summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
Diffstat (limited to 'gnu')
-rw-r--r--gnu/bootloader.scm16
-rw-r--r--gnu/bootloader/extlinux.scm19
-rw-r--r--gnu/bootloader/grub.scm49
-rw-r--r--gnu/bootloader/u-boot.scm47
-rw-r--r--gnu/build/activation.scm1
-rw-r--r--gnu/build/file-systems.scm17
-rw-r--r--gnu/build/vm.scm31
-rw-r--r--gnu/local.mk129
-rw-r--r--gnu/packages/acct.scm4
-rw-r--r--gnu/packages/admin.scm96
-rw-r--r--gnu/packages/algebra.scm6
-rw-r--r--gnu/packages/animation.scm10
-rw-r--r--gnu/packages/aspell.scm5
-rw-r--r--gnu/packages/audio.scm7
-rw-r--r--gnu/packages/augeas.scm5
-rw-r--r--gnu/packages/autotools.scm19
-rw-r--r--gnu/packages/aux-files/emacs/guix-emacs.el9
-rw-r--r--gnu/packages/backup.scm30
-rw-r--r--gnu/packages/base.scm229
-rw-r--r--gnu/packages/bash.scm54
-rw-r--r--gnu/packages/bdw-gc.scm20
-rw-r--r--gnu/packages/bioinformatics.scm695
-rw-r--r--gnu/packages/boost.scm12
-rw-r--r--gnu/packages/bootloaders.scm155
-rw-r--r--gnu/packages/bootstrap.scm2
-rw-r--r--gnu/packages/build-tools.scm39
-rw-r--r--gnu/packages/calendar.scm6
-rw-r--r--gnu/packages/certs.scm23
-rw-r--r--gnu/packages/check.scm10
-rw-r--r--gnu/packages/ci.scm28
-rw-r--r--gnu/packages/code.scm55
-rw-r--r--gnu/packages/commencement.scm30
-rw-r--r--gnu/packages/compression.scm194
-rw-r--r--gnu/packages/connman.scm4
-rw-r--r--gnu/packages/cran.scm930
-rw-r--r--gnu/packages/crypto.scm136
-rw-r--r--gnu/packages/cups.scm14
-rw-r--r--gnu/packages/curl.scm29
-rw-r--r--gnu/packages/databases.scm65
-rw-r--r--gnu/packages/datamash.scm6
-rw-r--r--gnu/packages/dav.scm4
-rw-r--r--gnu/packages/debug.scm65
-rw-r--r--gnu/packages/disk.scm32
-rw-r--r--gnu/packages/dns.scm21
-rw-r--r--gnu/packages/ebook.scm85
-rw-r--r--gnu/packages/ed.scm4
-rw-r--r--gnu/packages/emacs.scm349
-rw-r--r--gnu/packages/embedded.scm7
-rw-r--r--gnu/packages/engineering.scm122
-rw-r--r--gnu/packages/enlightenment.scm59
-rw-r--r--gnu/packages/erlang.scm11
-rw-r--r--gnu/packages/file.scm4
-rw-r--r--gnu/packages/finance.scm3
-rw-r--r--gnu/packages/flashing-tools.scm32
-rw-r--r--gnu/packages/flex.scm8
-rw-r--r--gnu/packages/fonts.scm128
-rw-r--r--gnu/packages/fontutils.scm52
-rw-r--r--gnu/packages/forth.scm (renamed from gnu/packages/gforth.scm)2
-rw-r--r--gnu/packages/fpga.scm5
-rw-r--r--gnu/packages/freedesktop.scm64
-rw-r--r--gnu/packages/freeipmi.scm4
-rw-r--r--gnu/packages/ftp.scm4
-rw-r--r--gnu/packages/game-development.scm179
-rw-r--r--gnu/packages/games.scm321
-rw-r--r--gnu/packages/gcc.scm16
-rw-r--r--gnu/packages/gd.scm5
-rw-r--r--gnu/packages/gettext.scm16
-rw-r--r--gnu/packages/ghostscript.scm259
-rw-r--r--gnu/packages/gimp.scm39
-rw-r--r--gnu/packages/gl.scm14
-rw-r--r--gnu/packages/glib.scm3
-rw-r--r--gnu/packages/gnome.scm597
-rw-r--r--gnu/packages/gnucash.scm4
-rw-r--r--gnu/packages/gnunet.scm24
-rw-r--r--gnu/packages/gnupg.scm44
-rw-r--r--gnu/packages/gnuzilla.scm92
-rw-r--r--gnu/packages/gobby.scm85
-rw-r--r--gnu/packages/golang.scm18
-rw-r--r--gnu/packages/graph.scm118
-rw-r--r--gnu/packages/graphics.scm77
-rw-r--r--gnu/packages/groff.scm12
-rw-r--r--gnu/packages/gstreamer.scm60
-rw-r--r--gnu/packages/gtk.scm4
-rw-r--r--gnu/packages/guile-wm.scm7
-rw-r--r--gnu/packages/guile.scm248
-rw-r--r--gnu/packages/ham-radio.scm52
-rw-r--r--gnu/packages/haskell.scm304
-rw-r--r--gnu/packages/icu4c.scm13
-rw-r--r--gnu/packages/image-viewers.scm20
-rw-r--r--gnu/packages/image.scm202
-rw-r--r--gnu/packages/imagemagick.scm123
-rw-r--r--gnu/packages/irc.scm5
-rw-r--r--gnu/packages/java.scm69
-rw-r--r--gnu/packages/javascript.scm231
-rw-r--r--gnu/packages/kde-frameworks.scm311
-rw-r--r--gnu/packages/kde.scm15
-rw-r--r--gnu/packages/kerberos.scm35
-rw-r--r--gnu/packages/ld-wrapper.in40
-rw-r--r--gnu/packages/ldc.scm4
-rw-r--r--gnu/packages/lego.scm61
-rw-r--r--gnu/packages/libevent.scm12
-rw-r--r--gnu/packages/libffi.scm3
-rw-r--r--gnu/packages/libidn.scm38
-rw-r--r--gnu/packages/libreoffice.scm85
-rw-r--r--gnu/packages/libsigsegv.scm17
-rw-r--r--gnu/packages/libunistring.scm8
-rw-r--r--gnu/packages/libusb.scm16
-rw-r--r--gnu/packages/linux.scm353
-rw-r--r--gnu/packages/lisp.scm25
-rw-r--r--gnu/packages/logging.scm5
-rw-r--r--gnu/packages/machine-learning.scm1
-rw-r--r--gnu/packages/mail.scm21
-rw-r--r--gnu/packages/make-bootstrap.scm30
-rw-r--r--gnu/packages/man.scm4
-rw-r--r--gnu/packages/markup.scm4
-rw-r--r--gnu/packages/maths.scm273
-rw-r--r--gnu/packages/medical.scm60
-rw-r--r--gnu/packages/mes.scm26
-rw-r--r--gnu/packages/messaging.scm30
-rw-r--r--gnu/packages/mg.scm76
-rw-r--r--gnu/packages/moreutils.scm25
-rw-r--r--gnu/packages/motti.scm45
-rw-r--r--gnu/packages/mp3.scm22
-rw-r--r--gnu/packages/mpd.scm11
-rw-r--r--gnu/packages/mpi.scm51
-rw-r--r--gnu/packages/music.scm154
-rw-r--r--gnu/packages/nano.scm4
-rw-r--r--gnu/packages/ncurses.scm29
-rw-r--r--gnu/packages/netpbm.scm23
-rw-r--r--gnu/packages/networking.scm129
-rw-r--r--gnu/packages/nim.scm19
-rw-r--r--gnu/packages/node.scm4
-rw-r--r--gnu/packages/ntp.scm8
-rw-r--r--gnu/packages/ocaml.scm238
-rw-r--r--gnu/packages/openldap.scm35
-rw-r--r--gnu/packages/package-management.scm236
-rw-r--r--gnu/packages/parallel.scm4
-rw-r--r--gnu/packages/password-utils.scm38
-rw-r--r--gnu/packages/patches/ath9k-htc-firmware-binutils.patch20
-rw-r--r--gnu/packages/patches/bcftools-regidx-unsigned-char.patch16
-rw-r--r--gnu/packages/patches/binutils-mips-bash-bug.patch22
-rw-r--r--gnu/packages/patches/catdoc-CVE-2017-11110.patch45
-rw-r--r--gnu/packages/patches/chicken-CVE-2017-11343.patch57
-rw-r--r--gnu/packages/patches/coreutils-cut-huge-range-test.patch29
-rw-r--r--gnu/packages/patches/coreutils-fix-cross-compilation.patch15
-rw-r--r--gnu/packages/patches/curl-bounds-check.patch19
-rw-r--r--gnu/packages/patches/cvs-2017-12836.patch45
-rw-r--r--gnu/packages/patches/deja-dup-use-ref-keyword-for-iter.patch41
-rw-r--r--gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch46
-rw-r--r--gnu/packages/patches/erlang-man-path.patch24
-rw-r--r--gnu/packages/patches/eudev-conflicting-declaration.patch31
-rw-r--r--gnu/packages/patches/evince-CVE-2017-1000083.patch109
-rw-r--r--gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch35
-rw-r--r--gnu/packages/patches/fabric-tests.patch15
-rw-r--r--gnu/packages/patches/findutils-gnulib-multi-core.patch294
-rw-r--r--gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch82
-rw-r--r--gnu/packages/patches/fontconfig-path-max.patch124
-rw-r--r--gnu/packages/patches/freetype-CVE-2017-8105.patch56
-rw-r--r--gnu/packages/patches/freetype-CVE-2017-8287.patch44
-rw-r--r--gnu/packages/patches/gcc-asan-powerpc-missing-include.patch20
-rw-r--r--gnu/packages/patches/gd-CVE-2017-7890.patch30
-rw-r--r--gnu/packages/patches/gettext-gnulib-multi-core.patch178
-rw-r--r--gnu/packages/patches/gettext-multi-core.patch185
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2013-5653.patch85
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2015-3228.patch32
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2016-7976.patch185
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2016-7978.patch25
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2016-7979.patch48
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2016-8602.patch47
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2017-8291.patch166
-rw-r--r--gnu/packages/patches/ghostscript-no-header-creationdate.patch22
-rw-r--r--gnu/packages/patches/ghostscript-no-header-id.patch57
-rw-r--r--gnu/packages/patches/ghostscript-no-header-uuid.patch50
-rw-r--r--gnu/packages/patches/ghostscript-runpath.patch17
-rw-r--r--gnu/packages/patches/glibc-CVE-2015-5180.patch311
-rw-r--r--gnu/packages/patches/glibc-CVE-2015-7547.patch590
-rw-r--r--gnu/packages/patches/glibc-CVE-2016-3075.patch43
-rw-r--r--gnu/packages/patches/glibc-CVE-2016-3706.patch188
-rw-r--r--gnu/packages/patches/glibc-CVE-2016-4429.patch58
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch28
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch16
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch28
-rw-r--r--gnu/packages/patches/grep-gnulib-lock.patch32
-rw-r--r--gnu/packages/patches/groff-source-date-epoch.patch299
-rw-r--r--gnu/packages/patches/guile-2.2-default-utf8.patch78
-rw-r--r--gnu/packages/patches/guile-bytestructures-name-clash.patch31
-rw-r--r--gnu/packages/patches/guile-relocatable.patch4
-rw-r--r--gnu/packages/patches/guile-ssh-channel-finalization.patch28
-rw-r--r--gnu/packages/patches/guile-ssh-double-free.patch37
-rw-r--r--gnu/packages/patches/guile-ssh-rexec-bug.patch16
-rw-r--r--gnu/packages/patches/heimdal-CVE-2017-11103.patch45
-rw-r--r--gnu/packages/patches/heimdal-CVE-2017-6594.patch85
-rw-r--r--gnu/packages/patches/intltool-perl-compatibility.patch76
-rw-r--r--gnu/packages/patches/libffi-3.2.1-complex-alpha.patch28
-rw-r--r--gnu/packages/patches/libgit2-use-after-free.patch24
-rw-r--r--gnu/packages/patches/libtasn1-CVE-2017-10790.patch63
-rw-r--r--gnu/packages/patches/libtasn1-CVE-2017-6891.patch51
-rw-r--r--gnu/packages/patches/libtiff-CVE-2016-10092.patch42
-rw-r--r--gnu/packages/patches/libtiff-CVE-2016-10093.patch53
-rw-r--r--gnu/packages/patches/libtiff-CVE-2016-10094.patch34
-rw-r--r--gnu/packages/patches/libtiff-CVE-2017-5225.patch86
-rw-r--r--gnu/packages/patches/libtiff-assertion-failure.patch60
-rw-r--r--gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch63
-rw-r--r--gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch104
-rw-r--r--gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch57
-rw-r--r--gnu/packages/patches/libtiff-divide-by-zero.patch67
-rw-r--r--gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch131
-rw-r--r--gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch132
-rw-r--r--gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch67
-rw-r--r--gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch60
-rw-r--r--gnu/packages/patches/libtiff-invalid-read.patch64
-rw-r--r--gnu/packages/patches/libtiff-null-dereference.patch42
-rw-r--r--gnu/packages/patches/libtiff-tiffcp-underflow.patch41
-rw-r--r--gnu/packages/patches/libunistring-gnulib-multi-core.patch178
-rw-r--r--gnu/packages/patches/libusb-0.1-disable-tests.patch15
-rw-r--r--gnu/packages/patches/lz4-fix-test-failures.patch136
-rw-r--r--gnu/packages/patches/mesa-fix-32bit-test-failures.patch58
-rw-r--r--gnu/packages/patches/mesa-skip-disk-cache-test.patch7
-rw-r--r--gnu/packages/patches/metabat-fix-boost-issue.patch27
-rw-r--r--gnu/packages/patches/metabat-fix-compilation.patch39
-rw-r--r--gnu/packages/patches/newsbeuter-CVE-2017-12904.patch34
-rw-r--r--gnu/packages/patches/nss-pkgconfig.patch4
-rw-r--r--gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch43
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch233
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch245
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2017-12982.patch28
-rw-r--r--gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch62
-rw-r--r--gnu/packages/patches/perl-net-ssleay-disable-ede-test.patch23
-rw-r--r--gnu/packages/patches/perl-no-sys-dirs.patch73
-rw-r--r--gnu/packages/patches/poppler-CVE-2017-9776.patch34
-rw-r--r--gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch61
-rw-r--r--gnu/packages/patches/python-cython-fix-tests-32bit.patch27
-rw-r--r--gnu/packages/patches/python-fake-factory-fix-build-32bit.patch36
-rw-r--r--gnu/packages/patches/python-file-double-encoding-bug.patch50
-rw-r--r--gnu/packages/patches/python-pbr-fix-man-page-support.patch28
-rw-r--r--gnu/packages/patches/python-pygit2-disable-network-tests.patch79
-rw-r--r--gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch36
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-10664.patch27
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-10806.patch38
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-10911.patch106
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-11334.patch52
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-11434.patch25
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-12809.patch38
-rw-r--r--gnu/packages/patches/quassel-fix-tls-check.patch25
-rw-r--r--gnu/packages/patches/rpm-CVE-2014-8118.patch25
-rw-r--r--gnu/packages/patches/ruby-puma-ignore-broken-test.patch13
-rw-r--r--gnu/packages/patches/shishi-fix-libgcrypt-detection.patch32
-rw-r--r--gnu/packages/patches/sooperlooper-build-with-wx-30.patch179
-rw-r--r--gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch42
-rw-r--r--gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch18
-rw-r--r--gnu/packages/patches/vinagre-revert-1.patch56
-rw-r--r--gnu/packages/patches/vinagre-revert-2.patch448
-rw-r--r--gnu/packages/patches/wget-perl-5.26.patch96
-rw-r--r--gnu/packages/patches/xf86-video-siliconmotion-fix-ftbfs.patch171
-rw-r--r--gnu/packages/pciutils.scm19
-rw-r--r--gnu/packages/pcre.scm17
-rw-r--r--gnu/packages/pdf.scm17
-rw-r--r--gnu/packages/perl.scm648
-rw-r--r--gnu/packages/photo.scm10
-rw-r--r--gnu/packages/php.scm17
-rw-r--r--gnu/packages/pkg-config.scm4
-rw-r--r--gnu/packages/pulseaudio.scm17
-rw-r--r--gnu/packages/pv.scm4
-rw-r--r--gnu/packages/python.scm694
-rw-r--r--gnu/packages/qt.scm106
-rw-r--r--gnu/packages/rails.scm4
-rw-r--r--gnu/packages/rdesktop.scm118
-rw-r--r--gnu/packages/regex.scm4
-rw-r--r--gnu/packages/ruby.scm396
-rw-r--r--gnu/packages/samba.scm21
-rw-r--r--gnu/packages/scheme.scm3
-rw-r--r--gnu/packages/screen.scm4
-rw-r--r--gnu/packages/sdl.scm9
-rw-r--r--gnu/packages/search.scm28
-rw-r--r--gnu/packages/serialization.scm36
-rw-r--r--gnu/packages/shells.scm162
-rw-r--r--gnu/packages/skarnet.scm12
-rw-r--r--gnu/packages/sml.scm72
-rw-r--r--gnu/packages/ssh.scm36
-rw-r--r--gnu/packages/sssd.scm7
-rw-r--r--gnu/packages/statistics.scm542
-rw-r--r--gnu/packages/swig.scm12
-rw-r--r--gnu/packages/sync.scm4
-rw-r--r--gnu/packages/syndication.scm2
-rw-r--r--gnu/packages/tex.scm1464
-rw-r--r--gnu/packages/text-editors.scm62
-rw-r--r--gnu/packages/textutils.scm2
-rw-r--r--gnu/packages/tls.scm126
-rw-r--r--gnu/packages/tor.scm9
-rw-r--r--gnu/packages/valgrind.scm9
-rw-r--r--gnu/packages/version-control.scm117
-rw-r--r--gnu/packages/video.scm27
-rw-r--r--gnu/packages/vim.scm65
-rw-r--r--gnu/packages/virtualization.scm (renamed from gnu/packages/qemu.scm)85
-rw-r--r--gnu/packages/vpn.scm6
-rw-r--r--gnu/packages/web.scm472
-rw-r--r--gnu/packages/webkit.scm4
-rw-r--r--gnu/packages/wget.scm20
-rw-r--r--gnu/packages/wine.scm3
-rw-r--r--gnu/packages/wm.scm48
-rw-r--r--gnu/packages/xdisorg.scm34
-rw-r--r--gnu/packages/xiph.scm9
-rw-r--r--gnu/packages/xml.scm19
-rw-r--r--gnu/packages/xorg.scm109
-rw-r--r--gnu/services/admin.scm171
-rw-r--r--gnu/services/audio.scm86
-rw-r--r--gnu/services/base.scm15
-rw-r--r--gnu/services/cuirass.scm11
-rw-r--r--gnu/services/databases.scm86
-rw-r--r--gnu/services/desktop.scm31
-rw-r--r--gnu/services/herd.scm42
-rw-r--r--gnu/services/networking.scm11
-rw-r--r--gnu/services/ssh.scm96
-rw-r--r--gnu/services/sysctl.scm2
-rw-r--r--gnu/services/virtualization.scm492
-rw-r--r--gnu/services/web.scm274
-rw-r--r--gnu/services/xorg.scm202
-rw-r--r--gnu/system.scm63
-rw-r--r--gnu/system/examples/bare-bones.tmpl4
-rw-r--r--gnu/system/examples/desktop.tmpl7
-rw-r--r--gnu/system/examples/lightweight-desktop.tmpl7
-rw-r--r--gnu/system/examples/vm-image.tmpl2
-rw-r--r--gnu/system/install.scm5
-rw-r--r--gnu/system/locale.scm45
-rw-r--r--gnu/system/shadow.scm8
-rw-r--r--gnu/system/vm.scm94
-rw-r--r--gnu/tests.scm2
-rw-r--r--gnu/tests/admin.scm128
-rw-r--r--gnu/tests/audio.scm78
-rw-r--r--gnu/tests/base.scm310
-rw-r--r--gnu/tests/databases.scm123
-rw-r--r--gnu/tests/dict.scm165
-rw-r--r--gnu/tests/install.scm16
-rw-r--r--gnu/tests/mail.scm388
-rw-r--r--gnu/tests/messaging.scm198
-rw-r--r--gnu/tests/networking.scm95
-rw-r--r--gnu/tests/nfs.scm142
-rw-r--r--gnu/tests/ssh.scm268
-rw-r--r--gnu/tests/virtualization.scm95
-rw-r--r--gnu/tests/web.scm125
340 files changed, 19943 insertions, 8374 deletions
diff --git a/gnu/bootloader.scm b/gnu/bootloader.scm
index d5fcf30f05..122e350874 100644
--- a/gnu/bootloader.scm
+++ b/gnu/bootloader.scm
@@ -30,6 +30,7 @@
             menu-entry-linux
             menu-entry-linux-arguments
             menu-entry-initrd
+            menu-entry-device-mount-point
 
             bootloader
             bootloader?
@@ -42,7 +43,7 @@
             bootloader-configuration
             bootloader-configuration?
             bootloader-configuration-bootloader
-            bootloader-configuration-device
+            bootloader-configuration-target
             bootloader-configuration-menu-entries
             bootloader-configuration-default-entry
             bootloader-configuration-timeout
@@ -67,6 +68,8 @@
   (label           menu-entry-label)
   (device          menu-entry-device       ; file system uuid, label, or #f
                    (default #f))
+  (device-mount-point menu-entry-device-mount-point
+                   (default #f))
   (linux           menu-entry-linux)
   (linux-arguments menu-entry-linux-arguments
                    (default '()))          ; list of string-valued gexps
@@ -104,6 +107,8 @@
   (bootloader                      bootloader-configuration-bootloader)    ; <bootloader>
   (device                          bootloader-configuration-device         ; string
                                    (default #f))
+  (target                          %bootloader-configuration-target         ; string
+                                   (default #f))
   (menu-entries                    bootloader-configuration-menu-entries   ; list of <boot-parameters>
                                    (default '()))
   (default-entry                   bootloader-configuration-default-entry  ; integer
@@ -123,6 +128,15 @@
   (additional-configuration        bootloader-configuration-additional-configuration ; record
                                    (default #f)))
 
+(define (bootloader-configuration-target config)
+  (or (%bootloader-configuration-target config)
+      (let ((device (bootloader-configuration-device config)))
+        (when device
+          (issue-deprecation-warning
+           "The 'device' field of bootloader configurations is deprecated."
+           "Use 'target' instead."))
+        device)))
+
 
 ;;;
 ;;; Bootloaders.
diff --git a/gnu/bootloader/extlinux.scm b/gnu/bootloader/extlinux.scm
index 219b058e53..e5fdeb5801 100644
--- a/gnu/bootloader/extlinux.scm
+++ b/gnu/bootloader/extlinux.scm
@@ -38,14 +38,13 @@
 corresponding to old generations of the system."
 
   (define all-entries
-    (append entries (map menu-entry->boot-parameters
-                         (bootloader-configuration-menu-entries config))))
-
-  (define (boot-parameters->gexp params)
-    (let ((label (boot-parameters-label params))
-          (kernel (boot-parameters-kernel params))
-          (kernel-arguments (boot-parameters-kernel-arguments params))
-          (initrd (boot-parameters-initrd params)))
+    (append entries (bootloader-configuration-menu-entries config)))
+
+  (define (menu-entry->gexp entry)
+    (let ((label (menu-entry-label entry))
+          (kernel (menu-entry-linux entry))
+          (kernel-arguments (menu-entry-linux-arguments entry))
+          (initrd (menu-entry-initrd entry)))
       #~(format port "LABEL ~a
   MENU LABEL ~a
   KERNEL ~a
@@ -69,11 +68,11 @@ TIMEOUT ~a~%"
                     (if (> timeout 0) 1 0)
                     ;; timeout is expressed in 1/10s of seconds.
                     (* 10 timeout))
-            #$@(map boot-parameters->gexp all-entries)
+            #$@(map menu-entry->gexp all-entries)
 
             #$@(if (pair? old-entries)
                    #~((format port "~%")
-                      #$@(map boot-parameters->gexp old-entries)
+                      #$@(map menu-entry->gexp old-entries)
                       (format port "~%"))
                    #~())))))
 
diff --git a/gnu/bootloader/grub.scm b/gnu/bootloader/grub.scm
index 880491c983..a9f0875f36 100644
--- a/gnu/bootloader/grub.scm
+++ b/gnu/bootloader/grub.scm
@@ -55,6 +55,7 @@
 
             grub-bootloader
             grub-efi-bootloader
+            grub-mkrescue-bootloader
 
             grub-configuration))
 
@@ -316,16 +317,14 @@ code."
 STORE-FS, a <file-system> object.  OLD-ENTRIES is taken to be a list of menu
 entries corresponding to old generations of the system."
   (define all-entries
-    (append entries (map menu-entry->boot-parameters
-                         (bootloader-configuration-menu-entries config))))
-
-  (define (boot-parameters->gexp params)
-    (let ((device (boot-parameters-store-device params))
-          (device-mount-point (boot-parameters-store-mount-point params))
-          (label (boot-parameters-label params))
-          (kernel (boot-parameters-kernel params))
-          (arguments (boot-parameters-kernel-arguments params))
-          (initrd (boot-parameters-initrd params)))
+    (append entries (bootloader-configuration-menu-entries config)))
+  (define (menu-entry->gexp entry)
+    (let ((device (menu-entry-device entry))
+          (device-mount-point (menu-entry-device-mount-point entry))
+          (label (menu-entry-label entry))
+          (kernel (menu-entry-linux entry))
+          (arguments (menu-entry-linux-arguments entry))
+          (initrd (menu-entry-initrd entry)))
       ;; Here DEVICE is the store and DEVICE-MOUNT-POINT is its mount point.
       ;; Use the right file names for KERNEL and INITRD in case
       ;; DEVICE-MOUNT-POINT is not "/", meaning that the store is on a
@@ -341,11 +340,10 @@ entries corresponding to old generations of the system."
                   #$(grub-root-search device kernel)
                   #$kernel (string-join (list #$@arguments))
                   #$initrd))))
-
   (mlet %store-monad ((sugar (eye-candy config
-                                        (boot-parameters-store-device
+                                        (menu-entry-device
                                          (first all-entries))
-                                        (boot-parameters-store-mount-point
+                                        (menu-entry-device-mount-point
                                          (first all-entries))
                                         #:system system
                                         #:port #~port)))
@@ -362,12 +360,12 @@ set default=~a
 set timeout=~a~%"
                     #$(bootloader-configuration-default-entry config)
                     #$(bootloader-configuration-timeout config))
-            #$@(map boot-parameters->gexp all-entries)
+            #$@(map menu-entry->gexp all-entries)
 
             #$@(if (pair? old-entries)
                    #~((format port "
 submenu \"GNU system, old configurations...\" {~%")
-                      #$@(map boot-parameters->gexp old-entries)
+                      #$@(map menu-entry->gexp old-entries)
                       (format port "}~%"))
                    #~()))))
 
@@ -391,7 +389,20 @@ submenu \"GNU system, old configurations...\" {~%")
         (unless (zero? (system* grub "--no-floppy"
                                 "--boot-directory" install-dir
                                 device))
-          (error "failed to install GRUB")))))
+          (error "failed to install GRUB (BIOS)")))))
+
+(define install-grub-efi
+  #~(lambda (bootloader efi-dir mount-point)
+      ;; Install GRUB onto the EFI partition mounted at EFI-DIR, for the
+      ;; system whose root is mounted at MOUNT-POINT.
+      (let ((grub-install (string-append bootloader "/sbin/grub-install"))
+            (install-dir (string-append mount-point "/boot")))
+        ;; Tell 'grub-install' that there might be a LUKS-encrypted /boot or
+        ;; root partition.
+        (setenv "GRUB_ENABLE_CRYPTODISK" "y")
+        (unless (zero? (system* grub-install "--boot-directory" install-dir
+                                "--efi-directory" efi-dir))
+          (error "failed to install GRUB (EFI)")))))
 
 
 
@@ -410,9 +421,15 @@ submenu \"GNU system, old configurations...\" {~%")
 (define* grub-efi-bootloader
   (bootloader
    (inherit grub-bootloader)
+   (installer install-grub-efi)
    (name 'grub-efi)
    (package grub-efi)))
 
+(define* grub-mkrescue-bootloader
+  (bootloader
+   (inherit grub-efi-bootloader)
+   (package grub-hybrid)))
+
 
 ;;;
 ;;; Compatibility macros.
diff --git a/gnu/bootloader/u-boot.scm b/gnu/bootloader/u-boot.scm
new file mode 100644
index 0000000000..963b0d7597
--- /dev/null
+++ b/gnu/bootloader/u-boot.scm
@@ -0,0 +1,47 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 David Craven <david@craven.ch>
+;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu bootloader u-boot)
+  #:use-module (gnu bootloader extlinux)
+  #:use-module (gnu bootloader)
+  #:use-module (gnu system)
+  #:use-module (gnu packages bootloaders)
+  #:use-module (guix gexp)
+  #:use-module (guix monads)
+  #:use-module (guix records)
+  #:use-module (guix utils)
+  #:export (u-boot-bootloader))
+
+(define install-u-boot
+  #~(lambda (bootloader device mount-point)
+      (if bootloader
+        (error "Failed to install U-Boot"))))
+
+
+
+;;;
+;;; Bootloader definitions.
+;;;
+
+(define u-boot-bootloader
+  (bootloader
+   (inherit extlinux-bootloader)
+   (name 'u-boot)
+   (package #f)
+   (installer install-u-boot)))
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index 299c0728cb..9c58370ec3 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -313,6 +313,7 @@ they already exist."
     (false-if-exception (delete-file file)))
 
   (format #t "populating /etc from ~a...~%" etc)
+  (mkdir-p "/etc")
 
   ;; Create the /etc/ssl -> /run/current-system/profile/etc/ssl symlink.  This
   ;; symlink, to a target outside of the store, probably doesn't belong in the
diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm
index b6930497d6..203fbdfffb 100644
--- a/gnu/build/file-systems.scm
+++ b/gnu/build/file-systems.scm
@@ -373,15 +373,16 @@ not valid header was found."
 
 (define (disk-partitions)
   "Return the list of device names corresponding to valid disk partitions."
-  (define (last-character str)
-    (string-ref str (- (string-length str) 1)))
-
   (define (partition? name major minor)
-    ;; Select device names that end in a digit, like libblkid's 'probe_all'
-    ;; function does.  Checking for "/sys/dev/block/MAJOR:MINOR/partition"
-    ;; doesn't work for partitions coming from mapped devices.
-    (and (char-set-contains? char-set:digit (last-character name))
-         (> major 2)))                      ;ignore RAM disks and floppy disks
+    ;; grub-mkrescue does some funny things for EFI support which
+    ;; makes it a lot more difficult than one would expect to support
+    ;; booting an ISO-9660 image from an USB flash drive.
+    ;; For example there's a buggy (too small) hidden partition in it
+    ;; which Linux mounts and then proceeds to fail while trying to
+    ;; fall off the edge.
+    ;; In any case, partition tables are supposed to be optional so
+    ;; here we allow checking entire disks for file systems, too.
+    (> major 2))                      ;ignore RAM disks and floppy disks
 
   (call-with-input-file "/proc/partitions"
     (lambda (port)
diff --git a/gnu/build/vm.scm b/gnu/build/vm.scm
index d8c53ef37f..727494ad93 100644
--- a/gnu/build/vm.scm
+++ b/gnu/build/vm.scm
@@ -76,11 +76,14 @@
                            (qemu (qemu-command)) (memory-size 512)
                            linux initrd
                            make-disk-image?
+                           single-file-output?
                            (disk-image-size (* 100 (expt 2 20)))
                            (disk-image-format "qcow2")
                            (references-graphs '()))
   "Run BUILDER, a Scheme file, into a VM running LINUX with INITRD, and copy
-the result to OUTPUT.
+the result to OUTPUT.  If SINGLE-FILE-OUTPUT? is true, copy a single file from
+/xchg to OUTPUT.  Otherwise, copy the contents of /xchg to a new directory
+OUTPUT.
 
 When MAKE-DISK-IMAGE? is true, OUTPUT will contain a VM image of
 DISK-IMAGE-SIZE bytes resulting from the execution of BUILDER, which may
@@ -137,8 +140,17 @@ the #:references-graphs parameter of 'derivation'."
 
   ;; When MAKE-DISK-IMAGE? is true, the image is in OUTPUT already.
   (unless make-disk-image?
-    (mkdir output)
-    (copy-recursively "xchg" output)))
+    (if single-file-output?
+        (let ((graph? (lambda (name stat)
+                        (member (basename name) references-graphs))))
+          (match (find-files "xchg" (negate graph?))
+            ((result)
+             (copy-file result output))
+            (x
+             (error "did not find a single result file" x))))
+        (begin
+          (mkdir output)
+          (copy-recursively "xchg" output)))))
 
 
 ;;;
@@ -157,8 +169,8 @@ the #:references-graphs parameter of 'derivation'."
 (define (estimated-partition-size graphs)
   "Return the estimated size of a partition that can store the store items
 given by GRAPHS, a list of file names produced by #:references-graphs."
-  ;; Simply add a 20% overhead.
-  (round (* 1.2 (closure-size graphs))))
+  ;; Simply add a 25% overhead.
+  (round (* 1.25 (closure-size graphs))))
 
 (define* (initialize-partition-table device partitions
                                      #:key
@@ -354,9 +366,9 @@ SYSTEM-DIRECTORY is the name of the directory of the 'system' derivation."
       (error "failed to create GRUB EFI image"))))
 
 (define* (make-iso9660-image grub config-file os-drv target
-                             #:key (volume-id "GuixSD") (volume-uuid #f))
+                             #:key (volume-id "GuixSD_image") (volume-uuid #f))
   "Given a GRUB package, creates an iso image as TARGET, using CONFIG-FILE as
-Grub configuration and OS-DRV as the stuff in it."
+GRUB configuration and OS-DRV as the stuff in it."
   (let ((grub-mkrescue (string-append grub "/bin/grub-mkrescue")))
     (mkdir-p "/tmp/root/var/run")
     (mkdir-p "/tmp/root/run")
@@ -440,11 +452,14 @@ passing it a directory name where it is mounted."
 
         ;; Create a tiny configuration file telling the embedded grub
         ;; where to load the real thing.
+        ;; XXX This is quite fragile, and can prevent the image from booting
+        ;; when there's more than one volume with this label present.
+        ;; Reproducible almost-UUIDs could reduce the risk (not eliminate it).
         (call-with-output-file grub-config
           (lambda (port)
             (format port
                     "insmod part_msdos~@
-                    search --set=root --label GuixSD~@
+                    search --set=root --label GuixSD_image~@
                     configfile /boot/grub/grub.cfg~%")))
 
         (display "creating EFI firmware image...")
diff --git a/gnu/local.mk b/gnu/local.mk
index 1ced658911..e3daa3c99d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -2,7 +2,7 @@
 # Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 # Copyright © 2013, 2014, 2015, 2016, 2017 Andreas Enge <andreas@enge.fr>
 # Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
-# Copyright © 2013, 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
+# Copyright © 2013, 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
 # Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
 # Copyright © 2016, 2017 Kei Kebreau <kei@openmailbox.org>
 # Copyright © 2016, 2017 Rene Saavedra <rennes@openmailbox.org>
@@ -40,6 +40,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/bootloader.scm				\
   %D%/bootloader/grub.scm                       \
   %D%/bootloader/extlinux.scm                   \
+  %D%/bootloader/u-boot.scm                     \
   %D%/packages.scm				\
   %D%/packages/abduco.scm			\
   %D%/packages/abiword.scm			\
@@ -98,6 +99,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/cpio.scm				\
   %D%/packages/cpp.scm 				\
   %D%/packages/cppi.scm				\
+  %D%/packages/cran.scm				\
   %D%/packages/cross-base.scm			\
   %D%/packages/crypto.scm			\
   %D%/packages/cryptsetup.scm			\
@@ -149,6 +151,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/fonts.scm			\
   %D%/packages/fontutils.scm			\
   %D%/packages/fpga.scm				\
+  %D%/packages/forth.scm			\
   %D%/packages/freedesktop.scm			\
   %D%/packages/freeipmi.scm			\
   %D%/packages/ftp.scm				\
@@ -163,7 +166,6 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/gdb.scm				\
   %D%/packages/geo.scm				\
   %D%/packages/gettext.scm			\
-  %D%/packages/gforth.scm			\
   %D%/packages/ghostscript.scm			\
   %D%/packages/gimp.scm				\
   %D%/packages/gkrellm.scm			\
@@ -182,6 +184,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/gperf.scm			\
   %D%/packages/gprolog.scm			\
   %D%/packages/gps.scm				\
+  %D%/packages/graph.scm			\
   %D%/packages/graphics.scm			\
   %D%/packages/graphviz.scm			\
   %D%/packages/groff.scm			\
@@ -193,6 +196,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/gv.scm				\
   %D%/packages/gxmessage.scm			\
   %D%/packages/haskell.scm			\
+  %D%/packages/ham-radio.scm			\
   %D%/packages/hexedit.scm			\
   %D%/packages/hugs.scm				\
   %D%/packages/hurd.scm				\
@@ -264,12 +268,13 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/maths.scm			\
   %D%/packages/mc.scm				\
   %D%/packages/mcrypt.scm			\
+  %D%/packages/medical.scm			\
   %D%/packages/mes.scm				\
   %D%/packages/messaging.scm			\
   %D%/packages/mingw.scm			\
-  %D%/packages/mg.scm				\
   %D%/packages/microcom.scm			\
   %D%/packages/moe.scm				\
+  %D%/packages/motti.scm			\
   %D%/packages/monitoring.scm			\
   %D%/packages/mono.scm				\
   %D%/packages/moreutils.scm			\
@@ -327,7 +332,6 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/pv.scm				\
   %D%/packages/python.scm			\
   %D%/packages/tryton.scm			\
-  %D%/packages/qemu.scm				\
   %D%/packages/qt.scm				\
   %D%/packages/ragel.scm			\
   %D%/packages/rails.scm			\
@@ -363,6 +367,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/skribilo.scm			\
   %D%/packages/slang.scm			\
   %D%/packages/smalltalk.scm			\
+  %D%/packages/sml.scm				\
   %D%/packages/speech.scm			\
   %D%/packages/spice.scm			\
   %D%/packages/ssh.scm				\
@@ -397,6 +402,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/version-control.scm		\
   %D%/packages/video.scm			\
   %D%/packages/vim.scm				\
+  %D%/packages/virtualization.scm		\
   %D%/packages/vpn.scm				\
   %D%/packages/w3m.scm				\
   %D%/packages/wdiff.scm			\
@@ -421,6 +427,7 @@ GNU_SYSTEM_MODULES =				\
 						\
   %D%/services.scm				\
   %D%/services/admin.scm			\
+  %D%/services/audio.scm                        \
   %D%/services/avahi.scm			\
   %D%/services/base.scm				\
   %D%/services/configuration.scm		\
@@ -433,6 +440,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/services/dns.scm				\
   %D%/services/kerberos.scm			\
   %D%/services/lirc.scm				\
+  %D%/services/virtualization.scm		\
   %D%/services/mail.scm				\
   %D%/services/mcron.scm			\
   %D%/services/messaging.scm			\
@@ -475,7 +483,10 @@ GNU_SYSTEM_MODULES =				\
   %D%/build/vm.scm				\
 						\
   %D%/tests.scm					\
+  %D%/tests/admin.scm				\
+  %D%/tests/audio.scm				\
   %D%/tests/base.scm				\
+  %D%/tests/databases.scm			\
   %D%/tests/dict.scm				\
   %D%/tests/nfs.scm				\
   %D%/tests/install.scm				\
@@ -483,6 +494,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/tests/messaging.scm			\
   %D%/tests/networking.scm			\
   %D%/tests/ssh.scm				\
+  %D%/tests/virtualization.scm			\
   %D%/tests/web.scm
 
 # Modules that do not need to be compiled.
@@ -518,15 +530,16 @@ dist_patch_DATA =						\
   %D%/packages/patches/awesome-reproducible-png.patch		\
   %D%/packages/patches/azr3.patch				\
   %D%/packages/patches/bash-completion-directories.patch	\
+  %D%/packages/patches/bcftools-regidx-unsigned-char.patch	\
   %D%/packages/patches/binutils-ld-new-dtags.patch		\
   %D%/packages/patches/binutils-loongson-workaround.patch	\
-  %D%/packages/patches/binutils-mips-bash-bug.patch		\
   %D%/packages/patches/blast+-fix-makefile.patch		\
   %D%/packages/patches/byobu-writable-status.patch		\
   %D%/packages/patches/cairo-CVE-2016-9082.patch			\
   %D%/packages/patches/calibre-drop-unrar.patch			\
   %D%/packages/patches/calibre-no-updates-dialog.patch		\
   %D%/packages/patches/calibre-use-packaged-feedparser.patch	\
+  %D%/packages/patches/catdoc-CVE-2017-11110.patch		\
   %D%/packages/patches/cdparanoia-fpic.patch			\
   %D%/packages/patches/cdrtools-3.01-mkisofs-isoinfo.patch 	\
   %D%/packages/patches/ceph-disable-cpu-optimizations.patch	\
@@ -534,6 +547,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/ceph-skip-collect-sys-info-test.patch	\
   %D%/packages/patches/ceph-skip-unittest_blockdev.patch	\
   %D%/packages/patches/chicken-CVE-2017-6949.patch		\
+  %D%/packages/patches/chicken-CVE-2017-11343.patch		\
   %D%/packages/patches/chmlib-inttypes.patch			\
   %D%/packages/patches/clang-libc-search-path.patch		\
   %D%/packages/patches/clang-3.8-libc-search-path.patch		\
@@ -546,7 +560,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/cool-retro-term-memory-leak-1.patch	\
   %D%/packages/patches/cool-retro-term-remove-non-free-fonts.patch	\
   %D%/packages/patches/coreutils-cut-huge-range-test.patch	\
-  %D%/packages/patches/coreutils-fix-cross-compilation.patch    \
   %D%/packages/patches/cpio-CVE-2016-2037.patch			\
   %D%/packages/patches/cpufrequtils-fix-aclocal.patch		\
   %D%/packages/patches/cracklib-CVE-2016-6318.patch		\
@@ -556,16 +569,20 @@ dist_patch_DATA =						\
   %D%/packages/patches/crossmap-allow-system-pysam.patch	\
   %D%/packages/patches/csound-header-ordering.patch		\
   %D%/packages/patches/clucene-contribs-lib.patch               \
+  %D%/packages/patches/curl-bounds-check.patch			\
   %D%/packages/patches/cursynth-wave-rand.patch			\
+  %D%/packages/patches/cvs-2017-12836.patch			\
   %D%/packages/patches/cyrus-sasl-CVE-2013-4122.patch		\
   %D%/packages/patches/dblatex-remove-multirow.patch		\
   %D%/packages/patches/dbus-helper-search-path.patch		\
+  %D%/packages/patches/deja-dup-use-ref-keyword-for-iter.patch	\
   %D%/packages/patches/dfu-programmer-fix-libusb.patch		\
   %D%/packages/patches/diffutils-gets-undeclared.patch		\
   %D%/packages/patches/doc++-include-directives.patch		\
   %D%/packages/patches/doc++-segfault-fix.patch			\
   %D%/packages/patches/doxygen-test.patch			\
   %D%/packages/patches/dvd+rw-tools-add-include.patch 		\
+  %D%/packages/patches/e2fsprogs-32bit-quota-warnings.patch	\
   %D%/packages/patches/elfutils-tests-ptrace.patch		\
   %D%/packages/patches/elixir-disable-failing-tests.patch	\
   %D%/packages/patches/einstein-build.patch			\
@@ -573,13 +590,10 @@ dist_patch_DATA =						\
   %D%/packages/patches/emacs-fix-scheme-indent-function.patch	\
   %D%/packages/patches/emacs-scheme-complete-scheme-r5rs-info.patch	\
   %D%/packages/patches/emacs-source-date-epoch.patch		\
+  %D%/packages/patches/erlang-man-path.patch			\
   %D%/packages/patches/eudev-rules-directory.patch		\
-  %D%/packages/patches/eudev-conflicting-declaration.patch	\
   %D%/packages/patches/evilwm-lost-focus-bug.patch		\
-  %D%/packages/patches/evince-CVE-2017-1000083.patch		\
-  %D%/packages/patches/expat-CVE-2016-0718-fix-regression.patch	\
   %D%/packages/patches/exim-CVE-2017-1000369.patch		\
-  %D%/packages/patches/fabric-tests.patch			\
   %D%/packages/patches/fastcap-mulGlobal.patch			\
   %D%/packages/patches/fastcap-mulSetup.patch			\
   %D%/packages/patches/fasthenry-spAllocate.patch		\
@@ -590,22 +604,20 @@ dist_patch_DATA =						\
   %D%/packages/patches/fcgi-2.4.0-gcc44-fixes.patch		\
   %D%/packages/patches/fcgi-2.4.0-poll.patch			\
   %D%/packages/patches/findutils-localstatedir.patch		\
+  %D%/packages/patches/findutils-gnulib-multi-core.patch	\
   %D%/packages/patches/findutils-test-xargs.patch		\
   %D%/packages/patches/flint-ldconfig.patch			\
   %D%/packages/patches/fltk-shared-lib-defines.patch		\
   %D%/packages/patches/fltk-xfont-on-demand.patch		\
-  %D%/packages/patches/fontconfig-charwidth-symbol-conflict.patch	\
-  %D%/packages/patches/fontconfig-path-max.patch		\
   %D%/packages/patches/fontforge-svg-modtime.patch		\
   %D%/packages/patches/freeimage-CVE-2015-0852.patch		\
   %D%/packages/patches/freeimage-CVE-2016-5684.patch		\
   %D%/packages/patches/freeimage-fix-build-with-gcc-5.patch	\
-  %D%/packages/patches/freetype-CVE-2017-8105.patch		\
-  %D%/packages/patches/freetype-CVE-2017-8287.patch		\
   %D%/packages/patches/fuse-overlapping-headers.patch				\
   %D%/packages/patches/gawk-shell.patch				\
   %D%/packages/patches/gcc-arm-bug-71399.patch			\
   %D%/packages/patches/gcc-arm-link-spec-fix.patch		\
+  %D%/packages/patches/gcc-asan-powerpc-missing-include.patch	\
   %D%/packages/patches/gcc-cross-environment-variables.patch	\
   %D%/packages/patches/gcc-libvtv-runpath.patch			\
   %D%/packages/patches/gcc-strmov-store-file-names.patch	\
@@ -619,6 +631,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/gcr-disable-failing-tests.patch		\
   %D%/packages/patches/gcr-fix-collection-tests-to-work-with-gpg-21.patch	\
   %D%/packages/patches/gdk-pixbuf-list-dir.patch		\
+  %D%/packages/patches/gd-CVE-2017-7890.patch		\
   %D%/packages/patches/gd-fix-gd2-read-test.patch		\
   %D%/packages/patches/gd-fix-tests-on-i686.patch		\
   %D%/packages/patches/gd-freetype-test-failure.patch		\
@@ -626,17 +639,21 @@ dist_patch_DATA =						\
   %D%/packages/patches/gegl-CVE-2012-4433.patch			\
   %D%/packages/patches/gemma-intel-compat.patch			\
   %D%/packages/patches/geoclue-config.patch			\
+  %D%/packages/patches/gettext-multi-core.patch          	\
+  %D%/packages/patches/gettext-gnulib-multi-core.patch          \
   %D%/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch	\
-  %D%/packages/patches/ghostscript-CVE-2013-5653.patch		\
-  %D%/packages/patches/ghostscript-CVE-2015-3228.patch		\
-  %D%/packages/patches/ghostscript-CVE-2016-7976.patch		\
-  %D%/packages/patches/ghostscript-CVE-2016-7978.patch		\
-  %D%/packages/patches/ghostscript-CVE-2016-7979.patch		\
-  %D%/packages/patches/ghostscript-CVE-2016-8602.patch		\
   %D%/packages/patches/ghostscript-CVE-2017-8291.patch		\
+  %D%/packages/patches/ghostscript-no-header-id.patch		\
+  %D%/packages/patches/ghostscript-no-header-uuid.patch		\
+  %D%/packages/patches/ghostscript-no-header-creationdate.patch \
   %D%/packages/patches/ghostscript-runpath.patch		\
   %D%/packages/patches/glib-networking-ssl-cert-file.patch	\
   %D%/packages/patches/glib-tests-timer.patch			\
+  %D%/packages/patches/glibc-CVE-2015-5180.patch		\
+  %D%/packages/patches/glibc-CVE-2015-7547.patch		\
+  %D%/packages/patches/glibc-CVE-2016-3075.patch		\
+  %D%/packages/patches/glibc-CVE-2016-3706.patch		\
+  %D%/packages/patches/glibc-CVE-2016-4429.patch		\
   %D%/packages/patches/glibc-CVE-2017-1000366-pt1.patch		\
   %D%/packages/patches/glibc-CVE-2017-1000366-pt2.patch		\
   %D%/packages/patches/glibc-CVE-2017-1000366-pt3.patch		\
@@ -657,19 +674,23 @@ dist_patch_DATA =						\
   %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
   %D%/packages/patches/gobject-introspection-cc.patch		\
   %D%/packages/patches/gobject-introspection-girepository.patch	\
+  %D%/packages/patches/graphicsmagick-CVE-2017-12935.patch	\
+  %D%/packages/patches/graphicsmagick-CVE-2017-12936.patch	\
+  %D%/packages/patches/graphicsmagick-CVE-2017-12937.patch	\
   %D%/packages/patches/graphite2-ffloat-store.patch		\
+  %D%/packages/patches/grep-gnulib-lock.patch                   \
   %D%/packages/patches/grep-timing-sensitive-test.patch		\
+  %D%/packages/patches/groff-source-date-epoch.patch		\
   %D%/packages/patches/gsl-test-i686.patch			\
   %D%/packages/patches/gspell-dash-test.patch			\
   %D%/packages/patches/guile-1.8-cpp-4.5.patch			\
+  %D%/packages/patches/guile-2.2-default-utf8.patch		\
+  %D%/packages/patches/guile-bytestructures-name-clash.patch	\
   %D%/packages/patches/guile-default-utf8.patch			\
   %D%/packages/patches/guile-linux-syscalls.patch		\
   %D%/packages/patches/guile-present-coding.patch		\
   %D%/packages/patches/guile-relocatable.patch			\
   %D%/packages/patches/guile-rsvg-pkgconfig.patch		\
-  %D%/packages/patches/guile-ssh-channel-finalization.patch	\
-  %D%/packages/patches/guile-ssh-double-free.patch		\
-  %D%/packages/patches/guile-ssh-rexec-bug.patch		\
   %D%/packages/patches/gtk2-respect-GUIX_GTK2_PATH.patch	\
   %D%/packages/patches/gtk2-respect-GUIX_GTK2_IM_MODULE_FILE.patch \
   %D%/packages/patches/gtk2-theme-paths.patch			\
@@ -688,6 +709,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/hdf-eos5-remove-gctp.patch		\
   %D%/packages/patches/hdf-eos5-fix-szip.patch			\
   %D%/packages/patches/hdf-eos5-fortrantests.patch		\
+  %D%/packages/patches/heimdal-CVE-2017-6594.patch		\
+  %D%/packages/patches/heimdal-CVE-2017-11103.patch		\
+  %D%/packages/patches/hmmer-remove-cpu-specificity.patch	\
   %D%/packages/patches/higan-remove-march-native-flag.patch	\
   %D%/packages/patches/hubbub-sort-entities.patch		\
   %D%/packages/patches/hurd-fix-eth-multiplexer-dependency.patch        \
@@ -697,7 +721,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/icu4c-reset-keyword-list-iterator.patch	\
   %D%/packages/patches/id3lib-CVE-2007-4460.patch			\
   %D%/packages/patches/ilmbase-fix-tests.patch			\
+  %D%/packages/patches/intltool-perl-compatibility.patch	\
   %D%/packages/patches/isl-0.11.1-aarch64-support.patch	\
+  %D%/packages/patches/jacal-fix-texinfo.patch			\
   %D%/packages/patches/jbig2dec-ignore-testtest.patch		\
   %D%/packages/patches/jbig2dec-CVE-2016-9601.patch		\
   %D%/packages/patches/jbig2dec-CVE-2017-7885.patch		\
@@ -744,7 +770,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libgit2-0.25.1-mtime-0.patch		\
   %D%/packages/patches/libgdata-fix-tests.patch			\
   %D%/packages/patches/libgdata-glib-duplicate-tests.patch	\
-  %D%/packages/patches/libgit2-use-after-free.patch		\
+  %D%/packages/patches/libffi-3.2.1-complex-alpha.patch		\
   %D%/packages/patches/libjxr-fix-function-signature.patch	\
   %D%/packages/patches/libjxr-fix-typos.patch			\
   %D%/packages/patches/liboop-mips64-deplibs-fix.patch		\
@@ -761,26 +787,10 @@ dist_patch_DATA =						\
   %D%/packages/patches/libssh-hostname-parser-bug.patch		\
   %D%/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch	\
   %D%/packages/patches/libtar-CVE-2013-4420.patch 		\
-  %D%/packages/patches/libtasn1-CVE-2017-6891.patch 		\
+  %D%/packages/patches/libtasn1-CVE-2017-10790.patch		\
   %D%/packages/patches/libtheora-config-guess.patch		\
-  %D%/packages/patches/libtiff-CVE-2016-10092.patch		\
-  %D%/packages/patches/libtiff-CVE-2016-10093.patch		\
-  %D%/packages/patches/libtiff-CVE-2016-10094.patch		\
   %D%/packages/patches/libtiff-CVE-2016-10688.patch		\
-  %D%/packages/patches/libtiff-CVE-2017-5225.patch		\
   %D%/packages/patches/libtiff-CVE-2017-9936.patch		\
-  %D%/packages/patches/libtiff-assertion-failure.patch		\
-  %D%/packages/patches/libtiff-divide-by-zero-ojpeg.patch	\
-  %D%/packages/patches/libtiff-divide-by-zero-tiffcp.patch	\
-  %D%/packages/patches/libtiff-divide-by-zero-tiffcrop.patch	\
-  %D%/packages/patches/libtiff-divide-by-zero.patch		\
-  %D%/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch	\
-  %D%/packages/patches/libtiff-heap-overflow-tif-dirread.patch	\
-  %D%/packages/patches/libtiff-heap-overflow-tiffcp.patch	\
-  %D%/packages/patches/libtiff-heap-overflow-tiffcrop.patch	\
-  %D%/packages/patches/libtiff-invalid-read.patch		\
-  %D%/packages/patches/libtiff-null-dereference.patch		\
-  %D%/packages/patches/libtiff-tiffcp-underflow.patch		\
   %D%/packages/patches/libtiff-tiffgetfield-bugs.patch		\
   %D%/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch	\
   %D%/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch	\
@@ -788,6 +798,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/libtorrent-rasterbar-boost-compat.patch	\
   %D%/packages/patches/libtool-skip-tests2.patch		\
   %D%/packages/patches/libunwind-CVE-2015-3239.patch		\
+  %D%/packages/patches/libunistring-gnulib-multi-core.patch	\
+  %D%/packages/patches/libusb-0.1-disable-tests.patch		\
   %D%/packages/patches/libvpx-CVE-2016-2818.patch		\
   %D%/packages/patches/libxcb-python-3.5-compat.patch		\
   %D%/packages/patches/libxml2-CVE-2016-4658.patch		\
@@ -817,7 +829,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/lvm2-static-link.patch			\
   %D%/packages/patches/lxsession-use-gapplication.patch         \
   %D%/packages/patches/lxterminal-CVE-2016-10369.patch		\
-  %D%/packages/patches/lz4-fix-test-failures.patch		\
   %D%/packages/patches/make-impure-dirs.patch			\
   %D%/packages/patches/mars-install.patch			\
   %D%/packages/patches/mars-sfml-2.3.patch			\
@@ -826,10 +837,11 @@ dist_patch_DATA =						\
   %D%/packages/patches/mcrypt-CVE-2012-4409.patch			\
   %D%/packages/patches/mcrypt-CVE-2012-4426.patch			\
   %D%/packages/patches/mcrypt-CVE-2012-4527.patch			\
-  %D%/packages/patches/mesa-fix-32bit-test-failures.patch	\
   %D%/packages/patches/mesa-skip-disk-cache-test.patch		\
   %D%/packages/patches/mesa-wayland-egl-symbols-check-mips.patch	\
   %D%/packages/patches/metabat-remove-compilation-date.patch	\
+  %D%/packages/patches/metabat-fix-compilation.patch		\
+  %D%/packages/patches/metabat-fix-boost-issue.patch		\
   %D%/packages/patches/mhash-keygen-test-segfault.patch		\
   %D%/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch		\
   %D%/packages/patches/mpc123-initialize-ao.patch		\
@@ -853,12 +865,12 @@ dist_patch_DATA =						\
   %D%/packages/patches/netsurf-system-utf8proc.patch		\
   %D%/packages/patches/netsurf-y2038-tests.patch		\
   %D%/packages/patches/netsurf-longer-test-timeout.patch	\
+  %D%/packages/patches/newsbeuter-CVE-2017-12904.patch		\
   %D%/packages/patches/ngircd-handle-zombies.patch		\
   %D%/packages/patches/ninja-zero-mtime.patch			\
   %D%/packages/patches/node-9077.patch				\
   %D%/packages/patches/nss-increase-test-timeout.patch		\
   %D%/packages/patches/nss-pkgconfig.patch			\
-  %D%/packages/patches/ntfs-3g-CVE-2017-0358.patch		\
   %D%/packages/patches/nvi-assume-preserve-path.patch		\
   %D%/packages/patches/nvi-dbpagesize-binpower.patch		\
   %D%/packages/patches/nvi-db4.patch				\
@@ -871,8 +883,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/ola-readdir-r.patch			\
   %D%/packages/patches/openscenegraph-ffmpeg3.patch             \
   %D%/packages/patches/openexr-missing-samples.patch		\
-  %D%/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch		\
-  %D%/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch		\
+  %D%/packages/patches/openjpeg-CVE-2017-12982.patch		\
   %D%/packages/patches/openldap-CVE-2017-9287.patch		\
   %D%/packages/patches/openocd-nrf52.patch			\
   %D%/packages/patches/openssl-runpath.patch			\
@@ -892,12 +903,12 @@ dist_patch_DATA =						\
   %D%/packages/patches/pcre2-CVE-2017-8786.patch		\
   %D%/packages/patches/perl-file-path-CVE-2017-6512.patch	\
   %D%/packages/patches/perl-autosplit-default-time.patch	\
+  %D%/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch	\
   %D%/packages/patches/perl-deterministic-ordering.patch	\
   %D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \
   %D%/packages/patches/perl-gd-options-passthrough-and-fontconfig.patch \
   %D%/packages/patches/perl-io-socket-ssl-openssl-1.0.2f-fix.patch \
   %D%/packages/patches/perl-net-amazon-s3-moose-warning.patch	\
-  %D%/packages/patches/perl-net-ssleay-disable-ede-test.patch	\
   %D%/packages/patches/perl-net-dns-resolver-programmable-fix.patch	\
   %D%/packages/patches/perl-no-sys-dirs.patch			\
   %D%/packages/patches/perl-module-pluggable-search.patch	\
@@ -916,8 +927,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/plotutils-libpng-jmpbuf.patch		\
   %D%/packages/patches/polkit-drop-test.patch			\
   %D%/packages/patches/policycoreutils-make-sepolicy-use-python3.patch	\
-  %D%/packages/patches/poppler-CVE-2017-9776.patch		\
-  %D%/packages/patches/poppler-fix-crash-with-broken-documents.patch	\
   %D%/packages/patches/portaudio-audacity-compat.patch		\
   %D%/packages/patches/portmidi-modular-build.patch		\
   %D%/packages/patches/procmail-ambiguous-getline-debian.patch  \
@@ -941,7 +950,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/python-3.5-fix-tests.patch		\
   %D%/packages/patches/python-3.5-getentropy-on-old-kernels.patch	\
   %D%/packages/patches/python-dendropy-fix-tests.patch		\
-  %D%/packages/patches/python-file-double-encoding-bug.patch	\
   %D%/packages/patches/python-fix-tests.patch			\
   %D%/packages/patches/python-genshi-add-support-for-python-3.4-AST.patch	\
   %D%/packages/patches/python-genshi-buildable-on-python-2.7.patch	\
@@ -953,8 +961,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/python2-rdflib-drop-sparqlwrapper.patch	\
   %D%/packages/patches/python-statsmodels-fix-tests.patch	\
   %D%/packages/patches/python-configobj-setuptools.patch	\
-  %D%/packages/patches/python-cython-fix-tests-32bit.patch	\
-  %D%/packages/patches/python-fake-factory-fix-build-32bit.patch	\
   %D%/packages/patches/python-faker-fix-build-32bit.patch	\
   %D%/packages/patches/python-pandas-skip-failing-tests.patch	\
   %D%/packages/patches/python-paste-remove-website-test.patch	\
@@ -964,7 +970,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/python-pycrypto-CVE-2013-7459.patch	\
   %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \
   %D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch	\
-  %D%/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch	\
   %D%/packages/patches/python2-subprocess32-disable-input-test.patch	\
   %D%/packages/patches/qemu-CVE-2017-7493.patch			\
   %D%/packages/patches/qemu-CVE-2017-8112.patch			\
@@ -972,9 +977,16 @@ dist_patch_DATA =						\
   %D%/packages/patches/qemu-CVE-2017-8379.patch			\
   %D%/packages/patches/qemu-CVE-2017-8380.patch			\
   %D%/packages/patches/qemu-CVE-2017-9524.patch			\
+  %D%/packages/patches/qemu-CVE-2017-10664.patch		\
+  %D%/packages/patches/qemu-CVE-2017-10806.patch		\
+  %D%/packages/patches/qemu-CVE-2017-10911.patch		\
+  %D%/packages/patches/qemu-CVE-2017-11334.patch		\
+  %D%/packages/patches/qemu-CVE-2017-11434.patch		\
+  %D%/packages/patches/qemu-CVE-2017-12809.patch		\
   %D%/packages/patches/qt4-ldflags.patch			\
   %D%/packages/patches/qtscript-disable-tests.patch		\
   %D%/packages/patches/quagga-reproducible-build.patch          \
+  %D%/packages/patches/quassel-fix-tls-check.patch              \
   %D%/packages/patches/quickswitch-fix-dmenu-check.patch	\
   %D%/packages/patches/rapicorn-isnan.patch			\
   %D%/packages/patches/raptor2-heap-overflow.patch		\
@@ -986,11 +998,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/reptyr-fix-gcc-7.patch			\
   %D%/packages/patches/ripperx-missing-file.patch		\
   %D%/packages/patches/rpcbind-CVE-2017-8779.patch		\
-  %D%/packages/patches/rpm-CVE-2014-8118.patch			\
   %D%/packages/patches/rsem-makefile.patch			\
   %D%/packages/patches/ruby-concurrent-ignore-broken-test.patch	\
   %D%/packages/patches/ruby-concurrent-test-arm.patch		\
-  %D%/packages/patches/ruby-puma-ignore-broken-test.patch       \
   %D%/packages/patches/ruby-rack-ignore-failing-test.patch      \
   %D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\
   %D%/packages/patches/rxvt-unicode-escape-sequences.patch	\
@@ -998,18 +1008,21 @@ dist_patch_DATA =						\
   %D%/packages/patches/scotch-test-threading.patch		\
   %D%/packages/patches/sdl-libx11-1.6.patch			\
   %D%/packages/patches/seq24-rename-mutex.patch			\
+  %D%/packages/patches/shishi-fix-libgcrypt-detection.patch	\
   %D%/packages/patches/slim-session.patch			\
   %D%/packages/patches/slim-config.patch			\
   %D%/packages/patches/slim-sigusr1.patch			\
   %D%/packages/patches/slim-reset.patch				\
   %D%/packages/patches/slim-login.patch				\
   %D%/packages/patches/slurm-configure-remove-nonfree-contribs.patch \
+  %D%/packages/patches/sooperlooper-build-with-wx-30.patch 	\
   %D%/packages/patches/spice-CVE-2016-9577.patch		\
   %D%/packages/patches/spice-CVE-2016-9578-1.patch		\
   %D%/packages/patches/spice-CVE-2016-9578-2.patch		\
   %D%/packages/patches/spice-CVE-2017-7506.patch		\
   %D%/packages/patches/steghide-fixes.patch			\
   %D%/packages/patches/superlu-dist-scotchmetis.patch		\
+  %D%/packages/patches/supertuxkart-angelscript-ftbfs.patch		\
   %D%/packages/patches/swish-e-search.patch			\
   %D%/packages/patches/swish-e-format-security.patch		\
   %D%/packages/patches/synfigstudio-fix-ui-with-gtk3.patch 	\
@@ -1024,7 +1037,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/tcsh-fix-out-of-bounds-read.patch	\
   %D%/packages/patches/teensy-loader-cli-help.patch		\
   %D%/packages/patches/teeworlds-use-latest-wavpack.patch	\
-  %D%/packages/patches/texlive-texmf-CVE-2016-10243.patch	\
   %D%/packages/patches/texi2html-document-encoding.patch	\
   %D%/packages/patches/texi2html-i18n.patch			\
   %D%/packages/patches/thefuck-test-environ.patch		\
@@ -1055,16 +1067,20 @@ dist_patch_DATA =						\
   %D%/packages/patches/util-linux-tests.patch			\
   %D%/packages/patches/upower-builddir.patch			\
   %D%/packages/patches/valgrind-enable-arm.patch		\
+  %D%/packages/patches/vinagre-revert-1.patch                   \
+  %D%/packages/patches/vinagre-revert-2.patch                   \
   %D%/packages/patches/virglrenderer-CVE-2017-6386.patch 	\
   %D%/packages/patches/vorbis-tools-CVE-2014-9638+CVE-2014-9639.patch		\
   %D%/packages/patches/vorbis-tools-CVE-2014-9640.patch		\
   %D%/packages/patches/vorbis-tools-CVE-2015-6749.patch		\
   %D%/packages/patches/vpnc-script.patch			\
+  %D%/packages/patches/vsearch-unbundle-cityhash.patch		\
   %D%/packages/patches/vte-CVE-2012-2738-pt1.patch			\
   %D%/packages/patches/vte-CVE-2012-2738-pt2.patch			\
   %D%/packages/patches/weechat-python.patch			\
   %D%/packages/patches/wget-CVE-2017-6508.patch			\
   %D%/packages/patches/wget-fix-504-test-timeout.patch			\
+  %D%/packages/patches/wget-perl-5.26.patch			\
   %D%/packages/patches/wicd-bitrate-none-fix.patch		\
   %D%/packages/patches/wicd-get-selected-profile-fix.patch	\
   %D%/packages/patches/wicd-urwid-1.3.patch			\
@@ -1084,6 +1100,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/xf86-video-geode-glibc-2.20.patch	\
   %D%/packages/patches/xf86-video-i128-remove-mibstore.patch	\
   %D%/packages/patches/xf86-video-mach64-glibc-2.20.patch	\
+  %D%/packages/patches/xf86-video-siliconmotion-fix-ftbfs.patch \
   %D%/packages/patches/xf86-video-tga-remove-mibstore.patch	\
   %D%/packages/patches/xfce4-panel-plugins.patch		\
   %D%/packages/patches/xfce4-session-fix-xflock4.patch		\
diff --git a/gnu/packages/acct.scm b/gnu/packages/acct.scm
index c86713cb35..a0aac153b0 100644
--- a/gnu/packages/acct.scm
+++ b/gnu/packages/acct.scm
@@ -25,7 +25,7 @@
 (define-public acct
   (package
     (name "acct")
-    (version "6.6.3")
+    (version "6.6.4")
     (source
      (origin
       (method url-fetch)
@@ -33,7 +33,7 @@
                           version ".tar.gz"))
       (sha256
        (base32
-        "14x0zklwlg7cc7amlyzffqr8az3fqj1h9dyj0hvl1kpi7cr7kbjy"))))
+        "0gv6m8giazshvgpvwbng98chpas09myyfw1zr2y7hqxib0mvy5ac"))))
     (build-system gnu-build-system)
     (home-page "https://gnu.org/software/acct/")
     (synopsis "Standard login and process accounting utilities")
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 319a34ae8b..fb7fcd6c4b 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -13,7 +13,7 @@
 ;;; Copyright © 2016 Peter Feigl <peter.feigl@nexoid.at>
 ;;; Copyright © 2016 John J. Foerch <jjfoerch@earthlink.net>
 ;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
-;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2017 Ben Sturmfels <ben@sturm.com.au>
 ;;; Copyright © 2017 Ethan R. Jones <doubleplusgood23@gmail.com>
@@ -167,10 +167,10 @@ and provides a \"top-like\" mode (monitoring).")
      `(("pkg-config" ,pkg-config)
 
        ;; This is the Guile we use as a cross-compiler...
-       ("guile" ,guile-2.0)))
+       ("guile" ,guile-2.2)))
     (inputs
      ;; ... and this is the one that appears in shebangs when cross-compiling.
-     `(("guile" ,guile-2.0)))
+     `(("guile" ,guile-2.2)))
     (synopsis "System service manager")
     (description
      "The GNU Shepherd is a daemon-managing daemon, meaning that it supervises
@@ -499,7 +499,7 @@ connection alive.")
          (bind-minor-version "9")
          (bind-patch-version "10")
          (bind-release-type "-P")         ; for patch release, use "-P"
-         (bind-release-version "2")      ; for patch release, e.g. "6"
+         (bind-release-version "3")      ; for patch release, e.g. "6"
          (bind-version (string-append bind-major-version
                                       "."
                                       bind-minor-version
@@ -615,7 +615,7 @@ connection alive.")
                                         "/bind-" bind-version ".tar.gz"))
                     (sha256
                      (base32
-                      "19yl7axphmpm4n2ggb7j5irw4c655yifa1bnlckg6qiyv8dr8n7b"))))
+                      "00yh1d5shrq7y0kfwacax4f8dc0akaa2fha430j92n7mshms65m1"))))
 
                 ;; When cross-compiling, we need the cross Coreutils and sed.
                 ;; Otherwise just use those from %FINAL-INPUTS.
@@ -661,14 +661,14 @@ network statistics collection, security monitoring, network debugging, etc.")
 (define-public tcpdump
   (package
     (name "tcpdump")
-    (version "4.9.0")
+    (version "4.9.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://www.tcpdump.org/release/tcpdump-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0pjsxsy8l71i813sa934cwf1ryp9xbr7nxwsvnzavjdirchq3sga"))))
+                "1wyqbg7bkmgqyslf1ns0xx9fcqi66hvcfm9nf77rl15jvvs8qi7r"))))
     (build-system gnu-build-system)
     (inputs `(("libpcap" ,libpcap)
               ("openssl" ,openssl)))
@@ -849,29 +849,29 @@ system administrator.")
        ;; Avoid non-determinism; see <http://bugs.gnu.org/21918>.
        #:parallel-build? #f
 
-       #:phases (alist-cons-before
-                 'configure 'pre-configure
-                 (lambda _
-                   (substitute* "src/sudo_usage.h.in"
-                     ;; Do not capture 'configure' arguments since we would
-                     ;; unduly retain references, and also because the
-                     ;; CPPFLAGS above would close the string literal
-                     ;; prematurely.
-                     (("@CONFIGURE_ARGS@") "\"\""))
-                   (substitute* (find-files "." "Makefile\\.in")
-                     (("-o [[:graph:]]+ -g [[:graph:]]+")
-                      ;; Allow installation as non-root.
-                      "")
-                     (("^install: (.*)install-sudoers(.*)" _ before after)
-                      ;; Don't try to create /etc/sudoers.
-                      (string-append "install: " before after "\n"))
-                     (("\\$\\(DESTDIR\\)\\$\\(rundir\\)")
-                      ;; Don't try to create /run/sudo.
-                      "$(TMPDIR)/dummy")
-                     (("\\$\\(DESTDIR\\)\\$\\(vardir\\)")
-                      ;; Don't try to create /var/db/sudo.
-                      "$(TMPDIR)/dummy")))
-                 %standard-phases)
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'pre-configure
+           (lambda _
+             (substitute* "src/sudo_usage.h.in"
+               ;; Do not capture 'configure' arguments since we would
+               ;; unduly retain references, and also because the
+               ;; CPPFLAGS above would close the string literal
+               ;; prematurely.
+               (("@CONFIGURE_ARGS@") "\"\""))
+             (substitute* (find-files "." "Makefile\\.in")
+               (("-o [[:graph:]]+ -g [[:graph:]]+")
+                ;; Allow installation as non-root.
+                "")
+               (("^install: (.*)install-sudoers(.*)" _ before after)
+                ;; Don't try to create /etc/sudoers.
+                (string-append "install: " before after "\n"))
+               (("\\$\\(DESTDIR\\)\\$\\(rundir\\)")
+                ;; Don't try to create /run/sudo.
+                "$(TMPDIR)/dummy")
+               (("\\$\\(DESTDIR\\)\\$\\(vardir\\)")
+                ;; Don't try to create /var/db/sudo.
+                "$(TMPDIR)/dummy")))))
 
        ;; XXX: The 'testsudoers' test series expects user 'root' to exist, but
        ;; the chroot's /etc/passwd doesn't have it.  Turn off the tests.
@@ -1599,14 +1599,14 @@ done with the @code{auditctl} utility.")
 (define-public nmap
   (package
     (name "nmap")
-    (version "7.50")
+    (version "7.60")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://nmap.org/dist/nmap-" version
                                   ".tar.bz2"))
               (sha256
                (base32
-                "1ckl2qxqxkrfa2qxdrqyaa4k1hhj273aqckrc46fijdz0a76mag9"))
+                "08bga42ipymmbxd7wy4x5sl26c0ir1fm3n9rc6nqmhx69z66wyd8"))
               (modules '((guix build utils)))
               (snippet
                '(map delete-file-recursively
@@ -1718,7 +1718,7 @@ throughput (in the same interval).")
 (define-public thefuck
   (package
     (name "thefuck")
-    (version "3.18")
+    (version "3.19")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/nvbn/thefuck/archive/"
@@ -1726,7 +1726,7 @@ throughput (in the same interval).")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1xsvkqh89rgxq5w03mnlcfkn9y39nfwhb2pjabjspcc2mi2mq5y6"))
+                "191zbvkyc02h0wwd46xwj4zzg7jhlr8xv0ji6knqkgjnk0nvqq01"))
               (patches (search-patches "thefuck-test-environ.patch"))))
     (build-system python-build-system)
     (arguments
@@ -1793,14 +1793,14 @@ highly portable.  Great for heterogeneous networks.")
 (define-public cbatticon
   (package
     (name "cbatticon")
-    (version "1.6.5")
+    (version "1.6.6")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/valr/"
                                   name "/archive/" version ".tar.gz"))
               (sha256
                (base32
-                "0xzz1faqgm57bwlkw6sjdfbckf5hck81879zbfk18p7xn9vhvixv"))
+                "1rxlrwd817f2zl4fsc5ha43wjzfidq3yyagq4lgyi150qg36svv3"))
               (file-name (string-append name "-" version ".tar.gz"))))
     (build-system gnu-build-system)
     (arguments
@@ -2105,28 +2105,22 @@ Intel DRM Driver.")
 (define-public fabric
   (package
     (name "fabric")
-    (version "1.13.1")
+    (version "1.13.2")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "Fabric" version))
        (sha256
         (base32
-         "1z17hw0yiqp1blq217zxkg2jzkv8qd79saqhscgsw14mwlcqpwd0"))
-       (patches (search-patches "fabric-tests.patch"))))
+         "0k944dxr41whw7ib6380q9x15wyskx7fqni656icdn8rzshn9bwq"))))
     (build-system python-build-system)
     (arguments
-     `(#:python ,python-2))                       ;Python 2 only
+     `(#:python ,python-2))             ; Python 2 only
     (native-inputs
-     `(("python2-fudge" ,python2-fudge) ; Requires < 1.0
-       ("python2-jinja2" ,python2-jinja2) ; Requires < 3.0
-       ("python2-nose" ,python2-nose))) ; Requires < 2.0
+     `(("python2-fudge" ,python2-fudge)
+       ("python2-jinja2" ,python2-jinja2)
+       ("python2-nose" ,python2-nose)))
     (propagated-inputs
-     ;; Required upgrading python-paramiko 1.17.4 to fix an incompatibility
-     ;; between python-paramiko and newer python-pycrypto. Without this, the
-     ;; `fab` command fails with "ValueError: CTR mode needs counter
-     ;; parameter, not IV". See:
-     ;; https://github.com/paramiko/paramiko/pull/714#issuecomment-281191548.
      `(("python2-paramiko" ,python2-paramiko)))
     (home-page "http://fabfile.org")
     (synopsis "Simple Pythonic remote execution and deployment tool")
@@ -2169,7 +2163,7 @@ tool for remote execution and deployment.")
                  (("\"/etc/neofetch")
                   (string-append "\"" out "/etc/neofetch"))
                  (("\"/usr/share/neofetch")
-                  (string-append "\"" out "/usr/share/neofetch"))))
+                  (string-append "\"" out "/share/neofetch"))))
              #t))
          (delete 'configure))))
     (home-page "https://github.com/dylanaraps/neofetch")
@@ -2184,7 +2178,7 @@ you are running, what theme or icon set you are using, etc.")
 (define-public nnn
   (package
     (name "nnn")
-    (version "1.2")
+    (version "1.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/jarun/nnn/"
@@ -2192,7 +2186,7 @@ you are running, what theme or icon set you are using, etc.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "08l0wcwwsl5kix9kg3h51s2afzg97y1rjjfi0ijs294kz57g1cfq"))))
+                "0sivgcmg3hihz15v2wgbxnd0icn06pyvvqdqh8x0mwkhvm434fpb"))))
     (build-system gnu-build-system)
     (inputs `(("ncurses" ,ncurses)
               ("readline" ,readline)))
diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm
index d4405a5bf9..74ef7dc285 100644
--- a/gnu/packages/algebra.scm
+++ b/gnu/packages/algebra.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2016, 2017 Nicolas Goaziou <mail@nicolasgoaziou.fr>
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
@@ -206,7 +207,7 @@ GP2C, the GP to C compiler, translates GP scripts to PARI programs.")
 (define-public giac-xcas
   (package
     (name "giac-xcas")
-    (version "1.2.3-51")
+    (version "1.2.3-57")
     (source (origin
               (method url-fetch)
               ;; "~parisse/giac" is not used because the maintainer regularly
@@ -218,7 +219,7 @@ GP2C, the GP to C compiler, translates GP scripts to PARI programs.")
                                   "source/giac_" version ".tar.gz"))
               (sha256
                (base32
-                "1w7d4sdjbvqiibnfkhrqy9np3smsysilfba9pry3q1qn5g5y6nrp"))))
+                "0a7c1r2rgsin671qy98yvwgkg6a81d0pp0p4p7sydhrfi1k9xpr1"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -479,7 +480,6 @@ binary.")
               (base32
                "0amh9ik44jfg66csyvf4zz1l878c4755kjndq9j0270akflgrbb2"))))
     (build-system gnu-build-system)
-    (inputs `(("readline" ,readline)))
     (native-inputs
      `(("ed" ,ed)
        ("flex" ,flex)
diff --git a/gnu/packages/animation.scm b/gnu/packages/animation.scm
index 3c590950fd..faa0d17230 100644
--- a/gnu/packages/animation.scm
+++ b/gnu/packages/animation.scm
@@ -78,6 +78,16 @@ C++ @dfn{Standard Template Library} (STL).")
                             "/lib"))
        #:phases
        (modify-phases %standard-phases
+         (add-after 'unpack 'fix-boost-build-error
+           ;; A chain of Boost headers leads to this error: "make_array" is
+           ;; not a member of "boost::serialization".  This can be avoided by
+           ;; loading the "array_wrapper" header first.
+           (lambda _
+             (substitute* "src/synfig/valuenodes/valuenode_dynamic.cpp"
+               (("#include <boost/numeric/odeint/integrate/integrate.hpp>" match)
+                (string-append
+                 "#include <boost/serialization/array_wrapper.hpp>\n" match)))
+             #t))
          (add-after 'unpack 'adapt-to-libxml++-changes
           (lambda _
             (substitute* "configure"
diff --git a/gnu/packages/aspell.scm b/gnu/packages/aspell.scm
index 509d428f64..3469c7a3ec 100644
--- a/gnu/packages/aspell.scm
+++ b/gnu/packages/aspell.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Christopher Andersson <christopher@8bits.nu>
 ;;; Copyright © 2016 Theodoros Foradis <theodoros.for@openmailbox.org>
+;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -123,10 +124,10 @@ dictionaries, including personal ones.")
 
 (define-public aspell-dict-en
   (aspell-dictionary "en" "English"
-                     #:version "2016.11.20-0"
+                     #:version "2017.01.22-0"
                      #:sha256
                      (base32
-                      "1496jnhh2jvhkzcj0p4vy89bcs4g5wz6a76m33vw4dhchn5xm9jw")))
+                      "1qamzpw1fsnn5n9jpsnnnzqj1a0m0xvsikmkdp5a6pmb7sp3ziwk")))
 
 (define-public aspell-dict-eo
   (aspell-dictionary "eo" "Esperanto"
diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index 8a04cfe1b3..40700cae3d 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -1136,7 +1136,7 @@ patches that can be used with softsynths such as Timidity and WildMidi.")
 (define-public guitarix
   (package
     (name "guitarix")
-    (version "0.35.4")
+    (version "0.35.5")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -1144,7 +1144,7 @@ patches that can be used with softsynths such as Timidity and WildMidi.")
                    version ".tar.xz"))
              (sha256
               (base32
-               "1vip4d5hc20vjkh8c9bwn92gyqcc6a1ml6hs39djp59mmybr13dp"))))
+               "00pfb6qa3jfa6qaql7isnb8srfdfmk362ygslh7y0qkm36qasmh4"))))
     (build-system waf-build-system)
     (arguments
      `(#:tests? #f ; no "check" target
@@ -2766,7 +2766,8 @@ machine-readable ASCII format.")
     (description "shntool is a multi-purpose WAVE data processing and reporting
 utility.  File formats are abstracted from its core, so it can process any file
 that contains WAVE data, compressed or not---provided there exists a format
-module to handle that particular file type.")
+module to handle that particular file type.  It can also generate CUE files, and
+use them split WAVE data into multiple files.")
     (home-page "http://etree.org/shnutils/shntool/")
     ;; 'install-sh' bears the x11 license
     (license (list license:gpl2+ license:x11))))
diff --git a/gnu/packages/augeas.scm b/gnu/packages/augeas.scm
index 9b320810ca..077105155c 100644
--- a/gnu/packages/augeas.scm
+++ b/gnu/packages/augeas.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -30,14 +31,14 @@
 (define-public augeas
   (package
     (name "augeas")
-    (version "1.8.0")
+    (version "1.8.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://download.augeas.net/augeas-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1iac5lwi1q10r343ii9v5p2fdplvh06yv9svsi8zz6cd2c2fjp2i"))))
+                "1yf93fqwav1zsl8dpyfkf0g11w05mmfckqy6qsjy5zkklnspbkv5"))))
     (build-system gnu-build-system)
     ;; Marked as "required" in augeas.pc
     (propagated-inputs
diff --git a/gnu/packages/autotools.scm b/gnu/packages/autotools.scm
index 4dbe7b2a21..30a9aac824 100644
--- a/gnu/packages/autotools.scm
+++ b/gnu/packages/autotools.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org>
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Mathieu Lirzin <mthl@openmailbox.org>
 ;;; Copyright © 2014 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
 ;;; Copyright © 2015, 2017 Mark H Weaver <mhw@netris.org>
@@ -237,6 +237,7 @@ output is indexed in many ways to simplify browsing.")
     (license gpl3+)))
 
 (define-public automake
+  ;; Replace with 'automake/latest' on the next rebuild cycle.
   (package
     (name "automake")
     (version "1.15")
@@ -315,6 +316,22 @@ intuitive format and then Automake works with Autoconf to produce a robust
 Makefile, simplifying the entire process for the developer.")
     (license gpl2+)))                      ; some files are under GPLv3+
 
+
+(define-public automake/latest
+  ;; Merge with 'automake' on the next rebuild cycle.
+  (package
+    (inherit automake)
+    (version "1.15.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnu/automake/automake-"
+                                  version ".tar.xz"))
+              (sha256
+               (base32
+                "1bzd9g32dfm4rsbw93ld9x7b5nc1y6i4m6zp032qf1i28a8s6sxg"))
+              (patches
+               (search-patches "automake-skip-amhello-tests.patch"))))))
+
 (define-public libtool
   (package
     (name "libtool")
diff --git a/gnu/packages/aux-files/emacs/guix-emacs.el b/gnu/packages/aux-files/emacs/guix-emacs.el
index 2bbd639ffd..9a49e8861c 100644
--- a/gnu/packages/aux-files/emacs/guix-emacs.el
+++ b/gnu/packages/aux-files/emacs/guix-emacs.el
@@ -1,6 +1,7 @@
 ;;; guix-emacs.el --- Emacs packages installed with Guix
 
 ;; Copyright © 2014, 2015, 2016, 2017 Alex Kost <alezost@gmail.com>
+;; Copyright © 2017 Kyle Meyer <kyle@kyleam.com>
 
 ;; This file is part of GNU Guix.
 
@@ -87,9 +88,11 @@ profiles.
   (interactive (list (if (fboundp 'guix-read-package-profile)
                          (funcall 'guix-read-package-profile)
                        guix-user-profile)))
-  (let ((profiles (or profiles
-                      (list "/run/current-system/profile"
-                            guix-user-profile))))
+  (let* ((env      (getenv "GUIX_ENVIRONMENT"))
+         (profiles (or profiles
+                       (append (list "/run/current-system/profile"
+                                     guix-user-profile)
+                               (and env (list env))))))
     (dolist (profile profiles)
       (let ((dirs (guix-emacs-directories profile)))
         (when dirs
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index 74e49e46db..157b6a7cc5 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -118,7 +118,7 @@ spying and/or modification by the server.")
 (define-public par2cmdline
   (package
     (name "par2cmdline")
-    (version "0.7.2")
+    (version "0.7.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/Parchive/par2cmdline/archive/v"
@@ -126,7 +126,7 @@ spying and/or modification by the server.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0rsrca7903g08zrifv4102gkxrhmzvgwd1sb6vw9pa00qhzsfkzs"))))
+                "0dqwarc2aw5clgpf24d9dxh43b0k0z3l6kksn30arx9bdlmrk5rx"))))
     (native-inputs
      `(("automake" ,automake)
        ("autoconf" ,autoconf)))
@@ -136,10 +136,15 @@ spying and/or modification by the server.")
        (modify-phases %standard-phases
          (add-after 'unpack 'autoreconf
            (lambda _ (zero? (system* "autoreconf" "-vfi")))))))
-    (synopsis "File verification and repair tool")
-    (description "Par2cmdline is a tool for generating RAID-like PAR2 recovery
-files using Reed-Solomon coding.  PAR2 files can be stored along side backups
-or distributed files for recovering from bitrot.")
+    (synopsis "File verification and repair tools")
+    (description "Par2cmdline uses Reed-Solomon error-correcting codes to
+generate and verify PAR2 recovery files.  These files can be distributed
+alongside the source files or stored together with back-ups to protect against
+transmission errors or @dfn{bit rot}, the degradation of storage media over
+time.
+Unlike a simple checksum, PAR2 doesn't merely detect errors: as long as the
+damage isn't too extensive (and smaller than the size of the recovery file), it
+can even repair them.")
     (home-page "https://github.com/Parchive/par2cmdline")
     (license license:gpl3+)))
 
@@ -179,8 +184,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
 (define-public libarchive
   (package
     (name "libarchive")
-    (replacement libarchive-3.3.1)
-    (version "3.2.2")
+    (version "3.3.1")
     (source
      (origin
        (method url-fetch)
@@ -188,7 +192,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
                            version ".tar.gz"))
        (sha256
         (base32
-         "03q6y428rg723c9fj1vidzjw46w1vf8z0h95lkvz1l9jw571j739"))))
+         "1rr40hxlm9vy5z2zb5w7pyfkgd1a4s061qapm83s19accb8mpji9"))))
     (build-system gnu-build-system)
     ;; TODO: Add -L/path/to/nettle in libarchive.pc.
     (inputs
@@ -457,13 +461,13 @@ detection, and lossless compression.")
 (define-public borg
   (package
     (name "borg")
-    (version "1.0.10")
+    (version "1.0.11")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "borgbackup" version))
               (sha256
                (base32
-                "1sarmpzwr8dhbg0hsvaclcsjfax36ssb32d9klhhah4j8kqji3wp"))
+                "14fjk5dfwmjkn7nmkbhhbrk3g1wfrn8arvqd5r9jaij534nzsvpw"))
               (modules '((guix build utils)))
               (snippet
                '(for-each
@@ -601,14 +605,14 @@ changes are stored.")
 (define-public wimlib
   (package
     (name "wimlib")
-    (version "1.10.0")
+    (version "1.12.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://wimlib.net/downloads/"
                                   name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0mbz03smlc054i2m9q2sbqymml9m897kfs84q7g81i26y811p6wq"))))
+                "0ks6hq7vwq13ljkzxp3a490bf8dnracgl2azf57rg49ad2fzab45"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index 81f8b3c8d6..1ccff1fcf5 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -7,6 +7,8 @@
 ;;; Copyright © 2014, 2015 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2017 Rene Saavedra <rennes@openmailbox.org>
+;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -87,7 +89,8 @@ command-line arguments, multiple languages, and so on.")
             (sha256
              (base32
               "1dcasjp3a578nrvzrcn38mpizb8w1q6mvfzhjmcqqgkf0nsivj72"))
-            (patches (search-patches "grep-timing-sensitive-test.patch"))))
+            (patches (search-patches "grep-timing-sensitive-test.patch"
+                                     "grep-gnulib-lock.patch"))))
    (build-system gnu-build-system)
    (native-inputs `(("perl" ,perl)))             ;some of the tests require it
    (arguments
@@ -228,14 +231,14 @@ differences.")
 (define-public diffutils
   (package
    (name "diffutils")
-   (version "3.5")
+   (version "3.6")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/diffutils/diffutils-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "0csmqfz8ks23kdjsq0v2ll1acqiz8lva06dj19mwmymrsp69ilys"))))
+              "1mivg0fy3a6fcn535ln8nkgfj6vxh5hsxxs5h6692wxmsjyyh8fn"))))
    (build-system gnu-build-system)
    (synopsis "Comparing and merging files")
    (description
@@ -258,8 +261,13 @@ interactive means to merge two files.")
             (sha256
              (base32
               "178nn4dl7wbcw499czikirnkniwnx36argdnqgz4ik9i6zvwkm6y"))
-            (patches (search-patches "findutils-localstatedir.patch"
-                                     "findutils-test-xargs.patch"))))
+            (patches (search-patches
+                      "findutils-localstatedir.patch"
+                      "findutils-test-xargs.patch"
+                      ;; test-lock has performance issues on multi-core
+                      ;; machines, it hangs or takes a long time to complete.
+                      ;; This is a commit from gnulib to fix this issue.
+                      "findutils-gnulib-multi-core.patch"))))
    (build-system gnu-build-system)
    (arguments
     `(#:configure-flags (list
@@ -285,15 +293,15 @@ used to apply commands with arbitrarily long arguments.")
 (define-public coreutils
   (package
    (name "coreutils")
-   (version "8.26")
+   (version "8.27")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/coreutils/coreutils-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "13lspazc7xkviy93qz7ks9jv4sldvgmwpq36ghrbrqpq93br8phm"))
-            (patches (search-patches "coreutils-fix-cross-compilation.patch"))))
+              "0sv547572iq8ayy8klir4hnngnx92a9nsazmf1wgzfc7xr4x74c8"))
+            (patches (search-patches "coreutils-cut-huge-range-test.patch"))))
    (build-system gnu-build-system)
    (inputs `(("acl"  ,acl)                        ; TODO: add SELinux
              ("gmp"  ,gmp)                        ;bignums in 'expr', yay!
@@ -308,21 +316,12 @@ used to apply commands with arbitrarily long arguments.")
     ;; copy of help2man.  However, don't pass it when cross-compiling since
     ;; that would lead it to try to run programs to get their '--help' output
     ;; for help2man.
-    `(,@(if (%current-target-system)
-            '()
-            `(("perl" ,perl)))
-
-      ;; Apply this patch only on ARM to avoid a full rebuild.
-      ;; TODO: Move to 'patches' in the next update cycle.
-      ,@(if (string-prefix? "arm" (or (%current-target-system)
-                                      (%current-system)))
-            `(("cut-test.patch"
-               ,(search-patch "coreutils-cut-huge-range-test.patch")))
-            '())))
+    (if (%current-target-system)
+        '()
+        `(("perl" ,perl))))
    (outputs '("out" "debug"))
    (arguments
     `(#:parallel-build? #f            ; help2man may be called too early
-      #:parallel-tests? #f            ; race condition fixed after 8.26
       #:phases (alist-cons-before
                 'build 'patch-shell-references
                 (lambda* (#:key inputs #:allow-other-keys)
@@ -337,22 +336,7 @@ used to apply commands with arbitrarily long arguments.")
                     (substitute* (find-files "tests" "\\.sh$")
                       (("#!/bin/sh")
                        (format #f "#!~a/bin/sh" bash)))))
-
-                ,@(if (string-prefix? "arm" (or (%current-target-system)
-                                                (%current-system)))
-                      '((alist-cons-before
-                         'build 'patch-cut-test
-                         (lambda* (#:key inputs native-inputs
-                                   #:allow-other-keys)
-                           (let ((patch (or (assoc-ref inputs
-                                                       "cut-test.patch")
-                                            (assoc-ref native-inputs
-                                                       "cut-test.patch"))))
-                             (zero?
-                              (system* "patch" "-p1" "--force"
-                                       "--input" patch))))
-                         %standard-phases))
-                      '(%standard-phases)))))
+                %standard-phases)))
    (synopsis "Core GNU utilities (file, text, shell)")
    (description
     "GNU Coreutils includes all of the basic command-line tools that are
@@ -362,29 +346,6 @@ functionality beyond that which is outlined in the POSIX standard.")
    (license gpl3+)
    (home-page "https://www.gnu.org/software/coreutils/")))
 
-;; We add version 8.27 here for use in (gnu system) due to a time
-;; zone bug in `date' versions 8.25 - 8.26.
-;; https://debbugs.gnu.org/cgi/bugreport.cgi?bug=23035
-;; https://debbugs.gnu.org/cgi/bugreport.cgi?bug=26238
-(define-public coreutils-8.27
-  (package
-    (inherit coreutils)
-    (version "8.27")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "mirror://gnu/coreutils/coreutils-"
-                                  version ".tar.xz"))
-              (sha256
-               (base32
-                "0sv547572iq8ayy8klir4hnngnx92a9nsazmf1wgzfc7xr4x74c8"))))
-    (arguments
-     (if (string-prefix? "arm" (or (%current-target-system)
-                                   (%current-system)))
-         (substitute-keyword-arguments (package-arguments coreutils)
-           ((#:phases phases)
-            `(alist-delete 'patch-cut-test ,phases)))
-         (package-arguments coreutils)))))
-
 (define-public coreutils-minimal
   ;; Coreutils without its optional dependencies.
   (package
@@ -434,17 +395,16 @@ change.  GNU make offers many powerful extensions over the standard utility.")
 (define-public binutils
   (package
    (name "binutils")
-   (version "2.27")
+   (version "2.28")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/binutils/binutils-"
                                 version ".tar.bz2"))
             (sha256
              (base32
-              "125clslv17xh1sab74343fg6v31msavpmaa1c1394zsqa773g5rn"))
+              "0wiasgns7i8km8nrxas265sh2dfpsw93b3qw195ipc90w4z475v2"))
             (patches (search-patches "binutils-ld-new-dtags.patch"
-                                     "binutils-loongson-workaround.patch"
-                                     "binutils-mips-bash-bug.patch"))))
+                                     "binutils-loongson-workaround.patch"))))
    (build-system gnu-build-system)
 
    ;; TODO: Add dependency on zlib + those for Gold.
@@ -456,10 +416,6 @@ change.  GNU make offers many powerful extensions over the standard utility.")
                           ;; Don't search under /usr/lib & co.
                           "--with-lib-path=/no-ld-lib-path"
 
-                          ;; Glibc 2.17 has a "comparison of unsigned
-                          ;; expression >= 0 is always true" in wchar.h.
-                          "--disable-werror"
-
                           ;; Install BFD.  It ends up in a hidden directory,
                           ;; but it's here.
                           "--enable-install-libbfd"
@@ -482,7 +438,7 @@ included.")
 (define* (make-ld-wrapper name #:key
                           (target (const #f))
                           binutils
-                          (guile (canonical-package guile-2.0))
+                          (guile (canonical-package guile-2.2))
                           (bash (canonical-package bash))
                           (guile-for-build guile))
   "Return a package called NAME that contains a wrapper for the 'ld' program
@@ -558,7 +514,6 @@ store.")
   (package
    (name "glibc")
    (version "2.25")
-   (replacement glibc-2.25-patched)
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/glibc/glibc-"
@@ -576,7 +531,12 @@ store.")
             (modules '((guix build utils)))
             (patches (search-patches "glibc-ldd-x86_64.patch"
                                      "glibc-versioned-locpath.patch"
-                                     "glibc-o-largefile.patch"))))
+                                     "glibc-o-largefile.patch"
+                                     "glibc-memchr-overflow-i686.patch"
+                                     "glibc-vectorized-strcspn-guards.patch"
+                                     "glibc-CVE-2017-1000366-pt1.patch"
+                                     "glibc-CVE-2017-1000366-pt2.patch"
+                                     "glibc-CVE-2017-1000366-pt3.patch"))))
    (build-system gnu-build-system)
 
    ;; Glibc's <limits.h> refers to <linux/limit.h>, for instance, so glibc
@@ -588,10 +548,6 @@ store.")
    (arguments
     `(#:out-of-source? #t
 
-      ;; In version 2.21, there a race in the 'elf' directory, see
-      ;; <http://lists.gnu.org/archive/html/guix-devel/2015-02/msg00709.html>.
-      #:parallel-build? #f
-
       ;; The libraries have an empty RUNPATH, but some, such as the versioned
       ;; libraries (libdl-2.24.so, etc.) have ld.so marked as NEEDED.  Since
       ;; these libraries are always going to be found anyway, just skip
@@ -667,19 +623,6 @@ store.")
                         ;; 4.7.1.
                         ((" -lgcc_s") ""))
 
-                      ;; Apply patch only on i686.
-                      ;; TODO: Move the patch to 'patches' in the next update cycle.
-                      ,@(if (string-prefix? "i686" (or (%current-target-system)
-                                                       (%current-system)))
-                            `((unless (zero? (system* "patch" "-p1" "--force"
-                                                      "--input"
-                                                      (or (assoc-ref native-inputs
-                                                                     "glibc-memchr-overflow-i686.patch")
-                                                          (assoc-ref inputs
-                                                                     "glibc-memchr-overflow-i686.patch"))))
-                                (error "patch failed for glibc-memchr-overflow-i686.patch")))
-                            '())
-
                       ;; Have `system' use that Bash.
                       (substitute* "sysdeps/posix/system.c"
                         (("#define[[:blank:]]+SHELL_PATH.*$")
@@ -723,15 +666,7 @@ store.")
    ;; install the message catalogs, with 'msgfmt'.
    (native-inputs `(("texinfo" ,texinfo)
                     ("perl" ,perl)
-                    ("gettext" ,gettext-minimal)
-
-                    ;; Apply this patch only on i686 to avoid a full rebuild.
-                    ;; TODO: Move to 'patches' in the next update cycle.
-                    ,@(if (string-prefix? "i686" (or (%current-target-system)
-                                                     (%current-system)))
-                          `(("glibc-memchr-overflow-i686.patch"
-                             ,(search-patch "glibc-memchr-overflow-i686.patch")))
-                          '())))
+                    ("gettext" ,gettext-minimal)))
 
    (native-search-paths
     ;; Search path for packages that provide locale data.  This is useful
@@ -780,71 +715,6 @@ with the Linux kernel.")
         ;; Add libmachuser.so and libhurduser.so to libc.so's search path.
         ;; See <http://lists.gnu.org/archive/html/bug-hurd/2015-07/msg00051.html>.
         `(modify-phases ,original-phases
-           ;; TODO: This is almost an exact copy of the phase of the same name
-           ;; in glibc/linux.  The only difference is that the i686 patch is
-           ;; not applied here.  In the next update cycle the patch moves to
-           ;; the patches field and this overwritten phase won't be needed any
-           ;; more.
-           (replace 'pre-configure
-             (lambda* (#:key inputs native-inputs outputs
-                       #:allow-other-keys)
-               (let* ((out  (assoc-ref outputs "out"))
-                      (bin  (string-append out "/bin"))
-                      ;; FIXME: Normally we would look it up only in INPUTS
-                      ;; but cross-base uses it as a native input.
-                      (bash (or (assoc-ref inputs "static-bash")
-                                (assoc-ref native-inputs "static-bash"))))
-                 ;; Install the rpc data base file under `$out/etc/rpc'.
-                 ;; FIXME: Use installFlags = [ "sysconfdir=$(out)/etc" ];
-                 (substitute* "sunrpc/Makefile"
-                   (("^\\$\\(inst_sysconfdir\\)/rpc(.*)$" _ suffix)
-                    (string-append out "/etc/rpc" suffix "\n"))
-                   (("^install-others =.*$")
-                    (string-append "install-others = " out "/etc/rpc\n")))
-
-                 (substitute* "Makeconfig"
-                   ;; According to
-                   ;; <http://www.linuxfromscratch.org/lfs/view/stable/chapter05/glibc.html>,
-                   ;; linking against libgcc_s is not needed with GCC
-                   ;; 4.7.1.
-                   ((" -lgcc_s") ""))
-
-                 ;; Have `system' use that Bash.
-                 (substitute* "sysdeps/posix/system.c"
-                   (("#define[[:blank:]]+SHELL_PATH.*$")
-                    (format #f "#define SHELL_PATH \"~a/bin/bash\"\n"
-                            bash)))
-
-                 ;; Same for `popen'.
-                 (substitute* "libio/iopopen.c"
-                   (("/bin/sh")
-                    (string-append bash "/bin/sh")))
-
-                 ;; Same for the shell used by the 'exec' functions for
-                 ;; scripts that lack a shebang.
-                 (substitute* (find-files "." "^paths\\.h$")
-                   (("#define[[:blank:]]+_PATH_BSHELL[[:blank:]].*$")
-                    (string-append "#define _PATH_BSHELL \""
-                                   bash "/bin/sh\"\n")))
-
-                 ;; Nscd uses __DATE__ and __TIME__ to create a string to
-                 ;; make sure the client and server come from the same
-                 ;; libc.  Use something deterministic instead.
-                 (substitute* "nscd/nscd_stat.c"
-                   (("static const char compilation\\[21\\] =.*$")
-                    (string-append
-                     "static const char compilation[21] = \""
-                     (string-take (basename out) 20) "\";\n")))
-
-                 ;; Make sure we don't retain a reference to the
-                 ;; bootstrap Perl.
-                 (substitute* "malloc/mtrace.pl"
-                   (("^#!.*")
-                    ;; The shebang can be omitted, because there's the
-                    ;; "bilingual" eval/exec magic at the top of the file.
-                    "")
-                   (("exec @PERL@")
-                    "exec perl")))))
            (add-after 'install 'augment-libc.so
              (lambda* (#:key outputs #:allow-other-keys)
                (let* ((out (assoc-ref outputs "out")))
@@ -902,19 +772,6 @@ GLIBC/HURD for a Hurd host"
 (define-syntax glibc
   (identifier-syntax (glibc-for-target)))
 
-(define glibc-2.25-patched
-  (package
-    (inherit glibc)
-    (source (origin
-              (inherit (package-source glibc))
-              (patches (search-patches "glibc-ldd-x86_64.patch"
-                                       "glibc-versioned-locpath.patch"
-                                       "glibc-o-largefile.patch"
-                                       "glibc-vectorized-strcspn-guards.patch"
-                                       "glibc-CVE-2017-1000366-pt1.patch"
-                                       "glibc-CVE-2017-1000366-pt2.patch"
-                                       "glibc-CVE-2017-1000366-pt3.patch"))))))
-
 ;; Below are old libc versions, which we use mostly to build locale data in
 ;; the old format (which the new libc cannot cope with.)
 
@@ -933,6 +790,7 @@ GLIBC/HURD for a Hurd host"
                                        "glibc-versioned-locpath.patch"
                                        "glibc-o-largefile.patch"
                                        "glibc-vectorized-strcspn-guards.patch"
+                                       "glibc-CVE-2015-5180.patch"
                                        "glibc-CVE-2017-1000366-pt1.patch"
                                        "glibc-CVE-2017-1000366-pt2.patch"
                                        "glibc-CVE-2017-1000366-pt3.patch"))))))
@@ -952,6 +810,10 @@ GLIBC/HURD for a Hurd host"
                                        "glibc-versioned-locpath.patch"
                                        "glibc-o-largefile.patch"
                                        "glibc-vectorized-strcspn-guards.patch"
+                                       "glibc-CVE-2015-5180.patch"
+                                       "glibc-CVE-2016-3075.patch"
+                                       "glibc-CVE-2016-3706.patch"
+                                       "glibc-CVE-2016-4429.patch"
                                        "glibc-CVE-2017-1000366-pt1.patch"
                                        "glibc-CVE-2017-1000366-pt2.patch"
                                        "glibc-CVE-2017-1000366-pt3.patch"))))))
@@ -969,6 +831,11 @@ GLIBC/HURD for a Hurd host"
                 "0j49682pm2nh4qbdw35bas82p1pgfnz4d2l7iwfyzvrvj0318wzb"))
               (patches (search-patches "glibc-ldd-x86_64.patch"
                                        "glibc-vectorized-strcspn-guards.patch"
+                                       "glibc-CVE-2015-5180.patch"
+                                       "glibc-CVE-2015-7547.patch"
+                                       "glibc-CVE-2016-3075.patch"
+                                       "glibc-CVE-2016-3706.patch"
+                                       "glibc-CVE-2016-4429.patch"
                                        "glibc-CVE-2017-1000366-pt1.patch"
                                        "glibc-CVE-2017-1000366-pt2.patch"
                                        "glibc-CVE-2017-1000366-pt3.patch"))))
@@ -978,23 +845,11 @@ GLIBC/HURD for a Hurd host"
          `(modify-phases ,phases
             (add-before 'configure 'fix-pwd
               (lambda _
-                ;; Use `pwd' instead of `/bin/pwd' for glibc-2.21
+                ;; Use `pwd' instead of `/bin/pwd' for glibc-2.22.
                 (substitute* "configure"
                   (("/bin/pwd") "pwd"))
                 #t))))))))
 
-(define-public glibc-2.21
-  (package
-    (inherit glibc-2.22)
-    (version "2.21")
-    (source (origin
-              (inherit (package-source glibc-2.22))
-              (uri (string-append "mirror://gnu/glibc/glibc-"
-                                  version ".tar.xz"))
-              (sha256
-               (base32
-                "1f135546j34s9bfkydmx2nhh9vwxlx60jldi80zmsnln6wj3dsxf"))))))
-
 (define-public glibc-locales
   (package
     (inherit glibc)
diff --git a/gnu/packages/bash.scm b/gnu/packages/bash.scm
index 34cfa08944..b8b0ae58f6 100644
--- a/gnu/packages/bash.scm
+++ b/gnu/packages/bash.scm
@@ -211,33 +211,33 @@ without modification.")
     (outputs (delete "include" (package-outputs bash)))
 
     (arguments
-     (let ((args `(#:modules ((guix build gnu-build-system)
-                              (guix build utils)
-                              (srfi srfi-1)
-                              (srfi srfi-26))
-                   ,@(package-arguments bash))))
-       (substitute-keyword-arguments args
-         ((#:configure-flags flags)
-          `(list "--without-bash-malloc"
-                 "--disable-readline"
-                 "--disable-history"
-                 "--disable-help-builtin"
-                 "--disable-progcomp"
-                 "--disable-net-redirections"
-                 "--disable-nls"
+     (substitute-keyword-arguments (package-arguments bash)
+       ((#:modules _ '())
+        '((guix build gnu-build-system)
+          (guix build utils)
+          (srfi srfi-1)
+          (srfi srfi-26)))
+       ((#:configure-flags flags '())
+        `(list "--without-bash-malloc"
+               "--disable-readline"
+               "--disable-history"
+               "--disable-help-builtin"
+               "--disable-progcomp"
+               "--disable-net-redirections"
+               "--disable-nls"
 
-                 ;; Pretend 'dlopen' is missing so we don't build loadable
-                 ;; modules and related code.
-                 "ac_cv_func_dlopen=no"
+               ;; Pretend 'dlopen' is missing so we don't build loadable
+               ;; modules and related code.
+               "ac_cv_func_dlopen=no"
 
-                 ,@(if (%current-target-system)
-                       '("bash_cv_job_control_missing=no"
-                         "bash_cv_getcwd_malloc=yes")
-                       '())))
-         ((#:phases phases)
-          `(modify-phases ,phases
-             ;; No loadable modules.
-             (delete 'move-development-files))))))))
+               ,@(if (%current-target-system)
+                     '("bash_cv_job_control_missing=no"
+                       "bash_cv_getcwd_malloc=yes")
+                     '())))
+       ((#:phases phases)
+        `(modify-phases ,phases
+           ;; No loadable modules.
+           (delete 'move-development-files)))))))
 
 (define-public static-bash
   ;; Statically-linked Bash that contains nothing but the 'bash' binary and
@@ -263,7 +263,7 @@ without modification.")
 (define-public bash-completion
   (package
     (name "bash-completion")
-    (version "2.6")
+    (version "2.7")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -271,7 +271,7 @@ without modification.")
                     version "/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1vx5bjasi0y3iwhgy2v72bdrsprkw8zjc9s8qd1l8rxil0nnbyv1"))
+                "07j484vb3k90f4989xh1g1x99g01akrp69p3dml4lza27wnqkfj1"))
               (patches
                (search-patches "bash-completion-directories.patch"))))
     (build-system gnu-build-system)
diff --git a/gnu/packages/bdw-gc.scm b/gnu/packages/bdw-gc.scm
index b9732374d7..790a238579 100644
--- a/gnu/packages/bdw-gc.scm
+++ b/gnu/packages/bdw-gc.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2012, 2013, 2014, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2017 Rene Saavedra <rennes@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -23,7 +24,8 @@
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
-  #:use-module (gnu packages pkg-config))
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages hurd))
 
 (define-public libgc
   (package
@@ -38,8 +40,20 @@
               "143x7g0d0k6250ai6m2x3l4y352mzizi4wbgrmahxscv2aqjhjm1"))))
    (build-system gnu-build-system)
    (arguments
-    '(#:configure-flags '(;; Install gc_cpp.h et al.
-                          "--enable-cplusplus")))
+    `(#:configure-flags
+      (list
+       ;; Install gc_cpp.h et al.
+       "--enable-cplusplus"
+       ;; In GNU/Hurd systems during the 'Check' phase,
+       ;; there is a deadlock caused by the 'gctest' test.
+       ;; To disable the error set "--disable-gcj-support"
+       ;; to configure script. See bug report and discussion:
+       ;; <https://lists.opendylan.org/pipermail/bdwgc/2017-April/006275.html>
+       ;; <https://lists.gnu.org/archive/html/bug-hurd/2017-01/msg00008.html>
+       ,@(if (hurd-triplet? (or (%current-system)
+                                (%current-target-system)))
+             '("--disable-gcj-support")
+             '()))))
    (native-inputs `(("pkg-config" ,pkg-config)))
    (inputs `(("libatomic-ops" ,libatomic-ops)))
    (outputs '("out" "debug"))
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index 82cd1e420d..c5157046ab 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -48,6 +48,7 @@
   #:use-module (gnu packages boost)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages cpio)
+  #:use-module (gnu packages cran)
   #:use-module (gnu packages curl)
   #:use-module (gnu packages documentation)
   #:use-module (gnu packages databases)
@@ -59,6 +60,7 @@
   #:use-module (gnu packages gd)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages glib)
+  #:use-module (gnu packages graph)
   #:use-module (gnu packages groff)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages haskell)
@@ -248,7 +250,7 @@ structure of the predicted RNA.")
        ("python-nose" ,python2-nose)
        ("python-pysam" ,python2-pysam)))
     (inputs
-     `(("htslib" ,htslib)
+     `(("htslib" ,htslib-1.3) ; At least one test fails on htslib-1.4+.
        ("samtools" ,samtools)
        ("bwa" ,bwa)
        ("grep" ,grep)
@@ -300,7 +302,7 @@ BAM files.")
 (define-public bcftools
   (package
     (name "bcftools")
-    (version "1.3.1")
+    (version "1.5")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -308,33 +310,28 @@ BAM files.")
                     version "/bcftools-" version ".tar.bz2"))
               (sha256
                (base32
-                "095ry68vmz9q5s1scjsa698dhgyvgw5aicz24c19iwfbai07mhqj"))
+                "0093hkkvxmbwfaa7905s6185jymynvg42kq6sxv7fili11l5mxwz"))
+              (patches (search-patches "bcftools-regidx-unsigned-char.patch"))
               (modules '((guix build utils)))
               (snippet
                ;; Delete bundled htslib.
-               '(delete-file-recursively "htslib-1.3.1"))))
+               '(delete-file-recursively "htslib-1.5"))))
     (build-system gnu-build-system)
     (arguments
      `(#:test-target "test"
+       #:configure-flags (list "--with-htslib=system")
        #:make-flags
        (list
         "USE_GPL=1"
+        "LIBS=-lgsl -lgslcblas"
         (string-append "prefix=" (assoc-ref %outputs "out"))
         (string-append "HTSDIR=" (assoc-ref %build-inputs "htslib") "/include")
-        (string-append "HTSLIB=" (assoc-ref %build-inputs "htslib") "/lib/libhts.a")
+        (string-append "HTSLIB=" (assoc-ref %build-inputs "htslib") "/lib/libhts.so")
         (string-append "BGZIP=" (assoc-ref %build-inputs "htslib") "/bin/bgzip")
-        (string-append "TABIX=" (assoc-ref %build-inputs "htslib") "/bin/tabix"))
+        (string-append "TABIX=" (assoc-ref %build-inputs "htslib") "/bin/tabix")
+        (string-append "PACKAGE_VERSION=" ,version))
        #:phases
        (modify-phases %standard-phases
-         (add-after 'unpack 'patch-Makefile
-           (lambda _
-             (substitute* "Makefile"
-               ;; Do not attempt to build htslib.
-               (("^include \\$\\(HTSDIR\\)/htslib\\.mk") "")
-               ;; Link against GSL cblas.
-               (("-lcblas") "-lgslcblas"))
-             #t))
-         (delete 'configure)
          (add-before 'check 'patch-tests
            (lambda _
              (substitute* "test/test.pl"
@@ -1195,7 +1192,7 @@ errors at the end of reads.")
 (define-public bowtie
   (package
     (name "bowtie")
-    (version "2.2.9")
+    (version "2.3.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/BenLangmead/bowtie2/archive/v"
@@ -1203,7 +1200,7 @@ errors at the end of reads.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1vp5db8i7is57iwjybcdg18f5ivyzlj5g1ix1nlvxainzivhz55g"))
+                "0hwa5r9qbglppb7sz5z79rlmmddr3n51n468jb3wh8rwjgn3yr90"))
               (modules '((guix build utils)))
               (snippet
                '(substitute* "Makefile"
@@ -1211,28 +1208,28 @@ errors at the end of reads.")
                   (("-DBUILD_HOST=.*") "-DBUILD_HOST=\"\\\"guix\\\"\"")
                   (("-DBUILD_TIME=.*") "-DBUILD_TIME=\"\\\"0\\\"\"")))))
     (build-system gnu-build-system)
-    (inputs `(("perl" ,perl)
-              ("perl-clone" ,perl-clone)
-              ("perl-test-deep" ,perl-test-deep)
-              ("perl-test-simple" ,perl-test-simple)
-              ("python" ,python-2)
-              ("tbb" ,tbb)))
+    (inputs
+     `(("perl" ,perl)
+       ("perl-clone" ,perl-clone)
+       ("perl-test-deep" ,perl-test-deep)
+       ("perl-test-simple" ,perl-test-simple)
+       ("python" ,python-2)
+       ("tbb" ,tbb)
+       ("zlib" ,zlib)))
     (arguments
      '(#:make-flags
        (list "allall"
              "WITH_TBB=1"
              (string-append "prefix=" (assoc-ref %outputs "out")))
        #:phases
-       (alist-delete
-        'configure
-        (alist-replace
-         'check
-         (lambda* (#:key outputs #:allow-other-keys)
-           (system* "perl"
-                    "scripts/test/simple_tests.pl"
-                    "--bowtie2=./bowtie2"
-                    "--bowtie2-build=./bowtie2-build"))
-         %standard-phases))))
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (replace 'check
+           (lambda* (#:key outputs #:allow-other-keys)
+             (zero? (system* "perl"
+                             "scripts/test/simple_tests.pl"
+                             "--bowtie2=./bowtie2"
+                             "--bowtie2-build=./bowtie2-build")))))))
     (home-page "http://bowtie-bio.sourceforge.net/bowtie2/index.shtml")
     (synopsis "Fast and sensitive nucleotide sequence read aligner")
     (description
@@ -1424,7 +1421,7 @@ multiple sequence alignments.")
 (define-public python-pysam
   (package
     (name "python-pysam")
-    (version "0.10.0")
+    (version "0.11.2.2")
     (source (origin
               (method url-fetch)
               ;; Test data is missing on PyPi.
@@ -1434,7 +1431,7 @@ multiple sequence alignments.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1mmvn91agr238kwz7226xq0i7k84lg2nxywn9712mzj7gvgqhfy8"))
+                "1cfqdxsqs3xhacns9n0271ck6wkc76px66ddjm91wfw2jxxfklvc"))
               (modules '((guix build utils)))
               (snippet
                ;; Drop bundled htslib. TODO: Also remove samtools and bcftools.
@@ -1533,13 +1530,13 @@ UCSC genome browser.")
 (define-public python-plastid
   (package
     (name "python-plastid")
-    (version "0.4.6")
+    (version "0.4.8")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "plastid" version))
               (sha256
                (base32
-                "1sqkz5d3b9kf688mp7k771c87ins42j7j0whmkb49cb3fsg8s8lj"))))
+                "0l24dd3q66if8yj042m4s0g95n6acn7im1imqd3p6h8ns43kxhj8"))))
     (build-system python-build-system)
     (arguments
      ;; Some test files are not included.
@@ -1642,7 +1639,7 @@ databases.")
     (build-system python-build-system)
     (arguments `(#:python ,python-2)) ; only Python 2 is supported
     (inputs
-     `(("htseq" ,htseq)
+     `(("htseq" ,python2-htseq)
        ("python-pybedtools" ,python2-pybedtools)
        ("python-cython" ,python2-cython)
        ("python-scikit-learn" ,python2-scikit-learn)
@@ -2118,7 +2115,7 @@ identify enrichments with functional annotations of the genome.")
 (define-public diamond
   (package
     (name "diamond")
-    (version "0.9.9")
+    (version "0.9.10")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2127,7 +2124,7 @@ identify enrichments with functional annotations of the genome.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "04i03046g3l2vk9722z47r1p7j415g97vvz6d76ywmbawyiihcb1"))))
+                "13qqzwg54n5dqh8pm5n3v8x6gqbczzakphwwjix63qv60hcd5bqd"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f ; no "check" target
@@ -2987,22 +2984,22 @@ HMMs).")
 (define-public htseq
   (package
     (name "htseq")
-    (version "0.6.1")
+    (version "0.9.1")
     (source (origin
               (method url-fetch)
-              (uri (string-append
-                    "https://pypi.python.org/packages/source/H/HTSeq/HTSeq-"
-                    version ".tar.gz"))
+              (uri (pypi-uri "HTSeq" version))
               (sha256
                (base32
-                "1i85ppf2j2lj12m0x690qq5nn17xxk23pbbx2c83r8ayb5wngzwv"))))
+                "11flgb1381xdhk43bzbfm3vhnszkpqg6jk76rpa5xd1zbrvvlnxg"))))
     (build-system python-build-system)
-    (arguments `(#:python ,python-2)) ; only Python 2 is supported
+    (native-inputs
+     `(("python-cython" ,python-cython)))
     ;; Numpy needs to be propagated when htseq is used as a Python library.
     (propagated-inputs
-     `(("python-numpy" ,python2-numpy)))
+     `(("python-numpy" ,python-numpy)))
     (inputs
-     `(("python-pysam" ,python2-pysam)))
+     `(("python-pysam" ,python-pysam)
+       ("python-matplotlib" ,python-matplotlib)))
     (home-page "http://www-huber.embl.de/users/anders/HTSeq/")
     (synopsis "Analysing high-throughput sequencing data with Python")
     (description
@@ -3010,6 +3007,9 @@ HMMs).")
 from high-throughput sequencing assays.")
     (license license:gpl3+)))
 
+(define-public python2-htseq
+  (package-with-python2 htseq))
+
 (define-public java-htsjdk
   (package
     (name "java-htsjdk")
@@ -3051,7 +3051,7 @@ manipulating HTS data.")
 (define-public htslib
   (package
     (name "htslib")
-    (version "1.3.1")
+    (version "1.5")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -3059,7 +3059,7 @@ manipulating HTS data.")
                     version "/htslib-" version ".tar.bz2"))
               (sha256
                (base32
-                "1rja282fwdc25ql6izkhdyh8ppw8x2fs0w0js78zgkmqjlikmma9"))))
+                "0bcjmnbwp2bib1z1bkrp95w9v2syzdwdfqww10mkb1hxlmg52ax0"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -3071,7 +3071,9 @@ manipulating HTS data.")
               (("/bin/bash") (which "bash")))
             #t)))))
     (inputs
-     `(("zlib" ,zlib)))
+     `(("openssl" ,openssl)
+       ("curl" ,curl)
+       ("zlib" ,zlib)))
     (native-inputs
      `(("perl" ,perl)))
     (home-page "http://www.htslib.org")
@@ -3083,6 +3085,20 @@ data.  It also provides the bgzip, htsfile, and tabix utilities.")
     ;; the rest is released under the Expat license
     (license (list license:expat license:bsd-3))))
 
+;; This package should be removed once no packages rely upon it.
+(define htslib-1.3
+  (package
+    (inherit htslib)
+    (version "1.3.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/samtools/htslib/releases/download/"
+                    version "/htslib-" version ".tar.bz2"))
+              (sha256
+               (base32
+                "1rja282fwdc25ql6izkhdyh8ppw8x2fs0w0js78zgkmqjlikmma9"))))))
+
 (define-public idr
   (package
     (name "idr")
@@ -3457,23 +3473,21 @@ form of assemblies or reads.")
                    license:cpl1.0))))     ; Open Bloom Filter
 
 (define-public metabat
-  ;; We package from a git commit because compilation of the released version
-  ;; fails.
-  (let ((commit "cbdca756993e66ae57e50a27970595dda9cbde1b"))
-    (package
-      (name "metabat")
-      (version (string-append "0.32.4-1." (string-take commit 8)))
-      (source
-       (origin
-         (method git-fetch)
-         (uri (git-reference
-               (url "https://bitbucket.org/berkeleylab/metabat.git")
-               (commit commit)))
-         (file-name (string-append name "-" version))
-         (sha256
-          (base32
-           "0byia8nsip6zvc4ha0qkxkxxyjf4x7jcvy48q2dvb0pzr989syzr"))
-         (patches (search-patches "metabat-remove-compilation-date.patch"))))
+  (package
+    (name "metabat")
+    (version "2.11.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://bitbucket.org/berkeleylab/metabat/get/v"
+                           version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0rws9r1ziv6way8cf49jg8bzj7x2131kfqkhj8byf0z5hnrq3bwv"))
+       (patches (search-patches "metabat-remove-compilation-date.patch"
+                                "metabat-fix-compilation.patch"
+                                "metabat-fix-boost-issue.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -3490,35 +3504,35 @@ form of assemblies or reads.")
                 "#include \"htslib/kseq.h\""))
              #t))
          (add-after 'unpack 'fix-scons
-            (lambda* (#:key inputs #:allow-other-keys)
-              (substitute* "SConstruct"
-                (("^htslib_dir = 'samtools'")
-                 (string-append "hitslib_dir = '"
-                                (assoc-ref inputs "htslib")
-                                "'"))
-                (("^samtools_dir = 'samtools'")
-                 (string-append "samtools_dir = '"
-                                (assoc-ref inputs "htslib")
-                                "'"))
-                (("^findStaticOrShared\\('bam', hts_lib")
-                 (string-append "findStaticOrShared('bam', '"
-                                (assoc-ref inputs "samtools")
-                                "/lib'"))
-                ;; Do not distribute README.
-                (("^env\\.Install\\(idir_prefix, 'README\\.md'\\)") ""))
-              #t))
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "SConstruct"
+               (("^htslib_dir += 'samtools'")
+                (string-append "htslib_dir = '"
+                               (assoc-ref inputs "htslib")
+                               "'"))
+               (("^samtools_dir = 'samtools'")
+                (string-append "samtools_dir = '"
+                               (assoc-ref inputs "samtools")
+                               "'"))
+               (("^findStaticOrShared\\('bam', hts_lib")
+                (string-append "findStaticOrShared('bam', '"
+                               (assoc-ref inputs "samtools")
+                               "/lib'"))
+               ;; Do not distribute README.
+               (("^env\\.Install\\(idir_prefix, 'README\\.md'\\)") ""))
+             #t))
          (delete 'configure)
          (replace 'build
-                  (lambda* (#:key inputs outputs #:allow-other-keys)
-                    (mkdir (assoc-ref outputs "out"))
-                    (zero? (system* "scons"
-                                    (string-append
-                                     "PREFIX="
-                                     (assoc-ref outputs "out"))
-                                    (string-append
-                                     "BOOST_ROOT="
-                                     (assoc-ref inputs "boost"))
-                                    "install"))))
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (mkdir (assoc-ref outputs "out"))
+             (zero? (system* "scons"
+                             (string-append
+                              "PREFIX="
+                              (assoc-ref outputs "out"))
+                             (string-append
+                              "BOOST_ROOT="
+                              (assoc-ref inputs "boost"))
+                             "install"))))
          ;; Check and install are carried out during build phase.
          (delete 'check)
          (delete 'install))))
@@ -3539,8 +3553,10 @@ sequences to deconvolute complex microbial communities, or metagenome binning,
 enables the study of individual organisms and their interactions.  MetaBAT is
 an automated metagenome binning software, which integrates empirical
 probabilistic distances of genome abundance and tetranucleotide frequency.")
-   (license (license:non-copyleft "file://license.txt"
-                                  "See license.txt in the distribution.")))))
+    ;; The source code contains inline assembly.
+    (supported-systems '("x86_64-linux" "i686-linux"))
+    (license (license:non-copyleft "file://license.txt"
+                                   "See license.txt in the distribution."))))
 
