summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
Diffstat (limited to 'gnu')
-rw-r--r--gnu/local.mk36
-rw-r--r--gnu/packages/admin.scm14
-rw-r--r--gnu/packages/astronomy.scm6
-rw-r--r--gnu/packages/audio.scm39
-rw-r--r--gnu/packages/autogen.scm9
-rw-r--r--gnu/packages/bash.scm6
-rw-r--r--gnu/packages/bioinformatics.scm58
-rw-r--r--gnu/packages/bootstrap.scm1
-rw-r--r--gnu/packages/calendar.scm4
-rw-r--r--gnu/packages/ccache.scm4
-rw-r--r--gnu/packages/certs.scm4
-rw-r--r--gnu/packages/check.scm12
-rw-r--r--gnu/packages/databases.scm82
-rw-r--r--gnu/packages/dav.scm4
-rw-r--r--gnu/packages/dejagnu.scm75
-rw-r--r--gnu/packages/emacs.scm51
-rw-r--r--gnu/packages/embedded.scm165
-rw-r--r--gnu/packages/fonts.scm24
-rw-r--r--gnu/packages/fontutils.scm13
-rw-r--r--gnu/packages/fpga.scm311
-rw-r--r--gnu/packages/freeipmi.scm6
-rw-r--r--gnu/packages/games.scm24
-rw-r--r--gnu/packages/gcc.scm7
-rw-r--r--gnu/packages/gdb.scm6
-rw-r--r--gnu/packages/gnome.scm1
-rw-r--r--gnu/packages/gnupg.scm25
-rw-r--r--gnu/packages/gnuzilla.scm113
-rw-r--r--gnu/packages/guile.scm1
-rw-r--r--gnu/packages/haskell.scm200
-rw-r--r--gnu/packages/image.scm5
-rw-r--r--gnu/packages/irc.scm42
-rw-r--r--gnu/packages/libupnp.scm2
-rw-r--r--gnu/packages/linux.scm78
-rw-r--r--gnu/packages/lisp.scm584
-rw-r--r--gnu/packages/lynx.scm34
-rw-r--r--gnu/packages/mail.scm4
-rw-r--r--gnu/packages/man.scm4
-rw-r--r--gnu/packages/maths.scm37
-rw-r--r--gnu/packages/messaging.scm58
-rw-r--r--gnu/packages/music.scm56
-rw-r--r--gnu/packages/ncdu.scm10
-rw-r--r--gnu/packages/patches/clx-remove-demo.patch27
-rw-r--r--gnu/packages/patches/hdf-eos5-build-shared.patch31
-rw-r--r--gnu/packages/patches/hdf-eos5-fix-szip.patch30
-rw-r--r--gnu/packages/patches/hdf-eos5-fortrantests.patch156
-rw-r--r--gnu/packages/patches/hdf-eos5-remove-gctp.patch55
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-2818-pt1.patch62
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-2818-pt2.patch29
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-2818-pt3.patch18
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-2818-pt4.patch61
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-2818-pt5.patch266
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-2818-pt6.patch17
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-2818-pt7.patch33
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-2818-pt8.patch267
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-2818-pt9.patch188
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-2819.patch102
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-2821.patch16
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-2824.patch85
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-2828.patch185
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-2831.patch120
-rw-r--r--gnu/packages/patches/icecat-avoid-bundled-includes.patch35
-rw-r--r--gnu/packages/patches/icecat-avoid-bundled-libraries.patch50
-rw-r--r--gnu/packages/patches/libupnp-CVE-2016-6255.patch50
-rw-r--r--gnu/packages/patches/qemu-CVE-2016-8576.patch62
-rw-r--r--gnu/packages/patches/qemu-CVE-2016-8577.patch36
-rw-r--r--gnu/packages/patches/qemu-CVE-2016-8578.patch27
-rw-r--r--gnu/packages/patches/wpa-supplicant-CVE-2015-5310.patch32
-rw-r--r--gnu/packages/patches/wpa-supplicant-CVE-2015-5314.patch51
-rw-r--r--gnu/packages/patches/wpa-supplicant-CVE-2015-5315.patch54
-rw-r--r--gnu/packages/patches/wpa-supplicant-CVE-2015-5316.patch34
-rw-r--r--gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch82
-rw-r--r--gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch51
-rw-r--r--gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch82
-rw-r--r--gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch62
-rw-r--r--gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch50
-rw-r--r--gnu/packages/python.scm37
-rw-r--r--gnu/packages/qemu.scm5
-rw-r--r--gnu/packages/ruby.scm20
-rw-r--r--gnu/packages/samba.scm18
-rw-r--r--gnu/packages/scanner.scm9
-rw-r--r--gnu/packages/ssh.scm65
-rw-r--r--gnu/packages/statistics.scm4
-rw-r--r--gnu/packages/tbb.scm6
-rw-r--r--gnu/packages/video.scm4
-rw-r--r--gnu/packages/web.scm40
-rw-r--r--gnu/services/xorg.scm2
86 files changed, 2580 insertions, 2351 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index c7cd72fba3..1acf949a2f 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -111,6 +111,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/education.scm			\
   %D%/packages/elf.scm				\
   %D%/packages/elixir.scm			\
+  %D%/packages/embedded.scm			\
   %D%/packages/emacs.scm			\
   %D%/packages/enchant.scm			\
   %D%/packages/engineering.scm			\
@@ -128,6 +129,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/fltk.scm				\
   %D%/packages/fonts.scm			\
   %D%/packages/fontutils.scm			\
+  %D%/packages/fpga.scm				\
   %D%/packages/freedesktop.scm			\
   %D%/packages/freeipmi.scm			\
   %D%/packages/ftp.scm				\
@@ -477,6 +479,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/clang-libc-search-path.patch		\
   %D%/packages/patches/clang-3.8-libc-search-path.patch		\
   %D%/packages/patches/clucene-pkgconfig.patch			\
+  %D%/packages/patches/clx-remove-demo.patch			\
   %D%/packages/patches/cmake-fix-tests.patch			\
   %D%/packages/patches/cpio-CVE-2016-2037.patch			\
   %D%/packages/patches/cpufrequtils-fix-aclocal.patch		\
@@ -570,27 +573,17 @@ dist_patch_DATA =						\
   %D%/packages/patches/gtk3-respect-GUIX_GTK3_IM_MODULE_FILE.patch \
   %D%/packages/patches/gtkglext-disable-disable-deprecated.patch \
   %D%/packages/patches/hdf5-config-date.patch			\
+  %D%/packages/patches/hdf-eos5-build-shared.patch 		\
+  %D%/packages/patches/hdf-eos5-remove-gctp.patch		\
+  %D%/packages/patches/hdf-eos5-fix-szip.patch			\
+  %D%/packages/patches/hdf-eos5-fortrantests.patch		\
   %D%/packages/patches/higan-remove-march-native-flag.patch	\
   %D%/packages/patches/hop-bigloo-4.0b.patch			\
   %D%/packages/patches/hop-linker-flags.patch			\
   %D%/packages/patches/hydra-disable-darcs-test.patch		\
   %D%/packages/patches/hypre-doc-tables.patch			\
   %D%/packages/patches/hypre-ldflags.patch			\
-  %D%/packages/patches/icecat-avoid-bundled-includes.patch	\
-  %D%/packages/patches/icecat-CVE-2016-2818-pt1.patch		\
-  %D%/packages/patches/icecat-CVE-2016-2818-pt2.patch		\
-  %D%/packages/patches/icecat-CVE-2016-2818-pt3.patch		\
-  %D%/packages/patches/icecat-CVE-2016-2818-pt4.patch		\
-  %D%/packages/patches/icecat-CVE-2016-2818-pt5.patch		\
-  %D%/packages/patches/icecat-CVE-2016-2818-pt6.patch		\
-  %D%/packages/patches/icecat-CVE-2016-2818-pt7.patch		\
-  %D%/packages/patches/icecat-CVE-2016-2818-pt8.patch		\
-  %D%/packages/patches/icecat-CVE-2016-2818-pt9.patch		\
-  %D%/packages/patches/icecat-CVE-2016-2819.patch		\
-  %D%/packages/patches/icecat-CVE-2016-2821.patch		\
-  %D%/packages/patches/icecat-CVE-2016-2824.patch		\
-  %D%/packages/patches/icecat-CVE-2016-2828.patch		\
-  %D%/packages/patches/icecat-CVE-2016-2831.patch		\
+  %D%/packages/patches/icecat-avoid-bundled-libraries.patch	\
   %D%/packages/patches/icu4c-CVE-2014-6585.patch		\
   %D%/packages/patches/icu4c-CVE-2015-1270.patch		\
   %D%/packages/patches/icu4c-CVE-2015-4760.patch		\
@@ -656,6 +649,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libtiff-oob-write-in-nextdecode.patch	\
   %D%/packages/patches/libtool-skip-tests2.patch		\
   %D%/packages/patches/libunwind-CVE-2015-3239.patch		\
+  %D%/packages/patches/libupnp-CVE-2016-6255.patch		\
   %D%/packages/patches/libvpx-CVE-2016-2818.patch		\
   %D%/packages/patches/libwmf-CAN-2004-0941.patch		\
   %D%/packages/patches/libwmf-CVE-2006-3376.patch		\
@@ -787,6 +781,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/python-paste-remove-website-test.patch	\
   %D%/packages/patches/python-paste-remove-timing-test.patch	\
   %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \
+  %D%/packages/patches/qemu-CVE-2016-8576.patch			\
+  %D%/packages/patches/qemu-CVE-2016-8577.patch			\
+  %D%/packages/patches/qemu-CVE-2016-8578.patch			\
   %D%/packages/patches/qt4-ldflags.patch			\
   %D%/packages/patches/quickswitch-fix-dmenu-check.patch	\
   %D%/packages/patches/rapicorn-isnan.patch			\
@@ -875,15 +872,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/wordnet-CVE-2008-2149.patch			\
   %D%/packages/patches/wordnet-CVE-2008-3908-pt1.patch			\
   %D%/packages/patches/wordnet-CVE-2008-3908-pt2.patch			\
-  %D%/packages/patches/wpa-supplicant-CVE-2015-5310.patch	\
-  %D%/packages/patches/wpa-supplicant-CVE-2015-5314.patch	\
-  %D%/packages/patches/wpa-supplicant-CVE-2015-5315.patch	\
-  %D%/packages/patches/wpa-supplicant-CVE-2015-5316.patch	\
-  %D%/packages/patches/wpa-supplicant-CVE-2016-4476.patch	\
-  %D%/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch	\
-  %D%/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch	\
-  %D%/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch	\
-  %D%/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch	\
   %D%/packages/patches/xdotool-fix-makefile.patch               \
   %D%/packages/patches/xf86-video-ark-remove-mibstore.patch	\
   %D%/packages/patches/xf86-video-ast-remove-mibstore.patch	\
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index f608259382..9724c9b652 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -862,7 +862,7 @@ commands and their arguments.")
 (define-public wpa-supplicant-minimal
   (package
     (name "wpa-supplicant-minimal")
-    (version "2.5")
+    (version "2.6")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -871,17 +871,7 @@ commands and their arguments.")
                     ".tar.gz"))
               (sha256
                (base32
-                "05mkp5bx1c3z7h5biddsv0p49gkrq9ksany3anp4wdiv92p5prfc"))
-              (patches
-               (search-patches "wpa-supplicant-CVE-2015-5310.patch"
-                               "wpa-supplicant-CVE-2015-5314.patch"
-                               "wpa-supplicant-CVE-2015-5315.patch"
-                               "wpa-supplicant-CVE-2015-5316.patch"
-                               "wpa-supplicant-CVE-2016-4476.patch"
-                               "wpa-supplicant-CVE-2016-4477-pt1.patch"
-                               "wpa-supplicant-CVE-2016-4477-pt2.patch"
-                               "wpa-supplicant-CVE-2016-4477-pt3.patch"
-                               "wpa-supplicant-CVE-2016-4477-pt4.patch"))))
+                "0l0l5gz3d5j9bqjsbjlfcv4w4jwndllp9fmyai4x9kg6qhs6v4xl"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases (alist-replace
diff --git a/gnu/packages/astronomy.scm b/gnu/packages/astronomy.scm
index 0c29a39a54..c1b15e1dee 100644
--- a/gnu/packages/astronomy.scm
+++ b/gnu/packages/astronomy.scm
@@ -87,7 +87,7 @@ systems in a FITS image header.")
 (define-public gnuastro
   (package
     (name "gnuastro")
-    (version "0.1")
+    (version "0.2")
     (source
      (origin
        (method url-fetch)
@@ -95,14 +95,14 @@ systems in a FITS image header.")
                            version ".tar.gz"))
        (sha256
         (base32
-         "105s007kw8l3jwwhvh8k9lgbpfbf7sqh2wpxmvpv3qdr6nh9lnjg"))))
+         "0099g7zqg1gr9y94ybhyjgx9pkn9zv4rj1xb00fkybfw8w6ij9iv"))))
     (inputs
      `(("cfitsio" ,cfitsio)
        ("gsl" ,gsl)
        ("libjpeg" ,libjpeg-8)
        ("wcslib" ,wcslib)))
     (build-system gnu-build-system)
-    (home-page "http://www.gnu.org/software/gnuastro")
+    (home-page "https://www.gnu.org/software/gnuastro")
     (synopsis "Astronomical data manipulation programs")
     (description "The GNU Astronomy Utilities (Gnuastro) is a suite of
 programs for the manipulation and analysis of astronomical data.")
diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index 192fb0e231..781e7fac29 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -40,6 +40,7 @@
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages avahi)
   #:use-module (gnu packages boost)
+  #:use-module (gnu packages backup)
   #:use-module (gnu packages base)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages check)
@@ -179,7 +180,7 @@ streams from live audio.")
 (define-public ardour
   (package
     (name "ardour")
-    (version "5.3")
+    (version "5.4")
     (source (origin
               (method git-fetch)
               (uri (git-reference
@@ -193,10 +194,10 @@ streams from live audio.")
                     "libs/ardour/revision.cc"
                   (lambda (port)
                     (format port "#include \"ardour/revision.h\"
-namespace ARDOUR { const char* revision = \"5.3\" ; }"))))
+namespace ARDOUR { const char* revision = \"5.4\" ; }"))))
               (sha256
                (base32
-                "0xdyc3syxg4drg7rafadhlrn6nycg169ay6q5xhga19kcwy6qmqm"))
+                "1yrg0d86k9fqw7lmzjglilbadb4cjqxqkf6ii4bjs6rihj6b0qrf"))
               (file-name (string-append name "-" version))))
     (build-system waf-build-system)
     (arguments
@@ -242,6 +243,7 @@ namespace ARDOUR { const char* revision = \"5.3\" ; }"))))
        ("readline" ,readline)
        ("redland" ,redland)
        ("rubberband" ,rubberband)
+       ("libarchive" ,libarchive)
        ("taglib" ,taglib)
        ("python-rdflib" ,python-rdflib)))
     (native-inputs
@@ -336,6 +338,37 @@ tools (analyzer, mono/stereo tools, crossovers).")
     ;; The plugins are released under LGPLv2.1+
     (license (list license:lgpl2.1+ license:gpl2+))))
 
+(define-public infamous-plugins
+  (package
+    (name "infamous-plugins")
+    (version "0.2.02")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/ssj71/infamousPlugins/"
+                                  "archive/v" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0qm3ak07vc1l3f5c3c2lq9gkfknlxwn8ks03cysw1pk8hj7dwnv6"))))
+    (build-system cmake-build-system)
+    ;; There are no tests
+    (arguments `(#:tests? #f))
+    (inputs
+     `(("cairo" ,cairo)
+       ("fftwf" ,fftwf)
+       ("lv2" ,lv2)
+       ("ntk" ,ntk)
+       ("zita-resampler" ,zita-resampler)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "http://ssj71.github.io/infamousPlugins")
+    (synopsis "LV2 plugins for live use")
+    (description
+     "The infamous plugins are a collection of LV2 audio plugins for live
+performances.  The plugins include a cellular automaton synthesizer, an
+envelope follower, distortion effects, tape effects and more.")
+    (license license:gpl2+)))
+
 (define-public csound
   (package
     (name "csound")
diff --git a/gnu/packages/autogen.scm b/gnu/packages/autogen.scm
index 4cbc215070..f3ab30b10a 100644
--- a/gnu/packages/autogen.scm
+++ b/gnu/packages/autogen.scm
@@ -31,7 +31,7 @@
 (define-public autogen
   (package
     (name "autogen")
-    (version "5.18.10")
+    (version "5.18.12")
     (source
      (origin
       (method url-fetch)
@@ -39,7 +39,7 @@
                           "/autogen-" version ".tar.xz"))
       (sha256
        (base32
-        "0j61mf3qab5ya7w5xsp7xalrby00cv92g462bxffl104ql18w92f"))))
+        "1n5zq4872sakvz9c7ncsdcfp0z8rsybsxvbmhkpbd19ii0pacfxy"))))
     (build-system gnu-build-system)
     (native-inputs `(("perl" ,perl)     ;for doc generator mdoc
                      ("pkg-config" ,pkg-config)))
@@ -55,8 +55,9 @@
                  (append (find-files "agen5/test" "\\.test$")
                          (find-files "autoopts/test" "\\.(test|in)$"))
                  (("/bin/sh") sh)
-                 (("/usr/bin/tr") "tr"))))))))
-    (home-page "http://www.gnu.org/software/autogen/")
+                 (("/usr/bin/tr") "tr"))
+               #t))))))
+    (home-page "https://www.gnu.org/software/autogen/")
     (synopsis "Automated program generator")
     (description
      "AutoGen is a program to ease the maintenance of programs that contain
diff --git a/gnu/packages/bash.scm b/gnu/packages/bash.scm
index 01168ade16..c12c0ac9a0 100644
--- a/gnu/packages/bash.scm
+++ b/gnu/packages/bash.scm
@@ -238,7 +238,7 @@ without modification.")
 (define-public bash-completion
   (package
     (name "bash-completion")
-    (version "2.3")
+    (version "2.4")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -246,7 +246,7 @@ without modification.")
                     version "/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1sg82nmsr00ig37skln2qvmi8mgbxgdvycm3ygzs8gbz66pq3q5j"))
+                "1xlhd09sb2w3bw8qaypxgkr0782w082mcbx8zf7yzjgy0996pxy0"))
               (patches
                (search-patches "bash-completion-directories.patch"))))
     (build-system gnu-build-system)
@@ -279,7 +279,7 @@ without modification.")
     (description
      "This package provides extensions that allow Bash to provide adapted
 completion for many common commands.")
-    (home-page "http://bash-completion.alioth.debian.org/")
+    (home-page "https://github.com/scop/bash-completion")
     (license gpl2+)))
 
 (define-public bash-tap
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index ac46fe4bcc..5fbfdf0b9b 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -1972,7 +1972,25 @@ trees (phylogenies) and characters.")
   (let ((base (package-with-python2 (strip-python2-variant python-dendropy))))
     (package
       (inherit base)
+      ;; Do not use same source as 'python-dendropy' because the patched
+      ;; failing tests do not occur on Python 2.
+      (source
+       (origin
+         (method url-fetch)
+         (uri (pypi-uri "DendroPy" (package-version base)))
+         (sha256
+          (base32
+           "1jfz7gp18wph311w1yygbvjanb3n5mdqal439bb6myw41dwb5m63"))))
+      (arguments
+       `(#:python ,python-2
+         #:phases
+           (modify-phases %standard-phases
+             (replace 'check
+               ;; There is currently a test failure that only happens on some
+               ;; systems, and only using "setup.py test"
+               (lambda _ (zero? (system* "nosetests")))))))
       (native-inputs `(("python2-setuptools" ,python2-setuptools)
+                       ("python2-nose" ,python2-nose)
                        ,@(package-native-inputs base))))))
 
 
@@ -2019,7 +2037,7 @@ identify enrichments with functional annotations of the genome.")
 (define-public diamond
   (package
     (name "diamond")
-    (version "0.8.22")
+    (version "0.8.23")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2028,7 +2046,7 @@ identify enrichments with functional annotations of the genome.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0lbqa07c5z8pr4dvdrc14rqc4311kq69j1ldry9glfc8hg3x1kd1"))))
+                "0xpcq3fbk4c52xbpgyk5brl58rljvl83bg8nkxy8vs00pxanm7i2"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f ; no "check" target
@@ -5576,7 +5594,7 @@ track.  The database is exposed as a @code{TxDb} object.")
 (define-public vsearch
   (package
     (name "vsearch")
-    (version "2.1.2")
+    (version "2.3.0")
     (source
      (origin
        (method url-fetch)
@@ -5586,7 +5604,7 @@ track.  The database is exposed as a @code{TxDb} object.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1zzfj6ydsfzljyswlwqknpp8s2cf31vimi1aqf9ljsbagjyizc58"))
+         "1r8fk3whkil348y5hfsd4r56qjmchhq4nxm6s7ra5rlisw0mf9fy"))
        (modules '((guix build utils)))
        (snippet
         '(begin
@@ -6929,6 +6947,38 @@ elegans (Worm) as provided by UCSC (ce6, May 2008) and stored in Biostrings
 objects.")
     (license license:artistic2.0)))
 
+(define-public r-bsgenome-celegans-ucsc-ce10
+  (package
+    (name "r-bsgenome-celegans-ucsc-ce10")
+    (version "1.4.0")
+    (source (origin
+              (method url-fetch)
+              ;; We cannot use bioconductor-uri here because this tarball is
+              ;; located under "data/annotation/" instead of "bioc/".
+              (uri (string-append "http://www.bioconductor.org/packages/"
+                                  "release/data/annotation/src/contrib/"
+                                  "BSgenome.Celegans.UCSC.ce10_"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "1zaym97jk4npxk14ifvwz2rvhm4zx9xgs33r9vvx9rlynp0gydrk"))))
+    (properties
+     `((upstream-name . "BSgenome.Celegans.UCSC.ce10")))
+    (build-system r-build-system)
+    ;; As this package provides little more than a very large data file it
+    ;; doesn't make sense to build substitutes.
+    (arguments `(#:substitutable? #f))
+    (propagated-inputs
+     `(("r-bsgenome" ,r-bsgenome)))
+    (home-page
+     "http://www.bioconductor.org/packages/BSgenome.Celegans.UCSC.ce10/")
+    (synopsis "Full genome sequences for Worm")
+    (description
+     "This package provides full genome sequences for Caenorhabditis
+elegans (Worm) as provided by UCSC (ce10, Oct 2010) and stored in Biostrings
+objects.")
+    (license license:artistic2.0)))
+
 (define-public r-bsgenome-dmelanogaster-ucsc-dm3
   (package
     (name "r-bsgenome-dmelanogaster-ucsc-dm3")
diff --git a/gnu/packages/bootstrap.scm b/gnu/packages/bootstrap.scm
index f47a343ca6..f6faba3188 100644
--- a/gnu/packages/bootstrap.scm
+++ b/gnu/packages/bootstrap.scm
@@ -171,6 +171,7 @@ successful, or false to signal an error."
 
         ;; XXX: This one is used bare-bones, without a libc, so add a case
         ;; here just so we can keep going.
+        ((string=? system "arm-eabi") "no-ld.so")
         ((string=? system "xtensa-elf") "no-ld.so")
         ((string=? system "avr") "no-ld.so")
         ((string=? system "i686-mingw") "no-ld.so")
diff --git a/gnu/packages/calendar.scm b/gnu/packages/calendar.scm
index 0c37caa8e8..306c949066 100644
--- a/gnu/packages/calendar.scm
+++ b/gnu/packages/calendar.scm
@@ -84,13 +84,13 @@ data units.")
 (define-public khal
   (package
     (name "khal")
-    (version "0.8.3")
+    (version "0.8.4")
     (source (origin
              (method url-fetch)
              (uri (pypi-uri "khal" version))
              (sha256
               (base32
-               "1qryqs5d8jsl7j22pjjfkfdi4m8m3nn3n44b890pq85xkw599ihy"))))
+               "03vy4dp9n43w51mwqjjy08dr5nj7wxqnb085visz3j43vzm42p1f"))))
     (build-system python-build-system)
     (arguments
      `(#:phases (modify-phases %standard-phases
diff --git a/gnu/packages/ccache.scm b/gnu/packages/ccache.scm
index 48ed860724..15a20ff08b 100644
--- a/gnu/packages/ccache.scm
+++ b/gnu/packages/ccache.scm
@@ -29,7 +29,7 @@
 (define-public ccache
   (package
     (name "ccache")
-    (version "3.3.1")
+    (version "3.3.2")
     (source
      (origin
       (method url-fetch)
@@ -37,7 +37,7 @@
                           version ".tar.xz"))
       (sha256
        (base32
-        "1ij1p8arz72fw67gx65ngb7jmg30ynjxk7i8dmikjxkdri4pmn66"))))
+        "0c25l78hi36682l9cyxca78i8sdkmgmv9afip1s21y6q4g5qaxlh"))))
     (build-system gnu-build-system)
     (native-inputs `(("perl" ,perl)     ;for test.sh
                      ("which" ,(@ (gnu packages base) which))))
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index f010fabc86..b27577bbec 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -73,7 +73,7 @@
 (define-public nss-certs
   (package
     (name "nss-certs")
-    (version "3.26")
+    (version "3.27.1")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -84,7 +84,7 @@
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "0r65s5q8kk0vr48s0zr8xi610k7h072lgkkpp4z6jlxr19bkly4i"))))
+                "0sraxk26swlgl7rl742rkfp5k251v5z3lqw9k8ikin0cjfhkfdpx"))))
     (build-system gnu-build-system)
     (outputs '("out"))
     (native-inputs
diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm
index 95c80438e9..b394571d6f 100644
--- a/gnu/packages/check.scm
+++ b/gnu/packages/check.scm
@@ -26,6 +26,7 @@
   #:use-module (gnu packages)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages python)
+  #:use-module (guix utils)
   #:use-module (guix licenses)
   #:use-module (guix packages)
   #:use-module (guix download)
@@ -155,14 +156,15 @@ multi-paradigm automated test framework for C++ and Objective-C.")
 (define-public cmocka
   (package
     (name "cmocka")
-    (version "1.0.1")
+    (version "1.1.0")
     (source (origin
               (method url-fetch)
-              (uri (string-append "https://cmocka.org/files/1.0/cmocka-"
+              (uri (string-append "https://cmocka.org/files/"
+                                  (version-major+minor version) "/cmocka-"
                                   version ".tar.xz"))
               (sha256
                (base32
-                "0fvm6rdalqcxckbddch8ycdw6n2ckldblv117n09chi2l7bm0q5k"))))
+                "0c0k8ax16fgh39nsva09q4jsh83g9nxihkwj9d5666763fzx6q79"))))
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f)) ; No test target
@@ -178,13 +180,13 @@ format.")
 (define-public cppcheck
   (package
     (name "cppcheck")
-    (version "1.72")
+    (version "1.76")
     (source (origin
       (method url-fetch)
       (uri (string-append "https://github.com/danmar/cppcheck/archive/"
                           version ".tar.gz"))
       (sha256
-       (base32 "0zxaixhqi4vmj7xj56gzadggcbjhbjjm6abyr86qlan23sg98667"))
+       (base32 "14d0ikcmq1xcqy9f1vq1jbn5ifl0jiy3rycqdcg7v8hil48m59z8"))
       (file-name (string-append name "-" version ".tar.gz"))))
     (build-system cmake-build-system)
     (home-page "http://cppcheck.sourceforge.net")
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 8970ea1c03..b7bd1f0cd6 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -12,6 +12,7 @@
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2016 Andy Patterson <ajpatter@uwaterloo.ca>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -34,11 +35,13 @@
   #:use-module (gnu packages avahi)
   #:use-module (gnu packages bash)
   #:use-module (gnu packages boost)
+  #:use-module (gnu packages crypto)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages language)
   #:use-module (gnu packages linux)
+  #:use-module (gnu packages tcl)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages ncurses)
@@ -541,32 +544,32 @@ is in the public domain.")
 (define-public tdb
   (package
     (name "tdb")
-    (version "1.3.9")
+    (version "1.3.11")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.samba.org/ftp/tdb/tdb-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1ll4q17scax1arg12faj8p25jq1f7q9irc3pwla0ziymwqkgf0bi"))))
+                "0i1l38h0vyck6zkcj4fn2l03spadlmyr1qa1xpdp9dy2ccbm3s1r"))))
     (build-system gnu-build-system)
     (arguments
-     '(#:phases (alist-replace
-                 'configure
-                 (lambda* (#:key outputs #:allow-other-keys)
-                   (let ((out (assoc-ref outputs "out")))
-                     ;; The 'configure' script is a wrapper for Waf and
-                     ;; doesn't recognize things like '--enable-fast-install'.
-                     (zero? (system* "./configure"
-                                     (string-append "--prefix=" out)))))
-                 %standard-phases)))
+     '(#:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               ;; The 'configure' script is a wrapper for Waf and
+               ;; doesn't recognize things like '--enable-fast-install'.
+               (zero? (system* "./configure"
+                               (string-append "--prefix=" out)))))))))
     (native-inputs
      `(;; TODO: Build the documentation.
        ;; ("docbook-xsl" ,docbook-xsl)
        ;; ("libxml2" ,libxml2)
        ;; ("libxslt" ,libxslt)
        ("python" ,python-2)))                     ;for the Waf build system
-    (home-page "http://tdb.samba.org/")
+    (home-page "https://tdb.samba.org/")
     (synopsis "Trivial database")
     (description
      "TDB is a Trivial Database.  In concept, it is very much like GDBM,
@@ -951,14 +954,14 @@ similar to BerkeleyDB, LevelDB, etc.")
 (define-public redis
   (package
     (name "redis")
-    (version "3.2.3")
+    (version "3.2.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://download.redis.io/releases/redis-"
                                   version".tar.gz"))
               (sha256
                (base32
-                "05az2g3gna5lkhh6x1a5m6yardbiig1l4ysggldlk5if8ww9qkk7"))))
+                "1wb9jd692a0y52bkkxr6815kk4g039mirjdrvqx24265lv2l5l1a"))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f ; tests related to master/slave and replication fail
@@ -966,6 +969,7 @@ similar to BerkeleyDB, LevelDB, etc.")
                   (delete 'configure))
        #:make-flags `("CC=gcc"
                       "MALLOC=libc"
+                      "LDFLAGS=-ldl"
                       ,(string-append "PREFIX="
                                       (assoc-ref %outputs "out")))))
     (synopsis "Key-value cache and store")
@@ -1154,3 +1158,53 @@ can autogenerate peewee models using @code{pwiz}, a model generator.")
 
