
     (synopsis "Utility functions from BSD systems")
     (description "This library provides useful functions commonly found on BSD
diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm
index 9d96e651ac..7caaa84daf 100644
--- a/gnu/packages/libevent.scm
+++ b/gnu/packages/libevent.scm
@@ -121,14 +121,14 @@ limited support for fork events.")
 (define-public libuv
   (package
     (name "libuv")
-    (version "1.18.0")
+    (version "1.19.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://dist.libuv.org/dist/v" version
                                   "/libuv-v" version ".tar.gz"))
               (sha256
                (base32
-                "125bzmzc32m52hd9iv8jvjlc7r3gadxgvp31a2fz2wlil16p7r2l"))))
+                "0y78029vhfhjwpbwg9c0p8ih8489azpfa9sjnzj2bksf6r29kv9j"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases (modify-phases %standard-phases
@@ -136,7 +136,7 @@ limited support for fork events.")
                     (lambda _
                       ;; Fashionable people don't run 'make dist' these days, so
                       ;; we need to do that ourselves.
-                      (zero? (system* "sh" "autogen.sh")))))
+                      (invoke "sh" "autogen.sh"))))
 
        ;; XXX: Some tests want /dev/tty, attempt to make connections, etc.
        #:tests? #f))
diff --git a/gnu/packages/libffi.scm b/gnu/packages/libffi.scm
index 948dabb41e..d55e7aec3d 100644
--- a/gnu/packages/libffi.scm
+++ b/gnu/packages/libffi.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016, 2017 Ben Woodcroft <donttrustben@gmail.com>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -35,29 +36,28 @@
   #:use-module (guix build-system ruby))
 
 (define-public libffi
-  (let ((post-install-phase
-         ;; Keep headers where libffi.pc expects them, but also make them
-         ;; available in $includedir where some users expect them.
-         '(lambda* (#:key outputs #:allow-other-keys)
-            (define out (assoc-ref outputs "out"))
-            (symlink (string-append out "/lib/libffi-3.2.1/include")
-                     (string-append out "/include")))))
-   (package
+  (package
     (name "libffi")
     (version "3.2.1")
     (source (origin
-             (method url-fetch)
-             (uri
-              (string-append "ftp://sourceware.org/pub/libffi/"
-                             name "-" version ".tar.gz"))
-             (sha256
-              (base32
-               "0dya49bnhianl0r65m65xndz6ls2jn1xngyn72gd28ls3n7bnvnh"))
-             (patches (search-patches "libffi-3.2.1-complex-alpha.patch"))))
+              (method url-fetch)
+              (uri
+               (string-append "ftp://sourceware.org/pub/libffi/"
+                              name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0dya49bnhianl0r65m65xndz6ls2jn1xngyn72gd28ls3n7bnvnh"))
+              (patches (search-patches "libffi-3.2.1-complex-alpha.patch"))))
     (build-system gnu-build-system)
-    (arguments `(#:phases (alist-cons-after 'install 'post-install
-                                            ,post-install-phase
-                                            %standard-phases)))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'post-install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (define out (assoc-ref outputs "out"))
+             (symlink (string-append out "/lib/libffi-3.2.1/include")
+                      (string-append out "/include"))
+             #t)))))
     (outputs '("out" "debug"))
     (synopsis "Foreign function call interface library")
     (description
@@ -74,7 +74,7 @@ conversions for values passed between the two languages.")
     (home-page "http://sources.redhat.com/libffi/")
 
     ;; See <https://github.com/atgreen/libffi/blob/master/LICENSE>.
-    (license expat))))
+    (license expat)))
 
 (define-public python-cffi
   (package
diff --git a/gnu/packages/libsigsegv.scm b/gnu/packages/libsigsegv.scm
index 2a44819820..7f63bb26c4 100644
--- a/gnu/packages/libsigsegv.scm
+++ b/gnu/packages/libsigsegv.scm
@@ -26,14 +26,14 @@
 (define-public libsigsegv
   (package
    (name "libsigsegv")
-   (version "2.11")
+   (version "2.12")
    (source (origin
             (method url-fetch)
             (uri (string-append
                   "mirror://gnu/libsigsegv/libsigsegv-"
                   version ".tar.gz"))
             (sha256
-             (base32 "063swdvq7mbmc1clv0rnh20grwln1zfc2qnm0sa1hivcxyr2wz6x"))))
+             (base32 "1dlhqf4igzpqayms25lkhycjq1ccavisx8cnb3y4zapbkqsszq9s"))))
    (build-system gnu-build-system)
    (home-page "https://www.gnu.org/software/libsigsegv/")
    (synopsis "Library for handling page faults")
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 6f0ef369f7..a752fcf1b4 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -547,7 +547,7 @@ providing the system administrator with some help in common tasks.")