 (define-public minced
   (package
@@ -4320,6 +4336,8 @@ extremely diverse sets of genomes.")
     (description
      "RAxML is a tool for phylogenetic analysis and post-analysis of large
 phylogenies.")
+    ;; The source includes x86 specific code
+    (supported-systems '("x86_64-linux" "i686-linux"))
     (license license:gpl2+)))
 
 (define-public rsem
@@ -4512,7 +4530,7 @@ to the user's query of interest.")
 (define-public samtools
   (package
     (name "samtools")
-    (version "1.3.1")
+    (version "1.5")
     (source
      (origin
        (method url-fetch)
@@ -4521,7 +4539,7 @@ to the user's query of interest.")
                        version "/samtools-" version ".tar.bz2"))
        (sha256
         (base32
-         "0znnnxc467jbf1as2dpskrjhfh8mbll760j6w6rdkwlwbqsp8gbc"))))
+         "1xidmv0jmfy7l0kb32hdnlshcxgzi1hmygvig0cqrq1fhckdlhl5"))))
     (build-system gnu-build-system)
     (arguments
      `(#:modules ((ice-9 ftw)
@@ -4529,36 +4547,35 @@ to the user's query of interest.")
                   (guix build gnu-build-system)
                   (guix build utils))
        #:make-flags (list (string-append "prefix=" (assoc-ref %outputs "out")))
-       #:configure-flags (list "--with-ncurses")
+       #:configure-flags (list "--with-ncurses" "--with-htslib=system")
        #:phases
-       (alist-cons-after
-        'unpack 'patch-tests
-        (lambda _
-          (substitute* "test/test.pl"
-            ;; The test script calls out to /bin/bash
-            (("/bin/bash") (which "bash")))
-          #t)
-        (alist-cons-after
-         'install 'install-library
-         (lambda* (#:key outputs #:allow-other-keys)
-           (let ((lib (string-append (assoc-ref outputs "out") "/lib")))
-             (install-file "libbam.a" lib)
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-tests
+           (lambda _
+             (substitute* "test/test.pl"
+               ;; The test script calls out to /bin/bash
+               (("/bin/bash") (which "bash")))
              #t))
-         (alist-cons-after
-          'install 'install-headers
-          (lambda* (#:key outputs #:allow-other-keys)
-            (let ((include (string-append (assoc-ref outputs "out")
-                                          "/include/samtools/")))
-              (for-each (lambda (file)
-                          (install-file file include))
-                        (scandir "." (lambda (name) (string-match "\\.h$" name))))
-              #t))
-          %standard-phases)))))
+         (add-after 'install 'install-library
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((lib (string-append (assoc-ref outputs "out") "/lib")))
+               (install-file "libbam.a" lib)
+               #t)))
+         (add-after 'install 'install-headers
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((include (string-append (assoc-ref outputs "out")
+                                           "/include/samtools/")))
+               (for-each (lambda (file)
+                           (install-file file include))
+                         (scandir "." (lambda (name) (string-match "\\.h$" name))))
+               #t))))))
     (native-inputs `(("pkg-config" ,pkg-config)))
-    (inputs `(("ncurses" ,ncurses)
-              ("perl" ,perl)
-              ("python" ,python)
-              ("zlib" ,zlib)))
+    (inputs
+     `(("htslib" ,htslib)
+       ("ncurses" ,ncurses)
+       ("perl" ,perl)
+       ("python" ,python)
+       ("zlib" ,zlib)))
     (home-page "http://samtools.sourceforge.net")
     (synopsis "Utilities to efficiently manipulate nucleotide sequence alignments")
     (description
@@ -4669,6 +4686,10 @@ Roche 454, Ion Torrent and Pacific BioSciences SMRT.")
         'configure
         (lambda* (#:key outputs #:allow-other-keys)
           (let ((out (assoc-ref outputs "out")))
+            ;; Allow 'konfigure.perl' to find 'package.prl'.
+            (setenv "PERL5LIB"
+                    (string-append ".:" (getenv "PERL5LIB")))
+
             ;; The 'configure' script doesn't recognize things like
             ;; '--enable-fast-install'.
             (zero? (system* "./configure"
@@ -5316,6 +5337,8 @@ and operational taxonomic unit (OTU) picking of next generation
 sequencing (NGS) reads.  The core algorithm is based on approximate seeds and
 allows for fast and sensitive analyses of nucleotide sequences.  The main
 application of SortMeRNA is filtering rRNA from metatranscriptomic data.")
+    ;; The source includes x86 specific code
+    (supported-systems '("x86_64-linux" "i686-linux"))
     (license license:lgpl3)))
 
 (define-public star
@@ -5740,14 +5763,14 @@ high-throughput sequencing experiments.")
 (define-public r-deseq2
   (package
     (name "r-deseq2")
-    (version "1.16.0")
+    (version "1.16.1")
     (source
      (origin
        (method url-fetch)
        (uri (bioconductor-uri "DESeq2" version))
        (sha256
         (base32
-         "0m0apn3xi4kdkinsj4xkw5cwysicyjr6xxlxhpa4scyv589am1s5"))))
+         "01pvyljxkwazxl510v7h0971nx65iqd2bdkbdhw3xzind0n9pdvq"))))
     (properties `((upstream-name . "DESeq2")))
     (build-system r-build-system)
     (propagated-inputs
@@ -5774,17 +5797,60 @@ differential expression based on a model using the negative binomial
 distribution.")
     (license license:lgpl3+)))
 
+(define-public r-dexseq
+  (package
+    (name "r-dexseq")
+    (version "1.22.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "DEXSeq" version))
+       (sha256
+        (base32
+         "085aqk1wlzzqcqcqhvz74y099kr2ln5dwdxd3rl6zan806mgwahg"))))
+    (properties `((upstream-name . "DEXSeq")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-annotationdbi" ,r-annotationdbi)
+       ("r-biobase" ,r-biobase)
+       ("r-biocgenerics" ,r-biocgenerics)
+       ("r-biocparallel" ,r-biocparallel)
+       ("r-biomart" ,r-biomart)
+       ("r-deseq2" ,r-deseq2)
+       ("r-genefilter" ,r-genefilter)
+       ("r-geneplotter" ,r-geneplotter)
+       ("r-genomicranges" ,r-genomicranges)
+       ("r-hwriter" ,r-hwriter)
+       ("r-iranges" ,r-iranges)
+       ("r-rcolorbrewer" ,r-rcolorbrewer)
+       ("r-rsamtools" ,r-rsamtools)
+       ("r-s4vectors" ,r-s4vectors)
+       ("r-statmod" ,r-statmod)
+       ("r-stringr" ,r-stringr)
+       ("r-summarizedexperiment" ,r-summarizedexperiment)))
+    (home-page "http://bioconductor.org/packages/DEXSeq")
+    (synopsis "Inference of differential exon usage in RNA-Seq")
+    (description
+     "This package is focused on finding differential exon usage using RNA-seq
+exon counts between samples with different experimental designs.  It provides
+functions that allows the user to make the necessary statistical tests based
+on a model that uses the negative binomial distribution to estimate the
+variance between biological replicates and generalized linear models for
+testing.  The package also provides functions for the visualization and
+exploration of the results.")
+    (license license:gpl3+)))
+
 (define-public r-annotationforge
   (package
     (name "r-annotationforge")
-    (version "1.18.0")
+    (version "1.18.1")
     (source
      (origin
        (method url-fetch)
        (uri (bioconductor-uri "AnnotationForge" version))
        (sha256
         (base32
-         "01kd86vvgpa4a5zivcy4g6z8rhcykasdskrz8yqsqz211sd1xsr3"))))
+         "1366qvykd9cpcvwgc5g9mm9adw9rxw6p4814dd6l5fyb0pwpmysx"))))
     (properties
      `((upstream-name . "AnnotationForge")))
     (build-system r-build-system)
@@ -5855,14 +5921,14 @@ Enrichment Analysis} (GSEA).")
 (define-public r-category
   (package
     (name "r-category")
-    (version "2.42.0")
+    (version "2.42.1")
     (source
      (origin
        (method url-fetch)
        (uri (bioconductor-uri "Category" version))
        (sha256
         (base32
-         "0swcmihyjg0fhaaydl9hm24aj9zffw3bibza9y6sqs6jaqd97f09"))))
+         "1w186nhc85bglcgmbcrsdbb8l6rph21pl5kdwjqwkp0jnr9z0ifn"))))
     (properties `((upstream-name . "Category")))
     (build-system r-build-system)
     (propagated-inputs
@@ -6367,13 +6433,13 @@ also known as views, in a controlled vocabulary.")
 (define-public r-bookdown
   (package
   (name "r-bookdown")
-  (version "0.3")
+  (version "0.4")
   (source (origin
             (method url-fetch)
             (uri (cran-uri "bookdown" version))
             (sha256
              (base32
-              "0r9bchzg7im6psc3jphvshzbidc5bv5xaih1qg7b5518jy4iyvb9"))))
+              "1fp1k7hivrb7s2dwgrsqy9s7xg6pk9hczhrc149y1dwh901j6qvv"))))
   (build-system r-build-system)
   (propagated-inputs
    `(("r-htmltools" ,r-htmltools)
@@ -6389,13 +6455,13 @@ authoring books and technical documents with R Markdown.")
 (define-public r-biocstyle
   (package
    (name "r-biocstyle")
-   (version "2.4.0")
+   (version "2.4.1")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "BiocStyle" version))
               (sha256
                (base32
-                "1n2c8rj920wmk3q2khmjfnhn5i4b3lmhx1whnghk0zk3jf88hvbi"))))
+                "0bmgmsfll923v573g0kyzlmjd7gly5jwgd8vkrcwvbam1gz75f2c"))))
     (properties
      `((upstream-name . "BiocStyle")))
     (build-system r-build-system)
@@ -6483,14 +6549,14 @@ support for default values, positional argument support, etc.")
 (define-public r-optparse
   (package
     (name "r-optparse")
-    (version "1.3.2")
+    (version "1.4.4")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "optparse" version))
        (sha256
         (base32
-         "1g8as89r91xxi5j5azsd6vrfrhg84mnfx2683j7pacdp8s33radw"))))
+         "1ff4wmsszrb3spwfp7ynfs8w11qpy1sdzfxm1wk8dqqvdwris7qb"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-getopt" ,r-getopt)))
@@ -6506,13 +6572,13 @@ that accept short and long options.")
 (define-public r-dnacopy
   (package
     (name "r-dnacopy")
-    (version "1.50.0")
+    (version "1.50.1")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "DNAcopy" version))
               (sha256
                (base32
-                "0112ry62z18m7rdyrn3gvbxq2f6m44cawhcfb1f02z9xzlsj0k28"))))
+                "0f0x83db7rm5xf9fg5pjhvs4i165qqaf01lbwb8kj13fsqpwx15p"))))
     (properties
      `((upstream-name . "DNAcopy")))
     (build-system r-build-system)
@@ -6528,13 +6594,13 @@ abnormal copy number.")
 (define-public r-s4vectors
   (package
     (name "r-s4vectors")
-    (version "0.14.0")
+    (version "0.14.3")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "S4Vectors" version))
               (sha256
                (base32
-                "0ywwrs4d752xfk0p0w122kvi0xvp6nmxnyynchbsa8zciqymhgv8"))))
+                "1r7s4pfw026qazzic090mhk8d9m39j2nwl87dyqcpdylyq7gq5qs"))))
     (properties
      `((upstream-name . "S4Vectors")))
     (build-system r-build-system)
@@ -6555,14 +6621,14 @@ S4Vectors package itself.")
 (define-public r-seqinr
   (package
     (name "r-seqinr")
-    (version "3.3-6")
+    (version "3.4-5")
     (source
       (origin
         (method url-fetch)
         (uri (cran-uri "seqinr" version))
         (sha256
           (base32
-            "13d0qxm2244wgdl2dy2s8vnrnf5fx4n47if9gkb49dqx6c0sx8s2"))))
+            "17zv0n5cji17izwmwg0jcbxbjl3w5rls91w15svcnlpxjms38ahn"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-ade4" ,r-ade4)
@@ -6580,13 +6646,13 @@ utilities for sequence data management under the ACNUC system.")
 (define-public r-iranges
   (package
     (name "r-iranges")
-    (version "2.10.0")
+    (version "2.10.2")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "IRanges" version))
               (sha256
                (base32
-                "0zp4mxm9h1p4krj7m7cinkvwa2ibqkq59jwpan97yvhb4z8q0d6n"))))
+                "1brmzs3rsf97gymridrh9c9r3vws8b3rpghaanxnniw36lmcajfy"))))
     (properties
      `((upstream-name . "IRanges")))
     (build-system r-build-system)
@@ -6632,13 +6698,13 @@ ID and species.  It is used by functions in the GenomeInfoDb package.")
 (define-public r-genomeinfodb
   (package
     (name "r-genomeinfodb")
-    (version "1.12.0")
+    (version "1.12.2")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "GenomeInfoDb" version))
               (sha256
                (base32
-                "1bwwhscjl376a5p43mx8ijrqajxmgypbqhv049pgagl22hkkf0y3"))))
+                "1hjxgmcnrngp1307ipqaq9hgxz4j0ldn7d46knhzs30k2r4qnrfp"))))
     (properties
      `((upstream-name . "GenomeInfoDb")))
     (build-system r-build-system)
@@ -6687,13 +6753,13 @@ CAGE.")
 (define-public r-variantannotation
   (package
     (name "r-variantannotation")
-    (version "1.22.0")
+    (version "1.22.3")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "VariantAnnotation" version))
               (sha256
                (base32
-                "05hpm4as36kvpiqhgnkfjwfx0a05p304c21ggba29iac4nanm8b3"))))
+                "0sr3vdn85x5zdxh80cfwlpfdpi2hmjy3fwi00ac3jya4v145vawr"))))
     (properties
      `((upstream-name . "VariantAnnotation")))
     (inputs
@@ -6725,13 +6791,13 @@ coding changes and predict coding outcomes.")
 (define-public r-limma
   (package
     (name "r-limma")
-    (version "3.32.0")
+    (version "3.32.5")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "limma" version))
               (sha256
                (base32
-                "0q7rqm86nwq0rg4fjggfr7xqybjrxj425vni3cva70b4c8d1h425"))))
+                "0p2ayha9g9w5r8s7pgdf16mkmdbqwh6f35jh07g3b8gyra48gwiw"))))
     (build-system r-build-system)
     (home-page "http://bioinf.wehi.edu.au/limma")
     (synopsis "Package for linear models for microarray and RNA-seq data")
@@ -6780,13 +6846,13 @@ different technologies, including microarrays, RNA-seq, and quantitative PCR.")
 (define-public r-genomicranges
   (package
     (name "r-genomicranges")
-    (version "1.28.0")
+    (version "1.28.4")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "GenomicRanges" version))
               (sha256
                (base32
-                "10x9zx0b7j05d1j6p0xs4q4f4wzbhf3rq64wzi9cgv7f44q43a5n"))))
+                "1y15kg1q81h8rmga83ljiwr8whkajcargfjiljr212d6if17ys1z"))))
     (properties
      `((upstream-name . "GenomicRanges")))
     (build-system r-build-system)
@@ -6809,13 +6875,13 @@ manipulating genomic intervals and variables defined along a genome.")
 (define-public r-biobase
   (package
     (name "r-biobase")
-    (version "2.36.0")
+    (version "2.36.2")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "Biobase" version))
               (sha256
                (base32
-                "0x7pf5xsdcj12dbf5qqki2c6bd5madqg2fbiq5xgisarpc9v6c1m"))))
+                "0sr48nqx5bqid4g6lr9zr9286xh842w717yvmssvddb5xxynib6f"))))
     (properties
      `((upstream-name . "Biobase")))
     (build-system r-build-system)
@@ -6831,13 +6897,13 @@ on Bioconductor or which replace R functions.")
 (define-public r-annotationdbi
   (package
     (name "r-annotationdbi")
-    (version "1.38.0")
+    (version "1.38.2")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "AnnotationDbi" version))
               (sha256
                (base32
-                "1xffm98s817mfc827cnr0by6167nlrl1glxzjawzz0rkghs41g27"))))
+                "1lsamnbf07zzsy5asy5hn97n2a4layv58w2bzd90ikcdx0gmzarj"))))
     (properties
      `((upstream-name . "AnnotationDbi")))
     (build-system r-build-system)
@@ -6858,13 +6924,13 @@ annotation data packages using SQLite data storage.")
 (define-public r-biomart
   (package
     (name "r-biomart")
-    (version "2.32.0")
+    (version "2.32.1")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "biomaRt" version))
               (sha256
                (base32
-                "0knkxh23vl9pa0by03xr6dy9aiah714cmf54jl828k51l9wv5l2j"))))
+                "0fhpbjlsgbqxrpj6nzhhk9q3ph81n5x4p7mmd097xjjn6b05w1d8"))))
     (properties
      `((upstream-name . "biomaRt")))
     (build-system r-build-system)
@@ -6888,13 +6954,13 @@ powerful online queries from gene annotation to database mining.")
 (define-public r-biocparallel
   (package
     (name "r-biocparallel")
-    (version "1.10.0")
+    (version "1.10.1")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "BiocParallel" version))
               (sha256
                (base32
-                "01ph0kq70b5gkd7n6a4myjlvwzgc0hi4xfwz8h17h06n9p5sdwa9"))))
+                "08mdfxyk9nwz77v0xhlvs19p2wj0phgm5c5b25vm0xh3749njsp0"))))
     (properties
      `((upstream-name . "BiocParallel")))
     (build-system r-build-system)
@@ -6912,13 +6978,13 @@ objects.")
 (define-public r-biostrings
   (package
     (name "r-biostrings")
-    (version "2.44.0")
+    (version "2.44.2")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "Biostrings" version))
               (sha256
                (base32
-                "0ixgx12cx2z4n2khxq83crz9gc21qckj2v78y2p31567kfsw7clg"))))
+                "12c5abgshwq86357jr0r9039y6vl4d6ngysy89rsnr23ldnsirjp"))))
     (properties
      `((upstream-name . "Biostrings")))
     (build-system r-build-system)
@@ -6982,13 +7048,13 @@ files.")
 (define-public r-delayedarray
   (package
     (name "r-delayedarray")
-    (version "0.2.0")
+    (version "0.2.7")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "DelayedArray" version))
               (sha256
                (base32
-                "0pcsk0f2dg2ldzprs1cccqrk53jrysmm6ccgjj5wh6z3x17g7g2r"))))
+                "02dfqp4md9xaqjj712ijc3jswghmipr5hwkd5hr0x1xi6l2fb69g"))))
     (properties
      `((upstream-name . "DelayedArray")))
     (build-system r-build-system)
@@ -7012,13 +7078,13 @@ array-like objects like @code{DataFrame} objects (typically with Rle columns),
 (define-public r-summarizedexperiment
   (package
     (name "r-summarizedexperiment")
-    (version "1.6.0")
+    (version "1.6.3")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "SummarizedExperiment" version))
               (sha256
                (base32
-                "1szjbzzz4pyip891nji71caalxh0rhqiv7rpv6q54swlrqpfkqkw"))))
+                "0j7xn7pk52d383fb1wplcggacl2586c4zi0alkgfc3wz7qq9w13s"))))
     (properties
      `((upstream-name . "SummarizedExperiment")))
     (build-system r-build-system)
@@ -7043,13 +7109,13 @@ samples.")
 (define-public r-genomicalignments
   (package
     (name "r-genomicalignments")
-    (version "1.12.0")
+    (version "1.12.1")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "GenomicAlignments" version))
               (sha256
                (base32
-                "1aagyrdk5309a7awg42lg0bpirp91i6i2ddvpmrs38pzriwahnjy"))))
+                "127690sys4i5q3l4vxnjg4xg8q19qlw2258vgs5d1156w9ypp04h"))))
     (properties
      `((upstream-name . "GenomicAlignments")))
     (build-system r-build-system)
@@ -7076,13 +7142,13 @@ alignments.")
 (define-public r-rtracklayer
   (package
     (name "r-rtracklayer")
-    (version "1.36.0")
+    (version "1.36.4")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "rtracklayer" version))
               (sha256
                (base32
-                "0dv7p3wzmx57inznf6fb06417zcm48g7fpazyahxny7bqgzwq0ig"))))
+                "050q1rv04w31168ljr975vxva31n9lqdx84rnmsk6zcr6p640ffp"))))
     (build-system r-build-system)
     (arguments
      `(#:phases
@@ -7121,13 +7187,13 @@ as well as query and modify the browser state, such as the current viewport.")
 (define-public r-genomicfeatures
   (package
     (name "r-genomicfeatures")
-    (version "1.28.0")
+    (version "1.28.4")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "GenomicFeatures" version))
               (sha256
                (base32
-                "1pjxlr34ygv8pvfwpyq268wpgqzphiwpij85fyhjqdwdp0a253ik"))))
+                "01ylvg275iy0cvsbxkbfxcf9pi9al597v5wnlqi2xdpmrcxyc3q0"))))
     (properties
      `((upstream-name . "GenomicFeatures")))
     (build-system r-build-system)
@@ -7800,7 +7866,7 @@ throughput genetic sequencing data sets using regression methods.")
 (define-public r-qtl
  (package
   (name "r-qtl")
-  (version "1.40-8")
+  (version "1.41-6")
   (source
    (origin
     (method url-fetch)
@@ -7808,7 +7874,7 @@ throughput genetic sequencing data sets using regression methods.")
                         version ".tar.gz"))
     (sha256
      (base32
-      "05bj1x2ry0i7yqiydlswb3d2h4pxg70z8w1072az1mrv1m54k8sp"))))
+      "067az4v432zxp6lxck8d7vlh9w4r13r0mvw5zsglyaqwsh3d9sad"))))
   (build-system r-build-system)
   (home-page "http://rqtl.org/")
   (synopsis "R package for analyzing QTL experiments in genetics")
@@ -8050,14 +8116,14 @@ in SNV base substitution data.")
 (define-public r-wgcna
   (package
     (name "r-wgcna")
-    (version "1.51")
+    (version "1.61")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "WGCNA" version))
        (sha256
         (base32
-         "0hzvnhw76vwg8bl8x368f0c5szpwb8323bmrb3bir93i5bmfjsxx"))))
+         "1vrc2k33a196hrrl7k0z534fp96vv0shmigcr65ny1q0v6lq0h6i"))))
     (properties `((upstream-name . "WGCNA")))
     (build-system r-build-system)
     (propagated-inputs
@@ -8069,6 +8135,9 @@ in SNV base substitution data.")
        ("r-go-db" ,r-go-db)
        ("r-hmisc" ,r-hmisc)
        ("r-impute" ,r-impute)
+       ("r-rcpp" ,r-rcpp)
+       ("r-robust" ,r-robust)
+       ("r-survival" ,r-survival)
        ("r-matrixstats" ,r-matrixstats)
        ("r-preprocesscore" ,r-preprocesscore)))
     (home-page
@@ -8247,6 +8316,30 @@ package, and for letting R applications work on datasets that are larger than
 the available RAM.")
     (license license:artistic2.0)))
 
+(define-public r-annotationfilter
+  (package
+    (name "r-annotationfilter")
+    (version "1.0.0")
+    (source (origin
+              (method url-fetch)
+              (uri (bioconductor-uri "AnnotationFilter" version))
+              (sha256
+               (base32
+                "0pxvswjzwibdfmrkdragxmzcl844z73pmkn82z92wahwa6gjfyi7"))))
+    (properties
+     `((upstream-name . "AnnotationFilter")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-genomicranges" ,r-genomicranges)
+       ("r-lazyeval" ,r-lazyeval)))
+    (home-page "https://github.com/Bioconductor/AnnotationFilter")
+    (synopsis "Facilities for filtering Bioconductor annotation resources")
+    (description
+     "This package provides classes and other infrastructure to implement
+filters for manipulating Bioconductor annotation resources.  The filters are
+used by @code{ensembldb}, @code{Organism.dplyr}, and other packages.")
+    (license license:artistic2.0)))
+
 (define-public emboss
   (package
     (name "emboss")
@@ -8567,14 +8660,14 @@ GenomicRanges Bioconductor package.")
 (define-public r-copywriter
   (package
     (name "r-copywriter")
-    (version "2.8.0")
+    (version "2.8.1")
     (source
      (origin
        (method url-fetch)
        (uri (bioconductor-uri "CopywriteR" version))
        (sha256
         (base32
-         "183nmrqmdf9syqljslvwv7mhs9ar5xizzq98imgsc80q0m25ncjf"))))
+         "0xgqnq5v5213b3nzvlmjysjb7w1bc0iblqpmzbjqn7n0ib0qyhbm"))))
     (properties `((upstream-name . "CopywriteR")))
     (build-system r-build-system)
     (propagated-inputs
@@ -8604,21 +8697,70 @@ CopywriteR constitutes a widely applicable alternative to available copy
 number detection tools.")
     (license license:gpl2)))
 
+(define-public r-methylkit
+  (package
+    (name "r-methylkit")
+    (version "1.2.0")
+    (source (origin
+              (method url-fetch)
+              (uri (bioconductor-uri "methylKit" version))
+              (sha256
+               (base32
+                "02acdjf6jl0c1glymin84pdna4farn4vv0gb6107d9iqz3y3gkmm"))))
+    (properties `((upstream-name . "methylKit")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-data-table" ,r-data-table)
+       ("r-emdbook" ,r-emdbook)
+       ("r-fastseg" ,r-fastseg)
+       ("r-genomeinfodb" ,r-genomeinfodb)
+       ("r-genomicranges" ,r-genomicranges)
+       ("r-gtools" ,r-gtools)
+       ("r-iranges" ,r-iranges)
+       ("r-kernsmooth" ,r-kernsmooth)
+       ("r-limma" ,r-limma)
+       ("r-mclust" ,r-mclust)
+       ("r-qvalue" ,r-qvalue)
+       ("r-r-utils" ,r-r-utils)
+       ("r-rcpp" ,r-rcpp)
+       ("r-rhtslib" ,r-rhtslib)
+       ("r-rsamtools" ,r-rsamtools)
+       ("r-rtracklayer" ,r-rtracklayer)
+       ("r-s4vectors" ,r-s4vectors)
+       ("r-zlibbioc" ,r-zlibbioc)))
+    (inputs
+     `(("zlib" ,zlib)))
+    (home-page "http://code.google.com/p/methylkit/")
+    (synopsis
+     "DNA methylation analysis from high-throughput bisulfite sequencing results")
+    (description
+     "MethylKit is an R package for DNA methylation analysis and annotation
+from high-throughput bisulfite sequencing.  The package is designed to deal
+with sequencing data from @dfn{Reduced representation bisulfite
+sequencing} (RRBS) and its variants, but also target-capture methods and whole
+genome bisulfite sequencing.  It also has functions to analyze base-pair
+resolution 5hmC data from experimental protocols such as oxBS-Seq and
+TAB-Seq.")
+    (license license:artistic2.0)))
+
 (define-public r-sva
   (package
     (name "r-sva")
-    (version "3.24.0")
+    (version "3.24.4")
     (source
      (origin
        (method url-fetch)
        (uri (bioconductor-uri "sva" version))
        (sha256
         (base32
-         "04pxl61iyc845wmqca1qv8kbb8zcp0qp72zgvgki3zzmrph9a362"))))
+         "0wcway4ai9im81xnrzb1vij2iidq5pw24qhjfgacmhxvx3dzhbsc"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-genefilter" ,r-genefilter)
-       ("r-mgcv" ,r-mgcv)))
+       ("r-mgcv" ,r-mgcv)
+       ("r-biocparallel" ,r-biocparallel)
+       ("r-matrixstats" ,r-matrixstats)
+       ("r-limma" ,r-limma)))
     (home-page "http://bioconductor.org/packages/sva")
     (synopsis "Surrogate variable analysis")
     (description
@@ -8634,14 +8776,14 @@ unmodeled, or latent sources of noise.")
 (define-public r-seqminer
   (package
     (name "r-seqminer")
-    (version "5.9")
+    (version "6.0")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "seqminer" version))
        (sha256
         (base32
-         "0sfkxrc9gy5a8fadzyzfzh7l5grasm8cj6cd2nnpv85ws6mqr6qd"))))
+         "057j1l6dip35l1aivilapl2zv9db677b3di2pb3sfgq2sxg0ps3l"))))
     (build-system r-build-system)
     (inputs
      `(("zlib" ,zlib)))
@@ -8745,7 +8887,8 @@ proteomics packages.")
     (properties `((upstream-name . "mzR")))
     (build-system r-build-system)
     (inputs
-     `(("netcdf" ,netcdf)))
+     `(("boost" ,boost)
+       ("netcdf" ,netcdf)))
     (propagated-inputs
      `(("r-biobase" ,r-biobase)
        ("r-biocgenerics" ,r-biocgenerics)
@@ -9163,6 +9306,123 @@ distributional differences between lanes (e.g., sequencing depth):
 global-scaling and full-quantile normalization.")
     (license license:artistic2.0)))
 
+(define-public r-interactivedisplaybase
+  (package
+    (name "r-interactivedisplaybase")
+    (version "1.14.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "interactiveDisplayBase" version))
+       (sha256
+        (base32
+         "12f6ap4bl3h2iwwhg8i3r9a7yyd28d8i5lb3fj1vnfvjs762r7r7"))))
+    (properties
+     `((upstream-name . "interactiveDisplayBase")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-biocgenerics" ,r-biocgenerics)
+       ("r-shiny" ,r-shiny)))
+    (home-page "http://bioconductor.org/packages/interactiveDisplayBase")
+    (synopsis "Base package for web displays of Bioconductor objects")
+    (description
+     "This package contains the basic methods needed to generate interactive
+Shiny-based display methods for Bioconductor objects.")
+    (license license:artistic2.0)))
+
+(define-public r-annotationhub
+  (package
+    (name "r-annotationhub")
+    (version "2.8.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "AnnotationHub" version))
+       (sha256
+        (base32
+         "1nh5si3j1nv37jcg4260582ayjg18851np47cskrm54prnvhwd9r"))))
+    (properties `((upstream-name . "AnnotationHub")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-annotationdbi" ,r-annotationdbi)
+       ("r-biocgenerics" ,r-biocgenerics)
+       ("r-biocinstaller" ,r-biocinstaller)
+       ("r-httr" ,r-httr)
+       ("r-interactivedisplaybase" ,r-interactivedisplaybase)
+       ("r-rsqlite" ,r-rsqlite)
+       ("r-s4vectors" ,r-s4vectors)
+       ("r-yaml" ,r-yaml)))
+    (home-page "http://bioconductor.org/packages/AnnotationHub")
+    (synopsis "Client to access AnnotationHub resources")
+    (description
+     "This package provides a client for the Bioconductor AnnotationHub web
+resource.  The AnnotationHub web resource provides a central location where
+genomic files (e.g. VCF, bed, wig) and other resources from standard
+locations (e.g. UCSC, Ensembl) can be discovered.  The resource includes
+metadata about each resource, e.g., a textual description, tags, and date of
+modification.  The client creates and manages a local cache of files retrieved
+by the user, helping with quick and reproducible access.")
+    (license license:artistic2.0)))
+
+(define-public r-fastseg
+  (package
+    (name "r-fastseg")
+    (version "1.22.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "fastseg" version))
+       (sha256
+        (base32
+         "083wiz03q9mynwchs9frlpp6c84dncri5ncibx6h82p228cpja6h"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-biobase" ,r-biobase)
+       ("r-biocgenerics" ,r-biocgenerics)
+       ("r-genomicranges" ,r-genomicranges)
+       ("r-iranges" ,r-iranges)
+       ("r-s4vectors" ,r-s4vectors)))
+    (home-page "http://www.bioinf.jku.at/software/fastseg/index.html")
+    (synopsis "Fast segmentation algorithm for genetic sequencing data")
+    (description
+     "Fastseg implements a very fast and efficient segmentation algorithm.
+It can segment data from DNA microarrays and data from next generation
+sequencing for example to detect copy number segments.  Further it can segment
+data from RNA microarrays like tiling arrays to identify transcripts.  Most
+generally, it can segment data given as a matrix or as a vector.  Various data
+formats can be used as input to fastseg like expression set objects for
+microarrays or GRanges for sequencing data.")
+    (license license:lgpl2.0+)))
+
+(define-public r-qvalue
+  (package
+    (name "r-qvalue")
+    (version "2.8.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "qvalue" version))
+       (sha256
+        (base32
+         "1dxdwa767a9r8n61r272ypi09qblcdfpzzwkmri74y5mbp1r3y4i"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-ggplot2" ,r-ggplot2)
+       ("r-reshape2" ,r-reshape2)))
+    (home-page "http://github.com/jdstorey/qvalue")
+    (synopsis "Q-value estimation for false discovery rate control")
+    (description
+     "This package takes a list of p-values resulting from the simultaneous
+testing of many hypotheses and estimates their q-values and local @dfn{false
+discovery rate} (FDR) values.  The q-value of a test measures the proportion
+of false positives incurred when that particular test is called significant.
+The local FDR measures the posterior probability the null hypothesis is true
+given the test's p-value.  Various plots are automatically generated, allowing
+one to make sensible significance cut-offs.  The software can be applied to
+problems in genomics, brain imaging, astrophysics, and data mining.")
+    ;; Any version of the LGPL.
+    (license license:lgpl3+)))
+
 (define htslib-for-sambamba
   (let ((commit "2f3c3ea7b301f9b45737a793c0b2dcf0240e5ee5"))
     (package
@@ -9731,3 +9991,66 @@ such as transcription factor binding sites (ChIP-seq) or regions of open
 chromatin (DNase-seq).  Output can be displayed directly in the UCSC Genome
 Browser.")
       (license license:gpl3+))))
+
+(define-public bismark
+  (package
+    (name "bismark")
+    (version "0.16.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/FelixKrueger/Bismark/"
+                           "archive/" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1204i0pa02ll2jn5pnxypkclnskvv7a2nwh5nxhagmhxk9wfv9sq"))))
+    (build-system perl-build-system)
+    (arguments
+     `(#:tests? #f ; there are no tests
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (delete 'build)
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((bin (string-append (assoc-ref outputs "out")
+                                       "/bin"))
+                   (docdir  (string-append (assoc-ref outputs "out")
+                                           "/share/doc/bismark"))
+                   (docs    '("Bismark_User_Guide.pdf"
+                              "RELEASE_NOTES.txt"))
+                   (scripts '("bismark"
+                              "bismark_genome_preparation"
+                              "bismark_methylation_extractor"
+                              "bismark2bedGraph"
+                              "bismark2report"
+                              "coverage2cytosine"
+                              "deduplicate_bismark"
+                              "bismark_sitrep.tpl"
+                              "bam2nuc"
+                              "bismark2summary")))
+               (mkdir-p docdir)
+               (mkdir-p bin)
+               (for-each (lambda (file) (install-file file bin))
+                         scripts)
+               (for-each (lambda (file) (install-file file docdir))
+                         docs)
+               #t))))))
+    (home-page "http://www.bioinformatics.babraham.ac.uk/projects/bismark/")
+    (synopsis "Map bisulfite treated sequence reads and analyze methylation")
+    (description "Bismark is a program to map bisulfite treated sequencing
+reads to a genome of interest and perform methylation calls in a single step.
+The output can be easily imported into a genome viewer, such as SeqMonk, and
+enables a researcher to analyse the methylation levels of their samples
+straight away.  Its main features are:
+
+@itemize
+@item Bisulfite mapping and methylation calling in one single step
+@item Supports single-end and paired-end read alignments
+@item Supports ungapped and gapped alignments
+@item Alignment seed length, number of mismatches etc are adjustable
+@item Output discriminates between cytosine methylation in CpG, CHG
+  and CHH context
+@end itemize\n")
+    (license license:gpl3+)))
diff --git a/gnu/packages/boost.scm b/gnu/packages/boost.scm
index dfaa853533..4c7308e9d6 100644
--- a/gnu/packages/boost.scm
+++ b/gnu/packages/boost.scm
@@ -28,14 +28,15 @@
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages perl)
   #:use-module (gnu packages python)
-  #:use-module (gnu packages shells)
-  #:use-module (gnu packages perl))
+  #:use-module (gnu packages shells))
 
 (define-public boost
   (package
     (name "boost")
-    (version "1.63.0")
+    (version "1.64.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -44,9 +45,10 @@
                     ".tar.bz2"))
               (sha256
                (base32
-                "1c5kzhcqahnic55dxcnw7r80qvwx5sfa2sa97yzv7xjrywljbbmy"))))
+                "0cikd35xfkpg9nnl76yqqnqxnf3hyfjjww8xjd4akflprsm5rk3v"))))
     (build-system gnu-build-system)
-    (inputs `(("zlib" ,zlib)))
+    (inputs `(("icu4c" ,icu4c)
+              ("zlib" ,zlib)))
     (native-inputs
      `(("perl" ,perl)
        ("python" ,python-2)
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
index 9ae6175280..f66d0bb3f4 100644
--- a/gnu/packages/bootloaders.scm
+++ b/gnu/packages/bootloaders.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2016, 2017 Danny Milosavljevic <dannym@scratchpost.org>
 ;;; Copyright © 2016, 2017 David Craven <david@craven.ch>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -37,11 +38,12 @@
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages man)
+  #:use-module (gnu packages mtools)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages python)
-  #:use-module (gnu packages qemu)
   #:use-module (gnu packages texinfo)
+  #:use-module (gnu packages virtualization)
   #:use-module (guix build-system gnu)
   #:use-module (guix download)
   #:use-module (guix git-download)
@@ -120,7 +122,7 @@
        ("bison" ,bison)
        ;; Due to a bug in flex >= 2.6.2, GRUB must be built with an older flex:
        ;; <http://lists.gnu.org/archive/html/grub-devel/2017-02/msg00133.html>
-       ;; TODO Try building with flex > 2.6.3.
+       ;; TODO Try building with flex > 2.6.4.
        ("flex" ,flex-2.6.1)
        ("texinfo" ,texinfo)
        ("help2man" ,help2man)
@@ -149,6 +151,7 @@ menu to select one of the installed operating systems.")
     (synopsis "GRand Unified Boot loader (UEFI version)")
     (inputs
      `(("efibootmgr" ,efibootmgr)
+       ("mtools", mtools)
        ,@(package-inputs grub)))
     (arguments
      `(;; TODO: Tests need a UEFI firmware for qemu. There is one at
@@ -166,7 +169,52 @@ menu to select one of the installed operating systems.")
                      (("efibootmgr")
                       (string-append (assoc-ref inputs "efibootmgr")
                                      "/sbin/efibootmgr")))
-                   #t)))))))))
+                   #t))
+               (add-after 'patch-stuff 'use-absolute-mtools-path
+                 (lambda* (#:key inputs #:allow-other-keys)
+                   (let ((mtools (assoc-ref inputs "mtools")))
+                     (substitute* "util/grub-mkrescue.c"
+                       (("\"mformat\"")
+                        (string-append "\"" mtools
+                                       "/bin/mformat\"")))
+                     (substitute* "util/grub-mkrescue.c"
+                       (("\"mcopy\"")
+                        (string-append "\"" mtools
+                                       "/bin/mcopy\"")))
+                     #t))))))))))
+
+;; Because grub searches hardcoded paths it's easiest to just build grub
+;; again to make it find both grub-pc and grub-efi.  There is a command
+;; line argument which allows you to specify ONE platform - but
+;; grub-mkrescue will use multiple platforms if they are available
+;; in the installation directory (without command line argument).
+(define-public grub-hybrid
+  (package
+    (inherit grub-efi)
+    (name "grub-hybrid")
+    (synopsis "GRand Unified Boot loader (hybrid version)")
+    (inputs
+     `(("grub" ,grub)
+       ,@(package-inputs grub-efi)))
+    (arguments
+     (substitute-keyword-arguments (package-arguments grub-efi)
+       ((#:modules modules `((guix build utils) (guix build gnu-build-system)))
+        `((ice-9 ftw) ,@modules))
+       ((#:phases phases)
+        `(modify-phases ,phases
+           (add-after 'install 'install-non-efi
+             (lambda* (#:key inputs outputs #:allow-other-keys)
+               (let ((input-dir (string-append (assoc-ref inputs "grub")
+                                               "/lib/grub"))
+                     (output-dir (string-append (assoc-ref outputs "out")
+                                                "/lib/grub")))
+                 (for-each
+                  (lambda (basename)
+                    (if (not (string-prefix? "." basename))
+                        (symlink (string-append input-dir "/" basename)
+                                 (string-append output-dir "/" basename))))
+                  (scandir input-dir))
+                 #t)))))))))
 
 (define-public syslinux
   (let ((commit "bb41e935cc83c6242de24d2271e067d76af3585c"))
@@ -244,7 +292,7 @@ menu to select one of the installed operating systems.")
     (build-system gnu-build-system)
     (native-inputs
      `(("bison" ,bison)
-       ("flex" ,flex-2.6.1))) ; A bug in flex prevents building with flex-2.6.3.
+       ("flex" ,flex)))
     (arguments
      `(#:make-flags
        (list "CC=gcc"
@@ -263,7 +311,7 @@ tree binary files.  These are board description files used by Linux and BSD.")
 (define u-boot
   (package
     (name "u-boot")
-    (version "2017.03")
+    (version "2017.07")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -271,7 +319,7 @@ tree binary files.  These are board description files used by Linux and BSD.")
                     "u-boot-" version ".tar.bz2"))
               (sha256
                (base32
-                "0gqihplap05dlpwdb971wsqyv01nz2vabwq5g5649gr5jczsyjzm"))))
+                "1zzywk0fgngm1mfnhkp8d0v57rs51zr1y6rp4p03i6nbibfbyx2k"))))
     (native-inputs
      `(("bc" ,bc)
        ("dtc" ,dtc)
@@ -285,48 +333,56 @@ also initializes the boards (RAM etc).")
 
 (define (make-u-boot-package board triplet)
   "Returns a u-boot package for BOARD cross-compiled for TRIPLET."
-  (package
-    (inherit u-boot)
-    (name (string-append "u-boot-" (string-downcase board)))
-    (native-inputs
-     `(("cross-gcc" ,(cross-gcc triplet))
-       ("cross-binutils" ,(cross-binutils triplet))
-       ,@(package-native-inputs u-boot)))
-    (arguments
-     `(#:modules ((ice-9 ftw) (guix build utils) (guix build gnu-build-system))
-       #:test-target "test"
-       #:make-flags
-       (list "HOSTCC=gcc" (string-append "CROSS_COMPILE=" ,triplet "-"))
-       #:phases
-       (modify-phases %standard-phases
-         (replace 'configure
-           (lambda* (#:key outputs make-flags #:allow-other-keys)
-             (let ((config-name (string-append ,board "_defconfig")))
-               (if (file-exists? (string-append "configs/" config-name))
-                   (zero? (apply system* "make" `(,@make-flags ,config-name)))
-                   (begin
-                     (display "Invalid board name. Valid board names are:")
-                     (let ((suffix-len (string-length "_defconfig")))
-                       (scandir "configs"
-                                (lambda (file-name)
-                                  (when (string-suffix? "_defconfig" file-name)
-                                    (format #t
-                                            "- ~A\n"
-                                            (string-drop-right file-name
-                                                               suffix-len))))))
-                     #f)))))
-         (replace 'install
-           (lambda* (#:key outputs make-flags #:allow-other-keys)
-             (let* ((out (assoc-ref outputs "out"))
-                    (libexec (string-append out "/libexec"))
-                    (uboot-files (find-files "." ".*\\.(bin|efi|spl)$")))
-               (mkdir-p libexec)
-               (for-each
-                (lambda (file)
-                  (let ((target-file (string-append libexec "/" file)))
-                    (mkdir-p (dirname target-file))
-                    (copy-file file target-file)))
-                uboot-files)))))))))
+  (let ((same-arch? (if (string-prefix? (%current-system) triplet)
+                      `#t
+                      `#f)))
+    (package
+      (inherit u-boot)
+      (name (string-append "u-boot-" (string-downcase board)))
+      (native-inputs
+       `(,@(if (not same-arch?)
+             `(("cross-gcc" ,(cross-gcc triplet))
+               ("cross-binutils" ,(cross-binutils triplet)))
+             '())
+         ,@(package-native-inputs u-boot)))
+      (arguments
+       `(#:modules ((ice-9 ftw) (guix build utils) (guix build gnu-build-system))
+         #:test-target "test"
+         #:make-flags
+         (list "HOSTCC=gcc"
+               ,@(if (not same-arch?)
+                   `((string-append "CROSS_COMPILE=" ,triplet "-"))
+                   '()))
+         #:phases
+         (modify-phases %standard-phases
+           (replace 'configure
+             (lambda* (#:key outputs make-flags #:allow-other-keys)
+               (let ((config-name (string-append ,board "_defconfig")))
+                 (if (file-exists? (string-append "configs/" config-name))
+                     (zero? (apply system* "make" `(,@make-flags ,config-name)))
+                     (begin
+                       (display "Invalid board name. Valid board names are:")
+                       (let ((suffix-len (string-length "_defconfig")))
+                         (scandir "configs"
+                                  (lambda (file-name)
+                                    (when (string-suffix? "_defconfig" file-name)
+                                      (format #t
+                                              "- ~A\n"
+                                              (string-drop-right file-name
+                                                                 suffix-len))))))
+                       #f)))))
+           (replace 'install
+             (lambda* (#:key outputs make-flags #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out"))
+                      (libexec (string-append out "/libexec"))
+                      (uboot-files (find-files "." ".*\\.(bin|efi|spl)$")))
+                 (mkdir-p libexec)
+                 (for-each
+                  (lambda (file)
+                    (let ((target-file (string-append libexec "/" file)))
+                      (mkdir-p (dirname target-file))
+                      (copy-file file target-file)))
+                  uboot-files))))))))))
 
 (define-public u-boot-vexpress
   (make-u-boot-package "vexpress_ca9x4" "arm-linux-gnueabihf"))
@@ -336,3 +392,6 @@ also initializes the boards (RAM etc).")
 
 (define-public u-boot-beagle-bone-black
   (make-u-boot-package "am335x_boneblack" "arm-linux-gnueabihf"))
+
+(define-public u-boot-odroid-c2
+  (make-u-boot-package "odroid-c2" "aarch64-linux-gnu"))
diff --git a/gnu/packages/bootstrap.scm b/gnu/packages/bootstrap.scm
index f43decc96e..ba733b3a9e 100644
--- a/gnu/packages/bootstrap.scm
+++ b/gnu/packages/bootstrap.scm
@@ -162,6 +162,7 @@ successful, or false to signal an error."
                                         gnu-triplet->nix-system)
                                  (%current-system))))
   "Return the name of Glibc's dynamic linker for SYSTEM."
+  ;; See the 'SYSDEP_KNOWN_INTERPRETER_NAMES' cpp macro in libc.
   (cond ((string=? system "x86_64-linux") "/lib/ld-linux-x86-64.so.2")
         ((string=? system "i686-linux") "/lib/ld-linux.so.2")
         ((string=? system "armhf-linux") "/lib/ld-linux-armhf.so.3")
@@ -170,6 +171,7 @@ successful, or false to signal an error."
         ((string=? system "i686-gnu") "/lib/ld.so.1")
         ((string=? system "aarch64-linux") "/lib/ld-linux-aarch64.so.1")
         ((string=? system "powerpc-linux") "/lib/ld.so.1")
+        ((string=? system "powerpc64le-linux") "/lib/ld64.so.2")
         ((string=? system "alpha-linux") "/lib/ld-linux.so.2")
 
         ;; XXX: This one is used bare-bones, without a libc, so add a case
diff --git a/gnu/packages/build-tools.scm b/gnu/packages/build-tools.scm
index 66f46433f9..353c9c8efb 100644
--- a/gnu/packages/build-tools.scm
+++ b/gnu/packages/build-tools.scm
@@ -23,6 +23,7 @@
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (gnu packages)
+  #:use-module (gnu packages compression)
   #:use-module (gnu packages python)
   #:use-module (gnu packages ninja)
   #:use-module (guix build-system gnu)
@@ -69,7 +70,7 @@ makes a few sacrifices to acquire fast full and incremental build times.")
 (define-public meson
   (package
     (name "meson")
-    (version "0.40.1")
+    (version "0.41.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/mesonbuild/meson/"
@@ -77,7 +78,7 @@ makes a few sacrifices to acquire fast full and incremental build times.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0yl6iryh89nn6hzhwv7kg16ki1chh9h0x1yk1y130h87iq42a35r"))))
+                "12ygjh1dxi8z06nl704rfb6zj0m2zjqp279nymfgzfgy5zq032d4"))))
     (build-system python-build-system)
     (inputs `(("ninja", ninja)))
     (home-page "https://mesonbuild.com/")
@@ -90,3 +91,37 @@ Autoconf/Automake/make combo.  Build specifications, also known as @dfn{Meson
 files}, are written in a custom domain-specific language (DSL) that resembles
 Python.")
     (license license:asl2.0)))
+
+(define-public premake4
+  (package
+    (name "premake")
+    (version "4.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://sourceforge/premake/Premake/"
+                                  version "/premake-" version "-src.zip"))
+              (sha256
+               (base32
+                "1017rd0wsjfyq2jvpjjhpszaa7kmig6q1nimw76qx3cjz2868lrn"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("unzip" ,unzip))) ; for unpacking the source
+    (arguments
+     `(#:make-flags '("CC=gcc")
+       #:tests? #f ; No test suite
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (add-after 'unpack 'enter-source
+           (lambda _ (chdir "build/gmake.unix") #t))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (install-file "../../bin/release/premake4"
+                           (string-append (assoc-ref outputs "out") "/bin"))
+             #t)))))
+    (synopsis "Portable software build tool")
+    (description "@code{premake4} is a command line utility that reads a
+scripted definition of a software project and outputs @file{Makefile}s or
+other lower-level build files.")
+    (home-page "https://premake.github.io")
+    (license license:bsd-3)))
diff --git a/gnu/packages/calendar.scm b/gnu/packages/calendar.scm
index b022c0efa7..74601871cc 100644
--- a/gnu/packages/calendar.scm
+++ b/gnu/packages/calendar.scm
@@ -118,8 +118,9 @@ data units.")
        ("python-pytest-cov" ,python-pytest-cov)
        ("python-setuptools-scm" ,python-setuptools-scm)
        ;; Required for tests
-       ("tzdata" ,tzdata)
        ("python-freezegun" ,python-freezegun)
+       ("tzdata" ,tzdata)
+       ("vdirsyncer" ,vdirsyncer)
        ;; Required to build manpage
        ("python-sphinxcontrib-newsfeed" ,python-sphinxcontrib-newsfeed)
        ("python-sphinx" ,python-sphinx)))
@@ -131,8 +132,7 @@ data units.")
        ("python-icalendar" ,python-icalendar)
        ("python-tzlocal" ,python-tzlocal)
        ("python-urwid" ,python-urwid)
-       ("python-pyxdg" ,python-pyxdg)
-       ("vdirsyncer" ,vdirsyncer)))
+       ("python-pyxdg" ,python-pyxdg)))
     (synopsis "Console calendar program")
     (description "Khal is a standards based console calendar program,
 able to synchronize with CalDAV servers through vdirsyncer.")
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 2441de6631..31ffa54d87 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -74,7 +74,7 @@
 (define-public nss-certs
   (package
     (name "nss-certs")
-    (version "3.31")
+    (version "3.32")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -85,7 +85,7 @@
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "0pd643a8ns7q5az5ai3ascrw666i2kbfiyy1c9hlhw9jd8jn21g9"))))
+                "0dfkgvah0ji8b8lpxyy2w0b3lyz5ldmryii4z7j2bfwnrj0z7iim"))))
     (build-system gnu-build-system)
     (outputs '("out"))
     (native-inputs
@@ -155,13 +155,26 @@ taken from the NSS package and thus ultimately from the Mozilla project.")
          (let ((root (assoc-ref %build-inputs "isrgrootx1.pem"))
                (intermediate (assoc-ref %build-inputs "letsencryptauthorityx3.pem"))
                (backup (assoc-ref %build-inputs "letsencryptauthorityx4.pem"))
-               (out (string-append (assoc-ref %outputs "out") "/etc/ssl/certs")))
+               (out (string-append (assoc-ref %outputs "out") "/etc/ssl/certs"))
+               (openssl (assoc-ref %build-inputs "openssl"))
+               (perl (assoc-ref %build-inputs "perl")))
            (mkdir-p out)
            (for-each
              (lambda (cert)
                (copy-file cert (string-append out "/"
                                               (strip-store-file-name cert))))
-             (list root intermediate backup))))))
+             (list root intermediate backup))
+
+           ;; Create hash symlinks suitable for OpenSSL ('SSL_CERT_DIR' and
+           ;; similar.)
+           (chdir (string-append %output "/etc/ssl/certs"))
+           (unless (zero? (system* (string-append perl "/bin/perl")
+                                   (string-append openssl "/bin/c_rehash")
+                                   "."))
+             (error "'c_rehash' failed" openssl))))))
+    (native-inputs
+     `(("openssl" ,openssl)
+       ("perl" ,perl)))                           ;for 'c_rehash'
     (inputs
      `(; The Let's Encrypt root certificate, "ISRG Root X1".
        ("isrgrootx1.pem"
diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm
index 365cc5782e..801bbf73e9 100644
--- a/gnu/packages/check.scm
+++ b/gnu/packages/check.scm
@@ -156,7 +156,7 @@ multi-paradigm automated test framework for C++ and Objective-C.")
 (define-public cmocka
   (package
     (name "cmocka")
-    (version "1.1.0")
+    (version "1.1.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://cmocka.org/files/"
@@ -164,7 +164,7 @@ multi-paradigm automated test framework for C++ and Objective-C.")
                                   version ".tar.xz"))
               (sha256
                (base32
-                "0c0k8ax16fgh39nsva09q4jsh83g9nxihkwj9d5666763fzx6q79"))))
+                "1283zi9qf5613g8iadm1fxmjh4rzxqd5np2j3lcpgairf25g8bph"))))
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f)) ; No test target
@@ -180,13 +180,13 @@ format.")
 (define-public cppcheck
   (package
     (name "cppcheck")
-    (version "1.79")
+    (version "1.80")
     (source (origin
       (method url-fetch)
       (uri (string-append "https://github.com/danmar/cppcheck/archive/"
                           version ".tar.gz"))
       (sha256
-       (base32 "1qf7l0hx2k2qsc1rm3gh00bc0hwf9wqkrvrk08141yjj2js2y8lw"))
+       (base32 "007hs15i2pn49l6kycy49h3bj66qh6fxrp6yidj3776n32q3v1i0"))
       (file-name (string-append name "-" version ".tar.gz"))))
     (build-system cmake-build-system)
     (home-page "http://cppcheck.sourceforge.net")
@@ -212,6 +212,8 @@ normally do not detect.  The goal is to detect only real errors in the code
         (base32
          "1n5p1m2m3fjrjdj752lf92f9wq3pl5cbsfrb49jqbg52ghkz99jq"))))
     (build-system cmake-build-system)
+    (arguments
+     `(#:configure-flags '("-DBUILD_SHARED_LIBS=ON")))
     (native-inputs
      `(("python-2" ,python-2)))
     (home-page "https://github.com/google/googletest/")
diff --git a/gnu/packages/ci.scm b/gnu/packages/ci.scm
index e2cb712bf1..d936c8fa10 100644
--- a/gnu/packages/ci.scm
+++ b/gnu/packages/ci.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;; Copyright © 2016, 2017 Mathieu Lirzin <mthl@gnu.org>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -186,8 +187,8 @@ their dependencies.")
       (license l:gpl3+))))
 
 (define-public cuirass
-  (let ((commit "870e8d6ad3415ac61c52e57095fcc6164023a0fc")
-        (revision "6"))
+  (let ((commit "6f85bc04f31ae5853ceaa0bb3e1dedfe8412a189")
+        (revision "7"))
     (package
       (name "cuirass")
       (version (string-append "0.0.1-" revision "." (string-take commit 7)))
@@ -199,7 +200,7 @@ their dependencies.")
                 (file-name (string-append name "-" version))
                 (sha256
                  (base32
-                  "0lp5a5p42k7lml15lbmmd7az9i0gw5kips3sh3awd2z79h0w2knw"))))
+                  "1dglsa23z21m1s70420ar73qmg39fvdvwlz9xjz6lfp5s9mgzx15"))))
       (build-system gnu-build-system)
       (arguments
        '(#:modules ((guix build utils)
@@ -223,7 +224,8 @@ their dependencies.")
                (let* ((out    (assoc-ref outputs "out"))
                       (json   (assoc-ref inputs "guile-json"))
                       (sqlite (assoc-ref inputs "guile-sqlite3"))
-                      (git    (assoc-ref inputs "git"))
+                      (git    (assoc-ref inputs "guile-git"))
+                      (bytes  (assoc-ref inputs "guile-bytestructures"))
                       (guix   (assoc-ref inputs "guix"))
                       (guile  (assoc-ref %build-inputs "guile"))
                       (effective (read-line
@@ -232,15 +234,18 @@ their dependencies.")
                                               "-c" "(display (effective-version))")))
                       (mods   (string-append json "/share/guile/site/"
                                              effective ":"
+                                             git "/share/guile/site/"
+                                             effective ":"
+                                             bytes "/share/guile/site/"
+                                             effective ":"
                                              sqlite "/share/guile/site/"
                                              effective ":"
                                              guix "/share/guile/site/"
                                              effective)))
-                 ;; Make sure 'cuirass' can find the 'git' and 'evaluate'
-                 ;; commands, as well as the relevant Guile modules.
+                 ;; Make sure 'cuirass' can find the 'evaluate' command, as
+                 ;; well as the relevant Guile modules.
                  (wrap-program (string-append out "/bin/cuirass")
-                   `("PATH" ":" prefix (,(string-append out "/bin")
-                                        ,(string-append git "/bin")))
+                   `("PATH" ":" prefix (,(string-append out "/bin")))
                    `("GUILE_LOAD_PATH" ":" prefix (,mods))
                    `("GUILE_LOAD_COMPILED_PATH" ":" prefix (,mods)))
                  #t))))))
@@ -248,8 +253,11 @@ their dependencies.")
        `(("guile" ,guile-2.2)
          ("guile-json" ,guile-json)
          ("guile-sqlite3" ,guile-sqlite3)
-         ("guix" ,guix)
-         ("git" ,git)))
+         ("guile-git" ,guile-git)
+         ;; FIXME: this is propagated by "guile-git", but it needs to be among
+         ;; the inputs to add it to GUILE_LOAD_PATH.
+         ("guile-bytestructures" ,guile-bytestructures)
+         ("guix" ,guix)))
       (native-inputs
        `(("autoconf" ,autoconf)
          ("automake" ,automake)
diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index 6f25b7cd82..fa9e19db7d 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2017 Andy Wingo <wingo@igalia.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -189,6 +190,60 @@ effort, time, and money it would take to develop the software, using the
 COCOMO model or user-provided parameters.")
     (license license:gpl2+)))
 
+(define-public cloc
+  (package
+    (name "cloc")
+    (version "1.72")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://github.com/AlDanial/cloc/releases/download/v" version
+             "/cloc-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1gl7bxb4bi6pms0zzl133pzpfypvz57hk2cw7yf6rvs8b48kilnz"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("coreutils" ,coreutils)
+       ("perl" ,perl)
+       ("perl-algorithm-diff" ,perl-algorithm-diff)
+       ("perl-regexp-common" ,perl-regexp-common)
+       ("perl-digest-md5" ,perl-digest-md5)))
+    (arguments
+     `(#:phases (modify-phases %standard-phases
+                  (delete 'configure)
+                  (delete 'build)
+                  (replace 'install
+                    (lambda* (#:key inputs outputs #:allow-other-keys)
+                      (let* ((out (assoc-ref outputs "out")))
+                        (zero?
+                         (system* "make" "-C" "Unix"
+                                  (string-append "prefix=" out)
+                                  (string-append "INSTALL="
+                                                 (assoc-ref inputs "coreutils")
+                                                 "/bin/install")
+                                  "install")))))
+                  (add-after 'install 'wrap-program
+                    (lambda* (#:key inputs outputs #:allow-other-keys)
+                      (let ((out (assoc-ref outputs "out")))
+                        (wrap-program (string-append out "/bin/cloc")
+                          `("PERL5LIB" ":" =
+                            ,(string-split (getenv "PERL5LIB") #\:)))
+                        #t))))
+       #:out-of-source? #t
+       ;; Tests require some other packages.
+       #:tests? #f))
+    (home-page "https://github.com/AlDanial/cloc")
+    (synopsis "Count source lines of code (SLOC) and other source code metrics")
+    (description "cloc counts blank lines, comment lines, and physical lines
+of source code in many programming languages.  Given two versions of a code
+base, cloc can compute differences in blank, comment, and source lines.
+
+cloc contains code from David Wheeler's SLOCCount.  Compared to SLOCCount,
+cloc can handle a greater variety of programming langauges.")
+    (license license:gpl2+)))
+
 (define-public the-silver-searcher
   (package
     (name "the-silver-searcher")
diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm
index 54cf89bf47..2b67881ede 100644
--- a/gnu/packages/commencement.scm
+++ b/gnu/packages/commencement.scm
@@ -509,14 +509,7 @@ the bootstrap environment."
      (propagated-inputs `(("kernel-headers" ,(kernel-headers-boot0))))
      (native-inputs
       `(("texinfo" ,texinfo-boot0)
-        ("perl" ,perl-boot0)
-        ;; Apply this patch only on i686 to avoid a full rebuild.
-        ;; TODO: Remove in the next update cycle.
-        ,@(if (string-prefix? "i686" (or (%current-target-system)
-                                         (%current-system)))
-              `(("glibc-memchr-overflow-i686.patch"
-                 ,(search-patch "glibc-memchr-overflow-i686.patch")))
-              '())))
+        ("perl" ,perl-boot0)))
      (inputs
       `(;; The boot inputs.  That includes the bootstrap libc.  We don't want
         ;; it in $CPATH, hence the 'pre-configure' phase above.
@@ -806,13 +799,14 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
 
 (define bash-final
   ;; Link with `-static-libgcc' to make sure we don't retain a reference
-  ;; to the bootstrap GCC.
+  ;; to the bootstrap GCC.  Use "bash-minimal" to avoid an extra dependency
+  ;; on Readline and ncurses.
   (let ((bash (package
-                (inherit bash)
+                (inherit bash-minimal)
                 (arguments
                  `(#:disallowed-references
                    ,(assoc-ref %boot3-inputs "coreutils&co")
-                   ,@(package-arguments bash))))))
+                   ,@(package-arguments bash-minimal))))))
     (package-with-bootstrap-guile
      (package-with-explicit-inputs (static-libgcc-package bash)
                                    %boot3-inputs
@@ -828,7 +822,7 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
   ;; This package must be public because other modules refer to it.  However,
   ;; mark it as hidden so that 'fold-packages' ignores it.
   (package-with-bootstrap-guile
-   (package-with-explicit-inputs (hidden-package guile-2.0/fixed)
+   (package-with-explicit-inputs (hidden-package guile-2.2/fixed)
                                  %boot4-inputs
                                  (current-source-location)
                                  #:guile %bootstrap-guile)))
@@ -849,12 +843,10 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
 
 (define-public ld-wrapper
   ;; The final 'ld' wrapper, which uses the final Guile and Binutils.
-  (package (inherit ld-wrapper-boot3)
-    (name "ld-wrapper")
-    (inputs `(("guile" ,guile-final)
-              ("bash"  ,bash-final)
-              ,@(fold alist-delete (package-inputs ld-wrapper-boot3)
-                      '("guile" "bash"))))))
+  (make-ld-wrapper "ld-wrapper"
+                   #:binutils binutils-final
+                   #:guile guile-final
+                   #:bash bash-final))
 
 (define %boot5-inputs
   ;; Now with UTF-8 locales.  Remember that the bootstrap binaries were built
@@ -947,7 +939,7 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
 the implicit inputs of 'gnu-build-system', return that one, otherwise return
 PACKAGE.
 
-The goal is to avoid duplication in cases like GUILE-FINAL vs. GUILE-2.0,
+The goal is to avoid duplication in cases like GUILE-FINAL vs. GUILE-2.2,
 COREUTILS-FINAL vs. COREUTILS, etc."
       ;; XXX: This doesn't handle dependencies of the final inputs, such as
       ;; libunistring, GMP, etc.
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index f68bcc60f0..a543d17776 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -212,84 +212,78 @@ file; as a result, it is often used in conjunction with \"tar\", resulting in
    (home-page "https://www.gnu.org/software/gzip/")))
 
 (define-public bzip2
-  (let ((build-shared-lib
-         ;; Build a shared library.
-         '(lambda* (#:key inputs #:allow-other-keys)
-            (patch-makefile-SHELL "Makefile-libbz2_so")
-            (zero? (system* "make" "-f" "Makefile-libbz2_so"))))
-        (install-shared-lib
-         '(lambda* (#:key outputs #:allow-other-keys)
-            (let* ((out    (assoc-ref outputs "out"))
-                   (libdir (string-append out "/lib")))
-              (for-each (lambda (file)
-                          (let ((base (basename file)))
-                            (format #t "installing `~a' to `~a'~%"
-                                    base libdir)
-                            (copy-file file
-                                       (string-append libdir "/" base))))
-                        (find-files "." "^libbz2\\.so")))))
-        (set-cross-environment
-         '(lambda* (#:key target #:allow-other-keys)
-            (substitute* (find-files "." "Makefile")
-              (("CC=.*$")
-               (string-append "CC = " target "-gcc\n"))
-              (("AR=.*$")
-               (string-append "AR = " target "-ar\n"))
-              (("RANLIB=.*$")
-               (string-append "RANLIB = " target "-ranlib\n"))
-              (("^all:(.*)test" _ prerequisites)
-               ;; Remove 'all' -> 'test' dependency.
-               (string-append "all:" prerequisites "\n"))))))
-    (package
-      (name "bzip2")
-      (version "1.0.6")
-      (source (origin
-               (method url-fetch)
-               (uri (string-append "http://www.bzip.org/" version "/bzip2-"
-                                   version ".tar.gz"))
-               (sha256
-                (base32
-                 "1kfrc7f0ja9fdn6j1y6yir6li818npy6217hvr3wzmnmzhs8z152"))))
-      (build-system gnu-build-system)
-      (arguments
-       `(#:modules ((guix build gnu-build-system)
-                    (guix build utils)
-                    (srfi srfi-1))
-         #:phases
-         ,(if (%current-target-system)
-
-              ;; Cross-compilation: use the cross tools.
-              `(alist-cons-before
-                'build 'build-shared-lib ,build-shared-lib
-                (alist-cons-after
-                 'install 'install-shared-lib ,install-shared-lib
-                 (alist-replace 'configure ,set-cross-environment
-                                %standard-phases)))
-
-              ;; Native compilation: build the shared library.
-              `(alist-cons-before
-                'build 'build-shared-lib ,build-shared-lib
-                (alist-cons-after
-                 'install 'install-shared-lib ,install-shared-lib
-                 (alist-delete 'configure %standard-phases))))
+  (package
+    (name "bzip2")
+    (version "1.0.6")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://www.bzip.org/" version "/bzip2-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "1kfrc7f0ja9fdn6j1y6yir6li818npy6217hvr3wzmnmzhs8z152"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (srfi srfi-1))
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda* (#:key target #:allow-other-keys)
+             (if ,(%current-target-system)
+                 ;; Cross-compilation: use the cross tools.
+                 (substitute* (find-files "." "Makefile")
+                   (("CC=.*$")
+                    (string-append "CC = " target "-gcc\n"))
+                   (("AR=.*$")
+                    (string-append "AR = " target "-ar\n"))
+                   (("RANLIB=.*$")
+                    (string-append "RANLIB = " target "-ranlib\n"))
+                   (("^all:(.*)test" _ prerequisites)
+                    ;; Remove 'all' -> 'test' dependency.
+                    (string-append "all:" prerequisites "\n")))
+                 #t)))
+         (add-before 'build 'build-shared-lib
+           (lambda* (#:key inputs #:allow-other-keys)
+             (patch-makefile-SHELL "Makefile-libbz2_so")
+             (zero? (system* "make" "-f" "Makefile-libbz2_so"))))
+         (add-after 'install 'install-shared-lib
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out    (assoc-ref outputs "out"))
+                    (libdir (string-append out "/lib")))
+               (for-each (lambda (file)
+                           (let ((base (basename file)))
+                             (format #t "installing `~a' to `~a'~%"
+                                     base libdir)
+                             (copy-file file
+                                        (string-append libdir "/" base))))
+                         (find-files "." "^libbz2\\.so")))
+             #t))
+         (add-after 'install-shared-lib 'patch-scripts
+           (lambda* (#:key outputs inputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out")))
+               (substitute* (string-append out "/bin/bzdiff")
+                 (("/bin/rm") "rm")))
+             #t)))
 
-         #:make-flags (list (string-append "PREFIX="
-                                           (assoc-ref %outputs "out")))
+       #:make-flags (list (string-append "PREFIX="
+                                         (assoc-ref %outputs "out")))
 
-         ;; Don't attempt to run the tests when cross-compiling.
-         ,@(if (%current-target-system)
-               '(#:tests? #f)
-               '())))
-      (synopsis "High-quality data compression program")
-      (description
-       "bzip2 is a freely available, patent free (see below), high-quality data
+       ;; Don't attempt to run the tests when cross-compiling.
+       ,@(if (%current-target-system)
+             '(#:tests? #f)
+             '())))
+    (synopsis "High-quality data compression program")
+    (description
+     "bzip2 is a freely available, patent free (see below), high-quality data
 compressor.  It typically compresses files to within 10% to 15% of the best
 available techniques (the PPM family of statistical compressors), whilst
 being around twice as fast at compression and six times faster at
 decompression.")
-      (license (license:non-copyleft "file://LICENSE"
-                                  "See LICENSE in the distribution."))
-      (home-page "http://www.bzip.org/"))))
+    (license (license:non-copyleft "file://LICENSE"
+                                   "See LICENSE in the distribution."))
+    (home-page "http://www.bzip.org/")))
 
 (define-public lbzip2
   (package
@@ -480,6 +474,36 @@ more than bzip2, which makes it well-suited for software distribution and data
 archiving.  Lzip is a clean implementation of the LZMA algorithm.")
     (license license:gpl3+)))
 
+(define-public lziprecover
+  (package
+    (name "lziprecover")
+    (version "1.19")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://savannah/lzip/" name "/"
+                                  name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0z5fbkm0qprypjf7kxkqganniibj0zml13zvfkrchnjafcmmzyld"))))
+    (build-system gnu-build-system)
+    (home-page "http://www.nongnu.org/lzip/lziprecover.html")
+    (synopsis "Recover and decompress data from damaged lzip files")
+    (description
+     "Lziprecover is a data recovery tool and decompressor for files in the lzip
+compressed data format (.lz).  It can test the integrity of lzip files, extract
+data from damaged ones, and repair most files with small errors (up to one
+single-byte error per member) entirely.
+
+Lziprecover is not a replacement for regular backups, but a last line of defence
+when even the backups are corrupt.  It can recover files by merging the good
+parts of two or more damaged copies, such as can be easily produced by running
+@command{ddrescue} on a failing device.
+
+This package also includes @command{unzcrash}, a tool to test the robustness of
+decompressors when faced with corrupted input.")
+    (license (list license:bsd-2        ; arg_parser.{cc,h}
+                   license:gpl2+))))    ; everything else
+
 (define-public sharutils
   (package
     (name "sharutils")
@@ -582,14 +606,14 @@ sfArk file format to the uncompressed sf2 format.")
 (define-public libmspack
   (package
     (name "libmspack")
-    (version "0.5")
+    (version "0.6")
     (source
      (origin
       (method url-fetch)
       (uri (string-append "http://www.cabextract.org.uk/libmspack/libmspack-"
                           version "alpha.tar.gz"))
       (sha256
-       (base32 "04413hynb7zizxnkgy9riik3612dwirkpr6fcjrnfl2za9sz4rw9"))))
+       (base32 "08gr2pcinas6bdqz3k0286g5cnksmcx813skmdwyca6bmj1fxnqy"))))
     (build-system gnu-build-system)
     (home-page "http://www.cabextract.org.uk/libmspack/")
     (synopsis "Compression tools for some formats used by Microsoft")
@@ -678,16 +702,15 @@ writing of compressed data created with the zlib and bzip2 libraries.")
 (define-public lz4
   (package
     (name "lz4")
-    (version "1.7.5")
+    (version "1.8.0")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://github.com/lz4/lz4/archive/"
                            "v" version ".tar.gz"))
-       (patches (search-patches "lz4-fix-test-failures.patch"))
        (sha256
         (base32
-         "0zkykqqjfa1q3ji0qmb1ml3l9063qqfh99agyj3cnb02cg6wm401"))
+         "1xnckwwah74gl98gylf1b00vk4km1d8sgd8865h07ccvgbm8591c"))
        (file-name (string-append name "-" version ".tar.gz"))))
     (build-system gnu-build-system)
     (native-inputs `(("valgrind" ,valgrind)))   ; for tests
@@ -698,33 +721,34 @@ writing of compressed data created with the zlib and bzip2 libraries.")
                           (string-append "PREFIX=" (assoc-ref %outputs "out")))
        #:phases (modify-phases %standard-phases
                   (delete 'configure))))        ; no configure script
-    (home-page "https://github.com/lz4/lz4")
+    (home-page "http://www.lz4.org")
     (synopsis "Compression algorithm focused on speed")
     (description "LZ4 is a lossless compression algorithm, providing
 compression speed at 400 MB/s per core (0.16 Bytes/cycle).  It also features an
 extremely fast decoder, with speed in multiple GB/s per core (0.71 Bytes/cycle).
 A high compression derivative, called LZ4_HC, is also provided.  It trades CPU
 time for compression ratio.")
-    ;; The libraries (lz4, lz4hc, and xxhash are BSD licenced. The command
+    ;; The libraries (lz4, lz4hc, and xxhash) are BSD licenced. The command
     ;; line interface programs (lz4, fullbench, fuzzer, datagen) are GPL2+.
     (license (list license:bsd-2 license:gpl2+))))
 
 (define-public python-lz4
   (package
     (name "python-lz4")
-    (version "0.8.2")
+    (version "0.10.1")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "lz4" version))
        (sha256
         (base32
-         "1irad4sq4hdr30fr53smvv3zzk4rddcf9b4jx19w8s9xsxhr1x3b"))))
+         "0ghv1xbaq693kgww1x9c22bplz479ls9szjsaa4ig778ls834hm0"))))
     (build-system python-build-system)
     (native-inputs
-     `(("python-nose" ,python-nose)))
+     `(("python-nose" ,python-nose)
+       ("python-setuptools-scm" ,python-setuptools-scm)))
     (home-page "https://github.com/python-lz4/python-lz4")
-    (synopsis "LZ4 Bindings for Python")
+    (synopsis "LZ4 bindings for Python")
     (description
      "This package provides python bindings for the lz4 compression library
 by Yann Collet.  The project contains bindings for the LZ4 block format and
@@ -1257,7 +1281,7 @@ RAR archives.")
 (define-public zstd
   (package
     (name "zstd")
-    (version "1.3.0")
+    (version "1.3.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/facebook/zstd/archive/v"
@@ -1265,7 +1289,7 @@ RAR archives.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0j5kf0phx4w4b5x7aqwc10lxi9ix7rxhxk0df37cpdrqni1sdnqg"))
+                "1imddqjhczira626nf3nqmjwj3wb37xcfcwgkjydv2k6fpfbjbri"))
               (modules '((guix build utils)))
               (snippet
                ;; Remove non-free source files.
diff --git a/gnu/packages/connman.scm b/gnu/packages/connman.scm
index 8f567fa61b..a2a5556fb8 100644
--- a/gnu/packages/connman.scm
+++ b/gnu/packages/connman.scm
@@ -42,7 +42,7 @@
 (define-public connman
   (package
     (name "connman")
-    (version "1.34")
+    (version "1.35")
     (source
       (origin
         (method url-fetch)
@@ -50,7 +50,7 @@
                             name "-" version ".tar.xz"))
     (sha256
      (base32
-      "07n71wcy1c4cc01ca4dl9k1jpdqr5nsyr33dqf7k87wwfa681859"))))
+      "1apj5j25kj7v1bsfv3nh54aiq873nfrsjfbj85p5qm3ihfwxxmv6"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm
new file mode 100644
index 0000000000..bb7576352f
--- /dev/null
+++ b/gnu/packages/cran.scm
@@ -0,0 +1,930 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages cran)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix utils)
+  #:use-module (guix build-system r)
+  #:use-module (gnu packages gcc)
+  #:use-module (gnu packages maths)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages statistics)
+  #:use-module (gnu packages web))
+
+(define-public r-colorspace
+  (package
+    (name "r-colorspace")
+    (version "1.3-2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "colorspace" version))
+       (sha256
+        (base32 "0d1ya7hx4y58n5ivwmdmq2zgh0g2sbv7ykh13n85c1355csd57yx"))))
+    (build-system r-build-system)
+    (home-page "http://cran.r-project.org/web/packages/colorspace")
+    (synopsis "Color space manipulation")
+    (description
+     "This package carries out a mapping between assorted color spaces
+including RGB, HSV, HLS, CIEXYZ, CIELUV, HCL (polar CIELUV), CIELAB and polar
+CIELAB.  Qualitative, sequential, and diverging color palettes based on HCL
+colors are provided.")
+    (license license:bsd-3)))
+
+(define-public r-glue
+  (package
+    (name "r-glue")
+    (version "1.1.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "glue" version))
+       (sha256
+        (base32
+         "01awmqby7rwzhzr51m7d87wqibx7ggl6xair8fi3z3q1hkyyv7ih"))))
+    (build-system r-build-system)
+    (home-page "https://github.com/tidyverse/glue")
+    (synopsis "Interpreted string literals")
+    (description
+     "This package provides an implementation of interpreted string literals,
+inspired by Python's Literal String Interpolation (PEP-0498) and
+Docstrings (PEP-0257) and Julia's Triple-Quoted String Literals.")
+    (license license:expat)))
+
+(define-public r-plogr
+  (package
+    (name "r-plogr")
+    (version "0.1-1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "plogr" version))
+       (sha256
+        (base32
+         "13zliqlbkl8b04k9ga0sx5jsh7k867gracgl84l2a9kcqy9mqx92"))))
+    (build-system r-build-system)
+    (home-page "https://github.com/krlmlr/plogr")
+    (synopsis "R bindings for the plog C++ logging library")
+    (description
+     "This package provides the header files for a stripped-down version of
+the plog header-only C++ logging library, and a method to log to R's standard
+error stream.")
+    (license license:expat)))
+
+(define-public r-rcpp
+  (package
+    (name "r-rcpp")
+    (version "0.12.12")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "Rcpp" version))
+       (sha256
+        (base32 "1byyqvlgb2p46p1gv243k73rk69fa8pa4l5m5asmckag2pkb2glz"))))
+    (build-system r-build-system)
+    (home-page "http://www.rcpp.org")
+    (synopsis "Seamless R and C++ integration")
+    (description
+     "The Rcpp package provides R functions as well as C++ classes which offer
+a seamless integration of R and C++.  Many R data types and objects can be
+mapped back and forth to C++ equivalents which facilitates both writing of new
+code as well as easier integration of third-party libraries.  Documentation
+about Rcpp is provided by several vignettes included in this package, via the
+'Rcpp Gallery' site at <http://gallery.rcpp.org>, the paper by Eddelbuettel
+and Francois (2011, JSS), and the book by Eddelbuettel (2013, Springer); see
+'citation(\"Rcpp\")' for details on these last two.")
+    (license license:gpl2+)))
+
+(define-public r-bindr
+  (package
+    (name "r-bindr")
+    (version "0.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "bindr" version))
+       (sha256
+        (base32
+         "0d95ifm0x4mrfzi20xf39f5pzd7rfzqsld0vjqf6xzga5rhnd8fc"))))
+    (build-system r-build-system)
+    (home-page "https://github.com/krlmlr/bindr")
+    (synopsis "Parametrized active bindings")
+    (description
+     "This package provides a simple interface for creating active bindings
+where the bound function accepts additional arguments.")
+    (license license:expat)))
+
+(define-public r-bindrcpp
+  (package
+    (name "r-bindrcpp")
+    (version "0.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "bindrcpp" version))
+       (sha256
+        (base32
+         "0l1l22zl87wiyl79m3gj2vlxmkhxvrkl4alhyy08h55q7hqs3vyh"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-bindr" ,r-bindr)
+       ("r-plogr" ,r-plogr)
+       ("r-rcpp" ,r-rcpp)))
+    (home-page "https://github.com/krlmlr/bindrcpp")
+    (synopsis "Rcpp interface to active bindings")
+    (description
+     "This package provides an easy way to fill an environment with active
+bindings that call a C++ function.")
+    (license license:expat)))
+
+(define-public r-auc
+  (package
+    (name "r-auc")
+    (version "0.3.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "AUC" version))
+       (sha256
+        (base32
+         "0ripcib2qz0m7rgr1kiz68nx8f6p408l1ww7j78ljqik7p3g41g7"))))
+    (properties `((upstream-name . "AUC")))
+    (build-system r-build-system)
+    (home-page "http://cran.r-project.org/web/packages/AUC")
+    (synopsis "Compute the area under the curve of selected measures")
+    (description
+     "This package includes functions to compute the area under the curve of
+selected measures: the area under the sensitivity curve (AUSEC), the area
+under the specificity curve (AUSPC), the area under the accuracy
+curve (AUACC), and the area under the receiver operating characteristic
+curve (AUROC).  The curves can also be visualized.  Support for partial areas
+is provided.")
+    (license license:gpl2+)))
+
+(define-public r-calibrate
+  (package
+    (name "r-calibrate")
+    (version "1.7.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "calibrate" version))
+       (sha256
+        (base32
+         "010nb1nb9y7zhw2k6d2i2drwy5brp7b83mjj2w7i3wjp9xb6l1kq"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-mass" ,r-mass)))
+    (home-page "http://cran.r-project.org/web/packages/calibrate")
+    (synopsis "Calibration of scatterplot and biplot axes")
+    (description
+     "This is a package for drawing calibrated scales with tick marks
+on (non-orthogonal) variable vectors in scatterplots and biplots.")
+    (license license:gpl2)))
+
+(define-public r-shape
+  (package
+    (name "r-shape")
+    (version "1.4.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "shape" version))
+       (sha256
+        (base32
+         "0yk3cmsa57svcvbnm21pyr0s0qbhnllka8nmsg4yb41frjlqph66"))))
+    (build-system r-build-system)
+    (home-page "http://cran.r-project.org/web/packages/shape")
+    (synopsis "Functions for plotting graphical shapes")
+    (description
+     "This package provides functions for plotting graphical shapes such as
+ellipses, circles, cylinders, arrows, ...")
+    (license license:gpl3+)))
+
+(define-public r-globaloptions
+  (package
+    (name "r-globaloptions")
+    (version "0.0.12")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "GlobalOptions" version))
+       (sha256
+        (base32
+         "1abpc03cfvazbwj2sx6qgngs5pgpzysvxkana20hyvb4n7ws77f0"))))
+    (properties `((upstream-name . "GlobalOptions")))
+    (build-system r-build-system)
+    (home-page "https://github.com/jokergoo/GlobalOptions")
+    (synopsis "Generate functions to get or set global options")
+    (description
+     "This package provides more controls on the option values such as
+validation and filtering on the values, making options invisible or private.")
+    (license license:gpl2+)))
+
+(define-public r-circlize
+  (package
+    (name "r-circlize")
+    (version "0.4.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "circlize" version))
+       (sha256
+        (base32
+         "0p1zx1aawkblz48kzzfn5w1k3lbwv9wrk1k5gcfjrr2b4sz1pp5b"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-colorspace" ,r-colorspace)
+       ("r-globaloptions" ,r-globaloptions)
+       ("r-shape" ,r-shape)))
+    (home-page "https://github.com/jokergoo/circlize")
+    (synopsis "Circular visualization")
+    (description
+     "Circular layout is an efficient way for the visualization of huge
+amounts of information.  This package provides an implementation of circular
+layout generation in R as well as an enhancement of available software.  The
+flexibility of the package is based on the usage of low-level graphics
+functions such that self-defined high-level graphics can be easily implemented
+by users for specific purposes.  Together with the seamless connection between
+the powerful computational and visual environment in R, it gives users more
+convenience and freedom to design figures for better understanding complex
+patterns behind multiple dimensional data.")
+    (license license:gpl2+)))
+
+(define-public r-powerlaw
+  (package
+    (name "r-powerlaw")
+    (version "0.70.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "poweRlaw" version))
+       (sha256
+        (base32
+         "1p2la3hslxq2xa8jkwvci6zcpn47cvyr9xqd5agp1riwwp2xw5gh"))))
+    (properties `((upstream-name . "poweRlaw")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-vgam" ,r-vgam)))
+    (home-page "https://github.com/csgillespie/poweRlaw")
+    (synopsis "Tools for the analysis of heavy tailed distributions")
+    (description
+     "This package provides an implementation of maximum likelihood estimators
+for a variety of heavy tailed distributions, including both the discrete and
+continuous power law distributions.  Additionally, a goodness-of-fit based
+approach is used to estimate the lower cut-off for the scaling region.")
+    ;; Any of these GPL versions.
+    (license (list license:gpl2 license:gpl3))))
+
+(define-public r-compare
+  (package
+    (name "r-compare")
+    (version "0.2-6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "compare" version))
+       (sha256
+        (base32
+         "0k9zms930b5dz9gy8414li21wy0zg9x9vp7301v5cvyfi0g7xzgw"))))
+    (build-system r-build-system)
+    (home-page "http://cran.r-project.org/web/packages/compare")
+    (synopsis "Comparing objects for differences")
+    (description
+     "This package provides functions to compare a model object to a
+comparison object.  If the objects are not identical, the functions can be
+instructed to explore various modifications of the objects (e.g., sorting
+rows, dropping names) to see if the modified versions are identical.")
+    (license license:gpl2+)))
+
+(define-public r-dendextend
+  (package
+    (name "r-dendextend")
+    (version "1.5.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "dendextend" version))
+       (sha256
+        (base32
+         "04jz58apibfrkjcrdmw2hmsav6qpb5cs6qdai81k1v1iznfcya42"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-fpc" ,r-fpc)
+       ("r-ggplot2" ,r-ggplot2)
+       ("r-magrittr" ,r-magrittr)
+       ("r-viridis" ,r-viridis)
+       ("r-whisker" ,r-whisker)))
+    (home-page "https://cran.r-project.org/web/packages/dendextend")
+    (synopsis "Extending 'dendrogram' functionality in R")
+    (description
+     "This package offers a set of functions for extending @code{dendrogram}
+objects in R, letting you visualize and compare trees of hierarchical
+clusterings.  You can adjust a tree's graphical parameters (the color, size,
+type, etc of its branches, nodes and labels) and visually and statistically
+compare different dendrograms to one another.")
+    ;; Any of these versions
+    (license (list license:gpl2 license:gpl3))))
+
+(define-public r-getoptlong
+  (package
+    (name "r-getoptlong")
+    (version "0.1.6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "GetoptLong" version))
+       (sha256
+        (base32
+         "1d98gcvlvp9nz5lbnzr0kkpc2hbkx74hlhrnybqhg1gdwc3g09pm"))))
+    (properties `((upstream-name . "GetoptLong")))
+    (build-system r-build-system)
+    (inputs
+     `(("perl" ,perl)))
+    (propagated-inputs
+     `(("r-globaloptions" ,r-globaloptions)
+       ("r-rjson" ,r-rjson)))
+    (home-page "https://github.com/jokergoo/GetoptLong")
+    (synopsis "Parsing command-line arguments and variable interpolation")
+    (description
+     "This is yet another command-line argument parser which wraps the
+powerful Perl module @code{Getopt::Long} and with some adaptation for easier
+use in R.  It also provides a simple way for variable interpolation in R.")
+    (license license:gpl2+)))
+
+(define-public r-fastmatch
+  (package
+    (name "r-fastmatch")
+    (version "1.1-0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "fastmatch" version))
+       (sha256
+        (base32
+         "0z80jxkygmzn11sq0c2iz357s9bpki548lg926g85gldhfj1md90"))))
+    (build-system r-build-system)
+    (home-page "http://www.rforge.net/fastmatch")
+    (synopsis "Fast match function")
+    (description
+     "This package provides a fast @code{match} replacement for cases that
+require repeated look-ups.  It is slightly faster that R's built-in
+@code{match} function on first match against a table, but extremely fast on
+any subsequent lookup as it keeps the hash table in memory.")
+    (license license:gpl2)))
+
+(define-public r-ff
+  (package
+    (name "r-ff")
+    (version "2.2-13")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "ff" version))
+       (sha256
+        (base32
+         "1nvd6kx46xzyc99a44mgynd94pvd2h495m5a7b1g67k5w2phiywb"))))
+    (build-system r-build-system)
+    (propagated-inputs `(("r-bit" ,r-bit)))
+    (home-page "http://ff.r-forge.r-project.org/")
+    (synopsis "Memory-efficient storage of large data on disk and access functions")
+    (description
+     "This package provides data structures that are stored on disk but
+behave (almost) as if they were in RAM by transparently mapping only a section
+in main memory.")
+    (license license:gpl2)))
+
+(define-public r-ffbase
+  (package
+    (name "r-ffbase")
+    (version "0.12.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "ffbase" version))
+       (sha256
+        (base32
+         "1nz97bndxxkzp8rq6va8ff5ky9vkaib1jybm6j852awwb3n9had5"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-bit" ,r-bit)
+       ("r-fastmatch" ,r-fastmatch)
+       ("r-ff" ,r-ff)))
+    (home-page "http://github.com/edwindj/ffbase")
+    (synopsis "Basic statistical functions for package 'ff'")
+    (description
+     "This package extends the out of memory vectors of @code{ff} with
+statistical functions and other utilities to ease their usage.")
+    (license license:gpl3)))
+
+(define-public r-prettyunits
+  (package
+    (name "r-prettyunits")
+    (version "1.0.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "prettyunits" version))
+       (sha256
+        (base32
+         "0p3z42hnk53x7ky4d1dr2brf7p8gv3agxr71i99m01n2hq2ri91m"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-assertthat" ,r-assertthat)
+       ("r-magrittr" ,r-magrittr)))
+    (home-page "https://github.com/gaborcsardi/prettyunits")
+    (synopsis "Pretty, human readable formatting of quantities")
+    (description
+     "This package provides tools for pretty, human readable formatting of
+quantities.")
+    (license license:expat)))
+
+(define-public r-reshape
+  (package
+    (name "r-reshape")
+    (version "0.8.6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "reshape" version))
+       (sha256
+        (base32
+         "1f1ngalc22knhdm9djv1m6abnjqpv1frdzxfkpakhph2l67bk7fq"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-plyr" ,r-plyr)
+       ("r-rcpp" ,r-rcpp)))
+    (home-page "http://had.co.nz/reshape")
+    (synopsis "Flexibly reshape data")
+    (description
+     "Flexibly restructure and aggregate data using just two functions:
+@code{melt} and @code{cast}.  This package provides them.")
+    (license license:expat)))
+
+(define-public r-progress
+  (package
+    (name "r-progress")
+    (version "1.1.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "progress" version))
+       (sha256
+        (base32
+         "1fxakchfjr5vj59s9sxynd7crpz97xj42438rmkhkf3rjpyspx59"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-prettyunits" ,r-prettyunits)
+       ("r-r6" ,r-r6)))
+    (home-page "https://github.com/gaborcsardi/progress")
+    (synopsis "Terminal progress bars")
+    (description
+     "This package provides configurable progress bars.  They may include
+percentage, elapsed time, and/or the estimated completion time.  They work in
+terminals, in Emacs ESS, RStudio, Windows Rgui, and the macOS R.app.  The
+package also provides a C++ API, that works with or without Rcpp.")
+    (license license:expat)))
+
+(define-public r-ggally
+  (package
+    (name "r-ggally")
+    (version "1.3.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "GGally" version))
+       (sha256
+        (base32
+         "12ddab0nd0f9c7bb6cx3c22mliyvc8xsxv26aqz3cvfbla8crp3b"))))
+    (properties `((upstream-name . "GGally")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-ggplot2" ,r-ggplot2)
+       ("r-gtable" ,r-gtable)
+       ("r-plyr" ,r-plyr)
+       ("r-progress" ,r-progress)
+       ("r-rcolorbrewer" ,r-rcolorbrewer)
+       ("r-reshape" ,r-reshape)))
+    (home-page "https://ggobi.github.io/ggally")
+    (synopsis "Extension to ggplot2")
+    (description
+     "The R package ggplot2 is a plotting system based on the grammar of
+graphics.  GGally extends ggplot2 by adding several functions to reduce the
+complexity of combining geometric objects with transformed data.  Some of
+these functions include a pairwise plot matrix, a two group pairwise plot
+matrix, a parallel coordinates plot, a survival plot, and several functions to
+plot networks.")
+    (license license:gpl2+)))
+
+(define-public r-proxy
+  (package
+    (name "r-proxy")
+    (version "0.4-17")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "proxy" version))
+       (sha256
+        (base32
+         "0bg1fn96qrj8whmnl7c3gv244ksm2ykxxsd0zrmw4lb6465pizl2"))))
+    (build-system r-build-system)
+    (home-page "http://cran.r-project.org/web/packages/proxy")
+    (synopsis "Distance and similarity measures")
+    (description
+     "This package provides an extensible framework for the efficient
+calculation of auto- and cross-proximities, along with implementations of the
+most popular ones.")
+    (license license:gpl2)))
+
+(define-public r-sp
+  (package
+    (name "r-sp")
+    (version "1.2-4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "sp" version))
+       (sha256
+        (base32
+         "0crba3j00mb2xv2yk60rpa57gn97xq4ql3a6p9cjzqjxzv2cknk2"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-lattice" ,r-lattice)))
+    (home-page "http://cran.r-project.org/web/packages/sp")
+    (synopsis "Classes and methods for spatial data")
+    (description
+     "This package provides classes and methods for spatial data; the classes
+document where the spatial location information resides, for 2D or 3D data.
+Utility functions are provided, e.g. for plotting data as maps, spatial
+selection, as well as methods for retrieving coordinates, for subsetting,
+print, summary, etc.")
+    (license license:gpl2+)))
+
+(define-public r-rmtstat
+  (package
+    (name "r-rmtstat")
+    (version "0.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "RMTstat" version))
+       (sha256
+        (base32
+         "1nn25q4kmh9kj975sxkrpa97vh5irqrlqhwsfinbck6h6ia4rsw1"))))
+    (properties `((upstream-name . "RMTstat")))
+    (build-system r-build-system)
+    (home-page "http://cran.r-project.org/web/packages/RMTstat")
+    (synopsis "Distributions, statistics and tests derived from random matrix theory")
+    (description
+     "This package provides functions for working with the Tracy-Widom laws
+and other distributions related to the eigenvalues of large Wishart
+matrices.")
+    (license license:bsd-3)))
+
+(define-public r-lmoments
+  (package
+    (name "r-lmoments")
+    (version "1.2-3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "Lmoments" version))
+       (sha256
+        (base32
+         "13p0r4w16jvjnyjmkhkp3dwdfr1gap2l0k4k5jy41m8nc5fvcx79"))))
+    (properties `((upstream-name . "Lmoments")))
+    (build-system r-build-system)
+    (home-page "http://www.tilastotiede.fi/juha_karvanen.html")
+    (synopsis "L-moments and quantile mixtures")
+    (description
+     "This package contains functions to estimate L-moments and trimmed
+L-moments from the data.  It also contains functions to estimate the
+parameters of the normal polynomial quantile mixture and the Cauchy polynomial
+quantile mixture from L-moments and trimmed L-moments.")
+    (license license:gpl2)))
+
+(define-public r-distillery
+  (package
+    (name "r-distillery")
+    (version "1.0-2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "distillery" version))
+       (sha256
+        (base32
+         "12m4cacvc18fd3aayc8iih5q6bwsmvf29b55fwp7vs8wp1h8nd8c"))))
+    (build-system r-build-system)
+    (home-page "http://www.ral.ucar.edu/staff/ericg")
+    (synopsis "Functions for confidence intervals and object information")
+    (description
+     "This package provides some very simple method functions for confidence
+interval calculation and to distill pertinent information from a potentially
+complex object; primarily used in common with the packages extRemes and
+SpatialVx.")
+    (license license:gpl2+)))
+
+(define-public r-extremes
+  (package
+    (name "r-extremes")
+    (version "2.0-8")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "extRemes" version))
+       (sha256
+        (base32
+         "0pnpib3g2r9x8hfqhvq23j8m3jh62lp28ipnqir5yadnzv850gfm"))))
+    (properties `((upstream-name . "extRemes")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-car" ,r-car)
+       ("r-distillery" ,r-distillery)
+       ("r-lmoments" ,r-lmoments)))
+    (home-page "http://www.assessment.ucar.edu/toolkit/")
+    (synopsis "Extreme value analysis")
+    (description
+     "ExtRemes is a suite of functions for carrying out analyses on the
+extreme values of a process of interest; be they block maxima over long blocks
+or excesses over a high threshold.")
+    (license license:gpl2+)))
+
+(define-public r-lmtest
+  (package
+    (name "r-lmtest")
+    (version "0.9-35")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "lmtest" version))
+       (sha256
+        (base32
+         "107br1l7p52wxvazs031f4h5ryply97qywg9dzrkw4ydnvqq4j9g"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-zoo" ,r-zoo)))
+    (native-inputs
+     `(("gfortran" ,gfortran)))
+    (home-page "http://cran.r-project.org/web/packages/lmtest")
+    (synopsis "Testing linear regression models")
+    (description
+     "This package provides a collection of tests, data sets, and examples for
+diagnostic checking in linear regression models.  Furthermore, some generic
+tools for inference in parametric models are provided.")
+    ;; Either version is okay
+    (license (list license:gpl2 license:gpl3))))
+
+(define-public r-inline
+  (package
+    (name "r-inline")
+    (version "0.3.14")
+    (source (origin
+              (method url-fetch)
+              (uri (cran-uri "inline" version))
+              (sha256
+               (base32
+                "0cf9vya9h4znwgp6s1nayqqmh6mwyw7jl0isk1nx4j2ijszxcd7x"))))
+    (build-system r-build-system)
+    (home-page "http://cran.r-project.org/web/packages/inline")
+    (synopsis "Functions to inline C, C++, Fortran function calls from R")
+    (description
+     "This package provides functionality to dynamically define R functions
+and S4 methods with inlined C, C++ or Fortran code supporting @code{.C} and
+@code{.Call} calling conventions.")
+    ;; Any version of the LGPL.
+    (license license:lgpl3+)))
+
+(define-public r-bbmle
+  (package
+    (name "r-bbmle")
+    (version "1.0.19")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "bbmle" version))
+       (sha256
+        (base32
+         "014h6mw16gv4acs2p78dy7lla7s428n633aybsb1mbi6250dg0p8"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-lattice" ,r-lattice)
+       ("r-mass" ,r-mass)
+       ("r-numderiv" ,r-numderiv)))
+    (home-page "http://cran.r-project.org/web/packages/bbmle")
+    (synopsis "Tools for General Maximum Likelihood Estimation")
+    (description
+     "Methods and functions for fitting maximum likelihood models in R.  This
+package modifies and extends the @code{mle} classes in the @code{stats4}
+package.")
+    ;; Any version of the GPL
+    (license (list license:gpl2 license:gpl3))))
+
+(define-public r-emdbook
+  (package
+    (name "r-emdbook")
+    (version "1.3.9")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "emdbook" version))
+       (sha256
+        (base32
+         "09xbdyw8a4pvrsg3ryr8drby0njy4avc5wsjj4ffibdaicpchy69"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-bbmle" ,r-bbmle)
+       ("r-coda" ,r-coda)
+       ("r-lattice" ,r-lattice)
+       ("r-mass" ,r-mass)
+       ("r-plyr" ,r-plyr)
+       ("r-rcpp" ,r-rcpp)))
+    (home-page "http://www.math.mcmaster.ca/bolker/emdbook")
+    (synopsis "Support functions and data for \"Ecological Models and Data\"")
+    (description
+     "This package provides auxiliary functions and data sets for \"Ecological
+Models and Data\", a book presenting maximum likelihood estimation and related
+topics for ecologists (ISBN 978-0-691-12522-0).")
+    ;; Any GPL version
+    (license (list license:gpl2 license:gpl3))))
+
+(define-public r-lpsolve
+  (package
+    (name "r-lpsolve")
+    (version "5.6.13")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "lpSolve" version))
+       (sha256
+        (base32
+         "13a9ry8xf5j1f2j6imqrxdgxqz3nqp9sj9b4ivyx9sid459irm6m"))))
+    (properties `((upstream-name . "lpSolve")))
+    (build-system r-build-system)
+    (home-page "http://cran.r-project.org/web/packages/lpSolve")
+    (synopsis "R interface to Lp_solve to solve linear/integer programs")
+    (description
+     "Lp_solve is software for solving linear, integer and mixed integer
+programs.  This implementation supplies a \"wrapper\" function in C and some R
+functions that solve general linear/integer problems, assignment problems, and
+transportation problems.")
+    (license license:lgpl2.0)))
+
+(define-public r-limsolve
+  (package
+    (name "r-limsolve")
+    (version "1.5.5.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "limSolve" version))
+       (sha256
+        (base32
+         "1ll6ir42h3g2fzf0wqai213bm82gpwjj2hfma2np3mz024sc09rg"))))
+    (properties `((upstream-name . "limSolve")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-lpsolve" ,r-lpsolve)
+       ("r-mass" ,r-mass)
+       ("r-quadprog" ,r-quadprog)))
+    (native-inputs `(("gfortran" ,gfortran)))
+    (home-page "http://cran.r-project.org/web/packages/limSolve")
+    (synopsis "Solving linear inverse models")
+    (description
+     "This package provides functions that:
+
+@enumerate
+@item find the minimum/maximum of a linear or quadratic function,
+@item sample an underdetermined or overdetermined system,
+@item solve a linear system Ax=B for the unknown x.
+@end enumerate
+
+It includes banded and tridiagonal linear systems.  The package calls Fortran
+functions from LINPACK.")
+    ;; Any GPL version.
+    (license (list license:gpl2+ license:gpl3+))))
+
+(define-public r-fitdistrplus
+  (package
+    (name "r-fitdistrplus")
+    (version "1.0-9")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "fitdistrplus" version))
+       (sha256
+        (base32
+         "18x9454g598d54763k3hvi33iszifk7sxvhd1zg5r8z1vpixx3z6"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-mass" ,r-mass)
+       ("r-survival" ,r-survival)))
+    (home-page "http://riskassessment.r-forge.r-project.org")
+    (synopsis "Fitting a parametric distribution from data")
+    (description
+     "This package extends the @code{fitdistr} function of the MASS package
+with several functions to help the fit of a parametric distribution to
+non-censored or censored data.  Censored data may contain left-censored,
+right-censored and interval-censored values, with several lower and upper
+bounds.  In addition to @dfn{maximum likelihood estimation} (MLE), the package
+provides moment matching (MME), quantile matching (QME) and maximum
+goodness-of-fit estimation (MGE) methods (available only for non-censored
+data).  Weighted versions of MLE, MME and QME are available.")
+    (license license:gpl2+)))
+
+(define-public r-energy
+  (package
+    (name "r-energy")
+    (version "1.7-0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "energy" version))
+       (sha256
+        (base32
+         "1g4hqi6mgsnd1w4q7dd2m40ljh2jdmvad91ksbq9fscnrqpvji1x"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-boot" ,r-boot)
+       ("r-rcpp" ,r-rcpp)))
+    (home-page "http://cran.r-project.org/web/packages/energy")
+    (synopsis "Multivariate inference via the energy of data")
+    (description
+     "This package provides e-statistics (energy) tests and statistics for
+multivariate and univariate inference, including distance correlation,
+one-sample, two-sample, and multi-sample tests for comparing multivariate
+distributions, are implemented.  Measuring and testing multivariate
+independence based on distance correlation, partial distance correlation,
+multivariate goodness-of-fit tests, clustering based on energy distance,
+testing for multivariate normality, distance components (disco) for
+non-parametric analysis of structured data, and other energy
+statistics/methods are implemented.")
+    (license license:gpl2+)))
+
+(define-public r-suppdists
+  (package
+    (name "r-suppdists")
+    (version "1.1-9.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "SuppDists" version))
+       (sha256
+        (base32
+         "1ffx8wigqqvz2pnh06jjc0fnf4vq9z2rhwk2y3f9aszn18ap3dgw"))))
+    (properties `((upstream-name . "SuppDists")))
+    (build-system r-build-system)
+    (home-page "http://cran.r-project.org/web/packages/SuppDists")
+    (synopsis "Supplementary distributions")
+    (description
+     "This package provides ten distributions supplementing those built into
+R.  Inverse Gauss, Kruskal-Wallis, Kendall's Tau, Friedman's chi squared,
+Spearman's rho, maximum F ratio, the Pearson product moment correlation
+coefficient, Johnson distributions, normal scores and generalized
+hypergeometric distributions.  In addition two random number generators of
+George Marsaglia are included.")
+    (license license:gpl2+)))
+
+(define-public r-ksamples
+  (package
+    (name "r-ksamples")
+    (version "1.2-6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "kSamples" version))
+       (sha256
+        (base32
+         "1pbam0zqq44slpxdgl2s2fsfdgl7i0pgm8bzlvnm0fy0na24bgdj"))))
+    (properties `((upstream-name . "kSamples")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-suppdists" ,r-suppdists)))
+    (home-page "http://cran.r-project.org/web/packages/kSamples")
+    (synopsis "K-Sample rank tests and their combinations")
+    (description
+     "This package provides tools to compares k samples using the
+Anderson-Darling test, Kruskal-Wallis type tests with different rank score
+criteria, Steel's multiple comparison test, and the Jonckheere-Terpstra (JT)
+test.  It computes asymptotic, simulated or (limited) exact P-values, all
+valid under randomization, with or without ties, or conditionally under random
+sampling from populations, given the observed tie pattern.  Except for Steel's
+test and the JT test it also combines these tests across several blocks of
+samples.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index 6f02d8691d..0a05a10698 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 David Thompson <davet@gnu.org>
-;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox>
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
@@ -52,12 +52,13 @@
   #:use-module (guix git-download)
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
+  #:use-module (guix build-system perl)
   #:use-module (guix build-system python))
 
 (define-public libsodium
   (package
     (name "libsodium")
-    (version "1.0.12")
+    (version "1.0.13")
     (source (origin
             (method url-fetch)
             (uri (list (string-append
@@ -68,7 +69,7 @@
                         "releases/old/libsodium-" version ".tar.gz")))
             (sha256
              (base32
-              "159givfh5jgli3cifxgssivkklfyfq6lzyjgrx8h4jx5ncdqyr5q"))))
+              "1z93wfg4k5svg8yck6cgdr6ysj91kbpn03nyzwxanncy3b5sq4ww"))))
     (build-system gnu-build-system)
     (synopsis "Portable NaCl-based crypto library")
     (description
@@ -80,7 +81,7 @@ communication, encryption, decryption, signatures, etc.")
 (define-public signify
   (package
     (name "signify")
-    (version "21")
+    (version "22")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/aperezdc/signify/"
@@ -88,7 +89,7 @@ communication, encryption, decryption, signatures, etc.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0jd26kxwmmar3bylpx9x5dpqxzs17ky5dvwx8pdgcg95n4lyk223"))))
+                "0iv5bjaas70ymqchxasapin4c32c41kqzkfhc3kcjzd7rxy78msy"))))
     (build-system gnu-build-system)
     ;; TODO Build with libwaive (described in README.md), to implement something
     ;; like OpenBSD's pledge().
@@ -437,3 +438,128 @@ PKCS#8, PKCS#12, PKCS#5, X.509 and TSP.")
 
 (define-public python2-asn1crypto
   (package-with-python2 python-asn1crypto))
+
+(define-public perl-math-random-isaac-xs
+  (package
+    (name "perl-math-random-isaac-xs")
+    (version "1.004")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/J/JA/JAWNSY/"
+                           "Math-Random-ISAAC-XS-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0yxqqcqvj51fn7b7j5xqhz65v74arzgainn66c6k7inijbmr1xws"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-build" ,perl-module-build)
+       ("perl-test-nowarnings" ,perl-test-nowarnings)))
+    (home-page "http://search.cpan.org/dist/Math-Random-ISAAC-XS")
+    (synopsis "C implementation of the ISAAC PRNG algorithm")
+    (description "ISAAC (Indirection, Shift, Accumulate, Add, and Count) is a
+fast pseudo-random number generator.  It is suitable for applications where a
+significant amount of random data needs to be produced quickly, such as
+solving using the Monte Carlo method or for games.  The results are uniformly
+distributed, unbiased, and unpredictable unless you know the seed.
+
+This package implements the same interface as @code{Math::Random::ISAAC}.")
+    (license license:public-domain)))
+
+(define-public perl-math-random-isaac
+  (package
+    (name "perl-math-random-isaac")
+    (version "1.004")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/J/JA/JAWNSY/"
+                           "Math-Random-ISAAC-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0z1b3xbb3xz71h25fg6jgsccra7migq7s0vawx2rfzi0pwpz0wr7"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-test-nowarnings" ,perl-test-nowarnings)))
+    (propagated-inputs
+     `(("perl-math-random-isaac-xs" ,perl-math-random-isaac-xs)))
+    (home-page "http://search.cpan.org/dist/Math-Random-ISAAC")
+    (synopsis "Perl interface to the ISAAC PRNG algorithm")
+    (description "ISAAC (Indirection, Shift, Accumulate, Add, and Count) is a
+fast pseudo-random number generator.  It is suitable for applications where a
+significant amount of random data needs to be produced quickly, such as
+solving using the Monte Carlo method or for games.  The results are uniformly
+distributed, unbiased, and unpredictable unless you know the seed.
+
+This package provides a Perl interface to the ISAAC pseudo random number
+generator.")
+    (license license:public-domain)))
+
+(define-public perl-crypt-random-source
+  (package
+    (name "perl-crypt-random-source")
+    (version "0.12")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/E/ET/ETHER/"
+                           "Crypt-Random-Source-" version ".tar.gz"))
+       (sha256
+        (base32
+         "00mw5m52sbz9nqp3f6axyrgcrihqxn7k8gv0vi1kvm1j1nc9g29h"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-build-tiny" ,perl-module-build-tiny)
+       ("perl-test-exception" ,perl-test-exception)))
+    (propagated-inputs
+     `(("perl-capture-tiny" ,perl-capture-tiny)
+       ("perl-module-find" ,perl-module-find)
+       ("perl-module-runtime" ,perl-module-runtime)
+       ("perl-moo" ,perl-moo)
+       ("perl-namespace-clean" ,perl-namespace-clean)
+       ("perl-sub-exporter" ,perl-sub-exporter)
+       ("perl-type-tiny" ,perl-type-tiny)))
+    (home-page "http://search.cpan.org/dist/Crypt-Random-Source")
+    (synopsis "Get weak or strong random data from pluggable sources")
+    (description "This module provides implementations for a number of
+byte-oriented sources of random data.")
+    (license (package-license perl))))
+
+(define-public perl-math-random-secure
+  (package
+    (name "perl-math-random-secure")
+    (version "0.080001")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/F/FR/FREW/"
+                           "Math-Random-Secure-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0dgbf4ncll4kmgkyb9fsaxn0vf2smc9dmwqzgh3259zc2zla995z"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-list-moreutils" ,perl-list-moreutils)
+       ("perl-test-leaktrace" ,perl-test-leaktrace)
+       ("perl-test-sharedfork" ,perl-test-sharedfork)
+       ("perl-test-warn" ,perl-test-warn)))
+    (inputs
+     `(("perl-crypt-random-source" ,perl-crypt-random-source)
+       ("perl-math-random-isaac" ,perl-math-random-isaac)
+       ("perl-math-random-isaac-xs" ,perl-math-random-isaac-xs)
+       ("perl-moo" ,perl-moo)))
+    (home-page "http://search.cpan.org/dist/Math-Random-Secure")
+    (synopsis "Cryptographically secure replacement for rand()")
+    (description "This module is intended to provide a
+cryptographically-secure replacement for Perl's built-in @code{rand} function.
+\"Crytographically secure\", in this case, means:
+
+@enumerate
+@item No matter how many numbers you see generated by the random number
+generator, you cannot guess the future numbers, and you cannot guess the seed.
+@item There are so many possible seeds that it would take decades, centuries,
+or millenia for an attacker to try them all.
+@item The seed comes from a source that generates relatively strong random
+data on your platform, so the seed itself will be as random as possible.
+@end enumerate\n")
+    (license license:artistic2.0)))
diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index 576b69bb27..aba8ce7eb1 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017 Mark H Weaver <mhw@netris.org>
@@ -53,7 +53,7 @@
 (define-public cups-filters
   (package
     (name "cups-filters")
-    (version "1.13.1")
+    (version "1.14.1")
     (source(origin
               (method url-fetch)
               (uri
@@ -61,7 +61,7 @@
                               "cups-filters-" version ".tar.xz"))
               (sha256
                (base32
-                "0s7hylp2lcvc1vrqpywpv7lspkrh4xf7cyi4nbg10cf38rshj474"))
+                "0175jhqpsyn7bkh7w43ydhyws5zsdak05hr1fsadvzslvwqkffgi"))
               (modules '((guix build utils)))
               (snippet
                ;; install backends, banners and filters to cups-filters output
@@ -141,7 +141,7 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
 (define-public cups-minimal
   (package
     (name "cups-minimal")
-    (version "2.2.1")
+    (version "2.2.4")
     (source
      (origin
        (method url-fetch)
@@ -149,7 +149,7 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
                            version "/cups-" version "-source.tar.gz"))
        (sha256
         (base32
-         "1m8rwhbk0l8n19iwm51r2569jj15d0x6mpqhfig0bk3pm4577f43"))))
+         "1k4qxafmapq6hzbkh273fdyzkj9alw6ppwz5k933bhsi4svlsvar"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
@@ -339,14 +339,14 @@ device-specific programs to convert and print many types of files.")
 (define-public hplip
   (package
     (name "hplip")
-    (version "3.17.6")
+    (version "3.17.7")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/hplip/hplip/" version
                                   "/hplip-" version ".tar.gz"))
               (sha256
                (base32
-                "0zhhnp3ksd9i2maaqrsjn4p3y7im3llgylp2y8qgmqypm8s7ha40"))))
+                "03a0vkbrzvgj15il9rvr93kf5pc706gxcjk6akbkzds0zmdbsxrm"))))
     (build-system gnu-build-system)
     (home-page "http://hplipopensource.com/")
     (synopsis "HP Printer Drivers")
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index a9f219b621..23606b4810 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2015 Tomáš Čech <sleep_walker@suse.cz>
 ;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -24,6 +25,7 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix utils)
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages)
   #:use-module (gnu packages compression)
@@ -40,15 +42,15 @@
 (define-public curl
   (package
    (name "curl")
-   (replacement curl-7.54.1)
-   (version "7.53.0")
+   (replacement curl-7.55.0)
+   (version "7.54.1")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://curl.haxx.se/download/curl-"
                                 version ".tar.lzma"))
             (sha256
              (base32
-              "1k0i31xygb804c61llhin5wbpcscg4gfqmbxcfkpdr1alwh7igrq"))))
+              "0vnv3cz0s1l5cjby86hm0x6pgzqijmdm97qa9q5px200956z6yib"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"))                             ;1.2 MiB of man3 pages
@@ -121,15 +123,28 @@ tunneling, and so on.")
                                   "See COPYING in the distribution."))
    (home-page "https://curl.haxx.se/")))
 
-(define curl-7.54.1
+(define-public curl-7.55.0
   (package
     (inherit curl)
-    (version "7.54.1")
+    (version "7.55.0")
     (source
       (origin
         (method url-fetch)
         (uri (string-append "https://curl.haxx.se/download/curl-"
-                            version ".tar.lzma"))
+                            version ".tar.xz"))
+        (patches (search-patches "curl-bounds-check.patch"))
         (sha256
          (base32
-          "0vnv3cz0s1l5cjby86hm0x6pgzqijmdm97qa9q5px200956z6yib"))))))
+          "1785vxi0jamiv9d1wr1l45g0fm9ircxdfyfzf7ld8zv0z0i8bmfd"))))
+    (arguments
+     `(,@(substitute-keyword-arguments (package-arguments curl)
+           ((#:phases phases)
+            `(modify-phases ,phases
+               (add-before 'install 'fix-Makefile
+                 ;; Fix a regression in 7.55.0 where docs are not installed.
+                 ;; https://github.com/curl/curl/commit/a7bbbb7c368c6096802007f61f19a02e9d75285b
+                 (lambda _
+                   (substitute* "Makefile"
+                     (("install-data-hook:\n")
+                      "install-data-hook:\n\tcd docs/libcurl && $(MAKE) install\n"))
+                   #t)))))))))
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index bd0ff32426..648ba81aaf 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -17,6 +17,7 @@
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -53,6 +54,7 @@
   #:use-module (gnu packages gnupg)
   #:use-module (gnu packages jemalloc)
   #:use-module (gnu packages language)
+  #:use-module (gnu packages libevent)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages man)
   #:use-module (gnu packages ncurses)
@@ -126,14 +128,14 @@ either single machines or networked clusters.")
 (define-public gdbm
   (package
     (name "gdbm")
-    (version "1.12")
+    (version "1.13")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnu/gdbm/gdbm-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1smwz4x5qa4js0zf1w3asq6z7mh20zlgwbh2bk5dczw6xrk22yyr"))))
+                "0lx201q20dvc70f8a3c9s7s18z15inlxvbffph97ngvrgnyjq9cx"))))
     (arguments `(#:configure-flags '("--enable-libgdbm-compat")))
     (build-system gnu-build-system)
     (home-page "http://www.gnu.org.ua/software/gdbm")
@@ -290,10 +292,32 @@ SQL, Key/Value, XML/XQuery or Java Object storage for their data model.")
 mapping from string keys to string values.")
     (license license:bsd-3)))
 
+(define-public memcached
+  (package
+    (name "memcached")
+    (version "1.5.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://memcached.org/files/memcached-" version ".tar.gz"))
+       (sha256
+        (base32 "0chwc0g7wfvcad36z8pf2jbgygdnm9nm1l6pwjsn3d2b089gh0f0"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("libevent" ,libevent)
+       ("cyrus-sasl" ,cyrus-sasl)))
+    (home-page "https://memcached.org/")
+    (synopsis "In memory caching service")
+    (description "Memcached is a in memory key value store.  It has a small
+and generic API, and was originally intended for use with dynamic web
+applications.")
+    (license license:bsd-3)))
+
 (define-public mysql
   (package
     (name "mysql")
-    (version "5.7.18")
+    (version "5.7.19")
     (source (origin
              (method url-fetch)
              (uri (list (string-append
@@ -305,7 +329,7 @@ mapping from string keys to string values.")
                           name "-" version ".tar.gz")))
              (sha256
               (base32
-               "18m1mr55k9zmvnyqs0wr50csqsz3scs09fykh60wsml6c3np2p8b"))))
+               "1c8y54yk756179nx4dgg79dijmjdq5n8l057cnqsg70pjdpyfl9y"))))
     (build-system cmake-build-system)
     (arguments
      `(#:configure-flags
@@ -373,7 +397,7 @@ Language.")
 (define-public mariadb
   (package
     (name "mariadb")
-    (version "10.1.25")
+    (version "10.1.26")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://downloads.mariadb.org/f/"
@@ -381,7 +405,7 @@ Language.")
                                   name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1mm0n8sl6grajk5rbrx55333laz5dg2abyl8mlsn7h8vdymfq1bj"))))
+                "0ggpdcal0if9y6h9hp1yv2q65cbkjfl4p8rqk68a5pk7k75v325s"))))
     (build-system cmake-build-system)
     (arguments
      '(#:configure-flags
@@ -450,14 +474,14 @@ as a drop-in replacement of MySQL.")
 (define-public postgresql
   (package
     (name "postgresql")
-    (version "9.6.3")
+    (version "9.6.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://ftp.postgresql.org/pub/source/v"
                                   version "/postgresql-" version ".tar.bz2"))
               (sha256
                (base32
-                "1imrjp4vfslxj5rrvphcrrk21zv8kqw3gacmwradixh1d5rv6i8n"))))
+                "04yffrrmn85k25n3nq389aa9c1j8mkimrf889kayl772h9nv2fib"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags '("--with-uuid=e2fs")
@@ -730,7 +754,7 @@ for example from a shell script.")
 (define-public sqlite
   (package
    (name "sqlite")
-   (version "3.17.0")
+   (version "3.19.3")
    (source (origin
             (method url-fetch)
             (uri (let ((numeric-version
@@ -746,7 +770,7 @@ for example from a shell script.")
                                   numeric-version ".tar.gz")))
             (sha256
              (base32
-              "0k472gq0p706jq4529p60znvw02hdf172qxgbdv59q0n7anqbr54"))))
+              "00b3l2qglpl1inx21fckiwxnfq5xf6441flc79rqg7zdvh1rq4h6"))))
    (build-system gnu-build-system)
    (inputs `(("readline" ,readline)))
    (arguments
@@ -769,14 +793,14 @@ is in the public domain.")
 (define-public tdb
   (package
     (name "tdb")
-    (version "1.3.11")
+    (version "1.3.14")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.samba.org/ftp/tdb/tdb-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0i1l38h0vyck6zkcj4fn2l03spadlmyr1qa1xpdp9dy2ccbm3s1r"))))
+                "1sfbia8xyaywgx9zy7x618vrvyx9gc3cgqf763shsii9javlnz9s"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -837,6 +861,7 @@ extremely small.")
     (native-inputs
      `(("perl-dbd-sqlite" ,perl-dbd-sqlite)
        ("perl-file-temp" ,perl-file-temp)
+       ("perl-module-install" ,perl-module-install)
        ("perl-package-stash" ,perl-package-stash)
        ("perl-test-deep" ,perl-test-deep)
        ("perl-test-exception" ,perl-test-exception)
@@ -890,7 +915,8 @@ single query, \"JOIN\", \"LEFT JOIN\", \"COUNT\", \"DISTINCT\", \"GROUP BY\",
     (build-system perl-build-system)
     (native-inputs
      `(("perl-cache-cache" ,perl-cache-cache)
-       ("perl-dbd-sqlite" ,perl-dbd-sqlite)))
+       ("perl-dbd-sqlite" ,perl-dbd-sqlite)
+       ("perl-module-install" ,perl-module-install)))
     (propagated-inputs
      `(("perl-carp-clan" ,perl-carp-clan)
        ("perl-dbix-class" ,perl-dbix-class)))
@@ -913,6 +939,8 @@ built-in caching support.")
         (base32
          "1w47rh2241iy5x3a9bqsyd5kdp9sk43dksr99frzv4qn4jsazfn6"))))
     (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)))
     (propagated-inputs
      `(("perl-dbix-class" ,perl-dbix-class)))
     (home-page "http://search.cpan.org/dist/DBIx-Class-IntrospectableM2M")
@@ -943,6 +971,7 @@ introspected and examined.")
        ("perl-config-general" ,perl-config-general)
        ("perl-dbd-sqlite" ,perl-dbd-sqlite)
        ("perl-dbix-class-introspectablem2m" ,perl-dbix-class-introspectablem2m)
+       ("perl-module-install" ,perl-module-install)
        ("perl-moose" ,perl-moose)
        ("perl-moosex-markasmethods" ,perl-moosex-markasmethods)
        ("perl-moosex-nonmoose" ,perl-moosex-nonmoose)
@@ -1015,7 +1044,8 @@ columns, primary keys, unique constraints and relationships.")
                            "DBD-mysql-" version ".tar.gz"))
        (sha256
         (base32
-         "16bg7l28n65ngi1abjxvwk906a80i2vd5vzjn812dx8phdg8d7v2"))))
+         "16bg7l28n65ngi1abjxvwk906a80i2vd5vzjn812dx8phdg8d7v2"))
+       (patches (search-patches "perl-dbd-mysql-CVE-2017-10788.patch"))))
     (build-system perl-build-system)
     ;; Tests require running MySQL server
     (arguments `(#:tests? #f))
@@ -1065,7 +1095,8 @@ module, and nothing else.")
          "17sgwq3mvqjhv3b77cnvrq60xgp8harjhlnvpwmxc914rqc5ckaz"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-test-deep" ,perl-test-deep)
+     `(("perl-module-install" ,perl-module-install)
+       ("perl-test-deep" ,perl-test-deep)
        ("perl-test-exception" ,perl-test-exception)
        ("perl-test-warn" ,perl-test-warn)))
     (propagated-inputs
@@ -1179,14 +1210,14 @@ similar to BerkeleyDB, LevelDB, etc.")
 (define-public redis
   (package
     (name "redis")
-    (version "3.2.4")
+    (version "4.0.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://download.redis.io/releases/redis-"
                                   version".tar.gz"))
               (sha256
                (base32
-                "1wb9jd692a0y52bkkxr6815kk4g039mirjdrvqx24265lv2l5l1a"))))
+                "14bm8lkhylc93r4dgl7kkzzpw2xq7gr6w6h80n3jazqnx5mcsj90"))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f ; tests related to master/slave and replication fail
diff --git a/gnu/packages/datamash.scm b/gnu/packages/datamash.scm
index 78ed868fa9..60c9ba795b 100644
--- a/gnu/packages/datamash.scm
+++ b/gnu/packages/datamash.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -28,7 +28,7 @@
 (define-public datamash
   (package
     (name "datamash")
-    (version "1.1.1")
+    (version "1.2")
     (source
      (origin
       (method url-fetch)
@@ -36,7 +36,7 @@
                           version ".tar.gz"))
       (sha256
        (base32
-        "06w0pc828qsabmrlh7bc2zwc823xzxy89paaf37f6bipsyrij222"))))
+        "15jrv3ly0vgvwwi2qjmhi39n7wrklwifdk961wwfaxyc5jr6zm78"))))
     (native-inputs
      `(("which" ,which)                 ;for tests
        ("perl" ,perl)))                 ;for help2man
diff --git a/gnu/packages/dav.scm b/gnu/packages/dav.scm
index 60a628c119..86cfaa64b1 100644
--- a/gnu/packages/dav.scm
+++ b/gnu/packages/dav.scm
@@ -55,13 +55,13 @@ clients.")
 (define-public vdirsyncer
   (package
     (name "vdirsyncer")
-    (version "0.16.0")
+    (version "0.16.1")
     (source (origin
              (method url-fetch)
              (uri (pypi-uri name version))
              (sha256
               (base32
-               "0n59mhcrm24bncnphigqqnifivxgsg87pidz6gshijkkjdwzmnyg"))))
+               "0pnsb9h4r0hhmqhzx9nbrd7jawir9ysrh3wrrkhzi0ssarmxyp67"))))
     (build-system python-build-system)
     (arguments
       `(#:phases (modify-phases %standard-phases
diff --git a/gnu/packages/debug.scm b/gnu/packages/debug.scm
index 27193c8bba..0fc1f513ba 100644
--- a/gnu/packages/debug.scm
+++ b/gnu/packages/debug.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014, 2015, 2016 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2014, 2015, 2016, 2017 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -32,7 +33,7 @@
   #:use-module (gnu packages llvm)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pretty-print)
-  #:use-module (gnu packages qemu)
+  #:use-module (gnu packages virtualization)
   #:use-module (ice-9 match)
   #:use-module (srfi srfi-1))
 
@@ -166,12 +167,15 @@ tools that process C/C++ code.")
                             (%current-system))
                    ("x86_64-linux"   "x86_64")
                    ("i686-linux"     "i386")
+                   ("aarch64-linux"  "aarch64")
+                   ("armhf-linux"    "arm")
+                   ("mips64el-linux" "mips64el")
                    ;; Prevent errors when querying this package on unsupported
                    ;; platforms, e.g. when running "guix package --search="
                    (_                "UNSUPPORTED"))))
     (package
       (name "american-fuzzy-lop")
-      (version "2.15b")             ;It seems all releases have the 'b' suffix
+      (version "2.49b")             ;It seems all releases have the 'b' suffix
       (source
        (origin
          (method url-fetch)
@@ -179,7 +183,7 @@ tools that process C/C++ code.")
                              "afl-" version ".tgz"))
          (sha256
           (base32
-           "04n2jfkchpz6a07w694b0im1vcmc3220ryqcaasa7vix7784wzs2"))))
+           "1lc8mpwlbyb1iil9961yfysp8l2l4nw0s07781m1haiz4jq2rigp"))))
       (build-system gnu-build-system)
       (inputs
        `(("custom-qemu"
@@ -234,6 +238,20 @@ tools that process C/C++ code.")
                             "CC=gcc")
          #:phases (modify-phases %standard-phases
                     (delete 'configure)
+                    ,@(if (string=? (%current-system) (or "x86_64-linux"
+                                                          "i686-linux"))
+                        '()
+                        '((add-before 'build 'set-afl-flag
+                            (lambda _ (setenv "AFL_NO_X86" "1") #t))
+                          (add-after 'install 'remove-x86-programs
+                            (lambda* (#:key outputs #:allow-other-keys)
+                              (let* ((out (assoc-ref outputs "out"))
+                                     (bin (string-append out "/bin/")))
+                                (delete-file (string-append bin "afl-gcc"))
+                                (delete-file (string-append bin "afl-g++"))
+                                (delete-file (string-append bin "afl-clang"))
+                                (delete-file (string-append bin "afl-clang++")))
+                              #t))))
                     (add-after
                      ;; TODO: Build and install the afl-llvm tool.
                      'install 'install-qemu
@@ -243,10 +261,7 @@ tools that process C/C++ code.")
                          (symlink (string-append qemu "/bin/qemu-" ,machine)
                                   (string-append out "/bin/afl-qemu-trace"))
                          #t)))
-                    (delete 'check))))
-      (supported-systems (fold delete
-                               %supported-systems
-                               '("armhf-linux" "mips64el-linux")))
+                    (delete 'check)))) ; Tests are run during 'install phase.
       (home-page "http://lcamtuf.coredump.cx/afl")
       (synopsis "Security-oriented fuzzer")
       (description
@@ -287,20 +302,26 @@ down the road.")
        ;; not accept a directory name instead.  To let the gnu-build-system's
        ;; patch-* phases work properly, we unpack the source first, then
        ;; repack before the configure phase.
-       `(#:configure-flags '("--with-make-tar=./make.tar.xz")
-         #:phases
-         (modify-phases %standard-phases
-           (add-after 'unpack 'unpack-make
-             (lambda* (#:key inputs #:allow-other-keys)
-               (zero? (system* "tar" "xf" (assoc-ref inputs "make-source")))))
-           (add-before 'configure 'repack-make
-             (lambda _
-               (zero? (system* "tar" "cJf" "./make.tar.xz"
-                               (string-append "make-"
-                                              ,(package-version gnu-make))))))
-           (add-before 'configure 'bootstrap
-             (lambda _
-               (zero? (system* "autoreconf" "-vfi")))))))
+       (let ((make-dir (string-append "make-" (package-version gnu-make))))
+         `(#:configure-flags '("--with-make-tar=./make.tar.xz")
+           #:phases
+           (modify-phases %standard-phases
+             (add-after 'unpack 'unpack-make
+               (lambda* (#:key inputs #:allow-other-keys)
+                 (zero? (system* "tar" "xf" (assoc-ref inputs "make-source")))))
+             (add-after 'unpack-make 'set-default-shell
+               (lambda _
+                 ;; Taken mostly directly from (@ (gnu packages base) gnu-make)
+                 (substitute* (string-append ,make-dir "/job.c")
+                   (("default_shell = .*$")
+                    (format #f "default_shell = \"~a\";\n"
+                            (which "sh"))))))
+             (add-before 'configure 'repack-make
+               (lambda _
+                 (zero? (system* "tar" "cJf" "./make.tar.xz" ,make-dir))))
+             (add-before 'configure 'bootstrap
+               (lambda _
+                 (zero? (system* "autoreconf" "-vfi"))))))))
       (home-page "https://github.com/losalamos/stress-make")
       (synopsis "Expose race conditions in Makefiles")
       (description
diff --git a/gnu/packages/disk.scm b/gnu/packages/disk.scm
index a087141a87..030fabfa58 100644
--- a/gnu/packages/disk.scm
+++ b/gnu/packages/disk.scm
@@ -90,7 +90,7 @@ tables.  It includes a library and command-line utility.")
 (define-public fdisk
   (package
     (name "fdisk")
-    (version "2.0.0a")
+    (version "2.0.0a1")
     (source
      (origin
       (method url-fetch)
@@ -98,13 +98,27 @@ tables.  It includes a library and command-line utility.")
                           version ".tar.gz"))
       (sha256
        (base32
-        "04nd7civ561x2lwcmxhsqbprml3178jfc58fy1v7hzqg5k4nbhy3"))))
+        "1d8za79kw8ihnp2br084rgyjv9whkwp7957rzw815i0izx6xhqy9"))))
     (build-system gnu-build-system)
     (inputs
      `(("gettext" ,gettext-minimal)
        ("guile" ,guile-1.8)
        ("util-linux" ,util-linux)
        ("parted" ,parted)))
+    ;; The build neglects to look for its own headers in its own tree.  A next
+    ;; release should fix this, but may never come: GNU fdisk looks abandoned.
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'skip-broken-header-probes
+           (lambda _
+             (substitute* "backend/configure"
+               (("gnufdisk-common.h .*") "\n"))
+             #t)))
+       #:make-flags (list (string-append "CPPFLAGS="
+                                         " -I../common/include "
+                                         " -I../debug/include "
+                                         " -I../exception/include"))))
     (home-page "https://www.gnu.org/software/fdisk/")
     (synopsis "Low-level disk partitioning and formatting")
     (description
@@ -116,7 +130,7 @@ tables, and it understands a variety of different formats.")
 (define-public gptfdisk
   (package
     (name "gptfdisk")
-    (version "1.0.1")
+    (version "1.0.3")
     (source
      (origin
       (method url-fetch)
@@ -124,7 +138,7 @@ tables, and it understands a variety of different formats.")
                           version "/" name "-" version ".tar.gz"))
       (sha256
        (base32
-        "1izazbyv5n2d81qdym77i8mg9m870hiydmq4d0s51npx5vp8lk46"))))
+        "0p0vr67lnqdsgdv2y144xmjqa1a2nijrrd3clc8dc2f46pn5mzc9"))))
     (build-system gnu-build-system)
     (inputs
      `(("gettext" ,gettext-minimal)
@@ -154,9 +168,9 @@ tables, and it understands a variety of different formats.")
     (home-page "http://www.rodsbooks.com/gdisk/")
     (synopsis "Low-level GPT disk partitioning and formatting")
     (description "GPT fdisk (aka gdisk) is a text-mode partitioning tool that
-works on Globally Unique Identifier (GUID) Partition Table (GPT) disks, rather
-than on the more common (through 2009) Master Boot Record (MBR) partition
-tables.")
+works on Globally Unique Identifier (@dfn{GUID}) Partition Table (@dfn{GPT})
+disks, rather than on the older Master Boot Record (@dfn{MBR}) partition
+scheme.")
     (license license:gpl2)))
 
