summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
Diffstat (limited to 'gnu')
-rw-r--r--gnu/bootloader/extlinux.scm22
-rw-r--r--gnu/build/linux-boot.scm2
-rw-r--r--gnu/build/shepherd.scm10
-rw-r--r--gnu/build/vm.scm6
-rw-r--r--gnu/local.mk29
-rw-r--r--gnu/packages/admin.scm53
-rw-r--r--gnu/packages/algebra.scm4
-rw-r--r--gnu/packages/audio.scm122
-rw-r--r--gnu/packages/aux-files/linux-libre/4.14-arm.conf25
-rw-r--r--gnu/packages/backup.scm9
-rw-r--r--gnu/packages/bioinformatics.scm379
-rw-r--r--gnu/packages/bittorrent.scm6
-rw-r--r--gnu/packages/bootloaders.scm24
-rw-r--r--gnu/packages/certs.scm5
-rw-r--r--gnu/packages/compression.scm116
-rw-r--r--gnu/packages/cran.scm116
-rw-r--r--gnu/packages/crypto.scm4
-rw-r--r--gnu/packages/curl.scm14
-rw-r--r--gnu/packages/databases.scm66
-rw-r--r--gnu/packages/direct-connect.scm25
-rw-r--r--gnu/packages/django.scm20
-rw-r--r--gnu/packages/dns.scm29
-rw-r--r--gnu/packages/elixir.scm34
-rw-r--r--gnu/packages/emacs.scm151
-rw-r--r--gnu/packages/engineering.scm14
-rw-r--r--gnu/packages/enlightenment.scm8
-rw-r--r--gnu/packages/erlang.scm6
-rw-r--r--gnu/packages/file-systems.scm4
-rw-r--r--gnu/packages/finance.scm11
-rw-r--r--gnu/packages/fonts.scm106
-rw-r--r--gnu/packages/fontutils.scm105
-rw-r--r--gnu/packages/freedesktop.scm147
-rw-r--r--gnu/packages/game-development.scm45
-rw-r--r--gnu/packages/games.scm123
-rw-r--r--gnu/packages/gcc.scm7
-rw-r--r--gnu/packages/gnome.scm45
-rw-r--r--gnu/packages/gnunet.scm29
-rw-r--r--gnu/packages/gnupg.scm4
-rw-r--r--gnu/packages/gnuzilla.scm11
-rw-r--r--gnu/packages/gps.scm31
-rw-r--r--gnu/packages/graphics.scm3
-rw-r--r--gnu/packages/groff.scm47
-rw-r--r--gnu/packages/gstreamer.scm34
-rw-r--r--gnu/packages/guile.scm141
-rw-r--r--gnu/packages/haskell-check.scm5
-rw-r--r--gnu/packages/haskell-crypto.scm9
-rw-r--r--gnu/packages/haskell-web.scm9
-rw-r--r--gnu/packages/haskell.scm206
-rw-r--r--gnu/packages/image.scm55
-rw-r--r--gnu/packages/irc.scm8
-rw-r--r--gnu/packages/java.scm308
-rw-r--r--gnu/packages/kodi.scm6
-rw-r--r--gnu/packages/libcanberra.scm6
-rw-r--r--gnu/packages/linux.scm22
-rw-r--r--gnu/packages/lisp.scm163
-rw-r--r--gnu/packages/lua.scm46
-rw-r--r--gnu/packages/lxde.scm7
-rw-r--r--gnu/packages/machine-learning.scm4
-rw-r--r--gnu/packages/mail.scm49
-rw-r--r--gnu/packages/man.scm23
-rw-r--r--gnu/packages/markup.scm2
-rw-r--r--gnu/packages/maths.scm9
-rw-r--r--gnu/packages/mes.scm6
-rw-r--r--gnu/packages/messaging.scm56
-rw-r--r--gnu/packages/mp3.scm11
-rw-r--r--gnu/packages/music.scm208
-rw-r--r--gnu/packages/musl.scm4
-rw-r--r--gnu/packages/nano.scm4
-rw-r--r--gnu/packages/networking.scm35
-rw-r--r--gnu/packages/node.scm23
-rw-r--r--gnu/packages/ntp.scm6
-rw-r--r--gnu/packages/ocaml.scm2
-rw-r--r--gnu/packages/package-management.scm37
-rw-r--r--gnu/packages/parallel.scm5
-rw-r--r--gnu/packages/password-utils.scm5
-rw-r--r--gnu/packages/patches/bazaar-CVE-2017-14176.patch166
-rw-r--r--gnu/packages/patches/clementine-use-openssl.patch67
-rw-r--r--gnu/packages/patches/dtc-32-bits-check.patch134
-rw-r--r--gnu/packages/patches/dtc-format-modifier.patch38
-rw-r--r--gnu/packages/patches/emacs-highlight-stages-add-gexp.patch26
-rw-r--r--gnu/packages/patches/exim-CVE-2017-1000369.patch59
-rw-r--r--gnu/packages/patches/gcc-6-source-date-epoch-1.patch187
-rw-r--r--gnu/packages/patches/gcc-6-source-date-epoch-2.patch346
-rw-r--r--gnu/packages/patches/glusterfs-use-PATH-instead-of-hardcodes.patch140
-rw-r--r--gnu/packages/patches/guile-emacs-fix-configure.patch211
-rw-r--r--gnu/packages/patches/higan-remove-march-native-flag.patch15
-rw-r--r--gnu/packages/patches/libmygpo-qt-fix-jsoncreatortest.patch41
-rw-r--r--gnu/packages/patches/libtorrent-rasterbar-boost-compat.patch27
-rw-r--r--gnu/packages/patches/libvirt-CVE-2017-1000256.patch84
-rw-r--r--gnu/packages/patches/node-test-http2-server-rst-stream.patch131
-rw-r--r--gnu/packages/patches/optipng-CVE-2017-1000229.patch22
-rw-r--r--gnu/packages/patches/pcmanfm-CVE-2017-8934.patch56
-rw-r--r--gnu/packages/patches/perl-text-markdown-discount-unbundle.patch (renamed from gnu/packages/patches/perl-text-markdown-discount-use-system-markdown.patch)0
-rw-r--r--gnu/packages/patches/procmail-CVE-2017-16844.patch25
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-15118.patch58
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-15119.patch68
-rw-r--r--gnu/packages/patches/shepherd-close-fds.patch36
-rw-r--r--gnu/packages/patches/spice-CVE-2016-9577.patch33
-rw-r--r--gnu/packages/patches/spice-CVE-2016-9578-1.patch33
-rw-r--r--gnu/packages/patches/spice-CVE-2016-9578-2.patch38
-rw-r--r--gnu/packages/patches/spice-CVE-2017-7506.patch158
-rw-r--r--gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch42
-rw-r--r--gnu/packages/patches/vpnc-script.patch15
-rw-r--r--gnu/packages/perl.scm4
-rw-r--r--gnu/packages/php.scm7
-rw-r--r--gnu/packages/protobuf.scm68
-rw-r--r--gnu/packages/python.scm119
-rw-r--r--gnu/packages/qt.scm121
-rw-r--r--gnu/packages/samba.scm4
-rw-r--r--gnu/packages/scribus.scm14
-rw-r--r--gnu/packages/security-token.scm9
-rw-r--r--gnu/packages/shells.scm41
-rw-r--r--gnu/packages/simulation.scm11
-rw-r--r--gnu/packages/spice.scm12
-rw-r--r--gnu/packages/statistics.scm88
-rw-r--r--gnu/packages/synergy.scm2
-rw-r--r--gnu/packages/telephony.scm48
-rw-r--r--gnu/packages/time.scm10
-rw-r--r--gnu/packages/tls.scm8
-rw-r--r--gnu/packages/tor.scm4
-rw-r--r--gnu/packages/version-control.scm26
-rw-r--r--gnu/packages/video.scm15
-rw-r--r--gnu/packages/vim.scm40
-rw-r--r--gnu/packages/virtualization.scm10
-rw-r--r--gnu/packages/vpn.scm137
-rw-r--r--gnu/packages/web.scm155
-rw-r--r--gnu/packages/wget.scm4
-rw-r--r--gnu/packages/wm.scm4
-rw-r--r--gnu/packages/xdisorg.scm51
-rw-r--r--gnu/packages/xfig.scm2
-rw-r--r--gnu/packages/xorg.scm35
-rw-r--r--gnu/services/base.scm2
-rw-r--r--gnu/services/certbot.scm133
-rw-r--r--gnu/services/configuration.scm3
-rw-r--r--gnu/services/desktop.scm13
-rw-r--r--gnu/services/dict.scm26
-rw-r--r--gnu/services/messaging.scm57
-rw-r--r--gnu/services/version-control.scm63
-rw-r--r--gnu/services/xorg.scm298
-rw-r--r--gnu/system.scm4
-rw-r--r--gnu/system/install.scm27
-rw-r--r--gnu/system/uuid.scm2
-rw-r--r--gnu/system/vm.scm70
-rw-r--r--gnu/tests/messaging.scm1
-rw-r--r--gnu/tests/version-control.scm131
145 files changed, 5917 insertions, 1749 deletions
diff --git a/gnu/bootloader/extlinux.scm b/gnu/bootloader/extlinux.scm
index e5fdeb5801..9b6e2c7f2a 100644
--- a/gnu/bootloader/extlinux.scm
+++ b/gnu/bootloader/extlinux.scm
@@ -53,7 +53,7 @@ corresponding to old generations of the system."
   APPEND ~a
 ~%"
                 #$label #$label
-                #$kernel #$kernel #$initrd
+                #$kernel (dirname #$kernel) #$initrd
                 (string-join (list #$@kernel-arguments)))))
 
   (define builder
@@ -85,14 +85,6 @@ TIMEOUT ~a~%"
 ;;; Install procedures.
 ;;;
 
-(define dd
-  #~(lambda (bs count if of)
-      (zero? (system* "dd"
-                      (string-append "bs=" (number->string bs))
-                      (string-append "count=" (number->string count))
-                      (string-append "if=" if)
-                      (string-append "of=" of)))))
-
 (define (install-extlinux mbr)
   #~(lambda (bootloader device mount-point)
       (let ((extlinux (string-append bootloader "/sbin/extlinux"))
@@ -101,9 +93,15 @@ TIMEOUT ~a~%"
         (for-each (lambda (file)
                     (install-file file install-dir))
                   (find-files syslinux-dir "\\.c32$"))
-
-        (unless (and (zero? (system* extlinux "--install" install-dir))
-                     (#$dd 440 1 (string-append syslinux-dir "/" #$mbr) device))
+        (unless
+            (and (zero? (system* extlinux "--install" install-dir))
+                 (call-with-input-file (string-append syslinux-dir "/" #$mbr)
+                   (lambda (input)
+                     (let ((bv (get-bytevector-n input 440)))
+                       (call-with-output-file device
+                         (lambda (output)
+                           (put-bytevector output bv))
+                         #:binary #t)))))
           (error "failed to install SYSLINUX")))))
 
 (define install-extlinux-mbr
diff --git a/gnu/build/linux-boot.scm b/gnu/build/linux-boot.scm
index a1ff4dd1ea..2547f1e0af 100644
--- a/gnu/build/linux-boot.scm
+++ b/gnu/build/linux-boot.scm
@@ -21,7 +21,6 @@
   #:use-module (rnrs io ports)
   #:use-module (system repl error-handling)
   #:autoload   (system repl repl) (start-repl)
-  #:autoload   (system base compile) (compile-file)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-26)
   #:use-module (ice-9 match)
@@ -270,6 +269,7 @@ using the kernel build-in overlayfs."
   ;; Make sure /root/etc/mtab is a symlink to /proc/self/mounts.
   (false-if-exception
     (delete-file "/root/etc/mtab"))
+  (mkdir-p "/root/etc")
   (symlink "/proc/self/mounts" "/root/etc/mtab"))
 
 (define (switch-root root)
diff --git a/gnu/build/shepherd.scm b/gnu/build/shepherd.scm
index 8fc74bc482..c955e3c83f 100644
--- a/gnu/build/shepherd.scm
+++ b/gnu/build/shepherd.scm
@@ -60,11 +60,13 @@
       (type "tmpfs")
       (check? #f)))
 
-  (define passwd
+  (define accounts
     ;; This is for processes in the default user namespace but living in a
     ;; different mount namespace, so that they can lookup users.
-    (file-system-mapping
-     (source "/etc/passwd") (target source)))
+    (list (file-system-mapping
+           (source "/etc/passwd") (target source))
+          (file-system-mapping
+           (source "/etc/group") (target source))))
 
   (define nscd-socket
     (file-system-mapping
@@ -78,7 +80,7 @@
                                         %network-file-mappings))
                             ,@(if (and (memq 'mnt namespaces)
                                        (not (memq 'user namespaces)))
-                                  (list passwd)
+                                  accounts
                                   '())
                             ,%store-mapping)))    ;XXX: coarse-grain
             (map file-system-mapping->bind-mount
diff --git a/gnu/build/vm.scm b/gnu/build/vm.scm
index 7537f81509..20ee12709b 100644
--- a/gnu/build/vm.scm
+++ b/gnu/build/vm.scm
@@ -378,11 +378,8 @@ SYSTEM-DIRECTORY is the name of the directory of the 'system' derivation."
 GRUB configuration and OS-DRV as the stuff in it."
   (let ((grub-mkrescue (string-append grub "/bin/grub-mkrescue"))
         (target-store  (string-append "/tmp/root" (%store-directory))))
-    (mkdir-p "/tmp/root/var/run")
-    (mkdir-p "/tmp/root/run")
-    (mkdir-p "/tmp/root/mnt")
+    (populate-root-file-system os-drv "/tmp/root")
 
-    (mkdir-p target-store)
     (mount (%store-directory) target-store "" MS_BIND)
 
     (when register-closures?
@@ -399,6 +396,7 @@ GRUB configuration and OS-DRV as the stuff in it."
                           `(,grub-mkrescue "-o" ,target
                             ,(string-append "boot/grub/grub.cfg=" config-file)
                             ,(string-append "gnu/store=" os-drv "/..")
+                            "etc=/tmp/root/etc"
                             "var=/tmp/root/var"
                             "run=/tmp/root/run"
                             ;; /mnt is used as part of the installation
diff --git a/gnu/local.mk b/gnu/local.mk
index 5a701075ff..ac7e115310 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -444,6 +444,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/services/audio.scm                        \
   %D%/services/avahi.scm			\
   %D%/services/base.scm				\
+  %D%/services/certbot.scm			\
   %D%/services/configuration.scm		\
   %D%/services/cuirass.scm			\
   %D%/services/cups.scm				\
@@ -496,7 +497,6 @@ GNU_SYSTEM_MODULES =				\
   %D%/build/linux-initrd.scm			\
   %D%/build/linux-modules.scm			\
   %D%/build/marionette.scm			\
-  %D%/build/shepherd.scm			\
   %D%/build/vm.scm				\
 						\
   %D%/tests.scm					\
@@ -519,6 +519,7 @@ GNU_SYSTEM_MODULES =				\
 
 # Modules that do not need to be compiled.
 MODULES_NOT_COMPILED +=				\
+  %D%/build/shepherd.scm			\
   %D%/build/svg.scm
 
 patchdir = $(guilemoduledir)/%D%/packages/patches
@@ -550,6 +551,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/awesome-reproducible-png.patch		\
   %D%/packages/patches/azr3.patch				\
   %D%/packages/patches/bash-completion-directories.patch	\
+  %D%/packages/patches/bazaar-CVE-2017-14176.patch		\
   %D%/packages/patches/bcftools-regidx-unsigned-char.patch	\
   %D%/packages/patches/binutils-ld-new-dtags.patch		\
   %D%/packages/patches/binutils-loongson-workaround.patch	\
@@ -570,6 +572,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/chmlib-inttypes.patch			\
   %D%/packages/patches/clang-libc-search-path.patch		\
   %D%/packages/patches/clang-3.8-libc-search-path.patch		\
+  %D%/packages/patches/clementine-use-openssl.patch		\
   %D%/packages/patches/clisp-remove-failing-test.patch		\
   %D%/packages/patches/clucene-pkgconfig.patch			\
   %D%/packages/patches/clx-remove-demo.patch			\
@@ -600,18 +603,20 @@ dist_patch_DATA =						\
   %D%/packages/patches/doc++-include-directives.patch		\
   %D%/packages/patches/doc++-segfault-fix.patch			\
   %D%/packages/patches/doxygen-test.patch			\
+  %D%/packages/patches/dtc-format-modifier.patch		\
+  %D%/packages/patches/dtc-32-bits-check.patch			\
   %D%/packages/patches/dvd+rw-tools-add-include.patch 		\
   %D%/packages/patches/elfutils-tests-ptrace.patch		\
   %D%/packages/patches/elixir-disable-failing-tests.patch	\
   %D%/packages/patches/einstein-build.patch			\
   %D%/packages/patches/emacs-exec-path.patch			\
   %D%/packages/patches/emacs-fix-scheme-indent-function.patch	\
+  %D%/packages/patches/emacs-highlight-stages-add-gexp.patch	\
   %D%/packages/patches/emacs-scheme-complete-scheme-r5rs-info.patch	\
   %D%/packages/patches/emacs-source-date-epoch.patch		\
   %D%/packages/patches/erlang-man-path.patch			\
   %D%/packages/patches/eudev-rules-directory.patch		\
   %D%/packages/patches/evilwm-lost-focus-bug.patch		\
-  %D%/packages/patches/exim-CVE-2017-1000369.patch		\
   %D%/packages/patches/exiv2-CVE-2017-14860.patch		\
   %D%/packages/patches/exiv2-CVE-2017-14859-14862-14864.patch	\
   %D%/packages/patches/fastcap-mulGlobal.patch			\
@@ -650,6 +655,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/gcc-5-source-date-epoch-2.patch		\
   %D%/packages/patches/gcc-6-arm-none-eabi-multilib.patch	\
   %D%/packages/patches/gcc-6-cross-environment-variables.patch	\
+  %D%/packages/patches/gcc-6-source-date-epoch-1.patch		\
+  %D%/packages/patches/gcc-6-source-date-epoch-2.patch		\
   %D%/packages/patches/gcr-disable-failing-tests.patch		\
   %D%/packages/patches/gcr-fix-collection-tests-to-work-with-gpg-21.patch	\
   %D%/packages/patches/gd-fix-tests-on-i686.patch		\
@@ -681,6 +688,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/glibc-o-largefile.patch			\
   %D%/packages/patches/glibc-vectorized-strcspn-guards.patch	\
   %D%/packages/patches/glibc-versioned-locpath.patch		\
+  %D%/packages/patches/glusterfs-use-PATH-instead-of-hardcodes.patch		\
   %D%/packages/patches/glog-gcc-5-demangling.patch		\
   %D%/packages/patches/gmp-arm-asm-nothumb.patch		\
   %D%/packages/patches/gmp-faulty-test.patch			\
@@ -713,6 +721,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/guile-present-coding.patch		\
   %D%/packages/patches/guile-relocatable.patch			\
   %D%/packages/patches/guile-rsvg-pkgconfig.patch		\
+  %D%/packages/patches/guile-emacs-fix-configure.patch		\
   %D%/packages/patches/gtk2-respect-GUIX_GTK2_PATH.patch	\
   %D%/packages/patches/gtk2-respect-GUIX_GTK2_IM_MODULE_FILE.patch \
   %D%/packages/patches/gtk2-theme-paths.patch			\
@@ -801,6 +810,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libmad-armv7-thumb-pt2.patch		\
   %D%/packages/patches/libmad-frame-length.patch		\
   %D%/packages/patches/libmad-mips-newgcc.patch			\
+  %D%/packages/patches/libmygpo-qt-fix-jsoncreatortest.patch	\
   %D%/packages/patches/libsndfile-armhf-type-checks.patch	\
   %D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch	\
   %D%/packages/patches/libsndfile-CVE-2017-8362.patch		\
@@ -810,11 +820,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/libtasn1-CVE-2017-10790.patch		\
   %D%/packages/patches/libtheora-config-guess.patch		\
   %D%/packages/patches/libtirpc-CVE-2017-8779.patch		\
-  %D%/packages/patches/libtorrent-rasterbar-boost-compat.patch	\
   %D%/packages/patches/libtool-skip-tests2.patch		\
   %D%/packages/patches/libusb-0.1-disable-tests.patch		\
   %D%/packages/patches/libusb-for-axoloti.patch			\
-  %D%/packages/patches/libvirt-CVE-2017-1000256.patch		\
   %D%/packages/patches/libvpx-CVE-2016-2818.patch		\
   %D%/packages/patches/libxcb-python-3.5-compat.patch		\
   %D%/packages/patches/libxslt-generated-ids.patch		\
@@ -882,6 +890,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/newsbeuter-CVE-2017-14500.patch		\
   %D%/packages/patches/ngircd-handle-zombies.patch		\
   %D%/packages/patches/ninja-zero-mtime.patch			\
+  %D%/packages/patches/node-test-http2-server-rst-stream.patch	\
   %D%/packages/patches/nss-increase-test-timeout.patch		\
   %D%/packages/patches/nss-pkgconfig.patch			\
   %D%/packages/patches/nvi-assume-preserve-path.patch		\
@@ -903,6 +912,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/openssl-runpath.patch			\
   %D%/packages/patches/openssl-1.1.0-c-rehash-in.patch		\
   %D%/packages/patches/openssl-c-rehash-in.patch		\
+  %D%/packages/patches/optipng-CVE-2017-1000229.patch		\
   %D%/packages/patches/orpheus-cast-errors-and-includes.patch	\
   %D%/packages/patches/osip-CVE-2017-7853.patch			\
   %D%/packages/patches/ots-no-include-missing-file.patch	\
@@ -913,6 +923,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/patchelf-rework-for-arm.patch		\
   %D%/packages/patches/patchutils-xfail-gendiff-tests.patch	\
   %D%/packages/patches/patch-hurd-path-max.patch		\
+  %D%/packages/patches/pcmanfm-CVE-2017-8934.patch		\
   %D%/packages/patches/pcre2-CVE-2017-7186.patch		\
   %D%/packages/patches/pcre2-CVE-2017-8786.patch		\
   %D%/packages/patches/perl-file-path-CVE-2017-6512.patch	\
@@ -945,6 +956,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/portmidi-modular-build.patch		\
   %D%/packages/patches/procmail-ambiguous-getline-debian.patch  \
   %D%/packages/patches/procmail-CVE-2014-3618.patch		\
+  %D%/packages/patches/procmail-CVE-2017-16844.patch		\
   %D%/packages/patches/proot-test-fhs.patch			\
   %D%/packages/patches/psm-arch.patch				\
   %D%/packages/patches/psm-ldflags.patch			\
@@ -993,6 +1005,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/python-unittest2-python3-compat.patch	\
   %D%/packages/patches/python-unittest2-remove-argparse.patch	\
   %D%/packages/patches/qemu-CVE-2017-15038.patch		\
+  %D%/packages/patches/qemu-CVE-2017-15118.patch		\
+  %D%/packages/patches/qemu-CVE-2017-15119.patch		\
   %D%/packages/patches/qemu-CVE-2017-15268.patch		\
   %D%/packages/patches/qemu-CVE-2017-15289.patch		\
   %D%/packages/patches/qt4-ldflags.patch			\
@@ -1020,6 +1034,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/scotch-test-threading.patch		\
   %D%/packages/patches/sdl-libx11-1.6.patch			\
   %D%/packages/patches/seq24-rename-mutex.patch			\
+  %D%/packages/patches/shepherd-close-fds.patch			\
   %D%/packages/patches/shishi-fix-libgcrypt-detection.patch	\
   %D%/packages/patches/slim-session.patch			\
   %D%/packages/patches/slim-config.patch			\
@@ -1028,13 +1043,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/slim-login.patch				\
   %D%/packages/patches/slurm-configure-remove-nonfree-contribs.patch \
   %D%/packages/patches/sooperlooper-build-with-wx-30.patch 	\
-  %D%/packages/patches/spice-CVE-2016-9577.patch		\
-  %D%/packages/patches/spice-CVE-2016-9578-1.patch		\
-  %D%/packages/patches/spice-CVE-2016-9578-2.patch		\
-  %D%/packages/patches/spice-CVE-2017-7506.patch		\
   %D%/packages/patches/steghide-fixes.patch			\
   %D%/packages/patches/superlu-dist-scotchmetis.patch		\
-  %D%/packages/patches/supertuxkart-angelscript-ftbfs.patch		\
   %D%/packages/patches/swish-e-search.patch			\
   %D%/packages/patches/swish-e-format-security.patch		\
   %D%/packages/patches/synfigstudio-fix-ui-with-gtk3.patch 	\
@@ -1086,7 +1096,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/vorbis-tools-CVE-2014-9638+CVE-2014-9639.patch		\
   %D%/packages/patches/vorbis-tools-CVE-2014-9640.patch		\
   %D%/packages/patches/vorbis-tools-CVE-2015-6749.patch		\
-  %D%/packages/patches/vpnc-script.patch			\
   %D%/packages/patches/vsearch-unbundle-cityhash.patch		\
   %D%/packages/patches/vte-CVE-2012-2738-pt1.patch			\
   %D%/packages/patches/vte-CVE-2012-2738-pt2.patch			\
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index cd2b9a6335..3250be5349 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2015, 2016 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
 ;;; Copyright © 2015 Alex Sassmannshausen <alex.sassmannshausen@gmail.com>
 ;;; Copyright © 2015 Eric Dvorsak <eric@dvorsak.fr>
-;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Pjotr Prins <pjotr.guix@thebird.nl>
 ;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
@@ -162,7 +162,8 @@ and provides a \"top-like\" mode (monitoring).")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "174q1qg7yg6w1hfvlfv720hr6hid4h5xzw15y3ycfpspllzldhcb"))))
+                "174q1qg7yg6w1hfvlfv720hr6hid4h5xzw15y3ycfpspllzldhcb"))
+              (patches (search-patches "shepherd-close-fds.patch"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--localstatedir=/var")))
@@ -1772,13 +1773,13 @@ a new command using the matched rule, and runs it.")
 (define-public di
   (package
     (name "di")
-    (version "4.43")
+    (version "4.44")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://gentoo.com/di/di-" version ".tar.gz"))
        (sha256
-        (base32 "1q25jy51qfzsym9b2w0cqzscq2j492gn60dy6gbp88m8nwm4sdy8"))))
+        (base32 "0803lp8kd3mp1jcm17i019xiqxdy85hhs6xk67zib8gmvg500gcn"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; Obscure test failures.
@@ -1794,10 +1795,10 @@ a new command using the matched rule, and runs it.")
     (home-page "https://www.gentoo.com/di/")
     (synopsis "Advanced df like disk information utility")
     (description
-     "'di' is a disk information utility, displaying everything
-(and more) that your @code{df} command does.  It features the ability to
-display your disk usage in whatever format you prefer.  It is designed to be
-highly portable.  Great for heterogeneous networks.")
+     "'di' is a disk information utility, displaying everything that your
+@code{df} command does and more.  It features the ability to display your disk
+usage in whatever format you prefer.  It is designed to be highly portable and
+produce uniform output across heterogeneous networks.")
     (license license:zlib)))
 
 (define-public cbatticon
@@ -2295,3 +2296,39 @@ on systems running the Linux kernel.")
     ;; arm and aarch64 don't have cpuid.h
     (supported-systems '("i686-linux" "x86_64-linux"))
     (license license:gpl2+)))
+
+(define-public masscan
+  (package
+    (name "masscan")
+    (version "1.0.4")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/robertdavidgraham/masscan"
+                                  "/archive/" version ".tar.gz"))
+              (sha256
+               (base32
+                "1y9af345g00z83rliv6bmlqg37xwc7xpnx5xqdgmjikzcxgk9pji"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("libpcap" ,libpcap)))
+    (arguments
+     '(#:test-target "regress"
+       #:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure) ; There is no ./configure script
+         (add-after 'unpack 'patch-path
+           (lambda* (#:key outputs inputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (pcap (assoc-ref inputs "libpcap")))
+               (substitute* "src/rawsock-pcap.c"
+                 (("libpcap.so") (string-append pcap "/lib/libpcap.so")))
+               #t))))))
+    (synopsis "TCP port scanner")
+    (description "MASSCAN is an asynchronous TCP port scanner.  It can detect
+open ports, and also complete the TCP connection and interact with the remote
+application, collecting the information received.")
+    (home-page "https://github.com/robertdavidgraham/masscan")
+        ;; 'src/siphash24.c' is the SipHash reference implementation, which
+        ;; bears a CC0 Public Domain Dedication.
+    (license license:agpl3+)))
diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm
index ede137b22c..a7336066ef 100644
--- a/gnu/packages/algebra.scm
+++ b/gnu/packages/algebra.scm
@@ -207,7 +207,7 @@ GP2C, the GP to C compiler, translates GP scripts to PARI programs.")
 (define-public giac-xcas
   (package
     (name "giac-xcas")
-    (version "1.4.9-17")
+    (version "1.4.9-33")
     (source (origin
               (method url-fetch)
               ;; "~parisse/giac" is not used because the maintainer regularly
@@ -219,7 +219,7 @@ GP2C, the GP to C compiler, translates GP scripts to PARI programs.")
                                   "source/giac_" version ".tar.gz"))
               (sha256
                (base32
-                "0fabw706hixp4da4pgkbjrlf9gk4xrmv404f884jb24bnmb5hbax"))))
+                "1f071j4l9ayri2cxka6bfdb6c0fsdl7q7wk345r7hxjfga69g9mv"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index 384010372f..4f6e4a4095 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -63,6 +63,7 @@
   #:use-module (gnu packages image)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages qt)
+  #:use-module (gnu packages libbsd)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages llvm)
   #:use-module (gnu packages mp3) ;taglib
@@ -72,6 +73,7 @@
   #:use-module (gnu packages python)
   #:use-module (gnu packages rdf)
   #:use-module (gnu packages readline)
+  #:use-module (gnu packages telephony)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages video)
   #:use-module (gnu packages vim) ;xxd
@@ -83,7 +85,8 @@
   #:use-module (gnu packages maths)
   #:use-module (gnu packages multiprecision)
   #:use-module (gnu packages music)
-  #:use-module (srfi srfi-1))
+  #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-26))
 
 (define-public alsa-modular-synth
   (package
@@ -341,13 +344,19 @@ engineers, musicians, soundtrack editors and composers.")
        ("python" ,python-2)
        ("which" ,which)))
     (arguments
-     '(#:configure-flags
+     `(#:configure-flags
        (let ((libid3tag (assoc-ref %build-inputs "libid3tag"))
              (libmad (assoc-ref %build-inputs "libmad"))
              (portmidi (assoc-ref %build-inputs "portmidi")))
          (list
           ;; Loading FFmpeg dynamically is problematic.
           "--disable-dynamic-loading"
+          ;; SSE instructions are available on Intel systems only.
+          ,@(if (any (cute string-prefix? <> (or (%current-target-system)
+                                                 (%current-system)))
+                    '("x64_64" "i686"))
+              '()
+              '("--enable-sse=no"))
           ;; portmidi, libid3tag and libmad provide no .pc files, so
           ;; pkg-config fails to find them.  Force their inclusion.
           (string-append "ID3TAG_CFLAGS=-I" libid3tag "/include")
@@ -446,14 +455,14 @@ plugins are provided.")
 (define-public calf
   (package
     (name "calf")
-    (version "0.0.60")
+    (version "0.90.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://calf-studio-gear.org/files/calf-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "019fwg00jv217a5r767z7szh7vdrarybac0pr2sk26xp81kibrx9"))))
+                "0dijv2j7vlp76l10s4v8gbav26ibaqk8s24ci74vrc398xy00cib"))))
     (build-system gnu-build-system)
     (inputs
      `(("fluidsynth" ,fluidsynth)
@@ -1093,17 +1102,19 @@ PS, and DAB+.")
 (define-public faust
   (package
     (name "faust")
-    (version "0.9.67")
+    (version "0.9.90")
     (source (origin
-              (method url-fetch)
-              (uri (string-append
-                    "mirror://sourceforge/faudiostream/faust-" version ".zip"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/grame-cncm/faust.git")
+                    (commit (string-append "v"
+                                           (string-map (lambda (c)
+                                                         (if (char=? c #\.) #\- c))
+                                                       version)))))
+              (file-name (string-append "faust-" version "-checkout"))
               (sha256
                (base32
-                "068vl9536zn0j4pknwfcchzi90rx5pk64wbcbd67z32w0csx8xm1"))
-              (snippet
-               ;; Remove prebuilt library
-               '(delete-file "architecture/android/libs/armeabi-v7a/libfaust_dsp.so"))))
+                "0qc6iwjd3i80jdyjc186c6ywipmjzl8wlsp4050pbr56q4rlkd4z"))))
     (build-system gnu-build-system)
     (arguments
      `(#:make-flags (list (string-append "prefix=" (assoc-ref %outputs "out")))
@@ -1111,7 +1122,16 @@ PS, and DAB+.")
        #:phases
        (modify-phases %standard-phases
          ;; no "configure" script
-         (delete 'configure))))
+         (delete 'configure)
+         ;; Files appear under $out/share/faust that are read-only.  The
+         ;; install phase tries to overwrite them and fails, so we change
+         ;; the permissions first.
+         (add-before 'install 'fix-permissions
+           (lambda _
+             (for-each (lambda (file)
+                         (chmod file #o644))
+                       (find-files "architecture/max-msp" ".*"))
+             #t)))))
     (native-inputs
      `(("unzip" ,unzip)))
     (home-page "http://faust.grame.fr/")
@@ -1140,18 +1160,7 @@ PS, and DAB+.")
      (substitute-keyword-arguments (package-arguments faust)
        ((#:make-flags flags)
         `(list (string-append "prefix=" (assoc-ref %outputs "out"))
-               "world"))
-       ((#:phases phases)
-        `(modify-phases ,phases
-           ;; Files appear under $out/share/faust that are read-only.  The
-           ;; install phase tries to overwrite them and fails, so we change
-           ;; the permissions first.
-           (add-before 'install 'fix-permissions
-             (lambda* (#:key outputs #:allow-other-keys)
-               (for-each (lambda (file)
-                           (chmod file #o644))
-                         (find-files "architecture/max-msp" ".*"))
-               #t))))))
+               "world"))))
     (native-inputs
      `(("llvm" ,llvm-with-rtti)
        ("which" ,which)
@@ -1207,7 +1216,7 @@ patches that can be used with softsynths such as Timidity and WildMidi.")
 (define-public guitarix
   (package
     (name "guitarix")
-    (version "0.36.0")
+    (version "0.36.1")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -1215,7 +1224,7 @@ patches that can be used with softsynths such as Timidity and WildMidi.")
                    version ".tar.xz"))
              (sha256
               (base32
-               "0nb0gwcmvc9xjh9pjasjbaqgpadanv4rw1njccpcmmin9xvicsqn"))))
+               "1g5949jwh2n755xjs3kcbdb8a1wxr5mn0m115wdnk27dxcdn93b0"))))
     (build-system waf-build-system)
     (arguments
      `(#:tests? #f ; no "check" target
@@ -1409,17 +1418,16 @@ synchronous execution of all clients, and low latency operation.")
 (define-public jack-2
   (package (inherit jack-1)
     (name "jack2")
-    (version "1.9.10")
+    (version "1.9.11-RC1")
     (source (origin
              (method url-fetch)
-             (uri (string-append
-                   "https://github.com/jackaudio/jack2/archive/v"
-                   version
-                   ".tar.gz"))
+             (uri (string-append "https://github.com/jackaudio/jack2/releases/"
+                                 "download/v" version "/jack2-"
+                                 version ".tar.gz"))
              (file-name (string-append name "-" version ".tar.gz"))
              (sha256
               (base32
-               "03b0iiyk3ng3vh5s8gaqwn565vik7910p56mlbk512bw3dhbdwc8"))))
+               "0ks72xxv8qrpwjc2ksr74rnp178h62g5vdplb2rn4vhkw86yw3kk"))))
     (build-system waf-build-system)
     (arguments
      `(#:python ,python-2
@@ -3022,6 +3030,54 @@ mixers.")
 (define-public python2-pyalsaaudio
   (package-with-python2 python-pyalsaaudio))
 
+(define-public bluez-alsa
+  (package
+    (name "bluez-alsa")
+    (version "1.2.0")
+    (source (origin
+              ;; The tarballs are mere snapshots and don't contain a
+              ;; bootstrapped build system.
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/Arkq/bluez-alsa.git")
+                    (commit (string-append "v" version))))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "1qinf41wl2ihx54zmmhanycihwjkn7dn1cicq6pp4rqbiv79b95x"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'bootstrap
+           (lambda _
+             (zero? (system* "autoreconf" "-vif")))))))
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("libtool" ,libtool)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("alsa-lib" ,alsa-lib)
+       ("bluez" ,bluez)
+       ("glib" ,glib)
+       ("libbsd" ,libbsd)
+       ("ncurses" ,ncurses)
+       ("ortp" ,ortp)
+       ("sbc" ,sbc)))
+    (home-page "https://github.com/Arkq/bluez-alsa")
+    (synopsis "Bluetooth ALSA backend")
+    (description "This project is a rebirth of a direct integration between
+Bluez and ALSA.  Since Bluez >= 5, the build-in integration has been removed
+in favor of 3rd party audio applications.  From now on, Bluez acts as a
+middleware between an audio application, which implements Bluetooth audio
+profile, and a Bluetooth audio device.  BlueALSA registers all known Bluetooth
+audio profiles in Bluez, so in theory every Bluetooth device (with audio
+capabilities) can be connected.  In order to access the audio stream, one has
+to connect to the ALSA PCM device called @code{bluealsa}.  The device is based
+on the ALSA software PCM plugin.")
+    (license license:expat)))
+
 (define-public snd
   (package
     (name "snd")
diff --git a/gnu/packages/aux-files/linux-libre/4.14-arm.conf b/gnu/packages/aux-files/linux-libre/4.14-arm.conf
index 7f82c291a6..2bde47018a 100644
--- a/gnu/packages/aux-files/linux-libre/4.14-arm.conf
+++ b/gnu/packages/aux-files/linux-libre/4.14-arm.conf
@@ -1816,7 +1816,7 @@ CONFIG_TEGRA_AHB=y
 #
 # CONFIG_UEVENT_HELPER is not set
 CONFIG_DEVTMPFS=y
-# CONFIG_DEVTMPFS_MOUNT is not set
+CONFIG_DEVTMPFS_MOUNT=y
 CONFIG_STANDALONE=y
 CONFIG_PREVENT_FIRMWARE_BUILD=y
 CONFIG_FW_LOADER=y
@@ -7466,16 +7466,15 @@ CONFIG_DCACHE_WORD_ACCESS=y
 CONFIG_FS_IOMAP=y
 # CONFIG_EXT2_FS is not set
 # CONFIG_EXT3_FS is not set
-CONFIG_EXT4_FS=m
+CONFIG_EXT4_FS=y
 CONFIG_EXT4_USE_FOR_EXT2=y
 CONFIG_EXT4_FS_POSIX_ACL=y
 CONFIG_EXT4_FS_SECURITY=y
-CONFIG_EXT4_ENCRYPTION=y
-CONFIG_EXT4_FS_ENCRYPTION=y
+# CONFIG_EXT4_ENCRYPTION is not set
 # CONFIG_EXT4_DEBUG is not set
-CONFIG_JBD2=m
+CONFIG_JBD2=y
 # CONFIG_JBD2_DEBUG is not set
-CONFIG_FS_MBCACHE=m
+CONFIG_FS_MBCACHE=y
 CONFIG_REISERFS_FS=m
 # CONFIG_REISERFS_CHECK is not set
 # CONFIG_REISERFS_PROC_INFO is not set
@@ -7567,12 +7566,12 @@ CONFIG_UDF_NLS=y
 #
 # DOS/FAT/NT Filesystems
 #
-CONFIG_FAT_FS=m
+CONFIG_FAT_FS=y
 CONFIG_MSDOS_FS=m
-CONFIG_VFAT_FS=m
+CONFIG_VFAT_FS=y
 CONFIG_FAT_DEFAULT_CODEPAGE=437
-CONFIG_FAT_DEFAULT_IOCHARSET="ascii"
-CONFIG_FAT_DEFAULT_UTF8=y
+CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1"
+# CONFIG_FAT_DEFAULT_UTF8 is not set
 CONFIG_NTFS_FS=m
 # CONFIG_NTFS_DEBUG is not set
 # CONFIG_NTFS_RW is not set
@@ -7744,7 +7743,7 @@ CONFIG_9P_FS_POSIX_ACL=y
 CONFIG_9P_FS_SECURITY=y
 CONFIG_NLS=y
 CONFIG_NLS_DEFAULT="utf8"
-CONFIG_NLS_CODEPAGE_437=m
+CONFIG_NLS_CODEPAGE_437=y
 CONFIG_NLS_CODEPAGE_737=m
 CONFIG_NLS_CODEPAGE_775=m
 CONFIG_NLS_CODEPAGE_850=m
@@ -8162,7 +8161,7 @@ CONFIG_CRYPTO_VMAC=m
 #
 # Digest
 #
-CONFIG_CRYPTO_CRC32C=m
+CONFIG_CRYPTO_CRC32C=y
 CONFIG_CRYPTO_CRC32=m
 CONFIG_CRYPTO_CRCT10DIF=y
 CONFIG_CRYPTO_GHASH=m
@@ -8274,7 +8273,7 @@ CONFIG_GENERIC_IO=y
 CONFIG_STMP_DEVICE=y
 CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y
 CONFIG_CRC_CCITT=m
-CONFIG_CRC16=m
+CONFIG_CRC16=y
 CONFIG_CRC_T10DIF=y
 CONFIG_CRC_ITU_T=m
 CONFIG_CRC32=y
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index 68343491aa..2ee0d5336b 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -452,13 +452,13 @@ detection, and lossless compression.")
 (define-public borg
   (package
     (name "borg")
-    (version "1.1.2")
+    (version "1.1.3")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "borgbackup" version))
               (sha256
                (base32
-                "00jmbfysdpsb2vcckamvsxw5n8xqh4j67diam2p0lmqzsn92syq9"))
+                "1rvn8b6clzd1r317r9jkvk34r31risi0dxfjc7jffhnwasck4anc"))
               (modules '((guix build utils)))
               (snippet
                '(for-each
@@ -507,7 +507,8 @@ detection, and lossless compression.")
                             "and not benchmark "
                             ;; These tests assume the kernel supports FUSE.
                             "and not test_fuse "
-                            "and not test_fuse_allow_damaged_files"))))))
+                            "and not test_fuse_allow_damaged_files "
+                            "and not test_mount_hardlinks"))))))
          (add-after 'install 'install-doc
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out"))
@@ -543,7 +544,7 @@ provide an efficient and secure way to backup data.  The data deduplication
 technique used makes Borg suitable for daily backups since only changes are
 stored.  The authenticated encryption technique makes it suitable for backups
 to not fully trusted targets.  Borg is a fork of Attic.")
-    (home-page "https://borgbackup.github.io/borgbackup/")
+    (home-page "https://www.borgbackup.org/")
     (license license:bsd-3)))
 
 (define-public attic
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index 314aaa4077..f0b589b6c0 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -8,6 +8,7 @@
 ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2016 Raoul Bonnal <ilpuccio.febo@gmail.com>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -39,6 +40,7 @@
   #:use-module (guix build-system python)
   #:use-module (guix build-system r)
   #:use-module (guix build-system ruby)
+  #:use-module (guix build-system scons)
   #:use-module (guix build-system trivial)
   #:use-module (gnu packages)
   #:use-module (gnu packages autotools)
@@ -2961,7 +2963,7 @@ from high-throughput sequencing assays.")
 (define-public java-htsjdk
   (package
     (name "java-htsjdk")
-    (version "1.129")
+    (version "2.3.0") ; last version without build dependency on gradle
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2970,15 +2972,18 @@ from high-throughput sequencing assays.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0asdk9b8jx2ij7yd6apg9qx03li8q7z3ml0qy2r2qczkra79y6fw"))
+                "1ibhzzxsfc38nqyk9r8zqj6blfc1kh26iirypd4q6n90hs2m6nyq"))
               (modules '((guix build utils)))
-              ;; remove build dependency on git
-              (snippet '(substitute* "build.xml"
-                          (("failifexecutionfails=\"true\"")
-                           "failifexecutionfails=\"false\"")))))
+              (snippet
+               ;; Delete pre-built binaries
+               '(begin
+                  (delete-file-recursively "lib")
+                  (mkdir-p "lib")
+                  #t))))
     (build-system ant-build-system)
     (arguments
      `(#:tests? #f ; test require Internet access
+       #:jdk ,icedtea-8
        #:make-flags
        (list (string-append "-Ddist=" (assoc-ref %outputs "out")
                             "/share/java/htsjdk/"))
@@ -2987,6 +2992,15 @@ from high-throughput sequencing assays.")
        (modify-phases %standard-phases
          ;; The build phase also installs the jars
          (delete 'install))))
+    (inputs
+     `(("java-ngs" ,java-ngs)
+       ("java-snappy-1" ,java-snappy-1)
+       ("java-commons-compress" ,java-commons-compress)
+       ("java-commons-logging-minimal" ,java-commons-logging-minimal)
+       ("java-commons-jexl-2" ,java-commons-jexl-2)
+       ("java-xz" ,java-xz)))
+    (native-inputs
+     `(("java-testng" ,java-testng)))
     (home-page "http://samtools.github.io/htsjdk/")
     (synopsis "Java API for high-throughput sequencing data (HTS) formats")
     (description
@@ -2996,6 +3010,198 @@ sequencing (HTS) data.  There are also an number of useful utilities for
 manipulating HTS data.")
     (license license:expat)))
 
+;; This version matches java-htsjdk 2.3.0.  Later versions also require a more
+;; recent version of java-htsjdk, which depends on gradle.
+(define-public java-picard
+  (package
+    (name "java-picard")
+    (version "2.3.0")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/broadinstitute/picard.git")
+                    (commit version)))
+              (file-name (string-append "java-picard-" version "-checkout"))
+              (sha256
+               (base32
+                "1ll7mf4r3by92w2nhlmpa591xd1f46xlkwh59mq6fvbb5pdwzvx6"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  ;; Delete pre-built binaries.
+                  (delete-file-recursively "lib")
+                  (mkdir-p "lib")
+                  (substitute* "build.xml"
+                    ;; Remove build-time dependency on git.
+                    (("failifexecutionfails=\"true\"")
+                     "failifexecutionfails=\"false\"")
+                    ;; Use our htsjdk.
+                    (("depends=\"compile-htsjdk, ")
+                     "depends=\"")
+                    (("depends=\"compile-htsjdk-tests, ")
+                     "depends=\"")
+                    ;; Build picard-lib.jar before building picard.jar
+                    (("name=\"picard-jar\" depends=\"" line)
+                     (string-append line "picard-lib-jar, ")))
+                  #t))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:build-target "picard-jar"
+       #:test-target "test"
+       ;; Tests require jacoco:coverage.
+       #:tests? #f
+       #:make-flags
+       (list (string-append "-Dhtsjdk_lib_dir="
+                            (assoc-ref %build-inputs "java-htsjdk")
+                            "/share/java/htsjdk/")
+             "-Dhtsjdk-classes=dist/tmp"
+             (string-append "-Dhtsjdk-version="
+                            ,(package-version java-htsjdk)))
+       #:jdk ,icedtea-8
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'use-our-htsjdk
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "build.xml"
+               (("\\$\\{htsjdk\\}/lib")
+                (string-append (assoc-ref inputs "java-htsjdk")
+                               "/share/java/htsjdk/")))
+             #t))
+         (add-after 'unpack 'make-test-target-independent
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "build.xml"
+               (("name=\"test\" depends=\"compile, ")
+                "name=\"test\" depends=\""))
+             #t))
+         (replace 'install (install-jars "dist")))))
+    (inputs
+     `(("java-htsjdk" ,java-htsjdk)
+       ("java-guava" ,java-guava)))
+    (native-inputs
+     `(("java-testng" ,java-testng)))
+    (home-page "http://broadinstitute.github.io/picard/")
+    (synopsis "Tools for manipulating high-throughput sequencing data and formats")
+    (description "Picard is a set of Java command line tools for manipulating
+high-throughput sequencing (HTS) data and formats.  Picard is implemented
+using the HTSJDK Java library to support accessing file formats that are
+commonly used for high-throughput sequencing data such as SAM, BAM, CRAM and
+VCF.")
+    (license license:expat)))
+
+;; This is the last version of Picard to provide net.sf.samtools
+(define-public java-picard-1.113
+  (package (inherit java-picard)
+    (name "java-picard")
+    (version "1.113")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/broadinstitute/picard.git")
+                    (commit version)))
+              (file-name (string-append "java-picard-" version "-checkout"))
+              (sha256
+               (base32
+                "0lkpvin2fz3hhly4l02kk56fqy8lmlgyzr9kmvljk6ry6l1hw973"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  ;; Delete pre-built binaries.
+                  (delete-file-recursively "lib")
+                  (mkdir-p "lib")
+                  #t))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:build-target "picard-jar"
+       #:test-target "test"
+       ;; FIXME: the class path at test time is wrong.
+       ;; [testng] Error: A JNI error has occurred, please check your installation and try again
+       ;; [testng] Exception in thread "main" java.lang.NoClassDefFoundError: com/beust/jcommander/ParameterException
+       #:tests? #f
+       #:jdk ,icedtea-8
+       ;; This is only used for tests.
+       #:make-flags
+       (list "-Dsamjdk.intel_deflater_so_path=lib/jni/libIntelDeflater.so")
+       #:phases
+       (modify-phases %standard-phases
+         ;; Do not use bundled ant bzip2.
+         (add-after 'unpack 'use-ant-bzip
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "build.xml"
+               (("\\$\\{lib\\}/apache-ant-1.8.2-bzip2.jar")
+                (string-append (assoc-ref inputs "ant")
+                               "/lib/ant.jar")))
+             #t))
+         (add-after 'unpack 'make-test-target-independent
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "build.xml"
+               (("name=\"test\" depends=\"compile, ")
+                "name=\"test\" depends=\"compile-tests, ")
+               (("name=\"compile\" depends=\"compile-src, compile-tests\"")
+                "name=\"compile\" depends=\"compile-src\""))
+             #t))
+         (add-after 'unpack 'fix-deflater-path
+           (lambda* (#:key outputs #:allow-other-keys)
+             (substitute* "src/java/net/sf/samtools/Defaults.java"
+               (("getStringProperty\\(\"intel_deflater_so_path\", null\\)")
+                (string-append "getStringProperty(\"intel_deflater_so_path\", \""
+                               (assoc-ref outputs "out")
+                               "/lib/jni/libIntelDeflater.so"
+                               "\")")))
+             #t))
+         ;; Build the deflater library, because we've previously deleted the
+         ;; pre-built one.  This can only be built with access to the JDK
+         ;; sources.
+         (add-after 'build 'build-jni
+           (lambda* (#:key inputs #:allow-other-keys)
+             (mkdir-p "lib/jni")
+             (mkdir-p "jdk-src")
+             (and (zero? (system* "tar" "--strip-components=1" "-C" "jdk-src"
+                                  "-xf" (assoc-ref inputs "jdk-src")))
+                  (zero? (system* "javah" "-jni"
+                                  "-classpath" "classes"
+                                  "-d" "lib/"
+                                  "net.sf.samtools.util.zip.IntelDeflater"))
+                  (with-directory-excursion "src/c/inteldeflater"
+                    (zero? (system* "gcc" "-I../../../lib" "-I."
+                                    (string-append "-I" (assoc-ref inputs "jdk")
+                                                   "/include/linux")
+                                    "-I../../../jdk-src/src/share/native/common/"
+                                    "-I../../../jdk-src/src/solaris/native/common/"
+                                    "-c" "-O3" "-fPIC" "IntelDeflater.c"))
+                    (zero? (system* "gcc" "-shared"
+                                    "-o" "../../../lib/jni/libIntelDeflater.so"
+                                    "IntelDeflater.o" "-lz" "-lstdc++"))))))
+         ;; We can only build everything else after building the JNI library.
+         (add-after 'build-jni 'build-rest
+           (lambda* (#:key make-flags #:allow-other-keys)
+             (zero? (apply system* `("ant" "all" ,@make-flags)))))
+         (add-before 'build 'set-JAVA6_HOME
+           (lambda _
+             (setenv "JAVA6_HOME" (getenv "JAVA_HOME"))
+             #t))
+         (replace 'install (install-jars "dist"))
+         (add-after 'install 'install-jni-lib
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((jni (string-append (assoc-ref outputs "out")
+                                       "/lib/jni")))
+               (mkdir-p jni)
+               (install-file "lib/jni/libIntelDeflater.so" jni)
+               #t))))))
+    (inputs
+     `(("java-snappy-1" ,java-snappy-1)
+       ("java-commons-jexl-2" ,java-commons-jexl-2)
+       ("java-cofoja" ,java-cofoja)
+       ("ant" ,ant) ; for bzip2 support at runtime
+       ("zlib" ,zlib)))
+    (native-inputs
+     `(("ant-apache-bcel" ,ant-apache-bcel)
+       ("ant-junit" ,ant-junit)
+       ("java-testng" ,java-testng)
+       ("java-commons-bcel" ,java-commons-bcel)
+       ("java-jcommander" ,java-jcommander)
+       ("jdk" ,icedtea-8 "jdk")
+       ("jdk-src" ,(car (assoc-ref (package-native-inputs icedtea-8) "jdk-drop")))))))
+
 (define-public htslib
   (package
     (name "htslib")
@@ -3050,7 +3256,7 @@ data.  It also provides the bgzip, htsfile, and tabix utilities.")
 (define-public idr
   (package
     (name "idr")
-    (version "2.0.0")
+    (version "2.0.3")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -3059,10 +3265,15 @@ data.  It also provides the bgzip, htsfile, and tabix utilities.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1k3x44biak00aiv3hpm1yd6nn4hhp7n0qnbs3zh2q9sw7qr1qj5r"))))
+                "1rjdly6daslw66r43g9md8znizlscn1sphycqyldzsidkc4vxqv3"))
+              ;; Delete generated C code.
+              (snippet
+               '(begin (delete-file "idr/inv_cdf.c") #t))))
     (build-system python-build-system)
-    (arguments
-     `(#:tests? #f)) ; FIXME: "ImportError: No module named 'utility'"
+    ;; There is only one test ("test_inv_cdf.py") and it tests features that
+    ;; are no longer part of this package.  It also asserts False, which
+    ;; causes the tests to always fail.
+    (arguments `(#:tests? #f))
     (propagated-inputs
      `(("python-scipy" ,python-scipy)
        ("python-sympy" ,python-sympy)
@@ -3076,12 +3287,12 @@ data.  It also provides the bgzip, htsfile, and tabix utilities.")
      "The IDR (Irreproducible Discovery Rate) framework is a unified approach
 to measure the reproducibility of findings identified from replicate
 experiments and provide highly stable thresholds based on reproducibility.")
-    (license license:gpl3+)))
+    (license license:gpl2+)))
 
 (define-public jellyfish
   (package
     (name "jellyfish")
-    (version "2.2.4")
+    (version "2.2.7")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/gmarcais/Jellyfish/"
@@ -3089,7 +3300,7 @@ experiments and provide highly stable thresholds based on reproducibility.")
                                   "/jellyfish-" version ".tar.gz"))
               (sha256
                (base32
-                "0a6xnynqy2ibfbfz86b9g2m2dgm7f1469pmymkpam333gi3p26nk"))))
+                "1a1iwq9pq54k2m9ypvwl5s0bqfl64gwh9dx5af9i382ajas2016q"))))
     (build-system gnu-build-system)
     (outputs '("out"      ;for library
                "ruby"     ;for Ruby bindings
@@ -3112,7 +3323,10 @@ experiments and provide highly stable thresholds based on reproducibility.")
      `(("bc" ,bc)
        ("time" ,time)
        ("ruby" ,ruby)
-       ("python" ,python-2)))
+       ("python" ,python-2)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("htslib" ,htslib)))
     (synopsis "Tool for fast counting of k-mers in DNA")
     (description
      "Jellyfish is a tool for fast, memory-efficient counting of k-mers in
@@ -3434,9 +3648,14 @@ form of assemblies or reads.")
         (base32
          "1hmvdalz3zj5sqqklg0l4npjdv37cv2hsdi1al9iby2ndxjs1b73"))
        (patches (search-patches "metabat-fix-compilation.patch"))))
-    (build-system gnu-build-system)
+    (build-system scons-build-system)
     (arguments
-     `(#:phases
+     `(#:scons ,scons-python2
+       #:scons-flags
+       (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
+             (string-append "BOOST_ROOT=" (assoc-ref %build-inputs "boost")))
+       #:tests? #f ;; Tests are run during the build phase.
+       #:phases
        (modify-phases %standard-phases
          (add-after 'unpack 'fix-includes
            (lambda _
@@ -3466,30 +3685,13 @@ form of assemblies or reads.")
                                "/lib'"))
                ;; Do not distribute README.
                (("^env\\.Install\\(idir_prefix, 'README\\.md'\\)") ""))
-             #t))
-         (delete 'configure)
-         (replace 'build
-           (lambda* (#:key inputs outputs #:allow-other-keys)
-             (mkdir (assoc-ref outputs "out"))
-             (zero? (system* "scons"
-                             (string-append
-                              "PREFIX="
-                              (assoc-ref outputs "out"))
-                             (string-append
-                              "BOOST_ROOT="
-                              (assoc-ref inputs "boost"))
-                             "install"))))
-         ;; Check and install are carried out during build phase.
-         (delete 'check)
-         (delete 'install))))
+             #t)))))
     (inputs
      `(("zlib" ,zlib)
        ("perl" ,perl)
        ("samtools" ,samtools)
        ("htslib" ,htslib)
        ("boost" ,boost)))
-    (native-inputs
-     `(("scons" ,scons)))
     (home-page "https://bitbucket.org/berkeleylab/metabat")
     (synopsis
      "Reconstruction of single genomes from complex microbial communities")
@@ -5412,14 +5614,14 @@ sequences.")
 (define-public subread
   (package
     (name "subread")
-    (version "1.5.1")
+    (version "1.6.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/subread/subread-"
                                   version "/subread-" version "-source.tar.gz"))
               (sha256
                (base32
-                "0gn5zhbvllks0mmdg3qlmsbg91p2mpdc2wixwfqpi85yzfrh8hcy"))))
+                "0ah0n4jx6ksk2m2j7xk385x2qzmk1y4rfc6a4mfrdqrlq721w99i"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ;no "check" target
@@ -5676,14 +5878,14 @@ data types as well.")
 (define-public r-annotate
   (package
     (name "r-annotate")
-    (version "1.56.0")
+    (version "1.56.1")
     (source
      (origin
        (method url-fetch)
        (uri (bioconductor-uri "annotate" version))
        (sha256
         (base32
-         "0wlrp3v2jxw9is98ap39dfi7z97kmw1wv1xi4h7yfh12zpj2r8l0"))))
+         "14c5xd9kasvcwg5gbjys2c1vizxhlqlzxakqc2kml0kw97hmx0rq"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-annotationdbi" ,r-annotationdbi)
@@ -5700,6 +5902,29 @@ data types as well.")
 microarrays.")
     (license license:artistic2.0)))
 
+(define-public r-copynumber
+  (package
+    (name "r-copynumber")
+    (version "1.18.0")
+    (source (origin
+              (method url-fetch)
+              (uri (bioconductor-uri "copynumber" version))
+              (sha256
+               (base32
+                "01kcwzl485yjrkgyg8117b1il957ss0v6rq4bbxf4ksd5fzcjmyx"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-s4vectors" ,r-s4vectors)
+       ("r-iranges" ,r-iranges)
+       ("r-genomicranges" ,r-genomicranges)
+       ("r-biocgenerics" ,r-biocgenerics)))
+    (home-page "https://bioconductor.org/packages/copynumber")
+    (synopsis "Segmentation of single- and multi-track copy number data")
+    (description
+     "This package segments single- and multi-track copy number data by a
+penalized least squares regression method.")
+    (license license:artistic2.0)))
+
 (define-public r-geneplotter
   (package
     (name "r-geneplotter")
@@ -5755,14 +5980,14 @@ high-throughput sequencing experiments.")
 (define-public r-deseq2
   (package
     (name "r-deseq2")
-    (version "1.18.0")
+    (version "1.18.1")
     (source
      (origin
        (method url-fetch)
        (uri (bioconductor-uri "DESeq2" version))
        (sha256
         (base32
-         "1hcxnkkjfvz4hj8iqidshwsjq7jnl1z7wj63dvcwlx1zx5aichyh"))))
+         "1iyimg1s0x5pdmvl8x08s8h0v019y0nhjzs50chagbpk2x91fsmv"))))
     (properties `((upstream-name . "DESeq2")))
     (build-system r-build-system)
     (propagated-inputs
@@ -5792,14 +6017,14 @@ distribution.")
 (define-public r-dexseq
   (package
     (name "r-dexseq")
-    (version "1.24.0")
+    (version "1.24.1")
     (source
      (origin
        (method url-fetch)
        (uri (bioconductor-uri "DEXSeq" version))
        (sha256
         (base32
-         "0qxwnz2ffhav9slcn095k206cfza9i3i5l7w1154plf08gpy1d1d"))))
+         "1hwckj4ijgpdchbakvh60nmcaz4fwd5yplhn0880z3dnlsrp8ik3"))))
     (properties `((upstream-name . "DEXSeq")))
     (build-system r-build-system)
     (propagated-inputs
@@ -5886,14 +6111,14 @@ the graph algorithms contained in the Boost library.")
 (define-public r-gseabase
   (package
     (name "r-gseabase")
-    (version "1.40.0")
+    (version "1.40.1")
     (source
      (origin
        (method url-fetch)
        (uri (bioconductor-uri "GSEABase" version))
        (sha256
         (base32
-         "0kpkl6c5lrar6ip7wlhvd5axqlb9lb5l3lgbdb3dlih32c3nz0yq"))))
+         "10cmjxahg2plwacfan6g0k8cwyzya96ypc7m1r79gwqkyykxw5fz"))))
     (properties `((upstream-name . "GSEABase")))
     (build-system r-build-system)
     (propagated-inputs
@@ -6541,14 +6766,14 @@ checks on R packages that are to be submitted to the Bioconductor repository.")
 (define-public r-getopt
   (package
     (name "r-getopt")
-    (version "1.20.0")
+    (version "1.20.1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "getopt" version))
        (sha256
         (base32
-         "00f57vgnzmg7cz80rjmjz1556xqcmx8nhrlbbhaq4w7gl2ibl87r"))))
+         "0m463mcvixh54i3ng42n0vxmdlf97dgbfs2sf9wnjm782ddw68hm"))))
     (build-system r-build-system)
     (home-page "https://github.com/trevorld/getopt")
     (synopsis "Command-line option processor for R")
@@ -6768,13 +6993,13 @@ CAGE.")
 (define-public r-variantannotation
   (package
     (name "r-variantannotation")
-    (version "1.24.0")
+    (version "1.24.2")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "VariantAnnotation" version))
               (sha256
                (base32
-                "1lllp2vgyfbrar1yg28ji7am470hfzrzxm1bgdk68xpnrwcgcl25"))))
+                "19wgb2kcqy97pm3xgqc781id9fbmzp1hdwzkkhdzpvyf29w4n29j"))))
     (properties
      `((upstream-name . "VariantAnnotation")))
     (inputs
@@ -6806,13 +7031,13 @@ coding changes and predict coding outcomes.")
 (define-public r-limma
   (package
     (name "r-limma")
-    (version "3.34.0")
+    (version "3.34.2")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "limma" version))
               (sha256
                (base32
-                "0a15gsaky0hfrkx8wrrmp0labzxpq6m2hrd33zl206wyas8bqzcs"))))
+                "1zyw01z9crm1jc86fva4pqxd9zxfsbsqwjq6ry39gag9pfb7pwcz"))))
     (build-system r-build-system)
     (home-page "http://bioinf.wehi.edu.au/limma")
     (synopsis "Package for linear models for microarray and RNA-seq data")
@@ -7127,13 +7352,13 @@ samples.")
 (define-public r-genomicalignments
   (package
     (name "r-genomicalignments")
-    (version "1.14.0")
+    (version "1.14.1")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "GenomicAlignments" version))
               (sha256
                (base32
-                "0sw30lj11wv7ifzypqm04lcah987crqwvj48wz3flaw3biw41zfi"))))
+                "033p6fw46sn7w2yyn14nb9qcnkf30cl0nv6zh014ixflm3iifz39"))))
     (properties
      `((upstream-name . "GenomicAlignments")))
     (build-system r-build-system)
@@ -8098,14 +8323,14 @@ library implementing most of the pipeline's features.")
 (define-public r-mutationalpatterns
   (package
     (name "r-mutationalpatterns")
-    (version "1.4.0")
+    (version "1.4.1")
     (source
      (origin
        (method url-fetch)
        (uri (bioconductor-uri "MutationalPatterns" version))
        (sha256
         (base32
-         "0sqbrswg8ylkjb9q3vqcb5ggwixynwj6hyv2n4sk7snyk61z3fq9"))))
+         "1qhxlfl85ifr30wrsidcn3kca3vs8fd8cmwd82gvgx9ppww8vs06"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-biocgenerics" ,r-biocgenerics)
@@ -8311,11 +8536,6 @@ of gene-level counts.")
            (lambda* (#:key outputs #:allow-other-keys)
              (system* "tar" "-xzvf"
                       "src/hdf5source/hdf5small.tgz" "-C" "src/" )
-             (substitute* "src/Makevars"
-               (("^.*cd hdf5source &&.*$") "")
-               (("^.*gunzip -dc hdf5small.tgz.*$") "")
-               (("^.*rm -rf hdf5.*$") "")
-               (("^.*mv hdf5source/hdf5 ..*$") ""))
              (substitute* "src/hdf5/configure"
                (("/bin/mv") "mv"))
              #t)))))
@@ -8851,14 +9071,14 @@ trait.")
 (define-public r-maldiquant
   (package
     (name "r-maldiquant")
-    (version "1.16.4")
+    (version "1.17")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "MALDIquant" version))
        (sha256
         (base32
-         "1pmhsfvd45a44xdiml4zx3zd5fhygqyziqvygahkk9yibnyhv4cv"))))
+         "047s6007ydc38x8wm027mlb4mngz15n0d4238fr8h43wyll5zy0z"))))
     (properties `((upstream-name . "MALDIquant")))
     (build-system r-build-system)
     (home-page "http://cran.r-project.org/web/packages/MALDIquant")
@@ -9132,14 +9352,14 @@ of mass spectrometry based proteomics data.")
 (define-public r-msnid
   (package
     (name "r-msnid")
-    (version "1.11.0")
+    (version "1.12.1")
     (source
      (origin
        (method url-fetch)
        (uri (bioconductor-uri "MSnID" version))
        (sha256
         (base32
-         "1vi4ngwbayrv2jkfb4pbmdp37xn04y07rh1jcklqfh0fcrm1jdig"))))
+         "1zw508kk4f8brg69674wp18gqkpx2kpya5f6x9cl3qng7v4h5pxx"))))
     (properties `((upstream-name . "MSnID")))
     (build-system r-build-system)
     (propagated-inputs
@@ -9370,14 +9590,14 @@ Shiny-based display methods for Bioconductor objects.")
 (define-public r-annotationhub
   (package
     (name "r-annotationhub")
-    (version "2.10.0")
+    (version "2.10.1")
     (source
      (origin
        (method url-fetch)
        (uri (bioconductor-uri "AnnotationHub" version))
        (sha256
         (base32
-         "1arfka3czw8hkv6n2d85bgibq81s2rgkwhmpaxzhy6nw39vv7y8b"))))
+         "14v8g44a6zg9j2rwn9x9y8509k0wr2cw8yccliz24glplb40wva4"))))
     (properties `((upstream-name . "AnnotationHub")))
     (build-system r-build-system)
     (propagated-inputs
@@ -10859,3 +11079,32 @@ contains a few programs for model fitting and phylogenetic tree reconstruction
 using nucleotide or amino-acid sequence data.")
     ;; GPLv3 only
     (license license:gpl3)))
+
+(define-public kallisto
+  (package
+    (name "kallisto")
+    (version "0.43.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/pachterlab/"
+                                  "kallisto/archive/v" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "03j3iqhvq7ya3c91gidly3k3jvgm97vjq4scihrlxh315j696r11"))))
+    (build-system cmake-build-system)
+    (arguments `(#:tests? #f))          ; no "check" target
+    (inputs
+     `(("hdf5" ,hdf5)
+       ("zlib" ,zlib)))
+    (home-page "http://pachterlab.github.io/kallisto/")
+    (synopsis "Near-optimal RNA-Seq quantification")
+    (description
+     "Kallisto is a program for quantifying abundances of transcripts from
+RNA-Seq data, or more generally of target sequences using high-throughput
+sequencing reads.  It is based on the novel idea of pseudoalignment for
+rapidly determining the compatibility of reads with targets, without the need
+for alignment.  Pseudoalignment of reads preserves the key information needed
+for quantification, and kallisto is therefore not only fast, but also as
+accurate as existing quantification tools.")
+    (license license:bsd-2)))
diff --git a/gnu/packages/bittorrent.scm b/gnu/packages/bittorrent.scm
index cad8b667bb..02a687cda7 100644
--- a/gnu/packages/bittorrent.scm
+++ b/gnu/packages/bittorrent.scm
@@ -382,7 +382,7 @@ and will take advantage of multiple processor cores where possible.")
 (define-public libtorrent-rasterbar
   (package
     (name "libtorrent-rasterbar")
-    (version "1.1.2")
+    (version "1.1.5")
     (source (origin
               (method url-fetch)
               (uri
@@ -390,11 +390,9 @@ and will take advantage of multiple processor cores where possible.")
                 "https://github.com/arvidn/libtorrent/releases/download/libtorrent-"
                 (string-join (string-split version #\.) "_")
                 "/libtorrent-rasterbar-" version ".tar.gz"))
-              (patches
-               (search-patches "libtorrent-rasterbar-boost-compat.patch"))
               (sha256
                (base32
-                "16im9qsmfrmmkhfjpij9739nqpn4s6wgc9cikdxbcyshfhimzra5"))))
+                "0c398b7hsa5dvj4m0jc8h7mn0m3nawmagb6c5c7ml5c9hc338c8h"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
index 20f38b2d0d..3cffbcfeb6 100644
--- a/gnu/packages/bootloaders.scm
+++ b/gnu/packages/bootloaders.scm
@@ -50,7 +50,9 @@
   #:use-module (guix git-download)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
-  #:use-module (guix utils))
+  #:use-module (guix utils)
+  #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-26))
 