 (define-public util-linux
   (package
     (name "util-linux")
-    (version "2.31")
+    (version "2.31.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://kernel.org/linux/utils/"
@@ -555,7 +555,7 @@ providing the system administrator with some help in common tasks.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "12nw108xjhm63sh2n5a0qs33vpvbvb6rln96l9j50p7wykf7rgpr"))
+                "04fzrnrr3pvqskvjn9f81y0knh0jvvqx4lmbz5pd4lfdm5pv2l8s"))
               (patches (search-patches "util-linux-tests.patch"))
               (modules '((guix build utils)))
               (snippet
@@ -1936,7 +1936,7 @@ to use Linux' inotify mechanism, which allows file accesses to be monitored.")
 (define-public kmod
   (package
     (name "kmod")
-    (version "24")
+    (version "25")
     (source (origin
               (method url-fetch)
               (uri
@@ -1944,7 +1944,7 @@ to use Linux' inotify mechanism, which allows file accesses to be monitored.")
                               "kmod-" version ".tar.xz"))
               (sha256
                (base32
-                "15xkkkzvca9flvkm48gkh8y8f13vlm3sl7nz9ydc7b3jy4fqs2v1"))
+                "1kgixs4m3jvwk7fb3d18n6j77qhgi9qfv4csj35rs5ancr4ycrbi"))
               (patches (search-patches "kmod-module-directory.patch"))))
     (build-system gnu-build-system)
     (native-inputs
@@ -1953,19 +1953,20 @@ to use Linux' inotify mechanism, which allows file accesses to be monitored.")
      `(("xz" ,xz)
        ("zlib" ,zlib)))
     (arguments
-     `(#:tests? #f ; FIXME: Investigate test failures
+     `(#:tests? #f                      ; FIXME: Investigate test failures
        #:configure-flags '("--with-xz" "--with-zlib")
-       #:phases (alist-cons-after
-                 'install 'install-modprobe&co
-                 (lambda* (#:key outputs #:allow-other-keys)
-                   (let* ((out (assoc-ref outputs "out"))
-                          (bin (string-append out "/bin")))
-                     (for-each (lambda (tool)
-                                 (symlink "kmod"
-                                          (string-append bin "/" tool)))
-                               '("insmod" "rmmod" "lsmod" "modprobe"
-                                 "modinfo" "depmod"))))
-                 %standard-phases)))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'install-modprobe&co
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin")))
+               (for-each (lambda (tool)
+                           (symlink "kmod"
+                                    (string-append bin "/" tool)))
+                         '("insmod" "rmmod" "lsmod" "modprobe"
+                           "modinfo" "depmod"))
+               #t))))))
     (home-page "https://www.kernel.org/")
     (synopsis "Kernel module tools")
     (description "Kmod is a set of tools to handle common tasks with Linux
@@ -1981,7 +1982,7 @@ from the module-init-tools project.")
   ;; The post-systemd fork, maintained by Gentoo.
   (package
     (name "eudev")
-    (version "3.2.4")
+    (version "3.2.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/gentoo/eudev/archive/v"
@@ -1989,7 +1990,7 @@ from the module-init-tools project.")
               (file-name (string-append name "-" version ".zip"))
               (sha256
                (base32
-                "1r1ag0snarygrj5qqxi2xdq9w6g3sfjd5jx1b0fl7zmqlsz3vvxx"))
+                "0c9l3m3mr1nvrvlcnzh5gjdg9p9k7hh0jk04wh596cbmbass2nhd"))
               (patches (search-patches "eudev-rules-directory.patch"))))
     (build-system gnu-build-system)
     (arguments
diff --git a/gnu/packages/m4.scm b/gnu/packages/m4.scm
index 32e7c2ae42..b223ce91d1 100644
--- a/gnu/packages/m4.scm
+++ b/gnu/packages/m4.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -40,18 +41,19 @@
       ;; proceeds and fails, unsurprisingly.
       #:tests? ,(not (%current-target-system))
 
-      #:phases (alist-cons-before
-                'check 'pre-check
-                (lambda* (#:key inputs #:allow-other-keys)
-                  ;; Fix references to /bin/sh.