 (define-public ddrescue
@@ -245,7 +259,7 @@ and a @command{fsck.vfat} compatibility symlink for use in an initrd.")
 (define-public sdparm
   (package
     (name "sdparm")
-    (version "1.09")
+    (version "1.10")
     (source
      (origin
        (method url-fetch)
@@ -253,7 +267,7 @@ and a @command{fsck.vfat} compatibility symlink for use in an initrd.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "0jakqyjwi72zqjzss04bally0xl0lc4710mx8da08vpmir1hfphg"))))
+         "1jjq3lzgfy4r76rc26q02lv4wm5cb4dx5nh913h489zjrr4f3jbx"))))
     (build-system gnu-build-system)
     (home-page "http://sg.danny.cz/sg/sdparm.html")
     (synopsis "Provide access to SCSI device parameters")
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index e9fb7cc496..afae4596bd 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -99,7 +99,7 @@ and BOOTP/TFTP for network booting of diskless machines.")
 (define-public isc-bind
   (package
     (name "bind")
-    (version "9.11.1-P2")
+    (version "9.11.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -107,7 +107,7 @@ and BOOTP/TFTP for network booting of diskless machines.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "19gyh7yij6cpvk5b199ghhns5wmsz67d2rpgvl91dbkm2m1wclxz"))))
+                "0yn7wgi2y8mpmvbjbkl4va7p0xsnn48m4yjx6ynb1hzp423asikz"))))
     (build-system gnu-build-system)
     (outputs `("out" "utils"))
     (inputs
@@ -443,17 +443,17 @@ served by AS112.  Stub and forward zones are supported.")
 (define-public yadifa
   (package
     (name "yadifa")
-    (version "2.2.4")
+    (version "2.2.5")
     (source
-     (let ((revision "6924"))
+     (let ((build "6937"))
        (origin
          (method url-fetch)
          (uri
           (string-append "http://cdn.yadifa.eu/sites/default/files/releases/"
-                         name "-" version "-" revision ".tar.gz"))
+                         name "-" version "-" build ".tar.gz"))
          (sha256
           (base32
-           "060ydcfn9876bs6p5xi3p1k20ca547f4jck25r5x1hnxjlv7ss03")))))
+           "146fs52izf6dfwsxal3srpwin2yyl41g31cy4pyvbi5mqy2craj7")))))
     (build-system gnu-build-system)
     (native-inputs
      `(("which" ,which)))
@@ -470,10 +470,7 @@ served by AS112.  Stub and forward zones are supported.")
                                "--enable-shared"        "--disable-static"
                                "--enable-messages"      "--enable-ctrl"
                                "--enable-nsec"          "--enable-nsec3"
-                               "--enable-tsig"          "--enable-caching"
-                               ;; NSID is a rarely-used debugging aid, that also
-                               ;; causes the build to fail. Just disable it.
-                               "--disable-nsid")))
+                               "--enable-tsig"          "--enable-caching")))
     (home-page "http://www.yadifa.eu/")
     (synopsis "Authoritative DNS name server")
     (description "YADIFA is an authoritative name server for the @dfn{Domain
@@ -486,14 +483,14 @@ Extensions} (DNSSEC).")
 (define-public knot
   (package
     (name "knot")
-    (version "2.5.2")
+    (version "2.5.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://secure.nic.cz/files/knot-dns/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1sgmw8k9qccc7bgxbwrvahdinj1bjq90iza55rxj199mxsj72ri8"))
+                "13lxxnnw0v7s0q648grz87bwlfwjh5sfbj1qax7jdklalqqy52np"))
               (modules '((guix build utils)))
               (snippet
                '(begin
diff --git a/gnu/packages/ebook.scm b/gnu/packages/ebook.scm
index bbb127a7d9..38abf47c87 100644
--- a/gnu/packages/ebook.scm
+++ b/gnu/packages/ebook.scm
@@ -28,10 +28,14 @@
   #:use-module (gnu packages)
   #:use-module (guix build-system python)
   #:use-module (gnu packages)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages curl)
   #:use-module (gnu packages databases)
   #:use-module (gnu packages fonts)
   #:use-module (gnu packages fontutils)
   #:use-module (gnu packages freedesktop)
+  #:use-module (gnu packages fribidi)
+  #:use-module (gnu packages gtk)
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages icu4c)
@@ -41,8 +45,10 @@
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
   #:use-module (gnu packages qt)
+  #:use-module (gnu packages serialization)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages web)
+  #:use-module (gnu packages xml)
   #:use-module (gnu packages xorg))
 
 (define-public chmlib
@@ -126,6 +132,8 @@
        ("python2-lxml" ,python2-lxml)
        ("python2-markdown" ,python2-markdown)
        ("python2-mechanize" ,python2-mechanize)
+       ;; python2-msgpack is needed for the network content server to work.
+       ("python2-msgpack" ,python2-msgpack)
        ("python2-netifaces" ,python2-netifaces)
        ("python2-pillow" ,python2-pillow)
        ("python2-pygments" ,python2-pygments)
@@ -192,3 +200,80 @@ ebooks for convenient reading.")
                    license:public-domain
                    license:silofl1.1
                    license:cc-by-sa3.0))))
+
+(define-public liblinebreak
+  (package
+    (name "liblinebreak")
+    (version "2.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://sourceforge/vimgadgets"
+                                  "/liblinebreak/" version
+                                  "/liblinebreak-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1f36dbq7nc77lln1by2n1yl050g9dc63viawhs3gc3169mavm36x"))))
+    (build-system gnu-build-system)
+    (home-page "http://vimgadgets.sourceforge.net/liblinebreak/")
+    (synopsis "Library for detecting where linebreaks are allowed in text")
+    (description "@code{liblinebreak} is an implementation of the line
+breaking algorithm as described in Unicode 6.0.0 Standard Annex 14,
+Revision 26.  It breaks lines that contain Unicode characters.  It is
+designed to be used in a generic text renderer.")
+    (license license:zlib)))
+
+(define-public fbreader
+  (package
+    (name "fbreader")
+    (version "0.99.6")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/geometer/FBReader/"
+                                  "archive/" version "-freebsdport.tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0gf1nl562fqkwlzcn6rgkp1j8jcixzmfsnwxbc0sm49zh8n3zqib"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("curl" ,curl)
+       ("expat" ,expat)
+       ("fribidi" ,fribidi)
+       ("glib" ,glib)
+       ("gtk+-2" ,gtk+-2)
+       ("libjpeg" ,libjpeg)
+       ("liblinebreak" ,liblinebreak)
+       ("libxft" ,libxft)
+       ("sqlite" ,sqlite)
+       ("zlib" ,zlib)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (arguments
+     `(#:tests? #f ; No tests exist.
+       #:make-flags `("CC=gcc" "TARGET_ARCH=desktop" "UI_TYPE=gtk"
+                      "TARGET_STATUS=release"
+                      ,(string-append "INSTALLDIR="
+                                      (assoc-ref %outputs "out"))
+                      ,(string-append "LDFLAGS=-Wl,-rpath="
+                                      (assoc-ref %outputs "out") "/lib"))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure))))
+    (home-page "https://fbreader.org/")
+    (synopsis "E-Book reader")
+    (description "@code{fbreader} is an E-Book reader.  It supports the
+following formats:
+
+@enumerate
+@item CHM
+@item Docbook
+@item FB2
+@item HTML
+@item OEB
+@item PDB
+@item RTF
+@item TCR
+@item TXT
+@item XHTML
+@end enumerate")
+    (license license:gpl2+)))
diff --git a/gnu/packages/ed.scm b/gnu/packages/ed.scm
index 5014229952..d30d7bcfa8 100644
--- a/gnu/packages/ed.scm
+++ b/gnu/packages/ed.scm
@@ -28,14 +28,14 @@
 (define-public ed
   (package
     (name "ed")
-    (version "1.14.1")
+    (version "1.14.2")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/ed/ed-"
                                  version ".tar.lz"))
              (sha256
               (base32
-               "0ajm69pma7gigddlrq2qi4dsllz9vhm8gqwpkcdagdd2yaw7xfgz"))))
+               "1nqhk3n1s1p77g2bjnj55acicsrlyb2yasqxqwpx0w0djfx64ygm"))))
     (build-system gnu-build-system)
     (native-inputs `(("lzip" ,lzip)))
     (arguments
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index 75122af8b3..140a532050 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -641,30 +641,6 @@ process, passing on the arguments as command line arguments.")
 programs.")
     (license license:gpl3+)))
 
-(define-public let-alist
-  (package
-    (name "emacs-let-alist")
-    (version "1.0.4")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "https://elpa.gnu.org/packages/let-alist-"
-                                  version ".el"))
-              (sha256
-               (base32
-                "07312bvvyz86lf64vdkxg2l1wgfjl25ljdjwlf1bdzj01c4hm88x"))))
-    (build-system emacs-build-system)
-    (home-page "https://elpa.gnu.org/packages/let-alist.html")
-    (synopsis "Easily let-bind values of an assoc-list by their names")
-    (description
-     "This package offers a single Emacs Lisp macro, @code{let-alist}.  This
-macro takes a first argument, whose value must be an alist (association list),
-and a body.
-
-The macro expands to a let form containing the body, where each dotted symbol
-inside body is let-bound to their cdrs in the alist.  Only those present in
-the body are let-bound and this search is done at compile time.")
-    (license license:gpl3+)))
-
 (define-public flycheck
   (package
     (name "emacs-flycheck")
@@ -679,9 +655,7 @@ the body are let-bound and this search is done at compile time.")
                 "1rxzkaqsj48z3nska5wsgwafvwkam014dzqd32baycmxjl0jxvy7"))))
     (build-system emacs-build-system)
     (propagated-inputs
-     `(("emacs-dash" ,emacs-dash)
-       ("emacs-let-alist" ,let-alist)
-       ("emacs-seq" ,emacs-seq)))
+     `(("emacs-dash" ,emacs-dash)))
     (home-page "https://www.flycheck.org")
     (synopsis "On-the-fly syntax checking")
     (description
@@ -1113,7 +1087,7 @@ as a library for other Emacs packages.")
 (define-public emacs-auctex
   (package
     (name "emacs-auctex")
-    (version "11.90.0")
+    (version "11.91.0")
     (source
      (origin
        (method url-fetch)
@@ -1123,7 +1097,7 @@ as a library for other Emacs packages.")
              ".tar"))
        (sha256
         (base32
-         "04nsndwcf0dimgc2p1yzzrymc36amzdnjg0158nxplmjkzdp28gy"))))
+         "1yh182mxgngjmwpkyv2n9km3vyq95bqfq8mnly3dbv78nwk7f2l3"))))
     (build-system emacs-build-system)
     ;; We use 'emacs' because AUCTeX requires dbus at compile time
     ;; ('emacs-minimal' does not provide dbus).
@@ -1326,8 +1300,6 @@ single buffer.")
                      ("automake" ,automake)
                      ("pkg-config" ,pkg-config)
                      ("emacs" ,emacs-minimal)))
-    (propagated-inputs
-     `(("let-alist" ,let-alist)))
     (inputs `(("poppler" ,poppler)
               ("cairo" ,cairo)
               ("glib" ,glib)
@@ -1579,8 +1551,7 @@ strings.")
                 "1w0xghfljqg31axcnv8gzlrd8pw25nji6idnrhflq0af9qh1dw03"))))
     (build-system emacs-build-system)
     (propagated-inputs
-     `(("emacs-markdown-mode" ,emacs-markdown-mode)
-       ("let-alist" ,let-alist)))
+     `(("emacs-markdown-mode" ,emacs-markdown-mode)))
     (home-page "https://github.com/vermiculus/sx.el/")
     (synopsis "Emacs StackExchange client")
     (description
@@ -2514,6 +2485,35 @@ number.")
 @code{org-mode} to be rendered as UTF-8 characters.")
     (license license:gpl3+)))
 
+(define-public emacs-org-pomodoro
+  (package
+    (name "emacs-org-pomodoro")
+    (version "2.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://github.com/lolownia/org-pomodoro/archive/"
+             version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1jalsggw3q5kvj353f84x4nl04a5vmq07h75ggppy1627lb31zm4"))))
+    (build-system emacs-build-system)
+    (propagated-inputs
+     `(("emacs-alert" ,emacs-alert)))
+    (home-page "https://github.com/lolownia/org-pomodoro")
+    (synopsis "Pomodoro technique for org-mode")
+    (description "@code{emacs-org-pomodoro} adds very basic support for
+Pomodoro technique in Emacs org-mode.
+
+Run @code{M-x org-pomodoro} for the task at point or select one of the
+last tasks that you clocked time for.  Each clocked-in pomodoro starts
+a timer of 25 minutes and after each pomodoro a break timer of 5
+minutes is started automatically.  Every 4 breaks a long break is
+started with 20 minutes.  All values are customizable.")
+    (license license:gpl3+)))
+
 (define-public emacs-org-trello
   (package
     (name "emacs-org-trello")
@@ -2586,14 +2586,14 @@ package provides a light and a dark variant.")
 (define-public emacs-ahungry-theme
   (package
     (name "emacs-ahungry-theme")
-    (version "1.3.0")
+    (version "1.4.0")
     (source
      (origin (method url-fetch)
              (uri (string-append "https://elpa.gnu.org/packages/ahungry-theme-"
                                  version ".tar"))
              (sha256
               (base32
-               "1p2zaq0s4bbl5cx6wyab24wamw7m0mysb0v47dqjmnvfc25z84rq"))))
+               "1n8k12mfn01f20j0pyd7ycj77x0y3a008xc94frklaaqjc0v26s4"))))
     (build-system emacs-build-system)
     (home-page "https://github.com/ahungry/color-theme-ahungry")
     (synopsis "Ahungry color theme for Emacs")
@@ -2632,6 +2632,38 @@ features found in other packages it also brings many improvements as
 well as completely new features.")
     (license license:gpl3+)))
 
+(define-public emacs-highlight-symbol
+  (package
+    (name "emacs-highlight-symbol")
+    (version "1.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/nschum/highlight-symbol.el/archive/"
+                    version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1n7k1qns0fn0jsyc0hrjac5nzk21xw48yc30vyrhwvc51h0b9g90"))))
+    (build-system emacs-build-system)
+    (home-page "https://nschum.de/src/emacs/highlight-symbol")
+    (synopsis "Automatic and manual symbol highlighting for Emacs")
+    (description
+     "Use @code{highlight-symbol} to toggle highlighting of the symbol at
+point throughout the current buffer.  Use @code{highlight-symbol-mode} to keep
+the symbol at point highlighted.
+
+The functions @code{highlight-symbol-next}, @code{highlight-symbol-prev},
+@code{highlight-symbol-next-in-defun} and
+@code{highlight-symbol-prev-in-defun} allow for cycling through the locations
+of any symbol at point.  Use @code{highlight-symbol-nav-mode} to enable key
+bindings @code{M-p} and @code{M-p} for navigation.  When
+@code{highlight-symbol-on-navigation-p} is set, highlighting is triggered
+regardless of @code{highlight-symbol-idle-delay}.
+
+@code{highlight-symbol-query-replace} can be used to replace the symbol. ")
+    (license license:gpl2+)))
+
 (define-public emacs-hl-todo
   (package
     (name "emacs-hl-todo")
@@ -3006,26 +3038,6 @@ be removed from the front.  This type of data structure is sometimes called an
 ongoing operations.")
     (license license:gpl3+)))
 
-(define-public emacs-seq
-  (package
-    (name "emacs-seq")
-    (version "2.19")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "https://elpa.gnu.org/packages/seq-"
-                                  version ".tar"))
-              (sha256
-               (base32
-                "11hb7is6a4h1lscjcfrzh576j0g3m5yjydn16s6x5bxp5gsr6zha"))))
-    (build-system emacs-build-system)
-    (home-page "https://elpa.gnu.org/packages/seq.html")
-    (synopsis "Sequence manipulation functions for Emacs")
-    (description
-     "This Emacs library provides sequence-manipulation functions that
-complement basic functions provided by @code{subr.el}.  All provided functions
-work on lists, strings and vectors.")
-    (license license:gpl3+)))
-
 (define-public emacs-sparql-mode
   (package
     (name "emacs-sparql-mode")
@@ -3105,7 +3117,9 @@ E-Prime forbids the use of the \"to be\" form to strengthen your writing.")
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; There is no test suite.
-       #:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
+       #:make-flags (list (string-append "PREFIX=" %output)
+                          (string-append "LISPDIR=" %output
+                                         "/share/emacs/site-lisp/guix.d/ess"))
        #:phases
        (modify-phases %standard-phases
          (delete 'configure)
@@ -3301,14 +3315,14 @@ of its name.")
 (define-public emacs-rainbow-mode
   (package
     (name "emacs-rainbow-mode")
-    (version "0.12")
+    (version "0.13")
     (source (origin
               (method url-fetch)
               (uri (string-append
                     "http://elpa.gnu.org/packages/rainbow-mode-" version ".el"))
               (sha256
                (base32
-                "10a7qs7fvw4qi4vxj9n56j26gjk61bl79dgz4md1d26slb2j1c04"))))
+                "1d3aamx6qgqqpqijwsr02ggwrh67gfink1bir0692alfkm3zdddl"))))
     (build-system emacs-build-system)
     (home-page "http://elpa.gnu.org/packages/rainbow-mode.html")
     (synopsis "Colorize color names in buffers")
@@ -3529,8 +3543,7 @@ for search-based navigation of buffers.")
      `(("emacs-clojure-mode" ,emacs-clojure-mode)
        ("emacs-spinner" ,emacs-spinner)
        ("emacs-pkg-info" ,emacs-pkg-info)
-       ("emacs-queue" ,emacs-queue)
-       ("emacs-seq" ,emacs-seq)))
+       ("emacs-queue" ,emacs-queue)))
     (home-page "https://cider.readthedocs.org/")
     (synopsis "Clojure development environment for Emacs")
     (description
@@ -4131,7 +4144,7 @@ mode-line.")
 (define-public emacs-yasnippet
   (package
     (name "emacs-yasnippet")
-    (version "0.11.0")
+    (version "0.12.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/joaotavora/yasnippet/"
@@ -4139,7 +4152,18 @@ mode-line.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "15di6mkkf09b7qddpsrm0qln02hji3sx8blya5jxssi9wxxx9iq5"))))
+                "1yqiprighgqz1hsslph50cy09xxqabc06jffrnjcsdf6nj70xlkc"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  ;; YASnippet expects a "snippets" subdirectory in the same
+                  ;; directory as yasnippet.el, but we don't install it
+                  ;; because it's a git submodule pointing to an external
+                  ;; repository.  Adjust `yas-snippet-dirs' to prevent
+                  ;; warnings about a missing directory.
+                  (substitute* "yasnippet.el"
+                    (("^ +'yas-installed-snippets-dir\\)\\)\n")
+                     "))\n"))))))
     (build-system emacs-build-system)
     (home-page "https://github.com/joaotavora/yasnippet")
     (synopsis "Yet another snippet extension for Emacs")
@@ -4148,6 +4172,51 @@ mode-line.")
 abbreviation and automatically expand it into function templates.")
     (license license:gpl3+)))
 
+(define-public emacs-yasnippet-snippets
+  (let ((commit "885050d34737e2fb36a3e7759d60c09347bd4ce0")
+        (revision "1"))
+    (package
+      (name "emacs-yasnippet-snippets")
+      (version (string-append "1-" revision "." (string-take commit 8)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/AndreaCrotti/yasnippet-snippets")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "1m935zgglw0iakzrixld5rcjz3wnj84f8wy2mvc3pggjri9l0qr9"))))
+      (build-system trivial-build-system)
+      (arguments
+       `(#:modules ((ice-9 ftw)
+                    (ice-9 regex)
+                    (guix build utils))
+         #:builder
+         (begin
+           (use-modules (ice-9 ftw)
+                        (ice-9 regex)
+                        (guix build utils))
+           (with-directory-excursion (assoc-ref %build-inputs "source")
+             (for-each (lambda (dir)
+                         (copy-recursively
+                          dir
+                          (string-append %output
+                                         "/share/emacs/yasnippet-snippets/"
+                                         dir)))
+                       (scandir "." (lambda (fname)
+                                      (and (string-match "-mode$" fname)
+                                           (directory-exists? fname)))))))))
+      (home-page "https://github.com/AndreaCrotti/yasnippet-snippets")
+      (synopsis "Collection of YASnippet snippets for many languages")
+      (description
+       "Provides Andrea Crotti's collection of YASnippet snippets.  After installation,
+the snippets will be in \"~/.guix-profile/share/emacs/yasnippet-snippets/\".
+To make YASnippet aware of these snippets, add the above directory to
+@code{yas-snippet-dirs}.")
+      (license license:expat))))
+
 (define-public emacs-memoize
   (package
    (name "emacs-memoize")
@@ -4594,7 +4663,7 @@ It should enable you to implement low-level X11 applications.")
 (define-public emacs-exwm
   (package
     (name "emacs-exwm")
-    (version "0.14")
+    (version "0.15")
     (synopsis "Emacs X window manager")
     (source (origin
               (method url-fetch)
@@ -4602,7 +4671,7 @@ It should enable you to implement low-level X11 applications.")
                                   version ".tar"))
               (sha256
                (base32
-                "14hjjpbasm84p54fxy73fg7g1fdwqkvisdw8dwwgzkflmd647mkx"))))
+                "1y7nqry9y0a99bsdqkk9f554vczfw4sz6raadw3138835qy697jg"))))
     (build-system emacs-build-system)
     (propagated-inputs
      `(("emacs-xelb" ,emacs-xelb)))
@@ -4636,12 +4705,9 @@ It should enable you to implement low-level X11 applications.")
                      TryExec=~@*~a~@
                      Type=Application~%" ,name ,synopsis exwm-executable)))
                ;; Add a shell wrapper to bin
-               ;; Set DISPLAY variable to work around
-               ;; https://github.com/ch11ng/exwm/issues/213
                (with-output-to-file exwm-executable
                  (lambda _
                    (format #t "#!~a ~@
-                     export DISPLAY=:0 ~@
                      ~a +SI:localuser:$USER ~@
                      exec ~a --exit-with-session ~a \"$@\" --eval '~s' ~%"
                            (string-append (assoc-ref inputs "bash") "/bin/sh")
@@ -4733,12 +4799,9 @@ other operations.")
                      TryExec=~@*~a~@
                      Type=Application~%" ,name ,synopsis exwm-executable)))
                ;; Add a shell wrapper to bin
-               ;; Set DISPLAY variable to work around
-               ;; https://github.com/ch11ng/exwm/issues/213
                (with-output-to-file exwm-executable
                  (lambda _
                    (format #t "#!~a ~@
-                     export DISPLAY=:0 ~@
                      ~a +SI:localuser:$USER ~@
                      exec ~a --exit-with-session ~a \"$@\" --eval '~s' ~%"
                            (string-append (assoc-ref inputs "bash") "/bin/sh")
@@ -5171,3 +5234,149 @@ src block.")
      "@code{emacs-emamux} lets Emacs interact with the @code{tmux} terminal
 multiplexer.")
     (license license:gpl3+)))
+
+(define-public emacs-rpm-spec-mode
+  (package
+    (name "emacs-rpm-spec-mode")
+    (version "0.16")
+    (source
+     (origin
+       (method url-fetch)
+       ;; URI has the Fedora release number instead of the version
+       ;; number. This will have to updated manually every new release.
+       (uri (string-append
+             "https://src.fedoraproject.org/cgit/rpms"
+             "/emacs-rpm-spec-mode.git/snapshot"
+             "/emacs-rpm-spec-mode-f26.tar.gz"))
+       (sha256
+        (base32
+         "17dz80lhjrc89fj17pysl8slahzrqdkxgcjdk55zls6jizkr6kz3"))))
+    (build-system emacs-build-system)
+    (home-page "http://pkgs.fedoraproject.org/cgit/rpms/emacs-rpm-spec-mode.git")
+    (synopsis "Emacs major mode for editing RPM spec files")
+    (description "@code{emacs-rpm-spec-mode} provides an Emacs major mode for
+editing RPM spec files.")
+    (license license:gpl2+)))
+
+(define-public emacs-nix-mode
+  (package
+    (inherit nix)
+    (name "emacs-nix-mode")
+    (build-system emacs-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'chdir-elisp
+           ;; Elisp directory is not in root of the source.
+           (lambda _
+             (chdir "misc/emacs"))))))
+    (synopsis "Emacs major mode for editing Nix expressions")
+    (description "@code{nixos-mode} provides an Emacs major mode for editing
+Nix expressions.  It supports syntax highlighting, indenting and refilling of
+comments.")))
+
+(define-public emacs-git-messenger
+  (package
+    (name "emacs-git-messenger")
+    (version "0.18")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://github.com/syohex/emacs-git-messenger/archive/"
+             version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "17mqki6g0wx46fn7dcbcc2pjxik7vvrcb1j9jzxim8b9psbsbnp9"))))
+    (build-system emacs-build-system)
+    (propagated-inputs
+     `(("emacs-popup" ,emacs-popup)))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-before 'install 'check
+           (lambda* (#:key inputs #:allow-other-keys)
+             (zero? (system* "emacs" "--batch" "-L" "."
+                             "-L" (string-append
+                                   (assoc-ref inputs "emacs-popup")
+                                   "/share/emacs/site-lisp/guix.d/popup-"
+                                   ,(package-version emacs-popup))
+                             "-l" "test/test.el"
+                             "-f" "ert-run-tests-batch-and-exit")))))))
+    (home-page "https://github.com/syohex/emacs-git-messenger")
+    (synopsis "Popup commit message at current line")
+    (description "@code{emacs-git-messenger} provides
+@code{git-messenger:popup-message}, a function that when called, will popup
+the last git commit message for the current line.  This uses git-blame
+internally.")
+    (license license:gpl3+)))
+
+(define-public emacs-gitpatch
+  (package
+    (name "emacs-gitpatch")
+    (version "0.5.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/tumashu/gitpatch/archive/"
+                           "v" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1yj6pmic541lcnscjin300k380qp9xdfprs55xg1q57jrkq6f6k7"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/tumashu/gitpatch")
+    (synopsis "Mail git patch from Emacs")
+    (description "@code{emacs-gitpatch} lets users easily send git patches,
+created by @code{git format-patch}, from @code{magit}, @code{dired} and
+@code{ibuffer} buffers.")
+    (license license:gpl3+)))
+
+(define-public emacs-erc-hl-nicks
+  (package
+    (name "emacs-erc-hl-nicks")
+    (version "1.3.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/leathekd/erc-hl-nicks"
+                           "/archive/" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "01svpl9bps5kx4y1wnymakxya2cznqmlynvqv2r500wpnbxczrbs"))))
+    (build-system emacs-build-system)
+    (synopsis "Nickname highlighting for Emacs ERC")
+    (description "@code{erc-hl-nicks} highlights nicknames in ERC, an IRC
+client for Emacs.  The main features are:
+@itemize
+@item Auto-colorizes nicknames without having to specify colors
+@item Ignores certain characters that IRC clients add to nicknames to avoid
+duplicates (nickname, nickname’, nickname\", etc.)
+@item Attempts to produce colors with a sufficient amount of contrast between
+the nick color and the background color
+@end itemize\n")
+    (home-page "https://github.com/leathekd/erc-hl-nicks")
+    (license license:gpl3+)))
+
+(define-public emacs-engine-mode
+  (package
+    (name "emacs-engine-mode")
+    (version "2.0.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/hrs/engine-mode/archive/"
+                           "v" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1vm4p7pcp1vnwwxvps1bhm7i7hkabqqxl898knxf2hqvxys76684"))))
+    (build-system emacs-build-system)
+    (synopsis "Minor mode for defining and querying search engines")
+    (description "@code{engine-mode} is a global minor mode for Emacs.  It
+enables you to easily define search engines, bind them to keybindings, and
+query them from the comfort of your editor.")
+    (home-page "https://github.com/hrs/engine-mode")
+    (license license:gpl3+)))
diff --git a/gnu/packages/embedded.scm b/gnu/packages/embedded.scm
index e509647eae..1f7176ae78 100644
--- a/gnu/packages/embedded.scm
+++ b/gnu/packages/embedded.scm
@@ -447,7 +447,7 @@ with a layered architecture of JTAG interface and TAP support.")
          ,@(package-arguments xbinutils)))
       (native-inputs
        `(("bison" ,bison)
-         ("flex" ,flex-2.6.1) ; needed because of yywrap error
+         ("flex" ,flex)
          ("texinfo" ,texinfo)
          ("dejagnu" ,dejagnu)
          ,@(package-native-inputs xbinutils))))))
@@ -509,7 +509,8 @@ with a layered architecture of JTAG interface and TAP support.")
                   (origin-patches (package-source gcc-4.7))
                   (search-patches "gcc-4.6-gnu-inline.patch"
                                   "gcc-cross-environment-variables.patch")))))
-      (home-page "https://github.com/dbetz/propgcc-gcc"))))
+      (home-page "https://github.com/dbetz/propgcc-gcc")
+      (supported-systems (delete "aarch64-linux" %supported-systems)))))
 
 ;; Version 6 is experimental and may not work correctly.  This is why we
 ;; default to version 4, which is also used in the binary toolchain bundle
@@ -827,7 +828,7 @@ simulator.")
                  (base32
                   "14b3h2ji740s8zq5vwm4qdcxs4aa4wxi6wb9di3bv1h39x14nyr9"))))
          ("texinfo" ,texinfo)
-         ("flex" ,flex-2.6.1) ; A bug in flex prevents building with flex-2.6.3.
+         ("flex" ,flex)
          ("bison" ,bison)
          ("guile-1.8" ,guile-1.8)
          ("which" ,base:which)))
diff --git a/gnu/packages/engineering.scm b/gnu/packages/engineering.scm
index 650ac2b89c..008a96b244 100644
--- a/gnu/packages/engineering.scm
+++ b/gnu/packages/engineering.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2016 David Thompson <davet@gnu.org>
 ;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016, 2017 Theodoros Foradis <theodoros.for@openmailbox.org>
+;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -22,6 +23,7 @@
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
 (define-module (gnu packages engineering)
+  #:use-module (srfi srfi-1)
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix gexp)
@@ -32,7 +34,7 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
-  #:use-module (guix build-system cmake)
+  #:use-module (guix build-system python)
   #:use-module (gnu packages)
   #:use-module (gnu packages algebra)
   #:use-module (gnu packages autotools)
@@ -59,6 +61,7 @@
   #:use-module (gnu packages linux)               ;FIXME: for pcb
   #:use-module (gnu packages m4)
   #:use-module (gnu packages maths)
+  #:use-module (gnu packages multiprecision)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
@@ -70,8 +73,7 @@
   #:use-module (gnu packages tls)
   #:use-module (gnu packages tex)
   #:use-module (gnu packages wxwidgets)
-  #:use-module (gnu packages xorg)
-  #:use-module (srfi srfi-1))
+  #:use-module (gnu packages xorg))
 
 (define-public librecad
   (package
@@ -1013,3 +1015,117 @@ specified in high-level description language into ready-to-compile C code for
 the API of spice simulators.  Based on transformations specified in XML
 language, ADMS transforms Verilog-AMS code into other target languages.")
     (license license:gpl3)))
+
+(define-public capstone
+  (package
+    (name "capstone")
+    (version "3.0.5-rc2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/aquynh/capstone/archive/"
+                                  version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1cqms9r2p43aiwp5spd84zaccp16ih03r7sjhrv16nddahj0jz2q"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f
+       #:make-flags (list (string-append "PREFIX=" %output)
+                          "CC=gcc")
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         ;; cstool's Makefile overrides LDFLAGS, so we cannot pass it as a make flag.
+         (add-before 'build 'fix-cstool-ldflags
+           (lambda* (#:key outputs #:allow-other-keys)
+             (substitute* "cstool/Makefile"
+               (("LDFLAGS =")
+                (string-append "LDFLAGS = -Wl,-rpath=" (assoc-ref outputs "out")
+                               "/lib")))
+             #t)))))
+    (home-page "http://www.capstone-engine.org")
+    (synopsis "Lightweight multi-platform, multi-architecture disassembly framework")
+    (description
+     "Capstone is a lightweight multi-platform, multi-architecture disassembly
+framework.  Capstone can disassemble machine code for many supported architectures
+such as x86, x86_64, arm, arm64, mips, ppc, sparc, sysz and xcore.  It provides
+bindings for Python, Java, OCaml and more.")
+    (license license:bsd-3)))
+
+;; FIXME: This package has a timestamp embedded in
+;; lib/python3.5/site-packages/capstone/__pycache__/__iti__.cpython-35.pyc
+(define-public python-capstone
+  (package
+    (inherit capstone)
+    (name "python-capstone")
+    (propagated-inputs
+     `(("capstone" ,capstone)))
+    (build-system python-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'chdir-and-fix-setup-py
+           (lambda _
+             (chdir "bindings/python")
+             ;; Do not build the library again, because we already have it.
+             (substitute* "setup.py" ((".*   build_libraries.*") ""))
+             ;; This substitution tells python-capstone where to find the
+             ;; library.
+             (substitute* "capstone/__init__.py"
+               (("pkg_resources.resource_filename.*")
+                (string-append "'" (assoc-ref %build-inputs "capstone") "/lib',\n")))
+             #t)))))))
+
+(define-public python2-capstone
+  (package-with-python2 python-capstone))
+
+(define-public radare2
+  (package
+    (name "radare2")
+    (version "1.6.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://radare.mikelloc.com/get/" version "/"
+                                  name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "16ggsk40zz6hyvclvqj1r4bh4hb78jf0d6ppry1jk4r0j30wm7cm"))
+              (modules '((guix build utils)))
+              (snippet
+                '(begin
+                  (substitute* "libr/asm/p/Makefile"
+                    (("LDFLAGS\\+=") "LDFLAGS+=-Wl,-rpath=$(LIBDIR) "))
+                  (substitute* "libr/parse/p/Makefile"
+                    (("LDFLAGS\\+=") "LDFLAGS+=-Wl,-rpath=$(LIBDIR) "))
+                  (substitute* "libr/bin/p/Makefile"
+                    (("LDFLAGS\\+=") "LDFLAGS+=-Wl,-rpath=$(LIBDIR) "))))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:tests? #f; tests require git and network access
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'mklibdir
+           (lambda* (#:key inputs #:allow-other-keys)
+             (mkdir-p (string-append (assoc-ref %outputs "out") "/lib"))
+             #t)))
+       #:configure-flags
+       (list "--with-sysmagic" "--with-syszip" "--with-openssl"
+             "--without-nonpic" "--with-rpath" "--with-syscapstone")
+       #:make-flags
+       (list "CC=gcc")))
+    (inputs
+     `(("openssl" ,openssl)
+       ("zip" ,zip)
+       ("gmp" ,gmp)
+       ("capstone" ,capstone)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "https://radare.org/")
+    (synopsis "Portable reversing framework")
+    (description
+      "Radare project started as a forensics tool, a scriptable commandline
+hexadecimal editor able to open disk files, but later support for analyzing
+binaries, disassembling code, debugging programs, attaching to remote gdb
+servers, ...")
+    (license license:lgpl3)))
diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm
index 866db9687c..8c25f38aae 100644
--- a/gnu/packages/enlightenment.scm
+++ b/gnu/packages/enlightenment.scm
@@ -53,12 +53,13 @@
   #:use-module (gnu packages python)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages video)
+  #:use-module (gnu packages xdisorg)
   #:use-module (gnu packages xorg))
 
 (define-public efl
   (package
     (name "efl")
-    (version "1.19.1")
+    (version "1.20.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -66,7 +67,7 @@
                     version ".tar.xz"))
               (sha256
                (base32
-                "0fndwraca9rg0bz3al4isdprvyw56szr88qiyvglb4j8ygsylscc"))))
+                "0zll6k4xbbdsxqg53g8jddgv889g5m1xh20i03iz5a52y2bcnh55"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -101,11 +102,11 @@
        ("libxscrnsaver" ,libxscrnsaver)
        ("libxtst" ,libxtst)
        ("lz4" ,lz4)
-       ("mesa" ,mesa)
        ("openjpeg" ,openjpeg-1)
        ("poppler" ,poppler)
        ("printproto" ,printproto)
        ("scrnsaverproto" ,scrnsaverproto)
+       ("wayland-protocols" ,wayland-protocols)
        ("xextproto" ,xextproto)
        ("xinput" ,xinput)
        ("xpr" ,xpr)
@@ -122,11 +123,15 @@
        ("glib" ,glib) ; ecore.pc, ecore-cxx.pc
        ("harfbuzz" ,harfbuzz) ; evas.pc, evas-cxx.pc
        ("luajit" ,luajit) ; elua.pc, evas.pc, evas-cxx.pc
+       ("libinput" ,libinput-minimal) ; elput.pc
        ("libpng" ,libpng) ; evas.pc, evas-cxx.pc
        ("libsndfile" ,libsndfile) ; ecore-audio.pc, ecore-audio-cxx.pc
+       ("libxkbcommon" ,libxkbcommon) ; ecore-wl2.pc, elementary.pc, elput.pc
+       ("mesa" ,mesa) ; ecore-drm2.pc
        ("openssl" ,openssl) ; ecore-con.pc, eet.pc, eet-cxx.pc, emile.pc
        ("pulseaudio" ,pulseaudio) ; ecore-audio.pc, ecore-audio-cxx.pc
        ("util-linux" ,util-linux) ; mount: eeze.pc
+       ("wayland" ,wayland) ; ecore-wl2.pc, elementary.pc
        ("zlib" ,zlib))) ; eet.pc, eet-cxx.pc, emile.pc
     (arguments
      `(#:configure-flags '("--disable-silent-rules"
@@ -137,7 +142,11 @@
                            "--enable-multisense"
                            "--with-opengl=es"
                            "--enable-egl"
-                           "--enable-harfbuzz")
+                           "--enable-harfbuzz"
+                           ;; for wayland
+                           "--enable-wayland"
+                           "--enable-elput"
+                           "--enable-drm")
        #:phases
        (modify-phases %standard-phases
          (add-after 'unpack 'set-home-directory
@@ -156,7 +165,7 @@ removable devices or support for multimedia.")
 (define-public terminology
   (package
     (name "terminology")
-    (version "1.0.0")
+    (version "1.1.0")
     (source (origin
               (method url-fetch)
               (uri
@@ -164,7 +173,23 @@ removable devices or support for multimedia.")
                               "terminology/terminology-" version ".tar.xz"))
               (sha256
                (base32
-                "1x4j2q4qqj10ckbka0zaq2r2zm66ff1x791kp8slv1ff7fw45vdz"))))
+                "13rl1k22yf8qrpzdm5nh6ij641fibadr2ww1r7rnz7mbhzj3d4gb"))
+              (modules '((guix build utils)))
+              ;; Remove the bundled fonts.
+              ;; TODO: Remove bundled lz4.
+              (snippet
+               '(begin
+                  (delete-file-recursively "data/fonts")
+                  (substitute* '("data/Makefile.in" "data/Makefile.am")
+                    (("fonts") ""))
+                  (substitute* "configure"
+                    (("data/fonts/Makefile") "")
+                    (("\\\"data/fonts/Makefile") "# \"data/fonts/Makefile"))
+                  (substitute* '("data/themes/Makefile.in"
+                                 "data/themes/Makefile.am"
+                                 "data/themes/nyanology/Makefile.in"
+                                 "data/themes/nyanology/Makefile.am")
+                    (("-fd \\$\\(top_srcdir\\)/data/fonts") ""))))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -173,7 +198,8 @@ removable devices or support for multimedia.")
            ;; FATAL: Cannot create run dir '/homeless-shelter/.run' - errno=2
            (lambda _ (setenv "HOME" "/tmp") #t)))))
     (native-inputs
-     `(("pkg-config" ,pkg-config)))
+     `(("gettext" ,gettext-minimal)
+       ("pkg-config" ,pkg-config)))
     (inputs
      `(("efl" ,efl)))
     (home-page "https://www.enlightenment.org/about-terminology")
@@ -277,14 +303,17 @@ embedded systems.")
 (define-public python-efl
   (package
     (name "python-efl")
-    (version "1.19.0")
+    (version "1.20.0")
     (source
       (origin
         (method url-fetch)
-        (uri (pypi-uri "python-efl" version))
+        (uri (list
+               (pypi-uri "python-efl" version)
+               (string-append "http://download.enlightenment.org/rel/bindings/"
+                              "python/python-efl-" version ".tar.gz")))
         (sha256
          (base32
-          "0l0f9bv1134qh5376p5asycncidrhp8hdb6qwd8ybr1a61q9zq67"))))
+          "1680pgpf501nhbc9arm0nfj6rpcw17aryh0pgmmmszxlgpifpdzy"))))
     (build-system python-build-system)
     (arguments
      '(#:phases
@@ -303,11 +332,7 @@ embedded systems.")
           (lambda _
             ;; Some tests require write access to HOME.
             (setenv "HOME" "/tmp")
-            #t)))
-       ;; FIXME: Some tests require a running D-Bus server or a network
-       ;; connection and should be disabled. Other test failures looks
-       ;; legitimate. Disabled for now, needs work!
-       #:tests? #f))
+            #t)))))
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("python-cython" ,python-cython)))
@@ -327,7 +352,7 @@ Libraries stack (eo, evas, ecore, edje, emotion, ethumb and elementary).")
 (define-public edi
   (package
     (name "edi")
-    (version "0.5.0")
+    (version "0.5.1")
     (source
       (origin
         (method url-fetch)
@@ -335,7 +360,7 @@ Libraries stack (eo, evas, ecore, edje, emotion, ethumb and elementary).")
                             "download/v" version "/edi-" version ".tar.bz2"))
         (sha256
          (base32
-          "1l90x1bw82a0df6r11wd55qizhi99gg0qcljwxga606ahy6ycnkn"))))
+          "0k0ymi9ilhkypqb9pniv365kh3jgbl2g2k0ylvsmisn2jhbqk49a"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
diff --git a/gnu/packages/erlang.scm b/gnu/packages/erlang.scm
index 07f117e283..a400e712d5 100644
--- a/gnu/packages/erlang.scm
+++ b/gnu/packages/erlang.scm
@@ -23,6 +23,7 @@
   #:use-module (guix build-system gnu)
   #:use-module (guix download)
   #:use-module (guix packages)
+  #:use-module (gnu packages)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages fontutils)
   #:use-module (gnu packages gl)
@@ -34,7 +35,7 @@
 (define-public erlang
   (package
     (name "erlang")
-    (version "19.3")
+    (version "20.0")
     (source (origin
               (method url-fetch)
               ;; The tarball from http://erlang.org/download contains many
@@ -45,7 +46,8 @@
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1b47jh549yywyp8fbs8a8j4ydr3zn982navzyqvlms6rg8vwb0pw"))))
+                "1azjjyb743i6vjq7rnh5qnslsqg0x60a9zrlhg9n3dpm13z1b22l"))
+              (patches (search-patches "erlang-man-path.patch"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("perl" ,perl)
@@ -60,7 +62,7 @@
                                version ".tar.gz"))
            (sha256
             (base32
-             "0p6r3n3y7lbhv38sw8f2vi1xlmc137gyspk9ap086w1nszyjy6gq"))))))
+             "1k25p37w1l1j20qd8rga4j4q7s7r0rbsi02x3xwzhw51jhm59wdp"))))))
     (inputs
      `(("ncurses" ,ncurses)
        ("openssl" ,openssl)
@@ -109,8 +111,7 @@
                  (("date\\(\\), time\\(\\),")
                   (date->string source-date-epoch
                                 "{~Y,~m,~d}, {~H,~M,~S},")))
-               (substitute* '("lib/dialyzer/test/small_SUITE_data/src/gs_make.erl"
-                              "lib/gs/src/gs_make.erl")
+               (substitute* "lib/dialyzer/test/small_SUITE_data/src/gs_make.erl"
                  (("tuple_to_list\\(date\\(\\)\\),tuple_to_list\\(time\\(\\)\\)")
                   (date->string
                     source-date-epoch
diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm
index a6239877a0..050e6715b1 100644
--- a/gnu/packages/file.scm
+++ b/gnu/packages/file.scm
@@ -28,14 +28,14 @@
 (define-public file
   (package
    (name "file")
-    (version "5.28")
+    (version "5.30")
     (source (origin
               (method url-fetch)
               (uri (string-append "ftp://ftp.astron.com/pub/file/file-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "04p0w9ggqq6cqvwhyni0flji1z0rwrz896hmhkxd2mc6dca5xjqf"))))
+                "057jpcyy8ws7q4s4sm8r1rxb8xycdbng2z4y9i98f094wlr28k39"))))
    (build-system gnu-build-system)
 
    ;; When cross-compiling, this package depends upon a native install of
diff --git a/gnu/packages/finance.scm b/gnu/packages/finance.scm
index 04ae70b07a..748b59c9e1 100644
--- a/gnu/packages/finance.scm
+++ b/gnu/packages/finance.scm
@@ -70,7 +70,8 @@
        ("miniupnpc" ,miniupnpc)
        ("openssl" ,openssl)
        ("protobuf" ,protobuf)
-       ("qtbase" ,qtbase)))
+       ;; TODO Build with the modular Qt.
+       ("qt" ,qt)))
     (arguments
      `(#:configure-flags
         (list
diff --git a/gnu/packages/flashing-tools.scm b/gnu/packages/flashing-tools.scm
index f25c25fbfb..127fc795a3 100644
--- a/gnu/packages/flashing-tools.scm
+++ b/gnu/packages/flashing-tools.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Jonathan Brielmaier <jonathan.brielmaier@web.de>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -82,6 +83,37 @@ network/graphics/storage controller cards, and various other
 programmer devices.")
     (license gpl2)))
 
+(define-public 0xffff
+  (package
+    (name "0xffff")
+    (version "0.7")
+    (source
+     (origin
+      (method url-fetch)
+      (uri (string-append "https://github.com/pali/0xffff/archive/"
+                          version ".tar.gz"))
+      (file-name (string-append "0xFFFF" version ".tar.gz" ))
+      (sha256
+       (base32
+        "1g4032c81wkk37wvbg1dxcqq6mnd76y9x7f2crmzqi6z4q9jcxmj"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("libusb",libusb-0.1))) ; doesn't work with libusb-compat
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (delete 'configure)) ; no configure
+       #:make-flags (list (string-append "PREFIX=" %output))
+       #:tests? #f)) ; no 'check' target
+    (home-page "https://github.com/pali/0xFFFF")
+    (synopsis "Flash FIASCO images on Maemo devices")
+    (description
+     "The Open Free Fiasco Firmware Flasher (0xFFFF) is a flashing tool
+for FIASCO images.  It supports generating, unpacking, editing and
+flashing of FIASCO images for Maemo devices.  Use it with care.  It can
+brick your device.")
+    (license gpl3+)))
+
 (define-public avrdude
   (package
     (name "avrdude")
diff --git a/gnu/packages/flex.scm b/gnu/packages/flex.scm
index 1470b967da..b09ac0bb89 100644
--- a/gnu/packages/flex.scm
+++ b/gnu/packages/flex.scm
@@ -32,7 +32,7 @@
 (define-public flex
   (package
     (name "flex")
-    (version "2.6.3")
+    (version "2.6.4")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -41,7 +41,7 @@
                     "flex-" version ".tar.gz"))
               (sha256
                (base32
-                "1an2cn2z85mkpgqcinh1fhhcd7993qm2lil1yxic8iz76ci79ck8"))))
+                "15g9bv236nzi665p9ggqjlfn4dwck5835vf0bbw2cz7h5c1swyp8"))))
     (build-system gnu-build-system)
     (inputs
      (let ((bison-for-tests
@@ -86,10 +86,6 @@ executes the corresponding C code.")
     (license (non-copyleft "file://COPYING"
                            "See COPYING in the distribution."))))
 
-;;; Many packages fail to build with flex > 2.6.1, due to this bug in flex:
-;;; <https://github.com/westes/flex/issues/162>
-;;; We must not use a flex before 2.6.1, due to CVE-2016-6354.
-;;; TODO Try using flex > 2.6.3.
 (define-public flex-2.6.1
   (package
     (inherit flex)
diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm
index ceadbe1c39..69ef743cba 100644
--- a/gnu/packages/fonts.scm
+++ b/gnu/packages/fonts.scm
@@ -7,7 +7,7 @@
 ;;; Copyright © 2015 Eric Dvorsak <eric@dvorsak.fr>
 ;;; Copyright © 2015, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015, 2016 Leo Famulari <leo@famulari.name>
-;;; Copyright © 2016, 2017 ng0 <ng0@no-reply.pragmatique.xyz>
+;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2016 Jookia <166291@gmail.com>
 ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2016 Dmitry Nikolaev <cameltheman@gmail.com>
@@ -49,7 +49,6 @@
   #:use-module (gnu packages base)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages fontutils)
-  #:use-module (gnu packages golang)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
@@ -140,7 +139,7 @@ provide serif, sans and monospaced variants.")
               (base32
                "1p3qs51x5327gnk71yq8cvmxc6wgx79sqxfvxcv80cdvgggjfnyv"))))
     (build-system font-build-system)
-    (home-page "http://www.gnome.org/fonts/")
+    (home-page "https://www.gnome.org/fonts/")
     (synopsis "Bitstream Vera sans-serif typeface")
     (description "Vera is a sans-serif typeface from Bitstream, Inc.  This
 package provides the TrueType (TTF) files.")
@@ -472,24 +471,7 @@ variants.")
               (sha256
                (base32
                 "1mkmxq8g2hjcglb3zajfqj20r4r88l78ymsp2xyl5yav8w3f7dz4"))))
-    (build-system trivial-build-system)
-    (arguments
-     `(#:modules ((guix build utils))
-       #:builder
-       (begin
-         (use-modules (guix build utils))
-         (let ((PATH (string-append (assoc-ref %build-inputs "tar")  "/bin:"
-                                    (assoc-ref %build-inputs "gzip") "/bin"))
-               (font-dir (string-append (assoc-ref %outputs "out")
-                                        "/share/fonts/wenquanyi/")))
-           (setenv "PATH" PATH)
-           (mkdir-p font-dir)
-           (system* "tar" "xvf" (assoc-ref %build-inputs "source"))
-           (chdir "wqy-zenhei")
-           (install-file "wqy-zenhei.ttc" font-dir)))))
-    (native-inputs
-     `(("gzip" ,gzip)
-       ("tar" ,tar)))
+    (build-system font-build-system)
     (home-page "http://wenq.org/wqy2/")
     (synopsis "CJK font")
     (description
@@ -516,23 +498,7 @@ ko (Korean) locales for @code{fontconfig}.")
               (sha256
                (base32
                 "0gi1yxqph8xx869ichpzzxvx6y50wda5hi77lrpacdma4f0aq0i8"))))
-    (build-system trivial-build-system)
-    (arguments
-     `(#:modules ((guix build utils))
-       #:builder
-       (begin
-         (use-modules (guix build utils))
-         (let ((PATH (string-append (assoc-ref %build-inputs "tar")  "/bin:"
-                                    (assoc-ref %build-inputs "gzip") "/bin"))
-               (font-dir (string-append (assoc-ref %outputs "out")
-                                        "/share/fonts/wenquanyi")))
-           (mkdir-p font-dir)
-           (setenv "PATH" PATH)
-           (system* "tar" "xvf" (assoc-ref %build-inputs "source"))
-           (install-file "wqy-microhei/wqy-microhei.ttc" font-dir)))))
-    (native-inputs
-     `(("gzip" ,gzip)
-       ("tar" ,tar)))
+    (build-system font-build-system)
     (home-page "http://wenq.org/wqy2/")
     (synopsis "CJK font")
     (description
@@ -594,7 +560,7 @@ languages, plus Greek and Cyrillic.")
 (define-public font-gnu-unifont
   (package
     (name "font-gnu-unifont")
-    (version "10.0.04")
+    (version "10.0.05")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -602,7 +568,7 @@ languages, plus Greek and Cyrillic.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "150p79rq4rzb4pbg2dwcz93k1chzzvm0l0nwh60spw19nfyrxj0p"))))
+                "07sajc32l2knnz6gmd81zxjhcxq8xr6r2kf42wig56vj05s3d1cb"))))
     (build-system gnu-build-system)
     (outputs '("out" ; TrueType version
                "pcf" ; PCF (bitmap) version
@@ -655,35 +621,14 @@ utilities to ease adding new glyphs to the font.")
     (name "font-google-noto")
     (version "20170403")
     (source (origin
-              (method url-fetch)
+              (method url-fetch/zipbomb)
               (uri (string-append "https://noto-website.storage.googleapis.com/"
                                   "pkgs/Noto-hinted.zip"))
+              (file-name (string-append name "-" version ".zip"))
               (sha256
                (base32
                 "1p92a6dvs7wqwjfpp1ahr9z1wz35am0l8r78521383spd77bmrfm"))))
-    (build-system trivial-build-system)
-    (arguments
-     `(#:modules ((guix build utils))
-       #:builder (begin
-                   (use-modules (guix build utils)
-                                (srfi srfi-26))
-
-                   (let ((PATH     (string-append (assoc-ref %build-inputs
-                                                             "unzip")
-                                                  "/bin"))
-                         (font-dir (string-append %output
-                                                  "/share/fonts/truetype")))
-                     (setenv "PATH" PATH)
-                     (system* "unzip" (assoc-ref %build-inputs "source"))
-
-                     (mkdir-p font-dir)
-                     (for-each (lambda (ttf)
-                                 (install-file ttf font-dir))
-                               (find-files "." "\\.ttf$"))
-                     (for-each (lambda (otf)
-                                 (install-file otf font-dir))
-                               (find-files "." "\\.otf$"))))))
-    (native-inputs `(("unzip" ,unzip)))
+    (build-system font-build-system)
     (home-page "https://www.google.com/get/noto/")
     (synopsis "Fonts to cover all languages")
     (description "Google Noto Fonts is a family of fonts designed to support
@@ -1041,7 +986,7 @@ programming.  Iosevka is completely generated from its source code.")
 Holmes type foundry, released under the same license as the Go programming
 language.  It includes a set of proportional, sans-serif fonts, and a set of
 monospace, slab-serif fonts.")
-      (license (package-license go-1.4)))))
+      (license license:bsd-3))))
 
 (define-public font-google-material-design-icons
   (package
@@ -1068,41 +1013,32 @@ have been optimized for beautiful display on all common platforms and display
 resolutions.")
     (license license:asl2.0)))
 
-(define-public font-mathjax
+(define-public font-open-dyslexic
   (package
-    (name "font-mathjax")
-    (version "2.7.1")
+    (name "font-open-dyslexic")
+    (version "20160623")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append
-             "https://github.com/mathjax/MathJax/archive/"
-             version ".tar.gz"))
+       (uri (string-append "https://github.com/antijingoist/open-dyslexic/"
+                           "archive/" version "-Stable.tar.gz"))
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "0sbib5lk0jrvbq6s72ag6ss3wjlz5wnk07ddxij1kp96yg3c1d1b"))))
-    (build-system trivial-build-system)
-    (arguments
-     `(#:modules ((guix build utils))
-       #:builder
-       (begin
-         (use-modules (guix build utils)
-                      (ice-9 match))
-         (set-path-environment-variable
-          "PATH" '("bin") (map (match-lambda
-                                 ((_ . input)
-                                  input))
-                               %build-inputs))
-         (let ((install-directory (string-append %output "/share/fonts/mathjax")))
-           (mkdir-p install-directory)
-           (zero? (system* "tar" "-C" install-directory "-xvf"
-                           (assoc-ref %build-inputs "source")
-                           "MathJax-2.7.1/fonts" "--strip" "2"))))))
-    (native-inputs
-     `(("gzip" ,gzip)
-       ("tar" ,tar)))
-    (home-page "https://www.mathjax.org/")
-    (synopsis "Fonts for MathJax")
-    (description "This package contains the fonts required for MathJax.")
-    (license license:asl2.0)))
+         "0al0j9kb32kfavcpq1kigsd36yzvf5yhzqhds0jkh7ngbxyxwkx4"))))
+    (build-system font-build-system)
+    (home-page "https://opendyslexic.org")
+    (synopsis "Font for dyslexics and high readability")
+    (description "OpenDyslexic is a font designed to help readability for some
+of the symptoms of dyslexia.  Letters have heavy weighted bottoms to provide
+an indication of orientation to make it more difficult to confuse with other
+similar letters.  Consistently weighted bottoms can also help reinforce the
+line of text.  The unique shapes of each letter can help prevent flipping and
+swapping.  The italic style for OpenDyslexic has been crafted to be used for
+emphasis while still being readable.")
+    (license
+     (license:fsdg-compatible
+      "https://www.gnome.org/fonts/#Final_Bitstream_Vera_Fonts"
+      "The Font Software may be sold as part of a larger software package but
+no copy of one or more of the Font Software typefaces may be sold by
+itself."))))
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index 75736a73d0..bd74c4d6aa 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -34,6 +34,7 @@
   #:use-module (gnu packages bison)
   #:use-module (gnu packages flex)
   #:use-module (gnu packages glib)
+  #:use-module (gnu packages gperf)
   #:use-module (gnu packages xorg)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages xml)
@@ -48,14 +49,13 @@
 (define-public freetype
   (package
    (name "freetype")
-   (replacement freetype/fixed)
-   (version "2.7.1")
+   (version "2.8")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://savannah/freetype/freetype-"
                                 version ".tar.bz2"))
             (sha256 (base32
-                     "121gm15ayfg3rglby8ifh8384mcjb9dhmx9j40zl7yszw72b4frs"))))
+                     "02xlj611alpvl3h33hvfw1jyxc1vp9mzwcckkiglkhn3hknh7im3"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("pkg-config" ,pkg-config)))
@@ -74,15 +74,6 @@ anti-aliased glyph bitmap generation with 256 gray levels.")
    (license license:freetype)           ; some files have other licenses
    (home-page "https://www.freetype.org/")))
 
-(define freetype/fixed
-  (package
-    (inherit freetype)
-    (source
-      (origin
-        (inherit (package-source freetype))
-        (patches (search-patches "freetype-CVE-2017-8105.patch"
-                                 "freetype-CVE-2017-8287.patch"))))))
-
 (define-public ttfautohint
   (package
     (name "ttfautohint")
@@ -235,22 +226,21 @@ fonts to/from the WOFF2 format.")
 (define-public fontconfig
   (package
    (name "fontconfig")
-   (version "2.12.1")
+   (version "2.12.3")
    (source (origin
             (method url-fetch)
             (uri (string-append
                    "https://www.freedesktop.org/software/fontconfig/release/fontconfig-"
                    version ".tar.bz2"))
-            (patches (search-patches "fontconfig-charwidth-symbol-conflict.patch"
-                                     "fontconfig-path-max.patch"))
             (sha256 (base32
-                     "1wy7svvp7df6bjpg1m5vizb3ngd7rhb20vpclv3x3qa71khs6jdl"))))
+                     "1ggq6jmz3mlzk4xjs615aqw9h3hq33chjn82bhli26kk09kby95x"))))
    (build-system gnu-build-system)
    (propagated-inputs `(("expat" ,expat)
                         ("freetype" ,freetype)))
    (inputs `(("gs-fonts" ,gs-fonts)))
    (native-inputs
-      `(("pkg-config" ,pkg-config)))
+    `(("gperf" ,gperf) ; Try dropping this for > 2.12.3.
+      ("pkg-config" ,pkg-config)))
    (arguments
     `(#:configure-flags
       (list "--with-cache-dir=/var/cache/fontconfig"
@@ -268,10 +258,12 @@ fonts to/from the WOFF2 format.")
             "PYTHON=false")
       #:phases
       (modify-phases %standard-phases
-        (add-after 'unpack 'fix-tests-for-freetype-2.7.1
+        (add-before 'configure 'regenerate-fcobjshash
+          ;; XXX The pre-generated gperf files are broken.
+          ;; See <https://bugs.freedesktop.org/show_bug.cgi?id=101280>.
           (lambda _
-            (substitute* "test/run-test.sh"
-              (("\\\| sort") "| cut -d' ' -f2 | sort"))
+            (delete-file "src/fcobjshash.h")
+            (delete-file "src/fcobjshash.gperf")
             #t))
         (replace 'install
                  (lambda _
@@ -385,8 +377,7 @@ applications should be.")
 (define-public graphite2
   (package
    (name "graphite2")
-   (version "1.3.9")
-   (replacement graphite2/fixed)
+   (version "1.3.10")
    (source
      (origin
        (method url-fetch)
@@ -395,7 +386,7 @@ applications should be.")
        (patches (search-patches "graphite2-ffloat-store.patch"))
        (sha256
         (base32
-         "0rs5h7m340z75kygx8d72cps0q6yvvqa9i788vym7585cfv8a0gc"))))
+         "1bm1rl2ww0m8rvmknh8fpajyz9xqv43qs9qrzf7xd5gaz6rf7zch"))))
    (build-system cmake-build-system)
    (native-inputs
     `(("python" ,python-2) ; because of "import imap" in tests
@@ -411,21 +402,6 @@ and returns a sequence of positioned glyphids from the font.")
    (license license:lgpl2.1+)
    (home-page "https://github.com/silnrsi/graphite")))
 
-(define graphite2/fixed
-  (package
-    (inherit graphite2)
-    (name "graphite2")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (let ((version "1.3.10"))
-              (string-append "https://github.com/silnrsi/graphite/releases/"
-                             "download/" version "/" name "-" version ".tgz")))
-       (patches (search-patches "graphite2-ffloat-store.patch"))
-       (sha256
-        (base32
-         "1bm1rl2ww0m8rvmknh8fpajyz9xqv43qs9qrzf7xd5gaz6rf7zch"))))))
-
 (define-public potrace
   (package
     (name "potrace")
diff --git a/gnu/packages/gforth.scm b/gnu/packages/forth.scm
index b2a67ce58c..6d66faf5d6 100644
--- a/gnu/packages/gforth.scm
+++ b/gnu/packages/forth.scm
@@ -17,7 +17,7 @@
 ;;; You should have received a copy of the GNU General Public License
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
-(define-module (gnu packages gforth)
+(define-module (gnu packages forth)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
diff --git a/gnu/packages/fpga.scm b/gnu/packages/fpga.scm
index 420d0aff28..2208775772 100644
--- a/gnu/packages/fpga.scm
+++ b/gnu/packages/fpga.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
-;;; Copyright © 2016 Theodoros Foradis <theodoros.for@openmailbox.org>
+;;; Copyright © 2016, 2017 Theodoros Foradis <theodoros.for@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -36,6 +36,7 @@
   #:use-module (gnu packages graphviz)
   #:use-module (gnu packages libffi)
   #:use-module (gnu packages linux)
+  #:use-module (gnu packages maths)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages ghostscript)
   #:use-module (gnu packages gperf)
@@ -198,6 +199,8 @@ For synthesis, the compiler generates netlists in the desired format.")
        ("psmisc" ,psmisc)
        ("xdot" ,xdot)
        ("abc" ,abc)))
+    (propagated-inputs
+     `(("z3" ,z3))) ; should be in path for yosys-smtbmc
     (home-page "http://www.clifford.at/yosys/")
     (synopsis "FPGA Verilog RTL synthesizer")
     (description "Yosys synthesizes Verilog-2005.")
diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm
index df2fe787fb..93df44cac7 100644
--- a/gnu/packages/freedesktop.scm
+++ b/gnu/packages/freedesktop.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
-;;; Copyright © 2015 Andy Wingo <wingo@pobox.com>
+;;; Copyright © 2015, 2017 Andy Wingo <wingo@pobox.com>
 ;;; Copyright © 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com>
@@ -405,7 +405,7 @@ applications, X servers (rootless or fullscreen) or other display servers.")
 (define-public wayland-protocols
   (package
     (name "wayland-protocols")
-    (version "1.7")
+    (version "1.9")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -413,7 +413,7 @@ applications, X servers (rootless or fullscreen) or other display servers.")
                     "wayland-protocols-" version ".tar.xz"))
               (sha256
                (base32
-                "07qw166s6bm81zfnhf4lmww6wj0il960fm3vp7n1z3rign9jlpv3"))))
+                "0xag2yci0l13brmq2k12vdv0wlnb2j0rxk2cnp170fya63g74sv6"))))
     (build-system gnu-build-system)
     (inputs
      `(("wayland" ,wayland)))
@@ -657,10 +657,17 @@ message bus.")
        (modify-phases %standard-phases
          (add-before
           'configure 'pre-configure
-          (lambda _
-            ;; Don't try to create /var/lib/AccoutsService.
+          (lambda* (#:key inputs #:allow-other-keys)
+            ;; Don't try to create /var/lib/AccountsService.
             (substitute* "src/Makefile.in"
               (("\\$\\(MKDIR_P\\).*/lib/AccountsService.*") "true"))
+            (let ((shadow (assoc-ref inputs "shadow")))
+              (substitute* '("src/user.c" "src/daemon.c")
+                (("/usr/sbin/usermod") (string-append shadow "/sbin/usermod"))
+                (("/usr/sbin/useradd") (string-append shadow "/sbin/useradd"))
+                (("/usr/sbin/userdel") (string-append shadow "/sbin/userdel"))
+                (("/usr/bin/passwd")   (string-append shadow "/bin/passwd"))
+                (("/usr/bin/chage")    (string-append shadow "/bin/chage"))))
             #t)))))
     (native-inputs
      `(("glib:bin" ,glib "bin") ; for gdbus-codegen, etc.
@@ -668,7 +675,8 @@ message bus.")
        ("intltool" ,intltool)
        ("pkg-config" ,pkg-config)))
     (inputs
-     `(("polkit" ,polkit)))
+     `(("shadow" ,shadow)
+       ("polkit" ,polkit)))
     (home-page "http://www.freedesktop.org/wiki/Software/AccountsService/")
     (synopsis "D-Bus interface for user account query and manipulation")
     (description
@@ -1012,3 +1020,47 @@ desktop-file-install: installs a desktop file to the applications directory,
 update-desktop-database: updates the database containing a cache of MIME types
                          handled by desktop files.")
     (license license:gpl2+)))
+
+(define-public xdg-user-dirs
+  (package
+    (name "xdg-user-dirs")
+    (version "0.16")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://user-dirs.freedesktop.org/releases/"
+                                    name "-" version ".tar.gz"))
+              (sha256
+               (base32 "1rp3c94hxjlfsryvwajklynfnrcvxplhwnjqc7395l89i0nb83vp"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("gettext" ,gettext-minimal)
+       ("docbook-xsl" ,docbook-xsl)
+       ("docbook-xml" ,docbook-xml-4.3)
+       ("xsltproc" ,libxslt)))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'locate-catalog-files
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let ((xmldoc (string-append (assoc-ref inputs "docbook-xml")
+                                          "/xml/dtd/docbook"))
+                   (xsldoc (string-append (assoc-ref inputs "docbook-xsl")
+                                          "/xml/xsl/docbook-xsl-"
+                                          ,(package-version docbook-xsl))))
+               (for-each (lambda (file)
+                           (substitute* file
+                             (("http://.*/docbookx\\.dtd")
+                              (string-append xmldoc "/docbookx.dtd"))))
+                         (find-files "man" "\\.xml$"))
+               (substitute* "man/Makefile"
+                 (("http://.*/docbook\\.xsl")
+                  (string-append xsldoc "/manpages/docbook.xsl")))
+               #t))))))
+    (home-page "https://www.freedesktop.org/wiki/Software/xdg-user-dirs/")
+    (synopsis "Tool to help manage \"well known\" user directories")
+    (description "xdg-user-dirs is a tool to help manage \"well known\" user
+directories, such as the desktop folder or the music folder. It also handles
+localization (i.e. translation) of the file names.  Designed to be
+automatically run when a user logs in, xdg-user-dirs can also be run
+manually by a user.")
+    (license license:gpl2)))
diff --git a/gnu/packages/freeipmi.scm b/gnu/packages/freeipmi.scm
index 1ad7d6393a..6708092693 100644
--- a/gnu/packages/freeipmi.scm
+++ b/gnu/packages/freeipmi.scm
@@ -27,14 +27,14 @@
 (define-public freeipmi
   (package
     (name "freeipmi")
-    (version "1.5.6")
+    (version "1.5.7")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/freeipmi/freeipmi-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "0p3cl32wwxhyc5vkd9spmmckb78797snkmplgh0ybc7zap2bs6ib"))))
+               "1rdxs33klk6956rg8mn2dxwkk43y5yilvgvbcka8g6v4x0r98v5l"))))
     (build-system gnu-build-system)
     (inputs
      `(("libgcrypt" ,libgcrypt)))
diff --git a/gnu/packages/ftp.scm b/gnu/packages/ftp.scm
index 49e7214991..eb108491a4 100644
--- a/gnu/packages/ftp.scm
+++ b/gnu/packages/ftp.scm
@@ -46,7 +46,7 @@
 (define-public lftp
   (package
     (name "lftp")
-    (version "4.7.5")
+    (version "4.7.8")
     (source (origin
               (method url-fetch)
               ;; See https://lftp.tech/get.html for mirrors.
@@ -58,7 +58,7 @@
                                         "ftp/lftp/lftp-" version ".tar.xz")))
               (sha256
                (base32
-                "1n6h3y5jz1rxlx7ap46vykgm0q2rvzr7c5s5ry5l32z3lbmwbdak"))))
+                "19ijsmbb5589vg5ga355ys3075z6s2x2h0bdbga343hfqmnid2pi"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/game-development.scm b/gnu/packages/game-development.scm
index 67f6c55017..95f8697b42 100644
--- a/gnu/packages/game-development.scm
+++ b/gnu/packages/game-development.scm
@@ -7,8 +7,9 @@
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016, 2017 Kei Kebreau <kei@openmailbox.org>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2016 Julian Graham <joolean@gmail.com>
+;;; Copyright © 2016, 2017 Julian Graham <joolean@gmail.com>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -35,16 +36,21 @@
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system python)
   #:use-module (gnu packages)
+  #:use-module (gnu packages autotools)
   #:use-module (gnu packages boost)
   #:use-module (gnu packages curl)
   #:use-module (gnu packages databases)
   #:use-module (gnu packages documentation)
+  #:use-module (gnu packages fonts)
   #:use-module (gnu packages fontutils)
   #:use-module (gnu packages freedesktop)
   #:use-module (gnu packages fribidi)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnunet)
+  #:use-module (gnu packages graphics)
+  #:use-module (gnu packages graphviz)
   #:use-module (gnu packages guile)
+  #:use-module (gnu packages m4)
   #:use-module (gnu packages multiprecision)
   #:use-module (gnu packages music)
   #:use-module (gnu packages ncurses)
@@ -101,39 +107,17 @@ is used in some video games and movies.")
 (define-public deutex
   (package
    (name "deutex")
-   (version "4.4.902")
+   (version "5.0.0")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://github.com/Doom-Utils/" name
-                                "/archive/v" version ".tar.gz"))
-            (file-name (string-append name "-" version ".tar.gz"))
+                                "/releases/download/v" version "/"
+                                name "-" version ".tar.xz"))
             (sha256
              (base32
-              "0rwz1yzgd539x4h25kzhar4q02xyxjwfrcpz4m8ixi312a82p7cn"))))
+              "1jvffcpq64hk3jysz4q6zi9hqkksy151ci9553h8q7wrrkbw0i9z"))))
    (build-system gnu-build-system)
-   (arguments
-    '(#:tests? #f ; no check target
-      #:phases
-      (modify-phases %standard-phases
-        ;; The provided configure script takes a restricted number of arguments.
-        (replace 'configure
-                 (lambda* (#:key outputs #:allow-other-keys)
-                   (zero? (system* "./configure" "--prefix"
-                                   (assoc-ref %outputs "out")))))
-        ;; "make install" is broken for this package.
-        ;; Notably, the binaries overrwrite one another upon installation as
-        ;; they are all installed to the "bin" file in the output directory,
-        ;; and the manual page fails to install because the directory for the
-        ;; manual page is not created.
-        (replace 'install
-                 (lambda* (#:key outputs #:allow-other-keys)
-                   (let* ((out (assoc-ref %outputs "out"))
-                          (bin (string-append out "/bin"))
-                          (share (string-append out "/share")))
-                     (install-file "deusf" bin)
-                     (install-file "deutex" bin)
-                     (install-file "deutex.6" (string-append share "/man/man6")))
-                   #t)))))
+   (native-inputs `(("asciidoc" ,asciidoc)))
    (home-page "https://github.com/Doom-Utils/deutex")
    (synopsis "WAD file composer for Doom and related games")
    (description
@@ -209,26 +193,15 @@ necessary.
 (define-public gzochi
   (package
     (name "gzochi")
-    (version "0.10.1")
+    (version "0.11.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://savannah/gzochi/gzochi-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "166rawdal45kvanhvi0bkzy1d2pwf1p0lzslb287lcnm9vdw97yy"))))
+                "13j1m92zhxwkaaja3lg5x0h0b28mrrawdzk9d3hd19031akfxwb3"))))
     (build-system gnu-build-system)
-    (arguments
-     '(#:phases (modify-phases %standard-phases
-                  (add-before 'configure 'remove-Werror
-                              (lambda _
-                                ;; We can't build with '-Werror', notably
-                                ;; because deprecated functions of
-                                ;; libmicrohttpd are being used.
-                                (substitute* (find-files "." "^Makefile\\.in$")
-                                  (("-Werror")
-                                   ""))
-                                #t)))))
     (native-inputs `(("pkgconfig" ,pkg-config)))
     (inputs `(("bdb" ,bdb)
               ("glib" ,glib)
@@ -380,7 +353,7 @@ support.")
 (define-public tiled
   (package
     (name "tiled")
-    (version "1.0.1")
+    (version "1.0.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/bjorn/tiled/archive/v"
@@ -388,7 +361,7 @@ support.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1y75jmpcf2lv8s3g9v3ghnrwvs2fc4ni7nx74csaylg1g04cwlq7"))))
+                "134xi74xajh38rj1qhmc4x1zmncfdmqb01axnkxh6zs3qz0rxp93"))))
     (build-system gnu-build-system)
     (inputs
      `(("qtbase" ,qtbase)
@@ -926,3 +899,123 @@ suitable for pixel art, game graphics, and generally any detailed graphics
 painted with a mouse.")
     (home-page "http://pulkomandy.tk/projects/GrafX2")
     (license license:gpl2))) ; GPLv2 only
+
+(define-public ois
+  (package
+    (name "ois")
+    (version "1.3")
+    (source
+     (origin
+       ;; Development has moved to github and there are no recent tarball
+       ;; releases.
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/wgois/OIS.git")
+             (commit "bb75ccc1aabc1c547195579963601ff6080ca2f2")))
+       (file-name (string-append name "-" version))
+       (sha256
+        (base32
+         "0w0pamjc3vj0jr718hysrw8x076fq6n9rd6wcb36sn2jd0lqvi98"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'bootstrap
+           (lambda _ (zero? (system* "sh" "bootstrap")))))))
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("libtool" ,libtool)
+       ("m4" ,m4)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("libxaw" ,libxaw)))
+    (synopsis "Object Oriented Input System")
+    (description
+     "Cross Platform Object Oriented Input Lib System is a cross platform,
+simple solution for using all kinds of Input Devices (Keyboards, Mice,
+Joysticks, etc) and feedback devices (e.g. force feedback).  Meant to be very
+robust and compatible with many systems and operating systems.")
+    (home-page "https://github.com/wgois/OIS")
+    (license license:zlib)))
+
+(define-public mygui
+  (package
+    (name "mygui")
+    (version "3.2.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri
+        (string-append "https://github.com/MyGUI/" name
+                       "/archive/MyGUI" version ".tar.gz"))
+       (sha256
+        (base32
+         "13x7cydmj7gjmsg702sqjbfi53z265iv6j7binv3r6a7ibndfa0a"))))
+    (build-system cmake-build-system)
+    (arguments
+     '(#:tests? #f                      ; No test target
+       #:configure-flags
+       (list "-DMYGUI_INSTALL_DOCS=TRUE"
+             (string-append "-DOGRE_INCLUDE_DIR="
+                            (assoc-ref %build-inputs "ogre")
+                            "/include/OGRE"))))
+    (native-inputs
+     `(("boost" ,boost)
+       ("doxygen" ,doxygen)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("font-dejavu" ,font-dejavu)
+       ("freetype" ,freetype)
+       ("graphviz" ,graphviz)
+       ("libx11" ,libx11)
+       ("ogre" ,ogre)
+       ("ois" ,ois)))
+    (synopsis "Fast, flexible and simple GUI")
+    (description
+     "MyGUI is a library for creating Graphical User Interfaces (GUIs) for games
+and 3D applications.  The main goals of mygui are: speed, flexibility and ease
+of use.")
+    (home-page "http://mygui.info/")
+    (license license:expat)))
+
+(define-public openmw
+  (package
+    (name "openmw")
+    (version "0.42.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri
+        (string-append "https://github.com/OpenMW/openmw/archive/"
+                       name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1pla8016lpbg8cgm9kia318a860f26dmiayc72p3zl35mqrc7g7w"))))
+    (build-system cmake-build-system)
+    (arguments
+     `(#:tests? #f                      ; No test target
+       #:configure-flags
+       (list "-DDESIRED_QT_VERSION=5")))
+    (native-inputs
+     `(("boost" ,boost)
+       ("doxygen" ,doxygen)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("bullet" ,bullet)
+       ("ffmpeg" ,ffmpeg)
+       ("libxt" ,libxt)
+       ("mygui" ,mygui)
+       ("openal" ,openal)
+       ("openscenegraph" ,openscenegraph)
+       ("qtbase" ,qtbase)
+       ("sdl" ,sdl2)
+       ("unshield" ,unshield)))
+    (synopsis "Free software re-implementation of the RPG Morrowind engine")
+    (description
+     "OpenMW is a free, open source and modern engine which reimplements and
+extends the one that runs the 2002 open-world RPG Morrowind.  The engine comes
+with its own editor, called OpenMW-CS which allows the user to edit or create
+their own original games.")
+    (home-page "https://openmw.org")
+    (license license:gpl3)))
diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index 2bef92b93b..9e7b579907 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -17,7 +17,7 @@
 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
 ;;; Copyright © 2016, 2017 Rodger Fox <thylakoid@openmailbox.org>
 ;;; Copyright © 2016 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
-;;; Copyright © 2016, 2017 ng0 <ng0@no-reply.pragmatique.xyz>
+;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2016 Albin Söderqvist <albin@fripost.org>
 ;;; Copyright © 2016, 2017 Kei Kebreau <kei@openmailbox.org>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
@@ -83,6 +83,7 @@
   #:use-module (gnu packages guile)
   #:use-module (gnu packages imagemagick)
   #:use-module (gnu packages libcanberra)
+  #:use-module (gnu packages libedit)
   #:use-module (gnu packages libunwind)
   #:use-module (gnu packages haskell)
   #:use-module (gnu packages mp3)
@@ -99,6 +100,7 @@
   #:use-module (gnu packages xorg)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages databases)
+  #:use-module (gnu packages shells)
   #:use-module (gnu packages sdl)
   #:use-module (gnu packages swig)
   #:use-module (gnu packages texinfo)
@@ -242,10 +244,48 @@ giant insects to killer robots and things far stranger and deadlier, and against
 the others like yourself, that want what you have.")
     (license license:cc-by-sa3.0)))
 
+(define-public cowsay
+  (package
+    (name "cowsay")
+    (version "3.03")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://web.archive.org/web/20071026043648/"
+                                  "http://www.nog.net:80/~tony/warez/"
+                                  "cowsay-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1bxj802na2si2bk5zh7n0b7c33mg8a5n2wnvh0vihl9bmjkp51hb"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (delete 'install)
+         (replace 'build
+           (lambda* (#:key outputs #:allow-other-keys)
+             (zero? (system* "sh" "install.sh"
+                             (assoc-ref outputs "out")))))
+         (replace 'check
+           (lambda* (#:key outputs #:allow-other-keys)
+             (zero? (system* (string-append (assoc-ref outputs "out")
+                                            "/bin/cowsay")
+                             "We're done!")))))))
+    (inputs
+     `(("perl" ,perl)))
+    (home-page (string-append "https://web.archive.org/web/20071026043648/"
+                              "http://www.nog.net:80/~tony/warez/"))
+    (synopsis "Speaking cow text filter")
+    (description "Cowsay is basically a text filter.  Send some text into it,
+and you get a cow saying your text.  If you think a talking cow isn't enough,
+cows can think too.  All you have to do is run @code{cowthink}.")
+    ;; Any version of the GPL.
+    (license license:gpl3+)))
+
 (define-public freedoom
   (package
    (name "freedoom")
-   (version "0.11.2")
+   (version "0.11.3")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://github.com/" name "/" name
@@ -253,7 +293,7 @@ the others like yourself, that want what you have.")
             (file-name (string-append name "-" version ".tar.gz"))
             (sha256
              (base32
-              "0b9k61f97spivi75f76zwwg8a3bgc6iil2hidqfj8s50lhqggwbb"))))
+              "1bjijdfqhpazyifx1qda7scj7dry1azhjrnl8h8zn2vqfgdmlh0q"))))
    (build-system gnu-build-system)
    (arguments
     '(#:make-flags `(,(string-append "prefix=" (assoc-ref %outputs "out")))
@@ -261,7 +301,6 @@ the others like yourself, that want what you have.")
       #:tests? #f ; no check target
       #:phases
       (modify-phases %standard-phases
-        (add-before 'unpack 'no (lambda _ #t))
         (replace 'configure
                  (lambda* (#:key inputs outputs #:allow-other-keys)
                    (let* ((dejavu (assoc-ref inputs "font-dejavu"))
@@ -395,6 +434,47 @@ scriptable with Guile.")
 Chess).  It is similar to standard chess but this variant is far more complicated.")
     (license license:gpl3+)))
 
+(define-public ltris
+  (package
+    (name "ltris")
+    (version "1.0.19")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://prdownloads.sourceforge.net/lgames/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1895wv1fqklrj4apkz47rnkcfhfav7zjknskw6p0886j35vrwslg"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(;; The code in LTris uses traditional GNU semantics for inline functions
+       #:configure-flags '("CFLAGS=-fgnu89-inline")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'set-paths 'set-sdl-paths
+           (lambda* (#:key inputs #:allow-other-keys)
+             (setenv "CPATH"
+                     (string-append (assoc-ref inputs "sdl-union")
+                                    "/include/SDL"))
+             #t)))))
+    (inputs
+     `(("sdl-union" ,(sdl-union (list sdl sdl-mixer)))))
+    (home-page "http://lgames.sourceforge.net/LTris/")
+    (synopsis "Tetris clone based on the SDL library")
+    (description
+     "LTris is a tetris clone: differently shaped blocks are falling down the
+rectangular playing field and can be moved sideways or rotated by 90 degree
+units with the aim of building lines without gaps which then disappear (causing
+any block above the deleted line to fall down).  LTris has three game modes: In
+Classic you play until the stack of blocks reaches the top of the playing field
+and no new blocks can enter.  In Figures the playing field is reset to a new
+figure each level and later on tiles and lines suddenly appear.  In Multiplayer
+up to three players (either human or CPU) compete with each other sending
+removed lines to all opponents.  There is also a Demo mode in which you can
+watch your CPU playing while enjoying a cup of tea!")
+    (license license:gpl2+)))
+
 (define-public prboom-plus
   (package
    (name "prboom-plus")
@@ -725,7 +805,7 @@ asynchronously and at a user-defined speed.")
 (define-public chess
   (package
     (name "chess")
-    (version "6.2.4")
+    (version "6.2.5")
     (source
      (origin
        (method url-fetch)
@@ -733,7 +813,7 @@ asynchronously and at a user-defined speed.")
                            ".tar.gz"))
        (sha256
         (base32
-         "1vw2w3jwnmn44d5vsw47f8y70xvxcsz9m5msq9fgqlzjch15qhiw"))))
+         "00j8s0npgfdi41a0mr5w9qbdxagdk2v41lcr42rwl1jp6miyk6cs"))))
     (build-system gnu-build-system)
     (home-page "https://www.gnu.org/software/chess/")
     (synopsis "Full chess implementation")
@@ -1263,7 +1343,7 @@ either by Infocom or created using the Inform compiler.")
 (define-public retroarch
   (package
     (name "retroarch")
-    (version "1.6.1")
+    (version "1.6.7")
     (source
      (origin
        (method url-fetch)
@@ -1271,7 +1351,7 @@ either by Infocom or created using the Inform compiler.")
                            version ".tar.gz"))
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
-        (base32 "121h9j57gvjr155vvm4f7ybphfvqrdz2ib059kfi444xcxz19sl0"))))
+        (base32 "13vp5skf95a4fla3dwdk2v48dgnmrvimvp9fgpr1vppb7wfjhbr1"))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f                      ; no tests
@@ -1386,6 +1466,7 @@ This game is based on the GPL version of the famous game TuxRacer.")
        (sha256
         (base32
          "10l2ljmd7mv8f9ylarqmxxryicdnph2qkm3g5maxnsm2k2q0n20b"))
+       (patches (search-patches "supertuxkart-angelscript-ftbfs.patch"))
        (modules '((guix build utils)))
        (snippet
         ;; Delete bundled library sources
@@ -2789,7 +2870,7 @@ Red Eclipse provides fast paced and accessible gameplay.")
 (define-public higan
   (package
     (name "higan")
-    (version "103")
+    (version "104")
     (source
      (origin
        (method url-fetch)
@@ -2798,7 +2879,7 @@ Red Eclipse provides fast paced and accessible gameplay.")
              version))
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
-        (base32 "013r0lcm0qw8zwavz977mqk2clg80gngkjijr3n0q8snpc1727r7"))
+        (base32 "18by01ir2mvdi9hq571in1hk18gw2bd0ynq4avfs1qj0qra35fqb"))
        (patches (search-patches "higan-remove-march-native-flag.patch"))))
     (build-system gnu-build-system)
     (native-inputs
@@ -2881,6 +2962,64 @@ Super Game Boy, BS-X Satellaview, and Sufami Turbo.")
     ;; - higan/emulator/emulator.hpp
     (license license:gpl3)))
 
+(define-public mgba
+  (package
+    (name "mgba")
+    (version "0.6.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/mgba-emu/mgba/archive/"
+                                  version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "01zy2w5pihlkrmbm51icgyff6iqyqa5ha6qrm4aj8ibzznz03kyq"))
+              (modules '((guix build utils)))
+              (snippet
+               ;; Make sure we don't use the bundled software.
+               '(for-each
+                 (lambda (subdir)
+                   (let ((lib-subdir (string-append "src/third-party/" subdir)))
+                     (delete-file-recursively lib-subdir)))
+                 '("libpng" "lzma" "sqlite3" "zlib")))))
+    (build-system cmake-build-system)
+    (arguments
+     `(#:tests? #f                      ;no "test" target
+       #:configure-flags
+       (list "-DUSE_LZMA=OFF"           ;do not use bundled LZMA
+             "-DUSE_LIBZIP=OFF"         ;use "zlib" instead
+             ;; Validate RUNPATH phase fails ("error: depends on
+             ;; 'libmgba.so.0.6', which cannot be found in RUNPATH") without
+             ;; the following S-exp.
+             (string-append "-DCMAKE_INSTALL_LIBDIR="
+                            (assoc-ref %outputs "out")
+                            "/lib"))))
+    (native-inputs `(("pkg-config" ,pkg-config)))
+    (inputs `(("ffmpeg" ,ffmpeg)
+              ("imagemagick" ,imagemagick)
+              ("libedit" ,libedit)
+              ("libepoxy" ,libepoxy)
+              ("libpng" ,libpng)
+              ("mesa" ,mesa)
+              ("minizip" ,minizip)
+              ("ncurses" ,ncurses)
+              ("qtbase" ,qtbase)
+              ("qtmultimedia" ,qtmultimedia)
+              ("qttools" ,qttools)
+              ("sdl2" ,sdl2)
+              ("sqlite" ,sqlite)
+              ("zlib" ,zlib)))
+    (home-page "https://mgba.io")
+    (synopsis "Game Boy Advance emulator")
+    (description
+     "mGBA is an emulator for running Game Boy Advance games.  It aims to be
+faster and more accurate than many existing Game Boy Advance emulators, as
+well as adding features that other emulators lack.  It also supports Game Boy
+and Game Boy Color games.")
+    ;; Code is mainly MPL 2.0. "blip_buf.c" is LGPL 2.1+ and "inih.c" is
+    ;; BSD-3.
+    (license (list license:mpl2.0 license:lgpl2.1+ license:bsd-3))))
+
 (define-public grue-hunter
   (package
     (name "grue-hunter")
@@ -3493,7 +3632,7 @@ throwing people around in pseudo-randomly generated buildings.")
 (define-public hyperrogue
   (package
     (name "hyperrogue")
-    (version "9.4n")
+    (version "10.0e")
     ;; When updating this package, be sure to update the "hyperrogue-data"
     ;; origin in native-inputs.
     (source (origin
@@ -3504,7 +3643,7 @@ throwing people around in pseudo-randomly generated buildings.")
                     "-src.tgz"))
               (sha256
                (base32
-                "1kf9i9gqadnb0m143c860dcvdn91vp6vnfzma4bcgfgwmcn9sx0r"))))
+                "1p6fam73khhys54098qsgmp52d0rnqc3k5hknjig0znvfb2kwi38"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; no check target
@@ -3526,7 +3665,7 @@ throwing people around in pseudo-randomly generated buildings.")
                                  "/share/fonts/truetype"))
                     (dejavu-font "DejaVuSans-Bold.ttf")
                     (music-file "hyperrogue-music.txt"))
-               (substitute* "graph.cpp"
+               (substitute* "basegraph.cpp"
                  ((dejavu-font)
                   (string-append dejavu-dir "/" dejavu-font)))
                (substitute* "sound.cpp"
@@ -3579,7 +3718,7 @@ throwing people around in pseudo-randomly generated buildings.")
              "-win.zip"))
            (sha256
             (base32
-             "1vrk0k0ch3azpa72y7acmmpifvks6c0466fvmz804hici93pglvi"))))
+             "1z9w3nd57ybnf4w7ckhhp5vfws2hwd8x26fx6h496f6160fgcj6m"))))
        ("unzip" ,unzip)))
     (inputs
      `(("font-dejavu" ,font-dejavu)
@@ -4346,7 +4485,7 @@ fight against their plot and save his fellow rabbits from slavery.")
 (define-public 0ad-data
   (package
     (name "0ad-data")
-    (version "0.0.21-alpha")
+    (version "0.0.22-alpha")
     (source
      (origin
        (method url-fetch)
@@ -4355,7 +4494,7 @@ fight against their plot and save his fellow rabbits from slavery.")
        (file-name (string-append name "-" version ".tar.xz"))
        (sha256
         (base32
-         "15xadyrpvq27lm9p1ny7bcmmv56m16h3xadbkdx69gfkzxc3razk"))
+         "0vknk9ay9h2p34r7mym2g066f3s3c5d5vmap0ckcs5b86h5cscjc"))
        (modules '((guix build utils)))
        (snippet
         #~(begin
@@ -4400,7 +4539,7 @@ fight against their plot and save his fellow rabbits from slavery.")
 (define-public 0ad
   (package
     (name "0ad")
-    (version "0.0.21-alpha")
+    (version "0.0.22-alpha")
     (source
      (origin
        (method url-fetch)
@@ -4409,7 +4548,7 @@ fight against their plot and save his fellow rabbits from slavery.")
        (file-name (string-append name "-" version ".tar.xz"))
        (sha256
         (base32
-         "1kw3hqnr737ipx4f03khz3hvsh3ha7r8iy9njppk2faa53j27gln"))
+         "1cgmr4g5g9wv36v7ylbrvqhsjwgcsdgbqwc8zlqmnayk9zgkdpgx"))
        ;; A snippet here would cause a build failure because of timestamps
        ;; reset.  See https://bugs.gnu.org/26734.
        ))
@@ -4526,8 +4665,8 @@ at their peak of economic growth and military prowess.
 
 ;; There have been no official releases.
 (define-public open-adventure
-  (let* ((commit "2483a23690d205f01ecb66165cf4522b541cd991")
-         (revision "1"))
+  (let* ((commit "d43854f0f6bb8e9eea7fbce80348150e7e7fc34d")
+         (revision "2"))
     (package
       (name "open-adventure")
       (version (string-append "2.5-" revision "." (string-take commit 7)))
@@ -4539,14 +4678,23 @@ at their peak of economic growth and military prowess.
                 (file-name (string-append name "-" version "-checkout"))
                 (sha256
                  (base32
-                  "1gkvkwbq5cl3llfc7nl41van8awn4myx782pg33bxpbx5l9scwb4"))))
+                  "08bwrvf4axb1rsfd6ia1fddsky9pc1p350vjskhaakg2czc6dsk0"))))
       (build-system gnu-build-system)
       (arguments
        `(#:make-flags (list "CC=gcc")
          #:parallel-build? #f ; not supported
          #:phases
          (modify-phases %standard-phases
-           (delete 'configure)
+           (replace 'configure
+             (lambda* (#:key inputs outputs #:allow-other-keys)
+               ;; At this point linenoise is meant to be included,
+               ;; so we have to really copy it into the working directory
+               ;; of s.
+               (let* ((linenoise (assoc-ref inputs "linenoise"))
+                      (noisepath (string-append linenoise "/include/linenoise"))
+                      (out (assoc-ref outputs "out")))
+                 (copy-recursively noisepath "linenoise"))
+               #t))
            (add-before 'build 'use-echo
              (lambda _
                (substitute* "tests/Makefile"
@@ -4556,9 +4704,9 @@ at their peak of economic growth and military prowess.
              (lambda _
                ;; This target is missing a dependency
                (substitute* "Makefile"
-                 ((".asc.6:" line)
-                  (string-append line " advent.txt")))
-               (zero? (system* "make" ".asc.6"))))
+                 ((".adoc.6:" line)
+                  (string-append line " advent.adoc")))
+               (zero? (system* "make" ".adoc.6"))))
            ;; There is no install target
            (replace 'install
              (lambda* (#:key outputs #:allow-other-keys)
@@ -4569,7 +4717,10 @@ at their peak of economic growth and military prowess.
                  (install-file "advent.6" man))
                #t)))))
       (native-inputs
-       `(("asciidoc" ,asciidoc)))
+       `(("asciidoc" ,asciidoc)
+         ("linenoise" ,linenoise)
+         ("python" ,python)
+         ("python-pyyaml" ,python-pyyaml)))
       (home-page "https://gitlab.com/esr/open-adventure")
       (synopsis "Colossal Cave Adventure")
       (description "The original Colossal Cave Adventure from 1976 was the
@@ -4578,3 +4729,121 @@ computer-hosted roleplaying games.  This is the last version released by
 Crowther & Woods, its original authors, in 1995.  It has been known as
 \"adventure 2.5\" and \"430-point adventure\".")
       (license license:bsd-2))))
+
+(define-public tome4
+  (package
+    (name "tome4")
+    (version "1.5.5")
+    (synopsis "Single-player, RPG roguelike game set in the world of Eyal")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://te4.org/dl/t-engine/t-engine4-src-"
+                           version ".tar.bz2"))
+       (sha256
+        (base32
+         "0v2qgdfpvdzd1bcbp9v8pfahj1bgczsq2d4xfhh5wg11jgjcwz03"))
+       (modules '((guix build utils)))
+       (snippet
+        '(substitute* '("src/music.h" "src/tSDL.h")
+           (("#elif defined(__FreeBSD__)" line)
+            (string-append
+             line " || defined(__GNUC__)"))))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("unzip" ,unzip)))
+    (inputs
+     `(("sdl-union" ,(sdl-union (list sdl2 sdl2-image sdl2-mixer sdl2-ttf)))
+       ("glu" ,glu)
+       ("premake4" ,premake4)
+       ("openal" ,openal)
+       ("vorbis" ,libvorbis)
+       ("luajit" ,luajit)))
+    (arguments
+     `(#:make-flags '("CC=gcc" "config=release")
+       #:phases (modify-phases %standard-phases
+                  (replace 'configure
+                    (lambda _
+                      (zero? (system* "premake4" "gmake"))
+                      #t))
+                  (add-after 'set-paths 'set-sdl-paths
+                    (lambda* (#:key inputs #:allow-other-keys)
+                      (setenv "CPATH"
+                              (string-append (assoc-ref inputs "sdl-union")
+                                             "/include/SDL2"))
+                      #t))
+                  (delete 'check)
+                  ;; premake doesn't provide install target
+                  (replace 'install
+                    (lambda* (#:key inputs outputs #:allow-other-keys)
+                      (let* ((out (assoc-ref outputs "out"))
+                             (usr (string-append out "/usr"))
+                             (bin (string-append out "/bin"))
+                             (licenses (string-append out "/share/licenses"))
+                             (documents (string-append out "/share/doc"))
+                             (pixmaps (string-append out "/share/pixmaps"))
+                             (icon "te4-icon.png")
+                             (data (string-append out "/share/" ,name))
+                             (applications (string-append
+                                            out "/share/applications"))
+                             (unzip (string-append
+                                     (assoc-ref inputs "unzip") "/bin/unzip"))
+                             (wrapper (string-append bin "/" ,name)))
+                        ;; icon
+                        (mkdir-p pixmaps)
+                        (system* unzip "-j"
+                                 (string-append
+                                  "game/engines/te4-" ,version ".teae")
+                                 (string-append
+                                  "data/gfx/" icon) "-d" pixmaps)
+                        ;; game executable
+                        (install-file "t-engine" data)
+                        (mkdir-p bin)
+                        (with-output-to-file wrapper
+                          (lambda ()
+                            (display
+                             (string-append
+                              "#!/bin/sh\n"
+                              ;; No bootstrap code found,
+                              ;; defaulting to working directory
+                              ;; for engine code!
+                              "cd " data "\n"
+                              "exec -a tome4 ./t-engine \"$@\"\n"))))
+                        (chmod wrapper #o555)
+                        ;; licenses
+                        (for-each (lambda (file)
+                                    (install-file file licenses))
+                                  '("COPYING" "COPYING-MEDIA"))
+                        ;; documents
+                        (for-each (lambda (file)
+                                    (install-file file documents))
+                                  '("CONTRIBUTING" "CREDITS"))
+                        ;; data
+                        (copy-recursively "bootstrap" (string-append
+                                                       data "/bootstrap"))
+                        (copy-recursively "game" (string-append data "/game"))
+                        ;; launcher
+                        (mkdir-p applications)
+                        (with-output-to-file (string-append applications "/"
+                                                            ,name ".desktop")
+                          (lambda ()
+                            (display
+                             (string-append
+                              "[Desktop Entry]
+Name=ToME4
+Comment=" ,synopsis "\n"
+"Exec=" ,name "\n"
+"Icon=" icon "\n"
+"Terminal=false
+Type=Application
+Categories=Game;RolePlaying;\n")))))
+                      #t)))))
+    (home-page "https://te4.org")
+    (description "Tales of Maj’Eyal (ToME) RPG, featuring tactical turn-based
+combat and advanced character building.  Play as one of many unique races and
+classes in the lore-filled world of Eyal, exploring random dungeons, facing
+challenging battles, and developing characters with your own tailored mix of
+abilities and powers.  With a modern graphical and customisable interface,
+intuitive mouse control, streamlined mechanics and deep, challenging combat,
+Tales of Maj’Eyal offers engaging roguelike gameplay for the 21st century.")
+    (license license:gpl3+)))
diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index f0e8dae3e8..da4d66ce36 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -213,7 +213,7 @@ where the OS part is overloaded to denote a specific ABI---into GCC
                 ;; Fix the dynamic linker's file name.
                 (substitute* (find-files "gcc/config"
                                          "^(linux|gnu|sysv4)(64|-elf|-eabi)?\\.h$")
-                  (("#define (GLIBC|GNU_USER)_DYNAMIC_LINKER([^ ]*).*$"
+                  (("#define (GLIBC|GNU_USER)_DYNAMIC_LINKER([^ \t]*).*$"
                     _ gnu-user suffix)
                    (format #f "#define ~a_DYNAMIC_LINKER~a \"~a\"~%"
                            gnu-user suffix
@@ -340,6 +340,7 @@ where the OS part is overloaded to denote a specific ABI---into GCC
 for several languages, including C, C++, Objective-C, Fortran, Java, Ada, and
 Go.  It also includes runtime support libraries for these languages.")
       (license gpl3+)
+      (supported-systems (delete "aarch64-linux" %supported-systems))
       (home-page "https://gcc.gnu.org/"))))
 
 (define-public gcc-4.8
@@ -352,7 +353,8 @@ Go.  It also includes runtime support libraries for these languages.")
               (sha256
                (base32
                 "08yggr18v373a1ihj0rg2vd6psnic42b518xcgp3r9k81xz1xyr2"))
-              (patches (search-patches "gcc-arm-link-spec-fix.patch"))))))
+              (patches (search-patches "gcc-arm-link-spec-fix.patch"))))
+    (supported-systems %supported-systems)))
 
 (define-public gcc-4.9
   (package (inherit gcc-4.7)
@@ -366,7 +368,8 @@ Go.  It also includes runtime support libraries for these languages.")
                 "14l06m7nvcvb0igkbip58x59w3nq6315k6jcz3wr9ch1rn9d44bc"))
               (patches (search-patches "gcc-arm-bug-71399.patch"
                                        "gcc-libvtv-runpath.patch"))))
-    (native-inputs `(("texinfo" ,texinfo)))))
+    (native-inputs `(("texinfo" ,texinfo)))
+    (supported-systems %supported-systems)))
 
 (define-public gcc-5
   ;; Note: GCC >= 5 ships with .info files but 'make install' fails to install
@@ -382,6 +385,7 @@ Go.  It also includes runtime support libraries for these languages.")
                 "0fihlcy5hnksdxk0sn6bvgnyq8gfrgs8m794b1jxwd1dxinzg3b0"))
               (patches (search-patches "gcc-arm-bug-71399.patch"
                                        "gcc-strmov-store-file-names.patch"
+                                       "gcc-asan-powerpc-missing-include.patch"
                                        "gcc-5.0-libvtv-runpath.patch"
                                        "gcc-5-source-date-epoch-1.patch"
                                        "gcc-5-source-date-epoch-2.patch"))))))
@@ -402,14 +406,14 @@ Go.  It also includes runtime support libraries for these languages.")
 (define-public gcc-7
   (package
     (inherit gcc-6)
-    (version "7.1.0")
+    (version "7.2.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnu/gcc/gcc-"
-                                  version "/gcc-" version ".tar.bz2"))
+                                  version "/gcc-" version ".tar.xz"))
               (sha256
                (base32
-                "05xwps0ci7wgxh50askpa2r9p8518qxdgh6ad7pnyk7n6p13d0ca"))
+                "16j7i0888j2f1yp9l0nhji6cq65dy6y4nwy8868a8njbzzwavxqw"))
               (patches (search-patches "gcc-strmov-store-file-names.patch"
                                        "gcc-5.0-libvtv-runpath.patch"))))))
 
diff --git a/gnu/packages/gd.scm b/gnu/packages/gd.scm
index aac0f9664c..b4e6ce435b 100644
--- a/gnu/packages/gd.scm
+++ b/gnu/packages/gd.scm
@@ -154,6 +154,11 @@ you can create PNG images on the fly or modify existing files.")
         (base32
          "1kaxs67rfd4w46lxgcg3pa05a596l0h1k8n4zk2gwrrar4022wpx"))))
     (build-system perl-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'set-env
+           (lambda _ (setenv "PERL_USE_UNSAFE_INC" "1"))))))
     (native-inputs
      `(("perl-module-build" ,perl-module-build)))
     (propagated-inputs
diff --git a/gnu/packages/gettext.scm b/gnu/packages/gettext.scm
index 0484b8089e..76c01b1e09 100644
--- a/gnu/packages/gettext.scm
+++ b/gnu/packages/gettext.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -45,7 +46,13 @@
                                  version ".tar.gz"))
              (sha256
               (base32
-               "0hsw28f9q9xaggjlsdp2qmbp2rbd1mp0njzan2ld9kiqwkq2m57z"))))
+               "0hsw28f9q9xaggjlsdp2qmbp2rbd1mp0njzan2ld9kiqwkq2m57z"))
+             ;; test-lock has performance issues on multi-core machines,
+             ;; it hangs or takes a long time to complete.
+             ;; There is one commit in gettext and one commit
+             ;; in gettext's embedded gnulib to fix this issue.
+             (patches (search-patches "gettext-multi-core.patch"
+                                      "gettext-gnulib-multi-core.patch"))))
     (build-system gnu-build-system)
     (outputs '("out"
                "doc"))                            ;8 MiB of HTML
@@ -137,6 +144,13 @@ translated messages from the catalogs.  Nearly all GNU packages use Gettext.")
     (arguments
      `(#:phases
        (modify-phases %standard-phases
+         (add-before 'configure 'set-search-path
+           (lambda _
+             ;; Work around "dotless @INC" build failure.
+             (setenv "PERL5LIB"
+                     (string-append (getcwd) ":"
+                                    (getenv "PERL5LIB")))
+             #t))
          ;; FIXME: One test fails as we don't have SGMLS.pm
          (add-before 'check 'disable-sgml-test
           (lambda _
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index dc5dbcc856..d5d5aa2dff 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -2,9 +2,10 @@
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2013, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -129,85 +130,129 @@ printing, and psresize, for adjusting page sizes.")
 
 (define-public ghostscript
   (package
-   (name "ghostscript")
-   (replacement ghostscript/fixed)
-   (version "9.14.0")
-   ;; XXX Try removing the bundled copy of jbig2dec.
-   (source (origin
-            (method url-fetch)
-            (uri (string-append "mirror://gnu/ghostscript/gnu-ghostscript-"
-                                version ".tar.xz"))
-            (sha256
-             (base32
-              "0q4jj41p0qbr4mgcc9q78f5zs8cm1g57wgryhsm2yq4lfslm3ib1"))
-            (patches (search-patches "ghostscript-CVE-2013-5653.patch"
-                                     "ghostscript-CVE-2015-3228.patch"
-                                     "ghostscript-CVE-2016-7976.patch"
-                                     "ghostscript-CVE-2016-7978.patch"
-                                     "ghostscript-CVE-2016-7979.patch"
-                                     "ghostscript-CVE-2016-8602.patch"
-                                     "ghostscript-runpath.patch"))
-            (modules '((guix build utils)))
-            (snippet
-             ;; Honor --docdir.
-             '(substitute* "Makefile.in"
-                (("^docdir=.*$") "docdir = @docdir@\n")
-                (("^exdir=.*$") "exdir = $(docdir)/examples\n")))))
-   (build-system gnu-build-system)
-   (outputs '("out" "doc"))                  ;16 MiB of HTML/PS doc + examples
-   (inputs `(("freetype" ,freetype)
-             ("lcms" ,lcms)
-             ("libjpeg-8" ,libjpeg-8)
-             ("libpng" ,libpng)
-             ("libpaper" ,libpaper)
-             ("libtiff" ,libtiff)
-             ("zlib" ,zlib)))
-   (native-inputs
-      `(("perl" ,perl)
-        ("pkg-config" ,pkg-config) ; needed to find libtiff
-        ("python" ,python-wrapper)
-        ("tcl" ,tcl)))
-   (arguments
-    `(#:disallowed-references ("doc")
-      #:phases
-      (modify-phases %standard-phases
-        (add-after 'configure 'patch-config-files
-                   (lambda _
-                     (substitute* "base/all-arch.mak"
-                       (("/bin/sh") (which "sh")))
-                     (substitute* "base/unixhead.mak"
-                       (("/bin/sh") (which "sh")))))
-        (add-after 'configure 'remove-doc-reference
-                   (lambda _
-                     ;; Don't retain a reference to the 'doc' output in 'gs'.
-                     ;; The only use of this definition is in the output of
-                     ;; 'gs --help', so this change is fine.
-                     (substitute* "base/gscdef.c"
-                       (("GS_DOCDIR")
-                        "\"~/.guix-profile/share/doc/ghostscript\""))))
-        (replace 'build
+    (name "ghostscript")
+    (version "9.21")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://github.com/ArtifexSoftware/"
+                            "ghostpdl-downloads/releases/download/gs"
+                            (string-delete #\. version)
+                            "/ghostscript-" version ".tar.xz"))
+        (sha256
+         (base32
+          "0lyhjcrkmd5fcmh8h56bs4xr9k4jasmikv5vsix1hd4ai0ad1q9b"))
+        (patches (search-patches "ghostscript-runpath.patch"
+                                 "ghostscript-CVE-2017-8291.patch"
+                                 "ghostscript-no-header-creationdate.patch"
+                                 "ghostscript-no-header-id.patch"
+                                 "ghostscript-no-header-uuid.patch"))
+        (modules '((guix build utils)))
+        (snippet
+          ;; Remove bundled libraries. The bundled OpenJPEG is a patched fork so
+          ;; we leave it, at least for now.
+          ;; TODO Try unbundling ijs, which is developed alongside Ghostscript.
+         '(begin
+            (for-each delete-file-recursively '("freetype" "jbig2dec" "jpeg"
+                                                "lcms2" "libpng"
+                                                "tiff" "zlib"))))))
+    (build-system gnu-build-system)
+    (outputs '("out" "doc"))                  ;19 MiB of HTML/PS doc + examples
+    (arguments
+     `(#:disallowed-references ("doc")
+       #:configure-flags
+       (list "--with-system-libtiff"
+             "LIBS=-lz"
+             (string-append "ZLIBDIR="
+                            (assoc-ref %build-inputs "zlib") "/include")
+             "--enable-dynamic"
+
+             ,@(if (%current-target-system)
+                   '(;; Specify the native compiler, which is used to build 'echogs'
+                     ;; and other intermediary tools when cross-compiling; see
+                     ;; <https://ghostscript.com/FAQ.html>.
+                     "CCAUX=gcc"
+
+                     ;; Save 'config.log' etc. of the native build under
+                     ;; auxtmp/, useful for debugging.
+                     "--enable-save_confaux")
+                   '()))
+       #:phases
+       (modify-phases %standard-phases
+        (add-after 'unpack 'fix-doc-dir
           (lambda _
-            ;; Build 'libgs.so', but don't build the statically-linked 'gs'
-            ;; binary (saves 18 MiB).
-            (zero? (system* "make" "so" "-j"
-                            (number->string (parallel-job-count))))))
-        (replace 'install
+            ;; Honor --docdir.
+            (substitute* "Makefile.in"
+              (("^docdir=.*$") "docdir = @docdir@\n")
+              (("^exdir=.*$") "exdir = $(docdir)/examples\n"))
+            #t))
+        (add-after 'configure 'remove-doc-reference
           (lambda _
-            (zero? (system* "make" "soinstall"))))
-        (add-after 'install 'create-gs-symlink
-          (lambda* (#:key outputs #:allow-other-keys)
-            (let ((out (assoc-ref outputs "out")))
-              ;; some programs depend on having a 'gs' binary available
-              (symlink "gsc" (string-append out "/bin/gs"))))))))
-   (synopsis "PostScript and PDF interpreter")
-   (description
-    "Ghostscript is an interpreter for the PostScript language and the PDF
+            ;; Don't retain a reference to the 'doc' output in 'gs'.
+            ;; The only use of this definition is in the output of
+            ;; 'gs --help', so this change is fine.
+            (substitute* "base/gscdef.c"
+              (("GS_DOCDIR")
+               "\"~/.guix-profile/share/doc/ghostscript\""))
+            #t))
+         (add-after 'configure 'patch-config-files
+           (lambda _
+             (substitute* "base/unixhead.mak"
+               (("/bin/sh") (which "sh")))
+             #t))
+         ,@(if (%current-target-system)
+               `((add-after 'configure 'add-native-lz
+                   (lambda _
+                     ;; Add missing '-lz' for native tools such as 'mkromfs'.
+                     (substitute* "Makefile"
+                       (("^AUXEXTRALIBS=(.*)$" _ value)
+                        (string-append "AUXEXTRALIBS = -lz " value "\n")))
+                     #t)))
+               '())
+         (replace 'build
+           (lambda _
+             ;; Build 'libgs.so', but don't build the statically-linked 'gs'
+             ;; binary (saves 22 MiB).
+             (zero? (system* "make" "so" "-j"
+                             (number->string (parallel-job-count))))))
+         (replace 'install
+           (lambda _
+             (zero? (system* "make" "soinstall"))))
+         (add-after 'install 'create-gs-symlink
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               ;; Some programs depend on having a 'gs' binary available.
+               (symlink "gsc" (string-append out "/bin/gs"))
+               #t))))))
+    (native-inputs
+     `(("perl" ,perl)
+       ("python" ,python-wrapper)
+       ("tcl" ,tcl)
+
+       ;; When cross-compiling, some of the natively-built tools require all
+       ;; these libraries.
+       ,@(if (%current-target-system)
+             `(("zlib/native" ,zlib)
+               ("libjpeg/native" ,libjpeg)
+               ("lcms2/native" ,lcms))
+             '())))
+    (inputs
+     `(("freetype" ,freetype)
+       ("jbig2dec" ,jbig2dec)
+       ("lcms2" ,lcms)
+       ("libjpeg" ,libjpeg)
+       ("libpaper" ,libpaper)
+       ("libpng" ,libpng)
+       ("libtiff" ,libtiff)
+       ("zlib" ,zlib)))
+    (synopsis "PostScript and PDF interpreter")
+    (description
+     "Ghostscript is an interpreter for the PostScript language and the PDF
 file format.  It also includes a C library that implements the graphics
 capabilities of the PostScript language.  It supports a wide variety of
 output file formats and printers.")
-   (license license:agpl3+)
-   (home-page "https://www.gnu.org/software/ghostscript/")
-   (properties '((upstream-name . "gnu-ghostscript")))))
+    (home-page "https://www.ghostscript.com/")
+    (license license:agpl3+)))
 
 (define-public ghostscript/x
   (package/inherit ghostscript
@@ -216,27 +261,11 @@ output file formats and printers.")
               ("libxt" ,libxt)
               ,@(package-inputs ghostscript)))))
 
-(define ghostscript/fixed
-  (package
-    (inherit ghostscript)
-    (source
-      (origin
-        (inherit (package-source ghostscript))
-        (patches
-          (append
-            (origin-patches (package-source ghostscript))
-            (search-patches "ghostscript-CVE-2017-8291.patch")))))))
-
 (define-public ijs
   (package
    (name "ijs")
-   (version "9.14.0")
-   (source (origin
-            (method url-fetch)
-            (uri (string-append "mirror://gnu/ghostscript/gnu-ghostscript-"
-                                version ".tar.xz"))
-            (sha256 (base32
-                     "0q4jj41p0qbr4mgcc9q78f5zs8cm1g57wgryhsm2yq4lfslm3ib1"))))
+   (version (package-version ghostscript))
+   (source (package-source ghostscript))
    (build-system gnu-build-system)
    (native-inputs
     `(("libtool"    ,libtool)
@@ -244,31 +273,29 @@ output file formats and printers.")
       ("autoconf"   ,autoconf)))
    (arguments
     `(#:phases
-      (alist-cons-after
-       'unpack 'autogen
-       (lambda _
-         ;; need to regenerate macros
-         (system* "autoreconf" "-if")
-         ;; do not run configure
-         (substitute* "autogen.sh"
-           (("^.*\\$srcdir/configure.*") ""))
-         (system* "bash" "autogen.sh")
-
-         ;; create configure script in ./ijs/
-         (chdir "ijs")
-         ;; do not run configure
-         (substitute* "autogen.sh"
-           (("^.*\\$srcdir/configure.*") "")
-           (("^ + && echo Now type.*$")  ""))
-         (zero? (system* "bash" "autogen.sh")))
-       %standard-phases)))
+      (modify-phases %standard-phases
+        (add-after 'unpack 'autogen
+          (lambda _
+            ;; need to regenerate macros
+            (system* "autoreconf" "-if")
+            ;; do not run configure
+            (substitute* "autogen.sh"
+              (("^.*\\$srcdir/configure.*") ""))
+            (system* "bash" "autogen.sh")
+            ;; create configure script in ./ijs/
+            (chdir "ijs")
+            ;; do not run configure
+            (substitute* "autogen.sh"
+              (("^.*\\$srcdir/configure.*") "")
+              (("^ + && echo Now type.*$")  ""))
+            (zero? (system* "bash" "autogen.sh")))))))
    (synopsis "IJS driver framework for inkjet and other raster devices")
    (description
     "IJS is a protocol for transmission of raster page images.  This package
 provides the reference implementation of the raster printer driver
 architecture.")
    (license license:expat)
-   (home-page "https://www.gnu.org/software/ghostscript/")))
+   (home-page (package-home-page ghostscript))))
 
 (define-public gs-fonts
   (package
@@ -286,6 +313,10 @@ architecture.")
    (build-system gnu-build-system)
    (arguments
     `(#:tests? #f ; nothing to check, just files to copy
+
+      #:modules ((guix build gnu-build-system)
+                 (guix build utils)
+                 (srfi srfi-1))
       #:phases
       (modify-phases %standard-phases
         (delete 'configure)
@@ -309,13 +340,13 @@ Ghostscript.  It currently includes the 35 standard PostScript fonts.")
 (define-public libspectre
   (package
    (name "libspectre")
-   (version "0.2.7")
+   (version "0.2.8")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://libspectre.freedesktop.org/releases/libspectre-"
                                 version ".tar.gz"))
             (sha256 (base32
-                     "1v63lqc6bhhxwkpa43qmz8phqs8ci4dhzizyy16d3vkb20m846z8"))))
+                     "1a67iglsc3r05mzngyg9kb1gy8whq4fgsnyjwi7bqfw2i7rnl9b5"))))
    (build-system gnu-build-system)
    (inputs `(("ghostscript" ,ghostscript)))
    (native-inputs `(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/gimp.scm b/gnu/packages/gimp.scm
index 362e2047fa..13d2a68dba 100644
--- a/gnu/packages/gimp.scm
+++ b/gnu/packages/gimp.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014, 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -43,7 +43,7 @@
 (define-public babl
   (package
     (name "babl")
-    (version "0.1.18")
+    (version "0.1.28")
     (source (origin
               (method url-fetch)
               (uri (list (string-append "https://download.gimp.org/pub/babl/"
@@ -54,7 +54,7 @@
                                         version ".tar.bz2")))
               (sha256
                (base32
-                "1ygvnq22pf0zvf3bj7h67vvbpz7b8hhjvrr79ribws7sr5dljfj8"))))
+                "00w6xfcv960c98qvxv81gcbj8l1jiab9sggmdl77m19awwiyvwv3"))))
     (build-system gnu-build-system)
     (home-page "http://gegl.org/babl/")
     (synopsis "Image pixel format conversion library")
@@ -83,26 +83,27 @@ provided as well as the framework to add new color models and data types.")
               (patches (search-patches "gegl-CVE-2012-4433.patch"))))
     (build-system gnu-build-system)
     (arguments
-     `(;; More than just the one test disabled below now fails; disable them
+     '(;; More than just the one test disabled below now fails; disable them
        ;; all according to the rationale given below.
        #:tests? #f
+       #:configure-flags '("LDFLAGS=-lm")
        #:phases
-       (alist-cons-before
-        'build 'pre-build
-        (lambda _
-          ;; This test program seems to crash on exit. Specifically, whilst
-          ;; g_object_unreffing bufferA and bufferB - This seems to be a bug
-          ;; in the destructor.  This is just a test program so will not have
-          ;; any wider effect, although might be hiding another problem.
-          ;; According to advice received on irc.gimp.org#gegl although 0.2.0
-          ;; is the latest released version, any bug reports against it will
-          ;; be ignored.  So we are on our own.
-          (substitute* "tools/img_cmp.c"
-            (("g_object_unref \\(buffer.\\);") ""))
+       (modify-phases %standard-phases
+         (add-before 'build 'pre-build
+           (lambda _
+             ;; This test program seems to crash on exit. Specifically, whilst
+             ;; g_object_unreffing bufferA and bufferB - This seems to be a bug
+             ;; in the destructor.  This is just a test program so will not have
+             ;; any wider effect, although might be hiding another problem.
+             ;; According to advice received on irc.gimp.org#gegl although 0.2.0
+             ;; is the latest released version, any bug reports against it will
+             ;; be ignored.  So we are on our own.
+             (substitute* "tools/img_cmp.c"
+               (("g_object_unref \\(buffer.\\);") ""))
 
-          (substitute* "tests/compositions/Makefile"
-            (("/bin/sh") (which "sh"))))
-        %standard-phases)))
+             (substitute* "tests/compositions/Makefile"
+               (("/bin/sh") (which "sh")))
+             #t)))))
     (inputs
      `(("babl" ,babl)
        ("glib" ,glib)
diff --git a/gnu/packages/gl.scm b/gnu/packages/gl.scm
index 08f6187f8a..d017e375c9 100644
--- a/gnu/packages/gl.scm
+++ b/gnu/packages/gl.scm
@@ -30,6 +30,7 @@
   #:use-module (gnu packages bison)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages documentation)
+  #:use-module (gnu packages elf)
   #:use-module (gnu packages flex)
   #:use-module (gnu packages fontutils)
   #:use-module (gnu packages freedesktop)
@@ -216,7 +217,7 @@ also known as DXTn or DXTC) for Mesa.")
 (define-public mesa
   (package
     (name "mesa")
-    (version "17.0.6")
+    (version "17.1.4")
     (source
       (origin
         (method url-fetch)
@@ -226,10 +227,9 @@ also known as DXTn or DXTC) for Mesa.")
                                   version "/mesa-" version ".tar.xz")))
         (sha256
          (base32
-          "17d60jjzg4ddm95gk2cqx0xz6b9anmmz6ax4majwr3gis2yg7v49"))
+          "1bcwxin7nmbnv92xav381b6qxscsx1zzc71ryfvj03cglbkb1wq6"))
         (patches
-         (search-patches "mesa-fix-32bit-test-failures.patch"
-                         "mesa-wayland-egl-symbols-check-mips.patch"
+         (search-patches "mesa-wayland-egl-symbols-check-mips.patch"
                          "mesa-skip-disk-cache-test.patch"))))
     (build-system gnu-build-system)
     (propagated-inputs
@@ -246,6 +246,7 @@ also known as DXTn or DXTC) for Mesa.")
       `(("expat" ,expat)
         ("dri2proto" ,dri2proto)
         ("dri3proto" ,dri3proto)
+        ("libelf" ,libelf)    ;required for r600 when using llvm
         ("libva" ,(force libva-without-mesa))
         ("libxml2" ,libxml2)
         ;; TODO: Add 'libxml2-python' for OpenGL ES 1.1 and 2.0 support
@@ -261,7 +262,8 @@ also known as DXTn or DXTC) for Mesa.")
         ("wayland" ,wayland)))
     (native-inputs
       `(("pkg-config" ,pkg-config)
-        ("python" ,python-2)))
+        ("python" ,python-2)
+        ("which" ,(@ (gnu packages base) which))))
     (arguments
      `(#:configure-flags
        '(,@(match (%current-system)
@@ -293,7 +295,7 @@ also known as DXTn or DXTC) for Mesa.")
          ,@(match (%current-system)
              ((or "x86_64-linux" "i686-linux")
               '("--with-dri-drivers=i915,i965,nouveau,r200,radeon,swrast"
-                "--enable-gallium-llvm")) ; default is x86/x86_64 only
+                "--enable-llvm"))         ; default is x86/x86_64 only
              (_
               '("--with-dri-drivers=nouveau,r200,radeon,swrast"))))
        #:phases
diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm
index fcd1daf5e8..c5c48731fe 100644
--- a/gnu/packages/glib.scm
+++ b/gnu/packages/glib.scm
@@ -283,7 +283,7 @@ shared NFS home directories.")
     "GLib provides data structure handling for C, portability wrappers,
 and interfaces for such runtime functionality as an event loop, threads,
 dynamic loading, and an object system.")
-   (home-page "http://developer.gnome.org/glib/")
+   (home-page "https://developer.gnome.org/glib/")
    (license license:lgpl2.0+)))                        ; some files are under lgpl2.1+
 
 (define gobject-introspection
@@ -347,6 +347,7 @@ bindings to call into the C library.")
              (uri (string-append "https://launchpad.net/intltool/trunk/"
                                  version "/+download/intltool-"
                                  version ".tar.gz"))
+             (patches (search-patches "intltool-perl-compatibility.patch"))
              (sha256
               (base32
                "1karx4sb7bnm2j67q0q74hspkfn6lqprpy5r99vkn5bb36a4viv7"))))
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 3125fa03ca..4d12ab4d59 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2014, 2015 Federico Beffa <beffa@fbengineering.ch>
 ;;; Copyright © 2015, 2016 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2015 Mathieu Lirzin <mthl@openmailbox.org>
-;;; Copyright © 2015 Andy Wingo <wingo@igalia.com>
+;;; Copyright © 2015, 2017 Andy Wingo <wingo@igalia.com>
 ;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com>
 ;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
@@ -59,8 +59,10 @@
   #:use-module (gnu packages avahi)
   #:use-module (gnu packages base)
   #:use-module (gnu packages bison)
+  #:use-module (gnu packages build-tools)
   #:use-module (gnu packages calendar)
   #:use-module (gnu packages check)
+  #:use-module (gnu packages cmake)
   #:use-module (gnu packages cups)
   #:use-module (gnu packages curl)
   #:use-module (gnu packages cyrus-sasl)
@@ -98,6 +100,7 @@
   #:use-module (gnu packages imagemagick)
   #:use-module (gnu packages music)
   #:use-module (gnu packages networking)
+  #:use-module (gnu packages ninja)
   #:use-module (gnu packages password-utils)
   #:use-module (gnu packages pcre)
   #:use-module (gnu packages perl)
@@ -108,6 +111,7 @@
   #:use-module (gnu packages rdesktop)
   #:use-module (gnu packages scanner)
   #:use-module (gnu packages selinux)
+  #:use-module (gnu packages slang)
   #:use-module (gnu packages ssh)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages gl)
@@ -132,14 +136,14 @@
   #:use-module (gnu packages samba)
   #:use-module (gnu packages readline)
   #:use-module (gnu packages fonts)
-  #:use-module (gnu packages qemu)
   #:use-module (gnu packages speech)
+  #:use-module (gnu packages virtualization)
   #:use-module (srfi srfi-1))
 
 (define-public brasero
   (package
     (name "brasero")
-    (version "3.12.1")
+    (version "3.12.2")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnome/sources/" name "/"
@@ -147,7 +151,7 @@
                                  name "-" version ".tar.xz"))
              (sha256
               (base32
-               "09vi2hyhl0bz7imv3ky6h7x5m3d546n968wcghydwrkvwm9ylpls"))))
+               "0h90y674j26rvjahb8cc0w79zx477rb6zaqcj26wzvq8kmpic8k8"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(#:configure-flags (list
@@ -163,7 +167,7 @@
            (lambda* (#:key inputs #:allow-other-keys)
              (substitute* "plugins/growisofs/burn-growisofs.c"
                (("\"growisofs") (string-append "\"" (which "growisofs"))))
-             #t )))))
+             #t)))))
     (propagated-inputs
      `(("hicolor-icon-theme" ,hicolor-icon-theme)))
     (native-inputs
@@ -193,6 +197,83 @@ Desktop.  It is designed to be as simple as possible and has some unique
 features to enable users to create their discs easily and quickly.")
     (license license:gpl2+)))
 