 (define unifont
   ;; GNU Unifont, <http://gnu.org/s/unifont>.
@@ -75,7 +77,7 @@
                "03vvdfhdmf16121v7xs8is2krwnv15wpkhkf16a4yf8nsfc3f2w1"))))
     (build-system gnu-build-system)
     (arguments
-     '(#:phases (modify-phases %standard-phases
+     `(#:phases (modify-phases %standard-phases
                   (add-after 'unpack 'patch-stuff
                    (lambda* (#:key inputs #:allow-other-keys)
                      (substitute* "grub-core/Makefile.in"
@@ -102,7 +104,11 @@
                       (substitute* "Makefile.in"
                         (("grub_cmd_date grub_cmd_set_date grub_cmd_sleep")
                           "grub_cmd_date grub_cmd_sleep"))
-                      #t)))))
+                      #t)))
+       ;; Disable tests on ARM and AARCH64 platforms.
+       #:tests? ,(not (any (cute string-prefix? <> (or (%current-target-system)
+                                                       (%current-system)))
+                           '("arm" "aarch64")))))
     (inputs
      `(("gettext" ,gettext-minimal)
 
@@ -158,8 +164,8 @@ menu to select one of the installed operating systems.")
      `(;; TODO: Tests need a UEFI firmware for qemu. There is one at
        ;; https://github.com/tianocore/edk2/tree/master/OvmfPkg .
        ;; Search for 'OVMF' in "tests/util/grub-shell.in".
-       #:tests? #f
        ,@(substitute-keyword-arguments (package-arguments grub)
+           ((#:tests? _ #f) #f)
            ((#:configure-flags flags ''())
             `(cons "--with-platform=efi" ,flags))
            ((#:phases phases)
@@ -296,7 +302,11 @@ menu to select one of the installed operating systems.")
                     "dtc-" version ".tar.xz"))
               (sha256
                (base32
-                "08gnl39i4xy3dm8iqwlz2ygx0ml1bgc5kpiys5ll1wvah1j72b04"))))
+                "08gnl39i4xy3dm8iqwlz2ygx0ml1bgc5kpiys5ll1wvah1j72b04"))
+              ;; Fix build and tests on 32 bits platforms.
+              ;; Will probably be fixed in 1.4.6 release.
+              (patches (search-patches "dtc-format-modifier.patch"
+                                       "dtc-32-bits-check.patch"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("bison" ,bison)
@@ -323,7 +333,7 @@ tree binary files.  These are board description files used by Linux and BSD.")
 (define u-boot
   (package
     (name "u-boot")
-    (version "2017.07")
+    (version "2017.11")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -331,7 +341,7 @@ tree binary files.  These are board description files used by Linux and BSD.")
                     "u-boot-" version ".tar.bz2"))
               (sha256
                (base32
-                "1zzywk0fgngm1mfnhkp8d0v57rs51zr1y6rp4p03i6nbibfbyx2k"))))
+                "01bcsah5imy6m3fbjwhqywxg0pfk5fl8ks9ylb7kv3zmrb9qy0ba"))))
     (native-inputs
      `(("bc" ,bc)
        ("dtc" ,dtc)
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index f266d75b62..30e53e3458 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -74,7 +75,7 @@
 (define-public nss-certs
   (package
     (name "nss-certs")
-    (version "3.34")
+    (version "3.34.1")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -85,7 +86,7 @@
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "1x9acn47iva9j42kxfamgvn99lrnqv47fgn3rz3j6c1ph50rai8d"))))
+                "186x33wsk4mzjz7dzbn8p0py9a0nzkgzpfkdv4rlyy5gghv5vhd3"))))
     (build-system gnu-build-system)
     (outputs '("out"))
     (native-inputs
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index b3377a2fb4..0cee54848c 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1215,6 +1215,64 @@ install: libbitshuffle.so
 compresser/decompresser.")
     (license license:asl2.0)))
 
+(define-public java-snappy-1
+  (package
+    (inherit java-snappy)
+    (version "1.0.3-rc3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/xerial/snappy-java/archive/"
+                                  "snappy-java-" version ".tar.gz"))
+              (sha256
+               (base32
+                "08hsxlqidiqck0q57fshwyv3ynyxy18vmhrai9fyc8mz17m7gsa3"))))
+    (arguments
+     `(#:jar-name "snappy.jar"
+       #:source-dir "src/main/java"
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'remove-binaries
+           (lambda _
+             (delete-file "lib/org/xerial/snappy/OSInfo.class")
+             (delete-file-recursively "src/main/resources/org/xerial/snappy/native")
+             #t))
+         (add-before 'build 'build-jni
+           (lambda _
+             ;; Rebuild one of the binaries we removed earlier
+             (system* "javac" "src/main/java/org/xerial/snappy/OSInfo.java"
+                      "-d" "lib")
+             ;; Link to the dynamic snappy, not the static ones
+             (substitute* "Makefile.common"
+               (("-shared") "-shared -lsnappy"))
+             (substitute* "Makefile"
+               ;; Don't download the sources here.
+               (("\\$\\(SNAPPY_UNPACKED\\) ") "")
+               ((": \\$\\(SNAPPY_UNPACKED\\) ") ":")
+               ;; What we actually want to build
+               (("SNAPPY_OBJ:=.*")
+                "SNAPPY_OBJ:=$(addprefix $(SNAPPY_OUT)/, SnappyNative.o)\n")
+               ;; Since we removed the directory structure in "native" during
+               ;; the previous phase, we need to recreate it.
+               (("NAME\\): \\$\\(SNAPPY_OBJ\\)")
+                "NAME): $(SNAPPY_OBJ)\n\t@mkdir -p $(@D)"))
+             ;; Finally we can run the Makefile to build the dynamic library.
+             (zero? (system* "make" "native"))))
+         ;; Once we have built the shared library, we need to place it in the
+         ;; "build" directory so it can be added to the jar file.
+         (add-after 'build-jni 'copy-jni
+           (lambda _
+             (copy-recursively "src/main/resources/org/xerial/snappy/native"
+                               "build/classes/org/xerial/snappy/native")
+             #t))
+         (add-before 'check 'fix-tests
+           (lambda _
+             (mkdir-p "src/test/resources/org/xerial/snappy/")
+             (copy-recursively "src/test/java/org/xerial/snappy/testdata"
+                               "src/test/resources/org/xerial/snappy/testdata")
+             (install-file "src/test/java/org/xerial/snappy/alice29.txt"
+                           "src/test/resources/org/xerial/snappy/")
+             #t)))))))
+
 (define-public java-iq80-snappy
   (package
     (name "java-iq80-snappy")
@@ -1265,6 +1323,46 @@ Java.  This compression code produces a byte-for-byte exact copy of the output
 created by the original C++ code, and extremely fast.")
     (license license:asl2.0)))
 
+(define-public java-jbzip2
+  (package
+    (name "java-jbzip2")
+    (version "0.9.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://storage.googleapis.com/"
+                                  "google-code-archive-source/v2/"
+                                  "code.google.com/jbzip2/"
+                                  "source-archive.zip"))
+              (file-name (string-append name "-" version ".zip"))
+              (sha256
+               (base32
+                "0ncmhlqmrfmj96nqf6p77b9ws35lcfsvpfxzwxi2asissc83z1l3"))))
+    (build-system ant-build-system)
+    (native-inputs
+     `(("unzip" ,unzip)
+       ("java-junit" ,java-junit)))
+    (arguments
+     `(#:tests? #f                      ; no tests
+       #:jar-name "jbzip2.jar"
+       #:source-dir "tags/release-0.9.1/src"
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'fix-encoding-problems
+           (lambda _
+             ;; Some of the files we're patching are
+             ;; ISO-8859-1-encoded, so choose it as the default
+             ;; encoding so the byte encoding is preserved.
+             (with-fluids ((%default-port-encoding #f))
+               (substitute* "tags/release-0.9.1/src/org/itadaki/bzip2/HuffmanAllocator.java"
+                 (("Milidi.") "Milidiu")))
+             #t)))))
+    (home-page "https://code.google.com/archive/p/jbzip2/")
+    (synopsis "Java bzip2 compression/decompression library")
+    (description "Jbzip2 is a Java bzip2 compression/decompression library.
+It can be used as a replacement for the Apache @code{CBZip2InputStream} /
+@code{CBZip2OutputStream} classes.")
+    (license license:expat)))
+
 (define-public p7zip
   (package
     (name "p7zip")
@@ -1736,30 +1834,20 @@ manipulate, read, and write Zip archive files.")
 (define-public libzip
   (package
     (name "libzip")
-    (version "1.3.0")
+    (version "1.3.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                    "https://nih.at/libzip/libzip-" version ".tar.xz"))
+                    "https://libzip.org/download/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0wykw0q9dwdzx0gssi2dpgckx9ggr2spzc1amjnff6wi6kz6x4xa"))))
-    (arguments
-     '(#:phases
-       (modify-phases %standard-phases
-         (add-after 'build 'remove-failing-tests
-           ;; These tests are known to fail on 32-bit architectures.
-           ;; see thread: https://nih.at/listarchive/libzip-discuss/msg00713.html
-           (lambda _
-             (substitute* "regress/Makefile"
-               (("encryption-nonrandom") "#encryption-nonrandom"))
-             #t)))))
+                "11g1hvm2bxa2v5plakfzcwyk5hb5fz4kgrkp38l0xhnv21888xv2"))))
     (native-inputs
      `(("perl" ,perl)))
     (inputs
      `(("zlib" ,zlib)))
     (build-system gnu-build-system)
-    (home-page "https://nih.at/libzip/index.html")
+    (home-page "https://libzip.org")
     (synopsis "C library for reading, creating, and modifying zip archives")
     (description "Libzip is a C library for reading, creating, and modifying
 zip archives.  Files can be added from data buffers, files, or compressed data
diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm
index 9eb54c0358..11d30815cf 100644
--- a/gnu/packages/cran.scm
+++ b/gnu/packages/cran.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 Roel Janssen <roel@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -25,6 +26,7 @@
   #:use-module (gnu packages gcc)
   #:use-module (gnu packages machine-learning)
   #:use-module (gnu packages maths)
+  #:use-module (gnu packages mpi)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages statistics)
   #:use-module (gnu packages web))
@@ -92,13 +94,13 @@ error stream.")
 (define-public r-rcpp
   (package
     (name "r-rcpp")
-    (version "0.12.13")
+    (version "0.12.14")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "Rcpp" version))
        (sha256
-        (base32 "1bm84yc48475plgsnnbvzi6nzkixpnfw8ry86ax63f9g524asw55"))))
+        (base32 "0qvyxggddyg87lza45hjl0a2prabdyshkqzkz418vi777zygqa6s"))))
     (build-system r-build-system)
     (home-page "http://www.rcpp.org")
     (synopsis "Seamless R and C++ integration")
@@ -242,14 +244,14 @@ validation and filtering on the values, making options invisible or private.")
 (define-public r-circlize
   (package
     (name "r-circlize")
-    (version "0.4.1")
+    (version "0.4.2")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "circlize" version))
        (sha256
         (base32
-         "1w7i3jgxgq510axglzmw54ma9kq7k4c86i9ccndz10mrwc51fji0"))))
+         "0py82f5v25mi0s4626zbl5br1frdrj3diz2dakar1rz5yn956mdi"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-colorspace" ,r-colorspace)
@@ -318,14 +320,14 @@ rows, dropping names) to see if the modified versions are identical.")
 (define-public r-dendextend
   (package
     (name "r-dendextend")
-    (version "1.5.2")
+    (version "1.6.0")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "dendextend" version))
        (sha256
         (base32
-         "04jz58apibfrkjcrdmw2hmsav6qpb5cs6qdai81k1v1iznfcya42"))))
+         "0pichh08zi12lpxzc061dmv4smj6lizygd1xymln8wfz18sf7923"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-fpc" ,r-fpc)
@@ -601,6 +603,29 @@ and other distributions related to the eigenvalues of large Wishart
 matrices.")
     (license license:bsd-3)))
 
+(define-public r-rmpi
+  (package
+    (name "r-rmpi")
+    (version "0.6-6")
+    (source (origin
+              (method url-fetch)
+              (uri (cran-uri "Rmpi" version))
+              (sha256
+               (base32
+                "0fm6z049aaq2c9xagm8n64d9560hg9d8hyb0m359fii672nhkz6q"))))
+    (properties `((upstream-name . "Rmpi")))
+    (build-system r-build-system)
+    (arguments
+     `(#:configure-flags '("--configure-args=\"--with-Rmpi-type=OPENMPI\"")))
+    (inputs
+     `(("openmpi" ,openmpi)))
+    (home-page "http://www.stats.uwo.ca/faculty/yu/Rmpi")
+    (synopsis "R interface to message-passing interface (MPI)")
+    (description
+     "This package provides an interface (wrapper) to MPI APIs.  It also
+provides an interactive R manager and worker environment.")
+    (license license:gpl2+)))
+
 (define-public r-lmoments
   (package
     (name "r-lmoments")
@@ -1059,14 +1084,14 @@ methods.")
 (define-public r-timedate
   (package
     (name "r-timedate")
-    (version "3012.100")
+    (version "3042.101")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "timeDate" version))
        (sha256
         (base32
-         "0cn4h23y2y2bbg62qgm79xx4cvfla5xbpmi9hbdvkvpmm5yfyqk2"))))
+         "0vcckaw1gqz3j4v69r9jn41vlmk5a5c7572xam1nl75ki5v4r3bc"))))
     (properties `((upstream-name . "timeDate")))
     (build-system r-build-system)
     (home-page "https://www.rmetrics.org")
@@ -1183,26 +1208,95 @@ classification and bagging for classification, regression and survival
 problems as well as resampling based estimators of prediction error.")
     (license license:gpl2+)))
 
+(define-public r-psych
+  (package
+    (name "r-psych")
+    (version "1.7.8")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "psych" version))
+       (sha256
+        (base32
+         "0daismb8pdk392vdy304hqx0m3jx62gx3a0hygjygc125rhfla7k"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-foreign" ,r-foreign)
+       ("r-lattice" ,r-lattice)
+       ("r-mnormt" ,r-mnormt)
+       ("r-nlme" ,r-nlme)))
+    (home-page "http://cran.r-project.org/web/packages/psych/")
+    (synopsis "Procedures for psychological, psychometric, and personality research")
+    (description
+     "This package provides a general purpose toolbox for personality,
+psychometric theory and experimental psychology.  Functions are primarily for
+multivariate analysis and scale construction using factor analysis, principal
+component analysis, cluster analysis and reliability analysis, although others
+provide basic descriptive statistics.  Item Response Theory is done using
+factor analysis of tetrachoric and polychoric correlations.  Functions for
+analyzing data at multiple levels include within and between group statistics,
+including correlations and factor analysis.  Functions for simulating and
+testing particular item and test structures are included.  Several functions
+serve as a useful front end for structural equation modeling.  Graphical
+displays of path diagrams, factor analysis and structural equation models are
+created using basic graphics.")
+    (license license:gpl2+)))
+
+(define-public r-broom
+  (package
+    (name "r-broom")
+    (version "0.4.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "broom" version))
+       (sha256
+        (base32
+         "119pc2jnxvm13cvd77c7d14p3bn68f4jm310vj3yfck40101n9if"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-dplyr" ,r-dplyr)
+       ("r-nlme" ,r-nlme)
+       ("r-plyr" ,r-plyr)
+       ("r-psych" ,r-psych)
+       ("r-reshape2" ,r-reshape2)
+       ("r-stringr" ,r-stringr)
+       ("r-tidyr" ,r-tidyr)))
+    (home-page "http://github.com/tidyverse/broom")
+    (synopsis "Convert statistical analysis objects into tidy data frames")
+    (description
+     "This package provides tools to convert statistical analysis objects from
+R into tidy data frames, so that they can more easily be combined, reshaped
+and otherwise processed with tools like @code{dplyr}, @code{tidyr} and
+@code{ggplot2}.  The package provides three S3 generics: @code{tidy}, which
+summarizes a model's statistical findings such as coefficients of a
+regression; @code{augment}, which adds columns to the original data such as
+predictions, residuals and cluster assignments; and @code{glance}, which
+provides a one-row summary of model-level statistics.")
+    (license license:expat)))
+
 (define-public r-recipes
   (package
     (name "r-recipes")
-    (version "0.1.0")
+    (version "0.1.1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "recipes" version))
        (sha256
         (base32
-         "0rydk403qihxmcv3zz323r3ywk4g1v7ibvj452rxhm0z22sqk9kb"))))
+         "0id46c7iaf49miw4kxpidsbg3hdywav43n1lh2zd1vg5946bzg04"))))
     (build-system r-build-system)
     (propagated-inputs
-     `(("r-ddalpha" ,r-ddalpha)
+     `(("r-broom" ,r-broom)
+       ("r-ddalpha" ,r-ddalpha)
        ("r-dimred" ,r-dimred)
        ("r-dplyr" ,r-dplyr)
        ("r-gower" ,r-gower)
        ("r-ipred" ,r-ipred)
        ("r-lubridate" ,r-lubridate)
        ("r-magrittr" ,r-magrittr)
+       ("r-matrix" ,r-matrix)
        ("r-purrr" ,r-purrr)
        ("r-rcpproll" ,r-rcpproll)
        ("r-rlang" ,r-rlang)
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index 72fee0742d..7f0240002f 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -115,7 +115,7 @@ communication, encryption, decryption, signatures, etc.")
 (define-public signify
   (package
     (name "signify")
-    (version "22")
+    (version "23")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/aperezdc/signify/"
@@ -123,7 +123,7 @@ communication, encryption, decryption, signatures, etc.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0iv5bjaas70ymqchxasapin4c32c41kqzkfhc3kcjzd7rxy78msy"))))
+                "0c70mzawgahsvmsv4xdrass4pgyynd67ipd9lij0fgi8wkq0ns8w"))))
     (build-system gnu-build-system)
     ;; TODO Build with libwaive (described in README.md), to implement something
     ;; like OpenBSD's pledge().
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index c291d605a2..8cc590daf4 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -44,6 +44,7 @@
   (package
    (name "curl")
    (version "7.56.1")
+   (replacement curl-7.57.0)
    (source (origin
             (method url-fetch)
             (uri (string-append "https://curl.haxx.se/download/curl-"
@@ -130,3 +131,16 @@ tunneling, and so on.")
    (license (license:non-copyleft "file://COPYING"
                                   "See COPYING in the distribution."))
    (home-page "https://curl.haxx.se/")))
+
+(define-public curl-7.57.0
+  (package
+    (inherit curl)
+    (version "7.57.0")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://curl.haxx.se/download/curl-"
+                            version ".tar.xz"))
+        (sha256
+         (base32
+          "0y3qbjjcxhcvm1yawp3spfssjbskv0g6gyzld6ckif5pf8ygvxpm"))))))
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 4f34141ccd..bf071fb1c2 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -98,7 +98,10 @@
   #:use-module (guix build-system ruby)
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system r)
+  #:use-module (guix build-system scons)
+  #:use-module ((guix build utils) #:hide (which))
   #:use-module (guix utils)
+  #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-26)
   #:use-module (ice-9 match))
 
@@ -376,35 +379,52 @@ applications.")
 (define-public mongodb
   (package
     (name "mongodb")
-    (version "3.4.9")
+    (version "3.4.10")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/mongodb/mongo/archive/r"
                                   version ".tar.gz"))
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
-               (base32 "0gidwyvh3bdwmk2pccgkqkaln4ysgn8iwa7ihjzllsq0rdg95045"))
+               (base32 "0676lvkljj7a5hdhv78dbykqnqrj9lbn9799mi84b8vbnzsq961r"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  (for-each (lambda (dir)
+                              (delete-file-recursively
+                                (string-append "src/third_party/" dir)))
+                            '("pcre-8.41" "scons-2.5.0" "snappy-1.1.3"
+                              "valgrind-3.11.0" "wiredtiger"
+                              "yaml-cpp-0.5.3" "zlib-1.2.8"))))
               (patches
                (list
                 (search-patch "mongodb-support-unknown-linux-distributions.patch")))))
-    (build-system gnu-build-system)
+    (build-system scons-build-system)
     (inputs
      `(("openssl" ,openssl)
        ("pcre" ,pcre)
+        ,@(match (%current-system)
+            ((or "x86_64-linux" "aarch64-linux" "mips64el-linux")
+             `(("wiredtiger" ,wiredtiger)))
+            (_ `()))
        ("yaml-cpp" ,yaml-cpp)
        ("zlib" ,zlib)
-       ("snappy" ,snappy)
-       ("boost" ,boost)))
+       ("snappy" ,snappy)))
     (native-inputs
-     `(("scons" ,scons)
-       ("python" ,python-2)
-       ("valgrind" ,valgrind)
+     `(("valgrind" ,valgrind)
        ("perl" ,perl)))
     (arguments
-     `(#:phases
+     `(#:scons ,scons-python2
+       #:phases
        (let ((common-options
               `(;; "--use-system-tcmalloc" TODO: Missing gperftools
                 "--use-system-pcre"
+                ;; wiredtiger is 64-bit only
+                ,,(if (any (cute string-prefix? <> (or (%current-target-system)
+                                                       (%current-system)))
+                           '("i686-linux" "armhf-linux"))
+                    ``"--wiredtiger=off"
+                    ``"--use-system-wiredtiger")
                 ;; TODO
                 ;; build/opt/mongo/db/fts/unicode/string.o failed: Error 1
                 ;; --use-system-boost
@@ -417,7 +437,6 @@ applications.")
                 ,(format #f "--jobs=~a" (parallel-job-count))
                 "--ssl")))
          (modify-phases %standard-phases
-           (delete 'configure) ; There is no configure phase
            (add-after 'unpack 'scons-propagate-environment
              (lambda _
                ;; Modify the SConstruct file to arrange for
@@ -1764,6 +1783,33 @@ for ODBC.")
 (define-public python2-pyodbc-c
   (package-with-python2 python-pyodbc-c))
 
+(define-public python-pyodbc
+  (package
+    (name "python-pyodbc")
+    (version "4.0.21")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "pyodbc" version))
+       (sha256
+        (base32
+         "0a83zwz3h1agshnsc6r7al6q83222w8601gpzzzjvjz5m56ghmcn"))
+       (file-name (string-append name "-" version ".tar.gz"))))
+    (build-system python-build-system)
+    (inputs
+     `(("unixodbc" ,unixodbc)))
+    (arguments
+     `(;; No unit tests exist.
+       #:tests? #f))
+    (home-page "https://github.com/mkleehammer/pyodbc")
+    (synopsis "Python ODBC Library")
+    (description "@code{python-pyodbc} provides a Python DB-API driver
+for ODBC.")
+    (license (license:x11-style "file:///LICENSE.TXT"))))
+
+(define-public python2-pyodbc
+  (package-with-python2 python-pyodbc))
+
 (define-public mdbtools
   (package
     (name "mdbtools")
diff --git a/gnu/packages/direct-connect.scm b/gnu/packages/direct-connect.scm
index 6796bf3bc8..ac0a490520 100644
--- a/gnu/packages/direct-connect.scm
+++ b/gnu/packages/direct-connect.scm
@@ -17,7 +17,7 @@
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
 (define-module (gnu packages direct-connect)
-  #:use-module (guix build-system python)
+  #:use-module (guix build-system scons)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
@@ -44,23 +44,11 @@
        (sha256
         (base32
          "12i92hirmwryl1qy0n3jfrpziwzb82f61xca9jcjwyilx502f0b6"))))
-    (build-system python-build-system)
+    (build-system scons-build-system)
     (arguments
-     `(#:python ,python-2
-       #:tests? #f ; no tests
-       #:phases
-       ;; TODO: Add scons-build-system and use it here.
-       (modify-phases %standard-phases
-         (delete 'configure)
-         (replace 'build
-           (lambda* (#:key inputs outputs #:allow-other-keys)
-             (let ((out (assoc-ref outputs "out")))
-               (mkdir-p out)
-               (zero? (system* "scons" (string-append "PREFIX=" out)
-                               "-j" (number->string (parallel-job-count)))))))
-         (replace 'install
-           (lambda _
-             (zero? (system* "scons" "install")))))))
+     `(#:scons ,scons-python2
+       #:scons-flags (list (string-append "PREFIX=" %output))
+       #:tests? #f)) ; no tests
     (inputs
      `(("boost" ,boost)
        ("bzip2" ,bzip2)
@@ -71,8 +59,7 @@
     (native-inputs
      `(("bazaar" ,bazaar)
        ("gettext-minimal" ,gettext-minimal)
-       ("pkg-config" ,pkg-config)
-       ("scons" ,scons)))
+       ("pkg-config" ,pkg-config)))
     (home-page "https://launchpad.net/linuxdcpp/")
     (synopsis "Direct Connect client")
     (description "LinuxDC++ is a Direct Connect (DC) client.  Direct Connect
diff --git a/gnu/packages/django.scm b/gnu/packages/django.scm
index e11814329a..a413500486 100644
--- a/gnu/packages/django.scm
+++ b/gnu/packages/django.scm
@@ -208,6 +208,26 @@ them do this.")
         (base32
          "1fslqc5qqb0b66yscvkyjwfv8cnbfx5nlkpnwimyb3pf1nc1w7r3"))))
     (build-system python-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         ;; TODO: Tagging the tests requiring the web could be done upstream.
+         (add-before 'check 'skip-test-requiring-network-access
+           (lambda _
+             (substitute* "allauth/socialaccount/providers/openid/tests.py"
+               (("def test_login")
+                "from django.test import tag
+    @tag('requires-web')
+    def test_login"))))
+         (replace 'check
+           (lambda _
+             (setenv "DJANGO_SETTINGS_MODULE" "test_settings")
+             (zero? (system*
+                     "django-admin"
+                     "test"
+                     "allauth"
+                     "--verbosity=2"
+                     "--exclude-tag=requires-web")))))))
     (propagated-inputs
      `(("python-openid" ,python-openid)
        ("python-requests" ,python-requests)
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index b06cde71b4..e0197fca32 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -483,31 +483,27 @@ Extensions} (DNSSEC).")
 (define-public knot
   (package
     (name "knot")
-    (version "2.6.1")
+    (version "2.6.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://secure.nic.cz/files/knot-dns/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1qs1rqfir0nxi0a0dcg60sbbr99hyxk8y1xd7j7jd13l9idx84rh"))
+                "143pk2124liiq1r4ja1s579nbv3hm2scbbfbfclc2pw60r07mcig"))
               (modules '((guix build utils)))
               (snippet
                '(begin
-                  ;; Remove bundled libraries and dependencies on them.
-                  (substitute* "configure"
-                    (("src/contrib/dnstap/Makefile") ""))
-                  (substitute* "src/Makefile.in"
-                    (("contrib/dnstap ") ""))
+                  ;; Delete bundled libraries.
                   (with-directory-excursion "src/contrib"
-                    (for-each delete-file-recursively
-                              (list "dnstap" "lmdb")))
+                    (delete-file-recursively "lmdb"))
                   #t))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (inputs
-     `(("gnutls" ,gnutls)
+     `(("fstrm" ,fstrm)
+       ("gnutls" ,gnutls)
        ("jansson" ,jansson)
        ("libcap-ng" ,libcap-ng)
        ("libedit" ,libedit)
@@ -516,6 +512,7 @@ Extensions} (DNSSEC).")
        ("lmdb" ,lmdb)
        ("ncurses" ,ncurses)
        ("nettle" ,nettle)
+       ("protobuf-c" ,protobuf-c)
 
        ;; For ‘pykeymgr’, needed to migrate keys from versions <= 2.4.
        ("python" ,python-2)
@@ -548,6 +545,7 @@ Extensions} (DNSSEC).")
        (list "--sysconfdir=/etc"
              "--localstatedir=/var"
              "--with-module-rosedb=yes" ; serve static records from a database
+             "--with-module-dnstap=yes" ; allow detailed query logging
              (string-append "--with-bash-completions="
                             (assoc-ref %outputs "out")
                             "/etc/bash_completion.d"))))
@@ -560,6 +558,11 @@ number of programming techniques to improve speed.  For example, the responder
 is completely lock-free, resulting in a very high response rate.  Other features
 include automatic @dfn{DNS Security Extensions} (DNSSEC) signing, dynamic record
 synthesis, and on-the-fly re-configuration.")
-    (license (list license:expat        ; src/contrib/{hat-trie,murmurhash3}
-                   license:lgpl2.0+     ; parts of scr/contrib/ucw
-                   license:gpl3+))))    ; everything else
+    (license
+     (list
+      ;; src/contrib/{hat-trie,murmurhash3,openbsd},
+      ;; src/dnssec/contrib/vpool.[ch], and parts of libtap/ are ‘MIT’ (expat).
+      license:expat
+      license:lgpl2.0+              ; parts of scr/contrib/ucw
+      license:public-domain         ; src/contrib/fnv and possibly murmurhash3
+      license:gpl3+))))             ; everything else
diff --git a/gnu/packages/elixir.scm b/gnu/packages/elixir.scm
index 7425b49a43..553c5fa5ae 100644
--- a/gnu/packages/elixir.scm
+++ b/gnu/packages/elixir.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016, 2017 Pjotr Prins <pjotr.guix@thebird.nl>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 nee <nee.git@cock.li>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -30,7 +31,7 @@
 (define-public elixir
   (package
     (name "elixir")
-    (version "1.4.2")
+    (version "1.5.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/elixir-lang/elixir"
@@ -38,7 +39,7 @@
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0gsmgx4h6rvxilcbsx2z6yirm6g2g5bsxdvr0608ng4bsv22wknb"))
+                "0v7z0avs3gir7qdfgysfw88l3z9p5f7p7pjnrnsz5gmmsflvf5vk"))
               ;; FIXME: 27 tests (out of 4K) had to be disabled as
               ;; they fail in the build environment.  Common failures
               ;; are:
@@ -55,14 +56,18 @@
        #:phases
        (modify-phases %standard-phases
          (add-after 'unpack 'replace-paths
-           (lambda* (#:key inputs #:allow-other-keys)
-             (substitute* '("lib/elixir/lib/system.ex"
-                            "lib/mix/lib/mix/scm/git.ex")
-               (("(cmd\\(['\"])git" _ prefix)
-                (string-append prefix (which "git"))))
-             (substitute* "bin/elixir"
-               (("ERL_EXEC=\"erl\"")
-                (string-append "ERL_EXEC=" (which "erl"))))
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (substitute* '("lib/elixir/lib/system.ex"
+                              "lib/mix/lib/mix/scm/git.ex")
+                 (("(cmd\\(['\"])git" _ prefix)
+                  (string-append prefix (which "git"))))
+               (substitute* "bin/elixir"
+                 (("ERL_EXEC=\"erl\"")
+                  (string-append "ERL_EXEC=" (which "erl"))))
+               (substitute* "bin/mix"
+                 (("#!/usr/bin/env elixir")
+                  (string-append "#!" out "/bin/elixir"))))
              #t))
          (add-after 'unpack 'fix-or-disable-tests
            (lambda* (#:key inputs #:allow-other-keys)
@@ -75,6 +80,15 @@
 
              ;; FIXME: Mix.Shell.cmd() always fails with error code 130.
              (delete-file "lib/mix/test/mix/shell_test.exs")
+
+             ;; FIXME:
+             ;; disabled failing impure tests to make it build again.
+             ;; related discussion: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28034#14
+             (delete-file "lib/elixir/test/elixir/kernel/cli_test.exs")
+             (delete-file "lib/elixir/test/elixir/kernel/dialyzer_test.exs")
+             (delete-file "lib/iex/test/iex/helpers_test.exs")
+             (delete-file "lib/ex_unit/test/ex_unit/capture_io_test.exs")
+
              #t))
          (add-before 'build 'make-current
            ;; The Elixir compiler checks whether or not to compile files by
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index e7e93f1540..1cf14993c3 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -29,6 +29,8 @@
 ;;; Copyright © 2017 Oleg Pykhalov <go.wigust@gmail.com>
 ;;; Copyright © 2017 Mekeor Melire <mekeor.melire@gmail.com>
 ;;; Copyright © 2017 Peter Mikkelsen <petermikkelsen10@gmail.com>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017 Mike Gerwitz <mtg@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -276,6 +278,7 @@ editor (without an X toolkit)" )
               (uri (git-reference
                     (url "git://git.hcoop.net/git/bpt/emacs.git")
                     (commit "41120e0f595b16387eebfbf731fff70481de1b4b")))
+              (patches (search-patches "guile-emacs-fix-configure.patch"))
               (sha256
                (base32
                 "0lvcvsz0f4mawj04db35p1dvkffdqkz8pkhc0jzh9j9x2i63kcz6"))))
@@ -294,7 +297,11 @@ editor (without an X toolkit)" )
         `(modify-phases ,phases
            (add-after 'unpack 'autogen
                       (lambda _
-                        (zero? (system* "sh" "autogen.sh"))))))))))
+                        (zero? (system* "sh" "autogen.sh"))))
+           ;; Build sometimes fails: deps/dispnew.d: No such file or directory
+           (add-before 'build 'make-deps-dir
+             (lambda _
+               (zero? (system* "mkdir" "-p" "src/deps"))))))))))
 
 
 ;;;
@@ -434,6 +441,7 @@ on stdout instead of using a socket as the Emacsclient does.")
        ("perl" ,perl)))
     (propagated-inputs
      `(("dash" ,emacs-dash)
+       ;; XXX Add 'magit-popup' dependency for the next release (after 2.11.0).
        ("with-editor" ,emacs-with-editor)))
     (arguments
      `(#:modules ((guix build gnu-build-system)
@@ -544,20 +552,28 @@ support for Git-SVN.")
 (define-public emacs-magit-popup
   (package
     (name "emacs-magit-popup")
-    (version (package-version magit))
+    (version "2.12.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                    "https://raw.githubusercontent.com/magit/magit/"
-                    version "/lisp/magit-popup.el"))
-              (file-name (string-append "magit-popup-" version ".el"))
+                    "https://github.com/magit/magit-popup/archive/v"
+                    version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0w750kwngq63hi9drad3jxldwkg83sldb9w9r2xl2mqm3hm4l8s6"))))
+                "1dnk611f7lww6rb03hk8ijg2jwxx9f26pjfff4bwjmnjz7hnd6vz"))))
     (build-system emacs-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-before 'install 'make-info
+           (lambda _
+             (zero? (system* "make" "info")))))))
+    (native-inputs
+     `(("texinfo" ,texinfo)))
     (propagated-inputs
      `(("emacs-dash" ,emacs-dash)))
-    (home-page "https://github.com/magit/magit")
+    (home-page "https://github.com/magit/magit-popup")
     (synopsis "Define prefix-infix-suffix command combos")
     (description
      "This library implements a generic interface for toggling switches and
@@ -3014,7 +3030,7 @@ regardless of @code{highlight-symbol-idle-delay}.
 (define-public emacs-hl-todo
   (package
     (name "emacs-hl-todo")
-    (version "1.7.4")
+    (version "1.8.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -3023,7 +3039,7 @@ regardless of @code{highlight-symbol-idle-delay}.
               (file-name (string-append "hl-todo-" version ".el"))
               (sha256
                (base32
-                "016ivl4s0ysrm1xbfi86j5xcs759fcb0mkspxw81x8mpi3yb46ya"))))
+                "0g0h9v4572p7mcird8wsj1c41haf60krslm6mlpi4mdbh248kv6z"))))
     (build-system emacs-build-system)
     (home-page "https://github.com/tarsius/hl-todo")
     (synopsis "Emacs mode to highlight TODO and similar keywords")
@@ -4188,14 +4204,16 @@ passive voice.")
 (define-public emacs-org
   (package
     (name "emacs-org")
-    (version "20171016")
+    ;; emacs-org-contrib inherits from this package.  Please update its sha256
+    ;; checksum as well.
+    (version "20171205")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://elpa.gnu.org/packages/org-"
                                   version ".tar"))
               (sha256
                (base32
-                "1196kv83p953nd9c5gxkn8ndw2kmm2kfw34dldap6m89khqflz5a"))))
+                "0a1rm94ci47jf5579sxscily680ysmy3hnxjcs073n45nk76za04"))))
     (build-system emacs-build-system)
     (home-page "http://orgmode.org/")
     (synopsis "Outline-based notes management and organizer")
@@ -4215,7 +4233,7 @@ reproducible research.")
                                   (package-version emacs-org) ".tar"))
               (sha256
                (base32
-                "0xy2xrndlhs4kyvh6mmv24dnh3fn5p63d2gaimnrypf1p8znwzh4"))))
+                "1y61csa284gy8l0fj0mv67mkm4fsi4lz401987qp6a6z260df4n5"))))
     (arguments
      `(#:modules ((guix build emacs-build-system)
                   (guix build utils)
@@ -4242,11 +4260,11 @@ reproducible research.")
                #t))))))
     (propagated-inputs
      `(("emacs-org" ,emacs-org)))
-    (synopsis "Contributed packages to Org-mode")
+    (synopsis "Contributed packages to Org mode")
     (description "Org is an Emacs mode for keeping notes, maintaining TODO
 lists, and project planning with a fast and effective plain-text system.
 
-This package is equivilent to org-plus-contrib, but only includes additional
+This package is equivalent to org-plus-contrib, but only includes additional
 files that you would find in @file{contrib/} from the git repository.")))
 
 (define-public emacs-flx
@@ -4851,6 +4869,31 @@ jQuery and Bootstrap resources included via osscdn.")
      "This Emacs package highlights the s-exp at the current position.")
     (license license:gpl3+)))
 
+(define-public emacs-highlight-stages
+  (let ((commit "29cbc5b78261916da042ddb107420083da49b271")
+        (revision "1"))
+    (package
+      (name "emacs-highlight-stages")
+      (version (string-append "1.1.0" "-" revision "." (string-take commit 7)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/zk-phi/highlight-stages.git")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "0r6nbcrr0dqpgm8dir8ahzjy7rw4nrac48byamzrq96r7ajlxlv0"))
+         (patches
+          (search-patches "emacs-highlight-stages-add-gexp.patch"))))
+      (build-system emacs-build-system)
+      (home-page "https://github.com/wigust/highlight-stages")
+      (synopsis "Minor mode that highlights (quasi-quoted) expressions")
+      (description "@code{highlight-stages} provides an Emacs minor mode that
+highlights quasi-quoted expressions.")
+      (license license:gpl3+))))
+
 (define-public emacspeak
   (package
     (name "emacspeak")
@@ -6258,3 +6301,83 @@ contexts.
 @item Toggle downloading and set priorities for individual files.
 @end itemize\n")
     (license license:gpl3+)))
+
+(define-public eless
+  (package
+    (name "eless")
+    (version "0.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/kaushalmodi/eless/archive/"
+                    "v" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0gjnnhgw5xs1w3qfnkvwa2nv44gnxr8pkhx3c7qig45p8nh1461h"))))
+    (build-system trivial-build-system)
+    (inputs
+     `(("bash" ,bash)))
+    (native-inputs
+     `(("tar" ,tar)
+       ("gzip" ,gzip)))
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (setenv "PATH" (string-append
+                         (assoc-ref %build-inputs "tar") "/bin" ":"
+                         (assoc-ref %build-inputs "gzip") "/bin"))
+         (system* "tar" "xvf" (assoc-ref %build-inputs "source"))
+         (chdir (string-append "eless" "-" ,version))
+         (substitute* "eless" (("/usr/bin/env bash")
+                               (string-append (assoc-ref %build-inputs "bash")
+                                              "/bin/bash")))
+         (install-file "eless" (string-append %output "/bin"))
+         (install-file "doc/eless.info" (string-append %output "/share/info"))
+         #t)))
+    (home-page "https://github.com/kaushalmodi/eless")
+    (synopsis "Use Emacs as a paginator")
+    (description "@code{eless} provides a combination of Bash script
+and a minimal Emacs view-mode.
+
+Feautures:
+
+@itemize
+@item Independent of a user’s Emacs config.
+@item Customizable via the @code{(locate-user-emacs-file \"elesscfg\")} config.
+@item Not require an Emacs server to be already running.
+@item Syntax highlighting.
+@item Org-mode file rendering.
+@item @code{man} page viewer.
+@item Info viewer.
+@item Dired, wdired, (batch edit symbolic links).
+@item Colored diffs, git diff, git log, ls with auto ANSI detection.
+@item Filter log files lines matching a regexp.
+@item Auto-revert log files similar to @code{tail -f}.
+@item Quickly change frame and font sizes.
+@end itemize\n")
+    (license license:expat)))
+
+(define-public emacs-evil-matchit
+  (package
+    (name "emacs-evil-matchit")
+    (version "2.2.5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://github.com/redguardtoo/evil-matchit/archive/"
+             version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1hm0k53m7d8zv2pk4p93k5mmilsv1mz7y2z6dqf7r6f0zmncs31a"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/redguardtoo/evil-matchit")
+    (synopsis "Vim matchit ported into Emacs")
+    (description
+     "@code{evil-matchit} is a minor mode for jumping between matching tags in
+evil mode using @kbd{%}.  It is a port of @code{matchit} for Vim.")
+    (license license:gpl3+)))
diff --git a/gnu/packages/engineering.scm b/gnu/packages/engineering.scm
index b2127ba45d..5c36de1dd2 100644
--- a/gnu/packages/engineering.scm
+++ b/gnu/packages/engineering.scm
@@ -127,7 +127,19 @@
                (install-file "unix/librecad" bin)
                (mkdir-p share)
                (copy-recursively "unix/resources" share))
-             #t)))))
+             #t))
+         ;; Ensure that icons are found at runtime
+         (add-after 'install 'wrap-executable
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (qt '("qtbase" "qtsvg")))
+               (wrap-program (string-append out "/bin/librecad")
+                 `("QT_PLUGIN_PATH" ":" prefix
+                   ,(map (lambda (label)
+                           (string-append (assoc-ref inputs label)
+                                          "/lib/qt5/plugins/"))
+                         qt)))
+               #t))))))
     (inputs
      `(("boost" ,boost)
        ("muparser" ,muparser)
diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm
index 7f48740ea2..d1eeb35088 100644
--- a/gnu/packages/enlightenment.scm
+++ b/gnu/packages/enlightenment.scm
@@ -59,7 +59,7 @@
 (define-public efl
   (package
     (name "efl")
-    (version "1.20.5")
+    (version "1.20.6")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -67,7 +67,7 @@
                     version ".tar.xz"))
               (sha256
                (base32
-                "07624c71l9d1jx1zvdhwkr1bgb1n7i0i5hyg6579zdwl3jw6jpns"))))
+                "1h9jkb1pkp2g6ld7ra9mxgblx3x5id4162ja697klx9mfjkpxijn"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -255,7 +255,7 @@ Libraries with some extra bells and whistles.")
 (define-public enlightenment
   (package
     (name "enlightenment")
-    (version "0.22.0")
+    (version "0.22.1")
     (source (origin
               (method url-fetch)
               (uri
@@ -263,7 +263,7 @@ Libraries with some extra bells and whistles.")
                               name "/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0xmrvryr35idd7fyqgshfhvy2053bs3vwrxbx681pi6rgpdvjghv"))))
+                "1q57fz57d0b26z06m1wiq7c1sniwh885b0vs02mk4jgwva46nyr0"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags '("--enable-mount-eeze")
diff --git a/gnu/packages/erlang.scm b/gnu/packages/erlang.scm
index 1a575a0fd0..770ed715bc 100644
--- a/gnu/packages/erlang.scm
+++ b/gnu/packages/erlang.scm
@@ -35,7 +35,7 @@
 (define-public erlang
   (package
     (name "erlang")
-    (version "20.0")
+    (version "20.1")
     (source (origin
               (method url-fetch)
               ;; The tarball from http://erlang.org/download contains many
@@ -46,7 +46,7 @@
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "11xp6vv1v7iay9dg1xc6xm7izfsanbn5pgwp96ba0j1fmlkhjw92"))
+                "0r4g8ag7nlpw06y4c39fgcyccykj2sbyhv5jgp4qmrjci2ydgns8"))
               (patches (search-patches "erlang-man-path.patch"))))
     (build-system gnu-build-system)
     (native-inputs
@@ -62,7 +62,7 @@
                                version ".tar.gz"))
            (sha256
             (base32
-             "1k25p37w1l1j20qd8rga4j4q7s7r0rbsi02x3xwzhw51jhm59wdp"))))))
+             "0ikvdpn4z7az6szg176l1r2yxhgs3msa3wgb3gmy45jkz0pzik05"))))))
     (inputs
      `(("ncurses" ,ncurses)
        ("openssl" ,openssl)
diff --git a/gnu/packages/file-systems.scm b/gnu/packages/file-systems.scm
index 6c5e427aa4..621c70b0d5 100644
--- a/gnu/packages/file-systems.scm
+++ b/gnu/packages/file-systems.scm
@@ -150,7 +150,9 @@ non-determinism in the build process.")
                            "/glusterfs-" version ".tar.gz"))
        (sha256
         (base32
-         "02sn9s3jjva2i1l47y3in326n8jgp57rbykz5s8m87y4bzpw0ym1"))))
+         "02sn9s3jjva2i1l47y3in326n8jgp57rbykz5s8m87y4bzpw0ym1"))
+       (patches
+        (search-patches "glusterfs-use-PATH-instead-of-hardcodes.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
diff --git a/gnu/packages/finance.scm b/gnu/packages/finance.scm
index a0febba01c..788f7c0d7c 100644
--- a/gnu/packages/finance.scm
+++ b/gnu/packages/finance.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 Carlo Zancanaro <carlo@zancanaro.id.au>
 ;;; Copyright © 2017 Theodoros Foradis <theodoros@foradis.org>
+;;; Copyright © 2017 Vasile Dumitrascu <va511e@yahoo.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -48,6 +49,7 @@
   #:use-module (gnu packages python-crypto)
   #:use-module (gnu packages python-web)
   #:use-module (gnu packages qt)
+  #:use-module (gnu packages readline)
   #:use-module (gnu packages texinfo)
   #:use-module (gnu packages textutils)
   #:use-module (gnu packages tls)
@@ -319,7 +321,7 @@ other machines/servers.  Electrum does not download the Bitcoin blockchain.")
   ;; the system's dynamically linked library.
   (package
     (name "monero")
-    (version "0.11.0.0")
+    (version "0.11.1.0")
     (source
      (origin
        (method url-fetch)
@@ -337,7 +339,7 @@ other machines/servers.  Electrum does not download the Bitcoin blockchain.")
            #t))
        (sha256
         (base32
-         "083w40a553c0r3i18020jcrv5s0b64vx3d8xrn9nwkb2237ighlk"))))
+         "16shd834025jyzy68h3gag1sz8vbk875hy4j97hrki8pacz8vd5m"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("doxygen" ,doxygen)
@@ -418,7 +420,7 @@ Monero command line client and daemon.")
 (define-public monero-core
   (package
     (name "monero-core")
-    (version "0.11.0.0")
+    (version "0.11.1.0")
     (source
      (origin
        (method url-fetch)
@@ -427,7 +429,7 @@ Monero command line client and daemon.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "0hnrkgwb1sva67pcjym2gvb4zifp2s849dfbnjzbxk3yczpcyqzg"))))
+         "1q7a9kpcjgp74fbplzs2iszdld6gwbfrydyd9in9izhwp100p1rr"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("doxygen" ,doxygen)
@@ -438,6 +440,7 @@ Monero command line client and daemon.")
        ("libunwind" ,libunwind)
        ("openssl" ,openssl)
        ("qt" ,qt)
+       ("readline" ,readline)
        ("unbound" ,unbound)))
     (propagated-inputs
      `(("monero" ,monero)))
diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm
index 4acebeb405..0f123c3ab1 100644
--- a/gnu/packages/fonts.scm
+++ b/gnu/packages/fonts.scm
@@ -170,6 +170,45 @@ itself."))))
 sans-serif designed for on-screen reading.  It is used by GNOME@tie{}3.")
     (license license:silofl1.1)))
 
+(define-public font-lato
+  (package
+    (name "font-lato")
+    (version "2.010")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://www.latofonts.com/download/Lato2OFL.zip"))
+              (sha256
+               (base32
+                "1f5540g0ja1nx3ddd3ywn77xc81ssrxpq8n3gyb9sabyq2b4xda2"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder (begin
+                   (use-modules (guix build utils)
+                                (srfi srfi-26))
+
+                   (let ((PATH     (string-append (assoc-ref %build-inputs
+                                                             "unzip")
+                                                  "/bin"))
+                         (font-dir (string-append %output
+                                                  "/share/fonts/truetype")))
+                     (setenv "PATH" PATH)
+                     (system* "unzip" (assoc-ref %build-inputs "source"))
+
+                     (mkdir-p font-dir)
+                     (for-each (lambda (ttf)
+                                 (install-file ttf font-dir))
+                               (find-files "." "\\.ttf$"))))))
+
+    (native-inputs `(("unzip" ,unzip)))
+    (home-page "http://www.latofonts.com/lato-free-fonts/")
+    (synopsis "Lato sans-serif typeface")
+    (description
+     "Lato is a sanserif typeface family.  It covers over 3000 glyphs per style.
+The Lato 2.010 family supports more than 100 Latin-based languages, over
+50 Cyrillic-based languages as well as Greek and IPA phonetics.")
+    (license license:silofl1.1)))
+
 (define-public font-gnu-freefont-ttf
   (package
     (name "font-gnu-freefont-ttf")
@@ -831,6 +870,24 @@ designed to work well in user interface environments.")
     (description "This is the typeface used by Mozilla in Firefox OS.")
     (license license:silofl1.1)))
 
+(define-public font-fira-sans
+  (package
+    (name "font-fira-sans")
+    (version "4.202")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/mozilla/Fira/archive/"
+                                  version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1r6zdnqqp4bgq5nmgqbj0vvj7x1h9w912851ggbl9wc7fdjnjqnq"))))
+    (build-system font-build-system)
+    (home-page "http://mozilla.github.io/Fira/")
+    (synopsis "Mozilla's Fira Sans Font")
+    (description "This is the typeface used by Mozilla in Firefox OS.")
+    (license license:silofl1.1)))
+
 (define-public font-awesome
   (package
    (name "font-awesome")
@@ -1070,3 +1127,52 @@ emphasis while still being readable.")
       "The Font Software may be sold as part of a larger software package but
 no copy of one or more of the Font Software typefaces may be sold by
 itself."))))
+
+(define-public font-dosis
+  (package
+    (name "font-dosis")
+    (version "1.7")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://www.impallari.com/media/releases/dosis-"
+                           "v" version ".zip"))
+       (sha256
+        (base32
+         "1qhci68f68mf87jd69vjf9qjq3wydgw1q7ivn3amjb65ls1s0c4s"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder (begin
+                   (use-modules (guix build utils)
+                                (srfi srfi-26))
+
+                   (let ((PATH     (string-append (assoc-ref %build-inputs
+                                                             "unzip")
+                                                  "/bin"))
+                         (ttf-dir (string-append %output
+                                                 "/share/fonts/truetype"))
+                         (otf-dir (string-append %output
+                                                 "/share/fonts/opentype")))
+                     (setenv "PATH" PATH)
+                     (system* "unzip" (assoc-ref %build-inputs "source"))
+
+                     (mkdir-p ttf-dir)
+                     (mkdir-p otf-dir)
+                     (for-each (lambda (ttf)
+                                 (install-file ttf ttf-dir))
+                               (find-files "." "\\.ttf$"))
+                     (for-each (lambda (otf)
+                                 (install-file otf otf-dir))
+                               (find-files "." "\\.otf$"))))))
+    (native-inputs `(("unzip" ,unzip)))
+    (home-page "http://www.impallari.com/dosis")
+    (synopsis "Very simple, rounded, sans serif family")
+    (description
+     "Dosis is a very simple, rounded, sans serif family.
+The lighter weights are minimalist.  The bolder weights have more personality.
+The medium weight is nice and balanced.  The overall result is a family
+that's clean and modern, and can express a wide range of voices & feelings.
+It comes in 7 incremental weights:
+ExtraLight, Light, Book, Medium, Semibold, Bold & ExtraBold")
+    (license license:silofl1.1)))
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index ae370f4b52..d2306a9423 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Rene Saavedra <rennes@openmailbox.org>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2017 ng0 <ng0@n0.is>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -24,6 +25,7 @@
 (define-module (gnu packages fontutils)
   #:use-module (gnu packages)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages check)
   #:use-module (gnu packages ghostscript)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
@@ -44,7 +46,8 @@
   #:use-module (guix svn-download)
   #:use-module (guix git-download)
   #:use-module (guix build-system cmake)
-  #:use-module (guix build-system gnu))
+  #:use-module (guix build-system gnu)
+  #:use-module (guix build-system python))
 
 (define-public freetype
   (package
@@ -556,3 +559,103 @@ opentype fonts.  You can save fonts in many different outline formats, and
 generate bitmaps.")
    (license license:gpl3+)
    (home-page "https://fontforge.github.io/en-US/")))
+
+(define-public python2-ufolib
+  (package
+    (name "python2-ufolib")
+    (version "2.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "ufoLib" version ".zip"))
+       (sha256
+        (base32 "1njin1465qqzshnrvcl5sbv0bsy15gj6fycbw4lmcnwkx5sldgyx"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:python ,python-2))
+    (propagated-inputs
+     `(("python2-fonttools" ,python2-fonttools)))
+    (native-inputs
+     `(("unzip" ,unzip)
+       ("python2-pytest-3.0" ,python2-pytest-3.0)
+       ("python2-pytest-runner" ,python2-pytest-runner)))
+    (home-page "https://github.com/unified-font-object/ufoLib")
+    (synopsis "Low-level UFO reader and writer")
+    (description
+     "UfoLib reads and writes Unified Font Object (UFO)
+files.  UFO is a file format that stores fonts source files.")
+    (license license:bsd-3)))
+
+(define-public python2-defcon
+  (package
+    (name "python2-defcon")
+    (version "0.3.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "defcon" version ".zip"))
+       (sha256
+        (base32
+         "1f41w54fdjy9izxcwzqa142kd56whqsg9nq5k4508jb6iip84h89"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:python ,python-2))
+    (native-inputs
+     `(("unzip" ,unzip)
+       ("python2-pytest-3.0" ,python2-pytest-3.0)
+       ("python2-pytest-runner" ,python2-pytest-runner)))
+    (propagated-inputs
+     `(("python2-fonttools" ,python2-fonttools)
+       ("python2-ufolib" ,python2-ufolib)))
+    (home-page "https://pypi.python.org/pypi/defcon")
+    (synopsis "Flexible objects for representing @acronym{UFO, unified font object} data")
+    (description
+     "Defcon is a set of @acronym{UFO, unified font object} based objects
+optimized for use in font editing applications.  The objects are built to
+be lightweight, fast and flexible.  The objects are very bare-bones and
+they are not meant to be end-all, be-all objects.  Rather, they are meant
+to provide base functionality so that you can focus on your application’s
+behavior, not object observing or maintaining cached data.  Defcon
+implements UFO3 as described by the UFO font format.")
+    (license license:expat)))
+
+(define-public nototools
+  (package
+    (name "nototools")
+    (version "20170925")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/googlei18n/nototools/"
+                           "archive/v2017-09-25-tooling-for-phase3-"
+                           "update.tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1pvacw18cm9l4sb66pqyjc7hc74xhhfxc7kd5ald8lixf4wzg0s8"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:python ,python-2))
+    (propagated-inputs
+     `(("python2-booleanoperations" ,python2-booleanoperations)
+       ("python2-defcon" ,python2-defcon)
+       ("python2-fonttools" ,python2-fonttools)
+       ("python2-pillow" ,python2-pillow)
+       ("python2-pyclipper" ,python2-pyclipper)
+       ("python2-ufolib" ,python2-ufolib)))
+    (home-page "https://github.com/googlei18n/nototools")
+    (synopsis "Noto fonts support tools and scripts")
+    (description
+     "Nototools is a Python package containing Python scripts used to
+maintain the Noto Fonts project.")
+    (license (list license:asl2.0
+                   ;; Sample texts are attributed to UN and OHCHR.
+                   ;; The permissions on the UDHR are pretty lax:
+                   ;; http://www.ohchr.org/EN/UDHR/Pages/Introduction.aspx
+                   ;; "If UDHR translations or materials are reproduced, users
+                   ;; should make reference to this website as a source by
+                   ;; providing a link."
+                   license:public-domain
+                   (license:non-copyleft
+                    "file://sample_texts/attributions.txt"
+                    "See sample_texts/attributions.txt in the distribution.")))))
diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm
index 9c744a4839..e015fcbc36 100644
--- a/gnu/packages/freedesktop.scm
+++ b/gnu/packages/freedesktop.scm
@@ -10,6 +10,7 @@
 ;;; Copyright © 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
+;;; Copyright © 2017 Brendan Tildesley <brendan.tildesley@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -32,6 +33,7 @@
   #:use-module (guix download)
   #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
+  #:use-module (guix build-system perl)
   #:use-module (guix build-system python)
   #:use-module (gnu packages acl)
   #:use-module (gnu packages admin)
@@ -40,7 +42,9 @@
   #:use-module (gnu packages boost)
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages cryptsetup)
   #:use-module (gnu packages databases)
+  #:use-module (gnu packages disk)
   #:use-module (gnu packages docbook)
   #:use-module (gnu packages documentation)
   #:use-module (gnu packages gettext)
@@ -56,10 +60,15 @@
   #:use-module (gnu packages libusb)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages m4)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages perl-check)
   #:use-module (gnu packages polkit)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages perl-check)
   #:use-module (gnu packages python)
   #:use-module (gnu packages w3m)
+  #:use-module (gnu packages web)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages xdisorg)
   #:use-module (gnu packages xorg))
@@ -85,7 +94,8 @@
        ("w3m" ,w3m)
        ("xmlto" ,xmlto)))
     (propagated-inputs
-     `(("xprop" ,xprop) ; for Xfce detecting
+     `(("perl-file-mimeinfo" ,perl-file-mimeinfo) ; for mimeopen fallback
+       ("xprop" ,xprop) ; for Xfce detecting
        ("xset" ,xset))) ; for xdg-screensaver
     (arguments
      `(#:tests? #f   ; no check target
@@ -211,6 +221,7 @@ the freedesktop.org XDG Base Directory specification.")
               (method url-fetch)
               (uri (string-append "https://github.com/elogind/elogind/"
                                   "archive/v" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
                 "1qcxian48z2dj5gfmp7brrngdydqf2jm00f4rjr5sy1myh8fy931"))
@@ -268,7 +279,16 @@ the freedesktop.org XDG Base Directory specification.")
                (substitute* (string-append out "/lib/libelogind.la")
                  (("-lcap")
                   (string-append "-L" libcap "/lib -lcap")))
-               #t))))))
+               #t)))
+         (add-after 'unpack 'remove-uaccess-tag
+           (lambda _
+             ;; systemd supports a "uaccess" built-in tag, but eudev currently
+             ;; doesn't.  This leads to eudev warnings that we'd rather not
+             ;; see, so remove the reference to "uaccess."
+             (substitute* "src/login/73-seat-late.rules.in"
+               (("^TAG==\"uaccess\".*" line)
+                (string-append "# " line "\n")))
+             #t)))))
     (native-inputs
      `(("autoconf" ,autoconf)
        ("automake" ,automake)
@@ -602,7 +622,9 @@ Analysis and Reporting Technology) functionality.")
        ("libatasmart" ,libatasmart)
        ("libgudev" ,libgudev)
        ("polkit" ,polkit)
-       ("util-linux" ,util-linux)))
+       ("util-linux" ,util-linux)
+       ("cryptsetup" ,cryptsetup)
+       ("parted" ,parted)))
     (outputs '("out"
                "doc"))                            ;5 MiB of gtk-doc HTML
     (arguments
@@ -642,14 +664,22 @@ Analysis and Reporting Technology) functionality.")
                "girdir = $(datadir)/gir-1.0\n")
               (("typelibsdir = .*")
                "typelibsdir = $(libdir)/girepository-1.0\n"))))
-         (add-after 'install 'set-mount-file-name
+         (add-after 'install 'wrap-udisksd
            (lambda* (#:key outputs inputs #:allow-other-keys)
              ;; Tell 'udisksd' where to find the 'mount' command.
              (let ((out   (assoc-ref outputs "out"))
-                   (utils (assoc-ref inputs "util-linux")))
+                   (utils (assoc-ref inputs "util-linux"))
+                   (cryptsetup (assoc-ref inputs "cryptsetup"))
+                   (parted (assoc-ref inputs "parted")))
                (wrap-program (string-append out "/libexec/udisks2/udisksd")
                  `("PATH" ":" prefix
                    (,(string-append utils "/bin") ;for 'mount'
+                    ;; cryptsetup is required for setting encrypted
+                    ;; partitions, e.g. in gnome-disks
+                    ,(string-append cryptsetup "/sbin")
+                    ;; parted is required for managing partitions, e.g. in
+                    ;; gnome-disks
+                    ,(string-append parted "/sbin")
                     "/run/current-system/profile/bin"
                     "/run/current-system/profile/sbin")))
                #t))))))
@@ -1090,3 +1120,110 @@ localization (i.e. translation) of the file names.  Designed to be
 automatically run when a user logs in, xdg-user-dirs can also be run
 manually by a user.")
     (license license:gpl2)))
+
+(define-public perl-file-basedir
+  (package
+    (name "perl-file-basedir")
+    (version "0.07")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/K/KI/KIMRYAN/"
+                           "File-BaseDir-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0aq8d4hsaxqibp36f773y6dfck7zd82v85sp8vhi6pjkg3pmf2hj"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-build" ,perl-module-build)
+       ("perl-file-which" ,perl-file-which)
+       ("perl-test-pod" ,perl-test-pod)
+       ("perl-test-pod-coverage" ,perl-test-pod-coverage)
+       ("xdg-user-dirs" ,xdg-user-dirs)))
+    (propagated-inputs
+     `(("perl-ipc-system-simple" ,perl-ipc-system-simple)))
+    (home-page "http://search.cpan.org/dist/File-BaseDir/")
+    (synopsis "Use the Freedesktop.org base directory specification")
+    (description
+     "@code{File::Basedir} can be used to find directories and files as
+specified by the Freedesktop.org Base Directory Specification.  This
+specifications gives a mechanism to locate directories for configuration,
+application data and cache data.")
+    (license license:perl-license)))
+
+(define-public perl-file-desktopentry
+  (package
+    (name "perl-file-desktopentry")
+    (version "0.22")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/M/MI/MICHIELB/"
+                           "File-DesktopEntry-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1f1maqix2kbfg2rf008m7mqnvv6nvcf9y6pcgdv2kxp2vbih370n"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-test-pod" ,perl-test-pod)
+       ("perl-test-pod-coverage" ,perl-test-pod-coverage)))
+    (propagated-inputs
+     `(("perl-file-basedir" ,perl-file-basedir)
+       ("perl-uri" ,perl-uri)))
+    (home-page "http://search.cpan.org/~michielb/File-DesktopEntry/")
+    (synopsis "Handle @file{.desktop} files")
+    (description
+     "@code{File::DesktopEntry} parses @file{.desktop} files defined by the
+Freedesktop.org @dfn{Desktop Entry} specification.  It can also run the
+applications define in those files.")
+    (license license:perl-license)))
+
+(define-public perl-file-mimeinfo
+  (package
+    (name "perl-file-mimeinfo")
+    (version "0.28")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/M/MI/MICHIELB/"
+                           "File-MimeInfo-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1ipbh63bkh1r2gy5g7q4bzhki8j29mm1jkhbv60p9vwsdys5s91a"))))
+    (build-system perl-build-system)
+    ;; If the tests are fixed, add perl-test-pod, perl-test-pod-coverage, and
+    ;; perl-test-tiny as native-inputs.
+    (propagated-inputs
+     `(("shared-mime-info" ,shared-mime-info)
+       ("perl-file-desktopentry" ,perl-file-desktopentry)))
+    (arguments
+     ;; Some tests fail due to requiring the mimetype of perl files to be
+     ;; text/plain when they are actually application/x-perl.
+     `(#:tests? #f
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'wrap-programs
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (for-each (lambda (prog)
+                           (wrap-program (string-append out "/bin/" prog)
+                             `("PERL5LIB" ":" prefix
+                               (,(string-append (getenv "PERL5LIB") ":" out
+                                                "/lib/perl5/site_perl")))))
+                         '("mimeopen" "mimetype")))
+             #t)))))
+    (home-page "http://search.cpan.org/dist/File-MimeInfo/")
+    (synopsis "Determine file type from the file name")
+    (description
+     "@code{File::Mimeinfo} can be used to determine the MIME type of a file.
+It tries to implement the Freedesktop specification for a shared MIME
+database.
+
+This package also contains two related utilities:
+
+@itemize
+@item @command{mimetype} determines a file's MIME type;
+@item @command{mimeopen} opens files in an appropriate program according to
+their MIME type.
+@end itemize")
+    (license license:perl-license)))
diff --git a/gnu/packages/game-development.scm b/gnu/packages/game-development.scm
index be241cbd31..3c544f5546 100644
--- a/gnu/packages/game-development.scm
+++ b/gnu/packages/game-development.scm
@@ -37,6 +37,7 @@
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system python)
+  #:use-module (guix build-system scons)
   #:use-module (gnu packages)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages boost)
@@ -1063,12 +1064,26 @@ games.")
               (file-name (string-append name "-" version))
               (sha256
                (base32 "1mz89nafc1m7srbqvy7iagxrxmqvf5hbqi7i0lwaapkx6q0kpkq7"))))
-    (build-system gnu-build-system)
+    (build-system scons-build-system)
     (arguments
-     `(#:tests? #f ; There are no tests
+     `(#:scons ,scons-python2
+       #:scons-flags (list "platform=x11"
+                           ;; Avoid using many of the bundled libs.
+                           ;; Note: These options can be found in the SConstruct file.
+                           "builtin_freetype=no"
+                           "builtin_glew=no"
+                           "builtin_libmpdec=no"
+                           "builtin_libogg=no"
+                           "builtin_libpng=no"
+                           "builtin_libtheora=no"
+                           "builtin_libvorbis=no"
+                           "builtin_libwebp=no"
+                           "builtin_openssl=no"
+                           "builtin_opus=no"
+                           "builtin_zlib=no")
+       #:tests? #f ; There are no tests
        #:phases
        (modify-phases %standard-phases
-         (delete 'configure)
          (add-after 'unpack 'scons-use-env
            (lambda _
              ;; Scons does not use the environment variables by default,
@@ -1079,24 +1094,6 @@ games.")
                  "env_base = Environment(tools=custom_tools)\n"
                  "env_base = Environment(ENV=os.environ)")))
              #t))
-         (replace 'build
-           (lambda _
-             (zero? (system*
-                     "scons"
-                     "platform=x11"
-                     ;; Avoid using many of the bundled libs.
-                     ;; Note: These options can be found in the SConstruct file.
-                     "builtin_freetype=no"
-                     "builtin_glew=no"
-                     "builtin_libmpdec=no"
-                     "builtin_libogg=no"
-                     "builtin_libpng=no"
-                     "builtin_libtheora=no"
-                     "builtin_libvorbis=no"
-                     "builtin_libwebp=no"
-                     "builtin_openssl=no"
-                     "builtin_opus=no"
-                     "builtin_zlib=no"))))
          (replace 'install
            (lambda* (#:key outputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out"))
@@ -1128,8 +1125,7 @@ games.")
                            Type=Application~%"
                            out)))
                #t))))))
-    (native-inputs `(("pkg-config" ,pkg-config)
-                     ("scons" ,scons)))
+    (native-inputs `(("pkg-config" ,pkg-config)))
     (inputs `(("alsa-lib" ,alsa-lib)
               ("freetype" ,freetype)
               ("glew" ,glew)
@@ -1144,8 +1140,7 @@ games.")
               ("mesa" ,mesa)
               ("openssl" ,openssl)
               ("opusfile" ,opusfile)
-              ("pulseaudio" ,pulseaudio)
-              ("python2" ,python-2)))
+              ("pulseaudio" ,pulseaudio)))
     (home-page "https://godotengine.org/")
     (synopsis "Advanced 2D and 3D game engine")
     (description
diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index 2ef69e87d1..a699fadc2a 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -580,6 +580,92 @@ utilizing the art assets from the @code{SuperTux} project.")
                    license:gpl2+
                    license:gpl3+))))
 