 (define-public python2-peewee
   (package-with-python2 python-peewee))
+
+(define-public sqlcipher
+  (package
+    (name "sqlcipher")
+    (version "3.3.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/sqlcipher/" name
+                           "/archive/v" version ".tar.gz"))
+       (sha256
+        (base32 "1gv58dlbpzrmznly52yqbxgvii0ib88zr3aszla1bsypwjr6flff"))
+       (file-name (string-append name "-" version ".tar.gz"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("libcrypto" ,openssl)
+       ("libtcl8.6" ,tcl))) ; required for running the tests
+    (native-inputs
+     `(("tcl" ,tcl)))
+    (arguments
+     '(#:configure-flags
+       '("--enable-tempstore=yes"
+         "CFLAGS=-DSQLITE_HAS_CODEC -DSQLITE_ENABLE_FTS3"
+         "LDFLAGS=-lcrypto -ltcl8.6"
+         "--disable-tcl")
+       ;; tests cannot be run from the Makefile
+       ;; see: <https://github.com/sqlcipher/sqlcipher/issues/172>
+       #:test-target "testfixture"
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'check 'build-test-runner
+           (assoc-ref %standard-phases 'check))
+         (replace 'check
+           (lambda _
+             (zero?
+              (system* "./testfixture" "test/crypto.test")))))))
+    (home-page "https://www.zetetic.net/sqlcipher/")
+    (synopsis
+     "Library providing transparent encryption of SQLite database files")
+    (description "SQLCipher is an implementation of SQLite, extended to
+provide transparent 256-bit AES encryption of database files.  Pages are
+encrypted before being written to disk and are decrypted when read back.  It’s
+well suited for protecting embedded application databases and for mobile
+development.")
+    ;; The source files
+    ;; src/{crypto.c,crypto_impl.c,crypto.h,crypto_cc.c,crypto_libtomcrypt.c},
+    ;; src/{crypto_openssl.c,sqlcipher.h}, tool/crypto-speedtest.tcl,
+    ;; test/crypto.test are licensed under a 3-clause BSD license. All other
+    ;; source files are in the public domain.
+    (license (list license:public-domain license:bsd-3))))
diff --git a/gnu/packages/dav.scm b/gnu/packages/dav.scm
index 507d00c1a6..be6c40f4ba 100644
--- a/gnu/packages/dav.scm
+++ b/gnu/packages/dav.scm
@@ -52,13 +52,13 @@ clients.")
 (define-public vdirsyncer
   (package
     (name "vdirsyncer")
-    (version "0.12.1")
+    (version "0.13.1")
     (source (origin
              (method url-fetch)
              (uri (pypi-uri name version))
              (sha256
               (base32
-               "1y3xpl83p4y1m5ks44drhwpygzwbjwhraycrhxlkhwk8bhnsifrz"))))
+               "1c4kipcc7dx1rn5j1a1x7wckz09mm9ihwakf3ramwn1y78q5zanb"))))
     (build-system python-build-system)
     (arguments
       `(#:phases (modify-phases %standard-phases
diff --git a/gnu/packages/dejagnu.scm b/gnu/packages/dejagnu.scm
index 60fd2124f0..ba34e36c6a 100644
--- a/gnu/packages/dejagnu.scm
+++ b/gnu/packages/dejagnu.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016 Efraim Flashner <efraim@flasher.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -26,7 +27,7 @@
 (define-public dejagnu
   (package
     (name "dejagnu")
-    (version "1.5.3")
+    (version "1.6")
     (source
      (origin
       (method url-fetch)
@@ -34,50 +35,48 @@
                           version ".tar.gz"))
       (sha256
        (base32
-        "069z3qrdv35cm2sbnfr5yjzplrqj9f61cchxis7j9mm19hv8x6q9"))))
+        "0qypaakd2065jgpcv84zcsibl8gph3p334gb2qdmhsrbirhlmdh0"))))
     (build-system gnu-build-system)
     (inputs `(("expect" ,expect)))
     (arguments
-     '(#:phases (alist-replace
-                 'check
-                 (lambda _
-                   ;; Note: The test-suite *requires* /dev/pts among the
-                   ;; `build-chroot-dirs' of the build daemon when
-                   ;; building in a chroot.  See
-                   ;; <http://thread.gmane.org/gmane.linux.distributions.nixos/1036>
-                   ;; for details.
-                   (if (and (directory-exists? "/dev/pts")
-                            (directory-exists? "/proc"))
-                       (begin
-                        ;; Provide `runtest' with a log name, otherwise
-                        ;; it tries to run `whoami', which fails when in
-                        ;; a chroot.
-                        (setenv "LOGNAME" "guix-builder")
+     '(#:phases
+       (modify-phases %standard-phases
+         (replace 'check
+           (lambda _
+             ;; Note: The test-suite *requires* /dev/pts among the
+             ;; `build-chroot-dirs' of the build daemon when
+             ;; building in a chroot.  See
+             ;; <http://thread.gmane.org/gmane.linux.distributions.nixos/1036>
+             ;; for details.
+             (if (and (directory-exists? "/dev/pts")
+                      (directory-exists? "/proc"))
+                 (begin
+                  ;; Provide `runtest' with a log name, otherwise it
+                  ;; tries to run `whoami', which fails when in a chroot.
+                  (setenv "LOGNAME" "guix-builder")
 
-                        ;; The test-suite needs to have a non-empty stdin:
-                        ;; <http://lists.gnu.org/archive/html/bug-dejagnu/2003-06/msg00002.html>.
-                        (zero?
-                         (system "make check < /dev/zero")))
-                       (begin
-                         (display "test suite cannot be run, skipping\n")
-                         #t)))
-                 (alist-cons-after
-                  'install 'post-install
-                  (lambda* (#:key inputs outputs #:allow-other-keys)
-                    ;; Use the right `expect' binary.
-                    (let ((out    (assoc-ref outputs "out"))
-                          (expect (assoc-ref inputs "expect")))
-                      (substitute* (string-append out "/bin/runtest")
-                        (("^mypath.*$" all)
-                         (string-append all
-                                        "export PATH="
-                                        expect "/bin:$PATH\n")))))
-                  %standard-phases))))
+                  ;; The test-suite needs to have a non-empty stdin:
+                  ;; <http://lists.gnu.org/archive/html/bug-dejagnu/2003-06/msg00002.html>.
+                  (zero?
+                   (system "make check < /dev/zero")))
+                 (begin
+                   (display "test suite cannot be run, skipping\n")
+                   #t))))
+         (add-after 'install 'post-install
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             ;; Use the right `expect' binary.
+             (let ((out    (assoc-ref outputs "out"))
+                   (expect (assoc-ref inputs "expect")))
+               (substitute* (string-append out "/bin/runtest")
+                 (("^mypath.*$" all)
+                  (string-append all
+                                 "export PATH="
+                                 expect "/bin:$PATH\n")))))))))
     (home-page
-     "http://www.gnu.org/software/dejagnu/")
+     "https://www.gnu.org/software/dejagnu/")
     (synopsis "GNU software testing framework")
     (description
      "DejaGnu is a framework for testing software.  In effect, it serves as
 a front-end for all tests written for a program.  Thus, each program can have
 multiple test suites, which are then all managed by a single harness.")
-    (license gpl2+)))
+    (license gpl3+)))
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index 4a20f0c1a5..1b345dba1f 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -266,14 +266,14 @@ editor (without an X toolkit)" )
 (define-public geiser
   (package
     (name "geiser")
-    (version "0.8.1")
+    (version "0.9")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://savannah/geiser/" version
                                  "/geiser-" version ".tar.gz"))
              (sha256
               (base32
-               "163zh8qf1q8l485d94a51a9xixirj8r2xvrbgxyw06vkaqrz5qvc"))))
+               "1n772ysl1dmn0vy3gk230ymyjm14h93zw99y6h2rqp1ixy7v43dm"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases (alist-cons-after
@@ -298,34 +298,8 @@ metadata.")
     (license license:bsd-3)))
 
 (define-public geiser-next
-  ;; Geiser's upcoming version supports guile-next, and 0.8.1 does not.
-  ;; When the next Geiser release comes out, we can remove this.
-  (let ((commit "2e335695fc1a4a0b520b50deb761b958194cbec4"))
-    (package
-      (inherit geiser)
-      (name "geiser-next")
-      (version (string-append "0.8.1-1"
-                              (string-take commit 7)))
-      (source (origin
-                (method git-fetch)
-                (uri (git-reference
-                      (url "git://git.sv.gnu.org/geiser.git")
-                      (commit commit)))
-                (sha256
-                 (base32
-                  "00rmpn8zncq1fiah5m12l26z0s28bh7ql63kxdvksqdgfrisnmgf"))))
-      (native-inputs
-       `(("autoconf" ,autoconf)
-         ("automake" ,automake)
-         ("texinfo" ,texinfo)
-         ,@(package-native-inputs geiser)))
-      (arguments
-       (substitute-keyword-arguments (package-arguments geiser)
-         ((#:phases phases)
-          `(modify-phases ,phases
-             (add-after 'unpack 'autogen
-               (lambda _
-                 (zero? (system* "sh" "autogen.sh")))))))))))
+  ;; This has become "geiser".
+  (deprecated-package "geiser-next" geiser))
 
 (define-public paredit
   (package
@@ -424,7 +398,7 @@ configuration files, such as .gitattributes, .gitignore, and .git/config.")
 (define-public emacs-with-editor
   (package
     (name "emacs-with-editor")
-    (version "2.5.2")
+    (version "2.5.6")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -433,7 +407,7 @@ configuration files, such as .gitattributes, .gitignore, and .git/config.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0k57f2wqng7510nzyzgjgbapplia23l3zrphl816nfm4s58sy1ka"))))
+                "14vypqj3wqym5yd0nggfm1xdgq5hv1kwxkg6i8ymlpxcdfxj45w7"))))
     (build-system emacs-build-system)
     (propagated-inputs
      `(("emacs-dash" ,emacs-dash)))
@@ -2156,7 +2130,7 @@ dark background.")
 (define-public emacs-smartparens
   (package
     (name "emacs-smartparens")
-    (version "1.7.1")
+    (version "1.8.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2165,7 +2139,7 @@ dark background.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1b47ppkzsj8j8a2p0bmvq05rhm2d2lsm3wlc0sg542r4zr6nji8s"))))
+                "0xsqiklg0q4w6gj0js1hvsz4lkypvcx6c9kzb1mz232gwlqx1azw"))))
     (build-system emacs-build-system)
     (propagated-inputs `(("emacs-dash" ,emacs-dash)))
     (home-page "https://github.com/Fuco1/smartparens")
@@ -2185,15 +2159,16 @@ well as completely new features.")
 (define-public emacs-hl-todo
   (package
     (name "emacs-hl-todo")
-    (version "1.7.0")
+    (version "1.7.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
                     "https://raw.githubusercontent.com/tarsius/hl-todo/"
                     version "/hl-todo.el"))
+              (file-name (string-append "hl-todo-" version ".el"))
               (sha256
                (base32
-                "18zydm43zajlglhgr0bhdkd4pln27amd063k2ql6p1mvyam3j8ia"))))
+                "0flhz9vy8w1vvwwji92pi5k4659hl368bakj2qf2zfd26z8x583h"))))
     (build-system emacs-build-system)
     (home-page "https://github.com/tarsius/hl-todo")
     (synopsis "Emacs mode to highlight TODO and similar keywords")
@@ -2258,7 +2233,7 @@ fully-functional one.")
 (define-public emacs-hydra
   (package
     (name "emacs-hydra")
-    (version "0.13.0")
+    (version "0.13.6")
     (source
      (origin
        (method url-fetch)
@@ -2267,7 +2242,7 @@ fully-functional one.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "19ynkjlg3jj7x90xxbz885324h6nkxmzlb2c2c95xkr20zckn0lk"))))
+         "0575vh858gm35p57s49dy6pc2ij46dmj9zaa4z0cp98sqra3j3l0"))))
     (build-system emacs-build-system)
     (home-page "https://github.com/abo-abo/hydra")
     (synopsis "Make Emacs bindings that stick around")
diff --git a/gnu/packages/embedded.scm b/gnu/packages/embedded.scm
new file mode 100644
index 0000000000..24eeef9fa7
--- /dev/null
+++ b/gnu/packages/embedded.scm
@@ -0,0 +1,165 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages embedded)
+  #:use-module (guix utils)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix svn-download)
+  #:use-module (guix git-download)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix build-system gnu)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages cross-base)
+  #:use-module (gnu packages flex)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages texinfo))
+
+;; We must not use the released GCC sources here, because the cross-compiler
+;; does not produce working binaries.  Instead we take the very same SVN
+;; revision from the branch that is used for a release of the "GCC ARM
+;; embedded" project on launchpad.
+;; See https://launchpadlibrarian.net/218827644/release.txt
+(define-public gcc-arm-none-eabi-4.9
+  (let ((xgcc (cross-gcc "arm-none-eabi"
+                         (cross-binutils "arm-none-eabi")))
+        (revision "1")
+        (svn-revision 227977))
+    (package (inherit xgcc)
+      (version (string-append (package-version xgcc) "-"
+                              revision "." (number->string svn-revision)))
+      (source
+       (origin
+         (method svn-fetch)
+         (uri (svn-reference
+               (url "svn://gcc.gnu.org/svn/gcc/branches/ARM/embedded-4_9-branch/")
+               (revision svn-revision)))
+         (file-name (string-append "gcc-arm-embedded-" version "-checkout"))
+         (sha256
+          (base32
+           "113r98kygy8rrjfv2pd3z6zlfzbj543pq7xyq8bgh72c608mmsbr"))
+         (patches (origin-patches (package-source xgcc)))))
+      (native-inputs
+       `(("flex" ,flex)
+         ,@(package-native-inputs xgcc)))
+      (arguments
+       (substitute-keyword-arguments (package-arguments xgcc)
+         ((#:phases phases)
+          `(modify-phases ,phases
+             (add-after 'unpack 'fix-genmultilib
+               (lambda _
+                 (substitute* "gcc/genmultilib"
+                   (("#!/bin/sh") (string-append "#!" (which "sh"))))
+                 #t))))
+         ((#:configure-flags flags)
+          ;; The configure flags are largely identical to the flags used by the
+          ;; "GCC ARM embedded" project.
+          `(append (list "--enable-multilib"
+                         "--with-newlib"
+                         "--with-multilib-list=armv6-m,armv7-m,armv7e-m"
+                         "--with-host-libstdcxx=-static-libgcc -Wl,-Bstatic,-lstdc++,-Bdynamic -lm"
+                         "--enable-plugins"
+                         "--disable-decimal-float"
+                         "--disable-libffi"
+                         "--disable-libgomp"
+                         "--disable-libmudflap"
+                         "--disable-libquadmath"
+                         "--disable-libssp"
+                         "--disable-libstdcxx-pch"
+                         "--disable-nls"
+                         "--disable-shared"
+                         "--disable-threads"
+                         "--disable-tls")
+                   (delete "--disable-multilib" ,flags)))))
+      (native-search-paths
+       (list (search-path-specification
+              (variable "CROSS_C_INCLUDE_PATH")
+              (files '("arm-none-eabi/include")))
+             (search-path-specification
+              (variable "CROSS_CPLUS_INCLUDE_PATH")
+              (files '("arm-none-eabi/include")))
+             (search-path-specification
+              (variable "CROSS_LIBRARY_PATH")
+              (files '("arm-none-eabi/lib"))))))))
+
+(define-public newlib-arm-none-eabi
+  (package
+    (name "newlib")
+    (version "2.4.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "ftp://sourceware.org/pub/newlib/newlib-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "01i7qllwicf05vsvh39qj7qp5fdifpvvky0x95hjq39mbqiksnsl"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:out-of-source? #t
+       ;; The configure flags are identical to the flags used by the "GCC ARM
+       ;; embedded" project.
+       #:configure-flags '("--target=arm-none-eabi"
+                           "--enable-newlib-io-long-long"
+                           "--enable-newlib-register-fini"
+                           "--disable-newlib-supplied-syscalls"
+                           "--disable-nls")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'fix-references-to-/bin/sh
+           (lambda _
+             (substitute* '("libgloss/arm/cpu-init/Makefile.in"
+                            "libgloss/arm/Makefile.in"
+                            "libgloss/libnosys/Makefile.in"
+                            "libgloss/Makefile.in")
+               (("/bin/sh") (which "sh")))
+             #t)))))
+    (native-inputs
+     `(("xbinutils" ,(cross-binutils "arm-none-eabi"))
+       ("xgcc" ,gcc-arm-none-eabi-4.9)
+       ("texinfo" ,texinfo)))
+    (home-page "http://www.sourceware.org/newlib/")
+    (synopsis "C library for use on embedded systems")
+    (description "Newlib is a C library intended for use on embedded
+systems.  It is a conglomeration of several library parts that are easily
+usable on embedded products.")
+    (license (license:non-copyleft
+              "https://www.sourceware.org/newlib/COPYING.NEWLIB"))))
+
+(define-public newlib-nano-arm-none-eabi
+  (package (inherit newlib-arm-none-eabi)
+    (name "newlib-nano")
+    (arguments
+     (substitute-keyword-arguments (package-arguments newlib-arm-none-eabi)
+       ;; The configure flags are identical to the flags used by the "GCC ARM
+       ;; embedded" project.  They optimize newlib for use on small embedded
+       ;; systems with limited memory.
+       ((#:configure-flags flags)
+        ''("--target=arm-none-eabi"
+           "--enable-multilib"
+           "--disable-newlib-supplied-syscalls"
+           "--enable-newlib-reent-small"
+           "--disable-newlib-fvwrite-in-streamio"
+           "--disable-newlib-fseek-optimization"
+           "--disable-newlib-wide-orient"
+           "--enable-newlib-nano-malloc"
+           "--disable-newlib-unbuf-stream-opt"
+           "--enable-lite-exit"
+           "--enable-newlib-global-atexit"
+           "--enable-newlib-nano-formatted-io"
+           "--disable-nls"))))
+    (synopsis "Newlib variant for small systems with limited memory")))
diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm
index e28598d421..22857e84b5 100644
--- a/gnu/packages/fonts.scm
+++ b/gnu/packages/fonts.scm
@@ -704,18 +704,11 @@ symbols unable to be displayed properly.")
   (package
     (name "font-un")
     (version "1.0.2-080608")
-    ;; The upstream server at kldp.net is serving us broken MIME.
-    ;; See <http://bugs.gnu.org/22908>.
     (source (origin
               (method url-fetch)
-              (uri (list
-                    (string-append
-                     "http://krosos.sdf.org/static/unix/"
-                     "un-fonts-core-" version ".tar.gz")
-                    ;; XXX: The upstream server at kldp.net
-                    (string-append
-                     "https://kldp.net/projects/unfonts/download/4695?filename="
-                     "un-fonts-core-" version ".tar.gz")))
+              (uri (string-append
+                    "https://kldp.net/unfonts/release/2607-"
+                    "un-fonts-core-" version ".tar.gz"))
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
@@ -838,22 +831,15 @@ glyph designs, not just an added slant.")
                                                              "unzip")
                                                   "/bin"))
                          (font-dir (string-append %output
-                                                  "/share/fonts/truetype"))
-                         (doc-dir  (string-append %output "/share/doc/"
-                                                  ,name "-" ,version)))
+                                                  "/share/fonts/truetype")))
                      (setenv "PATH" PATH)
                      (system* "unzip" (assoc-ref %build-inputs "source"))
 
                      (mkdir-p font-dir)
-                     (mkdir-p doc-dir)
                      (for-each (lambda (ttf)
                                  (copy-file ttf
                                             (string-append font-dir "/" ttf)))
-                               (find-files "." "\\.ttf$"))
-                     (for-each (lambda (doc)
-                                 (copy-file doc
-                                            (string-append doc-dir "/" doc)))
-                               (find-files "." "\\.txt$"))))))
+                               (find-files "." "\\.ttf$"))))))
     (native-inputs
      `(("source" ,source)
        ("unzip" ,unzip)))
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index 5054df8fca..60cff2e330 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -465,7 +465,7 @@ smooth contours with constant curvature at the spline joins.")
 (define-public libuninameslist
   (package
     (name "libuninameslist")
-    (version "0.5.20150701")
+    (version "20160701")
     (source
      (origin
        (method url-fetch)
@@ -474,17 +474,16 @@ smooth contours with constant curvature at the spline joins.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1j6147l100rppw7axlrkdx0p35fax6bz2zh1xgpg7a3b4pmqaj3v"))))
+         "12xxb301a66dh282pywpy00wxiaq5z8z20qm3pr2vql04r2g8d0x"))))
     (build-system gnu-build-system)
     (native-inputs `(("autoconf" ,autoconf)
                      ("automake" ,automake)
                      ("libtool" ,libtool)))
     (arguments
-     `(#:phases (alist-cons-after
-                 'unpack 'bootstrap
-                 (lambda _
-                   (zero? (system* "autoreconf" "-vi")))
-                 %standard-phases)))
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'bootstrap
+           (lambda _ (zero? (system* "autoreconf" "-vi")))))))
     (synopsis "Unicode names and annotation list")
     (description
      "LibUniNamesList holds www.unicode.org Nameslist.txt data which can be
diff --git a/gnu/packages/fpga.scm b/gnu/packages/fpga.scm
new file mode 100644
index 0000000000..bb199096dc
--- /dev/null
+++ b/gnu/packages/fpga.scm
@@ -0,0 +1,311 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages fpga)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix build-system gnu)
+  #:use-module (guix build-system cmake)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages tcl)
+  #:use-module (gnu packages readline)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages flex)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages libffi)
+  #:use-module (gnu packages zip)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages ghostscript)
+  #:use-module (gnu packages gperf)
+  #:use-module (gnu packages gawk)
+  #:use-module (gnu packages version-control)
+  #:use-module (gnu packages libftdi))
+
+(define-public abc
+ (let ((commit "5ae4b975c49c")
+       (revision "1"))
+  (package
+    (name "abc")
+    (version (string-append "0.0-" revision "-" (string-take commit 9)))
+    (source (origin
+              (method url-fetch)
+              (uri
+               (string-append "https://bitbucket.org/alanmi/abc/get/" commit ".zip"))
+              (file-name (string-append name "-" version "-checkout.zip"))
+              (sha256
+                (base32
+                   "1syygi1x40rdryih3galr4q8yg1w5bvdzl75hd27v1xq0l5bz3d0"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("unzip" ,unzip)))
+    (inputs
+     `(("readline" ,readline)))
+    (arguments
+     `(#:tests? #f ; no check target
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (out-bin (string-append out "/bin")))
+               (install-file "abc" out-bin)))))))
+    (home-page "http://people.eecs.berkeley.edu/~alanmi/abc/")
+    (synopsis "Sequential logic synthesis and formal verification")
+    (description "ABC is a program for sequential logic synthesis and
+formal verification.")
+    (license
+      (license:non-copyleft "https://fedoraproject.org/wiki/Licensing:MIT#Modern_Variants")))))
+
+(define-public iverilog
+  (package
+    (name "iverilog")
+    (version "10.1.1")
+    (source (origin
+              (method url-fetch)
+              (uri
+               (string-append "ftp://ftp.icarus.com/pub/eda/verilog/v10/"
+                              "verilog-" version ".tar.gz"))
+              (sha256
+                (base32
+                   "1nnassxvq30rnn0r2p85rkb2zwxk97p109y13x3vr365wzgpbapx"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("flex" ,flex)
+       ("bison" ,bison)
+       ("ghostscript" ,ghostscript))) ; ps2pdf
+    (home-page "http://iverilog.icarus.com/")
+    (synopsis "FPGA Verilog simulation and synthesis tool")
+    (description "Icarus Verilog is a Verilog simulation and synthesis tool.
+It operates as a compiler, compiling source code written in Verilog
+(IEEE-1364) into some target format.
+For batch simulation, the compiler can generate an intermediate form
+called vvp assembly.
+This intermediate form is executed by the ``vvp'' command.
+For synthesis, the compiler generates netlists in the desired format.")
+    ;; GPL2 only because of:
+    ;; - ./driver/iverilog.man.in
+    ;; - ./iverilog-vpi.man.in
+    ;; - ./tgt-fpga/iverilog-fpga.man
+    ;; - ./vvp/vvp.man.in
+    ;; Otherwise would be GPL2+.
+    ;; You have to accept both GPL2 and LGPL2.1+.
+    (license (list license:gpl2 license:lgpl2.1+))))
+
+(define-public yosys
+  (package
+    (name "yosys")
+    (version "0.6")
+    (source (origin
+              (method url-fetch)
+              (uri
+               (string-append "https://github.com/cliffordwolf/yosys/archive/"
+                              name "-" version ".tar.gz"))
+              (sha256
+                (base32
+                   "02j0c0m9dfyjccynalf0aggj6gy20k7iphpkg5cn6sdirlkv8gmx"))
+              (file-name (string-append name "-" version "-checkout.tar.gz"))
+              (modules '((guix build utils)))
+              (snippet
+                '(substitute* "Makefile"
+                   (("ABCREV = .*") "ABCREV = default\n")))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:test-target "test"
+       #:make-flags (list "CC=gcc"
+                          "CXX=g++"
+                          (string-append "PREFIX=" %output))
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda* (#:key inputs (make-flags '()) #:allow-other-keys)
+             (zero? (apply system* "make" "config-gcc" make-flags))))
+         (add-after 'configure 'prepare-abc
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let* ((sourceabc (assoc-ref inputs "abc"))
+                    (sourcebin (string-append sourceabc "/bin"))
+                    (source (string-append sourcebin "/abc")))
+                   (mkdir-p "abc")
+                   (call-with-output-file "abc/Makefile"
+                     (lambda (port)
+                       (format port ".PHONY: all\nall:\n\tcp -f abc abc-default\n")))
+                   (copy-file source "abc/abc")
+                   (zero? (system* "chmod" "+w" "abc/abc")))))
+          (add-before 'check 'fix-iverilog-references
+             (lambda* (#:key inputs native-inputs #:allow-other-keys)
+               (let* ((xinputs (or native-inputs inputs))
+                      (xdirname (assoc-ref xinputs "iverilog"))
+                      (iverilog (string-append xdirname "/bin/iverilog")))
+                     (substitute* '("./manual/CHAPTER_StateOfTheArt/synth.sh"
+                                    "./manual/CHAPTER_StateOfTheArt/validate_tb.sh"
+                                    "./techlibs/ice40/tests/test_bram.sh"
+                                    "./techlibs/ice40/tests/test_ffs.sh"
+                                    "./techlibs/xilinx/tests/bram1.sh"
+                                    "./techlibs/xilinx/tests/bram2.sh"
+                                    "./tests/bram/run-single.sh"
+                                    "./tests/realmath/run-test.sh"
+                                    "./tests/simple/run-test.sh"
+                                    "./tests/techmap/mem_simple_4x1_runtest.sh"
+                                    "./tests/tools/autotest.sh"
+                                    "./tests/vloghtb/common.sh")
+                        (("if ! which iverilog") "if ! true")
+                        (("iverilog ") (string-append iverilog " "))
+                        (("iverilog_bin=\".*\"") (string-append "iverilog_bin=\""
+                                                                iverilog "\"")))
+                     #t))))))
+    ;; TODO add xdot [patch the path to it here] as soon as I find out where it is.
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("python" ,python)
+       ("bison" ,bison)
+       ("flex" ,flex)
+       ("gawk" , gawk) ; for the tests and "make" progress pretty-printing
+       ("tcl" ,tcl) ; tclsh for the tests
+       ("iverilog" ,iverilog))) ; for the tests
+    (inputs
+     `(("tcl" ,tcl)
+       ("readline" ,readline)
+       ("libffi" ,libffi)
+       ("abc" ,abc)))
+    (home-page "http://www.clifford.at/yosys/")
+    (synopsis "FPGA Verilog RTL synthesizer")
+    (description "Yosys synthesizes Verilog-2005.")
+    (license license:isc)))
+
+(define-public icestorm
+  (let ((commit "12b2295c9087d94b75e374bb205ae4d76cf17e2f")
+        (revision "1"))
+   (package
+    (name "icestorm")
+    (version (string-append "0.0-" revision "-" (string-take commit 9)))
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                     (url "https://github.com/cliffordwolf/icestorm.git")
+                     (commit commit)))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+                (base32
+                   "1mmzlqvap6w8n4qzv3idvy51arkgn03692ssplwncy3akjrbsd2b"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; no unit tests that don't need an FPGA exist.
+       #:make-flags (list "CC=gcc" "CXX=g++"
+                          (string-append "PREFIX=" (assoc-ref %outputs "out")))
+       #:phases
+        (modify-phases %standard-phases
+          (add-after 'unpack 'remove-usr-local
+            (lambda _
+              (substitute* "iceprog/Makefile"
+                (("-I/usr/local/include") "")
+                (("-L/usr/local/lib") ""))
+              #t))
+          (delete 'configure))))
+    (inputs
+     `(("libftdi" ,libftdi)))
+    (native-inputs
+     `(("python-3" ,python)
+       ("pkg-config" ,pkg-config)))
+    (home-page "http://www.clifford.at/icestorm/")
+    (synopsis "Project IceStorm - Lattice iCE40 FPGAs bitstream tools")
+    (description "Project IceStorm - Lattice iCE40 FPGAs Bitstream Tools.
+Includes the actual FTDI connector.")
+    (license license:isc))))
+
+(define-public arachne-pnr
+  (let ((commit "52e69ed207342710080d85c7c639480e74a021d7")
+        (revision "1"))
+   (package
+    (name "arachne-pnr")
+    (version (string-append "0.0-" revision "-" (string-take commit 9)))
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                     (url "https://github.com/cseed/arachne-pnr.git")
+                     (commit commit)))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+                (base32
+                   "15bdw5yxj76lxrwksp6liwmr6l1x77isf4bs50ys9rsnmiwh8c3w"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:test-target "test"
+       #:phases (modify-phases %standard-phases
+       (replace 'configure
+         (lambda* (#:key outputs inputs #:allow-other-keys)
+           (substitute* '("Makefile")
+             (("DESTDIR = .*") (string-append "DESTDIR = "
+                                             (assoc-ref outputs "out")
+                                             "\n"))
+             (("ICEBOX = .*") (string-append "ICEBOX = "
+                                             (assoc-ref inputs "icestorm")
+                                             "/share/icebox\n")))
+           (substitute* '("./tests/fsm/generate.py"
+                          "./tests/combinatorial/generate.py")
+             (("#!/usr/bin/python") "#!/usr/bin/python2"))
+           #t)))))
+    (inputs
+     `(("icestorm" ,icestorm)))
+    (native-inputs
+     `(("git" ,git)  ; for determining its own version string
+       ("yosys" ,yosys) ; for tests
+       ("perl" ,perl) ; for shasum
+       ("python-2" ,python-2))) ; for tests
+    (home-page "https://github.com/cseed/arachne-pnr")
+    (synopsis "Place-and-Route tool for FPGAs")
+    (description "Arachne-PNR is a Place-and-Route Tool For FPGAs.")
+    (license license:gpl2))))
+
+(define-public gtkwave
+  (package
+    (name "gtkwave")
+    (version "3.3.76")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://gtkwave.sourceforge.net/"
+                                  name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1vlvavszb1jwwiixiagld88agjrjg0ix8qa4xnxj4ziw0q87jbmn"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("gperf" ,gperf)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("tcl" ,tcl)
+       ("tk" ,tk)
+       ("gtk+-2" ,gtk+-2)))
+    (arguments
+     `(#:configure-flags
+       (list (string-append "--with-tcl="
+                            (assoc-ref %build-inputs "tcl")
+                            "/lib")
+             (string-append "--with-tk="
+                            (assoc-ref %build-inputs "tk")
+                            "/lib"))))
+
+    (synopsis "Waveform viewer for FPGA simulator trace files")
+    (description "This package is a waveform viewer for FPGA
+simulator trace files (FST).")
+    (home-page "http://gtkwave.sourceforge.net/")
+    ;; Exception against free government use in tcl_np.c and tcl_np.h
+    (license (list license:gpl2+ license:expat license:tcl/tk))))
diff --git a/gnu/packages/freeipmi.scm b/gnu/packages/freeipmi.scm
index 01f1389144..cd97d52f99 100644
--- a/gnu/packages/freeipmi.scm
+++ b/gnu/packages/freeipmi.scm
@@ -28,19 +28,19 @@
 (define-public freeipmi
   (package
     (name "freeipmi")
-    (version "1.5.3")
+    (version "1.5.4")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/freeipmi/freeipmi-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "0s4q7imc4r3g9lkd92bnvw70679q83b0irrlw895i5nc05dj4djx"))))
+               "1m8zvnyjyjap07vvc5z90nyghabbb6bjcyyc7qswj66qsmssf135"))))
     (build-system gnu-build-system)
     (inputs
      `(("readline" ,readline)
        ("libgcrypt" ,libgcrypt)))
-    (home-page "http://www.gnu.org/software/freeipmi/")
+    (home-page "https://www.gnu.org/software/freeipmi/")
     (synopsis "Platform management, including sensor and power monitoring")
     (description
      "GNU FreeIPMI is a collection of in-band and out-of-band IPMI software
diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index 8c8a35b121..72aff907ae 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -179,8 +179,10 @@ scriptable with Guile.")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "http://abbaye-for-linux.googlecode.com/files/"
-                           "abbaye-for-linux-src-" version ".tar.gz"))
+       (uri (string-append "https://storage.googleapis.com/"
+                           "google-code-archive-downloads/v2/code.google.com/"
+                           "abbaye-for-linux/abbaye-for-linux-src-"
+                           version ".tar.gz"))
        (sha256
         (base32
          "1wgvckgqa2084rbskxif58wbb83xbas8s1i8s7d57xbj08ryq8rk"))))
@@ -427,7 +429,7 @@ exec ~a/bin/freedink -refdir ~a/share/dink\n"
 (define-public xboard
   (package
     (name "xboard")
-    (version "4.9.0")
+    (version "4.9.1")
     (source
      (origin
        (method url-fetch)
@@ -435,14 +437,15 @@ exec ~a/bin/freedink -refdir ~a/share/dink\n"
                            ".tar.gz"))
        (sha256
         (base32
-         "1av6r3s5vyclwf3c9i1pkr2442ryrf4ixhhf2i44a4j1xyhlp5jb"))))
+         "1mkh36xnnacnz9r00b5f9ld9309k32jv6mcavklbdnca8bl56bib"))))
     (build-system gnu-build-system)
     (inputs
      `(("gtk+" ,gtk+-2)
        ("librsvg" ,librsvg)))
-    (native-inputs `(("texinfo" ,texinfo)
-                     ("pkg-config" ,pkg-config)))
-    (home-page "http://www.gnu.org/software/xboard")
+    (native-inputs
+     `(("texinfo" ,texinfo)
+       ("pkg-config" ,pkg-config)))
+    (home-page "https://www.gnu.org/software/xboard")
     (synopsis "Graphical user interface for chess programs")
     (description "GNU XBoard is a graphical board for all varieties of chess,
 including international chess, xiangqi (Chinese chess), shogi (Japanese chess)
@@ -2784,12 +2787,11 @@ auto mapper with a VT100 map display.")
     (source
      (origin (method url-fetch)
              (uri (string-append
-                   "https://github.com/sgimenez/laby/tarball/"
-                   name "-" version))
-             (file-name (string-append name "-" version ".tar.gz"))
+                   "https://github.com/sgimenez/laby/archive/"
+                   name "-" version ".tar.gz"))
              (sha256
               (base32
-               "113ip48308ps3lsw427xswgx3wdanils43nyal9n4jr6bcx1bj2j"))
+               "0gyrfa95l1qka7gbjf7l6mk7mbfvph00l0c995ia272qdw7rjhyf"))
              (patches (search-patches "laby-make-install.patch"))))
     (build-system gnu-build-system)
     (inputs
diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index b26e93e886..bed277b1e0 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -566,6 +566,13 @@ as the 'native-search-paths' field."
                 (("libgcj(_bc)?_la_LDFLAGS =" ldflags _)
                  (string-append ldflags " -Wl,-rpath=$(libdir)")))))
            (add-after
+            'unpack 'patch-testsuite
+            ;; dejagnu-1.6 removes the 'absolute' command
+            (lambda _
+              (substitute* "libjava/testsuite/lib/libjava.exp"
+                (("absolute") "file normalize"))
+              #t))
+           (add-after
             'install 'install-javac-and-javap-wrappers
             (lambda _
               (let* ((javac  (assoc-ref %build-inputs "javac.in"))
diff --git a/gnu/packages/gdb.scm b/gnu/packages/gdb.scm
index 80d53935e2..c6cc623f6c 100644
--- a/gnu/packages/gdb.scm
+++ b/gnu/packages/gdb.scm
@@ -37,14 +37,14 @@
 (define-public gdb
   (package
     (name "gdb")
-    (version "7.11.1")
+    (version "7.12")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/gdb/gdb-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "0w7wi1llznlqdqk2lmzygz2xylb2c9mh580s9i0rypkmwfj6s8g9"))))
+               "152g2qa8337cxif3lkvabjcxfd9jphfb2mza8f1p2c4bjk2z6kw3"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; FIXME "make check" fails on single-processor systems.
@@ -95,7 +95,7 @@
     (native-inputs
       `(("texinfo" ,texinfo)
         ("pkg-config" ,pkg-config)))
-    (home-page "http://www.gnu.org/software/gdb/")
+    (home-page "https://www.gnu.org/software/gdb/")
     (synopsis "The GNU debugger")
     (description
      "GDB is the GNU debugger.  With it, you can monitor what a program is
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 7d66ac97b8..b62a5f7f4d 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -5094,6 +5094,7 @@ software that do not provide their own configuration interface.")
        ("gvfs"                      ,gvfs)
        ("hicolor-icon-theme"        ,hicolor-icon-theme)
        ("nautilus"                  ,nautilus)
+       ("pinentry-gnome3"           ,pinentry-gnome3)
        ("pulseaudio"                ,pulseaudio)
        ("shared-mime-info"          ,shared-mime-info)
        ("totem"                     ,totem)
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index c15a4afcd6..4972b37090 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -7,7 +7,8 @@
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016 Nils Gillmann <ng0@libertad.pw>
+;;; Copyright © 2016 Christopher Baines <mail@cbaines.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -606,7 +607,7 @@ including tools for signing keys, keyring analysis, and party preparation.
     (synopsis "GnuPG's interface to passphrase input")
     (description
      "Pinentry provides a console that allows users to enter a passphrase when
-@code{gpg} or @code{gpg2} is run and needs it.")
+@code{gpg} is run and needs it.")
     (license license:gpl2+)))
 
 (define-public pinentry-gtk2
@@ -619,7 +620,23 @@ including tools for signing keys, keyring analysis, and party preparation.
        ,@(package-inputs pinentry-tty)))
     (description
      "Pinentry provides a console and a GTK+ GUI that allows users to enter a
-passphrase when @code{gpg} or @code{gpg2} is run and needs it.")))
+passphrase when @code{gpg} is run and needs it.")))
+
+(define-public pinentry-gnome3
+  (package
+    (inherit pinentry-tty)
+    (name "pinentry-gnome3")
+    (inputs
+     `(("gtk+" ,gtk+-2)
+       ("gcr" ,gcr)
+       ("glib" ,glib)
+       ,@(package-inputs pinentry-tty)))
+    (arguments
+     `(#:configure-flags '("--enable-pinentry-gnome3")))
+    (description
+     "Pinentry provides a console and a GUI designed for use with GNOME@tie{}3
+that allows users to enter a passphrase when required by @code{gpg} or other
+software.")))
 
 (define-public pinentry-qt
   (package
@@ -632,7 +649,7 @@ passphrase when @code{gpg} or @code{gpg2} is run and needs it.")))
      `(#:configure-flags '("CXXFLAGS=-std=gnu++11")))
   (description
    "Pinentry provides a console and a Qt GUI that allows users to enter a
-passphrase when @code{gpg} or @code{gpg2} is run and needs it.")))
+passphrase when @code{gpg} is run and needs it.")))
 