-                  (let ((bash (assoc-ref inputs "bash")))
-                    (for-each patch-shebang
-                              (find-files "tests" "\\.sh$"))
-                    (substitute* (find-files "tests"
-                                             "posix_spawn")
-                      (("/bin/sh")
-                       (format #f "~a/bin/sh" bash)))))
-                %standard-phases)))
+      #:phases
+      (modify-phases %standard-phases
+        (add-before 'check 'pre-check
+          (lambda* (#:key inputs #:allow-other-keys)
+            ;; Fix references to /bin/sh.
+            (let ((bash (assoc-ref inputs "bash")))
+              (for-each patch-shebang
+                        (find-files "tests" "\\.sh$"))
+              (substitute* (find-files "tests"
+                                       "posix_spawn")
+                (("/bin/sh")
+                 (format #f "~a/bin/sh" bash)))
+              #t))))))
    (synopsis "Macro processor")
    (description
     "GNU M4 is an implementation of the M4 macro language, which features
diff --git a/gnu/packages/make-bootstrap.scm b/gnu/packages/make-bootstrap.scm
index 07ac93686a..e56ac937cb 100644
--- a/gnu/packages/make-bootstrap.scm
+++ b/gnu/packages/make-bootstrap.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -143,24 +144,24 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
                  (arguments
                   (substitute-keyword-arguments (package-arguments bzip2)
                     ((#:phases phases)
-                     `(alist-cons-before
-                       'build 'dash-static
-                       (lambda _
-                         (substitute* "Makefile"
-                           (("^LDFLAGS[[:blank:]]*=.*$")
-                            "LDFLAGS = -static")))
-                       ,phases))))))
+                     `(modify-phases ,phases
+                        (add-before 'build 'dash-static
+                          (lambda _
+                            (substitute* "Makefile"
+                              (("^LDFLAGS[[:blank:]]*=.*$")
+                               "LDFLAGS = -static"))
+                            #t))))))))
         (xz (package (inherit xz)
               (arguments
                `(#:strip-flags '("--strip-all")
-                 #:phases (alist-cons-before
-                           'configure 'static-executable
-                           (lambda _
-                             ;; Ask Libtool for a static executable.
-                             (substitute* "src/xz/Makefile.in"
-                               (("^xz_LDADD =")
-                                "xz_LDADD = -all-static")))
-                           %standard-phases)))))
+                 #:phases (modify-phases %standard-phases
+                            (add-before 'configure 'static-executable
+                              (lambda _
+                                ;; Ask Libtool for a static executable.
+                                (substitute* "src/xz/Makefile.in"
+                                  (("^xz_LDADD =")
+                                   "xz_LDADD = -all-static"))
+                                #t)))))))
         (gawk (package (inherit gawk)
                 (source (origin (inherit (package-source gawk))
                           (patches (cons (search-patch "gawk-shell.patch")
@@ -175,14 +176,14 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
 
                    ,@(substitute-keyword-arguments (package-arguments gawk)
                        ((#:phases phases)
-                        `(alist-cons-before
-                          'configure 'no-export-dynamic
-                          (lambda _
-                            ;; Since we use `-static', remove
-                            ;; `-export-dynamic'.
-                            (substitute* "configure"
-                              (("-Wl,-export-dynamic") "")))
-                          ,phases)))))
+                        `(modify-phases ,phases
+                           (add-before 'configure 'no-export-dynamic
+                             (lambda _
+                               ;; Since we use `-static', remove
+                               ;; `-export-dynamic'.
+                               (substitute* "configure"
+                                 (("-Wl,-export-dynamic") ""))
+                               #t)))))))
                 (inputs (if (%current-target-system)
                             `(("bash" ,static-bash))
                             '()))))
@@ -304,19 +305,19 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
                                   ((#:configure-flags flags _ ...)
                                    flags)))
        #:strip-flags '("--strip-all")
-       #:phases (alist-cons-before
-                 'configure 'all-static
-                 (lambda _
-                   ;; The `-all-static' libtool flag can only be passed
-                   ;; after `configure', since configure tests don't use
-                   ;; libtool, and only for executables built with libtool.
-                   (substitute* '("binutils/Makefile.in"
-                                  "gas/Makefile.in"
-                                  "ld/Makefile.in")
-                     (("^LDFLAGS =(.*)$" line)
-                      (string-append line
-                                     "\nAM_LDFLAGS = -static -all-static\n"))))
-                 %standard-phases)))))
+       #:phases (modify-phases %standard-phases
+                  (add-before 'configure 'all-static
+                    (lambda _
+                      ;; The `-all-static' libtool flag can only be passed
+                      ;; after `configure', since configure tests don't use
+                      ;; libtool, and only for executables built with libtool.