+(define-public roguebox-adventures
+  (let ((commit "19a2c340b34d5b4e7cc89118c7aedc058babbd93")
+        (revision "1"))
+      (package
+        (name "roguebox-adventures")
+        (version (git-version "2.1.2" revision commit))
+        (source
+         (origin
+           (method git-fetch)
+           (uri
+            (git-reference
+             (url "https://git.postactiv.com/themightyglider/RogueBoxAdventures.git")
+                 (commit commit)))
+           (file-name (git-file-name name version))
+           (sha256
+            (base32
+             "0afmg8fjdcs3sqdp5rc7irgr7riil8jwysfjn1imfxslf1wcx5ah"))))
+        (build-system python-build-system)
+        (arguments
+         '(#:tests? #f ; no check target
+           #:phases
+           (modify-phases %standard-phases
+             ;; no setup.py script
+             (replace 'build
+               (lambda* (#:key outputs #:allow-other-keys)
+                 (let* ((out (assoc-ref outputs "out"))
+                        (data (string-append
+                               out "/share/games/roguebox-adventures")))
+                   ;; Use the correct data directory.
+                   (substitute* '("main.py" "LIB/getch.py" "LIB/getch_gcwz.py")
+                     (("basic_path + os\\.sep + 'DATA'")
+                      (string-append "'" data "'"))
+                     (("^basic_path.*$")
+                      (string-append "basic_path ='" data "'\n")))
+                   (substitute* "LIB/gra_files.py"
+                     (("basic_path = b_path\\.replace\\('/LIB',''\\)")
+                      (string-append "basic_path ='" data "'\n")))
+
+                   ;; The game must save in the user's home directory because
+                   ;; the store is read-only.
+                   (substitute* "main.py"
+                     (("home_save = False") "home_save = True")
+                     (("'icon_small.png'")
+                      (string-append "'" data "/icon_small.png'"))))
+                 #t))
+             (replace 'install
+               (lambda* (#:key outputs #:allow-other-keys)
+                 (let* ((out (assoc-ref outputs "out"))
+                        (bin (string-append out "/bin"))
+                        (data (string-append
+                               out "/share/games/roguebox-adventures"))
+                        (doc (string-append
+                              out "/share/doc/roguebox-adventures")))
+                   (mkdir-p bin)
+                   (mkdir-p doc)
+                   (copy-file "main.py"
+                              (string-append bin "/roguebox-adventures"))
+                   (chmod (string-append bin "/roguebox-adventures") #o555)
+
+                   (for-each (lambda (file)
+                               (copy-recursively file
+                                                 (string-append data "/" file)))
+                             '("AUDIO" "FONT" "GRAPHIC" "LIB" "LICENSE"
+                               "icon_big.png" "icon_small.png"))
+
+                   (copy-recursively "DOC" doc)
+
+                   (wrap-program (string-append bin "/roguebox-adventures")
+                     `("PYTHONPATH" ":" prefix (,(string-append data "/LIB")))))
+                 #t)))))
+        (inputs
+         `(("python-pygame" ,python-pygame)
+           ("python-tmx" ,python-tmx)))
+        (home-page "https://rogueboxadventures.tuxfamily.org")
+        (synopsis "A classical roguelike/sandbox game")
+        (description
+         "RogueBox Adventures is a graphical roguelike with strong influences
+from sandbox games like Minecraft or Terraria.  The main idea of RogueBox
+Adventures is to offer the player a kind of roguelike toy-world.  This world
+can be explored and changed freely.")
+        ;; The GPL3+ is for code, the rest are for art.
+        (license (list license:cc0
+                       license:cc-by3.0
+                       license:gpl3+
+                       license:silofl1.1)))))
+
 (define-public xshogi
   (package
     (name "xshogi")
@@ -722,7 +808,7 @@ fight Morgoth, the Lord of Darkness.")
        (patches (search-patches "pingus-sdl-libs-config.patch"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)
-                     ("scons" ,scons)))
+                     ("scons-python2" ,scons-python2)))
     (inputs `(("sdl" ,sdl)
               ("sdl-image" ,sdl-image)
               ("sdl-mixer" ,sdl-mixer)
@@ -731,15 +817,11 @@ fight Morgoth, the Lord of Darkness.")
               ("libpng" ,libpng)
               ("boost" ,boost)))
     (arguments
-     '(#:tests? #f                      ; no check target
+     '(#:make-flags (list (string-append "PREFIX=" %output))
+       #:tests? #f                      ; no check target
        #:phases
        (modify-phases %standard-phases
-         (delete 'configure)            ; no configure script
-        (replace 'install
-          (lambda* (#:key outputs #:allow-other-keys)
-            (zero? (system* "make" "install"
-                            (string-append "PREFIX="
-                                           (assoc-ref outputs "out")))))))))
+         (delete 'configure)))) ; no configure script
     (home-page "http://pingus.seul.org/welcome.html")
     (synopsis "Lemmings clone")
     (description
@@ -1346,7 +1428,7 @@ either by Infocom or created using the Inform compiler.")
 (define-public retroarch
   (package
     (name "retroarch")
-    (version "1.6.7")
+    (version "1.6.9")
     (source
      (origin
        (method url-fetch)
@@ -1354,7 +1436,7 @@ either by Infocom or created using the Inform compiler.")
                            version ".tar.gz"))
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
-        (base32 "13vp5skf95a4fla3dwdk2v48dgnmrvimvp9fgpr1vppb7wfjhbr1"))))
+        (base32 "1d3qbph59d43k10mprqm8h23143yji5mwjkciwynwa4xvsgydpb6"))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f                      ; no tests
@@ -1461,7 +1543,7 @@ This game is based on the GPL version of the famous game TuxRacer.")
 (define-public supertuxkart
   (package
     (name "supertuxkart")
-    (version "0.9.2")
+    (version "0.9.3")
     (source
      (origin
        (method url-fetch)
@@ -1469,8 +1551,7 @@ This game is based on the GPL version of the famous game TuxRacer.")
                            version "/supertuxkart-" version "-src.tar.xz"))
        (sha256
         (base32
-         "10l2ljmd7mv8f9ylarqmxxryicdnph2qkm3g5maxnsm2k2q0n20b"))
-       (patches (search-patches "supertuxkart-angelscript-ftbfs.patch"))
+         "1c4w47ibj87lgwiqygq8qi7jiz6gklj4dwf5bs5zk15s0rqlw0fq"))
        (modules '((guix build utils)))
        (snippet
         ;; Delete bundled library sources
@@ -1495,6 +1576,8 @@ This game is based on the GPL version of the famous game TuxRacer.")
        (list "-DUSE_WIIUSE=0"
              ;; Do not use the bundled zlib
              "-DNO_IRR_COMPILE_WITH_ZLIB_=TRUE"
+             ;; FIXME: needs libopenglrecorder
+             "-DBUILD_RECORDER=0"
              ;; Irrlicht returns an integer instead of a boolean
              "-DCMAKE_C_FLAGS=-fpermissive")
        #:phases
@@ -3035,7 +3118,7 @@ Red Eclipse provides fast paced and accessible gameplay.")
 (define-public higan
   (package
     (name "higan")
-    (version "104")
+    (version "106")
     (source
      (origin
        (method url-fetch)
@@ -3044,7 +3127,7 @@ Red Eclipse provides fast paced and accessible gameplay.")
              version))
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
-        (base32 "18by01ir2mvdi9hq571in1hk18gw2bd0ynq4avfs1qj0qra35fqb"))
+        (base32 "0y42pra0dxzlbkyzcp3r8a39pji2bj3p9fl40425f60af2igr4rw"))
        (patches (search-patches "higan-remove-march-native-flag.patch"))))
     (build-system gnu-build-system)
     (native-inputs
@@ -4154,7 +4237,7 @@ emerges from a sewer hole and pulls her below ground.")
 (define-public cdogs-sdl
   (package
     (name "cdogs-sdl")
-    (version "0.6.5")
+    (version "0.6.6")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/cxong/cdogs-sdl/"
@@ -4162,7 +4245,7 @@ emerges from a sewer hole and pulls her below ground.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "17llrpdrrwi8h37vjpkxk2asj7h8qdfp2zy28wiwb7cjzribmz3k"))))
+                "08gbx6vqqir48xs6qdfa4kv70gj4j96wzs90pg7qldfasxz34ljm"))))
     (build-system cmake-build-system)
     (arguments
      `(#:configure-flags
@@ -4504,7 +4587,7 @@ fish.  The whole game is accompanied by quiet, comforting music.")
 (define-public crawl
   (package
     (name "crawl")
-    (version "0.20.0")
+    (version "0.20.1")
     (source
      (origin
        (method url-fetch)
@@ -4518,7 +4601,7 @@ fish.  The whole game is accompanied by quiet, comforting music.")
                             version "-nodeps.tar.xz")))
        (sha256
         (base32
-         "0127dgldij2h4m7cf32yy9ndv4vcz03g4km71lmxrsi5mw7ljgpd"))
+         "0cagx7687r5ln7pmzl60akjhjpyqd62z9zhfr2mqfk53wl9jbsbj"))
        (patches (search-patches "crawl-upgrade-saves.patch"))))
     (build-system gnu-build-system)
     (inputs
@@ -4603,7 +4686,7 @@ fabulous Orb of Zot.")
        ("sdl2-mixer" ,sdl2-mixer)))
     (native-inputs
      `(,@(package-native-inputs crawl)
-       ;; TODO: Add advpng or pngcrush for additional PNG optimization.
+       ("pngcrush" ,pngcrush)
        ("which" ,which)))
     (synopsis "Graphical roguelike dungeon crawler game")))
 
diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index dab2f99d74..84d2f9a8d2 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -413,7 +413,12 @@ Go.  It also includes runtime support libraries for these languages.")
                (base32
                 "1m0lr7938lw5d773dkvwld90hjlcq2282517d1gwvrfzmwgg42w5"))
               (patches (search-patches "gcc-strmov-store-file-names.patch"
-                                       "gcc-5.0-libvtv-runpath.patch"))))))
+                                       "gcc-6-source-date-epoch-1.patch"
+                                       "gcc-6-source-date-epoch-2.patch"
+                                       "gcc-5.0-libvtv-runpath.patch"))))
+    (inputs
+     `(("isl" ,isl)
+       ,@(package-inputs gcc-4.7)))))
 
 (define-public gcc-7
   (package
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 2cb6947205..8f9b1bac98 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -454,6 +454,16 @@ commonly used macros.")
        (base32
         "0pkq5l1llw8gkjhfq6y58iyj6wac8dh1mc3rzjzn6nd7lrkdx8cg"))))
     (build-system gnu-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'patch-path
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let ((libc   (assoc-ref inputs "libc")))
+               (substitute* "libgnome-desktop/gnome-languages.c"
+                 (("\"locale\"")
+                  (string-append "\"" libc "/bin/locale\"")))
+               #t))))))
     (native-inputs
      `(("gobject-introspection" ,gobject-introspection)
        ("itstool" ,itstool)
@@ -1059,7 +1069,7 @@ API add-ons to make GTK+ widgets OpenGL-capable.")
 (define-public glade3
   (package
     (name "glade")
-    (version "3.20.1")
+    (version "3.20.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -1067,7 +1077,7 @@ API add-ons to make GTK+ widgets OpenGL-capable.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1pxikhzdzd092d4x3nacf5gfzi3mvhywrhcfqc07xakbsinnfr40"))))
+                "1vdbqqvf6nrkqml4awrq4pzfwsm5v39wdzg943nys6lmf1am9l87"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(#:tests? #f ; needs X, GL, and software rendering
@@ -1787,14 +1797,14 @@ Hints specification (EWMH).")
 (define-public goffice
   (package
     (name "goffice")
-    (version "0.10.35")
+    (version "0.10.36")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
                                   (version-major+minor version)  "/"
                                   name "-" version ".tar.xz"))
               (sha256
-               (base32 "0f2p3p7idfpbms4mi75031014mqsv09s21b6w1359p09raph3461"))))
+               (base32 "1mma1gp179dh7kvwzd7q3mwg0719hhbm9f5sqw28flv5lv05zrng"))))
     (build-system gnu-build-system)
     (outputs '("out"
                "doc"))                            ;4.1 MiB of gtk-doc
@@ -1851,7 +1861,7 @@ Hints specification (EWMH).")
 (define-public gnumeric
   (package
     (name "gnumeric")
-    (version "1.12.35")
+    (version "1.12.36")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -1859,7 +1869,7 @@ Hints specification (EWMH).")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "02kcq2af16m9mlzgkbdzswhw0nl6zf01dmvsfq3shy1mab7f7cbp"))))
+                "0j28qpbz9a9p80x27kcwxl5n1hf36nn2fa7dxwrbhcdx4rgy5grw"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(;; The gnumeric developers don't worry much about failing tests.
@@ -2945,7 +2955,7 @@ service via the system message bus.")
 (define-public libgweather
   (package
     (name "libgweather")
-    (version "3.26.0")
+    (version "3.26.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -2953,7 +2963,7 @@ service via the system message bus.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0vkbc8rvmrlfiws844izxfl01r6l9p6agf8vvgszzkry1gfbm12v"))))
+                "1f64ix7acj0j0qvxwxaazii2bhsjgh5ang1kw14fkg25ndq899zw"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
@@ -3687,7 +3697,7 @@ which can read a large number of file formats.")
 (define-public rhythmbox
  (package
    (name "rhythmbox")
-   (version "3.4.1")
+   (version "3.4.2")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3695,7 +3705,7 @@ which can read a large number of file formats.")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "1dj1hgdyhmwzs6h2zr89b1ipk0p6g7x74rfz56a5yjds3ik8d7q3"))))
+              "0hzcns8gf5yb0rm4ss8jd8qzarcaplp5cylk6plwilsqfvxj4xn2"))))
    (build-system glib-or-gtk-build-system)
    (arguments
     `(#:configure-flags
@@ -4051,7 +4061,7 @@ work and the interface is well tested.")
 (define-public eolie
   (package
     (name "eolie")
-    (version "0.9.12")
+    (version "0.9.13")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/gnumdk/eolie/"
@@ -4059,7 +4069,7 @@ work and the interface is well tested.")
                                   "/eolie-" version ".tar.xz"))
               (sha256
                (base32
-                "1qlaxczs82vyww06v5m8zwhvaiilp5zhxp5yp632a8947cg5blnz"))))
+                "1khpc6x40y5gm0a3p5fxiva9p1djijxmsh74xinigddnyqbjqw69"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(#:phases
@@ -4386,7 +4396,7 @@ metadata in photo and video files of various formats.")
 (define-public shotwell
   (package
     (name "shotwell")
-    (version "0.26.3")
+    (version "0.27.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4394,7 +4404,7 @@ metadata in photo and video files of various formats.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1r8fd63r7c5n99hwrkzv9jlrk84z4sa15q3h70pydzfjnfqf90zv"))))
+                "1jav7qv0s1v6wvd7x2ri85hjqnbswq883pnd228qhd6bhjbryp89"))))
     (build-system glib-or-gtk-build-system)
     (propagated-inputs
      `(("dconf" ,dconf)))
@@ -5866,7 +5876,8 @@ software that do not provide their own configuration interface.")
     (build-system trivial-build-system)
     (source #f)
     (propagated-inputs
-     `(("nautilus" ,nautilus)))
+     `(("nautilus" ,nautilus)
+       ("evince" ,evince)))
     (arguments
      `(#:modules ((guix build utils))
        #:builder
@@ -5878,7 +5889,9 @@ software that do not provide their own configuration interface.")
            (call-with-output-file (string-append apps "/defaults.list")
              (lambda (port)
                (format port "[Default Applications]\n")
-               (format port "inode/directory=org.gnome.Nautilus.desktop\n")))
+               (format port "inode/directory=org.gnome.Nautilus.desktop\n")
+               (format port "application/pdf=evince.desktop\n")
+               (format port "application/postscript=evince.desktop\n")))
            #t))))
     (synopsis "Default MIME type associations for the GNOME desktop")
     (description
diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index b17a39ccf9..91e2e3f245 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -2,10 +2,10 @@
 ;;; Copyright © 2013, 2014, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2014 Sree Harsha Totakura <sreeharsha@totakura.in>
 ;;; Copyright © 2015, 2017 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
+;;; Copyright © 2016, 2017 ng0 <ng0@n0.is>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -144,14 +144,14 @@ tool to extract metadata from a file and print the results.")
 (define-public libmicrohttpd
   (package
    (name "libmicrohttpd")
-   (version "0.9.55")
+   (version "0.9.57")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/libmicrohttpd/libmicrohttpd-"
                                 version ".tar.gz"))
             (sha256
              (base32
-              "1y6h1slav5l6k8zyb01dpw65dscdgxxgfa3a0z9qnn7jr66sn70c"))))
+              "0kmgkk9sjg1n3q7rbzw5y4qmgh51zn5qi2j69gbqmr6phxjaghfy"))))
    (build-system gnu-build-system)
    (inputs
     `(("curl" ,curl)
@@ -177,23 +177,22 @@ tool to extract metadata from a file and print the results.")
 C library.  It makes it easy to run an HTTP server as part of another
 application.  The library is fully HTTP 1.1 compliant.  It can listen on
 multiple ports, supports four different threading models, and supports
-IPv6.  It
-also features security features such as basic and digest authentication
-and support for SSL3 and TLS.")
+IPv6.  It also features security features such as basic and digest
+authentication and support for SSL3 and TLS.")
    (license license:lgpl2.1+)
    (home-page "https://www.gnu.org/software/libmicrohttpd/")))
 
 (define-public gnurl
   (package
    (name "gnurl")
-   (version "7.56.1")
+   (version "7.56.1-2")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://gnunet.org/sites/default/files/"
                                 name "-" version ".tar.bz2"))
             (sha256
              (base32
-              "0phbs3lw0a561fqsj4fyngmpaznjlnx4qx9n9xzglivy69r9j1n8"))))
+              "092lpwjdg0z5bbf6i331ydm49qy05xrb3vagggmpi8pl7v3zv88j"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"))                             ; 1.5 MiB of man3 pages
@@ -207,17 +206,7 @@ and support for SSL3 and TLS.")
       ("pkg-config" ,pkg-config)
       ("python" ,python-2)))
    (arguments
-    `(#:configure-flags '("--enable-ipv6" "--with-gnutls" "--without-libssh2"
-                          "--without-libmetalink" "--without-winidn"
-                          "--without-librtmp" "--without-nghttp2"
-                          "--without-nss" "--without-cyassl"
-                          "--without-polarssl" "--without-ssl"
-                          "--without-winssl" "--without-darwinssl"
-                          "--disable-sspi" "--disable-ntlm-wb"
-                          "--disable-ldap" "--disable-rtsp" "--disable-dict"
-                          "--disable-telnet" "--disable-tftp" "--disable-pop3"
-                          "--disable-imap" "--disable-smtp" "--disable-gopher"
-                          "--disable-file" "--disable-ftp" "--disable-smb")
+    `(#:configure-flags (list "--disable-ntlm-wb")
       #:test-target "test"
       #:parallel-tests? #f
       #:phases
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index 567ba0dd57..a8424a87f6 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -212,14 +212,14 @@ compatible to GNU Pth.")
 (define-public gnupg
   (package
     (name "gnupg")
-    (version "2.2.2")
+    (version "2.2.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
                                   ".tar.bz2"))
               (sha256
                (base32
-                "15w1q0bib742jqnir67bk07mc6ph9yik8wbc5i1bkcyf29s2rdmz"))))
+                "1d4482c4pbi0p1k8cc0f9c4q51k56v8navrbz5samxrrs42p3lyb"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 3499f48594..814d37270e 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -7,6 +7,7 @@
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2017 ng0 <ng0@infotropique.org>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -381,11 +382,11 @@ in the Mozilla clients.")
      "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")
     (synopsis "Network Security Services")
     (description
-     "Network Security Services (NSS) is a set of libraries designed to support
-cross-platform development of security-enabled client and server applications.
-Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7,
-PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security
-standards.")
+     "Network Security Services (@dfn{NSS}) is a set of libraries designed to
+support cross-platform development of security-enabled client and server
+applications.  Applications built with NSS can support SSL v2 and v3, TLS,
+PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
+security standards.")
     (license license:mpl2.0)))
 
 (define (mozilla-patch file-name changeset hash)
diff --git a/gnu/packages/gps.scm b/gnu/packages/gps.scm
index 10592c23ec..abdd024731 100644
--- a/gnu/packages/gps.scm
+++ b/gnu/packages/gps.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014, 2015 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -26,6 +26,7 @@
   #:use-module (gnu packages base)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages databases)
   #:use-module (gnu packages docbook)
   #:use-module (gnu packages image)
   #:use-module (gnu packages xml)
@@ -131,3 +132,31 @@ the photo was taken.  It does this by using the timestamp in the photo and
 finding a data point in the GPS track that matches, or interpolating a point
 between two other data points.")
       (license license:gpl2+))))
+
+(define-public gama
+  (package
+    (name "gama")
+    (version "1.21")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "mirror://gnu/gama/gama-"
+                            version ".tar.gz"))
+        (sha256
+         (base32
+          "0yy8czw5dldbw1qj5v2h2wfh397bfx5wd3lrrgs8m1qdf1njnhcq"))))
+    (build-system gnu-build-system)
+    (arguments '(#:parallel-tests? #f)) ; race condition
+    (native-inputs
+     `(("libxml2" ,libxml2)))
+    (inputs
+     `(("expat" ,expat)
+       ("sqlite" ,sqlite)))
+    (home-page "https://www.gnu.org/software/gama")
+    (synopsis "Adjustment of geodetic networks")
+    (description
+     "GNU Gama is a program for the adjustment of geodetic networks.  It is
+useful in measurements where Global Positioning System (GPS) is not available,
+such as underground.  It features the ability to adjust in local Cartesian
+coordinates as well as partial support for adjustments in global coordinate systems.")
+    (license license:gpl3+)))
diff --git a/gnu/packages/graphics.scm b/gnu/packages/graphics.scm
index 3ffb4dd25c..249bbb6df1 100644
--- a/gnu/packages/graphics.scm
+++ b/gnu/packages/graphics.scm
@@ -7,6 +7,7 @@
 ;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2017 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
 ;;; Copyright © 2017 Ben Woodcroft <donttrustben@gmail.com>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -500,7 +501,7 @@ virtual reality, scientific visualization and modeling.")
        ("intltool" ,intltool)
        ("pkg-config" ,pkg-config)
        ("xvfb" ,xorg-server)))
-    (home-page "http://rapicorn.org")
+    (home-page "https://rapicorn.testbit.org/")
     (synopsis "Toolkit for rapid development of user interfaces")
     (description
      "Rapicorn is a toolkit for rapid development of user interfaces in C++
diff --git a/gnu/packages/groff.scm b/gnu/packages/groff.scm
index 6e1a60e9ba..fd098cd770 100644
--- a/gnu/packages/groff.scm
+++ b/gnu/packages/groff.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -72,6 +73,52 @@ is usually the formatter of \"man\" documentation pages.")
    (license gpl3+)
    (home-page "https://www.gnu.org/software/groff/")))
 
+(define-public groff-minimal
+  ;; Minimialist groff for use by man-db.  Its closure size is less than half
+  ;; that of the full-blown groff.
+  (package
+    (inherit groff)
+    (name "groff-minimal")
+    (synopsis "Minimalist variant of Groff for use by man-db")
+    (outputs '("out"))
+
+    ;; Omit the DVI, PS, PDF, and HTML backends.
+    (inputs '())
+    (native-inputs `(("bison" ,bison)
+                     ("perl" ,perl)))
+
+    (arguments
+     `(#:disallowed-references (,perl)
+
+       #:configure-flags '("--docdir=/tmp/trash/doc")
+
+       #:phases (modify-phases %standard-phases
+                  (add-after 'install 'remove-non-essential-programs
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      ;; Keep only the programs that man-db needs at run time,
+                      ;; and make sure we don't pull in Perl.
+                      (let ((out  (assoc-ref outputs "out"))
+                            (kept '("eqn" "neqn" "pic" "tbl" "refer"
+                                    "nroff" "groff" "troff" "grotty")))
+                        (for-each (lambda (file)
+                                    (unless (member (basename file) kept)
+                                      (delete-file file)))
+                                  (find-files (string-append out "/bin")))
+
+                        ;; Remove a bunch of unneeded Perl scripts.
+                        (for-each delete-file (find-files out "\\.pl$"))
+                        (for-each delete-file
+                                  (find-files out "BuildFoundries"))
+
+                        ;; Remove ~3 MiB from share/groff/X.Y/font/devBACKEND
+                        ;; corresponding to the unused backends.
+                        (for-each delete-file-recursively
+                                  (find-files out "^dev(dvi|ps|pdf|html|lj4)$"
+                                              #:directories? #t))
+                        #t))))
+
+       ,@(package-arguments groff)))))
+
 ;; There are no releases, so we take the latest commit.
 (define-public roffit
   (let ((commit "e5228388e3faf2b7f1ae5bd048ad46ed565304c6")
diff --git a/gnu/packages/gstreamer.scm b/gnu/packages/gstreamer.scm
index c87465db09..3333ca87fd 100644
--- a/gnu/packages/gstreamer.scm
+++ b/gnu/packages/gstreamer.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -45,6 +46,7 @@
   #:use-module (gnu packages libusb)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages mp3)
+  #:use-module (gnu packages ncurses)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages qt)
@@ -64,14 +66,14 @@
 (define-public orc
   (package
     (name "orc")
-    (version "0.4.27")
+    (version "0.4.28")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://gstreamer.freedesktop.org/data/src/"
                                   "orc/orc-" version ".tar.xz"))
               (sha256
                (base32
-                "14vbwdydwarcvswzf744jdjb3ibhv6k4j6hzdacfan41zic3xrai"))))
+                "1kl3rlmzr27bdpn78nvpnjs142ja1m6grvafdhw74mmhcdjprkdz"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -469,3 +471,31 @@ be used by Python applications using GStreamer.")
     (propagated-inputs
      `(("gst-plugins-base" ,gst-plugins-base)
        ("python-pygobject" ,python2-pygobject)))))
+
+(define-public gst123
+  (package
+    (name "gst123")
+    (version "0.3.5")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://space.twc.de/~stefan/gst123/gst123-"
+                                  version ".tar.bz2"))
+              (sha256
+               (base32
+                "0zaa117n4wkya9p903vkj8hj58lmdb66pxsdx5wwcv7nffbp5d67"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("gtk+" ,gtk+-2)
+       ("ncurses" ,ncurses)
+       ("gstreamer" ,gstreamer)
+       ("gst-plugins-base" ,gst-plugins-base)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "http://space.twc.de/~stefan/gst123.php")
+    (synopsis "Flexible command line media player based on gstreamer")
+    (description "The program gst123 is designed to be a more flexible command
+line player in the spirit of ogg123 and mpg123, based on the gstreamer media
+framework.  It plays all file formats gstreamer supports, so if you have a
+music collection which contains different file formats, like flac, ogg and
+mp3, you can use gst123 to play all your music files.")
+    (license license:lgpl2.0+)))
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index abcefd32ed..90630e8a36 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -221,7 +221,7 @@ without requiring the source code to be rewritten.")
 (define-public guile-2.2
   (package (inherit guile-2.0)
     (name "guile")
-    (version "2.2.2")
+    (version "2.2.2")                      ;TODO: Update to 2.2.3 (see below).
     (source (origin
               (method url-fetch)
 
@@ -251,6 +251,21 @@ without requiring the source code to be rewritten.")
             (files '("lib/guile/2.2/site-ccache"
                      "share/guile/site/2.2")))))))
 
+(define-public guile-2.2.3
+  ;; TODO: Make it the new 'guile-2.2' on the next rebuild cycle.
+  (package
+    (inherit guile-2.2)
+    (version "2.2.3")
+    (source (origin (inherit (package-source guile-2.2))
+                    (uri (list (string-append "mirror://gnu/guile/guile-"
+                                              version ".tar.xz")
+                               (string-append
+                                "https://wingolog.org/priv/guile-"
+                                version ".tar.xz")))
+                    (sha256
+                     (base32
+                      "11j01agvnci2cx32wwpqs9078856yxmvs15gcsz7ganpkj2ahlw3"))))))
+
 (define-public guile-2.2/fixed
   ;; A package of Guile 2.2 that's rarely changed.  It is the one used
   ;; in the `base' module, and thus changing it entails a full rebuild.
@@ -1263,7 +1278,7 @@ key-value cache and store.")
 (define-public guile-wisp
   (package
     (name "guile-wisp")
-    (version "0.9.0")
+    (version "0.9.8")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://bitbucket.org/ArneBab/"
@@ -1271,25 +1286,26 @@ key-value cache and store.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0y5fxacalkgbv9s71h58vdvm2h2ln3rk024dd0vszwcf953as5fq"))))
+                "1f2bbicq1rxnwmiplrm4r75wj06w385mjkyvi7g4k740bgwcrzxr"))))
     (build-system gnu-build-system)
     (arguments
-     `(#:modules ((system base compile)
-                  ,@%gnu-build-system-modules)
+     `(#:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (ice-9 rdelim)
+                  (ice-9 popen))
+
        #:phases
        (modify-phases %standard-phases
-         (add-before
-          'configure 'substitute-before-config
+         (add-before 'configure 'substitute-before-config
 
           (lambda* (#:key inputs #:allow-other-keys)
             (let ((bash (assoc-ref inputs "bash")))
-              ;; configure checks for guile-2.0, but ours is just named "guile" :)
-              (substitute* "configure"
-                (("guile-2.0") "guile"))
               ;; Puts together some test files with /bin/bash hardcoded
               (substitute* "Makefile.in"
-                (("/bin/bash")
-                 (string-append bash "/bin/bash") ))
+                (("/usr/bin/env bash")
+                 (string-append bash "/bin/bash"))
+                (("\\$\\(GUILE_EFFECTIVE_VERSION\\)/site")
+                 "site/$(GUILE_EFFECTIVE_VERSION)")) ;use the right order
               #t)))
 
          ;; auto compilation breaks, but if we set HOME to /tmp,
@@ -1299,37 +1315,33 @@ key-value cache and store.")
           (lambda _
             (setenv "HOME" "/tmp")
             #t))
-         (replace
-          'install
+         (add-after 'install 'install-go-files
           (lambda* (#:key outputs inputs #:allow-other-keys)
             (let* ((out (assoc-ref outputs "out"))
-                   (module-dir (string-append out "/share/guile/site/2.0"))
-                   (language-dir
-                    (string-append module-dir "/language/wisp"))
-                   (guild (string-append (assoc-ref inputs "guile")
-                                         "/bin/guild")))
-              ;; Make installation directories.
-              (mkdir-p module-dir)
-              (mkdir-p language-dir)
-
-              ;; copy the source
-              (copy-file "wisp-scheme.scm"
-                         (string-append module-dir "/wisp-scheme.scm"))
-              (copy-file "language/wisp/spec.scm"
-                         (string-append language-dir "/spec.scm"))
-
+                   (effective (read-line
+                               (open-pipe* OPEN_READ
+                                           "guile" "-c"
+                                           "(display (effective-version))")))
+                   (module-dir (string-append out "/share/guile/site/"
+                                              effective))
+                   (object-dir (string-append out "/lib/guile/" effective
+                                              "/site-ccache"))
+                   (prefix     (string-length module-dir)))
               ;; compile to the destination
-              (compile-file "wisp-scheme.scm"
-                            #:output-file (string-append
-                                           module-dir "/wisp-scheme.go"))
-              (compile-file "language/wisp/spec.scm"
-                            #:output-file (string-append
-                                           language-dir "/spec.go"))
+              (for-each (lambda (file)
+                          (let* ((base (string-drop (string-drop-right file 4)
+                                                    prefix))
+                                 (go   (string-append object-dir base ".go")))
+                           (invoke "guild" "compile" "-L" module-dir
+                                    file "-o" go)))
+                        (find-files module-dir "\\.scm$"))
               #t))))))
     (home-page "http://draketo.de/english/wisp")
     (inputs
-     `(("guile" ,guile-2.0)
-       ("python" ,python)))
+     `(("guile" ,guile-2.2)))
+    (native-inputs
+     `(("python" ,python)
+       ("pkg-config" ,pkg-config)))
     (synopsis "Whitespace to lisp syntax for Guile")
     (description "Wisp is a syntax for Guile which provides a Python-like
 whitespace-significant language.  It may be easier on the eyes for some
@@ -1374,11 +1386,11 @@ users and in some situations.")
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (propagated-inputs
-     `(("guile" ,guile-2.2)
-       ("guile-sdl" ,guile-sdl)
+     `(("guile-sdl" ,guile-sdl)
        ("guile-opengl" ,guile-opengl)))
     (inputs
-     `(("gsl" ,gsl)
+     `(("guile" ,guile-2.2)
+       ("gsl" ,gsl)
        ("freeimage" ,freeimage)
        ("mesa" ,mesa)))
     (synopsis "2D/3D game engine for GNU Guile")
@@ -1492,6 +1504,55 @@ It currently supports MySQL, Postgres and SQLite3.")
 SQL databases.  This package implements the interface for SQLite.")
     (license license:gpl2+)))
 
+(define-public guile-dsv
+  (package
+    (name "guile-dsv")
+    (version "0.2.1")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/artyom-poptsov/guile-dsv")
+                    (commit "bdc5267d007478abc20ea96d7c459b7dd9560b3d")))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "1irw6mz8998nwyhzrw9g94jcz60b9zljgqfmipaz1ybn8579qjx0"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("pkg-config" ,pkg-config)
+       ("texinfo" ,texinfo)))
+    (inputs `(("guile" ,guile-2.2)))
+    (propagated-inputs `(("guile-lib" ,guile-lib)))
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (add-before 'configure 'set-guilesitedir
+                    (lambda _
+                      (substitute* "Makefile.in"
+                        (("^guilesitedir =.*$")
+                         "guilesitedir = \
+$(datadir)/guile/site/$(GUILE_EFFECTIVE_VERSION)\n"))
+                      (substitute* "modules/Makefile.in"
+                        (("^guilesitedir =.*$")
+                         "guilesitedir = \
+$(datadir)/guile/site/$(GUILE_EFFECTIVE_VERSION)\n"))
+                      (substitute* "modules/dsv/Makefile.in"
+                        (("^guilesitedir =.*$")
+                         "guilesitedir = \
+$(datadir)/guile/site/$(GUILE_EFFECTIVE_VERSION)\n"))
+                      #t))
+                  (add-after 'unpack 'autoreconf
+                    (lambda _
+                      (zero? (system* "autoreconf" "-vfi")))))))
+    (home-page "https://github.com/artyom-poptsov/guile-dsv")
+    (synopsis "DSV module for Guile")
+    (description
+     "Guile-DSV is a GNU Guile module for working with the
+delimiter-separated values (DSV) data format.  Guile-DSV supports the
+Unix-style DSV format and RFC 4180 format.")
+    (license license:gpl3+)))
+
 (define-public guile-xosd
   (package
     (name "guile-xosd")
diff --git a/gnu/packages/haskell-check.scm b/gnu/packages/haskell-check.scm
index 190ee7cc93..871e0b9790 100644
--- a/gnu/packages/haskell-check.scm
+++ b/gnu/packages/haskell-check.scm
@@ -7,6 +7,7 @@
 ;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;; Copyright © 2017 Danny Milosavljevic <dannym@scratchpost.org>
 ;;; Copyright © 2017 rsiddharth <s@ricketyspace.net>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -283,7 +284,7 @@ test-framework.")
 (define-public ghc-tasty-rerun
   (package
     (name "ghc-tasty-rerun")
-    (version "1.1.6")
+    (version "1.1.7")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -291,7 +292,7 @@ test-framework.")
                     "tasty-rerun-" version ".tar.gz"))
               (sha256
                (base32
-                "0ycxg7whabgcxyzy6gr536x8ykzx45whh1wrbsc7c58zi862fczd"))))
+                "18hz1xqinf59mzvd68ygj9333v0a32qxfcas7crn4iniq5zv71kj"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-mtl" ,ghc-mtl)
diff --git a/gnu/packages/haskell-crypto.scm b/gnu/packages/haskell-crypto.scm
index 9501fb2c39..f1c9b9f26c 100644
--- a/gnu/packages/haskell-crypto.scm
+++ b/gnu/packages/haskell-crypto.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2017 rsiddharth <s@ricketyspace.net>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -33,7 +34,7 @@
 (define-public ghc-asn1-types
   (package
     (name "ghc-asn1-types")
-    (version "0.3.1")
+    (version "0.3.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://hackage.haskell.org/package/"
@@ -41,7 +42,7 @@
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1iif9yrh4mmj249gyvam0zb2vb3jnlz777gahh2z9sx00dsx9rja"))))
+                "05vjchyqiy9n275cygffhn0ma7fz7jx52j0dcdm9qm8h9bziymqc"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-memory" ,ghc-memory)
@@ -56,7 +57,7 @@ format.")
 (define-public ghc-asn1-encoding
   (package
     (name "ghc-asn1-encoding")
-    (version "0.9.3")
+    (version "0.9.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://hackage.haskell.org/package/"
@@ -64,7 +65,7 @@ format.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "01ki5msrpccgdbdiaaa5a9zw0icp1hki4hca8qx6hzlp0rcf1mwh"))))
+                "0adgbamyq0mj1l1hdq4zyyllay714bac1wl0rih3fv1z6vykp1hy"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-hourglass" ,ghc-hourglass)
diff --git a/gnu/packages/haskell-web.scm b/gnu/packages/haskell-web.scm
index 7a786bfe82..0d4129f8fc 100644
--- a/gnu/packages/haskell-web.scm
+++ b/gnu/packages/haskell-web.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch>
 ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 rsiddharth <s@ricketyspace.net>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -64,7 +65,7 @@ for screen-scraping.")
 (define-public ghc-cookie
   (package
     (name "ghc-cookie")
-    (version "0.4.1.6")
+    (version "0.4.3")
     (source
      (origin
        (method url-fetch)
@@ -74,7 +75,7 @@ for screen-scraping.")
              ".tar.gz"))
        (sha256
         (base32
-         "0b6ym6fn29p5az4dwydy036lxj131kagrmgb93w4bbkqfkds8b9s"))))
+         "0qpdydhb9gw590ffabqg70x7xvjpg8l74idqnrfbhv5yrr7hryzv"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-old-locale" ,ghc-old-locale)
@@ -791,14 +792,14 @@ essentially the opposite of pretty-printing.")
 (define-public ghc-aeson-qq
   (package
     (name "ghc-aeson-qq")
-    (version "0.8.1")
+    (version "0.8.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://hackage.haskell.org/package/"
                                   "aeson-qq/aeson-qq-" version ".tar.gz"))
               (sha256
                (base32
-                "1z8kh3qjc4khadz1ijdqm7fbk7dh17sisqhpwd3c9aibj2927k9d"))))
+                "0ln13jqyfh5726hdrk1rad9a6cgrrj201plmwcfcpvq18v4m5ckd"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-base-compat" ,ghc-base-compat)
diff --git a/gnu/packages/haskell.scm b/gnu/packages/haskell.scm
index 9ea54c5022..66ccbae7f4 100644
--- a/gnu/packages/haskell.scm
+++ b/gnu/packages/haskell.scm
@@ -12,6 +12,7 @@
 ;;; Copyright © 2017 Peter Mikkelsen <petermikkelsen10@gmail.com>
 ;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;; Copyright © 2017 rsiddharth <s@ricketyspace.net>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -771,7 +772,7 @@ package are to parse or generate Haskell 98 code.")
 (define-public ghc-alex
   (package
     (name "ghc-alex")
-    (version "3.1.4")
+    (version "3.2.3")
     (source
      (origin
        (method url-fetch)
@@ -781,11 +782,8 @@ package are to parse or generate Haskell 98 code.")
              ".tar.gz"))
        (sha256
         (base32
-         "17x13nbbr79xgdlzywjqw19vcl6iygjnssjnxnajgijkv764wknn"))))
+         "0bi1cs9b8ir33h1fl6x2xw4ymygapqbr713ridpf7rmk2wa7jqqs"))))
     (build-system haskell-build-system)
-    (arguments `(#:tests? #f)) ; FIXME: Tests broken for GHC 7.10.  Fixed
-                               ; upstream, see
-                               ; <https://github.com/simonmar/alex/issues/62>
     (inputs `(("ghc-quickcheck" ,ghc-quickcheck)))
     (home-page "http://www.haskell.org/alex/")
     (synopsis
@@ -831,17 +829,16 @@ tool lex or flex for C/C++.")
 (define-public ghc-cmdargs
   (package
     (name "ghc-cmdargs")
-    (version "0.10.13")
+    (version "0.10.18")
     (source
      (origin
        (method url-fetch)
        (uri (string-append
              "https://hackage.haskell.org/package/cmdargs/cmdargs-"
-             version
-             ".tar.gz"))
+             version ".tar.gz"))
        (sha256
         (base32
-         "0vmz7f0ssrqlp6wzmc0mjqj4qczfgk58g0lr0yz7jamamlgpq4b6"))))
+         "1lnmcsf6p9yrwwz1zvrw5lbc32xpff7b70yz4ylawaflnlz6wrlh"))))
     (build-system haskell-build-system)
     (home-page
      "http://community.haskell.org/~ndm/cmdargs/")
@@ -875,7 +872,7 @@ postfix notation.  For more information on stack based languages, see
 (define-public ghc-happy
   (package
     (name "ghc-happy")
-    (version "1.19.5")
+    (version "1.19.8")
     (source
      (origin
        (method url-fetch)
@@ -885,10 +882,8 @@ postfix notation.  For more information on stack based languages, see
              ".tar.gz"))
        (sha256
         (base32
-         "1nj353q4z1g186fpjzf0dnsg71qhxqpamx8jy89rjjvv3p0kmw32"))))
+         "186ky3bly0i3cc56qk3r7j7pxh2108aackq4n2lli7jmbnb3kxsd"))))
     (build-system haskell-build-system)
-    (arguments `(#:tests? #f)) ;; cannot satisfy -package mtl.  Possible Cabal
-                               ;; issue.
     (inputs
      `(("ghc-mtl" ,ghc-mtl)))
     (home-page "https://hackage.haskell.org/package/happy")
@@ -1105,17 +1100,16 @@ PNG, PNM, TGA, TIFF, XCF, XPM, XV.")
 (define-public ghc-half
   (package
     (name "ghc-half")
-    (version "0.2.2.1")
+    (version "0.2.2.3")
     (source
      (origin
        (method url-fetch)
        (uri (string-append
              "https://hackage.haskell.org/package/half/half-"
-             version
-             ".tar.gz"))
+             version ".tar.gz"))
        (sha256
         (base32
-         "0zhwc6ps5w4ccnxl8sy623z4rjsafmnry69jpkw4hrbq11l402f1"))))
+         "0p4sb7vv9cljv48wlx65wgdnkryrk5d6yfh7g4yrm20w1p449hl5"))))
     (build-system haskell-build-system)
     (home-page "https://github.com/ekmett/half")
     (synopsis "Half-precision floating-point computations")
@@ -1392,7 +1386,7 @@ old @code{time} library.  For new projects, the newer
 (define-public ghc-dlist
   (package
     (name "ghc-dlist")
-    (version "0.7.1.2")
+    (version "0.8.0.3")
     (source
      (origin
        (method url-fetch)
@@ -1401,7 +1395,7 @@ old @code{time} library.  For new projects, the newer
              version
              ".tar.gz"))
        (sha256
-        (base32 "10rp96rryij7d8gz5kv8ygc6chm1624ck5mbnqs2a3fkdzqj2b9k"))))
+        (base32 "0brgai4vs7xz29p06kd6gzg5bpa8iy3k7yzgcc44izspd74q4rw7"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-quickcheck" ,ghc-quickcheck)))
@@ -2368,15 +2362,14 @@ parser isolation, and labeled blocks for better error messages.")
         (base32
          "0arvbaxgkawzdp38hh53akkahjg2aa3kj2b4ns0ni8a5ylg2cqmp"))))
     (build-system haskell-build-system)
-    (arguments `(#:tests? #f)) ; FIXME: Test fails with "cannot satisfy
-                               ; -package contravariant-1.3.3"
+    (native-inputs
+     `(("ghc-doctest" ,ghc-doctest)))
     (inputs
-     `(("ghc-distributive" ,ghc-distributive)
-       ("ghc-transformers-compat" ,ghc-transformers-compat)
-       ("ghc-contravariant" ,ghc-contravariant)
+     `(("ghc-contravariant" ,ghc-contravariant)
+       ("ghc-distributive" ,ghc-distributive)
        ("ghc-semigroups" ,ghc-semigroups)
        ("ghc-tagged" ,ghc-tagged)
-       ("ghc-contravariant" ,ghc-contravariant)))
+       ("ghc-transformers-compat" ,ghc-transformers-compat)))
     (home-page "https://github.com/ekmett/comonad/")
     (synopsis "Comonads for Haskell")
     (description "This library provides @code{Comonad}s for Haskell.")
@@ -2652,7 +2645,7 @@ online}.")
 (define-public ghc-exceptions
   (package
     (name "ghc-exceptions")
-    (version "0.8.0.2")
+    (version "0.8.3")
     (source
      (origin
        (method url-fetch)
@@ -2662,9 +2655,11 @@ online}.")
              ".tar.gz"))
        (sha256
         (base32
-         "1x1bk1jf42k1gigiqqmkkh38z2ffhx8rsqiszdq3f94m2h6kw2h7"))))
+         "1gl7xzffsqmigam6zg0jsglncgzxqafld2p6kb7ccp9xirzdjsjd"))))
     (build-system haskell-build-system)
-    (arguments `(#:tests? #f)) ; FIXME: Missing test-framework package.
+    (native-inputs
+     `(("ghc-test-framework" ,ghc-test-framework)
+       ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2)))
     (inputs
      `(("ghc-stm" ,ghc-stm)
        ("ghc-mtl" ,ghc-mtl)
@@ -2875,7 +2870,7 @@ encourages inductive, recursive definitions of graph algorithms.")
 (define-public ghc-chasingbottoms
   (package
     (name "ghc-chasingbottoms")
-    (version "1.3.0.13")
+    (version "1.3.1.3")
     (source
      (origin
        (method url-fetch)
@@ -2883,14 +2878,7 @@ encourages inductive, recursive definitions of graph algorithms.")
                            "ChasingBottoms-" version ".tar.gz"))
        (sha256
         (base32
-         "1fb86jd6cdz4rx3fj3r9n8d60kx824ywwy7dw4qnrdran46ja3pl"))
-       (modules '((guix build utils)))
-       (snippet
-        ;; The Hackage page and the cabal file linked there for this package
-        ;; both list 0.7 as the upper version limit, but the source tarball
-        ;; specifies 0.6.  Assume the Hackage page is correct.
-        '(substitute* "ChasingBottoms.cabal"
-           (("syb >= 0.1.0.2 && < 0.6") "syb >= 0.1.0.2 && < 0.7")))))
+         "04jwwjs22mqc4hvpp4c3gpb79inrrq5sapks5khknspv2hslm61q"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-mtl" ,ghc-mtl)
@@ -3329,7 +3317,7 @@ finite maps and priority queues where the priority and element are distinct.")
        ("ghc-quickcheck" ,ghc-quickcheck)
        ("ghc-edisonapi" ,ghc-edisonapi)))
     (home-page "http://rwd.rdockins.name/edison/home/")
-    (synopsis "Library of efficent, purely-functional data structures")
+    (synopsis "Library of efficient, purely-functional data structures")
     (description
      "This package provides the core Edison data structure implementations,
 including multiple sequence, set, bag, and finite map concrete implementations
@@ -3456,7 +3444,7 @@ system.")
 (define-public ghc-base-compat
   (package
     (name "ghc-base-compat")
-    (version "0.8.2")
+    (version "0.9.3")
     (source
      (origin
        (method url-fetch)
@@ -3466,7 +3454,7 @@ system.")
              ".tar.gz"))
        (sha256
         (base32
-         "02m93hzgxg4bcnp7xcc2fdh2hrsc2h6fwl8hix5nx9k864kwf41q"))))
+         "0452l6zf6fjhy4kxqwv6i6hhg6yfx4wcg450k3axpyj30l7jnq3x"))))
     (build-system haskell-build-system)
     (native-inputs
      `(("ghc-quickcheck" ,ghc-quickcheck)
@@ -3482,7 +3470,7 @@ pragmas in your code.")
 (define-public ghc-blaze-builder
   (package
     (name "ghc-blaze-builder")
-    (version "0.4.0.1")
+    (version "0.4.0.2")
     (source
      (origin
        (method url-fetch)
@@ -3492,7 +3480,7 @@ pragmas in your code.")
              ".tar.gz"))
        (sha256
         (base32
-         "1id3w33x9f7q5m3xpggmvzw03bkp94bpfyz81625bldqgf3yqdn1"))))
+         "1m33y6p5xldni8p4fzg8fmsyqvkfmnimdamr1xjnsmgm3dkf9lws"))))
     (build-system haskell-build-system)
     (arguments `(#:tests? #f))          ; FIXME: Missing test libraries.
     (inputs
@@ -3556,7 +3544,7 @@ library for Haskell.")
 (define-public ghc-async
   (package
     (name "ghc-async")
-    (version "2.0.2")
+    (version "2.1.1.1")
     (source
      (origin
        (method url-fetch)
@@ -3566,7 +3554,7 @@ library for Haskell.")
              ".tar.gz"))
        (sha256
         (base32
-         "0azx4qk65a9a2gvqsfmz3w89m6shzr2iz0i5lly2zvly4n2d6m6v"))))
+         "1qj4fp1ynwg0l453gmm27vgkzb5k5m2hzdlg5rdqi9kf8rqy90yd"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-stm" ,ghc-stm)
@@ -3584,19 +3572,23 @@ will eventually deliver a value of type @code{a}.")
 (define-public ghc-fingertree
   (package
     (name "ghc-fingertree")
-    (version "0.1.1.0")
+    (version "0.1.3.0")
     (source
      (origin
        (method url-fetch)
        (uri (string-append
              "https://hackage.haskell.org/package/fingertree/fingertree-"
-             version
-             ".tar.gz"))
+             version ".tar.gz"))
        (sha256
         (base32
-         "1w6x3kp3by5yjmam6wlrf9vap5l5rrqaip0djbrdp0fpf2imn30n"))))
+         "1ryjj7qrx70ckcjlr02x9zh86kfp76azbxq05r7hawqkaqg44sfs"))))
     (build-system haskell-build-system)
-    (arguments `(#:tests? #f)) ; FIXME: testing libraries are missing.
+    (native-inputs
+     `(("ghc-hunit" ,ghc-hunit)
+       ("ghc-quickcheck" ,ghc-quickcheck)
+       ("ghc-test-framework" ,ghc-test-framework)
+       ("ghc-test-framework-hunit" ,ghc-test-framework-hunit)
+       ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2)))
     (home-page "https://hackage.haskell.org/package/fingertree")
     (synopsis "Generic finger-tree structure")
     (description "This library provides finger trees, a general sequence
@@ -3722,7 +3714,7 @@ unbounded @code{Integer} type.")
 (define-public ghc-clock
   (package
     (name "ghc-clock")
-    (version "0.5.1")
+    (version "0.7.2")
     (source
      (origin
        (method url-fetch)
@@ -3731,7 +3723,7 @@ unbounded @code{Integer} type.")
              "clock/"
              "clock-" version ".tar.gz"))
        (sha256
-        (base32 "1ncph7vi2q6ywwc8ysxl1ibw6i5dwfvln88ssfazk8jgpj4iyykw"))))
+        (base32 "07v91s20halsqjmziqb1sqjp2sjpckl9by7y28aaklwqi2bh2rl8"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-tasty" ,ghc-tasty)
@@ -3769,7 +3761,7 @@ Haskell, based on complemented PATRICIA tries.")
 (define-public ghc-bytestring-builder
   (package
     (name "ghc-bytestring-builder")
-    (version "0.10.6.0.0")
+    (version "0.10.8.1.0")
     (source
      (origin
        (method url-fetch)
@@ -3778,7 +3770,7 @@ Haskell, based on complemented PATRICIA tries.")
              "/bytestring-builder-" version ".tar.gz"))
        (sha256
         (base32
-         "1mkg24zl0rapb3gqzkyj5ibp07wx3yzd72hmfczssl0is63rjhww"))))
+         "1hnvjac28y44yn78c9vdp1zvrknvlw98ky3g4n5vivr16rvh8x3d"))))
     (build-system haskell-build-system)
     (arguments `(#:haddock? #f)) ; Package contains no documentation.
     (home-page "https://hackage.haskell.org/package/bytestring-builder")
@@ -3956,24 +3948,24 @@ indexed variants.")
          "0drx1hlqvdcrij4097q6bxhbfcqm73jsqv1wwhd3hsnjdmr46ch2"))))
     (build-system haskell-build-system)
     (inputs
-     `(("ghc-xss-sanitize" ,ghc-xss-sanitize)
+     `(("ghc-aeson" ,ghc-aeson)
+       ("ghc-blaze-html" ,ghc-blaze-html)
        ("ghc-data-default" ,ghc-data-default)
+       ("ghc-http-types" ,ghc-http-types)
        ("ghc-mtl" ,ghc-mtl)
-       ("ghc-text" ,ghc-text)
-       ("ghc-blaze-html" ,ghc-blaze-html)
        ("ghc-syb" ,ghc-syb)
+       ("ghc-text" ,ghc-text)
        ("ghc-uniplate" ,ghc-uniplate)
-       ("ghc-aeson" ,ghc-aeson)
        ("ghc-wai-extra" ,ghc-wai-extra)
        ("ghc-wai" ,ghc-wai)
-       ("ghc-http-types" ,ghc-http-types)))
+       ("ghc-xss-sanitize" ,ghc-xss-sanitize)))
     (home-page "https://github.com/jgm/cheapskate")
     (synopsis "Experimental markdown processor")
     (description "Cheapskate is an experimental Markdown processor in pure
 Haskell.  It aims to process Markdown efficiently and in the most forgiving
 possible way.  It is designed to deal with any input, including garbage, with
-linear performance.  Output is sanitized by default for protection against XSS
-attacks.")
+linear performance.  Output is sanitized by default for protection against
+cross-site scripting (@dfn{XSS}) attacks.")
     (license license:bsd-3)))
 
 (define-public ghc-bifunctors
@@ -4039,7 +4031,7 @@ just a @code{Semigroup} are added.")
 (define-public ghc-contravariant
   (package
     (name "ghc-contravariant")
-    (version "1.3.3")
+    (version "1.4")
     (source
      (origin
        (method url-fetch)
@@ -4049,7 +4041,7 @@ just a @code{Semigroup} are added.")
              ".tar.gz"))
        (sha256
         (base32
-         "184hcmhsznqrkmqlc1kza9pb5p591anva574ry8wrh81vqmhwfb5"))))
+         "117fff8kkrvlmr8cb2jpj71z7lf2pdiyks6ilyx89mry6zqnsrp1"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-void" ,ghc-void)
@@ -4097,7 +4089,7 @@ semigroup.")
 (define-public ghc-free
   (package
     (name "ghc-free")
-    (version "4.12.1")
+    (version "4.12.4")
     (source
      (origin
        (method url-fetch)
@@ -4107,7 +4099,7 @@ semigroup.")
              ".tar.gz"))
        (sha256
         (base32
-         "0sr8phvrb4ny8j1wzq55rdn8q4br23q4pw2j276npr844825jr9p"))))
+         "1147s393442xf4gkpbq0rd1p286vmykgx85mxhk5d1c7wfm4bzn9"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-prelude-extras" ,ghc-prelude-extras)
@@ -4388,7 +4380,7 @@ using a simple box model.")
 (define-public ghc-deepseq-generics
   (package
     (name "ghc-deepseq-generics")
-    (version "0.1.1.2")
+    (version "0.2.0.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://hackage.haskell.org/package/"
@@ -4396,16 +4388,8 @@ using a simple box model.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "01pvigx8n9p8hwbzp2qiq6kzf7cxiam843jz2sjgliacmmp1v7l3"))))
+                "17bwghc15mc9pchfd1w46jh2p3wzc86aj6a537wqwxn08rayzcxh"))))
     (build-system haskell-build-system)
-    (arguments
-     `(#:phases
-       (modify-phases %standard-phases
-         (add-after 'unpack 'relax-ghc-prim-dependency
-          (lambda _
-            (substitute* "deepseq-generics.cabal"
-              (("< 0.4") "< 0.5"))
-            #t)))))
     (native-inputs
      `(("ghc-hunit" ,ghc-hunit)
        ("ghc-test-framework" ,ghc-test-framework)
@@ -4553,14 +4537,16 @@ descriptions.")
 (define-public ghc-cmark
   (package
     (name "ghc-cmark")
-    (version "0.5.3.1")
+    (version "0.5.6")
     (source (origin
               (method url-fetch)
+              ;; XXX As of version 0.5.6, this package bundles libcmark 0.28.0.
+              ;; See cbits/cmark_version.h.
               (uri (string-append "https://hackage.haskell.org/package/"
                                   "cmark/cmark-" version ".tar.gz"))
               (sha256
                (base32
-                "09515h9b26az9c2mbl6l7azimaixa6yff8w359k0ml8jwykjvqaa"))))
+                "1c1j3a8b9qx5zk9myqm3gap8ymz7fipwrdmyfsq9wkkdr9x4np45"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-text" ,ghc-text)))
@@ -4571,14 +4557,14 @@ descriptions.")
     (description
      "This package provides Haskell bindings for
 @uref{https://github.com/jgm/cmark, libcmark}, the reference parser for
-CommonMark, a fully specified variant of Markdown.  It includes sources for
-libcmark (0.21.0) and does not require prior installation of the C library.")
+CommonMark, a fully specified variant of Markdown.  It includes bundled libcmark
+sources, and does not require prior installation of the C library.")
     (license license:bsd-3)))
 
 (define-public ghc-executable-path
   (package
     (name "ghc-executable-path")
-    (version "0.0.3")
+    (version "0.0.3.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://hackage.haskell.org/package/"
@@ -4586,7 +4572,7 @@ libcmark (0.21.0) and does not require prior installation of the C library.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1jg58qf19qz93c60ryglcavwdcysz4fd4qn8kpw5im9w9kniawlc"))))
+                "0vxwmnsvx13cawcyhbyljkds0l1vr996ijldycx7nj0asjv45iww"))))
     (build-system haskell-build-system)
     (home-page "https://hackage.haskell.org/package/executable-path")
     (synopsis "Find out the full path of the executable")
@@ -4600,7 +4586,7 @@ as invoked.\" This library tries to provide the missing path.")
 (define-public ghc-enclosed-exceptions
   (package
     (name "ghc-enclosed-exceptions")
-    (version "1.0.1.1")
+    (version "1.0.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://hackage.haskell.org/package/"
@@ -4608,7 +4594,7 @@ as invoked.\" This library tries to provide the missing path.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "16ax1kqdsk4apg642qxkm2hf9vb5hzmkd14zmkxra8ssp8rn28z5"))))
+                "1wc9h6zdnb5impvvml6vnjapajjanw7zgpnzg7c0v7115nwfm6vv"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-lifted-base" ,ghc-lifted-base)
@@ -5694,7 +5680,7 @@ this problem.")
 (define-public ghc-bytestring-handle
   (package
     (name "ghc-bytestring-handle")
-    (version "0.1.0.4")
+    (version "0.1.0.6")
     (source
      (origin
        (method url-fetch)
@@ -5703,14 +5689,14 @@ this problem.")
              version ".tar.gz"))
        (sha256
         (base32
-         "0q5yzx90ad9w7qvaix05bynxwlsbqjrgfc4hqb355ibf991wd0rh"))))
+         "18f17aja1ivhr3zyg2cccn2m03hdn5jf5410dndkhf12gvgiqs7y"))))
     (build-system haskell-build-system)
     (inputs
-     `(("ghc-quickcheck" ,ghc-quickcheck)
-       ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2)
-       ("ghc-hunit" ,ghc-hunit)
+     `(("ghc-hunit" ,ghc-hunit)
+       ("ghc-quickcheck" ,ghc-quickcheck)
+       ("ghc-test-framework" ,ghc-test-framework)
        ("ghc-test-framework-hunit" ,ghc-test-framework-hunit)
-       ("ghc-test-framework" ,ghc-test-framework)))
+       ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2)))
     (home-page "http://hub.darcs.net/ganesh/bytestring-handle")
     (synopsis "ByteString-backed Handles")
     (description "ByteString-backed Handles") ; There is no description
@@ -5885,7 +5871,7 @@ the @code{mtl-tf} package.")
 (define-public ghc-bytestring
   (package
     (name "ghc-bytestring")
-    (version "0.10.8.1")
+    (version "0.10.8.2")
     (source
      (origin
        (method url-fetch)
@@ -5894,18 +5880,18 @@ the @code{mtl-tf} package.")
              version ".tar.gz"))
        (sha256
         (base32
-         "16zwb1p83z7vc5wlhvknpy80b5a2jxc5awx67rk52qnp9idmyq9d"))))
+         "0fjc5ybxx67l0kh27l6vq4saf88hp1wnssj5ka90ii588y76cvys"))))
     (build-system haskell-build-system)
     (inputs
-     `(("ghc-random" ,ghc-random)
+     `(("ghc-dlist" ,ghc-dlist)
+       ("ghc-byteorder" ,ghc-byteorder)
+       ("ghc-hunit" ,ghc-hunit)
+       ("ghc-mtl" ,ghc-mtl)
+       ("ghc-quickcheck" ,ghc-quickcheck)
+       ("ghc-random" ,ghc-random)
        ("ghc-test-framework" ,ghc-test-framework)
        ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2)
-       ("ghc-quickcheck" ,ghc-quickcheck)
-       ("ghc-test-framework-hunit" ,ghc-test-framework-hunit)
-       ("ghc-hunit" ,ghc-hunit)
-       ("ghc-byteorder" ,ghc-byteorder)
-       ("ghc-dlist" ,ghc-dlist)
-       ("ghc-mtl" ,ghc-mtl)))
+       ("ghc-test-framework-hunit" ,ghc-test-framework-hunit)))
     (arguments
      `(#:tests? #f)) ; Test number two becomes non-responsive for 20+ minutes
     (home-page "https://github.com/haskell/bytestring")
@@ -5944,7 +5930,7 @@ supported.  A module of colour names (\"Data.Colour.Names\") is provided.")
 (define-public ghc-directory
   (package
     (name "ghc-directory")
-    (version "1.2.7.0")
+    (version "1.3.1.5")
     (source
      (origin
        (method url-fetch)
@@ -5953,7 +5939,7 @@ supported.  A module of colour names (\"Data.Colour.Names\") is provided.")
              version ".tar.gz"))
        (sha256
         (base32
-         "0h3hrqskadmbigaxbz2k5xxjjjlmfaq2zdn2g7jh1wv9k6yrxraa"))))
+         "0zkqihmdfz7bzv3sxh1p9ijl4vra880kfy3qy9h96flq7d2if0f2"))))
     (build-system haskell-build-system)
     (home-page "http://hackage.haskell.org/package/directory")
     (synopsis "Platform-agnostic library for filesystem operations")
@@ -6016,7 +6002,7 @@ files and directories in a portable way.")
 (define-public ghc-fgl-arbitrary
   (package
     (name "ghc-fgl-arbitrary")
-    (version "0.2.0.2")
+    (version "0.2.0.3")
     (source
      (origin
        (method url-fetch)
@@ -6025,7 +6011,7 @@ files and directories in a portable way.")
              version ".tar.gz"))
        (sha256
         (base32
-         "12qbsla4vivffris6y3gj29vrafkpyazqdbdy2m55nggypqpf7ah"))))
+         "0ln1szgfy8fa78l3issq4fx3aqnnd54w3cb4wssrfi48vd5rkfjm"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-fgl" ,ghc-fgl)
@@ -6085,7 +6071,7 @@ and edge labels with positional information, etc.
 (define-public ghc-array
   (package
     (name "ghc-array")
-    (version "0.5.1.1")
+    (version "0.5.2.0")
     (source
      (origin
        (method url-fetch)
@@ -6094,7 +6080,7 @@ and edge labels with positional information, etc.
              version ".tar.gz"))
        (sha256
         (base32
-         "08r2rq4blvc737mrg3xhlwiw13jmsz5dlf2fd0ghb9cdaxc6kjc9"))))
+         "12v83s2imxb3p2crnlzrpjh0nk6lpysw9bdk9yahs6f37csa5jaj"))))
     (build-system haskell-build-system)
     (home-page
      "http://hackage.haskell.org/package/array")
@@ -7109,8 +7095,8 @@ different API.
 
 @item @code{IntPSQ p v} is a far more efficient implementation.  It fixes the
 key type to @code{Int} and uses a
-@code{http://en.wikipedia.org/wiki/Radix_tree, radix tree}
-(like @code{IntMap}) with an additional min-heap property.
+@code{http://en.wikipedia.org/wiki/Radix_tree, radix tree} (like @code{IntMap})
+with an additional min-heap property.
 