 (define-public pinentry
   (package (inherit pinentry-gtk2)
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index d114dc0ad5..4927a516e2 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -28,6 +28,7 @@
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
+  #:use-module (gnu packages base)
   #:use-module (gnu packages databases)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gstreamer)
@@ -185,7 +186,7 @@ in the Mozilla clients.")
 (define-public nss
   (package
     (name "nss")
-    (version "3.26")
+    (version "3.27.1")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -196,7 +197,7 @@ in the Mozilla clients.")
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "0r65s5q8kk0vr48s0zr8xi610k7h072lgkkpp4z6jlxr19bkly4i"))
+                "0sraxk26swlgl7rl742rkfp5k251v5z3lqw9k8ikin0cjfhkfdpx"))
               ;; Create nss.pc and nss-config.
               (patches (search-patches "nss-pkgconfig.patch"))))
     (build-system gnu-build-system)
@@ -290,38 +291,71 @@ PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security
 standards.")
     (license license:mpl2.0)))
 
+(define (mozilla-patch file-name changeset hash)
+  "Return an origin for CHANGESET from the mozilla-esr45 repository."
+  (origin
+    (method url-fetch)
+    (uri (string-append "https://hg.mozilla.org/releases/mozilla-esr45/raw-rev/"
+                        changeset))
+    (sha256 (base32 hash))
+    (file-name file-name)))
+
 (define-public icecat
   (package
     (name "icecat")
-    (version "38.8.0-gnu2")
+    (version "45.3.0-gnu1-beta")
     (source
      (origin
       (method url-fetch)
-      (uri (string-append "mirror://gnu/gnuzilla/"
-                          version "/"
-                          name "-" version ".tar.bz2"))
+      (uri (list (string-append "mirror://gnu/gnuzilla/" version "/"
+                                name "-" version ".tar.bz2")
+                 ;; XXX Temporary URI for 45.3 beta release.
+                 ;;     Remove when no longer needed.
+                 (string-append "http://jenkins.trisquel.info/icecat/binaries/"
+                                "icecat-45.3.0-gnu1.tar.bz2")))
       (sha256
        (base32
-        "1yb7a1zsqpra9cgq8hrzrbm5v31drb9367cwvwiksz0ngqy342hb"))
-      (patches (search-patches
-                "icecat-avoid-bundled-includes.patch"
-                "icecat-CVE-2016-2818-pt1.patch"
-                "icecat-CVE-2016-2818-pt2.patch"
-                "icecat-CVE-2016-2818-pt3.patch"
-                "icecat-CVE-2016-2818-pt4.patch"
-                "icecat-CVE-2016-2818-pt5.patch"
-                "icecat-CVE-2016-2818-pt6.patch"
-                "icecat-CVE-2016-2818-pt7.patch"
-                "icecat-CVE-2016-2818-pt8.patch"
-                "icecat-CVE-2016-2818-pt9.patch"
-                "icecat-CVE-2016-2819.patch"
-                "icecat-CVE-2016-2821.patch"
-                "icecat-CVE-2016-2824.patch"
-                "icecat-CVE-2016-2828.patch"
-                "icecat-CVE-2016-2831.patch"))
+        "1hk5lwaqm8nkfm43sq521mzyrx0x3iiwvlcy62m7cq7grz9wixp6"))
+      (patches
+       `(,(search-patch "icecat-avoid-bundled-libraries.patch")
+         ,(mozilla-patch "icecat-CVE-2016-5250.patch"     "6711ccb0184e" "1p0s91rw1j7ib6hy9gh5p0l33rja32rfgygh29jw4wq1hxfql8rk")
+         ,(mozilla-patch "icecat-CVE-2016-5257-pt1.patch" "b08f28db372e" "0fmifimavawbff700rzjibsnr16am6902gp965scvi1iy78754ia")
+         ,(mozilla-patch "icecat-CVE-2016-5257-pt2.patch" "a49fd7eb57ba" "1dyh0pjdmf64sjbj1x0mdjwfispacx9yny1kx9nzpf85myryr640")
+         ,(mozilla-patch "icecat-CVE-2016-5257-pt3.patch" "9707c3423a1e" "12nn8av0akza4ml1is9mfy8f7368mrkxsl32ly97r4irzh0iryh1")
+         ,(mozilla-patch "icecat-CVE-2016-5257-pt4.patch" "9d632865560a" "1msp1wqv0c317wqkm82hd9ajbg4a5mcr8pld5j8cx37ccv7f21g3")
+         ,(mozilla-patch "icecat-CVE-2016-5257-pt5.patch" "90697781ec9f" "1h6gcrw5ykf7r59phxqkhpfs7jsgzqn509qm43sj7mbpcvqvk5mg")
+         ,(mozilla-patch "icecat-CVE-2016-5257-pt6.patch" "dd9eb81853b9" "1lyqnn40sayziych8gqd5aj7il3zajf318y8ddj8dzz3c8id5dzc")
+         ,(mozilla-patch "icecat-CVE-2016-5257-pt7.patch" "d91fc76079e0" "022lhixa8dxa6ny9a4bh2di282i0lhyq0glqr9n4q3r8msfmf0ba")
+         ,(mozilla-patch "icecat-CVE-2016-5257-pt8.patch" "3e37ba5e0867" "1w8lncxaayq4xndhyp1hwlv00zggbayljq6rlypb8kdwgzfpi77w")
+         ,(mozilla-patch "icecat-CVE-2016-5257-pt9.patch" "3c4958a98908" "16bc6ai5qddnpm3yw24lry5s7i05xs0ycixzxiir4wmcgwcaayiy")
+         ,(mozilla-patch "icecat-CVE-2016-5261.patch"     "bc2f5467b33d" "0i4b8ydmqg4blx541f56g9qrlm7gp6ih4cs7ixbds724cwk83b9f")
+         ,(mozilla-patch "icecat-CVE-2016-5270.patch"     "7cd50d56bb61" "15nbp5axr59mczxgf37nli37jbw0jdknmxz7z71772pzjd2z07r9")
+         ,(mozilla-patch "icecat-CVE-2016-5272.patch"     "6e43a01fee3c" "025xp1wdnz1gc5l2rsgbrwsh1pbysjiyfgz0g6rvr390r7ag1n74")
+         ,(mozilla-patch "icecat-CVE-2016-5274.patch"     "10c9453407de" "1wqh6hj0dpa7r3hhlyrflcv3r3cg0xq4rb0zvhysi6l7lwb8q51r")
+         ,(mozilla-patch "icecat-CVE-2016-5276.patch"     "fc818ab03f15" "1q64ipl172dcmyy9p8p3l3ljpdh1q1jg48lai0qn2xgknl7sdpks")
+         ,(mozilla-patch "icecat-CVE-2016-5277.patch"     "7b668c5cec92" "1qmchn6qifgjakzac6i4hgnivy062pzgz9p1l11c1m3an1rh0isg")
+         ,(mozilla-patch "icecat-CVE-2016-5278.patch"     "fd5052e343df" "1nzmzlnsz61w9aw4mjvgmlkz88aqv1w858rr0mbv07hwyrljfi84")
+         ,(mozilla-patch "icecat-CVE-2016-5280.patch"     "30673bc9730b" "1qz1684v1rp86ngadcaqd68iqf472flnrnk971ryg4fbsyy8g1za")
+         ,(mozilla-patch "icecat-CVE-2016-5281-pt1.patch" "61405f1fd1df" "1fgmq67arwsl1nrl133fcb5cz6jbbcfjvbv8cd8cadhapin971a7")
+         ,(mozilla-patch "icecat-CVE-2016-5281-pt2.patch" "7776b6ec7b92" "1f7k8f4lk7nyghwajsxf6nb7yvzsaw3jwpa3316znsva12m548mn")
+         ,(mozilla-patch "icecat-CVE-2016-5284-pt1.patch" "55e768767416" "1gg7m12njbkn1jqf2gp2y7zd9ik3xhqkjb7znczna4l438h7ki83")
+         ,(mozilla-patch "icecat-CVE-2016-5284-pt2.patch" "3c42249975a5" "0gnanndkmhsp49rldv4kh0smkdcs7616v46hn567kfw8yfwqvnli")
+         ,(mozilla-patch "icecat-CVE-2016-5284-pt3.patch" "126e5d574811" "13gr08bzqy23adz0ciihb7cy9wdnkcn71i77a3y5b5apm6k54mwi")
+         ,(mozilla-patch "icecat-CVE-2016-5284-pt4.patch" "7b8bd7aae1a8" "0mq5gpq6ni8czfcs1rif4is0igh0054aw41ga0jqkq58g7lavkrf")
+         ,(mozilla-patch "icecat-CVE-2016-5284-pt5.patch" "0799490f4e6f" "1ypv6i48nabbhcqbach8fbgz9bmnhm7q5z9dnfid44z8g54l3f33")
+         ,(mozilla-patch "icecat-CVE-2016-5284-pt6.patch" "fc990e4ae8bc" "1s2cj505ajwwiy4xvn5zlmyzqpgahxmqqvis0a6xm6mjbjh02gm4")
+         ,(mozilla-patch "icecat-bug-1251088.patch"       "5ffa912ed83e" "0v5lpv3c89c2d4y5acn0kyijv096axdnrvaj5ya5yypzfcaqxv24")
+         ,(mozilla-patch "icecat-bug-1292590.patch"       "d4b5b8f3e373" "0w8cxn6ryhgxryy8k8i06yw4mknv509ns9ff1avd0hmgxa83mcdp")
+         ,(mozilla-patch "icecat-bug-1298169.patch"       "adce603ae36d" "0mgs85cwx61bk17r7npl311l4m8yn4667wyhgjmm2ajiys6nn0yl")
+         ,(mozilla-patch "icecat-bug-1301496.patch"       "97268426bb6f" "1z7hg796cgag025gm9pp2szz7w870s7naagdri1dlsilj797v8hr")
+         ,(mozilla-patch "icecat-bug-1299519.patch"       "fc055950b6b8" "05iml5k3rzc653jk4imd111sh18625jxfxkcj12kjdihl0gdr4x4")
+         ,(mozilla-patch "icecat-bug-1303710.patch"       "6f845c23565b" "01dlbnmpsnwr448fajs276y62gl03r74k1hxnwsg6ihwhnfdvn5a")
+         ,(mozilla-patch "icecat-bug-1301343.patch"       "e5d51ca7a3c0" "0hshcz24hc6pkz5pcqxhajm17ibwrlfn1s00frfnpjjy56vacfz0")
+         ,(mozilla-patch "icecat-bug-1299686.patch"       "576f1725a57e" "1lic9d3r8r1vcniw1g3ca71390lw3dmwjsw55dp6z96hyjbcq3fd")))
       (modules '((guix build utils)))
       (snippet
        '(begin
+          (use-modules (ice-9 ftw))
           ;; Remove bundled libraries that we don't use, since they may
           ;; contain unpatched security flaws, they waste disk space and
           ;; network bandwidth, and may cause confusion.
@@ -358,6 +392,12 @@ standards.")
                       "gfx/cairo"
                       "js/src/ctypes/libffi"
                       "db/sqlite3"))
+          ;; Delete .pyc files, typically present in icecat source tarballs
+          (for-each delete-file (find-files "." "\\.pyc$"))
+          ;; Delete obj-* directories, found in icecat-45.3.0-gnu1-beta
+          (for-each delete-file-recursively
+                    (scandir "." (lambda (name)
+                                   (string-prefix? "obj-" name))))
           #t))))
     (build-system gnu-build-system)
     (inputs
@@ -391,7 +431,21 @@ standards.")
        ("mit-krb5" ,mit-krb5)
        ("nspr" ,nspr)
        ("nss" ,nss)
-       ("sqlite" ,sqlite)
+
+       ;; XXX Work around the fact that our 'sqlite' package was not built
+       ;;     with -DSQLITE_ENABLE_DBSTAT_VTAB.
+       ("sqlite" ,(package
+                    (inherit sqlite)
+                    (arguments
+                     `(#:configure-flags
+                       ;; Add -DSQLITE_SECURE_DELETE, -DSQLITE_ENABLE_UNLOCK_NOTIFY and
+                       ;; -DSQLITE_ENABLE_DBSTAT_VTAB to CFLAGS.  GNU Icecat will refuse
+                       ;; to use the system SQLite unless these options are enabled.
+                       (list (string-append "CFLAGS=-O2 -DSQLITE_SECURE_DELETE "
+                                            "-DSQLITE_ENABLE_UNLOCK_NOTIFY "
+                                            "-DSQLITE_ENABLE_DBSTAT_VTAB"))))))
+       ;;("sqlite" ,sqlite)
+
        ("startup-notification" ,startup-notification)
        ("unzip" ,unzip)
        ("yasm" ,yasm)
@@ -401,7 +455,8 @@ standards.")
      `(("perl" ,perl)
        ("python" ,python-2) ; Python 3 not supported
        ("python2-pysqlite" ,python2-pysqlite)
-       ("pkg-config" ,pkg-config)))
+       ("pkg-config" ,pkg-config)
+       ("which" ,which)))
     (arguments
      `(#:tests? #f          ; no check target
        #:out-of-source? #t  ; must be built outside of the source directory
@@ -432,6 +487,11 @@ standards.")
                            "--disable-debug"
                            "--disable-debug-symbols"
 
+                           ;; Temporary hack to work around missing
+                           ;; "unofficial" branding in
+                           ;; icecat-45.3.0-gnu1-beta.
+                           "--enable-official-branding"
+
                            ;; Avoid bundled libraries.
                            "--with-system-zlib"
                            "--with-system-bz2"
@@ -597,5 +657,4 @@ features built-in privacy-protecting features.")
     (properties
      `((ftp-directory . "/gnu/gnuzilla")
        (cpe-name . "firefox_esr")
-       (cpe-version . ,(string-drop-right version
-                                          (string-length "-gnu1")))))))
+       (cpe-version . ,(first (string-split version #\-)))))))
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index e1b27519e0..6bb5e87a94 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -219,6 +219,7 @@ without requiring the source code to be rewritten.")
               (snippet '(for-each delete-file
                                   (find-files "prebuilt" "\\.go$")))))
     (synopsis "Snapshot of what will become version 2.2 of GNU Guile")
+    (properties '((timeout . 72000)))  ; 20 hours
     (native-search-paths
      (list (search-path-specification
             (variable "GUILE_LOAD_PATH")
diff --git a/gnu/packages/haskell.scm b/gnu/packages/haskell.scm
index cf17c4f3d8..52e4bc3484 100644
--- a/gnu/packages/haskell.scm
+++ b/gnu/packages/haskell.scm
@@ -1170,12 +1170,10 @@ version 1.3).")
     (build-system haskell-build-system)
     (inputs
      `(("ghc-blaze-builder" ,ghc-blaze-builder)
-       ("ghc-directory" ,ghc-directory)
        ("ghc-network" ,ghc-network)
        ("ghc-random" ,ghc-random)
        ("ghc-stm" ,ghc-stm)
        ("ghc-text" ,ghc-text)
-       ("ghc-transformers" ,ghc-transformers)
        ("ghc-zlib" ,ghc-zlib)))
     (native-inputs
      `(("ghc-quickcheck" ,ghc-quickcheck)
@@ -6320,6 +6318,204 @@ definition lists, tables, and other features.  A compatibility mode is
 provided for those who need a drop-in replacement for Markdown.pl.")
     (license license:gpl2+)))
 
+(define-public ghc-hs-bibutils
+  (package
+    (name "ghc-hs-bibutils")
+    (version "5.5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://hackage.haskell.org/package/hs-bibutils/hs-bibutils-"
+             version ".tar.gz"))
+       (sha256
+        (base32
+         "0pf5lh179rw9jkmw16ss3kiwydlj6zgfk868mjl5s57kx55z7ycm"))))
+    (build-system haskell-build-system)
+    (inputs `(("ghc-syb" ,ghc-syb)))
+    (home-page "https://hackage.haskell.org/package/hs-bibutils")
+    (synopsis "Haskell bindings to bibutils")
+    (description
+     "This package provides Haskell bindings to @code{bibutils}, a library
+that interconverts between various bibliography formats using a common
+MODS-format XML intermediate.")
+    (license license:gpl2+)))
+
+(define-public ghc-rfc5051
+  (package
+    (name "ghc-rfc5051")
+    (version "0.1.0.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/rfc5051/"
+                           "rfc5051-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0av4c3qvwbkbzrjrrg601ay9pds7wscqqp2lc2z78mv2lllap3g3"))))
+    (build-system haskell-build-system)
+    (home-page "http://hackage.haskell.org/package/rfc5051")
+    (synopsis "Simple unicode collation as per RFC5051")
+    (description
+     "This library implements @code{unicode-casemap}, the simple, non
+locale-sensitive unicode collation algorithm described in RFC 5051.  Proper
+unicode collation can be done using @code{text-icu}, but that is a big
+dependency that depends on a large C library, and @code{rfc5051} might be
+better for some purposes.")
+    (license license:bsd-3)))
+
+(define-public ghc-conduit-extra
+  (package
+    (name "ghc-conduit-extra")
+    (version "1.1.13.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "conduit-extra/conduit-extra-"
+                           version ".tar.gz"))
+       (sha256
+        (base32
+         "108vsn9dpsfwvar7nssw6wkqy26rxlf3p4ran6swa5xh8l6d5k4z"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-conduit" ,ghc-conduit)
+       ("ghc-exceptions" ,ghc-exceptions)
+       ("ghc-monad-control" ,ghc-monad-control)
+       ("ghc-text" ,ghc-text)
+       ("ghc-transformers-base" ,ghc-transformers-base)
+       ("ghc-async" ,ghc-async)
+       ("ghc-attoparsec" ,ghc-attoparsec)
+       ("ghc-blaze-builder" ,ghc-blaze-builder)
+       ("ghc-network" ,ghc-network)
+       ("ghc-primitive" ,ghc-primitive)
+       ("ghc-resourcet" ,ghc-resourcet)
+       ("ghc-stm" ,ghc-stm)
+       ("ghc-streaming-commons" ,ghc-streaming-commons)
+       ("ghc-hspec" ,ghc-hspec)
+       ("ghc-bytestring-builder" ,ghc-bytestring-builder)
+       ("ghc-quickcheck" ,ghc-quickcheck)))
+    (native-inputs
+     `(("hspec-discover" ,hspec-discover)))
+    (home-page "http://github.com/snoyberg/conduit")
+    (synopsis "Conduit adapters for common libraries")
+    (description
+     "The @code{conduit} package itself maintains relative small dependencies.
+The purpose of this package is to collect commonly used utility functions
+wrapping other library dependencies, without depending on heavier-weight
+dependencies.  The basic idea is that this package should only depend on
+@code{haskell-platform} packages and @code{conduit}.")
+    (license license:expat)))
+
+(define-public ghc-xml-types
+  (package
+    (name "ghc-xml-types")
+    (version "0.3.6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/xml-types/"
+                           "xml-types-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1jgqxsa9p2q3h6nymbfmvhldqrqlwrhrzmwadlyc0li50x0d8dwr"))))
+    (build-system haskell-build-system)
+    (inputs `(("ghc-text" ,ghc-text)))
+    (home-page "https://john-millikin.com/software/haskell-xml/")
+    (synopsis "Basic types for representing XML")
+    (description "This package provides basic types for representing XML
+documents.")
+    (license license:expat)))
+
+(define-public ghc-xml-conduit
+  (package
+    (name "ghc-xml-conduit")
+    (version "1.3.5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/xml-conduit/"
+                           "xml-conduit-" version ".tar.gz"))
+       (sha256
+        (base32
+         "10yw8jiksw21jgwqjjd1ixflavcblisgkp9qq3ba05vadc35lqr5"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-conduit" ,ghc-conduit)
+       ("ghc-conduit-extra" ,ghc-conduit-extra)
+       ("ghc-resourcet" ,ghc-resourcet)
+       ("ghc-text" ,ghc-text)
+       ("ghc-xml-types" ,ghc-xml-types)
+       ("ghc-attoparsec" ,ghc-attoparsec)
+       ("ghc-blaze-builder" ,ghc-blaze-builder)
+       ("ghc-blaze-markup" ,ghc-blaze-markup)
+       ("ghc-blaze-html" ,ghc-blaze-html)
+       ("ghc-data-default" ,ghc-data-default)
+       ("ghc-monad-control" ,ghc-monad-control)
+       ("ghc-hspec" ,ghc-hspec)
+       ("ghc-hunit" ,ghc-hunit)))
+    (home-page "http://github.com/snoyberg/xml")
+    (synopsis "Utilities for dealing with XML with the conduit package")
+    (description
+     "This package provides pure-Haskell utilities for dealing with XML with
+the @code{conduit} package.")
+    (license license:expat)))
+
+(define-public ghc-pandoc-citeproc
+  (package
+    (name "ghc-pandoc-citeproc")
+    (version "0.10")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "pandoc-citeproc/pandoc-citeproc-"
+                           version ".tar.gz"))
+       (sha256
+        (base32
+         "00mprphppk51ylsrkg817mbk23f9fsfvkwzbys9qqbcjbrxi2r94"))))
+    (build-system haskell-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         ;; Tests need to be run after installation.
+         (delete 'check)
+         (add-after 'install 'post-install-check
+           (assoc-ref %standard-phases 'check)))))
+    (inputs
+     `(("ghc-mtl" ,ghc-mtl)
+       ("ghc-pandoc-types" ,ghc-pandoc-types)
+       ("ghc-pandoc" ,ghc-pandoc)
+       ("ghc-tagsoup" ,ghc-tagsoup)
+       ("ghc-aeson" ,ghc-aeson)
+       ("ghc-text" ,ghc-text)
+       ("ghc-vector" ,ghc-vector)
+       ("ghc-xml-conduit" ,ghc-xml-conduit)
+       ("ghc-unordered-containers" ,ghc-unordered-containers)
+       ("ghc-data-default" ,ghc-data-default)
+       ("ghc-setenv" ,ghc-setenv)
+       ("ghc-split" ,ghc-split)
+       ("ghc-yaml" ,ghc-yaml)
+       ("ghc-hs-bibutils" ,ghc-hs-bibutils)
+       ("ghc-rfc5051" ,ghc-rfc5051)
+       ("ghc-syb" ,ghc-syb)
+       ("ghc-parsec" ,ghc-parsec)
+       ("ghc-old-locale" ,ghc-old-locale)
+       ("ghc-aeson-pretty" ,ghc-aeson-pretty)
+       ("ghc-attoparsec" ,ghc-attoparsec)
+       ("ghc-temporary" ,ghc-temporary)))
+    (home-page "https://github.com/jgm/pandoc-citeproc")
+    (synopsis "Library for using pandoc with citeproc")
+    (description
+     "The @code{pandoc-citeproc} library exports functions for using the
+citeproc system with pandoc.  It relies on @code{citeproc-hs}, a library for
+rendering bibliographic reference citations into a variety of styles using a
+macro language called @dfn{Citation Style Language} (CSL).  This package also
+contains an executable @code{pandoc-citeproc}, which works as a pandoc filter,
+and also has a mode for converting bibliographic databases a YAML format
+suitable for inclusion in pandoc YAML metadata.")
+    (license license:bsd-3)))
+
 (define-public ghc-union-find
   (package
     (name "ghc-union-find")
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 920a293dbf..7f4327badc 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -636,12 +636,15 @@ graphics image formats like PNG, BMP, JPEG, TIFF and others.")
                              "/lib/python2.7/site-packages")
               ;; OpenEXR is not enabled by default.
               "-DWITH_OPENEXR=1"
+              ;; Fix rounding error on 32-bit machines
+              "-DCMAKE_C_FLAGS=-ffloat-store"
               ;; The header files of ilmbase are not found when included
               ;; by the header files of openexr, and an explicit flag
               ;; needs to be set.
               (string-append "-DCMAKE_CXX_FLAGS=-I"
                              (assoc-ref %build-inputs "ilmbase")
-                             "/include/OpenEXR"))))
+                             "/include/OpenEXR"
+                             " -ffloat-store"))))
    (synopsis "Computer vision library")
    (description
     "VIGRA stands for Vision with Generic Algorithms.  It is an image
diff --git a/gnu/packages/irc.scm b/gnu/packages/irc.scm
index ba073bc771..a516629dbf 100644
--- a/gnu/packages/irc.scm
+++ b/gnu/packages/irc.scm
@@ -3,7 +3,7 @@
 ;;; Copyright © 2014 Kevin Lemonnier <lemonnierk@ulrar.net>
 ;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016 ng0 <ngillmann@runbox.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -26,6 +26,7 @@
   #:use-module (guix packages)
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
+  #:use-module (guix build-system python)
   #:use-module (gnu packages)
   #:use-module (gnu packages aspell)
   #:use-module (gnu packages autogen)
@@ -48,7 +49,8 @@
   #:use-module (gnu packages python)
   #:use-module (gnu packages qt)
   #:use-module (gnu packages tcl)
-  #:use-module (gnu packages tls))
+  #:use-module (gnu packages tls)
+  #:use-module (gnu packages web))
 
 (define-public quassel
   (package
@@ -291,3 +293,39 @@ and extensible with plugins and scripts.")
     (description
      "sic is a simple IRC client, even more minimalistic than ii.")
     (license license:expat)))
+
+(define-public limnoria
+  (package
+    (name "limnoria")
+    (version "2016.08.07")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "limnoria" version))
+       (sha256
+        (base32
+         "0w1d98hfhn4iqrczam7zahhqsvxa79n3xfcrm4jwkg5lba4f9ccm"))))
+    (build-system python-build-system)
+    (inputs
+     `(("python-pytz" ,python-pytz)
+       ("python-chardet" ,python-chardet)
+       ("python-dateutil" ,python-dateutil)
+       ("python-gnupg" ,python-gnupg)
+       ("python-feedparser" ,python-feedparser)
+       ("python-sqlalchemy" ,python-sqlalchemy)
+       ("python-socksipy-branch" ,python-socksipy-branch)
+       ("python-ecdsa" ,python-ecdsa)))
+    (native-inputs
+     `(("python-mock" ,python-mock)))
+    ;; Despite the existence of a test folder there is no test phase.
+    ;; We need to package https://github.com/ProgVal/irctest and write
+    ;; our own testphase.
+    (arguments
+     `(#:tests? #f))
+    (home-page "https://github.com/ProgVal/Limnoria")
+    (synopsis "Modified version of Supybot (an IRC bot and framework)")
+    (description
+     "Modified version of Supybot with Python 3 and IRCv3 support,
+embedded web server, translations (fr, fi, it, hu, de), and many
+other enhancements and bug fixes.")
+    (license license:bsd-3)))
diff --git a/gnu/packages/libupnp.scm b/gnu/packages/libupnp.scm
index 2f9a5741d7..b9209bf04b 100644
--- a/gnu/packages/libupnp.scm
+++ b/gnu/packages/libupnp.scm
@@ -17,6 +17,7 @@
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
 (define-module (gnu packages libupnp)
+  #:use-module (gnu packages)
   #:use-module (guix licenses)
   #:use-module (guix packages)
   #:use-module (guix download)
@@ -31,6 +32,7 @@
       (method url-fetch)
       (uri (string-append "mirror://sourceforge/pupnp/pupnp/libUPnP%20"
                           version "/" name "-" version ".tar.bz2"))
+      (patches (search-patches "libupnp-CVE-2016-6255.patch"))
       (sha256
        (base32
         "0qrsdsb1qm85hc4jy04qph895613d148f0x1mmk6z99y3q43fdgf"))))
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index b77ca774b4..58b74f487c 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -34,6 +34,7 @@
 
 (define-module (gnu packages linux)
   #:use-module (gnu packages)
+  #:use-module (gnu packages acl)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages algebra)
   #:use-module (gnu packages attr)
@@ -321,14 +322,14 @@ It has been modified to remove all non-free binary blobs.")
 (define %intel-compatible-systems '("x86_64-linux" "i686-linux"))
 
 (define-public linux-libre
-  (make-linux-libre "4.8"
-                    "0fnax2qb597zg2gchab9n9fn7551vccmqfcvq5k3ckz24y50yknm"
+  (make-linux-libre "4.8.1"
+                    "0l57ab8v52nvx4d898qfvkl7c6zlrm7qd080z6jg0bg0adn4w5lf"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.4
-  (make-linux-libre "4.4.23"
-                    "07akixpxlcrpfsadnppyk2hbggqf7j2hzlkg56k0yh3dhyglxv86"
+  (make-linux-libre "4.4.24"
+                    "1wg1d9rq29612psr5v4krabx7nv1y1gzfshq7wpx6i1lpqf3lill"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
@@ -339,8 +340,8 @@ It has been modified to remove all non-free binary blobs.")
                     #:configuration-file kernel-config))
 
 ;; Avoid rebuilding kernel variants when there is a minor version bump.
-(define %linux-libre-version "4.7.6")
-(define %linux-libre-hash "0716lpzq3w2pdc0nrrx06gqzdfzhkrjq7g37v4ws9wjlzak8hkvy")
+(define %linux-libre-version "4.8.1")
+(define %linux-libre-hash "0l57ab8v52nvx4d898qfvkl7c6zlrm7qd080z6jg0bg0adn4w5lf")
 
 (define-public linux-libre-arm-generic
   (make-linux-libre %linux-libre-version
@@ -1657,14 +1658,14 @@ time.")
 (define-public lvm2
   (package
     (name "lvm2")
-    (version "2.02.109")
+    (version "2.02.166")
     (source (origin
               (method url-fetch)
               (uri (string-append "ftp://sources.redhat.com/pub/lvm2/releases/LVM2."
                                   version ".tgz"))
               (sha256
                (base32
-                "1rv5ivg0l1w3nwzwdkqixm96h5bzg7ib4rr196ysb2lw42jmpjbv"))
+                "150v0mawd2swdvypcmkjd3h3s4n5i1220h6sxx94a8jvp1kb0871"))
               (modules '((guix build utils)))
               (snippet
                '(begin
@@ -1683,16 +1684,27 @@ time.")
     (inputs
      `(("udev" ,eudev)))
     (arguments
-     '(#:phases (alist-cons-after
-                 'configure 'set-makefile-shell
-                 (lambda _
-                   ;; Use 'sh', not 'bash', so that '. lib/utils.sh' works as
-                   ;; expected.
-                   (setenv "SHELL" (which "sh"))
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'configure 'set-makefile-shell
+           (lambda _
+             ;; Use 'sh', not 'bash', so that '. lib/utils.sh' works as
+             ;; expected.
+             (setenv "SHELL" (which "sh"))
 
-                   ;; Replace /bin/sh with the right file name.
-                   (patch-makefile-SHELL "make.tmpl"))
-                 %standard-phases)
+             ;; Replace /bin/sh with the right file name.
+             (patch-makefile-SHELL "make.tmpl")
+             #t))
+         (add-before 'strip 'make-objects-writable
+           (lambda* (#:key outputs #:allow-other-keys)
+             ;; Make compiled objects writable so they can be stripped.
+             (let ((out (assoc-ref outputs "out")))
+               (for-each (lambda (file)
+                           (chmod file #o755))
+                         (append
+                           (find-files (string-append out "/lib"))
+                           (find-files (string-append out "/sbin"))))
+               #t))))
 
        #:configure-flags (list (string-append "--sysconfdir="
                                               (assoc-ref %outputs "out")
@@ -2996,3 +3008,35 @@ and other hardware errors on x86 systems.  It can also perform user-defined
 tasks, such as bringing bad pages off-line, when configurable error thresholds
 are exceeded.")
     (license license:gpl2)))
+
+(define-public mtd-utils
+  (package
+    (name "mtd-utils")
+    (version "1.5.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "ftp://ftp.infradead.org/pub/mtd-utils/"
+                    "mtd-utils-" version ".tar.bz2"))
+              (sha256
+               (base32
+                "007lhsd8yb34l899r4m37whhzdw815cz4fnjbpnblfha524p7dax"))))
+    (inputs
+     `(("acl" ,acl)
+       ("libuuid" ,util-linux)
+       ("lzo", lzo)
+       ("zlib" ,zlib)))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:test-target "tests"
+       #:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
+       #:phases (modify-phases %standard-phases
+                  (delete 'configure))))
+    (synopsis "MTD Flash Storage Utilities")
+    (description "This package provides utilities for testing, partitioning, etc
+of flash storage.")
+    (home-page "http://www.linux-mtd.infradead.org/")
+    (license
+      (list license:gpl2 ; Almost everything is gpl2 or gpl2+
+            license:mpl1.1 ; All ftl* files
+            license:expat)))) ; libiniparser
diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm
index 2e50897594..d0837606f3 100644
--- a/gnu/packages/lisp.scm
+++ b/gnu/packages/lisp.scm
@@ -33,6 +33,8 @@
   #:use-module (guix git-download)
   #:use-module (guix utils)
   #:use-module (guix build-system gnu)
+  #:use-module (guix build-system asdf)
+  #:use-module (guix build-system trivial)
   #:use-module (gnu packages base)
   #:use-module (gnu packages multiprecision)
   #:use-module (gnu packages bdw-gc)
@@ -47,6 +49,17 @@
   #:use-module (ice-9 match)
   #:use-module (srfi srfi-1))
 