+(define-public deja-dup
+  (package
+    (name "deja-dup")
+    (version "34.3")
+    (source (origin
+             (method url-fetch)
+             (uri "https://launchpadlibrarian.net/295170991/deja-dup-34.3.tar.xz")
+             (sha256
+              (base32
+               "1xqcr61hpbahbla7gdjn4ngjfz7w6f57y7f5pkb77yk05f60j2n9"))
+             (patches
+               (search-patches "deja-dup-use-ref-keyword-for-iter.patch"))))
+    (build-system glib-or-gtk-build-system)
+    (arguments
+     `(#:modules ((guix build gnu-build-system)
+                  ((guix build cmake-build-system) #:prefix cmake:)
+                  (guix build glib-or-gtk-build-system)
+                  (guix build utils))
+       #:imported-modules (,@%glib-or-gtk-build-system-modules
+                           (guix build cmake-build-system))
+       #:test-target "test"
+       #:configure-flags (list (string-append
+                                "-DCMAKE_INSTALL_FULL_DATADIR=" %output)
+                               (string-append
+                                "-DCMAKE_INSTALL_LIBEXECDIR=" %output))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-lockfile-deletion
+           (lambda rest
+             (substitute* "libdeja/tools/duplicity/DuplicityInstance.vala"
+               (("/bin/rm")
+                (which "rm")))))
+         (replace 'configure
+           (assoc-ref cmake:%standard-phases 'configure))
+         (delete 'check) ;; Fails due to issues with DBus
+         (add-after 'install 'wrap-deja-dup
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((python      (assoc-ref inputs "python"))
+                   (python-path (getenv "PYTHONPATH"))
+                   (duplicity   (assoc-ref inputs "duplicity"))
+                   (out         (assoc-ref outputs "out")))
+               (for-each
+                (lambda (program)
+                  (wrap-program program
+                    `("PATH" ":" prefix (,(string-append python "/bin")
+                                         ,(string-append duplicity "/bin"))))
+                  (wrap-program program
+                    `("PYTHONPATH" ":" prefix (,python-path))))
+
+                (find-files (string-append out "/bin")))
+               #t))))))
+    (inputs
+     `(("gsettings-desktop-schemas" ,gsettings-desktop-schemas)
+       ("gobject-introspection" ,gobject-introspection)
+       ("duplicity" ,duplicity)
+       ("python" ,python2-minimal)
+       ("python-pygobject" ,python2-pygobject)
+       ("gtk+" ,gtk+)
+       ("libnotify" ,libnotify)
+       ("libpeas" ,libpeas)
+       ("libsecret" ,libsecret)
+       ("packagekit" ,packagekit)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("vala" ,vala)
+       ("gettext" ,gettext-minimal)
+       ("itstool" ,itstool)
+       ("intltool" ,intltool)
+       ("cmake", cmake)))
+    (home-page "https://launchpad.net/deja-dup")
+    (synopsis "Simple backup tool, for regular encrypted backups")
+    (description
+     "Déjà Dup is a simple backup tool, for regular encrypted backups.  It
+uses duplicity as the backend, which supports incremental backups and storage
+either on a local, or remote machine via a number of methods.")
+    (license license:gpl3+)))
+
 (define-public dia
   ;; This version from GNOME's repository includes fixes for compiling with
   ;; recent versions of the build tools.  The latest activity on the
@@ -266,6 +347,13 @@ formats like PNG, SVG, PDF and EPS.")
              ;; The ca-certificates.crt is not available in the build
              ;; environment.
              (setenv "SSL_CERT_FILE" "/dev/null")
+             #t))
+         (add-before 'check 'disable-failing-tests
+           (lambda _
+             ;; The PicasaWeb API tests fail with gnome-online-accounts@3.24.2.
+             ;; They have been removed in libgdata 0.17.6, so just do the same.
+             (substitute* "gdata/tests/Makefile"
+               (("picasaweb\\$\\(EXEEXT\\) ") ""))
              #t)))))
     (native-inputs
      `(("glib:bin" ,glib "bin")
@@ -499,7 +587,7 @@ and keep up to date translations of documentation.")
      `(("p11-kit" ,p11-kit)
        ("glib" ,glib)
        ("gtk+" ,gtk+)))
-    (home-page "http://www.gnome.org")
+    (home-page "https://www.gnome.org")
     (synopsis "Libraries for displaying certificates and accessing key stores")
     (description
      "The GCR package contains libraries used for displaying certificates and
@@ -530,7 +618,7 @@ GNOME Desktop.")
     (propagated-inputs
      ;; Referred to in .h files and .pc.
      `(("glib" ,glib)))
-    (home-page "http://www.gnome.org")
+    (home-page "https://www.gnome.org")
     (synopsis "Accessing passwords from the GNOME keyring")
     (description
      "Client library to access passwords from the GNOME keyring.")
@@ -541,7 +629,7 @@ GNOME Desktop.")
 (define-public gnome-keyring
   (package
     (name "gnome-keyring")
-    (version "3.20.0")
+    (version "3.20.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnome/sources/" name "/"
@@ -549,7 +637,7 @@ GNOME Desktop.")
                                  name "-" version ".tar.xz"))
              (sha256
               (base32
-               "16gcwwcg91ipxjmiyi4c4njvnxixmv1i278p0bilc3lafk6ww5xw"))))
+               "134ci3mn6jjap59z3lrvyiip7zf2nlw5xvanr44yajs57xr4x5lp"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ;48 of 603 tests fail because /var/lib/dbus/machine-id does
@@ -594,7 +682,7 @@ GNOME Desktop.")
        ("libxslt" ,libxslt) ;for documentation
        ("docbook-xml" ,docbook-xml-4.2)
        ("docbook-xsl" ,docbook-xsl)))
-    (home-page "http://www.gnome.org")
+    (home-page "https://www.gnome.org")
     (synopsis "Daemon to store passwords and encryption keys")
     (description
      "gnome-keyring is a program that keeps passwords and other secrets for
@@ -609,16 +697,15 @@ forgotten when the session ends.")
 (define-public evince
   (package
     (name "evince")
-    (version "3.24.0")
+    (version "3.24.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnome/sources/" name "/"
                                  (version-major+minor version) "/"
                                  name "-" version ".tar.xz"))
-             (patches (search-patches "evince-CVE-2017-1000083.patch"))
              (sha256
               (base32
-               "13yw0i68dgqp9alyliy3zifszh7rikkpi1xbz5binvxxgfpraf04"))))
+               "0dqgzwxl0xfr341r5i8j8hn6j6rhv62lmc6xbzjppcq76hhwb84w"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(#:configure-flags '("--disable-nautilus")
@@ -666,7 +753,7 @@ forgotten when the session ends.")
        ("pkg-config" ,pkg-config)
        ("xmllint" ,libxml2)))
     (home-page
-     "http://www.gnome.org/projects/evince/")
+     "https://www.gnome.org/projects/evince/")
     (synopsis "GNOME's document viewer")
     (description
      "Evince is a document viewer for multiple document formats.  It
@@ -765,7 +852,7 @@ GNOME and KDE desktops to the icon names proposed in the specification.")
      `(("icon-naming-utils" ,icon-naming-utils)
        ("intltool" ,intltool)
        ("pkg-config" ,pkg-config)))
-    (home-page "http://art.gnome.org/")
+    (home-page "https://art.gnome.org/")
     (synopsis
      "GNOME icon theme")
     (description
@@ -1064,7 +1151,7 @@ XML/CSS rendering engine.")
      `(("gdk-pixbuf" ,gdk-pixbuf)
        ("glib" ,glib)
        ("libxml2" ,libxml2)))
-    (home-page "http://www.gnome.org/projects/libgsf")
+    (home-page "https://www.gnome.org/projects/libgsf")
     (synopsis "GNOME's Structured File Library")
     (description
      "Libgsf aims to provide an efficient extensible I/O abstraction for
@@ -1076,7 +1163,7 @@ dealing with different structured file formats.")
 (define-public librsvg
   (package
     (name "librsvg")
-    (version "2.40.16")
+    (version "2.40.17")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -1084,7 +1171,7 @@ dealing with different structured file formats.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0bpz6gsq8xi1pb5k9ax6vinph460v14znch3y5yz167s0dmwz2yl"))))
+                "1k39gyf7f5m9x0jvpcxvfcqswdb04xhm1lbwbjabn1f4xk5wbxp6"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -1288,7 +1375,18 @@ is intended for user preferences; not arbitrary data storage.")
     (native-inputs
      `(("perl" ,perl)
        ("intltool" ,intltool)))
-    (home-page "http://www.gnome.org")
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (add-after 'configure 'use-our-intltool
+                    (lambda _
+                      ;; Do not use the bundled intltool commands, which lack
+                      ;; the "dotless @INC" fixes of our 'intltool' package.
+                      (substitute* (find-files "." "^Makefile$")
+                        (("^INTLTOOL_(EXTRACT|UPDATE|MERGE) = .*$" _ tool)
+                         (string-append "INTLTOOL_" tool " = intltool-"
+                                        (string-downcase tool) "\n")))
+                      #t)))))
+    (home-page "https://www.gnome.org")
     (synopsis "Base MIME and Application database for GNOME")
     (description  "GNOME Mime Data is a module which contains the base MIME
 and Application database for GNOME.  The data stored by this module is
@@ -1678,14 +1776,14 @@ Hints specification (EWMH).")
 (define-public goffice
   (package
     (name "goffice")
-    (version "0.10.34")
+    (version "0.10.35")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
                                   (version-major+minor version)  "/"
                                   name "-" version ".tar.xz"))
               (sha256
-               (base32 "00yn5ly1x50ynrwgl783pwnjy4k2ckp8n54mfnqv6qsq5fi7ajjm"))))
+               (base32 "0f2p3p7idfpbms4mi75031014mqsv09s21b6w1359p09raph3461"))))
     (build-system gnu-build-system)
     (outputs '("out"
                "doc"))                            ;4.1 MiB of gtk-doc
@@ -1743,7 +1841,7 @@ Hints specification (EWMH).")
 (define-public gnumeric
   (package
     (name "gnumeric")
-    (version "1.12.34")
+    (version "1.12.35")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -1751,7 +1849,7 @@ Hints specification (EWMH).")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "09f7h4lvwzyl0amd3axapwbsrnrvvpwxyhs540jlrv425n0j0j8b"))))
+                "02kcq2af16m9mlzgkbdzswhw0nl6zf01dmvsfq3shy1mab7f7cbp"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(;; The gnumeric developers don't worry much about failing tests.
@@ -1906,7 +2004,7 @@ passwords in the GNOME keyring.")
        ("gobject-introspection" ,gobject-introspection))) ; for gir tests
     (propagated-inputs
      `(("glib" ,glib))) ; required by libvala-0.26.pc
-    (home-page "http://live.gnome.org/Vala/")
+    (home-page "https://live.gnome.org/Vala/")
     (synopsis "Compiler for the GObject type system")
     (description
      "Vala is a programming language that aims to bring modern programming
@@ -1940,7 +2038,7 @@ libraries written in C.")
      `(("gtk+" ,gtk+)                             ;required by vte-2.91.pc
        ("gnutls" ,gnutls)                         ;ditto
        ("pcre2" ,pcre2)))                         ;ditto
-    (home-page "http://www.gnome.org/")
+    (home-page "https://www.gnome.org/")
     (synopsis "Virtual Terminal Emulator")
     (description
      "VTE is a library (libvte) implementing a terminal emulator widget for
@@ -2038,6 +2136,9 @@ selection and URL hints.")))
               (uri (string-append "mirror://gnome/sources/" name "/"
                                   (version-major+minor version) "/"
                                   name "-" version ".tar.xz"))
+              (patches ; We have to revert 2 commits to build against freerdp 1.1.
+               (search-patches "vinagre-revert-1.patch"
+                               "vinagre-revert-2.patch"))
               (sha256
                (base32
                 "10jya3jyrm18nbw3v410gbkc7677bqamax44pzgd3j15randn76d"))))
@@ -2210,7 +2311,7 @@ indicators etc).")
      `(("python" ,python-2)
        ("python2-pygtk" ,python2-pygtk)
        ("librsvg" ,librsvg)))
-    (home-page "http://www.gnome.org")
+    (home-page "https://www.gnome.org")
     (synopsis "Python bindings to librsvg")
     (description
      "This packages provides Python bindings to librsvg, the SVG rendering
@@ -2261,7 +2362,7 @@ library.")
        ("gnutls" ,gnutls)
        ("gsettings-desktop-schemas" ,gsettings-desktop-schemas)
        ("p11-kit" ,p11-kit)))
-    (home-page "http://www.gnome.org")
+    (home-page "https://www.gnome.org")
     (synopsis "Network-related GIO modules")
     (description
      "This package contains various network related extensions for the GIO
@@ -2305,7 +2406,7 @@ libxml to ease remote use of the RESTful API.")
 (define-public libsoup
   (package
     (name "libsoup")
-    (version "2.58.1")
+    (version "2.58.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/libsoup/"
@@ -2313,11 +2414,15 @@ libxml to ease remote use of the RESTful API.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1fggmshk2mfsyfvml6paki65xj9rv1s5p7ds41xmnx6yazsnkik2"))))
+                "0wkvs4kql1iam4cqy17wsi12b1pzhwr2127pyaxs7y0v3g5008s4"))))
     (build-system gnu-build-system)
     (outputs '("out" "doc"))
     (arguments
-     `(#:configure-flags
+     `(#:modules ((guix build utils)
+                  (guix build gnu-build-system)
+                  (ice-9 popen))
+
+       #:configure-flags
        (list (string-append "--with-html-dir="
                             (assoc-ref %outputs "doc")
                             "/share/gtk-doc/html")
@@ -2327,34 +2432,77 @@ libxml to ease remote use of the RESTful API.")
        #:phases
        (modify-phases %standard-phases
          (add-before 'configure 'disable-unconnected-socket-test
-                     ;; This test fails due to missing /etc/nsswitch.conf
-                     ;; in the build environment.
-                     (lambda _
-                       (substitute* "tests/socket-test.c"
-                         ((".*/sockets/unconnected.*") ""))
-                       #t))
+           ;; This test fails due to missing /etc/nsswitch.conf
+           ;; in the build environment.
+           (lambda _
+             (substitute* "tests/socket-test.c"
+               ((".*/sockets/unconnected.*") ""))
+             #t))
          (add-before 'check 'pre-check
-                     (lambda _
-                       ;; The 'check-local' target runs 'env LANG=C sort -u',
-                       ;; unset 'LC_ALL' to make 'LANG' working.
-                       (unsetenv "LC_ALL")
-                       ;; The ca-certificates.crt is not available in the build
-                       ;; environment.
-                       (setenv "SSL_CERT_FILE" "/dev/null")
-                       ;; HTTPD in Guix uses mod_event and does not build prefork.
-                       (substitute* "tests/httpd.conf"
-                         (("^LoadModule mpm_prefork_module.*$") "\n"))
-                       #t))
+           (lambda _
+             ;; The 'check-local' target runs 'env LANG=C sort -u',
+             ;; unset 'LC_ALL' to make 'LANG' working.
+             (unsetenv "LC_ALL")
+             ;; The ca-certificates.crt is not available in the build
+             ;; environment.
+             (setenv "SSL_CERT_FILE" "/dev/null")
+             ;; HTTPD in Guix uses mod_event and does not build prefork.
+             (substitute* "tests/httpd.conf"
+               (("^LoadModule mpm_prefork_module.*$") "\n"))
+
+             ;; Generate a self-signed certificate that has "localhost" as its
+             ;; 'dnsName'.  Failing to do that, and starting with GnuTLS
+             ;; 3.5.12, tests such as "ssl-tests" fail:
+             ;;
+             ;; ERROR:ssl-test.c:406:do_tls_interaction_test: Unexpected status 6 Unacceptable TLS certificate (expected 200 OK)
+             ;;
+             ;; 'certtool' is interactive so we have to pipe it the answers.
+             ;; Reported at <https://bugzilla.gnome.org/show_bug.cgi?id=784696>.
+             (let ((pipe (open-output-pipe "certtool --generate-self-signed \
+ --load-privkey tests/test-key.pem --outfile tests/test-cert.pem")))
+               (for-each (lambda (line)
+                           (display line pipe)
+                           (newline pipe))
+                         '(""               ;Common name
+                           ""               ;UID
+                           "Guix"           ;Organizational unit name
+                           "GNU"            ;Organization name
+                           ""               ;Locality name
+                           ""               ;State or province
+                           ""               ;Country
+                           ""               ;subject's domain component (DC)
+                           ""               ;E-mail
+                           ""               ;serial number
+                           "-1"             ;expiration time
+                           "N"              ;belong to authority?
+                           "N"              ;web client certificate?
+                           "N"              ;IPsec IKE?
+                           "Y"              ;web server certificate?
+                           "localhost"      ;dnsName of subject
+                           ""               ;dnsName of subject (end)
+                           ""               ;URI of subject
+                           "127.0.0.1"      ;IP address of subject
+                           ""               ;signing?
+                           ""               ;encryption?
+                           ""               ;sign OCSP requests?
+                           ""               ;sign code?
+                           ""               ;time stamping?
+                           ""               ;email protection?
+                           ""               ;URI of the CRL distribution point
+                           "y"              ;above info OK?
+                           ))
+               (close-pipe pipe))
+             #t))
          (replace 'install
-                  (lambda _
-                    (zero?
-                     (system* "make"
-                              ;; Install vala bindings into $out.
-                              (string-append "vapidir=" %output
-                                             "/share/vala/vapi")
-                              "install")))))))
-    (native-inputs
-     `(("glib:bin" ,glib "bin") ; for glib-mkenums
+           (lambda _
+             (zero?
+              (system* "make"
+                       ;; Install vala bindings into $out.
+                       (string-append "vapidir=" %output
+                                      "/share/vala/vapi")
+                       "install")))))))
+    (native-inputs
+     `(("glib:bin" ,glib "bin")                   ; for glib-mkenums
        ("gobject-introspection" ,gobject-introspection)
        ("intltool" ,intltool)
        ("pkg-config" ,pkg-config)
@@ -2363,6 +2511,7 @@ libxml to ease remote use of the RESTful API.")
        ;; These are needed for the tests.
        ;; FIXME: Add PHP once available.
        ("curl" ,curl)
+       ("gnutls" ,gnutls)                         ;for 'certtool'
        ("httpd" ,httpd)))
     (propagated-inputs
      ;; libsoup-2.4.pc refers to all these.
@@ -2883,7 +3032,7 @@ services for numerous locations.")
        ("librsvg" ,librsvg)
        ("xf86-input-wacom" ,xf86-input-wacom)
        ("network-manager" ,network-manager)))
-    (home-page "http://www.gnome.org")
+    (home-page "https://www.gnome.org")
     (synopsis "GNOME settings daemon")
     (description
      "This package contains the daemon responsible for setting the various
@@ -2895,7 +3044,7 @@ settings, themes, mouse settings, and startup of other daemons.")
 (define-public totem-pl-parser
  (package
    (name "totem-pl-parser")
-   (version "3.10.7")
+   (version "3.10.8")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/totem-pl-parser/"
@@ -2903,7 +3052,7 @@ settings, themes, mouse settings, and startup of other daemons.")
                                 "totem-pl-parser-" version ".tar.xz"))
             (sha256
              (base32
-              "17089sqyh6w6zr8ci865ihmvqshnslcsk9fbsl4s7yii66y8b0lw"))))
+              "0ayxg0gfs5h5jhr811ja5hxlhryklzp6jlal2ach9wym2c3hmigz"))))
    (build-system gnu-build-system)
    (arguments
     ;; FIXME: Tests require gvfs.
@@ -3206,7 +3355,7 @@ GL based interactive canvas library.")
        ("cairo" ,cairo)
        ("gtk+3" ,gtk+)
        ("glib" ,glib)))
-    (home-page "http://projects.gnome.org/libchamplain/")
+    (home-page "https://projects.gnome.org/libchamplain/")
     (synopsis "C library providing a ClutterActor to display maps")
     (description
      "libchamplain is a C library providing a ClutterActor to display maps.
@@ -3247,10 +3396,10 @@ write applications that need to store structured data as well as make complex
 queries upon that data.")
     (license license:lgpl2.1+)))
 
-(define-public libgames-support
+(define-public libgnome-games-support
   (package
-    (name "libgames-support")
-    (version "1.0.2")
+    (name "libgnome-games-support")
+    (version "1.2.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3258,14 +3407,14 @@ queries upon that data.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0rms2ksiv7j9944km7r87q22nh05si1fisn5xm3z4zy5vpcfi5mh"))))
+                "04qbgcgmc01sinhbqdljiny8q868l01nkdawj8wrnqnd1i8czvsg"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
        (modify-phases %standard-phases
          (add-before 'check 'pre-check
            (lambda _
-             ;; tests require a writable HOME.
+             ;; Tests require a writable HOME.
              (setenv "HOME" (getcwd))
              #t)))))
     (native-inputs
@@ -3273,30 +3422,16 @@ queries upon that data.")
        ("pkg-config" ,pkg-config)
        ("vala" ,vala)))
     (propagated-inputs
-     ;; Required by libgames-support-1.0.pc
+     ;; Required by libgnome-games-support-1.0.pc
      `(("gtk+" ,gtk+)
        ("libgee" ,libgee)))
     (home-page "https://www.gnome.org/")
     (synopsis "Useful functionality shared among GNOME games")
     (description
-     "libgames-support is a small library intended for internal use by
+     "libgnome-games-support is a small library intended for internal use by
 GNOME Games, but it may be used by others.")
     (license license:lgpl3+)))
 
-(define-public libgnome-games-support
-  (package
-    (inherit libgames-support)
-    (name "libgnome-games-support")
-    (version "1.2.1")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "mirror://gnome/sources/" name "/"
-                                  (version-major+minor version) "/"
-                                  name "-" version ".tar.xz"))
-              (sha256
-               (base32
-                "1rsyf5hbjim7zpk1yar3gv65g1nmw6zbbc0smrmxsfk0f9n3j9m6"))))))
-
 (define-public gnome-klotski
   (package
     (name "gnome-klotski")
@@ -3375,7 +3510,7 @@ as possible!")
             (variable "GRL_PLUGIN_PATH")
             (files (list (string-append "lib/grilo-"
                                         (version-major+minor version)))))))
-    (home-page "http://live.gnome.org/Grilo")
+    (home-page "https://live.gnome.org/Grilo")
     (synopsis "Framework for discovering and browsing media")
     (description
      "Grilo is a framework focused on making media discovery and browsing easy
@@ -3428,7 +3563,7 @@ for application developers.")
        ;; with: "assertion failed: (source)".  Outside of the build container,
        ;; most tests succeed.
        #:tests? #f))
-    (home-page "http://live.gnome.org/Grilo")
+    (home-page "https://live.gnome.org/Grilo")
     (synopsis "Plugins for the Grilo media discovery library")
     (description
      "Grilo is a framework focused on making media discovery and browsing easy
@@ -3493,7 +3628,15 @@ for application developers.")
        ("nettle" ,nettle)
        ("vala" ,vala)))
     (arguments
-     `(#:phases
+     `(;; Disable automatic GStreamer plugin installation via PackageKit and
+       ;; all that.
+       #:configure-flags '("--disable-easy-codec-installation"
+
+                           ;; Do not build .a files for the plugins, it's
+                           ;; completely useless.  This saves 2 MiB.
+                           "--disable-static")
+
+       #:phases
        (modify-phases %standard-phases
          (add-after
           'install 'wrap-totem
@@ -3878,10 +4021,71 @@ the same backend as XSANE uses. This means that all existing scanners will
 work and the interface is well tested.")
     (license license:gpl3+)))
 
+(define-public eolie
+  (package
+    (name "eolie")
+    (version "0.9.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/gnumdk/eolie/"
+                                  "releases/download/"
+                                  (version-major+minor version)
+                                  "/eolie-" version ".tar.xz"))
+              (sha256
+               (base32
+                "1lb3rd2as12vq24fcf9nmlhggf8vka3kli2i92i8iylwi7nq5n2a"))))
+    (build-system glib-or-gtk-build-system)
+    (arguments
+     `(#:modules ((guix build glib-or-gtk-build-system)
+                  (guix build utils)
+                  (ice-9 match))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'wrap 'wrap-more
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((out  (assoc-ref outputs "out"))
+                    ;; These libraries must be on LD_LIBRARY_PATH.
+                    (libs '("gtkspell3" "webkitgtk" "libsoup" "libsecret"
+                            "atk" "gtk+" "gsettings-desktop-schemas"
+                            "gobject-introspection"))
+                    (path (string-join
+                           (map (lambda (lib)
+                                  (string-append (assoc-ref inputs lib) "/lib"))
+                                libs)
+                           ":")))
+               (wrap-program (string-append out "/bin/eolie")
+                 `("LD_LIBRARY_PATH" ":" prefix (,path))
+                 `("PYTHONPATH" ":" prefix (,(getenv "PYTHONPATH")))
+                 `("GI_TYPELIB_PATH" = (,(getenv "GI_TYPELIB_PATH")))))
+             #t)))))
+    (native-inputs
+     `(("intltool" ,intltool)
+       ("itstool" ,itstool)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("gobject-introspection" ,gobject-introspection)
+       ("glib-networking" ,glib-networking)
+       ("cairo" ,cairo)
+       ("gtk+" ,gtk+)
+       ("atk" ,atk)    ; propagated by gtk+, but we need it in LD_LIBRARY_PATH
+       ("python" ,python-wrapper)
+       ("python-pygobject" ,python-pygobject)
+       ("python-pycairo" ,python-pycairo)
+       ("libsecret" ,libsecret)
+       ("gtkspell3" ,gtkspell3)
+       ("gsettings-desktop-schemas" ,gsettings-desktop-schemas)
+       ("webkitgtk" ,webkitgtk)))
+    (home-page "https://github.com/gnumdk/eolie/")
+    (synopsis "Web browser for GNOME")
+    (description
+     "Eolie is a new web browser for GNOME.  It features Firefox sync support,
+a secret password store, an adblocker, and a modern UI.")
+    (license license:gpl3+)))
+
 (define-public epiphany
   (package
     (name "epiphany")
-    (version "3.24.2")
+    (version "3.24.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3889,7 +4093,7 @@ work and the interface is well tested.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "13f5h7mbxdyjf93jp46hiaxsrngpr6frgf69d8iza7arc060vg2s"))))
+                "0m51cclpnb7lxk8w526rriyb2bi3aj17fbcvikhkg7qd65v1dxgy"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      ;; FIXME: tests run under Xvfb, but fail with:
@@ -4144,7 +4348,7 @@ metadata in photo and video files of various formats.")
 (define-public shotwell
   (package
     (name "shotwell")
-    (version "0.26.1")
+    (version "0.26.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4152,7 +4356,7 @@ metadata in photo and video files of various formats.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0xak1f69lp1yx3p8jgmr9c0z3jypi8zjpy3kiknn5n9g2f5cqq0a"))))
+                "1r8fd63r7c5n99hwrkzv9jlrk84z4sa15q3h70pydzfjnfqf90zv"))))
     (build-system glib-or-gtk-build-system)
     (propagated-inputs
      `(("dconf" ,dconf)))
@@ -4312,7 +4516,7 @@ configuration program to choose applications starting on login.")
 (define-public gjs
   (package
     (name "gjs")
-    (version "1.48.3")
+    (version "1.48.6")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4320,7 +4524,7 @@ configuration program to choose applications starting on login.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0cqgv460wfhwkw6j1h46v6bg29bycg6dfl7c5rv0lfcqmmw7v6v6"))))
+                "04nkig077r7xq55dxg9v46w8i7p8zkkdyja92yv81grq9fx6apz8"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -4358,7 +4562,7 @@ configuration program to choose applications starting on login.")
      `(("gtk+" ,gtk+)
        ("readline" ,readline)))
     (synopsis "Javascript bindings for GNOME")
-    (home-page "http://live.gnome.org/Gjs")
+    (home-page "https://live.gnome.org/Gjs")
     (description
      "Gjs is a javascript binding for GNOME.  It's mainly based on spidermonkey
 javascript engine and the GObject introspection framework.")
@@ -4367,7 +4571,7 @@ javascript engine and the GObject introspection framework.")
 (define-public gedit
   (package
     (name "gedit")
-    (version "3.22.0")
+    (version "3.22.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4375,11 +4579,10 @@ javascript engine and the GObject introspection framework.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0i9z5d31vibb3dd329gwvyga38zq5k1a2glcdq7m93ycbl5mlfq6"))))
+                "0as9r5zvnyrxh699q6jnd0p9ddqy5qamfbxggpdjzagzixhw6yxa"))))
     (build-system glib-or-gtk-build-system)
     (arguments
-     `(#:configure-flags '("--disable-spell") ; XXX: gspell not packaged yet
-       #:phases
+     `(#:phases
        (modify-phases %standard-phases
          (add-after
           'install 'wrap-gedit
@@ -4405,6 +4608,7 @@ javascript engine and the GObject introspection framework.")
        ("pkg-config" ,pkg-config)))
     (inputs
      `(("glib" ,glib)
+       ("gspell" ,gspell)
        ("gtk+" ,gtk+)
        ("gtksourceview" ,gtksourceview)
        ("libpeas" ,libpeas)
@@ -4445,7 +4649,7 @@ powerful general purpose text editor.")
      `(("libnotify" ,libnotify)
        ("webkitgtk" ,webkitgtk)))
     (synopsis "Display graphical dialog boxes from shell scripts")
-    (home-page "http://www.gnome.org")
+    (home-page "https://www.gnome.org")
     (description
      "Zenity is a rewrite of gdialog, the GNOME port of dialog which allows you
 to display dialog boxes from the commandline and shell scripts.")
@@ -4454,7 +4658,7 @@ to display dialog boxes from the commandline and shell scripts.")
 (define-public mutter
   (package
     (name "mutter")
-    (version "3.24.2")
+    (version "3.24.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4462,7 +4666,7 @@ to display dialog boxes from the commandline and shell scripts.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "043q3384vwrkjdfhbwn9pwdml6z0g0ad0cj2fjnjzg6402i67071"))))
+                "1slspy5krbqfvnma72lvdnxjf8ag2cvxssa8bvi7y3xxy7xv603k"))))
     ;; NOTE: Since version 3.21.x, mutter now bundles and exports forked
     ;; versions of cogl and clutter.  As a result, many of the inputs,
     ;; propagated-inputs, and configure flags used in cogl and clutter are
@@ -4543,7 +4747,7 @@ to display dialog boxes from the commandline and shell scripts.")
        ("xkeyboard-config" ,xkeyboard-config)
        ("zenity" ,zenity)))
     (synopsis "Window and compositing manager")
-    (home-page "http://www.gnome.org")
+    (home-page "https://www.gnome.org")
     (description
      "Mutter is a window and compositing manager that displays and manages your
 desktop via OpenGL.  Mutter combines a sophisticated display engine using the
@@ -4554,7 +4758,7 @@ window manager.")
 (define-public gnome-online-accounts
   (package
     (name "gnome-online-accounts")
-    (version "3.24.1")
+    (version "3.24.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4562,7 +4766,7 @@ window manager.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0lgniqmkr6ffdw3kcqd34lvp969j2q2qzcy30zkzl5c09r7anc0a"))))
+                "1fmgywfcvlb5sa0slxxlg80gafiaal8vnq6h5lcybqa12lnxa2mp"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin") ; for glib-compile-schemas, etc.
@@ -4821,13 +5025,14 @@ users.")
        ("libnl" ,libnl)
        ("libsoup" ,libsoup)
        ("modem-manager" ,modem-manager)
+       ("newt" ,newt)                       ;for the 'nmtui' console interface
        ("polkit" ,polkit)
        ("ppp" ,ppp)
        ("readline" ,readline)
        ("util-linux" ,util-linux)
        ("elogind" ,elogind)))
     (synopsis "Network connection manager")
-    (home-page "http://www.gnome.org/projects/NetworkManager/")
+    (home-page "https://www.gnome.org/projects/NetworkManager/")
     (description
      "NetworkManager is a system network service that manages your network
 devices and connections, attempting to keep active network connectivity when
@@ -4890,7 +5095,7 @@ services.")
        ("jansson" ,jansson) ; for team support
        ("modem-manager" ,modem-manager)))
     (synopsis "Applet for managing network connections")
-    (home-page "http://www.gnome.org/projects/NetworkManager/")
+    (home-page "https://www.gnome.org/projects/NetworkManager/")
     (description
      "This package contains a systray applet for NetworkManager.  It displays
 the available networks and allows users to easily switch between them.")
@@ -4949,10 +5154,20 @@ libxml2.")
               (sha256
                (base32
                 "1s2xzrwcjhfb4ra8jrxqfycs1jpv97id0f6idb2h6vjkspxbjy23"))))
-    (build-system gnu-build-system)
+    (build-system glib-or-gtk-build-system)
     (arguments
      '(#:configure-flags
-       '("--without-plymouth")
+       `("--without-plymouth"
+         "--disable-systemd-journal"
+         "--localstatedir=/var"
+         ,(string-append "--with-default-path="
+                         (string-join '("/run/setuid-programs"
+                                        "/run/current-system/profile/bin"
+                                        "/run/current-system/profile/sbin")
+                                      ":"))
+         ;; Put GDM in bindir so that glib-or-gtk-build-system wraps the
+         ;; XDG_DATA_DIRS so that it finds its schemas.
+         "--sbindir" ,(string-append (assoc-ref %outputs "out") "/bin"))
        #:phases
        (modify-phases %standard-phases
          (add-before
@@ -4970,9 +5185,54 @@ libxml2.")
                            "libgdm/gdm-user-switching.c")
               (("#include <systemd/sd-login\\.h>")
                "#include <elogind/sd-login.h>"))
-            ;; Avoid checking SYSTEMD using pkg-config.
-            (setenv "SYSTEMD_CFLAGS" " ")
-            (setenv "SYSTEMD_LIBS" "-lelogind")
+            ;; Check for elogind.
+            (substitute* '("configure")
+              (("libsystemd")
+               "libelogind"))
+            ;; Look for system-installed sessions in
+            ;; /run/current-system/profile/share.
+            (substitute* '("libgdm/gdm-sessions.c"
+                           "daemon/gdm-session.c"
+                           "daemon/gdm-display.c"
+                           "daemon/gdm-launch-environment.c")
+              (("DATADIR \"/x")
+               "\"/run/current-system/profile/share/x")
+              (("DATADIR \"/wayland")
+               "\"/run/current-system/profile/share/wayland")
+              (("DATADIR \"/gnome")
+               "\"/run/current-system/profile/share/gnome"))
+            (substitute* '("daemon/gdm-session.c")
+              (("set_up_session_environment \\(self\\);")
+               (string-append
+                "set_up_session_environment (self);\n"
+                ;; Propagate GDM_X_SERVER environment variable (which is set
+                ;; by the GDM service, as it's a function of what X modules
+                ;; the user decides to have available) down to worker
+                ;; processes.
+                "gdm_session_set_environment_variable (self, \"GDM_X_SERVER\",\n"
+                "    g_getenv (\"GDM_X_SERVER\"));\n"
+                ;; FIXME: Really glib should be declaring XDG_CONFIG_DIRS as a
+                ;; variable, but it doesn't do that right now.  Anyway
+                ;; /run/current-system/profile/share/gnome-session/sessions/gnome.desktop
+                ;; requires that a number of .desktop files be present, and
+                ;; these special .desktop files are in $XDG_CONFIG_DIRS (which
+                ;; defaults to /etc/xdg if it's not set).  Here we need to
+                ;; provide a value such that the GNOME session's requirements
+                ;; are met (provided GNOME is installed of course).
+                "gdm_session_set_environment_variable (self, \"XDG_CONFIG_DIRS\",\n"
+                "    \"/run/current-system/profile/etc/xdg\");\n"
+                )))
+            ;; Look for custom GDM conf in /run/current-system.
+            (substitute* '("common/gdm-settings-backend.c")
+              (("GDM_CUSTOM_CONF")
+               "/run/current-system/etc/gdm/custom.conf"))
+            ;; Use service-supplied path to X.
+            (substitute* '("daemon/gdm-server.c")
+              (("\\(X_SERVER X_SERVER_ARG_FORMAT")
+               "(\"%s\" X_SERVER_ARG_FORMAT, g_getenv (\"GDM_X_SERVER\")"))
+            (substitute* '("daemon/gdm-x-session.c")
+              (("X_SERVER")
+               "g_getenv (\"GDM_X_SERVER\")"))
             #t)))))
     (native-inputs
      `(("dconf" ,dconf)
@@ -4991,7 +5251,7 @@ libxml2.")
        ("libcanberra" ,libcanberra)
        ("linux-pam" ,linux-pam)))
     (synopsis "Display manager for GNOME")
-    (home-page "http://wiki.gnome.org/Projects/GDM/")
+    (home-page "https://wiki.gnome.org/Projects/GDM/")
     (description
      "GNOME Display Manager is a system service that is responsible for
 providing graphical log-ins and managing local and remote displays.")
@@ -5060,7 +5320,7 @@ devices using the GNOME desktop.")
 (define-public gnome-control-center
   (package
     (name "gnome-control-center")
-    (version "3.24.2")
+    (version "3.24.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -5068,7 +5328,7 @@ devices using the GNOME desktop.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0awga40jh6gvn335mn6kyl6yg79frap1znrsz3sw2m27yldlnaiq"))))
+                "18ncjqjj93a39sla2zjr9i6pw59yh87p4jla899lmvi2qajd5923"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:phases
@@ -5131,7 +5391,7 @@ properties, screen resolution, and other GNOME parameters.")
 (define-public gnome-shell
   (package
     (name "gnome-shell")
-    (version "3.24.2")
+    (version "3.24.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -5139,7 +5399,7 @@ properties, screen resolution, and other GNOME parameters.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1xp2ccmdrvzlczsrcplykwqwx2v4lbmkr0rxyylb06danlw9mivh"))))
+                "1f20x36ymkp1j667hb7s7byly2gqc4m0anldy3qwp38vm8437caq"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:phases
@@ -5284,7 +5544,7 @@ easy, safe, and automatic.")
 (define-public tracker
   (package
     (name "tracker")
-    (version "1.12.0")
+    (version "1.12.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -5292,7 +5552,7 @@ easy, safe, and automatic.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0vsrzzkcfvmylhpk1ww6xdx8z9sgjs0gn74gz82qngjyq3c3s6c3"))))
+                "1zdzh8l5ahi906i40i4pqw2cs1hwrl6l9a7fp344a3idk3pl5szb"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("gnome-common" ,gnome-common)
@@ -5344,7 +5604,7 @@ shared object databases, search tools and indexing.")
 (define-public nautilus
   (package
     (name "nautilus")
-    (version "3.24.1")
+    (version "3.24.2.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -5352,7 +5612,7 @@ shared object databases, search tools and indexing.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1cn6bmzmahzlwcd4gllsvx6dva386xm3papgzpv1r34abw73sf27"))))
+                "1cv138z04qx0fh1a2z2hvxy4p1x15vdv5gmkx5f3hb6c3w2rsz9m"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:configure-flags
@@ -5519,6 +5779,37 @@ configuration system for GNOME.  It allows users to configure desktop
 software that do not provide their own configuration interface.")
     (license license:lgpl2.1+)))
 
+(define-public gnome-default-applications
+  (package
+    (name "gnome-default-applications")
+    (version "0")
+    (build-system trivial-build-system)
+    (source #f)
+    (propagated-inputs
+     `(("nautilus" ,nautilus)))
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let* ((out (assoc-ref %outputs "out"))
+                (apps (string-append out "/share/applications")))
+           (mkdir-p apps)
+           (call-with-output-file (string-append apps "/defaults.list")
+             (lambda (port)
+               (format port "[Default Applications]\n")
+               (format port "inode/directory=org.gnome.Nautilus.desktop\n")))
+           #t))))
+    (synopsis "Default MIME type associations for the GNOME desktop")
+    (description
+     "Given many installed packages which might handle a given MIME type, a
+user running the GNOME desktop probably has some preferences: for example,
+that folders be opened by default by the Nautilus file manager, not the Baobab
+disk usage analyzer.  This package establishes that set of default MIME type
+associations for GNOME.")
+    (license license:gpl3+)
+    (home-page #f)))
+
 (define-public gnome
   (package
     (name "gnome")
@@ -5532,6 +5823,7 @@ software that do not provide their own configuration interface.")
      `(("adwaita-icon-theme"        ,adwaita-icon-theme)
        ("baobab"                    ,baobab)
        ("font-cantarell"            ,font-cantarell)
+       ("font-dejavu"               ,font-dejavu)
        ("at-spi2-core"              ,at-spi2-core)
        ("dbus"                      ,dbus)
        ("dconf"                     ,dconf)
@@ -5543,13 +5835,20 @@ software that do not provide their own configuration interface.")
        ("gedit"                     ,gedit)
        ("glib-networking"           ,glib-networking)
        ("gnome-backgrounds"         ,gnome-backgrounds)
+       ("gnome-bluetooth"           ,gnome-bluetooth)
+       ("gnome-calculator"          ,gnome-calculator)
        ("gnome-control-center"      ,gnome-control-center)
+       ("gnome-disk-utility"        ,gnome-disk-utility)
+       ("gnome-default-applications" ,gnome-default-applications)
        ("gnome-keyring"             ,gnome-keyring)
+       ("gnome-online-accounts"     ,gnome-online-accounts)
        ("gnome-session"             ,gnome-session)
        ("gnome-settings-daemon"     ,gnome-settings-daemon)
        ("gnome-shell"               ,gnome-shell)
+       ("gnome-system-monitor"      ,gnome-system-monitor)
        ("gnome-terminal"            ,gnome-terminal)
        ("gnome-themes-standard"     ,gnome-themes-standard)
+       ("gucharmap"                 ,gucharmap)
        ("gvfs"                      ,gvfs)
        ("hicolor-icon-theme"        ,hicolor-icon-theme)
        ("nautilus"                  ,nautilus)
@@ -5557,6 +5856,7 @@ software that do not provide their own configuration interface.")
        ("pulseaudio"                ,pulseaudio)
        ("shared-mime-info"          ,shared-mime-info)
        ("totem"                     ,totem)
+       ("xdg-user-dirs"             ,xdg-user-dirs)
        ("yelp"                      ,yelp)
        ("zenity"                    ,zenity)))
     (synopsis "The GNU desktop environment")
@@ -5822,7 +6122,7 @@ like GNOME, Unity, Budgie, Pantheon, XFCE, Mate, etc.")
 (define-public moka-icon-theme
   (package
     (name "moka-icon-theme")
-    (version "5.3.5")
+    (version "5.3.6")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/moka-project"
@@ -5831,7 +6131,7 @@ like GNOME, Unity, Budgie, Pantheon, XFCE, Mate, etc.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "062rab0ggmgb3y0d6b3k5d47wsadi28cdnyyr2vqbjhza01dglci"))))
+                "04axinv79qnngsxkwqzi5j9lc3hn24rjqps5ai8d42pdnfaf0x37"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -6275,7 +6575,7 @@ that support the Assistive Technology Service Provider Interface (AT-SPI).")
 (define-public gspell
   (package
     (name "gspell")
-    (version "1.4.1")
+    (version "1.4.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -6283,7 +6583,7 @@ that support the Assistive Technology Service Provider Interface (AT-SPI).")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1ghh1xdzf04mfgb13zqpj88krpa44xv2vbyhm6k017kzrpz8hbs4"))
+                "1683vyyfq3q0ph665jj6id8hnlyid4qxzmqiwpv97gmz8zksg6x5"))
               (patches (search-patches "gspell-dash-test.patch"))))
     (build-system glib-or-gtk-build-system)
     (arguments
@@ -6305,18 +6605,19 @@ that support the Assistive Technology Service Provider Interface (AT-SPI).")
                                     "/lib/aspell"))
              #t)))))
     (inputs
-     `(("enchant" ,enchant)
-       ("iso-codes" ,iso-codes)
-       ("gtk+" ,gtk+)
-       ("glib" ,glib)))
+     `(("gtk+" ,gtk+)
+       ("glib" ,glib)
+       ("iso-codes" ,iso-codes)))
     (native-inputs
      `(("glib" ,glib "bin")
        ("pkg-config" ,pkg-config)
        ("xmllint" ,libxml2)
 
        ;; For tests.
-       ("xorg-server" ,xorg-server)
-       ("aspell-dict-en" ,aspell-dict-en)))
+       ("aspell-dict-en" ,aspell-dict-en)
+       ("xorg-server" ,xorg-server)))
+    (propagated-inputs
+     `(("enchant" ,enchant)))           ; enchant.pc is required by gspell-1.pc
     (home-page "https://wiki.gnome.org/Projects/gspell")
     (synopsis "GNOME's alternative spell checker")
     (description
@@ -6377,7 +6678,7 @@ views can be printed as PDF or PostScript files, or exported to HTML.")
 (define-public lollypop
   (package
     (name "lollypop")
-    (version "0.9.240")
+    (version "0.9.244")
     (source
      (origin
        (method url-fetch)
@@ -6386,31 +6687,48 @@ views can be printed as PDF or PostScript files, or exported to HTML.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "0n1ycmg6dgz1pajs80fwlcbxw3rx1hff1xw6ja67zngm85ydbjvq"))))
+         "0y9nmwrplz4mlvc2badfbyjj97ksn6qqis3rgm8lvp5llsk1583w"))))
+    ;; TODO: Use meson-build-system
     (build-system glib-or-gtk-build-system)
     (arguments
      `(#:imported-modules ((guix build python-build-system)
                            ,@%glib-or-gtk-build-system-modules)
-       #:phases (modify-phases %standard-phases
-                  (add-after 'install 'wrap-program
-                    (lambda* (#:key outputs #:allow-other-keys)
-                      (let ((out               (assoc-ref outputs "out"))
-                            (gi-typelib-path   (getenv "GI_TYPELIB_PATH")))
-                        (wrap-program (string-append out "/bin/lollypop")
-                          `("GI_TYPELIB_PATH" ":" prefix (,gi-typelib-path))))
-                      #t))
-                  (add-after 'install 'wrap
-                    (@@ (guix build python-build-system) wrap)))))
+       #:tests? #f ; no test suite
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (replace 'build
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               ;; remove post-install script, we update the caches later
+               (substitute* "meson.build"
+                 (("meson.add_install_script\\('meson_post_install.py'\\)") ""))
+               (zero?
+                 (system* "meson" "builddir" (string-append "--prefix=" out))))))
+         (replace 'install
+           (lambda _ (zero? (system* "ninja" "-C" "builddir" "install"))))
+         (add-after 'install 'wrap-program
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out               (assoc-ref outputs "out"))
+                   (gi-typelib-path   (getenv "GI_TYPELIB_PATH")))
+               (wrap-program (string-append out "/bin/lollypop")
+                 `("GI_TYPELIB_PATH" ":" prefix (,gi-typelib-path))))
+             #t))
+         (add-after 'install 'wrap
+           (@@ (guix build python-build-system) wrap)))))
     (native-inputs
      `(("intltool" ,intltool)
        ("itstool" ,itstool)
+       ("ninja" ,ninja)
        ("pkg-config" ,pkg-config)))
     (inputs
      `(("gobject-introspection" ,gobject-introspection)
+       ("gst-plugins-base" ,gst-plugins-base)
        ("gtk+" ,gtk+)
        ("libnotify" ,libnotify)
        ("libsecret" ,libsecret)
        ("libsoup" ,libsoup)
+       ("meson" ,meson)
        ("python" ,python)
        ("python-beautifulsoup4" ,python-beautifulsoup4)
        ("python-gst" ,python-gst)
@@ -6422,7 +6740,6 @@ views can be printed as PDF or PostScript files, or exported to HTML.")
     (propagated-inputs
      `(;; gst-plugins-base is required to start Lollypop,
        ;; the others are required to play streaming.
-       ("gst-plugins-base" ,gst-plugins-base)
        ("gst-plugins-good" ,gst-plugins-good)
        ("gst-plugins-ugly" ,gst-plugins-ugly)))
     (home-page "https://gnumdk.github.io/lollypop-web")
diff --git a/gnu/packages/gnucash.scm b/gnu/packages/gnucash.scm
index b33cd26a81..ac2dce5768 100644
--- a/gnu/packages/gnucash.scm
+++ b/gnu/packages/gnucash.scm
@@ -42,7 +42,7 @@
 (define-public gnucash
   (package
     (name "gnucash")
-    (version "2.6.16")
+    (version "2.6.17")
     (source
      (origin
       (method url-fetch)
@@ -50,7 +50,7 @@
                           version "/gnucash-" version ".tar.bz2"))
       (sha256
        (base32
-        "1088rssg9xgwi3wdfrhdcga46gby6lrd9a1fvn9zq456lscn4m9c"))
+        "0g2risryfgplxh6cxpsl7fn255vipgsx38b4l081h665nqwmz5nv"))
       (patches (search-patches "gnucash-price-quotes-perl.patch"))))
     (build-system gnu-build-system)
     (inputs
diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 56db405bc8..f3fe637b13 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -1,11 +1,11 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2014 Sree Harsha Totakura <sreeharsha@totakura.in>
-;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2015, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2016, 2017 ng0 <ng0@no-reply.infotropique.org>
+;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -144,14 +144,14 @@ tool to extract metadata from a file and print the results.")
 (define-public libmicrohttpd
   (package
    (name "libmicrohttpd")
-   (version "0.9.52")
+   (version "0.9.55")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/libmicrohttpd/libmicrohttpd-"
                                 version ".tar.gz"))
             (sha256
              (base32
-              "1smgxw6jv81yybg86bzr4c2sn7a31apf8q4zz0kpch9xfrp7yyal"))))
+              "1y6h1slav5l6k8zyb01dpw65dscdgxxgfa3a0z9qnn7jr66sn70c"))))
    (build-system gnu-build-system)
    (inputs
     `(("curl" ,curl)
@@ -160,7 +160,17 @@ tool to extract metadata from a file and print the results.")
       ("openssl" ,openssl)
       ("zlib" ,zlib)))
    (arguments
-    `(#:parallel-tests? #f))
+    `(#:parallel-tests? #f
+      #:phases (modify-phases %standard-phases
+                 (add-before 'check 'add-missing-LDFLAGS
+                   (lambda _
+                     ;; The two test_upgrade* programs depend on GnuTLS
+                     ;; directly but lack -lgnutls; add it.
+                     (substitute* "src/microhttpd/Makefile"
+                       (("^test_upgrade(.*)LDFLAGS = (.*)$" _ first rest)
+                        (string-append "test_upgrade" first
+                                       "LDFLAGS = -lgnutls " rest)))
+                     #t)))))
    (synopsis "C library implementing an HTTP 1.1 server")
    (description
     "GNU libmicrohttpd is a small, embeddable HTTP server implemented as a
@@ -176,14 +186,14 @@ and support for SSL3 and TLS.")
 (define-public gnurl
   (package
    (name "gnurl")
-   (version "7.54.1")
+   (version "7.55.1-3")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://gnunet.org/sites/default/files/"
                                 name "-" version ".tar.bz2"))
             (sha256
              (base32
-              "0szbj352h95sgc9kbx9wzkgjksmg3g5k6cvlc7hz3wrbdh5gb0a4"))))
+              "1p2qdh44hgsxjlzh4d3n51xr66cg2z517vpr818flvcrmpq2vxpq"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"))                             ; 1.5 MiB of man3 pages
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index e71ec8dce6..fd850c0469 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -58,7 +58,7 @@
 (define-public libgpg-error
   (package
     (name "libgpg-error")
-    (version "1.26")
+    (version "1.27")
     (source
      (origin
       (method url-fetch)
@@ -66,7 +66,7 @@
                           version ".tar.bz2"))
       (sha256
        (base32
-        "0sgfia0syq78k1c9h10rkhc1nfv5v097icrprlx2x4qn074wnjsc"))))
+        "1li95ni122fzinzlmxbln63nmgij63irxfvi52ws4zfbzv3am4sg"))))
     (build-system gnu-build-system)
     (home-page "https://gnupg.org")
     (synopsis "Library of error values for GnuPG components")
@@ -82,15 +82,14 @@ Daemon and possibly more in the future.")
 (define-public libgcrypt
   (package
     (name "libgcrypt")
-    (replacement libgcrypt-1.7.8)
-    (version "1.7.6")
+    (version "1.7.8")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
                                  version ".tar.bz2"))
              (sha256
               (base32
-               "1g05prhgqw4ryd0w433q8nhds0h93kf47hfjagi2r7dghkpaysk2"))))
+               "16f1rsv4y4w2pk1il2jbcqggsb6mrlfva5vayd205fp68zm7d0ll"))))
     (build-system gnu-build-system)
     (propagated-inputs
      `(("libgpg-error-host" ,libgpg-error)))
@@ -116,30 +115,6 @@ generation.")
     (properties '((ftp-server . "ftp.gnupg.org")
                   (ftp-directory . "/gcrypt/libgcrypt")))))
 
-(define libgcrypt-1.7.8
-  (package
-    (inherit libgcrypt)
-    (version "1.7.8")
-    (source (origin
-             (method url-fetch)
-             (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
-                                 version ".tar.bz2"))
-             (sha256
-              (base32
-               "16f1rsv4y4w2pk1il2jbcqggsb6mrlfva5vayd205fp68zm7d0ll"))))))
-
-(define-public libgcrypt-1.5
-  (package (inherit libgcrypt)
-    (version "1.5.6")
-    (source
-     (origin
-      (method url-fetch)
-      (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
-                          version ".tar.bz2"))
-      (sha256
-       (base32
-        "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h"))))))
-
 (define-public libassuan
   (package
     (name "libassuan")
@@ -228,14 +203,14 @@ compatible to GNU Pth.")
 (define-public gnupg
   (package
     (name "gnupg")
-    (version "2.1.21")
+    (version "2.1.23")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
                                   ".tar.bz2"))
               (sha256
                (base32
-                "1p97limv29p01y79mgnzpwixa50lv53wgdl3ymk9idkmpaldisks"))))
+                "0xqd5nm4j3w9lwk35vg57gl2i8bfkmx7d24i44gkbscm2lwpci59"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -254,8 +229,7 @@ compatible to GNU Pth.")
        ("sqlite" ,sqlite)
        ("zlib" ,zlib)))
    (arguments
-    `(#:configure-flags '("--enable-gpg2-is-gpg"
-                          ;; Otherwise, the test suite looks for the `gpg`
+    `(#:configure-flags '(;; Otherwise, the test suite looks for the `gpg`
                           ;; executable in its installation directory in
                           ;; /gnu/store before it has been installed.
                           "--enable-gnupg-builddir-envvar")
@@ -355,14 +329,14 @@ libskba (working with X.509 certificates and CMS data).")
 
 (define-public gnupg-1
   (package (inherit gnupg)
-    (version "1.4.21")
+    (version "1.4.22")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
                                   ".tar.bz2"))
               (sha256
                (base32
-                "0xi2mshq8f6zbarb5f61c9w2qzwrdbjm4q8fqsrwlzc51h8a6ivb"))))
+                "1d1hz4szh1kvwhsw7w2zxa6q5ndrk3qy6hj289l1b8k3xi5s554m"))))
     (native-inputs '())
     (inputs
      `(("zlib" ,zlib)
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index db32b988ed..1daaa79c73 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -249,7 +249,7 @@ in C/C++.")
 (define-public nspr
   (package
     (name "nspr")
-    (version "4.15")
+    (version "4.16")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -257,7 +257,7 @@ in C/C++.")
                    version "/src/nspr-" version ".tar.gz"))
              (sha256
               (base32
-               "101dksqm1z0hzd7ap82ccbxjr48s6q3xhshdl81qkj6hqdmy1p97"))))
+               "1l9wlnb9y0bzicv448jjl9kssqn044dc2qrkwzp4ll35fvch4ccv"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("perl" ,perl)))
@@ -281,7 +281,7 @@ in the Mozilla clients.")
 (define-public nss
   (package
     (name "nss")
-    (version "3.31")
+    (version "3.32")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -292,7 +292,7 @@ in the Mozilla clients.")
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "0pd643a8ns7q5az5ai3ascrw666i2kbfiyy1c9hlhw9jd8jn21g9"))
+                "0dfkgvah0ji8b8lpxyy2w0b3lyz5ldmryii4z7j2bfwnrj0z7iim"))
               ;; Create nss.pc and nss-config.
               (patches (search-patches "nss-pkgconfig.patch"
                                        "nss-increase-test-timeout.patch"))))
@@ -364,6 +364,7 @@ in the Mozilla clients.")
                  ;; phase to fail.  Here we simply delete libgtest1.so, since it
                  ;; seems to be used only during the tests.
                  (delete-file (string-append lib "/libgtest1.so"))
+                 (delete-file (string-append lib "/libgtestutil.so"))
 
                  #t))))))
     (inputs
@@ -508,13 +509,86 @@ standards.")
         (mozilla-patch "icecat-CVE-2017-5470-pt20.patch" "38273203b827" "12p9r4spdp09d6ic9sqspvdr50lmc1p86ydz2fxdifb1f95njhx0")
         (mozilla-patch "icecat-bug-1357022.patch"        "5bd51bc3f587" "0z5drxpfjvb7s43qgcr404h8ckchgakwwwi4nxpx2i653w22a743")
         (mozilla-patch "icecat-bug-1318845.patch"        "512efd480dac" "13cmqap795ayh6gh3b5bc6002pz0wp92qngs7fh5qqklc7a0gkzv")
-        (mozilla-patch "icecat-bug-1371586.patch"        "d0c92199b9ed" "0qmsm7d4h6ysx3an247kpx9qpksfms7hrjgpdrghdbxla1hc4nc9")
+        (mozilla-patch "icecat-CVE-2017-7798-pt1.patch"  "d0c92199b9ed" "0qmsm7d4h6ysx3an247kpx9qpksfms7hrjgpdrghdbxla1hc4nc9")
         (mozilla-patch "icecat-bug-1364513.patch"        "88e9c2137640" "1mh4l745q1wlabn9sz47n0vy3h7c66fcay2b9dwa16iqwvh3lpiw")
         (mozilla-patch "icecat-bug-1366203.patch"        "08dd87b6bb8f" "15bfwfwwd978mlcpk1d6m7506k8c2y402md7wzf6piabxl5kk6cf")
-        (mozilla-patch "icecat-bug-1368576.patch"        "5a51a9ef8149" "0j0f9j0pryv3ik4bizhv8s6rr4dl1mjm01c23msayr0vbnpcagcs")
-        (mozilla-patch "icecat-bug-1369913.patch"        "f47eaebc0c5c" "1b52xm3awpigasaz0hk5b13l7v4ry9vrawf571lzy2wwhphs4nxx")
-        (mozilla-patch "icecat-bug-1371424.patch"        "40ce248a8c15" "1b722fiifr999ga0991cg5mlhidcnvf3zx2aiq5zjaabqn0f4dzk")
-        (mozilla-patch "icecat-bug-1372112.patch"        "0c8359ac6718" "1w0v2p5jnhzvcsx8h1bglwjhp5y5bg1g8pzpvjw7pg1wlq2frccr")))
+        (mozilla-patch "icecat-CVE-2017-7779-pt01.patch" "5a51a9ef8149" "0j0f9j0pryv3ik4bizhv8s6rr4dl1mjm01c23msayr0vbnpcagcs")
+        (mozilla-patch "icecat-CVE-2017-7779-pt02.patch" "f47eaebc0c5c" "1b52xm3awpigasaz0hk5b13l7v4ry9vrawf571lzy2wwhphs4nxx")
+        (mozilla-patch "icecat-CVE-2017-7779-pt03.patch" "40ce248a8c15" "1b722fiifr999ga0991cg5mlhidcnvf3zx2aiq5zjaabqn0f4dzk")
+        (mozilla-patch "icecat-CVE-2017-7798-pt2.patch"  "0c8359ac6718" "1w0v2p5jnhzvcsx8h1bglwjhp5y5bg1g8pzpvjw7pg1wlq2frccr")
+        (mozilla-patch "icecat-CVE-2017-7779-pt04.patch" "8c27a68ee87e" "0kn05q8nvp26w5rnj8r0byw89h2awmwn04l9l3xv2i5w2a7zmjzf")
+        (mozilla-patch "icecat-CVE-2017-7779-pt05.patch" "b2ee0c5466da" "0jgwsppq0606lwg5jk9q69lqa14q3j7h3c7q6mxbz7zqrcg7d0zg")
+        (mozilla-patch "icecat-CVE-2017-7779-pt06.patch" "25f6ec16e501" "1yqd5ndwgd8x2pj9k2bnaq3rb1g7wikq0ii7l4dm6bqwabi2rdsg")
+        (mozilla-patch "icecat-CVE-2017-7779-pt07.patch" "30443b4f758e" "0riszl3xnpfq5ffywygrc12nsvx0ffd36d5rf4vp87r8lj3fr55r")
+        (mozilla-patch "icecat-CVE-2017-7779-pt08.patch" "1b934ab92c59" "114cvfzfxgkwwd4zpnrmm2kx6m94k0b3xcraba9aawwwhdxj6a1d")
+        (mozilla-patch "icecat-CVE-2017-7779-pt09.patch" "830a345dc0e7" "01riivv033w3mr8b2myaw38rz2za1bdlhybny737ly68hhc67xdz")
+        (mozilla-patch "icecat-CVE-2017-7786.patch"      "5c26df489768" "1fdw4zbn0ilfghanxky4y7qcmkpkks2q1aqkzv26dnhhrr8350a1")
+        (mozilla-patch "icecat-CVE-2017-7791.patch"      "f21e4d78a0a8" "0szsc3zm3wgrw8pxm0rz54whkrc14yy4d8vwmxgqsdns43qjgkpk")
+        (mozilla-patch "icecat-CVE-2017-7779-pt10.patch" "f19b6c6a0c6c" "0wkr010qnh4127z1j7fp45sqdk2da9x7j2k405r0x5bgqdd09qzp")
+        (mozilla-patch "icecat-CVE-2017-7784.patch"      "8353a3fa4106" "0kzs8pl6spjwgdsmiw702zvbvz73ng9zf184clsfr82l8kmggbgw")
+        (mozilla-patch "icecat-bug-1371889.patch"        "b38fed9a9772" "14vzsldlv4hjpxgnl6fjjbzhgcwsmd52v06cgmv0a7y3lnggj3hp"); XXX backed out upstream
+        (mozilla-patch "icecat-CVE-2017-7787.patch"      "c254d3cc826c" "0pixwr18qik87c8qf4irg6hdffd8rbwpng73jxg05h7s827nfw3g")
+        (mozilla-patch "icecat-CVE-2017-7792.patch"      "6356dbf20658" "0a0hsxkik7ysfa48w8k21lidaabwpmxi1d3214r5zqkqqfhn9qjm")
+        (mozilla-patch "icecat-bug-1358073.patch"        "8d6e685d061b" "0430gwg7zzbg0q9w2m04s5ljh47bc8x1gxvmkzbn23bh1wy4d4sq")
+        (mozilla-patch "icecat-bug-1370869.patch"        "3b8fde840188" "0vkymvzkfpzpg86npa5vpvvf564k18hkfdz8857rl0z4dp4rybzx")
+        (mozilla-patch "icecat-CVE-2017-7779-pt11.patch" "267b649087ff" "04wzazdm0kvbfcgmlhx8qs1ibqn8sbvqdsd237rja5wpr761xxf1")
+        (mozilla-patch "icecat-bug-1354796.patch"        "69d1a9de76b9" "1q0p4kf8pvnkwwff3lz526pjj15a25pf724awblkcnzamwbib5ns")
+        (mozilla-patch "icecat-bug-1363027.patch"        "c5eaa2d51b9f" "1xyj5n1vqhscc369q6wxibs2igbilaiwyc0q9cq64j2qx8q0yqah")
+        (mozilla-patch "icecat-bug-1364189.patch"        "852a7781259e" "12y344p54avz5mrqirq14zp4csx8ydilnjv9nsw48kpa9y0l5xsg")
+        (mozilla-patch "icecat-bug-1342417.patch"        "37ccdc5fff2b" "1acywg8girplbs7wjrjbvkximhiyizddmnkkq1ldd0l3qbx9nihc")
+        (mozilla-patch "icecat-CVE-2017-7779-pt12.patch" "057ed884ecb0" "1m49bqkq5lzc2j59wgwy0gbzvqj50p9lfn7cbc2n01v6d7m8rc2j")
+        (mozilla-patch "icecat-CVE-2017-7779-pt13.patch" "dd7ed649b82f" "1fama1l2vx4p6ahhrsrpysfbk9nh5gwbi4pdnclpyxd42idsdqxs")
+        (mozilla-patch "icecat-CVE-2017-7753.patch"      "731958f7ff4d" "0l3i3mkb6rslnjag3caf4xyhjzxn91wfs0g6dbika4sxnhfs5d4i")
+        (mozilla-patch "icecat-bug-1364870.patch"        "de8deecbcb02" "048ic1vk7fd7wxqjgjqlnb7kv03ynaa4wkrk0ka8m39pkjh3yyxj")
+        (mozilla-patch "icecat-bug-1365333.patch"        "e3d13b270f45" "0jr8hpxpmfgrbh09xd9nj597cdnc6kl6gs5nir4zlzbbn8kp3429")
+        (mozilla-patch "icecat-bug-1372063.patch"        "58a144bf9677" "12y8vikbzcfcfiidjdq67dvdhhvylx68wdgnypsafrd1q8dx9jza")
+        (mozilla-patch "icecat-bug-1373970.patch"        "8321ef71adb5" "1wk8kq9n2vhqlinvvw01avv3c7qj0k3qnn7dj0whnl08a5yrqhpl")
+        (mozilla-patch "icecat-bug-1338646.patch"        "322c18d011af" "1yqb7zmjz211ryb98pjj7axbj6bwkj63rmfyifsybdy3zpb4nf48")
+        (mozilla-patch "icecat-CVE-2017-7779-pt14.patch" "f9bc084fbb8a" "1ssml15yzx9s0wraq4n0xvq5bw7j8xq0p2y39h8j3f1c448n0j50")
+        (mozilla-patch "icecat-bug-1359477.patch"        "9b70b5b852e4" "0z2bi7w46g7mm8msav8vz28mgvnv21z3a5876n9gpw317gns4d6a")
+        (mozilla-patch "icecat-CVE-2017-7779-pt15.patch" "6785c2a852da" "0p9jr171qi59scr5lrj6g0mv8mgm1i1wglr3jd16xywb0ymynnn5")
+        (mozilla-patch "icecat-CVE-2017-7779-pt16.patch" "11c8e23f0fd7" "0zcikv6dn7biii4gspv2kfvma5hc76hk86jahm3zl2zlkk8ikfm9")
+        (mozilla-patch "icecat-bug-1355168.patch"        "f45ba43512ad" "0p28q5acns5zjj7ks2x5lrmwzzps741507sq31xvrpzan5yav37x")
+        (mozilla-patch "icecat-bug-1308820.patch"        "e9a10fac6aae" "1s2zaka6ik1rmylamyh38vsqnqlblbqdhjpp0cv08fjb9flh5sbw")
+        (mozilla-patch "icecat-bug-1305036.patch"        "c42a348f2ed0" "1pz7qbdv9xvyd1dy7g9h047c0gmrgp5qdy2360qjk6879n74h1zb")
+        (mozilla-patch "icecat-bug-1342913.patch"        "f02db36497d2" "0g1kg418l1cibh5k1sjqj2vs2jcblpbn7b06qazk2kzcg70vf5gv")
+        (mozilla-patch "icecat-CVE-2017-7800.patch"      "0a44ed156da5" "1y8z1czm7f91p9bpd32b9k43nl0b9g4fzwv4w0khby9y38xgvcbs")
+        (mozilla-patch "icecat-CVE-2017-7801.patch"      "0a86729d653e" "0wyh7qskjwq9274d25p2ajylaab5mj5h8by58rz9lxsz06zrnz9f")
+        (mozilla-patch "icecat-CVE-2017-7779-pt17.patch" "98ff43fb228a" "0ih0nsmk8rzdrajzlnryqiqb71jg7v4p71hfla2hrlvn41r3709m")
+        (mozilla-patch "icecat-CVE-2017-7802.patch"      "09f62bfc5800" "07q18qzxja1cywihr5vhhws328zghrwc6ldx8kcsawia1r1i5gp7")
+        (mozilla-patch "icecat-bug-1321803-pt1.patch"    "cfb75012cfbd" "1bwwfm1vhr7ddsvmi1cinwdq6f4nd71fkd9lbnlhmh4ix63gz2yl")
+        (mozilla-patch "icecat-bug-1321803-pt2.patch"    "0f3f951461d7" "1rp1cj4c0dkhd4pda88kx499h7ycw3037yh2khff78y61ckg2a85")
+        (mozilla-patch "icecat-bug-1321803-pt3.patch"    "b654a39db998" "1v79mh8lrnn7q40c8zj24byrqyw3x8fwcw25w90wqajnbf0ixskx")
+        (mozilla-patch "icecat-bug-1334338.patch"        "1be1fe3c9622" "1mhd9nyp8map76hgwrhm1k955fz8y5iszdvvgrv3z1r1h77k0nz0")
+        (mozilla-patch "icecat-bug-1379538.patch"        "8fa66bc91b07" "1l44rwkdrv9y41nfb9h3fkykk3ci7xclp6rfwbbzm4293l00adrd")
+        (mozilla-patch "icecat-CVE-2017-7779-pt18.patch" "7c095249ef8a" "05dbvxlmh7jljjmis540nfgk2nn968prmxrm96674avn33989sqy")
+        (mozilla-patch "icecat-bug-1073952.patch"        "06db7fb30689" "19qf9lrwy48fjzz3wpjfxsgqab68dnlci8jrwsljhpy6787xwxg2")
+        (mozilla-patch "icecat-CVE-2017-7803.patch"      "c52d8ce8d5df" "03l9hk278b9mw75rxpn2ay1slyz21axa2l7dfxwkvj5vdn7ykdbj")
+        (mozilla-patch "icecat-CVE-2017-7779-pt19.patch" "d68c9edf056f" "0zfz0l9m675n4vvm87n8g3bdhhysla4qnywli5kwjy4krj9kq6qa")
+        (mozilla-patch "icecat-CVE-2017-7779-pt20.patch" "5dd82ab194b9" "10mdzwxibnmqs7y5arf8sjnva31i5vhbprlc63n74h8gh8k5kdlp")
+        (mozilla-patch "icecat-CVE-2017-7779-pt21.patch" "8fc70b2b57a8" "0yszfmb47x3rrzn5wncv112c1b7xw11j62adx4f7950fdj7zqr32")
+        (mozilla-patch "icecat-bug-1379444.patch"        "47dd26630291" "0r2rc634sr4a5mfc53p1wx8d0zm6dsxiw2vzc7l89mac0d0cmi5n")
+        (mozilla-patch "icecat-bug-1372467.patch"        "0f906e04a41d" "0f2zdpnb23yg3v5f1ha24cmagcwa01kf2xz1l2lcws4ss1w5b4a9")
+        (mozilla-patch "icecat-bug-1372383.patch"        "56349462ff47" "17gc7kf0i367c1yh2w1701k8snvdm04nznc3q3yxdl3wxkh3c3sb")
+        (mozilla-patch "icecat-CVE-2017-7779-pt22.patch" "7b79969a18ee" "0ixycxbjh0wmihrhzpyjbkcnvwwrzs3ffb0lymzvqnr90yxvxhyy")
+        (mozilla-patch "icecat-CVE-2017-7779-pt23.patch" "f0ab032fd674" "04wc4i94cfj2vcawrv7hgbb70fkxggi7s6srk3i184686rczzpyw")
+        (mozilla-patch "icecat-bug-1308908.patch"        "48a89721d076" "01gvdzy6whp2dqmjvx49f4mvl75dhjgr8dvx71pg4sx3xmdbkzyq")
+        (mozilla-patch "icecat-bug-1347667.patch"        "ef1d17821945" "0s6gaarnvnibgf9x0xqcymaqc63lnbh9fm2g33i8cpp1xjhmywcv")
+        (mozilla-patch "icecat-bug-1367128-pt1.patch"    "5a0f69630b03" "1vqbwmy58qxwfaisq0dxvvbsd5w5i4yb691i78gw1dv7kgf523qy")
+        (mozilla-patch "icecat-bug-1367128-pt2.patch"    "7db52eca97b2" "081p8izjxscylfs090c9mzlmfvpdfvg1qsf5rik30hvifcpxp6lq")
+        (mozilla-patch "icecat-bug-1367128-pt3.patch"    "c448439eb5dc" "18gp7mg3zh9dxi1300mcm0zk67nlmvp5q50gnyc1v2sv0gs6fdfb")
+        (mozilla-patch "icecat-bug-1377016.patch"        "319a986ae1f4" "1dlmrklkpx42c72pblpw1fi91dhqarqyl3ldnd4943x2hsy3am8k")
+        (mozilla-patch "icecat-bug-1342433.patch"        "09f5bd33efb8" "0dky981ggyc0237mbbyy1chndk0aznkhw00d3lrafiyxsyk6vg3z")
+        (mozilla-patch "icecat-bug-1359058-pt1.patch"    "7ccb26caa02f" "1q97f4qbwjnz6f3g5dcy2v0av9jgbaplaz9pnm5yqdc250f5bhjz")
+        (mozilla-patch "icecat-bug-1359058-pt2.patch"    "a93c1a40f0d8" "0gafbwv2npdjqh41fpvzmzdw3kcw1b41gm3jg9biwqxxwnvqqmfj")
+        (mozilla-patch "icecat-bug-1382303-pt1.patch"    "688c9284fb12" "1rqimwkh8krihabsx7x2awvxls8n9dm2bmbl133fnkp2sjya979w")
+        (mozilla-patch "icecat-bug-1382303-pt2.patch"    "7f969ba7b6e8" "036n1yrmmb6gydxcgyps89g63kj1w2rihk1zsmk7yw3crln226ai")
+        (mozilla-patch "icecat-bug-1382303-pt3.patch"    "7e7b4f104462" "0wkw72qqyql528hvssrqyq72f5csfxa5fgv5s903csh97vawfl7i")
+        (mozilla-patch "icecat-bug-1383000.patch"        "ce65d0641c07" "08bxn3b8rgjhkvdndc7mrd0k1715wbpa5qaxhslxlgj6lpkgk0b1")
+        (mozilla-patch "icecat-CVE-2017-7807.patch"      "a86c77d533ee" "0mzfxpyk4484dk3j1sgplakx39ya0jnp3plxvcmvlc47ry60yq93")
+        (mozilla-patch "icecat-bug-1346620.patch"        "d71000abc9bf" "10d632nq5zbhndrsx2vpkl7jprlnas361n1yh9s9szn8k4mj01rf")
+        (mozilla-patch "icecat-bug-1381016.patch"        "c74486f87dc3" "1l938a2lhrlqfhmgrpypx13v6jw08528m4gnllr2h5sk2x65czip")
+        (mozilla-patch "icecat-bug-1371657.patch"        "20a1a6ad46d5" "17yn5dpymrymgdywah403fzw0p2y9bjkccg0h4d221i3pwns4bcz")))
       (modules '((guix build utils)))
       (snippet
        '(begin
diff --git a/gnu/packages/gobby.scm b/gnu/packages/gobby.scm
index 961028d00a..45ebed7c43 100644
--- a/gnu/packages/gobby.scm
+++ b/gnu/packages/gobby.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016 Andy Wingo <wingo@igalia.com>
+;;; Copyright © 2016, 2017 Andy Wingo <wingo@igalia.com>
+;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -25,6 +26,7 @@
   #:use-module (gnu packages)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnome)
+  #:use-module (gnu packages gsasl)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages tls)
@@ -96,7 +98,10 @@
 documents in one session.  Obby is used by the Gobby collaborative editor.")
     (license license:gpl2+)))
 
-(define-public gobby
+;; Although there is a newer version of Gobby defined below, the protocols are
+;; incompatible; you need Gobby 0.4 if you want to connect to servers running
+;; the 0.4 protocol.
+(define-public gobby-0.4
   (package
     (name "gobby")
     (version "0.4.13")
@@ -127,5 +132,81 @@ documents in one session.  Obby is used by the Gobby collaborative editor.")
     (description
      "Collaborative editor that supports multiple documents in one session and
 a multi-user chat.  Gobby allows multiple users to edit the same document
+together over the internet in real-time.
+
+This is the older 0.4 version of Gobby.  Use this version only if you need to
+connect to a server running the old 0.4 protocol.")
+    (license license:gpl2+)))
+
+(define-public gobby
+  (package
+    (name "gobby")
+    (version "0.5.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://releases.0x539.de/gobby/gobby-"
+                                  version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "165x0r668ma5blziisvbr8qig3jw9hf7i6w8r7wwvz3wsac3bswc"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("intltool" ,intltool)))
+    (inputs
+     `(("gnutls" ,gnutls)
+       ("gsasl" ,gsasl)
+       ("gtkmm-2" ,gtkmm-2)
+       ("gtksourceview-2" ,gtksourceview-2)
+       ("libinfinity" ,libinfinity)
+       ("libxml++-2" ,libxml++-2)))
+    (arguments
+     ;; Required by libsigc++.
+     `(#:configure-flags '("CXXFLAGS=-std=c++11")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'move-executable
+           (lambda* (#:key outputs #:allow-other-keys)
+             (with-directory-excursion (assoc-ref outputs "out")
+               (rename-file "bin/gobby-0.5" "bin/gobby"))
+             #t)))))
+    (home-page "https://gobby.github.io/")
+    (synopsis "Collaborative editor")
+    (description
+     "Collaborative editor that supports multiple documents in one session and
+a multi-user chat.  Gobby allows multiple users to edit the same document
 together over the internet in real-time.")
     (license license:gpl2+)))
+
+(define-public libinfinity
+  (package
+    (name "libinfinity")
+    (version "0.6.8")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://releases.0x539.de/libinfinity/libinfinity-"
+                           version ".tar.gz"))
+       (sha256
+        (base32
+         "0nylsb6qz9pjw3agjp27c4za205i6zg6i5g1vgs5vbdnbh77wkhc"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("glib" ,glib)
+       ("gsasl" ,gsasl)
+       ("gtk+" ,gtk+-2)
+       ("libxml2" ,libxml2)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (arguments
+     `(#:configure-flags (list "--with-inftextgtk"
+                               "--with-infgtk")))
+    (home-page "https://gobby.github.io/")
+    (synopsis "Infininote protocol implementation")
+    (description "libinfinity is a library to build collaborative text
+editors.  Changes to the text buffers are synced to all other clients over a
+central server.  Even though a central server is involved, the local user sees
+his changes applied instantly and the merging is done on the individual
+clients.")
+    (license license:lgpl2.1+)))
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 70cae6d871..9f3ccc8f69 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2016, 2017 Petter <petter@mykolab.ch>
 ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017 Sergei Trofimovich <slyfox@inbox.ru>
+;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -199,11 +200,11 @@ garbage collection, various safety features and in the style of communicating
 sequential processes (CSP) concurrent programming features added.")
     (license license:bsd-3)))
 
-(define-public go-1.8
+(define-public go-1.9
   (package
     (inherit go-1.4)
     (name "go")
-    (version "1.8.3")
+    (version "1.9")
     (source
      (origin
        (method url-fetch)
@@ -211,7 +212,7 @@ sequential processes (CSP) concurrent programming features added.")
                            name version ".src.tar.gz"))
        (sha256
         (base32
-         "19lzv4lqixj3v2gjaff0fdbbmgsq5r8lrfd61z2zvp778wjflpaz"))))
+         "14z9azh8pk5cwyl2qdk893j68lk0cca7a9b8k2hpn5pd52825ax4"))))
     (arguments
      (substitute-keyword-arguments (package-arguments go-1.4)
        ((#:phases phases)
@@ -242,7 +243,7 @@ sequential processes (CSP) concurrent programming features added.")
                  ;; Add libgcc to runpath
                  (substitute* "cmd/link/internal/ld/lib.go"
                    (("!rpath.set") "true"))
-                 (substitute* "cmd/go/build.go"
+                 (substitute* "cmd/go/internal/work/build.go"
                    (("cgoldflags := \\[\\]string\\{\\}")
                     (string-append "cgoldflags := []string{"
                                    "\"-rpath=" gcclib "\""
@@ -296,6 +297,13 @@ sequential processes (CSP) concurrent programming features added.")
                  (substitute* "../misc/cgo/testcarchive/carchive_test.go"
                    (("#!/usr/bin/env") (string-append "#!" (which "env"))))
 
+                 ;; Escape braces in test data to workaround test failure. For
+                 ;; more information:
+                 ;; https://github.com/golang/go/issues/20007
+                 ;; FIXME: remove this once we upgrade to 1.9
+                 (substitute* "cmd/vet/testdata/copylock_func.go"
+                   (("struct\\{lock sync.Mutex\\}") "struct\\{lock sync.Mutex\\}"))
+
                  (substitute* "net/lookup_unix.go"
                    (("/etc/protocols") (string-append net-base "/etc/protocols")))
                  (substitute* "net/port_unix.go"
@@ -366,4 +374,4 @@ sequential processes (CSP) concurrent programming features added.")
      `(("go" ,go-1.4)
        ,@(package-native-inputs go-1.4)))))
 
-(define-public go go-1.8)
+(define-public go go-1.9)
diff --git a/gnu/packages/graph.scm b/gnu/packages/graph.scm
new file mode 100644
index 0000000000..683bfeec66
--- /dev/null
+++ b/gnu/packages/graph.scm
@@ -0,0 +1,118 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages graph)
+  #:use-module (guix download)
+  #:use-module (guix packages)
+  #:use-module (guix build-system gnu)
+  #:use-module (guix build-system python)
+  #:use-module (guix build-system r)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages gcc)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages maths)
+  #:use-module (gnu packages multiprecision)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages statistics)
+  #:use-module (gnu packages xml))
+
+(define-public igraph
+  (package
+    (name "igraph")
+    (version "0.7.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://igraph.org/nightly/get/c/igraph-"
+                           version ".tar.gz"))
+       (sha256
+        (base32
+         "1pxh8sdlirgvbvsw8v65h6prn7hlm45bfsl1yfcgd6rn4w706y6r"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags
+       (list "--with-external-glpk"
+             "--with-external-blas"
+             "--with-external-lapack")))
+    (inputs
+     `(("gmp" ,gmp)
+       ("glpk" ,glpk)
+       ("libxml2" ,libxml2)
+       ("lapack" ,lapack)
+       ("openblas" ,openblas)
+       ("zlib" ,zlib)))
+    (home-page "http://igraph.org")
+    (synopsis "Network analysis and visualization")
+    (description
+     "This package provides a library for the analysis of networks and graphs.
+It can handle large graphs very well and provides functions for generating
+random and regular graphs, graph visualization, centrality methods and much
+more.")
+    (license license:gpl2+)))
+
+(define-public python-igraph
+  (package (inherit igraph)
+    (name "python-igraph")
+    (version "0.7.1.post6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "python-igraph" version))
+       (sha256
+        (base32
+         "0xp61zz710qlzhmzbfr65d5flvsi8zf2xy78s6rsszh719wl5sm5"))))
+    (build-system python-build-system)
+    (arguments '())
+    (inputs
+     `(("igraph" ,igraph)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "http://pypi.python.org/pypi/python-igraph")
+    (synopsis "Python bindings for the igraph network analysis library")))
+
+(define-public r-igraph
+  (package
+    (name "r-igraph")
+    (version "1.1.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "igraph" version))
+       (sha256
+        (base32
+         "1v26wyk52snh8z6m5p7yqwcd9dbqifhm57j112i9x53ppi0npcc9"))))
+    (build-system r-build-system)
+    (native-inputs
+     `(("gfortran" ,gfortran)))
+    (inputs
+     `(("gmp" ,gmp)
+       ("libxml2" ,libxml2)))
+    (propagated-inputs
+     `(("r-irlba" ,r-irlba)
+       ("r-magrittr" ,r-magrittr)
+       ("r-matrix" ,r-matrix)
+       ("r-pkgconfig" ,r-pkgconfig)))
+    (home-page "http://igraph.org")
+    (synopsis "Network analysis and visualization")
+    (description
+     "This package provides routines for simple graphs and network analysis.
+It can handle large graphs very well and provides functions for generating
+random and regular graphs, graph visualization, centrality methods and much
+more.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/graphics.scm b/gnu/packages/graphics.scm
index 6c813e8a37..f84cc27836 100644
--- a/gnu/packages/graphics.scm
+++ b/gnu/packages/graphics.scm
@@ -36,11 +36,13 @@
   #:use-module (gnu packages bash)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages boost)
+  #:use-module (gnu packages check)
   #:use-module (gnu packages documentation)
   #:use-module (gnu packages haskell)
   #:use-module (gnu packages image)
   #:use-module (gnu packages python)
   #:use-module (gnu packages flex)
+  #:use-module (gnu packages fonts)
   #:use-module (gnu packages fontutils)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages pulseaudio)  ;libsndfile, libsamplerate
@@ -60,6 +62,7 @@
   #:use-module (gnu packages qt)
   #:use-module (gnu packages readline)
   #:use-module (gnu packages sdl)
+  #:use-module (gnu packages swig)
   #:use-module (gnu packages video)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages xorg))
@@ -228,6 +231,74 @@ quaternions and other useful 2D and 3D math functions.  Iex is an
 exception-handling library.")
     (license license:bsd-3)))
 
+(define-public ogre
+  (package
+    (name "ogre")
+    (version "1.10.7")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/OGRECave/" name
+                           "/archive/v" version ".tar.gz"))
+       (sha256
+        (base32
+         "1ab354bmwwryxr4zgxchfkm6h4z38mjgif8yn89x640rsrgw5ipj"))
+       (file-name (string-append name "-" version ".tar.gz"))))
+    (build-system cmake-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'pre-configure
+           (lambda _
+             ;; It expects googletest source to be downloaded and
+             ;; be in a specific place.
+             (substitute* "Tests/CMakeLists.txt"
+               (("URL(.*)$" _ suffix)
+                (string-append "URL " suffix
+                               "\t\tURL_HASH "
+                               "MD5=16877098823401d1bf2ed7891d7dce36\n")))
+             #t))
+         (add-before 'build 'pre-build
+           (lambda* (#:key inputs #:allow-other-keys)
+             (copy-file (assoc-ref inputs "googletest-source")
+                        (string-append (getcwd)
+                                       "/Tests/googletest-prefix/src/"
+                                       "release-1.8.0.tar.gz"))
+             #t)))
+       #:configure-flags
+       (list "-DOGRE_BUILD_TESTS=TRUE"
+             (string-append "-DCMAKE_INSTALL_RPATH="
+                            (assoc-ref %outputs "out") "/lib:"
+                            (assoc-ref %outputs "out") "/lib/OGRE:"
+                            (assoc-ref %build-inputs "googletest") "/lib")
+             "-DOGRE_INSTALL_DOCS=TRUE"
+             "-DOGRE_INSTALL_SAMPLES=TRUE"
+             "-DOGRE_INSTALL_SAMPLES_SOURCE=TRUE")))
+    (native-inputs
+     `(("boost" ,boost)
+       ("doxygen" ,doxygen)
+       ("googletest-source" ,(package-source googletest))
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("font-dejavu" ,font-dejavu)
+       ("freeimage" ,freeimage)
+       ("freetype" ,freetype)
+       ("glu" ,glu)
+       ("googletest" ,googletest)
+       ("sdl2" ,sdl2)
+       ("libxaw" ,libxaw)
+       ("libxrandr" ,libxrandr)
+       ("tinyxml" ,tinyxml)
+       ("zziplib" ,zziplib)))
+    (synopsis "Scene-oriented, flexible 3D engine written in C++")
+    (description
+     "OGRE (Object-Oriented Graphics Rendering Engine) is a scene-oriented,
+flexible 3D engine written in C++ designed to make it easier and more intuitive
+for developers to produce applications utilising hardware-accelerated 3D
+graphics.")
+    (home-page "http://www.ogre3d.org/")
+    (license license:expat)))
+
 (define-public openexr
   (package
     (name "openexr")
@@ -339,7 +410,11 @@ visual effects work for film.")
        #:configure-flags
        (list (string-append "-DCMAKE_INSTALL_RPATH="
                             (assoc-ref %outputs "out") "/lib:"
-                            (assoc-ref %outputs "out") "/lib64"))))
+                            (assoc-ref %outputs "out") "/lib64")
+             ;; We need to set this flag or otherwise 'rd' will be added
+             ;; to the name of the library binaries and break linking
+             ;; with other programs.
+             "-DCMAKE_BUILD_TYPE=Release")))
     (native-inputs
      `(("unzip" ,unzip)))
     (inputs
diff --git a/gnu/packages/groff.scm b/gnu/packages/groff.scm
index 46e1ccf233..67dd1dbfa6 100644
--- a/gnu/packages/groff.scm
+++ b/gnu/packages/groff.scm
@@ -40,12 +40,18 @@
             (uri (string-append "mirror://gnu/groff/groff-" version
                                 ".tar.gz"))
             (sha256 (base32
-                     "1998v2kcs288d3y7kfxpvl369nqi06zbbvjzafyvyl3pr7bajj1s"))))
+                     "1998v2kcs288d3y7kfxpvl369nqi06zbbvjzafyvyl3pr7bajj1s"))
+            (patches (search-patches "groff-source-date-epoch.patch"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"))                    ;12MiB of PS, PDF, HTML, and examples
-   (inputs `(("ghostscript" ,ghostscript)
-             ("netpbm" ,netpbm)))
+
+   ;; Note: groff's HTML backend uses executables from netpbm when they are in
+   ;; $PATH.  In practice, not having them doesn't prevent it from install its
+   ;; own HTML doc, nor does it change its capabilities, so we removed netpbm
+   ;; from 'inputs'.
+
+   (inputs `(("ghostscript" ,ghostscript)))
    (native-inputs `(("bison" ,bison)
                     ("perl" ,perl)
                     ("psutils" ,psutils)
diff --git a/gnu/packages/gstreamer.scm b/gnu/packages/gstreamer.scm
index 6c0eda99c8..6e43dc9918 100644
--- a/gnu/packages/gstreamer.scm
+++ b/gnu/packages/gstreamer.scm
@@ -3,7 +3,7 @@
 ;;; Copyright © 2014 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2015, 2016 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -64,14 +64,14 @@
 (define-public orc
   (package
     (name "orc")
-    (version "0.4.26")
+    (version "0.4.27")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://gstreamer.freedesktop.org/data/src/"
                                   "orc/orc-" version ".tar.xz"))
               (sha256
                (base32
-                "0jd69ynvr3k70mlxxgbsk047l1rd63m1wkj3qdcq7644xy0gllkx"))))
+                "14vbwdydwarcvswzf744jdjb3ibhv6k4j6hzdacfan41zic3xrai"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -98,7 +98,7 @@ arrays of data.")
 (define-public gstreamer
   (package
     (name "gstreamer")
-    (version "1.12.1")
+    (version "1.12.2")
     (source
      (origin
       (method url-fetch)
@@ -107,7 +107,7 @@ arrays of data.")
             version ".tar.xz"))
       (sha256
        (base32
-        "1lm6lcr0rv0mzsdl9vjdnf3vb136qmcslvz3m5zlai7zngcbji4h"))))
+        "1fllz7n58lavyy4nh64xc7izd4ffhl12a2ff0yg4z67al8wkzplz"))))
     (build-system gnu-build-system)
     (outputs '("out" "doc"))
     (arguments
@@ -146,7 +146,7 @@ This package provides the core library and elements.")
 (define-public gst-plugins-base
   (package
     (name "gst-plugins-base")
-    (version "1.12.1")
+    (version "1.12.2")
     (source
      (origin
       (method url-fetch)
@@ -154,7 +154,7 @@ This package provides the core library and elements.")
                           name "-" version ".tar.xz"))
       (sha256
        (base32
-        "0r84krn8dpimp6kk9cf38danrbbsypx6j6ykr6rl1a3lnnnrzkhc"))))
+        "0x86a7aph0y6gyq178plvwvbbyhkfb3hf0gadx9sk5z1mzixqrsh"))))
     (build-system gnu-build-system)
     (outputs '("out" "doc"))
     (propagated-inputs
@@ -201,7 +201,7 @@ for the GStreamer multimedia library.")
 (define-public gst-plugins-good
   (package
     (name "gst-plugins-good")
-    (version "1.12.1")
+    (version "1.12.2")
     (source
      (origin
       (method url-fetch)
@@ -210,7 +210,7 @@ for the GStreamer multimedia library.")
             name "-" version ".tar.xz"))
       (sha256
        (base32
-        "0jzm5jp22238y3rb0j1dsxyp77dq0wk03gn9kvq25rphlx38w7hj"))))
+        "15pfw54fsh9s9xwrnbap4z4njwgqdfvq52k562d2hc5b11rfx4am"))))
     (build-system gnu-build-system)
     (inputs
      `(("aalib" ,aalib)
@@ -244,15 +244,9 @@ for the GStreamer multimedia library.")
           'unpack 'disable-failing-tests
           (lambda _
             ;; Disable tests that fail non-deterministically.
-            ;; XXX FIXME: Try removing this for version > 1.8.0.
-            (substitute* "tests/check/elements/rtprtx.c"
-              (("tcase_add_test \\(tc_chain, test_push_forward_seq\\);" all)
-               (string-append "/* " all " */"))
-              (("tcase_add_test \
-\\(tc_chain, test_rtxreceive_data_reconstruction\\);" all)
-               (string-append "/* " all " */")))
-            (substitute* "tests/check/elements/splitmux.c"
-              (("tcase_add_test \\(tc_chain, test_splitmuxsink\\);" all)
+            ;; This test fails on aarch64 on 1.12.x.
+            (substitute* "tests/check/elements/alpha.c"
+              (("tcase_add_test \\(tc_chain, test_chromakeying\\);" all)
                (string-append "/* " all " */")))
             #t)))))
     (home-page "https://gstreamer.freedesktop.org/")
@@ -266,14 +260,14 @@ developers consider to have good quality code and correct functionality.")
 (define-public gst-plugins-bad
   (package
     (name "gst-plugins-bad")
-    (version "1.12.1")
+    (version "1.12.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://gstreamer.freedesktop.org/src/"
                                   name "/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "15svf3d4n13r1c18mx9ya3ymibv0vbx9s593j0cm0kn4s54q1vvx"))))
+                "0dwyq03g2m0p16dwx8q5qvjn5x9ia72h21sf87mp97gmwkfpwb4w"))))
     (outputs '("out" "doc"))
     (build-system gnu-build-system)
     (arguments
@@ -281,7 +275,16 @@ developers consider to have good quality code and correct functionality.")
        #:configure-flags
        (list (string-append "--with-html-dir="
                             (assoc-ref %outputs "doc")
-                            "/share/gtk-doc/html"))))
+                            "/share/gtk-doc/html"))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-openjpeg-reference
+           (lambda _
+             ;; Remove hard-coded openjpeg-2.1 path. 2.2 is API- and
+             ;; ABI-compatible.
+             (substitute* "ext/openjpeg/gstopenjpeg.h"
+               (("<openjpeg-2\\.1/") "<openjpeg-2.2/"))
+             #t)))))
     (propagated-inputs
      `(("gst-plugins-base" ,gst-plugins-base)))
     (native-inputs
@@ -331,8 +334,7 @@ developers consider to have good quality code and correct functionality.")
        ;("qtx11extras" ,qtx11extras)
        ("soundtouch" ,soundtouch)
        ("x265" ,x265)
-       ;("wayland" ,wayland) ; needs gtk+ built with wayland support
-       ))
+       ("wayland" ,wayland)))
     (home-page "https://gstreamer.freedesktop.org/")
     (synopsis "Plugins for the GStreamer multimedia library")
     (description
@@ -343,7 +345,7 @@ par compared to the rest.")
 (define-public gst-plugins-ugly
   (package
     (name "gst-plugins-ugly")
-    (version "1.12.1")
+    (version "1.12.2")
     (source
      (origin
        (method url-fetch)
@@ -351,7 +353,7 @@ par compared to the rest.")
                            name "/" name "-" version ".tar.xz"))
        (sha256
         (base32
-         "0s8hiv4asqd6nwnksqv6cwpzan41zd0nd8nhlm7s64wp0lyi5hlg"))))
+         "0rplyp1qk359c97ig9i2vc1v34g92khd8dslwfipva1ypwmr9hqw"))))
     (build-system gnu-build-system)
     (inputs
      `(("gst-plugins-base" ,gst-plugins-base)
@@ -382,7 +384,7 @@ distribution problems in some jurisdictions, e.g. due to patent threats.")
 (define-public gst-libav
   (package
     (name "gst-libav")
-    (version "1.12.1")
+    (version "1.12.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -390,7 +392,7 @@ distribution problems in some jurisdictions, e.g. due to patent threats.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0xshib0hsn8yjmd12ipsrbrvxa5qnhnz7zmdj7lms6b3vwzq5msm"))))
+                "1crdahkjm23byg1awcrjkmgfbalfpvvac7h7whm6b2r1pfwkbdsv"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--with-system-libav")
@@ -420,7 +422,7 @@ compression formats through the use of the libav library.")
 (define-public python-gst
   (package
     (name "python-gst")
-    (version "1.12.1")
+    (version "1.12.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -428,7 +430,7 @@ compression formats through the use of the libav library.")
                     "gst-python-" version ".tar.xz"))
               (sha256
                (base32
-                "18bq03xdc0jgrza4114lrcj82yai4azkjzfxflqagc0y417vw88p"))))
+                "0iwy0v2k27wd3957ich6j5f0f04b0wb2mb175ypf2lx68snk5k7l"))))
     (build-system gnu-build-system)
     (arguments
      ;; XXX: Factorize python-sitedir with python-build-system.
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index b2aa6ecff5..e942f51719 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -1355,7 +1355,7 @@ can also be used to document application code.")
     (inputs
      ;; Don't propagate GTK+ to reduce "profile pollution".
      `(("gtk+" ,gtk+-2))) ; required by gtk-engines-2.pc
-    (home-page "http://live.gnome.org/GnomeArt")
+    (home-page "https://live.gnome.org/GnomeArt")
     (synopsis "Theming engines for GTK+ 2.x")
     (description
      "This package contains the standard GTK+ 2.x theming engines including
@@ -1385,7 +1385,7 @@ Redmond95 and ThinIce.")
        ("intltool" ,intltool)))
     (propagated-inputs
      `(("gtk+" ,gtk+-2)))
-    (home-page "http://live.gnome.org/GnomeArt")
+    (home-page "https://live.gnome.org/GnomeArt")
     (synopsis "Cairo-based theming engine for GTK+ 2.x")
     (description
      "Murrine is a cairo-based GTK+ theming engine.  It is named after the
diff --git a/gnu/packages/guile-wm.scm b/gnu/packages/guile-wm.scm
index a114fd441d..4a484b9de4 100644
--- a/gnu/packages/guile-wm.scm
+++ b/gnu/packages/guile-wm.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 Alex ter Weele <alex.ter.weele@gmail.com>
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -33,7 +34,8 @@
     (version "1.3")
     (source (origin
              (method url-fetch)
-             (uri (string-append "http://www.markwitmer.com/dist/guile-xcb-"
+             (uri (string-append "http://web.archive.org/web/20150803094848/"
+                                 "http://www.markwitmer.com/dist/guile-xcb-"
                                  version ".tar.gz"))
              (sha256
               (base32
@@ -68,7 +70,8 @@ dependencies.")
     (synopsis "X11 window manager toolkit in Scheme")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://www.markwitmer.com/dist/guile-wm-"
+              (uri (string-append "http://web.archive.org/web/20161005084324/"
+                                  "http://www.markwitmer.com/dist/guile-wm-"
                                   version ".tar.gz"))
               (sha256
                (base32
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index b654bbc96e..53304bd1a4 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -7,12 +7,13 @@
 ;;; Copyright © 2016 Erik Edrosa <erik.edrosa@gmail.com>
 ;;; Copyright © 2016 Eraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016, 2017 Alex Kost <alezost@gmail.com>
-;;; Copyright © 2016 Adonay "adfeno" Felipe Nogueira <https://libreplanet.org/wiki/User:Adfeno> <adfeno@openmailbox.org>
+;;; Copyright © 2016, 2017 Adonay "adfeno" Felipe Nogueira <https://libreplanet.org/wiki/User:Adfeno> <adfeno@openmailbox.org>
 ;;; Copyright © 2016 Amirouche <amirouche@hypermove.net>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;; Copyright © 2017 Andy Wingo <wingo@igalia.com>
 ;;; Copyright © 2017 David Thompson <davet@gnu.org>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
+;;; Copyright © 2017 Theodoros Foradis <theodoros.for@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -153,7 +154,11 @@ without requiring the source code to be rewritten.")
    (inputs `(("libffi" ,libffi)
              ("readline" ,readline)
              ,@(libiconv-if-needed)
-             ,@(if (target-mingw?) '() `(("bash" ,bash)))))
+
+             ;; We need Bash when cross-compiling because some of the scripts
+             ;; in bin/ refer to it.  Use 'bash-minimal' because we don't need
+             ;; an interactive Bash with Readline and all.
+             ,@(if (target-mingw?) '() `(("bash" ,bash-minimal)))))
    (propagated-inputs
     `( ;; These ones aren't normally needed here, but since `libguile-2.0.la'
        ;; reads `-lltdl -lunistring', adding them here will add the needed
@@ -212,24 +217,20 @@ without requiring the source code to be rewritten.")
    (home-page "https://www.gnu.org/software/guile/")
    (license license:lgpl3+)))
 
-(define-public guile-2.0/fixed
-  ;; A package of Guile 2.0 that's rarely changed.  It is the one used
-  ;; in the `base' module, and thus changing it entails a full rebuild.
-  (package
-    (inherit guile-2.0)
-    (properties '((hidden? . #t)))))        ;people should install 'guile-2.0'
-
 (define-public guile-2.2
   (package (inherit guile-2.0)
     (name "guile")
     (version "2.2.2")
     (source (origin
               (method url-fetch)
+
+              ;; Note: we are limited to one of the compression formats
+              ;; supported by the bootstrap binaries, so no lzip here.
               (uri (string-append "mirror://gnu/guile/guile-" version
-                                  ".tar.lz"))
+                                  ".tar.xz"))
               (sha256
                (base32
-                "1dnh75h4rkx1zflpsngznkwcd6afn6zrc5x3xq7n946pm5bnx5bq"))
+                "1azm25zcmxif0skxfrp11d2wc89nrzpjaann9yxdw6pvjxhs948w"))
               (modules '((guix build utils)))
 
               ;; Remove the pre-built object files.  Instead, build everything
@@ -249,6 +250,17 @@ without requiring the source code to be rewritten.")
             (files '("lib/guile/2.2/site-ccache"
                      "share/guile/site/2.2")))))))
 
+(define-public guile-2.2/fixed
+  ;; A package of Guile 2.2 that's rarely changed.  It is the one used
+  ;; in the `base' module, and thus changing it entails a full rebuild.
+  (package
+    (inherit guile-2.2)
+    (properties '((hidden? . #t)            ;people should install 'guile-2.2'
+                  (timeout . 72000)            ;20 hours
+                  (max-silent-time . 36000)))  ;10 hours (needed on ARM
+                                               ;  when heavily loaded)
+    (replacement #f)))
+
 (define-public guile-next
   (deprecated-package "guile-next" guile-2.2))
 
@@ -383,55 +395,81 @@ program can be installed in one go.")
 ;;;
 
 (define-public artanis
-  (package
-    (name "artanis")
-    (version "0.2.1")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "mirror://gnu/artanis/artanis-"
-                                  version ".tar.gz"))
-              (sha256
-               (base32
-                "041ajcg2pz918kd9iqcj4inpzddc3impvz3r2nhlpbv8zrz011hn"))))
-    (build-system gnu-build-system)
-    ;; TODO: Add guile-dbi and guile-dbd optional dependencies.
-    (inputs `(("guile" ,guile-2.2)))
-    (native-inputs `(("bash"       ,bash)         ;for the `source' builtin
-                     ("pkgconfig"  ,pkg-config)
-                     ("util-linux" ,util-linux))) ;for the `script' command
-    (arguments
-     '(#:make-flags
-       ;; TODO: The documentation must be built with the `docs' target.
-       (let* ((out (assoc-ref %outputs "out"))
-              (scm (string-append out "/share/guile/site/2.2"))
-              (go  (string-append out "/lib/guile/2.2/site-ccache")))
-         ;; Don't use (%site-dir) for site paths.
-         (list (string-append "MOD_PATH=" scm)
-               (string-append "MOD_COMPILED_PATH=" go)))
-       #:test-target "test"
-       #:phases
-       (modify-phases %standard-phases
-         (add-before 'install 'substitute-root-dir
-          (lambda* (#:key outputs #:allow-other-keys)
-            (let ((out  (assoc-ref outputs "out")))
-              (substitute* "Makefile"   ;ignore the execution of bash.bashrc
-                ((" /etc/bash.bashrc") " /dev/null"))
-              (substitute* "Makefile"   ;set the root of config files to OUT
-                ((" /etc") (string-append " " out "/etc")))
-              (mkdir-p (string-append out "/bin")) ;for the `art' executable
-              #t)))
-         (add-after 'install 'wrap-art
-           (lambda* (#:key outputs #:allow-other-keys)
-             (let* ((out (assoc-ref outputs "out"))
-                    (bin (string-append out "/bin"))
-                    (scm (string-append out "/share/guile/site/2.2"))
-                    (go  (string-append out "/lib/guile/2.2/site-ccache")))
-               (wrap-program (string-append bin "/art")
-                 `("GUILE_LOAD_PATH" ":" prefix (,scm))
-                 `("GUILE_LOAD_COMPILED_PATH" ":" prefix (,go)))
-               #t))))))
-    (synopsis "Web application framework written in Guile")
-    (description "GNU Artanis is a web application framework written in Guile
+  (let ((release "0.2.1")
+	(revision 3))
+    (package
+      (name "artanis")
+      (version (if (zero? revision)
+                   release
+                   (string-append release "-"
+                                  (number->string revision))))
+      (source (origin
+                (method url-fetch)
+                (uri (string-append "mirror://gnu/artanis/artanis-"
+                                    release ".tar.gz"))
+                (file-name (string-append name "-" version ".tar.gz"))
+                (sha256
+                 (base32
+                  "041ajcg2pz918kd9iqcj4inpzddc3impvz3r2nhlpbv8zrz011hn"))
+                (modules '((guix build utils)))
+                (snippet
+                 '(begin
+                    (delete-file-recursively "artanis/third-party/json.scm")
+                    (delete-file-recursively "artanis/third-party/json")
+                    (substitute* '("artanis/artanis.scm"
+                                   "artanis/oht.scm")
+                      (("(#:use-module \\()artanis third-party (json\\))" _
+                        use-module json)
+                       (string-append use-module json)))
+                    (substitute* "artanis/oht.scm"
+                      (("([[:punct:][:space:]]+)(->json-string)([[:punct:][:space:]]+)"
+                        _ pre json-string post)
+                       (string-append pre
+                                      "scm" json-string
+                                      post)))
+                    (substitute* "artanis/artanis.scm"
+                      (("[[:punct:][:space:]]+->json-string[[:punct:][:space:]]+")
+                       ""))))))
+      (build-system gnu-build-system)
+      ;; TODO: Add guile-dbi and guile-dbd optional dependencies.
+      (inputs `(("guile" ,guile-2.2)
+                ("guile-json" ,guile-json)))
+      (native-inputs `(("bash"       ,bash)         ;for the `source' builtin
+                       ("pkgconfig"  ,pkg-config)
+                       ("util-linux" ,util-linux))) ;for the `script' command
+      (arguments
+       '(#:make-flags
+         ;; TODO: The documentation must be built with the `docs' target.
+         (let* ((out (assoc-ref %outputs "out"))
+                (scm (string-append out "/share/guile/site/2.2"))
+                (go  (string-append out "/lib/guile/2.2/site-ccache")))
+           ;; Don't use (%site-dir) for site paths.
+           (list (string-append "MOD_PATH=" scm)
+                 (string-append "MOD_COMPILED_PATH=" go)))
+         #:test-target "test"
+         #:phases
+         (modify-phases %standard-phases
+           (add-before 'install 'substitute-root-dir
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let ((out  (assoc-ref outputs "out")))
+                 (substitute* "Makefile"   ;ignore the execution of bash.bashrc
+                   ((" /etc/bash.bashrc") " /dev/null"))
+                 (substitute* "Makefile"   ;set the root of config files to OUT
+                   ((" /etc") (string-append " " out "/etc")))
+                 (mkdir-p (string-append out "/bin")) ;for the `art' executable
+                 #t)))
+           (add-after 'install 'wrap-art
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out"))
+                      (bin (string-append out "/bin"))
+                      (scm (string-append out "/share/guile/site/2.2"))
+                      (go  (string-append out "/lib/guile/2.2/site-ccache")))
+                 (wrap-program (string-append bin "/art")
+                   `("GUILE_LOAD_PATH" ":" prefix (,scm))
+                   `("GUILE_LOAD_COMPILED_PATH" ":" prefix (,go)))
+                 #t))))))
+      (synopsis "Web application framework written in Guile")
+      (description "GNU Artanis is a web application framework written in Guile
 Scheme.  A web application framework (WAF) is a software framework that is
 designed to support the development of dynamic websites, web applications, web
 services and web resources.  The framework aims to alleviate the overhead
@@ -439,8 +477,8 @@ associated with common activities performed in web development.  Artanis
 provides several tools for web development: database access, templating
 frameworks, session management, URL-remapping for RESTful, page caching, and
 more.")
-    (home-page "https://www.gnu.org/software/artanis/")
-    (license (list license:gpl3+ license:lgpl3+)))) ;dual license
+      (home-page "https://www.gnu.org/software/artanis/")
+      (license (list license:gpl3+ license:lgpl3+))))) ;dual license
 
 (define-public guile-reader
   (package
@@ -519,6 +557,13 @@ many readers as needed).")
 library.")
     (license license:lgpl3+)))
 
+(define-public guile-ncurses/gpm
+  (package
+    (inherit guile-ncurses)
+    (name "guile-ncurses-with-gpm")
+    (inputs `(("ncurses" ,ncurses/gpm)
+              ("guile" ,guile-2.2)))))
+
 (define-public mcron
   (package
     (name "mcron")
@@ -1339,20 +1384,21 @@ capabilities.")
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (propagated-inputs
-     `(("guile" ,guile-2.0)
+     `(("guile" ,guile-2.2)
        ("guile-lib" ,guile-lib)))
     (inputs
      `(("libffi" ,libffi)))
     (arguments
-      `(#:phases
-        (modify-phases %standard-phases
-          (add-before 'configure 'pre-configure
-            (lambda* (#:key outputs #:allow-other-keys)
-              (let ((out (assoc-ref outputs "out")))
-                (substitute* (find-files "." "^Makefile.in$")
-                  (("guilemoduledir =.*guile/site" all)
-                   (string-append all "/2.0")))
-                #t))))))
+     `(#:configure-flags '("--disable-Werror")
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'pre-configure
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (substitute* (find-files "." "^Makefile.in$")
+                 (("guilemoduledir =.*guile/site" all)
+                  (string-append all "/@GUILE_EFFECTIVE_VERSION@")))
+               #t))))))
     (synopsis "Generate C bindings for Guile")
     (description "G-Wrap is a tool and Guile library for generating function
 wrappers for inter-language calls.  It currently only supports generating Guile
@@ -1534,16 +1580,28 @@ is no support for parsing block and inline level HTML.")
               (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
-                "04lgh0nk6ddnwgh20hnz4pyhczaik0xbd50kikjsxcwcl46shavb"))))
+                "04lgh0nk6ddnwgh20hnz4pyhczaik0xbd50kikjsxcwcl46shavb"))
+              (patches (search-patches "guile-bytestructures-name-clash.patch"))))
     (build-system trivial-build-system)
     (arguments
      `(#:modules ((guix build utils))
        #:builder
        (begin
          (use-modules (guix build utils)
+                      (ice-9 ftw)
                       (ice-9 match)
                       (ice-9 popen)
                       (ice-9 rdelim))
+         ;; Unpack.
+         (setenv "PATH"
+                 (string-join (list (assoc-ref %build-inputs "tar")
+                                    (assoc-ref %build-inputs "xz"))
+                              "/bin:" 'suffix))
+         (system* "tar" "xf" (assoc-ref %build-inputs "source"))
+         (match (scandir ".")
+           (("." ".." directory)
+            (chdir directory)))
+
          (let* ((out (assoc-ref %outputs "out"))
                 (guile (assoc-ref %build-inputs "guile"))
                 (effective (read-line
@@ -1552,7 +1610,9 @@ is no support for parsing block and inline level HTML.")
                                         "-c" "(display (effective-version))")))
                 (module-dir (string-append out "/share/guile/site/"
                                            effective))
-                (source (assoc-ref %build-inputs "source"))
+                (object-dir (string-append out "/lib/guile/" effective
+                                           "/site-ccache"))
+                (source (getcwd))
                 (doc (string-append out "/share/doc/scheme-bytestructures"))
                 (sld-files (with-directory-excursion source
                              (find-files "bytestructures/r7" "\\.exports.sld$")))
@@ -1571,7 +1631,7 @@ is no support for parsing block and inline level HTML.")
            (for-each (lambda (file)
                        (let* ((dest-file (string-append module-dir "/"
                                                         file))
-                              (go-file (string-append module-dir "/"
+                              (go-file (string-append object-dir "/"
                                                       (substring file 0
                                                                  (string-rindex file #\.))
                                                       ".go")))
@@ -1592,6 +1652,9 @@ is no support for parsing block and inline level HTML.")
            ;; Also copy over the README.
            (install-file "README.md" doc)
            #t))))
+    (native-inputs
+     `(("tar" ,tar)
+       ("xz" ,xz)))
     (inputs
      `(("guile" ,guile-2.2)))
     (home-page "https://github.com/TaylanUB/scheme-bytestructures")
@@ -1604,6 +1667,9 @@ an abstraction over raw memory.  It's also more powerful than the C
 type system, elevating types to first-class status.")
     (license license:gpl3+)))
 
+(define-public guile2.0-bytestructures
+  (package-for-guile-2.0 guile-bytestructures))
+
 (define-public guile-aspell
   (package
     (name "guile-aspell")
@@ -1687,7 +1753,11 @@ dictionary and suggesting spelling corrections.")
                        ("automake" ,automake)
                        ("libtool" ,libtool)
                        ;; Gettext brings 'AC_LIB_LINKFLAGS_FROM_LIBS'.
-                       ("gettext" ,gettext-minimal)))
+                       ("gettext" ,gettext-minimal)
+
+                       ;; Bash with loadable module support, for the test
+                       ;; suite.
+                       ("bash-full" ,bash)))
       (inputs `(("guile" ,guile-2.0)
                 ("bash:include" ,bash "include")))
       (synopsis "Extend Bash using Guile")
@@ -1780,8 +1850,8 @@ is not available for Guile 2.0.")
     (license license:lgpl3+)))
 
 (define-public guile-git
-  (let ((revision "2")
-        (commit "06f9fc3d9ac95798d4a51e6310f7b594ce5597e0"))
+  (let ((revision "3")
+        (commit "e156a1054cc1d9e58d9be82e36e8acf5c9f9ee8d"))
     (package
       (name "guile-git")
       (version (string-append "0.0-" revision "." (string-take commit 7)))
@@ -1791,17 +1861,30 @@ is not available for Guile 2.0.")
                 (uri (git-reference (url home-page) (commit commit)))
                 (sha256
                  (base32
-                  "0rcq0f8dhl89ia7336bq8y279q5ada0b1kabcqw9zl3125k3cp4v"))
+                  "1vhr2bqkljy1zzdy02dky2nk1w9bd46afj5wd4gp4kr333pz4ch6"))
                 (file-name (git-file-name name version))))
       (build-system gnu-build-system)
       (arguments
-       '(#:phases (modify-phases %standard-phases
+       `(#:phases (modify-phases %standard-phases
                     (add-after 'unpack 'bootstrap
                       (lambda _
-                        (zero? (system* "autoreconf" "-vfi")))))))
+                        (zero? (system* "autoreconf" "-vfi"))))
+
+                    ;; FIXME: On i686, bytestructures miscalculates the offset
+                    ;; of the 'old-file' and 'new-file' fields within the
+                    ;; '%diff-delta' structure.
+                    ,@(if (string=? (%current-system) "x86_64-linux")
+                          '()
+                          '((add-before 'check 'skip-tests
+                              (lambda _
+                                (substitute* "Makefile"
+                                  (("tests/status\\.scm")
+                                   ""))
+                                #t)))))))
       (native-inputs
        `(("autoconf" ,autoconf)
          ("automake" ,automake)
+         ("texinfo" ,texinfo)
          ("pkg-config" ,pkg-config)))
       (inputs
        `(("guile" ,guile-2.2)
@@ -1814,6 +1897,9 @@ is not available for Guile 2.0.")
 manipulate repositories of the Git version control system.")
       (license license:gpl3+))))
 
+(define-public guile2.0-git
+  (package-for-guile-2.0 guile-git))
+
 (define-public guile-syntax-highlight
   (let ((commit "a047675e66861b647426372aa2ba7820f749616d")
         (revision "0"))
diff --git a/gnu/packages/ham-radio.scm b/gnu/packages/ham-radio.scm
new file mode 100644
index 0000000000..0f96553c65
--- /dev/null
+++ b/gnu/packages/ham-radio.scm
@@ -0,0 +1,52 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages ham-radio)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (gnu packages libusb)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (guix build-system cmake))
+
+(define-public rtl-sdr
+  (package
+    (name "rtl-sdr")
+    (version "0.5.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://cgit.osmocom.org/rtl-sdr/snapshot/rtl-sdr-"
+                           version ".tar.xz"))
+       (sha256
+        (base32
+         "08awca3v28sa4lxym4r81pzf0la0j86wbmpyhv3xd53an9gkpjy9"))))
+    (build-system cmake-build-system)
+    (inputs
+     `(("libusb" ,libusb)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (arguments
+     `(#:configure-flags '("-DDETACH_KERNEL_DRIVER=ON")
+       #:tests? #f)) ; No tests
+    (home-page "https://osmocom.org/projects/sdr/wiki/rtl-sdr")
+    (synopsis "Software defined radio driver for Realtek RTL2832U")
+    (description "DVB-T dongles based on the Realtek RTL2832U can be used as a
+cheap software defined radio, since the chip allows transferring the raw I/Q
+samples to the host.  @code{rtl-sdr} provides drivers for this purpose.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/haskell.scm b/gnu/packages/haskell.scm
index a672092342..4f9e90e552 100644
--- a/gnu/packages/haskell.scm
+++ b/gnu/packages/haskell.scm
@@ -10,6 +10,7 @@
 ;;; Copyright © 2016, 2017 David Craven <david@craven.ch>
 ;;; Copyright © 2017 Danny Milosavljevic <dannym@scratchpost.org>
 ;;; Copyright © 2017 Peter Mikkelsen <petermikkelsen10@gmail.com>
+;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1324,7 +1325,7 @@ various Haskell streaming data libraries, such as @code{conduit} and
 (define-public cpphs
   (package
     (name "cpphs")
-    (version "1.19.3")
+    (version "1.20.8")
     (source
      (origin
        (method url-fetch)
@@ -1333,7 +1334,7 @@ various Haskell streaming data libraries, such as @code{conduit} and
              name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1njpmxgpah5pcqppcl1cxb5xicf6xlqrd162qm12khp9hainlm72"))))
+         "1bh524asqhk9v1s0wvipl0hgn7l63iy3js867yv0z3h5v2kn8vg5"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-polyparse" ,ghc-polyparse)
@@ -1807,6 +1808,26 @@ capabilities that are optimized for performance critical use, both
 in terms of large data quantities and high speed.")
     (license license:bsd-3)))
 
+(define-public ghc-strict
+  (package
+    (name "ghc-strict")
+    (version "0.3.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/strict/strict-"
+                           version ".tar.gz"))
+       (sha256
+        (base32 "08cjajqz9h47fkq98mlf3rc8n5ghbmnmgn8pfsl3bdldjdkmmlrc"))))
+    (build-system haskell-build-system)
+    (home-page "https://hackage.haskell.org/package/strict")
+    (synopsis "Strict data types and String IO")
+    (description
+     "This package provides strict versions of some standard Haskell data
+types, such as pairs, @code{Maybe} and @code{Either}.  It also contains strict
+IO operations.")
+    (license license:bsd-3)))
+
 (define-public ghc-hashable
   (package
     (name "ghc-hashable")
@@ -1837,6 +1858,51 @@ data structures.  The package provides instances for basic types and a way to
 combine hash values.")
     (license license:bsd-3)))
 
+(define-public ghc-data-hash
+  (package
+    (name "ghc-data-hash")
+    (version "0.2.0.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/data-hash"
+                           "/data-hash-" version ".tar.gz"))
+       (sha256
+        (base32 "1ghbqvc48gf9p8wiy71hdpaj7by3b9cw6wgwi3qqz8iw054xs5wi"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-quickcheck" ,ghc-quickcheck)
+       ("ghc-test-framework" ,ghc-test-framework)
+       ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2)))
+    (home-page "https://hackage.haskell.org/package/data-hash")
+    (synopsis "Combinators for building fast hashing functions")
+    (description
+     "This package provides combinators for building fast hashing functions.
+It includes hashing functions for all basic Haskell98 types.")
+    (license license:bsd-3)))
+
+(define-public ghc-murmur-hash
+  (package
+    (name "ghc-murmur-hash")
+    (version "0.1.0.9")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/murmur-hash"
+                           "/murmur-hash-" version ".tar.gz"))
+       (sha256
+        (base32 "1bb58kfnzvx3mpc0rc0dhqc1fk36nm8prd6gvf20gk6lxaadpfc9"))))
+    (build-system haskell-build-system)
+    (home-page "https://github.com/nominolo/murmur-hash")
+    (synopsis "MurmurHash2 implementation for Haskell")
+    (description
+     "This package provides an implementation of MurmurHash2, a good, fast,
+general-purpose, non-cryptographic hashing function.  See
+@url{https://sites.google.com/site/murmurhash/} for details.  This
+implementation is pure Haskell, so it might be a bit slower than a C FFI
+binding.")
+    (license license:bsd-3)))
+
 (define-public ghc-hunit
   (package
     (name "ghc-hunit")
@@ -3806,6 +3872,55 @@ different keys; hence the name.  Also provided is a @code{locker} type,
 representing a store for a single element.")
     (license license:bsd-3)))
 
+(define-public ghc-edisonapi
+  (package
+    (name "ghc-edisonapi")
+    (version "1.3.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/EdisonAPI"
+                           "/EdisonAPI-" version ".tar.gz"))
+       (sha256
+        (base32 "0vmmlsj8ggbpwx6fkf5fvb6jp0zpx6iba6b28m80lllr2p8bi8wm"))))
+    (build-system haskell-build-system)
+    (inputs `(("ghc-mtl" ,ghc-mtl)))
+    (home-page "http://rwd.rdockins.name/edison/home/")
+    (synopsis "Library of efficient, purely-functional data structures (API)")
+    (description
+     "Edison is a library of purely functional data structures written by
+Chris Okasaki.  It is named after Thomas Alva Edison and for the mnemonic
+value EDiSon (Efficient Data Structures).  Edison provides several families of
+abstractions, each with multiple implementations.  The main abstractions
+provided by Edison are: Sequences such as stacks, queues, and dequeues;
+Collections such as sets, bags and heaps; and Associative Collections such as
+finite maps and priority queues where the priority and element are distinct.")
+    (license license:expat)))
+
+(define-public ghc-edisoncore
+  (package
+    (name "ghc-edisoncore")
+    (version "1.3.1.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/EdisonCore"
+                           "/EdisonCore-" version ".tar.gz"))
+       (sha256
+        (base32 "06shxmcqxcahcn6zgl64vlqix4fnq53d97drcgsh94qp7gp201ry"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-mtl" ,ghc-mtl)
+       ("ghc-quickcheck" ,ghc-quickcheck)
+       ("ghc-edisonapi" ,ghc-edisonapi)))
+    (home-page "http://rwd.rdockins.name/edison/home/")
+    (synopsis "Library of efficent, purely-functional data structures")
+    (description
+     "This package provides the core Edison data structure implementations,
+including multiple sequence, set, bag, and finite map concrete implementations
+with various performance characteristics.")
+    (license license:expat)))
+
 (define-public ghc-mmorph
   (package
     (name "ghc-mmorph")
@@ -3855,6 +3970,50 @@ a subset of @code{MonadBase} into which generic control operations such as
 @code{catch} can be lifted from @code{IO} or any other base monad.")
     (license license:bsd-3)))
 
+(define-public ghc-fail
+  (package
+    (name "ghc-fail")
+    (version "4.9.0.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/fail/fail-"
+                           version ".tar.gz"))
+       (sha256
+        (base32 "18nlj6xvnggy61gwbyrpmvbdkq928wv0wx2zcsljb52kbhddnp3d"))))
+    (build-system haskell-build-system)
+    (home-page "https://prime.haskell.org/wiki/Libraries/Proposals/MonadFail")
+    (synopsis "Forward-compatible MonadFail class")
+    (description
+     "This package contains the @code{Control.Monad.Fail} module providing the
+@uref{https://prime.haskell.org/wiki/Libraries/Proposals/MonadFail, MonadFail}
+class that became available in
+@uref{https://hackage.haskell.org/package/base-4.9.0.0, base-4.9.0.0} for
+older @code{base} package versions.  This package turns into an empty package
+when used with GHC versions which already provide the
+@code{Control.Monad.Fail} module.")
+    (license license:bsd-3)))
+
+(define-public ghc-monadplus
+  (package
+    (name "ghc-monadplus")
+    (version "1.4.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/monadplus"
+                           "/monadplus-" version ".tar.gz"))
+       (sha256
+        (base32 "15b5320wdpmdp5slpphnc1x4rhjch3igw245dp2jxbqyvchdavin"))))
+    (build-system haskell-build-system)
+    (home-page "https://hackage.haskell.org/package/monadplus")
+    (synopsis "Filtering and folding over arbitrary MonadPlus instances")
+    (description
+     "This package generalizes many common stream operations such as
+@code{filter}, @code{catMaybes} etc, enabling filtering and folding over
+arbitrary @code{MonadPlus} instances.")
+    (license license:bsd-3)))
+
 (define-public ghc-byteorder
   (package
     (name "ghc-byteorder")
@@ -4694,6 +4853,35 @@ definition of @code{Monad}.")
 for Haskell.")
     (license license:bsd-3)))
 
+(define-public ghc-equivalence
+  (package
+    (name "ghc-equivalence")
+    (version "0.3.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/equivalence"
+                           "/equivalence-" version ".tar.gz"))
+       (sha256
+        (base32 "0a85bdyyvjqs5z4kfhhf758210k9gi9dv42ik66a3jl0z7aix8kx"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-mtl" ,ghc-mtl)
+       ("ghc-stmonadtrans" ,ghc-stmonadtrans)
+       ("ghc-transformers-compat" ,ghc-transformers-compat)
+       ("ghc-quickcheck" ,ghc-quickcheck)
+       ("ghc-test-framework" ,ghc-test-framework)
+       ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2)))
+    (home-page "https://github.com/pa-ba/equivalence")
+    (synopsis "Maintaining an equivalence relation implemented as union-find")
+    (description
+     "This is an implementation of Tarjan's Union-Find algorithm (Robert E.@:
+Tarjan.  \"Efficiency of a Good But Not Linear Set Union Algorithm\",JACM
+22(2), 1975) in order to maintain an equivalence relation.  This
+implementation is a port of the @code{union-find} package using the @code{ST}
+monad transformer (instead of the IO monad).")
+    (license license:bsd-3)))
+
 (define-public ghc-fast-logger
   (package
     (name "ghc-fast-logger")
@@ -5081,6 +5269,28 @@ prettified JSON to stdout.  It also offers a complementary \"compact\"-mode,
 essentially the opposite of pretty-printing.")
     (license license:bsd-3)))
 
+(define-public ghc-boxes
+  (package
+    (name "ghc-boxes")
+    (version "0.1.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/boxes/boxes-"
+                           version ".tar.gz"))
+       (sha256
+        (base32 "1n7xiplzd3s1a39nizwjcgsh3wi2348mp21c3fk19v98ialfjgjf"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-split" ,ghc-split)
+       ("ghc-quickcheck" ,ghc-quickcheck)))
+    (home-page "https://hackage.haskell.org/package/boxes")
+    (synopsis "2D text pretty-printing library")
+    (description
+     "Boxes is a pretty-printing library for laying out text in two dimensions,
+using a simple box model.")
+    (license license:bsd-3)))
+
 (define-public ghc-wai
   (package
     (name "ghc-wai")
@@ -5565,6 +5775,50 @@ and @code{Eq} instances.  These instances used to live in the haskell-src-meta
 package, and that's where the version number started.")
     (license license:bsd-3)))
 
+(define-public ghc-geniplate-mirror
+  (package
+    (name "ghc-geniplate-mirror")
+    (version "0.7.5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package"
+                           "/geniplate-mirror"
+                           "/geniplate-mirror-" version ".tar.gz"))
+       (sha256
+        (base32 "17vjps2118s5z3k39ij00lkmkxv3mqf8h59wv6qdamlgmhyr36si"))))
+    (build-system haskell-build-system)
+    (inputs `(("ghc-mtl" ,ghc-mtl)))
+    (home-page "https://github.com/danr/geniplate")
+    (synopsis "Use Template Haskell to generate Uniplate-like functions")
+    (description
+     "Use Template Haskell to generate Uniplate-like functions.  This is a
+maintained mirror of the @uref{https://hackage.haskell.org/package/geniplate,
+geniplate} package, written by Lennart Augustsson.")
+    (license license:bsd-3)))
+
+(define-public ghc-gitrev
+  (package
+    (name "ghc-gitrev")
+    (version "1.3.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/gitrev/gitrev-"
+                           version ".tar.gz"))
+       (sha256
+        (base32 "0cl3lfm6k1h8fxp2vxa6ihfp4v8igkz9h35iwyq2frzm4kdn96d8"))))
+    (build-system haskell-build-system)
+    (inputs `(("ghc-base-compat" ,ghc-base-compat)))
+    (home-page "https://github.com/acfoltzer/gitrev")
+    (synopsis "Compile git revision info into Haskell projects")
+    (description
+     "This package provides some handy Template Haskell splices for including
+the current git hash and branch in the code of your project.  This is useful
+for including in panic messages, @command{--version} output, or diagnostic
+info for more informative bug reports.")
+    (license license:bsd-3)))
+
 (define-public ghc-haskell-src-meta
   (package
     (name "ghc-haskell-src-meta")
@@ -6078,6 +6332,31 @@ supports for high level forms of ASN1 (BER, and DER).")
 when ASN1 pattern matching is not convenient.")
     (license license:bsd-3)))
 
+(define-public ghc-edit-distance
+  (package
+    (name "ghc-edit-distance")
+    (version "0.2.2.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/edit-distance"
+                           "/edit-distance-" version ".tar.gz"))
+       (sha256
+        (base32 "0jkca97zyv23yyilp3jydcrzxqhyk27swhzh82llvban5zp8b21y"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-random" ,ghc-random)
+       ("ghc-test-framework" ,ghc-test-framework)
+       ("ghc-quickcheck" ,ghc-quickcheck)
+       ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2)))
+    (home-page "https://github.com/phadej/edit-distance")
+    (synopsis "Levenshtein and restricted Damerau-Levenshtein edit distances")
+    (description
+     "This package provides optimized functions to determine the edit
+distances for fuzzy matching, including Levenshtein and restricted
+Damerau-Levenshtein algorithms.")
+    (license license:bsd-3)))
+
 (define-public ghc-tasty-kat
   (package
     (name "ghc-tasty-kat")
@@ -7056,6 +7335,27 @@ other transformers.")
                (base32
                 "0a364zfcm17mhpy0c4ms2j88sys4yvgd6071qsgk93la2wjm8mkr"))))))
 
+(define-public ghc-stmonadtrans
+  (package
+    (name "ghc-stmonadtrans")
+    (version "0.4.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/STMonadTrans"
+                           "/STMonadTrans-" version ".tar.gz"))
+       (sha256
+        (base32 "1nr26fnmi5fdjc6d00w13kjhmfyvb5b837d0006w4dj0yxndaksp"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-mtl" ,ghc-mtl)))
+    (home-page "https://hackage.haskell.org/package/STMonadTrans")
+    (synopsis "Monad transformer version of the ST monad")
+    (description
+     "This package provides a monad transformer version of the @code{ST} monad
+for strict state threads.")
+    (license license:bsd-3)))
+
 (define-public ghc-findbin
   (package
     (name "ghc-findbin")
diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm
index 224319f84f..3461285850 100644
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@@ -33,7 +33,6 @@
   (package
    (name "icu4c")
    (version "58.2")
-   (replacement icu4c/fixed)
    (source (origin
             (method url-fetch)
             (uri (string-append
@@ -42,6 +41,9 @@
                   "/icu4c-"
                   (string-map (lambda (x) (if (char=? x #\.) #\_ x)) version)
                   "-src.tgz"))
+            (patches
+             (search-patches "icu4c-CVE-2017-7867-CVE-2017-7868.patch"
+                             "icu4c-reset-keyword-list-iterator.patch"))
             (sha256
              (base32 "036shcb3f8bm1lynhlsb4kpjm9s9c2vdiir01vg216rs2l8482ib"))))
    (build-system gnu-build-system)
@@ -68,15 +70,6 @@ C/C++ part.")
    (license x11)
    (home-page "http://site.icu-project.org/")))
 
-(define icu4c/fixed
-  (package
-    (inherit icu4c)
-    (source (origin
-              (inherit (package-source icu4c))
-              (patches
-               (search-patches "icu4c-CVE-2017-7867-CVE-2017-7868.patch"
-                               "icu4c-reset-keyword-list-iterator.patch"))))))
-
 (define-public java-icu4j
   (package
     (name "java-icu4j")
diff --git a/gnu/packages/image-viewers.scm b/gnu/packages/image-viewers.scm
index 6d85fce40b..f82d4baf24 100644
--- a/gnu/packages/image-viewers.scm
+++ b/gnu/packages/image-viewers.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2013, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
 ;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
@@ -54,7 +54,7 @@
 (define-public feh
   (package
     (name "feh")
-    (version "2.19")
+    (version "2.19.3")
     (home-page "https://feh.finalrewind.org/")
     (source (origin
               (method url-fetch)
@@ -62,11 +62,11 @@
                                   name "-" version ".tar.bz2"))
               (sha256
                (base32
-                "1sfhr6628xpj9p6bqihdq35y139x2gmrpydjlrwsl1rs77c2bgnf"))))
+                "1l3yvv0l0ggwlfyhk84p2g9mrqvzqrg1fgalf88kzppvb9jppjay"))))
     (build-system gnu-build-system)
     (arguments
       '(#:phases (alist-delete 'configure %standard-phases)
-        #:tests? #f
+        #:tests? #f ;FIXME: Requires 'perl-test-command'.
         #:make-flags
           (list "CC=gcc" (string-append "PREFIX=" (assoc-ref %outputs "out")))))
     (inputs `(("imlib2" ,imlib2)
@@ -214,7 +214,13 @@ it and customize it for your needs.")
        (modify-phases %standard-phases
          (add-after 'unpack 'autogen
            (lambda _
-             (zero? (system* "sh" "autogen.sh")))))))
+             (zero? (system* "sh" "autogen.sh"))))
+         (add-before 'install 'skip-gtk-update-icon-cache
+           (lambda _
+             ;; Don't create 'icon-theme.cache'
+             (substitute* (find-files "data" "^Makefile$")
+               (("gtk-update-icon-cache") (which "true")))
+             #t)))))
     (native-inputs
      `(("automake" ,automake)
        ("autoconf" ,autoconf)
@@ -250,7 +256,7 @@ your images.  Among its features are:
 (define-public catimg
   (package
     (name "catimg")
-    (version "2.3.2")
+    (version "2.4.0")
     (source
      (origin
        (method url-fetch)
@@ -259,7 +265,7 @@ your images.  Among its features are:
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "0n78sl8mxyky9zcih2znzcnb9dbfmvmrdwzj73jcxfh531cgcpi9"))))
+         "1rwgbq2imd5l4nql5hrz7rr5f4gz8aad1amlf0j3cxir8slpbd1y"))))
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f                      ; no tests
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 139be62819..94c683aa9e 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -14,8 +14,9 @@
 ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2016 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2016, 2017 Kei Kebreau <kei@openmailbox.org>
-;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
+;;; Copyright © 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2017 Hartmut Goebel <h.goebel@crazy-compilers.com>
+;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -48,6 +49,8 @@
   #:use-module (gnu packages gl)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages graphics)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages lua)
   #:use-module (gnu packages maths)
   #:use-module (gnu packages mcrypt)
   #:use-module (gnu packages perl)
@@ -61,12 +64,14 @@
   #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system cmake)
+  #:use-module (guix build-system python)
+  #:use-module (guix build-system r)
   #:use-module (srfi srfi-1))
 