 @item @code{HashPSQ k p v} is a fairly straightforward extension
 of @code{IntPSQ}: it simply uses the keys' hashes as indices in the
@@ -7136,7 +7122,7 @@ Typical applications of Priority Search Queues include:
 (define-public ghc-glob
   (package
     (name "ghc-glob")
-    (version "0.7.14")
+    (version "0.9.1")
     (source
      (origin
        (method url-fetch)
@@ -7145,7 +7131,7 @@ Typical applications of Priority Search Queues include:
                            "Glob-" version ".tar.gz"))
        (sha256
         (base32
-         "0aw43izg8vlvjl40ms6k92w7gxg7n3l6smdvzla47fp82s4vhdr8"))))
+         "0rzmsknl02p332dxmm36fyrz3dpma7bchn0ymyjipxvqil20pjw0"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-dlist" ,ghc-dlist)
@@ -7159,7 +7145,7 @@ Typical applications of Priority Search Queues include:
        ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2)))
     (home-page "http://iki.fi/matti.niemenmaa/glob/")
     (synopsis "Haskell library matching glob patterns against file paths")
-    (description "This package providesa Haskell library for globbing:
+    (description "This package providesa Haskell library for @dfn{globbing}:
 matching patterns against file paths.")
     (license license:bsd-3)))
 
@@ -7891,7 +7877,7 @@ vector. ")
 (define-public ghc-foldl
   (package
     (name "ghc-foldl")
-    (version "1.3.2")
+    (version "1.3.5")
     (source
      (origin
        (method url-fetch)
@@ -7900,7 +7886,7 @@ vector. ")
                            "foldl-" version ".tar.gz"))
        (sha256
         (base32
-         "1z3xjz4khs2kr3mqkbh7dz4kd6gkdk2r67wjkvrxnmp533aqh90n"))))
+         "10qsp7dj2xsq4q2xm6x6b12y5pq32qf7my41hnkmdwwbccvhdxb2"))))
     (build-system haskell-build-system)
     (inputs `(("ghc-mwc-randam" ,ghc-mwc-random)
               ("ghc-primitive" ,ghc-primitive)
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 5b73be9f8d..4ea51710e7 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -10,9 +10,9 @@
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2016 Arun Isaac <arunisaac@systemreboot.net>
+;;; Copyright © 2016, 2017 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2016, 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2017 Hartmut Goebel <h.goebel@crazy-compilers.com>
@@ -67,6 +67,7 @@
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system python)
   #:use-module (guix build-system r)
+  #:use-module (guix build-system scons)
   #:use-module (srfi srfi-1))
 
 (define-public libpng
@@ -207,25 +208,24 @@ in-memory raw vectors.")
     ;; Any of these GPL versions.
     (license (list license:gpl2 license:gpl3))))
 
-(define-public pngcrunch
+(define-public pngcrush
   (package
-   (name "pngcrunch")
-   (version "1.8.11")
+   (name "pngcrush")
+   (version "1.8.13")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://sourceforge/pmt/pngcrush/"
-                                version "/pngcrush-" version ".tar.xz"))
+                                version "/pngcrush-" version "-nolib.tar.xz"))
             (sha256 (base32
-                     "1c7m316i91jp3h1dj1ppppdv6zilm2njk1wrpqy2zj0fcll06lwd"))))
+                     "0l43c59d6v9l0g07z3q3ywhb8xb3vz74llv3mna0izk9bj6aqkiv"))))
    (build-system gnu-build-system)
    (arguments
-    '(#:make-flags '("-f" "Makefile-nolib")
-      #:tests? #f ; no check target
+    '(#:tests? #f ; no check target
       #:phases
       (modify-phases %standard-phases
         (replace 'configure
           (lambda* (#:key inputs outputs #:allow-other-keys)
-            (substitute* "Makefile-nolib"
+            (substitute* "Makefile"
               (("^(PNG(INC|LIB) = )/usr/local/" line vardef)
                (string-append vardef (assoc-ref inputs "libpng") "/"))
               (("^(Z(INC|LIB) = )/usr/local/" line vardef)
@@ -236,12 +236,16 @@ in-memory raw vectors.")
    (inputs
     `(("libpng" ,libpng)
       ("zlib" , zlib)))
-   (home-page "https://pmt.sourceforge.net/pngcrush")
+   (home-page "https://pmt.sourceforge.io/pngcrush")
    (synopsis "Utility to compress PNG files")
    (description "pngcrusqh is an optimizer for PNG (Portable Network Graphics)
 files.  It can compress them as much as 40% losslessly.")
    (license license:zlib)))
 
+(define-public pngcrunch
+  ;; This package used to be wrongfully name "pngcrunch".
+  (deprecated-package "pngcrunch" pngcrush))
+
 (define-public libjpeg
   (package
    (name "libjpeg")
@@ -787,7 +791,7 @@ multi-dimensional image processing.")
 (define-public libwebp
   (package
     (name "libwebp")
-    (version "0.6.0")
+    (version "0.6.1")
     (source
      (origin
        (method url-fetch)
@@ -796,7 +800,7 @@ multi-dimensional image processing.")
              ".tar.gz"))
        (sha256
         (base32
-         "0h1brwkyxc7lb8lc53aacdks5vc1y9hzngqi41gg7y6l56912a69"))))
+         "1ayq2zq0zbgf5yizbm32zh7p1vb8kibw74am6am1n5cz5mw3ql06"))))
     (build-system gnu-build-system)
     (inputs
      `(("freeglut" ,freeglut)
@@ -1040,10 +1044,9 @@ differences in file encoding, image quality, and other small variations.")
     (home-page "http://steghide.sourceforge.net")
     (synopsis "Image and audio steganography")
     (description
-     "Steghide is a steganography program that is able to hide data in various
-kinds of image- and audio-files.  The color- respectivly sample-frequencies
-are not changed thus making the embedding resistant against first-order
-statistical tests.")
+     "Steghide is a program to hide data in various kinds of image and audio
+files (known as @dfn{steganography}).  Neither color nor sample frequencies are
+changed, making the embedding resistant against first-order statistical tests.")
     (license license:gpl2+)))
 
 (define-public stb-image-for-extempore
@@ -1082,6 +1085,7 @@ installed as @code{stb_image}.")
        (method url-fetch)
        (uri (string-append "http://prdownloads.sourceforge.net/optipng/optipng-"
                            version ".tar.gz"))
+       (patches (search-patches "optipng-CVE-2017-1000229.patch"))
        (sha256
         (base32
          "105yk5qykvhiahzag67gm36s2kplxf6qn5hay02md0nkrcgn6w28"))))
@@ -1191,33 +1195,26 @@ medical image data, e.g. magnetic resonance image (MRI) and functional MRI
               (sha256
                (base32
                 "0mxvxk15xhk2i5vfavjhnkk4j3bnii0gpf8di14rlbpq070hd5rs"))))
-    (build-system python-build-system)
+    (build-system scons-build-system)
     (native-inputs
      `(("boost" ,boost)
        ("gettext" ,gnu-gettext)
-       ("pkg-config" ,pkg-config)
-       ("scons" ,scons)))
+       ("pkg-config" ,pkg-config)))
     (inputs
      `(("expat" ,expat)
        ("gtk2" ,gtk+-2)
        ("lua" ,lua-5.2)))
     (arguments
      `(#:tests? #f
+       #:scons ,scons-python2
+       #:scons-flags (list (string-append "DESTDIR=" %output))
        #:phases
        (modify-phases %standard-phases
          (add-before 'build 'fix-lua-reference
            (lambda _
              (substitute* "SConscript"
                (("lua5.2") "lua-5.2"))
-             #t))
-         (replace 'build
-           (lambda _
-             (zero? (system* "scons"))))
-         (replace 'install
-           (lambda* (#:key outputs #:allow-other-keys)
-             (let ((dest (assoc-ref outputs "out")))
-               (zero? (system* "scons" "install"
-                               (string-append "DESTDIR=" dest)))))))))
+             #t)))))
     (home-page "http://www.gpick.org/")
     (synopsis "Color picker")
     (description "Gpick is an advanced color picker and palette editing tool.")
diff --git a/gnu/packages/irc.scm b/gnu/packages/irc.scm
index f23d57df7a..fbcc0b6f1b 100644
--- a/gnu/packages/irc.scm
+++ b/gnu/packages/irc.scm
@@ -153,14 +153,14 @@ SILC and ICB protocols via plugins.")
 (define-public weechat
   (package
     (name "weechat")
-    (version "1.9.1")
+    (version "2.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://weechat.org/files/src/weechat-"
                                   version ".tar.xz"))
               (sha256
                (base32
-                "1z92hprvgp128svfbr25x8j9kd114j9929bzbqasrcd92v31z6f2"))
+                "1ix2izrlr5jx5vl49kz9jbib7cq9mr6i7iyxkcz6xjfrryx2s5x9"))
               (patches (search-patches "weechat-python.patch"))))
     (build-system cmake-build-system)
     (native-inputs `(("gettext" ,gettext-minimal)
@@ -297,14 +297,14 @@ using a mouse.  It is customizable and extensible with plugins and scripts.")
 (define-public limnoria
   (package
     (name "limnoria")
-    (version "2017.08.18")
+    (version "2017.10.01")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "limnoria" version))
        (sha256
         (base32
-         "1hij444l45mjli8i67iyd3syf263ijj1l0cm3irqjjxv5r3f9zjj"))))
+         "1hd8h257x7a0s4rvb4aqvfi77qfcyv6jaz70nndg7y6p4yhvjmy6"))))
     (build-system python-build-system)
     (inputs
      `(("python-pytz" ,python-pytz)
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index bd6c003655..c9fbbb0a45 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -5,6 +5,8 @@
 ;;; Copyright © 2017 Carlo Zancanaro <carlo@zancanaro.id.au>
 ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
+;;; Copyright © 2016, 2017 Alex Vong <alexvong1995@gmail.com>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1752,6 +1754,70 @@ IcedTea build harness.")
     (native-inputs
      `(("jdk" ,icedtea-7 "jdk")))))
 
+(define-public ant-apache-bcel
+  (package
+    (inherit ant/java8)
+    (name "ant-apache-bcel")
+    (arguments
+     (substitute-keyword-arguments (package-arguments ant/java8)
+       ((#:phases phases)
+        `(modify-phases ,phases
+           (add-after 'unpack 'link-bcel
+             (lambda* (#:key inputs #:allow-other-keys)
+               (for-each (lambda (file)
+                           (symlink file
+                                    (string-append "lib/optional/"
+                                                   (basename file))))
+                         (find-files (assoc-ref inputs "java-commons-bcel")
+                                     "\\.jar$"))
+               #t))
+           (add-after 'build 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out   (assoc-ref outputs "out"))
+                      (share (string-append out "/share/java"))
+                      (bin   (string-append out "/bin"))
+                      (lib   (string-append out "/lib")))
+                 (mkdir-p share)
+                 (install-file (string-append lib "/ant-apache-bcel.jar") share)
+                 (delete-file-recursively bin)
+                 (delete-file-recursively lib)
+                 #t)))))))
+    (inputs
+     `(("java-commons-bcel" ,java-commons-bcel)
+       ,@(package-inputs ant/java8)))))
+
+(define-public ant-junit
+  (package
+    (inherit ant/java8)
+    (name "ant-junit")
+    (arguments
+     (substitute-keyword-arguments (package-arguments ant/java8)
+       ((#:phases phases)
+        `(modify-phases ,phases
+           (add-after 'unpack 'link-junit
+             (lambda* (#:key inputs #:allow-other-keys)
+               (for-each (lambda (file)
+                           (symlink file
+                                    (string-append "lib/optional/"
+                                                   (basename file))))
+                         (find-files (assoc-ref inputs "java-junit")
+                                     "\\.jar$"))
+               #t))
+           (add-after 'build 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out   (assoc-ref outputs "out"))
+                      (share (string-append out "/share/java"))
+                      (bin   (string-append out "/bin"))
+                      (lib   (string-append out "/lib")))
+                 (mkdir-p share)
+                 (install-file (string-append lib "/ant-junit.jar") share)
+                 (delete-file-recursively bin)
+                 (delete-file-recursively lib)
+                 #t)))))))
+    (inputs
+     `(("java-junit" ,java-junit)
+       ,@(package-inputs ant/java8)))))
+
 (define-public clojure
   (let* ((remove-archives '(begin
                              (for-each delete-file
@@ -1893,6 +1959,62 @@ designs.")
                      license:asl2.0
                      license:cpl1.0)))))
 
+(define-public javacc
+  (package
+    (name "javacc")
+    (version "7.0.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/javacc/javacc/"
+                                  "archive/" version ".tar.gz"))
+              (file-name (string-append "javacc-" version ".tar.gz"))
+              (sha256
+               (base32
+                "111xc9mnmc5a6qz6x3xbhqc07y1lg2b996ggzw0hrblg42zya9xf"))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:test-target "test"
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'delete-bundled-libs
+           (lambda _
+             (delete-file-recursively "lib") #t))
+         (replace 'install (install-jars "target")))))
+    (home-page "https://javacc.org/")
+    (synopsis "Java parser generator")
+    (description "Java Compiler Compiler (JavaCC) is the most popular parser
+generator for use with Java applications.  A parser generator is a tool that
+reads a grammar specification and converts it to a Java program that can
+recognize matches to the grammar.  In addition to the parser generator itself,
+JavaCC provides other standard capabilities related to parser generation such
+as tree building (via a tool called JJTree included with JavaCC), actions,
+debugging, etc.")
+    (license license:bsd-3)))
+
+(define-public javacc-4
+  (package (inherit javacc)
+    (version "4.1")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/javacc/javacc.git")
+                    (commit "release_41")))
+              (file-name (string-append "javacc-" version "-checkout"))
+              (sha256
+               (base32
+                "07ysav7j8r1c6h8qxrgqk6lwdp74ly0ad1935lragxml0qqc3ka0"))))
+    ;; Tests fail with
+    ;; /tmp/guix-build-javacc-4.1.drv-0/source/test/javacodeLA/build.xml:60:
+    ;; JAVACODE failed
+    (arguments
+     `(#:tests? #f
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'delete-bundled-libs
+           (lambda _
+             (delete-file-recursively "lib") #t))
+         (replace 'install (install-jars "bin/lib")))))))
+
 (define-public java-classpathx-servletapi
   (package
     (name "java-classpathx-servletapi")
@@ -2358,8 +2480,8 @@ these two libraries to vary independently of one another.")
      `(("java-junit" ,java-junit)))
     (home-page "http://codehaus-plexus.github.io/plexus-classworlds/")
     (synopsis "Java class loader framework")
-    (description "Plexus classworlds replaces the native ClassLoader mechanism
-of Java.  It is especially usefull for dynamic loading of application
+    (description "Plexus classworlds replaces the native @code{ClassLoader}
+mechanism of Java.  It is especially useful for dynamic loading of application
 components.")
     (license license:asl2.0)))
 
@@ -2396,9 +2518,9 @@ components.")
        ("junit" ,java-junit)
        ("guava" ,java-guava)))
     (home-page "https://github.com/codehaus-plexus/plexus-containers")
-    (synopsis "Inversion of controll container")
+    (synopsis "Inversion-of-control container")
     (description "Plexus-default-container is Plexus' inversion-of-control
-(IoC) container.  It is composed of its public API and its default
+(@dfn{IoC}) container.  It is composed of its public API and its default
 implementation.")
     (license license:asl2.0)))
 
@@ -2963,7 +3085,7 @@ available in the Java programming language or Commons Lang.")
     (synopsis "Benchmark harness for the JVM")
     (description "JMH is a Java harness for building, running, and analysing
 nano/micro/milli/macro benchmarks written in Java and other languages
-targetting the JVM.")
+targeting the JVM.")
     ;; GPLv2 only
     (license license:gpl2)))
 
@@ -6061,7 +6183,7 @@ the system under test at the same time.")
 (define-public java-fasterxml-jackson-annotations
   (package
     (name "java-fasterxml-jackson-annotations")
-    (version "2.9.1")
+    (version "2.9.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/FasterXML/"
@@ -6069,7 +6191,7 @@ the system under test at the same time.")
                                   "jackson-annotations-" version ".tar.gz"))
               (sha256
                (base32
-                "005ksgqx2ds3zdmlvbcmmz82y28b1mx0i9bpvprim1jaddbba0bd"))))
+                "0b4wdxjxfbl3gkilylfdbl7fzimfpyih676jiwdf19i4056j8lqw"))))
     (build-system ant-build-system)
     (arguments
      `(#:jar-name "jackson-annotations.jar"
@@ -6087,7 +6209,7 @@ not included are ones that require dependency to the Databind package.")
 (define-public java-fasterxml-jackson-core
   (package
     (name "java-fasterxml-jackson-core")
-    (version "2.9.1")
+    (version "2.9.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/FasterXML/"
@@ -6095,7 +6217,7 @@ not included are ones that require dependency to the Databind package.")
                                   "jackson-core-" version ".tar.gz"))
               (sha256
                (base32
-                "1sdfp74zvlh4xr5h5bj87yjlp6kny3i8ai9m0q3xs7f8hvmxpx09"))))
+                "0q2d6qnylyxj5jh0sam1b095b5486f7ipzhxgwcgbm254ls7fqc1"))))
     (build-system ant-build-system)
     (arguments
      `(#:jar-name "jackson-core.jar"
@@ -6144,7 +6266,7 @@ not included are ones that require dependency to the Databind package.")
 (define-public java-fasterxml-jackson-databind
   (package
     (name "java-fasterxml-jackson-databind")
-    (version "2.9.1")
+    (version "2.9.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/FasterXML/"
@@ -6152,7 +6274,7 @@ not included are ones that require dependency to the Databind package.")
                                   "jackson-databind-" version ".tar.gz"))
               (sha256
                (base32
-                "02xrbj6g7pzybq8q33xmpf7cxfapk6z6lgxvig7d38fijz400lji"))))
+                "1d5ns8ypqhdy8d94i8q560ip9kka6q8lhnk6q7nfh2g9mr22cc4w"))))
     (build-system ant-build-system)
     (arguments
      `(#:jar-name "jackson-databind.jar"
@@ -6187,7 +6309,7 @@ configuration.")
 (define-public java-fasterxml-jackson-modules-base-jaxb
   (package
     (name "java-fasterxml-jackson-modules-base-jaxb")
-    (version "2.9.1")
+    (version "2.9.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/FasterXML/"
@@ -6195,7 +6317,7 @@ configuration.")
                                   "jackson-modules-base-" version ".tar.gz"))
               (sha256
                (base32
-                "0bj2pzvycnj3ysbcfa6xl38dmvnp01mnjfcb9jyhv503fch2iv44"))))
+                "0kc19n5a188g4vpyay44xfb7qcabcbfnwzhx1g84lg0sac8lf0ng"))))
     (build-system ant-build-system)
     (arguments
      `(#:jar-name "jackson-modules-base-jaxb.jar"
@@ -6257,7 +6379,7 @@ configuration.")
 (define-public java-fasterxml-jackson-dataformat-yaml
   (package
     (name "java-fasterxml-jackson-dataformat-yaml")
-    (version "2.9.1")
+    (version "2.9.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/FasterXML/"
@@ -6265,7 +6387,7 @@ configuration.")
                                   "jackson-dataformats-text-" version ".tar.gz"))
               (sha256
                (base32
-                "140fwcafv05zbh2ppa6z533dzmfcvzbdxf0dbpbyzqvd84v2vhl2"))))
+                "1x7c7v201jpb8ynjsmmq7jj7hyqzzp39jvpr053ggdndm022yzc7"))))
     (build-system ant-build-system)
     (arguments
      `(#:jar-name "jackson-dataformat-yaml.jar"
@@ -6366,7 +6488,7 @@ interface and high-performance Typed Access API.")
 (define-public java-fasterxml-jackson-dataformat-xml
   (package
     (name "java-fasterxml-jackson-dataformat-xml")
-    (version "2.9.1")
+    (version "2.9.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/FasterXML/"
@@ -6374,7 +6496,7 @@ interface and high-performance Typed Access API.")
                                   "jackson-dataformat-xml-" version ".tar.gz"))
               (sha256
                (base32
-                "0x3m9n4kwclcyvxhxjx654qpjza4crphml1q2392qpnbfydx6lnh"))))
+                "1j1qanvcdh6afagr67zqrlypjkf0n6wr1qzpbvkw79lii72j6pbr"))))
     (build-system ant-build-system)
     (arguments
      `(#:jar-name "jackson-dataformat-xml.jar"
@@ -6459,6 +6581,62 @@ provides control over value quantization behavior across the value range and
 the subsequent value resolution at any given level.")
     (license license:public-domain)))
 
+(define-public java-cofoja
+  (package
+    (name "java-cofoja")
+    (version "1.3")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/nhatminhle/cofoja.git")
+                    (commit (string-append "v" version))))
+              (file-name (string-append "java-cofoja-" version "-checkout"))
+              (sha256
+               (base32
+                "0p7sz8y5xgpi5rx1qwn6587fkd52qr3ha3ybh14gqcyxhikl525w"))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:build-target "dist"
+       #:test-target "test"
+       #:jdk ,icedtea-8
+       #:make-flags
+       (list "-Ddist.dir=dist")
+       #:modules ((guix build ant-build-system)
+                  (guix build java-utils)
+                  (guix build utils)
+                  (srfi srfi-1)
+                  (ice-9 match))
+       #:phases
+       (modify-phases %standard-phases
+         ;; The bulid system ignores the class path the ant-build-system sets
+         ;; up and instead expects to find all dependencies in the "lib"
+         ;; directory.
+         (add-after 'unpack 'create-libdir
+           (lambda* (#:key inputs #:allow-other-keys)
+             (mkdir-p "lib")
+             (for-each
+              (lambda (file)
+                (let ((target (string-append "lib/" (basename file))))
+                  (unless (file-exists? target)
+                    (symlink file target))))
+              (append-map (match-lambda
+                            ((label . dir)
+                             (find-files dir "\\.jar$")))
+                          inputs))
+             #t))
+         (replace 'install (install-jars "dist")))))
+    (inputs
+     `(("java-asm" ,java-asm)))
+    (native-inputs
+     `(("java-junit" ,java-junit)))
+    (home-page "https://github.com/nhatminhle/cofoja")
+    (synopsis "Contracts for Java")
+    (description "Contracts for Java, or Cofoja for short, is a contract
+programming framework and test tool for Java, which uses annotation processing
+and bytecode instrumentation to provide run-time checking. (In particular,
+this is not a static analysis tool.)")
+    (license license:lgpl3+)))
+
 (define-public java-aopalliance
   (package
     (name "java-aopalliance")
@@ -6935,6 +7113,63 @@ In addition to the expression language, MVEL serves as a templating language for
 configuration and string construction.")
     (license license:asl2.0)))
 
+(define-public java-commons-jexl-2
+  (package
+    (name "java-commons-jexl")
+    (version "2.1.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://apache/commons/jexl/source/"
+                                  "commons-jexl-" version "-src.tar.gz"))
+              (sha256
+               (base32
+                "1ai7632bwwaxglb0nbpblpr2jw5g20afrsaq372ipkphi3ncy1jz"))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:jar-name "commons-jexl-2.jar"
+       #:jdk ,icedtea-8
+       #:source-dir "src/main/java"
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'check 'disable-broken-tests
+           (lambda* (#:key inputs #:allow-other-keys)
+             (with-directory-excursion "src/test/java/org/apache/commons/jexl2/"
+               (substitute* "ArithmeticTest.java"
+                 (("asserter.assertExpression\\(\"3 / 0\"") "//")
+                 (("asserter.assertExpression\\(\"imanull") "//"))
+               ;; This test fails with "ambiguous method invocation"
+               (delete-file "CacheTest.java")
+               ;; This test doesn't have access to the temp directory
+               (substitute* "ClassCreatorTest.java"
+                 (("java.io.tmpdir") "user.dir"))
+               ;; This test fails in trying to detect whether it can run.
+               (substitute* "ClassCreator.java"
+                 (("boolean canRun =.*") "boolean canRun = false;\n"))
+               ;; ...and these tests depend on it.
+               (delete-file "scripting/JexlScriptEngineOptionalTest.java")
+               (delete-file "scripting/JexlScriptEngineTest.java"))
+             #t))
+         (add-before 'build 'run-javacc
+           (lambda _
+             (with-directory-excursion "src/main/java/org/apache/commons/jexl2/parser/"
+               (and (zero? (system* "java" "jjtree" "Parser.jjt"))
+                    (zero? (system* "java" "javacc" "Parser.jj")))))))))
+    (inputs
+     `(("java-commons-logging-minimal" ,java-commons-logging-minimal)))
+    (native-inputs
+     `(("java-junit" ,java-junit)
+       ("java-hamcrest-core" ,java-hamcrest-core)
+       ("javacc" ,javacc-4)))
+    (home-page "https://commons.apache.org/proper/commons-jexl/")
+    (synopsis "Java Expression Language ")
+    (description "JEXL is a library intended to facilitate the implementation
+of dynamic and scripting features in applications and frameworks written in
+Java.  JEXL implements an Expression Language based on some extensions to the
+JSTL Expression Language supporting most of the constructs seen in
+shell-script or ECMAScript.  Its goal is to expose scripting features usable
+by technical operatives or consultants working with enterprise platforms.")
+    (license license:asl2.0)))
+
 (define-public java-lz4
   (package
     (name "java-lz4")
@@ -7066,6 +7301,41 @@ for high performance inter-thread communication that avoids the need for
 message queues or resource locking.")
     (license license:asl2.0)))
 
+(define-public java-commons-bcel
+  (package
+    (name "java-commons-bcel")
+    (version "6.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://apache/commons/bcel/source/bcel-"
+                                  version "-src.tar.gz"))
+              (sha256
+               (base32
+                "0j3x1rxd673k07psclk8k13rqh0x0mf2yy5qiwkiw4z3afa568jy"))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:jar-name "bcel.jar"
+       #:jdk ,icedtea-8
+       #:source-dir "src/main/java"
+       #:test-dir "src/test/java"
+       ;; FIXME: Tests require the unpackaged jna.
+       #:tests? #f))
+    (home-page "https://commons.apache.org/proper/commons-bcel/")
+    (synopsis "Byte code engineering library")
+    (description "The Byte Code Engineering Library (Apache Commons BCEL) is
+intended to give users a convenient way to analyze, create, and
+manipulate (binary) Java class files.  Classes are represented by objects
+which contain all the symbolic information of the given class: methods, fields
+and byte code instructions, in particular.
+
+Such objects can be read from an existing file, be transformed by a
+program (e.g. a class loader at run-time) and written to a file again.  An
+even more interesting application is the creation of classes from scratch at
+run-time.  The @dfn{Byte Code Engineering Library} (BCEL) may be also useful
+if you want to learn about the @dfn{Java Virtual Machine} (JVM) and the format
+of Java @code{.class} files.")
+    (license license:asl2.0)))
+
 (define-public java-xerial-core
   (package
     (name "java-xerial-core")
@@ -7094,9 +7364,9 @@ message queues or resource locking.")
      `(("junit" ,java-junit)
        ("hamcrest" ,java-hamcrest-core)))
     (home-page "https://github.com/xerial/xerial-java")
-    (synopsis "Data managment libraries for Java")
+    (synopsis "Data management libraries for Java")
     (description "Xerial is a set of data management libraries for the Java
-programming language.  The ulitimate goal of the Xerial project is to manage
+programming language.  The ultimate goal of the Xerial project is to manage
 everything as database, including class objects, text format data, data
 streams, etc.")
     (license license:asl2.0)))
diff --git a/gnu/packages/kodi.scm b/gnu/packages/kodi.scm
index 4e02fa1596..dab2a7c692 100644
--- a/gnu/packages/kodi.scm
+++ b/gnu/packages/kodi.scm
@@ -241,8 +241,8 @@ generator library for C++.")
 (define-public kodi
   ;; We package the git version because the current released
   ;; version was cut while the cmake transition was in turmoil.
-  (let ((commit "f22d62dc3f6e811a538dda9c434e1804abb8b95f")
-        (revision "6"))
+  (let ((commit "67fd70f01a363002881f3519b50765b756716e3b")
+        (revision "7"))
   (package
     (name "kodi")
     (version (string-append "18.0_alpha-" revision "-" (string-take commit 7)))
@@ -254,7 +254,7 @@ generator library for C++.")
               (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
-                "0x8fqvid8b8qra327z615r2ygfkdca2p7wccdj5nfb4i5gy0sr09"))
+                "12975n4r982kmxc0r9w24n3lrj7aj3cs4fjkdjnn0r9jbnvfxhs3"))
               (snippet
                '(begin
                   (use-modules (guix build utils))
diff --git a/gnu/packages/libcanberra.scm b/gnu/packages/libcanberra.scm
index 9af6b40ffc..42456995bb 100644
--- a/gnu/packages/libcanberra.scm
+++ b/gnu/packages/libcanberra.scm
@@ -139,8 +139,8 @@ sounds for various system events.")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "https://dist.ng0.infotropique.org/releases/"
-                           "pycanberra/pycanberra-" version ".tar.xz"))
+       (uri (string-append "https://d.n0.is/releases/pycanberra/"
+                           "pycanberra-" version ".tar.xz"))
        (sha256
         (base32
          "16jjf8fcgaprmz6jacsxrh17l1ad891fns38bxv49lg3s3mn1nj2"))))
@@ -152,5 +152,5 @@ sounds for various system events.")
     (synopsis "Ctypes wrapper for the libcanberra API")
     (description
      "Pycanberra is a basic Python wrapper for libcanberra.")
-    (home-page "https://git.ng0.infotropique.org/pycanberra/")
+    (home-page "https://c.n0.is/pycanberra/")
     (license lgpl2.1+)))
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index bd7c367b8e..af4b63f278 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -131,7 +131,7 @@
 
 (define-public (system->defconfig system)
   "Some systems (notably powerpc-linux) require a special target for kernel
-defconfig.  Return the appropiate make target if applicable, otherwise return
+defconfig.  Return the appropriate make target if applicable, otherwise return
 \"defconfig\"."
   (cond ((string-prefix? "powerpc-" system) "pmac32_defconfig")
         ((string-prefix? "powerpc64le-" system) "ppc64_defconfig")
@@ -369,8 +369,8 @@ It has been modified to remove all non-free binary blobs.")
 (define %intel-compatible-systems '("x86_64-linux" "i686-linux"))
 (define %linux-compatible-systems '("x86_64-linux" "i686-linux" "armhf-linux"))
 
-(define %linux-libre-version "4.14")
-(define %linux-libre-hash "0y42cn0lq08njvsfg3b2xyziaga268aj2lx034k40wilha6hkw3h")
+(define %linux-libre-version "4.14.3")
+(define %linux-libre-hash "1hs94lj2bryci4m75bfrhhj9aqrjpq6a57nhxic63zj6xjhi53l7")
 
 ;; linux-libre configuration for armhf-linux is derived from Debian armmp.  It
 ;; supports qemu "virt" machine and possibly a large number of ARM boards.
@@ -383,14 +383,14 @@ It has been modified to remove all non-free binary blobs.")
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.9
-  (make-linux-libre "4.9.62"
-                    "00brapsvchkv2q4p6spvjk92524mfcsj5aq5jcjvqhx50fn71y1w"
+  (make-linux-libre "4.9.66"
+                    "0k29i5wnljck4nwkzcjxjfzrddwifj2pb6zxqh7f522j9cw2g4zd"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.4
-  (make-linux-libre "4.4.98"
-                    "1n34bwz6c122byjyfz6z916v7lx4pgsys0a2kq2zmxcfs9kv60xs"
+  (make-linux-libre "4.4.103"
+                    "1x2pyrjz8myja77nz0zg2k74yrcbiq7g1caqjnafbgc8qwh31fp8"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
@@ -3083,7 +3083,7 @@ and copy/paste text in the console and in xterm.")
 (define-public btrfs-progs
   (package
     (name "btrfs-progs")
-    (version "4.13.3")
+    (version "4.14")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://kernel.org/linux/kernel/"
@@ -3091,7 +3091,7 @@ and copy/paste text in the console and in xterm.")
                                   "btrfs-progs-v" version ".tar.xz"))
               (sha256
                (base32
-                "10yp0b4pwrw5mcd81yn3d0d87fnqpp4si5d25dfhl6n2640dnnw0"))))
+                "1bwirg6hz6gyfj5r3xkj4lfwadvl9pxlccf916fsmdn27fy5q289"))))
     (build-system gnu-build-system)
     (outputs '("out"
                "static"))      ; static versions of the binaries in "out"
@@ -4273,7 +4273,7 @@ the MTP device as a filesystem.")
 (define-public procenv
   (package
    (name "procenv")
-   (version "0.49")
+   (version "0.50")
    (source
     (origin
      (method url-fetch)
@@ -4281,7 +4281,7 @@ the MTP device as a filesystem.")
                          version ".tar.gz"))
      (file-name (string-append name "-" version ".tar.gz"))
      (sha256
-      (base32 "0brzf6185hb76imw107cl21c8lzwiywkxi3jknihrk86bvvicd0d"))))
+      (base32 "0dvscyf47i3j5ay0amncqmqw9kd916689r2pqdvpnsrhp6j46zp1"))))
    (build-system gnu-build-system)
    (arguments `(#:configure-flags '("--disable-silent-rules")))
    (inputs `(("expat" ,expat) ("libcap" ,libcap) ("check" ,check)
diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm
index e5b8ad3563..bb6517f47f 100644
--- a/gnu/packages/lisp.scm
+++ b/gnu/packages/lisp.scm
@@ -76,81 +76,102 @@
              ,lisp))))
 
 (define-public gcl
-  (package
-    (name "gcl")
-    (version "2.6.12")
-    (source
-     (origin
-      (method url-fetch)
-      (uri (string-append "mirror://gnu/" name "/" name "-" version ".tar.gz"))
-      (sha256
-       (base32 "1s4hs2qbjqmn9h88l4xvsifq5c3dlc5s74lyb61rdi5grhdlkf4f"))))
-    (build-system gnu-build-system)
-    (arguments
-     `(#:parallel-build? #f  ; The build system seems not to be thread safe.
-       #:tests? #f  ; There does not seem to be make check or anything similar.
-       #:configure-flags '("--enable-ansi") ; required for use by the maxima package
-       #:make-flags (list
-                     "CFLAGS=-fgnu89-inline" ; removes inline function warnings
-                     (string-append "GCC=" (assoc-ref %build-inputs "gcc")
-                                    "/bin/gcc"))
-       #:phases (modify-phases %standard-phases
-                  (add-before 'configure 'pre-conf
-                    (lambda _
-                      (substitute*
-                        (append
-                         '("pcl/impl/kcl/makefile.akcl"
-                           "add-defs"
-                           "unixport/makefile.dos"
-                           "add-defs.bat"
-                           "gcl-tk/makefile.prev"
-                           "add-defs1")
-                         (find-files "h" "\\.defs"))
-                        (("SHELL=/bin/bash")
-                         (string-append "SHELL=" (which "bash")))
-                        (("SHELL=/bin/sh")
-                         (string-append "SHELL=" (which "sh"))))
-                      (substitute* "h/linux.defs"
-                        (("#CC") "CC")
-                        (("-fwritable-strings") "")
-                        (("-Werror") ""))
-                      #t))
-                  (add-after 'install 'wrap
-                    (lambda* (#:key inputs outputs #:allow-other-keys)
-                      (let* ((gcl (assoc-ref outputs "out"))
-                             (input-path (lambda (lib path)
-                                           (string-append
-                                            (assoc-ref inputs lib) path)))
-                             (binaries '("binutils")))
-                        ;; GCC and the GNU binutils are necessary for GCL to be
-                        ;; able to compile Lisp functions and programs (this is
-                        ;; a standard feature in Common Lisp). While the
-                        ;; the location of GCC is specified in the make-flags,
-                        ;; the GNU binutils must be available in GCL's $PATH.
-                        (wrap-program (string-append gcl "/bin/gcl")
-                          `("PATH" prefix ,(map (lambda (binary)
-                                                  (input-path binary "/bin"))
-                                                binaries))))
-                      #t))
-                  ;; drop strip phase to make maxima build, see
-                  ;; https://www.ma.utexas.edu/pipermail/maxima/2008/009769.html
-                  (delete 'strip))))
-    (inputs
-     `(("gmp" ,gmp)
-       ("readline" ,readline)))
-    (native-inputs
-     `(("gcc" ,gcc-4.9)
-       ("m4" ,m4)
-       ("texinfo" ,texinfo)
-       ("texlive" ,texlive)))
-    (home-page "https://www.gnu.org/software/gcl/")
-    (synopsis "A Common Lisp implementation")
-    (description "GCL is an implementation of the Common Lisp language.  It
+  (let ((commit "5956140b1083e2302a59d7ce2054b0b7c2cbb417")
+        (revision "1")) ;Guix package revision
+    (package
+      (name "gcl")
+      (version (string-append "2.6.12-" revision "."
+                              (string-take commit 7)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://git.savannah.gnu.org/r/gcl.git")
+               (commit commit)))
+         (file-name (string-append "gcl-" version "-checkout"))
+         (sha256
+          (base32 "0mwclf2879mh3d9xqkqhghf58lwy7srsnsq9x0f1cc6j302sy4hb"))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:parallel-build? #f  ; The build system seems not to be thread safe.
+         #:tests? #f  ; There does not seem to be make check or anything similar.
+         #:configure-flags '("--enable-ansi") ; required for use by the maxima package
+         #:make-flags (list
+                       (string-append "GCL_CC=" (assoc-ref %build-inputs "gcc")
+                                      "/bin/gcc")
+                       (string-append "CC=" (assoc-ref %build-inputs "gcc")
+                                      "/bin/gcc"))
+         #:phases
+         (modify-phases %standard-phases
+           (add-before 'configure 'pre-conf
+             (lambda* (#:key inputs #:allow-other-keys)
+               (chdir "gcl")
+               (substitute*
+                   (append
+                    '("pcl/impl/kcl/makefile.akcl"
+                      "add-defs"
+                      "unixport/makefile.dos"
+                      "add-defs.bat"
+                      "gcl-tk/makefile.prev"
+                      "add-defs1")
+                    (find-files "h" "\\.defs"))
+                 (("SHELL=/bin/bash")
+                  (string-append "SHELL=" (which "bash")))
+                 (("SHELL=/bin/sh")
+                  (string-append "SHELL=" (which "sh"))))
+               (substitute* "h/linux.defs"
+                 (("#CC") "CC")
+                 (("-fwritable-strings") "")
+                 (("-Werror") ""))
+               (substitute* "lsp/gcl_top.lsp"
+                 (("\"cc\"")
+                  (string-append "\"" (assoc-ref %build-inputs "gcc")
+                                 "/bin/gcc\""))
+                 (("\\(or \\(get-path \\*cc\\*\\) \\*cc\\*\\)") "*cc*")
+                 (("\"ld\"")
+                  (string-append "\"" (assoc-ref %build-inputs "binutils")
+                                 "/bin/ld\""))
+                 (("\\(or \\(get-path \\*ld\\*\\) \\*ld\\*\\)") "*ld*")
+                 (("\\(get-path \"objdump --source \"\\)")
+                  (string-append "\"" (assoc-ref %build-inputs "binutils")
+                                 "/bin/objdump --source \"")))
+               #t))
+           (add-after 'install 'wrap
+             (lambda* (#:key inputs outputs #:allow-other-keys)
+               (let* ((gcl (assoc-ref outputs "out"))
+                      (input-path (lambda (lib path)
+                                    (string-append
+                                     (assoc-ref inputs lib) path)))
+                      (binaries '("binutils")))
+                 ;; GCC and the GNU binutils are necessary for GCL to be
+                 ;; able to compile Lisp functions and programs (this is
+                 ;; a standard feature in Common Lisp). While the
+                 ;; the location of GCC is specified in the make-flags,
+                 ;; the GNU binutils must be available in GCL's $PATH.
+                 (wrap-program (string-append gcl "/bin/gcl")
+                   `("PATH" prefix ,(map (lambda (binary)
+                                           (input-path binary "/bin"))
+                                         binaries))))
+               #t))
+           ;; drop strip phase to make maxima build, see
+           ;; https://www.ma.utexas.edu/pipermail/maxima/2008/009769.html
+           (delete 'strip))))
+      (inputs
+       `(("gmp" ,gmp)
+         ("readline" ,readline)))
+      (native-inputs
+       `(("gcc" ,gcc-4.9)
+         ("m4" ,m4)
+         ("texinfo" ,texinfo)
+         ("texlive" ,texlive)))
+      (home-page "https://www.gnu.org/software/gcl/")
+      (synopsis "A Common Lisp implementation")
+      (description "GCL is an implementation of the Common Lisp language.  It
 features the ability to compile to native object code and to load native
 object code modules directly into its lisp core.  It also features a
 stratified garbage collection strategy, a source-level debugger and a built-in
 interface to the Tk widget system.")
-    (license license:lgpl2.0+)))
+      (license license:lgpl2.0+))))
 
 (define-public ecl
   (package
diff --git a/gnu/packages/lua.scm b/gnu/packages/lua.scm
index c8bc4ef85e..d5f55b9631 100644
--- a/gnu/packages/lua.scm
+++ b/gnu/packages/lua.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 doncatnip <gnopap@gmail.com>
-;;; Copyright © 2016 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2016, 2017 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2016 José Miguel Sánchez García <jmi2k@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -356,9 +356,9 @@ based libraries.  It allows using GObject-based libraries directly from Lua.
 Notable examples are GTK+, GStreamer and Webkit.")
     (license license:expat)))
 
-(define-public lua-lpeg
+(define (make-lua-lpeg name lua)
   (package
-    (name "lua-lpeg")
+    (name name)
     (version "1.0.1")
     (source (origin
               (method url-fetch)
@@ -390,34 +390,16 @@ Grammars (PEGs).")
     (home-page "http://www.inf.puc-rio.br/~roberto/lpeg")
     (license license:expat)))
 
+(define-public lua-lpeg
+  (make-lua-lpeg "lua-lpeg" lua))
+
 (define-public lua5.2-lpeg
-  (package (inherit lua-lpeg)
-    (name "lua5.2-lpeg")
-    ;; XXX: The arguments field is almost an exact copy of the field in
-    ;; "lua-lpeg", except for the version string, which was derived from "lua"
-    ;; and now is taken from "lua-5.2".  See this discussion for context:
-    ;; http://lists.gnu.org/archive/html/guix-devel/2017-01/msg02048.html
-    (arguments
-     `(#:phases
-       (modify-phases %standard-phases
-         (delete 'configure)
-         ;; `make install` isn't available, so we have to do it manually
-         (replace 'install
-           (lambda* (#:key outputs #:allow-other-keys)
-             (let ((out (assoc-ref outputs "out"))
-                   (lua-version ,(version-major+minor (package-version lua-5.2))))
-               (install-file "lpeg.so"
-                             (string-append out "/lib/lua/" lua-version))
-               (install-file "re.lua"
-                             (string-append out "/share/lua/" lua-version))
-               #t))))
-       #:test-target "test"))
-    (inputs `(("lua", lua-5.2)))))
+  (make-lua-lpeg "lua5.2-lpeg" lua-5.2))
 
 ;; Lua 5.3 is not supported.
-(define-public lua5.2-bitop
+(define (make-lua-bitop name lua)
   (package
-    (name "lua5.2-bitop")
+    (name name)
     (version "1.0.2")
     (source (origin
               (method url-fetch)
@@ -434,15 +416,21 @@ Grammars (PEGs).")
              (string-append "INSTALLPATH=printf "
                             (assoc-ref %outputs "out")
                             "/lib/lua/"
-                            ,(version-major+minor (package-version lua-5.2))
+                            ,(version-major+minor (package-version lua))
                             "/bit/bit.so"))
        #:phases
        (modify-phases %standard-phases
          (delete 'configure))))
-    (inputs `(("lua", lua-5.2)))
+    (inputs `(("lua", lua)))
     (home-page "http://bitop.luajit.org/index.html")
     (synopsis "Bitwise operations on numbers for Lua")
     (description
      "Lua BitOp is a C extension module for Lua which adds bitwise operations
 on numbers.")
     (license license:expat)))
+
+(define-public lua5.2-bitop
+  (make-lua-bitop "lua5.2-bitop" lua-5.2))
+
+(define-public lua5.1-bitop
+  (make-lua-bitop "lua5.1-bitop" lua-5.1))
diff --git a/gnu/packages/lxde.scm b/gnu/packages/lxde.scm
index bf70bd6013..7d0aaa6503 100644
--- a/gnu/packages/lxde.scm
+++ b/gnu/packages/lxde.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
+;;; Copyright © 2017 Brendan Tildesley <brendan.tildesley@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -214,18 +215,20 @@ speed up the access to freedesktop.org defined application menus.")
               (uri (string-append "mirror://sourceforge/" name "/"
                                   "PCManFM%20%2B%20Libfm%20%28tarball%20release"
                                   "%29/PCManFM/" name "-" version ".tar.xz"))
+              (patches (search-patches "pcmanfm-CVE-2017-8934.patch"))
               (sha256
                (base32
                 "0rxdh0dfzc84l85c54blq42gczygq8adhr3l9hqzy1dp530cm1hc"))))
     (build-system gnu-build-system)
-    ;; (#:configure-flags '("--sysconfdir=/etc")) suggested in README.
     (inputs `(("gtk+"   ,gtk+-2)
-              ;; TODO: add ("gvfs" ,gvfs).
+              ("gvfs"   ,gvfs)                    ;for trash and mount support
               ("libfm"  ,libfm)
               ("libx11" ,libx11)))
     (native-inputs `(("intltool"   ,intltool)
                      ("libtool"    ,libtool)
                      ("pkg-config" ,pkg-config)))
+    (propagated-inputs
+     `(("lxmenu-data" ,lxmenu-data)))     ;for "Open With..." application list
     (synopsis "LXDE file manager")
     (description "PCMan is a lightweight GTK+ based file manager, compliant
 with freedesktop.org standard.")
diff --git a/gnu/packages/machine-learning.scm b/gnu/packages/machine-learning.scm
index a32ea36e6c..cf400a0eed 100644
--- a/gnu/packages/machine-learning.scm
+++ b/gnu/packages/machine-learning.scm
@@ -611,7 +611,7 @@ computing environments.")
 (define-public python-scikit-learn
   (package
     (name "python-scikit-learn")
-    (version "0.19.0")
+    (version "0.19.1")
     (source
      (origin
        (method url-fetch)
@@ -621,7 +621,7 @@ computing environments.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "0g7q4ri75mj93wpa9bp83a3jmrf3dm5va9h7k4zkbcxr6bgqka15"))))
+         "18n8775kyfwbvcjjjzda9c5sqy4737c0hrmj6qj1ps2jmlqzair9"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 77d935171a..114b1a21bb 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -1034,7 +1034,7 @@ delivery.")
 (define-public exim
   (package
     (name "exim")
-    (version "4.89")
+    (version "4.89.1")
     (source
      (origin
        (method url-fetch)
@@ -1042,10 +1042,9 @@ delivery.")
                                  version ".tar.bz2")
                   (string-append "ftp://ftp.exim.org/pub/exim/exim4/old/exim-"
                                  version ".tar.bz2")))
-       (patches (search-patches "exim-CVE-2017-1000369.patch"))
        (sha256
         (base32
-         "1c0syp7yxngmq7y8vqsrvijinzin5m941vn0ljihdfld7kh2wbwi"))))
+         "133sjkcm9wlhpcxflr5v865varc1995bqa1y3vjs1w6zc34kp18w"))))
     (build-system gnu-build-system)
     (inputs
      `(("bdb" ,bdb)
@@ -1611,7 +1610,8 @@ deliver it in various ways.")
        ;; getline() in formail.c.  The patch is provided by Debian as
        ;; patch 24.
        (patches (search-patches "procmail-ambiguous-getline-debian.patch"
-                                "procmail-CVE-2014-3618.patch"))))
+                                "procmail-CVE-2014-3618.patch"
+                                "procmail-CVE-2017-16844.patch"))))
     (arguments
      `(#:phases (modify-phases %standard-phases
                   (replace 'configure
@@ -2107,9 +2107,9 @@ installation on systems where resources are limited.  Its features include:
 @end enumerate\n")
     (license license:expat)))
 
-(define-public python-django-mailman3
+(define-public python2-django-mailman3
   (package
-    (name "python-django-mailman3")
+    (name "python2-django-mailman3")
     (version "1.0.1")
     (source
      (origin
@@ -2119,16 +2119,28 @@ installation on systems where resources are limited.  Its features include:
         (base32
          "1adxyh8knw9knjlh73xq0jpn5adml0ck4alsv0swakm95wfyx46z"))))
     (build-system python-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (replace 'check
+           (lambda _
+             (zero?
+              (system*
+               "django-admin"
+               "test"
+               "--settings=django_mailman3.tests.settings_test"
+               "django_mailman3")))))
+       #:python ,python-2))
     (inputs
-     `(("python-django" ,python-django)))
+     `(("python2-django" ,python2-django)))
     (propagated-inputs
-     `(("python-requests" ,python-requests)
-       ("python-requests-oauthlib" ,python-requests-oauthlib)
-       ("python-openid" ,python-openid)
-       ("python-mailmanclient" ,python-mailmanclient)
-       ("python-django-allauth" ,python-django-allauth)
-       ("python-django-gravatar2" ,python-django-gravatar2)
-       ("python-pytz" ,python-pytz)))
+     `(("python2-requests" ,python2-requests)
+       ("python2-requests-oauthlib" ,python2-requests-oauthlib)
+       ("python2-openid" ,python2-openid)
+       ("python2-mailmanclient" ,python2-mailmanclient)
+       ("python2-django-allauth" ,python2-django-allauth)
+       ("python2-django-gravatar2" ,python2-django-gravatar2)
+       ("python2-pytz" ,python2-pytz)))
     (home-page "https://gitlab.com/mailman/django-mailman3")
     (synopsis "Django library for Mailman UIs")
     (description
@@ -2136,15 +2148,6 @@ installation on systems where resources are limited.  Its features include:
 interacting with Mailman.")
     (license gpl3+)))
 
-(define-public python2-django-mailman3
-  (let ((base (package-with-python2
-               python-django-mailman3)))
-    (package
-      (inherit base)
-      (propagated-inputs
-       `(("python2-openid" ,python2-openid)
-         ,@(package-propagated-inputs base))))))
-
 (define-public postorius
   (package
     (name "postorius")
diff --git a/gnu/packages/man.scm b/gnu/packages/man.scm
index fed7d08aee..8abdaf48f6 100644
--- a/gnu/packages/man.scm
+++ b/gnu/packages/man.scm
@@ -1,9 +1,10 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2014, 2015, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014 David Thompson <dthompson2@worcester.edu>
 ;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -67,7 +68,7 @@ a flexible and convenient way.")
                 "0gqgs4zc3r87apns0k5qp689p2ylxx2596s2mkmkxjjay99brv88"))))
     (build-system gnu-build-system)
     (arguments
-     '(#:phases
+     `(#:phases
        (modify-phases %standard-phases
          (add-after 'patch-source-shebangs 'patch-test-shebangs
            (lambda* (#:key outputs #:allow-other-keys)
@@ -87,6 +88,7 @@ a flexible and convenient way.")
              #t)))
        #:configure-flags
        (let ((groff (assoc-ref %build-inputs "groff"))
+             (groff-minimal (assoc-ref %build-inputs "groff-minimal"))
              (less  (assoc-ref %build-inputs "less"))
              (gzip  (assoc-ref %build-inputs "gzip"))
              (bzip2 (assoc-ref %build-inputs "bzip2"))
@@ -109,17 +111,24 @@ a flexible and convenient way.")
                        (string-append "--with-systemdtmpfilesdir="
                                       %output "/lib/tmpfiles.d"))
                  (map (lambda (prog)
-                        (string-append "--with-" prog "=" groff "/bin/" prog))
+                        (string-append "--with-" prog "=" groff-minimal
+                                       "/bin/" prog))
                       '("nroff" "eqn" "neqn" "tbl" "refer" "pic"))))
+
+       ;; At run time we should refer to GROFF-MINIMAL, not GROFF (the latter
+       ;; pulls in Perl.)
+       #:disallowed-references (,groff)
+
        #:modules ((guix build gnu-build-system)
                   (guix build utils)
                   (srfi srfi-1))))
     (native-inputs
-     `(("pkg-config" ,pkg-config)))
+     `(("pkg-config" ,pkg-config)
+       ("groff" ,groff)))   ;needed at build time (troff, grops, soelim, etc.)
     (inputs
      `(("flex" ,flex)
        ("gdbm" ,gdbm)
-       ("groff" ,groff)
+       ("groff-minimal" ,groff-minimal)
        ("less" ,less)
        ("libpipeline" ,libpipeline)
        ("util-linux" ,util-linux)))
@@ -138,7 +147,7 @@ the traditional flat-text whatis databases.")
 (define-public man-pages
   (package
     (name "man-pages")
-    (version "4.13")
+    (version "4.14")
     (source (origin
               (method url-fetch)
               (uri
@@ -151,7 +160,7 @@ the traditional flat-text whatis databases.")
                     "man-pages-" version ".tar.xz")))
               (sha256
                (base32
-                "1gri0rm9i3a6w5dvsmwawhwzywl5x80dwq05d2v8l92knv2hbh6m"))))
+                "0wf9ymqxk1k5xwcl3n919p66a1aayif3x4cahj4w04y3k1wbhlih"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases (modify-phases %standard-phases (delete 'configure))
diff --git a/gnu/packages/markup.scm b/gnu/packages/markup.scm
index 6a0902c03e..4426258db6 100644
--- a/gnu/packages/markup.scm
+++ b/gnu/packages/markup.scm
@@ -161,7 +161,7 @@ convert it to structurally valid XHTML (or HTML).")
         (base32
          "1xx7v3wnla7m6wa3h33whxw3vvincaicg4yra1b9wbzf2aix9rnw"))
        (patches
-        (search-patches "perl-text-markdown-discount-use-system-markdown.patch"))))
+        (search-patches "perl-text-markdown-discount-unbundle.patch"))))
     (build-system perl-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index ef5bc1d99b..f6ea4ffc91 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -20,6 +20,7 @@
 ;;; Copyright © 2017 Ben Woodcroft <donttrustben@gmail.com>
 ;;; Copyright © 2017 Theodoros Foradis <theodoros@foradis.org>
 ;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -152,14 +153,14 @@ interactive dialogs to guide them.")
 (define-public coda
   (package
     (name "coda")
-    (version "2.18.2")
+    (version "2.18.3")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://github.com/stcorp/coda/releases/download/"
                            version "/coda-" version ".tar.gz"))
        (sha256
-        (base32 "01fnqcby9jijvf3jxr1fk4bny059lvvq5wbqm7ns60ilykfdnm6a"))
+        (base32 "1zlzgcvwmmjm8mw8w4rg2rqy0pjilz7kyyxm0y4p8cbljbbjxxz0"))
        (patches (search-patches "coda-use-system-libs.patch"))
        (modules '((guix build utils)))
        (snippet
@@ -1893,12 +1894,12 @@ programming problems.")
 (define-public r-pracma
   (package
     (name "r-pracma")
-    (version "2.0.7")
+    (version "2.1.1")
     (source (origin
       (method url-fetch)
       (uri (cran-uri "pracma" version))
       (sha256
-        (base32 "0hxa0rbbp54j0c05qj7vfwhqfdmiz5ax8vhqxd09g33x7c0hqbc5"))))
+        (base32 "1mylrrkyycaw9m01mmg6xkn5wgdlabs5l0qyws60r0n2ycblp897"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-quadprog" ,r-quadprog)))
diff --git a/gnu/packages/mes.scm b/gnu/packages/mes.scm
index dfa4211773..5b6c87992a 100644
--- a/gnu/packages/mes.scm
+++ b/gnu/packages/mes.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Jan Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -106,7 +107,7 @@ Guile-] Scheme interpreter prototype in C and a Nyacc-based C compiler in
 (define-public mescc-tools
   (package
     (name "mescc-tools")
-    (version "0.2")
+    (version "0.3")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -116,9 +117,8 @@ Guile-] Scheme interpreter prototype in C and a Nyacc-based C compiler in
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0gmyczh88xcsmrmxqksbpaqidchj5hfqxqk7apx40k9r3vav6mnz"))))
+                "04lvyyp7isamgddrnfpi92lgqdflzdzx5kc2x8fxmgsjisy0dgr4"))))
     (build-system gnu-build-system)
-    (supported-systems '("i686-linux" "x86_64-linux"))
     (arguments
      `(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
        #:test-target "test"
diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
index a9a77ae711..b6452c54c3 100644
--- a/gnu/packages/messaging.scm
+++ b/gnu/packages/messaging.scm
@@ -550,7 +550,8 @@ was initially a fork of xmpppy, but uses non-blocking sockets.")
     (native-inputs
      `(("intltool" ,intltool)))
     (inputs
-     `(("python2-nbxmpp" ,python2-nbxmpp)
+     `(("python2-axolotl" ,python2-axolotl)
+       ("python2-nbxmpp" ,python2-nbxmpp)
        ("python2-pyopenssl" ,python2-pyopenssl)
        ("python2-gnupg" ,python2-gnupg)
        ("python2-pygtk" ,python2-pygtk)
@@ -634,14 +635,14 @@ a graphical desktop environment like GNOME.")
 (define-public prosody
   (package
     (name "prosody")
-    (version "0.9.12")
+    (version "0.10.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://prosody.im/downloads/source/"
                                   "prosody-" version ".tar.gz"))
               (sha256
                (base32
-                "139yxqpinajl32ryrybvilh54ddb1q6s0ajjhlcs4a0rnwia6n8s"))))
+                "1644jy5dk46vahmh6nna36s79k8k668sbi3qamjb4q3c4m3y853l"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; no "check" target
@@ -707,7 +708,10 @@ a graphical desktop environment like GNOME.")
     (inputs
      `(("libidn" ,libidn)
        ("openssl" ,openssl)
+       ;; Lua 5.1 is still recommended for production usage.
+       ;; See https://prosody.im/doc/packagers.
        ("lua" ,lua-5.1)
+       ("lua5.1-bitop" ,lua5.1-bitop)
        ("lua5.1-expat" ,lua5.1-expat)
        ("lua5.1-socket" ,lua5.1-socket)
        ("lua5.1-filesystem" ,lua5.1-filesystem)
@@ -768,7 +772,7 @@ protocols.")
 (define-public c-toxcore
   (package
     (name "c-toxcore")
-    (version "0.1.9")
+    (version "0.1.10")
     (source
      (origin
        (method url-fetch)
@@ -777,7 +781,7 @@ protocols.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1y30xc1dzq9knww274d4y0m8gridcf5j851rxdri8j2s64p3qqgk"))))
+         "1lbvq9pp1ganjk5lql5lzcn8bcmgfi8y026pb2j2nq8yldqrrjby"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -795,7 +799,7 @@ messenger protocol.")
 (define-public utox
   (package
    (name "utox")
-   (version "0.11.0")
+   (version "0.16.1")
    (source
     (origin
      (method url-fetch)
@@ -804,37 +808,42 @@ messenger protocol.")
      (file-name (string-append name "-" version ".tar.gz"))
      (sha256
       (base32
-       "15s4iwjk1s0kihjqn0f07c9618clbphpr827mds3xddkiwnjz37v"))))
+       "14xl72y4w1x2kk0cvkcr9pmywllm0r9w2grjqiknwn95pw6yxz6q"))))
    (build-system cmake-build-system)
    (arguments
-    '(#:tests? #f ; No test phase.
-      #:phases
+    `(#:phases
       (modify-phases %standard-phases
-        (add-after 'unpack 'fix-freetype-include
-          (lambda _
-            (substitute* "CMakeLists.txt"
-              (("/usr/include/freetype2")
-               (string-append (assoc-ref %build-inputs "freetype")
-                              "/include/freetype2")))))
-        (add-before 'install 'patch-cmake-find-utox
-          (lambda _
-            (substitute* "../build/cmake_install.cmake"
-              (("/uTox-0.11.0/utox")
-               "/build/utox")))))))
+        (add-before 'build 'patch-absolute-filename-libgtk-3
+          (lambda* (#:key inputs outputs #:allow-other-keys)
+            (substitute* "../uTox-0.16.1/src/xlib/gtk.c"
+                         (("libgtk-3.so")
+                         (string-append (assoc-ref inputs "gtk+")
+                                        "/lib/libgtk-3.so")))))
+        (add-after 'install 'wrap-program
+          (lambda* (#:key inputs outputs #:allow-other-keys)
+            (wrap-program (string-append (assoc-ref outputs "out")
+                                         "/bin/utox")
+            ;; For GtkFileChooserDialog.
+            `("GSETTINGS_SCHEMA_DIR" =
+              (,(string-append (assoc-ref inputs "gtk+")
+                               "/share/glib-2.0/schemas")))))))))
    (inputs
-    ;; TODO: Fix the file chooser dialog; which input does it need?
     `(("dbus" ,dbus)
       ("filteraudio" ,filteraudio)
       ("fontconfig" ,fontconfig)
       ("freetype" ,freetype)
       ("libsodium" ,libsodium)
       ("c-toxcore" ,c-toxcore)
+      ("gtk+" ,gtk+)
       ("libvpx" ,libvpx)
       ("libx11" ,libx11)
       ("libxext" ,libxext)
       ("libxrender" ,libxrender)
       ("openal" ,openal)
       ("v4l-utils" ,v4l-utils)))
+   (native-inputs
+    `(("check" ,check)
+      ("pkg-config" ,pkg-config)))
    (synopsis "Lightweight Tox client")
    (description
     "Utox is a lightweight Tox client.  Tox is a distributed and secure
@@ -845,14 +854,14 @@ instant messenger with audio and video chat capabilities.")
 (define-public qtox
   (package
     (name "qtox")
-    (version "1.12.1")
+    (version "1.13.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/qTox/qTox/archive/v"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0dwy0abcxzzcybww2xi33cla71a7752cq02qswcks5kbxnf5pck5"))
+                "0dyplmlqhg4zbg7hdzp3iqppn9xgp7pds5k6w6byjcqhb9zv91ca"))
               (file-name (string-append name "-" version ".tar.gz"))))
     (build-system cmake-build-system)
     (arguments
@@ -867,6 +876,7 @@ instant messenger with audio and video chat capabilities.")
              #t)))))
     (inputs
      `(("ffmpeg" ,ffmpeg-3.3)
+       ("filteraudio", filteraudio)
        ("glib" ,glib)
        ("gtk+" ,gtk+-2)
        ("libsodium" ,libsodium)
diff --git a/gnu/packages/mp3.scm b/gnu/packages/mp3.scm
index 1860997e09..fbb924ba51 100644
--- a/gnu/packages/mp3.scm
+++ b/gnu/packages/mp3.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
+;;; Copyright © 2017 Pierre Langlois <pierre.langlois@gmx.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -151,18 +152,20 @@ a highly stable and efficient implementation.")
 (define-public taglib
   (package
     (name "taglib")
-    (version "1.10")
+    (version "1.11.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://taglib.github.io/releases/taglib-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1alv6vp72p0x9i9yscmz2a71anjwqy53y9pbcbqxvc1c0i82vhr4"))))
+                "0ssjcdjv4qf9liph5ry1kngam1y7zp8fzr9xv4wzzrma22kabldn"))))
     (build-system cmake-build-system)
-    (arguments '(#:tests? #f))                    ;no 'test' target
+    (arguments
+      '(#:tests? #f ; Tests are not ran with BUILD_SHARED_LIBS on.
+        #:configure-flags (list "-DBUILD_SHARED_LIBS=ON")))
     (inputs `(("zlib" ,zlib)))
-    (home-page "http://developer.kde.org/~wheeler/taglib.html")
+    (home-page "http://taglib.org")
     (synopsis "Library to access audio file meta-data")
     (description
      "TagLib is a C++ library for reading and editing the meta-data of several
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index 77d69df5a4..479b4f9b2d 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -12,6 +12,7 @@
 ;;; Copyright © 2017 Rodger Fox <thylakoid@openmailbox.org>
 ;;; Copyright © 2017 Nicolas Goaziou <mail@nicolasgoaziou.fr>
 ;;; Copyright © 2017 Pierre Langlois <pierre.langlois@gmx.com>
+;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -38,6 +39,7 @@
   #:use-module (guix build-system ant)
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system python)
+  #:use-module (guix build-system scons)
   #:use-module (guix build-system waf)
   #:use-module (gnu packages)
   #:use-module (gnu packages algebra)
@@ -54,8 +56,11 @@
   #:use-module (gnu packages check)
   #:use-module (gnu packages cmake)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages crypto)
   #:use-module (gnu packages curl)
   #:use-module (gnu packages cyrus-sasl)
+  #:use-module (gnu packages databases)
+  #:use-module (gnu packages datastructures)
   #:use-module (gnu packages docbook)
   #:use-module (gnu packages documentation)
   #:use-module (gnu packages emacs)
@@ -73,12 +78,14 @@
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages graphics)
+  #:use-module (gnu packages gstreamer)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages image)
   #:use-module (gnu packages imagemagick)
   #:use-module (gnu packages java)
   #:use-module (gnu packages libffi)
+  #:use-module (gnu packages libusb)
   #:use-module (gnu packages linux) ; for alsa-utils
   #:use-module (gnu packages lirc)
   #:use-module (gnu packages llvm)
@@ -91,6 +98,7 @@
   #:use-module (gnu packages pdf)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages protobuf)
   #:use-module (gnu packages pulseaudio) ;libsndfile
   #:use-module (gnu packages python)
   #:use-module (gnu packages python-web)
@@ -177,6 +185,114 @@ and play MIDI files with a few clicks in a user-friendly interface offering
 score, keyboard, guitar, drum and controller views.")
     (license license:gpl3+)))
 