+(define (asdf-substitutions lisp)
+  ;; Prepend XDG_DATA_DIRS/LISP-bundle-systems to ASDF's
+  ;; 'default-system-source-registry'.
+  `((("\\(,dir \"systems/\"\\)\\)")
+     (format #f
+             "(,dir \"~a-bundle-systems\")))
+
+      ,@(loop :for dir :in (xdg-data-dirs \"common-lisp/\")
+              :collect `(:directory (,dir \"systems\"))"
+             ,lisp))))
+
 (define-public gcl
   (package
     (name "gcl")
@@ -112,7 +125,12 @@ interface to the Tk widget system.")
              "https://common-lisp.net/project/ecl/static/files/release/"
              name "-" version ".tgz"))
        (sha256
-        (base32 "16ab8qs3awvdxy8xs8jy82v8r04x4wr70l9l2j45vgag18d2nj1d"))))
+        (base32 "16ab8qs3awvdxy8xs8jy82v8r04x4wr70l9l2j45vgag18d2nj1d"))
+       (modules '((guix build utils)))
+       (snippet
+        ;; Add ecl-bundle-systems to 'default-system-source-registry'.
+        `(substitute* "contrib/asdf/asdf.lisp"
+           ,@(asdf-substitutions name)))))
     (build-system gnu-build-system)
     ;; src/configure uses 'which' to confirm the existence of 'gzip'.
     (native-inputs `(("which" ,which)))
@@ -153,6 +171,10 @@ interface to the Tk widget system.")
                  `("LIBRARY_PATH" suffix ,library-directories)
                  `("LD_LIBRARY_PATH" suffix ,library-directories)))))
          (add-after 'wrap 'check (assoc-ref %standard-phases 'check)))))
+    (native-search-paths
+     (list (search-path-specification
+            (variable "XDG_DATA_DIRS")
+            (files '("share")))))
     (home-page "http://ecls.sourceforge.net/")
     (synopsis "Embeddable Common Lisp")
     (description "ECL is an implementation of the Common Lisp language as
@@ -226,7 +248,12 @@ an interpreter, a compiler, a debugger, and much more.")
        (uri (string-append "mirror://sourceforge/sbcl/sbcl/" version "/sbcl-"
                            version "-source.tar.bz2"))
        (sha256
-        (base32 "0fjdqnb2rsm2vi9794ywp27jr239ddvzc4xfr0dk49jd4v7p2kc5"))))
+        (base32 "0fjdqnb2rsm2vi9794ywp27jr239ddvzc4xfr0dk49jd4v7p2kc5"))
+       (modules '((guix build utils)))
+       (snippet
+        ;; Add sbcl-bundle-systems to 'default-system-source-registry'.
+        `(substitute* "contrib/asdf/asdf.lisp"
+           ,@(asdf-substitutions name)))))
     (build-system gnu-build-system)
     (outputs '("out" "doc"))
     ;; Bootstrap with CLISP.
@@ -315,6 +342,10 @@ an interpreter, a compiler, a debugger, and much more.")
                #t))))
          ;; No 'check' target, though "make.sh" (build phase) runs tests.
          #:tests? #f))
+    (native-search-paths
+     (list (search-path-specification
+            (variable "XDG_DATA_DIRS")
+            (files '("share")))))
     (home-page "http://www.sbcl.org/")
     (synopsis "Common Lisp implementation")
     (description "Steel Bank Common Lisp (SBCL) is a high performance Common
@@ -492,3 +523,552 @@ simple, elegant Scheme dialect.  It is a lisp-1 with lexical scope.
 The core is 12 builtin special forms and 33 builtin functions.")
       (home-page "https://github.com/JeffBezanson/femtolisp")
       (license license:bsd-3))))
+
+(define-public sbcl-alexandria
+  (let ((revision "1")
+        (commit "926a066611b7b11cb71e26c827a271e500888c30"))
+    (package
+      (name "sbcl-alexandria")
+      (version (string-append "0.0.0-" revision "." (string-take commit 7)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://gitlab.common-lisp.net/alexandria/alexandria.git")
+               (commit commit)))
+         (sha256
+          (base32
+           "18yncicdkh294j05rhgm23gzi36y9qy6vrfba8vg69jrxjp1hx8l"))
+         (file-name (string-append "alexandria-" version "-checkout"))))
+      (build-system asdf-build-system/sbcl)
+      (synopsis "Collection of portable utilities for Common Lisp")
+      (description
+       "Alexandria is a collection of portable utilities.  It does not contain
+conceptual extensions to Common Lisp.  It is conservative in scope, and
+portable between implementations.")
+      (home-page "https://common-lisp.net/project/alexandria/")
+      (license license:public-domain))))
+
+(define-public cl-alexandria
+  (sbcl-package->cl-source-package sbcl-alexandria))
+
+(define-public ecl-alexandria
+  (sbcl-package->ecl-package sbcl-alexandria))
+
+(define-public sbcl-fiveam
+  (package
+    (name "sbcl-fiveam")
+    (version "1.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://github.com/sionescu/fiveam/archive/v"
+             version ".tar.gz"))
+       (sha256
+        (base32 "0f48pcbhqs3wwwzjl5nk57d4hcbib4l9xblxc66b8c2fhvhmhxnv"))
+       (file-name (string-append "fiveam-" version ".tar.gz"))))
+    (inputs `(("sbcl-alexandria" ,sbcl-alexandria)))
+    (build-system asdf-build-system/sbcl)
+    (synopsis "Common Lisp testing framework")
+    (description "FiveAM is a simple (as far as writing and running tests
+goes) regression testing framework.  It has been designed with Common Lisp's
+interactive development model in mind.")
+    (home-page "https://common-lisp.net/project/fiveam/")
+    (license license:bsd-3)))
+
+(define-public cl-fiveam
+  (sbcl-package->cl-source-package sbcl-fiveam))
+
+(define-public ecl-fiveam
+  (sbcl-package->ecl-package sbcl-fiveam))
+
+(define-public sbcl-bordeaux-threads
+  (package
+    (name "sbcl-bordeaux-threads")
+    (version "0.8.5")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/sionescu/bordeaux-threads/archive/v"
+                    version ".tar.gz"))
+              (sha256
+               (base32 "10ryrcx832fwqdawb6jmknymi7wpdzhi30qzx7cbrk0cpnka71w2"))
+              (file-name
+               (string-append "bordeaux-threads-" version ".tar.gz"))))
+    (inputs `(("sbcl-alexandria" ,sbcl-alexandria)))
+    (native-inputs `(("tests:cl-fiveam" ,sbcl-fiveam)))
+    (build-system asdf-build-system/sbcl)
+    (synopsis "Portable shared-state concurrency library for Common Lisp")
+    (description "BORDEAUX-THREADS is a proposed standard for a minimal
+MP/Threading interface.  It is similar to the CLIM-SYS threading and lock
+support.")
+    (home-page "https://common-lisp.net/project/bordeaux-threads/")
+    (license license:x11)))
+
+(define-public cl-bordeaux-threads
+  (sbcl-package->cl-source-package sbcl-bordeaux-threads))
+
+(define-public ecl-bordeaux-threads
+  (sbcl-package->ecl-package sbcl-bordeaux-threads))
+
+(define-public sbcl-trivial-gray-streams
+  (let ((revision "1")
+        (commit "0483ade330508b4b2edeabdb47d16ec9437ee1cb"))
+    (package
+      (name "sbcl-trivial-gray-streams")
+      (version (string-append "0.0.0-" revision "." (string-take commit 7)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri
+          (git-reference
+           (url "https://github.com/trivial-gray-streams/trivial-gray-streams.git")
+           (commit commit)))
+         (sha256
+          (base32 "0m3rpf2x0zmdk3nf1qfa01j6a55vj7gkwhyw78qslcgbjlgh8p4d"))
+         (file-name
+          (string-append "trivial-gray-streams-" version "-checkout"))))
+      (build-system asdf-build-system/sbcl)
+      (synopsis "Compatibility layer for Gray streams implementations")
+      (description "Gray streams is an interface proposed for inclusion with
+ANSI CL by David N. Gray.  The proposal did not make it into ANSI CL, but most
+popular CL implementations implement it.  This package provides an extremely
+thin compatibility layer for gray streams.")
+      (home-page "http://www.cliki.net/trivial-gray-streams")
+      (license license:x11))))
+
+(define-public cl-trivial-gray-streams
+  (sbcl-package->cl-source-package sbcl-trivial-gray-streams))
+
+(define-public ecl-trivial-gray-streams
+  (sbcl-package->ecl-package sbcl-trivial-gray-streams))
+
+(define-public sbcl-flexi-streams
+  (package
+    (name "sbcl-flexi-streams")
+    (version "1.0.12")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://github.com/edicl/flexi-streams/archive/v"
+             version ".tar.gz"))
+       (sha256
+        (base32 "16grnxvs7vqm5s6myf8a5s7vwblzq1kgwj8i7ahz8vwvihm9gzfi"))
+       (file-name (string-append "flexi-streams-" version ".tar.gz"))))
+    (build-system asdf-build-system/sbcl)
+    (inputs `(("sbcl-trivial-gray-streams" ,sbcl-trivial-gray-streams)))
+    (synopsis "Implementation of virtual bivalent streams for Common Lisp")
+    (description "Flexi-streams is an implementation of \"virtual\" bivalent
+streams that can be layered atop real binary or bivalent streams and that can
+be used to read and write character data in various single- or multi-octet
+encodings which can be changed on the fly.  It also supplies in-memory binary
+streams which are similar to string streams.")
+    (home-page "http://weitz.de/flexi-streams/")
+    (license license:bsd-3)))
+
+(define-public cl-flexi-streams
+  (sbcl-package->cl-source-package sbcl-flexi-streams))
+
+(define-public ecl-flexi-streams
+  (sbcl-package->ecl-package sbcl-flexi-streams))
+
+(define-public sbcl-cl-ppcre
+  (package
+    (name "sbcl-cl-ppcre")
+    (version "2.0.11")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://github.com/edicl/cl-ppcre/archive/v"
+             version ".tar.gz"))
+       (sha256
+        (base32 "1i7daxf0wnydb0pgwiym7qh2wy70n14lxd6dyv28sy0naa8p31gd"))
+       (file-name (string-append "cl-ppcre-" version ".tar.gz"))))
+    (build-system asdf-build-system/sbcl)
+    (native-inputs `(("tests:cl-flexi-streams" ,sbcl-flexi-streams)))
+    (synopsis "Portable regular expression library for Common Lisp")
+    (description "CL-PPCRE is a portable regular expression library for Common
+Lisp, which is compatible with perl.  It is pretty fast, thread-safe, and
+compatible with ANSI-compliant Common Lisp implementations.")
+    (home-page "http://weitz.de/cl-ppcre/")
+    (license license:bsd-2)))
+
+(define-public cl-ppcre
+  (sbcl-package->cl-source-package sbcl-cl-ppcre))
+
+(define-public ecl-cl-ppcre
+  (sbcl-package->ecl-package sbcl-cl-ppcre))
+
+(define-public sbcl-clx
+  (let ((revision "1")
+        (commit "1c62774b03c1cf3fe6e5cb532df8b14b44c96b95"))
+    (package
+      (name "sbcl-clx")
+      (version (string-append "0.0.0-" revision "." (string-take commit 7)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri
+          (git-reference
+           (url "https://github.com/sharplispers/clx.git")
+           (commit commit)))
+         (sha256
+          (base32 "0qffag03ns52kwq9xjns2qg1yr0bf3ba507iwq5cmx5xz0b0rmjm"))
+         (file-name (string-append "clx-" version "-checkout"))
+         (patches
+          (list
+           (search-patch "clx-remove-demo.patch")))
+         (modules '((guix build utils)))
+         (snippet
+          '(begin
+             ;; These removed files cause the compiled system to crash when
+             ;; loading.
+             (delete-file-recursively "demo")
+             (delete-file "test/trapezoid.lisp")
+             (substitute* "clx.asd"
+               (("\\(:file \"trapezoid\"\\)") ""))))))
+      (build-system asdf-build-system/sbcl)
+      (arguments
+       '(#:special-dependencies '("sb-bsd-sockets")))
+      (home-page "http://www.cliki.net/portable-clx")
+      (synopsis "X11 client library for Common Lisp")
+      (description "CLX is an X11 client library for Common Lisp.  The code was
+originally taken from a CMUCL distribution, was modified somewhat in order to
+make it compile and run under SBCL, then a selection of patches were added
+from other CLXes around the net.")
+      (license license:x11))))
+
+(define-public cl-clx
+  (sbcl-package->cl-source-package sbcl-clx))
+
+(define-public ecl-clx
+  (sbcl-package->ecl-package sbcl-clx))
+
+(define-public sbcl-stumpwm
+  (package
+    (name "sbcl-stumpwm")
+    (version "0.9.9")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/stumpwm/stumpwm/archive/"
+                    version ".tar.gz"))
+              (sha256
+               (base32 "1fqabij4zcsqg1ywgdv2irp1ys23dwc8ms9ai55lb2i47hgv7z3x"))
+              (file-name (string-append "stumpwm-" version ".tar.gz"))))
+    (build-system asdf-build-system/sbcl)
+    (inputs `(("sbcl-cl-ppcre" ,sbcl-cl-ppcre)
+              ("sbcl-clx" ,sbcl-clx)))
+    (outputs '("out" "bin"))
+    (arguments
+     '(#:special-dependencies '("sb-posix")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'create-symlinks 'build-program
+           (lambda* (#:key lisp outputs inputs #:allow-other-keys)
+             (build-program
+              lisp
+              (string-append (assoc-ref outputs "bin") "/bin/stumpwm")
+              #:inputs inputs
+              #:entry-program '((stumpwm:stumpwm) 0))))
+         (add-after 'build-program 'create-desktop-file
+           (lambda* (#:key outputs lisp binary? #:allow-other-keys)
+             (let ((output (or (assoc-ref outputs "bin")
+                               (assoc-ref outputs "out")))
+                   (xsessions "/share/xsessions"))
+               (mkdir-p (string-append output xsessions))
+               (with-output-to-file
+                   (string-append output xsessions
+                                  "/stumpwm.desktop")
+                 (lambda _
+                   (format #t
+                    "[Desktop Entry]~@
+                     Name=stumpwm~@
+                     Comment=The Stump Window Manager~@
+                     Exec=~a/bin/stumpwm~@
+                     TryExec=~@*~a/bin/stumpwm~@
+                     Icon=~@
+                     Type=Application~%"
+                    output)))
+               #t))))))
+    (synopsis "Window manager written in Common Lisp")
+    (description "Stumpwm is a window manager written entirely in Common Lisp.
+It attempts to be highly customizable while relying entirely on the keyboard
+for input.  These design decisions reflect the growing popularity of
+productive, customizable lisp based systems.")
+    (home-page "http://github.com/stumpwm/stumpwm")
+    (license license:gpl2+)
+    (properties `((ecl-variant . ,(delay ecl-stumpwm))))))
+
+(define-public cl-stumpwm
+  (sbcl-package->cl-source-package sbcl-stumpwm))
+
+(define-public ecl-stumpwm
+  (let ((base (sbcl-package->ecl-package sbcl-stumpwm)))
+    (package
+      (inherit base)
+      (outputs '("out"))
+      (arguments '()))))
+
+(define sbcl-slynk-boot0
+  (let ((revision "1")
+        (commit "5706cd45d484a4f25795abe8e643509d31968aa2"))
+    (package
+      (name "sbcl-slynk")
+      (version (string-append "1.0.0-beta-" revision "." (string-take commit 7)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri
+          (git-reference
+           (url "https://github.com/joaotavora/sly.git")
+           (commit commit)))
+         (sha256
+          (base32 "0h4gg3sndl2bf6jdnx9nrf14p9hhi43hagrl0f4v4l11hczl8w81"))
+         (file-name (string-append "slynk-" version "-checkout"))
+         (modules '((guix build utils)
+                    (ice-9 ftw)))
+         (snippet
+          '(begin
+             ;; Move the contribs into the main source directory for easier
+             ;; access
+             (substitute* "slynk/slynk.asd"
+               (("\\.\\./contrib")
+                "contrib")
+               (("\\(defsystem :slynk-util")
+                "(defsystem :slynk-util :depends-on (:slynk)"))
+             (substitute* "contrib/slynk-trace-dialog.lisp"
+               (("\\(slynk::reset-inspector\\)") ; Causes problems on load
+                "nil"))
+             (substitute* "contrib/slynk-profiler.lisp"
+               (("slynk:to-line")
+                "slynk-pprint-to-line"))
+             (rename-file "contrib" "slynk/contrib")
+             ;; Move slynk's contents into the base directory for easier
+             ;; access
+             (for-each
+              (lambda (file)
+                (unless (string-prefix? "." file)
+                  (rename-file (string-append "slynk/" file)
+                               (string-append "./" (basename file)))))
+              (scandir "slynk"))))))
+      (build-system asdf-build-system/sbcl)
+      (arguments
+       `(#:tests? #f)) ; No test suite
+      (synopsis "Common Lisp IDE for Emacs")
+      (description "SLY is a fork of SLIME.  It also features a completely
+redesigned REPL based on Emacs's own full-featured comint.el, live code
+annotations, and a consistent interactive button interface.  Everything can be
+copied to the REPL.  One can create multiple inspectors with independent
+history.")
+      (home-page "https://github.com/joaotavora/sly")
+      (license license:public-domain)
+      (properties `((cl-source-variant . ,(delay cl-slynk)))))))
+
+(define-public cl-slynk
+  (sbcl-package->cl-source-package sbcl-slynk-boot0))
+
+(define ecl-slynk-boot0
+  (sbcl-package->ecl-package sbcl-slynk-boot0))
+
+(define sbcl-slynk-arglists
+  (package
+    (inherit sbcl-slynk-boot0)
+    (name "sbcl-slynk-arglists")
+    (inputs `(("sbcl-slynk" ,sbcl-slynk-boot0)))
+    (arguments
+     `(#:asd-file "slynk.asd"
+       ,@(package-arguments sbcl-slynk-boot0)))))
+
+(define ecl-slynk-arglists
+  (sbcl-package->ecl-package sbcl-slynk-arglists))
+
+(define sbcl-slynk-util
+  (package
+    (inherit sbcl-slynk-arglists)
+    (name "sbcl-slynk-util")))
+
+(define ecl-slynk-util
+  (sbcl-package->ecl-package sbcl-slynk-util))
+
+(define sbcl-slynk-fancy-inspector
+  (package
+    (inherit sbcl-slynk-arglists)
+    (name "sbcl-slynk-fancy-inspector")
+    (inputs `(("sbcl-slynk-util" ,sbcl-slynk-util)
+              ,@(package-inputs sbcl-slynk-arglists)))))
+
+(define ecl-slynk-fancy-inspector
+  (sbcl-package->ecl-package sbcl-slynk-fancy-inspector))
+
+(define sbcl-slynk-package-fu
+  (package
+    (inherit sbcl-slynk-arglists)
+    (name "sbcl-slynk-package-fu")))
+
+(define ecl-slynk-package-fu
+  (sbcl-package->ecl-package sbcl-slynk-package-fu))
+
+(define sbcl-slynk-mrepl
+  (package
+    (inherit sbcl-slynk-arglists)
+    (name "sbcl-slynk-mrepl")))
+
+(define ecl-slynk-mrepl
+  (sbcl-package->ecl-package sbcl-slynk-mrepl))
+
+(define sbcl-slynk-trace-dialog
+  (package
+    (inherit sbcl-slynk-arglists)
+    (name "sbcl-slynk-trace-dialog")))
+
+(define ecl-slynk-trace-dialog
+  (sbcl-package->ecl-package sbcl-slynk-trace-dialog))
+
+(define sbcl-slynk-profiler
+  (package
+    (inherit sbcl-slynk-arglists)
+    (name "sbcl-slynk-profiler")))
+
+(define ecl-slynk-profiler
+  (sbcl-package->ecl-package sbcl-slynk-profiler))
+
+(define sbcl-slynk-stickers
+  (package
+    (inherit sbcl-slynk-arglists)
+    (name "sbcl-slynk-stickers")))
+
+(define ecl-slynk-stickers
+  (sbcl-package->ecl-package sbcl-slynk-stickers))
+
+(define sbcl-slynk-indentation
+  (package
+    (inherit sbcl-slynk-arglists)
+    (name "sbcl-slynk-indentation")))
+
+(define ecl-slynk-indentation
+  (sbcl-package->ecl-package sbcl-slynk-indentation))
+
+(define sbcl-slynk-retro
+  (package
+    (inherit sbcl-slynk-arglists)
+    (name "sbcl-slynk-retro")))
+
+(define ecl-slynk-retro
+  (sbcl-package->ecl-package sbcl-slynk-retro))
+
+(define slynk-systems
+  '("slynk"
+    "slynk-util"
+    "slynk-arglists"
+    "slynk-fancy-inspector"
+    "slynk-package-fu"
+    "slynk-mrepl"
+    "slynk-profiler"
+    "slynk-trace-dialog"
+    "slynk-stickers"
+    "slynk-indentation"
+    "slynk-retro"))
+
+(define-public sbcl-slynk
+  (package
+    (inherit sbcl-slynk-boot0)
+    (inputs
+     `(("slynk" ,sbcl-slynk-boot0)
+       ("slynk-util" ,sbcl-slynk-util)
+       ("slynk-arglists" ,sbcl-slynk-arglists)
+       ("slynk-fancy-inspector" ,sbcl-slynk-fancy-inspector)
+       ("slynk-package-fu" ,sbcl-slynk-package-fu)
+       ("slynk-mrepl" ,sbcl-slynk-mrepl)
+       ("slynk-profiler" ,sbcl-slynk-profiler)
+       ("slynk-trace-dialog" ,sbcl-slynk-trace-dialog)
+       ("slynk-stickers" ,sbcl-slynk-stickers)
+       ("slynk-indentation" ,sbcl-slynk-indentation)
+       ("slynk-retro" ,sbcl-slynk-retro)))
+    (native-inputs `(("sbcl" ,sbcl)))
+    (build-system trivial-build-system)
+    (source #f)
+    (outputs '("out" "image"))
+    (arguments
+     `(#:modules ((guix build union)
+                  (guix build utils)
+                  (guix build lisp-utils))
+       #:builder
+       (begin
+         (use-modules (ice-9 match)
+                      (srfi srfi-1)
+                      (guix build union)
+                      (guix build lisp-utils))
+
+         (union-build
+          (assoc-ref %outputs "out")
+          (filter-map
+           (match-lambda
+             ((name . path)
+              (if (string-prefix? "slynk" name) path #f)))
+           %build-inputs))
+
+         (prepend-to-source-registry
+          (string-append (assoc-ref %outputs "out") "//"))
+         (build-image "sbcl"
+                      (string-append
+                       (assoc-ref %outputs "image")
+                       "/bin/slynk")
+                      #:inputs %build-inputs
+                      #:dependencies ',slynk-systems))))))
+
+(define-public ecl-slynk
+  (package
+    (inherit sbcl-slynk)
+    (name "ecl-slynk")
+    (inputs
+     (map (match-lambda
+            ((name pkg . _)
+             (list name (sbcl-package->ecl-package pkg))))
+          (package-inputs sbcl-slynk)))
+    (native-inputs '())
+    (outputs '("out"))
+    (arguments
+     '(#:modules ((guix build union))
+       #:builder
+       (begin
+         (use-modules (ice-9 match)
+                      (guix build union))
+         (match %build-inputs
+           (((names . paths) ...)
+            (union-build (assoc-ref %outputs "out")
+                         paths))))))))
+
+(define-public sbcl-stumpwm+slynk
+  (package
+    (inherit sbcl-stumpwm)
+    (name "sbcl-stumpwm-with-slynk")
+    (outputs '("out"))
+    (native-inputs
+     `(("stumpwm" ,sbcl-stumpwm)
+       ("slynk" ,sbcl-slynk)))
+    (arguments
+     (substitute-keyword-arguments (package-arguments sbcl-stumpwm)
+       ((#:phases phases)
+        `(modify-phases ,phases
+           (replace 'build-program
+             (lambda* (#:key lisp inputs outputs #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out"))
+                      (program (string-append out "/bin/stumpwm")))
+                 (build-program lisp program
+                                #:inputs inputs
+                                #:entry-program '((stumpwm:stumpwm) 0)
+                                #:dependencies '("stumpwm"
+                                                 ,@slynk-systems))
+                 ;; Remove unneeded file.
+                 (delete-file (string-append out "/bin/stumpwm-exec.fasl"))
+                 #t)))
+           (delete 'copy-source)
+           (delete 'build)
+           (delete 'check)
+           (delete 'link-dependencies)
+           (delete 'cleanup)
+           (delete 'create-symlinks)))))))
diff --git a/gnu/packages/lynx.scm b/gnu/packages/lynx.scm
index 3182b3e3f9..6e4ed6cd13 100644
--- a/gnu/packages/lynx.scm
+++ b/gnu/packages/lynx.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -33,14 +34,15 @@
 (define-public lynx
   (package
     (name "lynx")
-    (version "2.8.8rel.2")
+    (version "2.8.9dev.9")
     (source (origin
               (method url-fetch)
               (uri (string-append
                     "http://invisible-mirror.net/archives/lynx/tarballs"
                     "/lynx" version ".tar.bz2"))
               (sha256
-               (base32 "1rxysl08acqll5b87368f04kckl8sggy1qhnq59gsxyny1ffg039"))))
+               (base32
+                "1m72ga89hywm097kazcm8w6sqrfjnl83gh31pkbhk4zhzhfpzxgh"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)
                      ("perl" ,perl)))
@@ -53,19 +55,21 @@
               ("gzip" ,gzip)
               ("bzip2" ,bzip2)))
     (arguments
-     `(#:configure-flags '("--with-pkg-config"
-                           "--with-screen=ncurses"
-                           "--with-zlib"
-                           "--with-bzlib"
-                           "--with-gnutls"
-                           ;; "--with-socks5"    ; XXX TODO
-                           "--enable-widec"
-                           "--enable-ascii-ctypes"
-                           "--enable-local-docs"
-                           "--enable-htmlized-cfg"
-                           "--enable-gzip-help"
-                           "--enable-nls"
-                           "--enable-ipv6")
+     `(#:configure-flags
+       (let ((gnutls (assoc-ref %build-inputs "gnutls")))
+         `("--with-pkg-config"
+           "--with-screen=ncurses"
+           "--with-zlib"
+           "--with-bzlib"
+           ,(string-append "--with-gnutls=" gnutls)
+           ;; "--with-socks5"    ; XXX TODO
+           "--enable-widec"
+           "--enable-ascii-ctypes"
+           "--enable-local-docs"
+           "--enable-htmlized-cfg"
+           "--enable-gzip-help"
+           "--enable-nls"
+           "--enable-ipv6"))
        #:tests? #f  ; no check target
        #:phases (alist-replace
                  'install
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 09c15e267f..baa5a96185 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -302,7 +302,7 @@ and corrections.  It is based on a Bayesian filter.")
 (define-public offlineimap
   (package
     (name "offlineimap")
-    (version "7.0.7")
+    (version "7.0.8")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/OfflineIMAP/offlineimap/"
@@ -310,7 +310,7 @@ and corrections.  It is based on a Bayesian filter.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1719xnw0xah5knypd5vrpsxi337576q1r8axpziw8wa7zms7abl0"))))
+                "0smxh5ag3cbn92kp49jq950j5m2pivs9kr04prpd1lw62hy7gnhr"))))
     (build-system python-build-system)
     (inputs `(("python2-pysqlite" ,python2-pysqlite)
               ("python2-six" ,python2-six)))
diff --git a/gnu/packages/man.scm b/gnu/packages/man.scm
index ddb7a3e283..2d99438420 100644
--- a/gnu/packages/man.scm
+++ b/gnu/packages/man.scm
@@ -134,7 +134,7 @@ the traditional flat-text whatis databases.")
 (define-public man-pages
   (package
     (name "man-pages")
-    (version "4.06")
+    (version "4.08")
     (source (origin
               (method url-fetch)
               (uri
@@ -147,7 +147,7 @@ the traditional flat-text whatis databases.")
                     "man-pages-" version ".tar.xz")))
               (sha256
                (base32
-                "0vv056k9yyf05dqal9m2pq3pv9c8lnp7i5rjxvcnic6aq7vyrafb"))))
+                "1d32ki8nkwd2xiln619jihqn7s15ydrg7386n4hxq530sys7svic"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases (alist-delete 'configure %standard-phases)
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 3bb2a386b0..97f545b8e5 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -14,6 +14,7 @@
 ;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
 ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016 Thomas Danckaert <post@thomasdanckaert.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -483,6 +484,42 @@ extremely large and complex data collections.")
     (license (license:x11-style
               "http://www.hdfgroup.org/ftp/HDF5/current/src/unpacked/COPYING"))))
 
+(define-public hdf-eos5
+  (package
+    (name "hdf-eos5")
+    (version "1.15")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "ftp://edhs1.gsfc.nasa.gov\
+/edhs/hdfeos5/latest_release/HDF-EOS5." version ".tar.Z"))
+              (sha256
+               (base32
+                "1p83333nzzy8rn5chxlm0hrkjjnhh2w1ji8ac0f9q4xzg838i58i"))
+              (patches (search-patches "hdf-eos5-build-shared.patch"
+                                       "hdf-eos5-remove-gctp.patch"
+                                       "hdf-eos5-fix-szip.patch"
+                                       "hdf-eos5-fortrantests.patch"))))
+    (native-inputs
+     `(("gfortran" ,gfortran)))
+    (build-system gnu-build-system)
+    (inputs
+     `(("hdf5" ,hdf5)
+       ("zlib" ,zlib)
+       ("gctp" ,gctp)))
+    (arguments
+     `(#:configure-flags '("--enable-install-include" "--enable-shared"
+                           "CC=h5cc -Df2cFortran" "LIBS=-lgctp")
+       #:parallel-tests? #f))
+    (synopsis "HDF5-based data format for NASA's Earth Observing System")
+    (description
+     "HDF-EOS5 is a software library built on HDF5 to support the construction
+of data structures used in NASA's Earth Observing System (Grid, Point and
+Swath).")
+    (home-page "http://www.hdfeos.org/software/library.php#HDF-EOS5")
+
+    ;; Source files carry a permissive license header.
+    (license (license:non-copyleft home-page))))
+
 (define-public hdf5-parallel-openmpi
   (package (inherit hdf5)
     (name "hdf5-parallel-openmpi")
diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
index 5a618c2742..0089da1112 100644
--- a/gnu/packages/messaging.scm
+++ b/gnu/packages/messaging.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 ng0 <ngillmann@runbox.com>
+;;; Copyright © 2016 Andy Patterson <ajpatter@uwaterloo.ca>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -32,6 +33,7 @@
   #:use-module (guix build-system glib-or-gtk)
   #:use-module (guix build-system python)
   #:use-module (gnu packages)
+  #:use-module (gnu packages aidc)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages avahi)
   #:use-module (gnu packages check)
@@ -166,14 +168,14 @@ identi.ca and status.net).")
 (define-public hexchat
   (package
     (name "hexchat")
-    (version "2.12.1")
+    (version "2.12.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://dl.hexchat.net/hexchat/hexchat-"
                                   version ".tar.xz"))
               (sha256
                (base32
-                "0svwz9ldrry1sn35jywgpacjj1cf3xl3k74ynwn8rjvxs73b00aj"))))
+                "1xnclfbrgbkqndxygi5f27q00jd7yy54jbd1061jmhxa6wzpibbd"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)
                      ("intltool" ,intltool)))
@@ -661,6 +663,58 @@ protocols.")
 instant messenger with audio and video chat capabilities.")
    (home-page "http://utox.org/")
    (license license:gpl3)))
+ 
+(define-public qtox
+  (package
+    (name "qtox")
+    (version "1.5.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/qTox/qTox/archive/v"
+                           version ".tar.gz"))
+       (sha256
+        (base32 "0y15mc39x54k1kz36cw9412kl1p1p6nzlx97gagv4gg3vybfhbjv"))
+       (file-name (string-append name "-" version ".tar.gz"))))
+    (inputs
+     `(("ffmpeg" ,ffmpeg)
+       ("glib" ,glib)
+       ("gtk+" ,gtk+-2)
+       ("libsodium" ,libsodium)
+       ("libtoxcore" ,libtoxcore)
+       ("libvpx" ,libvpx)
+       ("libxscrnsaver" ,libxscrnsaver)
+       ("libx11" ,libx11)
+       ("openal" ,openal)
+       ("qrencode" ,qrencode)
+       ("qt" ,qt)
+       ("sqlcipher" ,sqlcipher)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("qmake" ,qt)))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'fix-reproducibility-issues
+           (lambda _
+             (substitute* "src/main.cpp"
+               (("__DATE__") "\"\"")
+               (("__TIME__") "\"\"")
+               (("TIMESTAMP") "\"\""))
+             #t))
+         (replace 'configure
+           (lambda* (#:key outputs #:allow-other-keys)
+             (zero?
+              (system* "qmake"
+                       (string-append "PREFIX="
+                                      (assoc-ref outputs "out")))))))))
+    (home-page "https://qtox.github.io/")
+    (synopsis "Tox chat client using Qt")
+    (description "qTox is a Tox client that follows the Tox design
+guidelines.  It provides an easy to use application that allows you to
+connect with friends and family without anyone else listening in.")
+    (license license:gpl3+)))
 
 (define-public pybitmessage
   (package
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index adaf78e4a3..40f3948bb6 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -1318,14 +1318,14 @@ browser.")
 (define-public drumstick
   (package
     (name "drumstick")
-    (version "1.0.2")
+    (version "1.1.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/drumstick/"
                                   version "/drumstick-" version ".tar.bz2"))
               (sha256
                (base32
-                "0l47gy9yywrc860db5g3wdqg8yc8qdb2lqq6wvw1dfim5j0vbail"))))
+                "13pkfqrav30bbcddgf1imd7jk6lpqbxkz1qv31718pdl446jq7df"))))
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f  ; no test target
@@ -1457,7 +1457,7 @@ capabilities, custom envelopes, effects, etc.")
 (define-public yoshimi
   (package
     (name "yoshimi")
-    (version "1.3.8.2")
+    (version "1.4.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/yoshimi/"
@@ -1465,7 +1465,7 @@ capabilities, custom envelopes, effects, etc.")
                                   "/yoshimi-" version ".tar.bz2"))
               (sha256
                (base32
-                "0wl4ln6v1nkkx56kfah23chyrhga2vi93i82g0s200c4s4184xr8"))))
+                "133sx42wb66g803pcrgdwph40wh94knvab3yfqkgm0001jv4v14y"))))
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f ; there are no tests
@@ -1485,7 +1485,17 @@ capabilities, custom envelopes, effects, etc.")
               (("-msse -msse2 -mfpmath=sse") "")
               (("-march=(athlon64|core2)" flag)
                (string-append flag " -msse -msse2 -mfpmath=sse")))
-            #t)))))
+            #t))
+         ;; Yoshimi tries to find ncurses with pkg-config, but our ncurses
+         ;; package does not install .pc files.
+         (add-after 'unpack 'find-ncurses
+           (lambda _
+             (substitute* "src/CMakeLists.txt"
+               (("LIBNCURSES REQUIRED") "LIBNCURSES")
+               (("NCURSES REQUIRED") "NCURSES")
+               (("FATAL_ERROR \"libncurses") "STATUS \"libncurses")
+               (("\\$\\{NCURSES_LIBRARIES\\}") "ncurses"))
+             #t)))))
     (inputs
      `(("boost" ,boost)
        ("fftwf" ,fftwf)
@@ -1575,6 +1585,42 @@ JACK for audio and ALSA sequencer for MIDI as multimedia infrastructures and
 follows a traditional multi-track tape recorder control paradigm.")
     (license license:gpl2+)))
 