+                      (substitute* '("binutils/Makefile.in"
+                                     "gas/Makefile.in"
+                                     "ld/Makefile.in")
+                        (("^LDFLAGS =(.*)$" line)
+                         (string-append line
+                                        "\nAM_LDFLAGS = -static -all-static\n")))
+                      #t)))))))
 
 (define %binutils-static-stripped
   ;; The subset of Binutils that we need.
@@ -422,18 +423,18 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
                       (remove (cut string-match "--(.*plugin|enable-languages)" <>)
                               ,flags)))
             ((#:phases phases)
-             `(alist-cons-after
-               'pre-configure 'remove-lgcc_s
-               (lambda _
-                 ;; Remove the '-lgcc_s' added to GNU_USER_TARGET_LIB_SPEC in
-                 ;; the 'pre-configure phase of our main gcc package, because
-                 ;; that shared library is not present in this static gcc.  See
-                 ;; <https://lists.gnu.org/archive/html/guix-devel/2015-01/msg00008.html>.
-                 (substitute* (cons "gcc/config/rs6000/sysv4.h"
-                                    (find-files "gcc/config"
-                                                "^gnu-user.*\\.h$"))
-                   ((" -lgcc_s}}") "}}")))
-               ,phases)))))
+             `(modify-phases ,phases
+                (add-after 'pre-configure 'remove-lgcc_s
+                  (lambda _
+                    ;; Remove the '-lgcc_s' added to GNU_USER_TARGET_LIB_SPEC in
+                    ;; the 'pre-configure phase of our main gcc package, because
+                    ;; that shared library is not present in this static gcc.  See
+                    ;; <https://lists.gnu.org/archive/html/guix-devel/2015-01/msg00008.html>.
+                    (substitute* (cons "gcc/config/rs6000/sysv4.h"
+                                       (find-files "gcc/config"
+                                                   "^gnu-user.*\\.h$"))
+                      ((" -lgcc_s}}") "}}"))
+                    #t)))))))
      (native-inputs
       (if (%current-target-system)
           `(;; When doing a Canadian cross, we need GMP/MPFR/MPC both
diff --git a/gnu/packages/multiprecision.scm b/gnu/packages/multiprecision.scm
index 4bfe0ac563..7a1c0e073b 100644
--- a/gnu/packages/multiprecision.scm
+++ b/gnu/packages/multiprecision.scm
@@ -112,14 +112,14 @@ correct rounding.")
 (define-public mpc
   (package
    (name "mpc")
-   (version "1.0.3")
+   (version "1.1.0")
    (source (origin
             (method url-fetch)
             (uri (string-append
                   "mirror://gnu/mpc/mpc-" version ".tar.gz"))
             (sha256
               (base32
-                "1hzci2zrrd7v3g1jk35qindq05hbl0bhjcyyisq9z209xb3fqzb1"))))
+                "0biwnhjm3rx3hc0rfpvyniky4lpzsvdcwhmcn7f0h4iw2hwcb1b9"))))
    (build-system gnu-build-system)
    (outputs '("out" "debug"))
    (propagated-inputs `(("gmp" ,gmp)              ; <mpc.h> refers to both
diff --git a/gnu/packages/ncurses.scm b/gnu/packages/ncurses.scm
index 548261289e..6bc98b15d8 100644
--- a/gnu/packages/ncurses.scm
+++ b/gnu/packages/ncurses.scm
@@ -40,7 +40,7 @@
 (define-public ncurses
   (package
     (name "ncurses")
-    (version "6.0-20170930")
+    (version "6.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnu/ncurses/ncurses-"
@@ -48,7 +48,7 @@
                                   ".tar.gz"))
               (sha256
                (base32
-                "0q3jck7lna77z5r42f13c4xglc7azd19pxfrjrpgp2yf615w4lgm"))))
+                "05qdmbmrrn88ii9f66rkcmcyzp1kb1ymkx7g040lfkd1nkp7w1da"))))
     (build-system gnu-build-system)
     (outputs '("out"
                "doc"))                ;1 MiB of man pages
@@ -56,7 +56,8 @@
      (let ((patch-makefile-phase
             '(lambda _
                (for-each patch-makefile-SHELL
-                         (find-files "." "Makefile.in"))))
+                         (find-files "." "Makefile.in"))
+               #t))
            (configure-phase
             ;; The 'configure' script does not understand '--docdir', so we must
             ;; override that and use '--mandir' instead.