+;; We don't use the latest release because it depends on Qt4.  Instead we
+;; download the sources from the tip of the "qt5" branch.
+(define-public clementine
+  (let ((commit "0a59257dc334b8df60a4d7d90b04f1766747efcf")
+        (revision "1"))
+    (package
+      (name "clementine")
+      (version (string-append "1.3.1-" revision "." (string-take commit 7)))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/clementine-player/Clementine.git")
+                      (commit commit)))
+                (file-name (string-append name "-" version "-checkout"))
+                (sha256
+                 (base32
+                   "0cdcj7di7j9jgzc1ihjna1a5df64f9hnmx7b9kh8rlg76hc0l0hi"))
+                (modules '((guix build utils)))
+                (snippet
+                  '(for-each
+                     (lambda (dir)
+                       (delete-file-recursively
+                         (string-append "3rdparty/" dir)))
+                     (list
+                       ;; TODO: The following dependencies are still bundled:
+                       ;; - "qxt": Appears to be unmaintained upstream.
+                       ;; - "qsqlite"
+                       ;; - "qtsingleapplication"
+                       ;; - "qocoa"
+                       ;; - "qtiocompressor"
+                       ;; - "gmock": The tests crash when using our googletest
+                       ;;   package instead of the bundled gmock.
+                       "SPMediaKeyTap"
+                       "fancytabwidget"
+                       "google-breakpad"
+                       "libmygpo-qt"
+                       "libmygpo-qt5"
+                       "libprojectm"
+                       "qtwin"
+                       "sha2" ;; Replaced by openssl.
+                       "taglib"
+                       "tinysvcmdns")))
+                (patches (search-patches "clementine-use-openssl.patch"))))
+      (build-system cmake-build-system)
+      (arguments
+       '(#:test-target "clementine_test"
+         #:configure-flags
+         (let ((crypto (assoc-ref %build-inputs "crypto++")))
+           (list "-DENABLE_VISUALISATIONS=OFF" ; requires unpackaged "projectm"
+                 "-DCRYPTOPP_FOUND=TRUE"
+                 (string-append "-DCRYPTOPP_INCLUDE_DIRS=" crypto "/include")
+                 (string-append "-DCRYPTOPP_LIBRARY_DIRS=" crypto "/lib")
+                 (string-append "-DCRYPTOPP_LIBRARIES=" crypto "/lib/libcryptopp.a")
+                 "-DUSE_SYSTEM_SHA2=TRUE"))
+         #:phases
+         (modify-phases %standard-phases
+           (add-after 'install 'wrap-program
+             (lambda* (#:key inputs outputs #:allow-other-keys)
+               (let ((out             (assoc-ref outputs "out"))
+                     (gst-plugin-path (getenv "GST_PLUGIN_SYSTEM_PATH")))
+                 (wrap-program (string-append out "/bin/clementine")
+                   `("GST_PLUGIN_SYSTEM_PATH" ":" prefix (,gst-plugin-path)))
+                 #t))))))
+      (native-inputs
+       `(("gettext" ,gettext-minimal)
+         ("pkg-config" ,pkg-config)
+         ("qtlinguist" ,qttools)))
+      (inputs
+       `(("boost" ,boost)
+         ("chromaprint" ,chromaprint)
+         ("crypto++" ,crypto++)
+         ("fftw" ,fftw)
+         ("glib" ,glib)
+         ("glu" ,glu)
+         ("gstreamer" ,gstreamer)
+         ("gst-plugins-base" ,gst-plugins-base)
+         ("libcdio" ,libcdio)
+         ("libmygpo-qt" ,libmygpo-qt)
+         ("libechonest" ,libechonest)
+         ;; TODO: Package libgpod.
+         ("libmtp" ,libmtp)
+         ("libxml2" ,libxml2)
+         ("openssl" ,openssl)
+         ("protobuf" ,protobuf)
+         ("pulseaudio" ,pulseaudio)
+         ("qtbase" ,qtbase)
+         ("qtx11extras" ,qtx11extras)
+         ("qtwebkit" ,qtwebkit)
+         ("sqlite" ,sqlite-with-fts3)
+         ("sparsehash" ,sparsehash)
+         ("taglib" ,taglib)))
+      (home-page "http://clementine-player.org")
+      (synopsis "Music player and library organizer")
+      (description "Clementine is a multiplatform music player.  It is inspired
+by Amarok 1.4, focusing on a fast and easy-to-use interface for searching and
+playing your music.")
+      (license (list
+                 ;; clementine and qtiocompressor are under GPLv3.
+                 license:gpl3+
+                 ;; gmock is under BSD-3.
+                 license:bsd-3
+                 ;; qxt is under CPL1.0.
+                 license:cpl1.0
+                 ;; qsqlite and qtsingleapplication are under LGPL2.1+.
+                 license:lgpl2.1+
+                 ;; qocoa is under MIT and CC by-sa for the icons.
+                 license:cc-by-sa3.0)))))
+
 (define-public cmus
   (package
     (name "cmus")
@@ -508,19 +624,10 @@ audio and video).")
               (sha256
                (base32
                 "0hmcaywnwzjci3pp4xpvbijnnwvibz7gf9xzcdjbdca910y5728j"))))
-    (build-system gnu-build-system)
+    (build-system scons-build-system)
     (arguments
-     `(#:tests? #f ;no "check" target
-       #:phases
-       ;; TODO: Add scons-build-system and use it here.
-       (modify-phases %standard-phases
-         (delete 'configure)
-         (replace 'build
-                  (lambda* (#:key inputs outputs #:allow-other-keys)
-                    (let ((out (assoc-ref outputs "out")))
-                      (mkdir-p out)
-                      (zero? (system* "scons" (string-append "PREFIX=" out))))))
-         (replace 'install (lambda _ (zero? (system* "scons" "install")))))))
+     `(#:scons-flags (list (string-append "PREFIX=" %output))
+       #:tests? #f)) ;no "check" target
     (inputs
      `(("boost" ,boost)
        ("jack" ,jack-1)
@@ -529,9 +636,7 @@ audio and video).")
        ("liblo" ,liblo)
        ("rubberband" ,rubberband)))
     (native-inputs
-     `(("scons" ,scons)
-       ("python" ,python-2)
-       ("pkg-config" ,pkg-config)))
+     `(("pkg-config" ,pkg-config)))
     (home-page "http://das.nasophon.de/klick/")
     (synopsis "Metronome for JACK")
     (description
@@ -1090,7 +1195,7 @@ users to select LV2 plugins and run them with jalv.")
 (define-public synthv1
   (package
     (name "synthv1")
-    (version "0.8.4")
+    (version "0.8.5")
     (source (origin
               (method url-fetch)
               (uri
@@ -1098,7 +1203,7 @@ users to select LV2 plugins and run them with jalv.")
                               "/synthv1-" version ".tar.gz"))
               (sha256
                (base32
-                "0awk2zx0xa6vl6ah24zz0k2mwsx50hh5g1rh32mp790fp4x7l5s8"))))
+                "0mvrqk6jy7h2wg442ixwm49w7x15rs4066c2ljrz4kvxlzp5z69i"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; There are no tests.
@@ -1124,7 +1229,7 @@ oscillators and stereo effects.")
 (define-public drumkv1
   (package
     (name "drumkv1")
-    (version "0.8.4")
+    (version "0.8.5")
     (source (origin
               (method url-fetch)
               (uri
@@ -1132,7 +1237,7 @@ oscillators and stereo effects.")
                               "/drumkv1-" version ".tar.gz"))
               (sha256
                (base32
-                "0qqpklzy4wgw9jy0v2810j06712q90bwc69fp7da82536ba058a9"))))
+                "06xqqm1ylmpp2s7xk7xav325gc50kxlvh9vf1343b0n3i8xkgjfg"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; There are no tests.
@@ -1159,7 +1264,7 @@ effects.")
 (define-public samplv1
   (package
     (name "samplv1")
-    (version "0.8.4")
+    (version "0.8.5")
     (source (origin
               (method url-fetch)
               (uri
@@ -1167,7 +1272,7 @@ effects.")
                               "/samplv1-" version ".tar.gz"))
               (sha256
                (base32
-                "107p2xsj066q2bil0xcgqrrn7lawp02wzf7qmlajcbnd79jhsi6i"))))
+                "1gscwybsbaqbnylmgf2baf71cm2g7a0pd11rqmk3cz9hi3lyjric"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; There are no tests.
@@ -3083,16 +3188,30 @@ are a C compiler and glib.  Full API documentation and examples are included.")
      `(#:tests? #f ; no tests
        #:phases
        (modify-phases %standard-phases
-         (add-before
-          'configure 'set-ldflags
-          (lambda* (#:key outputs #:allow-other-keys)
-            (setenv "LDFLAGS"
-                    (string-append
-                     "-Wl,-rpath=\""
-                     (assoc-ref outputs "out") "/lib/lmms"
-                     ":"
-                     (assoc-ref outputs "out") "/lib/lmms/ladspa"
-                     "\"")))))))
+         (add-before 'configure 'set-ldflags
+           (lambda* (#:key outputs #:allow-other-keys)
+             (setenv "LDFLAGS"
+                     (string-append
+                      "-Wl,-rpath=\""
+                      (assoc-ref outputs "out") "/lib/lmms"
+                      ":"
+                      (assoc-ref outputs "out") "/lib/lmms/ladspa"
+                      "\""))
+             #t))
+         (add-before 'configure 'remove-Werror
+           (lambda _
+             (substitute* "CMakeLists.txt"
+               (("SET\\(WERROR_FLAGS \"\\$\\{WERROR_FLAGS\\} -Werror")
+                "SET(WERROR_FLAGS \"${WERROR_FLAGS}"))
+             #t))
+         (add-before 'reset-gzip-timestamps 'make-manpages-writable
+           (lambda* (#:key outputs #:allow-other-keys)
+             (map (lambda (file)
+                    (make-file-writable file))
+                  (find-files (string-append (assoc-ref outputs "out")
+                                             "/share/man")
+                              ".*\\.gz$"))
+             #t)))))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (inputs
@@ -3402,3 +3521,30 @@ the electronic or dubstep genre.")
 designed to make a developer's life easy when trying to use the APIs provided
 by The Echo Nest.")
     (license license:gpl2+)))
+
+(define-public libmygpo-qt
+  (package
+    (name "libmygpo-qt")
+    (version "1.0.9")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://stefan.derkits.at/files/"
+                                  "libmygpo-qt/libmygpo-qt." version ".tar.gz"))
+              (sha256
+               (base32
+                "1wsgh2vjnd52rkvpncj1ycpbp84sj9hh12ija46b42z9mmqf2jm4"))
+              (patches
+               (search-patches "libmygpo-qt-fix-jsoncreatortest.patch"))))
+    (build-system cmake-build-system)
+    (arguments
+     '(#:configure-flags '("-DBUILD_WITH_QT4=OFF")))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("qt" ,qtbase)))
+    (home-page "http://wiki.gpodder.org/wiki/Libmygpo-qt")
+    (synopsis "Qt/C++ library wrapping the gpodder web service")
+    (description "@code{libmygpo-qt} is a Qt/C++ library wrapping the
+@url{https://gpodder.net} APIs.  It allows applications to discover, manage
+and track podcasts.")
+    (license license:lgpl2.1+)))
diff --git a/gnu/packages/musl.scm b/gnu/packages/musl.scm
index dbb8c4856f..7c78d29385 100644
--- a/gnu/packages/musl.scm
+++ b/gnu/packages/musl.scm
@@ -27,14 +27,14 @@
 (define-public musl
   (package
     (name "musl")
-    (version "1.1.17")
+    (version "1.1.18")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://www.musl-libc.org/releases/"
                                   name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0r0lyp2w6v2bvm8h1si7w3p2qx037szl14qnxm5p00568z3m3an8"))))
+                "0651lnj5spckqjf83nz116s8qhhydgqdy3rkl4icbh5f05fyw5yh"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f  ; Musl has no tests
diff --git a/gnu/packages/nano.scm b/gnu/packages/nano.scm
index b8acaa27ef..c96c74bdcf 100644
--- a/gnu/packages/nano.scm
+++ b/gnu/packages/nano.scm
@@ -29,7 +29,7 @@
 (define-public nano
   (package
     (name "nano")
-    (version "2.9.0")
+    (version "2.9.1")
     (source
      (origin
       (method url-fetch)
@@ -37,7 +37,7 @@
                           version ".tar.xz"))
       (sha256
        (base32
-        "17hjgvig59a2ha2b0494bprrci3d33sayjqvxjhsnlzgr8whrlyj"))))
+        "0z5sxji8jh8sh0g3inbzndhsrbm4qyqlvjrxl5wkxbr61lnxa5k3"))))
     (build-system gnu-build-system)
     (inputs
      `(("gettext" ,gettext-minimal)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 1f4906b7b5..c60f255c3d 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -489,7 +489,7 @@ which can be used to encrypt a password with @code{crypt(3)}.")
 (define-public wireshark
   (package
     (name "wireshark")
-    (version "2.4.2")
+    (version "2.4.3")
     (source
      (origin
        (method url-fetch)
@@ -497,7 +497,7 @@ which can be used to encrypt a password with @code{crypt(3)}.")
                            version ".tar.xz"))
        (sha256
         (base32
-         "0zglapd3sz08p2z9x8a5va3jnz17b3n5a1bskf7f2dgx6m3v5b6i"))))
+         "0bpiby916k3k8bm7q8b1dflva6zs0a4ircskrck0d538dfcrb50q"))))
     (build-system gnu-build-system)
     (inputs `(("c-ares" ,c-ares)
               ("glib" ,glib)
@@ -1536,3 +1536,34 @@ at the IP layer and link layer, as well as a host of supplementary
 functionality.  Using libnet, quick and simple packet assembly applications
 can be whipped up with little effort.")
     (license license:bsd-2)))
+
+(define-public mtr
+  (package
+    (name "mtr")
+    (version "0.92")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "ftp://ftp.bitwizard.nl/" name "/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32 "10j3ds3p27jygys4x08kj8fi3zlsgiv72xsfazkah6plwawrv5zj"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("libcap" ,libcap)
+       ("ncurses" ,ncurses)))
+    (native-inputs
+     ;; The 0.92 release tarball still requires the ‘autoheader’ tool.
+     `(("autoconf" ,autoconf)))
+    (arguments
+     `(#:tests? #f))                    ; tests require network access
+    (home-page "https://www.bitwizard.nl/mtr/")
+    (synopsis "Network diagnostic tool")
+    (description
+     "@dfn{mtr} (My TraceRoute) combines the functionality of the
+@command{traceroute} and @command{ping} programs in a single network diagnostic
+tool.  @command{mtr} can use several network protocols to detect intermediate
+routers (or @dfn{hops}) between the local host and a user-specified destination.
+It then continually measures the response time and packet loss at each hop, and
+displays the results in real time.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index e354130ad2..fade8b23da 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015, 2016 David Thompson <davet@gnu.org>
 ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Mike Gerwitz <mtg@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -40,14 +41,18 @@
 (define-public node
   (package
     (name "node")
-    (version "8.7.0")
+    (version "8.9.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://nodejs.org/dist/v" version
                                   "/node-v" version ".tar.gz"))
               (sha256
                (base32
-                "1a0ginagx3pav6v7adyp76jisia4qgbsq6pz3als4kshwlk4a667"))))
+                "1qbiz7hgwlirhwpd71c8yzcbwsyi5bjlfp6lxb6v55j6rizinj9j"))
+              ;; See https://github.com/nodejs/node/issues/16688
+              ;; Remove this next update (>8.9.1).
+              (patches
+                (search-patches "node-test-http2-server-rst-stream.patch"))))
     (build-system gnu-build-system)
     (arguments
      ;; TODO: Purge the bundled copies from the source.
@@ -76,6 +81,10 @@
                (("'/usr/bin/env'")
                 (string-append "'" (which "env") "'")))
 
+
+             ;; test-make-doc needs doc-only target, which is inhibited below
+             (for-each delete-file
+                       '("test/doctool/test-make-doc.js"))
              ;; FIXME: This test seems to depends on files that are not
              ;; available in the bundled v8. See
              ;; https://github.com/nodejs/node/issues/13344
@@ -88,12 +97,12 @@
                          "test/parallel/test-util-inspect.js"
                          "test/parallel/test-v8-serdes.js"
                          "test/parallel/test-dgram-membership.js"
-                         "test/parallel/test-dgram-multicast-set-interface-lo.js"
                          "test/parallel/test-dns-cancel-reverse-lookup.js"
                          "test/parallel/test-dns-resolveany.js"
                          "test/parallel/test-cluster-master-error.js"
                          "test/parallel/test-cluster-master-kill.js"
                          "test/parallel/test-npm-install.js"
+                         "test/parallel/test-regress-GH-746.js"
                          "test/sequential/test-child-process-emfile.js"
                          "test/sequential/test-benchmark-child-process.js"
                          "test/sequential/test-http-regr-gh-2928.js"))
@@ -115,6 +124,14 @@
                              (string-append (assoc-ref inputs "python")
                                             "/bin/python")
                              "configure" flags)))))
+         (add-before 'check 'skip-check-doc-only
+           (lambda _
+             (substitute* "Makefile"
+               ;; requires js-yaml, which is not part of the distribution,
+               ;; and falls back to using npm to download it
+               (("\\$\\(MAKE\\) doc-only" all)
+                (string-append "#" all)))
+             #t))
          (add-after 'patch-shebangs 'patch-npm-shebang
            (lambda* (#:key outputs #:allow-other-keys)
              (let* ((bindir (string-append (assoc-ref outputs "out")
diff --git a/gnu/packages/ntp.scm b/gnu/packages/ntp.scm
index f77eab4799..d270f513dc 100644
--- a/gnu/packages/ntp.scm
+++ b/gnu/packages/ntp.scm
@@ -98,15 +98,17 @@ computers over a network.")
 (define-public openntpd
   (package
     (name "openntpd")
-    (version "6.2p2")
+    (version "6.2p3")
     (source (origin
               (method url-fetch)
               (uri (string-append
                     "mirror://openbsd/OpenNTPD/" name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1chghbh1bnwhxdgkqki51w94nwvlyj1a9q8716r4v2h0gc9s822q"))))
+                "0fn12i4kzsi0zkr4qp3dp9bycmirnfapajqvdfx02zhr4hanj0kv"))))
     (build-system gnu-build-system)
+    (inputs
+     `(("libressl" ,libressl))) ; enable TLS time constraints. See ntpd.conf(5).
     (home-page "http://www.openntpd.org/")
     (synopsis "NTP client and server by the OpenBSD Project")
     (description "OpenNTPD is the OpenBSD Project's implementation of a client
diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm
index fbcb1def4d..24787fbde7 100644
--- a/gnu/packages/ocaml.scm
+++ b/gnu/packages/ocaml.scm
@@ -3964,7 +3964,7 @@ provides BigN, BigZ, BigQ that used to be part of Coq standard library.")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://gforge.inria.fr/frs/download.php/"
-                                  "file/36538/interval-" version ".tar.gz"))
+                                  "file/37077/interval-" version ".tar.gz"))
               (sha256
                (base32
                 "08fdcf3hbwqphglvwprvqzgkg0qbimpyhnqsgv3gac4y1ap0f903"))))
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 7c1d42c75c..ed6b5c29ac 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -64,6 +64,7 @@
   #:use-module (gnu packages ssh)
   #:use-module (gnu packages vim)
   #:use-module (gnu packages serialization)
+  #:use-module (gnu packages acl)
   #:use-module (srfi srfi-1)
   #:use-module (ice-9 match))
 
@@ -86,8 +87,8 @@
   ;; Note: the 'update-guix-package.scm' script expects this definition to
   ;; start precisely like this.
   (let ((version "0.13.0")
-        (commit "ff23b47dbee038236386ddc2ed2fff4c77ad3aa1")
-        (revision 9))
+        (commit "3fb6464ba43141b671481ce5ba158b6e6d1badfe")
+        (revision 13))
     (package
       (name "guix")
 
@@ -103,7 +104,7 @@
                       (commit commit)))
                 (sha256
                  (base32
-                  "19y39fm4bjvq4rz3360p8avxpsmflsgrz83l8ig49819a38qs6zm"))
+                  "0nx3nvr3myjhg7zyyrvxfs63ddmb7yv0ndzn1dq4gp2is65n3krr"))
                 (file-name (string-append "guix-" version "-checkout"))))
       (build-system gnu-build-system)
       (arguments
@@ -143,6 +144,12 @@
                                     (chmod po #o666))
                                   (find-files "." "\\.po$"))
 
+                        (patch-shebang "build-aux/git-version-gen")
+
+                        (call-with-output-file ".tarball-version"
+                          (lambda (port)
+                            (display ,version port)))
+
                         (zero? (system* "sh" "bootstrap"))))
                     (add-before
                         'configure 'copy-bootstrap-guile
@@ -170,8 +177,7 @@
                         (copy "armhf")
                         (copy "aarch64")
                         #t))
-                    (add-after
-                        'unpack 'disable-container-tests
+                    (add-after 'unpack 'disable-failing-tests
                       ;; XXX FIXME: These tests fail within the build container.
                       (lambda _
                         (substitute* "tests/syscalls.scm"
@@ -193,15 +199,17 @@
                         #t))
                     (add-after 'install 'wrap-program
                       (lambda* (#:key inputs outputs #:allow-other-keys)
-                        ;; Make sure the 'guix' command finds GnuTLS and
-                        ;; Guile-JSON automatically.
+                        ;; Make sure the 'guix' command finds GnuTLS,
+                        ;; Guile-JSON, and Guile-Git automatically.
                         (let* ((out    (assoc-ref outputs "out"))
                                (guile  (assoc-ref inputs "guile"))
                                (json   (assoc-ref inputs "guile-json"))
                                (git    (assoc-ref inputs "guile-git"))
+                               (bs     (assoc-ref inputs
+                                                  "guile-bytestructures"))
                                (ssh    (assoc-ref inputs "guile-ssh"))
                                (gnutls (assoc-ref inputs "gnutls"))
-                               (deps   (list json gnutls git ssh))
+                               (deps   (list json gnutls git bs ssh))
                                (effective
                                 (read-line
                                  (open-pipe* OPEN_READ
@@ -502,7 +510,6 @@ transactions from C or Python.")
     (build-system python-build-system)
     (arguments
      `(#:phases (modify-phases %standard-phases
-                  (add-before 'unpack 'n (lambda _ #t))
                   ;; setup.py mistakenly requires python-magic from PyPi, even
                   ;; though the Python bindings of `file` are sufficient.
                   ;; https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815844
@@ -517,8 +524,15 @@ transactions from C or Python.")
                          (string-append "['" (which "xxd") "',")))
                       (substitute* "diffoscope/comparators/elf.py"
                         (("@tool_required\\('readelf'\\)") "")
-                        (("\\['readelf',")
-                         (string-append "['" (which "readelf") "',")))
+                        (("get_tool_name\\('readelf'\\)")
+                         (string-append "'" (which "readelf") "'")))
+                      (substitute* "diffoscope/comparators/directory.py"
+                        (("@tool_required\\('stat'\\)") "")
+                        (("@tool_required\\('getfacl'\\)") "")
+                        (("\\['stat',")
+                         (string-append "['" (which "stat") "',"))
+                        (("\\['getfacl',")
+                         (string-append "['" (which "getfacl") "',")))
                       #t))
                   (add-before 'check 'delete-failing-test
                     (lambda _
@@ -529,6 +543,7 @@ transactions from C or Python.")
               ("python-debian" ,python-debian)
               ("python-libarchive-c" ,python-libarchive-c)
               ("python-tlsh" ,python-tlsh)
+              ("acl" ,acl)                        ;for getfacl
               ("colordiff" ,colordiff)
               ("xxd" ,xxd)
 
diff --git a/gnu/packages/parallel.scm b/gnu/packages/parallel.scm
index bbed52544e..0e7b78fb78 100644
--- a/gnu/packages/parallel.scm
+++ b/gnu/packages/parallel.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
+;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -45,7 +46,7 @@
 (define-public parallel
   (package
     (name "parallel")
-    (version "20171022")
+    (version "20171122")
     (source
      (origin
       (method url-fetch)
@@ -53,7 +54,7 @@
                           version ".tar.bz2"))
       (sha256
        (base32
-        "18pq10npl7g764ww7cy9r5n5s3kiy984jclf932qfgndcxsbpqpp"))))
+        "19l2r8zzh8jyb76r3ksfq9y3r8fg07xw31h0dq1d7jpf73fnmd21"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm
index a75881701a..64168cc9d6 100644
--- a/gnu/packages/password-utils.scm
+++ b/gnu/packages/password-utils.scm
@@ -13,6 +13,7 @@
 ;;; Copyright © 2017 Jelle Licht <jlicht@fsfe.org>
 ;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2017 Nicolas Goaziou <mail@nicolasgoaziou.fr>
+;;; Copyright © 2017 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -86,7 +87,7 @@ human.")
 (define-public keepassxc
   (package
     (name "keepassxc")
-    (version "2.2.1")
+    (version "2.2.2")
     (source
      (origin
        (method url-fetch)
@@ -95,7 +96,7 @@ human.")
                            version "-src.tar.xz"))
        (sha256
         (base32
-         "1gkxsv3g4pkzbjkd1c27k15m2b5y2fqnnijphnaiv542yk7csqb7"))))
+         "0wrl8kxb16wzdgfjj057yv18cfg0b8z8lxp1fl2q8fkdgr7phm9g"))))
     (build-system cmake-build-system)
     (inputs
      `(("libgcrypt" ,libgcrypt)
diff --git a/gnu/packages/patches/bazaar-CVE-2017-14176.patch b/gnu/packages/patches/bazaar-CVE-2017-14176.patch
new file mode 100644
index 0000000000..0e9083b97d
--- /dev/null
+++ b/gnu/packages/patches/bazaar-CVE-2017-14176.patch
@@ -0,0 +1,166 @@
+Fix CVE-2017-14176:
+
+https://bugs.launchpad.net/bzr/+bug/1710979
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14176
+
+Patch copied from Debian's Bazaar package version bzr_2.7.0+bzr6619-7+deb9u1:
+
+https://alioth.debian.org/scm/loggerhead/pkg-bazaar/bzr/2.7/revision/4204
+
+Description: Prevent SSH command line options from being specified in bzr+ssh:// URLs
+Bug: https://bugs.launchpad.net/brz/+bug/1710979
+Bug-Debian: https://bugs.debian.org/874429
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-14176
+Forwarded: no
+Author: Jelmer Vernooij <jelmer@jelmer.uk>
+Last-Update: 2017-11-26
+
+=== modified file 'bzrlib/tests/test_ssh_transport.py'
+--- old/bzrlib/tests/test_ssh_transport.py	2010-10-07 12:45:51 +0000
++++ new/bzrlib/tests/test_ssh_transport.py	2017-08-20 01:59:20 +0000
+@@ -22,6 +22,7 @@
+     SSHCorpSubprocessVendor,
+     LSHSubprocessVendor,
+     SSHVendorManager,
++    StrangeHostname,
+     )
+ 
+ 
+@@ -161,6 +162,19 @@
+ 
+ class SubprocessVendorsTests(TestCase):
+ 
++    def test_openssh_command_tricked(self):
++        vendor = OpenSSHSubprocessVendor()
++        self.assertEqual(
++            vendor._get_vendor_specific_argv(
++                "user", "-oProxyCommand=blah", 100, command=["bzr"]),
++            ["ssh", "-oForwardX11=no", "-oForwardAgent=no",
++                "-oClearAllForwardings=yes",
++                "-oNoHostAuthenticationForLocalhost=yes",
++                "-p", "100",
++                "-l", "user",
++                "--",
++                "-oProxyCommand=blah", "bzr"])
++
+     def test_openssh_command_arguments(self):
+         vendor = OpenSSHSubprocessVendor()
+         self.assertEqual(
+@@ -171,6 +185,7 @@
+                 "-oNoHostAuthenticationForLocalhost=yes",
+                 "-p", "100",
+                 "-l", "user",
++                "--",
+                 "host", "bzr"]
+             )
+ 
+@@ -184,9 +199,16 @@
+                 "-oNoHostAuthenticationForLocalhost=yes",
+                 "-p", "100",
+                 "-l", "user",
+-                "-s", "host", "sftp"]
++                "-s", "--", "host", "sftp"]
+             )
+ 
++    def test_openssh_command_tricked(self):
++        vendor = SSHCorpSubprocessVendor()
++        self.assertRaises(
++            StrangeHostname,
++            vendor._get_vendor_specific_argv,
++                "user", "-oProxyCommand=host", 100, command=["bzr"])
++
+     def test_sshcorp_command_arguments(self):
+         vendor = SSHCorpSubprocessVendor()
+         self.assertEqual(
+@@ -209,6 +231,13 @@
+                 "-s", "sftp", "host"]
+             )
+ 
++    def test_lsh_command_tricked(self):
++        vendor = LSHSubprocessVendor()
++        self.assertRaises(
++            StrangeHostname,
++            vendor._get_vendor_specific_argv,
++                "user", "-oProxyCommand=host", 100, command=["bzr"])
++
+     def test_lsh_command_arguments(self):
+         vendor = LSHSubprocessVendor()
+         self.assertEqual(
+@@ -231,6 +260,13 @@
+                 "--subsystem", "sftp", "host"]
+             )
+ 
++    def test_plink_command_tricked(self):
++        vendor = PLinkSubprocessVendor()
++        self.assertRaises(
++            StrangeHostname,
++            vendor._get_vendor_specific_argv,
++                "user", "-oProxyCommand=host", 100, command=["bzr"])
++
+     def test_plink_command_arguments(self):
+         vendor = PLinkSubprocessVendor()
+         self.assertEqual(
+
+=== modified file 'bzrlib/transport/ssh.py'
+--- old/bzrlib/transport/ssh.py	2015-07-31 01:04:41 +0000
++++ new/bzrlib/transport/ssh.py	2017-08-20 01:59:20 +0000
+@@ -46,6 +46,10 @@
+     from paramiko.sftp_client import SFTPClient
+ 
+ 
++class StrangeHostname(errors.BzrError):
++    _fmt = "Refusing to connect to strange SSH hostname %(hostname)s"
++
++
+ SYSTEM_HOSTKEYS = {}
+ BZR_HOSTKEYS = {}
+ 
+@@ -360,6 +364,11 @@
+     # tests, but beware of using PIPE which may hang due to not being read.
+     _stderr_target = None
+ 
++    @staticmethod
++    def _check_hostname(arg):
++        if arg.startswith('-'):
++            raise StrangeHostname(hostname=arg)
++
+     def _connect(self, argv):
+         # Attempt to make a socketpair to use as stdin/stdout for the SSH
+         # subprocess.  We prefer sockets to pipes because they support
+@@ -424,9 +433,9 @@
+         if username is not None:
+             args.extend(['-l', username])
+         if subsystem is not None:
+-            args.extend(['-s', host, subsystem])
++            args.extend(['-s', '--', host, subsystem])
+         else:
+-            args.extend([host] + command)
++            args.extend(['--', host] + command)
+         return args
+ 
+ register_ssh_vendor('openssh', OpenSSHSubprocessVendor())
+@@ -439,6 +448,7 @@
+ 
+     def _get_vendor_specific_argv(self, username, host, port, subsystem=None,
+                                   command=None):
++        self._check_hostname(host)
+         args = [self.executable_path, '-x']
+         if port is not None:
+             args.extend(['-p', str(port)])
+@@ -460,6 +470,7 @@
+ 
+     def _get_vendor_specific_argv(self, username, host, port, subsystem=None,
+                                   command=None):
++        self._check_hostname(host)
+         args = [self.executable_path]
+         if port is not None:
+             args.extend(['-p', str(port)])
+@@ -481,6 +492,7 @@
+ 
+     def _get_vendor_specific_argv(self, username, host, port, subsystem=None,
+                                   command=None):
++        self._check_hostname(host)
+         args = [self.executable_path, '-x', '-a', '-ssh', '-2', '-batch']
+         if port is not None:
+             args.extend(['-P', str(port)])
+
diff --git a/gnu/packages/patches/clementine-use-openssl.patch b/gnu/packages/patches/clementine-use-openssl.patch
new file mode 100644
index 0000000000..1fbf3d2b8a
--- /dev/null
+++ b/gnu/packages/patches/clementine-use-openssl.patch
@@ -0,0 +1,67 @@
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 4022c383b..3202b8b69 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -83,6 +83,7 @@ pkg_check_modules(LIBPULSE libpulse)
+ pkg_check_modules(LIBXML libxml-2.0)
+ pkg_check_modules(SPOTIFY libspotify>=12.1.45)
+ pkg_check_modules(TAGLIB REQUIRED taglib>=1.6)
++pkg_check_modules(OPENSSL REQUIRED openssl)
+ 
+ if (WIN32)
+   find_package(ZLIB REQUIRED)
+@@ -381,20 +382,6 @@ if(GMOCK_INCLUDE_DIRS)
+   endif(GTEST_INCLUDE_DIRS)
+ endif(GMOCK_INCLUDE_DIRS)
+ 
+-# Use the system's sha2 if it's available.
+-find_path(SHA2_INCLUDE_DIRS sha2.h)
+-find_library(SHA2_LIBRARIES sha2)
+-if(SHA2_LIBRARIES AND SHA2_INCLUDE_DIRS)
+-  message(STATUS "Using system sha2 library")
+-  set(USE_SYSTEM_SHA2 ON)
+-else()
+-  message(STATUS "Using builtin sha2 library")
+-  set(USE_SYSTEM_SHA2 OFF)
+-  add_subdirectory(3rdparty/sha2)
+-  set(SHA2_INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/sha2)
+-  set(SHA2_LIBRARIES sha2)
+-endif()
+-
+ # Use the system libmygpo-qt5 if a recent enough version was found
+ if(LIBMYGPO_QT5_FOUND)
+   set(MYGPOQT5_LIBRARIES ${LIBMYGPO_QT5_LIBRARIES})
+diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
+index 6e24c9726..104d044d9 100644
+--- a/src/CMakeLists.txt
++++ b/src/CMakeLists.txt
+@@ -29,7 +29,6 @@ include_directories(${LIBPROJECTM_INCLUDE_DIRS})
+ include_directories(${QTSINGLEAPPLICATION_INCLUDE_DIRS})
+ include_directories(${QTIOCOMPRESSOR_INCLUDE_DIRS})
+ include_directories(${QXT_INCLUDE_DIRS})
+-include_directories(${SHA2_INCLUDE_DIRS})
+ include_directories(${CHROMAPRINT_INCLUDE_DIRS})
+ include_directories(${MYGPOQT5_INCLUDE_DIRS})
+ 
+@@ -1223,7 +1222,7 @@ target_link_libraries(clementine_lib
+   libclementine-common
+   libclementine-tagreader
+   libclementine-remote
+-  ${SHA2_LIBRARIES}
++  ${OPENSSL_LIBRARIES}
+   ${TAGLIB_LIBRARIES}
+   ${MYGPOQT5_LIBRARIES}
+   ${CHROMAPRINT_LIBRARIES}
+diff --git a/src/core/utilities.cpp b/src/core/utilities.cpp
+index ce76f22da..80bf623fb 100644
+--- a/src/core/utilities.cpp
++++ b/src/core/utilities.cpp
+@@ -52,7 +52,7 @@
+ #include "config.h"
+ #include "timeconstants.h"
+ 
+-#include "sha2.h"
++#include <openssl/sha.h>
+ 
+ #if defined(Q_OS_UNIX)
+ #include <sys/statvfs.h>
diff --git a/gnu/packages/patches/dtc-32-bits-check.patch b/gnu/packages/patches/dtc-32-bits-check.patch
new file mode 100644
index 0000000000..cf15be3404
--- /dev/null
+++ b/gnu/packages/patches/dtc-32-bits-check.patch
@@ -0,0 +1,134 @@
+This fixes tests on 32 bits platforms. Patch taken from upstream.
+
+commit f8872e29ce06d78d3db71b3ab26a7465fc8a9586
+Author: David Gibson <david@gibson.dropbear.id.au>
+Date:   Fri Oct 6 23:07:30 2017 +1100
+
+    tests: Avoid 64-bit arithmetic in assembler
+    
+    For testing we (ab)use the assembler to build us a sample dtb, independent
+    of the other tools (dtc and libfdt) that we're trying to test.  In a few
+    places this uses 64-bit arithmetic to decompose 64-bit constants into
+    the individual bytes in the blob.
+    
+    Unfortunately, it seems that some builds of GNU as don't support >32 bit
+    arithmetic, though it's not entirely clear to me which do and which don't
+    (Fedora i386 does support 64-bit, Debian arm32 doesn't).
+    
+    Anyway, to be safe, this avoids 64-bit arithmetic in assembler at the cost
+    of some extra awkwardness because we have to define the values in 32-bit
+    halves.
+    
+    Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
+
+diff --git a/tests/testdata.h b/tests/testdata.h
+index 3588778..f6bbe1d 100644
+--- a/tests/testdata.h
++++ b/tests/testdata.h
+@@ -4,15 +4,25 @@
+ #define ASM_CONST_LL(x)	(x##ULL)
+ #endif
+ 
+-#define TEST_ADDR_1	ASM_CONST_LL(0xdeadbeef00000000)
+-#define TEST_SIZE_1	ASM_CONST_LL(0x100000)
+-#define TEST_ADDR_2	ASM_CONST_LL(123456789)
+-#define TEST_SIZE_2	ASM_CONST_LL(010000)
++#define TEST_ADDR_1H	ASM_CONST_LL(0xdeadbeef)
++#define TEST_ADDR_1L	ASM_CONST_LL(0x00000000)
++#define TEST_ADDR_1	((TEST_ADDR_1H << 32) | TEST_ADDR_1L)
++#define TEST_SIZE_1H	ASM_CONST_LL(0x00000000)
++#define TEST_SIZE_1L	ASM_CONST_LL(0x00100000)
++#define TEST_SIZE_1	((TEST_SIZE_1H << 32) | TEST_SIZE_1L)
++#define TEST_ADDR_2H	ASM_CONST_LL(0)
++#define TEST_ADDR_2L	ASM_CONST_LL(123456789)
++#define TEST_ADDR_2	((TEST_ADDR_2H << 32) | TEST_ADDR_2L)
++#define TEST_SIZE_2H	ASM_CONST_LL(0)
++#define TEST_SIZE_2L	ASM_CONST_LL(010000)
++#define TEST_SIZE_2	((TEST_SIZE_2H << 32) | TEST_SIZE_2L)
+ 
+ #define TEST_VALUE_1	0xdeadbeef
+ #define TEST_VALUE_2	123456789
+ 
+-#define TEST_VALUE64_1	ASM_CONST_LL(0xdeadbeef01abcdef)
++#define TEST_VALUE64_1H	ASM_CONST_LL(0xdeadbeef)
++#define TEST_VALUE64_1L	ASM_CONST_LL(0x01abcdef)
++#define TEST_VALUE64_1	((TEST_VALUE64_1H << 32) | TEST_VALUE64_1L)
+ 
+ #define PHANDLE_1	0x2000
+ #define PHANDLE_2	0x2001
+diff --git a/tests/trees.S b/tests/trees.S
+index 9854d1d..9859914 100644
+--- a/tests/trees.S
++++ b/tests/trees.S
+@@ -7,16 +7,6 @@
+ 	.byte	((val) >> 8) & 0xff ; \
+ 	.byte	(val) & 0xff	;
+ 
+-#define FDTQUAD(val) \
+-	.byte	((val) >> 56) & 0xff ; \
+-	.byte	((val) >> 48) & 0xff ; \
+-	.byte	((val) >> 40) & 0xff ; \
+-	.byte	((val) >> 32) & 0xff ; \
+-	.byte	((val) >> 24) & 0xff ; \
+-	.byte	((val) >> 16) & 0xff ; \
+-	.byte	((val) >> 8) & 0xff ; \
+-	.byte	(val) & 0xff	;
+-
+ #define TREE_HDR(tree) \
+ 	.balign	8		; \
+ 	.globl	_##tree		; \
+@@ -33,14 +23,16 @@ tree:	\
+ 	FDTLONG(tree##_strings_end - tree##_strings) ; \
+ 	FDTLONG(tree##_struct_end - tree##_struct) ;
+ 
+-#define RSVMAP_ENTRY(addr, len) \
+-	FDTQUAD(addr)		; \
+-	FDTQUAD(len)		; \
++#define RSVMAP_ENTRY(addrh, addrl, lenh, lenl) \
++	FDTLONG(addrh)		; \
++	FDTLONG(addrl)		; \
++	FDTLONG(lenh)		; \
++	FDTLONG(lenl)
+ 
+ #define EMPTY_RSVMAP(tree) \
+ 	.balign	8		; \
+ tree##_rsvmap:			; \
+-	RSVMAP_ENTRY(0, 0) \
++	RSVMAP_ENTRY(0, 0, 0, 0) \
+ tree##_rsvmap_end:		;
+ 
+ #define PROPHDR(tree, name, len) \
+@@ -52,9 +44,10 @@ tree##_rsvmap_end:		;
+ 	PROPHDR(tree, name, 4) \
+ 	FDTLONG(val)		;
+ 
+-#define PROP_INT64(tree, name, val) \
++#define PROP_INT64(tree, name, valh, vall) \
+ 	PROPHDR(tree, name, 8) \
+-	FDTQUAD(val)		;
++	FDTLONG(valh)		; \
++	FDTLONG(vall)		;
+ 
+ #define PROP_STR(tree, name, str) \
+ 	PROPHDR(tree, name, 55f - 54f) \
+@@ -81,16 +74,16 @@ tree##_##name:			; \
+ 
+ 	.balign	8
+ test_tree1_rsvmap:
+-	RSVMAP_ENTRY(TEST_ADDR_1, TEST_SIZE_1)
+-	RSVMAP_ENTRY(TEST_ADDR_2, TEST_SIZE_2)
+-	RSVMAP_ENTRY(0, 0)
++	RSVMAP_ENTRY(TEST_ADDR_1H, TEST_ADDR_1L, TEST_SIZE_1H, TEST_SIZE_1L)
++	RSVMAP_ENTRY(TEST_ADDR_2H, TEST_ADDR_2L, TEST_SIZE_2H, TEST_SIZE_2L)
++	RSVMAP_ENTRY(0, 0, 0, 0)
+ test_tree1_rsvmap_end:
+ 
+ test_tree1_struct:
+ 	BEGIN_NODE("")
+ 	PROP_STR(test_tree1, compatible, "test_tree1")
+ 	PROP_INT(test_tree1, prop_int, TEST_VALUE_1)
+-	PROP_INT64(test_tree1, prop_int64, TEST_VALUE64_1)
++	PROP_INT64(test_tree1, prop_int64, TEST_VALUE64_1H, TEST_VALUE64_1L)
+ 	PROP_STR(test_tree1, prop_str, TEST_STRING_1)
+ 	PROP_INT(test_tree1, address_cells, 1)
+ 	PROP_INT(test_tree1, size_cells, 0)
diff --git a/gnu/packages/patches/dtc-format-modifier.patch b/gnu/packages/patches/dtc-format-modifier.patch
new file mode 100644
index 0000000000..c33d16857f
--- /dev/null
+++ b/gnu/packages/patches/dtc-format-modifier.patch
@@ -0,0 +1,38 @@
+This fixes build on 32 bits platforms. This patch is taken from upstream.
+
+commit 497432fd2131967f349e69dc5d259072151cc4b4
+Author: Thierry Reding <treding@nvidia.com>
+Date:   Wed Sep 27 15:04:09 2017 +0200
+
+    checks: Use proper format modifier for size_t
+    
+    The size of size_t can vary between architectures, so using %ld isn't
+    going to work on 32-bit builds. Use the %zu modifier to make sure it is
+    always correct.
+    
+    Signed-off-by: Thierry Reding <treding@nvidia.com>
+    Acked-by: Rob Herring <robh@kernel.org>
+    Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
+
+diff --git a/checks.c b/checks.c
+index 902f2e3..08a3a29 100644
+--- a/checks.c
++++ b/checks.c
+@@ -972,7 +972,7 @@ static void check_property_phandle_args(struct check *c,
+ 	int cell, cellsize = 0;
+ 
+ 	if (prop->val.len % sizeof(cell_t)) {
+-		FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %ld in node %s",
++		FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %zu in node %s",
+ 		     prop->name, prop->val.len, sizeof(cell_t), node->fullpath);
+ 		return;
+ 	}
+@@ -1163,7 +1163,7 @@ static void check_interrupts_property(struct check *c,
+ 		return;
+ 
+ 	if (irq_prop->val.len % sizeof(cell_t))
+-		FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %ld in node %s",
++		FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %zu in node %s",
+ 		     irq_prop->name, irq_prop->val.len, sizeof(cell_t),
+ 		     node->fullpath);
+ 
diff --git a/gnu/packages/patches/emacs-highlight-stages-add-gexp.patch b/gnu/packages/patches/emacs-highlight-stages-add-gexp.patch
new file mode 100644
index 0000000000..931355b4fe
--- /dev/null
+++ b/gnu/packages/patches/emacs-highlight-stages-add-gexp.patch
@@ -0,0 +1,26 @@
+Copyright © 2017 Oleg Pykhalov <go.wigust@gmail.com>
+Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
+
+This patch adds highlighting for (guix) G-Expressions.
+
+diff --git a/highlight-stages.el b/highlight-stages.el
+index 3094c3c..e11260e 100644
+--- a/highlight-stages.el
++++ b/highlight-stages.el
+@@ -237,14 +237,14 @@ non-nil, (match-string 0) must be the expression matched."
+ 
+ (defun highlight-stages-lisp-quote-matcher (&optional limit)
+   (when (highlight-stages--search-forward-regexp
+-         "\\(?:`\\|\\(#?'\\)\\)\\|([\s\t\n]*\\(?:backquote\\|\\(quote\\)\\)[\s\t\n]+" limit)
++         "\\(?:`\\|\\(#?'\\)\\)\\|([\s\t\n]*\\(?:backquote\\|\\(quote\\)\\)[\s\t\n]+\\|\\(?:#~\\)\\|([\s\t\n]*\\(?:gexp\\)[\s\t\n]+" limit)
+     (prog1 (if (or (match-beginning 1) (match-beginning 2)) 'real t)
+       (set-match-data
+        (list (point)
+              (progn (ignore-errors (forward-sexp 1)) (point)))))))
+ 
+ (defun highlight-stages-lisp-escape-matcher (&optional limit)
+-  (when (highlight-stages--search-forward-regexp ",@?\\|([\s\t\n]*\\\\,@?+[\s\t\n]+" limit)
++  (when (highlight-stages--search-forward-regexp ",@?\\|([\s\t\n]*\\\\,@?+[\s\t\n]+\\|\\(unquote\\)\\|\\(unquote-splicing\\)\\|\\(ungexp-native\\)\\|\\(ungexp-splicing\\)\\|\\(ungexp-native-splicing\\)\\|\\(ungexp\\)\\|#\\$" limit)
+     (set-match-data
+      (list (point)
+            (progn (ignore-errors (forward-sexp 1)) (point))))
diff --git a/gnu/packages/patches/exim-CVE-2017-1000369.patch b/gnu/packages/patches/exim-CVE-2017-1000369.patch
deleted file mode 100644
index a67a8afb0e..0000000000
--- a/gnu/packages/patches/exim-CVE-2017-1000369.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-Fix CVE-2017-1000369:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000369
-https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
-
-Patch adapted from upstream source repository:
-
-https://git.exim.org/exim.git/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21
-
-From 65e061b76867a9ea7aeeb535341b790b90ae6c21 Mon Sep 17 00:00:00 2001
-From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
-Date: Wed, 31 May 2017 23:08:56 +0200
-Subject: [PATCH] Cleanup (prevent repeated use of -p/-oMr to avoid mem leak)
-
----
- doc/doc-docbook/spec.xfpt |  3 ++-
- src/src/exim.c            | 19 +++++++++++++++++--
- 2 files changed, 19 insertions(+), 3 deletions(-)
-
-diff --git a/src/src/exim.c b/src/src/exim.c
-index 67583e58..88e11977 100644
---- a/src/exim.c
-+++ b/src/exim.c
-@@ -3106,7 +3106,14 @@ for (i = 1; i < argc; i++)
- 
-       /* -oMr: Received protocol */
- 
--      else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i];
-+      else if (Ustrcmp(argrest, "Mr") == 0)
-+
-+        if (received_protocol)
-+          {
-+          fprintf(stderr, "received_protocol is set already\n");
-+          exit(EXIT_FAILURE);
-+          }
-+        else received_protocol = argv[++i];
- 
-       /* -oMs: Set sender host name */
- 
-@@ -3202,7 +3209,15 @@ for (i = 1; i < argc; i++)
- 
-     if (*argrest != 0)
-       {
--      uschar *hn = Ustrchr(argrest, ':');
-+      uschar *hn;
-+
-+      if (received_protocol)
-+        {
-+        fprintf(stderr, "received_protocol is set already\n");
-+        exit(EXIT_FAILURE);
-+        }
-+
-+      hn = Ustrchr(argrest, ':');
-       if (hn == NULL)
-         {
-         received_protocol = argrest;
--- 
-2.13.1
-
diff --git a/gnu/packages/patches/gcc-6-source-date-epoch-1.patch b/gnu/packages/patches/gcc-6-source-date-epoch-1.patch
new file mode 100644
index 0000000000..26f62bc9f1
--- /dev/null
+++ b/gnu/packages/patches/gcc-6-source-date-epoch-1.patch
@@ -0,0 +1,187 @@
+Make GCC respect SOURCE_DATE_EPOCH in __DATE__ and __TIME__ macros.
+
+Cherry-picked from upstream commit:
+
+https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=e3e8c48c4a494d9da741c1c8ea6c4c0b7c4ff934
+
+diff --git a/gcc/c-family/c-common.c b/gcc/c-family/c-common.c
+index 6cf8c610b4e..b5daea65ba7 100644
+--- a/gcc/c-family/c-common.c
++++ b/gcc/c-family/c-common.c
+@@ -12750,4 +12750,37 @@ valid_array_size_p (location_t loc, tree type, tree name)
+   return true;
+ }
+ 
++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic
++   timestamp to replace embedded current dates to get reproducible
++   results.  Returns -1 if SOURCE_DATE_EPOCH is not defined.  */
++time_t
++get_source_date_epoch ()
++{
++  char *source_date_epoch;
++  long long epoch;
++  char *endptr;
++
++  source_date_epoch = getenv ("SOURCE_DATE_EPOCH");
++  if (!source_date_epoch)
++    return (time_t) -1;
++
++  errno = 0;
++  epoch = strtoll (source_date_epoch, &endptr, 10);
++  if ((errno == ERANGE && (epoch == LLONG_MAX || epoch == LLONG_MIN))
++      || (errno != 0 && epoch == 0))
++    fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
++		 "strtoll: %s\n", xstrerror(errno));
++  if (endptr == source_date_epoch)
++    fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
++		 "no digits were found: %s\n", endptr);
++  if (*endptr != '\0')
++    fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
++		 "trailing garbage: %s\n", endptr);
++  if (epoch < 0)
++    fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
++		 "value must be nonnegative: %lld \n", epoch);
++
++  return (time_t) epoch;
++}
++
+ #include "gt-c-family-c-common.h"
+diff --git a/gcc/c-family/c-common.h b/gcc/c-family/c-common.h
+index dd74d0dd62e..c6e0ed12b55 100644
+--- a/gcc/c-family/c-common.h
++++ b/gcc/c-family/c-common.h
+@@ -1467,4 +1467,9 @@ extern bool reject_gcc_builtin (const_tree, location_t = UNKNOWN_LOCATION);
+ extern void warn_duplicated_cond_add_or_warn (location_t, tree, vec<tree> **);
+ extern bool valid_array_size_p (location_t, tree, tree);
+ 
++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic
++   timestamp to replace embedded current dates to get reproducible
++   results.  Returns -1 if SOURCE_DATE_EPOCH is not defined.  */
++extern time_t get_source_date_epoch (void);
++
+ #endif /* ! GCC_C_COMMON_H */
+diff --git a/gcc/c-family/c-lex.c b/gcc/c-family/c-lex.c
+index 96da4fc974e..bf1db6c0252 100644
+--- a/gcc/c-family/c-lex.c
++++ b/gcc/c-family/c-lex.c
+@@ -385,6 +385,9 @@ c_lex_with_flags (tree *value, location_t *loc, unsigned char *cpp_flags,
+   enum cpp_ttype type;
+   unsigned char add_flags = 0;
+   enum overflow_type overflow = OT_NONE;
++  time_t source_date_epoch = get_source_date_epoch ();
++
++  cpp_init_source_date_epoch (parse_in, source_date_epoch);
+ 
+   timevar_push (TV_CPP);
+  retry:
+diff --git a/gcc/doc/cppenv.texi b/gcc/doc/cppenv.texi
+index 22c8cb37624..e958e93e97e 100644
+--- a/gcc/doc/cppenv.texi
++++ b/gcc/doc/cppenv.texi
+@@ -79,4 +79,21 @@ main input file is omitted.
+ @ifclear cppmanual
+ @xref{Preprocessor Options}.
+ @end ifclear
++
++@item SOURCE_DATE_EPOCH
++
++If this variable is set, its value specifies a UNIX timestamp to be
++used in replacement of the current date and time in the @code{__DATE__}
++and @code{__TIME__} macros, so that the embedded timestamps become
++reproducible.
++
++The value of @env{SOURCE_DATE_EPOCH} must be a UNIX timestamp,
++defined as the number of seconds (excluding leap seconds) since
++01 Jan 1970 00:00:00 represented in ASCII, identical to the output of
++@samp{@command{date +%s}}.
++
++The value should be a known timestamp such as the last modification
++time of the source or package and it should be set by the build
++process.
++
+ @end vtable
+diff --git a/libcpp/include/cpplib.h b/libcpp/include/cpplib.h
+index 35b0375c09c..4998b3a8ab8 100644
+--- a/libcpp/include/cpplib.h
++++ b/libcpp/include/cpplib.h
+@@ -784,6 +784,9 @@ extern void cpp_init_special_builtins (cpp_reader *);
+ /* Set up built-ins like __FILE__.  */
+ extern void cpp_init_builtins (cpp_reader *, int);
+ 
++/* Initialize the source_date_epoch value.  */
++extern void cpp_init_source_date_epoch (cpp_reader *, time_t);
++
+ /* This is called after options have been parsed, and partially
+    processed.  */
+ extern void cpp_post_options (cpp_reader *);
+diff --git a/libcpp/init.c b/libcpp/init.c
+index 4343075ba85..f5ff85b3bae 100644
+--- a/libcpp/init.c
++++ b/libcpp/init.c
+@@ -533,8 +533,15 @@ cpp_init_builtins (cpp_reader *pfile, int hosted)
+     _cpp_define_builtin (pfile, "__OBJC__ 1");
+ }
+ 
++/* Initialize the source_date_epoch value.  */
++void
++cpp_init_source_date_epoch (cpp_reader *pfile, time_t source_date_epoch)
++{
++  pfile->source_date_epoch = source_date_epoch; 
++}
++
+ /* Sanity-checks are dependent on command-line options, so it is
+-   called as a subroutine of cpp_read_main_file ().  */
++   called as a subroutine of cpp_read_main_file.  */
+ #if CHECKING_P
+ static void sanity_checks (cpp_reader *);
+ static void sanity_checks (cpp_reader *pfile)
+diff --git a/libcpp/internal.h b/libcpp/internal.h
+index 9ce870738cc..e3eb26b1f27 100644
+--- a/libcpp/internal.h
++++ b/libcpp/internal.h
+@@ -502,6 +502,10 @@ struct cpp_reader
+   const unsigned char *date;
+   const unsigned char *time;
+ 
++  /* Externally set timestamp to replace current date and time useful for
++     reproducibility.  */
++  time_t source_date_epoch;
++
+   /* EOF token, and a token forcing paste avoidance.  */
+   cpp_token avoid_paste;
+   cpp_token eof;
+diff --git a/libcpp/macro.c b/libcpp/macro.c
+index c2515534504..c2a83764660 100644
+--- a/libcpp/macro.c
++++ b/libcpp/macro.c
+@@ -357,13 +357,20 @@ _cpp_builtin_macro_text (cpp_reader *pfile, cpp_hashnode *node,
+ 	  time_t tt;
+ 	  struct tm *tb = NULL;
+ 
+-	  /* (time_t) -1 is a legitimate value for "number of seconds
+-	     since the Epoch", so we have to do a little dance to
+-	     distinguish that from a genuine error.  */
+-	  errno = 0;
+-	  tt = time(NULL);
+-	  if (tt != (time_t)-1 || errno == 0)
+-	    tb = localtime (&tt);
++	  /* Set a reproducible timestamp for __DATE__ and __TIME__ macro
++	     usage if SOURCE_DATE_EPOCH is defined.  */
++	  if (pfile->source_date_epoch != (time_t) -1)
++	     tb = gmtime (&pfile->source_date_epoch);
++	  else
++	    {
++	      /* (time_t) -1 is a legitimate value for "number of seconds
++		 since the Epoch", so we have to do a little dance to
++		 distinguish that from a genuine error.  */
++	      errno = 0;
++	      tt = time (NULL);
++	      if (tt != (time_t)-1 || errno == 0)
++		tb = localtime (&tt);
++	    }
+ 
+ 	  if (tb)
+ 	    {
+-- 
+2.14.1
+
diff --git a/gnu/packages/patches/gcc-6-source-date-epoch-2.patch b/gnu/packages/patches/gcc-6-source-date-epoch-2.patch
new file mode 100644
index 0000000000..cd5b09867f
--- /dev/null
+++ b/gnu/packages/patches/gcc-6-source-date-epoch-2.patch
@@ -0,0 +1,346 @@
+Cherry-picked from upstream commit:
+
+https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=dfa5c0d3f3e23e4fdb14857a42de376d9ff8601c
+
+diff --git a/gcc/c-family/c-common.c b/gcc/c-family/c-common.c
+index b5daea65ba7..a4539da15ce 100644
+--- a/gcc/c-family/c-common.c
++++ b/gcc/c-family/c-common.c
+@@ -12753,8 +12753,9 @@ valid_array_size_p (location_t loc, tree type, tree name)
+ /* Read SOURCE_DATE_EPOCH from environment to have a deterministic
+    timestamp to replace embedded current dates to get reproducible
+    results.  Returns -1 if SOURCE_DATE_EPOCH is not defined.  */
++
+ time_t
+-get_source_date_epoch ()
++cb_get_source_date_epoch (cpp_reader *pfile ATTRIBUTE_UNUSED)
+ {
+   char *source_date_epoch;
+   long long epoch;
+@@ -12766,19 +12767,14 @@ get_source_date_epoch ()
+ 
+   errno = 0;
+   epoch = strtoll (source_date_epoch, &endptr, 10);
+-  if ((errno == ERANGE && (epoch == LLONG_MAX || epoch == LLONG_MIN))
+-      || (errno != 0 && epoch == 0))
+-    fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
+-		 "strtoll: %s\n", xstrerror(errno));
+-  if (endptr == source_date_epoch)
+-    fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
+-		 "no digits were found: %s\n", endptr);
+-  if (*endptr != '\0')
+-    fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
+-		 "trailing garbage: %s\n", endptr);
+-  if (epoch < 0)
+-    fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
+-		 "value must be nonnegative: %lld \n", epoch);
++  if (errno != 0 || endptr == source_date_epoch || *endptr != '\0'
++      || epoch < 0 || epoch > MAX_SOURCE_DATE_EPOCH)
++    {
++      error_at (input_location, "environment variable SOURCE_DATE_EPOCH must "
++	        "expand to a non-negative integer less than or equal to %wd",
++		MAX_SOURCE_DATE_EPOCH);
++      return (time_t) -1;
++    }
+ 
+   return (time_t) epoch;
+ }
+diff --git a/gcc/c-family/c-common.h b/gcc/c-family/c-common.h
+index c6e0ed12b55..44699f716e0 100644
+--- a/gcc/c-family/c-common.h
++++ b/gcc/c-family/c-common.h
+@@ -1084,6 +1084,16 @@ extern vec<tree, va_gc> *make_tree_vector_copy (const vec<tree, va_gc> *);
+    c_register_builtin_type.  */
+ extern GTY(()) tree registered_builtin_types;
+ 
++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic
++   timestamp to replace embedded current dates to get reproducible
++   results.  Returns -1 if SOURCE_DATE_EPOCH is not defined.  */
++extern time_t cb_get_source_date_epoch (cpp_reader *pfile);
++
++/* The value (as a unix timestamp) corresponds to date
++   "Dec 31 9999 23:59:59 UTC", which is the latest date that __DATE__ and
++   __TIME__ can store.  */
++#define MAX_SOURCE_DATE_EPOCH HOST_WIDE_INT_C (253402300799)
++
+ /* In c-gimplify.c  */
+ extern void c_genericize (tree);
+ extern int c_gimplify_expr (tree *, gimple_seq *, gimple_seq *);
+@@ -1467,9 +1477,4 @@ extern bool reject_gcc_builtin (const_tree, location_t = UNKNOWN_LOCATION);
+ extern void warn_duplicated_cond_add_or_warn (location_t, tree, vec<tree> **);
+ extern bool valid_array_size_p (location_t, tree, tree);
+ 
+-/* Read SOURCE_DATE_EPOCH from environment to have a deterministic
+-   timestamp to replace embedded current dates to get reproducible
+-   results.  Returns -1 if SOURCE_DATE_EPOCH is not defined.  */
+-extern time_t get_source_date_epoch (void);
+-
+ #endif /* ! GCC_C_COMMON_H */
+diff --git a/gcc/c-family/c-lex.c b/gcc/c-family/c-lex.c
+index bf1db6c0252..42a4135d339 100644
+--- a/gcc/c-family/c-lex.c
++++ b/gcc/c-family/c-lex.c
+@@ -80,6 +80,7 @@ init_c_lex (void)
+   cb->valid_pch = c_common_valid_pch;
+   cb->read_pch = c_common_read_pch;
+   cb->has_attribute = c_common_has_attribute;
++  cb->get_source_date_epoch = cb_get_source_date_epoch;
+ 
+   /* Set the debug callbacks if we can use them.  */
+   if ((debug_info_level == DINFO_LEVEL_VERBOSE
+@@ -385,9 +386,6 @@ c_lex_with_flags (tree *value, location_t *loc, unsigned char *cpp_flags,
+   enum cpp_ttype type;
+   unsigned char add_flags = 0;
+   enum overflow_type overflow = OT_NONE;
+-  time_t source_date_epoch = get_source_date_epoch ();
+-
+-  cpp_init_source_date_epoch (parse_in, source_date_epoch);
+ 
+   timevar_push (TV_CPP);
+  retry:
+diff --git a/gcc/doc/cppenv.texi b/gcc/doc/cppenv.texi
+index e958e93e97e..8cefd529aa3 100644
+--- a/gcc/doc/cppenv.texi
++++ b/gcc/doc/cppenv.texi
+@@ -81,7 +81,6 @@ main input file is omitted.
+ @end ifclear
+ 
+ @item SOURCE_DATE_EPOCH
+-
+ If this variable is set, its value specifies a UNIX timestamp to be
+ used in replacement of the current date and time in the @code{__DATE__}
+ and @code{__TIME__} macros, so that the embedded timestamps become
+@@ -89,8 +88,9 @@ reproducible.
+ 
+ The value of @env{SOURCE_DATE_EPOCH} must be a UNIX timestamp,
+ defined as the number of seconds (excluding leap seconds) since
+-01 Jan 1970 00:00:00 represented in ASCII, identical to the output of
+-@samp{@command{date +%s}}.
++01 Jan 1970 00:00:00 represented in ASCII; identical to the output of
++@samp{@command{date +%s}} on GNU/Linux and other systems that support the
++@code{%s} extension in the @code{date} command.
+ 
+ The value should be a known timestamp such as the last modification
+ time of the source or package and it should be set by the build
+diff --git a/gcc/gcc.c b/gcc/gcc.c
+index cfa074d4e43..f88596219bc 100644
+--- a/gcc/gcc.c
++++ b/gcc/gcc.c
+@@ -3541,6 +3541,29 @@ save_switch (const char *opt, size_t n_args, const char *const *args,
+   n_switches++;
+ }
+ 
++/* Set the SOURCE_DATE_EPOCH environment variable to the current time if it is
++   not set already.  */
++
++static void
++set_source_date_epoch_envvar ()
++{
++  /* Array size is 21 = ceil(log_10(2^64)) + 1 to hold string representations
++     of 64 bit integers.  */
++  char source_date_epoch[21];
++  time_t tt;
++
++  errno = 0;
++  tt = time (NULL);
++  if (tt < (time_t) 0 || errno != 0)
++    tt = (time_t) 0;
++
++  snprintf (source_date_epoch, 21, "%llu", (unsigned long long) tt);
++  /* Using setenv instead of xputenv because we want the variable to remain
++     after finalizing so that it's still set in the second run when using
++     -fcompare-debug.  */
++  setenv ("SOURCE_DATE_EPOCH", source_date_epoch, 0);
++}
++
+ /* Handle an option DECODED that is unknown to the option-processing
+    machinery.  */
+ 
+@@ -3840,6 +3863,7 @@ driver_handle_option (struct gcc_options *opts,
+       else
+ 	compare_debug_opt = arg;
+       save_switch (compare_debug_replacement_opt, 0, NULL, validated, true);
++      set_source_date_epoch_envvar ();
+       return true;
+ 
+     case OPT_fdiagnostics_color_:
+diff --git a/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c
+new file mode 100644
+index 00000000000..f6aa1a360ff
+--- /dev/null
++++ b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c
+@@ -0,0 +1,11 @@
++/* { dg-do run } */
++/* { dg-set-compiler-env-var SOURCE_DATE_EPOCH "630333296" } */
++
++int
++main(void)
++{
++  __builtin_printf ("%s %s\n", __DATE__, __TIME__);
++  return 0;
++}
++
++/* { dg-output "^Dec 22 1989 12:34:56\n$" } */
+diff --git a/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c
+new file mode 100644
+index 00000000000..ae18362ae87
+--- /dev/null
++++ b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c
+@@ -0,0 +1,12 @@
++/* { dg-do compile } */
++/* { dg-set-compiler-env-var SOURCE_DATE_EPOCH "AAA" } */
++
++/* Make sure that SOURCE_DATE_EPOCH is only parsed once */
++
++int
++main(void)
++{
++  __builtin_printf ("%s %s\n", __DATE__, __TIME__); /* { dg-error "SOURCE_DATE_EPOCH must expand" } */
++  __builtin_printf ("%s %s\n", __DATE__, __TIME__);
++  return 0;
++}
+diff --git a/gcc/testsuite/lib/gcc-dg.exp b/gcc/testsuite/lib/gcc-dg.exp
+index 9dd909b0985..822d2fbb3b9 100644
+--- a/gcc/testsuite/lib/gcc-dg.exp
++++ b/gcc/testsuite/lib/gcc-dg.exp
+@@ -450,6 +450,38 @@ proc restore-target-env-var { } {
+     }
+ }
+ 
++proc dg-set-compiler-env-var { args } {
++    global set_compiler_env_var
++    global saved_compiler_env_var
++    if { [llength $args] != 3 } {
++	error "dg-set-compiler-env-var: need two arguments"
++	return
++    }
++    set var [lindex $args 1]
++    set value [lindex $args 2]
++    if [info exists ::env($var)] {
++      lappend saved_compiler_env_var [list $var 1 $::env($var)]
++    } else {
++      lappend saved_compiler_env_var [list $var 0]
++    }
++    setenv $var $value
++    lappend set_compiler_env_var [list $var $value]
++}
++
++proc restore-compiler-env-var { } {
++    global saved_compiler_env_var
++    for { set env_vari [llength $saved_compiler_env_var] } {
++          [incr env_vari -1] >= 0 } {} {
++	set env_var [lindex $saved_compiler_env_var $env_vari]
++	set var [lindex $env_var 0]
++	if [lindex $env_var 1] {
++	    setenv $var [lindex $env_var 2]
++	} else {
++	    unsetenv $var
++	}
++    }
++}
++
+ # Utility routines.
+ 
+ #
+@@ -873,6 +905,11 @@ if { [info procs saved-dg-test] == [list] } {
+ 	if [info exists set_target_env_var] {
+ 	    unset set_target_env_var
+ 	}
++	if [info exists set_compiler_env_var] {
++	    restore-compiler-env-var
++	    unset set_compiler_env_var
++	    unset saved_compiler_env_var
++	}
+ 	if [info exists keep_saved_temps_suffixes] {
+ 	    unset keep_saved_temps_suffixes
+ 	}
+diff --git a/libcpp/include/cpplib.h b/libcpp/include/cpplib.h
+index 4998b3a8ab8..9d70cc856ef 100644
+--- a/libcpp/include/cpplib.h
++++ b/libcpp/include/cpplib.h
+@@ -594,6 +594,9 @@ struct cpp_callbacks
+ 
+   /* Callback that can change a user builtin into normal macro.  */
+   bool (*user_builtin_macro) (cpp_reader *, cpp_hashnode *);
++
++  /* Callback to parse SOURCE_DATE_EPOCH from environment.  */
++  time_t (*get_source_date_epoch) (cpp_reader *);
+ };
+ 
+ #ifdef VMS
+@@ -784,9 +787,6 @@ extern void cpp_init_special_builtins (cpp_reader *);
+ /* Set up built-ins like __FILE__.  */
+ extern void cpp_init_builtins (cpp_reader *, int);
+ 
+-/* Initialize the source_date_epoch value.  */
+-extern void cpp_init_source_date_epoch (cpp_reader *, time_t);
+-
+ /* This is called after options have been parsed, and partially
+    processed.  */
+ extern void cpp_post_options (cpp_reader *);
+diff --git a/libcpp/init.c b/libcpp/init.c
+index f5ff85b3bae..e78b3206def 100644
+--- a/libcpp/init.c
++++ b/libcpp/init.c
+@@ -257,6 +257,9 @@ cpp_create_reader (enum c_lang lang, cpp_hash_table *table,
+   /* Do not force token locations by default.  */
+   pfile->forced_token_location_p = NULL;
+ 
++  /* Initialize source_date_epoch to -2 (not yet set).  */
++  pfile->source_date_epoch = (time_t) -2;
++
+   /* The expression parser stack.  */
+   _cpp_expand_op_stack (pfile);
+ 
+@@ -533,13 +536,6 @@ cpp_init_builtins (cpp_reader *pfile, int hosted)
+     _cpp_define_builtin (pfile, "__OBJC__ 1");
+ }
+ 
+-/* Initialize the source_date_epoch value.  */
+-void
+-cpp_init_source_date_epoch (cpp_reader *pfile, time_t source_date_epoch)
+-{
+-  pfile->source_date_epoch = source_date_epoch; 
+-}
+-
+ /* Sanity-checks are dependent on command-line options, so it is
+    called as a subroutine of cpp_read_main_file.  */
+ #if CHECKING_P
+diff --git a/libcpp/internal.h b/libcpp/internal.h
+index e3eb26b1f27..cea32ec73c6 100644
+--- a/libcpp/internal.h
++++ b/libcpp/internal.h
+@@ -503,7 +503,8 @@ struct cpp_reader
+   const unsigned char *time;
+ 
+   /* Externally set timestamp to replace current date and time useful for
+-     reproducibility.  */
++     reproducibility.  It should be initialized to -2 (not yet set) and
++     set to -1 to disable it or to a non-negative value to enable it.  */
+   time_t source_date_epoch;
+ 
+   /* EOF token, and a token forcing paste avoidance.  */
+diff --git a/libcpp/macro.c b/libcpp/macro.c
+index c2a83764660..a3b8348a23f 100644
+--- a/libcpp/macro.c
++++ b/libcpp/macro.c
+@@ -358,9 +358,13 @@ _cpp_builtin_macro_text (cpp_reader *pfile, cpp_hashnode *node,
+ 	  struct tm *tb = NULL;
+ 
+ 	  /* Set a reproducible timestamp for __DATE__ and __TIME__ macro
+-	     usage if SOURCE_DATE_EPOCH is defined.  */
+-	  if (pfile->source_date_epoch != (time_t) -1)
+-	     tb = gmtime (&pfile->source_date_epoch);
++	     if SOURCE_DATE_EPOCH is defined.  */
++	  if (pfile->source_date_epoch == (time_t) -2
++	      && pfile->cb.get_source_date_epoch != NULL)
++	    pfile->source_date_epoch = pfile->cb.get_source_date_epoch (pfile);
++
++	  if (pfile->source_date_epoch >= (time_t) 0)
++	    tb = gmtime (&pfile->source_date_epoch);
+ 	  else
+ 	    {
+ 	      /* (time_t) -1 is a legitimate value for "number of seconds
+-- 
+2.14.1
+
diff --git a/gnu/packages/patches/glusterfs-use-PATH-instead-of-hardcodes.patch b/gnu/packages/patches/glusterfs-use-PATH-instead-of-hardcodes.patch
new file mode 100644
index 0000000000..d05b4351b3
--- /dev/null
+++ b/gnu/packages/patches/glusterfs-use-PATH-instead-of-hardcodes.patch
@@ -0,0 +1,140 @@
+This patch was taken from Nixpkgs.
+
+From 616381bc25b0e90198683fb049f994e82d467d96 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Niklas=20Hamb=C3=BCchen?= <mail@nh2.me>
+Date: Sat, 13 May 2017 02:45:49 +0200
+Subject: [PATCH] Don't use hardcoded /sbin, /usr/bin etc. paths. Fixes
+ #1450546.
+
+Instead, rely on programs to be in PATH, as gluster already
+does in many places across its code base.
+
+Change-Id: Id21152fe42f5b67205d8f1571b0656c4d5f74246
+---
+ contrib/fuse-lib/mount-common.c               |  8 ++++----
+ xlators/mgmt/glusterd/src/glusterd-ganesha.c  |  6 +++---
+ xlators/mgmt/glusterd/src/glusterd-quota.c    |  6 +++---
+ xlators/mgmt/glusterd/src/glusterd-snapshot.c |  4 ++--
+ xlators/mgmt/glusterd/src/glusterd-utils.c    | 14 +-------------
+ 5 files changed, 13 insertions(+), 25 deletions(-)
+
+diff --git a/contrib/fuse-lib/mount-common.c b/contrib/fuse-lib/mount-common.c
+index e9f80fe81..6380dd867 100644
+--- a/contrib/fuse-lib/mount-common.c
++++ b/contrib/fuse-lib/mount-common.c
+@@ -255,16 +255,16 @@ fuse_mnt_umount (const char *progname, const char *abs_mnt,
+                         exit (1);
+                 }
+ #ifdef GF_LINUX_HOST_OS
+-                execl ("/bin/umount", "/bin/umount", "-i", rel_mnt,
++                execl ("umount", "umount", "-i", rel_mnt,
+                        lazy ? "-l" : NULL, NULL);
+-                GFFUSE_LOGERR ("%s: failed to execute /bin/umount: %s",
++                GFFUSE_LOGERR ("%s: failed to execute umount: %s",
+                                progname, strerror (errno));
+ #elif __NetBSD__
+                 /* exitting the filesystem causes the umount */
+                 exit (0);
+ #else
+-                execl ("/sbin/umount", "/sbin/umount", "-f", rel_mnt, NULL);
+-                GFFUSE_LOGERR ("%s: failed to execute /sbin/umount: %s",
++                execl ("umount", "umount", "-f", rel_mnt, NULL);
++                GFFUSE_LOGERR ("%s: failed to execute umount: %s",
+                                progname, strerror (errno));
+ #endif /* GF_LINUX_HOST_OS */
+                 exit (1);
+diff --git a/xlators/mgmt/glusterd/src/glusterd-quota.c b/xlators/mgmt/glusterd/src/glusterd-quota.c
+index 0e6629cf0..fcb4738b7 100644
+--- a/xlators/mgmt/glusterd/src/glusterd-quota.c
++++ b/xlators/mgmt/glusterd/src/glusterd-quota.c
+@@ -30,7 +30,7 @@
+ 
+ #ifndef _PATH_SETFATTR
+ # ifdef GF_LINUX_HOST_OS
+-#  define _PATH_SETFATTR "/usr/bin/setfattr"
++#  define _PATH_SETFATTR "setfattr"
+ # endif
+ # ifdef __NetBSD__
+ #  define _PATH_SETFATTR "/usr/pkg/bin/setfattr"
+@@ -335,7 +335,7 @@ _glusterd_quota_initiate_fs_crawl (glusterd_conf_t *priv,
+ 
+                 if (type == GF_QUOTA_OPTION_TYPE_ENABLE ||
+                     type == GF_QUOTA_OPTION_TYPE_ENABLE_OBJECTS)
+-                        runner_add_args (&runner, "/usr/bin/find", ".", NULL);
++                        runner_add_args (&runner, "find", ".", NULL);
+ 
+                 else if (type == GF_QUOTA_OPTION_TYPE_DISABLE) {
+ 
+@@ -351,7 +351,7 @@ _glusterd_quota_initiate_fs_crawl (glusterd_conf_t *priv,
+                                          VIRTUAL_QUOTA_XATTR_CLEANUP_KEY, "1",
+                                          "{}", "\\", ";", NULL);
+ #else
+-                        runner_add_args (&runner, "/usr/bin/find", ".",
++                        runner_add_args (&runner, "find", ".",
+                                          "-exec", _PATH_SETFATTR, "-n",
+                                          VIRTUAL_QUOTA_XATTR_CLEANUP_KEY, "-v",
+                                          "1", "{}", "\\", ";", NULL);
+diff --git a/xlators/mgmt/glusterd/src/glusterd-snapshot.c b/xlators/mgmt/glusterd/src/glusterd-snapshot.c
+index da0152366..f0d135350 100644
+--- a/xlators/mgmt/glusterd/src/glusterd-snapshot.c
++++ b/xlators/mgmt/glusterd/src/glusterd-snapshot.c
+@@ -121,7 +121,7 @@ glusterd_build_snap_device_path (char *device, char *snapname,
+         }
+ 
+         runinit (&runner);
+-        runner_add_args (&runner, "/sbin/lvs", "--noheadings", "-o", "vg_name",
++        runner_add_args (&runner, "lvs", "--noheadings", "-o", "vg_name",
+                          device, NULL);
+         runner_redir (&runner, STDOUT_FILENO, RUN_PIPE);
+         snprintf (msg, sizeof (msg), "Get volume group for device %s", device);
+@@ -1982,7 +1982,7 @@ glusterd_is_thinp_brick (char *device, uint32_t *op_errno)
+ 
+         runinit (&runner);
+ 
+-        runner_add_args (&runner, "/sbin/lvs", "--noheadings", "-o", "pool_lv",
++        runner_add_args (&runner, "lvs", "--noheadings", "-o", "pool_lv",
+                          device, NULL);
+         runner_redir (&runner, STDOUT_FILENO, RUN_PIPE);
+         runner_log (&runner, this->name, GF_LOG_DEBUG, msg);
+diff --git a/xlators/mgmt/glusterd/src/glusterd-utils.c b/xlators/mgmt/glusterd/src/glusterd-utils.c
+index 51db13df0..6fa7b92f9 100644
+--- a/xlators/mgmt/glusterd/src/glusterd-utils.c
++++ b/xlators/mgmt/glusterd/src/glusterd-utils.c
+@@ -6027,7 +6027,6 @@ static struct fs_info {
+         char *fs_tool_pattern;
+         char *fs_tool_pkg;
+ } glusterd_fs[] = {
+-        /* some linux have these in /usr/sbin/and others in /sbin/? */
+         { "xfs", "xfs_info", NULL, "isize=", "xfsprogs" },
+         { "ext3", "tune2fs", "-l", "Inode size:", "e2fsprogs" },
+         { "ext4", "tune2fs", "-l", "Inode size:", "e2fsprogs" },
+@@ -6048,7 +6047,6 @@ glusterd_add_inode_size_to_dict (dict_t *dict, int count)
+         char           *trail             = NULL;
+         runner_t        runner            = {0, };
+         struct fs_info *fs                = NULL;
+-        char            fs_tool_name[256] = {0, };
+         static dict_t  *cached_fs         = NULL;
+ 
+         memset (key, 0, sizeof (key));
+@@ -6085,17 +6083,7 @@ glusterd_add_inode_size_to_dict (dict_t *dict, int count)
+                                 cur_word = "N/A";
+                                 goto cached;
+                         }
+-
+-                        snprintf (fs_tool_name, sizeof (fs_tool_name),
+-                                  "/usr/sbin/%s", fs->fs_tool_name);
+-                        if (sys_access (fs_tool_name, R_OK|X_OK) == 0)
+-                                runner_add_arg (&runner, fs_tool_name);
+-                        else {
+-                                snprintf (fs_tool_name, sizeof (fs_tool_name),
+-                                          "/sbin/%s", fs->fs_tool_name);
+-                                if (sys_access (fs_tool_name, R_OK|X_OK) == 0)
+-                                        runner_add_arg (&runner, fs_tool_name);
+-                        }
++                        runner_add_arg (&runner, fs->fs_tool_name);
+                         break;
+                 }
+         }
+-- 
+2.12.0
+
diff --git a/gnu/packages/patches/guile-emacs-fix-configure.patch b/gnu/packages/patches/guile-emacs-fix-configure.patch
new file mode 100644
index 0000000000..b1f7146d21
--- /dev/null
+++ b/gnu/packages/patches/guile-emacs-fix-configure.patch
@@ -0,0 +1,211 @@
+Two patches here backporting fixes from Emacs master.
+
+Upstream status: emailed first patch to latest committer, Robin Templeton
+<robin@igalia.com>, no response.
+
+From dfcb3b6ff318e47b84a28cfc43f50bec42fa3570 Mon Sep 17 00:00:00 2001
+From: Jan Nieuwenhuizen <janneke@gnu.org>
+Date: Tue, 7 Nov 2017 18:48:03 +0100
+Subject: [PATCH 1/2] backport: Port jpeg configuration to Solaris 10 with Sun
+ C.
+
+* configure.ac: Check for jpeglib 6b by trying to link it, instead
+of relying on cpp magic that has problems in practice.  Check for
+both jpeglib.h and jerror.h features.  Remove special case for
+mingw32, which should no longer be needed (and if it were needed,
+should now be addressable by hotwiring emacs_cv_jpeglib).
+Fixes: bug#20332
+
+    From fdf532b9c915ad9ba72155646d29d0f530fd72ec Mon Sep 17 00:00:00 2001
+    From: Paul Eggert <address@hidden>
+    Date: Wed, 15 Apr 2015 18:30:01 -0700
+    Subject: [PATCH] Port jpeg configuration to Solaris 10 with Sun C.
+
+    * configure.ac: Check for jpeglib 6b by trying to link it, instead
+    of relying on cpp magic that has problems in practice.  Check for
+    both jpeglib.h and jerror.h features.  Remove special case for
+    mingw32, which should no longer be needed (and if it were needed,
+    should now be addressable by hotwiring emacs_cv_jpeglib).
+    Fixes: bug#20332
+---
+ configure.ac | 72 ++++++++++++++++++++++++++++--------------------------------
+ 1 file changed, 34 insertions(+), 38 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 2445db4886..36fa8eb390 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -3014,44 +3014,40 @@ AC_SUBST(LIBXPM)
+ ### mingw32 doesn't use -ljpeg, since it loads the library dynamically.
+ HAVE_JPEG=no
+ LIBJPEG=
+-if test "${opsys}" = "mingw32"; then
+-  if test "${with_jpeg}" != "no"; then
+-    dnl Checking for jpeglib.h can lose because of a redefinition of
+-    dnl HAVE_STDLIB_H.
+-    AC_CHECK_HEADER(jerror.h, HAVE_JPEG=yes, HAVE_JPEG=no)
+-  fi
+-  AH_TEMPLATE(HAVE_JPEG, [Define to 1 if you have the jpeg library (-ljpeg).])dnl
+-  if test "${HAVE_JPEG}" = "yes"; then
+-    AC_DEFINE(HAVE_JPEG)
+-    AC_EGREP_CPP([version= *(6[2-9]|[7-9][0-9])],
+-        [#include <jpeglib.h>
+-	 version=JPEG_LIB_VERSION
+-],
+-        [AC_DEFINE(HAVE_JPEG)],
+-        [AC_MSG_WARN([libjpeg found, but not version 6b or later])
+-        HAVE_JPEG=no])
+-  fi
+-elif test "${HAVE_X11}" = "yes" || test "${HAVE_W32}" = "yes"; then
+-  if test "${with_jpeg}" != "no"; then
+-    dnl Checking for jpeglib.h can lose because of a redefinition of
+-    dnl  HAVE_STDLIB_H.
+-    AC_CHECK_HEADER(jerror.h,
+-      [AC_CHECK_LIB(jpeg, jpeg_destroy_compress, HAVE_JPEG=yes)])
+-  fi
+-
+-  AH_TEMPLATE(HAVE_JPEG, [Define to 1 if you have the jpeg library (-ljpeg).])dnl
+-  if test "${HAVE_JPEG}" = "yes"; then
+-    AC_DEFINE(HAVE_JPEG)
+-    AC_EGREP_CPP([version= *(6[2-9]|[7-9][0-9])],
+-	[#include <jpeglib.h>
+-	 version=JPEG_LIB_VERSION
+-],
+-	[AC_DEFINE(HAVE_JPEG)],
+-	[AC_MSG_WARN([libjpeg found, but not version 6b or later])
+-	HAVE_JPEG=no])
+-  fi
+-  if test "${HAVE_JPEG}" = "yes"; then
+-    LIBJPEG=-ljpeg
++if test "${with_jpeg}" != "no"; then
++  AC_CACHE_CHECK([for jpeglib 6b or later],
++    [emacs_cv_jpeglib],
++    [OLD_LIBS=$LIBS
++     for emacs_cv_jpeglib in yes -ljpeg no; do
++       case $emacs_cv_jpeglib in
++	 yes) ;;
++         no) break;;
++	 *) LIBS="$LIBS $emacs_cv_jpeglib";;
++       esac
++       AC_LINK_IFELSE(
++	 [AC_LANG_PROGRAM(
++	    [[#undef HAVE_STDLIB_H /* Avoid config.h/jpeglib.h collision.  */
++	      #include <stdio.h> /* jpeglib.h needs FILE and size_t.  */
++	      #include <jpeglib.h>
++	      #include <jerror.h>
++	      char verify[JPEG_LIB_VERSION < 62 ? -1 : 1];
++	      struct jpeg_decompress_struct cinfo;
++	    ]],
++	    [[
++	      jpeg_create_decompress (&cinfo);
++	      WARNMS (&cinfo, JWRN_JPEG_EOF);
++	      jpeg_destroy_decompress (&cinfo);
++	    ]])],
++	 [emacs_link_ok=yes],
++	 [emacs_link_ok=no])
++       LIBS=$OLD_LIBS
++       test $emacs_link_ok = yes && break
++     done])
++  if test "$emacs_cv_jpeglib" != no; then
++    HAVE_JPEG=yes
++    AC_DEFINE([HAVE_JPEG], 1,
++      [Define to 1 if you have the jpeg library (typically -ljpeg).])
++    test "$emacs_cv_jpeglib" != yes && LIBJPEG=$emacs_cv_jpeglib
+   fi
+ fi
+ AC_SUBST(LIBJPEG)
+-- 
+Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
+Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com
+
+From f761b92d520b72954be28ad66eb82d1a96c785fb Mon Sep 17 00:00:00 2001
+From: Jan Nieuwenhuizen <janneke@gnu.org>
+Date: Wed, 8 Nov 2017 14:05:43 +0100
+Subject: [PATCH 2/2] backport fix for #24065: calloc loop when compiling with
+ -O2.
+
+This patch fixes
+
+    EMACSLOADPATH= '../src/bootstrap-emacs' -batch --no-site-file --no-site-lisp -l autoload \
+       --eval "(setq generate-autoload-cookie \";;;###cal-autoload\")" \
+       --eval "(setq generated-autoload-file (expand-file-name
+    (unmsys--file-name
+    \"../../git-checkout/lisp/calendar/cal-loaddefs.el\")))" \
+       -f batch-update-autoloads ../../git-checkout/lisp/calendar
+    make[2]: *** [Makefile:466: ../../git-checkout/lisp/calendar/cal-loaddefs.el] Segmentation fault
+
+in gdb seen as
+
+    in calloc (nmemb=<error reading variable: DWARF-2 expression error:Loop detected (257).>, size=size@entry=1) at gmalloc.c:1510
+
+I did not find malloc-fixing commits from emacs master to cleanly
+cherry-pick, so this patch replaces the relevant part in configure
+(emacs 53da55b8cc45e76b836ebaadd23f46e92d25abce).
+
+* configure.ac: backport system_malloc/hybrid_malloc detection.
+---
+ configure.ac | 29 ++++++++++++++++++++++++++++-
+ 1 file changed, 28 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 36fa8eb390..3cc1794f37 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1966,7 +1966,25 @@ case "$opsys" in
+   darwin|mingw32|sol2-10) system_malloc=yes ;;
+ esac
+ 
++hybrid_malloc=
++system_malloc=yes
++
++test "$CANNOT_DUMP" = yes ||
++case "$opsys" in
++  ## darwin ld insists on the use of malloc routines in the System framework.
++  darwin | mingw32 | nacl | sol2-10) ;;
++  cygwin) hybrid_malloc=yes
++          system_malloc= ;;
++  *) test "$ac_cv_func_sbrk" = yes && system_malloc=$emacs_cv_sanitize_address;;
++esac
++
++if test "${system_malloc}" != yes && test "${doug_lea_malloc}" != yes \
++   && test "${UNEXEC_OBJ}" = unexelf.o; then
++  hybrid_malloc=yes
++fi
++
+ GMALLOC_OBJ=
++HYBRID_MALLOC=
+ if test "${system_malloc}" = "yes"; then
+   AC_DEFINE([SYSTEM_MALLOC], 1,
+     [Define to 1 to use the system memory allocator, even if it is not
+@@ -1975,6 +1993,14 @@ if test "${system_malloc}" = "yes"; then
+   GNU_MALLOC_reason="
+     (The GNU allocators don't work with this system configuration.)"
+   VMLIMIT_OBJ=
++elif test "$hybrid_malloc" = yes; then
++  AC_DEFINE(HYBRID_MALLOC, 1,
++    [Define to use gmalloc before dumping and the system malloc after.])
++  HYBRID_MALLOC=1
++  GNU_MALLOC=no
++  GNU_MALLOC_reason=" (only before dumping)"
++  GMALLOC_OBJ=gmalloc.o
++  VMLIMIT_OBJ=
+ else
+   test "$doug_lea_malloc" != "yes" && GMALLOC_OBJ=gmalloc.o
+   VMLIMIT_OBJ=vm-limit.o
+@@ -1993,10 +2019,11 @@ else
+        of the main data segment.])
+   fi
+ fi
++AC_SUBST([HYBRID_MALLOC])
+ AC_SUBST(GMALLOC_OBJ)
+ AC_SUBST(VMLIMIT_OBJ)
+ 
+-if test "$doug_lea_malloc" = "yes" ; then
++if test "$doug_lea_malloc" = "yes" && test "$hybrid_malloc" != yes; then
+   if test "$GNU_MALLOC" = yes ; then
+     GNU_MALLOC_reason="
+       (Using Doug Lea's new malloc from the GNU C Library.)"
+-- 
+Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
+Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com
+
diff --git a/gnu/packages/patches/higan-remove-march-native-flag.patch b/gnu/packages/patches/higan-remove-march-native-flag.patch
index 8f4a36dc35..30d4cdd061 100644
--- a/gnu/packages/patches/higan-remove-march-native-flag.patch
+++ b/gnu/packages/patches/higan-remove-march-native-flag.patch
@@ -2,12 +2,11 @@ Remove -march=native from build flags.
 