 (define-public libpng
   (package
    (name "libpng")
-   (version "1.6.28")
+   (version "1.6.29")
    (source (origin
             (method url-fetch)
             (uri (list (string-append "mirror://sourceforge/libpng/libpng16/"
@@ -78,7 +83,8 @@
                         "ftp://ftp.simplesystems.org/pub/libpng/png/src/history"
                         "/libpng16/libpng-" version ".tar.xz")))
             (sha256
-             (base32 "0ylgyx93hnk38haqrh8prd3ax5ngzwvjqw5cxw7p9nxmwsfyrlyq"))))
+             (base32
+              "0fgjqp7x6jynacmqh6dj72cn6nnf6yxjfqqqfsxrx0pyx22bcia2"))))
    (build-system gnu-build-system)
 
    ;; libpng.la says "-lz", so propagate it.
@@ -91,13 +97,32 @@ library.  It supports almost all PNG features and is extensible.")
    (license license:zlib)
    (home-page "http://www.libpng.org/pub/png/libpng.html")))
 
+;; libpng-apng should be updated when the APNG patch is released:
+;; <https://bugs.gnu.org/27556>
 (define-public libpng-apng
   (package
-    (inherit libpng)
     (name "libpng-apng")
-    (version (package-version libpng))
+    (version "1.6.28")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (list (string-append "mirror://sourceforge/libpng/libpng16/"
+                                 version "/libpng-" version ".tar.xz")
+                  (string-append
+                   "ftp://ftp.simplesystems.org/pub/libpng/png/src"
+                   "/libpng16/libpng-" version ".tar.xz")
+                  (string-append
+                   "ftp://ftp.simplesystems.org/pub/libpng/png/src/history"
+                   "/libpng16/libpng-" version ".tar.xz")))
+       (sha256
+        (base32
+         "0ylgyx93hnk38haqrh8prd3ax5ngzwvjqw5cxw7p9nxmwsfyrlyq"))))
+    (build-system gnu-build-system)
     (arguments
-     `(#:phases
+     `(#:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (srfi srfi-1))
+       #:phases
        (modify-phases %standard-phases
          (add-after 'unpack 'patch-apng
            (lambda* (#:key inputs #:allow-other-keys)
@@ -107,11 +132,10 @@ library.  It supports almost all PNG features and is extensible.")
              (let ((apng.gz (assoc-ref inputs "apng")))
                (format #t "Applying APNG patch '~a'...~%"
                        apng.gz)
-               (system (string-append "gunzip < " apng.gz " > the-patch"))
-               (and (apply-patch "the-patch")
-                    (for-each apply-patch
-                              (find-files "\\.patch"))))
-           #t))
+               (and
+                 (zero?
+                   (system (string-append "gunzip < " apng.gz " > the-patch")))
+                 (apply-patch "the-patch")))))
          (add-before 'configure 'no-checks
            (lambda _
              (substitute* "Makefile.in"
@@ -126,15 +150,19 @@ library.  It supports almost all PNG features and is extensible.")
                                   version "/libpng-" version "-apng.patch.gz"))
                   (sha256
                    (base32
-                    "026r0gbkf6d6v54wca02cdxln8sj4m2c1yk62sj2aasv2ki2ffh5"))))))
+                    "0m5nv70n9903x3xzxw9qqc6sgf2rp106ha0x6gix0xf8wcrljaab"))))))
     (native-inputs
      `(("libtool" ,libtool)))
+    ;; libpng.la says "-lz", so propagate it.
+    (propagated-inputs
+     `(("zlib" ,zlib)))
     (synopsis "APNG patch for libpng")
     (description
      "APNG (Animated Portable Network Graphics) is an unofficial
 extension of the APNG (Portable Network Graphics) format.
 APNG patch provides APNG support to libpng.")
-    (home-page "https://sourceforge.net/projects/libpng-apng/")))
+    (home-page "https://sourceforge.net/projects/libpng-apng/")
+    (license license:zlib)))
 
 (define-public libpng-1.2
   (package
@@ -154,6 +182,29 @@ APNG patch provides APNG support to libpng.")
        (sha256
         (base32 "1n2lrzjkm5jhfg2bs10q398lkwbbx742fi27zgdgx0x23zhj0ihg"))))))
 
+(define-public r-png
+  (package
+    (name "r-png")
+    (version "0.1-7")
+    (source (origin
+              (method url-fetch)
+              (uri (cran-uri "png" version))
+              (sha256
+               (base32
+                "0g2mcp55lvvpx4kd3mn225mpbxqcq73wy5qx8b4lyf04iybgysg2"))))
+    (build-system r-build-system)
+    (inputs
+     `(("libpng" ,libpng)
+       ("zlib" ,zlib)))
+    (home-page "http://www.rforge.net/png/")
+    (synopsis "Read and write PNG images")
+    (description
+     "This package provides an easy and simple way to read, write and display
+bitmap images stored in the PNG format.  It can read and write both files and
+in-memory raw vectors.")
+    ;; Any of these GPL versions.
+    (license (list license:gpl2 license:gpl3))))
+
 (define-public pngcrunch
   (package
    (name "pngcrunch")
@@ -333,31 +384,21 @@ extracting icontainer icon files.")
 (define-public libtiff
   (package
    (name "libtiff")
-   (replacement libtiff-4.0.8)
-   (version "4.0.7")
-   (source (origin
-            (method url-fetch)
-            (uri (string-append "ftp://download.osgeo.org/libtiff/tiff-"
-                                version ".tar.gz"))
-            (patches (search-patches "libtiff-heap-overflow-tiffcp.patch"
-                                     "libtiff-null-dereference.patch"
-                                     "libtiff-heap-overflow-tif-dirread.patch"
-                                     "libtiff-heap-overflow-pixarlog-luv.patch"
-                                     "libtiff-divide-by-zero.patch"
-                                     "libtiff-divide-by-zero-ojpeg.patch"
-                                     "libtiff-tiffcp-underflow.patch"
-                                     "libtiff-invalid-read.patch"
-                                     "libtiff-CVE-2016-10092.patch"
-                                     "libtiff-heap-overflow-tiffcrop.patch"
-                                     "libtiff-divide-by-zero-tiffcrop.patch"
-                                     "libtiff-CVE-2016-10093.patch"
-                                     "libtiff-divide-by-zero-tiffcp.patch"
-                                     "libtiff-assertion-failure.patch"
-                                     "libtiff-CVE-2016-10094.patch"
-                                     "libtiff-CVE-2017-5225.patch"))
-            (sha256
-             (base32
-              "06ghqhr4db1ssq0acyyz49gr8k41gzw6pqb6mbn5r7jqp77s4hwz"))))
+   (version "4.0.8")
+   (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "ftp://download.osgeo.org/libtiff/tiff-"
+                           version ".tar.gz"))
+       (patches
+         (search-patches "libtiff-tiffgetfield-bugs.patch"
+                         "libtiff-CVE-2016-10688.patch"
+                         "libtiff-CVE-2017-9936.patch"
+                         "libtiff-tiffycbcrtorgb-integer-overflow.patch"
+                         "libtiff-tiffycbcrtorgbinit-integer-overflow.patch"))
+       (sha256
+        (base32
+         "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"))                           ;1.3 MiB of HTML documentation
@@ -367,9 +408,6 @@ extracting icontainer icon files.")
                                              (assoc-ref %outputs "doc")
                                              "/share/doc/"
                                              ,name "-" ,version))))
-   ;; Build with a patched GCC to work around <http://bugs.gnu.org/24703>.
-   (native-inputs
-    `(("gcc@5" ,gcc-5)))
    (inputs `(("zlib" ,zlib)
              ("libjpeg" ,libjpeg)))
    (synopsis "Library for handling TIFF files")
@@ -382,24 +420,6 @@ collection of tools for doing simple manipulations of TIFF images.")
                                   "See COPYRIGHT in the distribution."))
    (home-page "http://www.simplesystems.org/libtiff/")))
 
-(define libtiff-4.0.8
-  (package
-    (inherit libtiff)
-    (version "4.0.8")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (string-append "ftp://download.osgeo.org/libtiff/tiff-"
-                           version ".tar.gz"))
-       (patches (search-patches "libtiff-tiffgetfield-bugs.patch"
-                                "libtiff-CVE-2016-10688.patch"
-                                "libtiff-CVE-2017-9936.patch"
-                                "libtiff-tiffycbcrtorgb-integer-overflow.patch"
-                                "libtiff-tiffycbcrtorgbinit-integer-overflow.patch"))
-       (sha256
-        (base32
-         "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr"))))))
-
 (define-public leptonica
   (package
     (name "leptonica")
@@ -489,7 +509,7 @@ work.")
 (define-public openjpeg
   (package
     (name "openjpeg")
-    (version "2.1.2")
+    (version "2.2.0")
     (source
       (origin
         (method url-fetch)
@@ -499,9 +519,8 @@ work.")
         (file-name (string-append name "-" version ".tar.gz"))
         (sha256
          (base32
-          "19yz4g0c45sm8y1z01j9djsrl1mkz3pmw7fykc6hkvrqymp7prsc"))
-        (patches (search-patches "openjpeg-CVE-2016-9850-CVE-2016-9851.patch"
-                                 "openjpeg-CVE-2016-9572-CVE-2016-9573.patch"))))
+          "0yvfghxwfm3dcqr9krkw63pcd76hzkknc3fh7bh11s8qlvjvrpbg"))
+        (patches (search-patches "openjpeg-CVE-2017-12982.patch"))))
     (build-system cmake-build-system)
     (arguments
       ;; Trying to run `$ make check' results in a no rule fault.
@@ -1016,7 +1035,16 @@ differences in file encoding, image quality, and other small variations.")
        ("libjpeg" ,libjpeg)
        ("zlib" ,zlib)))
     (arguments
-     `(#:make-flags '("CXXFLAGS=-fpermissive"))) ;required for MHashPP.cc
+     `(#:make-flags '("CXXFLAGS=-fpermissive")    ;required for MHashPP.cc
+
+       #:phases (modify-phases %standard-phases
+                  (add-before 'configure 'set-perl-search-path
+                    (lambda _
+                      ;; Work around "dotless @INC" build failure.
+                      (setenv "PERL5LIB"
+                              (string-append (getcwd) "/tests:"
+                                             (getenv "PERL5LIB")))
+                      #t)))))
     (home-page "http://steghide.sourceforge.net")
     (synopsis "Image and audio steganography")
     (description
@@ -1100,7 +1128,8 @@ PNG, and performs PNG integrity checks and corrections.")
     (native-inputs
      `(("nasm" ,nasm)))
     (arguments
-     '(#:test-target "test"))
+     '(#:test-target "test"
+       #:configure-flags (list "--with-build-date=1970-01-01")))
     (home-page "http://www.libjpeg-turbo.org/")
     (synopsis "SIMD-accelerated JPEG image handling library")
     (description "libjpeg-turbo is a JPEG image codec that accelerates baseline
@@ -1158,3 +1187,46 @@ medical image data, e.g. magnetic resonance image (MRI) and functional MRI
 (fMRI) brain images.")
     (home-page "http://niftilib.sourceforge.net")
     (license license:public-domain)))
+
+(define-public gpick
+  (package
+    (name "gpick")
+    (version "0.2.5")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/thezbyg/gpick/archive/"
+                                  name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0mxvxk15xhk2i5vfavjhnkk4j3bnii0gpf8di14rlbpq070hd5rs"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("boost" ,boost)
+       ("gettext" ,gnu-gettext)
+       ("pkg-config" ,pkg-config)
+       ("scons" ,scons)))
+    (inputs
+     `(("expat" ,expat)
+       ("gtk2" ,gtk+-2)
+       ("lua" ,lua-5.2)))
+    (arguments
+     `(#:tests? #f
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'fix-lua-reference
+           (lambda _
+             (substitute* "SConscript"
+               (("lua5.2") "lua-5.2"))
+             #t))
+         (replace 'build
+           (lambda _
+             (zero? (system* "scons"))))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((dest (assoc-ref outputs "out")))
+               (zero? (system* "scons" "install"
+                               (string-append "DESTDIR=" dest)))))))))
+    (home-page "http://www.gpick.org/")
+    (synopsis "Color picker")
+    (description "Gpick is an advanced color picker and palette editing tool.")
+    (license license:bsd-3)))
diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm
index c543655fb8..4056d486fb 100644
--- a/gnu/packages/imagemagick.scm
+++ b/gnu/packages/imagemagick.scm
@@ -25,7 +25,6 @@
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system perl)
   #:use-module (guix download)
-  #:use-module (guix hg-download)
   #:use-module (guix utils)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (gnu packages)
@@ -46,14 +45,14 @@
     ;; The 7 release series has an incompatible API, while the 6 series is still
     ;; maintained. Don't update to 7 until we've made sure that the ImageMagick
     ;; users are ready for the 7-series API.
-    (version "6.9.8-10")
+    (version "6.9.9-9")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://imagemagick/ImageMagick-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "040qs7nwcm84bjd9wryvd58zqfykbmn3y3qfc90lnldww7v6ihlg"))))
+               "0p7jz55zry5r1lv34ymx536fqymvy3iwzwy0kvj53mlmsaad7vjr"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags '("--with-frozenpaths" "--without-gcc-arch")
@@ -162,70 +161,58 @@ script.")
     (license (package-license imagemagick))))
 
 (define-public graphicsmagick
-  (let ((changeset "6156b4c2992d855ece6079653b3b93c3229fc4b8") ; fix CVE-2017-6335
-        (revision "3"))
-    (package
-      (name "graphicsmagick")
-      (version (string-append "1.3.25-" revision "."
-                              (string-take changeset 7)))
-      (source (origin
-                (method hg-fetch)
-                (uri (hg-reference
-                      (url "http://hg.code.sf.net/p/graphicsmagick/code")
-                      (changeset changeset)))
-                (file-name (string-append name "-" version "-checkout"))
-                ;;(method url-fetch)
-                ;;(uri (string-append "ftp://ftp.graphicsmagick.org/pub/"
-                ;;                    "GraphicsMagick/" (version-major+minor version)
-                ;;                    "/GraphicsMagick-" version ".tar.xz"))
-                (sha256
-                 (base32
-                  "08yfsn8mrqkwpax43vv1crfr55rcf004wwpzsinr5c6m0asqr08b"))
-                (modules '((guix build utils)))
-                (snippet
-                  ;; Remove bundled software. This reduces the size of the built
-                  ;; source checkout from 177 MiB to 49 MiB. This should not be
-                  ;; necessary when using the GraphicsMagick release tarball,
-                  ;; because these files are not distributed there.
-                  '(for-each delete-file-recursively '("bzlib" "dcraw" "hp2xx"
-                                                       "jbig" "jp2" "jpeg"
-                                                       "lcms" "libxml" "png"
-                                                       "ralcgm" "tiff" "ttf"
-                                                       "webp" "wmf" "xlib"
-                                                       "zlib")))))
-      (build-system gnu-build-system)
-      (arguments
-       `(#:configure-flags
-         (list "--with-frozenpaths"
-               "--enable-shared=yes"
-               "--with-x=yes"
-               "--with-quantum-depth=16" ; required by Octave
-               "--enable-quantum-library-names"
-               (string-append "--with-gs-font-dir="
-                              (assoc-ref %build-inputs "gs-fonts")
-                              "/share/fonts/type1/ghostscript"))))
-      (inputs
-       `(("graphviz" ,graphviz)
-         ("ghostscript" ,ghostscript)
-         ("gs-fonts" ,gs-fonts)
-         ("lcms" ,lcms)
-         ("libx11" ,libx11)
-         ("libxml2" ,libxml2)
-         ("libtiff" ,libtiff)
-         ("libpng" ,libpng)
-         ("libjpeg" ,libjpeg)
-         ("freetype" ,freetype)
-         ("bzip2" ,bzip2)
-         ("xz" ,xz)
-         ("zlib" ,zlib)))
-      (native-inputs
-       `(("pkg-config" ,pkg-config)))
-      (outputs '("out"                  ; 13 MiB
-                 "doc"))                ; ~7 MiB
-      (home-page "http://www.graphicsmagick.org")
-      (synopsis "Create, edit, compose, or convert bitmap images")
-      (description
-       "GraphicsMagick provides a comprehensive collection of utilities,
+  (package
+    (name "graphicsmagick")
+    (version "1.3.26")
+    (source (origin
+              (method url-fetch)
+              (uri
+                (list
+                  (string-append "mirror://sourceforge/" name "/" name
+                                 "/" version "/GraphicsMagick-" version ".tar.xz")
+                  (string-append "ftp://ftp.graphicsmagick.org/pub/"
+                                 "GraphicsMagick/" (version-major+minor version)
+                                 "/GraphicsMagick-" version ".tar.xz")))
+              (sha256
+               (base32
+                "122zgs96dqrys62mnh8x5yvfff6km4d3yrnvaxzg3mg5sprib87v"))
+              (patches
+               (search-patches "graphicsmagick-CVE-2017-12935.patch"
+                               "graphicsmagick-CVE-2017-12936.patch"
+                               "graphicsmagick-CVE-2017-12937.patch"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags
+       (list "--with-frozenpaths"
+             "--enable-shared=yes"
+             "--with-x=yes"
+             "--with-quantum-depth=16" ; required by Octave
+             "--enable-quantum-library-names"
+             (string-append "--with-gs-font-dir="
+                            (assoc-ref %build-inputs "gs-fonts")
+                            "/share/fonts/type1/ghostscript"))))
+    (inputs
+     `(("graphviz" ,graphviz)
+       ("ghostscript" ,ghostscript)
+       ("gs-fonts" ,gs-fonts)
+       ("lcms" ,lcms)
+       ("libx11" ,libx11)
+       ("libxml2" ,libxml2)
+       ("libtiff" ,libtiff)
+       ("libpng" ,libpng)
+       ("libjpeg" ,libjpeg)
+       ("freetype" ,freetype)
+       ("bzip2" ,bzip2)
+       ("xz" ,xz)
+       ("zlib" ,zlib)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (outputs '("out"                  ; 13 MiB
+               "doc"))                ; ~7 MiB
+    (home-page "http://www.graphicsmagick.org")
+    (synopsis "Create, edit, compose, or convert bitmap images")
+    (description
+     "GraphicsMagick provides a comprehensive collection of utilities,
 programming interfaces, and GUIs, to support file format conversion, image
 processing, and 2D vector rendering.")
-      (license license:expat))))
+    (license license:expat)))
diff --git a/gnu/packages/irc.scm b/gnu/packages/irc.scm
index 011665d387..0f68cc532a 100644
--- a/gnu/packages/irc.scm
+++ b/gnu/packages/irc.scm
@@ -66,6 +66,7 @@
         (method url-fetch)
         (uri (string-append "http://quassel-irc.org/pub/quassel-"
                             version ".tar.bz2"))
+        (patches (search-patches "quassel-fix-tls-check.patch"))
         (sha256
          (base32
           "0ka456fb8ha3w7g74xlzfg6w4azxjjxgrhl4aqpbwg3lnd6fbr4k"))))
@@ -300,14 +301,14 @@ using a mouse.  It is customizable and extensible with plugins and scripts.")
 (define-public limnoria
   (package
     (name "limnoria")
-    (version "2017.03.30")
+    (version "2017.08.18")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "limnoria" version))
        (sha256
         (base32
-         "1q0y6iglg1cbhimgjz3afws51as3shy6rd61dck7jfm25y8pi6g8"))))
+         "1hij444l45mjli8i67iyd3syf263ijj1l0cm3irqjjxv5r3f9zjj"))))
     (build-system python-build-system)
     (inputs
      `(("python-pytz" ,python-pytz)
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index f231380506..da68487b01 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -1064,7 +1064,7 @@ bootstrapping purposes.")
     (license license:gpl2+)))
 
 (define-public icedtea-7
-  (let* ((version "2.6.10")
+  (let* ((version "2.6.11")
          (drop (lambda (name hash)
                  (origin
                    (method url-fetch)
@@ -1082,7 +1082,7 @@ bootstrapping purposes.")
                       version ".tar.xz"))
                 (sha256
                  (base32
-                  "0am945k2zqrka2xn7lb5grmkad4lwncnhnwk8iq6f269birzsj8w"))
+                  "1ibp6ybqnf8g7mbs45bkbv44dwz4h2w9gr4rh15yvr1m8lqkq1i0"))
                 (modules '((guix build utils)))
                 (snippet
                  '(substitute* "Makefile.in"
@@ -1475,25 +1475,25 @@ bootstrapping purposes.")
       (native-inputs
        `(("openjdk-src"
           ,(drop "openjdk"
-                 "02klsxp9hlf5sial6mxpiq53hmrhlrg6x774j7bjjfhb7hpdvadh"))
+                 "1zhr4l9kxnbzghcsgjk3vmih9qpg1wrr9qry7fx04l97svp1ylhd"))
          ("corba-drop"
           ,(drop "corba"
-                 "1vbly6khri241xda05gnwkpf2fk41d96ls96ximi084mx0a3w5rd"))
+                 "108v15ncb2rnsyzgzncjlm1f57d1sv60zd9qbpas8kqmvpp8r0gz"))
          ("jaxp-drop"
           ,(drop "jaxp"
-                 "0s8zln64vdwdxwlw1vpfzm8xbpyhgsv3nqjmnv7y36qpsszg27a5"))
+                 "0zcpcmm3g1s7m31glrbw3ys7azi97ixcvbyxd40y9xzdja3jyr52"))
          ("jaxws-drop"
           ,(drop "jaxws"
-                 "0myd66bv8ib8krzgqv754bc564rd8xwpwabvf7my1apyb86vap3n"))
+                 "1gkqm0p3sr8d0xpki3fhf7cvmgqxx8ambgl5f3jx2plfnhsg96d2"))
          ("jdk-drop"
           ,(drop "jdk"
-                 "10b4lfv10vba07zblw0wii7mhrfhf32pf7410x5nz2q0smgszl2h"))
+                 "1d9fjnzdx4m6gwkvmj2n097ag0mvkhm3lldaxjki8x8c6a5clknf"))
          ("langtools-drop"
           ,(drop "langtools"
-                 "0lvncxb5qzrlqkflrnd0l8vwy155cwj1jb07rkq10z2vx0bq7lq2"))
+                 "0zscdp9arcq7gr8j7jq4m75gq0w1i3ryxpdnrc8fl0msh4w2s2k5"))
          ("hotspot-drop"
           ,(drop "hotspot"
-                 "0q6mdgbbd3681y3n0z1v783irdjhhi73z6sn5csczpyhjm318axb"))
+                 "1y6vnssn5y50x27g4ypdb5wwpmi7zf7jdi8gqbymkwf6n8p5y1d6"))
          ("ant" ,ant-bootstrap)
          ("attr" ,attr)
          ("coreutils" ,coreutils)
@@ -1543,7 +1543,7 @@ IcedTea build harness.")
       (license license:gpl2+))))
 
 (define-public icedtea-8
-  (let* ((version "3.4.0")
+  (let* ((version "3.5.1")
          (drop (lambda (name hash)
                  (origin
                    (method url-fetch)
@@ -1552,7 +1552,7 @@ IcedTea build harness.")
                          "/icedtea8/" version "/" name ".tar.xz"))
                    (sha256 (base32 hash))))))
     (package (inherit icedtea-7)
-      (version "3.4.0")
+      (version "3.5.1")
       (source (origin
                 (method url-fetch)
                 (uri (string-append
@@ -1560,7 +1560,7 @@ IcedTea build harness.")
                       version ".tar.xz"))
                 (sha256
                  (base32
-                  "16if055973y6yw7n5gczp8iksvc31cy4p5by9lkbniadqj4z665m"))
+                  "1j8iv0cdk9fkh3yb5is7z29m9k3s89w6y9090538j6aa7p4nmalf"))
                 (modules '((guix build utils)))
                 (snippet
                  '(begin
@@ -1602,7 +1602,7 @@ IcedTea build harness.")
                                          (string-append "lib" name ".so")))))
                    (for-each
                     (lambda (file)
-                      (catch 'encoding-error
+                      (catch 'decoding-error
                         (lambda ()
                           (substitute* file
                             (("VERSIONED_JNI_LIB_NAME\\(\"(.*)\", \"(.*)\"\\)"
@@ -1632,34 +1632,34 @@ IcedTea build harness.")
        `(("jdk" ,icedtea-7 "jdk")
          ("openjdk-src"
           ,(drop "openjdk"
-                 "0va5i3zr8y8ncv914rz914jda9d88gq0viww3smdqnln8n78rszi"))
+                 "0a6yrq8y1zkzc7hm2l28rm3vzy5izfxhmmhhhvc91lhfclnqcd2q"))
          ("aarch32-drop"
           ,(drop "aarch32"
                  "0cway5a5hcfyh4pzl9zz5xr7lil4gsliy6r5iqbaasd2d9alvqiq"))
          ("corba-drop"
           ,(drop "corba"
-                 "1l9zr97a3kq00bj4i8wcdsjlz3xlfldxd8zhkcxikinwd5n0n8a7"))
+                 "031sc6byd8lqvz3cd07phm13pqrxalxk9f3a2q8pim5n4sbsy0qb"))
          ("jaxp-drop"
           ,(drop "jaxp"
-                 "0lqxrsr3xlpwm2na6f2rpl7znrz34dkb9dg3zjmympyjy4kqljn7"))
+                 "1815jaj0k0w1s0g0jr1ahkajp1jx2qlb08i6l9ha4wyqqyp49a4n"))
          ("jaxws-drop"
           ,(drop "jaxws"
-                 "1b3chckk10dzrpa7cswmcf1jvryaiwkj8lihfqjr5j7l668jwr4h"))
+                 "0vh4f85cxhqvabzg86ycpz02519cdzgsn5dr75k22rkmbbxnbbl6"))
          ("jdk-drop"
           ,(drop "jdk"
-                 "15lq0k2jv2x26x6vqkbljdcxk35i3b60pcsw3j1sdfmlk1xy6wgc"))
+                 "196ycqz4d9kknc6b219q4ib83l1kkl6w6l1cznw9bzaafyynqa35"))
          ("langtools-drop"
           ,(drop "langtools"
-                 "17xkb8ahkg04ri0bp5wblcp1a2lp8j7c83ic5zdbggvgm339k5s8"))
+                 "0ssnadlr5cxhmj06nmni34kdynix1sjhcvjzahm5yzfd7dfllmgy"))
          ("hotspot-drop"
           ,(drop "hotspot"
-                 "0xpx8ykaq0ki6r0dl3dzca2xgp1p82z8mvsxcs2931ib667ncgcp"))
+                 "0f7fxf0s9kadvs80hm5ga72pyp9r0fvl8zm1wmd1wrks8kl79sd6"))
          ("nashorn-drop"
           ,(drop "nashorn"
-                 "1bnn4731lhlvg8axy4mjxgvh646yl22hp52wipx8cfca4vkn2f1z"))
+                 "0m95qgnd4z6p0xp9m06ihss7skx2yrm7xw69jsjsrxpriy1shiwy"))
          ("shenandoah-drop"
           ,(drop "shenandoah"
-                 "0fpxl8zlii1hpm777r875ys2cr5ih3gb6p1nm9jfa6krjrccrxv1"))
+                 "0yjlcgp6mldp30hmkfl68mdwlbg3gb0m6xd5y7srczni7cln5f3i"))
          ,@(fold alist-delete (package-native-inputs icedtea-7)
                  '("jdk" "openjdk-src" "corba-drop" "jaxp-drop" "jaxws-drop"
                    "jdk-drop" "langtools-drop" "hotspot-drop")))))))
@@ -4672,3 +4672,28 @@ generate classes, directly in binary form.  The provided common
 transformations and analysis algorithms allow to easily assemble custom
 complex transformations and code analysis tools.")
     (license license:bsd-3)))
+
+(define-public java-commons-cli-1.2
+  ;; This is a bootstrap dependency for Maven2.
+  (package
+    (inherit java-commons-cli)
+    (version "1.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://apache/commons/cli/source/"
+                                  "commons-cli-" version "-src.tar.gz"))
+              (sha256
+               (base32
+                "0rvfgzgv2pc1m091dfj3ih9ddsjjppr1f1wf0qmc3bk6b1kwv2dm"))))
+    (arguments
+     `(#:jar-name "commons-cli.jar"
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'check 'fix-build-xml
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "build.xml"
+               (("dir=\"\\$\\{test.home\\}/java\"")
+                "dir=\"${test.home}\""))
+             #t)))))
+    (native-inputs
+     `(("java-junit" ,java-junit)))))
diff --git a/gnu/packages/javascript.scm b/gnu/packages/javascript.scm
index 43bc0bbf6d..85017453ff 100644
--- a/gnu/packages/javascript.scm
+++ b/gnu/packages/javascript.scm
@@ -22,11 +22,51 @@
   #:use-module (gnu packages)
   #:use-module (gnu packages base)
   #:use-module (gnu packages compression)
-  #:use-module (gnu packages fonts)
   #:use-module (gnu packages lisp)
   #:use-module (guix packages)
   #:use-module (guix download)
-  #:use-module (guix build-system trivial))
+  #:use-module (guix git-download)
+  #:use-module (guix build-system trivial)
+  #:use-module (guix build-system minify))
+
+(define-public font-mathjax
+  (package
+    (name "font-mathjax")
+    (version "2.7.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://github.com/mathjax/MathJax/archive/"
+             version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0sbib5lk0jrvbq6s72ag6ss3wjlz5wnk07ddxij1kp96yg3c1d1b"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils)
+                      (ice-9 match))
+         (set-path-environment-variable
+          "PATH" '("bin") (map (match-lambda
+                                 ((_ . input)
+                                  input))
+                               %build-inputs))
+         (let ((install-directory (string-append %output "/share/fonts/mathjax")))
+           (mkdir-p install-directory)
+           (zero? (system* "tar" "-C" install-directory "-xvf"
+                           (assoc-ref %build-inputs "source")
+                           "MathJax-2.7.1/fonts" "--strip" "2"))))))
+    (native-inputs
+     `(("gzip" ,gzip)
+       ("tar" ,tar)))
+    (home-page "https://www.mathjax.org/")
+    (synopsis "Fonts for MathJax")
+    (description "This package contains the fonts required for MathJax.")
+    (license license:asl2.0)))
 
 (define-public js-mathjax
   (package
@@ -134,3 +174,190 @@ be able to view it naturally and easily.")))
 script to enable responsive web designs in browsers that don't support CSS3
 Media Queries.")
     (license license:expat)))
+
+(define-public js-html5shiv
+  (package
+    (name "js-html5shiv")
+    (version "3.7.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/aFarkas/html5shiv/"
+                                  "archive/" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0inlbpxpqzdyi24lqagzf7l24zxg0y02xcpqs2h4npjscazzw7hg"))))
+    (build-system minify-build-system)
+    (home-page "https://github.com/aFarkas/html5shiv")
+    (synopsis "Enable HTML5 sectioning elements in legacy browsers")
+    (description "The HTML5 Shiv enables use of HTML5 sectioning elements in
+legacy Internet Explorer and provides basic HTML5 styling for Internet
+Explorer 6-9, Safari 4.x (and iPhone 3.x), and Firefox 3.x.")
+    ;; From the file "MIT and GPL2 licenses.md":
+    ;;
+    ;;   This software is licensed under a dual license system (MIT or GPL
+    ;;   version 2). This means you are free to choose with which of both
+    ;;   licenses (MIT or GPL version 2) you want to use this library.
+    (license (list license:expat license:gpl2))))
+
+(define-public js-json2
+  (let ((commit "031b1d9e6971bd4c433ca85e216cc853f5a867bd")
+        (revision "1"))
+    (package
+      (name "js-json2")
+      (version (string-append "2016-10-28." revision "-" (string-take commit 7)))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/douglascrockford/JSON-js.git")
+                      (commit commit)))
+                (file-name (string-append name "-" version "-checkout"))
+                (sha256
+                 (base32
+                  "1fvb6b2y5sd3sqdgcj683sdxcbxdii34q0ysc9wg0dq1sy81l11v"))))
+      (build-system minify-build-system)
+      (arguments
+       `(#:javascript-files '("json2.js"
+                              "json_parse.js"
+                              "json_parse_state.js"
+                              "cycle.js")))
+      (home-page "https://github.com/douglascrockford/JSON-js")
+      (synopsis "JSON encoders and decoders")
+      (description "The files in this collection implement JSON
+encoders/decoders in JavaScript.
+
+@code{json2.js}: This file creates a JSON property in the global object, if
+there isn't already one, setting its value to an object containing a stringify
+method and a parse method.  The @code{parse} method uses the @code{eval}
+method to do the parsing, guarding it with several regular expressions to
+defend against accidental code execution hazards.  On current browsers, this
+file does nothing, preferring the built-in JSON object.
+
+@code{json_parse.js}: This file contains an alternative JSON @code{parse}
+function that uses recursive descent instead of @code{eval}.
+
+@code{json_parse_state.js}: This files contains an alternative JSON
+@code{parse} function that uses a state machine instead of @code{eval}.
+
+@code{cycle.js}: This file contains two functions, @code{JSON.decycle} and
+@code{JSON.retrocycle}, which make it possible to encode cyclical structures
+and DAGs in JSON, and to then recover them.  This is a capability that is not
+provided by ES5.  @code{JSONPath} is used to represent the links.")
+      (license license:public-domain))))
+
+(define-public js-strftime
+  (package
+    (name "js-strftime")
+    (version "0.10.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/samsonjs/strftime/"
+                                  "archive/v" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1iya43w7y26y2dp9l4d40bhjc4scb5a9mng5ng5c8hsqr82f1375"))))
+    (build-system minify-build-system)
+    (arguments
+     `(#:javascript-files '("strftime.js")))
+    (home-page "https://github.com/samsonjs/strftime")
+    (synopsis "Implementation of strftime to JavaScript")
+    (description "This is an implementation of the @code{strftime} procedure
+for JavaScript.  It works in (at least) node.js and browsers.  It supports
+localization and timezones.  Most standard specifiers from C are supported as
+well as some other extensions from Ruby.")
+    (license license:expat)))
+
+(define-public js-highlight
+  (package
+    (name "js-highlight")
+    (version "9.12.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/isagalaev/highlight.js/"
+                                  "archive/" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1jjn9mj7fwq4zpr6is438bscf03b3q8jkj0k5c3fc6pkmjnhw939"))))
+    (build-system minify-build-system)
+    (arguments
+     `(#:javascript-files '("src/highlight.js")))
+    (home-page "https://github.com/isagalaev/highlight.js")
+    (synopsis "Syntax highlighting for JavaScript")
+    (description "Highlight.js is a syntax highlighter written in JavaScript.
+It works in the browser as well as on the server.  It works with pretty much
+any markup, doesn’t depend on any framework and has automatic language
+detection.")
+    (license license:bsd-3)))
+
+(define-public js-datatables
+  (package
+    (name "js-datatables")
+    (version "1.10.15")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://datatables.net/releases/DataTables-"
+                                  version ".zip"))
+              (sha256
+               (base32
+                "1y9xqyqyz7x1ls3ska71pshl2hpiy3qnw1f7wygyslbhy4ssgf57"))))
+    (build-system minify-build-system)
+    (arguments
+     `(#:javascript-files '("media/js/dataTables.bootstrap.js"
+                            "media/js/jquery.dataTables.js")))
+    (native-inputs
+     `(("unzip" ,unzip)))
+    (home-page "https://datatables.net")
+    (synopsis "DataTables plug-in for jQuery")
+    (description "DataTables is a table enhancing plug-in for the jQuery
+Javascript library, adding sorting, paging and filtering abilities to plain
+HTML tables with minimal effort.")
+    (license license:expat)))
+
+(define-public js-selectize
+  (package
+    (name "js-selectize")
+    (version "0.12.4")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/selectize/selectize.js/"
+                                  "archive/v" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0756p49aaz34mw2dx8k1gxf210mngfrri25vkba0j7wihd2af8gn"))))
+    (build-system minify-build-system)
+    (arguments `(#:javascript-files '("src/selectize.js")))
+    (home-page "http://selectize.github.io/selectize.js/")
+    (synopsis "Hybrid widget between a textbox and <select> box")
+    (description "Selectize is the hybrid of a textbox and @code{<select>}
+box.  It's jQuery based and it has autocomplete and native-feeling keyboard
+navigation; it is useful for tagging, contact lists, etc.")
+    (license license:asl2.0)))
+
+(define-public js-es5-shim
+  (package
+    (name "js-es5-shim")
+    (version "4.5.9")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/es-shims/es5-shim/"
+                                  "archive/v" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0yfndyijz0ykddzprpvfjb2453gzpn528klmwycwbqc1bqd3m1hl"))))
+    (build-system minify-build-system)
+    (arguments `(#:javascript-files
+                 '("es5-sham.js"
+                   "es5-shim.js")))
+    (home-page "https://github.com/es-shims/es5-shim")
+    (synopsis "ECMAScript 5 compatibility shims for legacy JavaScript engines")
+    (description "@code{es5-shim.js} patches a JavaScript context to contain
+all ECMAScript 5 methods that can be faithfully emulated with a legacy
+JavaScript engine.  @code{es5-sham.js} patches other ES5 methods as closely as
+possible.  Many of these shams are intended only to allow code to be written
+to ES5 without causing run-time errors in older engines.  In many cases, this
+means that these shams cause many ES5 methods to silently fail.")
+    (license license:expat)))
diff --git a/gnu/packages/kde-frameworks.scm b/gnu/packages/kde-frameworks.scm
index a25de39ed8..292b537a12 100644
--- a/gnu/packages/kde-frameworks.scm
+++ b/gnu/packages/kde-frameworks.scm
@@ -44,6 +44,7 @@
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages gnupg)
+  #:use-module (gnu packages gperf)
   #:use-module (gnu packages graphics)
   #:use-module (gnu packages gstreamer)
   #:use-module (gnu packages image)
@@ -70,7 +71,7 @@
 (define-public extra-cmake-modules
   (package
     (name "extra-cmake-modules")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -79,7 +80,7 @@
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1r3dyvrv77xrpjlzpa6yazwkknirvx1ccvdyj9x0mlk4vfi05nh5"))))
+                "1jr7nmhh4kyz1g454qkldfhimfjvvylqa19zna5iak08bkq8q696"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("qtbase" ,qtbase))) ; For tests (needs qmake)
@@ -254,7 +255,7 @@ Phonon-GStreamer is a backend based on the GStreamer multimedia library.")
 (define-public attica
   (package
     (name "attica")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -263,7 +264,7 @@ Phonon-GStreamer is a backend based on the GStreamer multimedia library.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0l8gmsmpwzg6nzwwlnsdl6r6qkhnhirpmrkag9xpd2sbmy734x53"))))
+                "13jqk4w9crh8pca6n9334l1gb8bmwf86pa36k0mfh5j19dq72g2p"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)))
@@ -286,7 +287,7 @@ http://freedesktop.org/wiki/Specifications/open-collaboration-services/")
 (define-public bluez-qt
   (package
     (name "bluez-qt")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -295,7 +296,7 @@ http://freedesktop.org/wiki/Specifications/open-collaboration-services/")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "040gs2a1fx996gqdx2pwxh00szb1vb85055z946nqvqfn01921df"))))
+                "1x6nj7vsn0sp9rckzkcbl6fwm7qzj5w98w2qys1fndb1spl7av8s"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("dbus" ,dbus)
@@ -306,12 +307,7 @@ http://freedesktop.org/wiki/Specifications/open-collaboration-services/")
     (arguments
      `(#:configure-flags
        '("-DINSTALL_UDEV_RULE:BOOL=OFF")
-       #:phases
-       (modify-phases %standard-phases
-         (replace 'check
-           (lambda _
-             (setenv "DBUS_FATAL_WARNINGS" "0")
-             (zero? (system* "dbus-launch" "ctest" ".")))))))
+       #:tests? #f)) ; DBUS_FATAL_WARNINGS=0 still yields 7/8 tests failing
     (home-page "https://community.kde.org/Frameworks")
     (synopsis "QML wrapper for BlueZ")
     (description "bluez-qt is a Qt-style library for accessing the bluez
@@ -321,7 +317,7 @@ Bluetooth stack.  It is used by the KDE Bluetooth stack, BlueDevil.")
 (define-public breeze-icons
   (package
     (name "breeze-icons")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -330,7 +326,7 @@ Bluetooth stack.  It is used by the KDE Bluetooth stack, BlueDevil.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1znzlggb6yrkw5rr2n75g7cfv9x5p9d55hss09c4i79lxrh1bk4a"))))
+                "17nr2phd0nxyx49igvl170ksikapgc4365z26pw0dmmw41llcbxw"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -350,7 +346,7 @@ It is the default icon theme for the KDE Plasma 5 desktop.")
 (define-public kapidox
   (package
     (name "kapidox")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -359,7 +355,7 @@ It is the default icon theme for the KDE Plasma 5 desktop.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "190d5z6i71jrvfna6vnlim2p9rgc33s1fxl0zarn276683i1rwvg"))))
+                "1xwkaamifxjghv158rwslndfd9z70rm9ixnp1mmkgw8radwsqg5v"))))
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f)) ; has no test target
@@ -392,7 +388,7 @@ documentation.")
 (define-public karchive
   (package
     (name "karchive")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -401,7 +397,7 @@ documentation.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0g8jskdar2znviwh9bs3kia093wgfnhl04x4jcg2rvh78ylkpvxw"))))
+                "1599lql0kcx705313bfvbazr7rayr6vsiwrpiq6iwljzc7lli1im"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)))
@@ -426,7 +422,7 @@ GZip format, via a subclass of QIODevice.")
 (define-public kcodecs
   (package
     (name "kcodecs")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -435,10 +431,11 @@ GZip format, via a subclass of QIODevice.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0k51s4qlf0kq6i8f3wrsz5lrkzjqb1j26hrmlmg57vn91r58iash"))))
+                "0kmk97b5vbnyb3xjxwmg3l47aka8mkf50g4p7wvr096qwplffbva"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
+       ("gperf" ,gperf)
        ("qttools" ,qttools)))
     (inputs
      `(("qtbase" ,qtbase)))
@@ -461,7 +458,7 @@ Internet).")
 (define-public kconfig
   (package
     (name "kconfig")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -470,7 +467,7 @@ Internet).")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0blbx6b3fk6p8cv2iywk2avn9w1411bb0g5wwv456a9ggi01988x"))))
+                "1f0y2gmwy05b17clr7vg1zp18l1z0fd757v02ha7cwd64yznyr5d"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -528,7 +525,7 @@ propagate their changes to their respective configuration files.")
 (define-public kcoreaddons
   (package
     (name "kcoreaddons")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -537,7 +534,7 @@ propagate their changes to their respective configuration files.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1ybr4bv8rhp4cxpf8mfsc4dk0klzrfh1z8g2cw6zasmksxmmwi90"))))
+                "0a45sz11d7b2d8sbr9z57mv337nbhd94fiqk3issw470n0y46g3y"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -566,7 +563,7 @@ many more.")
 (define-public kdbusaddons
   (package
     (name "kdbusaddons")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -575,7 +572,7 @@ many more.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1skblxfnjhbyiwavsfhksc2ybc2sikw3xr0js6mlfbpmvqzghn6h"))
+                "0745arkp4wnpwyhjq02h7lfac049cmlg5qwhf96i7ss0w54vch4i"))
               (patches (search-patches "kdbusaddons-kinit-file-name.patch"))))
     (build-system cmake-build-system)
     (native-inputs
@@ -611,7 +608,7 @@ as well as an API to create KDED modules.")
 (define-public kdnssd
   (package
     (name "kdnssd")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -620,7 +617,7 @@ as well as an API to create KDED modules.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "082mdim9wykdap4fmjfayk443rbarsk1p8cn3mspx2nw047yja80"))))
+                "03rd6znn2qwndn4m3bb03slwyic06ry535rawgyh06lfps0fcc5z"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -638,7 +635,7 @@ infrastructure.")
 (define-public kguiaddons
   (package
     (name "kguiaddons")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -647,7 +644,7 @@ infrastructure.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1nmlwvy2jdmh0m6bmahvk68vl2rs9s28c10dkncpi6gvhsdkigqx"))))
+                "13g6nlw8fk135i6z3f8ichy8whxd6v4rycg80dlvm25h66rg6vn5"))))
     (build-system cmake-build-system)
     ;; TODO: Build packages for the Python bindings.  Ideally this will be
     ;; done for all versions of python guix supports.  Requires python,
@@ -676,7 +673,7 @@ interfaces in the areas of colors, fonts, text, images, keyboard input.")
 (define-public ki18n
   (package
     (name "ki18n")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -685,7 +682,7 @@ interfaces in the areas of colors, fonts, text, images, keyboard input.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0glvmmy01mp6hnix79aichgwjq842kgf5q5zynkg6mch85y4ary7"))))
+                "1c1sy4pbhlwsajs2972brdmma5val72gkil6k0a0f58nfvvg952d"))))
     (build-system cmake-build-system)
     (propagated-inputs
      `(("gettext" ,gettext-minimal)
@@ -719,7 +716,7 @@ translation scripting.")
 (define-public kidletime
   (package
     (name "kidletime")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -728,7 +725,7 @@ translation scripting.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0z8x6iz52y2m8llsp2q4qayxswkzay7ksimzy47crfag442bw24g"))))
+                "01m4q3l2yq83f2dpbv6jry7cjkj6bqdgfpy5b8byaf1gf9w2firs"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)))
@@ -746,7 +743,7 @@ or user activity.")
 (define-public kitemmodels
   (package
     (name "kitemmodels")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -755,7 +752,7 @@ or user activity.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1liq1ppa7xb1dcncv25c2a0xy3l9bvb2a56cff90c0b0vwr239q5"))))
+                "1nlpzzp4m0ghfz1p2hrwn4lbhjhxc8b8q8kbzqbh9hmwmimbzzrr"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)))
@@ -805,7 +802,7 @@ model to observers
 (define-public kitemviews
   (package
     (name "kitemviews")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -814,7 +811,7 @@ model to observers
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "054accbis471zj1gbfxbc99062r2hvpb04i6w3r8fa4ml8s6brqk"))))
+                "17r7vnlyiiifhrz4gb4fifshn1jb4c67lhadczi8d301rzk7wwsm"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -840,7 +837,7 @@ to flat and hierarchical lists.")
 (define-public kplotting
   (package
     (name "kplotting")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -849,7 +846,7 @@ to flat and hierarchical lists.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1ffy9b08128ym024wlfgnzk52vpy0mbaa91dhndpr40qcz0i67sh"))))
+                "0k4s0qvhjm9h1bmg16l32g4bsdrp2jrcila4dgzvrb56447px0zw"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)))
@@ -875,7 +872,7 @@ pixel units.")
 (define-public ksyntaxhighlighting
   (package
     (name "ksyntaxhighlighting")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -884,7 +881,7 @@ pixel units.")
                     "syntax-highlighting-" version ".tar.xz"))
               (sha256
                (base32
-                "0ryfwblvzj9rd5jj7l8scmbb49ygzk77ng05hrznsipczin2cjw8"))))
+                "1l56pb84z7sy0qq8xkd5w5v5418bm9n4qds0vd39ch655d47bl72"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -918,12 +915,13 @@ highlighting engine.  It's meant as a building block for text editors as well
 as for simple highlighted text rendering (e.g. as HTML), supporting both
 integration with a custom editor as well as a ready-to-use
 @code{QSyntaxHighlighter} sub-class.")
+    (properties `((upstream-name . "syntax-highlighting")))
     (license license:lgpl2.1+)))
 
 (define-public kwayland
   (package
     (name "kwayland")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -932,7 +930,7 @@ integration with a custom editor as well as a ready-to-use
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1zxb9ram47vbiik8h0czyvacrdiijhnslkpcm61l4r1rb0ybb0ib"))))
+                "0d4c8l8k38pgj73kzlf1hsq52w31wy9wgpwph1bv0cq5yn2rjiyr"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -962,7 +960,7 @@ represented by a QPoint or a QSize.")
 (define-public kwidgetsaddons
   (package
     (name "kwidgetsaddons")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -971,7 +969,7 @@ represented by a QPoint or a QSize.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0hw87iig75mfgl5p3ph6zkwap31h357bm7rlyv5d9nnp10bq0hfg"))))
+                "1jmk377r1h4is2il7chh6bq8wbj21psf4b1yiw84iivg38vlpid4"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -1009,7 +1007,7 @@ configuration pages, message boxes, and password requests.")
 (define-public kwindowsystem
   (package
     (name "kwindowsystem")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1018,7 +1016,7 @@ configuration pages, message boxes, and password requests.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1sp2x7afhw19vmhdp2qyrmljz8h0875xjk95n8c5gzypk7sr0l83"))))
+                "0pd2n0j5pdv1x7wf4mwcpimnah73g6l0xidhqbpg37p829jix2k2"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -1074,7 +1072,7 @@ lower level classes for interaction with the X Windowing System.")
 (define-public modemmanager-qt
   (package
     (name "modemmanager-qt")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1083,7 +1081,7 @@ lower level classes for interaction with the X Windowing System.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1cf5nsc8h7djvr19fm5dphzplh1wm3asvn0a7r71spg0i7lzi89h"))))
+                "1fqf43kvj1v1mcdlbfxbh6sh3ycvg35aml2ywh2a684iz4qzq1aq"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -1112,7 +1110,7 @@ messages.")
 (define-public networkmanager-qt
   (package
     (name "networkmanager-qt")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1121,7 +1119,7 @@ messages.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "05s0irvkg0g57acriablyha2wb9c7w3xhq223vdddjqpcdx0pnkl"))))
+                "01px9n97gyvyyfg3dp1k7dik9fprgx9i28hg8wjr2rb5dlr99jd1"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -1151,7 +1149,7 @@ which are used in DBus communication.")
 (define-public oxygen-icons
   (package
     (name "oxygen-icons")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1160,7 +1158,7 @@ which are used in DBus communication.")
                     name "5" "-" version ".tar.xz"))
               (sha256
                (base32
-                "0cmxxssir5zbp5nlxq81h2xfd6wrxbbkydyw93dby7r56isl7ga5"))))
+                "1rns7n93f83qp5q11a7r5y87y0hvc0q95ar57cqy0fxsqrg4614h"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -1176,7 +1174,7 @@ which are used in DBus communication.")
 (define-public solid
   (package
     (name "solid")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1185,7 +1183,7 @@ which are used in DBus communication.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "02kz21p3p1s1rg7gf34fr6ynhji6x97yvsfdpvbfxbhijabbh4ib"))))
+                "1gb9gnp1a11q5abl97b7sq1if2rqcrcs0f33sakpxf1z9y0ppg8l"))))
     (build-system cmake-build-system)
     (arguments
      `(#:phases
@@ -1214,7 +1212,7 @@ system.")
 (define-public sonnet
   (package
     (name "sonnet")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1223,7 +1221,7 @@ system.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "06gxrh8rb75ydkqxk5dhlmwndnczp264jx588ryfwlf3vlnk99vs"))))
+                "0sb6i464riadgb2q73nj0vy6xavr2m1sszrvghr20nj7i64f3kk0"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -1242,7 +1240,7 @@ ASpell and HUNSPELL.")
 (define-public threadweaver
   (package
     (name "threadweaver")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1251,7 +1249,7 @@ ASpell and HUNSPELL.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1gylpl283qf1jcfyib4q5xwnpdq13hnd2cp2i7xjazdw2jp40zhr"))))
+                "1hb3721r1zbbyj211886sfkcxk18k0rsdhcg9ssagx10f29rpxx4"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)))
@@ -1272,7 +1270,7 @@ uses a job-based interface to queue tasks and execute them in an efficient way."
 (define-public kauth
   (package
     (name "kauth")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1281,7 +1279,7 @@ uses a job-based interface to queue tasks and execute them in an efficient way."
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "06cw1bsp7inh5wglajm8aahy17p35ixgnijb7d74gjqzbj4cv93d"))))
+                "0ciz28bvbvxlv0iz0cgs31x2m1czkki21ypzqj8rg2ix8jw2p65w"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("dbus" ,dbus)
@@ -1319,7 +1317,7 @@ utilities.")
 (define-public kcompletion
   (package
     (name "kcompletion")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1328,7 +1326,7 @@ utilities.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "18hvdk5b1nkh6b3vx0jajri57rl266b0qjsiwirh5wmjc81xbpcw"))))
+                "0qhjkqmd1jjy50hlzsdxwgnjwpfdrz3njl5n88h3nzp83yjv1ljz"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -1355,7 +1353,7 @@ integrated it into your application's other widgets.")
 (define-public kcrash
   (package
     (name "kcrash")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1364,7 +1362,7 @@ integrated it into your application's other widgets.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1cshay7dhbqgh62nq85vd9sm20gq9s9f70mdnzjjh1q7cajybkp3"))))
+                "16k2pwf3s3adgayd9vq7kk8c5gnq9g6wra4psrvs3a3c5k5am5y0"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)))
@@ -1390,7 +1388,7 @@ application crashes.")
 (define-public kdoctools
   (package
     (name "kdoctools")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1399,7 +1397,7 @@ application crashes.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "145jjhsd0whmcj91zbjz2b1jyj4wasw60hbwyd4xvqds8cp0l02h"))))
+                "0gbc5qqim6262hvkl9pf6rynnblxb3hsw3c4ars03ip7n761y0zl"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)))
@@ -1438,7 +1436,7 @@ from DocBook files.")
 (define-public kfilemetadata
   (package
     (name "kfilemetadata")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1447,7 +1445,7 @@ from DocBook files.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1rvlg6by8daiq5ff3qlxcw9k2iq4qicsj0c8a00xfy3w4h9ip9h5"))))
+                "17mbm6pdi6ac61kj2qzxf7y3rbxhxg9rwqr7qy766gh3img2vq8p"))))
     (build-system cmake-build-system)
     (arguments
      `(#:phases
@@ -1490,7 +1488,7 @@ by applications to write metadata.")
 (define-public kimageformats
   (package
     (name "kimageformats")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1499,7 +1497,7 @@ by applications to write metadata.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0q9ng4clqk2dqw43nk1pmq1d61rahc3qr4dmg4y3kjvz3ahnnijw"))))
+                "1knha6wjzjs0vnkljwpfinzg3hg2jyh9c07ifqvd47cprl96ickg"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -1511,6 +1509,11 @@ by applications to write metadata.")
     (arguments
      `(#:phases
        (modify-phases %standard-phases
+         ;; This test fails regularly, delete offending portion
+         (add-after 'unpack 'neuter-read-xcf-test
+           (lambda _
+             (delete-file "autotests/read/xcf/simple-rgba-gimp-2.8.10.png")
+             (delete-file "autotests/read/xcf/simple-rgba-gimp-2.8.10.xcf")))
          (add-before 'check 'check-setup
            (lambda _
              ;; make Qt render "offscreen", required for tests
@@ -1534,7 +1537,7 @@ formats.")
 (define-public kjobwidgets
   (package
     (name "kjobwidgets")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1543,7 +1546,7 @@ formats.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0lrx761vf947mb2q1l2jgi0wgwj8cz2nn1xg0j38bh99sgddmzpf"))))
+                "1162dxhpspd7p1735npp0amrxr5b0j467f5651k2rv6mvqfmqr4b"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -1562,7 +1565,7 @@ asynchronous jobs.")
 (define-public knotifications
   (package
     (name "knotifications")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1571,7 +1574,7 @@ asynchronous jobs.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "12z5hza0n5zr6mv3gkwhzb8zkrmk6dvgq8hrzwm8rzkgphjr6pi9"))))
+                "0gvv6jal7n4m3y30ragjlyhghq3y2782d422im9klxqzlgdgvkb6"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -1608,7 +1611,7 @@ covers feedback and persistent events.")
 (define-public kpackage
   (package
     (name "kpackage")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1617,7 +1620,7 @@ covers feedback and persistent events.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0wdymhcrjggxb7andz36cfk9f240vvbq5yahlxyhfp9z69lriw5q"))))
+                "1ikf55q2pk8vm70pqm7rmakja309zjh9z1lg0xqslq1pqd6xki7s"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)))
@@ -1646,7 +1649,7 @@ were traditional plugins.")
 (define-public kpty
   (package
     (name "kpty")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1655,7 +1658,7 @@ were traditional plugins.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "00k5hhz7nf3nf47xb003ni1chi03imyrfajap6ay4zp90l8fr950"))))
+                "0wb873r1ycgi11s0qx3lhvz54703yz5sax6fb6wdmri5c05gzd5a"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)))
@@ -1683,7 +1686,7 @@ and communicating with them using a pty.")
 (define-public kunitconversion
   (package
     (name "kunitconversion")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1692,7 +1695,7 @@ and communicating with them using a pty.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0v4x0flbfavrzfiqh71mdkqgp1fzk4f52msvq6w60i2s3sz7hcsm"))))
+                "1qvq61sbv9naj5ndi5xjwx7ami0xa6bqiajr912kbbbp2257cjsi"))))
     (build-system cmake-build-system)
     (arguments
      `(#:phases
@@ -1726,7 +1729,7 @@ gallons).")
 (define-public baloo
   (package
     (name "baloo")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1735,7 +1738,7 @@ gallons).")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0z53lnniq9xdk09d73z0p1xs1qmaf71m4znm4hmq956yg4yqa1ya"))))
+                "19sl07lhjrri40vfi8wl6azgmg08lgfb98xx110j6spjbbbnww79"))))
     (build-system cmake-build-system)
     (propagated-inputs
      `(("kcoreaddons" ,kcoreaddons)
@@ -1770,6 +1773,12 @@ gallons).")
              ;; make Qt render "offscreen", required for tests
              (setenv "QT_QPA_PLATFORM" "offscreen")
              #t))
+         (add-after 'unpack 'remove-failing-test
+           ;; This test fails on i686 and aarch64
+           (lambda _
+             (substitute* "autotests/unit/file/CMakeLists.txt"
+               (("metadatamovertest") ""))
+             #t))
          (replace 'check
            (lambda _
              (setenv "DBUS_FATAL_WARNINGS" "0")
@@ -1784,7 +1793,7 @@ maintaining an index of the contents of your files.")
 (define-public kactivities
   (package
     (name "kactivities")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1793,7 +1802,7 @@ maintaining an index of the contents of your files.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0dg6bkdxf4sicij4szmi55npn6chp0sfmw27qi1s582ymqzjgf5m"))))
+                "005xvzp10kvwcsl2w6ghcqgqnr2rdvv9w61i4y44y25vcb85g26v"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)))
@@ -1831,7 +1840,7 @@ with other frameworks.")
 (define-public kactivities-stats
   (package
     (name "kactivities-stats")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1840,7 +1849,7 @@ with other frameworks.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1dfaq4hsd9wm1ka45dkxbl9wwr7s5ixbnnghqwxhl7a60imc680r"))))
+                "09zsdzf77palmww7x3dzinl0hxrm4z0q0yc2fmf0d7z6cfl695y2"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)))
@@ -1861,7 +1870,7 @@ by which applications, and what documents have been linked to which activity.")
 (define-public kbookmarks
   (package
     (name "kbookmarks")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1870,7 +1879,7 @@ by which applications, and what documents have been linked to which activity.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0ggn4rz8ch82ph64q6yik9fb1mp6kmsd7n33p769zl1lw7fldn0v"))))
+                "0l6rkj0b7hk2wg6dypj1dkl8pcd1vx89gaiixbhkd3vf7jp46n41"))))
     (build-system cmake-build-system)
     (propagated-inputs
      `(("kwidgetsaddons" ,kwidgetsaddons)))
@@ -1904,7 +1913,7 @@ using the XBEL format.")
 (define-public kcmutils
   (package
     (name "kcmutils")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1913,7 +1922,7 @@ using the XBEL format.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1b52lwn7qjqrn06va7j1jswlzs6bx0drs90myf3607k52ffbf4hy"))))
+                "1ik1505f16swsmvrv62dacis33f1ccnmkw3zbhb84vbrbqyskvzx"))))
     (build-system cmake-build-system)
     (propagated-inputs
      `(("kconfigwidgets" ,kconfigwidgets)
@@ -1943,7 +1952,7 @@ KCModules can be created with the KConfigWidgets framework.")
 (define-public kconfigwidgets
   (package
     (name "kconfigwidgets")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1952,7 +1961,7 @@ KCModules can be created with the KConfigWidgets framework.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0h4kappsffrp2qgg8wza1ybgah2dlcgpz591llfvaz31ldsml9hk"))))
+                "001d1nj8q6xpl71rwm15rnvy5ajyxpvknvf4ic7p5pbik3021bs6"))))
     (build-system cmake-build-system)
     (propagated-inputs
      `(("kauth" ,kauth)
@@ -1985,7 +1994,7 @@ their settings.")
 (define-public kdeclarative
   (package
     (name "kdeclarative")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1994,7 +2003,7 @@ their settings.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1mfj32p631zvwz9ldk8536ifb4n825zxbhx69bfllhw2vn1am7z2"))))
+                "1ish46m2dpnpqjnf8g660clcg7ky65w11cbk2m79pwyhqvhxgggj"))))
     (build-system cmake-build-system)
     (propagated-inputs
      `(("kconfig" ,kconfig)
@@ -2046,7 +2055,7 @@ that offer bindings to some of the Frameworks.")
 (define-public kded
   (package
     (name "kded")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2055,7 +2064,7 @@ that offer bindings to some of the Frameworks.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0qy4w7bcg60gyf6y6c11kqcshnld55a8w4fzglpwgqfbliyi5yzq"))))
+                "162s5qx2qb0bi889f8jjvd3ci31azd8iwp25i04vwi0lzglwb8gy"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)))
@@ -2079,7 +2088,7 @@ started on demand.")
 (define-public kdesignerplugin
   (package
     (name "kdesignerplugin")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2088,7 +2097,7 @@ started on demand.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1jnarg7wrhdjfq73q4wplazxsz927mpf0l6m0i4akq4dlp1b7aah"))))
+                "1197003bqcdpsyn6faasr2nhaadh7ryg92vjpqim78af3vwinsdw"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -2117,7 +2126,7 @@ ini-style description files.")
 (define-public kdesu
   (package
     (name "kdesu")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2126,7 +2135,7 @@ ini-style description files.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "04mx0d6kf8slgkkgbna3cyv4c491jvlwcwqxc7zikz0i03l341id"))))
+                "1qfhkzk6l9rfdyiad8y6k30zlhziz3q2dxvxkmnghxmkg98yhdza"))))
     (build-system cmake-build-system)
     (propagated-inputs
      `(("kpty" ,kpty)))
@@ -2148,7 +2157,7 @@ with su and ssh respectively.")
 (define-public kemoticons
   (package
     (name "kemoticons")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2157,7 +2166,7 @@ with su and ssh respectively.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "02h12qy0w6mcgkczi3md1znnvp7r47l8h416nd080ljpsydalgx8"))))
+                "1cx978s1dm3v1jh4aymncxs44iizdqp174dqg9m5mf043fcvvinq"))))
     (build-system cmake-build-system)
     (propagated-inputs
      `(("kservice" ,kservice)))
@@ -2189,7 +2198,7 @@ emoticons coming from different providers.")
 (define-public kglobalaccel
   (package
     (name "kglobalaccel")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2198,7 +2207,7 @@ emoticons coming from different providers.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1i32dq70qxjbfvlw0wqxvqvl6ysydmpg3zbiflff4z1qrmvmpw6a"))))
+                "1d84q3r6q5n2lclym9a9m1brfqnq3p3dykfpzvhcba3bjxh3cdsb"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -2232,7 +2241,7 @@ window does not need focus for them to be activated.")
 (define-public kiconthemes
   (package
     (name "kiconthemes")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2241,7 +2250,7 @@ window does not need focus for them to be activated.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0hbl82r6qc8dh9v9n9xjkx966czkq5yjxx2rx7sbilj2p9v3saii"))))
+                "1j7mgfsvxa24nf1d9xyn2jv9y9j523vghsvsm73x8d3ijibchfxq"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -2279,7 +2288,7 @@ in applications using the KDE Frameworks.")
 (define-public kinit
   (package
     (name "kinit")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2288,7 +2297,7 @@ in applications using the KDE Frameworks.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "08429kjihpaip73wszr3rsii8sdlwgm3kxx7g0hpjhkj9d2jq3m1"))))
+                "0b7dyy4hqyf6wk7gg2l23ldnji2zl8vzyj5wd5qh4yi7rdl6js5r"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -2326,7 +2335,7 @@ makes starting KDE applications faster and reduces memory consumption.")
 (define-public kio
   (package
     (name "kio")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2335,7 +2344,7 @@ makes starting KDE applications faster and reduces memory consumption.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1i23ld5b9gafh2x3lv79jbggbd92xyhk7rg3n765w3bsfpg2ijva"))))
+                "0nxchbhs8p2d4243dyp7qa65g1p6r3ic2h6dz7w0aa0qzsy8wi29"))))
     (build-system cmake-build-system)
     (propagated-inputs
      `(("kbookmarks" ,kbookmarks)
@@ -2401,7 +2410,7 @@ KIO enabled infrastructure.")
 (define-public knewstuff
   (package
     (name "knewstuff")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2410,7 +2419,7 @@ KIO enabled infrastructure.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "19d53ylwr92dzl9agk4j765zvb897rcm55z7pr6841aj58jk9b82"))))
+                "1scnxhxx4g8j4wml6x8i5v00rpaxyzzcm7vqbra2axbql5d8g8ny"))))
     (build-system cmake-build-system)
     (propagated-inputs
      `(("attica" ,attica)
@@ -2458,7 +2467,7 @@ specification.")
 (define-public knotifyconfig
   (package
     (name "knotifyconfig")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2467,7 +2476,7 @@ specification.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0lwl22vq770jyp45j32s0ss8yiqdwbink6cdhkbapg3pzbiwklyk"))))
+                "14kjckynszv8015p17j578l3knmkmw25d8r8ks4wavgj3db9bik5"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)))
@@ -2500,7 +2509,7 @@ notifications which can be embedded in your application.")
 (define-public kparts
   (package
     (name "kparts")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2509,7 +2518,7 @@ notifications which can be embedded in your application.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1a5n0f7ljdc2bm6vggzwbvpblyxjqn9m9pam70iab964pqqalgp7"))))
+                "0jrd8idkz8nhkda2rwgf8rysqngiv4r5ajmrzp2kfz1pr91a6l5h"))))
     (build-system cmake-build-system)
     (propagated-inputs
      `(("kio" ,kio)
@@ -2551,7 +2560,7 @@ widgets with a user-interface defined in terms of actions.")
 (define-public kpeople
   (package
     (name "kpeople")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2560,7 +2569,7 @@ widgets with a user-interface defined in terms of actions.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0krm74dl80s48nhiygga4dvkvqqimxdx4nczbk4qvj7j1g9p2rsh"))))
+                "1qgp4wqp985ac1m9wakpsvk3c2driwkwrjkc3aic7dyr1p456qsf"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)))
@@ -2594,7 +2603,7 @@ to easily extend the contacts collection.")
 (define-public krunner
   (package
     (name "krunner")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2603,7 +2612,7 @@ to easily extend the contacts collection.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0n527p708k719zgmvvbmp20xmg72f85cll05q05p4h317g7wz6i5"))))
+                "171qbhr1yszl2gcffm47p5wiwj71w9yhvk6srhvfpiwfyh61a4ld"))))
     (build-system cmake-build-system)
     (propagated-inputs
      `(("plasma-framework" ,plasma-framework)))
@@ -2624,6 +2633,7 @@ to easily extend the contacts collection.")
        ("kpackage" ,kpackage)
        ("kservice" ,kservice)
        ("kwidgetsaddons" ,kwidgetsaddons)
+       ("kwindowsystem" ,kwindowsystem)
        ("kxmlgui" ,kxmlgui)
        ("qtbase" ,qtbase)
        ("qtdeclarative" ,qtdeclarative)
@@ -2649,7 +2659,7 @@ typed.")
 (define-public kservice
   (package
     (name "kservice")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2658,7 +2668,7 @@ typed.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0sikwn49s2iq1nj518q55m2p0hvdvwm98cpf0dkjb1z1v6fgjc37"))))
+                "1zxs5yzd3rmy33vsip4c4igk9g38kzaggw8c29sxmgr8vgdrnvhr"))))
     (build-system cmake-build-system)
     (propagated-inputs
      `(("kconfig" ,kconfig)
@@ -2694,7 +2704,7 @@ types or handled by application specific code.")
 (define-public ktexteditor
   (package
     (name "ktexteditor")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2703,7 +2713,7 @@ types or handled by application specific code.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "182a0swfgdqr0faq3ksk6hlfvdi1afd0hpys5vayjjf263m19xxw"))))
+                "0y04s1nwkf0np6iymjxf0jssin28qw2901kpb3iw8gd52ni5rrks"))))
     (build-system cmake-build-system)
     (propagated-inputs
      `(("kparts" ,kparts)))
@@ -2764,7 +2774,7 @@ library.")
 (define-public ktextwidgets
   (package
     (name "ktextwidgets")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2773,7 +2783,7 @@ library.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1hri34b373bww5gv14qli2nm77k05pk170nbb2vv2zvzv93g25gw"))))
+                "1p8ns75sbnapm6ds16hx36q9vlnz9phgy28rx0gm1ckxqvm4yzr5"))))
     (build-system cmake-build-system)
     (propagated-inputs
      `(("ki18n" ,ki18n)
@@ -2811,7 +2821,7 @@ It supports rich text as well as plain text.")
 (define-public kwallet
   (package
     (name "kwallet")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2820,7 +2830,7 @@ It supports rich text as well as plain text.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "08z3ddsam5n5qn2svscp4hgksf6qd1h8lqw1v382p01nnmhxadz5"))))
+                "1l7jl3y0rzx2whnbp6w5p6kg71vwyccp2nwxxgcxr6541m0nihsz"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)))
@@ -2852,7 +2862,7 @@ the passwords on KDE work spaces.")
 (define-public kxmlgui
   (package
     (name "kxmlgui")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2861,7 +2871,7 @@ the passwords on KDE work spaces.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1v8m6qzjqg3ic14a5ki37bf13kifzcbhly68zcxgs5b92hr953iy"))))
+                "0jrvjlxkg9knj61b2gj2w6l96jlmww9kn4ij808ir35365x3cdg2"))))
     (build-system cmake-build-system)
     (propagated-inputs
      `(("kconfig" ,kconfig)
@@ -2904,7 +2914,7 @@ descriptions for integrating actions from plugins.")
 (define-public kxmlrpcclient
   (package
     (name "kxmlrpcclient")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2913,7 +2923,7 @@ descriptions for integrating actions from plugins.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0kp3ab50m5jl2jgw883ip67s6gs0l3saprzrqa9r3hydn2c4s3md"))))
+                "1jn9v86dpfx43qcdcsp6lpnga9q6aa5vxjkkg4wg0wbxmw4w9gvq"))))
     (build-system cmake-build-system)
     (propagated-inputs
      `(("kio" ,kio)))
@@ -2947,7 +2957,7 @@ setUrl, setUserAgent and call.")
 (define-public plasma-framework
   (package
     (name "plasma-framework")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2956,7 +2966,7 @@ setUrl, setUserAgent and call.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0waicqskfwc8xpmrym165hwlfv6nzbwc783sac5vrhbyk4bwk8x9"))))
+                "0kamvxfzrbx3msn0cp3k20clqchz9jg5wlazz3h6p6zmrk5v16bh"))))
     (build-system cmake-build-system)
     (propagated-inputs
      `(("kpackage" ,kpackage)
@@ -3042,7 +3052,7 @@ script engines.")
 (define-public kde-frameworkintegration
   (package
     (name "kde-frameworkintegration")
-    (version "5.34.0")
+    (version "5.37.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -3051,7 +3061,7 @@ script engines.")
                     "frameworkintegration-" version ".tar.xz"))
               (sha256
                (base32
-                "0hq1r2znjzy0wzm3nsclqmih1aia5300bsf87a2l4919q0ildb20"))))
+                "0pcy3hjqbahbx65yxz5bl0h2ah4y3fb7mq3pj1rrp2cpp92s135a"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -3099,7 +3109,7 @@ workspace.")
 (define-public kdelibs4support
   (package
     (name "kdelibs4support")
-    (version "5.34.0")
+    (version "5.37.0")
     (source
      (origin
        (method url-fetch)
@@ -3108,7 +3118,7 @@ workspace.")
              (version-major+minor version) "/portingAids/"
              name "-" version ".tar.xz"))
        (sha256
-        (base32 "0q9jjsjcvc43va4yvfay2xi40vb95lnqhgzavpqcndzjihixwmi0"))))
+        (base32 "1zz100m1sqfmg3ni7023b99qn79jhdd2ryw6534axl5zgn0sglh9"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("dbus" ,dbus)
@@ -3210,7 +3220,7 @@ http://community.kde.org/Frameworks/Porting_Notes should help with this.")
 (define-public khtml
   (package
     (name "khtml")
-    (version "5.34.0")
+    (version "5.37.0")
     (source
      (origin
        (method url-fetch)
@@ -3219,13 +3229,14 @@ http://community.kde.org/Frameworks/Porting_Notes should help with this.")
              (version-major+minor version) "/portingAids/"
              name "-" version ".tar.xz"))
        (sha256
-        (base32 "0j490jfnz8pbfl1i11wj514nw0skpnxr2fvi9pqpfql9lfhsanxv"))))
+        (base32 "1n0mx2xy9n5ffhvh58z3kn61aa7dhppsrwgxk697pybqy1h45ah2"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
        ("perl", perl)))
     (inputs
      `(("giflib" ,giflib)
+       ("gperf" ,gperf)
        ("karchive" ,karchive)
        ("kcodecs" ,kcodecs)
        ("kglobalaccel" ,kglobalaccel)
@@ -3268,7 +3279,7 @@ technology and using KJS for JavaScript support.")
 (define-public kjs
   (package
     (name "kjs")
-    (version "5.34.0")
+    (version "5.37.0")
     (source
      (origin
        (method url-fetch)
@@ -3277,7 +3288,7 @@ technology and using KJS for JavaScript support.")
              (version-major+minor version) "/portingAids/"
              name "-" version ".tar.xz"))
        (sha256
-        (base32 "18b7k1hi73iqn06c1ryy9lcmvscr9d08q7n1wwkrn0l2xmy05xsq"))))
+        (base32 "046hy8ji4i6p2xp5gnqa8dk82sv6sbh4xg67y79i82bbi97dvq9b"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -3301,7 +3312,7 @@ support.")
 (define-public kjsembed
   (package
     (name "kjsembed")
-    (version "5.34.0")
+    (version "5.37.0")
     (source
      (origin
        (method url-fetch)
@@ -3310,7 +3321,7 @@ support.")
              (version-major+minor version) "/portingAids/"
              name "-" version ".tar.xz"))
        (sha256
-        (base32 "17w8i370pqks1fj3pcziz7j014chnc6yi7md7w2p4xprw54pbmbk"))))
+        (base32 "0w2wk5azf1b45db58qj0cdc1l056x9s1xcd09ibavx5xmdvq6br0"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -3330,7 +3341,7 @@ QObjects, so you can script your applications.")
 (define-public kmediaplayer
   (package
     (name "kmediaplayer")
-    (version "5.34.0")
+    (version "5.37.0")
     (source
      (origin
        (method url-fetch)
@@ -3339,7 +3350,7 @@ QObjects, so you can script your applications.")
              (version-major+minor version) "/portingAids/"
              name "-" version ".tar.xz"))
        (sha256
-        (base32 "1mq87qf86sdvwhas4w7rspd221qp4x9kds4nd0lpldiay4483k86"))))
+        (base32 "0fqxrkcwwzg11zsax9q169lisnfp9jsqg4ccd6xvv8kpkz3g04jp"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -3376,7 +3387,7 @@ KParts instead.")
 (define-public kross
   (package
     (name "kross")
-    (version "5.34.0")
+    (version "5.37.0")
     (source
      (origin
        (method url-fetch)
@@ -3385,7 +3396,7 @@ KParts instead.")
              (version-major+minor version) "/portingAids/"
              name "-" version ".tar.xz"))
        (sha256
-        (base32 "092qz8vyiialv9fvk4wvn8mrfhz5i5hnbq0xnz6nvi1pk3db6bxq"))))
+        (base32 "06pk6f6v82pd7x9rsmkhkp5r9sgcbrc503lqckl8d7argbb7j4k1"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
diff --git a/gnu/packages/kde.scm b/gnu/packages/kde.scm
index 0a416148cb..2e46a3c924 100644
--- a/gnu/packages/kde.scm
+++ b/gnu/packages/kde.scm
@@ -258,7 +258,7 @@ used in KDE development tools Kompare and KDevelop.")
 (define-public libksysguard
   (package
     (name "libksysguard")
-    (version "5.8.2")
+    (version "5.10.4")
     (source
      (origin
        (method url-fetch)
@@ -266,7 +266,7 @@ used in KDE development tools Kompare and KDevelop.")
                            "/libksysguard-" version ".tar.xz"))
        (sha256
         (base32
-         "158n30wbpsgbw3axhhsc58hnwhwdd02j3zc9hhcybmnbkfl5c96l"))))
+         "01w0laywva0p0ar2lvr1k5000bhjikjfxsb4f6p30qswrchrmrh3"))))
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
        ("pkg-config" ,pkg-config)))
@@ -300,10 +300,15 @@ used in KDE development tools Kompare and KDevelop.")
              ;; KF5AuthConfig.cmake.in contains this already.
              (substitute* "processcore/CMakeLists.txt"
                (("KAUTH_HELPER_INSTALL_DIR") "KDE_INSTALL_LIBEXECDIR"))))
+         (add-before 'check 'check-setup
+           (lambda _
+             ;; make Qt render "offscreen", required for tests
+             (setenv "QT_QPA_PLATFORM" "offscreen")))
          (replace 'check
-           (lambda _         ;other tests require a display and therefore fail
-             (zero? (system* "ctest" "-R" "chronotest")))))))
-    (home-page "https://www.kde.org/info/plasma-5.8.2.php")
+           (lambda _
+             ;; TODO: Fix this failing test-case
+             (zero? (system* "ctest" "-E" "processtest")))))))
+    (home-page "https://www.kde.org/info/plasma-5.10.4.php")
     (synopsis "Network enabled task and system monitoring")
     (description "KSysGuard can obtain information on system load and
 manage running processes.  It obtains this information by interacting
diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
index 58f6197700..48b2204190 100644
--- a/gnu/packages/kerberos.scm
+++ b/gnu/packages/kerberos.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2012, 2013 Nikita Karetnikov <nikita@karetnikov.org>
 ;;; Copyright © 2012, 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -23,8 +24,10 @@
 
 (define-module (gnu packages kerberos)
   #:use-module (gnu packages)
+  #:use-module (gnu packages autotools)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages perl)
+  #:use-module (gnu packages gettext)
   #:use-module (gnu packages gnupg)
   #:use-module (gnu packages libidn)
   #:use-module (gnu packages linux)
@@ -32,6 +35,7 @@
   #:use-module (gnu packages compression)
   #:use-module (gnu packages databases)
   #:use-module (gnu packages readline)
+  #:use-module (gnu packages texinfo)
   #:use-module (gnu packages tls)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
@@ -42,7 +46,7 @@
 (define-public mit-krb5
   (package
     (name "mit-krb5")
-    (version "1.14.4")
+    (version "1.15.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
@@ -50,20 +54,13 @@
                                   "/krb5-" version ".tar.gz"))
               (sha256
                (base32
-                "158bgq9xcg5ljgzia1880ak7m9g6vf2r009rzdqif5n9h111m9h3"))))
+                "0igbi5d095c2hgpn2cixpc4q2ij8vgg2bx7yjfly5zfmvlqqhz23"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("bison" ,bison)
        ("perl" ,perl)))
     (arguments
-     `(;; Work around "No rule to make target '../../include/gssapi/gssapi.h',
-       ;; needed by 'authgss_prot.so'."
-       #:parallel-build? #f
-
-       ;; Likewise with tests.
-       #:parallel-tests? #f
-
-       ;; XXX: On 32-bit systems, 'kdb5_util' hangs on an fcntl/F_SETLKW call
+     `(;; XXX: On 32-bit systems, 'kdb5_util' hangs on an fcntl/F_SETLKW call
        ;; while running the tests in 'src/tests'.
        #:tests? ,(string=? (%current-system) "x86_64-linux")
 
@@ -105,25 +102,23 @@ cryptography.")
       (method url-fetch)
       (uri (string-append "mirror://gnu/shishi/shishi-"
                           version ".tar.gz"))
+      (patches (search-patches "shishi-fix-libgcrypt-detection.patch"))
       (sha256
        (base32
         "032qf72cpjdfffq1yq54gz3ahgqf2ijca4vl31sfabmjzq9q370d"))))
     (build-system gnu-build-system)
+    (arguments
+     '(;; This is required since we patch some of the build scripts.
+       ;; Remove for the next Shishi release after 1.0.2 or when
+       ;; removing 'shishi-fix-libgcrypt-detection.patch'.
+       #:configure-flags '("ac_cv_libgcrypt=yes")))
     (native-inputs `(("pkg-config" ,pkg-config)))
     (inputs
      `(("gnutls" ,gnutls)
        ("libidn" ,libidn)
        ("linux-pam" ,linux-pam-1.2)
        ("zlib" ,zlib)
-       ;; libgcrypt 1.6 fails because of the following test:
-       ;;  #include <gcrypt.h>
-       ;; /* GCRY_MODULE_ID_USER was added in 1.4.4 and gc-libgcrypt.c
-       ;;    will fail on startup if we don't have 1.4.4 or later, so
-       ;;    test for it early. */
-       ;; #if !defined GCRY_MODULE_ID_USER
-       ;; error too old libgcrypt
-       ;; #endif
-       ("libgcrypt" ,libgcrypt-1.5)
+       ("libgcrypt" ,libgcrypt)
        ("libtasn1" ,libtasn1)))
     (home-page "https://www.gnu.org/software/shishi/")
     (synopsis "Implementation of the Kerberos 5 network security system")
@@ -144,6 +139,8 @@ secure manner through client-server mutual authentication via tickets.")
               (sha256
                (base32
                 "19gypf9vzfrs2bw231qljfl4cqc1riyg0ai0xmm1nd1wngnpphma"))
+              (patches (search-patches "heimdal-CVE-2017-6594.patch"
+                                       "heimdal-CVE-2017-11103.patch"))
               (modules '((guix build utils)))
               (snippet
                '(substitute* "configure"
diff --git a/gnu/packages/ld-wrapper.in b/gnu/packages/ld-wrapper.in
index ebfd8332c4..82bd2196cf 100644
--- a/gnu/packages/ld-wrapper.in
+++ b/gnu/packages/ld-wrapper.in
@@ -15,7 +15,7 @@ main="(@ (gnu build-support ld-wrapper) ld-wrapper)"
 exec @GUILE@ -c "(load-compiled \"@SELF@.go\") (apply $main (cdr (command-line)))" "$@"
 !#
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -35,6 +35,7 @@ exec @GUILE@ -c "(load-compiled \"@SELF@.go\") (apply $main (cdr (command-line))
 (define-module (gnu build-support ld-wrapper)
   #:use-module (srfi srfi-1)
   #:use-module (ice-9 match)
+  #:autoload   (ice-9 rdelim) (read-string)
   #:export (ld-wrapper))
 
 ;;; Commentary:
@@ -222,9 +223,44 @@ impure library ~s~%"
               '()
               library-files))
 
+(define (expand-arguments args)
+  ;; Expand ARGS such that "response file" arguments, such as "@args.txt", are
+  ;; expanded (info "(gcc) Overall Options").
+  (define (response-file-arguments file)
+    (when %debug?
+      (format (current-error-port)
+              "ld-wrapper: attempting to read arguments from '~a'~%" file))
+
+    ;; FIXME: Options can contain whitespace if they are protected by single
+    ;; or double quotes; this is not implemented here.
+    (string-tokenize (call-with-input-file file read-string)))
+
+  (define result
+    (fold-right (lambda (arg result)
+                  (if (string-prefix? "@" arg)
+                      (let ((file (string-drop arg 1)))
+                        (append (catch 'system-error
+                                  (lambda ()
+                                    (response-file-arguments file))
+                                  (lambda args
+                                    ;; FILE doesn't exist or cannot be read so
+                                    ;; leave ARG as is.
+                                    (list arg)))
+                                result))
+                      (cons arg result)))
+                '()
+                args))
+
+  ;; If there are "@" arguments in RESULT *and* we can expand them (they don't
+  ;; refer to nonexistent files), then recurse.
+  (if (equal? result args)
+      result
+      (expand-arguments result)))
+
 (define (ld-wrapper . args)
   ;; Invoke the real `ld' with ARGS, augmented with `-rpath' switches.
-  (let* ((path (library-search-path args))
+  (let* ((args (expand-arguments args))
+         (path (library-search-path args))
          (libs (library-files-linked args path))
          (args (append args (rpath-arguments libs))))
     (when %debug?
diff --git a/gnu/packages/ldc.scm b/gnu/packages/ldc.scm
index 918843c077..25fcb514d0 100644
--- a/gnu/packages/ldc.scm
+++ b/gnu/packages/ldc.scm
@@ -279,7 +279,7 @@ latest DMD frontend and uses LLVM as backend.")
 (define-public dub
   (package
     (name "dub")
-    (version "1.3.0")
+    (version "1.4.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/dlang/dub/archive/"
@@ -287,7 +287,7 @@ latest DMD frontend and uses LLVM as backend.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "056mvf01z51qc3i1qnx7yaqr728q8pss8zabiv5zpfx2ynfsw3k7"))))
+                "0hpl5srbrzwzv8abc96j4cgbmvm1zhr109ljbl7hrphzzc39zyan"))))
    (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; it would have tested itself by installing some packages (vibe etc)
diff --git a/gnu/packages/lego.scm b/gnu/packages/lego.scm
index d47be5dfb4..d5e5de1c1f 100644
--- a/gnu/packages/lego.scm
+++ b/gnu/packages/lego.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2016, 2017 Eric Bavier <bavier@member.fsf.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -23,7 +23,10 @@
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages)
   #:use-module (gnu packages bison)
-  #:use-module (gnu packages flex))
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages flex)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages qt))
 
 (define-public nqc
   (package
@@ -65,3 +68,57 @@ MINDSTORMS products.  The preprocessor and control structures of NQC are very
 similar to C.  NQC is not a general purpose language -- there are many
 restrictions that stem from limitations of the standard RCX firmware.")
     (license license:mpl1.0)))
+
+(define-public leocad
+  (package
+    (name "leocad")
+    (version "17.07")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/leozide/leocad/"
+                                  "archive/v" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "02gm4950zlmsw4sxmdwypgkybn51b02qnmmk6rzjdr8si4k6gikq"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("qttools" ,qttools)))           ;for lrelease
+    (inputs
+     `(("mesa" ,mesa)
+       ("qtbase" ,qtbase)
+       ("zlib" ,zlib)))
+    (arguments
+     '(#:tests? #f
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda* (#:key outputs inputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (zero? (system* "qmake"
+                               (string-append "INSTALL_PREFIX=" out)
+                               ;; Otherwise looks for lrelease-qt4
+                               "QMAKE_LRELEASE=lrelease"
+                               ;; Don't pester users about updates
+                               "DISABLE_UPDATE_CHECK=1")))))
+         (add-after 'configure 'reset-resource-timestamps
+           (lambda _
+             ;; The contents of build/release/.qrc/qrc_leocad.cpp generated by
+             ;; qt's rcc tool depends on the timestamps in resources/*, in
+             ;; particular the leocad_*.qm files that are created by qmake
+             ;; above.  So reset those timestamps for a reproducible build.
+             (with-directory-excursion "resources"
+               (for-each (lambda (file)
+                           (let* ((base (basename file ".qm"))
+                                  (src (string-append base ".ts"))
+                                  (st (stat src)))
+                             (set-file-time file st)))
+                         (find-files "." "leocad_.*\\.qm"))))))))
+    (home-page "http://www.leocad.org")
+    (synopsis "Create virtual Lego models")
+    (description
+     "LeoCAD is a program for creating virtual LEGO models.  It has an
+intuitive interface, designed to allow new users to start creating new models
+without having to spend too much time learning the application.  LeoCAD is
+fully compatible with the LDraw Standard and related tools.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm
index c903352bbc..4f6064e939 100644
--- a/gnu/packages/libevent.scm
+++ b/gnu/packages/libevent.scm
@@ -121,7 +121,7 @@ programs.")
 (define-public libuv
   (package
     (name "libuv")
-    (version "1.11.0")
+    (version "1.12.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/libuv/libuv/archive/v"
@@ -129,7 +129,7 @@ programs.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0yhw86011l2dg2prms0d86szygrix4pxpgnyzs7iljy2xk3fxivf"))))
+                "0l0jrb5q3i8br10c8skc6xdwlxkmlpn3n0kngaqd68fsi1593kj1"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases (alist-cons-after
@@ -157,20 +157,20 @@ similar IOCP, and event ports, asynchronous TCP/UDP sockets, asynchronous DNS
 resolution, asynchronous file system operations, and threading primitives.")
 
     ;; A few files fall under other non-copyleft licenses; see 'LICENSE' for
-    ;; details.
-    (license x11)))
+    ;; details.  Documentation is CC-BY 4.0 as of 1.12.0; see 'LICENSE-docs'.
+    (license (list expat cc-by4.0))))
 
 (define-public perl-anyevent
   (package
     (name "perl-anyevent")
-    (version "7.13")
+    (version "7.14")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/M/ML/MLEHMANN/"
                                   "AnyEvent-" version ".tar.gz"))
               (sha256
                (base32
-                "1b84ilkbrfbzqapv25x8z6gva92skbrf2srybdabb1wnxx6ky454"))))
+                "0akxr9y0q9yjkl614x4clbiiayvh5a67y8gmci54plxs4p95i4sk"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-canary-stability" ,perl-canary-stability)))
diff --git a/gnu/packages/libffi.scm b/gnu/packages/libffi.scm
index 13938f7ee8..16475affe6 100644
--- a/gnu/packages/libffi.scm
+++ b/gnu/packages/libffi.scm
@@ -42,7 +42,8 @@
                              name "-" version ".tar.gz"))
              (sha256
               (base32
-               "0dya49bnhianl0r65m65xndz6ls2jn1xngyn72gd28ls3n7bnvnh"))))
+               "0dya49bnhianl0r65m65xndz6ls2jn1xngyn72gd28ls3n7bnvnh"))
+             (patches (search-patches "libffi-3.2.1-complex-alpha.patch"))))
     (build-system gnu-build-system)
     (arguments `(#:phases (alist-cons-after 'install 'post-install
                                             ,post-install-phase
diff --git a/gnu/packages/libidn.scm b/gnu/packages/libidn.scm
index da6c7efb6f..fc91fe263e 100644
--- a/gnu/packages/libidn.scm
+++ b/gnu/packages/libidn.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -20,6 +20,7 @@
 
 (define-module (gnu packages libidn)
   #:use-module (gnu packages)
+  #:use-module (gnu packages compression)
   #:use-module (gnu packages libunistring)
   #:use-module (guix licenses)
   #:use-module (guix packages)
@@ -53,42 +54,19 @@ Java libraries.")
 (define-public libidn2
   (package
     (name "libidn2")
-    (version "0.16")
+    (version "2.0.2")
     (source (origin
               (method url-fetch)
-              (uri (string-append "ftp://alpha.gnu.org/gnu/libidn/libidn2-"
-                                  version ".tar.gz"))
+              (uri (string-append "mirror://gnu/libidn/" name "-" version
+                                  ".tar.lz"))
               (sha256
                (base32
-                "13v8kh4d5nfkymai88zlw3h7k4x9khrpdpv97waf4ah8ykzrxb9g"))))
-    ;; XXX: Make sure to remove the 'create-pkg-config' phase
-    ;; below when this package is updated to >= 0.17.
+                "0pqaj8d01aj4i110669fincqs10kgynyqcrmq2q7pss8v9dcd1jq"))))
+    (native-inputs
+     `(("lzip" ,lzip)))
     (inputs
      `(("libunistring" ,libunistring)))
     (build-system gnu-build-system)
-    (arguments
-     `(#:phases
-       (modify-phases %standard-phases
-         (add-after 'install 'create-pkgconfig-file
-           (lambda* (#:key outputs #:allow-other-keys)
-             (let* ((out (assoc-ref outputs "out"))
-                    (pkgconfig (string-append out "/lib/pkgconfig")))
-               (mkdir-p pkgconfig)
-               (call-with-output-file (string-append pkgconfig "/libidn2.pc")
-                 (lambda (port)
-                   (format port "prefix=~a
-exec_prefix=${prefix}
-libdir=${exec_prefix}/lib
-includedir=${prefix}/include
-
-Name: Libidn2
-Description: Library implementing IDNA2008 and TR46
-Version: ~a
-Libs: -L${libdir} -lidn2
-Cflags: -I${includedir}
-"
-                           out ,version)))
-               #t))))))
     (synopsis "Internationalized domain name library for IDNA2008")
     (description "Libidn2 is an internationalized domain library implementing
 the IDNA2008 specifications.   Libidn2 is believed to be a complete IDNA2008
diff --git a/gnu/packages/libreoffice.scm b/gnu/packages/libreoffice.scm
index b49e360205..cca222b1f8 100644
--- a/gnu/packages/libreoffice.scm
+++ b/gnu/packages/libreoffice.scm
@@ -4,6 +4,8 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017 Andy Wingo <wingo@igalia.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -614,14 +616,14 @@ spreadsheet documents.")
 (define-public libstaroffice
   (package
     (name "libstaroffice")
-    (version "0.0.3")
+    (version "0.0.4")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://github.com/fosnola/libstaroffice/releases/download/"
                            version "/libstaroffice-" version ".tar.xz"))
        (sha256 (base32
-                "1ii2wi3wr5npyz9gby1bjk8r4wyflpfpc6gx7mmqkhsc9c8frpmy"))))
+                "0flh0hs31fsq1dmkhf2502lxskiy7fbj5q8gn4b4f502s228fwkf"))))
     (build-system gnu-build-system)
     (inputs
      `(("librevenge" ,librevenge)
@@ -695,19 +697,29 @@ Zoner Draw version 4 and 5.")
 (define-public hunspell
   (package
     (name "hunspell")
-    (version "1.5.4")
+    (version "1.6.1")
     (source
      (origin
       (method url-fetch)
       (uri (string-append "https://github.com/hunspell/hunspell/archive/v"
                           version ".tar.gz"))
       (sha256 (base32
-               "0ngwk18dwd8p5a5f20h2jlgrz9wbc1k189mmmprb2zmqwfi02b45"))
+               "0j9c20sj7bgd6f77193g1ihy8w905byk2gdhdc0r9dsh7irr7x9h"))
       (file-name (string-append name "-" version ".tar.gz"))))
     (build-system gnu-build-system)
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("libtool" ,libtool)))
     (inputs
      `(("perl" ,perl)))
-    (home-page "http://hunspell.sourceforge.net/")
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'bootstrap
+           (lambda _
+             (zero? (system* "autoreconf" "-vfi")))))))
+    (home-page "https://hunspell.github.io/")
     (synopsis "Spell checker")
     (description "Hunspell is a spell checker and morphological analyzer
 library and program designed for languages with rich morphology and complex
@@ -777,7 +789,7 @@ and to return information on pronunciations, meanings and synonyms.")
 (define-public libreoffice
   (package
     (name "libreoffice")
-    (version "5.3.2.2")
+    (version "5.3.5.2")
     (source
      (origin
       (method url-fetch)
@@ -786,7 +798,7 @@ and to return information on pronunciations, meanings and synonyms.")
           "http://download.documentfoundation.org/libreoffice/src/"
           (version-prefix version 3) "/libreoffice-" version ".tar.xz"))
       (sha256 (base32
-               "1bcy1wx2cixawpd6cpivakwcwv8ryyy25kdw0fbci319p5gaj4c8"))))
+               "1sknmb9bhm8mxyfycqbwng1jqs4avyp1ffcla7dhlpwqs1aqxvx5"))))
     (build-system gnu-build-system)
     (native-inputs
      `(;; autoreconf is run by the LibreOffice build system, since after
@@ -825,6 +837,7 @@ and to return information on pronunciations, meanings and synonyms.")
        ("libetonyek" ,libetonyek)
        ("libexttextcat" ,libexttextcat)
        ("libfreehand" ,libfreehand)
+       ("liblangtag" ,liblangtag)
        ("libmspub" ,libmspub)
        ("libmwaw" ,libmwaw)
        ("libodfgen" ,libodfgen)
@@ -887,23 +900,60 @@ and to return information on pronunciations, meanings and synonyms.")
                  (substitute* "external/libxmlsec/ExternalProject_xmlsec.mk"
                    (("./configure") "$(CONFIG_SHELL) ./configure" ))
                  #t)))
-           (add-after 'install 'bin-install
+           (add-after 'install 'bin-and-desktop-install
              ;; Create 'soffice' and 'libreoffice' symlinks to the executable
              ;; script.
              (lambda* (#:key outputs #:allow-other-keys)
-               (let* ((out (assoc-ref outputs "out"))
-                      (bin (string-append out "/bin"))
-                      (soffice (string-append
-                                out "/lib/libreoffice/program/soffice")))
-                 (mkdir bin)
-                 (symlink soffice (string-append bin "/soffice"))
-                 (symlink soffice (string-append bin "/libreoffice")))
+               (let ((out (assoc-ref outputs "out")))
+                 (define (symlink-output src dst)
+                   (mkdir-p (dirname (string-append out dst)))
+                   (symlink (string-append out src) (string-append out dst)))
+                 (define (install src dst)
+                   (let ((dst (string-append out dst)))
+                     (mkdir-p (dirname dst))
+                     (copy-file src dst)))
+                 (define (install-desktop-file app)
+                   (let ((src (string-append "/lib/libreoffice/share/xdg/"
+                                             app ".desktop"))
+                         (dst (string-append "/share/applications/libreoffice-"
+                                             app ".desktop")))
+                     (substitute* (string-append out src)
+                       (("Exec=libreoffice[0-9]+\\.[0-9]+ ")
+                        (string-append "Exec=" out "/bin/libreoffice "))
+                       (("Icon=libreoffice.*")
+                        (string-append "Icon=" app "\n"))
+                       (("LibreOffice [0-9]+\\.[0-9]+")
+                        "LibreOffice"))
+                     (symlink-output src dst)))
+                 (define (install-appdata app)
+                   (install-file (string-append
+                                    "sysui/desktop/appstream-appdata/"
+                                    "libreoffice-" app ".appdata.xml")
+                                   (string-append out "/share/appdata")))
+                 (symlink-output "/lib/libreoffice/program/soffice"
+                                 "/bin/soffice")
+                 (symlink-output "/lib/libreoffice/program/soffice"
+                                 "/bin/libreoffice")
+                 (install "workdir/CustomTarget/sysui/share/libreoffice/openoffice.keys"
+                          "/share/mime-info/libreoffice.keys")
+                 (install "workdir/CustomTarget/sysui/share/libreoffice/openoffice.mime"
+                          "/share/mime-info/libreoffice.mime")
+                 (install
+                  "workdir/CustomTarget/sysui/share/libreoffice/openoffice.org.xml"
+                  "/share/mime/packages/libreoffice.xml")
+                 (for-each install-desktop-file
+                           '("base" "calc" "draw" "impress" "writer"
+                             "math" "startcenter"))
+                 (for-each install-appdata
+                           '("base" "calc" "draw" "impress" "writer"))
+                 (mkdir-p (string-append out "/share/icons/hicolor"))
+                 (copy-recursively "sysui/desktop/icons/hicolor"
+                                   (string-append out "/share/icons/hicolor")))
                #t)))
        #:configure-flags
         (list
           "--enable-release-build"
           "--enable-verbose"
-          "--without-parallelism" ; otherwise the build fails
           "--disable-fetch-external" ; disable downloads
           "--with-system-libs" ; enable all --with-system-* flags
           (string-append "--with-boost-libdir="
@@ -923,8 +973,7 @@ and to return information on pronunciations, meanings and synonyms.")
           "--disable-firebird-sdbc" ; embedded firebird
           "--disable-gltf"
           "--without-doxygen"
-          "--disable-gtk3"
-          "--disable-liblangtag")))
+          "--disable-gtk3")))
     (home-page "https://www.libreoffice.org/")
     (synopsis "Office suite")
     (description "LibreOffice is a comprehensive office suite.  It contains
diff --git a/gnu/packages/libsigsegv.scm b/gnu/packages/libsigsegv.scm
index 41e7345351..2a44819820 100644
--- a/gnu/packages/libsigsegv.scm
+++ b/gnu/packages/libsigsegv.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -25,14 +26,14 @@
 (define-public libsigsegv
   (package
    (name "libsigsegv")
-   (version "2.10")
+   (version "2.11")
    (source (origin
             (method url-fetch)
             (uri (string-append
                   "mirror://gnu/libsigsegv/libsigsegv-"
                   version ".tar.gz"))
             (sha256
-             (base32 "16hrs8k3nmc7a8jam5j1fpspd6sdpkamskvsdpcw6m29vnis8q44"))))
+             (base32 "063swdvq7mbmc1clv0rnh20grwln1zfc2qnm0sa1hivcxyr2wz6x"))))
    (build-system gnu-build-system)
    (home-page "https://www.gnu.org/software/libsigsegv/")
    (synopsis "Library for handling page faults")
@@ -44,12 +45,12 @@
     ;; linux-libre-headers-cross-mips64el-linux-gnu-3.3.8/include/asm/sigcontext.h:57:8: error: redefinition of 'struct sigcontext'
     (if (string-contains (or (%current-target-system) (%current-system))
                          "mips64el")
-        `(#:phases (alist-cons-before
-                    'configure 'patch-mips-old-h
-                    (lambda _
-                      (substitute* "src/fault-linux-mips-old.h"
-                        (("#include <asm/sigcontext\\.h>") "")))
-                    %standard-phases))
+        `(#:phases (modify-phases %standard-phases
+                     (add-before 'configure 'patch-mips-old-h
+                       (lambda _
+                         (substitute* "src/fault-linux-mips-old.h"
+                           (("#include <asm/sigcontext\\.h>") ""))
+                         #t))))
         '()))
    (description
     "GNU libsigsegv is a library to handle page faults, which occur when a
diff --git a/gnu/packages/libunistring.scm b/gnu/packages/libunistring.scm
index 212bec4b49..df02f68cea 100644
--- a/gnu/packages/libunistring.scm
+++ b/gnu/packages/libunistring.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -24,6 +25,7 @@
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
+  #:use-module (gnu packages)
   #:use-module (gnu packages base))
 
 (define-public libunistring
@@ -37,7 +39,11 @@
                   version ".tar.xz"))
             (sha256
              (base32
-              "15z76qrmrvkc3c6hfq2lzzqysgd21s682f2smycfab5g598n8drf"))))
+              "15z76qrmrvkc3c6hfq2lzzqysgd21s682f2smycfab5g598n8drf"))
+             ;; test-lock has performance issues on multi-core machines,
+             ;; it hangs or takes a long time to complete.
+             ;; This is a commit from gnulib to fix this issue.
+            (patches (search-patches "libunistring-gnulib-multi-core.patch"))))
    (propagated-inputs (libiconv-if-needed))
    (build-system gnu-build-system)
    (arguments
diff --git a/gnu/packages/libusb.scm b/gnu/packages/libusb.scm
index ffbe5b1a88..ed97ed9de7 100644
--- a/gnu/packages/libusb.scm
+++ b/gnu/packages/libusb.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Theodoros Foradis <theodoros.for@openmailbox.org>
+;;; Copyright © 2017 Jonathan Brielmaier <jonathan.brielmaier@web.de>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -95,6 +96,21 @@ devices on various operating systems.")
 version of libusb to run with newer libusb.")
     (license lgpl2.1+)))
 
+;; required by 0xffff, which compiles with libusb-compat, but executes only
+;; with libusb-0.1
+(define-public libusb-0.1
+  (package (inherit libusb)
+    (version "0.1.12")
+    (source
+     (origin
+      (method url-fetch)
+      (uri (string-append "mirror://sourceforge/libusb/libusb-0.1 (LEGACY)/"
+                          version "/libusb-" version ".tar.gz"))
+      (sha256
+       (base32
+        "0i4bacxkyr7xyqxbmb00ypkrv4swkgm0mghbzjsnw6blvvczgxip"))
+      (patches (search-patches "libusb-0.1-disable-tests.patch"))))))
+
 (define-public libusb4java
   ;; There is no public release so we take the latest version from git.
   (let ((commit "396d642a57678a0d9663b062c980fe100cc0ea1e")
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 54cf800f0f..304e0b7efa 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -101,11 +101,13 @@
   #:use-module (gnu packages xorg)
   #:use-module (gnu packages groff)
   #:use-module (gnu packages selinux)
+  #:use-module (gnu packages swig)
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system python)
   #:use-module (guix build-system trivial)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix utils)
@@ -123,6 +125,7 @@
           ((string-prefix? "arm" arch) "arm")
           ((string-prefix? "aarch64" arch) "arm64")
           ((string-prefix? "alpha" arch) "alpha")
+          ((string-prefix? "powerpc" arch) "powerpc") ;including "powerpc64le"
           (else arch))))
 
 (define-public (system->defconfig system)
@@ -130,6 +133,7 @@
 defconfig.  Return the appropiate make target if applicable, otherwise return
 \"defconfig\"."
   (cond ((string-prefix? "powerpc-" system) "pmac32_defconfig")
+        ((string-prefix? "powerpc64le-" system) "ppc64_defconfig")
         (else "defconfig")))
 
 (define (linux-libre-urls version)
@@ -340,7 +344,7 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration."
                     (kmod   (assoc-ref (or native-inputs inputs) "kmod")))
                ;; Install kernel image, kernel configuration and link map.
                (for-each (lambda (file) (install-file file out))
-                         (find-files "." "^(\\.config|bzImage|zImage|vmlinuz|System\\.map)$"))
+                         (find-files "." "^(\\.config|bzImage|zImage|Image|vmlinuz|System\\.map)$"))
                ;; Install device tree files
                (for-each (lambda (file) (install-file file dtbdir))
                          (find-files "." "\\.dtb$"))
@@ -363,8 +367,8 @@ It has been modified to remove all non-free binary blobs.")
 
 (define %intel-compatible-systems '("x86_64-linux" "i686-linux"))
 
-(define %linux-libre-version "4.12.1")
-(define %linux-libre-hash "1pgp48hf4zziv3nvzm54zvalh9y7kh5a7prrsw2n1qal9h1yslsp")
+(define %linux-libre-version "4.12.9")
+(define %linux-libre-hash "1wpsqhaab91l1wdbsxq8pdwrdx3a603zr5zjxbzdsx99pr6iypra")
 
 (define-public linux-libre
   (make-linux-libre %linux-libre-version
@@ -373,20 +377,20 @@ It has been modified to remove all non-free binary blobs.")
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.9
-  (make-linux-libre "4.9.37"
-                    "0jrpzv5a8j8qjhh1x1wldyzbjms8p48nk5w6b4gib67fl7vx3135"
+  (make-linux-libre "4.9.45"
+                    "0qdwn2m3iynbjyszkq4hlx891s1b83p9nr1v7vdb20fs4n2cbl9s"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.4
-  (make-linux-libre "4.4.76"
-                    "1qzgjqj7zv8hk162viyjy4cn24snwy159j8vir6d5jsrkvwq5wrk"
+  (make-linux-libre "4.4.84"
+                    "00lp3471mvwpq5062cynaakjn7bjpylmg1d1wwmhh6fdknd2h1kz"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.1
-  (make-linux-libre "4.1.42"
-                    "1g5jhn7cm6ixn7w8ciqm6qgxv7k1jg50v6k05hsvzvrqfpaxqlbz"
+  (make-linux-libre "4.1.43"
+                    "0ycqmvczj7lm7czilnwpyp14n2lzilyx7m43rsq1qdm2m5rp4q2w"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
@@ -497,7 +501,7 @@ providing the system administrator with some help in common tasks.")
 (define-public util-linux
   (package
     (name "util-linux")
-    (version "2.29.2")
+    (version "2.30")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://kernel.org/linux/utils/"
@@ -505,7 +509,7 @@ providing the system administrator with some help in common tasks.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1qz81w8vzrmy8xn9yx7ls4amkbgwx6vr62pl6kv9g7r0g3ba9kmc"))
+                "13d0ax8bcapga8phj2nclx86w57ddqxbr98ajibpzjq6d7zs8262"))
               (patches (search-patches "util-linux-tests.patch"))
               (modules '((guix build utils)))
               (snippet
@@ -666,7 +670,7 @@ slabtop, and skill.")
     (build-system gnu-build-system)
     (inputs
      `(("libusb" ,libusb)
-       ("eudev" ,eudev-with-hwdb)))
+       ("eudev" ,eudev)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (home-page "http://www.linux-usb.org/")
@@ -679,16 +683,17 @@ slabtop, and skill.")
 (define-public e2fsprogs
   (package
     (name "e2fsprogs")
-    (version "1.43.4")
+    (version "1.43.5")
     (source (origin
              (method url-fetch)
              (uri (string-append
                    "mirror://kernel.org/linux/kernel/people/tytso/"
                    name "/v" version "/"
                    name "-" version ".tar.xz"))
+             (patches (search-patches "e2fsprogs-32bit-quota-warnings.patch"))
              (sha256
               (base32
-               "092absr4vrlqrkdf9nwh4ykj40ab6hhwrkdr6sjsccd54c8z5csl"))))
+               "05ssjpmy0fpv2ik6ibm1f47wr6794nf0q50r581vygrqvsd3s7r6"))))
     (build-system gnu-build-system)
     (inputs `(("util-linux" ,util-linux)))
     (native-inputs `(("pkg-config" ,pkg-config)
@@ -821,36 +826,36 @@ ext3 or ext4 partition.")
 (define-public zerofree
   (package
     (name "zerofree")
-    (version "1.0.3")
-    (home-page "http://intgat.tigress.co.uk/rmy/uml/")
+    (version "1.1.0")
+    (home-page "https://frippery.org/uml/")
     (source (origin
               (method url-fetch)
               (uri (string-append home-page name "-" version
                                   ".tgz"))
               (sha256
                (base32
-                "1xncw3dn2cp922ly42m96p6fh7jv8ysg6bwqbk5xvw701f3dmkrs"))))
+                "059g29x5r1xj6wcj4xj85l8w6qrxyl86yqbybjqqz6nxz4falxzf"))))
     (build-system gnu-build-system)
     (arguments
-     '(#:phases (alist-replace
-                 'install
-                 (lambda* (#:key outputs #:allow-other-keys)
-                   (let* ((out (assoc-ref outputs "out"))
-                          (bin (string-append out "/bin")))
-                     (mkdir-p bin)
-                     (copy-file "zerofree"
-                                (string-append bin "/zerofree"))
-                     (chmod (string-append bin "/zerofree")
-                            #o555)
-                     #t))
-                 (alist-delete 'configure %standard-phases))
-       #:tests? #f))                              ;no tests
+     '(#:phases
+       (modify-phases %standard-phases
+         (delete 'configure)            ; no configure script
+         (replace 'install
+           ;; The Makefile lacks an ‘install’ target.
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin")))
+               (chmod "zerofree" #o555)
+               (install-file "zerofree" bin)
+               #t))))
+       #:tests? #f))                    ; no tests
     (inputs `(("libext2fs" ,e2fsprogs)))
     (synopsis "Zero non-allocated regions in ext2/ext3/ext4 file systems")
     (description
-     "The zerofree command scans the free blocks in an ext2 file system and
-fills any non-zero blocks with zeroes.  This is a useful way to make disk
-images more compressible.")
+     "Zerofree finds the unallocated blocks with non-zero value content in an
+ext2, ext3, or ext4 file system and fills them with zeroes (or another value).
+This is a simple way to make disk images more compressible.
+Zerofree requires the file system to be unmounted or mounted read-only.")
     (license license:gpl2)))
 
 (define-public strace
@@ -908,7 +913,7 @@ intercept and print the system calls executed by the program.")
 (define-public alsa-lib
   (package
     (name "alsa-lib")
-    (version "1.1.3")
+    (version "1.1.4.1")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -916,7 +921,7 @@ intercept and print the system calls executed by the program.")
                    version ".tar.bz2"))
              (sha256
               (base32
-               "174n2psp0328xcy2f1ayls67598bxli6q9cf00d2qnac3012aa3i"))))
+               "0xjvi381105gldhv0z872a0x58sghznyx19j45lw5iyi2h68gfwi"))))
     (build-system gnu-build-system)
     (home-page "https://www.alsa-project.org/")
     (synopsis "The Advanced Linux Sound Architecture libraries")
@@ -1187,14 +1192,96 @@ consists of several tools, of which the most important are @command{ip} and
 messages and are accompanied by a set of manpages.")
     (license license:gpl2+)))
 
+;; There are two packages for net-tools. The first, net-tools, is more recent
+;; and probably safer to use with untrusted inputs (i.e. the internet).  The
+;; second, net-tools-for-tests, is relatively old and buggy. It can be used in
+;; package test suites and should never be referred to by a built package. Use
+;; #:disallowed-references to enforce this.
+;;
+;; When we are able to rebuild many packages (i.e. core-updates), we can update
+;; net-tools-for-tests if appropriate.
+;;
+;; See <https://bugs.gnu.org/27811> for more information.
 (define-public net-tools
   ;; XXX: This package is basically unmaintained, but it provides a few
   ;; commands not yet provided by Inetutils, such as 'route', so we have to
   ;; live with it.
-  (package
-    (name "net-tools")
+  (let ((commit "479bb4a7e11a4084e2935c0a576388f92469225b")
+        (revision "0"))
+    (package
+      (name "net-tools")
+      (version (string-append "1.60-" revision "." (string-take commit 7)))
+      (source (origin
+               (method git-fetch)
+               (uri (git-reference
+                      (url "https://git.code.sf.net/p/net-tools/code")
+                      (commit commit)))
+               (file-name (string-append name "-" version "-checkout"))
+               (sha256
+                (base32
+                 "189mdjfbd7j7j0jysy34nqn5byy9g5f6ylip1sikk7kz08vjml4s"))))
+      (home-page "http://net-tools.sourceforge.net/")
+      (build-system gnu-build-system)
+      (arguments
+       '(#:modules ((guix build gnu-build-system)
+                    (guix build utils)
+                    (srfi srfi-1)
+                    (srfi srfi-26))
+         #:phases
+         (modify-phases %standard-phases
+           (replace 'configure
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let ((out (assoc-ref outputs "out")))
+                 (mkdir-p (string-append out "/bin"))
+                 (mkdir-p (string-append out "/sbin"))
+
+                 ;; Pretend we have everything...
+                 (system "yes | make config")
+
+                 ;; ... except for the things we don't have.
+                 ;; HAVE_AFDECnet requires libdnet, which we don't have.
+                 ;; HAVE_HWSTRIP and HAVE_HWTR require kernel headers
+                 ;; that have been removed.
+                 ;; XXX SELINUX and AFBLUETOOTH are removed for now, but we should
+                 ;; think about adding them later.
+                 (substitute* '("config.make" "config.h")
+                   (("^.*HAVE_(AFDECnet|HWSTRIP|HWTR|SELINUX|AFBLUETOOTH)[ =]1.*$")
+                    "")))))
+           (add-after 'install 'remove-redundant-commands
+             (lambda* (#:key outputs #:allow-other-keys)
+               ;; Remove commands and man pages redundant with Inetutils.
+               (let* ((out (assoc-ref outputs "out"))
+                      (dup (append-map (cut find-files out <>)
+                                       '("^hostname"
+                                         "^(yp|nis|dns)?domainname"))))
+                 (for-each delete-file dup)
+                 #t))))
+         ;; Binaries that depend on libnet-tools.a don't declare that
+         ;; dependency, making it parallel-unsafe.
+         #:parallel-build? #f
+
+         #:tests? #f                                ; no test suite
+         #:make-flags (let ((out (assoc-ref %outputs "out")))
+                        (list "CC=gcc"
+                              (string-append "BASEDIR=" out)
+                              (string-append "INSTALLNLSDIR=" out "/share/locale")
+                              (string-append "mandir=/share/man")))))
+      (native-inputs `(("gettext" ,gettext-minimal)))
+      (synopsis "Tools for controlling the network subsystem in Linux")
+      (description
+       "This package includes the important tools for controlling the network
+subsystem of the Linux kernel.  This includes arp, ifconfig, netstat, rarp and
+route.  Additionally, this package contains utilities relating to particular
+network hardware types (plipconfig, slattach) and advanced aspects of IP
+configuration (iptunnel, ipmaddr).")
+      (license license:gpl2+))))
+
+(define-public net-tools-for-tests
+  (hidden-package (package (inherit net-tools)
     (version "1.60")
-    (home-page "http://net-tools.sourceforge.net/")
+    ;; Git depends on net-tools-for-tests via GnuTLS, so we can't use git-fetch
+    ;; here.  We should find a better workaround for this problem so that we can
+    ;; use the latest upstream source.
     (source (origin
              (method url-fetch)
              (uri (list (string-append
@@ -1270,23 +1357,17 @@ messages and are accompanied by a set of manpages.")
 