+(define-public gxtuner
+  (package
+    (name "gxtuner")
+    (version "2.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/brummer10/gxtuner/"
+                                  "archive/v" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1abpxiydn4c9wssz6895hnad9ipkcy3rkgzbnanvwb46nm44x6if"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:make-flags
+       (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
+             (string-append "INCLUDE_L_DIR="
+                            (assoc-ref %build-inputs "zita-resampler")
+                            "/include/"))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure))))
+    (inputs
+     `(("gtk+" ,gtk+-2)
+       ("jack" ,jack-1)
+       ("fftwf" ,fftwf)
+       ("cairo" ,cairo)
+       ("zita-resampler" ,zita-resampler)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "https://github.com/brummer10/gxtuner")
+    (synopsis "Guitar tuner")
+    (description "GXtuner is a simple guitar tuner for JACK with an
+analogue-like user interface.")
+    (license license:gpl2+)))
+
 (define-public pianobar
   (package
     (name "pianobar")
diff --git a/gnu/packages/ncdu.scm b/gnu/packages/ncdu.scm
index da4b587822..b2e2ae2d83 100644
--- a/gnu/packages/ncdu.scm
+++ b/gnu/packages/ncdu.scm
@@ -27,14 +27,14 @@
 (define-public ncdu
   (package
     (name "ncdu")
-    (version "1.11")
+    (version "1.12")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://dev.yorhel.nl/download/ncdu-"
+              (uri (string-append "https://dev.yorhel.nl/download/ncdu-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0yxv87hpal05p6nii6rlnai5a8958689l9vz020w4qvlwiragbnh"))))
+                "16j9fyw73y1lk05a35i4q9i66laklgsx41lz5rxfr8m28x3lw3l2"))))
     (build-system gnu-build-system)
     (inputs `(("ncurses" ,ncurses)))
     (synopsis "Ncurses based disk usage analyzer")
@@ -44,6 +44,6 @@ to do with a simple SSH connection. ncdu aims to be fast, simple and easy to
 use, and should be able to run in any minimal POSIX-like environment with
 ncurses installed.")
     (license (x11-style
-              (string-append "http://g.blicky.net/ncdu.git/plain/COPYING?id=v"
+              (string-append "https://g.blicky.net/ncdu.git/plain/COPYING?id=v"
                              version)))
-    (home-page "http://dev.yorhel.nl/ncdu")))
+    (home-page "https://dev.yorhel.nl/ncdu")))
diff --git a/gnu/packages/patches/clx-remove-demo.patch b/gnu/packages/patches/clx-remove-demo.patch
new file mode 100644
index 0000000000..c5fffea0d0
--- /dev/null
+++ b/gnu/packages/patches/clx-remove-demo.patch
@@ -0,0 +1,27 @@
+--- a/clx.asd	2016-02-16 00:06:48.161596976 -0500
++++ b/clx.asd	2016-02-16 00:06:54.793774658 -0500
+@@ -79,24 +79,6 @@
+                (:file "xtest")
+                (:file "screensaver")
+                (:file "xinerama")))
+-     (:module demo
+-	      :default-component-class example-source-file
+-	      :components
+-	      ((:file "bezier")
+-	       ;; KLUDGE: this requires "bezier" for proper operation,
+-	       ;; but we don't declare that dependency here, because
+-	       ;; asdf doesn't load example files anyway.
+-	       (:file "beziertest")
+-	       (:file "clclock")
+-               (:file "clipboard")
+-	       (:file "clx-demos")
+-	       (:file "gl-test")
+-	       ;; FIXME: compiling this generates 30-odd spurious code
+-	       ;; deletion notes.  Find out why, and either fix or
+-	       ;; workaround the problem.
+-	       (:file "mandel")
+-	       (:file "menu")
+-	       (:file "zoid")))
+      (:module test
+ 	      :default-component-class example-source-file
+ 	      :components
diff --git a/gnu/packages/patches/hdf-eos5-build-shared.patch b/gnu/packages/patches/hdf-eos5-build-shared.patch
new file mode 100644
index 0000000000..f4ae5c73e3
--- /dev/null
+++ b/gnu/packages/patches/hdf-eos5-build-shared.patch
@@ -0,0 +1,31 @@
+Make shared library linking work.
+---
+ src/Makefile.in | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/src/Makefile.in b/src/Makefile.in
+index 86880e5..24efffe 100644
+--- a/src/Makefile.in
++++ b/src/Makefile.in
+@@ -72,7 +72,7 @@ LTCOMPILE = $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) \
+ 	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ 	$(AM_CFLAGS) $(CFLAGS) -DH5_USE_16_API
+ CCLD = $(CC)
+-LINK = $(LIBTOOL) --mode=link --tag=CC $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
++LINK = HDF5_USE_SHLIB=yes $(LIBTOOL) --mode=link --tag=CC $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ 	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+ SOURCES = $(libhe5_hdfeos_la_SOURCES)
+ DIST_SOURCES = $(libhe5_hdfeos_la_SOURCES)
+@@ -124,9 +124,6 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@
+ INSTALL_SCRIPT = @INSTALL_SCRIPT@
+ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+ 
+-# Set LDFLAGS to allow the HDF-EOS library to use extern variables from
+-# HDF5
+-LDFLAGS = -Wl,-single_module
+ LIBOBJS = @LIBOBJS@
+ LIBS = @LIBS@
+ LIBTOOL = @LIBTOOL@
+-- 
+2.10.0
+
diff --git a/gnu/packages/patches/hdf-eos5-fix-szip.patch b/gnu/packages/patches/hdf-eos5-fix-szip.patch
new file mode 100644
index 0000000000..799f542ef3
--- /dev/null
+++ b/gnu/packages/patches/hdf-eos5-fix-szip.patch
@@ -0,0 +1,30 @@
+Ill-placed #endif causes missing symbol errors when compiling without
+szip.  Reported to upstream maintainer.
+---
+ src/EHapi.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/EHapi.c b/src/EHapi.c
+index 46a9b5c..208f447 100755
+--- a/src/EHapi.c
++++ b/src/EHapi.c
+@@ -11379,6 +11379,7 @@ int HE5_szip_can_encode(void )
+   return(-1);
+ }
+ 
++#endif /* H5_HAVE_FILTER_SZIP */
+ 
+ 
+ /*----------------------------------------------------------------------------|
+@@ -11509,8 +11510,6 @@ HE5_EHHEisHE5(char *filename)
+     }
+ }
+ 
+-#endif /* H5_HAVE_FILTER_SZIP */
+-
+ 
+ #ifndef __cplusplus
+ 
+-- 
+2.10.0
+
diff --git a/gnu/packages/patches/hdf-eos5-fortrantests.patch b/gnu/packages/patches/hdf-eos5-fortrantests.patch
new file mode 100644
index 0000000000..7333056342
--- /dev/null
+++ b/gnu/packages/patches/hdf-eos5-fortrantests.patch
@@ -0,0 +1,156 @@
+Fix fortran line length/indentation issues in Fortran test programs.
+Reported to upstream maintainer.
+
+diff --git a/samples/he5_gd_writedataF_32.f b/samples/he5_gd_writedataF_32.f
+index 515edf9..9c86299 100755
+--- a/samples/he5_gd_writedataF_32.f
++++ b/samples/he5_gd_writedataF_32.f
+@@ -77,26 +77,26 @@ c           ------------------------------
+ 
+ 		attr4 = "ABCDEFGH"
+ 		count(1) = 8
+-		status = he5_gdwrattr(gdid,"GLOBAL_CHAR_ATTR",HE5T_NATIVE_CHAR,
+-	1	count,attr4)
++		status = he5_gdwrattr(gdid,"GLOBAL_CHAR_ATTR"
++     &               ,HE5T_NATIVE_CHAR,count,attr4)
+ 	write(*,*) 'Status returned by he5_gdwrattr():  ',status
+ 
+ 		attr4 = "111"
+ 		count(1) = 3
+-		status = he5_gdwrgattr(gdid,"GLOBAL_CHAR_ATTR_1",HE5T_NATIVE_CHAR,
+-	1	count,attr4)
++		status = he5_gdwrgattr(gdid,"GLOBAL_CHAR_ATTR_1"
++     &               ,HE5T_NATIVE_CHAR,count,attr4)
+ 	write(*,*) 'Status returned by he5_gdwrgattr():  ',status
+ 
+ 		attr4 = "222222"
+ 		count(1) = 6
+-		status = he5_ehwrglatt(gdfid,"GLOBAL_CHAR_ATTR_2",HE5T_NATIVE_CHAR,
+-	1	count,attr4)
++		status = he5_ehwrglatt(gdfid,"GLOBAL_CHAR_ATTR_2"
++     &               ,HE5T_NATIVE_CHAR,count,attr4)
+ 	write(*,*) 'Status returned by he5_ehwrglatt():  ',status
+ 
+ 		attr5 = "abcdefgh111111111111"
+ 		count(1) = 20
+-		status = he5_gdwrlattr(gdid,"Vegetation","LocalAttribute_0",
+-	1	HE5T_NATIVE_CHAR,count,attr5)
++		status = he5_gdwrlattr(gdid,"Vegetation"
++     &               ,"LocalAttribute_0",HE5T_NATIVE_CHAR,count,attr5)
+ 	write(*,*) 'Status returned by he5_gdwrlattr():  ',status
+ 
+ 		 endif
+diff --git a/samples/he5_gd_writedataF_64.f b/samples/he5_gd_writedataF_64.f
+index eff04f5..62a7398 100755
+--- a/samples/he5_gd_writedataF_64.f
++++ b/samples/he5_gd_writedataF_64.f
+@@ -77,26 +77,26 @@ c           ------------------------------
+ 
+ 		attr4 = "ABCDEFGH"
+ 		count(1) = 8
+-		status = he5_gdwrattr(gdid,"GLOBAL_CHAR_ATTR",HE5T_NATIVE_CHAR,
+-	1	count,attr4)
++		status = he5_gdwrattr(gdid,"GLOBAL_CHAR_ATTR"
++     &               ,HE5T_NATIVE_CHAR,count,attr4)
+ 	write(*,*) 'Status returned by he5_gdwrattr():  ',status
+ 
+ 		attr4 = "111"
+ 		count(1) = 3
+-		status = he5_gdwrgattr(gdid,"GLOBAL_CHAR_ATTR_1",HE5T_NATIVE_CHAR,
+-	1	count,attr4)
++		status = he5_gdwrgattr(gdid,"GLOBAL_CHAR_ATTR_1"
++     &               ,HE5T_NATIVE_CHAR,count,attr4)
+ 	write(*,*) 'Status returned by he5_gdwrgattr():  ',status
+ 
+ 		attr4 = "222222"
+ 		count(1) = 6
+-		status = he5_ehwrglatt(gdfid,"GLOBAL_CHAR_ATTR_2",HE5T_NATIVE_CHAR,
+-	1	count,attr4)
++		status = he5_ehwrglatt(gdfid,"GLOBAL_CHAR_ATTR_2"
++     &               ,HE5T_NATIVE_CHAR,count,attr4)
+ 	write(*,*) 'Status returned by he5_ehwrglatt():  ',status
+ 
+ 		attr5 = "abcdefgh111111111111"
+ 		count(1) = 20
+-		status = he5_gdwrlattr(gdid,"Vegetation","LocalAttribute_0",
+-	1	HE5T_NATIVE_CHAR,count,attr5)
++		status = he5_gdwrlattr(gdid,"Vegetation"
++     &               ,"LocalAttribute_0",HE5T_NATIVE_CHAR,count,attr5)
+ 	write(*,*) 'Status returned by he5_gdwrlattr():  ',status
+ 
+ 		 endif
+diff --git a/samples/he5_sw_writedataF_32.f b/samples/he5_sw_writedataF_32.f
+index 7abab9b..fedd49a 100755
+--- a/samples/he5_sw_writedataF_32.f
++++ b/samples/he5_sw_writedataF_32.f
+@@ -173,20 +173,21 @@ c     Write Global Attribute
+ c     ----------------------
+ 			attr4 = "ABCDEFGH"
+ 			count(1) = 8
+-			status = he5_swwrattr(swid,"GLOBAL_CHAR_ATTR",HE5T_NATIVE_CHAR,
+-	1	count,attr4)
++			status = he5_swwrattr(swid,"GLOBAL_CHAR_ATTR"
++     &                       ,HE5T_NATIVE_CHAR,count,attr4)
+ 	write(*,*) 'Status returned by he5_swwrattr():  ',status
+ 
+ 			attr4 = "111"
+ 			count(1) = 3
+-			status = he5_swwrgattr(swid,"GLOBAL_CHAR_ATTR_1",HE5T_NATIVE_CHAR,
+-	1	count,attr4)
++			status = he5_swwrgattr(swid,"GLOBAL_CHAR_ATTR_1"
++     &                       ,HE5T_NATIVE_CHAR,count,attr4)
+ 	write(*,*) 'Status returned by he5_swwrgattr():  ',status
+ 
+ 			attr4 = "222222"
+ 			count(1) = 6
+-			status = he5_ehwrglatt(swfid,"GLOBAL_CHAR_ATTR_2",HE5T_NATIVE_CHAR,
+-	1	count,attr4)
++			status = he5_ehwrglatt(swfid
++     &                       ,"GLOBAL_CHAR_ATTR_2",HE5T_NATIVE_CHAR
++     &                       ,count,attr4)
+ 	write(*,*) 'Status returned by he5_ehwrglatt():  ',status
+ 
+ c     Write Local Attribute
+diff --git a/samples/he5_sw_writedataF_64.f b/samples/he5_sw_writedataF_64.f
+index 79e34bd..e5d74cb 100755
+--- a/samples/he5_sw_writedataF_64.f
++++ b/samples/he5_sw_writedataF_64.f
+@@ -162,25 +162,27 @@ c     Write Global Attribute
+ c     ----------------------
+ 			attr4 = "ABCDEFGH"
+ 			count(1) = 8
+-			status = he5_swwrattr(swid,"GLOBAL_CHAR_ATTR",HE5T_NATIVE_CHAR,
+-	1	count,attr4)
++			status = he5_swwrattr(swid,"GLOBAL_CHAR_ATTR"
++     &                       ,HE5T_NATIVE_CHAR,count,attr4)
+ 
+ 			attr4 = "111"
+ 			count(1) = 3		
+-			status = he5_swwrgattr(swid,"GLOBAL_CHAR_ATTR_1",HE5T_NATIVE_CHAR,
+-	1	count,attr4)
++			status = he5_swwrgattr(swid,"GLOBAL_CHAR_ATTR_1"
++     &                       ,HE5T_NATIVE_CHAR,count,attr4)
+ 
+ 			attr4 = "222222"
+ 			count(1) = 6
+-			status = he5_ehwrglatt(swfid,"GLOBAL_CHAR_ATTR_2",HE5T_NATIVE_CHAR,
+-	1	count,attr4)
++			status = he5_ehwrglatt(swfid
++     &                       ,"GLOBAL_CHAR_ATTR_2",HE5T_NATIVE_CHAR
++     &                       ,count,attr4)
+ 
+ c     Write Local Attribute
+ c     ---------------------
+ 			attr5 = "abababababababababab"
+ 			count(1) = 20
+-			status = he5_swwrlattr(swid,"Density","LocalAttribute_0",
+-	1	HE5T_NATIVE_CHAR,count,attr5)
++			status = he5_swwrlattr(swid,"Density"
++     &                       ,"LocalAttribute_0",HE5T_NATIVE_CHAR,count
++     &                       ,attr5)
+ 
+ 	      
+ 		 endif
+-- 
+2.10.0
+
diff --git a/gnu/packages/patches/hdf-eos5-remove-gctp.patch b/gnu/packages/patches/hdf-eos5-remove-gctp.patch
new file mode 100644
index 0000000000..3b78357129
--- /dev/null
+++ b/gnu/packages/patches/hdf-eos5-remove-gctp.patch
@@ -0,0 +1,55 @@
+Don't build/install/use bundled gctp code/headers.
+
+* cproj.h, proj.h: part of GCTP, therefore already present.
+* HE5_config.h, tutils.h: used for library building and testing.
+
+diff --git a/Makefile.in b/Makefile.in
+index f160d0d..367b537 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -206,7 +206,7 @@ LIBGCTP = $(top_builddir)/gctp/src/libGctp.la
+ @TESTDRIVERS_CONDITIONAL_TRUE@TESTDRIVERS = testdrivers
+ @INSTALL_INCLUDE_CONDITIONAL_FALSE@INCLUDE = 
+ @INSTALL_INCLUDE_CONDITIONAL_TRUE@INCLUDE = include
+-SUBDIRS = gctp src $(INCLUDE) samples $(TESTDRIVERS)
++SUBDIRS = src $(INCLUDE) samples $(TESTDRIVERS)
+ all: all-recursive
+ 
+ .SUFFIXES:
+diff --git a/samples/Makefile.in b/samples/Makefile.in
+index 59331dd..64fda89 100644
+--- a/samples/Makefile.in
++++ b/samples/Makefile.in
+@@ -206,7 +206,6 @@ he5_gd_datainfo_SOURCES = he5_gd_datainfo.c
+ he5_gd_datainfo_OBJECTS = he5_gd_datainfo.$(OBJEXT)
+ he5_gd_datainfo_LDADD = $(LDADD)
+ am__DEPENDENCIES_1 = $(top_builddir)/src/libhe5_hdfeos.la
+-am__DEPENDENCIES_2 = $(top_builddir)/gctp/src/libGctp.la
+ he5_gd_datainfo_DEPENDENCIES = $(am__DEPENDENCIES_1) \
+ 	$(am__DEPENDENCIES_2)
+ he5_gd_defexternalfld_SOURCES = he5_gd_defexternalfld.c
+@@ -1093,7 +1092,7 @@ sharedstatedir = @sharedstatedir@
+ sysconfdir = @sysconfdir@
+ target_alias = @target_alias@
+ LIBHDFEOS5 = $(top_builddir)/src/libhe5_hdfeos.la
+-LIBGCTP = $(top_builddir)/gctp/src/libGctp.la
++LIBGCTP =
+ 
+ # Boilerplate definitions file
+ 
+diff --git a/include/Makefile.in b/include/Makefile.in
+index a572128..64dabb5 100644
+--- a/include/Makefile.in
++++ b/include/Makefile.in
+@@ -190,8 +190,7 @@ LIBGCTP = $(top_builddir)/gctp/src/libGctp.la
+ # Boilerplate include
+ 
+ # Headers to install
+-include_HEADERS = HE5_GctpFunc.h HE5_HdfEosDef.h HE5_config.h cproj.h ease.h \
+-                  isin.h proj.h tutils.h cfortHdf.h
++include_HEADERS = HE5_GctpFunc.h HE5_HdfEosDef.h ease.h isin.h cfortHdf.h
+ 
+ all: HE5_config.h
+ 	$(MAKE) $(AM_MAKEFLAGS) all-am
+-- 
+2.10.0
diff --git a/gnu/packages/patches/icecat-CVE-2016-2818-pt1.patch b/gnu/packages/patches/icecat-CVE-2016-2818-pt1.patch
deleted file mode 100644
index 57bc45f3c2..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-2818-pt1.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-  changeset:   312039:4290826b078c
-  user:        Timothy Nikkel <tnikkel@gmail.com>
-  Date:        Fri May 13 06:09:38 2016 +0200
-  summary:     Bug 1261230. r=mats, a=ritu
-
-diff -r 45a59425b498 -r 4290826b078c layout/generic/nsSubDocumentFrame.cpp
---- a/layout/generic/nsSubDocumentFrame.cpp	Tue May 10 14:12:20 2016 +0200
-+++ b/layout/generic/nsSubDocumentFrame.cpp	Fri May 13 06:09:38 2016 +0200
-@@ -132,6 +132,7 @@
-     nsCOMPtr<nsIDocument> oldContainerDoc;
-     nsView* detachedViews =
-       frameloader->GetDetachedSubdocView(getter_AddRefs(oldContainerDoc));
-+    frameloader->SetDetachedSubdocView(nullptr, nullptr);
-     if (detachedViews) {
-       if (oldContainerDoc == aContent->OwnerDoc()) {
-         // Restore stashed presentation.
-@@ -142,7 +143,6 @@
-         frameloader->Hide();
-       }
-     }
--    frameloader->SetDetachedSubdocView(nullptr, nullptr);
-   }
- 
-   nsContentUtils::AddScriptRunner(new AsyncFrameInit(this));
-@@ -936,13 +936,16 @@
-     if (!mPresShell->IsDestroying()) {
-       mPresShell->FlushPendingNotifications(Flush_Frames);
-     }
-+
-+    // Either the frame has been constructed by now, or it never will be,
-+    // either way we want to clear the stashed views.
-+    mFrameLoader->SetDetachedSubdocView(nullptr, nullptr);
-+
-     nsSubDocumentFrame* frame = do_QueryFrame(mFrameElement->GetPrimaryFrame());
-     if ((!frame && mHideViewerIfFrameless) ||
-         mPresShell->IsDestroying()) {
-       // Either the frame element has no nsIFrame or the presshell is being
--      // destroyed. Hide the nsFrameLoader, which destroys the presentation,
--      // and clear our references to the stashed presentation.
--      mFrameLoader->SetDetachedSubdocView(nullptr, nullptr);
-+      // destroyed. Hide the nsFrameLoader, which destroys the presentation.
-       mFrameLoader->Hide();
-     }
-     return NS_OK;
-@@ -968,7 +971,7 @@
-   // Detach the subdocument's views and stash them in the frame loader.
-   // We can then reattach them if we're being reframed (for example if
-   // the frame has been made position:fixed).
--  nsFrameLoader* frameloader = FrameLoader();
-+  RefPtr<nsFrameLoader> frameloader = FrameLoader();
-   if (frameloader) {
-     nsView* detachedViews = ::BeginSwapDocShellsForViews(mInnerView->GetFirstChild());
-     frameloader->SetDetachedSubdocView(detachedViews, mContent->OwnerDoc());
-@@ -977,7 +980,7 @@
-     // safely determine whether the frame is being reframed or destroyed.
-     nsContentUtils::AddScriptRunner(
-       new nsHideViewer(mContent,
--                       mFrameLoader,
-+                       frameloader,
-                        PresContext()->PresShell(),
-                        (mDidCreateDoc || mCallingShow)));
-   }
diff --git a/gnu/packages/patches/icecat-CVE-2016-2818-pt2.patch b/gnu/packages/patches/icecat-CVE-2016-2818-pt2.patch
deleted file mode 100644
index 843e2eb244..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-2818-pt2.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-  changeset:   312044:09418166fd77
-  user:        Jon Coppeard <jcoppeard@mozilla.com>
-  Date:        Wed May 11 10:14:45 2016 +0100
-  summary:     Bug 1264575 - Add missing pre-barrier in Ion r=jandem a=ritu
-
-diff -r 9cc65cca1f71 -r 09418166fd77 js/src/jit-test/tests/self-hosting/bug1264575.js
---- /dev/null	Thu Jan 01 00:00:00 1970 +0000
-+++ b/js/src/jit-test/tests/self-hosting/bug1264575.js	Wed May 11 10:14:45 2016 +0100
-@@ -0,0 +1,7 @@
-+function f(x, [y]) {}
-+f(0, []);
-+// jsfunfuzz-generated
-+let i = 0;
-+for (var z of [0, 0, 0]) {
-+    verifyprebarriers();
-+}
-diff -r 9cc65cca1f71 -r 09418166fd77 js/src/jit/MCallOptimize.cpp
---- a/js/src/jit/MCallOptimize.cpp	Mon May 16 15:11:24 2016 -0400
-+++ b/js/src/jit/MCallOptimize.cpp	Wed May 11 10:14:45 2016 +0100
-@@ -2263,7 +2263,8 @@
- 
-     callInfo.setImplicitlyUsedUnchecked();
- 
--    MStoreFixedSlot* store = MStoreFixedSlot::New(alloc(), callInfo.getArg(0), slot, callInfo.getArg(2));
-+    MStoreFixedSlot* store =
-+        MStoreFixedSlot::NewBarriered(alloc(), callInfo.getArg(0), slot, callInfo.getArg(2));
-     current->add(store);
-     current->push(store);
- 
diff --git a/gnu/packages/patches/icecat-CVE-2016-2818-pt3.patch b/gnu/packages/patches/icecat-CVE-2016-2818-pt3.patch
deleted file mode 100644
index fab003158c..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-2818-pt3.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-  changeset:   312051:9ec3d076fbee
-  parents:     312049:e0a272d5e162 
-  user:        Eric Faust <efaustbmo@gmail.com>
-  Date:        Wed May 04 15:54:43 2016 -0700
-  summary:     Bug 1269729 - Handle another OOM case on ARM. (r=jolesen) a=ritu
-
-diff -r e0a272d5e162 -r 9ec3d076fbee js/src/jit/arm/CodeGenerator-arm.cpp
---- a/js/src/jit/arm/CodeGenerator-arm.cpp	Tue May 17 08:26:37 2016 -0400
-+++ b/js/src/jit/arm/CodeGenerator-arm.cpp	Wed May 04 15:54:43 2016 -0700
-@@ -1116,7 +1116,7 @@
-     for (int32_t i = 0; i < cases; i++) {
-         CodeLabel cl;
-         masm.writeCodePointer(cl.dest());
--        ool->addCodeLabel(cl);
-+        masm.propagateOOM(ool->addCodeLabel(cl));
-     }
-     addOutOfLineCode(ool, mir);
- }
diff --git a/gnu/packages/patches/icecat-CVE-2016-2818-pt4.patch b/gnu/packages/patches/icecat-CVE-2016-2818-pt4.patch
deleted file mode 100644
index 0973203e0f..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-2818-pt4.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-  changeset:   312055:b74f1ab939d2
-  user:        Olli Pettay <Olli.Pettay@helsinki.fi>
-  Date:        Mon May 16 21:42:24 2016 +0300
-  summary:     Bug 1273202, make sure to not keep objects alive too long because of some useless event dispatching, r=jwatt a=ritu
-
-diff -r 072992bf176d -r b74f1ab939d2 dom/html/HTMLInputElement.cpp
---- a/dom/html/HTMLInputElement.cpp	Sun May 15 17:03:06 2016 +0300
-+++ b/dom/html/HTMLInputElement.cpp	Mon May 16 21:42:24 2016 +0300
-@@ -1168,7 +1168,7 @@
-     mFileList->Disconnect();
-   }
-   if (mNumberControlSpinnerIsSpinning) {
--    StopNumberControlSpinnerSpin();
-+    StopNumberControlSpinnerSpin(eDisallowDispatchingEvents);
-   }
-   DestroyImageLoadingContent();
-   FreeData();
-@@ -3721,7 +3721,7 @@
- }
- 
- void
--HTMLInputElement::StopNumberControlSpinnerSpin()
-+HTMLInputElement::StopNumberControlSpinnerSpin(SpinnerStopState aState)
- {
-   if (mNumberControlSpinnerIsSpinning) {
-     if (nsIPresShell::GetCapturingContent() == this) {
-@@ -3732,11 +3732,16 @@
- 
-     mNumberControlSpinnerIsSpinning = false;
- 
--    FireChangeEventIfNeeded();
-+    if (aState == eAllowDispatchingEvents) {
-+      FireChangeEventIfNeeded();
-+    }
- 
-     nsNumberControlFrame* numberControlFrame =
-       do_QueryFrame(GetPrimaryFrame());
-     if (numberControlFrame) {
-+      MOZ_ASSERT(aState == eAllowDispatchingEvents,
-+                 "Shouldn't have primary frame for the element when we're not "
-+                 "allowed to dispatch events to it anymore.");
-       numberControlFrame->SpinnerStateChanged();
-     }
-   }
-diff -r 072992bf176d -r b74f1ab939d2 dom/html/HTMLInputElement.h
---- a/dom/html/HTMLInputElement.h	Sun May 15 17:03:06 2016 +0300
-+++ b/dom/html/HTMLInputElement.h	Mon May 16 21:42:24 2016 +0300
-@@ -721,7 +721,12 @@
-   HTMLInputElement* GetOwnerNumberControl();
- 
-   void StartNumberControlSpinnerSpin();
--  void StopNumberControlSpinnerSpin();
-+  enum SpinnerStopState {
-+    eAllowDispatchingEvents,
-+    eDisallowDispatchingEvents
-+  };
-+  void StopNumberControlSpinnerSpin(SpinnerStopState aState =
-+                                      eAllowDispatchingEvents);
-   void StepNumberControlForUserEvent(int32_t aDirection);
- 
-   /**
diff --git a/gnu/packages/patches/icecat-CVE-2016-2818-pt5.patch b/gnu/packages/patches/icecat-CVE-2016-2818-pt5.patch
deleted file mode 100644
index cd98d0b28b..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-2818-pt5.patch
+++ /dev/null
@@ -1,266 +0,0 @@
-  changeset:   312063:88bea96c802a
-  user:        Andrea Marchesini <amarchesini@mozilla.com>
-  Date:        Tue May 10 10:52:19 2016 +0200
-  summary:     Bug 1267130 - Improve the URL segment calculation, r=valentin a=ritu
-
-diff -r 28dcecced055 -r 88bea96c802a netwerk/base/nsStandardURL.cpp
---- a/netwerk/base/nsStandardURL.cpp	Wed May 18 11:55:29 2016 +1200
-+++ b/netwerk/base/nsStandardURL.cpp	Tue May 10 10:52:19 2016 +0200
-@@ -475,19 +475,28 @@
- }
- 
- uint32_t
--nsStandardURL::AppendSegmentToBuf(char *buf, uint32_t i, const char *str, URLSegment &seg, const nsCString *escapedStr, bool useEscaped)
-+nsStandardURL::AppendSegmentToBuf(char *buf, uint32_t i, const char *str,
-+                                  const URLSegment &segInput, URLSegment &segOutput,
-+                                  const nsCString *escapedStr,
-+                                  bool useEscaped, int32_t *diff)
- {
--    if (seg.mLen > 0) {
-+    MOZ_ASSERT(segInput.mLen == segOutput.mLen);
-+
-+    if (diff) *diff = 0;
-+
-+    if (segInput.mLen > 0) {
-         if (useEscaped) {
--            seg.mLen = escapedStr->Length();
--            memcpy(buf + i, escapedStr->get(), seg.mLen);
-+            MOZ_ASSERT(diff);
-+            segOutput.mLen = escapedStr->Length();
-+            *diff = segOutput.mLen - segInput.mLen;
-+            memcpy(buf + i, escapedStr->get(), segOutput.mLen);
-+        } else {
-+            memcpy(buf + i, str + segInput.mPos, segInput.mLen);
-         }
--        else
--            memcpy(buf + i, str + seg.mPos, seg.mLen);
--        seg.mPos = i;
--        i += seg.mLen;
-+        segOutput.mPos = i;
-+        i += segOutput.mLen;
-     } else {
--        seg.mPos = i;
-+        segOutput.mPos = i;
-     }
-     return i;
- }
-@@ -598,6 +607,20 @@
-         }
-     }
- 
-+    // We must take a copy of every single segment because they are pointing to
-+    // the |spec| while we are changing their value, in case we must use
-+    // encoded strings.
-+    URLSegment username(mUsername);
-+    URLSegment password(mPassword);
-+    URLSegment host(mHost);
-+    URLSegment path(mPath);
-+    URLSegment filepath(mFilepath);
-+    URLSegment directory(mDirectory);
-+    URLSegment basename(mBasename);
-+    URLSegment extension(mExtension);
-+    URLSegment query(mQuery);
-+    URLSegment ref(mRef);
-+
-     //
-     // generate the normalized URL string
-     //
-@@ -607,9 +630,10 @@
-     char *buf;
-     mSpec.BeginWriting(buf);
-     uint32_t i = 0;
-+    int32_t diff = 0;
- 
-     if (mScheme.mLen > 0) {
--        i = AppendSegmentToBuf(buf, i, spec, mScheme);
-+        i = AppendSegmentToBuf(buf, i, spec, mScheme, mScheme);
-         net_ToLowerCase(buf + mScheme.mPos, mScheme.mLen);
-         i = AppendToBuf(buf, i, "://", 3);
-     }
-@@ -619,15 +643,22 @@
- 
-     // append authority
-     if (mUsername.mLen > 0) {
--        i = AppendSegmentToBuf(buf, i, spec, mUsername, &encUsername, useEncUsername);
--        if (mPassword.mLen >= 0) {
-+        i = AppendSegmentToBuf(buf, i, spec, username, mUsername,
-+                               &encUsername, useEncUsername, &diff);
-+        ShiftFromPassword(diff);
-+        if (password.mLen >= 0) {
-             buf[i++] = ':';
--            i = AppendSegmentToBuf(buf, i, spec, mPassword, &encPassword, useEncPassword);
-+            i = AppendSegmentToBuf(buf, i, spec, password, mPassword,
-+                                   &encPassword, useEncPassword, &diff);
-+            ShiftFromHost(diff);
-         }
-         buf[i++] = '@';
-     }
--    if (mHost.mLen > 0) {
--        i = AppendSegmentToBuf(buf, i, spec, mHost, &encHost, useEncHost);
-+    if (host.mLen > 0) {
-+        i = AppendSegmentToBuf(buf, i, spec, host, mHost, &encHost, useEncHost,
-+                               &diff);
-+        ShiftFromPath(diff);
-+
-         net_ToLowerCase(buf + mHost.mPos, mHost.mLen);
-         MOZ_ASSERT(mPort >= -1, "Invalid negative mPort");
-         if (mPort != -1 && mPort != mDefaultPort) {
-@@ -652,21 +683,23 @@
-     }
-     else {
-         uint32_t leadingSlash = 0;
--        if (spec[mPath.mPos] != '/') {
-+        if (spec[path.mPos] != '/') {
-             LOG(("adding leading slash to path\n"));
-             leadingSlash = 1;
-             buf[i++] = '/';
-             // basename must exist, even if empty (bugs 113508, 429347)
-             if (mBasename.mLen == -1) {
--                mBasename.mPos = i;
--                mBasename.mLen = 0;
-+                mBasename.mPos = basename.mPos = i;
-+                mBasename.mLen = basename.mLen = 0;
-             }
-         }
- 
-         // record corrected (file)path starting position
-         mPath.mPos = mFilepath.mPos = i - leadingSlash;
- 
--        i = AppendSegmentToBuf(buf, i, spec, mDirectory, &encDirectory, useEncDirectory);
-+        i = AppendSegmentToBuf(buf, i, spec, directory, mDirectory,
-+                               &encDirectory, useEncDirectory, &diff);
-+        ShiftFromBasename(diff);
- 
-         // the directory must end with a '/'
-         if (buf[i-1] != '/') {
-@@ -674,7 +707,9 @@
-             mDirectory.mLen++;
-         }
- 
--        i = AppendSegmentToBuf(buf, i, spec, mBasename, &encBasename, useEncBasename);
-+        i = AppendSegmentToBuf(buf, i, spec, basename, mBasename,
-+                               &encBasename, useEncBasename, &diff);
-+        ShiftFromExtension(diff);
- 
-         // make corrections to directory segment if leadingSlash
-         if (leadingSlash) {
-@@ -687,18 +722,24 @@
- 
-         if (mExtension.mLen >= 0) {
-             buf[i++] = '.';
--            i = AppendSegmentToBuf(buf, i, spec, mExtension, &encExtension, useEncExtension);
-+            i = AppendSegmentToBuf(buf, i, spec, extension, mExtension,
-+                                   &encExtension, useEncExtension, &diff);
-+            ShiftFromQuery(diff);
-         }
-         // calculate corrected filepath length
-         mFilepath.mLen = i - mFilepath.mPos;
- 
-         if (mQuery.mLen >= 0) {
-             buf[i++] = '?';
--            i = AppendSegmentToBuf(buf, i, spec, mQuery, &encQuery, useEncQuery);
-+            i = AppendSegmentToBuf(buf, i, spec, query, mQuery,
-+                                   &encQuery, useEncQuery,
-+                                   &diff);
-+            ShiftFromRef(diff);
-         }
-         if (mRef.mLen >= 0) {
-             buf[i++] = '#';
--            i = AppendSegmentToBuf(buf, i, spec, mRef, &encRef, useEncRef);
-+            i = AppendSegmentToBuf(buf, i, spec, ref, mRef, &encRef, useEncRef,
-+                                   &diff);
-         }
-         // calculate corrected path length
-         mPath.mLen = i - mPath.mPos;
-@@ -953,6 +994,39 @@
- #undef GOT_PREF
- }
- 
-+#define SHIFT_FROM(name, what)                    \
-+void                                              \
-+nsStandardURL::name(int32_t diff)                 \
-+{                                                 \
-+    if (!diff) return;                            \
-+    if (what.mLen >= 0) {                         \
-+        CheckedInt<int32_t> pos = what.mPos;      \
-+        pos += diff;                              \
-+        MOZ_ASSERT(pos.isValid());                \
-+        what.mPos = pos.value();                  \
-+    }
-+
-+#define SHIFT_FROM_NEXT(name, what, next)         \
-+    SHIFT_FROM(name, what)                        \
-+    next(diff);                                   \
-+}
-+
-+#define SHIFT_FROM_LAST(name, what)               \
-+    SHIFT_FROM(name, what)                        \
-+}
-+
-+SHIFT_FROM_NEXT(ShiftFromAuthority, mAuthority, ShiftFromUsername)
-+SHIFT_FROM_NEXT(ShiftFromUsername, mUsername, ShiftFromPassword)
-+SHIFT_FROM_NEXT(ShiftFromPassword, mPassword, ShiftFromHost)
-+SHIFT_FROM_NEXT(ShiftFromHost, mHost, ShiftFromPath)
-+SHIFT_FROM_NEXT(ShiftFromPath, mPath, ShiftFromFilepath)
-+SHIFT_FROM_NEXT(ShiftFromFilepath, mFilepath, ShiftFromDirectory)
-+SHIFT_FROM_NEXT(ShiftFromDirectory, mDirectory, ShiftFromBasename)
-+SHIFT_FROM_NEXT(ShiftFromBasename, mBasename, ShiftFromExtension)
-+SHIFT_FROM_NEXT(ShiftFromExtension, mExtension, ShiftFromQuery)
-+SHIFT_FROM_NEXT(ShiftFromQuery, mQuery, ShiftFromRef)
-+SHIFT_FROM_LAST(ShiftFromRef, mRef)
-+
- //----------------------------------------------------------------------------
- // nsStandardURL::nsISupports
- //----------------------------------------------------------------------------
-diff -r 28dcecced055 -r 88bea96c802a netwerk/base/nsStandardURL.h
---- a/netwerk/base/nsStandardURL.h	Wed May 18 11:55:29 2016 +1200
-+++ b/netwerk/base/nsStandardURL.h	Tue May 10 10:52:19 2016 +0200
-@@ -77,6 +77,7 @@
- 
-         URLSegment() : mPos(0), mLen(-1) {}
-         URLSegment(uint32_t pos, int32_t len) : mPos(pos), mLen(len) {}
-+        URLSegment(const URLSegment& aCopy) : mPos(aCopy.mPos), mLen(aCopy.mLen) {}
-         void Reset() { mPos = 0; mLen = -1; }
-         // Merge another segment following this one to it if they're contiguous
-         // Assumes we have something like "foo;bar" where this object is 'foo' and right
-@@ -177,7 +178,10 @@
-     bool     NormalizeIDN(const nsCSubstring &host, nsCString &result);
-     void     CoalescePath(netCoalesceFlags coalesceFlag, char *path);
- 
--    uint32_t AppendSegmentToBuf(char *, uint32_t, const char *, URLSegment &, const nsCString *esc=nullptr, bool useEsc = false);
-+    uint32_t AppendSegmentToBuf(char *, uint32_t, const char *,
-+                                const URLSegment &input, URLSegment &output,
-+                                const nsCString *esc=nullptr,
-+                                bool useEsc = false, int32_t* diff = nullptr);
-     uint32_t AppendToBuf(char *, uint32_t, const char *, uint32_t);
- 
-     nsresult BuildNormalizedSpec(const char *spec);
-@@ -216,17 +220,17 @@
-     const nsDependentCSubstring Ref()       { return Segment(mRef); }
- 
-     // shift the URLSegments to the right by diff
--    void ShiftFromAuthority(int32_t diff) { mAuthority.mPos += diff; ShiftFromUsername(diff); }
--    void ShiftFromUsername(int32_t diff)  { mUsername.mPos += diff; ShiftFromPassword(diff); }
--    void ShiftFromPassword(int32_t diff)  { mPassword.mPos += diff; ShiftFromHost(diff); }
--    void ShiftFromHost(int32_t diff)      { mHost.mPos += diff; ShiftFromPath(diff); }
--    void ShiftFromPath(int32_t diff)      { mPath.mPos += diff; ShiftFromFilepath(diff); }
--    void ShiftFromFilepath(int32_t diff)  { mFilepath.mPos += diff; ShiftFromDirectory(diff); }
--    void ShiftFromDirectory(int32_t diff) { mDirectory.mPos += diff; ShiftFromBasename(diff); }
--    void ShiftFromBasename(int32_t diff)  { mBasename.mPos += diff; ShiftFromExtension(diff); }
--    void ShiftFromExtension(int32_t diff) { mExtension.mPos += diff; ShiftFromQuery(diff); }
--    void ShiftFromQuery(int32_t diff)     { mQuery.mPos += diff; ShiftFromRef(diff); }
--    void ShiftFromRef(int32_t diff)       { mRef.mPos += diff; }
-+    void ShiftFromAuthority(int32_t diff);
-+    void ShiftFromUsername(int32_t diff);
-+    void ShiftFromPassword(int32_t diff);
-+    void ShiftFromHost(int32_t diff);
-+    void ShiftFromPath(int32_t diff);
-+    void ShiftFromFilepath(int32_t diff);
-+    void ShiftFromDirectory(int32_t diff);
-+    void ShiftFromBasename(int32_t diff);
-+    void ShiftFromExtension(int32_t diff);
-+    void ShiftFromQuery(int32_t diff);
-+    void ShiftFromRef(int32_t diff);
- 
-     // fastload helper functions
-     nsresult ReadSegment(nsIBinaryInputStream *, URLSegment &);
diff --git a/gnu/packages/patches/icecat-CVE-2016-2818-pt6.patch b/gnu/packages/patches/icecat-CVE-2016-2818-pt6.patch
deleted file mode 100644
index 143b02fa58..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-2818-pt6.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-  changeset:   312067:380ddd689680
-  user:        Timothy Nikkel <tnikkel@gmail.com>
-  Date:        Tue May 10 22:58:26 2016 -0500
-  summary:     Bug 1261752. Part 1. r=mats a=ritu
-
-diff -r 02df988a56ae -r 380ddd689680 view/nsViewManager.cpp
---- a/view/nsViewManager.cpp	Thu May 26 10:06:15 2016 -0700
-+++ b/view/nsViewManager.cpp	Tue May 10 22:58:26 2016 -0500
-@@ -416,7 +416,7 @@
-   if (aWidget->NeedsPaint()) {
-     // If an ancestor widget was hidden and then shown, we could
-     // have a delayed resize to handle.
--    for (nsViewManager *vm = this; vm;
-+    for (RefPtr<nsViewManager> vm = this; vm;
-          vm = vm->mRootView->GetParent()
-            ? vm->mRootView->GetParent()->GetViewManager()
-            : nullptr) {
diff --git a/gnu/packages/patches/icecat-CVE-2016-2818-pt7.patch b/gnu/packages/patches/icecat-CVE-2016-2818-pt7.patch
deleted file mode 100644
index 23c509d6c1..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-2818-pt7.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-  changeset:   312068:73cc9a2d8fc1
-  user:        Timothy Nikkel <tnikkel@gmail.com>
-  Date:        Tue May 10 22:58:47 2016 -0500
-  summary:     Bug 1261752. Part 2. r=mats a=ritu
-
-diff -r 380ddd689680 -r 73cc9a2d8fc1 view/nsViewManager.cpp
---- a/view/nsViewManager.cpp	Tue May 10 22:58:26 2016 -0500
-+++ b/view/nsViewManager.cpp	Tue May 10 22:58:47 2016 -0500
-@@ -372,7 +372,7 @@
-     }
-   }
-   if (rootShell->GetViewManager() != this) {
--    return; // 'this' might have been destroyed
-+    return; // presentation might have been torn down
-   }
-   if (aFlushDirtyRegion) {
-     nsAutoScriptBlocker scriptBlocker;
-@@ -1069,6 +1069,7 @@
-   if (mPresShell) {
-     mPresShell->GetPresContext()->RefreshDriver()->RevokeViewManagerFlush();
- 
-+    RefPtr<nsViewManager> strongThis(this);
-     CallWillPaintOnObservers();
- 
-     ProcessPendingUpdatesForView(mRootView, true);
-@@ -1085,6 +1086,7 @@
- 
-   if (mHasPendingWidgetGeometryChanges) {
-     mHasPendingWidgetGeometryChanges = false;
-+    RefPtr<nsViewManager> strongThis(this);
-     ProcessPendingUpdatesForView(mRootView, false);
-   }
- }
diff --git a/gnu/packages/patches/icecat-CVE-2016-2818-pt8.patch b/gnu/packages/patches/icecat-CVE-2016-2818-pt8.patch
deleted file mode 100644
index ee5e54e805..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-2818-pt8.patch
+++ /dev/null
@@ -1,267 +0,0 @@
-  changeset:   312069:3c2bd9158ad3
-  user:        Timothy Nikkel <tnikkel@gmail.com>
-  Date:        Tue May 10 22:58:47 2016 -0500
-  summary:     Bug 1261752. Part 3. r=mats a=ritu
-
-diff -r 73cc9a2d8fc1 -r 3c2bd9158ad3 layout/forms/nsComboboxControlFrame.cpp
---- a/layout/forms/nsComboboxControlFrame.cpp	Tue May 10 22:58:47 2016 -0500
-+++ b/layout/forms/nsComboboxControlFrame.cpp	Tue May 10 22:58:47 2016 -0500
-@@ -1417,7 +1417,11 @@
-     // The popup's visibility doesn't update until the minimize animation has
-     // finished, so call UpdateWidgetGeometry to update it right away.
-     nsViewManager* viewManager = mDropdownFrame->GetView()->GetViewManager();
--    viewManager->UpdateWidgetGeometry();
-+    viewManager->UpdateWidgetGeometry(); // might destroy us
-+  }
-+
-+  if (!weakFrame.IsAlive()) {
-+    return consume;
-   }
- 
-   return consume;
-diff -r 73cc9a2d8fc1 -r 3c2bd9158ad3 view/nsViewManager.cpp
---- a/view/nsViewManager.cpp	Tue May 10 22:58:47 2016 -0500
-+++ b/view/nsViewManager.cpp	Tue May 10 22:58:47 2016 -0500
-@@ -670,15 +670,16 @@
- 
- void nsViewManager::WillPaintWindow(nsIWidget* aWidget)
- {
--  if (aWidget) {
--    nsView* view = nsView::GetViewFor(aWidget);
--    LayerManager *manager = aWidget->GetLayerManager();
-+  RefPtr<nsIWidget> widget(aWidget);
-+  if (widget) {
-+    nsView* view = nsView::GetViewFor(widget);
-+    LayerManager* manager = widget->GetLayerManager();
-     if (view &&
-         (view->ForcedRepaint() || !manager->NeedsWidgetInvalidation())) {
-       ProcessPendingUpdates();
-       // Re-get the view pointer here since the ProcessPendingUpdates might have
-       // destroyed it during CallWillPaintOnObservers.
--      view = nsView::GetViewFor(aWidget);
-+      view = nsView::GetViewFor(widget);
-       if (view) {
-         view->SetForcedRepaint(false);
-       }
-diff -r 73cc9a2d8fc1 -r 3c2bd9158ad3 widget/PuppetWidget.cpp
---- a/widget/PuppetWidget.cpp	Tue May 10 22:58:47 2016 -0500
-+++ b/widget/PuppetWidget.cpp	Tue May 10 22:58:47 2016 -0500
-@@ -823,6 +823,8 @@
-   mDirtyRegion.SetEmpty();
-   mPaintTask.Revoke();
- 
-+  RefPtr<PuppetWidget> strongThis(this);
-+
-   mAttachedWidgetListener->WillPaintWindow(this);
- 
-   if (mAttachedWidgetListener) {
-diff -r 73cc9a2d8fc1 -r 3c2bd9158ad3 widget/cocoa/nsChildView.mm
---- a/widget/cocoa/nsChildView.mm	Tue May 10 22:58:47 2016 -0500
-+++ b/widget/cocoa/nsChildView.mm	Tue May 10 22:58:47 2016 -0500
-@@ -3716,6 +3716,8 @@
- 
- - (void)viewWillDraw
- {
-+  nsAutoRetainCocoaObject kungFuDeathGrip(self);
-+
-   if (mGeckoChild) {
-     // The OS normally *will* draw our NSWindow, no matter what we do here.
-     // But Gecko can delete our parent widget(s) (along with mGeckoChild)
-diff -r 73cc9a2d8fc1 -r 3c2bd9158ad3 widget/gonk/nsWindow.cpp
---- a/widget/gonk/nsWindow.cpp	Tue May 10 22:58:47 2016 -0500
-+++ b/widget/gonk/nsWindow.cpp	Tue May 10 22:58:47 2016 -0500
-@@ -196,7 +196,7 @@
-         return;
-     }
- 
--    nsWindow *targetWindow = (nsWindow *)sTopWindows[0];
-+    RefPtr<nsWindow> targetWindow = (nsWindow *)sTopWindows[0];
-     while (targetWindow->GetLastChild())
-         targetWindow = (nsWindow *)targetWindow->GetLastChild();
- 
-@@ -205,15 +205,15 @@
-         listener->WillPaintWindow(targetWindow);
-     }
- 
--    LayerManager* lm = targetWindow->GetLayerManager();
--    if (mozilla::layers::LayersBackend::LAYERS_CLIENT == lm->GetBackendType()) {
--      // No need to do anything, the compositor will handle drawing
--    } else {
--        NS_RUNTIMEABORT("Unexpected layer manager type");
--    }
--
-     listener = targetWindow->GetWidgetListener();
-     if (listener) {
-+        LayerManager* lm = targetWindow->GetLayerManager();
-+        if (mozilla::layers::LayersBackend::LAYERS_CLIENT == lm->GetBackendType()) {
-+            // No need to do anything, the compositor will handle drawing
-+        } else {
-+            NS_RUNTIMEABORT("Unexpected layer manager type");
-+        }
-+
-         listener->DidPaintWindow();
-     }
- }
-diff -r 73cc9a2d8fc1 -r 3c2bd9158ad3 widget/gtk/nsWindow.cpp
---- a/widget/gtk/nsWindow.cpp	Tue May 10 22:58:47 2016 -0500
-+++ b/widget/gtk/nsWindow.cpp	Tue May 10 22:58:47 2016 -0500
-@@ -469,6 +469,12 @@
-     }
- }
- 
-+nsIWidgetListener*
-+nsWindow::GetListener()
-+{
-+    return mAttachedWidgetListener ? mAttachedWidgetListener : mWidgetListener;
-+}
-+
- nsresult
- nsWindow::DispatchEvent(WidgetGUIEvent* aEvent, nsEventStatus& aStatus)
- {
-@@ -481,8 +487,7 @@
-     aEvent->refPoint.y = GdkCoordToDevicePixels(aEvent->refPoint.y);
- 
-     aStatus = nsEventStatus_eIgnore;
--    nsIWidgetListener* listener =
--        mAttachedWidgetListener ? mAttachedWidgetListener : mWidgetListener;
-+    nsIWidgetListener* listener = GetListener();
-     if (listener) {
-       aStatus = listener->HandleEvent(aEvent, mUseAttachedEvents);
-     }
-@@ -2119,8 +2124,7 @@
-     if (!mGdkWindow || mIsFullyObscured || !mHasMappedToplevel)
-         return FALSE;
- 
--    nsIWidgetListener *listener =
--        mAttachedWidgetListener ? mAttachedWidgetListener : mWidgetListener;
-+    nsIWidgetListener *listener = GetListener();
-     if (!listener)
-         return FALSE;
- 
-@@ -2149,6 +2153,8 @@
-         clientLayers->SendInvalidRegion(region);
-     }
- 
-+    RefPtr<nsWindow> strongThis(this);
-+
-     // Dispatch WillPaintWindow notification to allow scripts etc. to run
-     // before we paint
-     {
-@@ -2161,8 +2167,7 @@
- 
-         // Re-get the listener since the will paint notification might have
-         // killed it.
--        listener =
--            mAttachedWidgetListener ? mAttachedWidgetListener : mWidgetListener;
-+        listener = GetListener();
-         if (!listener)
-             return FALSE;
-     }
-@@ -2223,6 +2228,13 @@
-     // If this widget uses OMTC...
-     if (GetLayerManager()->GetBackendType() == LayersBackend::LAYERS_CLIENT) {
-         listener->PaintWindow(this, region);
-+
-+        // Re-get the listener since the will paint notification might have
-+        // killed it.
-+        listener = GetListener();
-+        if (!listener)
-+            return TRUE;
-+
-         listener->DidPaintWindow();
-         return TRUE;
-     }
-@@ -2307,6 +2319,13 @@
-       if (GetLayerManager()->GetBackendType() == LayersBackend::LAYERS_BASIC) {
-         AutoLayerManagerSetup setupLayerManager(this, ctx, layerBuffering);
-         painted = listener->PaintWindow(this, region);
-+
-+        // Re-get the listener since the will paint notification might have
-+        // killed it.
-+        listener = GetListener();
-+        if (!listener)
-+            return TRUE;
-+
-       }
-     }
- 
-diff -r 73cc9a2d8fc1 -r 3c2bd9158ad3 widget/gtk/nsWindow.h
---- a/widget/gtk/nsWindow.h	Tue May 10 22:58:47 2016 -0500
-+++ b/widget/gtk/nsWindow.h	Tue May 10 22:58:47 2016 -0500
-@@ -359,6 +359,7 @@
-                                    GdkWindow** aWindow, gint* aButton,
-                                    gint* aRootX, gint* aRootY);
-     void               ClearCachedResources();
-+    nsIWidgetListener* GetListener();
- 
-     GtkWidget          *mShell;
-     MozContainer       *mContainer;
-diff -r 73cc9a2d8fc1 -r 3c2bd9158ad3 widget/qt/nsWindow.cpp
---- a/widget/qt/nsWindow.cpp	Tue May 10 22:58:47 2016 -0500
-+++ b/widget/qt/nsWindow.cpp	Tue May 10 22:58:47 2016 -0500
-@@ -857,18 +857,28 @@
- 
- // EVENTS
- 
-+nsIWidgetListener*
-+nsWindow::GetPaintListener()
-+{
-+    return mAttachedWidgetListener ? mAttachedWidgetListener : mWidgetListener;
-+}
-+
- void
- nsWindow::OnPaint()
- {
-     LOGDRAW(("nsWindow::%s [%p]\n", __FUNCTION__, (void *)this));
--    nsIWidgetListener* listener =
--        mAttachedWidgetListener ? mAttachedWidgetListener : mWidgetListener;
-+    nsIWidgetListener* listener = GetPaintListener();
-     if (!listener) {
-         return;
-     }
- 
-     listener->WillPaintWindow(this);
- 
-+    nsIWidgetListener* listener = GetPaintListener();
-+    if (!listener) {
-+        return;
-+    }
-+
-     switch (GetLayerManager()->GetBackendType()) {
-         case mozilla::layers::LayersBackend::LAYERS_CLIENT: {
-             nsIntRegion region(nsIntRect(0, 0, mWidget->width(), mWidget->height()));
-@@ -879,6 +889,11 @@
-             NS_ERROR("Invalid layer manager");
-     }
- 
-+    nsIWidgetListener* listener = GetPaintListener();
-+    if (!listener) {
-+        return;
-+    }
-+
-     listener->DidPaintWindow();
- }
- 
-diff -r 73cc9a2d8fc1 -r 3c2bd9158ad3 widget/qt/nsWindow.h
---- a/widget/qt/nsWindow.h	Tue May 10 22:58:47 2016 -0500
-+++ b/widget/qt/nsWindow.h	Tue May 10 22:58:47 2016 -0500
-@@ -254,6 +254,7 @@
-         bool needDispatch;
-     } MozCachedMoveEvent;
- 
-+    nsIWidgetListener* GetPaintListener();
-     bool               CheckForRollup(double aMouseX, double aMouseY, bool aIsWheel);
-     void*              SetupPluginPort(void);
-     nsresult           SetWindowIconList(const nsTArray<nsCString> &aIconList);
-diff -r 73cc9a2d8fc1 -r 3c2bd9158ad3 widget/windows/nsWindowGfx.cpp
---- a/widget/windows/nsWindowGfx.cpp	Tue May 10 22:58:47 2016 -0500
-+++ b/widget/windows/nsWindowGfx.cpp	Tue May 10 22:58:47 2016 -0500
-@@ -298,6 +298,8 @@
-     clientLayerManager->SendInvalidRegion(region);
-   }
- 
-+  RefPtr<nsWindow> strongThis(this);
-+
-   nsIWidgetListener* listener = GetPaintListener();
-   if (listener) {
-     listener->WillPaintWindow(this);
diff --git a/gnu/packages/patches/icecat-CVE-2016-2818-pt9.patch b/gnu/packages/patches/icecat-CVE-2016-2818-pt9.patch
deleted file mode 100644
index a72698cc0b..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-2818-pt9.patch
+++ /dev/null
@@ -1,188 +0,0 @@
-  changeset:   312075:ee870911fabb
-  user:        Timothy Nikkel <tnikkel@gmail.com>
-  Date:        Wed May 04 16:12:48 2016 -0500
-  summary:     Bug 1265577. r=mats, a=lizzard
-
-diff -r 751208d22b91 -r ee870911fabb dom/base/nsFrameLoader.cpp
---- a/dom/base/nsFrameLoader.cpp	Thu May 26 17:07:49 2016 -0400
-+++ b/dom/base/nsFrameLoader.cpp	Wed May 04 16:12:48 2016 -0500
-@@ -155,7 +155,7 @@
- nsFrameLoader::nsFrameLoader(Element* aOwner, bool aNetworkCreated)
-   : mOwnerContent(aOwner)
-   , mAppIdSentToPermissionManager(nsIScriptSecurityManager::NO_APP_ID)
--  , mDetachedSubdocViews(nullptr)
-+  , mDetachedSubdocFrame(nullptr)
-   , mIsPrerendered(false)
-   , mDepthTooGreat(false)
-   , mIsTopLevelContent(false)
-@@ -2507,18 +2507,18 @@
- }
- 
- void
--nsFrameLoader::SetDetachedSubdocView(nsView* aDetachedViews,
--                                     nsIDocument* aContainerDoc)
-+nsFrameLoader::SetDetachedSubdocFrame(nsIFrame* aDetachedFrame,
-+                                      nsIDocument* aContainerDoc)
- {
--  mDetachedSubdocViews = aDetachedViews;
-+  mDetachedSubdocFrame = aDetachedFrame;
-   mContainerDocWhileDetached = aContainerDoc;
- }
- 
--nsView*
--nsFrameLoader::GetDetachedSubdocView(nsIDocument** aContainerDoc) const
-+nsIFrame*
-+nsFrameLoader::GetDetachedSubdocFrame(nsIDocument** aContainerDoc) const
- {
-   NS_IF_ADDREF(*aContainerDoc = mContainerDocWhileDetached);
--  return mDetachedSubdocViews;
-+  return mDetachedSubdocFrame.GetFrame();
- }
- 
- void
-diff -r 751208d22b91 -r ee870911fabb dom/base/nsFrameLoader.h
---- a/dom/base/nsFrameLoader.h	Thu May 26 17:07:49 2016 -0400
-+++ b/dom/base/nsFrameLoader.h	Wed May 04 16:12:48 2016 -0500
-@@ -23,6 +23,7 @@
- #include "mozilla/Attributes.h"
- #include "FrameMetrics.h"
- #include "nsStubMutationObserver.h"
-+#include "nsIFrame.h"
- 
- class nsIURI;
- class nsSubDocumentFrame;
-@@ -197,23 +198,23 @@
-   void SetRemoteBrowser(nsITabParent* aTabParent);
- 
-   /**
--   * Stashes a detached view on the frame loader. We do this when we're
-+   * Stashes a detached nsIFrame on the frame loader. We do this when we're
-    * destroying the nsSubDocumentFrame. If the nsSubdocumentFrame is
--   * being reframed we'll restore the detached view when it's recreated,
-+   * being reframed we'll restore the detached nsIFrame when it's recreated,
-    * otherwise we'll discard the old presentation and set the detached
--   * subdoc view to null. aContainerDoc is the document containing the
-+   * subdoc nsIFrame to null. aContainerDoc is the document containing the
-    * the subdoc frame. This enables us to detect when the containing
-    * document has changed during reframe, so we can discard the presentation 
-    * in that case.
-    */
--  void SetDetachedSubdocView(nsView* aDetachedView,
--                             nsIDocument* aContainerDoc);
-+  void SetDetachedSubdocFrame(nsIFrame* aDetachedFrame,
-+                              nsIDocument* aContainerDoc);
- 
-   /**
--   * Retrieves the detached view and the document containing the view,
--   * as set by SetDetachedSubdocView().
-+   * Retrieves the detached nsIFrame and the document containing the nsIFrame,
-+   * as set by SetDetachedSubdocFrame().
-    */
--  nsView* GetDetachedSubdocView(nsIDocument** aContainerDoc) const;
-+  nsIFrame* GetDetachedSubdocFrame(nsIDocument** aContainerDoc) const;
- 
-   /**
-    * Applies a new set of sandbox flags. These are merged with the sandbox
-@@ -326,12 +327,12 @@
-   nsRefPtr<nsFrameMessageManager> mMessageManager;
-   nsCOMPtr<nsIInProcessContentFrameMessageManager> mChildMessageManager;
- private:
--  // Stores the root view of the subdocument while the subdocument is being
-+  // Stores the root frame of the subdocument while the subdocument is being
-   // reframed. Used to restore the presentation after reframing.
--  nsView* mDetachedSubdocViews;
-+  nsWeakFrame mDetachedSubdocFrame;
-   // Stores the containing document of the frame corresponding to this
-   // frame loader. This is reference is kept valid while the subframe's
--  // presentation is detached and stored in mDetachedSubdocViews. This
-+  // presentation is detached and stored in mDetachedSubdocFrame. This
-   // enables us to detect whether the frame has moved documents during
-   // a reframe, so that we know not to restore the presentation.
-   nsCOMPtr<nsIDocument> mContainerDocWhileDetached;
-diff -r 751208d22b91 -r ee870911fabb layout/generic/nsSubDocumentFrame.cpp
---- a/layout/generic/nsSubDocumentFrame.cpp	Thu May 26 17:07:49 2016 -0400
-+++ b/layout/generic/nsSubDocumentFrame.cpp	Wed May 04 16:12:48 2016 -0500
-@@ -130,13 +130,16 @@
-   nsRefPtr<nsFrameLoader> frameloader = FrameLoader();
-   if (frameloader) {
-     nsCOMPtr<nsIDocument> oldContainerDoc;
--    nsView* detachedViews =
--      frameloader->GetDetachedSubdocView(getter_AddRefs(oldContainerDoc));
--    frameloader->SetDetachedSubdocView(nullptr, nullptr);
--    if (detachedViews) {
--      if (oldContainerDoc == aContent->OwnerDoc()) {
-+    nsIFrame* detachedFrame =
-+      frameloader->GetDetachedSubdocFrame(getter_AddRefs(oldContainerDoc));
-+    frameloader->SetDetachedSubdocFrame(nullptr, nullptr);
-+    MOZ_ASSERT(oldContainerDoc || !detachedFrame);
-+    if (oldContainerDoc) {
-+      nsView* detachedView =
-+        detachedFrame ? detachedFrame->GetView() : nullptr;
-+      if (detachedView && oldContainerDoc == aContent->OwnerDoc()) {
-         // Restore stashed presentation.
--        ::InsertViewsInReverseOrder(detachedViews, mInnerView);
-+        ::InsertViewsInReverseOrder(detachedView, mInnerView);
-         ::EndSwapDocShellsForViews(mInnerView->GetFirstChild());
-       } else {
-         // Presentation is for a different document, don't restore it.
-@@ -252,11 +255,12 @@
-     nsRefPtr<nsFrameLoader> frameloader = FrameLoader();
-     if (frameloader) {
-       nsCOMPtr<nsIDocument> oldContainerDoc;
--      nsView* detachedViews =
--        frameloader->GetDetachedSubdocView(getter_AddRefs(oldContainerDoc));
--      if (detachedViews) {
--        nsSize size = detachedViews->GetBounds().Size();
--        nsPresContext* presContext = detachedViews->GetFrame()->PresContext();
-+      nsIFrame* detachedFrame =
-+        frameloader->GetDetachedSubdocFrame(getter_AddRefs(oldContainerDoc));
-+      nsView* view = detachedFrame ? detachedFrame->GetView() : nullptr;
-+      if (view) {
-+        nsSize size = view->GetBounds().Size();
-+        nsPresContext* presContext = detachedFrame->PresContext();
-         return nsIntSize(presContext->AppUnitsToDevPixels(size.width),
-                          presContext->AppUnitsToDevPixels(size.height));
-       }
-@@ -939,7 +943,7 @@
- 
-     // Either the frame has been constructed by now, or it never will be,
-     // either way we want to clear the stashed views.
--    mFrameLoader->SetDetachedSubdocView(nullptr, nullptr);
-+    mFrameLoader->SetDetachedSubdocFrame(nullptr, nullptr);
- 
-     nsSubDocumentFrame* frame = do_QueryFrame(mFrameElement->GetPrimaryFrame());
-     if ((!frame && mHideViewerIfFrameless) ||
-@@ -974,15 +978,25 @@
-   RefPtr<nsFrameLoader> frameloader = FrameLoader();
-   if (frameloader) {
-     nsView* detachedViews = ::BeginSwapDocShellsForViews(mInnerView->GetFirstChild());
--    frameloader->SetDetachedSubdocView(detachedViews, mContent->OwnerDoc());
- 
--    // We call nsFrameLoader::HideViewer() in a script runner so that we can
--    // safely determine whether the frame is being reframed or destroyed.
--    nsContentUtils::AddScriptRunner(
--      new nsHideViewer(mContent,
--                       frameloader,
--                       PresContext()->PresShell(),
--                       (mDidCreateDoc || mCallingShow)));
-+    if (detachedViews && detachedViews->GetFrame()) {
-+      MOZ_ASSERT(mContent->OwnerDoc());
-+      frameloader->SetDetachedSubdocFrame(
-+        detachedViews->GetFrame(), mContent->OwnerDoc());
-+
-+      // We call nsFrameLoader::HideViewer() in a script runner so that we can
-+      // safely determine whether the frame is being reframed or destroyed.
-+      nsContentUtils::AddScriptRunner(
-+        new nsHideViewer(mContent,
-+                         frameloader,
-+                         PresContext()->PresShell(),
-+                         (mDidCreateDoc || mCallingShow)));
-+    } else {
-+      frameloader->SetDetachedSubdocFrame(nullptr, nullptr);
-+      if (mDidCreateDoc || mCallingShow) {
-+        frameloader->Hide();
-+      }
-+    }
-   }
- 
-   nsLeafFrame::DestroyFrom(aDestructRoot);
diff --git a/gnu/packages/patches/icecat-CVE-2016-2819.patch b/gnu/packages/patches/icecat-CVE-2016-2819.patch
deleted file mode 100644
index cbb833d43d..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-2819.patch
+++ /dev/null
@@ -1,102 +0,0 @@
-  changeset:   312054:072992bf176d
-  user:        Henri Sivonen <hsivonen@hsivonen.fi>
-  Date:        Sun May 15 17:03:06 2016 +0300
-  summary:     Bug 1270381. r=wchen. a=ritu
-
-diff -r d30748143c21 -r 072992bf176d parser/html/javasrc/TreeBuilder.java
---- a/parser/html/javasrc/TreeBuilder.java	Mon May 09 18:05:32 2016 -0700
-+++ b/parser/html/javasrc/TreeBuilder.java	Sun May 15 17:03:06 2016 +0300
-@@ -39,6 +39,11 @@
- import java.util.HashMap;
- import java.util.Map;
- 
-+import org.xml.sax.ErrorHandler;
-+import org.xml.sax.Locator;
-+import org.xml.sax.SAXException;
-+import org.xml.sax.SAXParseException;
-+
- import nu.validator.htmlparser.annotation.Auto;
- import nu.validator.htmlparser.annotation.Const;
- import nu.validator.htmlparser.annotation.IdType;
-@@ -54,11 +59,6 @@
- import nu.validator.htmlparser.common.TokenHandler;
- import nu.validator.htmlparser.common.XmlViolationPolicy;
- 
--import org.xml.sax.ErrorHandler;
--import org.xml.sax.Locator;
--import org.xml.sax.SAXException;
--import org.xml.sax.SAXParseException;
--
- public abstract class TreeBuilder<T> implements TokenHandler,
-         TreeBuilderState<T> {
- 
-@@ -1924,7 +1924,6 @@
-                                     break starttagloop;
-                                 }
-                                 generateImpliedEndTags();
--                                // XXX is the next if dead code?
-                                 if (errorHandler != null && !isCurrent("table")) {
-                                     errNoCheckUnclosedElementsOnStack();
-                                 }
-@@ -2183,11 +2182,11 @@
-                                             pop();
-                                         }
-                                         break;
--                                    } else if (node.isSpecial()
-+                                    } else if (eltPos == 0 || (node.isSpecial()
-                                             && (node.ns != "http://www.w3.org/1999/xhtml"
--                                                || (node.name != "p"
--                                                    && node.name != "address"
--                                                    && node.name != "div"))) {
-+                                                    || (node.name != "p"
-+                                                            && node.name != "address"
-+                                                            && node.name != "div")))) {
-                                         break;
-                                     }
-                                     eltPos--;
-@@ -3878,7 +3877,7 @@
-                                         pop();
-                                     }
-                                     break endtagloop;
--                                } else if (node.isSpecial()) {
-+                                } else if (eltPos == 0 || node.isSpecial()) {
-                                     errStrayEndTag(name);
-                                     break endtagloop;
-                                 }
-@@ -4745,6 +4744,7 @@
-             int furthestBlockPos = formattingEltStackPos + 1;
-             while (furthestBlockPos <= currentPtr) {
-                 StackNode<T> node = stack[furthestBlockPos]; // weak ref
-+                assert furthestBlockPos > 0: "How is formattingEltStackPos + 1 not > 0?";
-                 if (node.isSpecial()) {
-                     break;
-                 }
-diff -r d30748143c21 -r 072992bf176d parser/html/nsHtml5TreeBuilder.cpp
---- a/parser/html/nsHtml5TreeBuilder.cpp	Mon May 09 18:05:32 2016 -0700
-+++ b/parser/html/nsHtml5TreeBuilder.cpp	Sun May 15 17:03:06 2016 +0300
-@@ -1102,7 +1102,7 @@
-                     pop();
-                   }
-                   break;
--                } else if (node->isSpecial() && (node->ns != kNameSpaceID_XHTML || (node->name != nsHtml5Atoms::p && node->name != nsHtml5Atoms::address && node->name != nsHtml5Atoms::div))) {
-+                } else if (!eltPos || (node->isSpecial() && (node->ns != kNameSpaceID_XHTML || (node->name != nsHtml5Atoms::p && node->name != nsHtml5Atoms::address && node->name != nsHtml5Atoms::div)))) {
-                   break;
-                 }
-                 eltPos--;
-@@ -2749,7 +2749,7 @@
-                   pop();
-                 }
-                 NS_HTML5_BREAK(endtagloop);
--              } else if (node->isSpecial()) {
-+              } else if (!eltPos || node->isSpecial()) {
-                 errStrayEndTag(name);
-                 NS_HTML5_BREAK(endtagloop);
-               }
-@@ -3593,6 +3593,7 @@
-     int32_t furthestBlockPos = formattingEltStackPos + 1;
-     while (furthestBlockPos <= currentPtr) {
-       nsHtml5StackNode* node = stack[furthestBlockPos];
-+      MOZ_ASSERT(furthestBlockPos > 0, "How is formattingEltStackPos + 1 not > 0?");
-       if (node->isSpecial()) {
-         break;
-       }
diff --git a/gnu/packages/patches/icecat-CVE-2016-2821.patch b/gnu/packages/patches/icecat-CVE-2016-2821.patch
deleted file mode 100644
index 8255d60009..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-2821.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-  changeset:   312045:7aea44059251
-  user:        Olli Pettay <Olli.Pettay@helsinki.fi>
-  Date:        Fri May 13 20:10:22 2016 +0300
-  summary:     Bug 1271460, don't leak editor created element objects, r=ehsan a=ritu
-
-diff -r 09418166fd77 -r 7aea44059251 editor/libeditor/nsHTMLInlineTableEditor.cpp
---- a/editor/libeditor/nsHTMLInlineTableEditor.cpp	Wed May 11 10:14:45 2016 +0100
-+++ b/editor/libeditor/nsHTMLInlineTableEditor.cpp	Fri May 13 20:10:22 2016 +0300
-@@ -109,7 +109,6 @@
- 
-   // get the root content node.
-   nsCOMPtr<nsIContent> bodyContent = GetRoot();
--  NS_ENSURE_TRUE(bodyContent, NS_ERROR_FAILURE);
- 
-   DeleteRefToAnonymousNode(mAddColumnBeforeButton, bodyContent, ps);
-   mAddColumnBeforeButton = nullptr;
diff --git a/gnu/packages/patches/icecat-CVE-2016-2824.patch b/gnu/packages/patches/icecat-CVE-2016-2824.patch
deleted file mode 100644
index 72772ed15f..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-2824.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-  changeset:   312070:4b54feddf36c
-  user:        JerryShih <hshih@mozilla.com>
-  Date:        Wed May 25 16:27:41 2016 +0200
-  summary:     Bug 1248580 - strip the uploading element num according to the uniform array size. r=jgilbert a=ritu
-
-diff -r 3c2bd9158ad3 -r 4b54feddf36c dom/canvas/WebGLContextValidate.cpp
---- a/dom/canvas/WebGLContextValidate.cpp	Tue May 10 22:58:47 2016 -0500
-+++ b/dom/canvas/WebGLContextValidate.cpp	Wed May 25 16:27:41 2016 +0200
-@@ -1531,9 +1531,10 @@
-     if (!loc->ValidateArrayLength(setterElemSize, setterArraySize, this, funcName))
-         return false;
- 
-+    MOZ_ASSERT((size_t)loc->mActiveInfo->mElemCount > loc->mArrayIndex);
-+    size_t uniformElemCount = loc->mActiveInfo->mElemCount - loc->mArrayIndex;
-     *out_rawLoc = loc->mLoc;
--    *out_numElementsToUpload = std::min((size_t)loc->mActiveInfo->mElemCount,
--                                        setterArraySize / setterElemSize);
-+    *out_numElementsToUpload = std::min(uniformElemCount, setterArraySize / setterElemSize);
-     return true;
- }
- 
-diff -r 3c2bd9158ad3 -r 4b54feddf36c dom/canvas/WebGLProgram.cpp
---- a/dom/canvas/WebGLProgram.cpp	Tue May 10 22:58:47 2016 -0500
-+++ b/dom/canvas/WebGLProgram.cpp	Wed May 25 16:27:41 2016 +0200
-@@ -510,8 +510,14 @@
-     const NS_LossyConvertUTF16toASCII userName(userName_wide);
- 
-     nsDependentCString baseUserName;
--    bool isArray;
--    size_t arrayIndex;
-+    bool isArray = false;
-+    // GLES 2.0.25, Section 2.10, p35
-+    // If the the uniform location is an array, then the location of the first
-+    // element of that array can be retrieved by either using the name of the
-+    // uniform array, or the name of the uniform array appended with "[0]".
-+    // The ParseName() can't recognize this rule. So always initialize
-+    // arrayIndex with 0.
-+    size_t arrayIndex = 0;
-     if (!ParseName(userName, &baseUserName, &isArray, &arrayIndex))
-         return nullptr;
- 
-@@ -536,7 +542,8 @@
-         return nullptr;
- 
-     nsRefPtr<WebGLUniformLocation> locObj = new WebGLUniformLocation(mContext, LinkInfo(),
--                                                                     loc, activeInfo);
-+                                                                     loc, arrayIndex,
-+                                                                     activeInfo);
-     return locObj.forget();
- }
- 
-diff -r 3c2bd9158ad3 -r 4b54feddf36c dom/canvas/WebGLUniformLocation.cpp
---- a/dom/canvas/WebGLUniformLocation.cpp	Tue May 10 22:58:47 2016 -0500
-+++ b/dom/canvas/WebGLUniformLocation.cpp	Wed May 25 16:27:41 2016 +0200
-@@ -16,10 +16,13 @@
- 
- WebGLUniformLocation::WebGLUniformLocation(WebGLContext* webgl,
-                                            const webgl::LinkedProgramInfo* linkInfo,
--                                           GLuint loc, const WebGLActiveInfo* activeInfo)
-+                                           GLuint loc,
-+                                           size_t arrayIndex,
-+                                           const WebGLActiveInfo* activeInfo)
-     : WebGLContextBoundObject(webgl)
-     , mLinkInfo(linkInfo)
-     , mLoc(loc)
-+    , mArrayIndex(arrayIndex)
-     , mActiveInfo(activeInfo)
- { }
- 
-diff -r 3c2bd9158ad3 -r 4b54feddf36c dom/canvas/WebGLUniformLocation.h
---- a/dom/canvas/WebGLUniformLocation.h	Tue May 10 22:58:47 2016 -0500
-+++ b/dom/canvas/WebGLUniformLocation.h	Wed May 25 16:27:41 2016 +0200
-@@ -41,10 +41,11 @@
- 
-     const WeakPtr<const webgl::LinkedProgramInfo> mLinkInfo;
-     const GLuint mLoc;
-+    const size_t mArrayIndex;
-     const WebGLActiveInfo* const mActiveInfo;
- 
-     WebGLUniformLocation(WebGLContext* webgl, const webgl::LinkedProgramInfo* linkInfo,
--                         GLuint loc, const WebGLActiveInfo* activeInfo);
-+                         GLuint loc, size_t arrayIndex, const WebGLActiveInfo* activeInfo);
- 
-     bool ValidateForProgram(WebGLProgram* prog, WebGLContext* webgl,
-                             const char* funcName) const;
diff --git a/gnu/packages/patches/icecat-CVE-2016-2828.patch b/gnu/packages/patches/icecat-CVE-2016-2828.patch
deleted file mode 100644
index 951eb4fc46..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-2828.patch
+++ /dev/null
@@ -1,185 +0,0 @@
-  changeset:   312096:dc190bd03d24
-  tag:         FIREFOX_45_2_0esr_BUILD2
-  tag:         FIREFOX_45_2_0esr_RELEASE
-  user:        Jeff Gilbert <jgilbert@mozilla.com>
-  Date:        Thu Apr 14 13:50:04 2016 -0700
-  summary:     Bug 1224199 - Destroy SharedSurfaces before ~GLContext(). - r=jrmuizel a=lizzard
-
-diff -r b24e1cc592ec -r dc190bd03d24 gfx/gl/GLBlitHelper.cpp
---- a/gfx/gl/GLBlitHelper.cpp	Mon Mar 07 11:51:12 2016 +0000
-+++ b/gfx/gl/GLBlitHelper.cpp	Thu Apr 14 13:50:04 2016 -0700
-@@ -172,6 +172,9 @@
- 
- GLBlitHelper::~GLBlitHelper()
- {
-+    if (!mGL->MakeCurrent())
-+        return;
-+
-     DeleteTexBlitProgram();
- 
-     GLuint tex[] = {
-diff -r b24e1cc592ec -r dc190bd03d24 gfx/gl/GLContext.cpp
---- a/gfx/gl/GLContext.cpp	Mon Mar 07 11:51:12 2016 +0000
-+++ b/gfx/gl/GLContext.cpp	Thu Apr 14 13:50:04 2016 -0700
-@@ -2079,12 +2079,13 @@
-     if (IsDestroyed())
-         return;
- 
-+    // Null these before they're naturally nulled after dtor, as we want GLContext to
-+    // still be alive in *their* dtors.
-+    mScreen = nullptr;
-+    mBlitHelper = nullptr;
-+    mReadTexImageHelper = nullptr;
-+
-     if (MakeCurrent()) {
--        DestroyScreenBuffer();
--
--        mBlitHelper = nullptr;
--        mReadTexImageHelper = nullptr;
--
-         mTexGarbageBin->GLContextTeardown();
-     } else {
-         NS_WARNING("MakeCurrent() failed during MarkDestroyed! Skipping GL object teardown.");
-@@ -2328,8 +2329,6 @@
-         return false;
-     }
- 
--    DestroyScreenBuffer();
--
-     // This will rebind to 0 (Screen) if needed when
-     // it falls out of scope.
-     ScopedBindFramebuffer autoFB(this);
-@@ -2349,12 +2348,6 @@
- }
- 
- void
--GLContext::DestroyScreenBuffer()
--{
--    mScreen = nullptr;
--}
--
--void
- GLContext::ForceDirtyScreen()
- {
-     ScopedBindFramebuffer autoFB(0);
-diff -r b24e1cc592ec -r dc190bd03d24 gfx/gl/GLContext.h
---- a/gfx/gl/GLContext.h	Mon Mar 07 11:51:12 2016 +0000
-+++ b/gfx/gl/GLContext.h	Thu Apr 14 13:50:04 2016 -0700
-@@ -3492,8 +3492,6 @@
-     friend class GLScreenBuffer;
-     UniquePtr<GLScreenBuffer> mScreen;
- 
--    void DestroyScreenBuffer();
--
-     SharedSurface* mLockedSurface;
- 
- public:
-diff -r b24e1cc592ec -r dc190bd03d24 gfx/gl/GLReadTexImageHelper.cpp
---- a/gfx/gl/GLReadTexImageHelper.cpp	Mon Mar 07 11:51:12 2016 +0000
-+++ b/gfx/gl/GLReadTexImageHelper.cpp	Thu Apr 14 13:50:04 2016 -0700
-@@ -31,6 +31,9 @@
- 
- GLReadTexImageHelper::~GLReadTexImageHelper()
- {
-+    if (!mGL->MakeCurrent())
-+        return;
-+
-     mGL->fDeleteProgram(mPrograms[0]);
-     mGL->fDeleteProgram(mPrograms[1]);
-     mGL->fDeleteProgram(mPrograms[2]);
-diff -r b24e1cc592ec -r dc190bd03d24 gfx/gl/SharedSurfaceANGLE.cpp
---- a/gfx/gl/SharedSurfaceANGLE.cpp	Mon Mar 07 11:51:12 2016 +0000
-+++ b/gfx/gl/SharedSurfaceANGLE.cpp	Thu Apr 14 13:50:04 2016 -0700
-@@ -120,8 +120,10 @@
- {
-     mEGL->fDestroySurface(Display(), mPBuffer);
- 
-+    if (!mGL->MakeCurrent())
-+        return;
-+
-     if (mFence) {
--        mGL->MakeCurrent();
-         mGL->fDeleteFences(1, &mFence);
-     }
- }
-diff -r b24e1cc592ec -r dc190bd03d24 gfx/gl/SharedSurfaceEGL.cpp
---- a/gfx/gl/SharedSurfaceEGL.cpp	Mon Mar 07 11:51:12 2016 +0000
-+++ b/gfx/gl/SharedSurfaceEGL.cpp	Thu Apr 14 13:50:04 2016 -0700
-@@ -87,9 +87,12 @@
- {
-     mEGL->fDestroyImage(Display(), mImage);
- 
--    mGL->MakeCurrent();
--    mGL->fDeleteTextures(1, &mProdTex);
--    mProdTex = 0;
-+    if (mSync) {
-+        // We can't call this unless we have the ext, but we will always have
-+        // the ext if we have something to destroy.
-+        mEGL->fDestroySync(Display(), mSync);
-+        mSync = 0;
-+    }
- 
-     if (mConsTex) {
-         MOZ_ASSERT(mGarbageBin);
-@@ -97,12 +100,11 @@
-         mConsTex = 0;
-     }
- 
--    if (mSync) {
--        // We can't call this unless we have the ext, but we will always have
--        // the ext if we have something to destroy.
--        mEGL->fDestroySync(Display(), mSync);
--        mSync = 0;
--    }
-+    if (!mGL->MakeCurrent())
-+        return;
-+
-+    mGL->fDeleteTextures(1, &mProdTex);
-+    mProdTex = 0;
- }
- 
- void
-diff -r b24e1cc592ec -r dc190bd03d24 gfx/gl/SharedSurfaceGralloc.cpp
---- a/gfx/gl/SharedSurfaceGralloc.cpp	Mon Mar 07 11:51:12 2016 +0000
-+++ b/gfx/gl/SharedSurfaceGralloc.cpp	Thu Apr 14 13:50:04 2016 -0700
-@@ -154,7 +154,9 @@
-
-     DEBUG_PRINT("[SharedSurface_Gralloc %p] destroyed\n", this);
- 
--    mGL->MakeCurrent();
-+    if (!mGL->MakeCurrent())
-+        return;
-+
-     mGL->fDeleteTextures(1, &mProdTex);
- 
-     if (mSync) {
-diff -r b24e1cc592ec -r dc190bd03d24 gfx/gl/SharedSurfaceIO.cpp
---- a/gfx/gl/SharedSurfaceIO.cpp	Mon Mar 07 11:51:12 2016 +0000
-+++ b/gfx/gl/SharedSurfaceIO.cpp	Thu Apr 14 13:50:04 2016 -0700
-@@ -111,11 +111,10 @@
- 
- SharedSurface_IOSurface::~SharedSurface_IOSurface()
- {
--    if (mProdTex) {
--        DebugOnly<bool> success = mGL->MakeCurrent();
--        MOZ_ASSERT(success);
--        mGL->fDeleteTextures(1, &mProdTex);
--    }
-+    if (!mGL->MakeCurrent())
-+        return;
-+
-+    mGL->fDeleteTextures(1, &mProdTex);
- }
- 
- ////////////////////////////////////////////////////////////////////////
-diff -r b24e1cc592ec -r dc190bd03d24 gfx/gl/TextureGarbageBin.cpp
---- a/gfx/gl/TextureGarbageBin.cpp	Mon Mar 07 11:51:12 2016 +0000
-+++ b/gfx/gl/TextureGarbageBin.cpp	Thu Apr 14 13:50:04 2016 -0700
-@@ -36,6 +36,7 @@
-     if (!mGL)
-         return;
- 
-+    MOZ_RELEASE_ASSERT(mGL->IsCurrent());
-     while (!mGarbageTextures.empty()) {
-         GLuint tex = mGarbageTextures.top();
-         mGarbageTextures.pop();
diff --git a/gnu/packages/patches/icecat-CVE-2016-2831.patch b/gnu/packages/patches/icecat-CVE-2016-2831.patch
deleted file mode 100644
index b99ecb6458..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-2831.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-  changeset:   312091:a3fff31b8b70
-  user:        Xidorn Quan <quanxunzhen@gmail.com>
-  Date:        Thu Apr 14 17:38:13 2016 +1000
-  summary:     Bug 1261933 - Continue unlocking pointer even if the widget has gone. r=smaug a=lizzard
-
-  MozReview-Commit-ID: 1siQhemFf9O
-
-diff -r f5e862ea4a72 -r a3fff31b8b70 dom/base/nsDocument.cpp
---- a/dom/base/nsDocument.cpp	Tue May 31 18:35:26 2016 -0700
-+++ b/dom/base/nsDocument.cpp	Thu Apr 14 17:38:13 2016 +1000
-@@ -12315,49 +12315,37 @@
- bool
- nsDocument::SetPointerLock(Element* aElement, int aCursorStyle)
- {
--  // NOTE: aElement will be nullptr when unlocking.
--  nsCOMPtr<nsPIDOMWindow> window = GetWindow();
--  if (!window) {
--    NS_WARNING("SetPointerLock(): No Window");
--    return false;
--  }
--
--  nsIDocShell *docShell = window->GetDocShell();
--  if (!docShell) {
--    NS_WARNING("SetPointerLock(): No DocShell (window already closed?)");
--    return false;
--  }
--
--  nsRefPtr<nsPresContext> presContext;
--  docShell->GetPresContext(getter_AddRefs(presContext));
--  if (!presContext) {
--    NS_WARNING("SetPointerLock(): Unable to get presContext in \
--                domWindow->GetDocShell()->GetPresContext()");
-+  MOZ_ASSERT(!aElement || aElement->OwnerDoc() == this,
-+             "We should be either unlocking pointer (aElement is nullptr), "
-+             "or locking pointer to an element in this document");
-+#ifdef DEBUG
-+  if (!aElement) {
-+    nsCOMPtr<nsIDocument> pointerLockedDoc =
-+      do_QueryReferent(EventStateManager::sPointerLockedDoc);
-+    MOZ_ASSERT(pointerLockedDoc == this);
-+  }
-+#endif
-+
-+  nsIPresShell* shell = GetShell();
-+  if (!shell) {
-+    NS_WARNING("SetPointerLock(): No PresShell");
-     return false;
-   }
--
--  nsCOMPtr<nsIPresShell> shell = presContext->PresShell();
--  if (!shell) {
--    NS_WARNING("SetPointerLock(): Unable to find presContext->PresShell()");
--    return false;
--  }
--
--  nsIFrame* rootFrame = shell->GetRootFrame();
--  if (!rootFrame) {
--    NS_WARNING("SetPointerLock(): Unable to get root frame");
-+  nsPresContext* presContext = shell->GetPresContext();
-+  if (!presContext) {
-+    NS_WARNING("SetPointerLock(): Unable to get PresContext");
-     return false;
-   }
- 
--  nsCOMPtr<nsIWidget> widget = rootFrame->GetNearestWidget();
--  if (!widget) {
--    NS_WARNING("SetPointerLock(): Unable to find widget in \
--                shell->GetRootFrame()->GetNearestWidget();");
--    return false;
--  }
--
--  if (aElement && (aElement->OwnerDoc() != this)) {
--    NS_WARNING("SetPointerLock(): Element not in this document.");
--    return false;
-+  nsCOMPtr<nsIWidget> widget;
-+  nsIFrame* rootFrame = shell->GetRootFrame();
-+  if (!NS_WARN_IF(!rootFrame)) {
-+    widget = rootFrame->GetNearestWidget();
-+    NS_WARN_IF_FALSE(widget, "SetPointerLock(): Unable to find widget "
-+                     "in shell->GetRootFrame()->GetNearestWidget();");
-+    if (aElement && !widget) {
-+      return false;
-+    }
-   }
- 
-   // Hide the cursor and set pointer lock for future mouse events
-diff -r f5e862ea4a72 -r a3fff31b8b70 dom/events/EventStateManager.cpp
---- a/dom/events/EventStateManager.cpp	Tue May 31 18:35:26 2016 -0700
-+++ b/dom/events/EventStateManager.cpp	Thu Apr 14 17:38:13 2016 +1000
-@@ -4128,10 +4128,6 @@
-   // NOTE: aElement will be nullptr when unlocking.
-   sIsPointerLocked = !!aElement;
- 
--  if (!aWidget) {
--    return;
--  }
--
-   // Reset mouse wheel transaction
-   WheelTransaction::EndTransaction();
- 
-@@ -4140,6 +4136,8 @@
-     do_GetService("@mozilla.org/widget/dragservice;1");
- 
-   if (sIsPointerLocked) {
-+    MOZ_ASSERT(aWidget, "Locking pointer requires a widget");
-+
-     // Store the last known ref point so we can reposition the pointer after unlock.
-     mPreLockPoint = sLastRefPoint;
- 
-@@ -4164,7 +4162,9 @@
-     // pre-pointerlock position, so that the synthetic mouse event reports
-     // no movement.
-     sLastRefPoint = mPreLockPoint;
--    aWidget->SynthesizeNativeMouseMove(mPreLockPoint + aWidget->WidgetToScreenOffset());
-+    if (aWidget) {
-+      aWidget->SynthesizeNativeMouseMove(mPreLockPoint + aWidget->WidgetToScreenOffset());
-+    }
- 
-     // Don't retarget events to this element any more.
-     nsIPresShell::SetCapturingContent(nullptr, CAPTURE_POINTERLOCK);
diff --git a/gnu/packages/patches/icecat-avoid-bundled-includes.patch b/gnu/packages/patches/icecat-avoid-bundled-includes.patch
deleted file mode 100644
index d11b528b8e..0000000000
--- a/gnu/packages/patches/icecat-avoid-bundled-includes.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Do not use headers from bundled libraries.
-
---- icecat-38.3.0/xpcom/build/moz.build.orig	2015-10-12 19:33:43.000000000 -0400
-+++ icecat-38.3.0/xpcom/build/moz.build	2015-10-13 16:37:28.693224858 -0400
-@@ -92,10 +92,5 @@
-     '/docshell/base',
- ]
- 
--if CONFIG['MOZ_VPX']:
--    LOCAL_INCLUDES += [
--        '/media/libvpx',
--    ]
--
- if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'cocoa':
-     CXXFLAGS += CONFIG['TK_CFLAGS']
---- icecat-38.3.0/storage/src/moz.build.orig	2015-10-12 19:34:45.000000000 -0400
-+++ icecat-38.3.0/storage/src/moz.build	2015-10-13 18:48:26.584724518 -0400
-@@ -66,7 +66,6 @@
- DEFINES['SQLITE_MAX_LIKE_PATTERN_LENGTH'] = 50000
- 
- LOCAL_INCLUDES += [
--    '/db/sqlite3/src',
-     '/dom/base',
- ]
- 
---- icecat-38.3.0/dom/indexedDB/moz.build.orig	2015-10-12 19:35:00.000000000 -0400
-+++ icecat-38.3.0/dom/indexedDB/moz.build	2015-10-13 19:10:10.528756487 -0400
-@@ -91,7 +91,6 @@
- FAIL_ON_WARNINGS = True
- 
- LOCAL_INCLUDES += [
--    '/db/sqlite3/src',
-     '/dom/base',
-     '/dom/storage',
-     '/dom/workers',
diff --git a/gnu/packages/patches/icecat-avoid-bundled-libraries.patch b/gnu/packages/patches/icecat-avoid-bundled-libraries.patch
new file mode 100644
index 0000000000..267f7b8aac
--- /dev/null
+++ b/gnu/packages/patches/icecat-avoid-bundled-libraries.patch
@@ -0,0 +1,50 @@
+Fixes needed when avoiding bundled libraries.
+
+--- icecat-45.3.0/xpcom/build/moz.build.orig
++++ icecat-45.3.0/xpcom/build/moz.build
+@@ -92,10 +92,5 @@
+     '/docshell/base',
+ ]
+ 
+-if CONFIG['MOZ_VPX']:
+-    LOCAL_INCLUDES += [
+-        '/media/libvpx',
+-    ]
+-
+ if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'cocoa':
+     CXXFLAGS += CONFIG['TK_CFLAGS']
+--- icecat-45.3.0/storage/moz.build.orig
++++ icecat-45.3.0/storage/moz.build
+@@ -108,7 +108,6 @@
+ DEFINES['SQLITE_MAX_LIKE_PATTERN_LENGTH'] = 50000
+ 
+ LOCAL_INCLUDES += [
+-    '/db/sqlite3/src',
+     '/dom/base',
+ ]
+ 
+--- icecat-45.3.0/dom/indexedDB/moz.build.orig
++++ icecat-45.3.0/dom/indexedDB/moz.build
+@@ -96,7 +96,6 @@
+     SOURCES['Key.cpp'].flags += ['-Wno-error=type-limits']
+ 
+ LOCAL_INCLUDES += [
+-    '/db/sqlite3/src',
+     '/dom/base',
+     '/dom/storage',
+     '/dom/workers',
+--- icecat-45.3.0/modules/libmar/tests/Makefile.in.orig
++++ icecat-45.3.0/modules/libmar/tests/Makefile.in
+@@ -10,12 +10,5 @@
+ ifndef MOZ_PROFILE_GENERATE
+ libs::
+ 	$(INSTALL) ../tool/signmar$(BIN_SUFFIX) $(TESTROOT)/unit
+-	$(INSTALL) $(DEPTH)/dist/bin/$(DLL_PREFIX)nss3$(DLL_SUFFIX) $(TESTROOT)/unit
+-ifndef MOZ_FOLD_LIBS
+-	$(INSTALL) $(DEPTH)/dist/bin/$(DLL_PREFIX)nssutil3$(DLL_SUFFIX) $(TESTROOT)/unit
+-	$(INSTALL) $(DEPTH)/dist/bin/$(DLL_PREFIX)plc4$(DLL_SUFFIX) $(TESTROOT)/unit
+-	$(INSTALL) $(DEPTH)/dist/bin/$(DLL_PREFIX)nspr4$(DLL_SUFFIX) $(TESTROOT)/unit
+-	$(INSTALL) $(DEPTH)/dist/bin/$(DLL_PREFIX)plds4$(DLL_SUFFIX) $(TESTROOT)/unit
+-endif
+ endif
+ endif # Not Android
diff --git a/gnu/packages/patches/libupnp-CVE-2016-6255.patch b/gnu/packages/patches/libupnp-CVE-2016-6255.patch
new file mode 100644
index 0000000000..c9a3fa284c
--- /dev/null
+++ b/gnu/packages/patches/libupnp-CVE-2016-6255.patch
@@ -0,0 +1,50 @@
+Fix CVE-2016-6255:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6255
+http://www.openwall.com/lists/oss-security/2016/07/18/13
+
+Patch adapted from upstream commit:
+
+https://github.com/mrjimenez/pupnp/commit/d64d6a44906b5aa5306bdf1708531d698654dda5
+
+The upstream change is simplified to unconditionally disable the HTTP
+POST feature.
+
+From d64d6a44906b5aa5306bdf1708531d698654dda5 Mon Sep 17 00:00:00 2001
+From: Matthew Garrett <mjg59@srcf.ucam.org>
+Date: Tue, 23 Feb 2016 13:53:20 -0800
+Subject: [PATCH] Don't allow unhandled POSTs to write to the filesystem by
+ default
+
+If there's no registered handler for a POST request, the default behaviour
+is to write it to the filesystem. Several million deployed devices appear
+to have this behaviour, making it possible to (at least) store arbitrary
+data on them. Add a configure option that enables this behaviour, and change
+the default to just drop POSTs that aren't directly handled.
+
+Signed-off-by: Marcelo Roberto Jimenez <mroberto@users.sourceforge.net>
+(cherry picked from commit c91a8a3903367e1163765b73eb4d43be7d7927fa)
+---
+ configure.ac                         | 9 +++++++++
+ upnp/inc/upnpconfig.h.in             | 9 +++++++++
+ upnp/src/genlib/net/http/webserver.c | 4 ++++
+ 3 files changed, 22 insertions(+)
+
+diff --git a/upnp/src/genlib/net/http/webserver.c b/upnp/src/genlib/net/http/webserver.c
+index 26bf0f7..7ae8c1e 100644
+--- a/upnp/src/genlib/net/http/webserver.c
++++ b/upnp/src/genlib/net/http/webserver.c
+@@ -1367,9 +1367,13 @@ static int http_RecvPostMessage(
+ 		if (Fp == NULL)
+ 			return HTTP_INTERNAL_SERVER_ERROR;
+ 	} else {
++#if 0
+ 		Fp = fopen(filename, "wb");
+ 		if (Fp == NULL)
+ 			return HTTP_UNAUTHORIZED;
++#else
++		return HTTP_NOT_FOUND;
++#endif
+ 	}
+ 	parser->position = POS_ENTITY;
+ 	do {
diff --git a/gnu/packages/patches/qemu-CVE-2016-8576.patch b/gnu/packages/patches/qemu-CVE-2016-8576.patch
new file mode 100644
index 0000000000..5031b59d81
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2016-8576.patch
@@ -0,0 +1,62 @@
+From 20009bdaf95d10bf748fa69b104672d3cfaceddf Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Fri, 7 Oct 2016 10:15:29 +0200
+Subject: [PATCH] xhci: limit the number of link trbs we are willing to process
+
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/hcd-xhci.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
+index 726435c..ee4fa48 100644
+--- a/hw/usb/hcd-xhci.c
++++ b/hw/usb/hcd-xhci.c
+@@ -54,6 +54,8 @@
+  * to the specs when it gets them */
+ #define ER_FULL_HACK
+ 
++#define TRB_LINK_LIMIT  4
++
+ #define LEN_CAP         0x40
+ #define LEN_OPER        (0x400 + 0x10 * MAXPORTS)
+ #define LEN_RUNTIME     ((MAXINTRS + 1) * 0x20)
+@@ -1000,6 +1002,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
+                                dma_addr_t *addr)
+ {
+     PCIDevice *pci_dev = PCI_DEVICE(xhci);
++    uint32_t link_cnt = 0;
+ 
+     while (1) {
+         TRBType type;
+@@ -1026,6 +1029,9 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
+             ring->dequeue += TRB_SIZE;
+             return type;
+         } else {
++            if (++link_cnt > TRB_LINK_LIMIT) {
++                return 0;
++            }
+             ring->dequeue = xhci_mask64(trb->parameter);
+             if (trb->control & TRB_LK_TC) {
+                 ring->ccs = !ring->ccs;
+@@ -1043,6 +1049,7 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
+     bool ccs = ring->ccs;
+     /* hack to bundle together the two/three TDs that make a setup transfer */
+     bool control_td_set = 0;
++    uint32_t link_cnt = 0;
+ 
+     while (1) {
+         TRBType type;
+@@ -1058,6 +1065,9 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
+         type = TRB_TYPE(trb);
+ 
+         if (type == TR_LINK) {
++            if (++link_cnt > TRB_LINK_LIMIT) {
++                return -length;
++            }
+             dequeue = xhci_mask64(trb.parameter);
+             if (trb.control & TRB_LK_TC) {
+                 ccs = !ccs;
+-- 
+1.8.3.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2016-8577.patch b/gnu/packages/patches/qemu-CVE-2016-8577.patch
new file mode 100644
index 0000000000..c4132d2fb1
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2016-8577.patch
@@ -0,0 +1,36 @@
+Subject: [Qemu-devel] [PATCH] 9pfs: fix potential host memory leak in v9fs_read
+From: Li Qiang <liq3ea@gmail.com>
+
+In 9pfs read dispatch function, it doesn't free two QEMUIOVector
+object thus causing potential memory leak. This patch avoid this.
+
+Signed-off-by: Li Qiang <liq3ea@gmail.com>
+---
+ hw/9pfs/9p.c | 5 +++--
+  1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index 119ee58..543a791 100644
+--- a/hw/9pfs/9p.c
++++ b/hw/9pfs/9p.c
+@@ -1826,14 +1826,15 @@ static void v9fs_read(void *opaque)
+             if (len < 0) {
+                 /* IO error return the error */
+                 err = len;
+-                goto out;
++                goto out_free_iovec;
+             }
+         } while (count < max_count && len > 0);
+         err = pdu_marshal(pdu, offset, "d", count);
+         if (err < 0) {
+-            goto out;
++            goto out_free_iovec;
+         }
+         err += offset + count;
++out_free_iovec:
+         qemu_iovec_destroy(&qiov);
+         qemu_iovec_destroy(&qiov_full);
+     } else if (fidp->fid_type == P9_FID_XATTR) {
+-- 
+1.8.3.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2016-8578.patch b/gnu/packages/patches/qemu-CVE-2016-8578.patch
new file mode 100644
index 0000000000..92ba365727
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2016-8578.patch
@@ -0,0 +1,27 @@
+From: Li Qiang <liq3ea@gmail.com>
+
+In 9pfs function v9fs_iov_vunmarshal, it will not allocate space
+for empty string. This will cause several NULL pointer dereference
+issues. this patch fix this issue.
+
+Signed-off-by: Li Qiang <liq3ea@gmail.com>
+---
+ fsdev/9p-iov-marshal.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c
+index 663cad5..1d16f8d 100644
+--- a/fsdev/9p-iov-marshal.c
++++ b/fsdev/9p-iov-marshal.c
+@@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int out_num, size_t offset,
+                 str->data = g_malloc(str->size + 1);
+                 copied = v9fs_unpack(str->data, out_sg, out_num, offset,
+                                      str->size);
+-                if (copied > 0) {
++                if (copied >= 0) {
+                     str->data[str->size] = 0;
+                 } else {
+                     v9fs_string_free(str);
+-- 
+1.8.3.1
+
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2015-5310.patch b/gnu/packages/patches/wpa-supplicant-CVE-2015-5310.patch
deleted file mode 100644
index 00e5b7c771..0000000000
--- a/gnu/packages/patches/wpa-supplicant-CVE-2015-5310.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 6b12d93d2c7428a34bfd4b3813ba339ed57b698a Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 25 Oct 2015 15:45:50 +0200
-Subject: [PATCH] WNM: Ignore Key Data in WNM Sleep Mode Response frame if no
- PMF in use
-
-WNM Sleep Mode Response frame is used to update GTK/IGTK only if PMF is
-enabled. Verify that PMF is in use before using this field on station
-side to avoid accepting unauthenticated key updates. (CVE-2015-5310)
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- wpa_supplicant/wnm_sta.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
-index 954de67..7d79499 100644
---- a/wpa_supplicant/wnm_sta.c
-+++ b/wpa_supplicant/wnm_sta.c
-@@ -187,6 +187,12 @@ static void wnm_sleep_mode_exit_success(struct wpa_supplicant *wpa_s,
- 	end = ptr + key_len_total;
- 	wpa_hexdump_key(MSG_DEBUG, "WNM: Key Data", ptr, key_len_total);
- 
-+	if (key_len_total && !wpa_sm_pmf_enabled(wpa_s->wpa)) {
-+		wpa_msg(wpa_s, MSG_INFO,
-+			"WNM: Ignore Key Data in WNM-Sleep Mode Response - PMF not enabled");
-+		return;
-+	}
-+
- 	while (ptr + 1 < end) {
- 		if (ptr + 2 + ptr[1] > end) {
- 			wpa_printf(MSG_DEBUG, "WNM: Invalid Key Data element "
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2015-5314.patch b/gnu/packages/patches/wpa-supplicant-CVE-2015-5314.patch
deleted file mode 100644
index bfc4c74e95..0000000000
--- a/gnu/packages/patches/wpa-supplicant-CVE-2015-5314.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From bef802ece03f9ae9d52a21f0cf4f1bc2c5a1f8aa Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Nov 2015 18:24:16 +0200
-Subject: [PATCH] EAP-pwd server: Fix last fragment length validation
-
-All but the last fragment had their length checked against the remaining
-room in the reassembly buffer. This allowed a suitably constructed last
-fragment frame to try to add extra data that would go beyond the buffer.
-The length validation code in wpabuf_put_data() prevents an actual
-buffer write overflow from occurring, but this results in process
-termination. (CVE-2015-5314)
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_server/eap_server_pwd.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
-index cb83ff7..9f787ab 100644
---- a/src/eap_server/eap_server_pwd.c
-+++ b/src/eap_server/eap_server_pwd.c
-@@ -970,7 +970,7 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
- 	/*
- 	 * the first and all intermediate fragments have the M bit set
- 	 */
--	if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
-+	if (EAP_PWD_GET_MORE_BIT(lm_exch) || data->in_frag_pos) {
- 		if ((data->in_frag_pos + len) > wpabuf_size(data->inbuf)) {
- 			wpa_printf(MSG_DEBUG, "EAP-pwd: Buffer overflow "
- 				   "attack detected! (%d+%d > %d)",
-@@ -981,6 +981,8 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
- 		}
- 		wpabuf_put_data(data->inbuf, pos, len);
- 		data->in_frag_pos += len;
-+	}
-+	if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
- 		wpa_printf(MSG_DEBUG, "EAP-pwd: Got a %d byte fragment",
- 			   (int) len);
- 		return;
-@@ -990,8 +992,6 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
- 	 * buffering fragments so that's how we know it's the last)
- 	 */
- 	if (data->in_frag_pos) {
--		wpabuf_put_data(data->inbuf, pos, len);
--		data->in_frag_pos += len;
- 		pos = wpabuf_head_u8(data->inbuf);
- 		len = data->in_frag_pos;
- 		wpa_printf(MSG_DEBUG, "EAP-pwd: Last fragment, %d bytes",
--- 
-1.9.1
-
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2015-5315.patch b/gnu/packages/patches/wpa-supplicant-CVE-2015-5315.patch
deleted file mode 100644
index 82c26398b6..0000000000
--- a/gnu/packages/patches/wpa-supplicant-CVE-2015-5315.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 8057821706784608b828e769ccefbced95591e50 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Nov 2015 18:18:17 +0200
-Subject: [PATCH] EAP-pwd peer: Fix last fragment length validation
-
-All but the last fragment had their length checked against the remaining
-room in the reassembly buffer. This allowed a suitably constructed last
-fragment frame to try to add extra data that would go beyond the buffer.
-The length validation code in wpabuf_put_data() prevents an actual
-buffer write overflow from occurring, but this results in process
-termination. (CVE-2015-5315)
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_peer/eap_pwd.c | 7 +++----
- 1 file changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
-index 1f78544..75ceef1 100644
---- a/src/eap_peer/eap_pwd.c
-+++ b/src/eap_peer/eap_pwd.c
-@@ -903,7 +903,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
- 	/*
- 	 * buffer and ACK the fragment
- 	 */
--	if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
-+	if (EAP_PWD_GET_MORE_BIT(lm_exch) || data->in_frag_pos) {
- 		data->in_frag_pos += len;
- 		if (data->in_frag_pos > wpabuf_size(data->inbuf)) {
- 			wpa_printf(MSG_INFO, "EAP-pwd: Buffer overflow attack "
-@@ -916,7 +916,8 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
- 			return NULL;
- 		}
- 		wpabuf_put_data(data->inbuf, pos, len);
--
-+	}
-+	if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
- 		resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD,
- 				     EAP_PWD_HDR_SIZE,
- 				     EAP_CODE_RESPONSE, eap_get_id(reqData));
-@@ -930,10 +931,8 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
- 	 * we're buffering and this is the last fragment
- 	 */
- 	if (data->in_frag_pos) {
--		wpabuf_put_data(data->inbuf, pos, len);
- 		wpa_printf(MSG_DEBUG, "EAP-pwd: Last fragment, %d bytes",
- 			   (int) len);
--		data->in_frag_pos += len;
- 		pos = wpabuf_head_u8(data->inbuf);
- 		len = data->in_frag_pos;
- 	}
--- 
-1.9.1
-
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2015-5316.patch b/gnu/packages/patches/wpa-supplicant-CVE-2015-5316.patch
deleted file mode 100644
index 3088f6a6dc..0000000000
--- a/gnu/packages/patches/wpa-supplicant-CVE-2015-5316.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 95577884ca4fa76be91344ff7a8d5d1e6dc3da61 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Nov 2015 19:35:44 +0200
-Subject: [PATCH] EAP-pwd peer: Fix error path for unexpected Confirm message
-
-If the Confirm message is received from the server before the Identity
-exchange has been completed, the group has not yet been determined and
-data->grp is NULL. The error path in eap_pwd_perform_confirm_exchange()
-did not take this corner case into account and could end up
-dereferencing a NULL pointer and terminating the process if invalid
-message sequence is received. (CVE-2015-5316)
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_peer/eap_pwd.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
-index 75ceef1..892b590 100644
---- a/src/eap_peer/eap_pwd.c
-+++ b/src/eap_peer/eap_pwd.c
-@@ -774,7 +774,8 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
- 	wpabuf_put_data(data->outbuf, conf, SHA256_MAC_LEN);
- 
- fin:
--	bin_clear_free(cruft, BN_num_bytes(data->grp->prime));
-+	if (data->grp)
-+		bin_clear_free(cruft, BN_num_bytes(data->grp->prime));
- 	BN_clear_free(x);
- 	BN_clear_free(y);
- 	if (data->outbuf == NULL) {
--- 
-1.9.1
-
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch
deleted file mode 100644
index acad6be0a4..0000000000
--- a/gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From ecbb0b3dc122b0d290987cf9c84010bbe53e1022 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@qca.qualcomm.com>
-Date: Fri, 4 Mar 2016 17:20:18 +0200
-Subject: [PATCH 1/5] WPS: Reject a Credential with invalid passphrase
-
-WPA/WPA2-Personal passphrase is not allowed to include control
-characters. Reject a Credential received from a WPS Registrar both as
-STA (Credential) and AP (AP Settings) if the credential is for WPAPSK or
-WPA2PSK authentication type and includes an invalid passphrase.
-
-This fixes an issue where hostapd or wpa_supplicant could have updated
-the configuration file PSK/passphrase parameter with arbitrary data from
-an external device (Registrar) that may not be fully trusted. Should
-such data include a newline character, the resulting configuration file
-could become invalid and fail to be parsed.
-
-Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
----
- src/utils/common.c         | 12 ++++++++++++
- src/utils/common.h         |  1 +
- src/wps/wps_attr_process.c | 10 ++++++++++
- 3 files changed, 23 insertions(+)
-
-diff --git a/src/utils/common.c b/src/utils/common.c
-index 450e2c6..27b7c02 100644
---- a/src/utils/common.c
-+++ b/src/utils/common.c
-@@ -697,6 +697,18 @@ int is_hex(const u8 *data, size_t len)
- }
- 
- 
-+int has_ctrl_char(const u8 *data, size_t len)
-+{
-+	size_t i;
-+
-+	for (i = 0; i < len; i++) {
-+		if (data[i] < 32 || data[i] == 127)
-+			return 1;
-+	}
-+	return 0;
-+}
-+
-+
- size_t merge_byte_arrays(u8 *res, size_t res_len,
- 			 const u8 *src1, size_t src1_len,
- 			 const u8 *src2, size_t src2_len)
-diff --git a/src/utils/common.h b/src/utils/common.h
-index 701dbb2..a972240 100644
---- a/src/utils/common.h
-+++ b/src/utils/common.h
-@@ -488,6 +488,7 @@ const char * wpa_ssid_txt(const u8 *ssid, size_t ssid_len);
- 
- char * wpa_config_parse_string(const char *value, size_t *len);
- int is_hex(const u8 *data, size_t len);
-+int has_ctrl_char(const u8 *data, size_t len);
- size_t merge_byte_arrays(u8 *res, size_t res_len,
- 			 const u8 *src1, size_t src1_len,
- 			 const u8 *src2, size_t src2_len);
-diff --git a/src/wps/wps_attr_process.c b/src/wps/wps_attr_process.c
-index eadb22f..e8c4579 100644
---- a/src/wps/wps_attr_process.c
-+++ b/src/wps/wps_attr_process.c
-@@ -229,6 +229,16 @@ static int wps_workaround_cred_key(struct wps_credential *cred)
- 		cred->key_len--;
- #endif /* CONFIG_WPS_STRICT */
- 	}
-+
-+
-+	if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK) &&
-+	    (cred->key_len < 8 || has_ctrl_char(cred->key, cred->key_len))) {
-+		wpa_printf(MSG_INFO, "WPS: Reject credential with invalid WPA/WPA2-Personal passphrase");
-+		wpa_hexdump_ascii_key(MSG_INFO, "WPS: Network Key",
-+				      cred->key, cred->key_len);
-+		return -1;
-+	}
-+
- 	return 0;
- }
- 
--- 
-1.9.1
-
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch
deleted file mode 100644
index 507a96e47c..0000000000
--- a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 73e4abb24a936014727924d8b0b2965edfc117dd Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@qca.qualcomm.com>
-Date: Fri, 4 Mar 2016 18:46:41 +0200
-Subject: [PATCH 2/5] Reject psk parameter set with invalid passphrase
- character
-
-WPA/WPA2-Personal passphrase is not allowed to include control
-characters. Reject a passphrase configuration attempt if that passphrase
-includes an invalid passphrase.
-
-This fixes an issue where wpa_supplicant could have updated the
-configuration file psk parameter with arbitrary data from the control
-interface or D-Bus interface. While those interfaces are supposed to be
-accessible only for trusted users/applications, it may be possible that
-an untrusted user has access to a management software component that
-does not validate the passphrase value before passing it to
-wpa_supplicant.
-
-This could allow such an untrusted user to inject up to 63 characters of
-almost arbitrary data into the configuration file. Such configuration
-file could result in wpa_supplicant trying to load a library (e.g.,
-opensc_engine_path, pkcs11_engine_path, pkcs11_module_path,
-load_dynamic_eap) from user controlled location when starting again.
-This would allow code from that library to be executed under the
-wpa_supplicant process privileges.
-
-Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
----
- wpa_supplicant/config.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
-index b1c7870..fdd9643 100644
---- a/wpa_supplicant/config.c
-+++ b/wpa_supplicant/config.c
-@@ -478,6 +478,12 @@ static int wpa_config_parse_psk(const struct parse_data *data,
- 		}
- 		wpa_hexdump_ascii_key(MSG_MSGDUMP, "PSK (ASCII passphrase)",
- 				      (u8 *) value, len);
-+		if (has_ctrl_char((u8 *) value, len)) {
-+			wpa_printf(MSG_ERROR,
-+				   "Line %d: Invalid passphrase character",
-+				   line);
-+			return -1;
-+		}
- 		if (ssid->passphrase && os_strlen(ssid->passphrase) == len &&
- 		    os_memcmp(ssid->passphrase, value, len) == 0) {
- 			/* No change to the previously configured value */
--- 
-1.9.1
-
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch
deleted file mode 100644
index 684d25de96..0000000000
--- a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From 0fe5a234240a108b294a87174ad197f6b5cb38e9 Mon Sep 17 00:00:00 2001
-From: Paul Stewart <pstew@google.com>
-Date: Thu, 3 Mar 2016 15:40:19 -0800
-Subject: [PATCH 3/5] Remove newlines from wpa_supplicant config network
- output
-
-Spurious newlines output while writing the config file can corrupt the
-wpa_supplicant configuration. Avoid writing these for the network block
-parameters. This is a generic filter that cover cases that may not have
-been explicitly addressed with a more specific commit to avoid control
-characters in the psk parameter.
-
-Signed-off-by: Paul Stewart <pstew@google.com>
----
- src/utils/common.c      | 11 +++++++++++
- src/utils/common.h      |  1 +
- wpa_supplicant/config.c | 15 +++++++++++++--
- 3 files changed, 25 insertions(+), 2 deletions(-)
-
-diff --git a/src/utils/common.c b/src/utils/common.c
-index 27b7c02..9856463 100644
---- a/src/utils/common.c
-+++ b/src/utils/common.c
-@@ -709,6 +709,17 @@ int has_ctrl_char(const u8 *data, size_t len)
- }
- 
- 
-+int has_newline(const char *str)
-+{
-+	while (*str) {
-+		if (*str == '\n' || *str == '\r')
-+			return 1;
-+		str++;
-+	}
-+	return 0;
-+}
-+
-+
- size_t merge_byte_arrays(u8 *res, size_t res_len,
- 			 const u8 *src1, size_t src1_len,
- 			 const u8 *src2, size_t src2_len)
-diff --git a/src/utils/common.h b/src/utils/common.h
-index a972240..d19927b 100644
---- a/src/utils/common.h
-+++ b/src/utils/common.h
-@@ -489,6 +489,7 @@ const char * wpa_ssid_txt(const u8 *ssid, size_t ssid_len);
- char * wpa_config_parse_string(const char *value, size_t *len);
- int is_hex(const u8 *data, size_t len);
- int has_ctrl_char(const u8 *data, size_t len);
-+int has_newline(const char *str);
- size_t merge_byte_arrays(u8 *res, size_t res_len,
- 			 const u8 *src1, size_t src1_len,
- 			 const u8 *src2, size_t src2_len);
-diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
-index fdd9643..eb97cd5 100644
---- a/wpa_supplicant/config.c
-+++ b/wpa_supplicant/config.c
-@@ -2699,8 +2699,19 @@ char * wpa_config_get(struct wpa_ssid *ssid, const char *var)
- 
- 	for (i = 0; i < NUM_SSID_FIELDS; i++) {
- 		const struct parse_data *field = &ssid_fields[i];
--		if (os_strcmp(var, field->name) == 0)
--			return field->writer(field, ssid);
-+		if (os_strcmp(var, field->name) == 0) {
-+			char *ret = field->writer(field, ssid);
-+
-+			if (ret && has_newline(ret)) {
-+				wpa_printf(MSG_ERROR,
-+					   "Found newline in value for %s; not returning it",
-+					   var);
-+				os_free(ret);
-+				ret = NULL;
-+			}
-+
-+			return ret;
-+		}
- 	}
- 
- 	return NULL;
--- 
-1.9.1
-
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch
deleted file mode 100644
index 2dd38fee31..0000000000
--- a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From b166cd84a77a6717be9600bf95378a0055d6f5a5 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@qca.qualcomm.com>
-Date: Tue, 5 Apr 2016 23:33:10 +0300
-Subject: [PATCH 4/5] Reject SET_CRED commands with newline characters in the
- string values
-
-Most of the cred block parameters are written as strings without
-filtering and if there is an embedded newline character in the value,
-unexpected configuration file data might be written.
-
-This fixes an issue where wpa_supplicant could have updated the
-configuration file cred parameter with arbitrary data from the control
-interface or D-Bus interface. While those interfaces are supposed to be
-accessible only for trusted users/applications, it may be possible that
-an untrusted user has access to a management software component that
-does not validate the credential value before passing it to
-wpa_supplicant.
-
-This could allow such an untrusted user to inject almost arbitrary data
-into the configuration file. Such configuration file could result in
-wpa_supplicant trying to load a library (e.g., opensc_engine_path,
-pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
-controlled location when starting again. This would allow code from that
-library to be executed under the wpa_supplicant process privileges.
-
-Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
----
- wpa_supplicant/config.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
-index eb97cd5..69152ef 100644
---- a/wpa_supplicant/config.c
-+++ b/wpa_supplicant/config.c
-@@ -2896,6 +2896,8 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var,
- 
- 	if (os_strcmp(var, "password") == 0 &&
- 	    os_strncmp(value, "ext:", 4) == 0) {
-+		if (has_newline(value))
-+			return -1;
- 		str_clear_free(cred->password);
- 		cred->password = os_strdup(value);
- 		cred->ext_password = 1;
-@@ -2946,9 +2948,14 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var,
- 	}
- 
- 	val = wpa_config_parse_string(value, &len);
--	if (val == NULL) {
-+	if (val == NULL ||
-+	    (os_strcmp(var, "excluded_ssid") != 0 &&
-+	     os_strcmp(var, "roaming_consortium") != 0 &&
-+	     os_strcmp(var, "required_roaming_consortium") != 0 &&
-+	     has_newline(val))) {
- 		wpa_printf(MSG_ERROR, "Line %d: invalid field '%s' string "
- 			   "value '%s'.", line, var, value);
-+		os_free(val);
- 		return -1;
- 	}
- 
--- 
-1.9.1
-
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch
deleted file mode 100644
index 5f42aa9219..0000000000
--- a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 2a3f56502b52375c3bf113cf92adfa99bad6b488 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@qca.qualcomm.com>
-Date: Tue, 5 Apr 2016 23:55:48 +0300
-Subject: [PATCH 5/5] Reject SET commands with newline characters in the
- string values
-
-Many of the global configuration parameters are written as strings
-without filtering and if there is an embedded newline character in the
-value, unexpected configuration file data might be written.
-
-This fixes an issue where wpa_supplicant could have updated the
-configuration file global parameter with arbitrary data from the control
-interface or D-Bus interface. While those interfaces are supposed to be
-accessible only for trusted users/applications, it may be possible that
-an untrusted user has access to a management software component that
-does not validate the value of a parameter before passing it to
-wpa_supplicant.
-
-This could allow such an untrusted user to inject almost arbitrary data
-into the configuration file. Such configuration file could result in
-wpa_supplicant trying to load a library (e.g., opensc_engine_path,
-pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
-controlled location when starting again. This would allow code from that
-library to be executed under the wpa_supplicant process privileges.
-
-Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
----
- wpa_supplicant/config.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
-index 69152ef..d9a1603 100644
---- a/wpa_supplicant/config.c
-+++ b/wpa_supplicant/config.c
-@@ -3764,6 +3764,12 @@ static int wpa_global_config_parse_str(const struct global_parse_data *data,
- 		return -1;
- 	}
- 
-+	if (has_newline(pos)) {
-+		wpa_printf(MSG_ERROR, "Line %d: invalid %s value with newline",
-+			   line, data->name);
-+		return -1;
-+	}
-+
- 	tmp = os_strdup(pos);
- 	if (tmp == NULL)
- 		return -1;
--- 
-1.9.1
-
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 30b0bdd22f..26a9113297 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -3744,6 +3744,34 @@ routines such as routines for numerical integration and optimization.")
 (define-public python2-scipy
   (package-with-python2 python-scipy))
 