 --- a/higan/GNUmakefile
 +++ b/higan/GNUmakefile
-@@ -32,7 +32,7 @@ ifeq ($(platform),windows)
- else ifeq ($(platform),macosx)
-   flags += -march=native
- else ifneq ($(filter $(platform),linux bsd),)
--  flags += -march=native -fopenmp
-+  flags += -fopenmp
+@@ -26,7 +26,6 @@
+   flags += -fopenmp
    link += -fopenmp
-   link += -Wl,-export-dynamic
-   link += -lX11 -lXext
+   ifeq ($(binary),application)
+-    flags += -march=native
+     link += -Wl,-export-dynamic
+     link += -lX11 -lXext
+   else ifeq ($(binary),library)
diff --git a/gnu/packages/patches/libmygpo-qt-fix-jsoncreatortest.patch b/gnu/packages/patches/libmygpo-qt-fix-jsoncreatortest.patch
new file mode 100644
index 0000000000..c457d592cc
--- /dev/null
+++ b/gnu/packages/patches/libmygpo-qt-fix-jsoncreatortest.patch
@@ -0,0 +1,41 @@
+From ebe2323727f8d646590245b0bf06dbc92b5808d6 Mon Sep 17 00:00:00 2001
+From: Golubev Alexander <fatzer2@gmail.com>
+Date: Tue, 20 Sep 2016 15:33:30 +0400
+Subject: [PATCH] JsonCreatorTest failed due to extra space
+
+JsonCreatorTest failed with next message:
+```
+********* Start testing of mygpo::JsonCreatorTest *********
+Config: Using QTest library 4.8.6, Qt 4.8.6
+PASS   : mygpo::JsonCreatorTest::initTestCase()
+PASS   : mygpo::JsonCreatorTest::testAddRemoveSubsToJSON()
+PASS   : mygpo::JsonCreatorTest::testSaveSettingsToJSON()
+FAIL!  : mygpo::JsonCreatorTest::testEpisodeActionListToJSON() Compared values are not the same
+   Actual (outString2): [{"action":"download","device":"device1","episode":"http://episode.url","podcast":"http://podcast.url","timestamp":"1998-01-01T00:01:02"},{"action":"delete","device":"device3","episode":"http://episode2.url","podcast":"http://podcast2.url","timestamp":"1920-01-01T12:01:02"},{"action":"new","device":"foodev","episode":"http://www.podtrac.com","podcast":"http://leo.am","timestamp":"1998-01-01T00:01:02"},{"action":"play","device":"foodev","episode":"http://www.podtrac.com","podcast":"http://leo.am","timestamp":"1920-01-01T12:01:02"},{"action":"play","device":"foodev","episode":"http://www.podtrac.com","podcast":"http://leo.am","position":123,"started":10,"timestamp":"1998-01-01T00:01:02","total":321},{"action":"play","device":"foodev","episode":"http://www.podtrac.com","podcast":"http://leo.am","position":10,"timestamp":"1998-01-01T00:01:02"}]
+   Expected (expected2): [{"action":"download","device":"device1","episode":"http://episode.url","podcast":"http:
+   Loc: [/var/tmp/portage/media-libs/libmygpo-qt-1.0.9-r1/work/libmygpo-qt-1.0.9/tests/JsonCreatorTest.cpp(138)]
+PASS   : mygpo::JsonCreatorTest::testRenameDeviceStringToJSON()
+PASS   : mygpo::JsonCreatorTest::testDeviceSynchronizationListsToJSON()
+PASS   : mygpo::JsonCreatorTest::cleanupTestCase()
+Totals: 6 passed, 1 failed, 0 skipped
+********* Finished testing of mygpo::JsonCreatorTest *********
+```
+
+This was caused by extra space in the expected string.
+---
+ tests/JsonCreatorTest.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/JsonCreatorTest.cpp b/tests/JsonCreatorTest.cpp
+index b15b006..feb03d5 100644
+--- a/tests/JsonCreatorTest.cpp
++++ b/tests/JsonCreatorTest.cpp
+@@ -133,7 +133,7 @@ void JsonCreatorTest::testEpisodeActionListToJSON()
+ 
+   output = JsonCreator::episodeActionListToJSON(episodeActions);
+   QString outString2 = QString::fromLatin1( output ).replace( QLatin1String(" "), QLatin1String("") );
+-  QString expected2( QLatin1String( "[{\"action\":\"download\",\"device\":\"device1\",\"episode\":\"http://episode.url\",\"podcast\":\"http://podcast.url\",\"timestamp\":\"1998-01-01T00:01:02\"},{\"action\":\"delete\",\"device\":\"device3\",\"episode\":\"http://episode2.url\",\"podcast\":\"http://podcast2.url\",\"timestamp\":\"1920-01-01T12:01:02\"},{\"action\":\"new\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"timestamp\":\"1998-01-01T00:01:02\"},{\"action\":\"play\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"timestamp\":\"1920-01-01T12:01:02\" },{\"action\":\"play\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"position\":123,\"started\":10,\"timestamp\":\"1998-01-01T00:01:02\",\"total\":321},{\"action\":\"play\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"position\":10,\"timestamp\":\"1998-01-01T00:01:02\"}]" ) );
++  QString expected2( QLatin1String( "[{\"action\":\"download\",\"device\":\"device1\",\"episode\":\"http://episode.url\",\"podcast\":\"http://podcast.url\",\"timestamp\":\"1998-01-01T00:01:02\"},{\"action\":\"delete\",\"device\":\"device3\",\"episode\":\"http://episode2.url\",\"podcast\":\"http://podcast2.url\",\"timestamp\":\"1920-01-01T12:01:02\"},{\"action\":\"new\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"timestamp\":\"1998-01-01T00:01:02\"},{\"action\":\"play\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"timestamp\":\"1920-01-01T12:01:02\"},{\"action\":\"play\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"position\":123,\"started\":10,\"timestamp\":\"1998-01-01T00:01:02\",\"total\":321},{\"action\":\"play\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"position\":10,\"timestamp\":\"1998-01-01T00:01:02\"}]" ) );
+ 
+   QCOMPARE(outString2, expected2 );
+ }
diff --git a/gnu/packages/patches/libtorrent-rasterbar-boost-compat.patch b/gnu/packages/patches/libtorrent-rasterbar-boost-compat.patch
deleted file mode 100644
index 85bea76efe..0000000000
--- a/gnu/packages/patches/libtorrent-rasterbar-boost-compat.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Fix compatibility with Boost 1.63.
-
-Patch copied from upstream source repository:
-
-https://github.com/arvidn/libtorrent/commit/6d2d736cecce0af274dd651dd1f562716b625d92
-
-From 6d2d736cecce0af274dd651dd1f562716b625d92 Mon Sep 17 00:00:00 2001
-From: arvidn <arvid@cs.umu.se>
-Date: Sun, 12 Mar 2017 13:03:26 -0400
-Subject: [PATCH] fix test_ssl.cpp build with newer versions of boost
-
----
- test/test_ssl.cpp | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/test/test_ssl.cpp b/test/test_ssl.cpp
-index 01c5bc7..2903332 100644
---- a/test/test_ssl.cpp
-+++ b/test/test_ssl.cpp
-@@ -51,7 +51,6 @@ POSSIBILITY OF SUCH DAMAGE.
- #include <boost/asio/connect.hpp>
- 
- #ifdef TORRENT_USE_OPENSSL
--#include <boost/asio/ssl/error.hpp> // for asio::error::get_ssl_category()
- #include <boost/asio/ssl.hpp>
- 
- #include "libtorrent/aux_/disable_warnings_pop.hpp"
diff --git a/gnu/packages/patches/libvirt-CVE-2017-1000256.patch b/gnu/packages/patches/libvirt-CVE-2017-1000256.patch
deleted file mode 100644
index d577e1eb50..0000000000
--- a/gnu/packages/patches/libvirt-CVE-2017-1000256.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-Fix CVE-2017-1000256:
-
-https://security.libvirt.org/2017/0002.html
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000256
-
-Patch copied from upstream source repository:
-
-https://libvirt.org/git/?p=libvirt.git;a=commit;h=dc6c41798d1eb5c52c75365ffa22f7672709dfa7
-
-From dc6c41798d1eb5c52c75365ffa22f7672709dfa7 Mon Sep 17 00:00:00 2001
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Thu, 5 Oct 2017 17:54:28 +0100
-Subject: [PATCH] qemu: ensure TLS clients always verify the server certificate
-
-The default_tls_x509_verify (and related) parameters in qemu.conf
-control whether the QEMU TLS servers request & verify certificates
-from clients. This works as a simple access control system for
-servers by requiring the CA to issue certs to permitted clients.
-This use of client certificates is disabled by default, since it
-requires extra work to issue client certificates.
-
-Unfortunately the code was using this configuration parameter when
-setting up both TLS clients and servers in QEMU. The result was that
-TLS clients for character devices and disk devices had verification
-turned off, meaning they would ignore errors while validating the
-server certificate.
-
-This allows for trivial MITM attacks between client and server,
-as any certificate returned by the attacker will be accepted by
-the client.
-
-This is assigned CVE-2017-1000256  / LSN-2017-0002
-
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
-(cherry picked from commit 441d3eb6d1be940a67ce45a286602a967601b157)
----
- src/qemu/qemu_command.c                            |    2 +-
- .../qemuxml2argv-serial-tcp-tlsx509-chardev.args   |    2 +-
- ...xml2argv-serial-tcp-tlsx509-secret-chardev.args |    2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
-index 9a27987..ae78cd1 100644
---- a/src/qemu/qemu_command.c
-+++ b/src/qemu/qemu_command.c
-@@ -718,7 +718,7 @@ qemuBuildTLSx509BackendProps(const char *tlspath,
-     if (virJSONValueObjectCreate(propsret,
-                                  "s:dir", path,
-                                  "s:endpoint", (isListen ? "server": "client"),
--                                 "b:verify-peer", verifypeer,
-+                                 "b:verify-peer", (isListen ? verifypeer : true),
-                                  NULL) < 0)
-         goto cleanup;
- 
-diff --git a/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args
-index 5aff773..ab5f7e2 100644
---- a/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args
-+++ b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args
-@@ -26,7 +26,7 @@ server,nowait \
- localport=1111 \
- -device isa-serial,chardev=charserial0,id=serial0 \
- -object tls-creds-x509,id=objcharserial1_tls0,dir=/etc/pki/libvirt-chardev,\
--endpoint=client,verify-peer=no \
-+endpoint=client,verify-peer=yes \
- -chardev socket,id=charserial1,host=127.0.0.1,port=5555,\
- tls-creds=objcharserial1_tls0 \
- -device isa-serial,chardev=charserial1,id=serial1 \
-diff --git a/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
-index 91f1fe0..2567abb 100644
---- a/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
-+++ b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
-@@ -31,7 +31,7 @@ localport=1111 \
- data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
- keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
- -object tls-creds-x509,id=objcharserial1_tls0,dir=/etc/pki/libvirt-chardev,\
--endpoint=client,verify-peer=no,passwordid=charserial1-secret0 \
-+endpoint=client,verify-peer=yes,passwordid=charserial1-secret0 \
- -chardev socket,id=charserial1,host=127.0.0.1,port=5555,\
- tls-creds=objcharserial1_tls0 \
- -device isa-serial,chardev=charserial1,id=serial1 \
--- 
-1.7.1
-
diff --git a/gnu/packages/patches/node-test-http2-server-rst-stream.patch b/gnu/packages/patches/node-test-http2-server-rst-stream.patch
new file mode 100644
index 0000000000..c2f85010b1
--- /dev/null
+++ b/gnu/packages/patches/node-test-http2-server-rst-stream.patch
@@ -0,0 +1,131 @@
+From a41cc020fd6e40b358103425edfa50e6a10fc973 Mon Sep 17 00:00:00 2001
+From: Anatoli Papirovski <apapirovski@mac.com>
+Date: Thu, 2 Nov 2017 12:46:31 -0400
+Subject: [PATCH] test: fix flaky test-http2-server-rst-stream.js
+
+PR-URL: https://github.com/nodejs/node/pull/16690
+Fixes: https://github.com/nodejs/node/issues/16688
+Reviewed-By: James M Snell <jasnell@gmail.com>
+Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
+---
+ test/parallel/test-http2-server-rst-stream.js | 93 ++++++++++-----------------
+ 1 file changed, 35 insertions(+), 58 deletions(-)
+
+diff --git a/test/parallel/test-http2-server-rst-stream.js b/test/parallel/test-http2-server-rst-stream.js
+index b92217dc99..dd38efb42f 100644
+--- a/test/parallel/test-http2-server-rst-stream.js
++++ b/test/parallel/test-http2-server-rst-stream.js
+@@ -5,11 +5,9 @@ if (!common.hasCrypto)
+   common.skip('missing crypto');
+ const assert = require('assert');
+ const http2 = require('http2');
++const Countdown = require('../common/countdown');
+ 
+ const {
+-  HTTP2_HEADER_METHOD,
+-  HTTP2_HEADER_PATH,
+-  HTTP2_METHOD_POST,
+   NGHTTP2_CANCEL,
+   NGHTTP2_NO_ERROR,
+   NGHTTP2_PROTOCOL_ERROR,
+@@ -17,63 +15,42 @@ const {
+   NGHTTP2_INTERNAL_ERROR
+ } = http2.constants;
+ 
+-const errCheck = common.expectsError({ code: 'ERR_HTTP2_STREAM_ERROR' }, 6);
++const tests = [
++  ['rstStream', NGHTTP2_NO_ERROR, false],
++  ['rstWithNoError', NGHTTP2_NO_ERROR, false],
++  ['rstWithProtocolError', NGHTTP2_PROTOCOL_ERROR, true],
++  ['rstWithCancel', NGHTTP2_CANCEL, false],
++  ['rstWithRefuse', NGHTTP2_REFUSED_STREAM, true],
++  ['rstWithInternalError', NGHTTP2_INTERNAL_ERROR, true]
++];
++
++const server = http2.createServer();
++server.on('stream', (stream, headers) => {
++  const method = headers['rstmethod'];
++  stream[method]();
++});
++
++server.listen(0, common.mustCall(() => {
++  const client = http2.connect(`http://localhost:${server.address().port}`);
++
++  const countdown = new Countdown(tests.length, common.mustCall(() => {
++    client.destroy();
++    server.close();
++  }));
+ 
+-function checkRstCode(rstMethod, expectRstCode) {
+-  const server = http2.createServer();
+-  server.on('stream', (stream, headers, flags) => {
+-    stream.respond({
+-      'content-type': 'text/html',
+-      ':status': 200
++  tests.forEach((test) => {
++    const req = client.request({
++      ':method': 'POST',
++      rstmethod: test[0]
+     });
+-    stream.write('test');
+-    if (rstMethod === 'rstStream')
+-      stream[rstMethod](expectRstCode);
+-    else
+-      stream[rstMethod]();
+-
+-    if (expectRstCode !== NGHTTP2_NO_ERROR &&
+-        expectRstCode !== NGHTTP2_CANCEL) {
+-      stream.on('error', common.mustCall(errCheck));
+-    } else {
+-      stream.on('error', common.mustNotCall());
+-    }
+-  });
+-
+-  server.listen(0, common.mustCall(() => {
+-    const port = server.address().port;
+-    const client = http2.connect(`http://localhost:${port}`);
+-
+-    const headers = {
+-      [HTTP2_HEADER_PATH]: '/',
+-      [HTTP2_HEADER_METHOD]: HTTP2_METHOD_POST
+-    };
+-    const req = client.request(headers);
+-
+-    req.setEncoding('utf8');
+-    req.on('streamClosed', common.mustCall((actualRstCode) => {
+-      assert.strictEqual(
+-        expectRstCode, actualRstCode, `${rstMethod} is not match rstCode`);
+-      server.close();
+-      client.destroy();
++    req.on('streamClosed', common.mustCall((code) => {
++      assert.strictEqual(code, test[1]);
++      countdown.dec();
+     }));
+-    req.on('data', common.mustCall());
+     req.on('aborted', common.mustCall());
+-    req.on('end', common.mustCall());
+-
+-    if (expectRstCode !== NGHTTP2_NO_ERROR &&
+-        expectRstCode !== NGHTTP2_CANCEL) {
+-      req.on('error', common.mustCall(errCheck));
+-    } else {
++    if (test[2])
++      req.on('error', common.mustCall());
++    else
+       req.on('error', common.mustNotCall());
+-    }
+-
+-  }));
+-}
+-
+-checkRstCode('rstStream', NGHTTP2_NO_ERROR);
+-checkRstCode('rstWithNoError', NGHTTP2_NO_ERROR);
+-checkRstCode('rstWithProtocolError', NGHTTP2_PROTOCOL_ERROR);
+-checkRstCode('rstWithCancel', NGHTTP2_CANCEL);
+-checkRstCode('rstWithRefuse', NGHTTP2_REFUSED_STREAM);
+-checkRstCode('rstWithInternalError', NGHTTP2_INTERNAL_ERROR);
++  });
++}));
+-- 
+2.15.0
+
diff --git a/gnu/packages/patches/optipng-CVE-2017-1000229.patch b/gnu/packages/patches/optipng-CVE-2017-1000229.patch
new file mode 100644
index 0000000000..2cb3b2f21c
--- /dev/null
+++ b/gnu/packages/patches/optipng-CVE-2017-1000229.patch
@@ -0,0 +1,22 @@
+Fix CVE-2017-1000229:
+
+https://security-tracker.debian.org/tracker/CVE-2017-1000229
+https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000229.html
+https://nvd.nist.gov/vuln/detail/CVE-2017-1000229
+
+Patch copied from upstream bug tracker:
+https://sourceforge.net/p/optipng/bugs/65/
+
+diff --git a/src/minitiff/tiffread.c b/src/minitiff/tiffread.c
+index b4910ec..5f9b376 100644
+--- a/src/minitiff/tiffread.c
++++ b/src/minitiff/tiffread.c
+@@ -350,6 +350,8 @@ minitiff_read_info(struct minitiff_info *tiff_ptr, FILE *fp)
+         count = tiff_ptr->strip_offsets_count;
+         if (count == 0 || count > tiff_ptr->height)
+             goto err_invalid;
++        if (count > (size_t)-1 / sizeof(long))
++            goto err_memory;
+         tiff_ptr->strip_offsets = (long *)malloc(count * sizeof(long));
+         if (tiff_ptr->strip_offsets == NULL)
+             goto err_memory;
diff --git a/gnu/packages/patches/pcmanfm-CVE-2017-8934.patch b/gnu/packages/patches/pcmanfm-CVE-2017-8934.patch
new file mode 100644
index 0000000000..489d22c83b
--- /dev/null
+++ b/gnu/packages/patches/pcmanfm-CVE-2017-8934.patch
@@ -0,0 +1,56 @@
+From bc8c3d871e9ecc67c47ff002b68cf049793faf08 Mon Sep 17 00:00:00 2001
+From: Andriy Grytsenko <andrej@rep.kiev.ua>
+Date: Sun, 14 May 2017 21:35:40 +0300
+Subject: [PATCH] Fix potential access violation, use runtime user dir instead
+ of tmp dir.
+
+---
+ NEWS              | 4 ++++
+ src/single-inst.c | 7 ++++++-
+ 2 files changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/NEWS b/NEWS
+index 8c2049a..876f7f3 100644
+--- a/NEWS
++++ b/NEWS
+@@ -1,3 +1,7 @@
++* Fixed potential access violation, use runtime user dir instead of tmp dir
++    for single instance socket.
++
++
+ Changes on 1.2.5 since 1.2.4:
+ 
+ * Removed options to Cut, Remove and Rename from context menu on mounted
+diff --git a/src/single-inst.c b/src/single-inst.c
+index 62c37b3..aaf84ab 100644
+--- a/src/single-inst.c
++++ b/src/single-inst.c
+@@ -2,7 +2,7 @@
+  *      single-inst.c: simple IPC mechanism for single instance app
+  *
+  *      Copyright 2010 Hong Jen Yee (PCMan) <pcman.tw@gmail.com>
+- *      Copyright 2012 Andriy Grytsenko (LStranger) <andrej@rep.kiev.ua>
++ *      Copyright 2012-2017 Andriy Grytsenko (LStranger) <andrej@rep.kiev.ua>
+  *
+  *      This program is free software; you can redistribute it and/or modify
+  *      it under the terms of the GNU General Public License as published by
+@@ -404,11 +404,16 @@ static void get_socket_name(SingleInstData* data, char* buf, int len)
+     }
+     else
+         dpynum = 0;
++#if GLIB_CHECK_VERSION(2, 28, 0)
++    g_snprintf(buf, len, "%s/%s-socket-%s-%d", g_get_user_runtime_dir(),
++               data->prog_name, host ? host : "", dpynum);
++#else
+     g_snprintf(buf, len, "%s/.%s-socket-%s-%d-%s",
+                 g_get_tmp_dir(),
+                 data->prog_name,
+                 host ? host : "",
+                 dpynum,
+                 g_get_user_name());
++#endif
+ }
+ 
+-- 
+2.1.4
+
diff --git a/gnu/packages/patches/perl-text-markdown-discount-use-system-markdown.patch b/gnu/packages/patches/perl-text-markdown-discount-unbundle.patch
index e0df632a04..e0df632a04 100644
--- a/gnu/packages/patches/perl-text-markdown-discount-use-system-markdown.patch
+++ b/gnu/packages/patches/perl-text-markdown-discount-unbundle.patch
diff --git a/gnu/packages/patches/procmail-CVE-2017-16844.patch b/gnu/packages/patches/procmail-CVE-2017-16844.patch
new file mode 100644
index 0000000000..b96540c8cd
--- /dev/null
+++ b/gnu/packages/patches/procmail-CVE-2017-16844.patch
@@ -0,0 +1,25 @@
+Fix CVE-2017-16844:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16844
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511
+
+Patch copied from Debian procmail package 3.22-26:
+
+http://http.debian.net/debian/pool/main/p/procmail/procmail_3.22-26.debian.tar.xz
+
+From: Santiago Vila <sanvila@debian.org>
+Subject: Fix heap-based buffer overflow in loadbuf()
+Bug-Debian: http://bugs.debian.org/876511
+X-Debian-version: 3.22-26
+
+--- a/src/formisc.c
++++ b/src/formisc.c
+@@ -103,7 +103,7 @@
+ }
+ 							    /* append to buf */
+ void loadbuf(text,len)const char*const text;const size_t len;
+-{ if(buffilled+len>buflen)			  /* buf can't hold the text */
++{ while(buffilled+len>buflen)			  /* buf can't hold the text */
+      buf=realloc(buf,buflen+=Bsize);
+   tmemmove(buf+buffilled,text,len);buffilled+=len;
+ }
diff --git a/gnu/packages/patches/qemu-CVE-2017-15118.patch b/gnu/packages/patches/qemu-CVE-2017-15118.patch
new file mode 100644
index 0000000000..d427317be9
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-15118.patch
@@ -0,0 +1,58 @@
+Fix CVE-2017-15118:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15118
+https://bugzilla.redhat.com/show_bug.cgi?id=1516922
+
+Patch copied from upstream source repository:
+
+https://git.qemu.org/?p=qemu.git;a=commitdiff;h=51ae4f8455c9e32c54770c4ebc25bf86a8128183
+
+From 51ae4f8455c9e32c54770c4ebc25bf86a8128183 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Wed, 22 Nov 2017 15:07:22 -0600
+Subject: [PATCH] nbd/server: CVE-2017-15118 Stack smash on large export name
+
+Introduced in commit f37708f6b8 (2.10).  The NBD spec says a client
+can request export names up to 4096 bytes in length, even though
+they should not expect success on names longer than 256.  However,
+qemu hard-codes the limit of 256, and fails to filter out a client
+that probes for a longer name; the result is a stack smash that can
+potentially give an attacker arbitrary control over the qemu
+process.
+
+The smash can be easily demonstrated with this client:
+$ qemu-io f raw nbd://localhost:10809/$(printf %3000d 1 | tr ' ' a)
+
+If the qemu NBD server binary (whether the standalone qemu-nbd, or
+the builtin server of QMP nbd-server-start) was compiled with
+-fstack-protector-strong, the ability to exploit the stack smash
+into arbitrary execution is a lot more difficult (but still
+theoretically possible to a determined attacker, perhaps in
+combination with other CVEs).  Still, crashing a running qemu (and
+losing the VM) is bad enough, even if the attacker did not obtain
+full execution control.
+
+CC: qemu-stable@nongnu.org
+Signed-off-by: Eric Blake <eblake@redhat.com>
+---
+ nbd/server.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/nbd/server.c b/nbd/server.c
+index a81801e3bc..92c0fdd03b 100644
+--- a/nbd/server.c
++++ b/nbd/server.c
+@@ -386,6 +386,10 @@ static int nbd_negotiate_handle_info(NBDClient *client, uint32_t length,
+         msg = "name length is incorrect";
+         goto invalid;
+     }
++    if (namelen >= sizeof(name)) {
++        msg = "name too long for qemu";
++        goto invalid;
++    }
+     if (nbd_read(client->ioc, name, namelen, errp) < 0) {
+         return -EIO;
+     }
+-- 
+2.15.0
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-15119.patch b/gnu/packages/patches/qemu-CVE-2017-15119.patch
new file mode 100644
index 0000000000..6265ecf8d6
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-15119.patch
@@ -0,0 +1,68 @@
+Fix CVE-2017-15119:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15119
+https://bugzilla.redhat.com/show_bug.cgi?id=1516925
+
+Patch copied from upstream source repository:
+
+https://git.qemu.org/?p=qemu.git;a=commitdiff;h=fdad35ef6c5839d50dfc14073364ac893afebc30
+
+From fdad35ef6c5839d50dfc14073364ac893afebc30 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Wed, 22 Nov 2017 16:25:16 -0600
+Subject: [PATCH] nbd/server: CVE-2017-15119 Reject options larger than 32M
+
+The NBD spec gives us permission to abruptly disconnect on clients
+that send outrageously large option requests, rather than having
+to spend the time reading to the end of the option.  No real
+option request requires that much data anyways; and meanwhile, we
+already have the practice of abruptly dropping the connection on
+any client that sends NBD_CMD_WRITE with a payload larger than 32M.
+
+For comparison, nbdkit drops the connection on any request with
+more than 4096 bytes; however, that limit is probably too low
+(as the NBD spec states an export name can theoretically be up
+to 4096 bytes, which means a valid NBD_OPT_INFO could be even
+longer) - even if qemu doesn't permit exports longer than 256
+bytes.
+
+It could be argued that a malicious client trying to get us to
+read nearly 4G of data on a bad request is a form of denial of
+service.  In particular, if the server requires TLS, but a client
+that does not know the TLS credentials sends any option (other
+than NBD_OPT_STARTTLS or NBD_OPT_EXPORT_NAME) with a stated
+payload of nearly 4G, then the server was keeping the connection
+alive trying to read all the payload, tying up resources that it
+would rather be spending on a client that can get past the TLS
+handshake.  Hence, this warranted a CVE.
+
+Present since at least 2.5 when handling known options, and made
+worse in 2.6 when fixing support for NBD_FLAG_C_FIXED_NEWSTYLE
+to handle unknown options.
+
+CC: qemu-stable@nongnu.org
+Signed-off-by: Eric Blake <eblake@redhat.com>
+---
+ nbd/server.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/nbd/server.c b/nbd/server.c
+index 7d6801b427..a81801e3bc 100644
+--- a/nbd/server.c
++++ b/nbd/server.c
+@@ -673,6 +673,12 @@ static int nbd_negotiate_options(NBDClient *client, uint16_t myflags,
+         }
+         length = be32_to_cpu(length);
+ 
++        if (length > NBD_MAX_BUFFER_SIZE) {
++            error_setg(errp, "len (%" PRIu32" ) is larger than max len (%u)",
++                       length, NBD_MAX_BUFFER_SIZE);
++            return -EINVAL;
++        }
++
+         trace_nbd_negotiate_options_check_option(option,
+                                                  nbd_opt_lookup(option));
+         if (client->tlscreds &&
+-- 
+2.15.0
+
diff --git a/gnu/packages/patches/shepherd-close-fds.patch b/gnu/packages/patches/shepherd-close-fds.patch
new file mode 100644
index 0000000000..2078b15265
--- /dev/null
+++ b/gnu/packages/patches/shepherd-close-fds.patch
@@ -0,0 +1,36 @@
+commit 3e346a2a84b099766ea8a3a4a4549f6172483062
+Author: Ludovic Courtès <ludo@gnu.org>
+Date:   Sun Dec 3 22:30:03 2017 +0100
+
+    service: In 'exec-command', close open ports before 'execl'.
+    
+    This gets rid of annoying "Bad file descriptor" warnings from shepherd.
+    
+    * modules/shepherd/service.scm (exec-command): In 'loop', invoke
+    'close-port' and the ports returned by (fdes->ports i).
+
+diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm
+index b2d8bc5..0ad28a0 100644
+--- a/modules/shepherd/service.scm
++++ b/modules/shepherd/service.scm
+@@ -1,5 +1,5 @@
+ ;; service.scm -- Representation of services.
+-;; Copyright (C) 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
++;; Copyright (C) 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
+ ;; Copyright (C) 2002, 2003 Wolfgang Järling <wolfgang@pro-linux.de>
+ ;; Copyright (C) 2014 Alex Sassmannshausen <alex.sassmannshausen@gmail.com>
+ ;; Copyright (C) 2016 Alex Kost <alezost@gmail.com>
+@@ -744,6 +744,14 @@ false."
+ 
+        (let loop ((i 3))
+          (when (< i max-fd)
++           ;; First try to close any ports associated with file descriptor I.
++           ;; Otherwise the finalization thread might get around to closing
++           ;; those ports eventually, which will raise an EBADF exception (on
++           ;; 2.2), leading to messages like "error in the finalization
++           ;; thread: Bad file descriptor".
++           (for-each (lambda (port)
++                       (catch-system-error (close-port port)))
++                     (fdes->ports i))
+            (catch-system-error (close-fdes i))
+            (loop (+ i 1)))))
diff --git a/gnu/packages/patches/spice-CVE-2016-9577.patch b/gnu/packages/patches/spice-CVE-2016-9577.patch
deleted file mode 100644
index a2cb558cd3..0000000000
--- a/gnu/packages/patches/spice-CVE-2016-9577.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Prevent buffer overflow when reading large messages.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1401603
-https://access.redhat.com/security/cve/CVE-2016-9577
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9577
-https://security-tracker.debian.org/tracker/CVE-2016-9577
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3
-
-From 5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3 Mon Sep 17 00:00:00 2001
-From: Frediano Ziglio <fziglio@redhat.com>
-Date: Tue, 29 Nov 2016 16:46:56 +0000
-Subject: main-channel: Prevent overflow reading messages from client
-
-diff --git a/server/main_channel.c b/server/main_channel.c
-index 0ecc9df..1fc3915 100644
---- a/server/main_channel.c
-+++ b/server/main_channel.c
-@@ -1026,6 +1026,9 @@ static uint8_t *main_channel_alloc_msg_rcv_buf(RedChannelClient *rcc,
- 
-     if (type == SPICE_MSGC_MAIN_AGENT_DATA) {
-         return reds_get_agent_data_buffer(mcc, size);
-+    } else if (size > sizeof(main_chan->recv_buf)) {
-+        /* message too large, caller will log a message and close the connection */
-+        return NULL;
-     } else {
-         return main_chan->recv_buf;
-     }
--- 
-cgit v0.10.2
-
diff --git a/gnu/packages/patches/spice-CVE-2016-9578-1.patch b/gnu/packages/patches/spice-CVE-2016-9578-1.patch
deleted file mode 100644
index f86cdb4eb1..0000000000
--- a/gnu/packages/patches/spice-CVE-2016-9578-1.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Prevent possible DoS during protocol handshake.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1399566
-https://access.redhat.com/security/cve/CVE-2016-9578
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9578
-https://security-tracker.debian.org/tracker/CVE-2016-9578
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a
-
-From 1c6517973095a67c8cb57f3550fc1298404ab556 Mon Sep 17 00:00:00 2001
-From: Frediano Ziglio <fziglio@redhat.com>
-Date: Tue, 13 Dec 2016 14:39:48 +0000
-Subject: Prevent possible DoS attempts during protocol handshake
-
-diff --git a/server/reds.c b/server/reds.c
-index f40b65c..86a33d5 100644
---- a/server/reds.c
-+++ b/server/reds.c
-@@ -2202,7 +2202,8 @@ static void reds_handle_read_header_done(void *opaque)
- 
-     reds->peer_minor_version = header->minor_version;
- 
--    if (header->size < sizeof(SpiceLinkMess)) {
-+    /* the check for 4096 is to avoid clients to cause arbitrary big memory allocations */
-+    if (header->size < sizeof(SpiceLinkMess) || header->size > 4096) {
-         reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA);
-         spice_warning("bad size %u", header->size);
-         reds_link_free(link);
--- 
-cgit v0.10.2
-
diff --git a/gnu/packages/patches/spice-CVE-2016-9578-2.patch b/gnu/packages/patches/spice-CVE-2016-9578-2.patch
deleted file mode 100644
index 76f7ec7ffb..0000000000
--- a/gnu/packages/patches/spice-CVE-2016-9578-2.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-Fixes a potential buffer overflow in the protocol handling.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1399566
-https://access.redhat.com/security/cve/CVE-2016-9578
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9578
-https://security-tracker.debian.org/tracker/CVE-2016-9578
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a
-
-From f66dc643635518e53dfbe5262f814a64eec54e4a Mon Sep 17 00:00:00 2001
-From: Frediano Ziglio <fziglio@redhat.com>
-Date: Tue, 13 Dec 2016 14:40:10 +0000
-Subject: Prevent integer overflows in capability checks
-
-diff --git a/server/reds.c b/server/reds.c
-index 86a33d5..9150454 100644
---- a/server/reds.c
-+++ b/server/reds.c
-@@ -2110,6 +2110,14 @@ static void reds_handle_read_link_done(void *opaque)
-     link_mess->num_channel_caps = GUINT32_FROM_LE(link_mess->num_channel_caps);
-     link_mess->num_common_caps = GUINT32_FROM_LE(link_mess->num_common_caps);
- 
-+    /* Prevent DoS. Currently we defined only 13 capabilities,
-+     * I expect 1024 to be valid for quite a lot time */
-+    if (link_mess->num_channel_caps > 1024 || link_mess->num_common_caps > 1024) {
-+        reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA);
-+        reds_link_free(link);
-+        return;
-+    }
-+
-     num_caps = link_mess->num_common_caps + link_mess->num_channel_caps;
-     caps = (uint32_t *)((uint8_t *)link_mess + link_mess->caps_offset);
- 
--- 
-cgit v0.10.2
-
diff --git a/gnu/packages/patches/spice-CVE-2017-7506.patch b/gnu/packages/patches/spice-CVE-2017-7506.patch
deleted file mode 100644
index 37d8f02831..0000000000
--- a/gnu/packages/patches/spice-CVE-2017-7506.patch
+++ /dev/null
@@ -1,158 +0,0 @@
-Fix CVE-2017-7506:
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1452606
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7506
-
-Patches copied from Debian spice package version
-'spice_0.12.8-2.1+deb9u1.debian.tar.xz':
-http://security.debian.org/debian-security/pool/updates/main/s/spice/spice_0.12.8-2.1+deb9u1.debian.tar.xz
-
-The patches had to be adapted to apply to the latest spice tarball, and
-are based on these upstream commits:
-
-https://cgit.freedesktop.org/spice/spice/commit/?id=111ab38611cef5012f1565a65fa2d8a8a05cce37
-https://cgit.freedesktop.org/spice/spice/commit/?id=571cec91e71c2aae0d5f439ea2d8439d0c3d75eb
-https://cgit.freedesktop.org/spice/spice/commit/?id=fbbcdad773e2791cfb988f4748faa41943551ca6
-
-From 257f69d619fed407493156c8a7b952abc8a51314 Mon Sep 17 00:00:00 2001
-Date: Mon, 15 May 2017 15:57:28 +0100
-Subject: [spice-server 1/3] reds: Disconnect when receiving overly big
- ClientMonitorsConfig
-
-Total message size received from the client was unlimited. There is
-a 2kiB size check on individual agent messages, but the MonitorsConfig
-message can be split in multiple chunks, and the size of the
-non-chunked MonitorsConfig message was never checked. This could easily
-lead to memory exhaustion on the host.
-
----
- server/reds.c | 25 +++++++++++++++++++++++--
- 1 file changed, 23 insertions(+), 2 deletions(-)
-
-diff --git a/server/reds.c b/server/reds.c
-index f439a3668..7be85fdfc 100644
---- a/server/reds.c
-+++ b/server/reds.c
-@@ -993,19 +993,34 @@ static void reds_client_monitors_config_cleanup(void)
- static void reds_on_main_agent_monitors_config(
-         MainChannelClient *mcc, void *message, size_t size)
- {
-+    const unsigned int MAX_MONITORS = 256;
-+    const unsigned int MAX_MONITOR_CONFIG_SIZE =
-+       sizeof(VDAgentMonitorsConfig) + MAX_MONITORS * sizeof(VDAgentMonConfig);
-+
-     VDAgentMessage *msg_header;
-     VDAgentMonitorsConfig *monitors_config;
-     RedsClientMonitorsConfig *cmc = &reds->client_monitors_config;
- 
-+    // limit size of message sent by the client as this can cause a DoS through
-+    // memory exhaustion, or potentially some integer overflows
-+    if (sizeof(VDAgentMessage) + MAX_MONITOR_CONFIG_SIZE - cmc->buffer_size < size) {
-+        goto overflow;
-+    }
-     cmc->buffer_size += size;
-     cmc->buffer = realloc(cmc->buffer, cmc->buffer_size);
-     spice_assert(cmc->buffer);
-     cmc->mcc = mcc;
-     memcpy(cmc->buffer + cmc->buffer_pos, message, size);
-     cmc->buffer_pos += size;
-+    if (sizeof(VDAgentMessage) > cmc->buffer_size) {
-+        spice_debug("not enough data yet. %d", cmc->buffer_size);
-+        return;
-+    }
-     msg_header = (VDAgentMessage *)cmc->buffer;
--    if (sizeof(VDAgentMessage) > cmc->buffer_size ||
--            msg_header->size > cmc->buffer_size - sizeof(VDAgentMessage)) {
-+    if (msg_header->size > MAX_MONITOR_CONFIG_SIZE) {
-+        goto overflow;
-+    }
-+    if (msg_header->size > cmc->buffer_size - sizeof(VDAgentMessage)) {
-         spice_debug("not enough data yet. %d", cmc->buffer_size);
-         return;
-     }
-@@ -1013,6 +1028,12 @@ static void reds_on_main_agent_monitors_config(
-     spice_debug("%s: %d", __func__, monitors_config->num_of_monitors);
-     red_dispatcher_client_monitors_config(monitors_config);
-     reds_client_monitors_config_cleanup();
-+    return;
-+
-+overflow:
-+    spice_warning("received invalid MonitorsConfig request from client, disconnecting");
-+    red_channel_client_disconnect(main_channel_client_get_base(mcc));
-+    reds_client_monitors_config_cleanup();
- }
- 
- void reds_on_main_agent_data(MainChannelClient *mcc, void *message, size_t size)
--- 
-2.13.0
-From ff2b4ef70181087d5abd50bad76d026ec5088a93 Mon Sep 17 00:00:00 2001
-Date: Mon, 15 May 2017 15:57:28 +0100
-Subject: [spice-server 2/3] reds: Avoid integer overflows handling monitor
- configuration
-
-Avoid VDAgentMessage::size integer overflows.
-
----
- server/reds.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/server/reds.c b/server/reds.c
-index 7be85fdfc..e1c8c1086 100644
---- a/server/reds.c
-+++ b/server/reds.c
-@@ -1024,6 +1024,9 @@ static void reds_on_main_agent_monitors_config(
-         spice_debug("not enough data yet. %d", cmc->buffer_size);
-         return;
-     }
-+    if (msg_header->size < sizeof(VDAgentMonitorsConfig)) {
-+        goto overflow;
-+    }
-     monitors_config = (VDAgentMonitorsConfig *)(cmc->buffer + sizeof(*msg_header));
-     spice_debug("%s: %d", __func__, monitors_config->num_of_monitors);
-     red_dispatcher_client_monitors_config(monitors_config);
--- 
-2.13.0
-From 8cc3d7df2792751939cc832f4110c57e2addfca5 Mon Sep 17 00:00:00 2001
-Date: Mon, 15 May 2017 15:57:28 +0100
-Subject: [spice-server 3/3] reds: Avoid buffer overflows handling monitor
- configuration
-
-It was also possible for a malicious client to set
-VDAgentMonitorsConfig::num_of_monitors to a number larger
-than the actual size of VDAgentMOnitorsConfig::monitors.
-This would lead to buffer overflows, which could allow the guest to
-read part of the host memory. This might cause write overflows in the
-host as well, but controlling the content of such buffers seems
-complicated.
-
----
- server/reds.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/server/reds.c b/server/reds.c
-index e1c8c1086..3a42c3755 100644
---- a/server/reds.c
-+++ b/server/reds.c
-@@ -1000,6 +1000,7 @@ static void reds_on_main_agent_monitors_config(
-     VDAgentMessage *msg_header;
-     VDAgentMonitorsConfig *monitors_config;
-     RedsClientMonitorsConfig *cmc = &reds->client_monitors_config;
-+    uint32_t max_monitors;
- 
-     // limit size of message sent by the client as this can cause a DoS through
-     // memory exhaustion, or potentially some integer overflows
-@@ -1028,6 +1029,12 @@ static void reds_on_main_agent_monitors_config(
-         goto overflow;
-     }
-     monitors_config = (VDAgentMonitorsConfig *)(cmc->buffer + sizeof(*msg_header));
-+    // limit the monitor number to avoid buffer overflows
-+    max_monitors = (msg_header->size - sizeof(VDAgentMonitorsConfig)) /
-+                   sizeof(VDAgentMonConfig);
-+    if (monitors_config->num_of_monitors > max_monitors) {
-+        goto overflow;
-+    }
-     spice_debug("%s: %d", __func__, monitors_config->num_of_monitors);
-     red_dispatcher_client_monitors_config(monitors_config);
-     reds_client_monitors_config_cleanup();
--- 
-2.13.0
diff --git a/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch b/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch
deleted file mode 100644
index db3c56861b..0000000000
--- a/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-https://github.com/supertuxkart/stk-code/commit/5e05f1178ce6bc5f3a653b55ab3dc6d016196341.patch
-
-From 5e05f1178ce6bc5f3a653b55ab3dc6d016196341 Mon Sep 17 00:00:00 2001
-From: Deve <deveee@gmail.com>
-Date: Mon, 3 Oct 2016 23:26:09 +0200
-Subject: [PATCH] Fixed compiler error on Linux with non-x86 64bit platforms,
- e.g. arm64, mips, and s390x architectures
-
-This modification is already applied in upstream angelscript repository:
-https://sourceforge.net/p/angelscript/code/2353/
-
-Thanks to Adrian Bunk and Andreas Jonsson
----
- lib/angelscript/projects/cmake/CMakeLists.txt | 1 +
- lib/angelscript/source/as_config.h            | 2 +-
- 2 files changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/lib/angelscript/projects/cmake/CMakeLists.txt b/lib/angelscript/projects/cmake/CMakeLists.txt
-index e93971315e..755d8378c3 100644
---- a/lib/angelscript/projects/cmake/CMakeLists.txt
-+++ b/lib/angelscript/projects/cmake/CMakeLists.txt
-@@ -67,6 +67,7 @@ set(ANGELSCRIPT_SOURCE
-     ../../source/as_builder.cpp
-     ../../source/as_bytecode.cpp
-     ../../source/as_callfunc.cpp
-+    ../../source/as_callfunc_mips.cpp
-     ../../source/as_callfunc_x86.cpp
-     ../../source/as_callfunc_x64_gcc.cpp
-     ../../source/as_callfunc_x64_msvc.cpp
-diff --git a/lib/angelscript/source/as_config.h b/lib/angelscript/source/as_config.h
-index cb05bffbd5..5bb5b8e800 100644
---- a/lib/angelscript/source/as_config.h
-+++ b/lib/angelscript/source/as_config.h
-@@ -844,7 +844,7 @@
- 			#define THISCALL_PASS_OBJECT_POINTER_ON_THE_STACK
- 			#define AS_X86
- 			#undef AS_NO_THISCALL_FUNCTOR_METHOD
--		#elif defined(__LP64__) && !defined(__arm64__)
-+		#elif defined(__x86_64__)
- 			#define AS_X64_GCC
- 			#undef AS_NO_THISCALL_FUNCTOR_METHOD
- 			#define HAS_128_BIT_PRIMITIVES
diff --git a/gnu/packages/patches/vpnc-script.patch b/gnu/packages/patches/vpnc-script.patch
deleted file mode 100644
index a0d9481952..0000000000
--- a/gnu/packages/patches/vpnc-script.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-This patch adapts the vpnc script to newer kernel versions, see
-   https://lkml.org/lkml/2011/3/24/645
-
-diff -u a/vpnc-script.in b/vpnc-script.in
---- a/vpnc-script.in	2013-03-03 13:55:16.000000000 +0100
-+++ b/vpnc-script.in	2013-03-03 13:56:11.000000000 +0100
-@@ -116,7 +116,7 @@
- 
- if [ -n "$IPROUTE" ]; then
- 	fix_ip_get_output () {
--		sed 's/cache//;s/metric \?[0-9]\+ [0-9]\+//g;s/hoplimit [0-9]\+//g'
-+		sed 's/cache//;s/metric \?[0-9]\+ [0-9]\+//g;s/hoplimit [0-9]\+//g;s/ipid 0x....//g'
- 	}
- 
- 	set_vpngateway_route() {
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index 7c4e07eb0c..14dab3a65c 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -2648,7 +2648,7 @@ arbitrary parameters.")
 (define-public perl-devel-stacktrace
   (package
     (name "perl-devel-stacktrace")
-    (version "2.00")
+    (version "2.03")
     (source
      (origin
        (method url-fetch)
@@ -2656,7 +2656,7 @@ arbitrary parameters.")
                            "Devel-StackTrace-" version ".tar.gz"))
        (sha256
         (base32
-         "1r65iq5i11xh0r0kp3pdycydnd3kxpdmxnp0hq9hx9lr60kygsqx"))))
+         "0j58kgjr9s3vibsgifmk9k5h7daag0cb9x45f30m9qi4pr7cs63n"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/Devel-StackTrace/")
     (synopsis "Object representing a stack trace")
diff --git a/gnu/packages/php.scm b/gnu/packages/php.scm
index 03e9d4bd94..7c45269bb1 100644
--- a/gnu/packages/php.scm
+++ b/gnu/packages/php.scm
@@ -52,7 +52,7 @@
 (define-public php
   (package
     (name "php")
-    (version "7.1.11")
+    (version "7.1.12")
     (home-page "https://secure.php.net/")
     (source (origin
               (method url-fetch)
@@ -60,7 +60,7 @@
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0gl9hk4888fjirrd4s73mdabhiqam0c45406a7fgw6njszlr6h07"))
+                "1czflr5wb2f7pmgdc1vxy1kcln5rlkkly2z3skrb2wa5fx88h4d0"))
               (modules '((guix build utils)))
               (snippet
                '(with-directory-excursion "ext"
@@ -213,6 +213,9 @@
                          "ext/gd/tests/bug73213.phpt"
                          ;; Test expects generic "gd warning" but gets the actual function name.
                          "ext/gd/tests/createfromwbmp2_extern.phpt"
+                         ;; This bug should have been fixed in gd 2.2.2.
+                         ;; Is it a regression?
+                         "ext/gd/tests/bug65148.phpt"
                          ;; TODO: Enable these when libgd is built with xpm support.
                          "ext/gd/tests/xpm2gd.phpt"
                          "ext/gd/tests/xpm2jpg.phpt"
diff --git a/gnu/packages/protobuf.scm b/gnu/packages/protobuf.scm
index 2e681ca97d..0e7c5f3244 100644
--- a/gnu/packages/protobuf.scm
+++ b/gnu/packages/protobuf.scm
@@ -25,17 +25,53 @@
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system python)
-  #:use-module ((guix licenses)
-                #:select (bsd-2 bsd-3))
+  #:use-module ((guix licenses) #:prefix license:)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages gcc)
+  #:use-module (gnu packages libevent)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python))
 
+(define-public fstrm
+  (package
+    (name "fstrm")
+    (version "0.3.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://dl.farsightsecurity.com/dist/" name "/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1i9y8a1712aj80p5a1kcp378bnjrg3s2127q7304hklhmjcrjl1d"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("libevent" ,libevent)))
+    (home-page "https://github.com/farsightsec/fstrm")
+    (synopsis "Implementation of the Frame Streams data transport protocol")
+    (description
+     "fstrm is an optimised implementation of Frame Streams as a C library and
+several tools built on top of it.
+
+@dfn{Frame Streams} is a light-weight, binary-clean protocol that allows for
+the transport of arbitrarily-encoded data payload sequences with minimal
+framing overhead---just four bytes per data frame.  It does not specify an
+encoding format for these data frames and can be used with any data
+serialisation format that produces byte sequences, such as Protocol Buffers,
+XML, JSON, MessagePack, YAML, etc.
+
+Frame Streams can be used either as a streaming transport over a reliable byte
+stream socket (TCP sockets, TLS connections, @code{AF_UNIX} sockets, etc.) for
+data in motion, or as a file format for data at rest.")
+    (license (list license:asl2.0
+                   (license:non-copyleft #f "See libmy/argv*")))))
+
 (define-public protobuf
   (package
     (name "protobuf")
-    (version "3.4.1")
+    (version "3.5.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/google/protobuf/releases/"
@@ -43,16 +79,34 @@
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0y6cr4l7bwa6zvjv5flzr4cx28shk5h8dz99xw90v8qih954pcrb"))))
+                "0lc5d5cnhsaiazc5gnsnv19bikk22rgcqlqzzrfvk6mkq98v1mld"))))
     (build-system gnu-build-system)
     (inputs `(("zlib" ,zlib)))
+    (outputs (list "out"
+                   "static"))           ; ~12 MiB of .a files
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'move-static-libraries
+           (lambda* (#:key outputs #:allow-other-keys)
+             ;; Move static libraries to the "static" output.
+             (let* ((out    (assoc-ref outputs "out"))
+                    (lib    (string-append out "/lib"))
+                    (static (assoc-ref outputs "static"))
+                    (slib   (string-append static "/lib")))
+               (mkdir-p slib)
+               (for-each (lambda (file)
+                           (install-file file slib)
+                           (delete-file file))
+                         (find-files lib "\\.a$"))
+               #t))))))
     (home-page "https://github.com/google/protobuf")
     (synopsis "Data encoding for remote procedure calls (RPCs)")
     (description
      "Protocol Buffers are a way of encoding structured data in an efficient
 yet extensible format.  Google uses Protocol Buffers for almost all of its
 internal RPC protocols and file formats.")
-    (license bsd-3)))
+    (license license:bsd-3)))
 
 ;; XXX Remove this old version when no other packages depend on it.
 (define-public protobuf-2
@@ -90,7 +144,7 @@ data serialization format.  It includes @code{libprotobuf-c}, a pure C library
 that implements protobuf encoding and decoding, and @code{protoc-c}, a code
 generator that converts Protocol Buffer @code{.proto} files to C descriptor
 code.")
-    (license bsd-2)))
+    (license license:bsd-2)))
 
 (define-public python-protobuf
   (package
@@ -111,7 +165,7 @@ code.")
     (description
      "Protocol buffers are a language-neutral, platform-neutral extensible
 mechanism for serializing structured data.")
-    (license bsd-3)))
+    (license license:bsd-3)))
 
 (define-public python2-protobuf
   (package-with-python2 python-protobuf))
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 3f8dea48f5..abc39318a8 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -1116,27 +1116,21 @@ Python 3.3+.")
 (define-public python-pyicu
   (package
     (name "python-pyicu")
-    (version "1.9.5")
+    (version "1.9.8")
     (source
      (origin
       (method url-fetch)
       (uri (pypi-uri "PyICU" version))
       (sha256
        (base32
-        "16rmxy9y0qhqqna2v49i7nzwm09as699rbyvh4raw7w602w55c3k"))))
+        "05nz4p2dpkhwj6y9kik24xbvmfxji39nl0xw0sc0nvp9fgzf6xnd"))))
     (build-system python-build-system)
-    (arguments
-     '(#:phases
-       (modify-phases %standard-phases
-         (add-before 'check 'delete-failing-test
-           (lambda _
-             ;; XXX: These tests require locales that are unavailable
-             ;; in the build environment.
-             (delete-file "test/test_DateTimeParserGenerator.py")
-             #t)))))
     (inputs
      `(("icu4c" ,icu4c)))
-    (home-page "http://pyicu.osafoundation.org/")
+    (native-inputs
+     `(("python-pytest" ,python-pytest)
+       ("python-six" ,python-six)))
+    (home-page "https://github.com/ovalhub/pyicu")
     (synopsis "Python extension wrapping the ICU C++ API")
     (description
      "PyICU is a python extension wrapping the ICU C++ API.")
@@ -1400,19 +1394,17 @@ existing ones.")
 (define-public scons
   (package
     (name "scons")
-    (version "2.5.1")
+    (version "3.0.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://sourceforge/scons/scons/" version
                                  "/scons-" version ".tar.gz"))
              (sha256
               (base32
-               "1wji1z9jdkhnmm99apx6fhld9cs52rr56aigniyrcsmlwy52298b"))))
+               "0wzid419mlwqw9llrg8gsx4nkzhqy16m4m40r0xnh6cwscw5wir4"))))
     (build-system python-build-system)
     (arguments
-     ;; With Python 3.x, fails to build with a syntax error.
-     `(#:python ,python-2
-       #:use-setuptools? #f                ; still relies on distutils
+     `(#:use-setuptools? #f                ; still relies on distutils
        #:tests? #f))                       ; no 'python setup.py test' command
     (home-page "http://scons.org/")
     (synopsis "Software construction tool written in Python")
@@ -1424,6 +1416,11 @@ In short, SCons is an easier, more reliable and faster way to build
 software.")
     (license license:x11)))
 
+(define-public scons-python2
+  (package
+    (inherit (package-with-python2 scons))
+    (name "scons-python2")))
+
 (define-public python-extras
   (package
     (name "python-extras")
@@ -8983,14 +8980,14 @@ collections of data.")
 (define-public python-prompt-toolkit
  (package
   (name "python-prompt-toolkit")
-  (version "1.0.9")
+  (version "1.0.15")
   (source
     (origin
       (method url-fetch)
       (uri (pypi-uri "prompt_toolkit" version ".tar.gz"))
       (sha256
         (base32
-          "172r15k9kwdw2lnajvpz1632dd16nqz1kcal1p0lq5ywdarj6rfd"))))
+          "05v9h5nydljwpj5nm8n804ms0glajwfy1zagrzqrg91wk3qqi1c5"))))
   (build-system python-build-system)
   (arguments
    '(#:tests? #f)) ; The test suite uses some Windows-specific data types.
@@ -11933,3 +11930,87 @@ services.")
 