     ;; Use the big Debian patch set (the thing does not even compile out of
     ;; the box.)
+    ;; XXX The patch is not actually applied, due to a bug in the 'patch' phase
+    ;; above. However, this package variant is only used in GnuTLS's tests. It
+    ;; will be adjusted when convenient for the build farm.
+    ;; See <https://bugs.gnu.org/27811> for more information.
     (inputs `(("patch" ,(origin
                          (method url-fetch)
                          (uri
                           "http://ftp.de.debian.org/debian/pool/main/n/net-tools/net-tools_1.60-24.2.diff.gz")
                          (sha256
                           (base32
-                           "0p93lsqx23v5fv4hpbrydmfvw1ha2rgqpn2zqbs2jhxkzhjc030p"))))))
-    (native-inputs `(("gettext" ,gettext-minimal)))
-
-    (synopsis "Tools for controlling the network subsystem in Linux")
-    (description
-     "This package includes the important tools for controlling the network
-subsystem of the Linux kernel.  This includes arp, ifconfig, netstat, rarp and
-route.  Additionally, this package contains utilities relating to particular
-network hardware types (plipconfig, slattach) and advanced aspects of IP
-configuration (iptunnel, ipmaddr).")
-    (license license:gpl2+)))
+                           "0p93lsqx23v5fv4hpbrydmfvw1ha2rgqpn2zqbs2jhxkzhjc030p")))))))))
 
 (define-public libcap
   (package
@@ -1386,7 +1467,52 @@ transparently through a bridge.")
                (base32
                 "1r3lw3hjvqxi5zqyq2w1qadm3gisd9nlf71dkl4yplacmssnhm3h"))))
     (build-system gnu-build-system)
-    (native-inputs `(("flex" ,flex) ("bison" ,bison)))
+    (native-inputs
+     `(("bison" ,bison)
+       ("flex" ,flex)
+       ("pkg-config" ,pkg-config)
+       ("swig" ,swig)
+       ("libnl3-doc"
+        ,(origin
+           (method url-fetch)
+           (uri (string-append
+                 "https://github.com/thom311/libnl/releases/download/libnl"
+                 (string-join (string-split version #\.) "_")
+                 "/libnl-doc-" version ".tar.gz"))
+           (sha256
+            (base32 "0srab805yj8wb13l64qjyp3mdbqapxg5vk46v3zlhhzpmxqw8j7r"))))))
+    (inputs
+     `(("python-2" ,python-2)
+       ("python-3" ,python-3)))
+    (outputs '("out" "doc" "python2" "python3"))
+    (arguments
+     `(#:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (srfi srfi-1))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'install-python
+           (lambda* (#:key outputs #:allow-other-keys)
+             (define (python-inst python)
+               (let ((ldflags (format #f "LDFLAGS=-Wl,-rpath=~a/lib"
+                                      (assoc-ref %outputs "out")))
+                     (pyout (assoc-ref %outputs python)))
+                 (and
+                  (zero? (system (format #f "~a ~a setup.py build"
+                                         ldflags python pyout)))
+                  (zero?
+                   (system (format #f "~a ~a setup.py install --prefix=~a"
+                                   ldflags python pyout)))
+                  (zero? (system* python "setup.py" "clean")))))
+             (with-directory-excursion "./python"
+               (every python-inst '("python2" "python3")))))
+         (add-after 'install 'install-doc
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((dest (string-append (assoc-ref outputs "doc")
+                                        "/share/doc/libnl")))
+               (mkdir-p dest)
+               (zero? (system* "tar" "xf" (assoc-ref inputs "libnl3-doc")
+                               "--strip-components=1" "-C" dest))))))))
     (home-page "http://www.infradead.org/~tgr/libnl/")
     (synopsis "NetLink protocol library suite")
     (description
@@ -1668,7 +1794,7 @@ UnionFS-FUSE additionally supports copy-on-write.")
 (define-public sshfs-fuse
   (package
     (name "sshfs-fuse")
-    (version "2.9")
+    (version "2.10")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/libfuse/sshfs/releases/"
@@ -1676,7 +1802,7 @@ UnionFS-FUSE additionally supports copy-on-write.")
                                   ".tar.gz"))
               (sha256
                (base32
-                "1pp5wsl1jx11apkv2fpp559miifqhi8ka400npy5awp9ghlf3la6"))))
+                "00fir2iykdx11g8nv5gijg0zjrp2g3ldypnv0yi6lq3h5pg5v13h"))))
     (build-system gnu-build-system)
     (inputs
      `(("fuse" ,fuse)
@@ -1918,7 +2044,7 @@ from the module-init-tools project.")
   ;; The post-systemd fork, maintained by Gentoo.
   (package
     (name "eudev")
-    (version "3.2.1")
+    (version "3.2.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1926,10 +2052,18 @@ from the module-init-tools project.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "06gyyl90n85x8i7lfhns514y1kg1ians13l467admyzy3kjxkqsp"))
-              (patches (search-patches "eudev-rules-directory.patch"
-                                       "eudev-conflicting-declaration.patch"))))
+                "0qqgbgpm5wdllk0s04pf80nwc8pr93xazwri1bylm1f15zn5ck1y"))
+              (patches (search-patches "eudev-rules-directory.patch"))))
     (build-system gnu-build-system)
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (add-after 'install 'build-hwdb
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      ;; Build OUT/etc/udev/hwdb.bin.  This allows 'lsusb' and
+                      ;; similar tools to display product names.
+                      (let ((out (assoc-ref outputs "out")))
+                        (zero? (system* (string-append out "/bin/udevadm")
+                                        "hwdb" "--update"))))))))
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("perl" ,perl)
@@ -1948,19 +2082,7 @@ time.")
     (license license:gpl2+)))
 
 (define-public eudev-with-hwdb
-  ;; TODO: Merge with 'eudev'.
-  (package
-    (inherit eudev)
-    (name "eudev-with-hwdb")
-    (arguments
-     '(#:phases (modify-phases %standard-phases
-                  (add-after 'install 'build-hwdb
-                    (lambda* (#:key outputs #:allow-other-keys)
-                      ;; Build OUT/etc/udev/hwdb.bin.  This allows 'lsusb' and
-                      ;; similar tools to display product names.
-                      (let ((out (assoc-ref outputs "out")))
-                        (zero? (system* (string-append out "/bin/udevadm")
-                                        "hwdb" "--update"))))))))))
+  (deprecated-package "eudev-with-hwdb" eudev))
 
 (define-public lvm2
   (package
@@ -2900,7 +3022,7 @@ Bluetooth audio output devices like headphones or loudspeakers.")
                 "0a4fj343bdqsfyv12hmj9nym0ilsf0bvm54a4apbiby16ww3vayx"))))
     (build-system gnu-build-system)
     (arguments
-     '(#:configure-flags
+     `(#:configure-flags
        (let ((out (assoc-ref %outputs "out")))
          (list "--sysconfdir=/etc"
                "--localstatedir=/var"
@@ -2929,7 +3051,12 @@ Bluetooth audio output devices like headphones or loudspeakers.")
                   (string-append out "/lib/udev/hid2hci --method"))
                  (("/sbin/udevadm")
                   (string-append (assoc-ref inputs "eudev") "/bin/udevadm")))
-               #t))))))
+               #t))))
+
+       ;; FIXME: Skip one test that segfaults on ARM.
+       ,@(if (string=? (%current-system) "armhf-linux")
+             '(#:make-flags '("XFAIL_TESTS=unit/test-gatt"))
+             '())))
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("gettext" ,gettext-minimal)))
@@ -3016,7 +3143,7 @@ and copy/paste text in the console and in xterm.")
 (define-public btrfs-progs
   (package
     (name "btrfs-progs")
-    (version "4.11.1")
+    (version "4.12")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://kernel.org/linux/kernel/"
@@ -3024,10 +3151,10 @@ and copy/paste text in the console and in xterm.")
                                   "btrfs-progs-v" version ".tar.xz"))
               (sha256
                (base32
-                "0vcp9a0a35chhjhq291kvirqhd4i9w5f4zql4y5n81kbwcrxil6h"))))
+                "1kif8xw2dbyc70ygkp0wyq4x96p1mkwdv4430f99qllx9b410xwi"))))
     (build-system gnu-build-system)
     (outputs '("out"
-               "static"))      ; static versions of binaries in "out" (~16MiB!)
+               "static"))      ; static versions of the binaries in "out"
     (arguments
      '(#:phases (modify-phases %standard-phases
                  (add-after 'build 'build-static
@@ -3095,6 +3222,42 @@ repair and easy administration.")
 from the btrfs-progs package.  It is meant to be used in initrds.")
     (license (package-license btrfs-progs))))
 
+(define-public f2fs-tools
+  (package
+    (name "f2fs-tools")
+    (version "1.8.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://git.kernel.org/cgit/linux/kernel/git/jaegeuk"
+                    "/f2fs-tools.git/snapshot/" name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1bir9ladb58ijlcvrjrq1fb1xv5ys50zdjaq0yzliib0apsyrnyl"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'bootstrap
+           (lambda _
+             (zero? (system* "autoreconf" "-vif")))))))
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("libtool" ,libtool)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("libuuid" ,util-linux)))
+    (home-page "https://f2fs.wiki.kernel.org/")
+    (synopsis "Userland tools for f2fs")
+    (description
+     "F2FS, the Flash-Friendly File System, is a modern file system
+designed to be fast and durable on flash devices such as solid-state
+disks and SD cards.  This package provides the userland utilities.")
+    ;; The formatting utility, libf2fs and include/f2fs_fs.h is dual
+    ;; GPL2/LGPL2.1, everything else is GPL2 only. See 'COPYING'.
+    (license (list license:gpl2 license:lgpl2.1))))
+
 (define-public freefall
   (package
     (name "freefall")
@@ -3185,16 +3348,15 @@ from userspace.")
 (define-public ntfs-3g
   (package
     (name "ntfs-3g")
-    (version "2016.2.22")
+    (version "2017.3.23")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://tuxera.com/opensource/"
                                   "ntfs-3g_ntfsprogs-" version ".tgz"))
               (sha256
                (base32
-                "180y5y09h30ryf2vim8j30a2npwz1iv9ly5yjmh3wjdkwh2jrdyp"))
+                "1mb228p80hv97pgk3myyvgp975r9mxq56c6bdn1n24kngcfh4niy"))
               (modules '((guix build utils)))
-              (patches (search-patches "ntfs-3g-CVE-2017-0358.patch"))
               (snippet
                ;; Install under $prefix.
                '(substitute* '("src/Makefile.in" "ntfsprogs/Makefile.in")
@@ -3210,7 +3372,7 @@ from userspace.")
                                "--enable-mount-helper"
                                "--enable-posix-acls"
                                "--enable-xattr-mappings")))
-    (home-page "http://www.tuxera.com/community/open-source-ntfs-3g/")
+    (home-page "https://www.tuxera.com/community/open-source-ntfs-3g/")
     (synopsis "Read-write access to NTFS file systems")
     (description
      "NTFS-3G provides read-write access to NTFS file systems, which are
@@ -3770,7 +3932,7 @@ Light is the successor of lightscript.")
 (define-public tlp
   (package
     (name "tlp")
-    (version "0.9")
+    (version "1.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -3780,7 +3942,7 @@ Light is the successor of lightscript.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0xksm8ar6dbq0azbfz8qs9yyzqg1j333lyd5znc074rz8inj4yw8"))))
+                "1v3qpj9kp4rxwqapayd0i9419wwv4bikyrzjvqn0r9xkgnr1f9v4"))))
     (inputs `(("bash" ,bash)
               ("dbus" ,dbus)
               ("ethtool" ,ethtool)
@@ -4183,3 +4345,34 @@ tool, to understand the type of environment a process runs in, and for
 comparing system environments.")
    (home-page "http://github.com/jamesodhunt/procenv/")
    (license license:gpl3+)))
+
+(define-public libfabric
+  (package
+    (name "libfabric")
+    (version "1.4.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri
+        (string-append "https://github.com/ofiwg/libfabric/releases/download/v"
+                       version "/libfabric-" version ".tar.bz2"))
+       (sha256
+        (base32 "19l2m1frna1l765z4j7wl8hp4rb9wrh0hy5496685hd183hmy5pv"))))
+    (build-system gnu-build-system)
+    (inputs `(("rdma-core" ,rdma-core)
+              ;; TODO: add psm, psm(2).
+              ("libnl" ,libnl)))
+    (home-page "https://ofiwg.github.io/libfabric/")
+    (synopsis "Open Fabric Interfaces")
+    (description
+     "OpenFabrics Interfaces (OFI) is a framework focused on exporting fabric
+communication services to applications.  OFI is best described as a collection
+of libraries and applications used to export fabric services.  The key
+components of OFI are: application interfaces, provider libraries, kernel
+services, daemons, and test applications.
+
+Libfabric is a core component of OFI.  It is the library that defines and
+exports the user-space API of OFI, and is typically the only software that
+applications deal with directly.  It works in conjunction with provider
+libraries, which are often integrated directly into libfabric.")
+    (license (list license:bsd-2 license:gpl2)))) ;dual
diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm
index e92ae2ebfe..224cea56f6 100644
--- a/gnu/packages/lisp.scm
+++ b/gnu/packages/lisp.scm
@@ -88,6 +88,10 @@
      `(#:parallel-build? #f  ; The build system seems not to be thread safe.
        #:tests? #f  ; There does not seem to be make check or anything similar.
        #:configure-flags '("--enable-ansi") ; required for use by the maxima package
+       #:make-flags (list
+                     "CFLAGS=-fgnu89-inline" ; removes inline function warnings
+                     (string-append "GCC=" (assoc-ref %build-inputs "gcc")
+                                    "/bin/gcc"))
        #:phases (modify-phases %standard-phases
                   (add-before 'configure 'pre-conf
                     (lambda _
@@ -104,6 +108,27 @@
                          (string-append "SHELL=" (which "bash")))
                         (("SHELL=/bin/sh")
                          (string-append "SHELL=" (which "sh"))))
+                      (substitute* "h/linux.defs"
+                        (("#CC") "CC")
+                        (("-fwritable-strings") "")
+                        (("-Werror") ""))
+                      #t))
+                  (add-after 'install 'wrap
+                    (lambda* (#:key inputs outputs #:allow-other-keys)
+                      (let* ((gcl (assoc-ref outputs "out"))
+                             (input-path (lambda (lib path)
+                                           (string-append
+                                            (assoc-ref inputs lib) path)))
+                             (binaries '("binutils")))
+                        ;; GCC and the GNU binutils are necessary for GCL to be
+                        ;; able to compile Lisp functions and programs (this is
+                        ;; a standard feature in Common Lisp). While the
+                        ;; the location of GCC is specified in the make-flags,
+                        ;; the GNU binutils must be available in GCL's $PATH.
+                        (wrap-program (string-append gcl "/bin/gcl")
+                          `("PATH" prefix ,(map (lambda (binary)
+                                                  (input-path binary "/bin"))
+                                                binaries))))
                       #t))
                   ;; drop strip phase to make maxima build, see
                   ;; https://www.ma.utexas.edu/pipermail/maxima/2008/009769.html
diff --git a/gnu/packages/logging.scm b/gnu/packages/logging.scm
index eecfe45581..b4f7caf56a 100644
--- a/gnu/packages/logging.scm
+++ b/gnu/packages/logging.scm
@@ -96,18 +96,19 @@ command line.")
 (define-public tailon
   (package
     (name "tailon")
-    (version "1.1.1")
+    (version "1.3.0")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri name version))
        (sha256
         (base32
-         "08clrwpfdxcv2z2b5ardpmim4alahbw4l7631dhw62xhbcf6wjzz"))))
+         "0wl2wm6p3pc0vkk33s7rzgcfvs9cwxfmlz997pdfhlw72r00l7s5"))))
     (build-system python-build-system)
     (inputs
      `(("python-pyyaml" ,python-pyyaml)
        ("python-sockjs-tornado" ,python-sockjs-tornado)
+       ("python-tornado-http-auth" ,python-tornado-http-auth)
        ("python-tornado" ,python-tornado)))
     (arguments
      `(#:phases
diff --git a/gnu/packages/machine-learning.scm b/gnu/packages/machine-learning.scm
index d39e77d978..c5132faf58 100644
--- a/gnu/packages/machine-learning.scm
+++ b/gnu/packages/machine-learning.scm
@@ -32,6 +32,7 @@
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages boost)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages cran)
   #:use-module (gnu packages dejagnu)
   #:use-module (gnu packages gcc)
   #:use-module (gnu packages image)
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index f9418f6580..3b0f12b764 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -265,7 +265,7 @@ operating systems.")
   (package
     (inherit mutt)
     (name "neomutt")
-    (version "20170609")
+    (version "20170714")
     (source
      (origin
        (method url-fetch)
@@ -273,7 +273,7 @@ operating systems.")
                            "/archive/" name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1kdhnhdlv84v6brhqgh8g0h6cpcbwfc59b4g09zkkgqc4fnggapy"))))
+         "10x3sxai773n0gfqpi904ci1qvngymcbc2didswrm92wz4h8km20"))))
     (inputs
      `(("cyrus-sasl" ,cyrus-sasl)
        ("gdbm" ,gdbm)
@@ -667,14 +667,14 @@ invoking @command{notifymuch} from the post-new hook.")
 (define-public notmuch
   (package
     (name "notmuch")
-    (version "0.24.2")
+    (version "0.25")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://notmuchmail.org/releases/notmuch-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0lfchvapk11qazdgsxj42igp9mpp83zbd0h1jj6r3ifmhikajxma"))))
+                "02z6d87ip1hkipz8d7w0sfklg8dd5fd5vlgp768640ixg0gqvlk5"))))
     (build-system gnu-build-system)
     (arguments
      '(#:make-flags (list "V=1") ; Verbose test output.
@@ -805,7 +805,7 @@ and search library.")
 (define-public getmail
   (package
     (name "getmail")
-    (version "4.52.0")
+    (version "5.1")
     (source
      (origin
        (method url-fetch)
@@ -813,7 +813,7 @@ and search library.")
                            name "-" version ".tar.gz"))
        (sha256
         (base32
-         "0pzplrlxwbxydvfw4kkwn60l40hk1h5sxawaa6pi0k75c220k4ni"))))
+         "0zh220vx10wi6x61qi0mjayjxgvllk9f6vd4hjrgzha1xbjj0vix"))))
     (build-system python-build-system)
     (arguments
      `(#:tests? #f ; no tests
@@ -930,6 +930,11 @@ compresses it.")
     (arguments
       '(#:configure-flags
         '("--enable-gnutls" "--enable-pgpmime-plugin" "--enable-enchant")
+        #:make-flags
+        ;; Disable updating icon cache since it's done by the profile hook.
+        ;; Conflict with other packages in the profile would be inevitable
+        ;; otherwise.
+        '("gtk_update_icon_cache=true")
         #:phases (modify-phases %standard-phases
                    (add-before 'build 'patch-mime
                      (lambda* (#:key inputs #:allow-other-keys)
@@ -1085,7 +1090,7 @@ facilities for checking incoming mail.")
 (define-public dovecot
   (package
     (name "dovecot")
-    (version "2.2.31")
+    (version "2.2.32")
     (source
      (origin
        (method url-fetch)
@@ -1093,7 +1098,7 @@ facilities for checking incoming mail.")
                            (version-major+minor version) "/"
                            name "-" version ".tar.gz"))
        (sha256 (base32
-                "18bnwgn6hshbmr79g21sngkrmydji6bzb948a3b2i0bl0w4y8jq3"))))
+                "0bmwyvi1crmrca2knvknsf517x53w7gxrclwyrvrhddgw98j22qn"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/make-bootstrap.scm b/gnu/packages/make-bootstrap.scm
index 844b110eb1..492ccb8114 100644
--- a/gnu/packages/make-bootstrap.scm
+++ b/gnu/packages/make-bootstrap.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -502,23 +502,23 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
   ;; .scm and .go files relative to its installation directory, rather
   ;; than in hard-coded configure-time paths.
   (let* ((patches (cons* (search-patch "guile-relocatable.patch")
-                         (search-patch "guile-default-utf8.patch")
+                         (search-patch "guile-2.2-default-utf8.patch")
                          (search-patch "guile-linux-syscalls.patch")
-                         (origin-patches (package-source guile-2.0))))
-         (source  (origin (inherit (package-source guile-2.0))
+                         (origin-patches (package-source guile-2.2))))
+         (source  (origin (inherit (package-source guile-2.2))
                     (patches patches)))
-         (guile (package (inherit guile-2.0)
-                  (name (string-append (package-name guile-2.0) "-static"))
+         (guile (package (inherit guile-2.2)
+                  (name (string-append (package-name guile-2.2) "-static"))
                   (source source)
                   (synopsis "Statically-linked and relocatable Guile")
 
                   ;; Remove the 'debug' output (see above for the reason.)
-                  (outputs (delete "debug" (package-outputs guile-2.0)))
+                  (outputs (delete "debug" (package-outputs guile-2.2)))
 
                   (propagated-inputs
                    `(("bdw-gc" ,libgc)
                      ,@(alist-delete "bdw-gc"
-                                     (package-propagated-inputs guile-2.0))))
+                                     (package-propagated-inputs guile-2.2))))
                   (arguments
                    `(;; When `configure' checks for ltdl availability, it
                      ;; doesn't try to link using libtool, and thus fails
@@ -534,7 +534,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
                                    (("^guile_LDFLAGS =")
                                     "guile_LDFLAGS = -all-static")
 
-                                   ;; Add `-ldl' *after* libguile-2.0.la.
+                                   ;; Add `-ldl' *after* libguile-2.2.la.
                                    (("^guile_LDADD =(.*)$" _ ldadd)
                                     (string-append "guile_LDADD = "
                                                    (string-trim-right ldadd)
@@ -561,13 +561,13 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
                 (out    (assoc-ref %outputs "out"))
                 (guile1 (string-append in "/bin/guile"))
                 (guile2 (string-append out "/bin/guile")))
-           (mkdir-p (string-append out "/share/guile/2.0"))
-           (copy-recursively (string-append in "/share/guile/2.0")
-                             (string-append out "/share/guile/2.0"))
+           (mkdir-p (string-append out "/share/guile/2.2"))
+           (copy-recursively (string-append in "/share/guile/2.2")
+                             (string-append out "/share/guile/2.2"))
 
-           (mkdir-p (string-append out "/lib/guile/2.0/ccache"))
-           (copy-recursively (string-append in "/lib/guile/2.0/ccache")
-                             (string-append out "/lib/guile/2.0/ccache"))
+           (mkdir-p (string-append out "/lib/guile/2.2/ccache"))
+           (copy-recursively (string-append in "/lib/guile/2.2/ccache")
+                             (string-append out "/lib/guile/2.2/ccache"))
 
            (mkdir (string-append out "/bin"))
            (copy-file guile1 guile2)
diff --git a/gnu/packages/man.scm b/gnu/packages/man.scm
index d8a64d1a86..4eefafbe12 100644
--- a/gnu/packages/man.scm
+++ b/gnu/packages/man.scm
@@ -138,7 +138,7 @@ the traditional flat-text whatis databases.")
 (define-public man-pages
   (package
     (name "man-pages")
-    (version "4.11")
+    (version "4.12")
     (source (origin
               (method url-fetch)
               (uri
@@ -151,7 +151,7 @@ the traditional flat-text whatis databases.")
                     "man-pages-" version ".tar.xz")))
               (sha256
                (base32
-                "097m0gsbaz0gf9ir4lmph3h5jj6wmydk1rglfz82dysybx4q1pmd"))))
+                "14z0zcwm0m98fk2m2b3pvr8rs2sb602mg8f7wwb4xl7yj7cpjvbg"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases (alist-delete 'configure %standard-phases)
diff --git a/gnu/packages/markup.scm b/gnu/packages/markup.scm
index 4afe8c3c0e..121e6cdbf4 100644
--- a/gnu/packages/markup.scm
+++ b/gnu/packages/markup.scm
@@ -105,7 +105,7 @@ convert it to structurally valid XHTML (or HTML).")
 (define-public cmark
   (package
     (name "cmark")
-    (version "0.27.1")
+    (version "0.28.0")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://github.com/jgm/cmark/archive/"
@@ -113,7 +113,7 @@ convert it to structurally valid XHTML (or HTML).")
              (file-name (string-append name "-" version ".tar.gz"))
              (sha256
               (base32
-               "1da62ispca9aal2a36gaj87175rv5013pl7x740vk32y6lclr6v6"))))
+               "03pypf2mcacfa7lrwz66lh5hydsycc33arp1nx1lljbq98gikkv8"))))
     (build-system cmake-build-system)
     (arguments
      '(#:test-target "test"))
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 1bf049fc4c..c3c2191a94 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2013, 2014, 2015, 2016 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
 ;;; Copyright © 2014, 2016, 2017 John Darrington <jmd@gnu.org>
-;;; Copyright © 2014, 2015, 2016 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2014, 2015, 2016, 2017 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2014 Federico Beffa <beffa@fbengineering.ch>
 ;;; Copyright © 2014 Mathieu Lirzin <mathieu.lirzin@openmailbox.org>
 ;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
@@ -18,6 +18,7 @@
 ;;; Copyright © 2017 Paul Garlick <pgarlick@tourbillion-technology.com>
 ;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2017 Ben Woodcroft <donttrustben@gmail.com>
+;;; Copyright © 2017 Theodoros Foradis <theodoros.for@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -316,7 +317,7 @@ the OCaml language.")
 (define-public glpk
   (package
     (name "glpk")
-    (version "4.62")
+    (version "4.63")
     (source
      (origin
       (method url-fetch)
@@ -324,7 +325,7 @@ the OCaml language.")
                           version ".tar.gz"))
       (sha256
        (base32
-        "0w7s3869ybwyq9a4490dikpib1qp3jnn5nqz1vvwqy1qz3ilnvh9"))))
+        "1xp7nclmp8inp20968bvvfcwmz3mz03sbm0v3yjz8aqwlpqjfkci"))))
     (build-system gnu-build-system)
     (inputs
      `(("gmp" ,gmp)))
@@ -437,7 +438,7 @@ large scale eigenvalue problems.")
                           version ".tgz"))
       (sha256
        (base32
-        "0yavf6m9l78pwlnk5g61cg8x28mr30j0g8gkai0jrdqfjjmf3whs"))))
+        "1j51r7n5w4k7r3lrvy7710xrpkg40wf4rqnmngfz6ck9ypckzign"))))
     (build-system cmake-build-system)
     (home-page "http://www.netlib.org/lapack/")
     (inputs `(("fortran" ,gfortran)
@@ -560,18 +561,17 @@ computations.")
 (define-public hdf4
   (package
     (name "hdf4")
-    (version "4.2.12")
+    (version "4.2.13")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://support.hdfgroup.org/ftp/HDF/releases/HDF"
                            version "/src/hdf-" version ".tar.bz2"))
        (sha256
-        (base32 "020jh563sjyxsgml8l809d2i1d4ms9shivwj3gbm7n0ilxbll8id"))
+        (base32 "1wz0586zh91pqb95wvr0pbh71a8rz358fdj6n2ksp85x2cis9lsm"))
        (patches (search-patches "hdf4-architectures.patch"
                                 "hdf4-reproducibility.patch"
                                 "hdf4-shared-fortran.patch"))))
-
     (build-system gnu-build-system)
     (native-inputs
      `(("gfortran" ,gfortran)
@@ -585,6 +585,14 @@ computations.")
        #:configure-flags '("--enable-shared")
        #:phases
        (modify-phases %standard-phases
+         ;; This is inspired by two of Debian's patches.
+         (add-before 'configure 'add-more-aarch64-support
+           (lambda _
+             (substitute* '("mfhdf/ncgen/ncgen.l"
+                            "mfhdf/ncgen/ncgenyy.c"
+                            "mfhdf/libsrc/netcdf.h.in")
+               (("AIX5L64") "__aarch64__"))
+             #t))
          (add-before 'configure 'patchbuild
            (lambda _
              (substitute*
@@ -596,7 +604,8 @@ computations.")
 -R\\$\\(abs_top_builddir\\)/mfhdf/xdr/\\.libs") "")
                (("@HDF_BUILD_SHARED_TRUE@AM_LDFLAGS = \
 -R\\$\\(abs_top_builddir\\)/mfhdf/libsrc/\\.libs \
--R\\$\\(abs_top_builddir\\)/hdf/src/\\.libs \\$\\(XDR_ADD\\)") "")))))))
+-R\\$\\(abs_top_builddir\\)/hdf/src/\\.libs \\$\\(XDR_ADD\\)") ""))
+             #t)))))
     (home-page "https://www.hdfgroup.org/products/hdf4/")
     (synopsis
      "Library and multi-object file format for storing and managing data")
@@ -1216,7 +1225,7 @@ September 2004}")
 (define-public petsc
   (package
     (name "petsc")
-    (version "3.7.2")
+    (version "3.7.6")
     (source
      (origin
       (method url-fetch)
@@ -1224,7 +1233,7 @@ September 2004}")
       (uri (string-append "http://ftp.mcs.anl.gov/pub/petsc/release-snapshots/"
                           "petsc-lite-" version ".tar.gz"))
       (sha256
-       (base32 "0jfrq6rd4zagw1iimz05m2w91k0jvz3qbik1lk8pqcxw3rvdqk5d"))))
+       (base32 "1y3f5jjq0v5b62i3sabp4kp5mgfyp3vnk0dxhwkrhpypax77nzxh"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("python" ,python-2)
@@ -1247,6 +1256,10 @@ September 2004}")
                          (assoc-ref %build-inputs "superlu") "/include")
          ,(string-append "--with-superlu-lib="
                          (assoc-ref %build-inputs "superlu") "/lib/libsuperlu.a"))
+       #:make-flags
+       ;; Honor (parallel-job-count) for build.  Do not use --with-make-np,
+       ;; whose value is dumped to $out/lib/petsc/conf/petscvariables.
+       (list (format #f "MAKE_NP=~a" (parallel-job-count)))
        #:phases
        (modify-phases %standard-phases
         (replace 'configure
@@ -1261,13 +1274,17 @@ September 2004}")
               (format #t "configure flags: ~s~%" flags)
               (zero? (apply system* "./configure" flags)))))
         (add-after 'configure 'clean-local-references
-          (lambda* (#:key inputs outputs #:allow-other-keys)
+          (lambda* (#:key outputs #:allow-other-keys)
             (let ((out (assoc-ref outputs "out")))
               (substitute* (find-files "." "^petsc(conf|machineinfo).h$")
                 ;; Prevent build directory from leaking into compiled code
                 (((getcwd)) out)
                 ;; Scrub timestamp for reproducibility
                 ((".*Libraries compiled on.*") ""))
+              (substitute* (find-files "." "petscvariables")
+                ;; Do not expose build machine characteristics, set to defaults.
+                (("MAKE_NP = [:digit:]+") "MAKE_NP = 2")
+                (("NPMAX = [:digit:]+") "NPMAX = 2"))
               #t)))
         (add-after 'install 'clean-install
           ;; Try to keep installed files from leaking build directory names.
@@ -1342,16 +1359,15 @@ scientific applications modeled by partial differential equations.")
 (define-public slepc
   (package
     (name "slepc")
-    (version "3.7.1")
+    (version "3.7.4")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "http://slepc.upv.es/download/download.php?"
-                           "filename=slepc-" version ".tar.gz"))
-       (file-name (string-append name "-" version ".tar.gz"))
+       (uri (string-append "http://slepc.upv.es/download/distrib/slepc-"
+                           version ".tar.gz"))
        (sha256
         (base32
-         "1hijlmrvxvfqslnx8yydzw5xqbsn1yy02g32w0hln1z3cgr1c0k7"))))
+         "12pbl8yd6r8k9xjlr1qw25rs0k1acgic7hw1s6l6bhiv9s285drg"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("python" ,python-2)))
@@ -1365,6 +1381,8 @@ scientific applications modeled by partial differential equations.")
        #:configure-flags
        `(,(string-append "--with-arpack-dir="
                          (assoc-ref %build-inputs "arpack") "/lib"))
+       #:make-flags                     ;honor (parallel-job-count)
+       `(,(format #f "MAKE_NP=~a" (parallel-job-count)))
        #:phases
        (modify-phases %standard-phases
          (replace 'configure
@@ -1626,12 +1644,12 @@ programming problems.")
 (define-public r-pracma
   (package
     (name "r-pracma")
-    (version "2.0.4")
+    (version "2.0.7")
     (source (origin
       (method url-fetch)
       (uri (cran-uri "pracma" version))
       (sha256
-        (base32 "1z3i90mkzwvp9di17caf4934z2xlb2imm3hwxllcrbwvmnmhrwyc"))))
+        (base32 "0hxa0rbbp54j0c05qj7vfwhqfdmiz5ax8vhqxd09g33x7c0hqbc5"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-quadprog" ,r-quadprog)))
@@ -1850,7 +1868,7 @@ implemented in ANSI C, and MPI for communications.")
     (build-system gnu-build-system)
     (inputs
      `(("zlib" ,zlib)
-       ("flex" ,flex-2.6.1) ; A bug in flex prevents building with flex-2.6.3.
+       ("flex" ,flex)
        ("bison" ,bison)))
     (arguments
      `(#:phases
@@ -2075,8 +2093,7 @@ to BMP, JPEG or PNG image formats.")
        (patches (search-patches "maxima-defsystem-mkdir.patch"))))
     (build-system gnu-build-system)
     (inputs
-     `(("gcc" ,gcc)
-       ("gcl" ,gcl)
+     `(("gcl" ,gcl)
        ("gnuplot" ,gnuplot)                       ;for plots
        ("tk" ,tk)))                               ;Tcl/Tk is used by 'xmaxima'
     (native-inputs
@@ -2100,13 +2117,6 @@ to BMP, JPEG or PNG image formats.")
        #:make-flags (list "TMPDIR=/tmp")
        #:phases
        (modify-phases %standard-phases
-         (add-before 'configure 'set-gcc-path
-           (lambda* (#:key inputs #:allow-other-keys)
-             (substitute* "lisp-utils/defsystem.lisp"
-               (("\\(defparameter \\*c-compiler\\* \"gcc\"\\)")
-                (string-append "(defparameter *c-compiler* \""
-                               (assoc-ref inputs "gcc") "/bin/gcc\")")))
-             #t))
          (add-before 'check 'pre-check
            (lambda _
              (chmod "src/maxima" #o555)
@@ -2118,7 +2128,9 @@ to BMP, JPEG or PNG image formats.")
            (lambda* (#:key outputs inputs #:allow-other-keys)
              (let* ((gnuplot (assoc-ref inputs "gnuplot"))
                     (out (assoc-ref outputs "out"))
-                    (datadir (string-append out "/share/maxima/" ,version)))
+                    (datadir (string-append out "/share/maxima/" ,version))
+                    (binutils (string-append (assoc-ref inputs "binutils")
+                                             "/bin")))
                (with-directory-excursion out
                  (mkdir-p "share/emacs")
                  (mkdir-p "share/doc")
@@ -2134,7 +2146,11 @@ to BMP, JPEG or PNG image formats.")
                     (format out "~a ~s~a~%"
                             "(setf $gnuplot_command "
                             (string-append gnuplot "/bin/gnuplot") ")")
-                    (dump-port in out)))))
+                    (dump-port in out))))
+               ;; Ensure that Maxima will have access to the GNU binutils
+               ;; components at runtime.
+               (wrap-program (string-append out "/bin/maxima")
+                 `("PATH" prefix (,binutils))))
              #t)))))
     (home-page "http://maxima.sourceforge.net")
     (synopsis "Numeric and symbolic expression manipulation")
@@ -2152,7 +2168,7 @@ point numbers.")
 (define-public wxmaxima
   (package
     (name "wxmaxima")
-    (version "17.05.0")
+    (version "17.05.1")
     (source
      (origin
        (method url-fetch)
@@ -2161,7 +2177,7 @@ point numbers.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1bsyd7r12xm2crpizb9iyyki3j0mbazzzwbsh871m06dv2wk97gq"))))
+         "0dv0cy0cf46v0cbw32izscpkdmpxg1qhwq1f4cz46kkqd8k4yfbj"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("autoconf" ,autoconf)
@@ -2175,31 +2191,30 @@ point numbers.")
        ("gtk+" ,gtk+)
        ("shared-mime-info" ,shared-mime-info)))
     (arguments
-     `(#:phases (modify-phases %standard-phases
-                  (add-before
-                   'configure 'autoconf
-                   (lambda _
-                     (zero? (system* "./bootstrap"))))
-                  (add-after
-                   'install 'wrap-program
-                   (lambda* (#:key inputs outputs #:allow-other-keys)
-                     (wrap-program (string-append (assoc-ref outputs "out")
-                                                  "/bin/wxmaxima")
-                       `("PATH" ":" prefix
-                         (,(string-append (assoc-ref inputs "maxima")
-                                          "/bin")))
-                       ;; For GtkFileChooserDialog.
-                       `("GSETTINGS_SCHEMA_DIR" =
-                         (,(string-append (assoc-ref inputs "gtk+")
-                                          "/share/glib-2.0/schemas")))
-                       `("XDG_DATA_DIRS" ":" prefix
-                         (;; Needed by gdk-pixbuf to know supported icon formats.
-                          ,(string-append
-                            (assoc-ref inputs "shared-mime-info") "/share")
-                          ;; The default icon theme of GTK+.
-                          ,(string-append
-                            (assoc-ref inputs "adwaita-icon-theme") "/share"))))
-                     #t)))))
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'autoconf
+           (lambda _
+             (zero? (system* "sh" "bootstrap"))))
+         (add-after 'install 'wrap-program
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (wrap-program (string-append (assoc-ref outputs "out")
+                                          "/bin/wxmaxima")
+               `("PATH" ":" prefix
+                 (,(string-append (assoc-ref inputs "maxima")
+                                  "/bin")))
+               ;; For GtkFileChooserDialog.
+               `("GSETTINGS_SCHEMA_DIR" =
+                 (,(string-append (assoc-ref inputs "gtk+")
+                                  "/share/glib-2.0/schemas")))
+               `("XDG_DATA_DIRS" ":" prefix
+                 (;; Needed by gdk-pixbuf to know supported icon formats.
+                  ,(string-append
+                    (assoc-ref inputs "shared-mime-info") "/share")
+                  ;; The default icon theme of GTK+.
+                  ,(string-append
+                    (assoc-ref inputs "adwaita-icon-theme") "/share"))))
+             #t)))))
     (home-page "https://andrejv.github.io/wxmaxima/")
     (synopsis "Graphical user interface for the Maxima computer algebra system")
     (description
@@ -2417,7 +2432,7 @@ Fresnel integrals, and similar related functions as well.")
 (define-public suitesparse
   (package
     (name "suitesparse")
-    (version "4.4.3")
+    (version "4.5.5")
     (source
      (origin
        (method url-fetch)
@@ -2426,33 +2441,31 @@ Fresnel integrals, and similar related functions as well.")
              version ".tar.gz"))
        (sha256
         (base32
-         "100hdzr0mf4mzlwnqpmwpfw4pymgsf9n3g0ywb1yps2nk1zbkdy5"))))
+         "1dnr6pmjzc2qmbkmb4shigx1l74ilf6abn7svyd6brxgvph8vadr"))
+       (modules '((guix build utils)))
+       (snippet
+        ;; Remove bundled metis source
+        '(delete-file-recursively "metis-5.1.0"))))
     (build-system gnu-build-system)
     (arguments
-     '(#:parallel-build? #f ;cholmod build fails otherwise
-       #:tests? #f  ;no "check" target
+     '(#:tests? #f  ;no "check" target
        #:make-flags
        (list "CC=gcc"
              "BLAS=-lblas"
              "TBB=-ltbb"
-             "CHOLMOD_CONFIG=-DNPARTITION" ;required when METIS is not used
+             "MY_METIS_LIB=-lmetis"
              (string-append "INSTALL_LIB="
                             (assoc-ref %outputs "out") "/lib")
              (string-append "INSTALL_INCLUDE="
-                            (assoc-ref %outputs "out") "/include"))
+                            (assoc-ref %outputs "out") "/include")
+             "library")
        #:phases
-       (alist-cons-before
-        'install 'prepare-out
-        ;; README.txt states that the target directories must exist prior to
-        ;; running "make install".
-        (lambda _
-          (mkdir-p (string-append (assoc-ref %outputs "out") "/lib"))
-          (mkdir-p (string-append (assoc-ref %outputs "out") "/include")))
-        ;; no configure script
-        (alist-delete 'configure %standard-phases))))
+       (modify-phases %standard-phases
+         (delete 'configure))))         ;no configure script
     (inputs
      `(("tbb" ,tbb)
-       ("lapack" ,lapack)))
+       ("lapack" ,lapack)
+       ("metis" ,metis)))
     (home-page "http://faculty.cse.tamu.edu/davis/suitesparse.html")
     (synopsis "Suite of sparse matrix software")
     (description
@@ -2688,7 +2701,7 @@ revised simplex and the branch-and-bound methods.")
 (define-public dealii
   (package
     (name "dealii")
-    (version "8.4.1")
+    (version "8.5.0")
     (source
      (origin
        (method url-fetch)
@@ -2696,7 +2709,7 @@ revised simplex and the branch-and-bound methods.")
                            "download/v" version "/dealii-" version ".tar.gz"))
        (sha256
         (base32
-         "1bdksvvyp1rj37df1ndh8j3x9nzpc3sazw8nd0hzvnlw0qnyk800"))
+         "0yfpy4zh8j7hmqakw17zdlmvfdcmhwgs66wcb716plc4y7v3z4g6"))
        (modules '((guix build utils)))
        (snippet
         ;; Remove bundled sources: UMFPACK, TBB, muParser, and boost
@@ -2715,21 +2728,10 @@ revised simplex and the branch-and-bound methods.")
        ("suitesparse" ,suitesparse)))   ;for UMFPACK
     (arguments
      `(#:build-type "DebugRelease" ;only supports Release, Debug, or DebugRelease
-       #:configure-flags '("-DCOMPAT_FILES=OFF") ;Follow new directory structure
-       #:phases (modify-phases %standard-phases
-                  (add-after
-                   'install 'hint-example-prefix
-                   ;; Set Cmake hints in examples so that they can find this
-                   ;; deal.II when configuring.
-                   (lambda* (#:key outputs #:allow-other-keys)
-                     (let* ((out (assoc-ref %outputs "out"))
-                            (exmpl (string-append out "/share/doc"
-                                                  "/dealii/examples")))
-                       (substitute* (find-files exmpl "CMakeLists.txt")
-                         (("([[:space:]]*HINTS.*)\n" _ line)
-                          (string-append line " $ENV{HOME}/.guix-profile "
-                                         out "\n")))
-                       #t))))))
+       #:configure-flags
+       ;; Work around a bug in libsuitesparseconfig linking
+       ;; see https://github.com/dealii/dealii/issues/4745
+       '("-DCMAKE_POSITION_INDEPENDENT_CODE:BOOL=ON")))
     (home-page "https://www.dealii.org")
     (synopsis "Finite element library")
     (description
@@ -3069,6 +3071,8 @@ instruction sets.  Thus, an application written with Vc can be compiled for:
 @item NVIDIA GPUs / CUDA (in development)
 @end enumerate\n")
     (home-page "https://github.com/VcDevel/Vc")
+    ;; "No support_???.cpp file exists for this architecture."
+    (supported-systems '("x86_64-linux" "i686-linux"))
     (license license:bsd-3)))
 
 (define-public reducelcs
@@ -3163,3 +3167,92 @@ as equations, scalars, vectors, and matrices.")
     (home-page "https://www.gnu.org/software/jacal/")
     (license license:gpl3+)))
 
+(define-public z3
+  (package
+    (name "z3")
+    (version "4.5.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/Z3Prover/z3/archive/z3-"
+                    version ".tar.gz"))
+              (sha256
+               (base32
+                "032a5lvji2liwmc25jv52bdrhimqflvqbpg77ccaq1jykhiivbmf"))))
+    (build-system cmake-build-system)
+    (arguments
+     `(#:configure-flags
+       (list "-DBUILD_PYTHON_BINDINGS=true"
+             "-DINSTALL_PYTHON_BINDINGS=true"
+             (string-append "-DCMAKE_INSTALL_PYTHON_PKG_DIR="
+                            %output
+                            "/lib/python2.7/site-packages")
+             (string-append "-DCMAKE_INSTALL_LIBDIR="
+                            %output
+                            "/lib"))
+
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'bootstrap
+           (lambda _
+             (zero?
+              (system* "python" "contrib/cmake/bootstrap.py" "create"))))
+         (add-before 'check 'make-test-z3
+           (lambda _
+             ;; Build the test suite executable.
+             (zero? (system* "make" "test-z3" "-j"
+                             (number->string (parallel-job-count))))))
+         (replace 'check
+           (lambda _
+             ;; Run all the tests that don't require arguments.
+             (zero? (system* "./test-z3" "/a")))))))
+    (native-inputs
+     `(("python" ,python-2)))
+    (synopsis "Theorem prover")
+    (description "Z3 is a theorem prover and @dfn{satisfiability modulo
+theories} (SMT) solver.  It provides a C/C++ API, as well as Python bindings.")
+    (home-page "https://github.com/Z3Prover/z3")
+    (license license:expat)))
+
+(define-public cubicle
+  (package
+    (name "cubicle")
+    (version "1.1.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://cubicle.lri.fr/cubicle-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "1sny9c4fm14k014pk62ibpwbrjjirkx8xmhs9jg7q1hk7y7x3q2h"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("ocaml" ,ocaml)
+       ("which" ,(@@ (gnu packages base) which))))
+    (propagated-inputs
+     `(("z3" ,z3)))
+    (arguments
+     `(#:configure-flags (list "--with-z3")
+       #:tests? #f
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'configure-for-release
+           (lambda _
+             (substitute* "Makefile.in"
+               (("SVNREV=") "#SVNREV="))))
+         (add-before 'configure 'fix-/bin/sh
+           (lambda _
+             (substitute* "configure"
+               (("/bin/sh") (which "sh")))))
+         (add-before 'configure 'fix-smt-z3wrapper.ml
+           (lambda _
+             (substitute* "Makefile.in"
+               (("\\\\n") "")))))))
+    (home-page "http://cubicle.lri.fr/")
+    (synopsis "Model checker for array-based systems")
+    (description "Cubicle is an open source model checker for verifying safety
+properties of array-based systems.  This is a syntactically restricted class of
+parametrized transition systems with states represented as arrays indexed by an
+arbitrary number of processes.  Cache coherence protocols and mutual exclusion
+algorithms are typical examples of such systems.")
+    (license license:asl2.0)))
diff --git a/gnu/packages/medical.scm b/gnu/packages/medical.scm
new file mode 100644
index 0000000000..c0d9d597b7
--- /dev/null
+++ b/gnu/packages/medical.scm
@@ -0,0 +1,60 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 Quiliro <quiliro@fsfla.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages medical)
+  #:use-module (guix build-system python)
+  #:use-module (guix download)
+  #:use-module (guix licenses)
+  #:use-module (guix packages)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages qt))
+
+(define-public openmolar-1
+  (package
+   (name "openmolar")
+   (version "1.0.15-gd81f9e5")
+   (source (origin
+             (method url-fetch)
+             (uri (string-append
+                   "https://static.openmolar.com/om1/releases/openmolar-"
+                   version ".tar.gz"))
+             (sha256
+              (base32
+               "1cfdzfbi6wslw7k0dc6ad6xrgs75iwsl91cg73w4myswaqqkfk3z"))))
+   (build-system python-build-system)
+   (arguments
+    `(#:use-setuptools? #f
+      #:phases
+      (modify-phases %standard-phases
+        (add-after 'unpack 'patch-/usr
+          (lambda* (#:key outputs #:allow-other-keys)
+            (substitute* "setup.py"
+              (("/usr") (assoc-ref outputs "out")))
+            #t)))))
+   (inputs
+    `(("python-pyqt+qscintilla" ,python-pyqt+qscintilla)
+      ("python-mysqlclient" ,python-mysqlclient)
+      ("qscintilla" ,qscintilla)))
+   (home-page "https://openmolar.com/om1")
+   (synopsis "Dental practice management software")
+   (description "Openmolar is a dental practice management suite.  Its
+functionality includes appointments, patient records, treatment planning,
+billing etc.  It is a full featured, reliable and thoroughly tested
+application and has been translated into many languages.")
+   (license gpl3+)))
diff --git a/gnu/packages/mes.scm b/gnu/packages/mes.scm
index 3fcf5f0fa4..39f9765320 100644
--- a/gnu/packages/mes.scm
+++ b/gnu/packages/mes.scm
@@ -57,7 +57,7 @@ extensive examples, including parsers for the Javascript and C99 languages.")
   (let ((triplet "i686-unknown-linux-gnu"))
     (package
       (name "mes")
-      (version "0.8")
+      (version "0.9")
       (source (origin
                 (method url-fetch)
                 (uri (string-append "https://gitlab.com/janneke/mes"
@@ -66,7 +66,7 @@ extensive examples, including parsers for the Javascript and C99 languages.")
                 (file-name (string-append name "-" version ".tar.gz"))
                 (sha256
                  (base32
-                  "1igmrks20ci6l5c0jx2bn4swf0w8jy5inhg61cwld9d7hwanmdnj"))))
+                  "0ph0fvabpb7zhbk4zpacbp7m4b142ds17dq5dzn00m7dz8farw9r"))))
       (build-system gnu-build-system)
       (supported-systems '("i686-linux" "x86_64-linux"))
       (propagated-inputs
@@ -91,29 +91,31 @@ extensive examples, including parsers for the Javascript and C99 languages.")
                  (lambda ()
                    (display "Please run
     build-aux/gitlog-to-changelog --srcdir=<git-checkout> > ChangeLog\n")))
-               #t)))))
-      (synopsis "Maxwell Equations of Software")
+               #t))
+           (delete 'strip)))) ; binutil's strip b0rkes Mescc/M1/hex2 binaries
+      (synopsis "Scheme interpreter and C compiler for full source bootstrapping")
       (description
-       "Mes aims to create full source bootstrapping for GuixSD.  It
-consists of a mutual self-hosting [close to Guile-] Scheme interpreter
-prototype in C and a Nyacc-based C compiler in [Guile] Scheme.")
+       "Mes [Maxwell Equations of Software] aims to create full source
+bootstrapping for GuixSD.  It consists of a mutual self-hosting [close to
+Guile-] Scheme interpreter prototype in C and a Nyacc-based C compiler in
+[Guile] Scheme.")
       (home-page "https://gitlab.com/janneke/mes")
       (license gpl3+))))
 
 (define-public mescc-tools
   (package
     (name "mescc-tools")
-    (version "0.1")
+    (version "0.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                    "https://github.com/oriansj/MESCC_Tools/archive/Release_"
+                    "https://github.com/oriansj/mescc-tools/archive/Release_"
                     version
                     ".tar.gz"))
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1lzi9sqv41269isn7in70q2hhh087n4v97zr5i2qzz69j2lkr3xb"))))
+                "0gmyczh88xcsmrmxqksbpaqidchj5hfqxqk7apx40k9r3vav6mnz"))))
     (build-system gnu-build-system)
     (supported-systems '("i686-linux" "x86_64-linux"))
     (arguments
@@ -124,7 +126,7 @@ prototype in C and a Nyacc-based C compiler in [Guile] Scheme.")
     (synopsis "Tools for the full source bootstrapping process")
     (description
      "Mescc-tools is a collection of tools for use in a full source
-bootstrapping process.  Currently consists of the M0 macro assembler and the
+bootstrapping process.  Currently consists of the M1 macro assembler and the
 hex2 linker.")
-    (home-page "https://github.com/oriansj/MESCC_Tools")
+    (home-page "https://github.com/oriansj/mescc-tools")
     (license gpl3+)))
diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
index 827e9edee9..eb9e869152 100644
--- a/gnu/packages/messaging.scm
+++ b/gnu/packages/messaging.scm
@@ -670,7 +670,7 @@ protocols.")
 (define-public c-toxcore
   (package
     (name "c-toxcore")
-    (version "0.1.1")
+    (version "0.1.9")
     (source
      (origin
        (method url-fetch)
@@ -679,32 +679,20 @@ protocols.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "0dybpz44pi0zm8djppjna0r8yh5wvl3l885dv2f1wp5366bk59n3"))))
-    (build-system gnu-build-system)
+         "1y30xc1dzq9knww274d4y0m8gridcf5j851rxdri8j2s64p3qqgk"))))
+    (build-system cmake-build-system)
     (native-inputs
-     `(("autoconf" ,autoconf)
-       ("automake" ,automake)
-       ("libtool" ,libtool)
-       ("check" ,check)
-       ("pkg-config" ,pkg-config)))
-    (inputs
+     `(("pkg-config" ,pkg-config)))
+    (propagated-inputs
      `(("libsodium" ,libsodium)
        ("opus" ,opus)
        ("libvpx" ,libvpx)))
-    (arguments
-     `(#:phases
-       (modify-phases %standard-phases
-         (add-after 'unpack 'autoconf
-           ;; The tarball source is not bootstrapped.
-           (lambda _
-             (zero? (system* "autoreconf" "-vfi")))))
-       #:tests? #f)) ; FIXME: Testsuite fails, needs internet connection.
+    (home-page "https://tox.chat")
     (synopsis "Library for the Tox encrypted messenger protocol")
     (description
-     "Official fork of the C library implementation of the Tox
-encrypted messenger protocol.")
-    (license license:gpl3+)
-    (home-page "https://tox.chat")))
+     "Official fork of the C library implementation of the Tox encrypted
+messenger protocol.")
+    (license license:gpl3+)))
 
 (define-public utox
   (package
diff --git a/gnu/packages/mg.scm b/gnu/packages/mg.scm
deleted file mode 100644
index 5df6770009..0000000000
--- a/gnu/packages/mg.scm
+++ /dev/null
@@ -1,76 +0,0 @@
-;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.org>
-;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
-;;;
-;;; This file is part of GNU Guix.
-;;;
-;;; GNU Guix is free software; you can redistribute it and/or modify it
-;;; under the terms of the GNU General Public License as published by
-;;; the Free Software Foundation; either version 3 of the License, or (at
-;;; your option) any later version.
-;;;
-;;; GNU Guix is distributed in the hope that it will be useful, but
-;;; WITHOUT ANY WARRANTY; without even the implied warranty of
-;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-;;; GNU General Public License for more details.
-;;;
-;;; You should have received a copy of the GNU General Public License
-;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
-
-(define-module (gnu packages mg)
-  #:use-module (guix licenses)
-  #:use-module (guix download)
-  #:use-module (guix packages)
-  #:use-module (guix build-system gnu)
-  #:use-module (gnu packages libbsd)
-  #:use-module (gnu packages ncurses)
-  #:use-module (gnu packages pkg-config))
-
-(define-public mg
-  (package
-    (name "mg")
-    (version "20161005")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "http://homepage.boetes.org/software/mg/mg-"
-                                  version ".tar.gz"))
-              (sha256
-               (base32
-                "0qaydk2cy765n9clghmi5gdnpwn15y2v0fj6r0jcm0v7d89vbz5p"))
-              (modules '((guix build utils)))
-              (snippet
-               '(begin
-                  (substitute* "GNUmakefile"
-                    (("/usr/bin/") ""))))))
-    (build-system gnu-build-system)
-    (native-inputs
-     `(("pkg-config" ,pkg-config)))
-    (inputs
-     `(("libbsd" ,libbsd)
-       ("ncurses" ,ncurses)))
-    (arguments
-     ;; No test suite available.
-     '(#:tests? #f
-       #:make-flags (list (string-append "prefix=" %output)
-                          "CURSES_LIBS=-lncurses"
-                          "CC=gcc")
-       #:phases (modify-phases %standard-phases
-                  (delete 'configure)
-                  (add-before 'install 'patch-tutorial-location
-                    (lambda* (#:key outputs #:allow-other-keys)
-                      (substitute* "mg.1"
-                        (("/usr") (assoc-ref outputs "out")))
-                      #t))
-                  (add-after 'install 'install-tutorial
-                    (lambda* (#:key outputs #:allow-other-keys)
-                      (let* ((out (assoc-ref outputs "out"))
-                             (doc (string-append out "/share/doc/mg")))
-                        (install-file "tutorial" doc)
-                        #t))))))
-    (home-page "http://homepage.boetes.org/software/mg/")
-    (synopsis "Microscopic GNU Emacs clone")
-    (description
-     "Mg (mg) is a GNU Emacs style editor, with which it is \"broadly\"
-compatible.  This is a portable version of the mg maintained by the OpenBSD
-team.")
-    (license public-domain)))
diff --git a/gnu/packages/moreutils.scm b/gnu/packages/moreutils.scm
index b343a8db6d..bb6228af7f 100644
--- a/gnu/packages/moreutils.scm
+++ b/gnu/packages/moreutils.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -30,21 +30,20 @@
 (define-public moreutils
   (package
     (name "moreutils")
-    (version "0.60")
+    (version "0.61")
     (source
      (origin
        (method url-fetch)
        (uri (list
              (string-append
-              "mirror://debian/pool/main/m/moreutils/moreutils_"
-              version ".orig.tar.xz")
-             ;; The main Debian mirrors only hold the current packages.
+              "https://git.joeyh.name/index.cgi/moreutils.git/snapshot/"
+              name "-" version ".tar.gz")
              (string-append
-              "http://snapshot.debian.org/archive/debian-debug/20170109T210531Z"
-              "/pool/main/m/moreutils/moreutils_0.60.orig.tar.xz")))
+              "http://drabczyk.org/"
+              name "-" version ".tar.gz")))
        (sha256
         (base32
-         "1i8pphg5i5y4x1s1hz73gqhispgspr13bysmk9vh7l6jrfx1hbg4"))))
+         "12rhzy8hw8vljlf10b7ys9zky0p94fdvd6ihq8w8cnkia4rd6izb"))))
     (build-system gnu-build-system)
     ;; For building the manual pages.
     (native-inputs
@@ -53,10 +52,18 @@
        ("libxml2" ,libxml2)
        ("libxslt" ,libxslt)))
     (inputs
-     `(("perl" ,perl)))
+     `(("perl" ,perl)
+       ("perl-timedate" ,perl-timedate)
+       ("perl-time-duration" ,perl-time-duration)))
     (arguments
      `(#:phases
        (modify-phases %standard-phases
+         (add-after 'install 'wrap-program
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      (let* ((out (assoc-ref outputs "out")))
+                        (wrap-program
+                            (string-append out "/bin/ts")
+                          `("PERL5LIB" ":" prefix (,(getenv "PERL5LIB")))))))
          (delete 'configure))           ; no configure script
        #:make-flags
        (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
diff --git a/gnu/packages/motti.scm b/gnu/packages/motti.scm
new file mode 100644
index 0000000000..59b195802b
--- /dev/null
+++ b/gnu/packages/motti.scm
@@ -0,0 +1,45 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages motti)
+  #:use-module (gnu packages)
+  #:use-module (guix build-system gnu)
+  #:use-module (guix licenses)
+  #:use-module (guix packages)
+  #:use-module (guix download))
+
+(define-public motti
+  (package
+    (name "motti")
+    (version "3.1.1")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append
+               "mirror://gnu/motti/motti-" version ".tar.gz"))
+        (sha256
+         (base32
+          "0ag4gpxy42l30660b4f2lrp52xi5sik9s6frr7jfxqxjsf29lbb3"))))
+    (build-system gnu-build-system)
+    (synopsis "Multiplayer strategy game")
+    (description
+     "GNU Motti is a simple multiplayer strategy game played in a terminal.
+The objective of the game is to conquer enemy capitals by occupying and
+encircling territory.")
+    (home-page "https://www.gnu.org/software/motti")
+    (license gpl3+)))
diff --git a/gnu/packages/mp3.scm b/gnu/packages/mp3.scm
index 789e596f84..9330179f96 100644
--- a/gnu/packages/mp3.scm
+++ b/gnu/packages/mp3.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2014, 2015, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -114,8 +115,12 @@ versions of ID3v2.")
             (sha256
              (base32
               "0yfhqwk0w8q2hyv1jib1008jvzmwlpsxvc8qjllhna6p1hycqj97"))
+            (modules '((guix build utils)))
+            ;; Don't use bundled zlib
+            (snippet '(delete-file-recursively "zlib"))
             (patches (search-patches "id3lib-CVE-2007-4460.patch"))))
    (build-system gnu-build-system)
+   (inputs `(("zlib" ,zlib)))
    (arguments
     `(#:phases
        (alist-cons-before
@@ -290,7 +295,7 @@ This package contains the binary.")
 (define-public mpg123
   (package
     (name "mpg123")
-    (version "1.25.2")
+    (version "1.25.4")
     (source (origin
               (method url-fetch)
               (uri (list (string-append "mirror://sourceforge/mpg123/mpg123/"
@@ -300,7 +305,7 @@ This package contains the binary.")
                           version ".tar.bz2")))
               (sha256
                (base32
-                "0f7fib7qyd9lah3fqcsjlqcni4bip4hw7iglkz3vz4fjibxv052k"))))
+                "1rxknrnl3ji5hi5rbckpzhbl1k5r8i53kcys4xdgg0xbi8765dfd"))))
     (build-system gnu-build-system)
     (arguments '(#:configure-flags '("--with-default-audio=pulse")))
     (native-inputs `(("pkg-config" ,pkg-config)))
@@ -462,7 +467,7 @@ compression format (.mpc files).")
 (define-public eyed3
   (package
     (name "eyed3")
-    (version "0.7.10")
+    (version "0.8")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -470,14 +475,13 @@ compression format (.mpc files).")
                   version ".tar.gz"))
              (sha256
               (base32
-               "0wjicszs64ksj2y5jbk09yjd08znc1qnarlq8ssmx13f2d4x59wq"))))
+               "1dcswb0f6w3b05s1v43pq8fmavkd5g88ysndn9160wlaa1v9n40h"))))
     (build-system python-build-system)
     (arguments
-     `(#:python ,python-2))
-    (native-inputs
-     `(("python2-nose" ,python2-nose)
-       ("python2-sphinx" ,python2-sphinx)
-       ("python2-coverage" ,python2-coverage)))
+     `(#:tests? #f)) ; the required test data contains copyrighted material.
+    (propagated-inputs
+     `(("python-six" ,python-six)
+       ("python-grako" ,python-grako)))
     (synopsis "MP3 tag ID3 metadata editor")
     (description "eyeD3 is a Python tool for working with audio files,
 specifically mp3 files containing ID3 metadata (i.e. song info).  It provides a
diff --git a/gnu/packages/mpd.scm b/gnu/packages/mpd.scm
index 5692ff6766..eb45974f6c 100644
--- a/gnu/packages/mpd.scm
+++ b/gnu/packages/mpd.scm
@@ -195,22 +195,23 @@ terminal using ncurses.")
 (define-public ncmpcpp
   (package
     (name "ncmpcpp")
-    (version "0.7.7")
+    (version "0.8")
     (source (origin
               (method url-fetch)
               (uri
-               (string-append "http://ncmpcpp.rybczak.net/stable/ncmpcpp-"
+               (string-append "https://ncmpcpp.rybczak.net/stable/ncmpcpp-"
                               version ".tar.bz2"))
               (sha256
                (base32
-                "1vq19m36608pvw1g8nbcaqqb89wsw05v35pi45xwr20z7g4bxg5p"))))
+                "0nj6ky805a55acj0w57sbn3vfmmkbqp97rhbi0q9848n10f2l3rg"))))
     (build-system gnu-build-system)
     (inputs `(("libmpdclient" ,libmpdclient)
               ("boost"  ,boost)
               ("readline" ,readline)
               ("ncurses" ,ncurses)
               ("taglib" ,taglib)
-              ("icu4c" ,icu4c)))
+              ("icu4c" ,icu4c)
+              ("curl" ,curl)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (arguments
@@ -221,7 +222,7 @@ terminal using ncurses.")
 but it provides new useful features such as support for regular expressions
 for library searches, extended song format, items filtering, the ability to
 sort playlists, and a local file system browser.")
-    (home-page "http://ncmpcpp.rybczak.net/")
+    (home-page "https://ncmpcpp.rybczak.net/")
     (license license:gpl2+)))
 
 (define-public mpdscribble
diff --git a/gnu/packages/mpi.scm b/gnu/packages/mpi.scm
index 3b1ba003c6..93157e2692 100644
--- a/gnu/packages/mpi.scm
+++ b/gnu/packages/mpi.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
 ;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2017 Dave Love <fx@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -110,7 +111,7 @@ bind processes, and much more.")
 (define-public openmpi
   (package
     (name "openmpi")
-    (version "1.10.3")
+    (version "1.10.7")
     (source
      (origin
       (method url-fetch)
@@ -119,29 +120,45 @@ bind processes, and much more.")
                           "/downloads/openmpi-" version ".tar.bz2"))
       (sha256
        (base32
-        "0k95ri9f8kzx5vhzrdbzn59rn2324fs4a96w5v8jy20j8dkbp13l"))))
+        "142s1vny9gllkq336yafxayjgcirj2jv0ddabj879jgya7hyr2d0"))))
     (build-system gnu-build-system)
     (inputs
      `(("hwloc" ,hwloc "lib")
        ("gfortran" ,gfortran)
+       ("libfabric" ,libfabric)
+       ("rdma-core" ,rdma-core)
        ("valgrind" ,valgrind)))
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("perl" ,perl)))
     (arguments
-     `(#:configure-flags `("--enable-static"
+     `(#:configure-flags `("--enable-builtin-atomics"
 
-                           "--enable-mpi-thread-multiple"
-                           "--enable-builtin-atomics"
-
-                           "--enable-mpi-ext=all"
-                           "--with-devel-headers"
+                           "--enable-mpi-ext=affinity" ;cr doesn't work
                            "--enable-memchecker"
+                           "--with-sge"
+
+                           ;; VampirTrace is obsoleted by scorep and disabling
+                           ;; it reduces the closure size considerably.
+                           "--disable-vt"
+
                            ,(string-append "--with-valgrind="
                                            (assoc-ref %build-inputs "valgrind"))
                            ,(string-append "--with-hwloc="
                                            (assoc-ref %build-inputs "hwloc")))
        #:phases (modify-phases %standard-phases
+                  (add-before 'build 'remove-absolute
+                    ;; Remove compiler absolute file names (OPAL_FC_ABSOLUTE
+                    ;; etc.) to reduce the closure size.  See
+                    ;; <https://lists.gnu.org/archive/html/guix-devel/2017-07/msg00388.html>
+                    ;; and
+                    ;; <https://www.mail-archive.com/users@lists.open-mpi.org//msg31397.html>.
+                    (lambda _
+                      (substitute* '("orte/tools/orte-info/param.c"
+                                     "oshmem/tools/oshmem_info/param.c"
+                                     "ompi/tools/ompi_info/param.c")
+                        (("_ABSOLUTE") ""))
+                      #t))
                   (add-before 'build 'scrub-timestamps ;reproducibility
                     (lambda _
                       (substitute* '("ompi/tools/ompi_info/param.c"
@@ -155,9 +172,9 @@ bind processes, and much more.")
                         (for-each delete-file (find-files out "config.log"))
                         #t))))))
     (home-page "http://www.open-mpi.org")
-    (synopsis "MPI-2 implementation")
+    (synopsis "MPI-3 implementation")
     (description
-     "The Open MPI Project is an MPI-2 implementation that is developed and
+     "The Open MPI Project is an MPI-3 implementation that is developed and
 maintained by a consortium of academic, research, and industry partners.  Open
 MPI is therefore able to combine the expertise, technologies, and resources
 from all across the High Performance Computing community in order to build the
@@ -165,3 +182,17 @@ best MPI library available.  Open MPI offers advantages for system and
 software vendors, application developers and computer science researchers.")
     ;; See file://LICENSE
     (license bsd-2)))
+
+(define-public openmpi-thread-multiple
+  (package
+    (inherit openmpi)
+    (name "openmpi-thread-multiple")
+    (arguments
+     (substitute-keyword-arguments (package-arguments openmpi)
+       ((#:configure-flags flags)
+        `(cons "--enable-mpi-thread-multiple" ,flags))))
+    (description " This version of Open@tie{}MPI has an implementation of
+@code{MPI_Init_thread} that provides @code{MPI_THREAD_MULTIPLE}.  This won't
+work correctly with all transports (such as @code{openib}), and the
+performance is generally worse than the vanilla @code{openmpi} package, which
+only provides @code{MPI_THREAD_FUNNELED}.")))
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index 947773289c..56e6d26493 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -952,7 +952,7 @@ your own lessons.")
 (define-public powertabeditor
   (package
     (name "powertabeditor")
-    (version "2.0.0-alpha9")
+    (version "2.0.0-alpha10")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -961,7 +961,7 @@ your own lessons.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1zjdz1qpkl83xr6dkap8airqcyjs3mxc5dzfyhrrvkyr7dics7ii"))
+                "1fr14ql0yhlqvh6y08yaanszm2nvca5i50rqym396kfvga3ky18x"))
               (modules '((guix build utils)))
               (snippet
                '(begin
@@ -996,20 +996,13 @@ add_library( rapidjson INTERFACE IMPORTED )"))
          (replace 'check
            (lambda _
              (zero? (system* "bin/pte_tests"
-                             ;; FIXME: one test fails.
-                             "exclude:Formats/PowerTabOldImport/Directions"))))
-         (add-after 'unpack 'set-target-directories
-           (lambda _
-             (substitute* "cmake/PTE_Executable.cmake"
-               (("set\\( install_dir.*")
-                "set( install_dir bin )\n"))
-             (substitute* "cmake/PTE_Paths.cmake"
-               (("set\\( PTE_DATA_DIR .*")
-                "set( PTE_DATA_DIR share/powertabeditor )\n"))
-             ;; Tests hardcode the data directory as "data"
-             (substitute* "test/CMakeLists.txt"
-               (("\\$\\{PTE_DATA_DIR\\}") "data"))
-             #t))
+                             ;; FIXME: these tests fail
+                             "exclude:Actions/EditStaff"
+                             "exclude:Formats/PowerTabOldImport/MergeMultiBarRests"
+                             "exclude:Score/ViewFilter/FilterRule"
+                             "exclude:Score/ViewFilter/ViewFilter"
+                             "exclude:Formats/PowerTabOldImport/Directions"
+                             ))))
          (add-before 'configure 'remove-third-party-libs
            (lambda* (#:key inputs #:allow-other-keys)
              ;; Link with required static libraries, because we're not
@@ -1706,7 +1699,7 @@ backends, including ALSA, OSS, Network and FluidSynth.")
 (define-public zynaddsubfx
   (package
     (name "zynaddsubfx")
-    (version "3.0.1")
+    (version "3.0.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1714,7 +1707,7 @@ backends, including ALSA, OSS, Network and FluidSynth.")
                     version "/zynaddsubfx-" version ".tar.bz2"))
               (sha256
                (base32
-                "1qijvlbv41lnqaqbp6gh1i42xzf1syviyxz8wr39xbz55cw7y0d8"))))
+                "09mr23lqc51r7gskry5b7hk84pghdpgn1s4vnrzvx7xpa21gvplm"))))
     (build-system cmake-build-system)
     (arguments
      `(#:phases
@@ -1752,7 +1745,7 @@ capabilities, custom envelopes, effects, etc.")
 (define-public yoshimi
   (package
     (name "yoshimi")
-    (version "1.5.1.1")
+    (version "1.5.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/yoshimi/"
@@ -1760,7 +1753,7 @@ capabilities, custom envelopes, effects, etc.")
                                   "/yoshimi-" version ".tar.bz2"))
               (sha256
                (base32
-                "1gjanmbn08x11iz4bjlkx3m66x0yk401ddkz8fqkj7y3p5ih1kna"))))
+                "0sns35pyw2f74xrv1fxiyf9g9415kvh2rrbdjd60hsiv584nlari"))))
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f ; there are no tests
@@ -2101,13 +2094,13 @@ event-based scripts for scrobbling, notifications, etc.")
 (define-public python-mutagen
   (package
     (name "python-mutagen")
-    (version "1.36")
+    (version "1.38")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "mutagen" version))
               (sha256
                (base32
-                "1kabb9b81hgvpd3wcznww549vss12b1xlvpnxg1r6n4c7gikgvnp"))))
+                "0rl7sxn1rcjl48fwga3dqf9f6pzspsny4ngxyf6pp337mrq0z693"))))
     (build-system python-build-system)
     (native-inputs
      `(("python-pytest" ,python-pytest)))
@@ -2187,13 +2180,13 @@ detailed track info including timbre, pitch, rhythm and loudness information.
 (define-public python-pylast
   (package
     (name "python-pylast")
-    (version "1.6.0")
+    (version "1.9.0")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "pylast" version))
               (sha256
                (base32
-                "0bml11gfkxqd3i2jxkn5k2xllc4rvxjcyhs8an05gcyy1zp2bwvb"))))
+                "190c6sicc80v21wbbwbq771nqmxw4r6aqmxs22ndj177rc2l275f"))))
     (build-system python-build-system)
     (arguments
      '(#:tests? #f)) ; FIXME: Requires unpackaged python-flaky.
@@ -2264,15 +2257,16 @@ of tools for manipulating and accessing your music.")
 (define-public milkytracker
   (package
     (name "milkytracker")
-    (version "1.0.0")
+    (version "1.01.00")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/milkytracker/"
-                                  "MilkyTracker/archive/v" version ".tar.gz"))
+                                  "MilkyTracker/archive/v"
+                                  version ".tar.gz"))
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1p1jd4h274jvcvl05l01v9bj19zhq4sjag92v1zawyi93ib85abz"))
+                "1dvnddsnn9c83lz4dlm0cfjpc0m524amfkbalxbswdy0qc8cj1wv"))
               (modules '((guix build utils)))
               ;; Remove non-FSDG compliant sample songs.
               (snippet
@@ -2345,6 +2339,78 @@ part.  The player is based on a highly modified version of the ModPlug engine,
 with a number of bugfixes and changes to improve IT playback.")
     (license license:gpl2+)))
 
+(define-public sooperlooper
+  (package
+    (name "sooperlooper")
+    (version "1.7.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://essej.net/sooperlooper/sooperlooper-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "0n2gdxw1fx8nxxnpzf4sj0kp6k6zi1yq59cbz6qqzcnsnpnvszbs"))
+              (patches (search-patches "sooperlooper-build-with-wx-30.patch"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:make-flags (list "CXXFLAGS=-std=gnu++11")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'add-sigc++-includes
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let ((sig (assoc-ref inputs "libsigc++"))
+                   (xml (assoc-ref inputs "libxml2"))
+                   (cwd (getcwd)))
+               (setenv "CPATH"
+                       (string-append sig "/include/sigc++-2.0:"
+                                      sig "/lib/sigc++-2.0/include:"
+                                      xml "/include/libxml2/:"
+                                      cwd "/libs/pbd:"
+                                      cwd "/libs/midi++")))
+             (substitute* '("src/control_osc.hpp"
+                            "src/gui/app_frame.hpp"
+                            "src/gui/config_panel.hpp"
+                            "src/gui/keys_panel.hpp"
+                            "src/gui/latency_panel.hpp"
+                            "src/gui/main_panel.hpp"
+                            "src/gui/midi_bind_panel.hpp"
+                            "src/gui/prefs_dialog.hpp")
+               (("sigc\\+\\+/object.h")
+                "sigc++/sigc++.h"))
+             (substitute* '("src/engine.cpp"
+                            "src/gui/latency_panel.cpp"
+                            "src/gui/looper_panel.cpp"
+                            "src/gui/main_panel.cpp")
+               (("(\\(| )bind " _ pre)
+                (string-append pre "sigc::bind ")))
+             #t))
+         (add-after 'unpack 'fix-xpm-warnings
+           (lambda _
+             (substitute* (find-files "." "\\.xpm$")
+               (("static char") "static const char"))
+             #t)))))
+    (inputs
+     `(("jack" ,jack-1)
+       ("alsa-lib" ,alsa-lib)
+       ("wxwidgets" ,wxwidgets-gtk2)
+       ("libsndfile" ,libsndfile)
+       ("libsamplerate" ,libsamplerate)
+       ("liblo" ,liblo)
+       ("rubberband" ,rubberband)
+       ("libxml2" ,libxml2)
+       ("libsigc++" ,libsigc++)
+       ("ncurses" ,ncurses)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "http://essej.net/sooperlooper/")
+    (synopsis "Live looping sampler")
+    (description
+     "SooperLooper is a live looping sampler capable of immediate loop
+recording, overdubbing, multiplying, reversing and more. It allows for
+multiple simultaneous multi-channel loops limited only by your computer's
+available memory.")
+    (license license:gpl2+)))
+
 (define-public moc
   (package
     (name "moc")
@@ -3098,3 +3164,37 @@ MuseScore can also play back scores through the built-in sequencer and SoundFont
 sample library.")
     (home-page "https://musescore.org")
     (license license:gpl2)))
+
+(define-public dssi
+  (package
+    (name "dssi")
+    (version "1.1.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "mirror://sourceforge/dssi/dssi/" version
+                    "/dssi-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0kl1hzhb7cykzkrqcqgq1dk4xcgrcxv0jja251aq4z4l783jpj7j"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("alsa-lib" ,alsa-lib)
+       ("jack-2" ,jack-2)
+       ("ladspa" ,ladspa)
+       ("libsamplerate" ,libsamplerate)
+       ("libsndfile" ,libsndfile)
+       ("liblo" ,liblo)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (synopsis "Audio plugin API for soft synths and effects")
+    (description "DSSI is a plugin API for software instruments with user
+interfaces, permitting them to be hosted in-process by audio applications.
+It is intended to be simple, GUI-toolkit-agnostic, and slightly biased
+towards familiarity with MIDI.  The DSSI distribution package contains
+a JACK/ALSA-sequencer reference host and some plugins as well as the
+specification and header.")
+    (home-page "http://dssi.sourceforge.net/")
+    ;; The DSSI interface is LGPL2.1+, some tests and examples are GPL2+.
+    ;; The vast majority of examples are in the public domain.
+    (license (list license:lgpl2.1+ license:gpl2+))))
diff --git a/gnu/packages/nano.scm b/gnu/packages/nano.scm
index 093adaae0a..4d0f89996e 100644
--- a/gnu/packages/nano.scm
+++ b/gnu/packages/nano.scm
@@ -29,7 +29,7 @@
 (define-public nano
   (package
     (name "nano")
-    (version "2.8.5")
+    (version "2.8.6")
     (source
      (origin
       (method url-fetch)
@@ -37,7 +37,7 @@
                           version ".tar.xz"))
       (sha256
        (base32
-        "1hl9gni3qmblr062a7w6vz16gvxbswgc5c19c923ja0bk48vyhyb"))))
+        "0xjpm2ka56x5ycrgjh06v110na13xlbm42bs8qibk7g578m9cils"))))
     (build-system gnu-build-system)
     (inputs
      `(("gettext" ,gettext-minimal)
diff --git a/gnu/packages/ncurses.scm b/gnu/packages/ncurses.scm
index 0b23baf129..9f5905bc89 100644
--- a/gnu/packages/ncurses.scm
+++ b/gnu/packages/ncurses.scm
@@ -32,17 +32,18 @@
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages swig)
+  #:use-module (gnu packages linux)
   #:use-module (guix utils))
 
 (define-public ncurses
   (package
     (name "ncurses")
-    (replacement ncurses/fixed)
     (version "6.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnu/ncurses/ncurses-"
                                   version ".tar.gz"))
+              (patches (search-patches "ncurses-CVE-2017-10684-10685.patch"))
               (sha256
                (base32
                 "0q3jck7lna77z5r42f13c4xglc7azd19pxfrjrpgp2yf615w4lgm"))))
@@ -189,21 +190,23 @@ ncursesw library provides wide character support.")
     (license x11)
     (home-page "https://www.gnu.org/software/ncurses/")))
 
-(define ncurses/fixed
-  (package
-    (inherit ncurses)
-    (source
-      (origin
-        (inherit (package-source ncurses))
-        (patches
-          (append
-            (origin-patches (package-source ncurses))
-            (search-patches "ncurses-CVE-2017-10684-10685.patch")))))))
+(define-public ncurses/gpm
+  (package/inherit ncurses
+    (name "ncurses-with-gpm")
+    (arguments
+     (substitute-keyword-arguments (package-arguments ncurses)
+       ((#:configure-flags cf)
+        `(cons (string-append "--with-gpm="
+                              (assoc-ref %build-inputs "gpm")
+                              "/lib/libgpm.so.2")
+               ,cf))))
+    (inputs
+     `(("gpm" ,gpm)))))
 
 (define-public dialog
   (package
     (name "dialog")
-    (version "1.2-20150920")
+    (version "1.3-20170509")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -211,7 +214,7 @@ ncursesw library provides wide character support.")
                     version ".tgz"))
               (sha256
                (base32
-                "01ccd585c241nkj02n0zdbx8jqhylgcfpcmmshynh0c7fv2ixrn4"))))
+                "0mj7rl5psilaj3bxxvjfd44qjknxjli98b0d1lxd3f9jqrsbmw9g"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f)) ; no test suite
diff --git a/gnu/packages/netpbm.scm b/gnu/packages/netpbm.scm
index cd0c3d950d..2d76d7e067 100644
--- a/gnu/packages/netpbm.scm
+++ b/gnu/packages/netpbm.scm
@@ -36,7 +36,7 @@
 (define-public netpbm
   (package
    (name "netpbm")
-   (version "10.61.01")
+   (version "10.78.3")
    (source (origin
             (method svn-fetch)
             ;; At the time of first packaging, the "super-stable" and
@@ -48,10 +48,10 @@
             ;; To determine the correct release: "svn log version.mk".
             (uri (svn-reference
                    (url "http://svn.code.sf.net/p/netpbm/code/advanced")
-                   (revision 1832)))
+                   (revision 2965)))
             (sha256
               (base32
-               "1mj1pqq18yj0yb6l24zfjls7axhqmiv0pvcaabl5xvc4a0dm543j"))
+               "1k7as9qi1942wyjxpvbf02wg0h4braw44m3m3vvi8sm9y5z1m967"))
             (file-name (string-append name "-" version "-checkout"))
             (modules '((guix build utils)))
             (snippet
@@ -87,6 +87,9 @@
                 (drop "ppmtopjxl" in "converter/ppm")
 
                 ;; Remove timestamps from the generated code.
+                (substitute* "buildtools/makepointerman"
+                  (("gmctime[(][)]")
+                   "\"Thu Jan 1 00:00:00 1970\""))
                 (substitute* "buildtools/stamp-date"
                   (("^DATE=.*")
                    "DATE=\"Thu Jan 01 00:00:00+0000 1970\"\n")
@@ -124,8 +127,8 @@
 
            (let ((rgb (string-append (assoc-ref inputs "xorg-rgb")
                                      "/share/X11/rgb.txt")))
-             (substitute* "pm_config.in.h"
-               (("/usr/share/X11/rgb.txt") rgb))
+             (substitute* "config.mk"
+               (("/usr/share/netpbm/rgb.txt") rgb))
 
              ;; Our Ghostscript no longer provides the 'gs' command, only
              ;; 'gsc', so look for that instead.
@@ -146,7 +149,15 @@
              (("all-in-place.test") "")
              (("pnmpsnr.test") "")
              (("pnmremap1.test") "")
-             (("gif-roundtrip.test") ""))
+             (("gif-roundtrip.test") "")
+
+             ;; These two tests started failing in netpbm-10.78.3.
+             (("jpeg-roundtrip.test") "")
+             (("pbmtext.test") "")
+
+             ;; Skip tests that use nonfree programs that we don't build.
+             (("ps-alt-roundtrip.test") "" )
+             (("pbm-misc-converters.test") ""))
            #t))
        (replace 'install
          (lambda* (#:key outputs make-flags #:allow-other-keys)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index d4b9a3d129..b786b63c20 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -6,10 +6,10 @@
 ;;; Copyright © 2016 Raimon Grau <raimonster@gmail.com>
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
-;;; Copyright © 2016 Nicolas Goaziou <mail@nicolasgoaziou.fr>
+;;; Copyright © 2016, 2017 Nicolas Goaziou <mail@nicolasgoaziou.fr>
 ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2016, 2017 ng0 <ng0@libertad.pw>
-;;; Copyright © 2016 Arun Isaac <arunisaac@systemreboot.net>
+;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
+;;; Copyright © 2016, 2017 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2016 Benz Schenk <benz.schenk@uzh.ch>
 ;;; Copyright © 2016, 2017 Pjotr Prins <pjotr.guix@thebird.nl>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
@@ -55,6 +55,7 @@
   #:use-module (gnu packages dejagnu)
   #:use-module (gnu packages flex)
   #:use-module (gnu packages gettext)
+  #:use-module (gnu packages glib)
   #:use-module (gnu packages gnupg)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages libidn)
@@ -66,10 +67,13 @@
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
+  #:use-module (gnu packages qt)
   #:use-module (gnu packages readline)
+  #:use-module (gnu packages ssh)
   #:use-module (gnu packages textutils)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages valgrind)
+  #:use-module (gnu packages wm)
   #:use-module (gnu packages xml)
   #:use-module (ice-9 match))
 
@@ -440,7 +444,7 @@ and up to 1 Mbit/s downstream.")
 (define-public whois
   (package
     (name "whois")
-    (version "5.2.16")
+    (version "5.2.18")
     (source
      (origin
        (method url-fetch)
@@ -448,7 +452,7 @@ and up to 1 Mbit/s downstream.")
                            name "_" version ".tar.xz"))
        (sha256
         (base32
-         "0fpwac26ja0rdqsbxyjcsk8gxgixfpxk0baj3rhnpaff3jv0ilp9"))))
+         "1mcpgj18n1xppvlhjqzpj05yr5z48bym9bd88k10fwgkmwk0spf3"))))
     (build-system gnu-build-system)
     ;; TODO: unbundle mkpasswd binary + its po files.
     (arguments
@@ -479,30 +483,31 @@ which can be used to encrypt a password with @code{crypt(3)}.")
 (define-public wireshark
   (package
     (name "wireshark")
-    (version "2.2.7")
-    (synopsis "Network traffic analyzer")
+    (version "2.4.0")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://www.wireshark.org/download/src/wireshark-"
-                           version ".tar.bz2"))
+                           version ".tar.xz"))
        (sha256
         (base32
-         "1dfvhra5v6xhzbp097qsxi0zvirw0srbasl4v1wjf58v49idz7b8"))))
-    (build-system glib-or-gtk-build-system)
-    (inputs `(("bison" ,bison)
-              ("c-ares" ,c-ares)
-              ("flex" ,flex)
+         "011vvrj76z1azkpvyy2j40b1x1z56ymld508zfc4xw3gh8dv82w9"))))
+    (build-system gnu-build-system)
+    (inputs `(("c-ares" ,c-ares)
+              ("glib" ,glib)
               ("gnutls" ,gnutls)
-              ("gtk+" ,gtk+)
               ("libcap" ,libcap)
               ("libgcrypt" ,libgcrypt)
               ("libnl" ,libnl)
               ("libpcap" ,libpcap)
-              ("lua" ,lua-5.2)
+              ("libssh" ,libssh)
+              ("libxml2" ,libxml2)
+              ("lua" ,lua-5.2)          ;Lua 5.3 unsupported
               ("krb5" ,mit-krb5)
               ("openssl" ,openssl)
               ("portaudio" ,portaudio)
+              ("qtbase" ,qtbase)
+              ("qttools" ,qttools)
               ("sbc" ,sbc)
               ("zlib" ,zlib)))
     (native-inputs `(("perl" ,perl)
@@ -513,19 +518,21 @@ which can be used to encrypt a password with @code{crypt(3)}.")
        (list (string-append "--with-c-ares=" (assoc-ref %build-inputs "c-ares"))
              (string-append "--with-krb5=" (assoc-ref %build-inputs "krb5"))
              (string-append "--with-libcap=" (assoc-ref %build-inputs "libcap"))
+             (string-append "--with-libssh=" (assoc-ref %build-inputs "libssh"))
              (string-append "--with-lua=" (assoc-ref %build-inputs "lua"))
              (string-append "--with-pcap=" (assoc-ref %build-inputs "libpcap"))
              (string-append "--with-portaudio="
-                             (assoc-ref %build-inputs "portaudio"))
+                            (assoc-ref %build-inputs "portaudio"))
              (string-append "--with-sbc=" (assoc-ref %build-inputs "sbc"))
              (string-append "--with-ssl=" (assoc-ref %build-inputs "openssl"))
-             (string-append "--with-zlib=" (assoc-ref %build-inputs "zlib"))
-             "--without-qt")))
+             (string-append "--with-zlib=" (assoc-ref %build-inputs "zlib")))))
+    (home-page "https://www.wireshark.org/")
+    (synopsis "Network traffic analyzer")
     (description "Wireshark is a network protocol analyzer, or @dfn{packet
 sniffer}, that lets you capture and interactively browse the contents of
 network frames.")
-    (license license:gpl2+)
-    (home-page "https://www.wireshark.org/")))
+    (home-page "https://www.wireshark.org/")
+    (license license:gpl2+)))
 
 (define-public fping
   (package
@@ -698,7 +705,7 @@ allows for heavy scripting.")
 (define-public perl-net-dns
  (package
   (name "perl-net-dns")
-  (version "1.06")
+  (version "1.12")
   (source
     (origin
       (method url-fetch)
@@ -708,7 +715,7 @@ allows for heavy scripting.")
              ".tar.gz"))
       (sha256
         (base32
-          "07m5331132h9xkh1i6jv9d80f571yva27iqa31aq4sm31iw7nn53"))))
+          "1zy16idzc96n20fm9976qapz89n3f44xpylhs5cvfgyyg7z03zr5"))))
   (build-system perl-build-system)
   (inputs
     `(("perl-digest-hmac" ,perl-digest-hmac)))
@@ -1103,7 +1110,7 @@ gone wild and are suddenly taking up your bandwidth.")
 (define-public nzbget
   (package
     (name "nzbget")
-    (version "18.1")
+    (version "19.1")
     (source
      (origin
        (method url-fetch)
@@ -1112,14 +1119,22 @@ gone wild and are suddenly taking up your bandwidth.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1a8wmbhc1si1n8axzrr8ysmrd3gr643lbh6pvzmr0hnd65fixmx5"))))
+         "0y713g7gd4n5chbhr8lv7k50rxkmzysrg13sscxam3s386mmlb1r"))
+       (modules '((guix build utils)))
+       (snippet
+        ;; Reported upstream as <https://github.com/nzbget/nzbget/pull/414>.
+        '(begin
+           (substitute* "daemon/connect/TlsSocket.cpp"
+             (("gnutls_certificate-verification_status_print")
+              "gnutls_certificate_verification_status_print"))
+           #t))))
     (arguments
      `(#:configure-flags
        (list
-        (string-append "--with-libcurses-includes=" (assoc-ref
-%build-inputs "ncurses") "/include")
-        (string-append "--with-libcurses-libraries=" (assoc-ref
-%build-inputs "ncurses") "/lib")
+        (string-append "--with-libcurses-includes="
+                       (assoc-ref %build-inputs "ncurses") "/include")
+        (string-append "--with-libcurses-libraries="
+                       (assoc-ref %build-inputs "ncurses") "/lib")
         (string-append "--with-tlslib=GnuTLS"))))
     (build-system gnu-build-system)
     (inputs `(("gnutls", gnutls)
@@ -1261,6 +1276,32 @@ enabled due to license conflicts between the BSD advertising clause and the GPL.
     ;; distribution for clarification.
     (license (list license:bsd-3 license:bsd-4))))
 
+(define-public pidentd
+  (package
+    (name "pidentd")
+    (version "3.0.19")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/ptrrkssn/pidentd/archive/"
+                           "v" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0y3kd1bkydqkpc1qdff24yswysamsqivvadjy0468qri5730izgc"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f)) ; No tests are included
+    (inputs
+     `(("openssl" ,openssl))) ; For the DES library
+    (home-page "https://www.lysator.liu.se/~pen/pidentd/")
+    (synopsis "Small Ident Daemon")
+    (description
+     "@dfn{Pidentd} (Peter's Ident Daemon) is a identd, which implements a
+identification server.  Pidentd looks up specific TCP/IP connections and
+returns the user name and other information about the connection.")
+    (license license:public-domain)))
+
 (define-public spiped
   (package
     (name "spiped")
@@ -1387,3 +1428,35 @@ newer and only works on Ethernet network interfaces.")
     ;; AGPL 3 with exception for linking with OpenSSL. See the 'LICENSE' file in
     ;; the source distribution for more information.
     (license license:agpl3)))
+
+(define-public bmon
+  (package
+    (name "bmon")
+    (version "4.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/tgraf/bmon/releases/download/v"
+                           version "/bmon-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0ylzriv4pwh76344abzl1w219x188gshbycbna35gsyfp09c7z82"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("libconfuse" ,libconfuse)
+       ("libnl" ,libnl)
+       ("ncurses" ,ncurses)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (synopsis "Bandwidth monitor")
+    (description "bmon is a monitoring and debugging tool to capture
+networking-related statistics and prepare them visually in a human-friendly
+way.  It features various output methods including an interactive curses user
+interface and a programmable text output for scripting.")
+    (home-page "https://github.com/tgraf/bmon")
+    ;; README.md mentions both the 2-clause BSD and expat licenses, but all
+    ;; the source files only have expat license headers. Upstream has been
+    ;; contacted for clarification: https://github.com/tgraf/bmon/issues/59
+    ;; Update the license field when upstream responds.
+    (license (list license:bsd-2
+                   license:expat))))
diff --git a/gnu/packages/nim.scm b/gnu/packages/nim.scm
index c249e2be93..560f10e4ad 100644
--- a/gnu/packages/nim.scm
+++ b/gnu/packages/nim.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 José Miguel Sánchez García <jmi2k@openmailbox.org>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -25,15 +26,15 @@
 (define-public nim
   (package
     (name "nim")
-    (version "0.16.0")
+    (version "0.17.0")
     (source
      (origin
       (method url-fetch)
-      (uri (string-append "http://nim-lang.org/download/"
+      (uri (string-append "https://nim-lang.org/download/"
                           name "-" version ".tar.xz"))
       (sha256
        (base32
-        "0rsibhkc5n548bn9yyb9ycrdgaph5kq84sfxc9gabjs7pqirh6cy"))))
+        "16vsmk4rqnkg9lc9h9jk62ps0x778cdqg6qrs3k6fv2g73cqvq9n"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; No tests.
@@ -46,11 +47,21 @@
                  (substitute* "install.sh"
                    (("1/nim") "1"))
                  #t)))
+           (add-after 'patch-source-shebangs 'patch-more-shebangs
+             (lambda _
+               (substitute* (append '("tests/stdlib/tosprocterminate.nim"
+                                      "lib/pure/osproc.nim")
+                                    (find-files "c_code" "stdlib_osproc.c"))
+                 (("/bin/sh") (which "sh")))
+               #t))
+           (replace 'build
+             (lambda _
+               (zero? (system* "sh" "build.sh"))))
            (replace 'install
              (lambda* (#:key outputs #:allow-other-keys)
                (let ((out (assoc-ref outputs "out")))
                  (zero? (system* "./install.sh" out))))))))
-    (home-page "http://nim-lang.org")
+    (home-page "https://nim-lang.org")
     (synopsis "Statically-typed, imperative programming language")
     (description "Nim (formerly known as Nimrod) is a statically-typed,
 imperative programming language that tries to give the programmer ultimate power
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index d4415fc501..2cebabbcaf 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -134,6 +134,10 @@
        ("procps" ,procps)
        ("util-linux" ,util-linux)
        ("which" ,which)))
+    (native-search-paths
+     (list (search-path-specification
+            (variable "NODE_PATH")
+            (files '("lib/node_modules")))))
     (inputs
      `(("c-ares" ,c-ares)
        ("http-parser" ,http-parser)
diff --git a/gnu/packages/ntp.scm b/gnu/packages/ntp.scm
index 00526f526f..959aa55a76 100644
--- a/gnu/packages/ntp.scm
+++ b/gnu/packages/ntp.scm
@@ -98,16 +98,14 @@ computers over a network.")
 (define-public openntpd
   (package
     (name "openntpd")
-    (version "6.0p1")
+    (version "6.1p1")
     (source (origin
               (method url-fetch)
-              ;; XXX Use mirror://openbsd
               (uri (string-append
-                    "http://ftp.openbsd.org/pub/OpenBSD/OpenNTPD/openntpd-"
-                    version ".tar.gz"))
+                    "mirror://openbsd/OpenNTPD/" name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1s3plmxmybwpfrimq6sc54wxnn6ca7rb2g5k2bdjm4c88w4q1axi"))))
+                "1ykx9ga76k5m54h7k5x4ds2clxsyfniss5vmf88pxnrip5bx6if8"))))
     (build-system gnu-build-system)
     (home-page "http://www.openntpd.org/")
     (synopsis "NTP client and server by the OpenBSD Project")
diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm
index 68619019f1..43bbdcd6e2 100644
--- a/gnu/packages/ocaml.scm
+++ b/gnu/packages/ocaml.scm
@@ -28,10 +28,13 @@
   #:use-module (gnu packages)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages base)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages boost)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages curl)
   #:use-module (gnu packages databases)
   #:use-module (gnu packages emacs)
+  #:use-module (gnu packages flex)
   #:use-module (gnu packages gcc)
   #:use-module (gnu packages ghostscript)
   #:use-module (gnu packages glib)
@@ -3153,3 +3156,238 @@ writing to these structures, and they are accessed via the Bigarray module.")
     (synopsis "Minimal library providing hexadecimal converters")
     (description "Hex is a minimal library providing hexadecimal converters.")
     (license license:isc)))
+
+(define-public coq-flocq
+  (package
+    (name "coq-flocq")
+    (version "2.5.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://gforge.inria.fr/frs/download.php/file"
+                                  "/36199/flocq-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0h5mlasirfzc0wwn2isg4kahk384n73145akkpinrxq5jsn5d22h"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("ocaml" ,ocaml)
+       ("which" ,which)
+       ("coq" ,coq)))
+    (arguments
+     `(#:configure-flags
+       (list (string-append "--libdir=" (assoc-ref %outputs "out")
+                            "/lib/coq/user-contrib/Flocq"))
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'fix-remake
+           (lambda _
+             (substitute* "remake.cpp"
+               (("/bin/sh") (which "sh")))))
+         (replace 'build
+           (lambda _
+             (zero? (system* "./remake"))))
+         (replace 'check
+           (lambda _
+             (zero? (system* "./remake" "check"))))
+             ;; TODO: requires coq-gappa and coq-interval.
+             ;(zero? (system* "./remake" "check-more"))))
+         (replace 'install
+           (lambda _
+             (zero? (system* "./remake" "install")))))))
+    (home-page "http://flocq.gforge.inria.fr/")
+    (synopsis "Floating-point formalization for the Coq system")
+    (description "Flocq (Floats for Coq) is a floating-point formalization for
+the Coq system.  It provides a comprehensive library of theorems on a multi-radix
+multi-precision arithmetic.  It also supports efficient numerical computations
+inside Coq.")
+    (license license:lgpl3+)))
+
+(define-public coq-gappa
+  (package
+    (name "coq-gappa")
+    (version "1.3.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://gforge.inria.fr/frs/download.php/file/36351/gappa-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "0924jr6f15fx22qfsvim5vc0qxqg30ivg9zxj34lf6slbgdl3j39"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("ocaml" ,ocaml)
+       ("which" ,which)
+       ("coq" ,coq)
+       ("bison" ,bison)
+       ("flex" ,flex)))
+    (inputs
+     `(("gmp" ,gmp)
+       ("mpfr" ,mpfr)
+       ("boost" ,boost)))
+    (arguments
+     `(#:configure-flags
+       (list (string-append "--libdir=" (assoc-ref %outputs "out")
+                            "/lib/coq/user-contrib/Gappa"))
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'fix-remake
+           (lambda _
+             (substitute* "remake.cpp"
+               (("/bin/sh") (which "sh")))))
+         (replace 'build
+           (lambda _
+             (zero? (system* "./remake"))))
+         (replace 'check
+           (lambda _
+             (zero? (system* "./remake" "check"))))
+         (replace 'install
+           (lambda _
+             (zero? (system* "./remake" "install")))))))
+    (home-page "http://gappa.gforge.inria.fr/")
+    (synopsis "Verify and formally prove properties on numerical programs")
+    (description "Gappa is a tool intended to help verifying and formally proving
+properties on numerical programs dealing with floating-point or fixed-point
+arithmetic.  It has been used to write robust floating-point filters for CGAL
+and it is used to certify elementary functions in CRlibm.  While Gappa is
+intended to be used directly, it can also act as a backend prover for the Why3
+software verification plateform or as an automatic tactic for the Coq proof
+assistant.")
+    (license (list license:gpl2+ license:cecill))));either gpl2+ or cecill
+
+(define-public coq-mathcomp
+  (package
+    (name "coq-mathcomp")
+    (version "1.6.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/math-comp/math-comp/archive/mathcomp-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "1j9ylggjzrxz1i2hdl2yhsvmvy5z6l4rprwx7604401080p5sgjw"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("ocaml" ,ocaml)
+       ("which" ,which)
+       ("coq" ,coq)))
+    (arguments
+     `(#:tests? #f; No need to test formally-verified programs :)
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (add-before 'build 'chdir
+           (lambda _
+             (chdir "mathcomp")))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (setenv "COQLIB" (string-append (assoc-ref outputs "out") "/lib/coq/"))
+             (zero? (system* "make" "-f" "Makefile.coq"
+                             (string-append "COQLIB=" (assoc-ref outputs "out")
+                                            "/lib/coq/")
+                             "install")))))))
+    (home-page "https://math-comp.github.io/math-comp/")
+    (synopsis "Mathematical Components for Coq")
+    (description "Mathematical Components for Coq has its origins in the formal
+proof of the Four Colour Theorem.  Since then it has grown to cover many areas
+of mathematics and has been used for large scale projects like the formal proof
+of the Odd Order Theorem.
+
+The library is written using the Ssreflect proof language that is an integral
+part of the distribution.")
+    (license license:cecill-b)))
+
+(define-public coq-coquelicot
+  (package
+    (name "coq-coquelicot")
+    (version "3.0.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://gforge.inria.fr/frs/download.php/"
+                                  "file/36537/coquelicot-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0fx99bvsbdizj00gx2im8939y4wwl05f4qhw184j90kcx5vjxxv9"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("ocaml" ,ocaml)
+       ("which" ,which)
+       ("coq" ,coq)))
+    (propagated-inputs
+     `(("mathcomp" ,coq-mathcomp)))
+    (arguments
+     `(#:configure-flags
+       (list (string-append "--libdir=" (assoc-ref %outputs "out")
+                            "/lib/coq/user-contrib/Coquelicot"))
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'fix-remake
+           (lambda _
+             (substitute* "remake.cpp"
+               (("/bin/sh") (which "sh")))))
+         (replace 'build
+           (lambda _
+             (zero? (system* "./remake"))))
+         (replace 'check
+           (lambda _
+             (zero? (system* "./remake" "check"))))
+         (replace 'install
+           (lambda _
+             (zero? (system* "./remake" "install")))))))
+    (home-page "http://coquelicot.saclay.inria.fr/index.html")
+    (synopsis "Coq library for Reals")
+    (description "Coquelicot is an easier way of writing formulas and theorem
+statements, achieved by relying on total functions in place of dependent types
+for limits, derivatives, integrals, power series, and so on.  To help with the
+proof process, the library comes with a comprehensive set of theorems that cover
+not only these notions, but also some extensions such as parametric integrals,
+two-dimensional differentiability, asymptotic behaviors.  It also offers some
+automations for performing differentiability proofs.  Moreover, Coquelicot is a
+conservative extension of Coq's standard library and provides correspondence
+theorems between the two libraries.")
+    (license license:lgpl3+)))
+
+(define-public coq-interval
+  (package
+    (name "coq-interval")
+    (version "3.2.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://gforge.inria.fr/frs/download.php/"
+                                  "file/36538/interval-" version ".tar.gz"))
+              (sha256
+               (base32
+                "16ir7mizl18kwa1ls8fwjih6r87894bvc1r6lh85cd43la7nriq3"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("ocaml" ,ocaml)
+       ("which" ,which)
+       ("coq" ,coq)))
+    (propagated-inputs
+     `(("flocq" ,coq-flocq)
+       ("coquelicot" ,coq-coquelicot)
+       ("mathcomp" ,coq-mathcomp)))
+    (arguments
+     `(#:configure-flags
+       (list (string-append "--libdir=" (assoc-ref %outputs "out")
+                            "/lib/coq/user-contrib/Gappa"))
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'fix-remake
+           (lambda _
+             (substitute* "remake.cpp"
+               (("/bin/sh") (which "sh")))))
+         (replace 'build
+           (lambda _
+             (zero? (system* "./remake"))))
+         (replace 'check
+           (lambda _
+             (zero? (system* "./remake" "check"))))
+         (replace 'install
+           (lambda _
+             (zero? (system* "./remake" "install")))))))
+    (home-page "http://coq-interval.gforge.inria.fr/")
+    (synopsis "Coq tactics to simplify inequality proofs")
+    (description "Interval provides vernacular files containing tactics for
+simplifying the proofs of inequalities on expressions of real numbers for the
+Coq proof assistant.")
+    (license license:cecill-c)))
diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm
index b7e13f0a68..08307e37b9 100644
--- a/gnu/packages/openldap.scm
+++ b/gnu/packages/openldap.scm
@@ -40,8 +40,7 @@
 (define-public openldap
   (package
    (name "openldap")
-   (replacement openldap/fixed)
-   (version "2.4.44")
+   (version "2.4.45")
    (source (origin
             (method url-fetch)
 
@@ -51,14 +50,14 @@
                         "ftp://mirror.switch.ch/mirror/OpenLDAP/"
                         "openldap-release/openldap-" version ".tgz")
                        (string-append
-                        "ftp://ftp.OpenLDAP.org/pub/OpenLDAP/"
+                        "https://www.openldap.org/software/download/OpenLDAP/"
                         "openldap-release/openldap-" version ".tgz")
                        (string-append
                         "ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/"
                         "openldap-release/openldap-" version ".tgz")))
             (sha256
              (base32
-              "0044p20hx07fwgw2mbwj1fkx04615hhs1qyx4mawj2bhqvrnppnp"))))
+              "091qvwk5dkcpp17ziabcnh3rg3m7qwzw2pihfcd1d5fdxgywzmnd"))))
    (build-system gnu-build-system)
    (inputs `(("bdb" ,bdb-5.3)
              ("cyrus-sasl" ,cyrus-sasl)
@@ -71,23 +70,25 @@
    (arguments
     `(#:tests? #f
       #:phases
-       (alist-cons-after
-        'configure 'provide-libtool
-        (lambda _ (copy-file (which "libtool") "libtool"))
-       %standard-phases)))
+      (modify-phases %standard-phases
+        (add-after 'configure 'provide-libtool
+          (lambda _ (copy-file (which "libtool") "libtool")
+            #t))
+        (add-after 'install 'patch-sasl-path
+          ;; Give -L arguments for cyrus-sasl to avoid propagation.
+          (lambda* (#:key inputs outputs #:allow-other-keys)
+            (let ((out (assoc-ref outputs "out"))
+                  (sasl (assoc-ref inputs "cyrus-sasl")))
+              (substitute* (map (lambda (f) (string-append out "/" f))
+                                '("lib/libldap.la" "lib/libldap_r.la"))
+                (("-lsasl2" lib)
+                 (string-append "-L" sasl "/lib " lib)))
+              #t))))))
    (synopsis "Implementation of the Lightweight Directory Access Protocol")
    (description
     "OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.")
    (license openldap2.8)
-   (home-page "http://www.openldap.org/")))
-
-(define openldap/fixed
-  (package
-    (inherit openldap)
-    (source
-      (origin
-        (inherit (package-source openldap))
-        (patches (search-patches "openldap-CVE-2017-9287.patch"))))))
+   (home-page "https://www.openldap.org/")))
 
 (define-public nss-pam-ldapd
   (package
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index d2e30781ba..9b31f905e4 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 Muriithi Frederick Muriuki <fredmanglis@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -25,7 +26,7 @@
   #:use-module (guix utils)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system python)
-  #:use-module ((guix licenses) #:select (gpl2+ gpl3+ lgpl2.1+ asl2.0))
+  #:use-module ((guix licenses) #:select (gpl2+ gpl3+ lgpl2.1+ asl2.0 bsd-3))
   #:use-module (gnu packages)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages file)
@@ -52,6 +53,7 @@
   #:use-module (gnu packages tls)
   #:use-module (gnu packages ssh)
   #:use-module (gnu packages vim)
+  #:use-module (gnu packages serialization)
   #:use-module (srfi srfi-1)
   #:use-module (ice-9 match))
 
@@ -74,8 +76,8 @@
   ;; Note: the 'update-guix-package.scm' script expects this definition to
   ;; start precisely like this.
   (let ((version "0.13.0")
-        (commit "b547349d505c57fd679b6e48c472d8ab65469c96")
-        (revision 3))
+        (commit "228a3982df157847554abc9d0831d687264d8ebd")
+        (revision 5))
     (package
       (name "guix")
 
@@ -91,7 +93,7 @@
                       (commit commit)))
                 (sha256
                  (base32
-                  "0q6qr9hvrac1wj2ygn4jj4w89h1m35zkcjjd741sibc3l46pa93l"))
+                  "1gnc1w9kby7db9jih4xwrhrv0j57zy09lmr85gbmcqna6bx3wypw"))
                 (file-name (string-append "guix-" version "-checkout"))))
       (build-system gnu-build-system)
       (arguments
@@ -119,6 +121,7 @@
 
          #:modules ((guix build gnu-build-system)
                     (guix build utils)
+                    (srfi srfi-26)
                     (ice-9 popen)
                     (ice-9 rdelim))
 
@@ -185,21 +188,31 @@
                         (let* ((out    (assoc-ref outputs "out"))
                                (guile  (assoc-ref inputs "guile"))
                                (json   (assoc-ref inputs "guile-json"))
+                               (git    (assoc-ref inputs "guile-git"))
                                (ssh    (assoc-ref inputs "guile-ssh"))
                                (gnutls (assoc-ref inputs "gnutls"))
+                               (deps   (list json gnutls git ssh))
                                (effective
                                 (read-line
                                  (open-pipe* OPEN_READ
                                              (string-append guile "/bin/guile")
                                              "-c" "(display (effective-version))")))
-                               (path   (string-append
-                                        json "/share/guile/site/" effective ":"
-                                        ssh "/share/guile/site/" effective ":"
-                                        gnutls "/share/guile/site/" effective)))
+                               (path   (string-join
+                                        (map (cut string-append <>
+                                                  "/share/guile/site/"
+                                                  effective)
+                                             deps)
+                                        ":"))
+                               (gopath (string-join
+                                        (map (cut string-append <>
+                                                  "/lib/guile/" effective
+                                                  "/site-ccache")
+                                             deps)
+                                        ":")))
 
                           (wrap-program (string-append out "/bin/guix")
                             `("GUILE_LOAD_PATH" ":" prefix (,path))
-                            `("GUILE_LOAD_COMPILED_PATH" ":" prefix (,path)))
+                            `("GUILE_LOAD_COMPILED_PATH" ":" prefix (,gopath)))
 
                           #t))))))
       (native-inputs `(("pkg-config" ,pkg-config)
@@ -248,9 +261,10 @@
                          (base32
                           "1giy2aprjmn5fp9c4s9r125fljw4wv6ixy5739i5bffw4jgr0f9r"))))))
       (propagated-inputs
-       `(("gnutls" ,gnutls/guile-2.2)             ;for 'guix download' & co.
+       `(("gnutls" ,gnutls)
          ("guile-json" ,guile-json)
-         ("guile-ssh" ,guile-ssh)))
+         ("guile-ssh" ,guile-ssh)
+         ("guile-git" ,guile-git)))
 
       (home-page "https://www.gnu.org/software/guix/")
       (synopsis "Functional package manager for installed software packages and versions")
@@ -274,9 +288,10 @@ the Nix package manager.")
      `(("guile" ,guile-2.0)
        ,@(alist-delete "guile" (package-inputs guix))))
     (propagated-inputs
-     `(("gnutls" ,gnutls)
+     `(("gnutls" ,gnutls/guile-2.0)
        ("guile-json" ,guile2.0-json)
-       ("guile-ssh" ,guile2.0-ssh)))))
+       ("guile-ssh" ,guile2.0-ssh)
+       ("guile-git" ,guile2.0-git)))))
 
 (define (source-file? file stat)
   "Return true if FILE is likely a source file, false if it is a typical
@@ -396,15 +411,15 @@ symlinks to the files in a common directory such as /usr/local.")
 (define-public rpm
   (package
     (name "rpm")
-    (version "4.12.0.1")
+    (version "4.13.0.1")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://rpm.org/releases/rpm-4.12.x/rpm-"
+              (uri (string-append "http://ftp.rpm.org/releases/rpm-"
+                                  (version-major+minor version) ".x/rpm-"
                                   version ".tar.bz2"))
               (sha256
                (base32
-                "0a82ym8phx7g0f3k6smvxnvzh7yv857l42xafk49689kzhld5pbp"))
-              (patches (search-patches "rpm-CVE-2014-8118.patch"))))
+                "03cvbwbfrhm0fa02j7828k1qp05hf2m0fradwcf2nqhrsjkppz17"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--with-external-db"   ;use the system's bdb
@@ -508,7 +523,7 @@ transactions from C or Python.")
               ;; Below are modules used for tests.
               ("python-pytest" ,python-pytest)
               ("python-chardet" ,python-chardet)))
-    (home-page "http://diffoscope.org/")
+    (home-page "https://diffoscope.org/")
     (synopsis "Compare files, archives, and directories in depth")
     (description
      "Diffoscope tries to get to the bottom of what makes files or directories
@@ -516,3 +531,188 @@ different.  It recursively unpacks archives of many kinds and transforms
 various binary formats into more human readable forms to compare them.  It can
 compare two tarballs, ISO images, or PDFs just as easily.")
     (license gpl3+)))
+
+(define-public python-anaconda-client
+  (package
+    (name "python-anaconda-client")
+    (version "1.6.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/Anaconda-Platform/"
+                           "anaconda-client/archive/" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1wv4wi6k5jz7rlwfgvgfdizv77x3cr1wa2aj0k1595g7fbhkjhz2"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-pyyaml" ,python-pyyaml)
+       ("python-requests" ,python-requests)
+       ("python-clyent" ,python-clyent)))
+    (native-inputs
+     `(("python-pytz" ,python-pytz)
+       ("python-dateutil" ,python-dateutil)
+       ("python-mock" ,python-mock)
+       ("python-coverage" ,python-coverage)
+       ("python-pillow" ,python-pillow)))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         ;; This is needed for some tests.
+         (add-before 'check 'set-up-home
+           (lambda* _ (setenv "HOME" "/tmp") #t))
+         (add-before 'check 'remove-network-tests
+           (lambda* _
+             ;; Remove tests requiring a network connection
+             (let ((network-tests '("tests/test_upload.py"
+                                    "tests/test_authorizations.py"
+                                    "tests/test_login.py"
+                                    "tests/test_whoami.py"
+                                    "utils/notebook/tests/test_data_uri.py"
+                                    "utils/notebook/tests/test_base.py"
+                                    "utils/notebook/tests/test_downloader.py"
+                                    "inspect_package/tests/test_conda.py")))
+               (with-directory-excursion "binstar_client"
+                 (for-each delete-file network-tests)))
+             #t)))))
+    (home-page "https://github.com/Anaconda-Platform/anaconda-client")
+    (synopsis "Anaconda Cloud command line client library")
+    (description
+     "Anaconda Cloud command line client library provides an interface to
+Anaconda Cloud.  Anaconda Cloud is useful for sharing packages, notebooks and
+environments.")
+    (license bsd-3)))
+
+(define-public python2-anaconda-client
+  (package-with-python2 python-anaconda-client))
+
+(define-public python-conda
+  (package
+    (name "python-conda")
+    (version "4.3.16")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/conda/conda/archive/"
+                           version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1jq8hyrc5npb5sf4vw6s6by4602yj8f79vzpbwdfgpkn02nfk1dv"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'create-version-file
+           (lambda _
+             (with-output-to-file "conda/.version"
+               (lambda () (display ,version)))
+             #t))
+         (add-before 'check 'remove-failing-tests
+           (lambda _
+             ;; These tests require internet/network access
+             (let ((network-tests '("test_cli.py"
+                                    "test_create.py"
+                                    "test_export.py"
+                                    "test_fetch.py"
+                                    "test_history.py"
+                                    "test_info.py"
+                                    "test_install.py"
+                                    "test_priority.py"
+                                    "conda_env/test_cli.py"
+                                    "conda_env/test_create.py"
+                                    "conda_env/specs/test_notebook.py"
+                                    "conda_env/utils/test_notebooks.py"
+                                    "core/test_index.py"
+                                    "core/test_repodata.py")))
+               (with-directory-excursion "tests"
+                 (for-each delete-file network-tests)
+
+                 ;; FIXME: This test creates a file, then deletes it and tests
+                 ;; that the file was deleted.  For some reason it fails when
+                 ;; building with guix, but does not when you run it in the
+                 ;; directory left when you build with the --keep-failed
+                 ;; option
+                 (delete-file "gateways/disk/test_delete.py")
+                 #t))))
+         (replace 'check
+           (lambda _
+             (setenv "HOME" "/tmp")
+             (zero? (system* "py.test")))))))
+    (native-inputs
+     `(("python-ruamel.yaml" ,python-ruamel.yaml)
+       ("python-requests" ,python-requests)
+       ("python-pycosat" ,python-pycosat)
+       ("python-pytest" ,python-pytest)
+       ("python-responses" ,python-responses)
+       ("python-pyyaml" ,python-pyyaml)
+       ("python-anaconda-client" ,python-anaconda-client)))
+    (home-page "https://github.com/conda/conda")
+    (synopsis "Cross-platform, OS-agnostic, system-level binary package manager")
+    (description
+     "Conda is a cross-platform, Python-agnostic binary package manager.  It
+is the package manager used by Anaconda installations, but it may be used for
+other systems as well.  Conda makes environments first-class citizens, making
+it easy to create independent environments even for C libraries.  Conda is
+written entirely in Python.
+
+This package provides Conda as a library.")
+    (license bsd-3)))
+
+(define-public python2-conda
+  (let ((base (package-with-python2
+               (strip-python2-variant python-conda))))
+    (package (inherit base)
+             (native-inputs
+              `(("python2-enum34" ,python2-enum34)
+                ,@(package-native-inputs base))))))
+
+(define-public conda
+  (package (inherit python-conda)
+    (name "conda")
+    (arguments
+     (substitute-keyword-arguments (package-arguments python-conda)
+       ((#:phases phases)
+        `(modify-phases ,phases
+           (replace 'build
+             (lambda* (#:key outputs #:allow-other-keys)
+               ;; This test fails when run before installation.
+               (delete-file "tests/test_activate.py")
+
+               ;; Fix broken defaults
+               (substitute* "conda/base/context.py"
+                 (("return sys.prefix")
+                  (string-append "return \"" (assoc-ref outputs "out") "\""))
+                 (("return (prefix_is_writable\\(self.root_prefix\\))" _ match)
+                  (string-append "return False if self.root_prefix == self.conda_prefix else "
+                                 match)))
+
+               ;; The util/setup-testing.py is used to build conda in
+               ;; application form, rather than the default, library form.
+               ;; With this, we are able to run commands like `conda --help`
+               ;; directly on the command line
+               (zero? (system* "python" "utils/setup-testing.py" "build_py"))))
+           (replace 'install
+             (lambda* (#:key inputs outputs #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out"))
+                      (target (string-append out "/lib/python"
+                                             ((@@ (guix build python-build-system)
+                                                  get-python-version)
+                                              (assoc-ref inputs "python"))
+                                             "/site-packages/")))
+                 ;; The installer aborts if the target directory is not on
+                 ;; PYTHONPATH.
+                 (setenv "PYTHONPATH"
+                         (string-append target ":" (getenv "PYTHONPATH")))
+
+                 ;; And it aborts if the directory doesn't exist.
+                 (mkdir-p target)
+                 (zero? (system* "python" "utils/setup-testing.py" "install"
+                                 (string-append "--prefix=" out))))))))))
+    (description
+     "Conda is a cross-platform, Python-agnostic binary package manager.  It
+is the package manager used by Anaconda installations, but it may be used for
+other systems as well.  Conda makes environments first-class citizens, making
+it easy to create independent environments even for C libraries.  Conda is
+written entirely in Python.")))
diff --git a/gnu/packages/parallel.scm b/gnu/packages/parallel.scm
index 37126040af..db04a5704e 100644
--- a/gnu/packages/parallel.scm
+++ b/gnu/packages/parallel.scm
@@ -45,7 +45,7 @@
 (define-public parallel
   (package
     (name "parallel")
-    (version "20170522")
+    (version "20170822")
     (source
      (origin
       (method url-fetch)
@@ -53,7 +53,7 @@
                           version ".tar.bz2"))
       (sha256
        (base32
-        "1k5wlcc0dr2fxna0vi48s0l6pvbyl4pbclbih4103f1155im23ca"))))
+        "0j4i0dfbk1i37mcdl7l5ynsldp8biqnbm32sm0cl26by0nivyjc9"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm
index 08591d1086..bde1ea8544 100644
--- a/gnu/packages/password-utils.scm
+++ b/gnu/packages/password-utils.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Steve Sprang <scs@stevesprang.com>
-;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2015 Aljosha Papsch <misc@rpapsch.de>
 ;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
 ;;; Copyright © 2016 Jessica Tallon <tsyesika@tsyesika.se>
@@ -75,6 +75,39 @@
 human.")
     (license license:gpl2)))
 
+(define-public keepassxc
+  (package
+    (name "keepassxc")
+    (version "2.2.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/keepassxreboot/" name
+                           "/releases/download/" version "/keepassxc-"
+                           version "-src.tar.xz"))
+       (sha256
+        (base32
+         "0nby6aq6w8g7c9slzahf7i34sbj8majf8rhmqqww87v6kaypxi3i"))))
+    (build-system cmake-build-system)
+    (inputs
+     `(("libgcrypt" ,libgcrypt)
+       ("libxi" ,libxi)
+       ("libxtst" ,libxtst)
+       ("qtbase" ,qtbase)
+       ("qtx11extras" ,qtx11extras)
+       ("zlib" ,zlib)))
+    (native-inputs
+     `(("qttools" ,qttools)))
+    (home-page "https://www.keepassxc.org")
+    (synopsis "Password manager")
+    (description "KeePassXC is a password manager or safe which helps you to
+manage your passwords in a secure way.  You can put all your passwords in one
+database, which is locked with one master key or a key-file which can be stored
+on an external storage device.  The databases are encrypted using the
+algorithms AES or Twofish.")
+    ;; Non functional parts use various licences.
+    (license license:gpl3)))
+
 (define-public keepassx
   (package
     (name "keepassx")
@@ -103,7 +136,8 @@ database, which is locked with one master key or a key-file which can be stored
 on an external storage device.  The databases are encrypted using the
 algorithms AES or Twofish.")
     ;; Non functional parts use various licences.
-    (license license:gpl3)))
+    (license license:gpl3)
+    (properties `((superseded . ,keepassxc)))))
 
 (define-public shroud
   (package
diff --git a/gnu/packages/patches/ath9k-htc-firmware-binutils.patch b/gnu/packages/patches/ath9k-htc-firmware-binutils.patch
index aa253e135f..7bb5d77dba 100644
--- a/gnu/packages/patches/ath9k-htc-firmware-binutils.patch
+++ b/gnu/packages/patches/ath9k-htc-firmware-binutils.patch
@@ -5,9 +5,6 @@ Not applying the first patch (apparently) leads to miscompiled firmware,
 and loading it fails with a "Target is unresponsive" message from the
 'ath9k_htc' module.
 
-The final hunk, applied to 'gas/config/tc-xtensa.c', is copied from the
-upstream file 'local/patches/binutils-2.27_fixup.patch'.
-
 From dbca73446265ce01b8e11462c3346b25953e3399 Mon Sep 17 00:00:00 2001
 From: Sujith Manoharan <c_manoha@qca.qualcomm.com>
 Date: Mon, 7 Jan 2013 15:59:53 +0530
@@ -28969,20 +28966,3 @@ index 30f4f41..fe9b051 100644
  #define XCHAL_MAX_INSTRUCTION_SIZE	3
 -- 
 1.8.1
-
-diff --git a/gas/config/tc-xtensa.c b/gas/config/tc-xtensa.c
-index d062044..ca261ae 100644
---- a/gas/config/tc-xtensa.c
-+++ b/gas/config/tc-xtensa.c
-@@ -2228,7 +2228,7 @@ xg_reverse_shift_count (char **cnt_argp)
-   cnt_arg = *cnt_argp;
- 
-   /* replace the argument with "31-(argument)" */
--  new_arg = concat ("31-(", cnt_argp, ")", (char *) NULL);
-+  new_arg = concat ("31-(", cnt_arg, ")", (char *) NULL);
- 
-   free (cnt_arg);
-   *cnt_argp = new_arg;
--- 
-2.10.1
-
diff --git a/gnu/packages/patches/bcftools-regidx-unsigned-char.patch b/gnu/packages/patches/bcftools-regidx-unsigned-char.patch
new file mode 100644
index 0000000000..af5bc160f5
--- /dev/null
+++ b/gnu/packages/patches/bcftools-regidx-unsigned-char.patch
@@ -0,0 +1,16 @@
+Description: Fix test-regidx argument parsing on archs with unsigned char
+ On architectures where char is unsigned "c >= 0" was always true.
+Author: Adrian Bunk <bunk@debian.org>
+Bug-Debian: https://bugs.debian.org/865060
+
+--- a/test/test-regidx.c
++++ b/test/test-regidx.c
+@@ -336,7 +336,7 @@
+         {"seed",1,0,'s'},
+         {0,0,0,0}
+     };
+-    char c;
++    int c;
+     int seed = (int)time(NULL);
+     while ((c = getopt_long(argc, argv, "hvs:",loptions,NULL)) >= 0) 
+     {
diff --git a/gnu/packages/patches/binutils-mips-bash-bug.patch b/gnu/packages/patches/binutils-mips-bash-bug.patch
deleted file mode 100644
index 08d3a79749..0000000000
--- a/gnu/packages/patches/binutils-mips-bash-bug.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Bash 4.2.0(1)-release, which we use during bootstrap, does not yield the
-"x" case in:
-
-  case x"$EMULATION_NAME" in x) ;; *) ;; esac
-
-when 'EMULATION_NAME' is undefined.  Bash 4.3.30(1)-release doesn't have this
-problem.  Work around it.
-
-This Bash bug was fixed
-in <http://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-007>.
-
---- a/ld/emulparams/elf32bmipn32-defs.sh
-+++ b/ld/emulparams/elf32bmipn32-defs.sh
-@@ -13,7 +13,7 @@ LITTLE_OUTPUT_FORMAT="elf32-littlemips"
- TEMPLATE_NAME=elf32
- EXTRA_EM_FILE=mipself
- 
--case x"$EMULATION_NAME" in
-+case "x$EMULATION_NAME" in
- xelf32*n32*) ELFSIZE=32 ;;
- xelf64*) ELFSIZE=64 ;;
- x) ;;
diff --git a/gnu/packages/patches/catdoc-CVE-2017-11110.patch b/gnu/packages/patches/catdoc-CVE-2017-11110.patch
new file mode 100644
index 0000000000..71c44f60fb
--- /dev/null
+++ b/gnu/packages/patches/catdoc-CVE-2017-11110.patch
@@ -0,0 +1,45 @@
+Fix CVE-2017-11110:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11110
+https://bugzilla.redhat.com/show_bug.cgi?id=1468471
+https://security-tracker.debian.org/tracker/CVE-2017-11110
+
+Patch copied from openSUSE:
+
+https://build.opensuse.org/package/view_file/openSUSE:Maintenance:6985/catdoc.openSUSE_Leap_42.2_Update/CVE-2017-11110.patch?expand=1
+
+From: Andreas Stieger <astieger@suse.com>
+Date: Mon, 10 Jul 2017 15:37:58 +0000
+References: CVE-2017-11110 http://bugzilla.suse.com/show_bug.cgi?id=1047877
+
+All .doc I found had sectorSize 0x09 at offset 0x1e. Guarding it against <4.
+
+---
+ src/ole.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+Index: catdoc-0.95/src/ole.c
+===================================================================
+--- catdoc-0.95.orig/src/ole.c	2016-05-25 06:37:12.000000000 +0200
++++ catdoc-0.95/src/ole.c	2017-07-10 17:42:33.578308107 +0200
+@@ -106,6 +106,11 @@ FILE* ole_init(FILE *f, void *buffer, si
+ 		return NULL;
+ 	}
+  	sectorSize = 1<<getshort(oleBuf,0x1e);
++	/* CVE-2017-11110) */
++ 	if (sectorSize < 4) {
++		fprintf(stderr,"sectorSize < 4 not supported\n");
++		return NULL;
++	}
+ 	shortSectorSize=1<<getshort(oleBuf,0x20);
+ 
+ /* Read BBD into memory */
+@@ -147,7 +152,7 @@ FILE* ole_init(FILE *f, void *buffer, si
+ 		}
+ 
+ 		fseek(newfile, 512+mblock*sectorSize, SEEK_SET);
+-		if(fread(tmpBuf+MSAT_ORIG_SIZE+(sectorSize-4)*i,
++		if(fread(tmpBuf+MSAT_ORIG_SIZE+(sectorSize-4)*i, /* >= 4 for CVE-2017-11110 */
+ 						 1, sectorSize, newfile) != sectorSize) {
+ 			fprintf(stderr, "Error read MSAT!\n");
+ 			ole_finish();
diff --git a/gnu/packages/patches/chicken-CVE-2017-11343.patch b/gnu/packages/patches/chicken-CVE-2017-11343.patch
new file mode 100644
index 0000000000..1d46ad50d9
--- /dev/null
+++ b/gnu/packages/patches/chicken-CVE-2017-11343.patch
@@ -0,0 +1,57 @@
+Fix CVE-2017-11343:
+
+https://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11343
+
+Patch copied from upstream mailing list:
+
+http://lists.gnu.org/archive/html/chicken-hackers/2017-06/txtod8Pa1wGU0.txt
+
+From ae2633195cc5f4f61c9da4ac90f0c14c010dcc3d Mon Sep 17 00:00:00 2001
+From: Peter Bex <address@hidden>
+Date: Fri, 30 Jun 2017 15:39:45 +0200
+Subject: [PATCH 2/2] Initialize symbol table after setting up randomization
+
+Otherwise, the symbol table wouldn't be correctly randomized.
+---
+ NEWS      | 3 +++
+ runtime.c | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+#diff --git a/NEWS b/NEWS
+#index f4b0e041..6588b30e 100644
+#--- a/NEWS
+#+++ b/NEWS
+#@@ -96,6 +96,9 @@
+#     buffer overrun and/or segfault (thanks to Lemonboy).
+#   - CVE-2017-9334: `length' no longer crashes on improper lists (fixes
+#     #1375, thanks to "megane").
+#+  - The randomization factor of the symbol table was set before
+#+    the random seed was set, causing it to have a fixed value on many
+#+    platforms.
+# 
+# - Core Libraries
+#   - Unit "posix": If file-lock, file-lock/blocking or file-unlock are
+diff --git a/runtime.c b/runtime.c
+index 81c54dd2..a4580abc 100644
+--- a/runtime.c
++++ b/runtime.c
+@@ -799,7 +799,6 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel)
+   C_initial_timer_interrupt_period = INITIAL_TIMER_INTERRUPT_PERIOD;
+   C_timer_interrupt_counter = INITIAL_TIMER_INTERRUPT_PERIOD;
+   memset(signal_mapping_table, 0, sizeof(int) * NSIG);
+-  initialize_symbol_table();
+   C_dlerror = "cannot load compiled code dynamically - this is a statically linked executable";
+   error_location = C_SCHEME_FALSE;
+   C_pre_gc_hook = NULL;
+@@ -816,6 +815,7 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel)
+   callback_continuation_level = 0;
+   gc_ms = 0;
+   (void)C_randomize(C_fix(time(NULL)));
++  initialize_symbol_table();
+ 
+   if (profiling) {
+ #ifndef C_NONUNIX
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/coreutils-cut-huge-range-test.patch b/gnu/packages/patches/coreutils-cut-huge-range-test.patch
index 0be2cef2b8..e3a0ef28eb 100644
--- a/gnu/packages/patches/coreutils-cut-huge-range-test.patch
+++ b/gnu/packages/patches/coreutils-cut-huge-range-test.patch
@@ -1,22 +1,33 @@
 This patch fixes 100% reproducible test failures on arm-linux-gnueabihf in our
-the build environment chroot, as reported at <https://bugs.gnu.org/26253>.
-It is a followup to this upstream patch:
+the build environment chroot, as reported at <https://bugs.gnu.org/26253>,
+and now on x86_64-linux-gnu as well.  It is a variant of this upstream patch:
 
-   commit 28803c8a3144d5d4363cdbd148bbe067af1a67c2
-   Author: Pádraig Brady <P@draigBrady.com>
-   Date:   Fri Mar 3 00:25:54 2017 -0800
+  commit f5422009389678680dba9ff4ecb7d33632ee3383
+  Author: Ludovic Courtès <ludo@gnu.org>
+  Date:   Mon Mar 27 20:34:39 2017 -0700
 
-       tests: avoid a spurious failure on older debian
+      tests: avoid false ulimit failure on some systems
+
+      * tests/misc/cut-huge-range.sh: On some systems returns_ may
+      use more memory, so incorporate that in the determination
+      of the ulimit value to use.  Noticed on ARMv7 with bash-4.4.12,
+      and x86_64 with bash-4.2.37.
+      Fixes http://bugs.gnu.org/26253
 
 ... which appeared to be insufficient.
 