+(define-public python-socksipy-branch
+  (package
+    (name "python-socksipy-branch")
+    (version "1.01")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "SocksiPy-branch" version))
+       (sha256
+        (base32
+         "01l41v4g7fy9fzvinmjxy6zcbhgqaif8dhdqm4w90fwcw9h51a8p"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:tests? #f)) ; There are no tests
+    (home-page "https://code.google.com/archive/p/socksipy-branch/")
+    (synopsis "Python SOCKS module")
+    (description
+     "SocksiPy - A Python SOCKS client module.  It provides a
+socket-like interface that supports connections to any TCP
+service through the use of a SOCKS4, SOCKS5 or HTTP proxy.
+The original version was developed by Dan Haim, this is a
+branch created by Mario Vilas to address some open issues,
+as the original project seems to have been abandoned circa 2007.")
+    (license license:bsd-3)))
+
+(define-public python2-socksipy-branch
+  (package-with-python2 python-socksipy-branch))
+
 (define-public python-sqlalchemy
   (package
     (name "python-sqlalchemy")
@@ -5876,19 +5904,18 @@ object to help create WSGI responses.")
 (define-public python-xlrd
   (package
     (name "python-xlrd")
-    (version "0.9.4")
+    (version "1.0.0")
     (source (origin
               (method url-fetch)
-              (uri (string-append "https://pypi.python.org/packages/source/x/"
-                                  "xlrd/xlrd-" version ".tar.gz"))
+              (uri (pypi-uri "xlrd" version))
               (sha256
                (base32
-                "0wpa55nvidmm5m2qr622dsh3cj46akdk0h3zjgzschcmydck73cf"))))
+                "0s8hjiz01vbhy85xalrz0qlsmd9ypf36zjqrf97hh984spapvy0g"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
        (modify-phases %standard-phases
-         ;; Current test in setup.py does not work as of 0.9.4, so use nose to
+         ;; Current test in setup.py does not work as of 1.0.0, so use nose to
          ;; run tests instead for now.
          (replace 'check (lambda _ (zero? (system* "nosetests")))))))
     (native-inputs `(("python-nose"       ,python-nose)
diff --git a/gnu/packages/qemu.scm b/gnu/packages/qemu.scm
index aee6a75f0e..9bf8c3afbd 100644
--- a/gnu/packages/qemu.scm
+++ b/gnu/packages/qemu.scm
@@ -76,7 +76,10 @@
                                  version ".tar.bz2"))
              (sha256
               (base32
-               "0lqyz01z90nvxpc3nx4djbci7hx62cwvs5zwd6phssds0sap6vij"))))
+               "0lqyz01z90nvxpc3nx4djbci7hx62cwvs5zwd6phssds0sap6vij"))
+             (patches (search-patches "qemu-CVE-2016-8576.patch"
+                                      "qemu-CVE-2016-8577.patch"
+                                      "qemu-CVE-2016-8578.patch"))))
     (build-system gnu-build-system)
     (arguments
      '(;; Running tests in parallel can occasionally lead to failures, like:
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index a80b8f7739..23d22a3721 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -423,13 +423,13 @@ expectations and mocks frameworks.")
 (define-public bundler
   (package
     (name "bundler")
-    (version "1.12.5")
+    (version "1.13.2")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "bundler" version))
               (sha256
                (base32
-                "1q84xiwm9j771lpmiply0ls9l2bpvl5axn3jblxjvrldh8di2pkc"))))
+                "05gwyhfn103vrmrw13r3n78bcl75mrj82ipsbazcl08wg1bql7x6"))))
     (build-system ruby-build-system)
     (arguments
      '(#:tests? #f)) ; avoid dependency cycles
@@ -2115,7 +2115,7 @@ aware transformations between times in different time zones.")
 (define-public ruby-tzinfo-data
   (package
     (name "ruby-tzinfo-data")
-    (version "1.2016.4")
+    (version "1.2016.7")
     (source
      (origin
        (method url-fetch)
@@ -2128,7 +2128,7 @@ aware transformations between times in different time zones.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "0jnm8i379hn48cq5n39j7wzm08i0mw73kqzx3cqbxpiwlb1hnz80"))
+         "0vh75hkfmqk4hdjv6nm7acw64izwpnv7slkmh2kj7qlfz133yh9l"))
        ;; Remove the known test failure.
        ;; https://github.com/tzinfo/tzinfo-data/issues/10
        ;; https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1587128
@@ -3223,14 +3223,14 @@ that TURN is no longer being maintained.")
 (define-public ruby-mime-types-data
   (package
     (name "ruby-mime-types-data")
-    (version "3.2016.0221")
+    (version "3.2016.0521")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "mime-types-data" version))
        (sha256
         (base32
-         "05ygjn0nnfh6yp1wsi574jckk95wqg9a6g598wk4svvrkmkrzkpn"))))
+         "04my3746hwa4yvbx1ranhfaqkgf6vavi1kyijjnw8w3dy37vqhkm"))))
     (build-system ruby-build-system)
     (native-inputs
      `(("ruby-hoe" ,ruby-hoe)))
@@ -3467,14 +3467,14 @@ support to both Ruby and JRuby.  It uses @code{unf_ext} on CRuby and
 (define-public ruby-domain-name
   (package
     (name "ruby-domain-name")
-    (version "0.5.20160310")
+    (version "0.5.20160826")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "domain_name" version))
        (sha256
         (base32
-         "0g1175zspkqhlvl9s11g7p2nbmqpvpxxv02q8csd0ryc81laapys"))))
+         "0rg7gvp45xmb5qz8ydp7ivw05hhplh6k7mbawrpvkysl2c77w5xx"))))
     (build-system ruby-build-system)
     (arguments
      `(#:phases
@@ -4041,14 +4041,14 @@ generation.")
 (define-public ruby-sequel
   (package
     (name "ruby-sequel")
-    (version "4.34.0")
+    (version "4.39.0")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "sequel" version))
        (sha256
         (base32
-         "0qscddpfwcajggxvbm4a4jv8kkpn6q056bgdg03km34bz8bis1x1"))))
+         "01zqd6mi9wvhbg76b91k35jppha0c944ar9f816gi400cf9817bg"))))
     (build-system ruby-build-system)
     (arguments
      '(#:tests? #f)) ; Avoid dependency loop with ruby-minitest-hooks.
diff --git a/gnu/packages/samba.scm b/gnu/packages/samba.scm
index d089167312..45fa47b3c8 100644
--- a/gnu/packages/samba.scm
+++ b/gnu/packages/samba.scm
@@ -98,14 +98,14 @@ anywhere.")
 (define-public samba
   (package
     (name "samba")
-    (version "4.3.11")
+    (version "4.5.0")
     (source (origin
              (method url-fetch)
-             (uri (string-append "https://www.samba.org/samba/ftp/stable/samba-"
+             (uri (string-append "https://download.samba.org/pub/samba/stable/samba-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "1v2grwivm6rasz1ganbybs0ikz1lydaniy65kxf1v8rl1qqngach"))))
+               "11mmyqag2i4yy6dikcggw776n0laxxr0rxhry72x5pa6nwws9afk"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -164,14 +164,14 @@ Desktops into Active Directory environments using the winbind daemon.")
 (define-public talloc
   (package
     (name "talloc")
-    (version "2.1.7")
+    (version "2.1.8")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.samba.org/ftp/talloc/talloc-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "01m0kzndciyj43z1zd2nc61xqgh9knjv0w7lk1rrrlj8irr4w58r"))))
+                "0c3ihyb0jd8mhvi7gg2mr5w1zl2habx6jlkbyxzyckad2q8lkl92"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -201,14 +201,14 @@ destructors.  It is the core memory allocator used in Samba.")
 (define-public tevent
   (package
     (name "tevent")
-    (version "0.9.28")
+    (version "0.9.31")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.samba.org/ftp/tevent/tevent-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0a9ml52jjnzz7qg9z750mavlvs1yibjwrzy4yl55dc95j0vm7n84"))))
+                "1z1bij9gccps34q8zakr1k7k3gpqs25jas20x1hch16qd8jz44sa"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -236,14 +236,14 @@ many event types, including timers, signals, and the classic file descriptor eve
 (define-public ldb
   (package
     (name "ldb")
-    (version "1.1.26")
+    (version "1.1.27")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.samba.org/ftp/ldb/ldb-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1rmjv12pf57vga8s5z9p9d90rlfckc1lqjbcp89r83cq5fkwfhw8"))))
+                "1b1mkl5p8swb67s9aswavhzswlib34hpgsv66zgns009paf2df6d"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
diff --git a/gnu/packages/scanner.scm b/gnu/packages/scanner.scm
index 76e11a9516..76817b389f 100644
--- a/gnu/packages/scanner.scm
+++ b/gnu/packages/scanner.scm
@@ -29,15 +29,15 @@
 (define-public sane-backends
   (package
     (name "sane-backends")
-    (version "1.0.24")
+    (version "1.0.25")
     (source (origin
              (method url-fetch)
-             (uri (string-append 
-                   "https://alioth.debian.org/frs/download.php/file/3958/"
+             (uri (string-append
+                   "https://alioth.debian.org/frs/download.php/file/4146/"
                    name "-" version ".tar.gz"))
              (sha256
               (base32
-               "0ba68m6bzni54axjk15i51rya7hfsdliwvqyan5msl7iaid0iir7"))))
+               "0b3fvhrxl4l82bf3v0j47ypjv6a0k5lqbgknrq1agpmjca6vmmx4"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -73,4 +73,3 @@ proving access to any raster image scanner hardware (flatbed scanner,
 hand-held scanner, video- and still-cameras, frame-grabbers, etc.).  The
 package contains the library and drivers.")
     (license licence:gpl2+))) ; plus linking exception
-
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 88bfd062df..c551f18481 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -80,20 +80,6 @@ remote applications.")
     (home-page "http://www.libssh.org")
     (license license:lgpl2.1+)))
 