 (define-public python2-jsonrpclib-pelix
   (package-with-python2 python-jsonrpclib-pelix))
+
+(define-public python-setuptools-scm-git-archive
+  (package
+    (name "python-setuptools-scm-git-archive")
+    (version "1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "setuptools_scm_git_archive" version))
+       (sha256
+        (base32
+         "1nii1sz5jq75ilf18bjnr11l9rz1lvdmyk66bxl7q90qan85yhjj"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-pytest-3.0" ,python-pytest-3.0)))
+    (propagated-inputs
+     `(("python-setuptools-scm" ,python-setuptools-scm)))
+    (home-page "https://github.com/Changaco/setuptools_scm_git_archive/")
+    (synopsis "Setuptools_scm plugin for git archives")
+    (description
+     "The setuptools_scm_git_archive package is a plugin to
+setuptools_scm, which supports obtaining versions from git archives that
+belong to tagged versions.")
+    (license license:expat)))
+
+(define-public python2-setuptools-scm-git-archive
+  (package-with-python2 python-setuptools-scm-git-archive))
+
+(define-public python-pyclipper
+  (package
+    (name "python-pyclipper")
+    (version "1.0.6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "pyclipper" version ".zip"))
+       (sha256
+        (base32
+         "1zpmwv3bya3j984y5cf9x9d5108kf6mxldcba68wiq0frv5qrssw"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:tests? #f)); 8 Tests fail, 37 succeed
+    (propagated-inputs
+     `(("python-setuptools-scm-git-archive" ,python-setuptools-scm-git-archive)))
+    (native-inputs
+     `(("unzip" ,unzip)))
+    (home-page "https://github.com/greginvm/pyclipper")
+    (synopsis "Wrapper for Angus Johnson's Clipper library")
+    (description
+     "Pyclipper is a Cython wrapper for the C++ translation of the
+  Angus Johnson's polygon clipping Clipper library (ver. 6.2.1).")
+    (license license:expat)))
+
+(define-public python2-pyclipper
+  (package-with-python2 python-pyclipper))
+
+(define-public python2-booleanoperations
+  (package
+    (name "python2-booleanoperations")
+    (version "0.7.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "booleanOperations" version ".zip"))
+       (sha256
+        (base32
+         "1hw42fazdpvsn77glx96hwsj9l17mvx37sc5707s08y5w6fx16mn"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:python ,python-2))
+    (native-inputs
+     `(("unzip" ,unzip)
+       ("python2-pytest-3.0" ,python2-pytest-3.0)
+       ("python2-pytest-runner" ,python2-pytest-runner)))
+    (propagated-inputs
+     `(("python-fonttools" ,python2-fonttools)
+       ("python-pyclipper" ,python2-pyclipper)
+       ("python-ufolib" ,python2-ufolib)))
+    (home-page "https://github.com/typemytype/booleanOperations")
+    (synopsis "Boolean operations on paths")
+    (description
+     "BooleanOperations provides a Python library that enables
+boolean operations on paths.")
+    (license license:expat)))
diff --git a/gnu/packages/qt.scm b/gnu/packages/qt.scm
index 4177c8b893..8bdc145c11 100644
--- a/gnu/packages/qt.scm
+++ b/gnu/packages/qt.scm
@@ -102,7 +102,7 @@ system, and the core design of Django is reused in Grantlee.")
 (define-public qt
   (package
     (name "qt")
-    (version "5.9.2")
+    (version "5.9.3")
     (outputs '("out" "examples"))
     (source (origin
              (method url-fetch)
@@ -115,7 +115,7 @@ system, and the core design of Django is reused in Grantlee.")
                  version ".tar.xz"))
              (sha256
                (base32
-                 "1zr0hvhryn2ada53ln7cycymh602cncli86n291bsgzas6j72qbc"))
+                 "0ik0ikwa0qb7dqcr9knxpnwv50b7m6m2iglzq9yjs3437zqdib2p"))
              (modules '((guix build utils)))
              (snippet
               '(begin
@@ -368,7 +368,7 @@ developers using C++ or QML, a CSS & JavaScript like language.")
 (define-public qtbase
   (package
     (name "qtbase")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -377,7 +377,7 @@ developers using C++ or QML, a CSS & JavaScript like language.")
                                  version ".tar.xz"))
              (sha256
               (base32
-               "16v0dny4rcyd5p8qsnsfg89w98k8kqk3rp9x3g3k7xjmi53bpqkz"))
+               "10lrkarvs7dpx9rlj7sjcc0pzi42098x8nqnhmydr4bnbq048z4y"))
              (modules '((guix build utils)))
              (snippet
                ;; corelib uses bundled harfbuzz, md4, md5, sha3
@@ -565,7 +565,7 @@ developers using C++ or QML, a CSS & JavaScript like language.")
 (define-public qtsvg
   (package (inherit qtbase)
     (name "qtsvg")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -574,7 +574,7 @@ developers using C++ or QML, a CSS & JavaScript like language.")
                                  version ".tar.xz"))
              (sha256
               (base32
-               "020icrl9vi8jh8ygsssqrx2bl8bx28m15dwmf9a969qdnvxyp5ms"))))
+               "1wjx9ymk2h19l9kk76jh87bnhhj955f9a93akvwwzfwg1jk2hrnz"))))
     (propagated-inputs `())
     (native-inputs `(("perl" ,perl)))
     (inputs
@@ -640,7 +640,7 @@ HostData=lib/qt5
 (define-public qtimageformats
   (package (inherit qtsvg)
     (name "qtimageformats")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -649,7 +649,7 @@ HostData=lib/qt5
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1wwxxcl24mk1p4w6knyfai09axmwqsm6cgsbkjsmdz3zmjh6qqis"))
+               "1p95wzm46j49c5br45g0pmlz3n3fl93j1ipzmnpmq9y2pbfhkcyl"))
              (modules '((guix build utils)))
              (snippet
               '(delete-file-recursively "src/3rdparty"))))
@@ -669,7 +669,7 @@ support for MNG, TGA, TIFF and WBMP image formats.")))
 (define-public qtx11extras
   (package (inherit qtsvg)
     (name "qtx11extras")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -678,7 +678,7 @@ support for MNG, TGA, TIFF and WBMP image formats.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1ias745j5lfnrfkgyk0pr8n8zlkqs08gq7yyzaj1c645sh54b1fv"))))
+               "1gpjgca4xvyy0r743kh2ys128r14fh6j8bdphnmmi5v2pf6bzq74"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:tests? _ #f) #f))) ; TODO: Enable the tests
@@ -693,7 +693,7 @@ from within Qt 5.")))
 (define-public qtxmlpatterns
   (package (inherit qtsvg)
     (name "qtxmlpatterns")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -702,7 +702,7 @@ from within Qt 5.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "0knk4bplqhvsxar1wv16bzfw57q0aja12gdaxz7m8mvx121sm9ha"))))
+               "1fphhqr3v3vzjp2vbv16bc1vs879wn7aqlabgcpkhqx92ak6d76g"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:phases phases)
@@ -722,7 +722,7 @@ xmlpatternsvalidator.")))
 (define-public qtdeclarative
   (package (inherit qtsvg)
     (name "qtdeclarative")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -731,7 +731,7 @@ xmlpatternsvalidator.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "020bha6q8byxc8cj5zw7gms5rgsjg71hv31hv1rr2fy7x56zsh0d"))))
+               "01wlk17zf47yzx7cc3cp617gj70yadllj2rsfk78879c0v96cpsh"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:tests? _ #f) #f))) ; TODO: Enable the tests
@@ -754,7 +754,7 @@ with JavaScript and C++.")))
 (define-public qtconnectivity
   (package (inherit qtsvg)
     (name "qtconnectivity")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -763,7 +763,7 @@ with JavaScript and C++.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1k7kjmlny0ykm40qx796wbsg3310v6b8hqizkbr597cmxjbrax9c"))))
+               "0j86rspn4xgwq1ddc1mpq1kq0ib2c0ag6rsn9ly2xs4iimp1x2g2"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:phases phases)
@@ -789,7 +789,7 @@ with Bluetooth and NFC.")))
 (define-public qtwebsockets
   (package (inherit qtsvg)
     (name "qtwebsockets")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -798,7 +798,7 @@ with Bluetooth and NFC.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "0x0nx1ampqsgj9qlc3l32z3ham1a5vq7m2lnxk5pr92yj6yw3pdg"))))
+               "1phic630ah85ajxp6iqrw9bpg0y8s88y45ygkc1wcasmbgzrs1nf"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:tests? _ #f) #f))) ; TODO: Enable the tests
@@ -816,7 +816,7 @@ consume data received from the server, or both.")))
 (define-public qtsensors
   (package (inherit qtsvg)
     (name "qtsensors")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -825,9 +825,10 @@ consume data received from the server, or both.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1lxmhi19dbb8vjhpjph0l0ss6zh72hb4908lp4s1pgf8r641ai3r"))))
+               "1hfsih5iy4fi6mnpw2shf1lzx9hxcdc1arspad1mark17l5s4pmr"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
+       ((#:parallel-tests? _ #f) #f) ; can lead to race condition
        ((#:phases phases)
         `(modify-phases ,phases
            (add-after 'unpack 'lengthen-test-timeout
@@ -847,7 +848,7 @@ recognition API for devices.")))
 (define-public qtmultimedia
   (package (inherit qtsvg)
     (name "qtmultimedia")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -856,7 +857,7 @@ recognition API for devices.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "0815hi3cxy5zy6yc5fkdpx2xd6rk7968j1ziwl2g4wa80802g9n9"))
+               "19iqh8xpspzlmpzh05bx5rchlslbfy2pp00xv52496yf9b95i5g7"))
              (modules '((guix build utils)))
              (snippet
               '(begin
@@ -897,7 +898,7 @@ set of plugins for interacting with pulseaudio and GStreamer.")))
 (define-public qtwayland
   (package (inherit qtsvg)
     (name "qtwayland")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -906,7 +907,7 @@ set of plugins for interacting with pulseaudio and GStreamer.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1ipn4xh0dj1kjg5i4vfl4gpx3hg2377w5gls47xpv1ikz41lshzn"))
+               "0vazcmpqdka3llmyg7m99lw0ngrydmw74p9nd04544xdn128r3ih"))
              (modules '((guix build utils)))
              (snippet
                ;; The examples try to build and cause the build to fail
@@ -947,7 +948,7 @@ compositor libraries.")))
 (define-public qtserialport
   (package (inherit qtsvg)
     (name "qtserialport")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -956,7 +957,7 @@ compositor libraries.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "0hndc9z7qzxazzjvc6k5yd58afw13444plk70b05nqdi5p19rvah"))))
+               "1pxb679cx77vk39ik7j0k91a57wqa63d4g4riw3r2gpcay8kxpac"))))
     (native-inputs `(("perl" ,perl)))
     (inputs
      `(("qtbase" ,qtbase)
@@ -968,7 +969,7 @@ interacting with serial ports from within Qt.")))
 (define-public qtserialbus
   (package (inherit qtsvg)
     (name "qtserialbus")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -977,7 +978,7 @@ interacting with serial ports from within Qt.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "025yv7zajz5scrmkjkmgkyvxpgkliqvrzc88is0gr481zpd4phmv"))))
+               "0f39qh05mp54frpn5sy9k5vfw5zb2gg72qaqz81mwlck2xg78qpg"))))
     (inputs
      `(("qtbase" ,qtbase)
        ("qtserialport" ,qtserialport)))
@@ -989,7 +990,7 @@ and others.")))
 (define-public qtwebchannel
   (package (inherit qtsvg)
     (name "qtwebchannel")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -998,7 +999,7 @@ and others.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "09iss70c1iqgf8qpik35qlgrdw5y9935v0fm2ppgkmxdxkpls6ww"))))
+               "0n438mk01sh2bbqakc1m3s65qqmi75m4n4hymad8wcgijfr9a9v3"))))
     (native-inputs
      `(("perl" ,perl)
        ("qtdeclarative" ,qtdeclarative)
@@ -1013,7 +1014,7 @@ popular web engines, Qt WebKit 2 and Qt WebEngine.")))
 (define-public qtlocation
   (package (inherit qtsvg)
     (name "qtlocation")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1022,7 +1023,7 @@ popular web engines, Qt WebKit 2 and Qt WebEngine.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "033b6l6jbvmc0k5qvbgh5vkzvfga7npqcphrywrrqkmx9vj446n8"))))
+               "1qacqz6l7zljqszblhgzg5y1v4mgki59k45ag7yc2iw7vrf45zc0"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:tests? _ #f) #f))) ; TODO: Enable the tests
@@ -1043,7 +1044,7 @@ positioning and geolocation plugins.")))
 (define-public qttools
   (package (inherit qtsvg)
     (name "qttools")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1052,7 +1053,7 @@ positioning and geolocation plugins.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "06nqsa5mj0mc9w9xbm7mgdkb66x4wlvkhnas32f97sb8ic8rdf9b"))))
+               "1zw4j8ymwcpn7dx1dlbxpmx5lfp26rag7pysap1xry9m7vg3hb24"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:tests? _ #f) #f))) ; TODO: Enable the tests
@@ -1070,7 +1071,7 @@ that helps in Qt development.")))
 (define-public qtscript
   (package (inherit qtsvg)
     (name "qtscript")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1079,7 +1080,7 @@ that helps in Qt development.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1wa0rnbphkhgydnwkf5bjwn0llskl6hgs0964nh0jik8qaspv027"))
+               "0rjm6nph1nssfpknp4i682bvk7363y4a2f74060vcm7ib2pzl2xq"))
              (patches (search-patches "qtscript-disable-tests.patch"))))
     (native-inputs
      `(("perl" ,perl)
@@ -1094,7 +1095,7 @@ ECMAScript and Qt.")))
 (define-public qtquickcontrols
   (package (inherit qtsvg)
     (name "qtquickcontrols")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1103,7 +1104,7 @@ ECMAScript and Qt.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "07xxhkfsljwdwlp9jfp88pwkrig02y2pnwhdsaz8mkcackwfq2az"))))
+               "09p2q3max4xrlw5svbhn11y9cgrvcjsj88xw4c0kq91cgnyyw3ih"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:tests? _ #f) #f))) ; TODO: Enable the tests
@@ -1118,7 +1119,7 @@ can be used to build complete interfaces in Qt Quick.")))
 (define-public qtquickcontrols2
   (package (inherit qtsvg)
     (name "qtquickcontrols2")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1127,7 +1128,7 @@ can be used to build complete interfaces in Qt Quick.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1ln83afxyp5dmvdnq6n7as82xrd5k3xvfx7b1jxnljivslyxsm9b"))))
+               "0hq888qq8q7dglpyzif64pplqjxfrqjpkvbcx0ycq35darls5ai1"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:tests? _ #f) #f))) ; TODO: Enable the tests
@@ -1143,7 +1144,7 @@ not available.")))
 (define-public qtgraphicaleffects
   (package (inherit qtsvg)
     (name "qtgraphicaleffects")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1152,7 +1153,7 @@ not available.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "0xpvigfiqfqvf05ywj8x69y57rp8dwq2hs1kpxlxs15pniz4wn8l"))))
+               "1nghl39sqsjamjn6pfmxmgga6z9vwzv2zbgc92amrfxxr2dh42vr"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:tests? _ #f) #f))) ; TODO: Enable the tests
@@ -1196,7 +1197,7 @@ backend for QtQuick scene graph.")
 (define-public qtgamepad
   (package (inherit qtsvg)
     (name "qtgamepad")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1205,7 +1206,7 @@ backend for QtQuick scene graph.")
                                  version ".tar.xz"))
              (sha256
               (base32
-               "0lm5v43psf7r8zc79dcjdmmdnz4jm30ylgkvsyv8k88mj06yklbn"))))
+               "14vari5cq10a0z02559l2m1v78g7ygnyqf1ilkmy2f0kr36wm7y6"))))
     (native-inputs
      `(("perl" ,perl)
        ("pkg-config" ,pkg-config)))
@@ -1226,7 +1227,7 @@ and mobile applications targeting TV-like form factors.")))
 (define-public qtscxml
   (package (inherit qtsvg)
     (name "qtscxml")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1235,7 +1236,7 @@ and mobile applications targeting TV-like form factors.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "0pdimqwdrj8hckm81lwy1z58ji4bdv0bzgv336m0a8v3pj914awx"))
+               "06x8hs3p7bfgnl6b2fjld4s41acw1rbnxbcgkprgw2fxxnl1zxfq"))
              (modules '((guix build utils)))
              (snippet
               '(begin
@@ -1256,7 +1257,7 @@ also contains functionality to support data models and executable content.")))
 (define-public qtpurchasing
   (package (inherit qtsvg)
     (name "qtpurchasing")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1265,7 +1266,7 @@ also contains functionality to support data models and executable content.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "04f28y7qcr4kd0pw26mm515qj7haxr0i8lijn1q47wkikxyhawca"))))
+               "00yfdd00frgf7fs9s0vyn1c6c4abxgld5rfgkzms3y6n6lcphs0j"))))
     (inputs
      `(("qtbase" ,qtbase)
        ("qtdeclarative" ,qtdeclarative)))
@@ -1276,7 +1277,7 @@ purchasing goods and services.")))
 (define-public qtcanvas3d
   (package (inherit qtsvg)
     (name "qtcanvas3d")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1285,7 +1286,7 @@ purchasing goods and services.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1siyzgm1mjx90rwyzzq9vw2s2xzyf6n7q0vn8gw7mdim5indda44"))
+               "1g0a606fgal4x17ly0qrj05pb0k8riwh7nj4g3jip05g8iwb2f2y"))
              (modules '((guix build utils)))
              (snippet
               '(delete-file-recursively "examples/canvas3d/3rdparty"))))
@@ -1313,7 +1314,7 @@ drawing calls from Qt Quick JavaScript.")))
 (define-public qtcharts
   (package (inherit qtsvg)
     (name "qtcharts")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1322,7 +1323,7 @@ drawing calls from Qt Quick JavaScript.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "193a3imkgryw42s0gbwaj9gpqd673h3jrg86jvmy33l2fc5gfyjf"))))
+               "1sb99ncmh84bz0xzq55chgic7jk61awnfvi7ld4gq5ap3nl865zc"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:tests? _ #f) #f))) ; TODO: Enable the tests
@@ -1340,7 +1341,7 @@ selecting one of the charts themes.")
 (define-public qtdatavis3d
   (package (inherit qtsvg)
     (name "qtdatavis3d")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1349,7 +1350,7 @@ selecting one of the charts themes.")
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1cmjjbbmdqdix1f8b7qyc2vwhj9pvchc8r4lp65qw11dhycmdbh6"))))
+               "0s636ix44akrjx47gv9qj2ac02q8clnwj3acfr28p6pagm46k7vh"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:tests? _ #f) #f))) ; TODO: Enable the tests
@@ -1367,7 +1368,7 @@ customized by using themes or by adding custom items and labels to them.")
 (define-public qtnetworkauth
   (package (inherit qtsvg)
     (name "qtnetworkauth")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1376,7 +1377,7 @@ customized by using themes or by adding custom items and labels to them.")
                                  version ".tar.xz"))
              (sha256
               (base32
-               "16i33m8x5yii22ciq97bpfmnw0lwhvgv84i2az30a1ikm9dg00x0"))))
+               "0fdz5q47xbiij3mi5lzhvxpq4jp9fm929v9kyvcyadz86mp3f8nz"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:phases phases)
@@ -1396,7 +1397,7 @@ implementation of OAuth and OAuth2 authenticathon methods for Qt.")))
 (define-public qtremoteobjects
   (package (inherit qtsvg)
     (name "qtremoteobjects")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1405,7 +1406,7 @@ implementation of OAuth and OAuth2 authenticathon methods for Qt.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1ylphdwis34y4pm9xiwh2xqfd0hh2gp8kkawlps2q5mh2bm11376"))))
+               "0z6qd381r6a7gdrsknlkkbhq9mmdqi040kfrvgm6mfa69336f4dk"))))
     (inputs
      `(("qtbase" ,qtbase)
        ("qtdeclarative" ,qtdeclarative)))
@@ -1418,7 +1419,7 @@ processes or computers.")))
 (define-public qtspeech
   (package (inherit qtsvg)
     (name "qtspeech")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1427,7 +1428,7 @@ processes or computers.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "0cq33dffi7q7dnvzhdivky5prakb8xnwap0b76fwgirhbbn88ypg"))))
+               "1c4rpf3by620fx8lrvmc38r60cikqczqh2rfcm7ixz3x8cj60lh1"))))
     (inputs
      `(("qtbase" ,qtbase)))
     (native-inputs
diff --git a/gnu/packages/samba.scm b/gnu/packages/samba.scm
index c9e4bee4a2..cee047b938 100644
--- a/gnu/packages/samba.scm
+++ b/gnu/packages/samba.scm
@@ -151,14 +151,14 @@ anywhere.")
 (define-public samba
   (package
     (name "samba")
-    (version "4.7.2")
+    (version "4.7.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.samba.org/pub/samba/stable/"
                                  "samba-" version ".tar.gz"))
              (sha256
               (base32
-               "14ngvqkdcjmc1nfyx2vgh82jmqdj6rhpqdqq4az7dcnzi4i52cpx"))))
+               "0b7xbfjpg7l1lz13gvj4ifcp9j3cvfp6pswjbq03z06bl4n1br06"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/scribus.scm b/gnu/packages/scribus.scm
index 6230195ed4..860d346778 100644
--- a/gnu/packages/scribus.scm
+++ b/gnu/packages/scribus.scm
@@ -81,7 +81,19 @@
     (arguments
      `(#:tests? #f                      ;no test target
        #:configure-flags
-       '("-DWANT_GRAPHICSMAGICK=1")))
+       '("-DWANT_GRAPHICSMAGICK=1")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'wrap-program
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             ;; Fix "ImportError: No module named _sysconfigdata_nd" where
+             ;; Scribus checks PATH and eventually runs system's Python
+             ;; instead of package's.
+             (let* ((out (assoc-ref outputs "out"))
+                    (py2 (assoc-ref inputs "python")))
+               (wrap-program (string-append out "/bin/scribus")
+                 `("PATH" ":" prefix (,(string-append py2 "/bin")))))
+             #t)))))
     (inputs
      `(("boost" ,boost)
        ("cairo" ,cairo)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index ba7c09a438..fa910a92aa 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2016 Mike Gerwitz <mtg@gnu.org>
 ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -82,7 +83,7 @@ readers and is needed to communicate with such devices through the
 (define-public eid-mw
   (package
     (name "eid-mw")
-    (version "4.3.0")
+    (version "4.3.4")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -91,9 +92,9 @@ readers and is needed to communicate with such devices through the
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0s646p19kq27wb160v9b8aaiy30k2shmq4njm471ggd2j7n7a6rs"))))
+                "1ay9znry9dkhhn783paqy8czvv3w5gdpmq8ag8znx9akza8c929z"))))
     (build-system glib-or-gtk-build-system)
-        (native-inputs
+    (native-inputs
      `(("autoconf" ,autoconf)
        ("automake" ,automake)
        ("gettext" ,gnu-gettext)
@@ -114,7 +115,7 @@ readers and is needed to communicate with such devices through the
        (modify-phases %standard-phases
          ;; The github tarball doesn't contain a configure script.
          (add-before 'configure 'autoreconf
-                     (lambda _ (zero? (system* "autoreconf" "-i")))))))
+           (lambda _ (zero? (system* "autoreconf" "-i")))))))
     (synopsis "Belgian eID Middleware")
     (description "The Belgian eID Middleware is required to authenticate with
 online services using the Belgian electronic identity card.")
diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm
index f03d7c4a9d..1f076999cb 100644
--- a/gnu/packages/shells.scm
+++ b/gnu/packages/shells.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 Stefan Reichör <stefan@xsteve.at>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2017 ng0 <ng0@infotropique.org>
+;;; Copyright © 2017 ng0 <ng0@n0.is>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
 ;;;
@@ -88,14 +88,19 @@ direct descendant of NetBSD's Almquist Shell (@command{ash}).")
 (define-public fish
   (package
     (name "fish")
-    (version "2.6.0")
+    (version "2.7.0")
     (source (origin
               (method url-fetch)
-              (uri (string-append "https://fishshell.com/files/"
-                                  version "/fish-" version ".tar.gz"))
+              (uri
+               (list
+                (string-append "https://fishshell.com/files/"
+                               version "/fish-" version ".tar.gz")
+                (string-append "https://github.com/fish-shell/fish-shell/"
+                               "releases/download/" version "/"
+                               name "-" version ".tar.gz")))
               (sha256
                (base32
-                "1yzx73kg5ng5ivhi68756sl5hpb8869110l9fwim6gn7f7bbprby"))
+                "1jvvm27hp46w0cia14lfz6161dkz8b935j1m7j38i7rgx75bfxis"))
               (modules '((guix build utils)))
               ;; Don't try to install /etc/fish/config.fish.
               (snippet
@@ -144,15 +149,15 @@ highlighting.")
 (define-public fish-guix
   (package
     (name "fish-guix")
-    (version "0.1.1")
+    (version "0.1.2.1")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "https://dist.infotropique.org/fish-guix/"
+       (uri (string-append "https://d.n0.is/releases/fish-guix/"
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "0xi0j9lvzh43lrj82gz52n2cjln0i0pgayngrg4hy5w4449biy0z"))))
+         "0k71hcn7nr523w74jw2i68x52s9hv6vmasnvnn7yr3xxvzn4kqgf"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; No checks.
@@ -161,11 +166,11 @@ highlighting.")
        #:phases
        (modify-phases %standard-phases
          (delete 'configure)))) ; No configure script.
-    (home-page "https://www.infotropique.org/projects/fish-guix/")
+    (home-page "https://n0.is/s/fish-guix/")
     (synopsis "Fish completions for Guix")
     (description
      "Fish-guix provides completions for Guix for users of the fish shell.")
-    (license public-domain)))
+    (license bsd-3)))
 
 (define-public rc
   (package
@@ -312,7 +317,7 @@ history mechanism, job control and a C-like syntax.")
 (define-public zsh
   (package
     (name "zsh")
-    (version "5.2")
+    (version "5.4.2")
     (source (origin
               (method url-fetch)
               (uri (list (string-append
@@ -323,7 +328,7 @@ history mechanism, job control and a C-like syntax.")
                            ".tar.gz")))
               (sha256
                (base32
-                "0dsr450v8nydvpk8ry276fvbznlrjgddgp7zvhcw4cv69i9lr4ps"))))
+                "1jdcfinzmki2w963msvsanv29vqqfmdfm4rncwpw0r3zqnrcsywm"))))
     (build-system gnu-build-system)
     (arguments `(#:configure-flags '("--with-tcsetpgrp" "--enable-pcre")
                  #:phases
@@ -346,7 +351,17 @@ history mechanism, job control and a C-like syntax.")
                                           "Test/B02typeset.ztst"
                                           "Completion/Unix/Command/_init_d"
                                           "Util/preconfig")
-                                      (("/bin/sh") (which "sh")))))))))
+                                      (("/bin/sh") (which "sh"))))))
+                   (add-before 'check 'patch-test
+                     (lambda _
+                       ;; In Zsh, `command -p` searches a predefined set of
+                       ;; paths that don't exist in the build environment. See
+                       ;; the assignment of 'path' in Src/init.c'
+                       (substitute* "Test/A01grammar.ztst"
+                         (("command -pv") "command -v")
+                         (("command -p") "command ")
+                         (("'command' -p") "'command' "))
+                       #t)))))
     (native-inputs `(("autoconf" ,autoconf)))
     (inputs `(("ncurses" ,ncurses)
               ("pcre" ,pcre)
diff --git a/gnu/packages/simulation.scm b/gnu/packages/simulation.scm
index de07b68440..a5b661e34d 100644
--- a/gnu/packages/simulation.scm
+++ b/gnu/packages/simulation.scm
@@ -84,6 +84,8 @@
      `(("gzip" ,gzip)
        ("gnuplot" ,gnuplot)
        ("openmpi" ,openmpi)))
+    (outputs '("debug"                  ;~60MB
+               "out"))
     (arguments
      `( ;; Executable files and shared libraries are located in the 'platforms'
        ;; subdirectory.
@@ -171,6 +173,15 @@
                         (("lockDir=.*$")
                          "lockDir=$HOME/.$WM_PROJECT/.wmake\n"))
                       #t))
+                  (add-after 'build 'cleanup
+                    ;; Avoid unncessary, voluminous object and dep files.
+                    (lambda _
+                      (delete-file-recursively
+                       "platforms/linux64GccDPInt32Opt/src")
+                      (delete-file-recursively
+                       "platforms/linux64GccDPInt32OptSYSTEMOPENMPI")
+                      (for-each delete-file (find-files "." "\\.o$"))
+                      #t))
                   (replace 'install
                     (lambda _
                       ;; use 'OpenFOAM-version' convention
diff --git a/gnu/packages/spice.scm b/gnu/packages/spice.scm
index 7d49f90be9..10f7c6bc57 100644
--- a/gnu/packages/spice.scm
+++ b/gnu/packages/spice.scm
@@ -203,20 +203,15 @@ which allows users to view a desktop computing environment.")
 (define-public spice
   (package
     (name "spice")
-    (version "0.12.8")
+    (version "0.14.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                "http://www.spice-space.org/download/releases/"
+                "https://www.spice-space.org/download/releases/"
                 "spice-" version ".tar.bz2"))
               (sha256
                (base32
-                "0za03i77j8i3g5l2np2j7vy8cqsdbkm9wbv4hjnaqq9xhz2sa0gr"))
-              (patches
-               (search-patches "spice-CVE-2017-7506.patch"
-                               "spice-CVE-2016-9577.patch"
-                               "spice-CVE-2016-9578-1.patch"
-                               "spice-CVE-2016-9578-2.patch"))))
+                "0j5q7cp5p95jk8fp48gz76rz96lifimdsx1wnpmfal0nnnar9nrs"))))
     (build-system gnu-build-system)
     (propagated-inputs
       `(("openssl" ,openssl)
@@ -228,6 +223,7 @@ which allows users to view a desktop computing environment.")
         ("libjpeg-turbo" ,libjpeg-turbo)
         ("lz4" ,lz4)
         ("opus" ,opus)
+        ("orc" ,orc)
         ("zlib" ,zlib)))
     (native-inputs
       `(("pkg-config" ,pkg-config)
diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm
index f2a6971826..bfa7e05f9d 100644
--- a/gnu/packages/statistics.scm
+++ b/gnu/packages/statistics.scm
@@ -110,7 +110,7 @@ be output in text, PostScript, PDF or HTML.")
 (define-public r-minimal
   (package
     (name "r-minimal")
-    (version "3.4.2")
+    (version "3.4.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cran/src/base/R-"
@@ -118,7 +118,7 @@ be output in text, PostScript, PDF or HTML.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0r0cv2kc3x5z9xycpnxx6fbvv22psw2m342jhpslbxkc8g1307lp"))))
+                "09pl0w01fr09bsrwd7nz2r5psysj0z93w4chz3hm2havvqqvhg3s"))))
     (build-system gnu-build-system)
     (arguments
      `(#:disallowed-references (,tzdata-for-tests)
@@ -359,14 +359,14 @@ k-nearest neighbour, Learning Vector Quantization and Self-Organizing Maps.")
 (define-public r-cluster
   (package
     (name "r-cluster")
-    (version "2.0.5")
+    (version "2.0.6")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "cluster" version))
        (sha256
         (base32
-         "1bkvqmv8h2c423q9ag2afb6s9j2vcdlxsf559zzbimraphrr2c2b"))))
+         "1z4gbz7chxxi4ly6c0yjlikwgf8aa8dlg05cn5cd6pjr21zvh97l"))))
     (build-system r-build-system)
     (inputs
      `(("gfortran" ,gfortran)))
@@ -464,14 +464,14 @@ also flexible enough to handle most nonstandard requirements.")
 (define-public r-matrix
   (package
     (name "r-matrix")
-    (version "1.2-11")
+    (version "1.2-12")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "Matrix" version))
        (sha256
         (base32
-         "1yvd6fx3n99j4gvzrng43ji38pr5h8y03kijccgjdalym2hcp36g"))))
+         "1wm45hg4x5ay15y03k6rmgkd1n9r01da72mszk24vafwd7pimr8n"))))
     (properties `((upstream-name . "Matrix")))
     (build-system r-build-system)
     (propagated-inputs
@@ -937,14 +937,14 @@ solution for sending email, including attachments, from within R.")
 (define-public r-stringi
   (package
     (name "r-stringi")
-    (version "1.1.5")
+    (version "1.1.6")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "stringi" version))
        (sha256
         (base32
-         "1wh20is24lmzhcd9487ckv7r19009fyz4is3ianp3ky69vy8a7k5"))))
+         "122im5m8x9bqpahc0hbxmvdq6hnsmgnxwwyjpvbihyv2jq5kd44m"))))
     (build-system r-build-system)
     (inputs `(("icu4c" ,icu4c)))
     (native-inputs `(("pkg-config" ,pkg-config)))
@@ -2095,26 +2095,27 @@ or source files in a key-value fashion.")
 (define-public r-batchjobs
   (package
     (name "r-batchjobs")
-    (version "1.6")
+    (version "1.7")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "BatchJobs" version))
        (sha256
         (base32
-         "1kb99024jih5bycc226bl4jyvbbl1sg72q3m2wnlshl7s8p6vva0"))))
+         "035658marnw57p4f38g99rwmvmb6hpbq0fhlxp3qbw22zfnnkvs9"))))
     (properties `((upstream-name . "BatchJobs")))
     (build-system r-build-system)
     (propagated-inputs
-     `(("r-bbmisc" ,r-bbmisc)
+     `(("r-backports" ,r-backports)
+       ("r-bbmisc" ,r-bbmisc)
        ("r-brew" ,r-brew)
        ("r-checkmate" ,r-checkmate)
+       ("r-data-table" ,r-data-table)
        ("r-dbi" ,r-dbi)
        ("r-digest" ,r-digest)
-       ("r-fail" ,r-fail)
        ("r-rsqlite" ,r-rsqlite)
        ("r-sendmailr" ,r-sendmailr)
-       ("r-stringr" ,r-stringr)))
+       ("r-stringi" ,r-stringi)))
     (home-page "https://github.com/tudo-r/BatchJobs")
     (synopsis "Batch computing with R")
     (description
@@ -2221,14 +2222,14 @@ collation, and NAMESPACE files.")
 (define-public r-openssl
   (package
     (name "r-openssl")
-    (version "0.9.8")
+    (version "0.9.9")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "openssl" version))
        (sha256
         (base32
-         "0wm7pkm5yfsxmpyr8n0pvj1398wqg5gzp5clqrg5nb2mflxv2nlc"))))
+         "1ir7ggs0rxgn83h40r6jg9dzhb7hbcwhkcj5nsdzj7jz61sfgv77"))))
     (build-system r-build-system)
     (inputs
      `(("libressl" ,libressl)))
@@ -2320,13 +2321,13 @@ informative error messages when it's not available.")
 (define-public r-devtools
   (package
     (name "r-devtools")
-    (version "1.13.3")
+    (version "1.13.4")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "devtools" version))
               (sha256
                (base32
-                "146wb09cmfh10vhn1ps2nmzx104zldb3nj9qv2ic0gbcikbbryp6"))))
+                "1az1qf50vyhm4w6k2a6wqw3pqc8jv2iqzdhs36cg079hx9swm0mb"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-digest" ,r-digest)
@@ -2367,15 +2368,18 @@ were originally a part of the r-devtools package.")
 (define-public r-hms
   (package
     (name "r-hms")
-    (version "0.3")
+    (version "0.4.0")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "hms" version))
        (sha256
         (base32
-         "127znf522r5mn3k6frhdd7pqh063bs3l85gn9h7cx50hpjf2as4k"))))
+         "07sh75flp15lx2b00s3nxh04xr9gk4qhlbh125qx25isf71zw6zl"))))
     (build-system r-build-system)
+    (propagated-inputs
+     `(("r-rlang" ,r-rlang)
+       ("r-pkgconfig" ,r-pkgconfig)))
     (home-page "https://github.com/rstats-db/hms")
     (synopsis "Pretty time of day")
     (description
@@ -2563,24 +2567,25 @@ certain criterion, e.g., it contains a certain regular file.")
 (define-public r-rmarkdown
   (package
     (name "r-rmarkdown")
-    (version "1.6")
+    (version "1.8")
     (source
       (origin
         (method url-fetch)
         (uri (cran-uri "rmarkdown" version))
         (sha256
           (base32
-            "0p8ph5z5pifk1nxc1bppkfs1ir5gjc6ap9n64b4255m2fdaqfrc7"))))
+            "0q1y1qx87xp6vf9h7mfl77rqhmd01xl53l9ap9qj99bfvpabb572"))))
     (properties `((upstream-name . "rmarkdown")))
     (build-system r-build-system)
     (propagated-inputs
-     `(("r-catools" ,r-catools)
+     `(("r-base64enc" ,r-base64enc)
        ("r-evaluate" ,r-evaluate)
        ("r-htmltools" ,r-htmltools)
        ("r-jsonlite" ,r-jsonlite)
-       ("r-base64enc" ,r-base64enc)
        ("r-knitr" ,r-knitr)
+       ("r-mime" ,r-mime)
        ("r-rprojroot" ,r-rprojroot)
+       ("r-stringr" ,r-stringr)
        ("r-yaml" ,r-yaml)
        ("ghc-pandoc" ,ghc-pandoc)))
     (home-page "http://rmarkdown.rstudio.com")
@@ -3273,20 +3278,19 @@ message passing.")
 (define-public r-bigmemory
   (package
     (name "r-bigmemory")
-    (version "4.5.19")
+    (version "4.5.31")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "bigmemory" version))
        (sha256
         (base32
-         "191gbzca557kpk7mdsg716vfyqpr7j5din6qb8hin4g1nkzzwmg6"))))
+         "0wv0p746zz5a6r1yd0fgpj2kfcyzk2f4rxqz92p6lp9jzakv4lfs"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-bh" ,r-bh)
        ("r-rcpp" ,r-rcpp)
-       ("r-bigmemory-sri" ,r-bigmemory-sri)
-       ("r-r-utils" ,r-r-utils)))
+       ("r-bigmemory-sri" ,r-bigmemory-sri)))
     (home-page "http://www.bigmemory.org")
     (synopsis "Manage large matrices with shared memory or memory-mapped files")
     (description "This package provides methods to create, store, access, and
@@ -4389,19 +4393,20 @@ Farebrother's algorithm or Liu et al.'s algorithm.")
 (define-public r-cowplot
   (package
     (name "r-cowplot")
-    (version "0.8.0")
+    (version "0.9.1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "cowplot" version))
        (sha256
         (base32
-         "03bh0r6ynr95gk4lc8asfi3kpmskm59vfzwn417pdziha3igs5x6"))))
+         "0iq0wsi7467cj8hqml06whk3xsiv89x8dvm9ynwp411pzzbdjgwm"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-ggplot2" ,r-ggplot2)
        ("r-gtable" ,r-gtable)
-       ("r-plyr" ,r-plyr)))
+       ("r-plyr" ,r-plyr)
+       ("r-scales" ,r-scales)))
     (home-page "https://github.com/wilkelab/cowplot")
     (synopsis "Streamlined plot theme and plot annotations for ggplot2")
     (description
@@ -4571,14 +4576,14 @@ models, generalized linear models and model-based clustering.")
 (define-public r-mclust
   (package
     (name "r-mclust")
-    (version "5.3")
+    (version "5.4")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "mclust" version))
        (sha256
         (base32
-         "0h5syvpg3azrz5d10z2afilaa27jb4azi38idzlv05mfcs16s6rb"))))
+         "1i3v1q8qq0al3ifvjhcvxfsg68cx9mq8jz67jwmiqai78mw0aqvk"))))
     (build-system r-build-system)
     (native-inputs
      `(("gfortran" ,gfortran)))
@@ -4913,14 +4918,14 @@ based on an interface to Fortran implementations by M. J. D. Powell.")
 (define-public r-rcppeigen
   (package
     (name "r-rcppeigen")
-    (version "0.3.3.3.0")
+    (version "0.3.3.3.1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "RcppEigen" version))
        (sha256
         (base32
-         "0zz9v0f8nnlvhhqv91lkyfblvjnmav84l89mr6vmbqjc2hzqd3n8"))))
+         "093g2wmqyk86693l0lzh2va8119w3k7rvw5q24p842jdfv5x5z8l"))))
     (properties `((upstream-name . "RcppEigen")))
     (build-system r-build-system)
     (propagated-inputs
@@ -5091,14 +5096,14 @@ bootstrap test for generalized linear mixed models.")
 (define-public r-car
   (package
     (name "r-car")
-    (version "2.1-5")
+    (version "2.1-6")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "car" version))
        (sha256
         (base32
-         "1bm0ks9ga60z3izgq0d4kvirr9v4yf1820d1wznkihnbb55bc3m6"))))
+         "14l4d9j87xnb0bz2wgqqbxnlnbcdfb5vx2fw6kdxj91kyrk6lhnj"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-mass" ,r-mass)
@@ -5145,18 +5150,19 @@ classification and regression models.")
 (define-public r-rcppprogress
   (package
     (name "r-rcppprogress")
-    (version "0.3")
+    (version "0.4")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "RcppProgress" version))
        (sha256
         (base32
-         "0796g11w7iv3ix1wfm3fh09qq7jki4r4cp1mjagq77igri3xrr9x"))))
+         "09ayw6d69i0lplmaj5md25p5hn1nmiyp6a4sh60v93nrrs1cq7iv"))))
     (properties `((upstream-name . "RcppProgress")))
     (build-system r-build-system)
     (propagated-inputs
-     `(("r-rcpp" ,r-rcpp)))
+     `(("r-devtools" ,r-devtools)
+       ("r-rcpp" ,r-rcpp)))
     (home-page "https://github.com/kforner/rcpp_progress")
     (synopsis "Interruptible progress bar for C++ in R packages")
     (description
@@ -5211,14 +5217,14 @@ first and second order derivatives.")
 (define-public r-sn
   (package
     (name "r-sn")
-    (version "1.5-0")
+    (version "1.5-1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "sn" version))
        (sha256
         (base32
-         "0fh7xjsfd2x8d9lbnss7raldh24b72b3pvcv7zqa1qprzg7zfr01"))))
+         "0l7qlah6dwkp8jswnr2mn3phlm15naba5zkmv0g5pcqy5ix0gz7w"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-mnormt" ,r-mnormt)
diff --git a/gnu/packages/synergy.scm b/gnu/packages/synergy.scm
index 8e863149c3..ec1872cc00 100644
--- a/gnu/packages/synergy.scm
+++ b/gnu/packages/synergy.scm
@@ -68,7 +68,7 @@
        ("xinput"  ,xinput)))
     (arguments
      `(#:phases
-       (let ((srcdir (string-append "../synergy-" ,version "-stable")))
+       (let ((srcdir (string-append "../synergy-core-" ,version "-stable")))
          (modify-phases %standard-phases
            (add-before 'configure 'unpack-aux-src
              ;; TODO: package and use from system
diff --git a/gnu/packages/telephony.scm b/gnu/packages/telephony.scm
index 5df5e9e4ab..cf1ab93c39 100644
--- a/gnu/packages/telephony.scm
+++ b/gnu/packages/telephony.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox.org>
 ;;; Copyright © 2016 Francesco Frassinelli <fraph24@gmail.com>
 ;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -27,6 +28,7 @@
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages avahi)
   #:use-module (gnu packages boost)
+  #:use-module (gnu packages check)
   #:use-module (gnu packages protobuf)
   #:use-module (gnu packages gnupg)
   #:use-module (gnu packages linux)
@@ -247,6 +249,52 @@ and a supporting cryptographic kernel.")
     (home-page "https://github.com/cisco/libsrtp")
     (license license:bsd-3)))
 
+(define-public bctoolbox
+  (package
+    (name "bctoolbox")
+    (version "0.2.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://savannah/linphone/bctoolbox/bctoolbox-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "14ivv6bh6qywys6yyb34scy9w78d636xl1f7cyxm3gwx2qv71lx5"))))
+    (build-system gnu-build-system)
+    (arguments '(#:make-flags '("CFLAGS=-fPIC")))
+    (native-inputs
+     `(("cunit" ,cunit)))
+    (inputs
+     `(("mbedtls" ,mbedtls-apache)))
+    (home-page "https://www.linphone.org")
+    (synopsis "Utilities library for linphone software")
+    (description "BCtoolbox is a utilities library used by Belledonne
+Communications softwares like linphone.")
+    (license license:gpl2+)))
+
+(define-public ortp
+  (package
+    (name "ortp")
+    (version "0.27.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://download.savannah.nongnu.org/"
+                                  "releases/linphone/ortp/sources/ortp-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "1by0dqdqrj5avzcvjws30g8v5sa61wj12x00sxw0kn1smcrshqgb"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("bctoolbox" ,bctoolbox)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "https://linphone.org/")
+    (synopsis "Implementation of the Real-time transport protocol")
+    (description "oRTP is a library implementing the Real-time transport
+protocol (RFC 3550).")
+    (license license:lgpl2.1+)))
+
 (define-public libiax2
   (let ((commit "0e5980f1d78ce462e2d1ed6bc39ff35c8341f201"))
     ;; This is the commit used by the Ring Project.
diff --git a/gnu/packages/time.scm b/gnu/packages/time.scm
index 52d47a1a45..20c27e420c 100644
--- a/gnu/packages/time.scm
+++ b/gnu/packages/time.scm
@@ -9,7 +9,7 @@
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2016 Danny Milosavljevic <dannym+a@scratchpost.org>
 ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
-;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Ben Woodcroft <donttrustben@gmail.com>
 ;;; Copyright © 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
@@ -63,14 +63,14 @@ to a file.")
 (define-public python-pytzdata
   (package
     (name "python-pytzdata")
-    (version "2017.2")
+    (version "2017.3.1")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "pytzdata" version))
        (sha256
         (base32
-         "1c1az8spm2d3km6qhjy69y4dlj71p6984l48mizr83nh4f0ipld4"))))
+         "1wi3jh39zsa9iiyyhynhj7w5b2p9wdyd0ppavpsrmf3wxvr7cwz8"))))
     (build-system python-build-system)
     (native-inputs
      `(("python-pytest" ,python-pytest)
@@ -87,14 +87,14 @@ to a file.")
 (define-public python-pytz
   (package
     (name "python-pytz")
-    (version "2017.2")
+    (version "2017.3")
     (source
      (origin
       (method url-fetch)
       (uri (pypi-uri "pytz" version ".zip"))
       (sha256
        (base32
-        "12cmd3j46d2gcw08bspvp6s9icfcvx88zjz52n1bli9dyvl5dh7m"))))
+        "1dw5l527vcafvdqq4wadwl7ikhb2sssz0v0cssibh8890kyczr7s"))))
     (build-system python-build-system)
     (native-inputs
      `(("unzip" ,unzip)))
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 1fe1e2968f..2aa082cfb5 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -11,6 +11,7 @@
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -458,14 +459,14 @@ required structures.")
 (define-public libressl
   (package
     (name "libressl")
-    (version "2.5.5")
+    (version "2.6.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://openbsd/LibreSSL/"
                                   name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1i77viqy1afvbr392npk9v54k9zhr9zq2vhv6pliza22b0ymwzz5"))))
+                "162wgzmg4zzqj5cxrsrmkfv1623dc4g8h3fsf1lvjw9i4sc6bbdf"))))
     (build-system gnu-build-system)
     (arguments
      ;; Do as if 'getentropy' was missing since older Linux kernels lack it
@@ -788,6 +789,9 @@ then ported to the GNU / Linux environment.")
         (base32
          "11wnj34rfqxjggmdgf042i49lr6civgbqwv2p7p8bn6k2919vg4r"))))
     (build-system cmake-build-system)
+    (arguments
+     `(#:configure-flags
+       (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON")))
     (native-inputs
      `(("perl" ,perl)))
     (synopsis "Small TLS library")
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index 6cf833464c..055916a9a0 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -47,14 +47,14 @@
 (define-public tor
   (package
     (name "tor")
-    (version "0.3.1.8")
+    (version "0.3.1.9")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://dist.torproject.org/tor-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "18dinpj03d036rashlad16lv7j2hba8gg742z07l37x5c242kxkx"))))
+               "09ixizsr635qyshvrn1m5asjkaz4fm8dx80lc3ajyy0fi7vh86vf"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags (list "--enable-gcc-hardening"
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 9de660f090..a41ddf8da3 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -98,6 +98,7 @@
       (uri (string-append "https://launchpad.net/bzr/"
                           (version-major+minor version) "/" version
                           "/+download/bzr-" version ".tar.gz"))
+      (patches (search-patches "bazaar-CVE-2017-14176.patch"))
       (sha256
        (base32
         "1cysix5k3wa6y7jjck3ckq3abls4gvz570s0v0hxv805nwki4i8d"))))
@@ -130,14 +131,14 @@ as well as the classic centralized workflow.")
    (name "git")
    ;; XXX When updating Git, check if the special 'git:src' input to cgit needs
    ;; to be updated as well.
-   (version "2.15.0")
+   (version "2.15.1")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://kernel.org/software/scm/git/git-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "0siyxg1ppg6szjp8xp37zfq1fj97kbdxpigi3asmidqhkx41cw8h"))))
+              "0p04linqdywdf7m1hqa904fzqvgzplsxlzdqrn96j1j5gpyr174r"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("native-perl" ,perl)
@@ -149,9 +150,8 @@ as well as the classic centralized workflow.")
                 "mirror://kernel.org/software/scm/git/git-manpages-"
                 version ".tar.xz"))
           (sha256
-
            (base32
-            "0xqwfg9xz5nw3ifaki87ahbz0xk5zmkgqs0ig357pxwh2i20kb92"))))))
+            "0mi609plzqqwx271hr9m5j4syggqx255bbzml6ca9j5fadywysvc"))))))
    (inputs
     `(("curl" ,curl)
       ("expat" ,expat)
@@ -188,6 +188,9 @@ as well as the classic centralized workflow.")
                      "NO_INSTALL_HARDLINKS=indeed")
       #:test-target "test"
 
+      ;; Tests fail randomly when parallel: <https://bugs.gnu.org/29512>.
+      #:parallel-tests? #f
+
       ;; The explicit --with-tcltk forces the build system to hardcode the
       ;; absolute file name to 'wish'.
       #:configure-flags (list (string-append "--with-tcltk="
@@ -243,6 +246,13 @@ as well as the classic centralized workflow.")
             ;; FIXME: Some hooks fail with "basename: command not found".
             ;; See 't/trash directory.t9164.../svn-hook.log'.
             (delete-file "t/t9164-git-svn-dcommit-concurrent.sh")
+
+            ;; XXX: These tests fail intermittently for unknown reasons:
+            ;; <https://bugs.gnu.org/29546>.
+            (for-each delete-file
+                      '("t/t9128-git-svn-cmd-branch.sh"
+                        "t/t9167-git-svn-cmd-branch-subproject.sh"
+                        "t/t9141-git-svn-multiple-branches.sh"))
             #t))
         (add-after 'install 'install-shell-completion
           (lambda* (#:key outputs #:allow-other-keys)
@@ -370,7 +380,11 @@ everything from small to very large projects with speed and efficiency.")
               (sha256
                (base32
                 "1b3figbhp5l83vd37vq6j2narrq4yl9pfw6mw0px0dzb1hz3jqka"))
-              (patches (search-patches "libgit2-0.25.1-mtime-0.patch"))))
+              (patches (search-patches "libgit2-0.25.1-mtime-0.patch"))
+
+              ;; Remove bundled software.
+              (snippet '(delete-file-recursively "deps"))
+              (modules '((guix build utils)))))
     (build-system cmake-build-system)
     (outputs '("out" "debug"))
     (arguments
@@ -390,7 +404,7 @@ everything from small to very large projects with speed and efficiency.")
            (lambda _ (zero? (system* "./libgit2_clar" "-v" "-Q")))))))
     (inputs
      `(("libssh2" ,libssh2)
-       ("libcurl" ,curl)
+       ("http-parser" ,http-parser)
        ("python" ,python-wrapper)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 9ac2de145e..2ad0565db3 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -798,7 +798,7 @@ audio/video codec library.")
 (define-public vlc
   (package
     (name "vlc")
-    (version "2.2.6")
+    (version "2.2.8")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -806,7 +806,7 @@ audio/video codec library.")
                    version "/vlc-" version ".tar.xz"))
              (sha256
               (base32
-               "1a22b913p2227ljz89c4fgjlyln5gcz8z58w32r0wh4srnnd60y4"))))
+               "1v32snw46rkgbdqdy3dssl2y13i8p2cr1cw1i18r6vdmiy24dw4v"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("git" ,git) ; needed for a test
@@ -1142,7 +1142,7 @@ access to mpv's powerful playback capabilities.")
 (define-public youtube-dl
   (package
     (name "youtube-dl")
-    (version "2017.11.15")
+    (version "2017.12.02")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://yt-dl.org/downloads/"
@@ -1150,7 +1150,7 @@ access to mpv's powerful playback capabilities.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1s0c0jnil4rnymj2nzjjv75p4lmk4h67kvxvjv2azknhmax7gcc8"))))
+                "1qf5gz00cnxzab3cwh9kxzhs08mddm0nwvb7j5z5xxzhi6wkslha"))))
     (build-system python-build-system)
     (arguments
      ;; The problem here is that the directory for the man page and completion
@@ -1259,7 +1259,7 @@ other site that youtube-dl supports.")
 (define-public you-get
   (package
     (name "you-get")
-    (version "0.4.939")
+    (version "0.4.995")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1268,11 +1268,10 @@ other site that youtube-dl supports.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1amkdfnjn2j4k7jlr7qw9mg5whd7dy6z1flh5cd0n9v3d4m7k0c5"))))
+                "0i89mn8v8znn3csgzfg8dz5vcn3ld66xj02az6137bljhgivjxra"))))
     (build-system python-build-system)
     (arguments
-     ;; no tests
-     '(#:tests? #f))
+     '(#:tests? #f))                    ; no tests
     (inputs
      `(("ffmpeg" ,ffmpeg)))
     (synopsis "Download videos, audios, or images from Web sites")
diff --git a/gnu/packages/vim.scm b/gnu/packages/vim.scm
index 0163662d10..85ccf9c9d1 100644
--- a/gnu/packages/vim.scm
+++ b/gnu/packages/vim.scm
@@ -440,6 +440,46 @@ trouble using them, because you do not have to remember each snippet name.")
       (home-page "https://github.com/Shougo/context_filetype.vim")
       (license license:expat)))) ; ??? check again
 
+;; The 2.2 release was in 2015, no new releases planned.
+(define-public vim-fugitive
+  (let ((commit "de6c05720cdf74c0218218d7207f700232a5b6dc")
+        (revision "1"))
+    (package
+      (name "vim-fugitive")
+      (version (string-append "2.2-" revision "." (string-take commit 7)))
+      (source
+        (origin
+          (method git-fetch)
+          (uri (git-reference
+                 (url "https://github.com/tpope/vim-fugitive.git")
+                 (commit commit)))
+          (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "0zg9vv7hirnx45vc2mwgg0xijmwwz55bssyd6cpdz71wbhrcpxxb"))))
+      (build-system gnu-build-system)
+      (arguments
+       '(#:tests? #f
+         #:phases
+         (modify-phases %standard-phases
+           (delete 'configure)
+           (delete 'build)
+           (replace 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out"))
+                      (vimfiles (string-append out "/share/vim/vimfiles"))
+                      (doc (string-append vimfiles "/doc"))
+                      (plugin (string-append vimfiles "/plugin")))
+                 (copy-recursively "doc" doc)
+                 (copy-recursively "plugin" plugin)
+                 #t))))))
+      (home-page "https://github.com/tpope/vim-fugitive")
+      (synopsis "Vim plugin to work with Git")
+      (description "Vim-fugitive is a wrapper for Vim that complements the
+command window, where you can stage and review your changes before the next
+commit or run any Git arbitrary command.")
+      (license license:vim)))) ; distributed under the same license as vim
+
 (define-public vim-airline
   (package
     (name "vim-airline")
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index 140b2528d3..d9fae08b25 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -5,6 +5,8 @@
 ;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;; Copyright © 2017 Andy Patterson <ajpatter@uwaterloo.ca>
+;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -84,6 +86,8 @@
              (uri (string-append "https://download.qemu.org/qemu-"
                                  version ".tar.xz"))
              (patches (search-patches "qemu-CVE-2017-15038.patch"
+                                      "qemu-CVE-2017-15118.patch"
+                                      "qemu-CVE-2017-15119.patch"
                                       "qemu-CVE-2017-15268.patch"
                                       "qemu-CVE-2017-15289.patch"))
              (sha256
@@ -156,6 +160,7 @@
        ("libepoxy" ,libepoxy)
        ("libjpeg" ,libjpeg-turbo)
        ("libpng" ,libpng)
+       ("libseccomp" ,libseccomp)
        ("libusb" ,libusb)                         ;USB pass-through support
        ("mesa" ,mesa)
        ("ncurses" ,ncurses)
@@ -325,15 +330,14 @@ manage system or application containers.")
 (define-public libvirt
   (package
     (name "libvirt")
-    (version "3.7.0")
+    (version "3.10.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://libvirt.org/sources/libvirt-"
                                   version ".tar.xz"))
-              (patches (search-patches "libvirt-CVE-2017-1000256.patch"))
               (sha256
                (base32
-                "1fk75cdzg59y9hnfdpdwv83fsc1yffy3lac4ch19zygfkqhcnysf"))))
+                "03kb37iv3dvvdlslznlc0njvjpmq082lczmsslz5p4fcwb50kwfz"))))
     (build-system gnu-build-system)
     (arguments
      `(;; FAIL: virshtest
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index 6b626f0d26..c8e82cf869 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -4,7 +4,7 @@
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -26,9 +26,11 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system python)
   #:use-module (gnu packages)
+  #:use-module (gnu packages base)
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages gettext)
@@ -72,41 +74,29 @@ endpoints.")
             (uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-"
                                 version ".tar.gz"))
             (sha256 (base32
-                     "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6"))
-            (patches (search-patches "vpnc-script.patch"))))
+                     "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6"))))
    (build-system gnu-build-system)
    (inputs `(("libgcrypt" ,libgcrypt)
              ("perl" ,perl)
-
-             ;; The following packages provide commands that 'vpnc-script'
-             ;; expects.
-             ("net-tools" ,net-tools)             ;ifconfig, route
-             ("iproute2" ,iproute)))              ;ip
+             ("vpnc-scripts" ,vpnc-scripts)))
    (arguments
     `(#:tests? #f ; there is no check target
       #:phases
       (modify-phases %standard-phases
-        (replace 'configure
-          (lambda* (#:key outputs #:allow-other-keys)
-            (let ((out (assoc-ref outputs "out")))
-              (substitute* "Makefile"
-                (("PREFIX=/usr/local") (string-append "PREFIX=" out)))
-              (substitute* "Makefile"
-                (("ETCDIR=/etc/vpnc") (string-append "ETCDIR=" out
-                                                     "/etc/vpnc"))))))
-        (add-after 'install 'wrap-vpnc-script
+        (add-after 'unpack 'use-store-paths
           (lambda* (#:key inputs outputs #:allow-other-keys)
-            ;; Wrap 'etc/vpnc/vpnc-script' so that it finds the commands it
-            ;; needs.  Assume coreutils/grep/sed are in $PATH.
-            (let ((out (assoc-ref outputs "out")))
-              (wrap-program (string-append out "/etc/vpnc/vpnc-script")
-                `("PATH" ":" prefix
-                  (,(string-append (assoc-ref inputs "net-tools")
-                                   "/sbin")
-                   ,(string-append (assoc-ref inputs "net-tools")
-                                   "/bin")
-                   ,(string-append (assoc-ref inputs "iproute2")
-                                   "/sbin"))))))))))
+            (let ((out          (assoc-ref outputs "out"))
+                  (vpnc-scripts (assoc-ref inputs  "vpnc-scripts")))
+              (substitute* "config.c"
+                (("/etc/vpnc/vpnc-script")
+                 (string-append vpnc-scripts "/etc/vpnc/vpnc-script")))
+              (substitute* "Makefile"
+                (("ETCDIR=.*")
+                 (string-append "ETCDIR=" out "/etc/vpnc\n"))
+                (("PREFIX=.*")
+                 (string-append "PREFIX=" out "\n")))
+              #t)))
+        (delete 'configure))))          ; no configure script
    (synopsis "Client for Cisco VPN concentrators")
    (description
     "vpnc is a VPN client compatible with Cisco's EasyVPN equipment.
@@ -117,6 +107,93 @@ Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
    (license license:gpl2+) ; some file are bsd-2, see COPYING
    (home-page "http://www.unix-ag.uni-kl.de/~massar/vpnc/")))
 