+diff --git a/tests/misc/cut-huge-range.sh b/tests/misc/cut-huge-range.sh
+index 6b3c5b6ed..55b7b640e 100755
 --- a/tests/misc/cut-huge-range.sh
 +++ b/tests/misc/cut-huge-range.sh
-@@ -22,6 +22,7 @@ getlimits_
+@@ -20,9 +20,9 @@
+ print_ver_ cut
+ getlimits_
  
- vm=$(get_min_ulimit_v_ cut -b1 /dev/null) \
+-vm=$(get_min_ulimit_v_ cut -b1 /dev/null) \
++vm=$(get_min_ulimit_v_ sh -c 'cut -b1 /dev/null') \
    || skip_ "this shell lacks ulimit support"
-+vm=$(($vm + $(getconf PAGESIZE))) # avoid spurious failures
+ vm=$(($vm + 1000)) # avoid spurious failures
  
  # sed script to subtract one from the input.
  # Each input line should consist of a positive decimal number.
diff --git a/gnu/packages/patches/coreutils-fix-cross-compilation.patch b/gnu/packages/patches/coreutils-fix-cross-compilation.patch
deleted file mode 100644
index 3f0d35c33e..0000000000
--- a/gnu/packages/patches/coreutils-fix-cross-compilation.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Coreutils fails to cross compile for other platforms because cu_install_program
-is not being evaluated properly. This patch fixes it.
-See <https://lists.gnu.org/archive/html/coreutils/2017-01/msg00039.html>
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -5023,7 +5023,7 @@ pr = progs-readme
- @CROSS_COMPILING_FALSE@cu_install_program = src/ginstall
- 
- # Use the just-built 'ginstall', when not cross-compiling.
--@CROSS_COMPILING_TRUE@cu_install_program = @INSTALL_PROGRAM@
-+@CROSS_COMPILING_TRUE@cu_install_program := @INSTALL@
- info_TEXINFOS = doc/coreutils.texi
- doc_coreutils_TEXINFOS = \
-   doc/perm.texi \
-
diff --git a/gnu/packages/patches/curl-bounds-check.patch b/gnu/packages/patches/curl-bounds-check.patch
new file mode 100644
index 0000000000..4b8ff65304
--- /dev/null
+++ b/gnu/packages/patches/curl-bounds-check.patch
@@ -0,0 +1,19 @@
+Fix test failure on some 32-bit platforms.
+
+Patch copied from upstream source repository:
+
+https://github.com/curl/curl/commit/45a560390c4356bcb81d933bbbb229c8ea2acb63
+
+diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c
+index b9dedc989e..85c5e79a7e 100644
+--- a/src/tool_paramhlp.c
++++ b/src/tool_paramhlp.c
+@@ -218,7 +218,7 @@ static ParameterError str2double(double *val, const char *str, long max)
+     num = strtod(str, &endptr);
+     if(errno == ERANGE)
+       return PARAM_NUMBER_TOO_LARGE;
+-    if((long)num > max) {
++    if(num > max) {
+       /* too large */
+       return PARAM_NUMBER_TOO_LARGE;
+     }
diff --git a/gnu/packages/patches/cvs-2017-12836.patch b/gnu/packages/patches/cvs-2017-12836.patch
new file mode 100644
index 0000000000..507ab0f7d0
--- /dev/null
+++ b/gnu/packages/patches/cvs-2017-12836.patch
@@ -0,0 +1,45 @@
+Fix CVE-2017-12836:
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12836
+https://security-tracker.debian.org/tracker/CVE-2017-12836
+
+Patch adpated from Debian (comments and changelog annotations removed):
+
+https://anonscm.debian.org/cgit/collab-maint/cvs.git/commit/?h=stretch&id=41e077396e35efb6c879951f44c62dd8a1d0f094
+
+From 41e077396e35efb6c879951f44c62dd8a1d0f094 Mon Sep 17 00:00:00 2001
+From: mirabilos <m@mirbsd.org>
+Date: Sat, 12 Aug 2017 03:17:18 +0200
+Subject: Fix CVE-2017-12836 (Closes: #871810) for stretch
+
+---
+ debian/changelog |  6 ++++++
+ src/rsh-client.c | 10 ++++++++--
+ 2 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/src/rsh-client.c b/src/rsh-client.c
+index fe0cfc4..1fc860d 100644
+--- a/src/rsh-client.c
++++ b/src/rsh-client.c
+@@ -105,6 +106,9 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p,
+ 	rsh_argv[i++] = argvport;
+     }
+ 
++    /* Only non-option arguments from here. (CVE-2017-12836) */
++    rsh_argv[i++] = "--";
++
+     rsh_argv[i++] = root->hostname;
+     rsh_argv[i++] = cvs_server;
+     if (readonlyfs)
+@@ -189,6 +193,8 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p,
+ 		*p++ = argvport;
+ 	}
+ 
++	*p++ = "--";
++
+ 	*p++ = root->hostname;
+ 	*p++ = command;
+ 	*p++ = NULL;
+-- 
+cgit v0.12
+
diff --git a/gnu/packages/patches/deja-dup-use-ref-keyword-for-iter.patch b/gnu/packages/patches/deja-dup-use-ref-keyword-for-iter.patch
new file mode 100644
index 0000000000..a03e0c5481
--- /dev/null
+++ b/gnu/packages/patches/deja-dup-use-ref-keyword-for-iter.patch
@@ -0,0 +1,41 @@
+From 5676766be5e845ccb6cdf46cfa8722497f151752 Mon Sep 17 00:00:00 2001
+From: Jeremy Bicha <jbicha@ubuntu.com>
+Date: Fri, 16 Jun 2017 15:11:37 -0400
+Subject: Use 'ref' keyword for iter, requires vala 0.36
+
+
+diff --git a/deja-dup/widgets/ConfigList.vala b/deja-dup/widgets/ConfigList.vala
+index 15de2d6..02cd81a 100644
+--- a/deja-dup/widgets/ConfigList.vala
++++ b/deja-dup/widgets/ConfigList.vala
+@@ -333,7 +333,7 @@ public class ConfigList : ConfigWidget
+ 
+     model.row_deleted.disconnect(write_to_config);
+     foreach (Gtk.TreeIter iter in iters) {
+-      (model as Gtk.ListStore).remove(iter);
++      (model as Gtk.ListStore).remove(ref iter);
+     }
+     model.row_deleted.connect(write_to_config);
+ 
+diff --git a/deja-dup/widgets/ConfigLocation.vala b/deja-dup/widgets/ConfigLocation.vala
+index 869e2a8..d21c556 100644
+--- a/deja-dup/widgets/ConfigLocation.vala
++++ b/deja-dup/widgets/ConfigLocation.vala
+@@ -397,12 +397,12 @@ public class ConfigLocation : ConfigWidget
+     if (uuid == saved_uuid)
+       return;
+ 
+-    store.remove(iter);
++    store.remove(ref iter);
+ 
+     if (--num_volumes == 0) {
+       Gtk.TreeIter sep_iter;
+       if (store.get_iter_from_string(out sep_iter, index_vol_sep.to_string())) {
+-        store.remove(sep_iter);
++        store.remove(ref sep_iter);
+         index_vol_sep = -2;
+       }
+     }
+-- 
+cgit v0.10.2
+
diff --git a/gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch b/gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch
new file mode 100644
index 0000000000..e7a96a2ac0
--- /dev/null
+++ b/gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch
@@ -0,0 +1,46 @@
+Fix a test failure on 32-bit platforms.
+
+Patch copied from upstream source repository:
+
+https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=9e31a5696c4b699bf000a07b86601c1fb91c0493
+
+diff --git a/lib/support/mkquota.c b/lib/support/mkquota.c
+index 00f3a40..931a839 100644
+--- a/lib/support/mkquota.c
++++ b/lib/support/mkquota.c
+@@ -50,11 +50,13 @@ static void print_dquot(const char *desc, struct dquot *dq)
+ {
+ 	if (desc)
+ 		fprintf(stderr, "%s: ", desc);
+-	fprintf(stderr, "%u %ld:%ld:%ld %ld:%ld:%ld\n",
+-		dq->dq_id, dq->dq_dqb.dqb_curspace,
+-		dq->dq_dqb.dqb_bsoftlimit, dq->dq_dqb.dqb_bhardlimit,
+-		dq->dq_dqb.dqb_curinodes,
+-		dq->dq_dqb.dqb_isoftlimit, dq->dq_dqb.dqb_ihardlimit);
++	fprintf(stderr, "%u %lld:%lld:%lld %lld:%lld:%lld\n",
++		dq->dq_id, (long long) dq->dq_dqb.dqb_curspace,
++		(long long) dq->dq_dqb.dqb_bsoftlimit,
++		(long long) dq->dq_dqb.dqb_bhardlimit,
++		(long long) dq->dq_dqb.dqb_curinodes,
++		(long long) dq->dq_dqb.dqb_isoftlimit,
++		(long long) dq->dq_dqb.dqb_ihardlimit);
+ }
+ #else
+ static void print_dquot(const char *desc EXT2FS_ATTR((unused)),
+@@ -524,11 +526,11 @@ static int scan_dquots_callback(struct dquot *dquot, void *cb_data)
+ 	    dq->dq_dqb.dqb_curinodes != dquot->dq_dqb.dqb_curinodes) {
+ 		scan_data->usage_is_inconsistent = 1;
+ 		fprintf(stderr, "[QUOTA WARNING] Usage inconsistent for ID %u:"
+-			"actual (%ld, %ld) != expected (%ld, %ld)\n",
+-			dq->dq_id, dq->dq_dqb.dqb_curspace,
+-			dq->dq_dqb.dqb_curinodes,
+-			dquot->dq_dqb.dqb_curspace,
+-			dquot->dq_dqb.dqb_curinodes);
++			"actual (%lld, %lld) != expected (%lld, %lld)\n",
++			dq->dq_id, (long long) dq->dq_dqb.dqb_curspace,
++			(long long) dq->dq_dqb.dqb_curinodes,
++			(long long) dquot->dq_dqb.dqb_curspace,
++			(long long) dquot->dq_dqb.dqb_curinodes);
+ 	}
+ 
+ 	if (scan_data->update_limits) {
diff --git a/gnu/packages/patches/erlang-man-path.patch b/gnu/packages/patches/erlang-man-path.patch
new file mode 100644
index 0000000000..68fc9f45b4
--- /dev/null
+++ b/gnu/packages/patches/erlang-man-path.patch
@@ -0,0 +1,24 @@
+Patch originally from https://sources.debian.net/patches/erlang/1:20.0.1%2Bdfsg-2/man.patch/
+by Francois-Denis Gonthier <neumann@lostwebsite.net>.
+
+Patch description rewritten for Guix.
+
+This patch allows access to the man page with the 'erl -man' command
+(Erlang manual pages are placed to /gnu/store/..erlang../share/man/ hierarchy
+as other man pages.)
+
+--- a/erts/etc/common/erlexec.c
++++ b/erts/etc/common/erlexec.c
+@@ -709,8 +709,10 @@
+ 			error("-man not supported on Windows");
+ #else
+ 			argv[i] = "man";
+-			erts_snprintf(tmpStr, sizeof(tmpStr), "%s/man", rootdir);
+-			set_env("MANPATH", tmpStr);
++			/*
++			* Conform to erlang-manpages content.
++			*/
++			putenv(strsave("MANSECT=1:3:5:7"));
+ 			execvp("man", argv+i);
+ 			error("Could not execute the 'man' command.");
+ #endif
diff --git a/gnu/packages/patches/eudev-conflicting-declaration.patch b/gnu/packages/patches/eudev-conflicting-declaration.patch
deleted file mode 100644
index f5399e20d3..0000000000
--- a/gnu/packages/patches/eudev-conflicting-declaration.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-Fix build failure due to conflicting declaration of
-keyboard_lookup_key() in gperf-3.1:
-
-https://bugs.gentoo.org/show_bug.cgi?id=604864
-
-Patch copied from upstream source repository:
-
-https://github.com/gentoo/eudev/commit/5bab4d8de0dcbb8e2e7d4d5125b4aea1652a0d60
-
-From 5bab4d8de0dcbb8e2e7d4d5125b4aea1652a0d60 Mon Sep 17 00:00:00 2001
-From: "Anthony G. Basile" <blueness@gentoo.org>
-Date: Thu, 5 Jan 2017 16:21:17 -0500
-Subject: [PATCH] src/udev/udev-builtin-keyboard.c: fix build with gperf 3.1
-
-Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
----
- src/udev/udev-builtin-keyboard.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/src/udev/udev-builtin-keyboard.c b/src/udev/udev-builtin-keyboard.c
-index 73171c3..fad3520 100644
---- a/src/udev/udev-builtin-keyboard.c
-+++ b/src/udev/udev-builtin-keyboard.c
-@@ -28,7 +28,6 @@
- 
- #include "udev.h"
- 
--static const struct key *keyboard_lookup_key(const char *str, unsigned len);
- #include "keyboard-keys-from-name.h"
- #include "keyboard-keys-to-name.h"
- 
diff --git a/gnu/packages/patches/evince-CVE-2017-1000083.patch b/gnu/packages/patches/evince-CVE-2017-1000083.patch
deleted file mode 100644
index 2ca062f337..0000000000
--- a/gnu/packages/patches/evince-CVE-2017-1000083.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-Fix CVE-2017-1000083.
-
-http://seclists.org/oss-sec/2017/q3/128
-https://bugzilla.gnome.org/show_bug.cgi?id=784630
-
-Patch copied from upstream source repository:
-
-https://git.gnome.org/browse/evince/commit/?id=717df38fd8509bf883b70d680c9b1b3cf36732ee
-
-From 717df38fd8509bf883b70d680c9b1b3cf36732ee Mon Sep 17 00:00:00 2001
-From: Bastien Nocera <hadess@hadess.net>
-Date: Thu, 6 Jul 2017 20:02:00 +0200
-Subject: comics: Remove support for tar and tar-like commands
-
-diff --git a/backend/comics/comics-document.c b/backend/comics/comics-document.c
-index 4c74731..641d785 100644
---- a/backend/comics/comics-document.c
-+++ b/backend/comics/comics-document.c
-@@ -56,8 +56,7 @@ typedef enum
- 	RARLABS,
- 	GNAUNRAR,
- 	UNZIP,
--	P7ZIP,
--	TAR
-+	P7ZIP
- } ComicBookDecompressType;
- 
- typedef struct _ComicsDocumentClass ComicsDocumentClass;
-@@ -117,9 +116,6 @@ static const ComicBookDecompressCommand command_usage_def[] = {
- 
-         /* 7zip */
- 	{NULL               , "%s l -- %s"     , "%s x -y %s -o%s", FALSE, OFFSET_7Z},
--
--        /* tar */
--	{"%s -xOf"          , "%s -tf %s"      , NULL             , FALSE, NO_OFFSET}
- };
- 
- static GSList*    get_supported_image_extensions (void);
-@@ -364,13 +360,6 @@ comics_check_decompress_command	(gchar          *mime_type,
- 			comics_document->command_usage = GNAUNRAR;
- 			return TRUE;
- 		}
--		comics_document->selected_command =
--				g_find_program_in_path ("bsdtar");
--		if (comics_document->selected_command) {
--			comics_document->command_usage = TAR;
--			return TRUE;
--		}
--
- 	} else if (g_content_type_is_a (mime_type, "application/x-cbz") ||
- 		   g_content_type_is_a (mime_type, "application/zip")) {
- 		/* InfoZIP's unzip program */
-@@ -396,12 +385,6 @@ comics_check_decompress_command	(gchar          *mime_type,
- 			comics_document->command_usage = P7ZIP;
- 			return TRUE;
- 		}
--		comics_document->selected_command =
--				g_find_program_in_path ("bsdtar");
--		if (comics_document->selected_command) {
--			comics_document->command_usage = TAR;
--			return TRUE;
--		}
- 
- 	} else if (g_content_type_is_a (mime_type, "application/x-cb7") ||
- 		   g_content_type_is_a (mime_type, "application/x-7z-compressed")) {
-@@ -425,27 +408,6 @@ comics_check_decompress_command	(gchar          *mime_type,
- 			comics_document->command_usage = P7ZIP;
- 			return TRUE;
- 		}
--		comics_document->selected_command =
--				g_find_program_in_path ("bsdtar");
--		if (comics_document->selected_command) {
--			comics_document->command_usage = TAR;
--			return TRUE;
--		}
--	} else if (g_content_type_is_a (mime_type, "application/x-cbt") ||
--		   g_content_type_is_a (mime_type, "application/x-tar")) {
--		/* tar utility (Tape ARchive) */
--		comics_document->selected_command =
--				g_find_program_in_path ("tar");
--		if (comics_document->selected_command) {
--			comics_document->command_usage = TAR;
--			return TRUE;
--		}
--		comics_document->selected_command =
--				g_find_program_in_path ("bsdtar");
--		if (comics_document->selected_command) {
--			comics_document->command_usage = TAR;
--			return TRUE;
--		}
- 	} else {
- 		g_set_error (error,
- 			     EV_DOCUMENT_ERROR,
-diff --git a/configure.ac b/configure.ac
-index 9e9f831..7eb0f1f 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -795,7 +795,7 @@ AC_SUBST(TIFF_MIME_TYPES)
- AC_SUBST(APPDATA_TIFF_MIME_TYPES)
- AM_SUBST_NOTMAKE(APPDATA_TIFF_MIME_TYPES)
- if test "x$enable_comics" = "xyes"; then
--        COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-cbt;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;application/x-ext-cbt"
-+        COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;"
-         APPDATA_COMICS_MIME_TYPES=$(echo "<mimetype>$COMICS_MIME_TYPES</mimetype>" | sed -e 's/;/<\/mimetype>\n    <mimetype>/g')
-         if test -z "$EVINCE_MIME_TYPES"; then
-            EVINCE_MIME_TYPES="${COMICS_MIME_TYPES}"
--- 
-cgit v0.12
-
diff --git a/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch b/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch
deleted file mode 100644
index b489401fea..0000000000
--- a/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Fix regression caused by fix for CVE-2016-0718 when building with -DXML_UNICODE.
-
-Discussion:
-
-https://sourceforge.net/p/expat/bugs/539/
-
-Patch copied from upstream source repository:
-
-https://sourceforge.net/p/expat/code_git/ci/af507cef2c93cb8d40062a0abe43a4f4e9158fb2/
-
-From af507cef2c93cb8d40062a0abe43a4f4e9158fb2 Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Sun, 17 Jul 2016 20:22:29 +0200
-Subject: [PATCH 1/2] Fix regression bug #539 (needs -DXML_UNICODE)
-
-Thanks to Andy Wang and Karl Waclawek!
----
- expat/lib/xmlparse.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
-index b308e67..0d5dd7b 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -2468,7 +2468,7 @@ doContent(XML_Parser parser,
-                        &fromPtr, rawNameEnd,
-                        (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1);
-             convLen = (int)(toPtr - (XML_Char *)tag->buf);
--            if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
-+            if ((fromPtr >= rawNameEnd) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
-               tag->name.strLen = convLen;
-               break;
-             }
--- 
-2.10.0
diff --git a/gnu/packages/patches/fabric-tests.patch b/gnu/packages/patches/fabric-tests.patch
deleted file mode 100644
index 4a0ca9f8f1..0000000000
--- a/gnu/packages/patches/fabric-tests.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-The `fab` excecutable doesn't exist during the test phase as it is created
-dynamically during installation. Refer to the equivalent Python module
-directly.
-
---- a/tests/test_utils.py
-+++ b/tests/test_utils.py
-@@ -93,7 +93,7 @@
-     # perform when they are allowed to bubble all the way to the top. So, we
-     # invoke a subprocess and look at its stderr instead.
-     with quiet():
--        result = local("fab -f tests/support/aborts.py kaboom", capture=True)
-+        result = local("python -m fabric -f tests/support/aborts.py kaboom", capture=True)
-     # When error in #1318 is present, this has an extra "It burns!" at end of
-     # stderr string.
-     eq_(result.stderr, "Fatal error: It burns!\n\nAborting.")
\ No newline at end of file
diff --git a/gnu/packages/patches/findutils-gnulib-multi-core.patch b/gnu/packages/patches/findutils-gnulib-multi-core.patch
new file mode 100644
index 0000000000..5a37f4f1f9
--- /dev/null
+++ b/gnu/packages/patches/findutils-gnulib-multi-core.patch
@@ -0,0 +1,294 @@
+This patch fixes performance problems on multi-core machines
+as reported at <https://bugs.gnu.org/26441>.
+
+See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib
+by Bruno Haible <bruno@clisp.org>.
+
+diff --git a/tests/test-lock.c b/tests/test-lock.c
+index a992f64..fb18dee 100644
+--- a/tests/test-lock.c
++++ b/tests/test-lock.c
+@@ -1,5 +1,5 @@
+ /* Test of locking in multithreaded situations.
+-   Copyright (C) 2005, 2008-2015 Free Software Foundation, Inc.
++   Copyright (C) 2005, 2008-2017 Free Software Foundation, Inc.
+ 
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+@@ -50,6 +50,28 @@
+    Uncomment this to see if the operating system has a fair scheduler.  */
+ #define EXPLICIT_YIELD 1
+ 
++/* Whether to use 'volatile' on some variables that communicate information
++   between threads.  If set to 0, a semaphore or a lock is used to protect
++   these variables.  If set to 1, 'volatile' is used; this is theoretically
++   equivalent but can lead to much slower execution (e.g. 30x slower total
++   run time on a 40-core machine), because 'volatile' does not imply any
++   synchronization/communication between different CPUs.  */
++#define USE_VOLATILE 0
++
++#if USE_POSIX_THREADS && HAVE_SEMAPHORE_H
++/* Whether to use a semaphore to communicate information between threads.
++   If set to 0, a lock is used. If set to 1, a semaphore is used.
++   Uncomment this to reduce the dependencies of this test.  */
++# define USE_SEMAPHORE 1
++/* Mac OS X provides only named semaphores (sem_open); its facility for
++   unnamed semaphores (sem_init) does not work.  */
++# if defined __APPLE__ && defined __MACH__
++#  define USE_NAMED_SEMAPHORE 1
++# else
++#  define USE_UNNAMED_SEMAPHORE 1
++# endif
++#endif
++
+ /* Whether to print debugging messages.  */
+ #define ENABLE_DEBUGGING 0
+ 
+@@ -90,6 +112,12 @@
+ 
+ #include "glthread/thread.h"
+ #include "glthread/yield.h"
++#if USE_SEMAPHORE
++# include <errno.h>
++# include <fcntl.h>
++# include <semaphore.h>
++# include <unistd.h>
++#endif
+ 
+ #if ENABLE_DEBUGGING
+ # define dbgprintf printf
+@@ -103,6 +131,132 @@
+ # define yield()
+ #endif
+ 
++#if USE_VOLATILE
++struct atomic_int {
++  volatile int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  return ai->value;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  ai->value = new_value;
++}
++#elif USE_SEMAPHORE
++/* This atomic_int implementation can only support the values 0 and 1.
++   It is initially 0 and can be set to 1 only once.  */
++# if USE_UNNAMED_SEMAPHORE
++struct atomic_int {
++  sem_t semaphore;
++};
++#define atomic_int_semaphore(ai) (&(ai)->semaphore)
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++  sem_init (&ai->semaphore, 0, 0);
++}
++# endif
++# if USE_NAMED_SEMAPHORE
++struct atomic_int {
++  sem_t *semaphore;
++};
++#define atomic_int_semaphore(ai) ((ai)->semaphore)
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++  sem_t *s;
++  unsigned int count;
++  for (count = 0; ; count++)
++    {
++      char name[80];
++      /* Use getpid() in the name, so that different processes running at the
++         same time will not interfere.  Use ai in the name, so that different
++         atomic_int in the same process will not interfere.  Use a count in
++         the name, so that even in the (unlikely) case that a semaphore with
++         the specified name already exists, we can try a different name.  */
++      sprintf (name, "test-lock-%lu-%p-%u",
++               (unsigned long) getpid (), ai, count);
++      s = sem_open (name, O_CREAT | O_EXCL, 0600, 0);
++      if (s == SEM_FAILED)
++        {
++          if (errno == EEXIST)
++            /* Retry with a different name.  */
++            continue;
++          else
++            {
++              perror ("sem_open failed");
++              abort ();
++            }
++        }
++      else
++        {
++          /* Try not to leave a semaphore hanging around on the file system
++             eternally, if we can avoid it.  */
++          sem_unlink (name);
++          break;
++        }
++    }
++  ai->semaphore = s;
++}
++# endif
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  if (sem_trywait (atomic_int_semaphore (ai)) == 0)
++    {
++      if (sem_post (atomic_int_semaphore (ai)))
++        abort ();
++      return 1;
++    }
++  else if (errno == EAGAIN)
++    return 0;
++  else
++    abort ();
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  if (new_value == 0)
++    /* It's already initialized with 0.  */
++    return;
++  /* To set the value 1: */
++  if (sem_post (atomic_int_semaphore (ai)))
++    abort ();
++}
++#else
++struct atomic_int {
++  gl_lock_define (, lock)
++  int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++  gl_lock_init (ai->lock);
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  gl_lock_lock (ai->lock);
++  int ret = ai->value;
++  gl_lock_unlock (ai->lock);
++  return ret;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  gl_lock_lock (ai->lock);
++  ai->value = new_value;
++  gl_lock_unlock (ai->lock);
++}
++#endif
++
+ #define ACCOUNT_COUNT 4
+ 
+ static int account[ACCOUNT_COUNT];
+@@ -170,12 +324,12 @@ lock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int lock_checker_done;
++static struct atomic_int lock_checker_done;
+ 
+ static void *
+ lock_checker_thread (void *arg)
+ {
+-  while (!lock_checker_done)
++  while (get_atomic_int_value (&lock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_lock_lock (my_lock);
+@@ -200,7 +354,8 @@ test_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  lock_checker_done = 0;
++  init_atomic_int (&lock_checker_done);
++  set_atomic_int_value (&lock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (lock_checker_thread, NULL);
+@@ -210,7 +365,7 @@ test_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  lock_checker_done = 1;
++  set_atomic_int_value (&lock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
+@@ -254,12 +409,12 @@ rwlock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int rwlock_checker_done;
++static struct atomic_int rwlock_checker_done;
+ 
+ static void *
+ rwlock_checker_thread (void *arg)
+ {
+-  while (!rwlock_checker_done)
++  while (get_atomic_int_value (&rwlock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ());
+       gl_rwlock_rdlock (my_rwlock);
+@@ -284,7 +439,8 @@ test_rwlock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  rwlock_checker_done = 0;
++  init_atomic_int (&rwlock_checker_done);
++  set_atomic_int_value (&rwlock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+@@ -295,7 +451,7 @@ test_rwlock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  rwlock_checker_done = 1;
++  set_atomic_int_value (&rwlock_checker_done, 1);
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (checkerthreads[i], NULL);
+   check_accounts ();
+@@ -356,12 +512,12 @@ reclock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int reclock_checker_done;
++static struct atomic_int reclock_checker_done;
+ 
+ static void *
+ reclock_checker_thread (void *arg)
+ {
+-  while (!reclock_checker_done)
++  while (get_atomic_int_value (&reclock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_recursive_lock_lock (my_reclock);
+@@ -386,7 +542,8 @@ test_recursive_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  reclock_checker_done = 0;
++  init_atomic_int (&reclock_checker_done);
++  set_atomic_int_value (&reclock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (reclock_checker_thread, NULL);
+@@ -396,7 +553,7 @@ test_recursive_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  reclock_checker_done = 1;
++  set_atomic_int_value (&reclock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
diff --git a/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch b/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch
deleted file mode 100644
index 8ebe33bc6c..0000000000
--- a/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-The first patch is copied from the upstream source repository:
-
-https://cgit.freedesktop.org/fontconfig/commit/?id=1ab5258f7c2abfafcd63a760ca08bf93591912da
-
-The second patch is adapted from a message to from the OpenEmbedded mailing list:
-
-http://lists.openembedded.org/pipermail/openembedded-core/2016-December/130213.html
-
-From 1ab5258f7c2abfafcd63a760ca08bf93591912da Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 14 Dec 2016 16:11:05 -0800
-Subject: Avoid conflicts with integer width macros from TS 18661-1:2014
-
-glibc 2.25+ has now defined these macros in <limits.h>
-https://sourceware.org/git/?p=glibc.git;a=commit;h=5b17fd0da62bf923cb61d1bb7b08cf2e1f1f9c1a
-
-Create an alias for FC_CHAR_WIDTH for ABI compatibility
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-diff --git a/fontconfig/fontconfig.h b/fontconfig/fontconfig.h
-index 5c72b22..070a557 100644
---- a/fontconfig/fontconfig.h
-+++ b/fontconfig/fontconfig.h
-@@ -128,7 +128,8 @@ typedef int		FcBool;
- #define FC_USER_CACHE_FILE	    ".fonts.cache-" FC_CACHE_VERSION
- 
- /* Adjust outline rasterizer */
--#define FC_CHAR_WIDTH	    "charwidth"	/* Int */
-+#define FC_CHARWIDTH	    "charwidth"	/* Int */
-+#define FC_CHAR_WIDTH	    FC_CHARWIDTH
- #define FC_CHAR_HEIGHT	    "charheight"/* Int */
- #define FC_MATRIX	    "matrix"    /* FcMatrix */
- 
-diff --git a/src/fcobjs.h b/src/fcobjs.h
-index 1fc4f65..d27864b 100644
---- a/src/fcobjs.h
-+++ b/src/fcobjs.h
-@@ -51,7 +51,7 @@ FC_OBJECT (DPI,			FcTypeDouble,	NULL)
- FC_OBJECT (RGBA,		FcTypeInteger,	NULL)
- FC_OBJECT (SCALE,		FcTypeDouble,	NULL)
- FC_OBJECT (MINSPACE,		FcTypeBool,	NULL)
--FC_OBJECT (CHAR_WIDTH,		FcTypeInteger,	NULL)
-+FC_OBJECT (CHARWIDTH,		FcTypeInteger,	NULL)
- FC_OBJECT (CHAR_HEIGHT,		FcTypeInteger,	NULL)
- FC_OBJECT (MATRIX,		FcTypeMatrix,	NULL)
- FC_OBJECT (CHARSET,		FcTypeCharSet,	FcCompareCharSet)
--- 
-cgit v0.10.2
-
-From 20cddc824c6501c2082cac41b162c34cd5fcc530 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem at gmail.com>
-Date: Sun, 11 Dec 2016 14:32:00 -0800
-Subject: [PATCH] Avoid conflicts with integer width macros from TS
- 18661-1:2014
-
-glibc 2.25+ has now defined these macros in <limits.h>
-https://sourceware.org/git/?p=glibc.git;a=commit;h=5b17fd0da62bf923cb61d1bb7b08cf2e1f1f9c1a
-
-Signed-off-by: Khem Raj <raj.khem at gmail.com>
----
-Upstream-Status: Submitted
-
- fontconfig/fontconfig.h | 2 +-
- src/fcobjs.h            | 2 +-
- src/fcobjshash.gperf    | 2 +-
- src/fcobjshash.h        | 2 +-
- 4 files changed, 4 insertions(+), 4 deletions(-)
-
-Index: fontconfig-2.12.1/src/fcobjshash.h
-===================================================================
---- fontconfig-2.12.1.orig/src/fcobjshash.h
-+++ fontconfig-2.12.1/src/fcobjshash.h
-@@ -284,7 +284,7 @@ FcObjectTypeLookup (register const char
-       {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str43,FC_CHARSET_OBJECT},
-       {-1},
- #line 47 "fcobjshash.gperf"
--      {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str45,FC_CHAR_WIDTH_OBJECT},
-+      {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str45,FC_CHARWIDTH_OBJECT},
- #line 48 "fcobjshash.gperf"
-       {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str46,FC_CHAR_HEIGHT_OBJECT},
- #line 55 "fcobjshash.gperf"
diff --git a/gnu/packages/patches/fontconfig-path-max.patch b/gnu/packages/patches/fontconfig-path-max.patch
deleted file mode 100644
index e12f60ef00..0000000000
--- a/gnu/packages/patches/fontconfig-path-max.patch
+++ /dev/null
@@ -1,124 +0,0 @@
-This patch fix the build on GNU/Hurd, due to PATH_MAX isn't defined.
-
-The patch was adapted from upstream source repository:
-'<https://cgit.freedesktop.org/fontconfig/commit/?id=abdb6d658e1a16410dd1c964e365a3ebd5039e7c>'
-Commit: abdb6d658e1a16410dd1c964e365a3ebd5039e7c
-
----
- src/fcdefault.c | 34 +++++++++++++++++++++++++++-------
- src/fcint.h     |  6 ++++++
- src/fcstat.c    | 12 +++++++++++-
- 3 files changed, 44 insertions(+), 8 deletions(-)
-
-diff --git a/src/fcdefault.c b/src/fcdefault.c
-index 6647a8f..5afd7ec 100644
---- a/src/fcdefault.c
-+++ b/src/fcdefault.c
-@@ -148,17 +148,34 @@ retry:
- 	    prgname = FcStrdup ("");
- #else
- # if defined (HAVE_GETEXECNAME)
--	const char *p = getexecname ();
-+	char *p = FcStrdup(getexecname ());
- # elif defined (HAVE_READLINK)
--	char buf[PATH_MAX + 1];
--	int len;
-+	size_t size = FC_PATH_MAX;
- 	char *p = NULL;
- 
--	len = readlink ("/proc/self/exe", buf, sizeof (buf) - 1);
--	if (len != -1)
-+	while (1)
- 	{
--	    buf[len] = '\0';
--	    p = buf;
-+	    char *buf = malloc (size);
-+	    ssize_t len;
-+
-+	    if (!buf)
-+		break;
-+
-+	    len = readlink ("/proc/self/exe", buf, size - 1);
-+	    if (len < 0)
-+	    {
-+		free (buf);
-+		break;
-+	    }
-+	    if (len < size - 1)
-+	    {
-+		buf[len] = 0;
-+		p = buf;
-+		break;
-+	    }
-+
-+	    free (buf);
-+	    size *= 2;
- 	}
- # else
- 	char *p = NULL;
-@@ -176,6 +193,9 @@ retry:
- 
- 	if (!prgname)
- 	    prgname = FcStrdup ("");
-+
-+	if (p)
-+	    free (p);
- #endif
- 
- 	if (!fc_atomic_ptr_cmpexch (&default_prgname, NULL, prgname)) {
-diff --git a/src/fcint.h b/src/fcint.h
-index ac911ad..dad34c5 100644
---- a/src/fcint.h
-+++ b/src/fcint.h
-@@ -70,6 +70,12 @@ extern pfnSHGetFolderPathA pSHGetFolderPathA;
- #  define FC_DIR_SEPARATOR_S       "/"
- #endif
- 
-+#ifdef PATH_MAX
-+#define FC_PATH_MAX	PATH_MAX
-+#else
-+#define FC_PATH_MAX	128
-+#endif
-+
- #if __GNUC__ >= 4
- #define FC_UNUSED	__attribute__((unused))
- #else
-diff --git a/src/fcstat.c b/src/fcstat.c
-index 1734fa4..f6e1aaa 100644
---- a/src/fcstat.c
-+++ b/src/fcstat.c
-@@ -278,8 +278,13 @@ FcDirChecksum (const FcChar8 *dir, time_t *checksum)
- 	{
- #endif
- 	struct stat statb;
--	char f[PATH_MAX + 1];
-+	char *f = malloc (len + 1 + dlen + 1);
- 
-+	if (!f)
-+	{
-+	    ret = -1;
-+	    goto bail;
-+	}
- 	memcpy (f, dir, len);
- 	f[len] = FC_DIR_SEPARATOR;
- 	memcpy (&f[len + 1], files[n]->d_name, dlen);
-@@ -287,11 +292,16 @@ FcDirChecksum (const FcChar8 *dir, time_t *checksum)
- 	if (lstat (f, &statb) < 0)
- 	{
- 	    ret = -1;
-+	    free (f);
- 	    goto bail;
- 	}
- 	if (S_ISDIR (statb.st_mode))
-+	{
-+	    free (f);
- 	    goto bail;
-+	}
- 
-+	free (f);
- 	dtype = statb.st_mode;
- #ifdef HAVE_STRUCT_DIRENT_D_TYPE
- 	}
--- 
-2.11.0
-
diff --git a/gnu/packages/patches/freetype-CVE-2017-8105.patch b/gnu/packages/patches/freetype-CVE-2017-8105.patch
deleted file mode 100644
index 1891c4ab5f..0000000000
--- a/gnu/packages/patches/freetype-CVE-2017-8105.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-Fix CVE-2017-8105:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105
-https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
-
-Patch copied from upstream source repository:
-
-https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791
-
-From f958c48ee431bef8d4d466b40c9cb2d4dbcb7791 Mon Sep 17 00:00:00 2001
-From: Werner Lemberg <wl@gnu.org>
-Date: Fri, 24 Mar 2017 09:15:10 +0100
-Subject: [PATCH] [psaux] Better protect `flex' handling.
-
-Reported as
-
-  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
-
-* src/psaux/t1decode.c (t1_decoder_parse_charstrings)
-<callothersubr>: Since there is not a single flex operator but a
-series of subroutine calls, malformed fonts can call arbitrary other
-operators after the start of a flex, possibly adding points.  For
-this reason we have to check the available number of points before
-inserting a point.
----
- ChangeLog            | 15 +++++++++++++++
- src/psaux/t1decode.c |  9 +++++++++
- 2 files changed, 24 insertions(+)
-
-diff --git a/src/psaux/t1decode.c b/src/psaux/t1decode.c
-index af7b465e..7dd45135 100644
---- a/src/psaux/t1decode.c
-+++ b/src/psaux/t1decode.c
-@@ -780,10 +780,19 @@
-             /* point without adding any point to the outline    */
-             idx = decoder->num_flex_vectors++;
-             if ( idx > 0 && idx < 7 )
-+            {
-+              /* in malformed fonts it is possible to have other */
-+              /* opcodes in the middle of a flex (which don't    */
-+              /* increase `num_flex_vectors'); we thus have to   */
-+              /* check whether we can add a point                */
-+              if ( FT_SET_ERROR( t1_builder_check_points( builder, 1 ) ) )
-+                goto Syntax_Error;
-+
-               t1_builder_add_point( builder,
-                                     x,
-                                     y,
-                                     (FT_Byte)( idx == 3 || idx == 6 ) );
-+            }
-           }
-           break;
- 
--- 
-2.12.2
-
diff --git a/gnu/packages/patches/freetype-CVE-2017-8287.patch b/gnu/packages/patches/freetype-CVE-2017-8287.patch
deleted file mode 100644
index d1145a87ee..0000000000
--- a/gnu/packages/patches/freetype-CVE-2017-8287.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-Fix CVE-2017-8287:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287
-https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941
-
-Patch copied from upstream source repository:
-https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0
-
-From 3774fc08b502c3e685afca098b6e8a195aded6a0 Mon Sep 17 00:00:00 2001
-From: Werner Lemberg <wl@gnu.org>
-Date: Sun, 26 Mar 2017 08:32:09 +0200
-Subject: [PATCH] * src/psaux/psobjs.c (t1_builder_close_contour): Add safety
- guard.
-
-Reported as
-
-  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941
----
- ChangeLog          | 8 ++++++++
- src/psaux/psobjs.c | 8 ++++++++
- 2 files changed, 16 insertions(+)
-
-diff --git a/src/psaux/psobjs.c b/src/psaux/psobjs.c
-index d18e821a..0baf8368 100644
---- a/src/psaux/psobjs.c
-+++ b/src/psaux/psobjs.c
-@@ -1718,6 +1718,14 @@
-     first = outline->n_contours <= 1
-             ? 0 : outline->contours[outline->n_contours - 2] + 1;
- 
-+    /* in malformed fonts it can happen that a contour was started */
-+    /* but no points were added                                    */
-+    if ( outline->n_contours && first == outline->n_points )
-+    {
-+      outline->n_contours--;
-+      return;
-+    }
-+
-     /* We must not include the last point in the path if it */
-     /* is located on the first point.                       */
-     if ( outline->n_points > 1 )
--- 
-2.12.2
-
diff --git a/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch b/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch
new file mode 100644
index 0000000000..74b10c4a44
--- /dev/null
+++ b/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch
@@ -0,0 +1,20 @@
+Add missing include that triggers a build failure on PowerPC:
+
+  ../../../../gcc-5.4.0/libsanitizer/asan/asan_linux.cc: In function ‘bool __asan::AsanInterceptsSignal(int)’:
+  ../../../../gcc-5.4.0/libsanitizer/asan/asan_linux.cc:222:20: error: ‘SIGSEGV’ was not declared in this scope
+     return signum == SIGSEGV && common_flags()->handle_segv;
+		      ^
+From <https://patchwork.ozlabs.org/patch/725596/>.
+
+diff --git a/libsanitizer/asan/asan_linux.cc b/libsanitizer/asan/asan_linux.cc
+index c504168..59087b9 100644
+--- a/libsanitizer/asan/asan_linux.cc
++++ b/libsanitizer/asan/asan_linux.cc
+@@ -29,6 +29,7 @@
+ #include <dlfcn.h>
+ #include <fcntl.h>
+ #include <pthread.h>
++#include <signal.h>
+ #include <stdio.h>
+ #include <unistd.h>
+ #include <unwind.h>
diff --git a/gnu/packages/patches/gd-CVE-2017-7890.patch b/gnu/packages/patches/gd-CVE-2017-7890.patch
new file mode 100644
index 0000000000..66034c5703
--- /dev/null
+++ b/gnu/packages/patches/gd-CVE-2017-7890.patch
@@ -0,0 +1,30 @@
+From 99ba5c353373ed198f54af66fe4e355ebb96e363 Mon Sep 17 00:00:00 2001
+From: LEPILLER Julien <julien@lepiller.eu>
+Date: Thu, 3 Aug 2017 17:04:17 +0200
+Subject: [PATCH] Fix #399: Buffer over-read into uninitialized memory.
+
+The stack allocated color map buffers were not zeroed before usage, and
+so undefined palette indexes could cause information leakage.
+
+This is CVE-2017-7890.
+---
+ src/gd_gif_in.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c
+index 008d1ec..c195448 100644
+--- a/src/gd_gif_in.c
++++ b/src/gd_gif_in.c
+@@ -216,6 +216,9 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd)
+ 
+ 	gdImagePtr im = 0;
+ 
++	memset(ColorMap, 0, 3 * MAXCOLORMAPSIZE);
++	memset(localColorMap, 0, 3 * MAXCOLORMAPSIZE);
++
+ 	if(!ReadOK(fd, buf, 6)) {
+ 		return 0;
+ 	}
+-- 
+2.13.3
+
diff --git a/gnu/packages/patches/gettext-gnulib-multi-core.patch b/gnu/packages/patches/gettext-gnulib-multi-core.patch
new file mode 100644
index 0000000000..5ccdbe4ca1
--- /dev/null
+++ b/gnu/packages/patches/gettext-gnulib-multi-core.patch
@@ -0,0 +1,178 @@
+This patch fixes performance problems on multi-core machines
+as reported at <https://bugs.gnu.org/26441>.
+
+See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib
+by Bruno Haible <bruno@clisp.org>.
+
+diff --git a/gettext-tools/gnulib-tests/test-lock.c b/gettext-tools/gnulib-tests/test-lock.c
+index cb734b4e6..aa6de2739 100644
+--- a/gettext-tools/gnulib-tests/test-lock.c
++++ b/gettext-tools/gnulib-tests/test-lock.c
+@@ -50,6 +50,13 @@
+    Uncomment this to see if the operating system has a fair scheduler.  */
+ #define EXPLICIT_YIELD 1
+ 
++/* Whether to use 'volatile' on some variables that communicate information
++   between threads.  If set to 0, a lock is used to protect these variables.
++   If set to 1, 'volatile' is used; this is theoretically equivalent but can
++   lead to much slower execution (e.g. 30x slower total run time on a 40-core
++   machine.  */
++#define USE_VOLATILE 0
++
+ /* Whether to print debugging messages.  */
+ #define ENABLE_DEBUGGING 0
+ 
+@@ -103,6 +110,51 @@
+ # define yield()
+ #endif
+ 
++#if USE_VOLATILE
++struct atomic_int {
++  volatile int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  return ai->value;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  ai->value = new_value;
++}
++#else
++struct atomic_int {
++  gl_lock_define (, lock)
++  int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++  gl_lock_init (ai->lock);
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  gl_lock_lock (ai->lock);
++  int ret = ai->value;
++  gl_lock_unlock (ai->lock);
++  return ret;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  gl_lock_lock (ai->lock);
++  ai->value = new_value;
++  gl_lock_unlock (ai->lock);
++}
++#endif
++
+ #define ACCOUNT_COUNT 4
+ 
+ static int account[ACCOUNT_COUNT];
+@@ -170,12 +222,12 @@ lock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int lock_checker_done;
++static struct atomic_int lock_checker_done;
+ 
+ static void *
+ lock_checker_thread (void *arg)
+ {
+-  while (!lock_checker_done)
++  while (get_atomic_int_value (&lock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_lock_lock (my_lock);
+@@ -200,7 +252,8 @@ test_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  lock_checker_done = 0;
++  init_atomic_int (&lock_checker_done);
++  set_atomic_int_value (&lock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (lock_checker_thread, NULL);
+@@ -210,7 +263,7 @@ test_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  lock_checker_done = 1;
++  set_atomic_int_value (&lock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
+@@ -254,12 +307,12 @@ rwlock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int rwlock_checker_done;
++static struct atomic_int rwlock_checker_done;
+ 
+ static void *
+ rwlock_checker_thread (void *arg)
+ {
+-  while (!rwlock_checker_done)
++  while (get_atomic_int_value (&rwlock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ());
+       gl_rwlock_rdlock (my_rwlock);
+@@ -284,7 +337,8 @@ test_rwlock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  rwlock_checker_done = 0;
++  init_atomic_int (&rwlock_checker_done);
++  set_atomic_int_value (&rwlock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+@@ -295,7 +349,7 @@ test_rwlock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  rwlock_checker_done = 1;
++  set_atomic_int_value (&rwlock_checker_done, 1);
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (checkerthreads[i], NULL);
+   check_accounts ();
+@@ -356,12 +410,12 @@ reclock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int reclock_checker_done;
++static struct atomic_int reclock_checker_done;
+ 
+ static void *
+ reclock_checker_thread (void *arg)
+ {
+-  while (!reclock_checker_done)
++  while (get_atomic_int_value (&reclock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_recursive_lock_lock (my_reclock);
+@@ -386,7 +440,8 @@ test_recursive_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  reclock_checker_done = 0;
++  init_atomic_int (&reclock_checker_done);
++  set_atomic_int_value (&reclock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (reclock_checker_thread, NULL);
+@@ -396,7 +451,7 @@ test_recursive_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  reclock_checker_done = 1;
++  set_atomic_int_value (&reclock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
diff --git a/gnu/packages/patches/gettext-multi-core.patch b/gnu/packages/patches/gettext-multi-core.patch
new file mode 100644
index 0000000000..31a378cfd0
--- /dev/null
+++ b/gnu/packages/patches/gettext-multi-core.patch
@@ -0,0 +1,185 @@
+This patch fixes performance problems on multi-core machines
+as reported at <https://bugs.gnu.org/26441>.
+
+See commit 1afbcb06fded2a427b761dd1615b1e48e1e853cc in Gettext
+by Bruno Haible <bruno@clisp.org>.
+
+diff --git a/gettext-runtime/tests/test-lock.c b/gettext-runtime/tests/test-lock.c
+index d279d1d60..51cec3d6b 100644
+--- a/gettext-runtime/tests/test-lock.c
++++ b/gettext-runtime/tests/test-lock.c
+@@ -1,5 +1,5 @@
+ /* Test of locking in multithreaded situations.
+-   Copyright (C) 2005, 2008-2016 Free Software Foundation, Inc.
++   Copyright (C) 2005, 2008-2017 Free Software Foundation, Inc.
+ 
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Lesser General Public License as published by
+@@ -50,6 +50,13 @@
+    Uncomment this to see if the operating system has a fair scheduler.  */
+ #define EXPLICIT_YIELD 1
+ 
++/* Whether to use 'volatile' on some variables that communicate information
++   between threads.  If set to 0, a lock is used to protect these variables.
++   If set to 1, 'volatile' is used; this is theoretically equivalent but can
++   lead to much slower execution (e.g. 30x slower total run time on a 40-core
++   machine.  */
++#define USE_VOLATILE 0
++
+ /* Whether to print debugging messages.  */
+ #define ENABLE_DEBUGGING 0
+ 
+@@ -214,6 +221,51 @@ static inline void * gl_thread_self_pointer (void)
+ # define yield()
+ #endif
+ 
++#if USE_VOLATILE
++struct atomic_int {
++  volatile int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  return ai->value;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  ai->value = new_value;
++}
++#else
++struct atomic_int {
++  gl_lock_define (, lock)
++  int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++  gl_lock_init (ai->lock);
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  gl_lock_lock (ai->lock);
++  int ret = ai->value;
++  gl_lock_unlock (ai->lock);
++  return ret;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  gl_lock_lock (ai->lock);
++  ai->value = new_value;
++  gl_lock_unlock (ai->lock);
++}
++#endif
++
+ #define ACCOUNT_COUNT 4
+ 
+ static int account[ACCOUNT_COUNT];
+@@ -281,12 +333,12 @@ lock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int lock_checker_done;
++static struct atomic_int lock_checker_done;
+ 
+ static void *
+ lock_checker_thread (void *arg)
+ {
+-  while (!lock_checker_done)
++  while (get_atomic_int_value (&lock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_lock_lock (my_lock);
+@@ -311,7 +363,8 @@ test_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  lock_checker_done = 0;
++  init_atomic_int (&lock_checker_done);
++  set_atomic_int_value (&lock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (lock_checker_thread, NULL);
+@@ -321,7 +374,7 @@ test_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  lock_checker_done = 1;
++  set_atomic_int_value (&lock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
+@@ -365,12 +418,12 @@ rwlock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int rwlock_checker_done;
++static struct atomic_int rwlock_checker_done;
+ 
+ static void *
+ rwlock_checker_thread (void *arg)
+ {
+-  while (!rwlock_checker_done)
++  while (get_atomic_int_value (&rwlock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ());
+       gl_rwlock_rdlock (my_rwlock);
+@@ -395,7 +448,8 @@ test_rwlock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  rwlock_checker_done = 0;
++  init_atomic_int (&rwlock_checker_done);
++  set_atomic_int_value (&rwlock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+@@ -406,7 +460,7 @@ test_rwlock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  rwlock_checker_done = 1;
++  set_atomic_int_value (&rwlock_checker_done, 1);
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (checkerthreads[i], NULL);
+   check_accounts ();
+@@ -467,12 +521,12 @@ reclock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int reclock_checker_done;
++static struct atomic_int reclock_checker_done;
+ 
+ static void *
+ reclock_checker_thread (void *arg)
+ {
+-  while (!reclock_checker_done)
++  while (get_atomic_int_value (&reclock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_recursive_lock_lock (my_reclock);
+@@ -497,7 +551,8 @@ test_recursive_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  reclock_checker_done = 0;
++  init_atomic_int (&reclock_checker_done);
++  set_atomic_int_value (&reclock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (reclock_checker_thread, NULL);
+@@ -507,7 +562,7 @@ test_recursive_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  reclock_checker_done = 1;
++  set_atomic_int_value (&reclock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
diff --git a/gnu/packages/patches/ghostscript-CVE-2013-5653.patch b/gnu/packages/patches/ghostscript-CVE-2013-5653.patch
deleted file mode 100644
index 622266b176..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2013-5653.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-The following patch was adapted for GNU Ghostscript
-by Mark H Weaver <mhw@netris.org> based on:
-
-http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8
-
-From ab109aaeb3ddba59518b036fb288402a65cf7ce8 Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Sat, 5 Mar 2016 14:56:03 -0800
-Subject: [PATCH] Bug 694724: Have filenameforall and getenv honor SAFER
-
----
- Resource/Init/gs_init.ps |  2 ++
- psi/zfile.c              | 36 ++++++++++++++++++++----------------
- 2 files changed, 22 insertions(+), 16 deletions(-)
-
-diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
-index fa33d88..99888ac 100644
---- a/Resource/Init/gs_init.ps
-+++ b/Resource/Init/gs_init.ps
-@@ -2018,6 +2018,7 @@ readonly def
- 
- /.locksafe {
-   .locksafe_userparams
-+  systemdict /getenv {pop //false} put
-   % setpagedevice has the side effect of clearing the page, but
-   % we will just document that. Using setpagedevice keeps the device
-   % properties and pagedevice .LockSafetyParams in agreement even
-@@ -2036,6 +2037,7 @@ readonly def
- %%
- /.locksafeglobal {
-   .locksafe_userparams
-+  systemdict /getenv {pop //false} put
-   % setpagedevice has the side effect of clearing the page, but
-   % we will just document that. Using setpagedevice keeps the device
-   % properties and pagedevice .LockSafetyParams in agreement even
-diff --git a/psi/zfile.c b/psi/zfile.c
-index 320ecd5..0b9f299 100644
---- a/psi/zfile.c
-+++ b/psi/zfile.c
-@@ -371,22 +371,26 @@ file_continue(i_ctx_t *i_ctx_p)
- 
-     if (len < devlen)
-         return_error(e_rangecheck);     /* not even room for device len */
--    memcpy((char *)pscratch->value.bytes, iodev->dname, devlen);
--    code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen,
--                len - devlen);
--    if (code == ~(uint) 0) {    /* all done */
--        esp -= 5;               /* pop proc, pfen, devlen, iodev , mark */
--        return o_pop_estack;
--    } else if (code > len)      /* overran string */
--        return_error(e_rangecheck);
--    else {
--        push(1);
--        ref_assign(op, pscratch);
--        r_set_size(op, code + devlen);
--        push_op_estack(file_continue);  /* come again */
--        *++esp = pscratch[2];   /* proc */
--        return o_push_estack;
--    }
-+
-+    do {
-+        memcpy((char *)pscratch->value.bytes, iodev->dname, devlen);
-+        code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen,
-+                    len - devlen);
-+        if (code == ~(uint) 0) {    /* all done */
-+            esp -= 5;               /* pop proc, pfen, devlen, iodev , mark */
-+            return o_pop_estack;
-+        } else if (code > len)      /* overran string */
-+            return_error(e_rangecheck);
-+        else if (iodev != iodev_default(imemory)
-+              || (check_file_permissions_reduced(i_ctx_p, (char *)pscratch->value.bytes, code + devlen, "PermitFileReading")) == 0) {
-+            push(1);
-+            ref_assign(op, pscratch);
-+            r_set_size(op, code + devlen);
-+            push_op_estack(file_continue);  /* come again */
-+            *++esp = pscratch[2];   /* proc */
-+            return o_push_estack;
-+        }
-+    } while(1);
- }
- /* Cleanup procedure for enumerating files */
- static int
--- 
-2.9.1
-
diff --git a/gnu/packages/patches/ghostscript-CVE-2015-3228.patch b/gnu/packages/patches/ghostscript-CVE-2015-3228.patch
deleted file mode 100644
index c19fdb1d43..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2015-3228.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-The file names in the upstream patch below were modified to apply to GNU
-ghostscript.
-
-From 0c0b0859ae1aba64861599f0e7f74f143f305932 Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Tue, 7 Jul 2015 16:57:41 +0100
-Subject: [PATCH] Bug 696041: sanity check for memory allocation.
-
-In gs_heap_alloc_bytes(), add a sanity check to ensure we don't overflow the
-variable holding the actual number of bytes we allocate.
-
-No cluster differences
----
- gs/base/gsmalloc.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/base/gsmalloc.c b/base/gsmalloc.c
-index 624552d..cad79c2 100644
---- a/base/gsmalloc.c
-+++ b/base/gsmalloc.c
-@@ -178,7 +178,7 @@ gs_heap_alloc_bytes(gs_memory_t * mem, uint size, client_name_t cname)
-     } else {
-         uint added = size + sizeof(gs_malloc_block_t);
- 
--        if (mmem->limit - added < mmem->used)
-+        if (added <= size || mmem->limit - added < mmem->used)
-             set_msg("exceeded limit");
-         else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0)
-             set_msg("failed");
--- 
-2.4.6
-
diff --git a/gnu/packages/patches/ghostscript-CVE-2016-7976.patch b/gnu/packages/patches/ghostscript-CVE-2016-7976.patch
deleted file mode 100644
index 0a09f89016..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2016-7976.patch
+++ /dev/null
@@ -1,185 +0,0 @@
-The following patch was adapted for GNU Ghostscript
-by Mark H Weaver <mhw@netris.org> based on:
-
-http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d
-
-From 6d444c273da5499a4cd72f21cb6d4c9a5256807d Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Wed, 5 Oct 2016 09:55:55 +0100
-Subject: [PATCH] Bug 697178: Add a file permissions callback
-
-For the rare occasions when the graphics library directly opens a file
-(currently for reading), this allows us to apply any restrictions on
-file access normally applied in the interpteter.
----
- base/gsicc_manage.c | 10 ++++++----
- base/gslibctx.c     | 12 +++++++++++-
- base/gslibctx.h     |  7 +++++++
- psi/imain.c         |  2 ++
- psi/int.mak         |  2 +-
- psi/zfile.c         | 19 +++++++++++++++++++
- psi/zfile.h         |  7 +++++++
- 7 files changed, 53 insertions(+), 6 deletions(-)
-
-diff --git a/base/gsicc_manage.c b/base/gsicc_manage.c
-index 931c2a6..e9c09c3 100644
---- a/base/gsicc_manage.c
-+++ b/base/gsicc_manage.c
-@@ -1028,10 +1028,12 @@ gsicc_open_search(const char* pname, int namelen, gs_memory_t *mem_gc,
-     }
- 
-     /* First just try it like it is */
--    str = sfopen(pname, "rb", mem_gc);
--    if (str != NULL) {
--        *strp = str;
--        return 0;
-+    if (gs_check_file_permission(mem_gc, pname, namelen, "r") >= 0) {
-+        str = sfopen(pname, "rb", mem_gc);
-+        if (str != NULL) {
-+            *strp = str;
-+            return 0;
-+        }
-     }
- 
-     /* If that fails, try %rom% */ /* FIXME: Not sure this is needed or correct */
-diff --git a/base/gslibctx.c b/base/gslibctx.c
-index eaa0458..37ce1ca 100644
---- a/base/gslibctx.c
-+++ b/base/gslibctx.c
-@@ -121,7 +121,7 @@ int gs_lib_ctx_init( gs_memory_t *mem )
-         mem->gs_lib_ctx = NULL;
-         return -1;
-     }
-- 
-+    pio->client_check_file_permission = NULL;
-     gp_get_realtime(pio->real_time_0);
- 
-     return 0;
-@@ -262,3 +262,13 @@ void errflush(const gs_memory_t *mem)
-         fflush(mem->gs_lib_ctx->fstderr);
-     /* else nothing to flush */
- }
-+
-+int
-+gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission)
-+{
-+    int code = 0;
-+    if (mem->gs_lib_ctx->client_check_file_permission != NULL) {
-+        code = mem->gs_lib_ctx->client_check_file_permission(mem, fname, len, permission);
-+    }
-+    return code;
-+}
-diff --git a/base/gslibctx.h b/base/gslibctx.h
-index 7a4e110..020e2d9 100644
---- a/base/gslibctx.h
-+++ b/base/gslibctx.h
-@@ -32,6 +32,9 @@ typedef struct gs_fapi_server_s gs_fapi_server;
- #  define gs_font_dir_DEFINED
- typedef struct gs_font_dir_s gs_font_dir;
- #endif
-+
-+typedef int (*client_check_file_permission_t) (gs_memory_t *mem, const char *fname, const int len, const char *permission);
-+
- typedef struct gs_lib_ctx_s
- {
-     gs_memory_t *memory;  /* mem->gs_lib_ctx->memory == mem */
-@@ -59,6 +62,7 @@ typedef struct gs_lib_ctx_s
-     bool dict_auto_expand;  /* ps dictionary: false level 1 true level 2 or 3 */
-     /* A table of local copies of the IODevices */
-     struct gx_io_device_s **io_device_table;
-+    client_check_file_permission_t client_check_file_permission;
-     /* Define the default value of AccurateScreens that affects setscreen
-        and setcolorscreen. */
-     bool screen_accurate_screens;
-@@ -108,6 +112,9 @@ int
- void gs_lib_ctx_set_icc_directory(const gs_memory_t *mem_gc, const char* pname,
-                         int dir_namelen);
- 
-+int
-+gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission);
-+
- #define IS_LIBCTX_STDOUT(mem, f) (f == mem->gs_lib_ctx->fstdout)
- #define IS_LIBCTX_STDERR(mem, f) (f == mem->gs_lib_ctx->fstderr)
- 
-diff --git a/psi/imain.c b/psi/imain.c
-index 9a9bb5d..6874128 100644
---- a/psi/imain.c
-+++ b/psi/imain.c
-@@ -57,6 +57,7 @@
- #include "ivmspace.h"
- #include "idisp.h"              /* for setting display device callback */
- #include "iplugin.h"
-+#include "zfile.h"
- 
- #ifdef PACIFY_VALGRIND
- #include "valgrind.h"
-@@ -215,6 +216,7 @@ gs_main_init1(gs_main_instance * minst)
-                                            "the_gs_name_table");
-             if (code < 0)
-                 return code;
-+            mem->gs_lib_ctx->client_check_file_permission = z_check_file_permissions;
-         }
-         code = obj_init(&minst->i_ctx_p, &idmem);  /* requires name_init */
-         if (code < 0)
-diff --git a/psi/int.mak b/psi/int.mak
-index 4654afc..bb30d51 100644
---- a/psi/int.mak
-+++ b/psi/int.mak
-@@ -1868,7 +1868,7 @@ $(PSOBJ)imain.$(OBJ) : $(PSSRC)imain.c $(GH) $(memory__h) $(string__h)\
-  $(ialloc_h) $(iconf_h) $(idebug_h) $(idict_h) $(idisp_h) $(iinit_h)\
-  $(iname_h) $(interp_h) $(iplugin_h) $(isave_h) $(iscan_h) $(ivmspace_h)\
-  $(iinit_h) $(main_h) $(oper_h) $(ostack_h)\
-- $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h)
-+ $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h) $(zfile_h)
- 	$(PSCC) $(PSO_)imain.$(OBJ) $(C_) $(PSSRC)imain.c
- 
- #****** $(CCINT) interp.c
-diff --git a/psi/zfile.c b/psi/zfile.c
-index 2c6c958..2f27f82 100644
---- a/psi/zfile.c
-+++ b/psi/zfile.c
-@@ -197,6 +197,25 @@ check_file_permissions(i_ctx_t *i_ctx_p, const char *fname, int len,
-     return check_file_permissions_reduced(i_ctx_p, fname_reduced, rlen, permitgroup);
- }
- 
-+/* z_check_file_permissions: see zfile.h for explanation
-+ */
-+int
-+z_check_file_permissions(gs_memory_t *mem, const char *fname, const int len, const char *permission)
-+{
-+    i_ctx_t *i_ctx_p = get_minst_from_memory(mem)->i_ctx_p;
-+    gs_parsed_file_name_t pname;
-+    const char *permitgroup = permission[0] == 'r' ? "PermitFileReading" : "PermitFileWriting";
-+    int code = gs_parse_file_name(&pname, fname, len, imemory);
-+    if (code < 0)
-+        return code;
-+
-+    if (pname.iodev && i_ctx_p->LockFilePermissions && strcmp(pname.iodev->dname, "%pipe%") == 0)
-+        return e_invalidfileaccess;
-+        
-+    code = check_file_permissions(i_ctx_p, fname, len, permitgroup);
-+    return code;
-+}
-+
- /* <name_string> <access_string> file <file> */
- int                             /* exported for zsysvm.c */
- zfile(i_ctx_t *i_ctx_p)
-diff --git a/psi/zfile.h b/psi/zfile.h
-index fdf1373..a9399c7 100644
---- a/psi/zfile.h
-+++ b/psi/zfile.h
-@@ -22,4 +22,11 @@
- int zopen_file(i_ctx_t *i_ctx_p, const gs_parsed_file_name_t *pfn,
-            const char *file_access, stream **ps, gs_memory_t *mem);
- 
-+/* z_check_file_permissions: a callback (via mem->gs_lib_ctx->client_check_file_permission)
-+ * to allow applying the above permissions checks when opening file(s) from
-+ * the graphics library
-+ */
-+int
-+z_check_file_permissions(gs_memory_t *mem, const char *fname,
-+                                 const int len, const char *permission);
- #endif
--- 
-2.9.1
-
diff --git a/gnu/packages/patches/ghostscript-CVE-2016-7978.patch b/gnu/packages/patches/ghostscript-CVE-2016-7978.patch
deleted file mode 100644
index 81cb26e9ed..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2016-7978.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 6f749c0c44e7b9e09737b9f29edf29925a34f0cf Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Wed, 5 Oct 2016 09:59:25 +0100
-Subject: [PATCH] Bug 697179: Reference count device icc profile
-
-when copying a device
----
- base/gsdevice.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/base/gsdevice.c b/base/gsdevice.c
-index 778106f..aea986a 100644
---- a/base/gsdevice.c
-+++ b/base/gsdevice.c
-@@ -614,6 +614,7 @@ gx_device_init(gx_device * dev, const gx_device * proto, gs_memory_t * mem,
-     dev->memory = mem;
-     dev->retained = !internal;
-     rc_init(dev, mem, (internal ? 0 : 1));
-+    rc_increment(dev->icc_struct);
- }
- 
- void
--- 
-2.9.1
-
diff --git a/gnu/packages/patches/ghostscript-CVE-2016-7979.patch b/gnu/packages/patches/ghostscript-CVE-2016-7979.patch
deleted file mode 100644
index a557adfdea..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2016-7979.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-The following patch was adapted for GNU Ghostscript
-by Mark H Weaver <mhw@netris.org> based on:
-
-http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=875a0095f37626a721c7ff57d606a0f95af03913
-
-From 875a0095f37626a721c7ff57d606a0f95af03913 Mon Sep 17 00:00:00 2001
-From: Ken Sharp <ken.sharp@artifex.com>
-Date: Wed, 5 Oct 2016 10:10:58 +0100
-Subject: [PATCH] DSC parser - validate parameters
-
-Bug #697190 ".initialize_dsc_parser doesn't validate the parameter is a dict type before using it."
-
-Regardless of any security implications, its simply wrong for a PostScript
-operator not to validate its parameter(s).
-
-No differences expected.
----
- psi/zdscpars.c | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/psi/zdscpars.c b/psi/zdscpars.c
-index c05e154..9b4b605 100644
---- a/psi/zdscpars.c
-+++ b/psi/zdscpars.c
-@@ -150,11 +150,16 @@ zinitialize_dsc_parser(i_ctx_t *i_ctx_p)
-     ref local_ref;
-     int code;
-     os_ptr const op = osp;
--    dict * const pdict = op->value.pdict;
--    gs_memory_t * const mem = (gs_memory_t *)dict_memory(pdict);
--    dsc_data_t * const data =
--        gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init");
-+    dict *pdict;
-+    gs_memory_t *mem;
-+    dsc_data_t *data;
- 
-+    check_read_type(*op, t_dictionary);
-+
-+    pdict = op->value.pdict;
-+    mem = (gs_memory_t *)dict_memory(pdict);
-+
-+    data = gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init");
-     if (!data)
-         return_error(e_VMerror);
-     data->document_level = 0;
--- 
-2.9.1
-
diff --git a/gnu/packages/patches/ghostscript-CVE-2016-8602.patch b/gnu/packages/patches/ghostscript-CVE-2016-8602.patch
deleted file mode 100644
index aaf20b6c6c..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2016-8602.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-The following patch was adapted for GNU Ghostscript
-by Mark H Weaver <mhw@netris.org> based on:
-
-http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78
-
-From f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Sat, 8 Oct 2016 16:10:27 +0100
-Subject: [PATCH] Bug 697203: check for sufficient params in .sethalftone5
-
-and param types
----
- psi/zht2.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/psi/zht2.c b/psi/zht2.c
-index fb4a264..dfa27a4 100644
---- a/psi/zht2.c
-+++ b/psi/zht2.c
-@@ -82,14 +82,22 @@ zsethalftone5(i_ctx_t *i_ctx_p)
-     gs_memory_t *mem;
-     uint edepth = ref_stack_count(&e_stack);
-     int npop = 2;
--    int dict_enum = dict_first(op);
-+    int dict_enum;
-     ref rvalue[2];
-     int cname, colorant_number;
-     byte * pname;
-     uint name_size;
-     int halftonetype, type = 0;
-     gs_state *pgs = igs;
--    int space_index = r_space_index(op - 1);
-+    int space_index;
-+
-+    if (ref_stack_count(&o_stack) < 2)
-+        return_error(e_stackunderflow);
-+    check_type(*op, t_dictionary);
-+    check_type(*(op - 1), t_dictionary);
-+
-+    dict_enum = dict_first(op);
-+    space_index = r_space_index(op - 1);
- 
-     mem = (gs_memory_t *) idmemory->spaces_indexed[space_index];
- 
--- 
-2.9.1
-
diff --git a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch
index db80b6ddec..d38bd593c0 100644
--- a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch
+++ b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch
@@ -1,15 +1,60 @@
 Fix CVE-2017-8291:
 
-https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8291
+https://bugs.ghostscript.com/show_bug.cgi?id=697799
+https://bugs.ghostscript.com/show_bug.cgi?id=697808 (duplicate)
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8291
 
-This patch is adapted from these two Artifex Ghostscript commits by Leo
-Famulari <leo@famulari.name>:
+Patches copied from upstream source repository:
 
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d;hp=4f83478c88c2e05d6e8d79ca4557eb039354d2f3
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3;hp=5603e8fc3e59c435318877efe627967ee6baebb8
+https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3
+https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d
+https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e
+https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad
+
+From 4f83478c88c2e05d6e8d79ca4557eb039354d2f3 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 27 Apr 2017 13:03:33 +0100
+Subject: [PATCH] Bug 697799: have .eqproc check its parameters
+
+The Ghostscript custom operator .eqproc was not check the number or type of
+the parameters it was given.
+---
+ psi/zmisc3.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/psi/zmisc3.c b/psi/zmisc3.c
+index 54b304246..37293ff4b 100644
+--- a/psi/zmisc3.c
++++ b/psi/zmisc3.c
+@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p)
+     ref2_t stack[MAX_DEPTH + 1];
+     ref2_t *top = stack;
+ 
++    if (ref_stack_count(&o_stack) < 2)
++        return_error(gs_error_stackunderflow);
++    if (!r_is_array(op - 1) || !r_is_array(op)) {
++        return_error(gs_error_typecheck);
++    }
++
+     make_array(&stack[0].proc1, 0, 1, op - 1);
+     make_array(&stack[0].proc2, 0, 1, op);
+     for (;;) {
+-- 
+2.13.0
+
+From 04b37bbce174eed24edec7ad5b920eb93db4d47d Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 27 Apr 2017 13:21:31 +0100
+Subject: [PATCH] Bug 697799: have .rsdparams check its parameters
+
+The Ghostscript internal operator .rsdparams wasn't checking the number or
+type of the operands it was being passed. Do so.
+---
+ psi/zfrsd.c | 22 +++++++++++++++-------
+ 1 file changed, 15 insertions(+), 7 deletions(-)
 
 diff --git a/psi/zfrsd.c b/psi/zfrsd.c
-index fb4bce9..2629afa 100644
+index 191107d8a..950588d69 100644
 --- a/psi/zfrsd.c
 +++ b/psi/zfrsd.c
 @@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p)
@@ -24,9 +69,9 @@ index fb4bce9..2629afa 100644
 +    int code = 0;
 +
 +    if (ref_stack_count(&o_stack) < 1)
-+        return_error(e_stackunderflow);
++        return_error(gs_error_stackunderflow);
 +    if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
-+        return_error(e_typecheck);
++        return_error(gs_error_typecheck);
 +    }
  
      make_empty_array(&empty_array, a_readonly);
@@ -35,15 +80,15 @@ index fb4bce9..2629afa 100644
 +        && dict_find_string(op, "Filter", &pFilter) > 0) {
          if (!r_is_array(pFilter)) {
              if (!r_has_type(pFilter, t_name))
-                 return_error(e_typecheck);
+                 return_error(gs_error_typecheck);
 @@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p)
-                 return_error(e_typecheck);
+                 return_error(gs_error_typecheck);
          }
      }
 -    code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
 +    if (r_has_type(op, t_dictionary))
 +        code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
-     if (code < 0 && code != e_rangecheck) /* out-of-range int is ok, use 0 */
+     if (code < 0 && code != gs_error_rangecheck) /* out-of-range int is ok, use 0 */
          return code;
 -    if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0
 -        )
@@ -54,20 +99,97 @@ index fb4bce9..2629afa 100644
      push(1);
      op[-1] = *pFilter;
      if (pDecodeParms)
+-- 
+2.13.0
+
+From 57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Wed, 3 May 2017 12:05:45 +0100
+Subject: [PATCH] Bug 697846: revision to commit 4f83478c88 (.eqproc)
+
+When using the "DELAYBIND" feature, it turns out that .eqproc can be called with
+parameters that are not both procedures. In this case, it turns out, the
+expectation is for the operator to return 'false', rather than throw an error.
+---
+ psi/zmisc3.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
 diff --git a/psi/zmisc3.c b/psi/zmisc3.c
-index 54b3042..0d357f1 100644
+index 37293ff4b..3f01d39a3 100644
 --- a/psi/zmisc3.c
 +++ b/psi/zmisc3.c
-@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p)
-     ref2_t stack[MAX_DEPTH + 1];
-     ref2_t *top = stack;
+@@ -38,6 +38,15 @@ zcliprestore(i_ctx_t *i_ctx_p)
+     return gs_cliprestore(igs);
+ }
  
-+    if (ref_stack_count(&o_stack) < 2)
-+        return_error(e_stackunderflow);
-+    if (!r_is_array(op - 1) || !r_is_array(op)) {
-+        return_error(e_typecheck);
-+    }
++static inline bool
++eqproc_check_type(ref *r)
++{
++    return r_has_type(r, t_array)
++           || r_has_type(r, t_mixedarray)
++           || r_has_type(r, t_shortarray)
++           || r_has_type(r, t_oparray);
++}
 +
+ /* <proc1> <proc2> .eqproc <bool> */
+ /*
+  * Test whether two procedures are equal to depth 10.
+@@ -58,8 +67,10 @@ zeqproc(i_ctx_t *i_ctx_p)
+ 
+     if (ref_stack_count(&o_stack) < 2)
+         return_error(gs_error_stackunderflow);
+-    if (!r_is_array(op - 1) || !r_is_array(op)) {
+-        return_error(gs_error_typecheck);
++    if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) {
++        make_false(op - 1);
++        pop(1);
++        return 0;
+     }
+ 
      make_array(&stack[0].proc1, 0, 1, op - 1);
-     make_array(&stack[0].proc2, 0, 1, op);
-     for (;;) {
+-- 
+2.13.0
+
+From ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 11 May 2017 14:07:48 +0100
+Subject: [PATCH] Bug 697892: fix check for op stack underflow.
+
+In the original fix, I used the wrong method to check for stack underflow, this
+is using the correct method.
+---
+ psi/zfrsd.c  | 3 +--
+ psi/zmisc3.c | 3 +--
+ 2 files changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/psi/zfrsd.c b/psi/zfrsd.c
+index 950588d69..9c035b96d 100644
+--- a/psi/zfrsd.c
++++ b/psi/zfrsd.c
+@@ -54,8 +54,7 @@ zrsdparams(i_ctx_t *i_ctx_p)
+     uint i;
+     int code = 0;
+ 
+-    if (ref_stack_count(&o_stack) < 1)
+-        return_error(gs_error_stackunderflow);
++    check_op(1);
+     if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
+         return_error(gs_error_typecheck);
+     }
+diff --git a/psi/zmisc3.c b/psi/zmisc3.c
+index 3f01d39a3..43803b55b 100644
+--- a/psi/zmisc3.c
++++ b/psi/zmisc3.c
+@@ -65,8 +65,7 @@ zeqproc(i_ctx_t *i_ctx_p)
+     ref2_t stack[MAX_DEPTH + 1];
+     ref2_t *top = stack;
+ 
+-    if (ref_stack_count(&o_stack) < 2)
+-        return_error(gs_error_stackunderflow);
++    check_op(2);
+     if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) {
+         make_false(op - 1);
+         pop(1);
+-- 
+2.13.0
+
diff --git a/gnu/packages/patches/ghostscript-no-header-creationdate.patch b/gnu/packages/patches/ghostscript-no-header-creationdate.patch
new file mode 100644
index 0000000000..92ddbdade0
--- /dev/null
+++ b/gnu/packages/patches/ghostscript-no-header-creationdate.patch
@@ -0,0 +1,22 @@
+This patch makes emission of /CreationDate and /ModDate headers optional.
+
+If the environment variable GS_GENERATE_UUIDS is set to "0" or "no", it will
+not write out the "/ID" field (if that's permissible).
+
+Upstream does not want to do this.
+
+See: https://bugs.ghostscript.com/show_bug.cgi?id=698208
+diff --git a/orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c b/bb/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c
+index 0fb067e..b342e2c 100644
+--- orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c
++++ gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c
+@@ -305,6 +305,9 @@ pdf_initialize_ids(gx_device_pdf * pdev)
+      * date and time, rather than (for example) %%CreationDate from the
+      * PostScript file.  We think this is wrong, but we do the same.
+      */
++    if (!getenv("GS_GENERATE_UUIDS") ||
++        (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 &&
++         strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))
+     {
+         struct tm tms;
+         time_t t;
diff --git a/gnu/packages/patches/ghostscript-no-header-id.patch b/gnu/packages/patches/ghostscript-no-header-id.patch
new file mode 100644
index 0000000000..19b71aadb5
--- /dev/null
+++ b/gnu/packages/patches/ghostscript-no-header-id.patch
@@ -0,0 +1,57 @@
+This patch makes the "/ID" field optional.
+
+If the environment variable GS_GENERATE_UUIDS is set to "0" or "no", it will
+not write out the "/ID" field (if that's permissible).
+
+Upstream does not want to do this.
+
+See: https://bugs.ghostscript.com/show_bug.cgi?id=698208
+diff -ur orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c
+--- orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c	2017-07-09 23:30:28.960479189 +0200
++++ gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c	2017-07-09 23:34:34.306524488 +0200
+@@ -1580,8 +1580,11 @@
+      * +1 for the linearisation dict and +1 for the primary hint stream.
+      */
+     linear_params->FirsttrailerOffset = gp_ftell_64(linear_params->Lin_File.file);
+-    gs_sprintf(LDict, "\ntrailer\n<</Size %ld/Info %d 0 R/Root %d 0 R/ID[%s%s]/Prev %d>>\nstartxref\r\n0\n%%%%EOF\n        \n",
+-        linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber, fileID, fileID, 0);
++    gs_sprintf(LDict, "\ntrailer\n<</Size %ld/Info %d 0 R/Root %d 0 R",
++        linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber);
++    if (pdev->OwnerPassword.size > 0 || !(!getenv("GS_GENERATE_UUIDS") || (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 && strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))) /* ID is mandatory when encrypting */
++        gs_sprintf(LDict, "/ID[%s%s]", fileID, fileID);
++    gs_sprintf(LDict, "/Prev %d>>\nstartxref\r\n0\n%%%%EOF\n        \n", 0);
+     fwrite(LDict, strlen(LDict), 1, linear_params->Lin_File.file);
+ 
+     /* Write document catalog (Part 4) */
+@@ -2102,8 +2105,11 @@
+      * in the missing values.
+      */
+     code = gp_fseek_64(linear_params->sfile, linear_params->FirsttrailerOffset, SEEK_SET);
+-    gs_sprintf(LDict, "\ntrailer\n<</Size %ld/Info %d 0 R/Root %d 0 R/ID[%s%s]/Prev %"PRId64">>\nstartxref\r\n0\n%%%%EOF\n",
+-        linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber, fileID, fileID, mainxref);
++    gs_sprintf(LDict, "\ntrailer\n<</Size %ld/Info %d 0 R/Root %d 0 R",
++        linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber);
++    if (pdev->OwnerPassword.size > 0 || !(!getenv("GS_GENERATE_UUIDS") || (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 || strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))) /* ID is mandatory when encrypting */
++        gs_sprintf(LDict, "/ID[%s%s]", fileID, fileID);
++    gs_sprintf(LDict, "/Prev %"PRId64">>\nstartxref\r\n0\n%%%%EOF\n", mainxref);
+     fwrite(LDict, strlen(LDict), 1, linear_params->sfile);
+ 
+     code = gp_fseek_64(linear_params->sfile, pdev->ResourceUsage[HintStreamObj].LinearisedOffset, SEEK_SET);
+@@ -2674,10 +2680,12 @@
+             stream_puts(s, "trailer\n");
+             pprintld3(s, "<< /Size %ld /Root %ld 0 R /Info %ld 0 R\n",
+                   pdev->next_id, Catalog_id, Info_id);
+-            stream_puts(s, "/ID [");
+-            psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0);
+-            psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0);
+-            stream_puts(s, "]\n");
++            if (pdev->OwnerPassword.size > 0 || !(!getenv("GS_GENERATE_UUIDS") || (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 || strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))) { /* ID is mandatory when encrypting */
++                stream_puts(s, "/ID [");
++                psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0);
++                psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0);
++                stream_puts(s, "]\n");
++            }
+             if (pdev->OwnerPassword.size > 0) {
+                 pprintld1(s, "/Encrypt %ld 0 R ", Encrypt_id);
+             }
+Nur in gnu-ghostscript-9.14.0/devices/vector: gdevpdf.c.orig.
diff --git a/gnu/packages/patches/ghostscript-no-header-uuid.patch b/gnu/packages/patches/ghostscript-no-header-uuid.patch
new file mode 100644
index 0000000000..473531220c
--- /dev/null
+++ b/gnu/packages/patches/ghostscript-no-header-uuid.patch
@@ -0,0 +1,50 @@
+This patch makes the UUIDs in the XMP header optional, depending on the
+setting of the environment variable GS_GENERATE_UUIDS.
+
+If the environment variable GS_GENERATE_UUIDS is set to "0" or "no", it will
+not write out the Document UUID field and also will write the Instance ID
+field value as "".
+
+Upstream does not want to do this.
+
+See: https://bugs.ghostscript.com/show_bug.cgi?id=698208
+diff -ur orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdfe.c aa/gnu-ghostscript-9.14.0/devices/vector/gdevpdfe.c
+--- orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdfe.c	2017-07-09 23:30:28.960479189 +0200
++++ gnu-ghostscript-9.14.0/devices/vector/gdevpdfe.c	2017-07-10 01:04:12.252478276 +0200
+@@ -617,7 +617,7 @@
+         return code;
+ 
+     /* PDF/A XMP reference recommends setting UUID to empty. If not empty must be a URI */
+-    if (pdev->PDFA != 0)
++    if (pdev->PDFA != 0 || (getenv("GS_GENERATE_UUIDS") && (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") == 0 || strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") == 0)))
+         instance_uuid[0] = 0x00;
+ 
+     cre_date_time_len = pdf_get_docinfo_item(pdev, "/CreationDate", cre_date_time, sizeof(cre_date_time));
+@@ -719,15 +719,18 @@
+             pdf_xml_tag_close(s, "rdf:Description");
+             pdf_xml_newline(s);
+ 
+-            pdf_xml_tag_open_beg(s, "rdf:Description");
+-            pdf_xml_attribute_name(s, "rdf:about");
+-            pdf_xml_attribute_value(s, instance_uuid);
+-            pdf_xml_attribute_name(s, "xmlns:xapMM");
+-            pdf_xml_attribute_value(s, "http://ns.adobe.com/xap/1.0/mm/");
+-            pdf_xml_attribute_name(s, "xapMM:DocumentID");
+-            pdf_xml_attribute_value(s, document_uuid);
+-            pdf_xml_tag_end_empty(s);
+-            pdf_xml_newline(s);
++            if (!getenv("GS_GENERATE_UUIDS") || (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 && strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))
++            {
++                pdf_xml_tag_open_beg(s, "rdf:Description");
++                pdf_xml_attribute_name(s, "rdf:about");
++                pdf_xml_attribute_value(s, instance_uuid);
++                pdf_xml_attribute_name(s, "xmlns:xapMM");
++                pdf_xml_attribute_value(s, "http://ns.adobe.com/xap/1.0/mm/");
++                pdf_xml_attribute_name(s, "xapMM:DocumentID");
++                pdf_xml_attribute_value(s, document_uuid);
++                pdf_xml_tag_end_empty(s);
++                pdf_xml_newline(s);
++            }
+ 
+             pdf_xml_tag_open_beg(s, "rdf:Description");
+             pdf_xml_attribute_name(s, "rdf:about");
diff --git a/gnu/packages/patches/ghostscript-runpath.patch b/gnu/packages/patches/ghostscript-runpath.patch
index c7dcfd4529..9f161e45b3 100644
--- a/gnu/packages/patches/ghostscript-runpath.patch
+++ b/gnu/packages/patches/ghostscript-runpath.patch
@@ -1,17 +1,18 @@
-This patch adds $(libdir) to the RUNPATH of 'gsc' and 'gsx'.
-
---- gnu-ghostscript-9.14.0/base/unix-dll.mak	2015-04-05 15:12:45.386957927 +0200
-+++ gnu-ghostscript-9.14.0/base/unix-dll.mak	2015-04-05 15:12:49.222982359 +0200
-@@ -91,11 +91,11 @@ $(GS_SO_MAJOR): $(GS_SO_MAJOR_MINOR)
+diff --git a/base/unix-dll.mak b/base/unix-dll.mak
+index 9d57a99..36ef1ff 100644
+--- a/base/unix-dll.mak
++++ b/base/unix-dll.mak
+@@ -171,11 +171,11 @@ gpdl-so-links-subtarget: $(GPDL_SO) $(UNIX_DLL_MAK) $(MAKEDIRS)
  # Build the small Ghostscript loaders, with Gtk+ and without
- $(GSSOC_XE): $(GS_SO) $(PSSRC)$(SOC_LOADER)
+ $(GSSOC_XE): gs-so-links-subtarget $(PSSRC)$(SOC_LOADER) $(UNIX_DLL_MAK) $(MAKEDIRS)
  	$(GLCC) -g -o $(GSSOC_XE) $(PSSRC)dxmainc.c \
 -	-L$(BINDIR) -l$(GS_SO_BASE)
 +	-L$(BINDIR) -l$(GS_SO_BASE) -Wl,-rpath=$(libdir)
  
- $(GSSOX_XE): $(GS_SO) $(PSSRC)$(SOC_LOADER)
+ $(GSSOX_XE): gs-so-links-subtarget $(PSSRC)$(SOC_LOADER) $(UNIX_DLL_MAK) $(MAKEDIRS)
  	$(GLCC) -g $(SOC_CFLAGS) -o $(GSSOX_XE) $(PSSRC)$(SOC_LOADER) \
 -	-L$(BINDIR) -l$(GS_SO_BASE) $(SOC_LIBS)
 +	-L$(BINDIR) -l$(GS_SO_BASE) $(SOC_LIBS) -Wl,-rpath=$(libdir)
  