@@ -64,21 +65,27 @@
                        #:allow-other-keys)
                (let ((out (assoc-ref outputs "out"))
                      (doc (assoc-ref outputs "doc")))
-                 (zero? (apply system* "./configure"
-                               (string-append "SHELL=" (which "sh"))
-                               (string-append "--build=" build)
-                               (string-append "--prefix=" out)
-                               (string-append "--mandir=" doc "/share/man")
-                               (if target
-                                   (cons (string-append "--host=" target)
-                                         configure-flags)
-                                   configure-flags))))))
+                 (apply invoke "./configure"
+                        (string-append "SHELL=" (which "sh"))
+                        (string-append "--build=" build)
+                        (string-append "--prefix=" out)
+                        (string-append "--mandir=" doc "/share/man")
+                        (if target
+                            (cons (string-append "--host=" target)
+                                  configure-flags)
+                            configure-flags))
+                 #t)))
            (apply-rollup-patch-phase
+            ;; Ncurses distributes "stable" patchsets to be applied on top
+            ;; of the release tarball.  These are only available as shell
+            ;; scripts(!) so we decompress and apply them in a phase.
+            ;; See <https://invisible-mirror.net/archives/ncurses/6.1/README>.
             '(lambda* (#:key inputs native-inputs #:allow-other-keys)
                (copy-file (assoc-ref (or native-inputs inputs) "rollup-patch")
                           (string-append (getcwd) "/rollup-patch.sh.bz2"))
-               (and (zero? (system* "bzip2" "-d" "rollup-patch.sh.bz2"))
-                    (zero? (system* "sh" "rollup-patch.sh")))))
+               (invoke "bzip2" "-d" "rollup-patch.sh.bz2")
+               (invoke "sh" "rollup-patch.sh")
+               #t))
            (remove-shebang-phase
             '(lambda _
                ;; To avoid retaining a reference to the bootstrap Bash via the
@@ -149,7 +156,8 @@
                                            (when (file-exists? packagew.pc)
                                              (symlink packagew.pc package.pc))))
                                        '())))
-                             '("curses" "ncurses" "form" "panel" "menu")))))))
+                             '("curses" "ncurses" "form" "panel" "menu")))
+                 #t))))
        `(#:configure-flags
          ,(cons*
            'quasiquote
@@ -174,8 +182,6 @@
               ,@(if (target-mingw?) '("--enable-term-driver") '()))))
          #:tests? #f                  ; no "check" target
          #:phases (modify-phases %standard-phases
-                    (add-after 'unpack 'apply-rollup-patch
-                      ,apply-rollup-patch-phase)
                     (replace 'configure ,configure-phase)
                     (add-after 'install 'post-install
                       ,post-install-phase)
@@ -185,22 +191,7 @@
                       ,remove-shebang-phase)))))
     (self-native-input? #t)           ; for `tic'
     (native-inputs
-     `(("pkg-config" ,pkg-config)
-
-       ;; Ncurses distributes "stable" patchsets to be applied on top
-       ;; of the release tarball.  These are only available as shell
-       ;; scripts(!) so we decompress and apply them in a phase.
-       ;; See <https://invisible-mirror.net/archives/ncurses/6.0/README>.