+(define-public vpnc-scripts
+  (let ((commit "6f87b0fe7b20d802a0747cc310217920047d58d3"))
+    (package
+      (name "vpnc-scripts")
+      (version (string-append "20161214." (string-take commit 7)))
+      (source (origin
+                (method git-fetch)
+                (uri
+                 (git-reference
+                  (url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git")
+                  (commit commit)))
+                (sha256
+                 (base32
+                  "0pa36w4wlyyvfb66cayhans99wsr2j5si2fvfr7ldfm512ajwn8h"))))
+      (build-system gnu-build-system)
+      (inputs `(("coreutils" ,coreutils)
+                ("grep" ,grep)
+                ("iproute2" ,iproute)    ; for ‘ip’
+                ("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’
+                ("sed" ,sed)
+                ("which" ,which)))
+      (arguments
+       `(#:phases
+         (modify-phases %standard-phases
+           (add-after 'unpack 'use-relative-paths
+             ;; Patch the scripts to work with and use relative paths.
+             (lambda* _
+               (for-each (lambda (script)
+                           (substitute* script
+                             (("^PATH=.*") "")
+                             (("(/usr|)/s?bin/") "")
+                             (("\\[ +-x +([^]]+) +\\]" _ command)
+                              (string-append "command -v >/dev/null 2>&1 "
+                                             command))))
+                         (find-files "." "^vpnc-script"))
+               #t))
+           (delete 'configure)          ; no configure script
+           (replace 'build
+             (lambda _
+               (zero? (system* "gcc" "-o" "netunshare" "netunshare.c"))))
+           (replace 'install
+             ;; There is no Makefile; manually install the relevant files.
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out"))
+                      (etc (string-append out "/etc/vpnc")))
+                 (for-each (lambda (file)
+                             (install-file file etc))
+                           (append (find-files "." "^vpnc-script")
+                                   (list "netunshare"
+                                         "xinetd.netns.conf")))
+                 #t)))
+           (add-after 'install 'wrap-scripts
+             ;; Wrap scripts with paths to their common hard dependencies.
+             ;; Optional dependencies will need to be installed by the user.
+             (lambda* (#:key inputs outputs #:allow-other-keys)
+               (let ((out (assoc-ref outputs "out")))
+                 (for-each
+                  (lambda (script)
+                    (wrap-program script
+                      `("PATH" ":" prefix
+                        ,(map (lambda (name)
+                                (let ((input (assoc-ref inputs name)))
+                                  (string-append input "/bin:"
+                                                 input "/sbin")))
+                              (list "coreutils"
+                                    "grep"
+                                    "iproute2"
+                                    "net-tools"
+                                    "sed"
+                                    "which")))))
+                  (find-files (string-append out "/etc/vpnc/vpnc-script")
+                              "^vpnc-script"))))))
+         #:tests? #f))                  ; no tests
+      (home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git")
+      (synopsis "Network configuration scripts for Cisco VPN clients")
+      (description
+       "This set of scripts configures routing and name services when invoked
+by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients.
+
+The default @command{vpnc-script} automatically configures most common
+connections, and provides hooks for performing custom actions at various stages
+of the connection or disconnection process.
+
+Alternative scripts are provided for more complicated set-ups, or to serve as an
+example for writing your own.  For example, @command{vpnc-script-sshd} contains
+the entire VPN in a network namespace accessible only through SSH.")
+      (license license:gpl2+))))
 
 (define-public openconnect
   (package
@@ -132,7 +209,7 @@ Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
    (inputs
     `(("libxml2" ,libxml2)
       ("gnutls" ,gnutls)
-      ("vpnc" ,vpnc)
+      ("vpnc-scripts" ,vpnc-scripts)
       ("zlib" ,zlib)))
    (native-inputs
     `(("gettext" ,gettext-minimal)
@@ -140,7 +217,7 @@ Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
    (arguments
     `(#:configure-flags
       `(,(string-append "--with-vpnc-script="
-                        (assoc-ref %build-inputs "vpnc")
+                        (assoc-ref %build-inputs "vpnc-scripts")
                         "/etc/vpnc/vpnc-script"))))
    (synopsis "Client for Cisco VPN")
    (description
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index b61b308c18..fff4b767ca 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -56,6 +56,7 @@
   #:use-module (guix build-system trivial)
   #:use-module (guix build-system python)
   #:use-module (guix build-system ant)
+  #:use-module (guix build-system scons)
   #:use-module (gnu packages)
   #:use-module (gnu packages apr)
   #:use-module (gnu packages check)
@@ -1068,10 +1069,7 @@ from streaming URLs.  It is a command-line wrapper for the libquvi library.")
                            version ".tar.bz2"))
        (sha256
         (base32 "1k47gbgpp52049andr28y28nbwh9m36bbb0g8p0aka3pqlhjv72l"))))
-    (build-system gnu-build-system)
-    (native-inputs
-     `(("scons" ,scons)
-       ("python" ,python-2)))
+    (build-system scons-build-system)
     (propagated-inputs
      `(("apr" ,apr)
        ("apr-util" ,apr-util)
@@ -1081,13 +1079,15 @@ from streaming URLs.  It is a command-line wrapper for the libquvi library.")
        ;;("gss" ,gss)
        ("zlib" ,zlib)))
     (arguments
-     `(#:modules ((guix build gnu-build-system)
-                  (guix build utils)
-                  (srfi srfi-1))
+     `(#:scons ,scons-python2
+       #:scons-flags (list (string-append "APR=" (assoc-ref %build-inputs "apr"))
+                           (string-append "APU=" (assoc-ref %build-inputs "apr-util"))
+                           (string-append "OPENSSL=" (assoc-ref %build-inputs "openssl"))
+                           ;; (string-append "GSSAPI=" (assoc-ref %build-inputs "gss"))
+                           (string-append "ZLIB=" (assoc-ref %build-inputs "zlib"))
+                           (string-append "PREFIX=" %output))
        #:phases
-       ;; TODO: Add scons-build-system and use it here.
        (modify-phases %standard-phases
-         (delete 'configure)
          (add-after 'unpack 'scons-propagate-environment
                     (lambda _
                       ;; By design, SCons does not, by default, propagate
@@ -1098,21 +1098,6 @@ from streaming URLs.  It is a command-line wrapper for the libquvi library.")
                       (substitute* "SConstruct"
                         (("^env = Environment\\(")
                          "env = Environment(ENV=os.environ, "))))
-         (replace 'build
-                  (lambda* (#:key inputs outputs #:allow-other-keys)
-                    (let ((out      (assoc-ref outputs "out"))
-                          (apr      (assoc-ref inputs "apr"))
-                          (apr-util (assoc-ref inputs "apr-util"))
-                          (openssl  (assoc-ref inputs "openssl"))
-                          ;;(gss      (assoc-ref inputs "gss"))
-                          (zlib     (assoc-ref inputs "zlib")))
-                      (zero? (system* "scons"
-                                      (string-append "APR=" apr)
-                                      (string-append "APU=" apr-util)
-                                      (string-append "OPENSSL=" openssl)
-                                      ;;(string-append "GSSAPI=" gss)
-                                      (string-append "ZLIB=" zlib)
-                                      (string-append "PREFIX=" out))))))
          (add-before 'check 'disable-broken-tests
            (lambda _
              ;; These tests rely on SSL certificates that expired 2017-04-18.
@@ -1139,9 +1124,7 @@ from streaming URLs.  It is a command-line wrapper for the libquvi library.")
                   (substitute* "test/test_context.c"
                     (((string-append "SUITE_ADD_TEST\\(suite, " test "\\);")) "")))
                 broken-tests)
-               #t)))
-         (replace 'check   (lambda _ (zero? (system* "scons" "check"))))
-         (replace 'install (lambda _ (zero? (system* "scons" "install")))))))
+               #t))))))
     (home-page "https://serf.apache.org/")
     (synopsis "High-performance asynchronous HTTP client library")
     (description
@@ -4898,7 +4881,7 @@ used to start services with both privileged and non-privileged port numbers.")
 (define-public tidy-html
   (package
     (name "tidy-html")
-    (version "5.4.0")
+    (version "5.6.0")
     (source
      (origin
        (method url-fetch)
@@ -4907,7 +4890,7 @@ used to start services with both privileged and non-privileged port numbers.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "0yhbgbjl45b4sjxwc394cjra6iy02q1pi66p28zy70lr6jvm9mx2"))))
+         "0n29wcgw32rhnraj9j21ibhwi0xagmmcskhbaz8ihxly7nx3p9h8"))))
     (build-system cmake-build-system)
     (outputs '("out"
                "static")) ; 1.0MiB of .a files
@@ -5160,7 +5143,7 @@ command-line arguments or read from stdin.")
 (define-public python-internetarchive
   (package
     (name "python-internetarchive")
-    (version "1.7.1")
+    (version "1.7.4")
     (source
      (origin
        (method url-fetch)
@@ -5169,24 +5152,23 @@ command-line arguments or read from stdin.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1lj4r0y67mwjns2gcjvw0y7m5x0vqir2iv7s4q2y93492azli1qh"))))
+         "0sdbb2ag6vmybi8zmbjszi492a587giaaqxyy1p6gy03cb8mc512"))))
     (build-system python-build-system)
     (arguments
-     `(#:tests? #f ; 11 tests of 105 fail to mock "requests".
-       #:phases
+     `(#:phases
        (modify-phases %standard-phases
          (delete 'check)
          (add-after 'install 'check
-           (lambda* (#:key inputs outputs target (tests? (not target)) #:allow-other-keys)
-             (if tests?
-               (begin
-                 (add-installed-pythonpath inputs outputs)
-                 (setenv "PATH" (string-append (assoc-ref outputs "out") "/bin"
-                                               ":" (getenv "PATH")))
-                 (zero? (system* "py.test")))
-               (begin
-                 (format #t "test suite not run~%")
-                 #t)))))))
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (add-installed-pythonpath inputs outputs)
+             (setenv "PATH" (string-append (assoc-ref outputs "out") "/bin"
+                                           ":" (getenv "PATH")))
+             (zero? (system* "py.test" "-v" "-k"
+                             (string-append
+                              ;; These tests attempt to make a connection to
+                              ;; an external web service.
+                              "not test_get_item_with_kwargs"
+                              " and not test_ia"))))))))
     (propagated-inputs
      `(("python-requests" ,python-requests)
        ("python-jsonpatch" ,python-jsonpatch-0.4)
@@ -5212,6 +5194,58 @@ internetarchive python module for programatic access to archive.org.")
   (package-with-python2
    (strip-python2-variant python-internetarchive)))
 
+(define-public python-clf
+  (let ((commit-test-clf "d01d25923c599d3261910f79fb948825b4270d07")) ; 0.5.7
+    (package
+      (name "python-clf")
+      (version "0.5.7")
+      (source
+       (origin
+         (method url-fetch)
+         (uri (pypi-uri "clf" version))
+         (sha256
+          (base32
+           "0zlkzqnpz7a4iavsq5vaz0nf5nr7qm5znpg1vlpz6rwnx6hikjdb"))))
+      (build-system python-build-system)
+      (propagated-inputs
+       `(("python-docopt" ,python-docopt)
+         ("python-pygments" ,python-pygments)
+         ("python-requests" ,python-requests)
+         ("python-nose" ,python-nose)
+         ("python-lxml" ,python-lxml)
+         ("python-pyaml" ,python-pyaml)))
+      (inputs
+       `(("test-clf"
+          ,(origin
+             (method url-fetch)
+             (uri (string-append "https://raw.githubusercontent.com"
+                                 "/ncrocfer/clf/" commit-test-clf
+                                 "/test_clf.py"))
+             (sha256
+              (base32
+               "19lr5zdzsmxgkg7wrjq1yzkiahd03wi4k3dskssyhmjls8c10nqd"))))))
+      (arguments
+       '(#:phases
+         (modify-phases %standard-phases
+           (add-after 'unpack 'get-tests
+             (lambda _
+               (copy-file (assoc-ref %build-inputs "test-clf") "test_clf.py")))
+           (replace 'check
+             (lambda _
+               (zero? (system* "nosetests"
+                               ;; These tests require internet connection
+                               "--exclude=test_browse"
+                               "--exclude=test_command"
+                               "--exclude=test_search")))))))
+      (home-page "https://github.com/ncrocfer/clf")
+      (synopsis "Search code snippets on @url{https://commandlinefu.com}")
+      (description "@code{clf} is a command line tool for searching code
+snippets on @url{https://commandlinefu.com}.")
+      (license l:expat))))
+
+(define-public python2-clf
+  (package-with-python2 python-clf))
+
 (define-public r-shiny
   (package
     (name "r-shiny")
@@ -6079,3 +6113,38 @@ based on this library, allowing Perl programmers to easily validate HTML.")
 object.  It's meant as a replacement for @code{HTML::Lint}, which is written
 in Perl but is not nearly as capable as @code{HTML::Tidy}.")
     (license l:artistic2.0)))
+
+(define-public geomyidae
+  (package
+    (name "geomyidae")
+    (version "0.29")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://git.r-36.net/geomyidae/snapshot/"
+                           "geomyidae-" version ".tar.bz2"))
+       (sha256
+        (base32
+         "0qxgxp6psfrgfqhndyq2z54nb1qrmvvljddnxdwp207jbz366bja"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:make-flags (list "CC=gcc"
+                          (string-append "PREFIX="
+                                         (assoc-ref %outputs "out")))
+       #:tests? #f                                ;no tests
+       #:phases (modify-phases %standard-phases
+                  (delete 'configure))))
+    (home-page "http://git.r-36.net/geomyidae")
+    (synopsis "Small Gopher server")
+    (description
+     "Geomyidae is a server for distributed hypertext protocol Gopher.  Its
+features include:
+
+@enumerate
+@item Gopher menus (see @file{index.gph} for an example);
+@item directory listings (if no @file{index.gph} was found);
+@item CGI support (@file{.cgi} files are executed);
+@item search support in CGI files;
+@item logging with multiple log levels.
+@end enumerate\n")
+    (license l:expat)))
diff --git a/gnu/packages/wget.scm b/gnu/packages/wget.scm
index a4862d5155..3dcf00b9be 100644
--- a/gnu/packages/wget.scm
+++ b/gnu/packages/wget.scm
@@ -130,7 +130,7 @@ online pastebin services.")
     (origin
      (method git-fetch)
      (uri (git-reference
-           (url "https://github.com/rockdaboot/wget2")
+           (url "https://gitlab.com/gnuwget/wget2.git")
            (commit "b45709d3d21714135ce79df6abbdcb704684063d")
            (recursive? #t))) ;; Needed for 'gnulib' git submodule.
      (file-name (string-append name "-" version "-checkout"))
@@ -167,7 +167,7 @@ online pastebin services.")
              ("python", python)))
    ;; TODO: Add libbrotlidec, libnghttp2.
    (native-inputs `(("pkg-config", pkg-config)))
-   (home-page "https://github.com/rockdaboot/wget2")
+   (home-page "https://gitlab.com/gnuwget/wget2")
    (synopsis "Successor of GNU Wget")
    (description "GNU Wget2 is the successor of GNU Wget, a file and recursive
 website downloader.  Designed and written from scratch it wraps around libwget,
diff --git a/gnu/packages/wm.scm b/gnu/packages/wm.scm
index 62a5b54608..6912d6f2d9 100644
--- a/gnu/packages/wm.scm
+++ b/gnu/packages/wm.scm
@@ -785,8 +785,8 @@ It is inspired by Xmonad and dwm.  Its major features include:
 @item Quick launch menu
 @item Many screen layouts possible with a few simple key strokes
 @item Move/resize floating windows
-@item Extended Window Manager Hints (EWMH) support
-@item Configureable tiling
+@item Extended Window Manager Hints (@dfn{EWMH}) support
+@item Configurable tiling
 @item Adjustable tile gap allows for a true one pixel border
 @item Customizable colors and border width
 @end itemize\n")
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 3f46f6b57d..acc2618e21 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -20,6 +20,7 @@
 ;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Marek Benc <dusxmt@gmx.com>
+;;; Copyright © 2017 Mike Gerwitz <mtg@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1329,3 +1330,53 @@ a specified program, emulating the PC speaker beep using the sound card (default
 or playing a PCM encoded WAVE file.")
     (home-page "https://github.com/dusxmt/nxbelld")
     (license license:gpl3+)))
+
+(define-public xautolock
+  (package
+    (name "xautolock")
+    (version "2.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://www.ibiblio.org/pub/linux/X11/screensavers/"
+                                  name "-" version ".tgz"))
+              (sha256
+               (base32
+                "18jd3k3pvlm5x1adyqw63z2b3f4ixh9mfvz9asvnskk3fm8jgw0i"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("imake" ,imake)))
+    (inputs
+     `(("libx11" ,libx11)
+       ("libxext" ,libxext)
+       ("libxscrnsaver" ,libxscrnsaver)))
+    (arguments
+     `(#:tests? #f
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((imake (assoc-ref inputs "imake"))
+                   (out   (assoc-ref outputs "out")))
+               ;; Generate Makefile
+               (invoke "xmkmf")
+               (substitute* "Makefile"
+                 ;; These imake variables somehow remain undefined
+                 (("DefaultGcc2[[:graph:]]*Opt") "-O2")
+                 ;; Reset a few variable defaults that are set in imake templates
+                 ((imake) out)
+                 (("(MANPATH = )[[:graph:]]*" _ front)
+                  (string-append front out "/share/man")))
+               ;; Old BSD-style 'union wait' is unneeded (defining
+               ;; _USE_BSD did not seem to fix it)
+               (substitute* "src/engine.c"
+                 (("union wait  status") "int status = 0"))
+               #t)))
+         (add-after 'install 'install/man
+           (lambda _
+             (zero? (system* "make" "install.man")))))))
+    (home-page "http://ibiblio.org/pub/Linux/X11/screensavers/")
+    (synopsis "Program launcher for idle X sessions")
+    (description "Xautolock monitors input devices under the X Window
+System, and launches a program of your choice if there is no activity after
+a user-configurable period of time.")
+    (license license:gpl2)))
diff --git a/gnu/packages/xfig.scm b/gnu/packages/xfig.scm
index 64ca57028f..e51558e0be 100644
--- a/gnu/packages/xfig.scm
+++ b/gnu/packages/xfig.scm
@@ -90,7 +90,7 @@
                         (("XCOMM USEINLINE") "USEINLINE"))
                       ;; The -a argument is required in order to pick up the correct paths
                       ;; to several X header files.
-                      (zero? (system* "xmkmf" "-a"))
+                      (invoke "xmkmf" "-a")
                       ;; Reset some variables that are inherited from imake templates
                       (substitute* "Makefile"
                         ;; These imake variables somehow remain undefined
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index adf2dffff8..4ea0fcd5e2 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -4855,7 +4855,7 @@ an X Window System display.")
 (define-public libxfont
   (package
     (name "libxfont")
-    (version "1.5.3")
+    (version "1.5.4")
     (source
       (origin
         (method url-fetch)
@@ -4865,7 +4865,7 @@ an X Window System display.")
                ".tar.bz2"))
         (sha256
           (base32
-            "1l4k3i3xzqdmaszykh6bb2ah78p6c3z7fak7xzgq2d38s87w31db"))))
+            "0hiji1bvpl78aj3a3141hkk353aich71wv8l5l2z51scfy878zqs"))))
     (build-system gnu-build-system)
     (propagated-inputs
       `(("fontsproto" ,fontsproto)
@@ -4892,6 +4892,7 @@ new API's in libXft, or the legacy API's in libX11.")
   (package
     (inherit libxfont)
     (version "2.0.2")
+    (replacement libxfont2-2.0.3)
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://xorg/individual/lib/libXfont2-"
@@ -4900,6 +4901,23 @@ new API's in libXft, or the legacy API's in libX11.")
                (base32
                 "04f1lswh1ridkycgaivf1hrr77l5ap8smbfr2rqjrm7phwxqs24l"))))))
 
+;; Fixes the following security vulnerabilities:
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13720
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13722
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16612
+(define-public libxfont2-2.0.3
+  (package
+    (inherit libxfont2)
+    (version "2.0.3")
+    (source
+     (origin
+       (inherit (package-source libxfont2))
+       (uri (string-append "mirror://xorg/individual/lib/libXfont2-"
+                           version ".tar.bz2"))
+       (sha256
+        (base32
+         "0klwmimmhm3axpj8pwn5l41lbggh47r5aazhw63zxkbwfgyvg2hf"))))))
+
 (define-public libxi
   (package
     (name "libxi")
@@ -5297,6 +5315,7 @@ draggable titlebars and borders.")
   (package
     (name "libxcursor")
     (version "1.1.14")
+    (replacement libxcursor-1.1.15)
     (source
       (origin
         (method url-fetch)
@@ -5329,6 +5348,18 @@ draggable titlebars and borders.")
     (description "Xorg Cursor management library.")
     (license license:x11)))
 
+;; For CVE-2017-16612.
+(define-public libxcursor-1.1.15
+  (package
+    (inherit libxcursor)
+    (version "1.1.15")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://xorg/individual/lib/libXcursor-"
+                                  version ".tar.bz2"))
+              (sha256
+               (base32
+                "0syzlfvh29037p0vnlc8f3jxz8nl55k65blswsakklkwsc6nfki9"))))))
 
 (define-public libxt
   (package
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 06b2a7d2d8..11f55c588c 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1345,7 +1345,7 @@ failed to register hydra.gnu.org public key: ~a~%" status))))))))
 (define %default-authorized-guix-keys
   ;; List of authorized substitute keys.
   (list (file-append guix "/share/guix/hydra.gnu.org.pub")
-        (file-append guix "/share/guix/bayfront.guixsd.org.pub")))
+        (file-append guix "/share/guix/berlin.guixsd.org.pub")))
 
 (define-record-type* <guix-configuration>
   guix-configuration make-guix-configuration
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
new file mode 100644
index 0000000000..dc072ea8da
--- /dev/null
+++ b/gnu/services/certbot.scm
@@ -0,0 +1,133 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016 Sou Bunnbu <iyzsong@member.fsf.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services certbot)
+  #:use-module (gnu services)
+  #:use-module (gnu services base)
+  #:use-module (gnu services shepherd)
+  #:use-module (gnu services mcron)
+  #:use-module (gnu services web)
+  #:use-module (gnu system shadow)
+  #:use-module (gnu packages tls)
+  #:use-module (guix records)
+  #:use-module (guix gexp)
+  #:use-module (srfi srfi-1)
+  #:use-module (ice-9 match)
+  #:export (certbot-service-type
+            certbot-configuration
+            certbot-configuration?))
+
+;;; Commentary:
+;;;
+;;; Automatically obtaining TLS certificates from Let's Encrypt.
+;;;
+;;; Code:
+
+
+(define-record-type* <certbot-configuration>
+  certbot-configuration make-certbot-configuration
+  certbot-configuration?
+  (package             certbot-configuration-package
+                       (default certbot))
+  (webroot             certbot-configuration-webroot
+                       (default "/var/www"))
+  (hosts               certbot-configuration-hosts
+                       (default '()))
+  (default-location    certbot-configuration-default-location
+                       (default
+                         (nginx-location-configuration
+                          (uri "/")
+                          (body
+                           (list "return 301 https://$host$request_uri;"))))))
+
+(define certbot-renewal-jobs
+  (match-lambda
+    (($ <certbot-configuration> package webroot hosts default-location)
+     (match hosts
+       ;; Avoid pinging certbot if we have no hosts.
+       (() '())
+       (_
+        (list
+         ;; Attempt to renew the certificates twice a week.
+         #~(job (lambda (now)
+                  (next-day-from (next-hour-from now '(3))
+                                 '(2 5)))
+                (string-append #$package "/bin/certbot renew"
+                               (string-concatenate
+                                (map (lambda (host)
+                                       (string-append " -d " host))
+                                     #$hosts))))))))))
+
+(define certbot-activation
+  (match-lambda
+    (($ <certbot-configuration> package webroot hosts default-location)
+     (with-imported-modules '((guix build utils))
+       #~(begin
+	   (use-modules (guix build utils))
+	   (mkdir-p #$webroot)
+           (for-each
+            (lambda (host)
+              (unless (file-exists? (in-vicinity "/etc/letsencrypt/live" host))
+                (unless (zero? (system*
+                                (string-append #$certbot "/bin/certbot")
+                                "certonly" "--webroot" "-w" #$webroot
+                                "-d" host))
+                  (error "failed to acquire cert for host" host))))
+            '#$hosts))))))
+
+(define certbot-nginx-server-configurations
+  (match-lambda
+    (($ <certbot-configuration> package webroot hosts default-location)
+     (map
+      (lambda (host)
+        (nginx-server-configuration
+         (http-port 80)
+         (https-port #f)
+         (ssl-certificate #f)
+         (ssl-certificate-key #f)
+         (server-name (list host))
+         (locations
+          (filter identity
+                  (list
+                   (nginx-location-configuration
+                    (uri "/.well-known")
+                    (body (list (list "root " webroot ";"))))
+                   default-location)))))
+      hosts))))
+
+(define certbot-service-type
+  (service-type (name 'certbot)
+                (extensions
+                 (list (service-extension nginx-service-type
+                                          certbot-nginx-server-configurations)
+                       (service-extension activation-service-type
+                                          certbot-activation)
+                       (service-extension mcron-service-type
+                                          certbot-renewal-jobs)))
+                (compose concatenate)
+                (extend (lambda (config additional-hosts)
+                          (certbot-configuration
+                           (inherit config)
+                           (hosts (append (certbot-configuration-hosts config)
+                                          additional-hosts)))))
+                (default-value (certbot-configuration))
+                (description
+                 "Automatically renew @url{https://letsencrypt.org, Let's
+Encrypt} HTTPS certificates by adjusting the nginx web server configuration
+and periodically invoking @command{certbot}.")))
diff --git a/gnu/services/configuration.scm b/gnu/services/configuration.scm
index 0a2219e743..c45340f02f 100644
--- a/gnu/services/configuration.scm
+++ b/gnu/services/configuration.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Andy Wingo <wingo@igalia.com>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -165,7 +166,7 @@
                                (configuration-field-default-value-thunk f)
                                (lambda _ '%invalid))))
                 (define (show-default? val)
-                  (or (string? default) (number? default) (boolean? default)
+                  (or (string? val) (number? val) (boolean? val)
                       (and (symbol? val) (not (eq? val '%invalid)))
                       (and (list? val) (and-map show-default? val))))
                 `(deftypevr (% (category
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 4b5100c27a..78530b3454 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -507,6 +507,15 @@ site} for more information."
   (udisks   udisks-configuration-udisks
             (default udisks)))
 
+(define %udisks-activation
+  (with-imported-modules '((guix build utils))
+    #~(begin
+        (use-modules (guix build utils))
+
+        (let ((run-dir "/var/run/udisks2"))
+          (mkdir-p run-dir)
+          (chmod run-dir #o700)))))
+
 (define udisks-service-type
   (let ((udisks-package (lambda (config)
                           (list (udisks-configuration-udisks config)))))
@@ -518,6 +527,8 @@ site} for more information."
                                             udisks-package)
                          (service-extension udev-service-type
                                             udisks-package)
+                         (service-extension activation-service-type
+                                            (const %udisks-activation))
 
                          ;; Profile 'udisksctl' & co. in the system profile.
                          (service-extension profile-service-type
@@ -843,7 +854,7 @@ with the administrator's password."
 
 (define %desktop-services
   ;; List of services typically useful for a "desktop" use case.
-  (cons* (slim-service)
+  (cons* (service slim-service-type)
 
          ;; Screen lockers are a pretty useful thing and these are small.
          (screen-locker-service slock)
diff --git a/gnu/services/dict.scm b/gnu/services/dict.scm
index 69eadafd2e..c8403c0135 100644
--- a/gnu/services/dict.scm
+++ b/gnu/services/dict.scm
@@ -21,6 +21,7 @@
 (define-module (gnu services dict)
   #:use-module (guix gexp)
   #:use-module (guix records)
+  #:use-module (guix modules)
   #:use-module (gnu services)
   #:use-module (gnu services shepherd)
   #:use-module (gnu system shadow)
@@ -144,14 +145,23 @@ database {
   (let ((dicod      (file-append (dicod-configuration-dico config)
                                  "/bin/dicod"))
         (dicod.conf (dicod-configuration-file config)))
-    (list (shepherd-service
-           (provision '(dicod))
-           (documentation "Run the dicod daemon.")
-           (start #~(make-forkexec-constructor
-                     (list #$dicod "--foreground"
-                           (string-append "--config=" #$dicod.conf))
-                     #:user "dicod" #:group "dicod"))
-          (stop #~(make-kill-destructor))))))
+    (with-imported-modules (source-module-closure
+                            '((gnu build shepherd)
+                              (gnu system file-systems)))
+      (list (shepherd-service
+             (provision '(dicod))
+             (documentation "Run the dicod daemon.")
+             (modules '((gnu build shepherd)
+                        (gnu system file-systems)))
+             (start #~(make-forkexec-constructor/container
+                       (list #$dicod "--foreground"
+                             (string-append "--config=" #$dicod.conf))
+                       #:user "dicod" #:group "dicod"
+                       #:mappings (list (file-system-mapping
+                                         (source "/var/run/dicod")
+                                         (target source)
+                                         (writable? #t)))))
+             (stop #~(make-kill-destructor)))))))
 
 (define dicod-service-type
   (service-type
diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm
index 715d6181f5..d57a7562a2 100644
--- a/gnu/services/messaging.scm
+++ b/gnu/services/messaging.scm
@@ -160,7 +160,7 @@
 (define (module-list? val)
   (string-list? val))
 (define (serialize-module-list field-name val)
-  (serialize-string-list field-name (cons "posix" val)))
+  (serialize-string-list field-name val))
 (define-maybe module-list)
 
 (define (file-name? val)
@@ -176,6 +176,12 @@
   (serialize-string-list field-name val))
 (define-maybe file-name)
 
+(define (raw-content? val)
+  (not (eq? val 'disabled)))
+(define (serialize-raw-content field-name val)
+  (format #t "~a" val))
+(define-maybe raw-content)
+
 (define-configuration mod-muc-configuration
   (name
    (string "Prosody Chatrooms")
@@ -203,12 +209,12 @@ just joined the room."))
    "This determines what handshake to use.")
 
   (key
-   (file-name "/etc/prosody/certs/key.pem")
-   "Path to your private key file, relative to @code{/etc/prosody}.")
+   (maybe-file-name 'disabled)
+   "Path to your private key file.")
 
   (certificate
-   (file-name "/etc/prosody/certs/cert.pem")
-   "Path to your certificate file, relative to @code{/etc/prosody}.")
+   (maybe-file-name 'disabled)
+   "Path to your certificate file.")
 
   (capath
    (file-name "/etc/ssl/certs")
@@ -271,7 +277,9 @@ can create such a file with:
     "tls"
     "dialback"
     "disco"
+    "carbons"
     "private"
+    "blocklist"
     "vcard"
     "version"
     "uptime"
@@ -321,6 +329,13 @@ can create such a file with:
 paths in order.  See @url{http://prosody.im/doc/plugins_directory}."
      global)
 
+    (certificates
+     (file-name "/etc/prosody/certs")
+     "Every virtual host and component needs a certificate so that clients and
+servers can securely verify its identity.  Prosody will automatically load
+certificates/keys from the directory specified here."
+     global)
+
     (admins
      (string-list '())
      "This is a list of accounts that are admins for the server.  Note that you
@@ -339,8 +354,8 @@ Example: @code{(admins '(\"user1@@example.com\" \"user2@@example.net\"))}"
      (module-list %default-modules-enabled)
      "This is the list of modules Prosody will load on startup.  It looks for
 @code{mod_modulename.lua} in the plugins folder, so make sure that exists too.
-Documentation on modules can be found at: @url{http://prosody.im/doc/modules}.
-Defaults to @samp{%default-modules-enabled}."
+Documentation on modules can be found at:
+@url{http://prosody.im/doc/modules}."
      common)
 
     (modules-disabled
@@ -376,6 +391,12 @@ using them.  See @url{http://prosody.im/doc/advanced_ssl_config}."
 See @url{http://prosody.im/doc/modules/mod_tls}."
      common)
 
+    (disable-sasl-mechanisms
+     (string-list '("DIGEST-MD5"))
+     "Set of mechanisms that will never be offered.  See
+@url{https://prosody.im/doc/modules/mod_saslauth}."
+     common)
+
     (s2s-require-encryption?
      (boolean #f)
      "Whether to force all server-to-server connections to be encrypted or not.
@@ -427,6 +448,19 @@ by the GuixSD Prosody Service.  See @url{http://prosody.im/doc/logging}."
      "File to write pid in.  See @url{http://prosody.im/doc/modules/mod_posix}."
      global)
 
+    (http-max-content-size
+     (maybe-non-negative-integer 'disabled)
+     "Maximum allowed size of the HTTP body (in bytes)."
+     common)
+
+    (http-external-url
+     (maybe-string 'disabled)
+     "Some modules expose their own URL in various ways.  This URL is built
+from the protocol, host and port used.  If Prosody sits behind a proxy, the
+public URL will be @code{http-external-url} instead.  See
+@url{https://prosody.im/doc/http#external_url}."
+     common)
+
     (virtualhosts
      (virtualhost-configuration-list
       (list (virtualhost-configuration
@@ -511,7 +545,12 @@ See also @url{http://prosody.im/doc/modules/mod_muc}."
     (hostname
      (string (configuration-missing-field 'ext-component 'hostname))
      "Hostname of the component."
-     ext-component)))
+     ext-component)
+
+    (raw-content
+     (maybe-raw-content 'disabled)
+     "Raw content that will be added to the configuration file."
+     common)))
 
 ;; Serialize Virtualhost line first.
 (define (serialize-virtualhost-configuration config)
@@ -683,7 +722,7 @@ See also @url{http://prosody.im/doc/modules/mod_muc}."
                                      (display c))
                                    str))))
             (define (show-default? val)
-              (or (string? default) (number? default) (boolean? default)
+              (or (string? val) (number? val) (boolean? val)
                   (and (list? val) (and-map show-default? val))))
             (format #t "@deftypevr {@code{~a} parameter} ~a ~a\n~a\n"
                     configuration-name field-type field-name field-docs)
diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
index e39f4411fd..fce2ce1c25 100644
--- a/gnu/services/version-control.scm
+++ b/gnu/services/version-control.scm
@@ -55,7 +55,11 @@
             %cgit-configuration-nginx
             cgit-configuration-nginx-config
 
-            cgit-service-type))
+            cgit-service-type
+
+            git-http-configuration
+            git-http-configuration?
+            git-http-nginx-location-configuration))
 
 ;;; Commentary:
 ;;;
@@ -152,7 +156,11 @@
           (service-extension account-service-type
                              (const %git-daemon-accounts))
           (service-extension activation-service-type
-                             git-daemon-activation)))))
+                             git-daemon-activation)))
+   (description
+    "Expose Git respositories over the insecure @code{git://} TCP-based
+protocol.")
+   (default-value (git-daemon-configuration))))
 
 (define* (git-daemon-service #:key (config (git-daemon-configuration)))
   "Return a service that runs @command{git daemon}, a simple TCP server to
@@ -255,4 +263,53 @@ access to exported repositories under @file{/srv/git}."
                              cgit-activation)
           (service-extension nginx-service-type
                              cgit-configuration-nginx-config)))
-   (default-value (cgit-configuration))))
+   (default-value (cgit-configuration))
+   (description
+    "Run the Cgit web interface, which allows users to browse Git
+repositories.")))
+
+
+;;;
+;;; HTTP access.  Add the result of calling
+;;; git-http-nginx-location-configuration to an nginx-server-configuration's
+;;; "locations" field.
+;;;
+
+(define-record-type* <git-http-configuration>
+  git-http-configuration
+  make-git-http-configuration
+  git-http-configuration?
+  (package          git-http-configuration-package        ;package
+                    (default git))
+  (git-root         git-http-configuration-git-root       ;string
+                    (default "/srv/git"))
+  (export-all?      git-http-configuration-export-all?    ;boolean
+                    (default #f))
+  (uri-path         git-http-configuration-uri-path       ;string
+                    (default "/git/"))
+  (fcgiwrap-socket  git-http-configuration-fcgiwrap-socket ;string
+                    (default "127.0.0.1:9000")))
+
+(define* (git-http-nginx-location-configuration #:optional
+                                                (config
+                                                 (git-http-configuration)))
+  (match config
+    (($ <git-http-configuration> package git-root export-all?
+                                 uri-path fcgiwrap-socket)
+     (nginx-location-configuration
+      (uri (string-append "~ /" (string-trim-both uri-path #\/) "(/.*)"))
+      (body
+       (list
+        (list "fastcgi_pass " fcgiwrap-socket ";")
+        (list "fastcgi_param SCRIPT_FILENAME "
+              package "/libexec/git-core/git-http-backend"
+              ";")
+        "fastcgi_param QUERY_STRING $query_string;"
+        "fastcgi_param REQUEST_METHOD $request_method;"
+        "fastcgi_param CONTENT_TYPE $content_type;"
+        "fastcgi_param CONTENT_LENGTH $content_length;"
+        (if export-all?
+            "fastcgi_param GIT_HTTP_EXPORT_ALL \"\";"
+            "")
+        (list "fastcgi_param GIT_PROJECT_ROOT " git-root ";")
+        "fastcgi_param PATH_INFO $1;"))))))
diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm
index c5a1a0d423..cef0d60b59 100644
--- a/gnu/services/xorg.scm
+++ b/gnu/services/xorg.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Andy Wingo <wingo@igalia.com>
-;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -45,13 +45,27 @@
   #:use-module (ice-9 match)
   #:export (xorg-configuration-file
             %default-xorg-modules
+            %default-xorg-fonts
             xorg-wrapper
             xorg-start-command
             xinitrc
 
             %default-slim-theme
             %default-slim-theme-name
+
             slim-configuration
+            slim-configuration?
+            slim-configuration-slim
+            slim-configuration-allow-empty-passwords?
+            slim-configuration-auto-login?
+            slim-configuration-default-user
+            slim-configuration-theme
+            slim-configuration-theme-name
+            slim-configuration-xauth
+            slim-configuration-shepherd
+            slim-configuration-auto-login-session
+            slim-configuration-startx
+
             slim-service-type
             slim-service
 
@@ -70,11 +84,52 @@
 ;;;
 ;;; Code:
 
-(define* (xorg-configuration-file #:key (drivers '()) (resolutions '())
+(define %default-xorg-modules
+  ;; Default list of modules loaded by the server.  Note that the order
+  ;; matters since it determines which driver is going to be used when there's
+  ;; a choice.
+  (list xf86-video-vesa
+        xf86-video-fbdev
+        xf86-video-ati
+        xf86-video-cirrus
+        xf86-video-intel
+        xf86-video-mach64
+        xf86-video-nouveau
+        xf86-video-nv
+        xf86-video-sis
+
+        ;; Libinput is the new thing and is recommended over evdev/synaptics:
+        ;; <http://who-t.blogspot.fr/2015/01/xf86-input-libinput-compatibility-with.html>.
+        xf86-input-libinput
+
+        xf86-input-evdev
+        xf86-input-keyboard
+        xf86-input-mouse
+        xf86-input-synaptics))
+
+(define %default-xorg-fonts
+  ;; Default list of fonts available to the X server.
+  (list (file-append font-alias "/share/fonts/X11/75dpi")
+        (file-append font-alias "/share/fonts/X11/100dpi")
+        (file-append font-alias "/share/fonts/X11/misc")
+        (file-append font-alias "/share/fonts/X11/cyrillic")
+        (file-append font-misc-misc               ;default fonts for xterm
+                     "/share/fonts/X11/misc")
+        (file-append font-adobe75dpi "/share/fonts/X11/75dpi")))
+
+(define* (xorg-configuration-file #:key
+                                  (modules %default-xorg-modules)
+                                  (fonts %default-xorg-fonts)
+                                  (drivers '()) (resolutions '())
                                   (extra-config '()))
   "Return a configuration file for the Xorg server containing search paths for
 all the common drivers.
 
+@var{modules} must be a list of @dfn{module packages} loaded by the Xorg
+server---e.g., @code{xf86-video-vesa}, @code{xf86-input-keyboard}, and so on.
+@var{fonts} must be a list of font directories to add to the server's
+@dfn{font path}.
+
 @var{drivers} must be either the empty list, in which case Xorg chooses a
 graphics driver automatically, or a list of driver names that will be tried in
 this order---e.g., @code{(\"modesetting\" \"vesa\")}.
@@ -84,17 +139,32 @@ appropriate screen resolution; otherwise, it must be a list of
 resolutions---e.g., @code{((1024 768) (640 480))}.
 
 Last, @var{extra-config} is a list of strings or objects appended to the
-@code{mixed-text-file} argument list.  It is used to pass extra text to be
+configuration file.  It is used to pass extra text to be
 added verbatim to the configuration file."
-  (define (device-section driver)
-    (string-append "
+  (define all-modules
+    ;; 'xorg-server' provides 'fbdevhw.so' etc.
+    (append modules (list xorg-server)))
+
+  (define build
+    #~(begin
+        (use-modules (ice-9 match)
+                     (srfi srfi-1)
+                     (srfi srfi-26))
+
+        (call-with-output-file #$output
+          (lambda (port)
+            (define drivers
+              '#$drivers)
+
+            (define (device-section driver)
+              (string-append "
 Section \"Device\"
   Identifier \"device-" driver "\"
   Driver \"" driver "\"
 EndSection"))
 
-  (define (screen-section driver resolutions)
-    (string-append "
+            (define (screen-section driver resolutions)
+              (string-append "
 Section \"Screen\"
   Identifier \"screen-" driver "\"
   Device \"device-" driver "\"
@@ -108,65 +178,56 @@ Section \"Screen\"
   EndSubSection
 EndSection"))
 
-  (apply mixed-text-file "xserver.conf" "
-Section \"Files\"
-  FontPath \"" font-alias "/share/fonts/X11/75dpi\"
-  FontPath \"" font-alias "/share/fonts/X11/100dpi\"
-  FontPath \"" font-alias "/share/fonts/X11/misc\"
-  FontPath \"" font-alias "/share/fonts/X11/cyrillic\"
-  FontPath \"" font-adobe75dpi "/share/fonts/X11/75dpi\"
-  ModulePath \"" xf86-video-vesa "/lib/xorg/modules/drivers\"
-  ModulePath \"" xf86-video-fbdev "/lib/xorg/modules/drivers\"
-  ModulePath \"" xf86-video-ati "/lib/xorg/modules/drivers\"
-  ModulePath \"" xf86-video-cirrus "/lib/xorg/modules/drivers\"
-  ModulePath \"" xf86-video-intel "/lib/xorg/modules/drivers\"
-  ModulePath \"" xf86-video-mach64 "/lib/xorg/modules/drivers\"
-  ModulePath \"" xf86-video-nouveau "/lib/xorg/modules/drivers\"
-  ModulePath \"" xf86-video-nv "/lib/xorg/modules/drivers\"
-  ModulePath \"" xf86-video-sis "/lib/xorg/modules/drivers\"
-
-  # Libinput is the new thing and is recommended over evdev/synaptics
-  # by those who know:
-  # <http://who-t.blogspot.fr/2015/01/xf86-input-libinput-compatibility-with.html>.
-  ModulePath \"" xf86-input-libinput "/lib/xorg/modules/input\"
-
-  ModulePath \"" xf86-input-evdev "/lib/xorg/modules/input\"
-  ModulePath \"" xf86-input-keyboard "/lib/xorg/modules/input\"
-  ModulePath \"" xf86-input-mouse "/lib/xorg/modules/input\"
-  ModulePath \"" xf86-input-synaptics "/lib/xorg/modules/input\"
-  ModulePath \"" xorg-server "/lib/xorg/modules\"
-  ModulePath \"" xorg-server "/lib/xorg/modules/drivers\"
-  ModulePath \"" xorg-server "/lib/xorg/modules/extensions\"
-  ModulePath \"" xorg-server "/lib/xorg/modules/multimedia\"
-EndSection
-
+            (define (expand modules)
+              ;; Append to MODULES the relevant /lib/xorg/modules
+              ;; sub-directories.
+              (append-map (lambda (module)
+                            (filter-map (lambda (directory)
+                                          (let ((full (string-append module
+                                                                     directory)))
+                                            (and (file-exists? full)
+                                                 full)))
+                                        '("/lib/xorg/modules/drivers"
+                                          "/lib/xorg/modules/input"
+                                          "/lib/xorg/modules/multimedia"
+                                          "/lib/xorg/modules/extensions")))
+                          modules))
+
+            (display "Section \"Files\"\n" port)
+            (for-each (lambda (font)
+                        (format port "  FontPath \"~a\"~%" font))
+                      '#$fonts)
+            (for-each (lambda (module)
+                        (format port
+                                "  ModulePath \"~a\"~%"
+                                module))
+                      (append (expand '#$all-modules)
+
+                              ;; For fbdevhw.so and so on.
+                              (list #$(file-append xorg-server
+                                                   "/lib/xorg/modules"))))
+            (display "EndSection\n" port)
+            (display "
 Section \"ServerFlags\"
   Option \"AllowMouseOpenFail\" \"on\"
-EndSection
-"
-  (string-join (map device-section drivers) "\n") "\n"
-  (string-join (map (cut screen-section <> resolutions)
-                    drivers)
-               "\n")
+EndSection\n" port)
 
-  "\n"
-  extra-config))
+            (display (string-join (map device-section drivers) "\n")
+                     port)
+            (newline port)
+            (display (string-join
+                      (map (cut screen-section <> '#$resolutions)
+                           drivers)
+                      "\n")
+                     port)
+            (newline port)
+
+            (for-each (lambda (config)
+                        (display config port))
+                      '#$extra-config)))))
+
+  (computed-file "xserver.conf" build))
 
-(define %default-xorg-modules
-  (list xf86-video-vesa
-        xf86-video-fbdev
-        xf86-video-ati
-        xf86-video-cirrus
-        xf86-video-intel
-        xf86-video-mach64
-        xf86-video-nouveau
-        xf86-video-nv
-        xf86-video-sis
-        xf86-input-libinput
-        xf86-input-evdev
-        xf86-input-keyboard
-        xf86-input-mouse
-        xf86-input-synaptics))
 
 (define (xorg-configuration-directory modules)
   "Return a directory that contains the @code{.conf} files for X.org that
@@ -196,8 +257,9 @@ in @var{modules}."
 
 (define* (xorg-wrapper #:key
                        (guile (canonical-package guile-2.0))
-                       (configuration-file (xorg-configuration-file))
                        (modules %default-xorg-modules)
+                       (configuration-file (xorg-configuration-file
+                                            #:modules modules))
                        (xorg-server xorg-server))
   "Return a derivation that builds a @var{guile} script to start the X server
 from @var{xorg-server}.  @var{configuration-file} is the server configuration
@@ -221,12 +283,16 @@ in place of @code{/usr/bin/X}."
 
 (define* (xorg-start-command #:key
                              (guile (canonical-package guile-2.0))
-                             (configuration-file (xorg-configuration-file))
                              (modules %default-xorg-modules)
+                             (fonts %default-xorg-fonts)
+                             (configuration-file
+                              (xorg-configuration-file #:modules modules
+                                                       #:fonts fonts))
                              (xorg-server xorg-server))
-  "Return a derivation that builds a @code{startx} script in which a number of
-X modules are available.  See @code{xorg-wrapper} for more details on the
-arguments.  The result should be used in place of @code{startx}."
+  "Return a @code{startx} script in which @var{modules}, a list of X module
+packages, and @var{fonts}, a list of X font directories, are available.  See
+@code{xorg-wrapper} for more details on the arguments.  The result should be
+used in place of @code{startx}."
   (define X
     (xorg-wrapper #:guile guile
                   #:configuration-file configuration-file
@@ -245,10 +311,15 @@ arguments.  The result should be used in place of @code{startx}."
                   fallback-session)
   "Return a system-wide xinitrc script that starts the specified X session,
 which should be passed to this script as the first argument.  If not, the
-@var{fallback-session} will be used."
+@var{fallback-session} will be used or, if @var{fallback-session} is false, a
+desktop session from the system or user profile will be used."
   (define builder
     #~(begin
-        (use-modules (ice-9 match))
+        (use-modules (ice-9 match)
+                     (ice-9 regex)
+                     (ice-9 ftw)
+                     (srfi srfi-1)
+                     (srfi srfi-26))
 
         (define (close-all-fdes)
           ;; Close all the open file descriptors except 0 to 2.
@@ -272,16 +343,60 @@ which should be passed to this script as the first argument.  If not, the
             (execl shell shell "--login" "-c"
                    (string-join (cons command args)))))
 
+        (define system-profile
+          "/run/current-system/profile")
+
+        (define user-profile
+          (and=> (getpw (getuid))
+                 (lambda (pw)
+                   (string-append (passwd:dir pw) "/.guix-profile"))))
+
+        (define (xsession-command desktop-file)
+          ;; Read from DESKTOP-FILE its X session command and return it as a
+          ;; list.
+          (define exec-regexp
+            (make-regexp "^[[:blank:]]*Exec=(.*)$"))
+
+          (call-with-input-file desktop-file
+            (lambda (port)
+              (let loop ()
+                (match (read-line port)
+                  ((? eof-object?) #f)
+                  ((= (cut regexp-exec exec-regexp <>) result)
+                   (if result
+                       (string-tokenize (match:substring result 1))
+                       (loop))))))))
+
+        (define (find-session profile)
+          ;; Return an X session command from PROFILE or #f if none was found.
+          (let ((directory (string-append profile "/share/xsessions")))
+            (match (scandir directory
+                            (cut string-suffix? ".desktop" <>))
+              ((or () #f)
+               #f)
+              ((sessions ...)
+               (any xsession-command
+                    (map (cut string-append directory "/" <>)
+                         sessions))))))
+
         (let* ((home          (getenv "HOME"))
                (xsession-file (string-append home "/.xsession"))
                (session       (match (command-line)
-                                ((_)       (list #$fallback-session))
-                                ((_ x ..1) x))))
+                                ((_)
+                                 #$(if fallback-session
+                                       #~(list #$fallback-session)
+                                       #f))
+                                ((_ x ..1)
+                                 x))))
           (if (file-exists? xsession-file)
               ;; Run ~/.xsession when it exists.
-              (apply exec-from-login-shell xsession-file session)
-              ;; Otherwise, start the specified session.
-              (apply exec-from-login-shell session)))))
+              (apply exec-from-login-shell xsession-file
+                     (or session '()))
+              ;; Otherwise, start the specified session or a fallback.
+              (apply exec-from-login-shell
+                     (or session
+                         (find-session user-profile)
+                         (find-session system-profile)))))))
 
   (program-file "xinitrc" builder))
 
@@ -304,19 +419,24 @@ which should be passed to this script as the first argument.  If not, the
   slim-configuration?
   (slim slim-configuration-slim
         (default slim))
-  (allow-empty-passwords? slim-configuration-allow-empty-passwords?)
-  (auto-login? slim-configuration-auto-login?)
-  (default-user slim-configuration-default-user)
-  (theme slim-configuration-theme)
-  (theme-name slim-configuration-theme-name)
+  (allow-empty-passwords? slim-configuration-allow-empty-passwords?
+                          (default #t))
+  (auto-login? slim-configuration-auto-login?
+               (default #f))
+  (default-user slim-configuration-default-user
+                (default ""))
+  (theme slim-configuration-theme
+         (default %default-slim-theme))
+  (theme-name slim-configuration-theme-name
+              (default %default-slim-theme-name))
   (xauth slim-configuration-xauth
          (default xauth))
   (shepherd slim-configuration-shepherd
             (default shepherd))
-  (bash slim-configuration-bash
-        (default bash))
-  (auto-login-session slim-configuration-auto-login-session)
-  (startx slim-configuration-startx))
+  (auto-login-session slim-configuration-auto-login-session
+                      (default #f))
+  (startx slim-configuration-startx
+          (default (xorg-start-command))))
 
 (define (slim-pam-service config)
   "Return a PAM service for @command{slim}."
@@ -391,16 +511,16 @@ reboot_cmd " shepherd "/sbin/reboot\n"
                        ;; Unconditionally add xterm to the system profile, to
                        ;; avoid bad surprises.
                        (service-extension profile-service-type
-                                          (const (list xterm)))))))
+                                          (const (list xterm)))))
+                (default-value (slim-configuration))))
 
-(define* (slim-service #:key (slim slim)
+(define* (slim-service #:key (slim slim)          ;deprecated
                        (allow-empty-passwords? #t) auto-login?
                        (default-user "")
                        (theme %default-slim-theme)
                        (theme-name %default-slim-theme-name)
-                       (xauth xauth) (shepherd shepherd) (bash bash)
-                       (auto-login-session (file-append windowmaker
-                                                        "/bin/wmaker"))
+                       (xauth xauth) (shepherd shepherd)
+                       (auto-login-session #f)
                        (startx (xorg-start-command)))
   "Return a service that spawns the SLiM graphical login manager, which in
 turn starts the X display server with @var{startx}, a command as returned by
@@ -433,7 +553,7 @@ theme."
             (allow-empty-passwords? allow-empty-passwords?)
             (auto-login? auto-login?) (default-user default-user)
             (theme theme) (theme-name theme-name)
-            (xauth xauth) (shepherd shepherd) (bash bash)
+            (xauth xauth) (shepherd shepherd)
             (auto-login-session auto-login-session)
             (startx startx))))
 
diff --git a/gnu/system.scm b/gnu/system.scm
index e2bd8d55b6..1e573a8082 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -588,7 +588,7 @@ export XCURSOR_PATH=$HOME/.icons:$HOME/.guix-profile/share/icons:/run/current-sy
 unset PATH
 
 # Load the system profile's settings.
-GUIX_PROFILE=/run/current-system/profile \\
+GUIX_PROFILE=/run/current-system/profile ; \\
 . /run/current-system/profile/etc/profile
 
 # Prepend setuid programs.
@@ -608,7 +608,7 @@ fi
 if [ -f \"$HOME/.guix-profile/etc/profile\" ]
 then
   # Load the user profile's settings.
-  GUIX_PROFILE=\"$HOME/.guix-profile\" \\
+  GUIX_PROFILE=\"$HOME/.guix-profile\" ; \\
   . \"$HOME/.guix-profile/etc/profile\"
 else
   # At least define this one so that basic things just work
diff --git a/gnu/system/install.scm b/gnu/system/install.scm
index 3a34df26c3..78f2bf3a13 100644
--- a/gnu/system/install.scm
+++ b/gnu/system/install.scm
@@ -30,6 +30,7 @@
   #:use-module (gnu packages admin)
   #:use-module (gnu packages bash)
   #:use-module (gnu packages bootloaders)
+  #:use-module (gnu packages guile)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages ssh)
   #:use-module (gnu packages cryptsetup)
@@ -187,13 +188,13 @@ the user's target storage device rather than on the RAM disk."
 (define %installation-services
   ;; List of services of the installation system.
   (let ((motd (plain-file "motd" "
-Welcome to the installation of the Guix System Distribution!
+\x1b[1;37mWelcome to the installation of the Guix System Distribution!\x1b[0m
 
-There is NO WARRANTY, to the extent permitted by law.  In particular, you may
+\x1b[2mThere is NO WARRANTY, to the extent permitted by law.  In particular, you may
 LOSE ALL YOUR DATA as a side effect of the installation process.  Furthermore,
 it is 'beta' software, so it may contain bugs.
 
-You have been warned.  Thanks for being so brave.
+You have been warned.  Thanks for being so brave.\x1b[0m
 ")))
     (define (normal-tty tty)
       (mingetty-service (mingetty-configuration (tty tty)
@@ -244,10 +245,12 @@ You have been warned.  Thanks for being so brave.
           ;; since it takes the installation directory as an argument.
           (cow-store-service)
 
-          ;; Install Unicode support and a suitable font.
+          ;; Install Unicode support and a suitable font.  Use a font that
+          ;; doesn't have more than 256 glyphs so that we can use colors with
+          ;; varying brightness levels (see note in setfont(8)).
           (service console-font-service-type
                    (map (lambda (tty)
-                          (cons tty %default-console-font))
+                          (cons tty "lat9u-16"))
                         '("tty1" "tty2" "tty3" "tty4" "tty5" "tty6")))
 
           ;; To facilitate copy/paste.
@@ -275,15 +278,21 @@ You have been warned.  Thanks for being so brave.
                                               "/bin/sh"))))
 
           ;; Keep a reference to BARE-BONES-OS to make sure it can be
-          ;; installed without downloading/building anything.
-          (service gc-root-service-type (list bare-bones-os)))))
+          ;; installed without downloading/building anything.  Also keep the
+          ;; things needed by 'profile-derivation' to minimize the amount of
+          ;; download.
+          (service gc-root-service-type
+                   (list bare-bones-os
+                         glibc-utf8-locales
+                         texinfo
+                         (canonical-package guile-2.2))))))
 
 (define %issue
   ;; Greeting.
   "
-This is an installation image of the GNU system.  Welcome.
+\x1b[1;37mThis is an installation image of the GNU system.  Welcome.\x1b[0m
 
-Use Alt-F2 for documentation.
+\x1b[1;33mUse Alt-F2 for documentation.\x1b[0m
 ")
 
 (define installation-os
diff --git a/gnu/system/uuid.scm b/gnu/system/uuid.scm
index eaddfaed05..73695ddeb8 100644
--- a/gnu/system/uuid.scm
+++ b/gnu/system/uuid.scm
@@ -237,7 +237,7 @@ corresponding bytevector; otherwise return #f."
 ;; This is necessary to serialize bytevectors with the right printer in some
 ;; circumstances.  For instance, GRUB "search --fs-uuid" command compares the
 ;; string representation of UUIDs, not the raw bytes; thus, when emitting a
-;; GRUB 'search' command, we need to procedure the right string representation
+;; GRUB 'search' command, we need to produce the right string representation
 ;; (see <https://debbugs.gnu.org/cgi/bugreport.cgi?msg=52;att=0;bug=27735>).
 (define-record-type <uuid>
   (make-uuid type bv)
diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm
index 44246083b3..d754ac76f0 100644
--- a/gnu/system/vm.scm
+++ b/gnu/system/vm.scm
@@ -29,6 +29,7 @@
   #:use-module (guix monads)
   #:use-module (guix records)
   #:use-module (guix modules)
+  #:use-module (guix utils)
 
   #:use-module ((gnu build vm)
                 #:select (qemu-command))
@@ -277,7 +278,8 @@ the image."
      #~(begin
          (use-modules (gnu build vm)
                       (guix build utils)
-                      (srfi srfi-26))
+                      (srfi srfi-26)
+                      (ice-9 binary-ports))
 
          (let ((inputs
                 '#$(append (list qemu parted e2fsprogs dosfstools)
@@ -312,26 +314,35 @@ the image."
                                              graphs)))
                                     (- disk-image-size
                                        (* 50 (expt 2 20)))))
-                  (partitions (list (partition
-                                     (size root-size)
-                                     (label #$file-system-label)
-                                     (uuid #$(and=> file-system-uuid
-                                                    uuid-bytevector))
-                                     (file-system #$file-system-type)
-                                     (flags '(boot))
-                                     (initializer initialize))
-                                    ;; Append a small EFI System Partition for
-                                    ;; use with UEFI bootloaders.
-                                    (partition
-                                     ;; The standalone grub image is about 10MiB, but
-                                     ;; leave some room for custom or multiple images.
-                                     (size (* 40 (expt 2 20)))
-                                     (label "GNU-ESP")             ;cosmetic only
-                                     ;; Use "vfat" here since this property is used
-                                     ;; when mounting. The actual FAT-ness is based
-                                     ;; on filesystem size (16 in this case).
-                                     (file-system "vfat")
-                                     (flags '(esp))))))
+                  (partitions
+                   (append
+                    (list (partition
+                           (size root-size)
+                           (label #$file-system-label)
+                           (uuid #$(and=> file-system-uuid
+                                          uuid-bytevector))
+                           (file-system #$file-system-type)
+                           (flags '(boot))
+                           (initializer initialize)))
+                    ;; Append a small EFI System Partition for use with UEFI
+                    ;; bootloaders if we are not targeting ARM because UEFI
+                    ;; support in U-Boot is experimental.
+                    ;;
+                    ;; FIXME: ‘target-arm32?’ may be not operate on the right
+                    ;; system/target values.  Rewrite using ‘let-system’ when
+                    ;; available.
+                    (if #$(target-arm32?)
+                        '()
+                        (list (partition
+                               ;; The standalone grub image is about 10MiB, but
+                               ;; leave some room for custom or multiple images.
+                               (size (* 40 (expt 2 20)))
+                               (label "GNU-ESP")             ;cosmetic only
+                               ;; Use "vfat" here since this property is used
+                               ;; when mounting. The actual FAT-ness is based
+                               ;; on filesystem size (16 in this case).
+                               (file-system "vfat")
+                               (flags '(esp))))))))
              (initialize-hard-disk "/dev/vda"
                                    #:partitions partitions
                                    #:grub-efi #$grub-efi
@@ -423,7 +434,8 @@ to USB sticks meant to be read-only."
               ;; install QEMU networking or anything like that.  Assume USB
               ;; mass storage devices (usb-storage.ko) are available.
               (initrd (lambda (file-systems . rest)
-                        (apply base-initrd file-systems
+                        (apply (operating-system-initrd os)
+                               file-systems
                                #:volatile-root? #t
                                rest)))
 
@@ -488,7 +500,8 @@ of the GNU system as described by OS."
   (let ((os (operating-system (inherit os)
               ;; Use an initrd with the whole QEMU shebang.
               (initrd (lambda (file-systems . rest)
-                        (apply base-initrd file-systems
+                        (apply (operating-system-initrd os)
+                               file-systems
                                #:virtio? #t
                                rest)))
 
@@ -552,7 +565,13 @@ environment with the store shared with the host.  MAPPINGS is a list of
                 (or (string=? target (%store-prefix))
                     (string=? target "/")
                     (and (eq? 'device (file-system-title fs))
-                         (string-prefix? "/dev/" source)))))
+                         (string-prefix? "/dev/" source))
+
+                    ;; Labels and UUIDs are necessarily invalid in the VM.
+                    (and (file-system-mount? fs)
+                         (or (eq? 'label (file-system-title fs))
+                             (eq? 'uuid (file-system-title fs))
+                             (uuid? source))))))
             (operating-system-file-systems os)))
 
   (define virtual-file-systems
@@ -574,7 +593,8 @@ environment with the store shared with the host.  MAPPINGS is a list of
                   (target "/dev/vda")))
 
     (initrd (lambda (file-systems . rest)
-              (apply base-initrd file-systems
+              (apply (operating-system-initrd os)
+                     file-systems
                      #:volatile-root? #t
                      #:virtio? #t
                      rest)))
diff --git a/gnu/tests/messaging.scm b/gnu/tests/messaging.scm
index 0ba0c839de..60e2f332a3 100644
--- a/gnu/tests/messaging.scm
+++ b/gnu/tests/messaging.scm
@@ -146,6 +146,7 @@
 
 (define %test-prosody
   (let* ((config (prosody-configuration
+                  (disable-sasl-mechanisms '())
                   (virtualhosts
                    (list
                     (virtualhost-configuration
diff --git a/gnu/tests/version-control.scm b/gnu/tests/version-control.scm
index 5a3937cfed..2cbacf0ef9 100644
--- a/gnu/tests/version-control.scm
+++ b/gnu/tests/version-control.scm
@@ -30,14 +30,39 @@
   #:use-module (gnu packages version-control)
   #:use-module (guix gexp)
   #:use-module (guix store)
-  #:export (%test-cgit))
+  #:use-module (guix modules)
+  #:export (%test-cgit
+            %test-git-http))
+
+(define README-contents
+  "Hello!  This is what goes inside the 'README' file.")
 
 (define %make-git-repository
   ;; Create Git repository in /srv/git/test.
-  #~(begin
-      (mkdir-p "/srv/git/test")
-      (system* (string-append #$git "/bin/git") "-C" "/srv/git/test"
-               "init" "--bare")))
+  (with-imported-modules (source-module-closure
+                          '((guix build utils)))
+    #~(begin
+        (use-modules (guix build utils))
+
+        (let ((git (string-append #$git "/bin/git")))
+          (mkdir-p "/tmp/test-repo")
+          (with-directory-excursion "/tmp/test-repo"
+            (call-with-output-file "/tmp/test-repo/README"
+              (lambda (port)
+                (display #$README-contents port)))
+            (invoke git "config" "--global" "user.email" "charlie@example.org")
+            (invoke git "config" "--global" "user.name" "A U Thor")
+            (invoke git "init")
+            (invoke git "add" ".")
+            (invoke git "commit" "-m" "That's a commit."))
+
+          (mkdir-p "/srv/git")
+          (rename-file "/tmp/test-repo/.git" "/srv/git/test")))))
+
+(define %test-repository-service
+  ;; Service that creates /srv/git/test.
+  (simple-service 'make-git-repository activation-service-type
+                  %make-git-repository))
 
 (define %cgit-configuration-nginx
   (list
@@ -68,8 +93,7 @@
           (service cgit-service-type
                    (cgit-configuration
                     (nginx %cgit-configuration-nginx)))
-          (simple-service 'make-git-repository activation-service-type
-                          %make-git-repository))))
+          %test-repository-service)))
     (operating-system
       (inherit base-os)
       (packages (cons* git
@@ -161,7 +185,9 @@ HTTP-PORT."
             (test-url "/test")
             (test-url "/test/log")
             (test-url "/test/tree")
+            (test-url "/test/tree/README")
             (test-url "/test/does-not-exist" 404)
+            (test-url "/test/tree/does-not-exist" 404)
             (test-url "/does-not-exist" 404))
 
           (test-end)
@@ -174,3 +200,94 @@ HTTP-PORT."
    (name "cgit")
    (description "Connect to a running Cgit server.")
    (value (run-cgit-test))))
+
+
+;;;
+;;; Git server.
+;;;
+
+(define %git-nginx-configuration
+  (nginx-configuration
+   (server-blocks
+    (list
+     (nginx-server-configuration
+      (http-port 19418)
+      (https-port #f)
+      (ssl-certificate #f)
+      (ssl-certificate-key #f)
+      (locations
+       (list (git-http-nginx-location-configuration
+              (git-http-configuration (export-all? #t)
+                                      (uri-path "/git"))))))))))
+
+(define %git-http-os
+  (simple-operating-system
+   (dhcp-client-service)
+   (service fcgiwrap-service-type)
+   (service nginx-service-type %git-nginx-configuration)
+   %test-repository-service))
+
+(define* (run-git-http-test #:optional (http-port 19418))
+  (define os
+    (marionette-operating-system
+     %git-http-os
+     #:imported-modules '((gnu services herd)
+                          (guix combinators))))
+
+  (define vm
+    (virtual-machine
+     (operating-system os)
+     (port-forwardings `((8080 . ,http-port)))))
+
+  (define test
+    (with-imported-modules '((gnu build marionette)
+                             (guix build utils))
+      #~(begin
+          (use-modules (srfi srfi-64)
+                       (rnrs io ports)
+                       (gnu build marionette)
+                       (guix build utils))
+
+          (define marionette
+            (make-marionette (list #$vm)))
+
+          (mkdir #$output)
+          (chdir #$output)
+
+          (test-begin "git-http")
+
+          ;; Wait for nginx to be up and running.
+          (test-eq "nginx running"
+            'running!
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (start-service 'nginx)
+                'running!)
+             marionette))
+
+          ;; Make sure Git test repository is created.
+          (test-assert "Git test repository"
+            (marionette-eval
+             '(file-exists? "/srv/git/test")
+             marionette))
+
+          ;; Make sure we can clone the repo from the host.
+          (test-equal "clone"
+            '#$README-contents
+            (begin
+              (invoke #$(file-append git "/bin/git") "clone" "-v"
+                      "http://localhost:8080/git/test" "/tmp/clone")
+              (call-with-input-file "/tmp/clone/README"
+                get-string-all)))
+
+          (test-end)
+          (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+  (gexp->derivation "git-http" test))
+
+(define %test-git-http
+  (system-test
+   (name "git-http")
+   (description "Connect to a running Git HTTP server.")
+   (value (run-git-http-test))))