-(define libssh-0.6 ; kept private for use in guile-ssh
-  (package (inherit libssh)
-    (version "0.6.5")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "https://red.libssh.org/attachments/"
-                                  "download/121/libssh-"
-                                  version ".tar.xz"))
-              (sha256
-               (base32
-                "0b6wyx6bwbb8jpn8x4rhlrdiqwqrwrs0mxjmrnqykm9kw1ijgm8g"))
-              (patches (search-patches
-                        "libssh-0.6.5-CVE-2016-0739.patch"))))))
-
 (define-public libssh2
   (package
    (name "libssh2")
@@ -209,7 +195,7 @@ Additionally, various channel-specific options can be negotiated.")
 (define-public guile-ssh
   (package
     (name "guile-ssh")
-    (version "0.9.0")
+    (version "0.10.1")
     (source (origin
               ;; ftp://memory-heap.org/software/guile-ssh/guile-ssh-VERSION.tar.gz
               ;; exists, but the server appears to be too slow and unreliable.
@@ -220,34 +206,29 @@ Additionally, various channel-specific options can be negotiated.")
               (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
-                "04zs1cykwdyj51ag62ymrkgsja9dbhbaaglkvbfbac0bkxl2ir6d"))))
+                "0ky77kr7rnkhbq938bir61mlr8b86lfjcjjb1bxx1y1fhimsiz72"))))
     (build-system gnu-build-system)
     (arguments
-     '(#:phases (alist-cons-after
-                 'unpack 'autoreconf
-                 (lambda* (#:key inputs #:allow-other-keys)
-                   (chmod "doc/version.texi" #o777) ;make it writable
-                   (zero? (system* "autoreconf" "-vfi")))
-                 (alist-cons-after
-                  'install 'fix-libguile-ssh-file-name
-                  (lambda* (#:key outputs #:allow-other-keys)
-                    (let* ((out      (assoc-ref outputs "out"))
-                           (libdir   (string-append out "/lib"))
-                           (guiledir (string-append out
-                                                    "/share/guile/site/2.0")))
-                      (substitute* (find-files guiledir ".scm")
-                        (("\"libguile-ssh\"")
-                         (string-append "\"" libdir "/libguile-ssh\"")))
-
-                      ;; Make sure it works.
-                      (setenv "GUILE_LOAD_PATH" guiledir)
-                      (setenv "GUILE_LOAD_COMPILED_PATH" guiledir)
-                      (zero?
-                       (system* "guile" "-c" "(use-modules (ssh session))"))))
-                  %standard-phases))
-       #:configure-flags (list (string-append "--with-guilesitedir="
-                                              (assoc-ref %outputs "out")
-                                              "/share/guile/site/2.0"))
+     '(#:phases (modify-phases %standard-phases
+                  (add-after 'unpack 'autoreconf
+                    (lambda* (#:key inputs #:allow-other-keys)
+                      (chmod "doc/version.texi" #o777) ;make it writable
+                      (zero? (system* "autoreconf" "-vfi"))))
+                  (add-before 'build 'fix-libguile-ssh-file-name
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      ;; Build and install libguile-ssh.so so that we can use
+                      ;; its absolute file name in .scm files, before we build
+                      ;; the .go files.
+                      (and (zero? (system* "make" "install"
+                                           "-C" "libguile-ssh"
+                                           "-j" (number->string
+                                                 (parallel-job-count))))
+                           (let* ((out      (assoc-ref outputs "out"))
+                                  (libdir   (string-append out "/lib")))
+                             (substitute* (find-files "." "\\.scm$")
+                               (("\"libguile-ssh\"")
+                                (string-append "\"" libdir "/libguile-ssh\"")))
+                             #t)))))
 