-       ("rollup-patch"
-        ,(origin
-           (method url-fetch)
-           (uri (string-append
-                 "https://invisible-mirror.net/archives/ncurses/"
-                 (car (string-split version #\-))
-                 "/ncurses-" version "-patch.sh.bz2"))
-           (sha256
-            (base32
-             "08a1pp8wnj1fwpa1pz3fgrmd6xwp21idniswqz8lx3w3z2nb4ydi"))))))
+     `(("pkg-config" ,pkg-config)))
     (native-search-paths
      (list (search-path-specification
             (variable "TERMINFO_DIRS")
diff --git a/gnu/packages/patches/lcms-CVE-2016-10165.patch b/gnu/packages/patches/lcms-CVE-2016-10165.patch
deleted file mode 100644
index fa4d75c9ee..0000000000
--- a/gnu/packages/patches/lcms-CVE-2016-10165.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix CVE-2016-10165, an out-of-bounds heap read in Type_MLU_Read():
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10165
-http://seclists.org/oss-sec/2016/q3/288
-https://bugzilla.redhat.com/show_bug.cgi?id=1367357
-https://security-tracker.debian.org/tracker/CVE-2016-10165
-
-Patch copied from upstream source repository:
-
-https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
-
-From 5ca71a7bc18b6897ab21d815d15e218e204581e2 Mon Sep 17 00:00:00 2001
-From: Marti <marti.maria@tktbrainpower.com>
-Date: Mon, 15 Aug 2016 23:31:39 +0200
-Subject: [PATCH] Added an extra check to MLU bounds
-
-Thanks to Ibrahim el-sayed for spotting the bug
----
- src/cmstypes.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/cmstypes.c b/src/cmstypes.c
-index cb61860..c7328b9 100644
---- a/src/cmstypes.c
-+++ b/src/cmstypes.c
-@@ -1460,6 +1460,7 @@ void *Type_MLU_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU
- 
-         // Check for overflow
-         if (Offset < (SizeOfHeader + 8)) goto Error;
-+        if ((Offset + Len) > SizeOfTag + 8) goto Error;
- 
-         // True begin of the string
-         BeginOfThisString = Offset - SizeOfHeader - 8;
--- 
-2.11.0
-
diff --git a/gnu/packages/patches/libtasn1-CVE-2017-10790.patch b/gnu/packages/patches/libtasn1-CVE-2017-10790.patch
deleted file mode 100644
index 6cec0c8030..0000000000
--- a/gnu/packages/patches/libtasn1-CVE-2017-10790.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-Fix CVE-2017-10790:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790
-
-Patch copied from upstream source repository:
-
-https://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=d8d805e1f2e6799bb2dff4871a8598dc83088a39
-
-From d8d805e1f2e6799bb2dff4871a8598dc83088a39 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@redhat.com>
-Date: Thu, 22 Jun 2017 16:31:37 +0200
-Subject: [PATCH] _asn1_check_identifier: safer access to values read
-
-Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
----
- lib/parser_aux.c | 17 ++++++++++++-----
- 1 file changed, 12 insertions(+), 5 deletions(-)
-
-diff --git a/lib/parser_aux.c b/lib/parser_aux.c
-index 976ab38..786ea64 100644
---- a/lib/parser_aux.c
-+++ b/lib/parser_aux.c
-@@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node)
- 	  if (p2 == NULL)
- 	    {
- 	      if (p->value)
--		_asn1_strcpy (_asn1_identifierMissing, p->value);
-+		_asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value);
- 	      else
- 		_asn1_strcpy (_asn1_identifierMissing, "(null)");
- 	      return ASN1_IDENTIFIER_NOT_FOUND;
-@@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node)
- 	  if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT))
- 	    {
- 	      _asn1_str_cpy (name2, sizeof (name2), node->name);
--	      _asn1_str_cat (name2, sizeof (name2), ".");
--	      _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
--	      _asn1_strcpy (_asn1_identifierMissing, p2->value);
-+	      if (p2->value)
-+	        {
-+	          _asn1_str_cat (name2, sizeof (name2), ".");
-+	          _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
-+	          _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value);
-+	        }
-+	      else
-+		_asn1_strcpy (_asn1_identifierMissing, "(null)");
-+
- 	      p2 = asn1_find_node (node, name2);
- 	      if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) ||
- 		  !(p2->type & CONST_ASSIGN))
-@@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node)
- 		  _asn1_str_cpy (name2, sizeof (name2), node->name);
- 		  _asn1_str_cat (name2, sizeof (name2), ".");
- 		  _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
--		  _asn1_strcpy (_asn1_identifierMissing, p2->value);
-+		  _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value);
-+
- 		  p2 = asn1_find_node (node, name2);
- 		  if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID)
- 		      || !(p2->type & CONST_ASSIGN))
--- 
-2.13.3
-
diff --git a/gnu/packages/patches/libtasn1-CVE-2018-6003.patch b/gnu/packages/patches/libtasn1-CVE-2018-6003.patch
deleted file mode 100644
index 3e6140518d..0000000000
--- a/gnu/packages/patches/libtasn1-CVE-2018-6003.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-Fix CVE-2018-6003:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6003
-https://lists.gnu.org/archive/html/help-libtasn1/2018-01/msg00000.html
-
-Patch copied from upstream source repository:
-
-https://gitlab.com/gnutls/libtasn1/commit/c593ae84cfcde8fea45787e53950e0ac71e9ca97
-
-From c593ae84cfcde8fea45787e53950e0ac71e9ca97 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@redhat.com>
-Date: Thu, 4 Jan 2018 10:52:05 +0100
-Subject: [PATCH] _asn1_decode_simple_ber: restrict the levels of recursion to 3
-
-On indefinite string decoding, setting a maximum level of recursions
-protects the BER decoder from a stack exhaustion due to large amounts
-of recursion.
-
-Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
----
- lib/decoding.c | 21 +++++++++++++++++++--
- 1 file changed, 19 insertions(+), 2 deletions(-)
-
-diff --git a/lib/decoding.c b/lib/decoding.c
-index 2240b09..0ee35d3 100644
---- a/lib/decoding.c
-+++ b/lib/decoding.c
-@@ -45,6 +45,13 @@
- 
- #define DECODE_FLAG_HAVE_TAG 1
- #define DECODE_FLAG_INDEFINITE (1<<1)
-+/* On indefinite string decoding, allow this maximum levels
-+ * of recursion. Allowing infinite recursion, makes the BER
-+ * decoder susceptible to stack exhaustion due to that recursion.
-+ */
-+#define DECODE_FLAG_LEVEL1 (1<<2)
-+#define DECODE_FLAG_LEVEL2 (1<<3)
-+#define DECODE_FLAG_LEVEL3 (1<<4)
- 
- #define DECR_LEN(l, s) do { \
- 	  l -= s; \
-@@ -2216,7 +2223,8 @@ _asn1_decode_simple_ber (unsigned int etype, const unsigned char *der,
-     }
- 
-   /* indefinite constructed */
--  if (((dflags & DECODE_FLAG_INDEFINITE) || class == ASN1_CLASS_STRUCTURED) && ETYPE_IS_STRING(etype))
-+  if ((((dflags & DECODE_FLAG_INDEFINITE) || class == ASN1_CLASS_STRUCTURED) && ETYPE_IS_STRING(etype)) &&
-+      !(dflags & DECODE_FLAG_LEVEL3))
-     {
-       len_len = 1;
- 
-@@ -2236,8 +2244,17 @@ _asn1_decode_simple_ber (unsigned int etype, const unsigned char *der,
-       do
-         {
-           unsigned tmp_len;
-+          unsigned flags = DECODE_FLAG_HAVE_TAG;
-+
-+          if (dflags & DECODE_FLAG_LEVEL1)
-+                flags |= DECODE_FLAG_LEVEL2;
-+          else if (dflags & DECODE_FLAG_LEVEL2)
-+		flags |= DECODE_FLAG_LEVEL3;
-+	  else
-+		flags |= DECODE_FLAG_LEVEL1;
- 
--          result = asn1_decode_simple_ber(etype, p, der_len, &out, &out_len, &tmp_len);
-+          result = _asn1_decode_simple_ber(etype, p, der_len, &out, &out_len, &tmp_len,
-+                                           flags);
-           if (result != ASN1_SUCCESS)
-             {
-               warn();
---
-libgit2 0.26.0
-
diff --git a/gnu/packages/patches/tar-CVE-2016-6321.patch b/gnu/packages/patches/tar-CVE-2016-6321.patch
deleted file mode 100644
index b79be9bc94..0000000000
--- a/gnu/packages/patches/tar-CVE-2016-6321.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-Fix CVE-2016-6321:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321
-https://security-tracker.debian.org/tracker/CVE-2016-6321
-
-Patch adapted from upstream source repository (the changes to 'NEWS'
-don't apply to the Tar 1.29 release tarball).
-
-http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
-
-From 7340f67b9860ea0531c1450e5aa261c50f67165d Mon Sep 17 00:00:00 2001
-From: Paul Eggert <eggert@Penguin.CS.UCLA.EDU>
-Date: Sat, 29 Oct 2016 21:04:40 -0700
-Subject: [PATCH] When extracting, skip ".." members
-
-* NEWS: Document this.
-* src/extract.c (extract_archive): Skip members whose names
-contain "..".