        ;; Tests are not parallel-safe.
        #:parallel-tests? #f))
@@ -258,7 +239,7 @@ Additionally, various channel-specific options can be negotiated.")
                      ("pkg-config" ,pkg-config)
                      ("which" ,which)))
     (inputs `(("guile" ,guile-2.0)
-              ("libssh" ,libssh-0.6)
+              ("libssh" ,libssh)
               ("libgcrypt" ,libgcrypt)))
     (synopsis "Guile bindings to libssh")
     (description
diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm
index 79fb0427fd..0748b5d860 100644
--- a/gnu/packages/statistics.scm
+++ b/gnu/packages/statistics.scm
@@ -432,14 +432,14 @@ and operations on them using LAPACK and SuiteSparse.")
 (define-public r-mgcv
   (package
    (name "r-mgcv")
-   (version "1.8-14")
+   (version "1.8-15")
    (source
     (origin
      (method url-fetch)
      (uri (cran-uri "mgcv" version))
      (sha256
       (base32
-       "0ly9x23q6kd7aqrsb8qjsj8jc597h3068iaqjmkkdv56r5dln29f"))))
+       "05xzmsx51y92c0r0yihac8m9d3v1sqnn8ahcgm3q75j8z6zybsjs"))))
    (build-system r-build-system)
    (home-page "http://cran.r-project.org/web/packages/mgcv")
    (synopsis "Mixed generalised additive model computation")
diff --git a/gnu/packages/tbb.scm b/gnu/packages/tbb.scm
index 43e9288fee..6a668801ff 100644
--- a/gnu/packages/tbb.scm
+++ b/gnu/packages/tbb.scm
@@ -28,16 +28,16 @@
 (define-public tbb
   (package
     (name "tbb")
-    (version "2017")
+    (version "2017_20160916")
     (source (origin
               (method url-fetch)
               (uri (string-append
                     "https://www.threadingbuildingblocks.org/sites/default"
                     "/files/software_releases/source/"
-                    "tbb" version "_20160722oss_src.tgz"))
+                    "tbb" version "oss_src.tgz"))
               (sha256
                (base32
-                "038rmv3s8si51bjrzwyv8ldqw742fjjdfayi8pmjaq5zw32b8pzx"))
+                "1i3zy87gyzw22fvajm039w6g822qzqn7jbmznc8y8c57qpqnf330"))
               (modules '((guix build utils)))
               (snippet
                '(substitute* "build/common.inc"
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 243a8fb44e..c13eec2723 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -1440,7 +1440,7 @@ be used for realtime video capture via Linux-specific APIs.")
 (define-public obs
   (package
     (name "obs")
-    (version "0.15.4")
+    (version "0.16.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/jp9000/obs-studio"
@@ -1448,7 +1448,7 @@ be used for realtime video capture via Linux-specific APIs.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "11bqk0jpp8fp24j0rkjgrv3fdi3xnjyk4wq55j803cg84mn4zsp0"))))
+                "0p2grxyaf79hb3nlja23xp7b2vc1w18llvzcyhnjn2lhwfjabcgm"))))
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f ; no tests
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 4901f116e3..cabf1e6b49 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -45,6 +45,7 @@
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system r)
   #:use-module (guix build-system trivial)
+  #:use-module (guix build-system python)
   #:use-module (gnu packages)
   #:use-module (gnu packages apr)
   #:use-module (gnu packages documentation)
@@ -121,14 +122,14 @@ and its related documentation.")
 (define-public nginx
   (package
     (name "nginx")
-    (version "1.10.1")
+    (version "1.11.4")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://nginx.org/download/nginx-"
+              (uri (string-append "https://nginx.org/download/nginx-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "00d8hxj8453c7989qd7z4f1mjp0k3ib8k29i1qyf11b4ar35ilqz"))))
+                "0fvb09ycxz3xnyynav6ybj6miwh9kv8jcb2vzrmvqhzn8cgiq8h6"))))
     (build-system gnu-build-system)
     (inputs `(("pcre" ,pcre)
               ("openssl" ,openssl)
@@ -140,7 +141,8 @@ and its related documentation.")
          (add-before 'configure 'patch-/bin/sh
            (lambda _
              (substitute* "auto/feature"
-               (("/bin/sh") (which "bash")))))
+               (("/bin/sh") (which "bash")))
+             #t))
          (replace 'configure
            (lambda* (#:key outputs #:allow-other-keys)
              (let ((flags
@@ -186,7 +188,7 @@ and its related documentation.")
                             (string-append share "/conf"))
                (rename-file (string-append out "/html")
                             (string-append share "/html"))))))))
-    (home-page "http://nginx.org")
+    (home-page "https://nginx.org")
     (synopsis "HTTP and reverse proxy server")
     (description
      "Nginx (\"engine X\") is a high-performance web and reverse proxy server
@@ -3147,6 +3149,34 @@ http://opensearch.a9.com} compatible search engines.")
 their web site.")
     (home-page "http://search.cpan.org/~gaas/WWW-RobotRules/")))
 
+(define-public python-feedparser
+  (package
+    (name "python-feedparser")
+    (version "5.2.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "feedparser" version ".tar.bz2"))
+       (sha256
+        (base32
+         "00hb4qg2am06g81mygfi1jsbx8830024jm45g6qp9g8fr6am91yf"))))
+    (build-system python-build-system)
+    (home-page
+     "https://github.com/kurtmckee/feedparser")
+    (synopsis "Parse feeds in Python")
+    (description
+     "Universal feed parser which handles RSS 0.9x, RSS 1.0, RSS 2.0,
+CDF, Atom 0.3, and Atom 1.0 feeds.")
+    (license (list l:bsd-2 ; source code
+                   l:freebsd-doc)))) ; documentation
+
+(define-public python2-feedparser
+  (let ((base (package-with-python2
+               (strip-python2-variant python-feedparser))))
+    (package (inherit base)
+             (native-inputs
+              `(("python2-setuptools" ,python2-setuptools))))))
+
 (define-public r-httpuv
   (package
     (name "r-httpuv")
diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm
index d098d831e1..ccac677202 100644
--- a/gnu/services/xorg.scm
+++ b/gnu/services/xorg.scm
@@ -108,6 +108,7 @@ Section \"Files\"
   FontPath \"" font-adobe75dpi "/share/fonts/X11/75dpi\"
   ModulePath \"" xf86-video-vesa "/lib/xorg/modules/drivers\"
   ModulePath \"" xf86-video-fbdev "/lib/xorg/modules/drivers\"
+  ModulePath \"" xf86-video-ati "/lib/xorg/modules/drivers\"
   ModulePath \"" xf86-video-modesetting "/lib/xorg/modules/drivers\"
   ModulePath \"" xf86-video-cirrus "/lib/xorg/modules/drivers\"
   ModulePath \"" xf86-video-intel "/lib/xorg/modules/drivers\"
@@ -145,6 +146,7 @@ EndSection
 (define %default-xorg-modules
   (list xf86-video-vesa
         xf86-video-fbdev
+        xf86-video-ati
         xf86-video-modesetting
         xf86-video-cirrus
         xf86-video-intel