----
- NEWS          | 8 +++++++-
- src/extract.c | 8 ++++++++
- 2 files changed, 15 insertions(+), 1 deletion(-)
-
-diff --git a/src/extract.c b/src/extract.c
-index f982433..7904148 100644
---- a/src/extract.c
-+++ b/src/extract.c
-@@ -1629,12 +1629,20 @@ extract_archive (void)
- {
-   char typeflag;
-   tar_extractor_t fun;
-+  bool skip_dotdot_name;
- 
-   fatal_exit_hook = extract_finish;
- 
-   set_next_block_after (current_header);
- 
-+  skip_dotdot_name = (!absolute_names_option
-+		      && contains_dot_dot (current_stat_info.orig_file_name));
-+  if (skip_dotdot_name)
-+    ERROR ((0, 0, _("%s: Member name contains '..'"),
-+	    quotearg_colon (current_stat_info.orig_file_name)));
-+
-   if (!current_stat_info.file_name[0]
-+      || skip_dotdot_name
-       || (interactive_option
- 	  && !confirm ("extract", current_stat_info.file_name)))
-     {
--- 
-2.11.0
-
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 9e06e675f4..e79065ae78 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -4,7 +4,7 @@
 ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
-;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2015, 2016, 2017, 2018 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
@@ -65,8 +65,7 @@
 (define-public libtasn1
   (package
     (name "libtasn1")
-    (version "4.12")
-    (replacement libtasn1/fixed)
+    (version "4.13")
     (source
      (origin
       (method url-fetch)
@@ -74,8 +73,7 @@
                           version ".tar.gz"))
       (sha256
        (base32
-        "0ls7jdq3y5fnrwg0pzhq11m21r8pshac2705bczz6mqjc8pdllv7"))
-      (patches (search-patches "libtasn1-CVE-2017-10790.patch"))))
+        "1jlc1iahj8k3haz28j55nzg7sgni5h41vqy461i1bpbx6668wlky"))))
     (build-system gnu-build-system)
     (native-inputs `(("perl" ,perl)))
     (home-page "https://www.gnu.org/software/libtasn1/")
@@ -87,14 +85,6 @@ networking, allowing for formal validation of data according to some
 specifications.")
     (license license:lgpl2.0+)))
 
-(define libtasn1/fixed
-  (package
-    (inherit libtasn1)
-    (source (origin
-              (inherit (package-source libtasn1))
-              (patches (search-patches "libtasn1-CVE-2017-10790.patch"
-                                       "libtasn1-CVE-2018-6003.patch"))))))
-
 (define-public asn1c
   (package
     (name "asn1c")
@@ -155,7 +145,7 @@ living in the same process.")
 (define-public gnutls
   (package
     (name "gnutls")
-    (version "3.5.13")
+    (version "3.5.18")
     (source (origin
              (method url-fetch)
              (uri
@@ -169,7 +159,7 @@ living in the same process.")
                               "gnutls-skip-pkgconfig-test.patch"))
              (sha256
               (base32
-               "15ihq6p0hnnhs8cnjrkj40dmlcaa1jjg8xg0g2ydbnlqs454ixbr"))))
+               "0d02x28fwkkx7xzn7807nww6idchizzq3plx8sfcyiw7wzclh8mf"))))
     (build-system gnu-build-system)
     (arguments
      `(; Ensure we don't keep a reference to this buggy software.
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 3a488ce74e..f637c7dc2d 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -1863,21 +1863,22 @@ management to participate in an X11R6 session.")
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)))
     (arguments
-     `(#:phases (alist-cons-after
-                 'unpack 'fix-makefile-in
-                 (lambda _
-                   (substitute* "Makefile.in"
-                     ;; Install xorg-macros.pc in PREFIX/lib/pkgconfig,
-                     ;; not PREFIX/share/pkgconfig.
-                     (("\\$\\(datadir\\)/pkgconfig") "$(libdir)/pkgconfig")))
-                 (alist-cons-after
-                  'install 'post-install-cleanup
-                  (lambda* (#:key outputs #:allow-other-keys)
-                    (let ((out (assoc-ref outputs "out")))
-                      (with-directory-excursion out
-                        (delete-file "share/util-macros/INSTALL")
-                        (rmdir "share/util-macros"))))
-                  %standard-phases))))
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'fix-makefile-in
+           (lambda _
+             (substitute* "Makefile.in"
+               ;; Install xorg-macros.pc in PREFIX/lib/pkgconfig,
+               ;; not PREFIX/share/pkgconfig.
+               (("\\$\\(datadir\\)/pkgconfig") "$(libdir)/pkgconfig"))
+             #t))
+         (add-after 'install 'post-install-cleanup
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (with-directory-excursion out
+                 (delete-file "share/util-macros/INSTALL")
+                 (rmdir "share/util-macros"))
+               #t))))))
     (home-page "https://www.x.org/wiki/")
     (synopsis "Xorg autoconf macros")
     (description