- # ------------------------- Recursive make targets ------------------------- #
+ $(PCLSOC_XE): gpcl6-so-links-subtarget $(PLSRC)$(REALMAIN_SRC).c $(UNIX_DLL_MAK) $(MAKEDIRS)
+ 	$(GLCC) -g -o $(PCLSOC_XE) $(PLSRC)$(REALMAIN_SRC).c -L$(BINDIR) -l$(PCL_SO_BASE)
diff --git a/gnu/packages/patches/glibc-CVE-2015-5180.patch b/gnu/packages/patches/glibc-CVE-2015-5180.patch
new file mode 100644
index 0000000000..92e3740fc1
--- /dev/null
+++ b/gnu/packages/patches/glibc-CVE-2015-5180.patch
@@ -0,0 +1,311 @@
+From b3b37f1a5559a7620e31c8053ed1b44f798f2b6d Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Sat, 31 Dec 2016 20:22:09 +0100
+Subject: [PATCH] CVE-2015-5180: resolv: Fix crash with internal QTYPE [BZ
+ #18784]
+
+Also rename T_UNSPEC because an upcoming public header file
+update will use that name.
+
+(cherry picked from commit fc82b0a2dfe7dbd35671c10510a8da1043d746a5)
+---
+ ChangeLog                     |  14 ++++
+ NEWS                          |   6 ++
+ include/arpa/nameser_compat.h |   6 +-
+ resolv/Makefile               |   5 ++
+ resolv/nss_dns/dns-host.c     |   2 +-
+ resolv/res_mkquery.c          |   4 +
+ resolv/res_query.c            |   6 +-
+ resolv/tst-resolv-qtypes.c    | 185 ++++++++++++++++++++++++++++++++++++++++++
+ 8 files changed, 221 insertions(+), 7 deletions(-)
+ create mode 100644 resolv/tst-resolv-qtypes.c
+
+diff --git a/include/arpa/nameser_compat.h b/include/arpa/nameser_compat.h
+index 2e735ed..7c0deed 100644
+--- a/include/arpa/nameser_compat.h
++++ b/include/arpa/nameser_compat.h
+@@ -1,8 +1,8 @@
+ #ifndef _ARPA_NAMESER_COMPAT_
+ #include <resolv/arpa/nameser_compat.h>
+ 
+-/* Picksome unused number to represent lookups of IPv4 and IPv6 (i.e.,
+-   T_A and T_AAAA).  */
+-#define T_UNSPEC 62321
++/* The number is outside the 16-bit RR type range and is used
++   internally by the implementation.  */
++#define T_QUERY_A_AND_AAAA 439963904
+ 
+ #endif
+diff --git a/resolv/Makefile b/resolv/Makefile
+index 8be41d3..a4c86b9 100644
+--- a/resolv/Makefile
++++ b/resolv/Makefile
+@@ -40,6 +40,9 @@ ifeq ($(have-thread-library),yes)
+ extra-libs += libanl
+ routines += gai_sigqueue
+ tests += tst-res_hconf_reorder
++
++# This test sends millions of packets and is rather slow.
++xtests += tst-resolv-qtypes
+ endif
+ extra-libs-others = $(extra-libs)
+ libresolv-routines := gethnamaddr res_comp res_debug	\
+@@ -117,3 +120,5 @@ tst-leaks2-ENV = MALLOC_TRACE=$(objpfx)tst-leaks2.mtrace
+ $(objpfx)mtrace-tst-leaks2.out: $(objpfx)tst-leaks2.out
+ 	$(common-objpfx)malloc/mtrace $(objpfx)tst-leaks2.mtrace > $@; \
+ 	$(evaluate-test)
++
++$(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library)
+diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
+index 5f9e357..d16fa4b 100644
+--- a/resolv/nss_dns/dns-host.c
++++ b/resolv/nss_dns/dns-host.c
+@@ -323,7 +323,7 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
+ 
+   int olderr = errno;
+   enum nss_status status;
+-  int n = __libc_res_nsearch (&_res, name, C_IN, T_UNSPEC,
++  int n = __libc_res_nsearch (&_res, name, C_IN, T_QUERY_A_AND_AAAA,
+ 			      host_buffer.buf->buf, 2048, &host_buffer.ptr,
+ 			      &ans2p, &nans2p, &resplen2, &ans2p_malloced);
+   if (n >= 0)
+diff --git a/resolv/res_mkquery.c b/resolv/res_mkquery.c
+index 12f9730..d80b531 100644
+--- a/resolv/res_mkquery.c
++++ b/resolv/res_mkquery.c
+@@ -103,6 +103,10 @@ res_nmkquery(res_state statp,
+ 	int n;
+ 	u_char *dnptrs[20], **dpp, **lastdnptr;
+ 
++	if (class < 0 || class > 65535
++	    || type < 0 || type > 65535)
++	  return -1;
++
+ #ifdef DEBUG
+ 	if (statp->options & RES_DEBUG)
+ 		printf(";; res_nmkquery(%s, %s, %s, %s)\n",
+diff --git a/resolv/res_query.c b/resolv/res_query.c
+index 944d1a9..07dc6f6 100644
+--- a/resolv/res_query.c
++++ b/resolv/res_query.c
+@@ -122,7 +122,7 @@ __libc_res_nquery(res_state statp,
+ 	int n, use_malloc = 0;
+ 	u_int oflags = statp->_flags;
+ 
+-	size_t bufsize = (type == T_UNSPEC ? 2 : 1) * QUERYSIZE;
++	size_t bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * QUERYSIZE;
+ 	u_char *buf = alloca (bufsize);
+ 	u_char *query1 = buf;
+ 	int nquery1 = -1;
+@@ -137,7 +137,7 @@ __libc_res_nquery(res_state statp,
+ 		printf(";; res_query(%s, %d, %d)\n", name, class, type);
+ #endif
+ 
+-	if (type == T_UNSPEC)
++	if (type == T_QUERY_A_AND_AAAA)
+ 	  {
+ 	    n = res_nmkquery(statp, QUERY, name, class, T_A, NULL, 0, NULL,
+ 			     query1, bufsize);
+@@ -190,7 +190,7 @@ __libc_res_nquery(res_state statp,
+ 	if (__builtin_expect (n <= 0, 0) && !use_malloc) {
+ 		/* Retry just in case res_nmkquery failed because of too
+ 		   short buffer.  Shouldn't happen.  */
+-		bufsize = (type == T_UNSPEC ? 2 : 1) * MAXPACKET;
++		bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * MAXPACKET;
+ 		buf = malloc (bufsize);
+ 		if (buf != NULL) {
+ 			query1 = buf;
+diff --git a/resolv/tst-resolv-qtypes.c b/resolv/tst-resolv-qtypes.c
+new file mode 100644
+index 0000000..b3e60c6
+--- /dev/null
++++ b/resolv/tst-resolv-qtypes.c
+@@ -0,0 +1,185 @@
++/* Exercise low-level query functions with different QTYPEs.
++   Copyright (C) 2016 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <http://www.gnu.org/licenses/>.  */
++
++#include <resolv.h>
++#include <string.h>
++#include <support/check.h>
++#include <support/check_nss.h>
++#include <support/resolv_test.h>
++#include <support/support.h>
++#include <support/test-driver.h>
++#include <support/xmemstream.h>
++
++/* If ture, the response function will send the actual response packet
++   over TCP instead of UDP.  */
++static volatile bool force_tcp;
++
++/* Send back a fake resource record matching the QTYPE.  */
++static void
++response (const struct resolv_response_context *ctx,
++          struct resolv_response_builder *b,
++          const char *qname, uint16_t qclass, uint16_t qtype)
++{
++  if (force_tcp && ctx->tcp)
++    {
++      resolv_response_init (b, (struct resolv_response_flags) { .tc = 1 });
++      resolv_response_add_question (b, qname, qclass, qtype);
++      return;
++    }
++
++  resolv_response_init (b, (struct resolv_response_flags) { });
++  resolv_response_add_question (b, qname, qclass, qtype);
++  resolv_response_section (b, ns_s_an);
++  resolv_response_open_record (b, qname, qclass, qtype, 0);
++  resolv_response_add_data (b, &qtype, sizeof (qtype));
++  resolv_response_close_record (b);
++}
++
++static const const char *domain = "www.example.com";
++
++static int
++wrap_res_query (int type, unsigned char *answer, int answer_length)
++{
++  return res_query (domain, C_IN, type, answer, answer_length);
++}
++
++static int
++wrap_res_search (int type, unsigned char *answer, int answer_length)
++{
++  return res_query (domain, C_IN, type, answer, answer_length);
++}
++
++static int
++wrap_res_querydomain (int type, unsigned char *answer, int answer_length)
++{
++  return res_querydomain ("www", "example.com", C_IN, type,
++                           answer, answer_length);
++}
++
++static int
++wrap_res_send (int type, unsigned char *answer, int answer_length)
++{
++  unsigned char buf[512];
++  int ret = res_mkquery (QUERY, domain, C_IN, type,
++                         (const unsigned char *) "", 0, NULL,
++                         buf, sizeof (buf));
++  if (type < 0 || type >= 65536)
++    {
++      /* res_mkquery fails for out-of-range record types.  */
++      TEST_VERIFY_EXIT (ret == -1);
++      return -1;
++    }
++  TEST_VERIFY_EXIT (ret > 12);  /* DNS header length.  */
++  return res_send (buf, ret, answer, answer_length);
++}
++
++static int
++wrap_res_nquery (int type, unsigned char *answer, int answer_length)
++{
++  return res_nquery (&_res, domain, C_IN, type, answer, answer_length);
++}
++
++static int
++wrap_res_nsearch (int type, unsigned char *answer, int answer_length)
++{
++  return res_nquery (&_res, domain, C_IN, type, answer, answer_length);
++}
++
++static int
++wrap_res_nquerydomain (int type, unsigned char *answer, int answer_length)
++{
++  return res_nquerydomain (&_res, "www", "example.com", C_IN, type,
++                           answer, answer_length);
++}
++
++static int
++wrap_res_nsend (int type, unsigned char *answer, int answer_length)
++{
++  unsigned char buf[512];
++  int ret = res_nmkquery (&_res, QUERY, domain, C_IN, type,
++                         (const unsigned char *) "", 0, NULL,
++                         buf, sizeof (buf));
++  if (type < 0 || type >= 65536)
++    {
++      /* res_mkquery fails for out-of-range record types.  */
++      TEST_VERIFY_EXIT (ret == -1);
++      return -1;
++    }
++  TEST_VERIFY_EXIT (ret > 12);  /* DNS header length.  */
++  return res_nsend (&_res, buf, ret, answer, answer_length);
++}
++
++static void
++test_function (const char *fname,
++               int (*func) (int type,
++                            unsigned char *answer, int answer_length))
++{
++  unsigned char buf[512];
++  for (int tcp = 0; tcp < 2; ++tcp)
++    {
++      force_tcp = tcp;
++      for (unsigned int type = 1; type <= 65535; ++type)
++        {
++          if (test_verbose)
++            printf ("info: sending QTYPE %d with %s (tcp=%d)\n",
++                    type, fname, tcp);
++          int ret = func (type, buf, sizeof (buf));
++          if (ret != 47)
++            FAIL_EXIT1 ("%s tcp=%d qtype=%d return value %d",
++                        fname,tcp, type, ret);
++          /* One question, one answer record.  */
++          TEST_VERIFY (memcmp (buf + 4, "\0\1\0\1\0\0\0\0", 8) == 0);
++          /* Question section.  */
++          static const char qname[] = "\3www\7example\3com";
++          size_t qname_length = sizeof (qname);
++          TEST_VERIFY (memcmp (buf + 12, qname, qname_length) == 0);
++          /* RDATA part of answer.  */
++          uint16_t type16 = type;
++          TEST_VERIFY (memcmp (buf + ret - 2, &type16, sizeof (type16)) == 0);
++        }
++    }
++
++  TEST_VERIFY (func (-1, buf, sizeof (buf) == -1));
++  TEST_VERIFY (func (65536, buf, sizeof (buf) == -1));
++}
++
++static int
++do_test (void)
++{
++  struct resolv_redirect_config config =
++    {
++      .response_callback = response,
++    };
++  struct resolv_test *obj = resolv_test_start (config);
++
++  test_function ("res_query", &wrap_res_query);
++  test_function ("res_search", &wrap_res_search);
++  test_function ("res_querydomain", &wrap_res_querydomain);
++  test_function ("res_send", &wrap_res_send);
++
++  test_function ("res_nquery", &wrap_res_nquery);
++  test_function ("res_nsearch", &wrap_res_nsearch);
++  test_function ("res_nquerydomain", &wrap_res_nquerydomain);
++  test_function ("res_nsend", &wrap_res_nsend);
++
++  resolv_test_end (obj);
++  return 0;
++}
++
++#define TIMEOUT 300
++#include <support/test-driver.c>
+-- 
+2.9.3
+
diff --git a/gnu/packages/patches/glibc-CVE-2015-7547.patch b/gnu/packages/patches/glibc-CVE-2015-7547.patch
new file mode 100644
index 0000000000..12abeb76d4
--- /dev/null
+++ b/gnu/packages/patches/glibc-CVE-2015-7547.patch
@@ -0,0 +1,590 @@
+From b995d95a5943785be3ab862b2d3276f3b4a22481 Mon Sep 17 00:00:00 2001
+From: Carlos O'Donell <carlos@systemhalted.org>
+Date: Tue, 16 Feb 2016 21:26:37 -0500
+Subject: [PATCH] CVE-2015-7547: getaddrinfo() stack-based buffer overflow (Bug
+ 18665).
+
+* A stack-based buffer overflow was found in libresolv when invoked from
+  libnss_dns, allowing specially crafted DNS responses to seize control
+  of execution flow in the DNS client.  The buffer overflow occurs in
+  the functions send_dg (send datagram) and send_vc (send TCP) for the
+  NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC
+  family.  The use of AF_UNSPEC triggers the low-level resolver code to
+  send out two parallel queries for A and AAAA.  A mismanagement of the
+  buffers used for those queries could result in the response of a query
+  writing beyond the alloca allocated buffer created by
+  _nss_dns_gethostbyname4_r.  Buffer management is simplified to remove
+  the overflow.  Thanks to the Google Security Team and Red Hat for
+  reporting the security impact of this issue, and Robert Holiday of
+  Ciena for reporting the related bug 18665. (CVE-2015-7547)
+
+See also:
+https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
+https://sourceware.org/ml/libc-alpha/2016-02/msg00418.html
+
+(cherry picked from commit e9db92d3acfe1822d56d11abcea5bfc4c41cf6ca)
+---
+ ChangeLog                 |  15 +++
+ NEWS                      |  14 +++
+ resolv/nss_dns/dns-host.c | 111 ++++++++++++++++++-
+ resolv/res_query.c        |   3 +
+ resolv/res_send.c         | 264 ++++++++++++++++++++++++++++++++++------------
+ 5 files changed, 338 insertions(+), 69 deletions(-)
+
+diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
+index 357ac04..a0fe9a8 100644
+--- a/resolv/nss_dns/dns-host.c
++++ b/resolv/nss_dns/dns-host.c
+@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *answer, int anslen, const char *qname,
+   int h_namelen = 0;
+ 
+   if (ancount == 0)
+-    return NSS_STATUS_NOTFOUND;
++    {
++      *h_errnop = HOST_NOT_FOUND;
++      return NSS_STATUS_NOTFOUND;
++    }
+ 
+   while (ancount-- > 0 && cp < end_of_message && had_error == 0)
+     {
+@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *answer, int anslen, const char *qname,
+   /* Special case here: if the resolver sent a result but it only
+      contains a CNAME while we are looking for a T_A or T_AAAA record,
+      we fail with NOTFOUND instead of TRYAGAIN.  */
+-  return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND;
++  if (canon != NULL)
++    {
++      *h_errnop = HOST_NOT_FOUND;
++      return NSS_STATUS_NOTFOUND;
++    }
++
++  *h_errnop = NETDB_INTERNAL;
++  return NSS_STATUS_TRYAGAIN;
+ }
+ 
+ 
+@@ -1222,11 +1232,101 @@ gaih_getanswer (const querybuf *answer1, int anslen1, const querybuf *answer2,
+ 
+   enum nss_status status = NSS_STATUS_NOTFOUND;
+ 
++  /* Combining the NSS status of two distinct queries requires some
++     compromise and attention to symmetry (A or AAAA queries can be
++     returned in any order).  What follows is a breakdown of how this
++     code is expected to work and why. We discuss only SUCCESS,
++     TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns
++     that apply (though RETURN and MERGE exist).  We make a distinction
++     between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable).
++     A recoverable TRYAGAIN is almost always due to buffer size issues
++     and returns ERANGE in errno and the caller is expected to retry
++     with a larger buffer.
++
++     Lastly, you may be tempted to make significant changes to the
++     conditions in this code to bring about symmetry between responses.
++     Please don't change anything without due consideration for
++     expected application behaviour.  Some of the synthesized responses
++     aren't very well thought out and sometimes appear to imply that
++     IPv4 responses are always answer 1, and IPv6 responses are always
++     answer 2, but that's not true (see the implementation of send_dg
++     and send_vc to see response can arrive in any order, particularly
++     for UDP). However, we expect it holds roughly enough of the time
++     that this code works, but certainly needs to be fixed to make this
++     a more robust implementation.
++
++     ----------------------------------------------
++     | Answer 1 Status /   | Synthesized | Reason |
++     | Answer 2 Status     | Status      |        |
++     |--------------------------------------------|
++     | SUCCESS/SUCCESS     | SUCCESS     | [1]    |
++     | SUCCESS/TRYAGAIN    | TRYAGAIN    | [5]    |
++     | SUCCESS/TRYAGAIN'   | SUCCESS     | [1]    |
++     | SUCCESS/NOTFOUND    | SUCCESS     | [1]    |
++     | SUCCESS/UNAVAIL     | SUCCESS     | [1]    |
++     | TRYAGAIN/SUCCESS    | TRYAGAIN    | [2]    |
++     | TRYAGAIN/TRYAGAIN   | TRYAGAIN    | [2]    |
++     | TRYAGAIN/TRYAGAIN'  | TRYAGAIN    | [2]    |
++     | TRYAGAIN/NOTFOUND   | TRYAGAIN    | [2]    |
++     | TRYAGAIN/UNAVAIL    | TRYAGAIN    | [2]    |
++     | TRYAGAIN'/SUCCESS   | SUCCESS     | [3]    |
++     | TRYAGAIN'/TRYAGAIN  | TRYAGAIN    | [3]    |
++     | TRYAGAIN'/TRYAGAIN' | TRYAGAIN'   | [3]    |
++     | TRYAGAIN'/NOTFOUND  | TRYAGAIN'   | [3]    |
++     | TRYAGAIN'/UNAVAIL   | UNAVAIL     | [3]    |
++     | NOTFOUND/SUCCESS    | SUCCESS     | [3]    |
++     | NOTFOUND/TRYAGAIN   | TRYAGAIN    | [3]    |
++     | NOTFOUND/TRYAGAIN'  | TRYAGAIN'   | [3]    |
++     | NOTFOUND/NOTFOUND   | NOTFOUND    | [3]    |
++     | NOTFOUND/UNAVAIL    | UNAVAIL     | [3]    |
++     | UNAVAIL/SUCCESS     | UNAVAIL     | [4]    |
++     | UNAVAIL/TRYAGAIN    | UNAVAIL     | [4]    |
++     | UNAVAIL/TRYAGAIN'   | UNAVAIL     | [4]    |
++     | UNAVAIL/NOTFOUND    | UNAVAIL     | [4]    |
++     | UNAVAIL/UNAVAIL     | UNAVAIL     | [4]    |
++     ----------------------------------------------
++
++     [1] If the first response is a success we return success.
++	 This ignores the state of the second answer and in fact
++	 incorrectly sets errno and h_errno to that of the second
++	 answer.  However because the response is a success we ignore
++	 *errnop and *h_errnop (though that means you touched errno on
++	 success).  We are being conservative here and returning the
++	 likely IPv4 response in the first answer as a success.
++
++     [2] If the first response is a recoverable TRYAGAIN we return
++	 that instead of looking at the second response.  The
++	 expectation here is that we have failed to get an IPv4 response
++	 and should retry both queries.
++
++     [3] If the first response was not a SUCCESS and the second
++	 response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN,
++	 or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the
++	 result from the second response, otherwise the first responses
++	 status is used.  Again we have some odd side-effects when the
++	 second response is NOTFOUND because we overwrite *errnop and
++	 *h_errnop that means that a first answer of NOTFOUND might see
++	 its *errnop and *h_errnop values altered.  Whether it matters
++	 in practice that a first response NOTFOUND has the wrong
++	 *errnop and *h_errnop is undecided.
++
++     [4] If the first response is UNAVAIL we return that instead of
++	 looking at the second response.  The expectation here is that
++	 it will have failed similarly e.g. configuration failure.
++
++     [5] Testing this code is complicated by the fact that truncated
++	 second response buffers might be returned as SUCCESS if the
++	 first answer is a SUCCESS.  To fix this we add symmetry to
++	 TRYAGAIN with the second response.  If the second response
++	 is a recoverable error we now return TRYAGIN even if the first
++	 response was SUCCESS.  */
++
+   if (anslen1 > 0)
+     status = gaih_getanswer_slice(answer1, anslen1, qname,
+ 				  &pat, &buffer, &buflen,
+ 				  errnop, h_errnop, ttlp,
+ 				  &first);
++
+   if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND
+        || (status == NSS_STATUS_TRYAGAIN
+ 	   /* We want to look at the second answer in case of an
+@@ -1242,8 +1342,15 @@ gaih_getanswer (const querybuf *answer1, int anslen1, const querybuf *answer2,
+ 						     &pat, &buffer, &buflen,
+ 						     errnop, h_errnop, ttlp,
+ 						     &first);
++      /* Use the second response status in some cases.  */
+       if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND)
+ 	status = status2;
++      /* Do not return a truncated second response (unless it was
++	 unavoidable e.g. unrecoverable TRYAGAIN).  */
++      if (status == NSS_STATUS_SUCCESS
++	  && (status2 == NSS_STATUS_TRYAGAIN
++	      && *errnop == ERANGE && *h_errnop != NO_RECOVERY))
++	status = NSS_STATUS_TRYAGAIN;
+     }
+ 
+   return status;
+diff --git a/resolv/res_query.c b/resolv/res_query.c
+index 4a9b3b3..95470a9 100644
+--- a/resolv/res_query.c
++++ b/resolv/res_query.c
+@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp,
+ 		  {
+ 		    free (*answerp2);
+ 		    *answerp2 = NULL;
++		    *nanswerp2 = 0;
+ 		    *answerp2_malloced = 0;
+ 		  }
+ 	}
+@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp,
+ 			  {
+ 			    free (*answerp2);
+ 			    *answerp2 = NULL;
++			    *nanswerp2 = 0;
+ 			    *answerp2_malloced = 0;
+ 			  }
+ 
+@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp,
+ 	  {
+ 	    free (*answerp2);
+ 	    *answerp2 = NULL;
++	    *nanswerp2 = 0;
+ 	    *answerp2_malloced = 0;
+ 	  }
+ 	if (saved_herrno != -1)
+diff --git a/resolv/res_send.c b/resolv/res_send.c
+index 5e53cc2..6511bb1 100644
+--- a/resolv/res_send.c
++++ b/resolv/res_send.c
+@@ -1,3 +1,20 @@
++/* Copyright (C) 2016 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <http://www.gnu.org/licenses/>.  */
++
+ /*
+  * Copyright (c) 1985, 1989, 1993
+  *    The Regents of the University of California.  All rights reserved.
+@@ -363,6 +380,8 @@ __libc_res_nsend(res_state statp, const u_char *buf, int buflen,
+ #ifdef USE_HOOKS
+ 	if (__glibc_unlikely (statp->qhook || statp->rhook))       {
+ 		if (anssiz < MAXPACKET && ansp) {
++			/* Always allocate MAXPACKET, callers expect
++			   this specific size.  */
+ 			u_char *buf = malloc (MAXPACKET);
+ 			if (buf == NULL)
+ 				return (-1);
+@@ -638,6 +657,77 @@ get_nsaddr (res_state statp, int n)
+     return (struct sockaddr *) (void *) &statp->nsaddr_list[n];
+ }
+ 
++/* The send_vc function is responsible for sending a DNS query over TCP
++   to the nameserver numbered NS from the res_state STATP i.e.
++   EXT(statp).nssocks[ns].  The function supports sending both IPv4 and
++   IPv6 queries at the same serially on the same socket.
++
++   Please note that for TCP there is no way to disable sending both
++   queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP
++   and sends the queries serially and waits for the result after each
++   sent query.  This implemetnation should be corrected to honour these
++   options.
++
++   Please also note that for TCP we send both queries over the same
++   socket one after another.  This technically violates best practice
++   since the server is allowed to read the first query, respond, and
++   then close the socket (to service another client).  If the server
++   does this, then the remaining second query in the socket data buffer
++   will cause the server to send the client an RST which will arrive
++   asynchronously and the client's OS will likely tear down the socket
++   receive buffer resulting in a potentially short read and lost
++   response data.  This will force the client to retry the query again,
++   and this process may repeat until all servers and connection resets
++   are exhausted and then the query will fail.  It's not known if this
++   happens with any frequency in real DNS server implementations.  This
++   implementation should be corrected to use two sockets by default for
++   parallel queries.
++
++   The query stored in BUF of BUFLEN length is sent first followed by
++   the query stored in BUF2 of BUFLEN2 length.  Queries are sent
++   serially on the same socket.
++
++   Answers to the query are stored firstly in *ANSP up to a max of
++   *ANSSIZP bytes.  If more than *ANSSIZP bytes are needed and ANSCP
++   is non-NULL (to indicate that modifying the answer buffer is allowed)
++   then malloc is used to allocate a new response buffer and ANSCP and
++   ANSP will both point to the new buffer.  If more than *ANSSIZP bytes
++   are needed but ANSCP is NULL, then as much of the response as
++   possible is read into the buffer, but the results will be truncated.
++   When truncation happens because of a small answer buffer the DNS
++   packets header field TC will bet set to 1, indicating a truncated
++   message and the rest of the socket data will be read and discarded.
++
++   Answers to the query are stored secondly in *ANSP2 up to a max of
++   *ANSSIZP2 bytes, with the actual response length stored in
++   *RESPLEN2.  If more than *ANSSIZP bytes are needed and ANSP2
++   is non-NULL (required for a second query) then malloc is used to
++   allocate a new response buffer, *ANSSIZP2 is set to the new buffer
++   size and *ANSP2_MALLOCED is set to 1.
++
++   The ANSP2_MALLOCED argument will eventually be removed as the
++   change in buffer pointer can be used to detect the buffer has
++   changed and that the caller should use free on the new buffer.
++
++   Note that the answers may arrive in any order from the server and
++   therefore the first and second answer buffers may not correspond to
++   the first and second queries.
++
++   It is not supported to call this function with a non-NULL ANSP2
++   but a NULL ANSCP.  Put another way, you can call send_vc with a
++   single unmodifiable buffer or two modifiable buffers, but no other
++   combination is supported.
++
++   It is the caller's responsibility to free the malloc allocated
++   buffers by detecting that the pointers have changed from their
++   original values i.e. *ANSCP or *ANSP2 has changed.
++
++   If errors are encountered then *TERRNO is set to an appropriate
++   errno value and a zero result is returned for a recoverable error,
++   and a less-than zero result is returned for a non-recoverable error.
++
++   If no errors are encountered then *TERRNO is left unmodified and
++   a the length of the first response in bytes is returned.  */
+ static int
+ send_vc(res_state statp,
+ 	const u_char *buf, int buflen, const u_char *buf2, int buflen2,
+@@ -647,11 +737,7 @@ send_vc(res_state statp,
+ {
+ 	const HEADER *hp = (HEADER *) buf;
+ 	const HEADER *hp2 = (HEADER *) buf2;
+-	u_char *ans = *ansp;
+-	int orig_anssizp = *anssizp;
+-	// XXX REMOVE
+-	// int anssiz = *anssizp;
+-	HEADER *anhp = (HEADER *) ans;
++	HEADER *anhp = (HEADER *) *ansp;
+ 	struct sockaddr *nsap = get_nsaddr (statp, ns);
+ 	int truncating, connreset, n;
+ 	/* On some architectures compiler might emit a warning indicating
+@@ -743,6 +829,8 @@ send_vc(res_state statp,
+ 	 * Receive length & response
+ 	 */
+ 	int recvresp1 = 0;
++	/* Skip the second response if there is no second query.
++	   To do that we mark the second response as received.  */
+ 	int recvresp2 = buf2 == NULL;
+ 	uint16_t rlen16;
+  read_len:
+@@ -779,40 +867,14 @@ send_vc(res_state statp,
+ 	u_char **thisansp;
+ 	int *thisresplenp;
+ 	if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
++		/* We have not received any responses
++		   yet or we only have one response to
++		   receive.  */
+ 		thisanssizp = anssizp;
+ 		thisansp = anscp ?: ansp;
+ 		assert (anscp != NULL || ansp2 == NULL);
+ 		thisresplenp = &resplen;
+ 	} else {
+-		if (*anssizp != MAXPACKET) {
+-			/* No buffer allocated for the first
+-			   reply.  We can try to use the rest
+-			   of the user-provided buffer.  */
+-#if __GNUC_PREREQ (4, 7)
+-			DIAG_PUSH_NEEDS_COMMENT;
+-			DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized");
+-#endif
+-#if _STRING_ARCH_unaligned
+-			*anssizp2 = orig_anssizp - resplen;
+-			*ansp2 = *ansp + resplen;
+-#else
+-			int aligned_resplen
+-			  = ((resplen + __alignof__ (HEADER) - 1)
+-			     & ~(__alignof__ (HEADER) - 1));
+-			*anssizp2 = orig_anssizp - aligned_resplen;
+-			*ansp2 = *ansp + aligned_resplen;
+-#endif
+-#if __GNUC_PREREQ (4, 7)
+-			DIAG_POP_NEEDS_COMMENT;
+-#endif
+-		} else {
+-			/* The first reply did not fit into the
+-			   user-provided buffer.  Maybe the second
+-			   answer will.  */
+-			*anssizp2 = orig_anssizp;
+-			*ansp2 = *ansp;
+-		}
+-
+ 		thisanssizp = anssizp2;
+ 		thisansp = ansp2;
+ 		thisresplenp = resplen2;
+@@ -820,10 +882,14 @@ send_vc(res_state statp,
+ 	anhp = (HEADER *) *thisansp;
+ 
+ 	*thisresplenp = rlen;
+-	if (rlen > *thisanssizp) {
+-		/* Yes, we test ANSCP here.  If we have two buffers
+-		   both will be allocatable.  */
+-		if (__glibc_likely (anscp != NULL))       {
++	/* Is the answer buffer too small?  */
++	if (*thisanssizp < rlen) {
++		/* If the current buffer is not the the static
++		   user-supplied buffer then we can reallocate
++		   it.  */
++		if (thisansp != NULL && thisansp != ansp) {
++			/* Always allocate MAXPACKET, callers expect
++			   this specific size.  */
+ 			u_char *newp = malloc (MAXPACKET);
+ 			if (newp == NULL) {
+ 				*terrno = ENOMEM;
+@@ -835,6 +901,9 @@ send_vc(res_state statp,
+ 			if (thisansp == ansp2)
+ 			  *ansp2_malloced = 1;
+ 			anhp = (HEADER *) newp;
++			/* A uint16_t can't be larger than MAXPACKET
++			   thus it's safe to allocate MAXPACKET but
++			   read RLEN bytes instead.  */
+ 			len = rlen;
+ 		} else {
+ 			Dprint(statp->options & RES_DEBUG,
+@@ -997,6 +1066,66 @@ reopen (res_state statp, int *terrno, int ns)
+ 	return 1;
+ }
+ 
++/* The send_dg function is responsible for sending a DNS query over UDP
++   to the nameserver numbered NS from the res_state STATP i.e.
++   EXT(statp).nssocks[ns].  The function supports IPv4 and IPv6 queries
++   along with the ability to send the query in parallel for both stacks
++   (default) or serially (RES_SINGLKUP).  It also supports serial lookup
++   with a close and reopen of the socket used to talk to the server
++   (RES_SNGLKUPREOP) to work around broken name servers.
++
++   The query stored in BUF of BUFLEN length is sent first followed by
++   the query stored in BUF2 of BUFLEN2 length.  Queries are sent
++   in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP).
++
++   Answers to the query are stored firstly in *ANSP up to a max of
++   *ANSSIZP bytes.  If more than *ANSSIZP bytes are needed and ANSCP
++   is non-NULL (to indicate that modifying the answer buffer is allowed)
++   then malloc is used to allocate a new response buffer and ANSCP and
++   ANSP will both point to the new buffer.  If more than *ANSSIZP bytes
++   are needed but ANSCP is NULL, then as much of the response as
++   possible is read into the buffer, but the results will be truncated.
++   When truncation happens because of a small answer buffer the DNS
++   packets header field TC will bet set to 1, indicating a truncated
++   message, while the rest of the UDP packet is discarded.
++
++   Answers to the query are stored secondly in *ANSP2 up to a max of
++   *ANSSIZP2 bytes, with the actual response length stored in
++   *RESPLEN2.  If more than *ANSSIZP bytes are needed and ANSP2
++   is non-NULL (required for a second query) then malloc is used to
++   allocate a new response buffer, *ANSSIZP2 is set to the new buffer
++   size and *ANSP2_MALLOCED is set to 1.
++
++   The ANSP2_MALLOCED argument will eventually be removed as the
++   change in buffer pointer can be used to detect the buffer has
++   changed and that the caller should use free on the new buffer.
++
++   Note that the answers may arrive in any order from the server and
++   therefore the first and second answer buffers may not correspond to
++   the first and second queries.
++
++   It is not supported to call this function with a non-NULL ANSP2
++   but a NULL ANSCP.  Put another way, you can call send_vc with a
++   single unmodifiable buffer or two modifiable buffers, but no other
++   combination is supported.
++
++   It is the caller's responsibility to free the malloc allocated
++   buffers by detecting that the pointers have changed from their
++   original values i.e. *ANSCP or *ANSP2 has changed.
++
++   If an answer is truncated because of UDP datagram DNS limits then
++   *V_CIRCUIT is set to 1 and the return value non-zero to indicate to
++   the caller to retry with TCP.  The value *GOTSOMEWHERE is set to 1
++   if any progress was made reading a response from the nameserver and
++   is used by the caller to distinguish between ECONNREFUSED and
++   ETIMEDOUT (the latter if *GOTSOMEWHERE is 1).
++
++   If errors are encountered then *TERRNO is set to an appropriate
++   errno value and a zero result is returned for a recoverable error,
++   and a less-than zero result is returned for a non-recoverable error.
++
++   If no errors are encountered then *TERRNO is left unmodified and
++   a the length of the first response in bytes is returned.  */
+ static int
+ send_dg(res_state statp,
+ 	const u_char *buf, int buflen, const u_char *buf2, int buflen2,
+@@ -1006,8 +1135,6 @@ send_dg(res_state statp,
+ {
+ 	const HEADER *hp = (HEADER *) buf;
+ 	const HEADER *hp2 = (HEADER *) buf2;
+-	u_char *ans = *ansp;
+-	int orig_anssizp = *anssizp;
+ 	struct timespec now, timeout, finish;
+ 	struct pollfd pfd[1];
+ 	int ptimeout;
+@@ -1040,6 +1167,8 @@ send_dg(res_state statp,
+ 	int need_recompute = 0;
+ 	int nwritten = 0;
+ 	int recvresp1 = 0;
++	/* Skip the second response if there is no second query.
++	   To do that we mark the second response as received.  */
+ 	int recvresp2 = buf2 == NULL;
+ 	pfd[0].fd = EXT(statp).nssocks[ns];
+ 	pfd[0].events = POLLOUT;
+@@ -1203,55 +1332,56 @@ send_dg(res_state statp,
+ 		int *thisresplenp;
+ 
+ 		if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
++			/* We have not received any responses
++			   yet or we only have one response to
++			   receive.  */
+ 			thisanssizp = anssizp;
+ 			thisansp = anscp ?: ansp;
+ 			assert (anscp != NULL || ansp2 == NULL);
+ 			thisresplenp = &resplen;
+ 		} else {
+-			if (*anssizp != MAXPACKET) {
+-				/* No buffer allocated for the first
+-				   reply.  We can try to use the rest
+-				   of the user-provided buffer.  */
+-#if _STRING_ARCH_unaligned
+-				*anssizp2 = orig_anssizp - resplen;
+-				*ansp2 = *ansp + resplen;
+-#else
+-				int aligned_resplen
+-				  = ((resplen + __alignof__ (HEADER) - 1)
+-				     & ~(__alignof__ (HEADER) - 1));
+-				*anssizp2 = orig_anssizp - aligned_resplen;
+-				*ansp2 = *ansp + aligned_resplen;
+-#endif
+-			} else {
+-				/* The first reply did not fit into the
+-				   user-provided buffer.  Maybe the second
+-				   answer will.  */
+-				*anssizp2 = orig_anssizp;
+-				*ansp2 = *ansp;
+-			}
+-
+ 			thisanssizp = anssizp2;
+ 			thisansp = ansp2;
+ 			thisresplenp = resplen2;
+ 		}
+ 
+ 		if (*thisanssizp < MAXPACKET
+-		    /* Yes, we test ANSCP here.  If we have two buffers
+-		       both will be allocatable.  */
+-		    && anscp
++		    /* If the current buffer is not the the static
++		       user-supplied buffer then we can reallocate
++		       it.  */
++		    && (thisansp != NULL && thisansp != ansp)
+ #ifdef FIONREAD
++		    /* Is the size too small?  */
+ 		    && (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0
+ 			|| *thisanssizp < *thisresplenp)
+ #endif
+                     ) {
++			/* Always allocate MAXPACKET, callers expect
++			   this specific size.  */
+ 			u_char *newp = malloc (MAXPACKET);
+ 			if (newp != NULL) {
+-				*anssizp = MAXPACKET;
+-				*thisansp = ans = newp;
++				*thisanssizp = MAXPACKET;
++				*thisansp = newp;
+ 				if (thisansp == ansp2)
+ 				  *ansp2_malloced = 1;
+ 			}
+ 		}
++		/* We could end up with truncation if anscp was NULL
++		   (not allowed to change caller's buffer) and the
++		   response buffer size is too small.  This isn't a
++		   reliable way to detect truncation because the ioctl
++		   may be an inaccurate report of the UDP message size.
++		   Therefore we use this only to issue debug output.
++		   To do truncation accurately with UDP we need
++		   MSG_TRUNC which is only available on Linux.  We
++		   can abstract out the Linux-specific feature in the
++		   future to detect truncation.  */
++		if (__glibc_unlikely (*thisanssizp < *thisresplenp)) {
++			Dprint(statp->options & RES_DEBUG,
++			       (stdout, ";; response may be truncated (UDP)\n")
++			);
++		}
++
+ 		HEADER *anhp = (HEADER *) *thisansp;
+ 		socklen_t fromlen = sizeof(struct sockaddr_in6);
+ 		assert (sizeof(from) <= fromlen);
+-- 
+2.9.3
+
diff --git a/gnu/packages/patches/glibc-CVE-2016-3075.patch b/gnu/packages/patches/glibc-CVE-2016-3075.patch
new file mode 100644
index 0000000000..d16722806e
--- /dev/null
+++ b/gnu/packages/patches/glibc-CVE-2016-3075.patch
@@ -0,0 +1,43 @@
+From 146b58d11fddbef15b888906e3be4f33900c416f Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Tue, 29 Mar 2016 12:57:56 +0200
+Subject: [PATCH] CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ
+ #19879]
+
+The defensive copy is not needed because the name may not alias the
+output buffer.
+
+(cherry picked from commit 317b199b4aff8cfa27f2302ab404d2bb5032b9a4)
+(cherry picked from commit 883dceebc8f11921a9890211a4e202e5be17562f)
+---
+ ChangeLog                    |  7 +++++++
+ NEWS                         | 10 ++++++++--
+ resolv/nss_dns/dns-network.c |  5 +----
+ 3 files changed, 16 insertions(+), 6 deletions(-)
+
+diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c
+index 2eb2f67..8f301a7 100644
+--- a/resolv/nss_dns/dns-network.c
++++ b/resolv/nss_dns/dns-network.c
+@@ -118,17 +118,14 @@ _nss_dns_getnetbyname_r (const char *name, struct netent *result,
+   } net_buffer;
+   querybuf *orig_net_buffer;
+   int anslen;
+-  char *qbuf;
+   enum nss_status status;
+ 
+   if (__res_maybe_init (&_res, 0) == -1)
+     return NSS_STATUS_UNAVAIL;
+ 
+-  qbuf = strdupa (name);
+-
+   net_buffer.buf = orig_net_buffer = (querybuf *) alloca (1024);
+ 
+-  anslen = __libc_res_nsearch (&_res, qbuf, C_IN, T_PTR, net_buffer.buf->buf,
++  anslen = __libc_res_nsearch (&_res, name, C_IN, T_PTR, net_buffer.buf->buf,
+ 			       1024, &net_buffer.ptr, NULL, NULL, NULL, NULL);
+   if (anslen < 0)
+     {
+-- 
+2.9.3
+
diff --git a/gnu/packages/patches/glibc-CVE-2016-3706.patch b/gnu/packages/patches/glibc-CVE-2016-3706.patch
new file mode 100644
index 0000000000..617242df24
--- /dev/null
+++ b/gnu/packages/patches/glibc-CVE-2016-3706.patch
@@ -0,0 +1,188 @@
+From 1a8a7c12950a0026a3c406a7cb1608f96aa1460e Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Fri, 29 Apr 2016 10:35:34 +0200
+Subject: [PATCH] CVE-2016-3706: getaddrinfo: stack overflow in hostent
+ conversion [BZ #20010]
+
+When converting a struct hostent response to struct gaih_addrtuple, the
+gethosts macro (which is called from gaih_inet) used alloca, without
+malloc fallback for large responses.  This commit changes this code to
+use calloc unconditionally.
+
+This commit also consolidated a second hostent-to-gaih_addrtuple
+conversion loop (in gaih_inet) to use the new conversion function.
+
+(cherry picked from commit 4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9)
+---
+ ChangeLog                   |  10 ++++
+ sysdeps/posix/getaddrinfo.c | 130 +++++++++++++++++++++++---------------------
+ 2 files changed, 79 insertions(+), 61 deletions(-)
+
+diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
+index 1ef3f20..fed2d3b 100644
+--- a/sysdeps/posix/getaddrinfo.c
++++ b/sysdeps/posix/getaddrinfo.c
+@@ -168,9 +168,58 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
+   return 0;
+ }
+ 
++/* Convert struct hostent to a list of struct gaih_addrtuple objects.
++   h_name is not copied, and the struct hostent object must not be
++   deallocated prematurely.  *RESULT must be NULL or a pointer to an
++   object allocated using malloc, which is freed.  */
++static bool
++convert_hostent_to_gaih_addrtuple (const struct addrinfo *req,
++				   int family,
++				   struct hostent *h,
++				   struct gaih_addrtuple **result)
++{
++  free (*result);
++  *result = NULL;
++
++  /* Count the number of addresses in h->h_addr_list.  */
++  size_t count = 0;
++  for (char **p = h->h_addr_list; *p != NULL; ++p)
++    ++count;
++
++  /* Report no data if no addresses are available, or if the incoming
++     address size is larger than what we can store.  */
++  if (count == 0 || h->h_length > sizeof (((struct gaih_addrtuple) {}).addr))
++    return true;
++
++  struct gaih_addrtuple *array = calloc (count, sizeof (*array));
++  if (array == NULL)
++    return false;
++
++  for (size_t i = 0; i < count; ++i)
++    {
++      if (family == AF_INET && req->ai_family == AF_INET6)
++	{
++	  /* Perform address mapping. */
++	  array[i].family = AF_INET6;
++	  memcpy(array[i].addr + 3, h->h_addr_list[i], sizeof (uint32_t));
++	  array[i].addr[2] = htonl (0xffff);
++	}
++      else
++	{
++	  array[i].family = family;
++	  memcpy (array[i].addr, h->h_addr_list[i], h->h_length);
++	}
++      array[i].next = array + i + 1;
++    }
++  array[0].name = h->h_name;
++  array[count - 1].next = NULL;
++
++  *result = array;
++  return true;
++}
++
+ #define gethosts(_family, _type) \
+  {									      \
+-  int i;								      \
+   int herrno;								      \
+   struct hostent th;							      \
+   struct hostent *h;							      \
+@@ -219,36 +268,23 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
+     }									      \
+   else if (h != NULL)							      \
+     {									      \
+-      for (i = 0; h->h_addr_list[i]; i++)				      \
++      /* Make sure that addrmem can be freed.  */			      \
++      if (!malloc_addrmem)						      \
++	addrmem = NULL;							      \
++      if (!convert_hostent_to_gaih_addrtuple (req, _family,h, &addrmem))      \
+ 	{								      \
+-	  if (*pat == NULL)						      \
+-	    {								      \
+-	      *pat = __alloca (sizeof (struct gaih_addrtuple));		      \
+-	      (*pat)->scopeid = 0;					      \
+-	    }								      \
+-	  uint32_t *addr = (*pat)->addr;				      \
+-	  (*pat)->next = NULL;						      \
+-	  (*pat)->name = i == 0 ? strdupa (h->h_name) : NULL;		      \
+-	  if (_family == AF_INET && req->ai_family == AF_INET6)		      \
+-	    {								      \
+-	      (*pat)->family = AF_INET6;				      \
+-	      addr[3] = *(uint32_t *) h->h_addr_list[i];		      \
+-	      addr[2] = htonl (0xffff);					      \
+-	      addr[1] = 0;						      \
+-	      addr[0] = 0;						      \
+-	    }								      \
+-	  else								      \
+-	    {								      \
+-	      (*pat)->family = _family;					      \
+-	      memcpy (addr, h->h_addr_list[i], sizeof(_type));		      \
+-	    }								      \
+-	  pat = &((*pat)->next);					      \
++	  _res.options |= old_res_options & RES_USE_INET6;		      \
++	  result = -EAI_SYSTEM;						      \
++	  goto free_and_return;						      \
+ 	}								      \
++      *pat = addrmem;							      \
++      /* The conversion uses malloc unconditionally.  */		      \
++      malloc_addrmem = true;						      \
+ 									      \
+       if (localcanon !=	NULL && canon == NULL)				      \
+ 	canon = strdupa (localcanon);					      \
+ 									      \
+-      if (_family == AF_INET6 && i > 0)					      \
++      if (_family == AF_INET6 && *pat != NULL)				      \
+ 	got_ipv6 = true;						      \
+     }									      \
+  }
+@@ -612,44 +648,16 @@ gaih_inet (const char *name, const struct gaih_service *service,
+ 		{
+ 		  if (h != NULL)
+ 		    {
+-		      int i;
+-		      /* We found data, count the number of addresses.  */
+-		      for (i = 0; h->h_addr_list[i]; ++i)
+-			;
+-		      if (i > 0 && *pat != NULL)
+-			--i;
+-
+-		      if (__libc_use_alloca (alloca_used
+-					     + i * sizeof (struct gaih_addrtuple)))
+-			addrmem = alloca_account (i * sizeof (struct gaih_addrtuple),
+-						  alloca_used);
+-		      else
+-			{
+-			  addrmem = malloc (i
+-					    * sizeof (struct gaih_addrtuple));
+-			  if (addrmem == NULL)
+-			    {
+-			      result = -EAI_MEMORY;
+-			      goto free_and_return;
+-			    }
+-			  malloc_addrmem = true;
+-			}
+-
+-		      /* Now convert it into the list.  */
+-		      struct gaih_addrtuple *addrfree = addrmem;
+-		      for (i = 0; h->h_addr_list[i]; ++i)
++		      /* We found data, convert it.  */
++		      if (!convert_hostent_to_gaih_addrtuple
++			  (req, AF_INET, h, &addrmem))
+ 			{
+-			  if (*pat == NULL)
+-			    {
+-			      *pat = addrfree++;
+-			      (*pat)->scopeid = 0;
+-			    }
+-			  (*pat)->next = NULL;
+-			  (*pat)->family = AF_INET;
+-			  memcpy ((*pat)->addr, h->h_addr_list[i],
+-				  h->h_length);
+-			  pat = &((*pat)->next);
++			  result = -EAI_MEMORY;
++			  goto free_and_return;
+ 			}
++		      *pat = addrmem;
++		      /* The conversion uses malloc unconditionally.  */
++		      malloc_addrmem = true;
+ 		    }
+ 		}
+ 	      else
+-- 
+2.9.3
+
diff --git a/gnu/packages/patches/glibc-CVE-2016-4429.patch b/gnu/packages/patches/glibc-CVE-2016-4429.patch
new file mode 100644
index 0000000000..5eebd10543
--- /dev/null
+++ b/gnu/packages/patches/glibc-CVE-2016-4429.patch
@@ -0,0 +1,58 @@
+From bdce95930e1d9a7d013d1ba78740243491262879 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 23 May 2016 20:18:34 +0200
+Subject: [PATCH] CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call [BZ
+ #20112]
+
+The call is technically in a loop, and under certain circumstances
+(which are quite difficult to reproduce in a test case), alloca
+can be invoked repeatedly during a single call to clntudp_call.
+As a result, the available stack space can be exhausted (even
+though individual alloca sizes are bounded implicitly by what
+can fit into a UDP packet, as a side effect of the earlier
+successful send operation).
+
+(cherry picked from commit bc779a1a5b3035133024b21e2f339fe4219fb11c)
+---
+ ChangeLog         |  7 +++++++
+ NEWS              |  4 ++++
+ sunrpc/clnt_udp.c | 10 +++++++++-
+ 3 files changed, 20 insertions(+), 1 deletion(-)
+
+diff --git a/sunrpc/clnt_udp.c b/sunrpc/clnt_udp.c
+index a6cf5f1..4d9acb1 100644
+--- a/sunrpc/clnt_udp.c
++++ b/sunrpc/clnt_udp.c
+@@ -388,9 +388,15 @@ send_again:
+ 	  struct sock_extended_err *e;
+ 	  struct sockaddr_in err_addr;
+ 	  struct iovec iov;
+-	  char *cbuf = (char *) alloca (outlen + 256);
++	  char *cbuf = malloc (outlen + 256);
+ 	  int ret;
+ 
++	  if (cbuf == NULL)
++	    {
++	      cu->cu_error.re_errno = errno;
++	      return (cu->cu_error.re_status = RPC_CANTRECV);
++	    }
++
+ 	  iov.iov_base = cbuf + 256;
+ 	  iov.iov_len = outlen;
+ 	  msg.msg_name = (void *) &err_addr;
+@@ -415,10 +421,12 @@ send_again:
+ 		 cmsg = CMSG_NXTHDR (&msg, cmsg))
+ 	      if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR)
+ 		{
++		  free (cbuf);
+ 		  e = (struct sock_extended_err *) CMSG_DATA(cmsg);
+ 		  cu->cu_error.re_errno = e->ee_errno;
+ 		  return (cu->cu_error.re_status = RPC_CANTRECV);
+ 		}
++	  free (cbuf);
+ 	}
+ #endif
+       do
+-- 
+2.9.3
+
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch
new file mode 100644
index 0000000000..2cb3d46f62
--- /dev/null
+++ b/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch
@@ -0,0 +1,28 @@
+This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188.
+
+diff -ur a/coders/png.c b/coders/png.c
+--- a/coders/png.c	2017-07-04 17:32:08.000000000 -0400
++++ b/coders/png.c	2017-08-19 11:16:20.933969362 -0400
+@@ -4101,11 +4101,17 @@
+                   mng_info->image=image;
+                 }
+ 
+-              if ((mng_info->mng_width > 65535L) || (mng_info->mng_height
+-                                                     > 65535L))
+-                (void) ThrowException(&image->exception,ImageError,
+-                                      WidthOrHeightExceedsLimit,
+-                                      image->filename);
++              if ((mng_info->mng_width > 65535L) ||
++                  (mng_info->mng_height > 65535L))
++                {
++                  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                      "  MNG width or height is too large: %lu, %lu",
++                      mng_info->mng_width,mng_info->mng_height);
++                  MagickFreeMemory(chunk);
++                  ThrowReaderException(CorruptImageError,
++                     ImproperImageHeader,image);
++                }
++
+               FormatString(page_geometry,"%lux%lu+0+0",mng_info->mng_width,
+                            mng_info->mng_height);
+               mng_info->frame.left=0;
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch
new file mode 100644
index 0000000000..7036f37438
--- /dev/null
+++ b/gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch
@@ -0,0 +1,16 @@
+This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd.
+
+diff -ur a/coders/wmf.c b/coders/wmf.c
+--- a/coders/wmf.c	2016-09-05 15:20:23.000000000 -0400
++++ b/coders/wmf.c	2017-08-19 10:38:08.984187264 -0400
+@@ -2719,8 +2719,8 @@
+   if(image->exception.severity != UndefinedException)
+     ThrowException2(exception,
+                    CoderWarning,
+-                   ddata->image->exception.reason,
+-                   ddata->image->exception.description);
++                   image->exception.reason,
++                   image->exception.description);
+ 
+   if(logging)
+     (void) LogMagickEvent(CoderEvent,GetMagickModule(),"leave ReadWMFImage()");
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch
new file mode 100644
index 0000000000..71af9ffe59
--- /dev/null
+++ b/gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch
@@ -0,0 +1,28 @@
+This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978.
+
+diff -ur a/coders/sun.c b/coders/sun.c
+--- a/coders/sun.c	2016-05-30 13:19:54.000000000 -0400
++++ b/coders/sun.c	2017-08-18 18:00:00.191023610 -0400
+@@ -1,5 +1,5 @@
+ /*
+-% Copyright (C) 2003-2015 GraphicsMagick Group
++% Copyright (C) 2003-2017 GraphicsMagick Group
+ % Copyright (C) 2002 ImageMagick Studio
+ % Copyright 1991-1999 E. I. du Pont de Nemours and Company
+ %
+@@ -577,6 +577,7 @@
+           for (bit=7; bit >= 0; bit--)
+             {
+               index=((*p) & (0x01 << bit) ? 0x01 : 0x00);
++              VerifyColormapIndex(image,index);
+               indexes[x+7-bit]=index;
+               q[x+7-bit]=image->colormap[index];
+             }
+@@ -587,6 +588,7 @@
+             for (bit=7; bit >= (long) (8-(image->columns % 8)); bit--)
+               {
+                 index=((*p) & (0x01 << bit) ? 0x01 : 0x00);
++                VerifyColormapIndex(image,index);
+                 indexes[x+7-bit]=index;
+                 q[x+7-bit]=image->colormap[index];
+               }
diff --git a/gnu/packages/patches/grep-gnulib-lock.patch b/gnu/packages/patches/grep-gnulib-lock.patch
new file mode 100644
index 0000000000..68c33f1031
--- /dev/null
+++ b/gnu/packages/patches/grep-gnulib-lock.patch
@@ -0,0 +1,32 @@
+This patch fix error on 'gnulib' library required to build
+'grep' package on GNU/Hurd.
+The patch was adapted from upstream source repository:
+'<http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=4084b3a1094372b960ce4a97634e08f4538c8bdd>'
+
+Commit: 4084b3a1094372b960ce4a97634e08f4538c8bdd
+
+diff --git a/lib/glthread/lock.c b/lib/glthread/lock.c
+index 061562b..afc86f4 100644
+--- a/lib/glthread/lock.c
++++ b/lib/glthread/lock.c
+@@ -30,7 +30,7 @@
+ 
+ /* ------------------------- gl_rwlock_t datatype ------------------------- */
+ 
+-# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (__GNU_LIBRARY__ > 1))
++# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (defined PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP && (__GNU_LIBRARY__ > 1)))
+ 
+ #  ifdef PTHREAD_RWLOCK_INITIALIZER
+ 
+diff --git a/lib/glthread/lock.h b/lib/glthread/lock.h
+index ec16d39..67932aa 100644
+--- a/lib/glthread/lock.h
++++ b/lib/glthread/lock.h
+@@ -179,7 +179,7 @@ typedef pthread_mutex_t gl_lock_t;
+ 
+ /* ------------------------- gl_rwlock_t datatype ------------------------- */
+ 
+-# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (__GNU_LIBRARY__ > 1))
++# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (defined PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP && (__GNU_LIBRARY__ > 1)))
+ 
+ #  ifdef PTHREAD_RWLOCK_INITIALIZER
diff --git a/gnu/packages/patches/groff-source-date-epoch.patch b/gnu/packages/patches/groff-source-date-epoch.patch
new file mode 100644
index 0000000000..53c590b049
--- /dev/null
+++ b/gnu/packages/patches/groff-source-date-epoch.patch
@@ -0,0 +1,299 @@
+Adds support for the environment variable SOURCE_DATE_EPOCH.
+
+See: https://sources.debian.net/patches/groff/1.22.3-9/source-date-epoch.patch/
+
+From abc23bc9245e18468817f2838361c3a08f7521e2 Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@debian.org>
+Date: Thu, 5 Nov 2015 11:47:34 +0000
+Subject: Implement `SOURCE_DATE_EPOCH' for reproducible builds.
+
+Author: Colin Watson <cjwatson@debian.org>
+Forwarded: yes
+Last-Update: 2015-11-05
+
+Patch-Name: source-date-epoch.patch
+---
+ doc/groff.texinfo                 |  6 +++++
+ src/devices/grohtml/grohtml.man   |  7 ++++++
+ src/devices/grohtml/post-html.cpp |  5 ++--
+ src/devices/gropdf/gropdf.man     |  7 ++++++
+ src/devices/gropdf/gropdf.pl      |  3 ++-
+ src/devices/grops/grops.man       |  7 ++++++
+ src/devices/grops/ps.cpp          |  3 ++-
+ src/include/curtime.h             | 23 ++++++++++++++++++
+ src/libs/libgroff/Makefile.sub    |  2 ++
+ src/libs/libgroff/curtime.cpp     | 51 +++++++++++++++++++++++++++++++++++++++
+ src/roff/troff/input.cpp          |  3 ++-
+ 11 files changed, 112 insertions(+), 5 deletions(-)
+ create mode 100644 src/include/curtime.h
+ create mode 100644 src/libs/libgroff/curtime.cpp
+
+diff --git a/doc/groff.texinfo b/doc/groff.texinfo
+index 066b5274..1d3c7a9f 100644
+--- a/doc/groff.texinfo
++++ b/doc/groff.texinfo
+@@ -1453,6 +1453,12 @@ default directory (on Unix and GNU/Linux systems, this is usually
+ @item GROFF_TYPESETTER
+ @tindex GROFF_TYPESETTER@r{, environment variable}
+ The default output device.
++
++@item SOURCE_DATE_EPOCH
++@tindex SOURCE_DATE_EPOCH@r{, environment variable}
++A timestamp (expressed as seconds since the Unix epoch) to use in place of
++the current time when initializing time-based built-in registers such as
++@code{\n[seconds]}.
+ @end table
+ 
+ Note that MS-DOS and MS-Windows ports of @code{groff} use semi-colons,
+diff --git a/src/devices/grohtml/grohtml.man b/src/devices/grohtml/grohtml.man
+index 51eae224..4be4abbc 100644
+--- a/src/devices/grohtml/grohtml.man
++++ b/src/devices/grohtml/grohtml.man
+@@ -419,6 +419,13 @@ and
+ for more details.
+ .
+ .
++.TP
++.SM
++.B SOURCE_DATE_EPOCH
++A timestamp (expressed as seconds since the Unix epoch) to use as the
++creation timestamp in place of the current time.
++.
++.
+ .\" --------------------------------------------------------------------
+ .SH BUGS
+ .\" --------------------------------------------------------------------
+diff --git a/src/devices/grohtml/post-html.cpp b/src/devices/grohtml/post-html.cpp
+index fefbf014..b5fc5167 100644
+--- a/src/devices/grohtml/post-html.cpp
++++ b/src/devices/grohtml/post-html.cpp
+@@ -28,6 +28,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+ #include "html.h"
+ #include "html-text.h"
+ #include "html-table.h"
++#include "curtime.h"
+ 
+ #include <time.h>
+ 
+@@ -5013,7 +5014,7 @@ void html_printer::do_file_components (void)
+ 	.put_string(Version_string)
+ 	.end_comment();
+ 
+-      t = time(0);
++      t = current_time();
+       html.begin_comment("CreationDate: ")
+ 	.put_string(ctime(&t), strlen(ctime(&t))-1)
+ 	.end_comment();
+@@ -5126,7 +5127,7 @@ html_printer::~html_printer()
+     .put_string(Version_string)
+     .end_comment();
+ 
+-  t = time(0);
++  t = current_time();
+   html.begin_comment("CreationDate: ")
+     .put_string(ctime(&t), strlen(ctime(&t))-1)
+     .end_comment();
+diff --git a/src/devices/gropdf/gropdf.man b/src/devices/gropdf/gropdf.man
+index 3bbace6a..cc0c82f1 100644
+--- a/src/devices/gropdf/gropdf.man
++++ b/src/devices/gropdf/gropdf.man
+@@ -1029,6 +1029,13 @@ and
+ for more details.
+ .
+ .
++.TP
++.SM
++.B SOURCE_DATE_EPOCH
++A timestamp (expressed as seconds since the Unix epoch) to use as the
++creation timestamp in place of the current time.
++.
++.
+ .\" --------------------------------------------------------------------
+ .SH FILES
+ .\" --------------------------------------------------------------------
+diff --git a/src/devices/gropdf/gropdf.pl b/src/devices/gropdf/gropdf.pl
+index 035d1238..c25c4c67 100644
+--- a/src/devices/gropdf/gropdf.pl
++++ b/src/devices/gropdf/gropdf.pl
+@@ -239,13 +239,14 @@ elsif (exists($ppsz{$papersz}))
+     @defaultmb=@mediabox=(0,0,$ppsz{$papersz}->[0],$ppsz{$papersz}->[1]);
+ }
+ 
+-my (@dt)=localtime(time);
++my (@dt)=localtime($ENV{SOURCE_DATE_EPOCH} || time);
+ my $dt=PDFDate(\@dt);
+ 
+ my %info=('Creator' => "(groff version $cfg{GROFF_VERSION})",
+ 				'Producer' => "(gropdf version $cfg{GROFF_VERSION})",
+ 				'ModDate' => "($dt)",
+ 				'CreationDate' => "($dt)");
++
+ while (<>)
+ {
+     chomp;
+diff --git a/src/devices/grops/grops.man b/src/devices/grops/grops.man
+index 99fb7486..272c2d18 100644
+--- a/src/devices/grops/grops.man
++++ b/src/devices/grops/grops.man
+@@ -1419,6 +1419,13 @@ and
+ for more details.
+ .
+ .
++.TP
++.SM
++.B SOURCE_DATE_EPOCH
++A timestamp (expressed as seconds since the Unix epoch) to use as the
++creation timestamp in place of the current time.
++.
++.
+ .\" --------------------------------------------------------------------
+ .SH FILES
+ .\" --------------------------------------------------------------------
+diff --git a/src/devices/grops/ps.cpp b/src/devices/grops/ps.cpp
+index 745a503b..03e65372 100644
+--- a/src/devices/grops/ps.cpp
++++ b/src/devices/grops/ps.cpp
+@@ -28,6 +28,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+ #include "cset.h"
+ #include "nonposix.h"
+ #include "paper.h"
++#include "curtime.h"
+ 
+ #include "ps.h"
+ #include <time.h>
+@@ -1390,7 +1391,7 @@ ps_printer::~ps_printer()
+ #else
+     time_t
+ #endif
+-    t = time(0);
++    t = current_time();
+     fputs(ctime(&t), out.get_file());
+   }
+   for (font_pointer_list *f = font_list; f; f = f->next) {
+diff --git a/src/include/curtime.h b/src/include/curtime.h
+new file mode 100644
+index 00000000..a4105196
+--- /dev/null
++++ b/src/include/curtime.h
+@@ -0,0 +1,23 @@
++/* Copyright (C) 2015  Free Software Foundation, Inc.
++
++This file is part of groff.
++
++groff is free software; you can redistribute it and/or modify it under
++the terms of the GNU General Public License as published by the Free
++Software Foundation, either version 2 of the License, or
++(at your option) any later version.
++
++groff is distributed in the hope that it will be useful, but WITHOUT ANY
++WARRANTY; without even the implied warranty of MERCHANTABILITY or
++FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
++for more details.
++
++The GNU General Public License version 2 (GPL2) is available in the
++internet at <http://www.gnu.org/licenses/gpl-2.0.txt>. */
++
++#ifdef LONG_FOR_TIME_T
++long
++#else
++time_t
++#endif
++current_time();
+diff --git a/src/libs/libgroff/Makefile.sub b/src/libs/libgroff/Makefile.sub
+index 840d9934..4cb4937a 100644
+--- a/src/libs/libgroff/Makefile.sub
++++ b/src/libs/libgroff/Makefile.sub
+@@ -32,6 +32,7 @@ OBJS=\
+   cmap.$(OBJEXT) \
+   color.$(OBJEXT) \
+   cset.$(OBJEXT) \
++  curtime.$(OBJEXT) \
+   device.$(OBJEXT) \
+   errarg.$(OBJEXT) \
+   error.$(OBJEXT) \
+@@ -82,6 +83,7 @@ CCSRCS=\
+   $(srcdir)/cmap.cpp \
+   $(srcdir)/color.cpp \
+   $(srcdir)/cset.cpp \
++  $(srcdir)/curtime.cpp \
+   $(srcdir)/device.cpp \
+   $(srcdir)/errarg.cpp \
+   $(srcdir)/error.cpp \
+diff --git a/src/libs/libgroff/curtime.cpp b/src/libs/libgroff/curtime.cpp
+new file mode 100644
+index 00000000..00821b7f
+--- /dev/null
++++ b/src/libs/libgroff/curtime.cpp
+@@ -0,0 +1,51 @@
++/* Copyright (C) 2015  Free Software Foundation, Inc.
++
++This file is part of groff.
++
++groff is free software; you can redistribute it and/or modify it under
++the terms of the GNU General Public License as published by the Free
++Software Foundation, either version 2 of the License, or
++(at your option) any later version.
++
++groff is distributed in the hope that it will be useful, but WITHOUT ANY
++WARRANTY; without even the implied warranty of MERCHANTABILITY or
++FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
++for more details.
++
++The GNU General Public License version 2 (GPL2) is available in the
++internet at <http://www.gnu.org/licenses/gpl-2.0.txt>. */
++
++#include <errno.h>
++#include <limits.h>
++#include <stdlib.h>
++#include <string.h>
++#include <time.h>
++
++#include "errarg.h"
++#include "error.h"
++
++#ifdef LONG_FOR_TIME_T
++long
++#else
++time_t
++#endif
++current_time()
++{
++  char *source_date_epoch = getenv("SOURCE_DATE_EPOCH");
++
++  if (source_date_epoch) {
++    errno = 0;
++    char *endptr;
++    long epoch = strtol(source_date_epoch, &endptr, 10);
++
++    if ((errno == ERANGE && (epoch == LONG_MAX || epoch == LONG_MIN)) ||
++	(errno != 0 && epoch == 0))
++      fatal("$SOURCE_DATE_EPOCH: strtol: %1", strerror(errno));
++    if (endptr == source_date_epoch)
++      fatal("$SOURCE_DATE_EPOCH: no digits found: %1", endptr);
++    if (*endptr != '\0')
++      fatal("$SOURCE_DATE_EPOCH: trailing garbage: %1", endptr);
++    return epoch;
++  } else
++    return time(0);
++}
+diff --git a/src/roff/troff/input.cpp b/src/roff/troff/input.cpp
+index 9594f074..f7d2c18a 100644
+--- a/src/roff/troff/input.cpp
++++ b/src/roff/troff/input.cpp
+@@ -36,6 +36,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+ #include "input.h"
+ #include "defs.h"
+ #include "unicode.h"
++#include "curtime.h"
+ 
+ // Needed for getpid() and isatty()
+ #include "posix.h"
+@@ -8138,7 +8139,7 @@ static void init_registers()
+ #else /* not LONG_FOR_TIME_T */
+   time_t
+ #endif /* not LONG_FOR_TIME_T */
+-    t = time(0);
++    t = current_time();
+   // Use struct here to work around misfeature in old versions of g++.
+   struct tm *tt = localtime(&t);
+   set_number_reg("seconds", int(tt->tm_sec));
diff --git a/gnu/packages/patches/guile-2.2-default-utf8.patch b/gnu/packages/patches/guile-2.2-default-utf8.patch
new file mode 100644
index 0000000000..3233388874
--- /dev/null
+++ b/gnu/packages/patches/guile-2.2-default-utf8.patch
@@ -0,0 +1,78 @@
+This hack makes Guile default to UTF-8.  This avoids calls to
+`iconv_open'; `iconv_open' tries to open shared objects that aren't
+available during bootstrap, so using UTF-8 avoids that (and UTF-8 has
+built-in conversions in glibc, too.)
+
+diff --git a/libguile/bytevectors.c b/libguile/bytevectors.c
+index 7cd753009..de92653a4 100644
+--- a/libguile/bytevectors.c
++++ b/libguile/bytevectors.c
+@@ -1918,7 +1918,7 @@ utf_encoding_name (char *name, size_t utf_width, SCM endianness)
+   if (scm_i_is_narrow_string (str))                                     \
+     {                                                                   \
+       err = mem_iconveh (scm_i_string_chars (str), c_strlen,            \
+-                         "ISO-8859-1", c_utf_name,                      \
++                         "UTF-8", c_utf_name,                      \
+                          iconveh_question_mark, NULL,                   \
+                          &c_utf, &c_utf_len);                           \
+       if (SCM_UNLIKELY (err))                                           \
+diff --git a/libguile/ports.c b/libguile/ports.c
+index 2a25cd58e..bdaf921ca 100644
+--- a/libguile/ports.c
++++ b/libguile/ports.c
+@@ -959,7 +959,9 @@ canonicalize_encoding (const char *enc)
+   char *ret;
+   int i;
+ 
+-  if (!enc || encoding_matches (enc, sym_ISO_8859_1))
++  if (enc == NULL)
++    return sym_UTF_8;
++  if (encoding_matches (enc, sym_ISO_8859_1))
+     return sym_ISO_8859_1;
+   if (encoding_matches (enc, sym_UTF_8))
+     return sym_UTF_8;
+@@ -4182,7 +4184,7 @@ scm_init_ports (void)
+     scm_c_define ("%default-port-conversion-strategy",
+                   scm_make_fluid_with_default (sym_substitute));
+   /* Use the locale as the default port encoding.  */
+-  scm_i_set_default_port_encoding (locale_charset ());
++  scm_i_set_default_port_encoding ("UTF-8");
+ 
+   scm_c_register_extension ("libguile-" SCM_EFFECTIVE_VERSION,
+                             "scm_init_ice_9_ports",
+diff --git a/libguile/strings.c b/libguile/strings.c
+index 5c49e33d8..0131e6dc8 100644
+--- a/libguile/strings.c
++++ b/libguile/strings.c
+@@ -1561,7 +1561,7 @@ scm_i_default_string_failed_conversion_handler (void)
+ SCM
+ scm_from_locale_stringn (const char *str, size_t len)
+ {
+-  return scm_from_stringn (str, len, locale_charset (),
++  return scm_from_stringn (str, len, "UTF-8",
+                            scm_i_default_string_failed_conversion_handler ());
+ }
+ 
+@@ -1885,7 +1885,7 @@ char *
+ scm_to_locale_stringn (SCM str, size_t *lenp)
+ {
+   return scm_to_stringn (str, lenp,
+-                         locale_charset (),
++                         "UTF-8",
+                          scm_i_default_string_failed_conversion_handler ());
+ }
+ 
+@@ -2216,11 +2216,11 @@ scm_to_stringn (SCM str, size_t *lenp, const char *encoding,
+   len = 0;
+   enc = encoding;
+   if (enc == NULL)
+-    enc = "ISO-8859-1";
++    enc = "UTF-8";
+   if (scm_i_is_narrow_string (str))
+     {
+       ret = mem_iconveh (scm_i_string_chars (str), ilen,
+-                         "ISO-8859-1", enc,
++                         "UTF-8", enc,
+                          (enum iconv_ilseq_handler) handler, NULL,
+                          &buf, &len);
+ 
diff --git a/gnu/packages/patches/guile-bytestructures-name-clash.patch b/gnu/packages/patches/guile-bytestructures-name-clash.patch
new file mode 100644
index 0000000000..ac834dd504
--- /dev/null
+++ b/gnu/packages/patches/guile-bytestructures-name-clash.patch
@@ -0,0 +1,31 @@
+This patch works around a name clash between the 'cstring-pointer' module and
+the 'cstring-module' variable that occurs in Guile 2.0:
+
+  ice-9/boot-9.scm:109:20: re-exporting local variable: cstring-pointer
+
+--- guile-bytestructures-20170402.91d042e-checkout/bytestructures/guile.scm	2017-07-25 17:04:32.858289986 +0200
++++ guile-bytestructures-20170402.91d042e-checkout/bytestructures/guile.scm	2017-07-25 17:04:41.130244725 +0200
+@@ -1,6 +1,6 @@
+ (define-module (bytestructures guile))
+ 
+-(import
++(use-modules
+  (bytestructures guile base)
+  (bytestructures guile vector)
+  (bytestructures guile struct)
+@@ -8,7 +8,7 @@
+  (bytestructures guile pointer)
+  (bytestructures guile numeric)
+  (bytestructures guile string)
+- (bytestructures guile cstring-pointer))
++ ((bytestructures guile cstring-pointer) #:prefix cstr:))
+ (re-export
+  make-bytestructure-descriptor
+  bytestructure-descriptor?
+@@ -75,5 +75,5 @@
+ 
+  bs:string
+ 
+- cstring-pointer
++ cstr:cstring-pointer
+  )
diff --git a/gnu/packages/patches/guile-relocatable.patch b/gnu/packages/patches/guile-relocatable.patch
index 2431495f24..95bddcce88 100644
--- a/gnu/packages/patches/guile-relocatable.patch
+++ b/gnu/packages/patches/guile-relocatable.patch
@@ -35,11 +35,11 @@ location of the `guile' binary, allowing it to be relocated.
 +
 +  module_dir = scm_gc_malloc_pointerless (strlen (prefix) + 50, "string");
 +  strcpy (module_dir, prefix);
-+  strcat (module_dir, "/share/guile/2.0");
++  strcat (module_dir, "/share/guile/" SCM_EFFECTIVE_VERSION);
 +
 +  ccache_dir = scm_gc_malloc_pointerless (strlen (prefix) + 50, "string");
 +  strcpy (ccache_dir, prefix);
-+  strcat (ccache_dir, "/lib/guile/2.0/ccache");
++  strcat (ccache_dir, "/lib/guile/" SCM_EFFECTIVE_VERSION "/ccache");
 +
    env = scm_i_mirror_backslashes (getenv ("GUILE_SYSTEM_PATH"));
    if (env && strcmp (env, "") == 0)
diff --git a/gnu/packages/patches/guile-ssh-channel-finalization.patch b/gnu/packages/patches/guile-ssh-channel-finalization.patch
deleted file mode 100644
index 54b5055a20..0000000000
--- a/gnu/packages/patches/guile-ssh-channel-finalization.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-Avoid asynchronous channel finalization, which could lead to segfaults due to
-libssh not being thread-safe: <https://bugs.gnu.org/26976>.
-
---- guile-ssh-0.11.0/modules/ssh/dist/node.scm	2017-06-13 14:37:44.861671297 +0200
-+++ guile-ssh-0.11.0/modules/ssh/dist/node.scm	2017-06-13 14:38:02.841580565 +0200
-@@ -391,11 +391,18 @@ listens on an expected port, return #f o
-   "Evaluate QUOTED-EXP on the node and return the evaluated result."
-   (let ((repl-channel (node-open-rrepl node)))
-     (rrepl-skip-to-prompt repl-channel)
--    (call-with-values (lambda () (rrepl-eval repl-channel quoted-exp))
--      (lambda vals
--        (and (node-stop-repl-server? node)
-+    (dynamic-wind
-+      (const #t)
-+      (lambda ()
-+        (rrepl-eval repl-channel quoted-exp))
-+      (lambda ()
-+        (when (node-stop-repl-server? node)
-              (node-stop-server node))
--        (apply values vals)))))
-+
-+        ;; Close REPL-CHANNEL right away to prevent finalization from
-+        ;; happening in another thread at the wrong time (see
-+        ;; <https://bugs.gnu.org/26976>.)
-+        (close-port repl-channel)))))
- 
- (define (node-eval-1 node quoted-exp)
-   "Evaluate QUOTED-EXP on the node and return the evaluated result.  The
diff --git a/gnu/packages/patches/guile-ssh-double-free.patch b/gnu/packages/patches/guile-ssh-double-free.patch
deleted file mode 100644
index 9692b81d39..0000000000
--- a/gnu/packages/patches/guile-ssh-double-free.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Fix a double-free or use-after-free issue with Guile-SSH used
-with Guile 2.2.  See <https://bugs.gnu.org/26976>.
-
-diff --git a/libguile-ssh/channel-type.c b/libguile-ssh/channel-type.c
-index 3dd641f..0839854 100644
---- a/libguile-ssh/channel-type.c
-+++ b/libguile-ssh/channel-type.c
-@@ -229,10 +229,11 @@ ptob_close (SCM channel)
-       ssh_channel_free (ch->ssh_channel);
-     }
- 
-+  SCM_SETSTREAM (channel, NULL);
-+
- #if USING_GUILE_BEFORE_2_2
-   scm_gc_free (pt->write_buf, pt->write_buf_size, "port write buffer");
-   scm_gc_free (pt->read_buf,  pt->read_buf_size, "port read buffer");
--  SCM_SETSTREAM (channel, NULL);
- 
-   return 0;
- #endif
-diff --git a/libguile-ssh/sftp-file-type.c b/libguile-ssh/sftp-file-type.c
-index 8879924..f87cf03 100644
---- a/libguile-ssh/sftp-file-type.c
-+++ b/libguile-ssh/sftp-file-type.c
-@@ -224,10 +224,11 @@ ptob_close (SCM sftp_file)
-       sftp_close (fd->file);
-     }
- 
-+  SCM_SETSTREAM (sftp_file, NULL);
-+
- #if USING_GUILE_BEFORE_2_2
-   scm_gc_free (pt->write_buf, pt->write_buf_size, "port write buffer");
-   scm_gc_free (pt->read_buf,  pt->read_buf_size, "port read buffer");
--  SCM_SETSTREAM (sftp_file, NULL);
- 
-   return 1;
- #endif
diff --git a/gnu/packages/patches/guile-ssh-rexec-bug.patch b/gnu/packages/patches/guile-ssh-rexec-bug.patch
deleted file mode 100644
index 363fea38c9..0000000000
--- a/gnu/packages/patches/guile-ssh-rexec-bug.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Fix a bug whereby 'node-guile-version' would pass a node instead of
-a session to 'rexec'.
-
-diff --git a/modules/ssh/dist/node.scm b/modules/ssh/dist/node.scm
-index 9c065c7..29a3906 100644
---- a/modules/ssh/dist/node.scm
-+++ b/modules/ssh/dist/node.scm
-@@ -411,7 +411,8 @@ procedure returns the 1st evaluated value if multiple values were returned."
-   "Get Guile version installed on a NODE, return the version string.  Return
- #f if Guile is not installed."
-   (receive (result rc)
--      (rexec node "which guile > /dev/null && guile --version")
-+      (rexec (node-session node)
-+             "which guile > /dev/null && guile --version")
-     (and (zero? rc)
-          (car result))))
diff --git a/gnu/packages/patches/heimdal-CVE-2017-11103.patch b/gnu/packages/patches/heimdal-CVE-2017-11103.patch
new file mode 100644
index 0000000000..d76f0df369
--- /dev/null
+++ b/gnu/packages/patches/heimdal-CVE-2017-11103.patch
@@ -0,0 +1,45 @@
+Fix CVE-2017-11103:
+
+https://orpheus-lyre.info/
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103
+https://security-tracker.debian.org/tracker/CVE-2017-11103
+
+Patch lifted from upstream source repository:
+
+https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea
+
+From 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea Mon Sep 17 00:00:00 2001
+From: Jeffrey Altman <jaltman@secure-endpoints.com>
+Date: Wed, 12 Apr 2017 15:40:42 -0400
+Subject: [PATCH] CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
+
+In _krb5_extract_ticket() the KDC-REP service name must be obtained from
+encrypted version stored in 'enc_part' instead of the unencrypted version
+stored in 'ticket'.  Use of the unecrypted version provides an
+opportunity for successful server impersonation and other attacks.
+
+Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
+
+Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c
+---
+ lib/krb5/ticket.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/krb5/ticket.c b/lib/krb5/ticket.c
+index d95d96d1b..b8d81c6ad 100644
+--- a/lib/krb5/ticket.c
++++ b/lib/krb5/ticket.c
+@@ -705,8 +705,8 @@ _krb5_extract_ticket(krb5_context context,
+     /* check server referral and save principal */
+     ret = _krb5_principalname2krb5_principal (context,
+ 					      &tmp_principal,
+-					      rep->kdc_rep.ticket.sname,
+-					      rep->kdc_rep.ticket.realm);
++					      rep->enc_part.sname,
++					      rep->enc_part.srealm);
+     if (ret)
+ 	goto out;
+     if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){
+-- 
+2.13.3
+
diff --git a/gnu/packages/patches/heimdal-CVE-2017-6594.patch b/gnu/packages/patches/heimdal-CVE-2017-6594.patch
new file mode 100644
index 0000000000..714af60304
--- /dev/null
+++ b/gnu/packages/patches/heimdal-CVE-2017-6594.patch
@@ -0,0 +1,85 @@
+Fix CVE-2017-6594:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6594
+https://security-tracker.debian.org/tracker/CVE-2017-6594
+
+Patch lifted from upstream source repository:
+
+https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837
+
+To apply the patch to Heimdal 1.5.3 release tarball, the changes to 'NEWS' and
+files in 'tests/' are removed, and hunk #4 of 'kdc/krb5tgs.c' is modified.
+
+From b1e699103f08d6a0ca46a122193c9da65f6cf837 Mon Sep 17 00:00:00 2001
+From: Viktor Dukhovni <viktor@twosigma.com>
+Date: Wed, 10 Aug 2016 23:31:14 +0000
+Subject: [PATCH] Fix transit path validation CVE-2017-6594
+
+Commit f469fc6 (2010-10-02) inadvertently caused the previous hop realm
+to not be added to the transit path of issued tickets.  This may, in
+some cases, enable bypass of capath policy in Heimdal versions 1.5
+through 7.2.
+
+Note, this may break sites that rely on the bug.  With the bug some
+incomplete [capaths] worked, that should not have.  These may now break
+authentication in some cross-realm configurations.
+---
+ NEWS                   | 14 ++++++++++++++
+ kdc/krb5tgs.c          | 12 ++++++++++--
+ tests/kdc/check-kdc.in | 17 +++++++++++++++++
+ tests/kdc/krb5.conf.in |  4 ++++
+ 4 files changed, 45 insertions(+), 2 deletions(-)
+
+diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c
+index 6048b9c55..98503812f 100644
+--- a/kdc/krb5tgs.c
++++ b/kdc/krb5tgs.c
+@@ -655,8 +655,12 @@ fix_transited_encoding(krb5_context context,
+ 		  "Decoding transited encoding");
+ 	return ret;
+     }
++
++    /*
++     * If the realm of the presented tgt is neither the client nor the server
++     * realm, it is a transit realm and must be added to transited set.
++     */
+     if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)) {
+-	/* not us, so add the previous realm to transited set */
+ 	if (num_realms + 1 > UINT_MAX/sizeof(*realms)) {
+ 	    ret = ERANGE;
+ 	    goto free_realms;
+@@ -737,6 +741,7 @@ tgs_make_reply(krb5_context context,
+ 	       const char *server_name,
+ 	       hdb_entry_ex *client,
+ 	       krb5_principal client_principal,
++               const char *tgt_realm,
+ 	       hdb_entry_ex *krbtgt,
+ 	       krb5_enctype krbtgt_etype,
+ 	       krb5_principals spp,
+@@ -798,7 +803,7 @@ tgs_make_reply(krb5_context context,
+ 				 &tgt->transited, &et,
+ 				 krb5_principal_get_realm(context, client_principal),
+ 				 krb5_principal_get_realm(context, server->entry.principal),
+-				 krb5_principal_get_realm(context, krbtgt->entry.principal));
++				 tgt_realm);
+     if(ret)
+ 	goto out;
+ 
+@@ -1519,4 +1524,6 @@ tgs_build_reply(krb5_context context,
+     krb5_keyblock sessionkey;
+     krb5_kvno kvno;
+     krb5_data rspac;
++    const char *tgt_realm = /* Realm of TGT issuer */
++        krb5_principal_get_realm(context, krbtgt->entry.principal);
+
+@@ -2324,6 +2331,7 @@ server_lookup:
+ 			 spn,
+ 			 client,
+ 			 cp,
++                         tgt_realm,
+ 			 krbtgt_out,
+ 			 tkey_sign->key.keytype,
+ 			 spp,
+-- 
+2.13.3
+
diff --git a/gnu/packages/patches/intltool-perl-compatibility.patch b/gnu/packages/patches/intltool-perl-compatibility.patch
new file mode 100644
index 0000000000..b895ca7cb9
--- /dev/null
+++ b/gnu/packages/patches/intltool-perl-compatibility.patch
@@ -0,0 +1,76 @@
+This patch fixes a regex parsing compatibility issue with Perl 5.26.0.
+It manifests during the configure phase of at-spi2-core like this:
+
+------
+Unescaped left brace in regex is illegal here in regex; marked by <-- HERE in m/^(.*)\${ <-- HERE ?([A-Z_]+)}?(.*)$/ at /gnu/store/...-intltool-0.51.0/bin/intltool-update line 1065.
+------
+
+Copied from Gentoo and MSYS2:
+
+https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-util/intltool/files/intltool-0.51.0-perl-5.26.patch?id=1105187fc65d8bf643e682fcef39620dcfd9326a
+https://github.com/Alexpux/MSYS2-packages/blob/0d3f442553ae4fc8798e32cbf44c4252fa8f3c07/intltool/perl-5.22-compatibility.patch
+
+#diff -ruN intltool-0.51.0.orig/intltool-update.in intltool-0.51.0/intltool-update.in
+#--- intltool-0.51.0.orig/intltool-update.in	2017-06-28 00:47:20.889269294 +0200
+#+++ intltool-0.51.0/intltool-update.in	2017-06-28 00:48:14.592271529 +0200
+#@@ -1068,7 +1068,7 @@
+# 	my $untouched = $1;
+# 	my $sub = "";
+#         # Ignore recursive definitions of variables
+#-        $sub = $varhash{$2} if defined $varhash{$2} and $varhash{$2} !~ /\${?$2}?/;
+#+        $sub = $varhash{$2} if defined $varhash{$2} and $varhash{$2} !~ /\$\{?$2}?/;
+# 
+# 	return SubstituteVariable ("$untouched$sub$rest");
+#     }
+--- intltool-0.51.0.orig/intltool-update.in	2015-03-09 02:39:54.000000000 +0100
++++ intltool-0.51.0.orig/intltool-update.in	2015-06-19 01:52:07.171228154 +0200
+@@ -1062,7 +1062,7 @@ 
+ 	}
+     }
+ 
+-    if ($str =~ /^(.*)\${?([A-Z_]+)}?(.*)$/)
++    if ($str =~ /^(.*)\$\{?([A-Z_]+)}?(.*)$/)
+     {
+ 	my $rest = $3;
+ 	my $untouched = $1;
+@@ -1068,7 +1068,7 @@
+ 	my $untouched = $1;
+ 	my $sub = "";
+         # Ignore recursive definitions of variables
+-        $sub = $varhash{$2} if defined $varhash{$2} and $varhash{$2} !~ /\${?$2}?/;
++        $sub = $varhash{$2} if defined $varhash{$2} and $varhash{$2} !~ /\$\{?$2}?/;
+ 
+ 	return SubstituteVariable ("$untouched$sub$rest");
+     }
+@@ -1190,10 +1190,10 @@ 
+ 	$name    =~ s/\(+$//g;
+ 	$version =~ s/\(+$//g;
+ 
+-	$varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\${?AC_PACKAGE_NAME}?/);
+-	$varhash{"PACKAGE"} = $name if (not $name =~ /\${?PACKAGE}?/);
+-	$varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\${?AC_PACKAGE_VERSION}?/);
+-	$varhash{"VERSION"} = $version if (not $name =~ /\${?VERSION}?/);
++	$varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\$\{?AC_PACKAGE_NAME}?/);
++	$varhash{"PACKAGE"} = $name if (not $name =~ /\$\{?PACKAGE}?/);
++	$varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\$\{?AC_PACKAGE_VERSION}?/);
++	$varhash{"VERSION"} = $version if (not $name =~ /\$\{?VERSION}?/);
+     }
+ 
+     if ($conf_source =~ /^AC_INIT\(([^,\)]+),([^,\)]+)[,]?([^,\)]+)?/m)
+@@ -1219,11 +1219,11 @@ 
+ 	$version =~ s/\(+$//g;
+         $bugurl  =~ s/\(+$//g if (defined $bugurl);
+ 
+-	$varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\${?AC_PACKAGE_NAME}?/);
+-	$varhash{"PACKAGE"} = $name if (not $name =~ /\${?PACKAGE}?/);
+-	$varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\${?AC_PACKAGE_VERSION}?/);
+-	$varhash{"VERSION"} = $version if (not $name =~ /\${?VERSION}?/);
+-        $varhash{"PACKAGE_BUGREPORT"} = $bugurl if (defined $bugurl and not $bugurl =~ /\${?\w+}?/);
++	$varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\$\{?AC_PACKAGE_NAME}?/);
++	$varhash{"PACKAGE"} = $name if (not $name =~ /\$\{?PACKAGE}?/);
++	$varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\$\{?AC_PACKAGE_VERSION}?/);
++	$varhash{"VERSION"} = $version if (not $name =~ /\$\{?VERSION}?/);
++        $varhash{"PACKAGE_BUGREPORT"} = $bugurl if (defined $bugurl and not $bugurl =~ /\$\{?\w+}?/);
+     }
+ 
+     # \s makes this not work, why?
diff --git a/gnu/packages/patches/libffi-3.2.1-complex-alpha.patch b/gnu/packages/patches/libffi-3.2.1-complex-alpha.patch
new file mode 100644
index 0000000000..ebbc0635a5
--- /dev/null
+++ b/gnu/packages/patches/libffi-3.2.1-complex-alpha.patch
@@ -0,0 +1,28 @@
+The patch fixes build failure of form:
+     ../src/alpha/osf.S:298:2: error: #error "osf.S out of sync with ffi.h"
+Upstream fixed the bug in a more invasive way
+but didn't have releases since 3.2.1.
+
+The patch is taken from Gentoo:
+https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/libffi/files/libffi-3.2.1-complex_alpha.patch
+
+--- libffi-3.2.1/src/alpha/osf.S	2015-01-16 10:46:15.000000000 +0100
++++ libffi-3.2.1/src/alpha/osf.S	2015-01-16 10:46:24.000000000 +0100
+@@ -279,6 +279,7 @@
+ 	.gprel32 $load_64	# FFI_TYPE_SINT64
+ 	.gprel32 $load_none	# FFI_TYPE_STRUCT
+ 	.gprel32 $load_64	# FFI_TYPE_POINTER
++	.gprel32 $load_none	# FFI_TYPE_COMPLEX
+ 
+ /* Assert that the table above is in sync with ffi.h.  */
+ 
+@@ -294,7 +295,8 @@
+ 	|| FFI_TYPE_SINT64 != 12	\
+ 	|| FFI_TYPE_STRUCT != 13	\
+ 	|| FFI_TYPE_POINTER != 14	\
+-	|| FFI_TYPE_LAST != 14
++	|| FFI_TYPE_COMPLEX != 15       \
++	|| FFI_TYPE_LAST != 15
+ #error "osf.S out of sync with ffi.h"
+ #endif
+ 
diff --git a/gnu/packages/patches/libgit2-use-after-free.patch b/gnu/packages/patches/libgit2-use-after-free.patch
deleted file mode 100644
index 580af8781a..0000000000
--- a/gnu/packages/patches/libgit2-use-after-free.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-This patch is taken from <https://github.com/libgit2/libgit2/pull/4122>;
-we need it to fix the use-after-free error in 'git_commit_extract_signature'
-reported at <https://github.com/libgit2/libgit2/issues/4118>.
-
-From ade0d9c658fdfc68d8046935f6908f033fe7a529 Mon Sep 17 00:00:00 2001
-From: Patrick Steinhardt <ps@pks.im>
-Date: Mon, 13 Feb 2017 13:46:17 +0100
-Subject: [PATCH 3/3] commit: avoid possible use-after-free
-
-diff --git a/src/commit.c b/src/commit.c
-index 89a4db1..05b70a9 100644
---- a/src/commit.c
-+++ b/src/commit.c
-@@ -766,8 +766,9 @@ int git_commit_extract_signature(git_buf *signature, git_buf *signed_data, git_r
- 		if (git_buf_oom(signature))
- 			goto oom;
- 
-+		error = git_buf_puts(signed_data, eol+1);
- 		git_odb_object_free(obj);
--		return git_buf_puts(signed_data, eol+1);
-+		return error;
- 	}
- 
- 	giterr_set(GITERR_OBJECT, "this commit is not signed");
diff --git a/gnu/packages/patches/libtasn1-CVE-2017-10790.patch b/gnu/packages/patches/libtasn1-CVE-2017-10790.patch
new file mode 100644
index 0000000000..6cec0c8030
--- /dev/null
+++ b/gnu/packages/patches/libtasn1-CVE-2017-10790.patch
@@ -0,0 +1,63 @@
+Fix CVE-2017-10790:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790
+
+Patch copied from upstream source repository:
+
+https://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=d8d805e1f2e6799bb2dff4871a8598dc83088a39
+
+From d8d805e1f2e6799bb2dff4871a8598dc83088a39 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Thu, 22 Jun 2017 16:31:37 +0200
+Subject: [PATCH] _asn1_check_identifier: safer access to values read
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ lib/parser_aux.c | 17 ++++++++++++-----
+ 1 file changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/lib/parser_aux.c b/lib/parser_aux.c
+index 976ab38..786ea64 100644
+--- a/lib/parser_aux.c
++++ b/lib/parser_aux.c
+@@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node)
+ 	  if (p2 == NULL)
+ 	    {
+ 	      if (p->value)
+-		_asn1_strcpy (_asn1_identifierMissing, p->value);
++		_asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value);
+ 	      else
+ 		_asn1_strcpy (_asn1_identifierMissing, "(null)");
+ 	      return ASN1_IDENTIFIER_NOT_FOUND;
+@@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node)
+ 	  if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT))
+ 	    {
+ 	      _asn1_str_cpy (name2, sizeof (name2), node->name);
+-	      _asn1_str_cat (name2, sizeof (name2), ".");
+-	      _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
+-	      _asn1_strcpy (_asn1_identifierMissing, p2->value);
++	      if (p2->value)
++	        {
++	          _asn1_str_cat (name2, sizeof (name2), ".");
++	          _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
++	          _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value);
++	        }
++	      else
++		_asn1_strcpy (_asn1_identifierMissing, "(null)");
++
+ 	      p2 = asn1_find_node (node, name2);
+ 	      if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) ||
+ 		  !(p2->type & CONST_ASSIGN))
+@@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node)
+ 		  _asn1_str_cpy (name2, sizeof (name2), node->name);
+ 		  _asn1_str_cat (name2, sizeof (name2), ".");
+ 		  _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
+-		  _asn1_strcpy (_asn1_identifierMissing, p2->value);
++		  _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value);
++
+ 		  p2 = asn1_find_node (node, name2);
+ 		  if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID)
+ 		      || !(p2->type & CONST_ASSIGN))
+-- 
+2.13.3
+
diff --git a/gnu/packages/patches/libtasn1-CVE-2017-6891.patch b/gnu/packages/patches/libtasn1-CVE-2017-6891.patch
deleted file mode 100644
index 1f847ed025..0000000000
--- a/gnu/packages/patches/libtasn1-CVE-2017-6891.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-Fix CVE-2017-6891:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891
-
-Patch copied from upstream source repository:
-
-https://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=5520704d075802df25ce4ffccc010ba1641bd484
-
-From 5520704d075802df25ce4ffccc010ba1641bd484 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@redhat.com>
-Date: Thu, 18 May 2017 18:03:34 +0200
-Subject: [PATCH] asn1_find_node: added safety check on asn1_find_node()
-
-This prevents a stack overflow in asn1_find_node() which
-is triggered by too long variable names in the definitions
-files. That means that applications have to deliberately
-pass a too long 'name' constant to asn1_write_value()
-and friends.  Reported by Jakub Jirasek.
-
-Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
----
- lib/parser_aux.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/lib/parser_aux.c b/lib/parser_aux.c
-index b4a7370..976ab38 100644
---- a/lib/parser_aux.c
-+++ b/lib/parser_aux.c
-@@ -120,6 +120,9 @@ asn1_find_node (asn1_node pointer, const char *name)
-       if (n_end)
- 	{
- 	  nsize = n_end - n_start;
-+	  if (nsize >= sizeof(n))
-+		return NULL;
-+
- 	  memcpy (n, n_start, nsize);
- 	  n[nsize] = 0;
- 	  n_start = n_end;
-@@ -158,6 +161,9 @@ asn1_find_node (asn1_node pointer, const char *name)
-       if (n_end)
- 	{
- 	  nsize = n_end - n_start;
-+	  if (nsize >= sizeof(n))
-+		return NULL;
-+
- 	  memcpy (n, n_start, nsize);
- 	  n[nsize] = 0;
- 	  n_start = n_end;
--- 
-2.13.0
-
diff --git a/gnu/packages/patches/libtiff-CVE-2016-10092.patch b/gnu/packages/patches/libtiff-CVE-2016-10092.patch
deleted file mode 100644
index d5fd796169..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2016-10092.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Fix CVE-2016-10092:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2620
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10092
-https://security-tracker.debian.org/tracker/CVE-2016-10092
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcrop.c: fix readContigStripsIntoBuffer() in -i (ignore)
-	mode so that the output buffer is correctly incremented to avoid write
-	outside bounds.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2620
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1178; previous revision: 1.1177
-/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v  <--  tools/tiffcrop.c
-new revision: 1.47; previous revision: 1.46
-
-Index: libtiff/tools/tiffcrop.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v
-retrieving revision 1.46
-retrieving revision 1.47
-diff -u -r1.46 -r1.47
---- libtiff/tools/tiffcrop.c	18 Nov 2016 14:58:46 -0000	1.46
-+++ libtiff/tools/tiffcrop.c	3 Dec 2016 11:35:56 -0000	1.47
-@@ -1,4 +1,4 @@
--/* $Id: tiffcrop.c,v 1.46 2016-11-18 14:58:46 erouault Exp $ */
-+/* $Id: tiffcrop.c,v 1.47 2016-12-03 11:35:56 erouault Exp $ */
- 
- /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of
-  * the image data through additional options listed below
-@@ -3698,7 +3698,7 @@
-                                   (unsigned long) strip, (unsigned long)rows);
-                         return 0;
-                 }
--                bufp += bytes_read;
-+                bufp += stripsize;
-         }
- 
-         return 1;
diff --git a/gnu/packages/patches/libtiff-CVE-2016-10093.patch b/gnu/packages/patches/libtiff-CVE-2016-10093.patch
deleted file mode 100644
index 5897ec1029..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2016-10093.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-Fix CVE-2016-10093:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2610
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10093
-https://security-tracker.debian.org/tracker/CVE-2016-10093
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcp.c: fix uint32 underflow/overflow that can cause
-	heap-based buffer overflow.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2610
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1187; previous revision: 1.1186
-/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
-new revision: 1.59; previous revision: 1.58
-
-Index: libtiff/tools/tiffcp.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
-retrieving revision 1.58
-retrieving revision 1.59
-diff -u -r1.58 -r1.59
---- libtiff/tools/tiffcp.c	3 Dec 2016 15:44:15 -0000	1.58
-+++ libtiff/tools/tiffcp.c	3 Dec 2016 16:40:01 -0000	1.59
-@@ -1163,7 +1163,7 @@
- 
- static void
- cpStripToTile(uint8* out, uint8* in,
--    uint32 rows, uint32 cols, int outskew, int inskew)
-+    uint32 rows, uint32 cols, int outskew, int64 inskew)
- {
- 	while (rows-- > 0) {
- 		uint32 j = cols;
-@@ -1320,7 +1320,7 @@
- 	tdata_t tilebuf;
- 	uint32 imagew = TIFFScanlineSize(in);
- 	uint32 tilew  = TIFFTileRowSize(in);
--	int iskew = imagew - tilew;
-+	int64 iskew = (int64)imagew - (int64)tilew;
- 	uint8* bufp = (uint8*) buf;
- 	uint32 tw, tl;
- 	uint32 row;
-@@ -1348,7 +1348,7 @@
- 				status = 0;
- 				goto done;
- 			}
--			if (colb + tilew > imagew) {
-+			if (colb > iskew) {
- 				uint32 width = imagew - colb;
- 				uint32 oskew = tilew - width;
- 				cpStripToTile(bufp + colb,
diff --git a/gnu/packages/patches/libtiff-CVE-2016-10094.patch b/gnu/packages/patches/libtiff-CVE-2016-10094.patch
deleted file mode 100644
index 9018773565..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2016-10094.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Fix CVE-2016-10094:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2640
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10094
-https://security-tracker.debian.org/tracker/CVE-2016-10094
-
-2016-12-20 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiff2pdf.c: avoid potential heap-based overflow in
-        t2p_readwrite_pdf_image_tile().
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2640
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1199; previous revision: 1.1198
-/cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v  <--  tools/tiff2pdf.c
-new revision: 1.101; previous revision: 1.100
-
-Index: libtiff/tools/tiff2pdf.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v
-retrieving revision 1.100
-retrieving revision 1.101
-diff -u -r1.100 -r1.101
---- libtiff/tools/tiff2pdf.c	20 Dec 2016 17:24:35 -0000	1.100
-+++ libtiff/tools/tiff2pdf.c	20 Dec 2016 17:28:17 -0000	1.101
-@@ -2895,7 +2895,7 @@
- 				return(0);
- 			}
- 			if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) {
--				if (count >= 4) {
-+				if (count > 4) {
-                                         int retTIFFReadRawTile;
-                     /* Ignore EOI marker of JpegTables */
- 					_TIFFmemcpy(buffer, jpt, count - 2);
diff --git a/gnu/packages/patches/libtiff-CVE-2017-5225.patch b/gnu/packages/patches/libtiff-CVE-2017-5225.patch
deleted file mode 100644
index 3158b49360..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2017-5225.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-Fix CVE-2017-5225 (Heap based buffer overflow in tools/tiffcp):
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2656
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5225
-https://security-tracker.debian.org/tracker/CVE-2017-5225
-
-2017-01-11 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow and
-        cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based
-overflow.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and
-        http://bugzilla.maptools.org/show_bug.cgi?id=2657
-
-
-less C/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1210; previous revision: 1.1209
-/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
-new revision: 1.61; previous revision: 1.60
-
-Index: libtiff/tools/tiffcp.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
-retrieving revision 1.60
-retrieving revision 1.61
-diff -u -r1.60 -r1.61
---- libtiff/tools/tiffcp.c	3 Dec 2016 16:50:02 -0000	1.60
-+++ libtiff/tools/tiffcp.c	11 Jan 2017 19:26:14 -0000	1.61
-#@@ -1,4 +1,4 @@
-#-/* $Id: tiffcp.c,v 1.60 2016-12-03 16:50:02 erouault Exp $ */
-#+/* $Id: tiffcp.c,v 1.61 2017-01-11 19:26:14 erouault Exp $ */
-# 
-# /*
-#  * Copyright (c) 1988-1997 Sam Leffler
-@@ -591,7 +591,7 @@
- static int
- tiffcp(TIFF* in, TIFF* out)
- {
--	uint16 bitspersample, samplesperpixel = 1;
-+	uint16 bitspersample = 1, samplesperpixel = 1;
- 	uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK;
- 	copyFunc cf;
- 	uint32 width, length;
-@@ -1067,6 +1067,16 @@
- 	register uint32 n;
- 	uint32 row;
- 	tsample_t s;
-+        uint16 bps = 0;
-+
-+        (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
-+        if( bps != 8 )
-+        {
-+            TIFFError(TIFFFileName(in),
-+                      "Error, can only handle BitsPerSample=8 in %s",
-+                      "cpContig2SeparateByRow");
-+            return 0;
-+        }
- 
- 	inbuf = _TIFFmalloc(scanlinesizein);
- 	outbuf = _TIFFmalloc(scanlinesizeout);
-@@ -1120,6 +1130,16 @@
- 	register uint32 n;
- 	uint32 row;
- 	tsample_t s;
-+        uint16 bps = 0;
-+
-+        (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
-+        if( bps != 8 )
-+        {
-+            TIFFError(TIFFFileName(in),
-+                      "Error, can only handle BitsPerSample=8 in %s",
-+                      "cpSeparate2ContigByRow");
-+            return 0;
-+        }
- 
- 	inbuf = _TIFFmalloc(scanlinesizein);
- 	outbuf = _TIFFmalloc(scanlinesizeout);
-@@ -1784,7 +1804,7 @@
- 	uint32 w, l, tw, tl;
- 	int bychunk;
- 
--	(void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv);
-+	(void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv);
- 	if (shortv != config && bitspersample != 8 && samplesperpixel > 1) {
- 		fprintf(stderr,
- 		    "%s: Cannot handle different planar configuration w/ bits/sample != 8\n",
diff --git a/gnu/packages/patches/libtiff-assertion-failure.patch b/gnu/packages/patches/libtiff-assertion-failure.patch
deleted file mode 100644
index ef747fbdd7..0000000000
--- a/gnu/packages/patches/libtiff-assertion-failure.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-Fix assertion failure in readSeparateTilesIntoBuffer():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2605
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcp.c: replace assert( (bps % 8) == 0 ) by a non assert
-check.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2605
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1188; previous revision: 1.1187
-/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
-new revision: 1.60; previous revision: 1.59
-
-Index: libtiff/tools/tiffcp.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
-retrieving revision 1.59
-retrieving revision 1.60
-diff -u -r1.59 -r1.60
---- libtiff/tools/tiffcp.c	3 Dec 2016 16:40:01 -0000	1.59
-+++ libtiff/tools/tiffcp.c	3 Dec 2016 16:50:02 -0000	1.60
-@@ -45,7 +45,6 @@
- #include <string.h>
- 
- #include <ctype.h>
--#include <assert.h>
- 
- #ifdef HAVE_UNISTD_H
- # include <unistd.h>
-@@ -1393,7 +1392,12 @@
-             status = 0;
-             goto done;
-         }
--	assert( bps % 8 == 0 );
-+        if( (bps % 8) != 0 )
-+        {
-+            TIFFError(TIFFFileName(in), "Error, cannot handle BitsPerSample that is not a multiple of 8");
-+            status = 0;
-+            goto done;
-+        }
- 	bytes_per_sample = bps/8;
- 
- 	for (row = 0; row < imagelength; row += tl) {
-@@ -1584,7 +1588,12 @@
-             _TIFFfree(obuf);
-             return 0;
-         }
--	assert( bps % 8 == 0 );
-+        if( (bps % 8) != 0 )
-+        {
-+            TIFFError(TIFFFileName(out), "Error, cannot handle BitsPerSample that is not a multiple of 8");
-+            _TIFFfree(obuf);
-+            return 0;
-+        }
- 	bytes_per_sample = bps/8;
- 
- 	for (row = 0; row < imagelength; row += tl) {
diff --git a/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch b/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch
deleted file mode 100644
index 2a96b68521..0000000000
--- a/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-Fix divide-by-zero in OJPEGDecodeRaw():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2611
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case of failure
-in
-        OJPEGPreDecode(). This will avoid a divide by zero, and potential other
-issues.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2611
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1177; previous revision: 1.1176
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v  <--  libtiff/tif_ojpeg.c
-new revision: 1.66; previous revision: 1.65
-
-Index: libtiff/libtiff/tif_ojpeg.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v
-retrieving revision 1.65
-retrieving revision 1.66
-diff -u -r1.65 -r1.66
---- libtiff/libtiff/tif_ojpeg.c	4 Sep 2016 21:32:56 -0000	1.65
-+++ libtiff/libtiff/tif_ojpeg.c	3 Dec 2016 11:15:18 -0000	1.66
-@@ -1,4 +1,4 @@
--/* $Id: tif_ojpeg.c,v 1.65 2016-09-04 21:32:56 erouault Exp $ */
-+/* $Id: tif_ojpeg.c,v 1.66 2016-12-03 11:15:18 erouault Exp $ */
- 
- /* WARNING: The type of JPEG encapsulation defined by the TIFF Version 6.0
-    specification is now totally obsolete and deprecated for new applications and
-@@ -244,6 +244,7 @@
- 
- typedef struct {
- 	TIFF* tif;
-+        int decoder_ok;
- 	#ifndef LIBJPEG_ENCAP_EXTERNAL
- 	JMP_BUF exit_jmpbuf;
- 	#endif
-@@ -722,6 +723,7 @@
- 		}
- 		sp->write_curstrile++;
- 	}
-+	sp->decoder_ok = 1;
- 	return(1);
- }
- 
-@@ -784,8 +786,14 @@
- static int
- OJPEGDecode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s)
- {
-+        static const char module[]="OJPEGDecode";
- 	OJPEGState* sp=(OJPEGState*)tif->tif_data;
- 	(void)s;
-+        if( !sp->decoder_ok )
-+        {
-+            TIFFErrorExt(tif->tif_clientdata,module,"Cannot decode: decoder not correctly initialized");
-+            return 0;
-+        }
- 	if (sp->libjpeg_jpeg_query_style==0)
- 	{
- 		if (OJPEGDecodeRaw(tif,buf,cc)==0)
diff --git a/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch b/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch
deleted file mode 100644
index d3f1c2b60e..0000000000
--- a/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-Fix two divide-by-zero bugs in readSeparateTilesIntoBuffer():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2597
-http://bugzilla.maptools.org/show_bug.cgi?id=2607
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples
-tag is
-        missing.
-        Reported by Agostino sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2597
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1183; previous revision: 1.1182
-/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
-new revision: 1.57; previous revision: 1.56
-
-Index: libtiff/tools/tiffcp.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
-retrieving revision 1.56
-retrieving revision 1.57
-diff -u -r1.56 -r1.57
---- libtiff/tools/tiffcp.c	2 Dec 2016 22:13:32 -0000	1.56
-+++ libtiff/tools/tiffcp.c	3 Dec 2016 14:42:40 -0000	1.57
-@@ -1,4 +1,4 @@
--/* $Id: tiffcp.c,v 1.56 2016-12-02 22:13:32 erouault Exp $ */
-+/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -1378,7 +1378,7 @@
- 	uint8* bufp = (uint8*) buf;
- 	uint32 tw, tl;
- 	uint32 row;
--	uint16 bps, bytes_per_sample;
-+	uint16 bps = 0, bytes_per_sample;
- 
- 	tilebuf = _TIFFmalloc(tilesize);
- 	if (tilebuf == 0)
-@@ -1387,6 +1387,12 @@
- 	(void) TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw);
- 	(void) TIFFGetField(in, TIFFTAG_TILELENGTH, &tl);
- 	(void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
-+        if( bps == 0 )
-+        {
-+            TIFFError(TIFFFileName(in), "Error, cannot read BitsPerSample");
-+            status = 0;
-+            goto done;
-+        }
- 	assert( bps % 8 == 0 );
- 	bytes_per_sample = bps/8;
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples
-tag is
-        missing.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2607
-
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1186; previous revision: 1.1185
-/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
-new revision: 1.58; previous revision: 1.57
- 
-Index: libtiff/tools/tiffcp.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
-retrieving revision 1.57
-retrieving revision 1.58
-diff -u -r1.57 -r1.58
---- libtiff/tools/tiffcp.c	3 Dec 2016 14:42:40 -0000	1.57
-+++ libtiff/tools/tiffcp.c	3 Dec 2016 15:44:15 -0000	1.58
-@@ -1,4 +1,4 @@
--/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */
-+/* $Id: tiffcp.c,v 1.58 2016-12-03 15:44:15 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -1569,7 +1569,7 @@
- 	uint8* bufp = (uint8*) buf;
- 	uint32 tl, tw;
- 	uint32 row;
--	uint16 bps, bytes_per_sample;
-+	uint16 bps = 0, bytes_per_sample;
- 
- 	obuf = _TIFFmalloc(TIFFTileSize(out));
- 	if (obuf == NULL)
-@@ -1578,6 +1578,12 @@
- 	(void) TIFFGetField(out, TIFFTAG_TILELENGTH, &tl);
- 	(void) TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw);
- 	(void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps);
-+        if( bps == 0 )
-+        {
-+            TIFFError(TIFFFileName(out), "Error, cannot read BitsPerSample");
-+            _TIFFfree(obuf);
-+            return 0;
-+        }
- 	assert( bps % 8 == 0 );
- 	bytes_per_sample = bps/8;
- 
diff --git a/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch b/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch
deleted file mode 100644
index 823293f1cf..0000000000
--- a/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-Fix divide-by-zero in readSeparateStripsIntoBuffer():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2619
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcrop.c: fix integer division by zero when BitsPerSample is
-missing.
-        Reported by Agostina Sarubo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2619
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1180; previous revision: 1.1179
-/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v  <--  tools/tiffcrop.c
-new revision: 1.49; previous revision: 1.48
-
-Index: libtiff/tools/tiffcrop.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v
-retrieving revision 1.48
-retrieving revision 1.49
-diff -u -r1.48 -r1.49
---- libtiff/tools/tiffcrop.c	3 Dec 2016 12:19:32 -0000	1.48
-+++ libtiff/tools/tiffcrop.c	3 Dec 2016 13:00:04 -0000	1.49
-@@ -1,4 +1,4 @@
--/* $Id: tiffcrop.c,v 1.48 2016-12-03 12:19:32 erouault Exp $ */
-+/* $Id: tiffcrop.c,v 1.49 2016-12-03 13:00:04 erouault Exp $ */
- 
- /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of
-  * the image data through additional options listed below
-@@ -1164,7 +1164,7 @@
-   tdata_t  obuf;
- 
-   (void) TIFFGetFieldDefaulted(out, TIFFTAG_ROWSPERSTRIP, &rowsperstrip);
--  (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps);
-+  (void) TIFFGetFieldDefaulted(out, TIFFTAG_BITSPERSAMPLE, &bps);
-   bytes_per_sample = (bps + 7) / 8;
-   if( width == 0 ||
-       (uint32)bps * (uint32)spp > TIFF_UINT32_MAX / width ||
-@@ -4760,7 +4760,7 @@
-   int i, bytes_per_sample, bytes_per_pixel, shift_width, result = 1;
-   uint32 j;
-   int32  bytes_read = 0;
--  uint16 bps, planar;
-+  uint16 bps = 0, planar;
-   uint32 nstrips;
-   uint32 strips_per_sample;
-   uint32 src_rowsize, dst_rowsize, rows_processed, rps;
-@@ -4780,7 +4780,7 @@
-     }
- 
-   memset (srcbuffs, '\0', sizeof(srcbuffs));
--  TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
-+  TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps);
-   TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &planar);
-   TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rps);
-   if (rps > length)
diff --git a/gnu/packages/patches/libtiff-divide-by-zero.patch b/gnu/packages/patches/libtiff-divide-by-zero.patch
deleted file mode 100644
index 6dbd4666cd..0000000000
--- a/gnu/packages/patches/libtiff-divide-by-zero.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-Fix an integer overflow in TIFFReadEncodedStrip() that led to division-by-zero:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2596
-
-2016-12-02 Even Rouault <even.rouault at spatialys.com>
-
-        * libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow in
-        TIFFReadEncodedStrip() that caused an integer division by zero.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2596
-
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1173; previous revision: 1.1172
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v  <--  libtiff/tif_read.c
-new revision: 1.50; previous revision: 1.49
-/cvs/maptools/cvsroot/libtiff/libtiff/tiffiop.h,v  <--  libtiff/tiffiop.h
-new revision: 1.90; previous revision: 1.89
-
-Index: libtiff/libtiff/tif_read.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v
-retrieving revision 1.49
-retrieving revision 1.50
-diff -u -r1.49 -r1.50
---- libtiff/libtiff/tif_read.c	10 Jul 2016 18:00:21 -0000	1.49
-+++ libtiff/libtiff/tif_read.c	2 Dec 2016 21:56:56 -0000	1.50
-@@ -1,4 +1,4 @@
--/* $Id: tif_read.c,v 1.49 2016-07-10 18:00:21 erouault Exp $ */
-+/* $Id: tif_read.c,v 1.50 2016-12-02 21:56:56 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -346,7 +346,7 @@
- 	rowsperstrip=td->td_rowsperstrip;
- 	if (rowsperstrip>td->td_imagelength)
- 		rowsperstrip=td->td_imagelength;
--	stripsperplane=((td->td_imagelength+rowsperstrip-1)/rowsperstrip);
-+	stripsperplane= TIFFhowmany_32_maxuint_compat(td->td_imagelength, rowsperstrip);
- 	stripinplane=(strip%stripsperplane);
- 	plane=(uint16)(strip/stripsperplane);
- 	rows=td->td_imagelength-stripinplane*rowsperstrip;
-Index: libtiff/libtiff/tiffiop.h
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tiffiop.h,v
-retrieving revision 1.89
-retrieving revision 1.90
-diff -u -r1.89 -r1.90
---- libtiff/libtiff/tiffiop.h	23 Jan 2016 21:20:34 -0000	1.89
-+++ libtiff/libtiff/tiffiop.h	2 Dec 2016 21:56:56 -0000	1.90
-@@ -1,4 +1,4 @@
--/* $Id: tiffiop.h,v 1.89 2016-01-23 21:20:34 erouault Exp $ */
-+/* $Id: tiffiop.h,v 1.90 2016-12-02 21:56:56 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -250,6 +250,10 @@
- #define TIFFhowmany_32(x, y) (((uint32)x < (0xffffffff - (uint32)(y-1))) ? \
- 			   ((((uint32)(x))+(((uint32)(y))-1))/((uint32)(y))) : \
- 			   0U)
-+/* Variant of TIFFhowmany_32() that doesn't return 0 if x close to MAXUINT. */
-+/* Caution: TIFFhowmany_32_maxuint_compat(x,y)*y might overflow */
-+#define TIFFhowmany_32_maxuint_compat(x, y) \
-+			   (((uint32)(x) / (uint32)(y)) + ((((uint32)(x) % (uint32)(y)) != 0) ? 1 : 0))
- #define TIFFhowmany8_32(x) (((x)&0x07)?((uint32)(x)>>3)+1:(uint32)(x)>>3)
- #define TIFFroundup_32(x, y) (TIFFhowmany_32(x,y)*(y))
- #define TIFFhowmany_64(x, y) ((((uint64)(x))+(((uint64)(y))-1))/((uint64)(y)))
diff --git a/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch b/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch
deleted file mode 100644
index 2d5e23586d..0000000000
--- a/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch
+++ /dev/null
@@ -1,131 +0,0 @@
-Fix heap-based buffer overflow in _TIFFmemcpy():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2604
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * libtiff/tif_pixarlog.c, libtiff/tif_luv.c: fix heap-based buffer
-        overflow on generation of PixarLog / LUV compressed files, with
-        ColorMap, TransferFunction attached and nasty plays with bitspersample.
-        The fix for LUV has not been tested, but suffers from the same kind
-        of issue of PixarLog.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2604
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1175; previous revision: 1.1174
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_luv.c,v  <--  libtiff/tif_luv.c
-new revision: 1.44; previous revision: 1.43
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v  <-- 
-libtiff/tif_pixarlog.c
-new revision: 1.49; previous revision: 1.48
-
-Index: libtiff/libtiff/tif_luv.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_luv.c,v
-retrieving revision 1.43
-retrieving revision 1.44
-diff -u -r1.43 -r1.44
---- libtiff/libtiff/tif_luv.c	4 Sep 2016 21:32:56 -0000	1.43
-+++ libtiff/libtiff/tif_luv.c	2 Dec 2016 23:05:51 -0000	1.44
-@@ -1,4 +1,4 @@
--/* $Id: tif_luv.c,v 1.43 2016-09-04 21:32:56 erouault Exp $ */
-+/* $Id: tif_luv.c,v 1.44 2016-12-02 23:05:51 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1997 Greg Ward Larson
-@@ -158,6 +158,7 @@
- typedef struct logLuvState LogLuvState;
- 
- struct logLuvState {
-+        int                     encoder_state;  /* 1 if encoder correctly initialized */
- 	int                     user_datafmt;   /* user data format */
- 	int                     encode_meth;    /* encoding method */
- 	int                     pixel_size;     /* bytes per pixel */
-@@ -1552,6 +1553,7 @@
- 		    td->td_photometric, "must be either LogLUV or LogL");
- 		break;
- 	}
-+	sp->encoder_state = 1;
- 	return (1);
- notsupported:
- 	TIFFErrorExt(tif->tif_clientdata, module,
-@@ -1563,19 +1565,27 @@
- static void
- LogLuvClose(TIFF* tif)
- {
-+        LogLuvState* sp = (LogLuvState*) tif->tif_data;
- 	TIFFDirectory *td = &tif->tif_dir;
- 
-+	assert(sp != 0);
- 	/*
- 	 * For consistency, we always want to write out the same
- 	 * bitspersample and sampleformat for our TIFF file,
- 	 * regardless of the data format being used by the application.
- 	 * Since this routine is called after tags have been set but
- 	 * before they have been recorded in the file, we reset them here.
-+         * Note: this is really a nasty approach. See PixarLogClose
- 	 */
--	td->td_samplesperpixel =
--	    (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
--	td->td_bitspersample = 16;
--	td->td_sampleformat = SAMPLEFORMAT_INT;
-+        if( sp->encoder_state )
-+        {
-+            /* See PixarLogClose. Might avoid issues with tags whose size depends
-+             * on those below, but not completely sure this is enough. */
-+            td->td_samplesperpixel =
-+                (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
-+            td->td_bitspersample = 16;
-+            td->td_sampleformat = SAMPLEFORMAT_INT;
-+        }
- }
- 
- static void
-Index: libtiff/libtiff/tif_pixarlog.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v
-retrieving revision 1.48
-retrieving revision 1.49
-diff -u -r1.48 -r1.49
---- libtiff/libtiff/tif_pixarlog.c	23 Sep 2016 22:12:18 -0000	1.48
-+++ libtiff/libtiff/tif_pixarlog.c	2 Dec 2016 23:05:51 -0000	1.49
-@@ -1,4 +1,4 @@
--/* $Id: tif_pixarlog.c,v 1.48 2016-09-23 22:12:18 erouault Exp $ */
-+/* $Id: tif_pixarlog.c,v 1.49 2016-12-02 23:05:51 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1996-1997 Sam Leffler
-@@ -1233,8 +1233,10 @@
- static void
- PixarLogClose(TIFF* tif)
- {
-+        PixarLogState* sp = (PixarLogState*) tif->tif_data;
- 	TIFFDirectory *td = &tif->tif_dir;
- 
-+	assert(sp != 0);
- 	/* In a really sneaky (and really incorrect, and untruthful, and
- 	 * troublesome, and error-prone) maneuver that completely goes against
- 	 * the spirit of TIFF, and breaks TIFF, on close, we covertly
-@@ -1243,8 +1245,19 @@
- 	 * readers that don't know about PixarLog, or how to set
- 	 * the PIXARLOGDATFMT pseudo-tag.
- 	 */
--	td->td_bitspersample = 8;
--	td->td_sampleformat = SAMPLEFORMAT_UINT;
-+
-+        if (sp->state&PLSTATE_INIT) {
-+            /* We test the state to avoid an issue such as in
-+             * http://bugzilla.maptools.org/show_bug.cgi?id=2604
-+             * What appends in that case is that the bitspersample is 1 and
-+             * a TransferFunction is set. The size of the TransferFunction
-+             * depends on 1<<bitspersample. So if we increase it, an access
-+             * out of the buffer will happen at directory flushing.
-+             * Another option would be to clear those targs. 
-+             */
-+            td->td_bitspersample = 8;
-+            td->td_sampleformat = SAMPLEFORMAT_UINT;
-+        }
- }
- 
- static void
diff --git a/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch b/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch
deleted file mode 100644
index 68889b121b..0000000000
--- a/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-Fix heap-based buffer overflow in TIFFFillStrip():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2608
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * libtiff/tif_dirread.c: modify ChopUpSingleUncompressedStrip() to
-        instanciate compute ntrips as TIFFhowmany_32(td->td_imagelength,
-rowsperstrip),
-        instead of a logic based on the total size of data. Which is faulty is
-        the total size of data is not sufficient to fill the whole image, and
-thus
-        results in reading outside of the StripByCounts/StripOffsets arrays
-when
-        using TIFFReadScanline().
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2608.
-
-        * libtiff/tif_strip.c: revert the change in TIFFNumberOfStrips() done
-        for http://bugzilla.maptools.org/show_bug.cgi?id=2587 / CVE-2016-9273
-since
-        the above change is a better fix that makes it unnecessary.
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1176; previous revision: 1.1175
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v  <-- 
-libtiff/tif_dirread.c
-new revision: 1.205; previous revision: 1.204
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_strip.c,v  <--  libtiff/tif_strip.c
-new revision: 1.38; previous revision: 1.37
-
-Index: libtiff/libtiff/tif_dirread.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v
-retrieving revision 1.204
-retrieving revision 1.205
-diff -u -r1.204 -r1.205
---- libtiff/libtiff/tif_dirread.c	16 Nov 2016 15:14:15 -0000	1.204
-+++ libtiff/libtiff/tif_dirread.c	3 Dec 2016 11:02:15 -0000	1.205
-@@ -1,4 +1,4 @@
--/* $Id: tif_dirread.c,v 1.204 2016-11-16 15:14:15 erouault Exp $ */
-+/* $Id: tif_dirread.c,v 1.205 2016-12-03 11:02:15 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -5502,8 +5502,7 @@
- 	uint64 rowblockbytes;
- 	uint64 stripbytes;
- 	uint32 strip;
--	uint64 nstrips64;
--	uint32 nstrips32;
-+	uint32 nstrips;
- 	uint32 rowsperstrip;
- 	uint64* newcounts;
- 	uint64* newoffsets;
-@@ -5534,18 +5533,17 @@
- 	    return;
- 
- 	/*
--	 * never increase the number of strips in an image
-+	 * never increase the number of rows per strip
- 	 */
- 	if (rowsperstrip >= td->td_rowsperstrip)
- 		return;
--	nstrips64 = TIFFhowmany_64(bytecount, stripbytes);
--	if ((nstrips64==0)||(nstrips64>0xFFFFFFFF)) /* something is wonky, do nothing. */
--	    return;
--	nstrips32 = (uint32)nstrips64;
-+        nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip);
-+        if( nstrips == 0 )
-+            return;
- 
--	newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
-+	newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
- 				"for chopped \"StripByteCounts\" array");
--	newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
-+	newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
- 				"for chopped \"StripOffsets\" array");
- 	if (newcounts == NULL || newoffsets == NULL) {
- 		/*
-@@ -5562,18 +5560,18 @@
- 	 * Fill the strip information arrays with new bytecounts and offsets
- 	 * that reflect the broken-up format.
- 	 */
--	for (strip = 0; strip < nstrips32; strip++) {
-+	for (strip = 0; strip < nstrips; strip++) {
- 		if (stripbytes > bytecount)
- 			stripbytes = bytecount;
- 		newcounts[strip] = stripbytes;
--		newoffsets[strip] = offset;
-+		newoffsets[strip] = stripbytes ? offset : 0;
- 		offset += stripbytes;
- 		bytecount -= stripbytes;
- 	}
- 	/*
- 	 * Replace old single strip info with multi-strip info.
- 	 */
--	td->td_stripsperimage = td->td_nstrips = nstrips32;
-+	td->td_stripsperimage = td->td_nstrips = nstrips;
- 	TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip);
- 
- 	_TIFFfree(td->td_stripbytecount);
-Index: libtiff/libtiff/tif_strip.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_strip.c,v
-retrieving revision 1.37
-retrieving revision 1.38
-diff -u -r1.37 -r1.38
---- libtiff/libtiff/tif_strip.c	9 Nov 2016 23:00:49 -0000	1.37
-+++ libtiff/libtiff/tif_strip.c	3 Dec 2016 11:02:15 -0000	1.38
-@@ -1,4 +1,4 @@
--/* $Id: tif_strip.c,v 1.37 2016-11-09 23:00:49 erouault Exp $ */
-+/* $Id: tif_strip.c,v 1.38 2016-12-03 11:02:15 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1991-1997 Sam Leffler
-@@ -63,15 +63,6 @@
- 	TIFFDirectory *td = &tif->tif_dir;
- 	uint32 nstrips;
- 
--    /* If the value was already computed and store in td_nstrips, then return it,
--       since ChopUpSingleUncompressedStrip might have altered and resized the
--       since the td_stripbytecount and td_stripoffset arrays to the new value
--       after the initial affectation of td_nstrips = TIFFNumberOfStrips() in
--       tif_dirread.c ~line 3612.
--       See http://bugzilla.maptools.org/show_bug.cgi?id=2587 */
--    if( td->td_nstrips )
--        return td->td_nstrips;
--
- 	nstrips = (td->td_rowsperstrip == (uint32) -1 ? 1 :
- 	     TIFFhowmany_32(td->td_imagelength, td->td_rowsperstrip));
- 	if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
diff --git a/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch b/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch
deleted file mode 100644
index f0fef08bf3..0000000000
--- a/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-Fix heap buffer overflow in tiffcp when parsing number of inks:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2599
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tif_dir.c: when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is
-called,
-        limit the return number of inks to SamplesPerPixel, so that code that
-parses
-        ink names doesn't go past the end of the buffer.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599
-
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1184; previous revision: 1.1183
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v  <--  libtiff/tif_dir.c
-new revision: 1.128; previous revision: 1.127
-
-Index: libtiff/libtiff/tif_dir.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v
-retrieving revision 1.127
-retrieving revision 1.128
-diff -u -r1.127 -r1.128
---- libtiff/libtiff/tif_dir.c	25 Oct 2016 21:35:15 -0000	1.127
-+++ libtiff/libtiff/tif_dir.c	3 Dec 2016 15:30:31 -0000	1.128
-@@ -1,4 +1,4 @@
--/* $Id: tif_dir.c,v 1.127 2016-10-25 21:35:15 erouault Exp $ */
-+/* $Id: tif_dir.c,v 1.128 2016-12-03 15:30:31 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -854,6 +854,32 @@
- 	if( fip == NULL ) /* cannot happen since TIFFGetField() already checks it */
- 	    return 0;
- 	
-+        if( tag == TIFFTAG_NUMBEROFINKS )
-+        {
-+            int i;
-+            for (i = 0; i < td->td_customValueCount; i++) {
-+                uint16 val;
-+                TIFFTagValue *tv = td->td_customValues + i;
-+                if (tv->info->field_tag != tag)
-+                    continue;
-+                val = *(uint16 *)tv->value;
-+                /* Truncate to SamplesPerPixel, since the */
-+                /* setting code for INKNAMES assume that there are SamplesPerPixel */
-+                /* inknames. */
-+                /* Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 */
-+                if( val > td->td_samplesperpixel )
-+                {
-+                    TIFFWarningExt(tif->tif_clientdata,"_TIFFVGetField",
-+                                   "Truncating NumberOfInks from %u to %u",
-+                                   val, td->td_samplesperpixel);
-+                    val = td->td_samplesperpixel;
-+                }
-+                *va_arg(ap, uint16*) = val;
-+                return 1;
-+            }
-+            return 0;
-+        }
-+
- 	/*
- 	 * We want to force the custom code to be used for custom
- 	 * fields even if the tag happens to match a well known 
diff --git a/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch b/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch
deleted file mode 100644
index 8166c55758..0000000000
--- a/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-Fix heap-based buffer overflow in combineSeparateSamples16bits():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2621
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcrop.c: add 3 extra bytes at end of strip buffer in
-        readSeparateStripsIntoBuffer() to avoid read outside of heap allocated
-buffer.
-        Reported by Agostina Sarubo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2621
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1179; previous revision: 1.1178
-/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v  <--  tools/tiffcrop.c
-new revision: 1.48; previous revision: 1.47
-
-Index: libtiff/tools/tiffcrop.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v
-retrieving revision 1.47
-retrieving revision 1.48
-diff -u -r1.47 -r1.48
---- libtiff/tools/tiffcrop.c	3 Dec 2016 11:35:56 -0000	1.47
-+++ libtiff/tools/tiffcrop.c	3 Dec 2016 12:19:32 -0000	1.48
-@@ -1,4 +1,4 @@
--/* $Id: tiffcrop.c,v 1.47 2016-12-03 11:35:56 erouault Exp $ */
-+/* $Id: tiffcrop.c,v 1.48 2016-12-03 12:19:32 erouault Exp $ */
- 
- /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of
-  * the image data through additional options listed below
-@@ -4815,10 +4815,17 @@
-   nstrips = TIFFNumberOfStrips(in);
-   strips_per_sample = nstrips /spp;
- 
-+  /* Add 3 padding bytes for combineSeparateSamples32bits */
-+  if( (size_t) stripsize > 0xFFFFFFFFU - 3U )
-+  {
-+      TIFFError("readSeparateStripsIntoBuffer", "Integer overflow when calculating buffer size.");
-+      exit(-1);
-+  }
-+
-   for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
-     {
-     srcbuffs[s] = NULL;
--    buff = _TIFFmalloc(stripsize);
-+    buff = _TIFFmalloc(stripsize + 3);
-     if (!buff)
-       {
-       TIFFError ("readSeparateStripsIntoBuffer", 
-@@ -4827,6 +4834,9 @@
-         _TIFFfree (srcbuffs[i]);
-       return 0;
-       }
-+    buff[stripsize] = 0;
-+    buff[stripsize+1] = 0;
-+    buff[stripsize+2] = 0;
-     srcbuffs[s] = buff;
-     }
- 
diff --git a/gnu/packages/patches/libtiff-invalid-read.patch b/gnu/packages/patches/libtiff-invalid-read.patch
deleted file mode 100644
index 92742d8757..0000000000
--- a/gnu/packages/patches/libtiff-invalid-read.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-Fix invalid read in t2p_writeproc():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2639
-
-2016-12-20 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiff2pdf.c: avoid potential invalid memory read in
-        t2p_writeproc.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2639
-
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1198; previous revision: 1.1197
-/cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v  <--  tools/tiff2pdf.c
-new revision: 1.100; previous revision: 1.99
-
-Index: libtiff/tools/tiff2pdf.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v
-retrieving revision 1.99
-retrieving revision 1.100
-diff -u -r1.99 -r1.100
---- libtiff/tools/tiff2pdf.c	20 Dec 2016 17:13:26 -0000	1.99
-+++ libtiff/tools/tiff2pdf.c	20 Dec 2016 17:24:35 -0000	1.100
-@@ -2896,6 +2896,7 @@
- 			}
- 			if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) {
- 				if (count >= 4) {
-+                                        int retTIFFReadRawTile;
-                     /* Ignore EOI marker of JpegTables */
- 					_TIFFmemcpy(buffer, jpt, count - 2);
- 					bufferoffset += count - 2;
-@@ -2903,22 +2904,23 @@
- 					table_end[0] = buffer[bufferoffset-2];
- 					table_end[1] = buffer[bufferoffset-1];
- 					xuint32 = bufferoffset;
--                    bufferoffset -= 2;
--					bufferoffset += TIFFReadRawTile(
-+                                        bufferoffset -= 2;
-+                                        retTIFFReadRawTile= TIFFReadRawTile(
- 						input, 
- 						tile, 
- 						(tdata_t) &(((unsigned char*)buffer)[bufferoffset]), 
- 						-1);
-+                                        if( retTIFFReadRawTile < 0 )
-+                                        {
-+                                            _TIFFfree(buffer);
-+                                            t2p->t2p_error = T2P_ERR_ERROR;
-+                                            return(0);
-+                                        }
-+					bufferoffset += retTIFFReadRawTile;
-                     /* Overwrite SOI marker of image scan with previously */
-                     /* saved end of JpegTables */
- 					buffer[xuint32-2]=table_end[0];
- 					buffer[xuint32-1]=table_end[1];
--				} else {
--					bufferoffset += TIFFReadRawTile(
--						input, 
--						tile, 
--						(tdata_t) &(((unsigned char*)buffer)[bufferoffset]), 
--						-1);
- 				}
- 			}
- 			t2pWriteFile(output, (tdata_t) buffer, bufferoffset);
diff --git a/gnu/packages/patches/libtiff-null-dereference.patch b/gnu/packages/patches/libtiff-null-dereference.patch
deleted file mode 100644
index 8c6345b804..0000000000
--- a/gnu/packages/patches/libtiff-null-dereference.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Fix NULL pointer dereference in TIFFReadRawData():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2594
-
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffinfo.c: fix null pointer dereference in -r mode when
-        * the
-image has
-        no StripByteCount tag.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2594
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1182; previous revision: 1.1181
-/cvs/maptools/cvsroot/libtiff/tools/tiffinfo.c,v  <--  tools/tiffinfo.c
-new revision: 1.26; previous revision: 1.25
-
-Index: libtiff/tools/tiffinfo.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffinfo.c,v
-retrieving revision 1.25
-retrieving revision 1.26
-diff -u -r1.25 -r1.26
---- libtiff/tools/tiffinfo.c	12 Nov 2016 20:06:05 -0000	1.25
-+++ libtiff/tools/tiffinfo.c	3 Dec 2016 14:18:49 -0000	1.26
-@@ -1,4 +1,4 @@
--/* $Id: tiffinfo.c,v 1.25 2016-11-12 20:06:05 bfriesen Exp $ */
-+/* $Id: tiffinfo.c,v 1.26 2016-12-03 14:18:49 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -417,7 +417,7 @@
- 	uint64* stripbc=NULL;
- 
- 	TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &stripbc);
--	if (nstrips > 0) {
-+	if (stripbc != NULL && nstrips > 0) {
- 		uint32 bufsize = (uint32) stripbc[0];
- 		tdata_t buf = _TIFFmalloc(bufsize);
- 		tstrip_t s;
diff --git a/gnu/packages/patches/libtiff-tiffcp-underflow.patch b/gnu/packages/patches/libtiff-tiffcp-underflow.patch
deleted file mode 100644
index 5615cbb3e1..0000000000
--- a/gnu/packages/patches/libtiff-tiffcp-underflow.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-Fix a integer underflow in tiffcp that led to heap overflows in
-TIFFReverseBits():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2598
-
-2016-12-02 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips that 
-        can cause various issues, such as buffer overflows in the library.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2598
-
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1174; previous revision: 1.1173
-/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
-new revision: 1.56; previous revision: 1.55
-
-Index: libtiff/tools/tiffcp.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
-retrieving revision 1.55
-retrieving revision 1.56
-diff -u -r1.55 -r1.56
---- libtiff/tools/tiffcp.c	8 Oct 2016 15:54:57 -0000	1.55
-+++ libtiff/tools/tiffcp.c	2 Dec 2016 22:13:32 -0000	1.56
-@@ -1,4 +1,4 @@
--/* $Id: tiffcp.c,v 1.55 2016-10-08 15:54:57 erouault Exp $ */
-+/* $Id: tiffcp.c,v 1.56 2016-12-02 22:13:32 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -985,7 +985,7 @@
- 		tstrip_t s, ns = TIFFNumberOfStrips(in);
- 		uint32 row = 0;
- 		_TIFFmemset(buf, 0, stripsize);
--		for (s = 0; s < ns; s++) {
-+		for (s = 0; s < ns && row < imagelength; s++) {
- 			tsize_t cc = (row + rowsperstrip > imagelength) ?
- 			    TIFFVStripSize(in, imagelength - row) : stripsize;
- 			if (TIFFReadEncodedStrip(in, s, buf, cc) < 0
diff --git a/gnu/packages/patches/libunistring-gnulib-multi-core.patch b/gnu/packages/patches/libunistring-gnulib-multi-core.patch
new file mode 100644
index 0000000000..709b20c6d2
--- /dev/null
+++ b/gnu/packages/patches/libunistring-gnulib-multi-core.patch
@@ -0,0 +1,178 @@
+This patch fixes performance problems on multi-core machines
+as reported at <https://bugs.gnu.org/26441>.
+
+See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib
+by Bruno Haible <bruno@clisp.org>.
+
+diff --git a/tests/test-lock.c b/tests/test-lock.c
+index cb734b4e6..aa6de2739 100644
+--- a/tests/test-lock.c
++++ b/tests/test-lock.c
+@@ -50,6 +50,13 @@
+    Uncomment this to see if the operating system has a fair scheduler.  */
+ #define EXPLICIT_YIELD 1
+ 
++/* Whether to use 'volatile' on some variables that communicate information
++   between threads.  If set to 0, a lock is used to protect these variables.
++   If set to 1, 'volatile' is used; this is theoretically equivalent but can
++   lead to much slower execution (e.g. 30x slower total run time on a 40-core
++   machine.  */
++#define USE_VOLATILE 0
++
+ /* Whether to print debugging messages.  */
+ #define ENABLE_DEBUGGING 0
+ 
+@@ -103,6 +110,51 @@
+ # define yield()
+ #endif
+ 
++#if USE_VOLATILE
++struct atomic_int {
++  volatile int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  return ai->value;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  ai->value = new_value;
++}
++#else
++struct atomic_int {
++  gl_lock_define (, lock)
++  int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++  gl_lock_init (ai->lock);
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  gl_lock_lock (ai->lock);
++  int ret = ai->value;
++  gl_lock_unlock (ai->lock);
++  return ret;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  gl_lock_lock (ai->lock);
++  ai->value = new_value;
++  gl_lock_unlock (ai->lock);
++}
++#endif
++
+ #define ACCOUNT_COUNT 4
+ 
+ static int account[ACCOUNT_COUNT];
+@@ -170,12 +222,12 @@ lock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int lock_checker_done;
++static struct atomic_int lock_checker_done;
+ 
+ static void *
+ lock_checker_thread (void *arg)
+ {
+-  while (!lock_checker_done)
++  while (get_atomic_int_value (&lock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_lock_lock (my_lock);
+@@ -200,7 +252,8 @@ test_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  lock_checker_done = 0;
++  init_atomic_int (&lock_checker_done);
++  set_atomic_int_value (&lock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (lock_checker_thread, NULL);
+@@ -210,7 +263,7 @@ test_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  lock_checker_done = 1;
++  set_atomic_int_value (&lock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
+@@ -254,12 +307,12 @@ rwlock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int rwlock_checker_done;
++static struct atomic_int rwlock_checker_done;
+ 
+ static void *
+ rwlock_checker_thread (void *arg)
+ {
+-  while (!rwlock_checker_done)
++  while (get_atomic_int_value (&rwlock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ());
+       gl_rwlock_rdlock (my_rwlock);
+@@ -284,7 +337,8 @@ test_rwlock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  rwlock_checker_done = 0;
++  init_atomic_int (&rwlock_checker_done);
++  set_atomic_int_value (&rwlock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+@@ -295,7 +349,7 @@ test_rwlock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  rwlock_checker_done = 1;
++  set_atomic_int_value (&rwlock_checker_done, 1);
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (checkerthreads[i], NULL);
+   check_accounts ();
+@@ -356,12 +410,12 @@ reclock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int reclock_checker_done;
++static struct atomic_int reclock_checker_done;
+ 
+ static void *
+ reclock_checker_thread (void *arg)
+ {
+-  while (!reclock_checker_done)
++  while (get_atomic_int_value (&reclock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_recursive_lock_lock (my_reclock);
+@@ -386,7 +440,8 @@ test_recursive_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  reclock_checker_done = 0;
++  init_atomic_int (&reclock_checker_done);
++  set_atomic_int_value (&reclock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (reclock_checker_thread, NULL);
+@@ -396,7 +451,7 @@ test_recursive_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  reclock_checker_done = 1;
++  set_atomic_int_value (&reclock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
diff --git a/gnu/packages/patches/libusb-0.1-disable-tests.patch b/gnu/packages/patches/libusb-0.1-disable-tests.patch
new file mode 100644
index 0000000000..37dd8bd111
--- /dev/null
+++ b/gnu/packages/patches/libusb-0.1-disable-tests.patch
@@ -0,0 +1,15 @@
+Disable tests who fail because they have to run as root.
+
+--- libusb-0.1.12/tests/Makefile.in	2006-03-04 03:54:06.000000000 +0100
++++ libusb-0.1.12/tests/Makefile.in	2017-07-13 16:17:45.201728019 +0200
+@@ -255,8 +255,8 @@
+ hub_strings_LDADD = $(top_builddir)/libusbpp.la @OSLIBS@
+ driver_name_SOURCES = driver_name.cpp
+ driver_name_LDADD = $(top_builddir)/libusbpp.la @OSLIBS@
+-TESTS = testlibusb descriptor_test id_test find_hubs find_mice \
+-		get_resolution hub_strings $(OS_SPECIFIC)
++TESTS = testlibusb descriptor_test id_test find_hubs find_mice
++		#get_resolution hub_strings $(OS_SPECIFIC)
+ 
+ XFAIL_TESTS = get_resolution hub_strings $(OS_SPECIFIC_XFAIL)
+ all: all-am
diff --git a/gnu/packages/patches/lz4-fix-test-failures.patch b/gnu/packages/patches/lz4-fix-test-failures.patch
deleted file mode 100644
index d38357d402..0000000000
--- a/gnu/packages/patches/lz4-fix-test-failures.patch
+++ /dev/null
@@ -1,136 +0,0 @@
-These two patches fix some bugs in lz4's test suite:
-
-https://github.com/lz4/lz4/issues/308
-
-Patches copied from upstream source repository:
-
-https://github.com/lz4/lz4/commit/b89cac7b2e92b792af98bb0a12e4d14684d07629
-https://github.com/lz4/lz4/commit/0dfb0b9dad2a8cb7cc347d2139bf9b84de7e1481
-
-From b89cac7b2e92b792af98bb0a12e4d14684d07629 Mon Sep 17 00:00:00 2001
-From: Eric Siegerman <pub08-git@davor.org>
-Date: Tue, 14 Feb 2017 14:17:06 -0500
-Subject: [PATCH] Don't use "foo && false || true"
-
-Replace it with either:
-    test ! -f $FILE_THAT_SHOULD_NOT_EXIST
-or:
-    ! $COMMAND_THAT_SHOULD_FAIL
-
-as appropriate.
----
- tests/Makefile | 38 +++++++++++++++++++-------------------
- 1 file changed, 19 insertions(+), 19 deletions(-)
-
-diff --git a/tests/Makefile b/tests/Makefile
-index 77e6ae7..ebab278 100644
---- a/tests/Makefile
-+++ b/tests/Makefile
-@@ -236,17 +236,17 @@ test-lz4-basic: lz4 datagen unlz4 lz4cat
- 	./datagen -g256MB | $(LZ4) -vqB4D | $(LZ4) -t
- 	@echo "hello world" > tmp
- 	$(LZ4) --rm -f tmp
--	ls -ls tmp         && false || true   # must fail (--rm)
--	ls -ls tmp.lz4
--	$(PRGDIR)/lz4cat tmp.lz4              # must display hello world
--	ls -ls tmp.lz4
-+	test ! -f tmp                      # must fail (--rm)
-+	test   -f tmp.lz4
-+	$(PRGDIR)/lz4cat tmp.lz4           # must display hello world
-+	test   -f tmp.lz4
- 	$(PRGDIR)/unlz4 --rm tmp.lz4
--	ls -ls tmp
--	ls -ls tmp.lz4     && false || true   # must fail (--rm)
--	ls -ls tmp.lz4.lz4 && false || true   # must fail (unlz4)
--	$(PRGDIR)/lz4cat tmp                  # pass-through mode
--	ls -ls tmp
--	ls -ls tmp.lz4     && false || true   # must fail (lz4cat)
-+	test   -f tmp
-+	test ! -f tmp.lz4                  # must fail (--rm)
-+	test ! -f tmp.lz4.lz4              # must fail (unlz4)
-+	$(PRGDIR)/lz4cat tmp               # pass-through mode
-+	test   -f tmp
-+	test ! -f tmp.lz4                  # must fail (lz4cat)
- 	$(LZ4) tmp                         # creates tmp.lz4
- 	$(PRGDIR)/lz4cat < tmp.lz4 > tmp3  # checks lz4cat works with stdin (#285)
- 	$(DIFF) -q tmp tmp3
-@@ -262,22 +262,22 @@ test-lz4-hugefile: lz4 datagen
- 
- test-lz4-testmode: lz4 datagen
- 	@echo "\n ---- bench mode ----"
--	$(LZ4) -bi1
-+	  $(LZ4) -bi1
- 	@echo "\n ---- test mode ----"
--	./datagen | $(LZ4) -t             && false || true
--	./datagen | $(LZ4) -tf            && false || true
-+	! ./datagen | $(LZ4) -t
-+	! ./datagen | $(LZ4) -tf
- 	@echo "\n ---- pass-through mode ----"
--	./datagen | $(LZ4) -d  > $(VOID)  && false || true
--	./datagen | $(LZ4) -df > $(VOID)
-+	! ./datagen | $(LZ4) -d  > $(VOID)
-+	  ./datagen | $(LZ4) -df > $(VOID)
- 	@echo "Hello World !" > tmp1
- 	$(LZ4) -dcf tmp1
- 	@echo "from underground..." > tmp2
- 	$(LZ4) -dcfm tmp1 tmp2
- 	@echo "\n ---- test cli ----"
--	$(LZ4)     file-does-not-exist    && false || true
--	$(LZ4) -f  file-does-not-exist    && false || true
--	$(LZ4) -fm file1-dne file2-dne    && false || true
--	$(LZ4) -fm file1-dne file2-dne    && false || true
-+	! $(LZ4)     file-does-not-exist
-+	! $(LZ4) -f  file-does-not-exist
-+	! $(LZ4) -fm file1-dne file2-dne
-+	! $(LZ4) -fm file1-dne file2-dne
- 
- test-lz4-opt-parser: lz4 datagen
- 	@echo "\n ---- test opt-parser ----"
--- 
-2.12.2
-
-From 0dfb0b9dad2a8cb7cc347d2139bf9b84de7e1481 Mon Sep 17 00:00:00 2001
-From: "Dmitry V. Levin" <ldv@altlinux.org>
-Date: Sun, 5 Mar 2017 23:20:10 +0000
-Subject: [PATCH] Fix test-lz4-basic
-
-When no output filename is specified and stdout is not a terminal,
-lz4 doesn't attempt to guess an output filename and uses stdout for
-output.
-
-This change fixes test-lz4-basic when run without a terminal
-by specifying output filenames.
----
- tests/Makefile | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/tests/Makefile b/tests/Makefile
-index ebab278..d68c700 100644
---- a/tests/Makefile
-+++ b/tests/Makefile
-@@ -235,19 +235,19 @@ test-lz4-basic: lz4 datagen unlz4 lz4cat
- 	./datagen -g33M   | $(LZ4) --no-frame-crc | $(LZ4) -t
- 	./datagen -g256MB | $(LZ4) -vqB4D | $(LZ4) -t
- 	@echo "hello world" > tmp
--	$(LZ4) --rm -f tmp
-+	$(LZ4) --rm -f tmp tmp.lz4
- 	test ! -f tmp                      # must fail (--rm)
- 	test   -f tmp.lz4
- 	$(PRGDIR)/lz4cat tmp.lz4           # must display hello world
- 	test   -f tmp.lz4
--	$(PRGDIR)/unlz4 --rm tmp.lz4
-+	$(PRGDIR)/unlz4 --rm tmp.lz4 tmp
- 	test   -f tmp
- 	test ! -f tmp.lz4                  # must fail (--rm)
- 	test ! -f tmp.lz4.lz4              # must fail (unlz4)
- 	$(PRGDIR)/lz4cat tmp               # pass-through mode
- 	test   -f tmp
- 	test ! -f tmp.lz4                  # must fail (lz4cat)
--	$(LZ4) tmp                         # creates tmp.lz4
-+	$(LZ4) tmp tmp.lz4                 # creates tmp.lz4
- 	$(PRGDIR)/lz4cat < tmp.lz4 > tmp3  # checks lz4cat works with stdin (#285)
- 	$(DIFF) -q tmp tmp3
- 	$(PRGDIR)/lz4cat < tmp > tmp2      # checks lz4cat works with stdin (#285)
--- 
-2.12.2
-
diff --git a/gnu/packages/patches/mesa-fix-32bit-test-failures.patch b/gnu/packages/patches/mesa-fix-32bit-test-failures.patch
deleted file mode 100644
index e21e87cef6..0000000000
--- a/gnu/packages/patches/mesa-fix-32bit-test-failures.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-Fix a test failure when building for 32 bit architectures:
-
-http://lists.gnu.org/archive/html/guix-devel/2017-04/msg00381.html
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/mesa/mesa/commit/?id=61bbb25a080e48a8ca897ba7f6e73cc6a8e9b5b8
-
-From 61bbb25a080e48a8ca897ba7f6e73cc6a8e9b5b8 Mon Sep 17 00:00:00 2001
-From: Grazvydas Ignotas <notasas@gmail.com>
-Date: Thu, 9 Mar 2017 02:54:53 +0200
-Subject: [PATCH] util/disk_cache: fix size subtraction on 32bit
-
-Negating size_t on 32bit produces a 32bit result. This was effectively
-adding values close to UINT_MAX to the cache size (the files are usually
-small) instead of intended subtraction.
-Fixes 'make check' disk_cache failures on 32bit.
-
-Signed-off-by: Grazvydas Ignotas <notasas@gmail.com>
-Reviewed-by: Timothy Arceri <tarceri@itsqueeze.com>
----
- src/util/disk_cache.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/util/disk_cache.c b/src/util/disk_cache.c
-index 5470688df3..facdcecf7c 100644
---- a/src/util/disk_cache.c
-+++ b/src/util/disk_cache.c
-@@ -603,7 +603,7 @@ evict_random_item(struct disk_cache *cache)
-    free(dir_path);
- 
-    if (size) {
--      p_atomic_add(cache->size, - size);
-+      p_atomic_add(cache->size, - (uint64_t)size);
-       return;
-    }
- 
-@@ -624,7 +624,7 @@ evict_random_item(struct disk_cache *cache)
-    free(dir_path);
- 
-    if (size)
--      p_atomic_add(cache->size, - size);
-+      p_atomic_add(cache->size, - (uint64_t)size);
- }
- 
- void
-#@@ -646,7 +646,7 @@ disk_cache_remove(struct disk_cache *cache, const cache_key key)
-#    free(filename);
-# 
-#    if (sb.st_size)
-#-      p_atomic_add(cache->size, - sb.st_size);
-#+      p_atomic_add(cache->size, - (uint64_t)sb.st_size);
-# }
-# 
-# /* From the zlib docs:
--- 
-2.12.2
-
diff --git a/gnu/packages/patches/mesa-skip-disk-cache-test.patch b/gnu/packages/patches/mesa-skip-disk-cache-test.patch
index 4377110475..b3f9367fd5 100644
--- a/gnu/packages/patches/mesa-skip-disk-cache-test.patch
+++ b/gnu/packages/patches/mesa-skip-disk-cache-test.patch
@@ -5,16 +5,15 @@ for now.
 
 --- a/src/compiler/glsl/tests/cache_test.c
 +++ b/src/compiler/glsl/tests/cache_test.c
-@@ -137,11 +137,6 @@
+@@ -170,11 +170,6 @@
     unsetenv("MESA_GLSL_CACHE_DIR");
     unsetenv("XDG_CACHE_HOME");
 
--   cache = disk_cache_create();
+-   cache = disk_cache_create("test", "make_check");
 -   expect_non_null(cache, "disk_cache_create with no environment variables");
 -
 -   disk_cache_destroy(cache);
 -
     /* Test with XDG_CACHE_HOME set */
     setenv("XDG_CACHE_HOME", CACHE_TEST_TMP "/xdg-cache-home", 1);
-    cache = disk_cache_create();
-
+    cache = disk_cache_create("test", "make_check");
diff --git a/gnu/packages/patches/metabat-fix-boost-issue.patch b/gnu/packages/patches/metabat-fix-boost-issue.patch
new file mode 100644
index 0000000000..3382d84d66
--- /dev/null
+++ b/gnu/packages/patches/metabat-fix-boost-issue.patch
@@ -0,0 +1,27 @@
+This patch fixes the issue described at
+https://bitbucket.org/berkeleylab/metabat/issues/28/compilation-fail-with-boost-164
+
+diff --git a/src/metabat.h b/src/metabat.h
+index 32ae94c..2292c04 100644
+--- a/src/metabat.h
++++ b/src/metabat.h
+@@ -35,6 +35,7 @@ KSEQ_INIT(gzFile, gzread)
+ 
+ #include <boost/program_options.hpp>
+ #include <boost/algorithm/string.hpp>
++#include <boost/serialization/array_wrapper.hpp>
+ #include <boost/numeric/ublas/matrix.hpp>
+ #include <boost/math/distributions.hpp>
+ #include <boost/serialization/serialization.hpp>
+diff --git a/src/metabat2.h b/src/metabat2.h
+index 60a9998..19fa815 100644
+--- a/src/metabat2.h
++++ b/src/metabat2.h
+@@ -41,6 +41,7 @@ KSEQ_INIT(gzFile, gzread)
+ 
+ #include <boost/program_options.hpp>
+ #include <boost/algorithm/string.hpp>
++#include <boost/serialization/array_wrapper.hpp>
+ #include <boost/numeric/ublas/matrix.hpp>
+ #include <boost/numeric/ublas/matrix_sparse.hpp>
+ #include <boost/numeric/ublas/matrix_proxy.hpp>
diff --git a/gnu/packages/patches/metabat-fix-compilation.patch b/gnu/packages/patches/metabat-fix-compilation.patch
new file mode 100644
index 0000000000..7086a96e86
--- /dev/null
+++ b/gnu/packages/patches/metabat-fix-compilation.patch
@@ -0,0 +1,39 @@
+This patch changes metabat so that (1) it is not build statically, (2) it uses
+shared libraries rather than static libraries where possible.
+
+diff --git a/SConstruct b/SConstruct
+index 69cdc0a..ac99bcb 100644
+--- a/SConstruct
++++ b/SConstruct
+@@ -26,8 +26,6 @@ debug = ARGUMENTS.get('DEBUG', None)
+ build_flags = ['-Wall', '-g', '-std=c++11', '-fopenmp']
+ link_flags = ['-lstdc++', '-lm', '-fopenmp']
+ 
+-if platform.platform(True, True).find('Darwin') == -1:
+-    link_flags.extend(['-static', '-static-libgcc', '-static-libstdc++'])
+ 
+ if debug is None:
+     build_flags.extend(['-O3', '-DNDEBUG', '-Wno-unknown-pragmas', '-Wno-deprecated-declarations', '-Wno-overflow', '-Wno-unused-variable'])
+@@ -110,17 +108,17 @@ def findStaticOrShared( lib, testPaths, static_source_list, link_flag_list, stat
+     for path in testPaths:
+         if not os.path.isdir(path):
+             continue
++        for testfile in ('%s/lib%s.so' % (path, lib), '%s/lib%s.dylib' % (path, lib)):
++            if os.path.isfile(testfile):
++                print "Found shared library %s as %s" % (lib, testfile)
++                link_flag_list.extend( ["-L%s" % (path), "-l%s" % (lib) ] )
++                return
+         for suffix in staticSuffixes:
+             testfile = '%s/lib%s%s' % (path, lib, suffix)
+             if os.path.isfile(testfile):
+                 static_source_list.append(testfile)
+                 print "Found static library %s as %s" % (lib, testfile)
+                 return
+-        for testfile in ('%s/lib%s.so' % (path, lib), '%s/lib%s.dylib' % (path, lib)):
+-            if os.path.isfile(testfile):
+-                print "Found shared library %s as %s" % (lib, testfile)
+-                link_flag_list.extend( ["-L%s" % (path), "-l%s" % (lib) ] )
+-                return
+     print "Could not find library for %s!!! Looked in %s" % (lib, testPaths)
+     return
+ 
diff --git a/gnu/packages/patches/newsbeuter-CVE-2017-12904.patch b/gnu/packages/patches/newsbeuter-CVE-2017-12904.patch
new file mode 100644
index 0000000000..8e90502469
--- /dev/null
+++ b/gnu/packages/patches/newsbeuter-CVE-2017-12904.patch
@@ -0,0 +1,34 @@
+Fix CVE-2017-12904:
+
+https://github.com/akrennmair/newsbeuter/issues/591
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12904
+
+Patch copied from the Debian package of newsbeuter, version 2.9-5+deb9u1.
+
+Adapted from upstream source repository:
+
+https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307
+
+Description: Fix a RCE vulnerability in the bookmark command
+ Newsbeuter didn't properly escape the title and description fields before
+ passing them to the bookmarking program which could lead to remote code
+ execution using the shells command substitution functionality (e.g. "$()", ``,
+ etc)
+
+Origin: upstream, https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307
+Last-Update: 2017-08-18
+
+--- newsbeuter-2.9.orig/src/controller.cpp
++++ newsbeuter-2.9/src/controller.cpp
+@@ -1274,9 +1274,10 @@ std::string controller::bookmark(const s
+ 	std::string bookmark_cmd = cfg.get_configvalue("bookmark-cmd");
+ 	bool is_interactive = cfg.get_configvalue_as_bool("bookmark-interactive");
+ 	if (bookmark_cmd.length() > 0) {
+-		std::string cmdline = utils::strprintf("%s '%s' %s %s",
++		std::string cmdline = utils::strprintf("%s '%s' '%s' '%s'",
+ 		                                       bookmark_cmd.c_str(), utils::replace_all(url,"'", "%27").c_str(),
+-		                                       stfl::quote(title).c_str(), stfl::quote(description).c_str());
++		                                       utils::replace_all(title,"'", "%27").c_str(),
++		                                       utils::replace_all(description,"'", "%27").c_str());
+ 
+ 		LOG(LOG_DEBUG, "controller::bookmark: cmd = %s", cmdline.c_str());
diff --git a/gnu/packages/patches/nss-pkgconfig.patch b/gnu/packages/patches/nss-pkgconfig.patch
index a33e05fcf2..e3145aa4cf 100644
--- a/gnu/packages/patches/nss-pkgconfig.patch
+++ b/gnu/packages/patches/nss-pkgconfig.patch
@@ -221,5 +221,5 @@ Later adapted to apply cleanly to nss-3.21.
  
  RELEASE = nss
  
--DIRS = coreconf lib cmd gtests
-+DIRS = coreconf lib cmd gtests config
+-DIRS = coreconf lib cmd cpputil gtests
++DIRS = coreconf lib cmd cpputil gtests config
diff --git a/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch
deleted file mode 100644
index 83c9dbb3d4..0000000000
--- a/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-Fix CVE-2017-0358:
-http://seclists.org/oss-sec/2017/q1/259
-This patch was copied from the above URL.
-
-diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c
-index 0bb38f9..c6d1dad 100644
---- a/src/lowntfs-3g.c
-+++ b/src/lowntfs-3g.c
-@@ -3827,13 +3827,14 @@ static fuse_fstype load_fuse_module(void)
- 	struct stat st;
- 	pid_t pid;
- 	const char *cmd = "/sbin/modprobe";
-+	char *env = (char*)NULL;
- 	struct timespec req = { 0, 100000000 };   /* 100 msec */
- 	fuse_fstype fstype;
-         
- 	if (!stat(cmd, &st) && !geteuid()) {
- 		pid = fork();
- 		if (!pid) {
--			execl(cmd, cmd, "fuse", NULL);
-+			execle(cmd, cmd, "fuse", NULL, &env);
- 			_exit(1);
- 		} else if (pid != -1)
- 			waitpid(pid, NULL, 0);
-diff -ur ntfs-3g.old/src/ntfs-3g.c ntfs-3g/src/ntfs-3g.c
---- ntfs-3g.old/src/ntfs-3g.c	2017-02-09 15:01:04.074331542 -0500
-+++ ntfs-3g/src/ntfs-3g.c	2017-02-09 15:06:26.077252571 -0500
-@@ -3612,13 +3612,14 @@
-	struct stat st;
-	pid_t pid;
-	const char *cmd = "/sbin/modprobe";
-+	char *env = (char*)NULL;
-	struct timespec req = { 0, 100000000 };   /* 100 msec */
-	fuse_fstype fstype;
-	
-	if (!stat(cmd, &st) && !geteuid()) {
-		pid = fork();
-		if (!pid) {
--			execl(cmd, cmd, "fuse", NULL);
-+			execle(cmd, cmd, "fuse", NULL, &env);
-			_exit(1);
-		} else if (pid != -1)
-			waitpid(pid, NULL, 0);
diff --git a/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch b/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch
deleted file mode 100644
index 545b5d0a71..0000000000
--- a/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch
+++ /dev/null
@@ -1,233 +0,0 @@
-Fix CVE-2016-9572 and CVE-2016-9573:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9572
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573
-https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572
-https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573
-
-Patch copied from 3rd-party repository:
-
-https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d
-
-From 7b28bd2b723df6be09fe7791eba33147c1c47d0d Mon Sep 17 00:00:00 2001
-From: szukw000 <szukw000@arcor.de>
-Date: Mon, 28 Nov 2016 21:57:20 +0100
-Subject: [PATCH] Changes for issues #863 and #862
-
----
- src/bin/jp2/convert.c        | 59 +++++++++++++++++++++++++++++++++++++++-----
- src/bin/jp2/convertbmp.c     | 29 +++++++++++++++++++++-
- src/bin/jp2/opj_decompress.c |  2 +-
- src/lib/openjp2/j2k.c        | 11 ++++++---
- 4 files changed, 90 insertions(+), 11 deletions(-)
-
-diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
-index deee4f6..6a3f65b 100644
---- a/src/bin/jp2/convert.c
-+++ b/src/bin/jp2/convert.c
-@@ -906,7 +906,8 @@ int imagetotga(opj_image_t * image, const char *outfile) {
-     for (i = 0; i < image->numcomps-1; i++)	{
-         if ((image->comps[0].dx != image->comps[i+1].dx)
-                 ||(image->comps[0].dy != image->comps[i+1].dy)
--                ||(image->comps[0].prec != image->comps[i+1].prec))	{
-+                ||(image->comps[0].prec != image->comps[i+1].prec)
-+				||(image->comps[0].sgnd != image->comps[i+1].sgnd))	{
-             fclose(fdest);
-             fprintf(stderr, "Unable to create a tga file with such J2K image charateristics.");
-             return 1;
-@@ -1743,7 +1744,7 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
-     int *red, *green, *blue, *alpha;
-     int wr, hr, max;
-     int i;
--    unsigned int compno, ncomp;
-+    unsigned int compno, ncomp, ui;
-     int adjustR, adjustG, adjustB, adjustA;
-     int fails, two, want_gray, has_alpha, triple;
-     int prec, v;
-@@ -1768,6 +1769,27 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
- 
-     if(want_gray) ncomp = 1;
- 
-+    for (ui = 1; ui < ncomp; ++ui) {
-+        if (image->comps[0].dx != image->comps[ui].dx) {
-+            break;
-+        }
-+        if (image->comps[0].dy != image->comps[ui].dy) {
-+            break;
-+        }
-+        if (image->comps[0].prec != image->comps[ui].prec) {
-+            break;
-+        }
-+        if (image->comps[0].sgnd != image->comps[ui].sgnd) {
-+            break;
-+        }
-+    }
-+    if (ui != ncomp) {
-+        fprintf(stderr,"imagetopnm: All components\n    shall have "
-+         "the same subsampling, same bit depth, same sign.\n"
-+         "    Aborting\n");
-+        return 1;
-+    }
-+
-     if ((force_split == 0) &&
- 				(ncomp == 2 /* GRAYA */
-             || (ncomp > 2 /* RGB, RGBA */
-@@ -2126,7 +2148,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
- {
-     FILE *rawFile = NULL;
-     size_t res;
--    unsigned int compno;
-+    unsigned int compno, numcomps;
-     int w, h, fails;
-     int line, row, curr, mask;
-     int *ptr;
-@@ -2139,6 +2161,31 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
-         return 1;
-     }
- 
-+    numcomps = image->numcomps;
-+
-+    if (numcomps > 4) {
-+        numcomps = 4;
-+    }
-+    for (compno = 1; compno < numcomps; ++compno) {
-+        if (image->comps[0].dx != image->comps[compno].dx) {
-+            break;
-+        }
-+        if (image->comps[0].dy != image->comps[compno].dy) {
-+            break;
-+        }
-+        if (image->comps[0].prec != image->comps[compno].prec) {
-+            break;
-+        }
-+        if (image->comps[0].sgnd != image->comps[compno].sgnd) {
-+            break;
-+        }
-+    }
-+    if (compno != numcomps) {
-+        fprintf(stderr,"imagetoraw_common: All components shall have the same subsampling, same bit depth, same sign.\n");
-+        fprintf(stderr,"\tAborting\n");
-+        return 1;
-+    }
-+
-     rawFile = fopen(outfile, "wb");
-     if (!rawFile) {
-         fprintf(stderr, "Failed to open %s for writing !!\n", outfile);
-@@ -2146,9 +2193,9 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
-     }
- 
-     fails = 1;
--    fprintf(stdout,"Raw image characteristics: %d components\n", image->numcomps);
-+    fprintf(stdout,"Raw image characteristics: %d components\n", numcomps);
- 
--    for(compno = 0; compno < image->numcomps; compno++)
-+    for(compno = 0; compno < numcomps; compno++)
-     {
-         fprintf(stdout,"Component %u characteristics: %dx%dx%d %s\n", compno, image->comps[compno].w,
-                 image->comps[compno].h, image->comps[compno].prec, image->comps[compno].sgnd==1 ? "signed": "unsigned");
-@@ -2238,7 +2285,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
-         }
-         else if (image->comps[compno].prec <= 32)
-         {
--            fprintf(stderr,"More than 16 bits per component no handled yet\n");
-+            fprintf(stderr,"More than 16 bits per component not handled yet\n");
-             goto fin;
-         }
-         else
-diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
-index ae83077..8017ba8 100644
---- a/src/bin/jp2/convertbmp.c
-+++ b/src/bin/jp2/convertbmp.c
-@@ -806,8 +806,35 @@ int imagetobmp(opj_image_t * image, const char *outfile) {
-     FILE *fdest = NULL;
-     int adjustR, adjustG, adjustB;
- 
-+   {
-+    unsigned int ui, ncomp = image->numcomps;
-+
-+    if (ncomp > 4) { /* RGBA in bmpmask32toimage */
-+        ncomp = 4;
-+    }
-+    for (ui = 1; ui < ncomp; ++ui) {
-+        if (image->comps[0].dx != image->comps[ui].dx) {
-+            break;
-+        }
-+        if (image->comps[0].dy != image->comps[ui].dy) {
-+            break;
-+        }
-+        if (image->comps[0].prec != image->comps[ui].prec) {
-+            break;
-+        }
-+        if (image->comps[0].sgnd != image->comps[ui].sgnd) {
-+            break;
-+        }
-+    }
-+    if (ui != ncomp) {
-+        fprintf(stderr,"imagetobmp: All components shall have the same subsampling, same bit depth, same sign.\n");
-+        fprintf(stderr,"\tAborting\n");
-+        return 1;
-+    }
-+
-+   }
-     if (image->comps[0].prec < 8) {
--        fprintf(stderr, "Unsupported number of components: %d\n", image->comps[0].prec);
-+        fprintf(stderr, "imagetobmp: Unsupported precision: %d\n", image->comps[0].prec);
-         return 1;
-     }
-     if (image->numcomps >= 3 && image->comps[0].dx == image->comps[1].dx
-diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
-index 83160c3..c30079b 100644
---- a/src/bin/jp2/opj_decompress.c
-+++ b/src/bin/jp2/opj_decompress.c
-@@ -1607,7 +1607,7 @@ int main(int argc, char **argv)
- 		if(dirptr->filename_buf) free(dirptr->filename_buf);
- 		free(dirptr);
- 	}
--	if (numDecompressedImages) {
-+	if (numDecompressedImages && !failed) {
- 		fprintf(stdout, "decode time: %d ms\n", (int)( (tCumulative * 1000.0) / (OPJ_FLOAT64)numDecompressedImages));
- 	}
- 	return failed ? EXIT_FAILURE : EXIT_SUCCESS;
-diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
-index 66802bb..b6daa32 100644
---- a/src/lib/openjp2/j2k.c
-+++ b/src/lib/openjp2/j2k.c
-@@ -2158,7 +2158,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
-                                   i, l_img_comp->dx, l_img_comp->dy);
-                     return OPJ_FALSE;
-                 }
--                if( l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */
-+                if( l_img_comp->prec < 1 || l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */
-                     opj_event_msg(p_manager, EVT_ERROR,
-                                   "Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n",
-                                   i, l_img_comp->prec);
-@@ -10029,7 +10029,11 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k,
-         /* Move data and copy one information from codec to output image*/
-         for (compno = 0; compno < p_image->numcomps; compno++) {
-                 p_image->comps[compno].resno_decoded = p_j2k->m_output_image->comps[compno].resno_decoded;
--                p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
-+		p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
-+
-+		if(p_image->comps[compno].data == NULL) return OPJ_FALSE;
-+
-+                p_j2k->m_output_image->comps[compno].data = NULL;
- #if 0
-                 char fn[256];
-                 sprintf( fn, "/tmp/%d.raw", compno );
-@@ -10037,7 +10041,6 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k,
-                 fwrite( p_image->comps[compno].data, sizeof(OPJ_INT32), p_image->comps[compno].w * p_image->comps[compno].h, debug );
-                 fclose( debug );
- #endif
--                p_j2k->m_output_image->comps[compno].data = NULL;
-         }
- 
-         return OPJ_TRUE;
-@@ -10131,6 +10134,8 @@ OPJ_BOOL opj_j2k_get_tile(      opj_j2k_t *p_j2k,
- 
-                 p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
- 
-+				if (p_image->comps[compno].data == NULL) return OPJ_FALSE;
-+
-                 p_j2k->m_output_image->comps[compno].data = NULL;
-         }
- 
diff --git a/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch b/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch
deleted file mode 100644
index 3f637fa88b..0000000000
--- a/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch
+++ /dev/null
@@ -1,245 +0,0 @@
-From cadff5fb6e73398de26a92e96d3d7cac893af255 Mon Sep 17 00:00:00 2001
-From: szukw000 <szukw000@arcor.de>
-Date: Fri, 9 Dec 2016 08:29:55 +0100
-Subject: [PATCH] These changes repair bugs of #871 and #872
-
-email from http://openwall.com/lists/oss-security/2016/12/09/4
-patch is against openjpeg-2.1.2, applies cleanly to 2.1.1.
-
----
- src/bin/jp2/converttif.c | 107 +++++++++++++++++++++++++++++++----------------
- 1 file changed, 70 insertions(+), 37 deletions(-)
-
-diff --git a/src/bin/jp2/converttif.c b/src/bin/jp2/converttif.c
-index 143d3be..c690f8b 100644
---- a/src/bin/jp2/converttif.c
-+++ b/src/bin/jp2/converttif.c
-@@ -553,20 +553,18 @@ static void tif_32sto16u(const OPJ_INT32* pSrc, OPJ_UINT16* pDst, OPJ_SIZE_T len
- 
- int imagetotif(opj_image_t * image, const char *outfile)
- {
--	int width, height;
--	int bps,adjust, sgnd;
--	int tiPhoto;
-+	uint32 width, height, bps, tiPhoto;
-+	int adjust, sgnd;
- 	TIFF *tif;
- 	tdata_t buf;
--	tsize_t strip_size;
-+	tmsize_t strip_size, rowStride;
- 	OPJ_UINT32 i, numcomps;
--	OPJ_SIZE_T rowStride;
- 	OPJ_INT32* buffer32s = NULL;
- 	OPJ_INT32 const* planes[4];
- 	convert_32s_PXCX cvtPxToCx = NULL;
- 	convert_32sXXx_C1R cvt32sToTif = NULL;
- 
--	bps = (int)image->comps[0].prec;
-+	bps = (uint32)image->comps[0].prec;
- 	planes[0] = image->comps[0].data;
- 	
- 	numcomps = image->numcomps;
-@@ -674,13 +672,13 @@ int imagetotif(opj_image_t * image, const char *outfile)
- 			break;
- 	}
- 	sgnd = (int)image->comps[0].sgnd;
--	adjust = sgnd ? 1 << (image->comps[0].prec - 1) : 0;
--	width   = (int)image->comps[0].w;
--	height  = (int)image->comps[0].h;
-+	adjust = sgnd ? (int)(1 << (image->comps[0].prec - 1)) : 0;
-+	width   = (uint32)image->comps[0].w;
-+	height  = (uint32)image->comps[0].h;
- 	
- 	TIFFSetField(tif, TIFFTAG_IMAGEWIDTH, width);
- 	TIFFSetField(tif, TIFFTAG_IMAGELENGTH, height);
--	TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, numcomps);
-+	TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, (uint32)numcomps);
- 	TIFFSetField(tif, TIFFTAG_BITSPERSAMPLE, bps);
- 	TIFFSetField(tif, TIFFTAG_ORIENTATION, ORIENTATION_TOPLEFT);
- 	TIFFSetField(tif, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG);
-@@ -688,8 +686,8 @@ int imagetotif(opj_image_t * image, const char *outfile)
- 	TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, 1);
- 	
- 	strip_size = TIFFStripSize(tif);
--	rowStride = ((OPJ_SIZE_T)width * numcomps * (OPJ_SIZE_T)bps + 7U) / 8U;
--	if (rowStride != (OPJ_SIZE_T)strip_size) {
-+	rowStride = (width * numcomps * bps + 7U) / 8U;
-+	if (rowStride != strip_size) {
- 		fprintf(stderr, "Invalid TIFF strip size\n");
- 		TIFFClose(tif);
- 		return 1;
-@@ -699,7 +697,7 @@ int imagetotif(opj_image_t * image, const char *outfile)
- 		TIFFClose(tif);
- 		return 1;
- 	}
--	buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)width * numcomps * sizeof(OPJ_INT32));
-+	buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(width * numcomps * sizeof(OPJ_INT32)));
- 	if (buffer32s == NULL) {
- 		_TIFFfree(buf);
- 		TIFFClose(tif);
-@@ -1211,20 +1209,19 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
- 	TIFF *tif;
- 	tdata_t buf;
- 	tstrip_t strip;
--	tsize_t strip_size;
-+	tmsize_t strip_size;
- 	int j, currentPlane, numcomps = 0, w, h;
- 	OPJ_COLOR_SPACE color_space = OPJ_CLRSPC_UNKNOWN;
- 	opj_image_cmptparm_t cmptparm[4]; /* RGBA */
- 	opj_image_t *image = NULL;
- 	int has_alpha = 0;
--	unsigned short tiBps, tiPhoto, tiSf, tiSpp, tiPC;
--	unsigned int tiWidth, tiHeight;
-+	uint32 tiBps, tiPhoto, tiSf, tiSpp, tiPC, tiWidth, tiHeight;
- 	OPJ_BOOL is_cinema = OPJ_IS_CINEMA(parameters->rsiz);
- 	convert_XXx32s_C1R cvtTifTo32s = NULL;
- 	convert_32s_CXPX cvtCxToPx = NULL;
- 	OPJ_INT32* buffer32s = NULL;
- 	OPJ_INT32* planes[4];
--	OPJ_SIZE_T rowStride;
-+	tmsize_t rowStride;
- 	
- 	tif = TIFFOpen(filename, "r");
- 	
-@@ -1243,22 +1240,35 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
- 	TIFFGetField(tif, TIFFTAG_SAMPLESPERPIXEL, &tiSpp);
- 	TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &tiPhoto);
- 	TIFFGetField(tif, TIFFTAG_PLANARCONFIG, &tiPC);
--	w= (int)tiWidth;
--	h= (int)tiHeight;
--	
--	if(tiBps > 16U) {
--		fprintf(stderr,"tiftoimage: Bits=%d, Only 1 to 16 bits implemented\n",tiBps);
--		fprintf(stderr,"\tAborting\n");
-+
-+	if(tiSpp == 0 || tiSpp > 4) { /* should be 1 ... 4 */
-+		fprintf(stderr,"tiftoimage: Bad value for samples per pixel == %hu.\n"
-+		 "\tAborting.\n", tiSpp);
-+		TIFFClose(tif);
-+		return NULL;
-+	}
-+	if(tiBps > 16U || tiBps == 0) {
-+		fprintf(stderr,"tiftoimage: Bad values for Bits == %d.\n"
-+		 "\tMax. 16 Bits are allowed here.\n\tAborting.\n",tiBps);
- 		TIFFClose(tif);
- 		return NULL;
- 	}
- 	if(tiPhoto != PHOTOMETRIC_MINISBLACK && tiPhoto != PHOTOMETRIC_RGB) {
--		fprintf(stderr,"tiftoimage: Bad color format %d.\n\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto);
-+		fprintf(stderr,"tiftoimage: Bad color format %d.\n"
-+		 "\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto);
- 		fprintf(stderr,"\tAborting\n");
- 		TIFFClose(tif);
- 		return NULL;
- 	}
--	
-+	if(tiWidth == 0 || tiHeight == 0) {
-+		fprintf(stderr,"tiftoimage: Bad values for width(%u) "
-+		 "and/or height(%u)\n\tAborting.\n",tiWidth,tiHeight);
-+		TIFFClose(tif);
-+		return NULL;
-+	}
-+	w= (int)tiWidth;
-+	h= (int)tiHeight;
-+
- 	switch (tiBps) {
- 		case 1:
- 		case 2:
-@@ -1312,7 +1322,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
- 		
- 		TIFFGetFieldDefaulted(tif, TIFFTAG_EXTRASAMPLES,
- 													&extrasamples, &sampleinfo);
--		
-+
- 		if(extrasamples >= 1)
- 		{
- 			switch(sampleinfo[0])
-@@ -1333,7 +1343,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
- 		else /* extrasamples == 0 */
- 			if(tiSpp == 4 || tiSpp == 2) has_alpha = 1;
- 	}
--	
-+
- 	/* initialize image components */
- 	memset(&cmptparm[0], 0, 4 * sizeof(opj_image_cmptparm_t));
- 	
-@@ -1346,7 +1356,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
- 	} else {
- 		is_cinema = 0U;
- 	}
--	
-+
- 	if(tiPhoto == PHOTOMETRIC_RGB) /* RGB(A) */
- 	{
- 		numcomps = 3 + has_alpha;
-@@ -1384,10 +1394,24 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
- 	image->x0 = (OPJ_UINT32)parameters->image_offset_x0;
- 	image->y0 = (OPJ_UINT32)parameters->image_offset_y0;
- 	image->x1 =	!image->x0 ? (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1 :
--	image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1;
-+	 image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1;
-+	if(image->x1 <= image->x0) {
-+		fprintf(stderr,"tiftoimage: Bad value for image->x1(%d) vs. "
-+		 "image->x0(%d)\n\tAborting.\n",image->x1,image->x0);
-+		TIFFClose(tif);
-+		opj_image_destroy(image);
-+		return NULL;
-+	}
- 	image->y1 =	!image->y0 ? (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1 :
--	image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1;
--
-+	 image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1;
-+	if(image->y1 <= image->y0) {
-+		fprintf(stderr,"tiftoimage: Bad value for image->y1(%d) vs. "
-+		 "image->y0(%d)\n\tAborting.\n",image->y1,image->y0);
-+		TIFFClose(tif);
-+		opj_image_destroy(image);
-+		return NULL;
-+	}
-+	
- 	for(j = 0; j < numcomps; j++)
- 	{
- 		planes[j] = image->comps[j].data;
-@@ -1395,15 +1419,15 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
- 	image->comps[numcomps - 1].alpha = (OPJ_UINT16)(1 - (numcomps & 1));
- 		
- 	strip_size = TIFFStripSize(tif);
--	
-+
- 	buf = _TIFFmalloc(strip_size);
- 	if (buf == NULL) {
- 		TIFFClose(tif);
- 		opj_image_destroy(image);
- 		return NULL;
- 	}
--	rowStride = ((OPJ_SIZE_T)w * tiSpp * tiBps + 7U) / 8U;
--	buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)w * tiSpp * sizeof(OPJ_INT32));
-+	rowStride = (w * tiSpp * tiBps + 7U) / 8U;
-+	buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(w * tiSpp * sizeof(OPJ_INT32)));
- 	if (buffer32s == NULL) {
- 		_TIFFfree(buf);
- 		TIFFClose(tif);
-@@ -1421,11 +1445,20 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
- 		for(; (h > 0) && (strip < TIFFNumberOfStrips(tif)); strip++)
- 		{
- 				const OPJ_UINT8 *dat8;
--				OPJ_SIZE_T ssize;
-+				tmsize_t ssize;
- 				
--				ssize = (OPJ_SIZE_T)TIFFReadEncodedStrip(tif, strip, buf, strip_size);
-+				ssize = TIFFReadEncodedStrip(tif, strip, buf, strip_size);
-+				if(ssize < 1 || ssize > strip_size) {
-+					fprintf(stderr,"tiftoimage: Bad value for ssize(%ld) "
-+                     "vs. strip_size(%ld).\n\tAborting.\n",ssize,strip_size);
-+					_TIFFfree(buf);
-+					_TIFFfree(buffer32s);
-+					TIFFClose(tif);
-+					opj_image_destroy(image);
-+					return NULL;
-+				}
- 				dat8 = (const OPJ_UINT8*)buf;
--				
-+
- 				while (ssize >= rowStride) {
- 					cvtTifTo32s(dat8, buffer32s, (OPJ_SIZE_T)w * tiSpp);
- 					cvtCxToPx(buffer32s, planes, (OPJ_SIZE_T)w);
diff --git a/gnu/packages/patches/openjpeg-CVE-2017-12982.patch b/gnu/packages/patches/openjpeg-CVE-2017-12982.patch
new file mode 100644
index 0000000000..3929a73570
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-CVE-2017-12982.patch
@@ -0,0 +1,28 @@
+http://openwall.com/lists/oss-security/2017/08/21/1
+https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch
+
+From baf0c1ad4572daa89caa3b12985bdd93530f0dd7 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Mon, 14 Aug 2017 17:26:58 +0200
+Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0
+ (#983)
+
+---
+ src/bin/jp2/convertbmp.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
+index b49e7a080..2715fdf24 100644
+--- a/src/bin/jp2/convertbmp.c
++++ b/src/bin/jp2/convertbmp.c
+@@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header)
+ 
+     header->biBitCount  = (OPJ_UINT16)getc(IN);
+     header->biBitCount |= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8);
++    if (header->biBitCount == 0) {
++        fprintf(stderr, "Error, invalid biBitCount %d\n", 0);
++        return OPJ_FALSE;
++    }
+ 
+     if (header->biSize >= 40U) {
+         header->biCompression  = (OPJ_UINT32)getc(IN);
diff --git a/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
new file mode 100644
index 0000000000..74613cb632
--- /dev/null
+++ b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
@@ -0,0 +1,62 @@
+Fix CVE-2017-10788:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10788
+
+Patch written to match corrected documentation specifications:
+
+Old: http://web.archive.org/web/20161220021610/https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html
+New: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html
+
+The patch itself is from https://github.com/perl5-dbi/DBD-mysql/issues/120#issuecomment-312420660.
+
+From 9ce10cfae7138c37c3a0cb2ba2a1d682482943d0 Mon Sep 17 00:00:00 2001
+From: Pali <pali@cpan.org>
+Date: Sun, 25 Jun 2017 10:07:39 +0200
+Subject: [PATCH] Fix use-after-free after calling mysql_stmt_close()
+
+Ignore return value from mysql_stmt_close() and also its error message
+because it points to freed memory after mysql_stmt_close() was called.
+---
+ dbdimp.c |    8 ++------
+ mysql.xs |    7 ++-----
+ 2 files changed, 4 insertions(+), 11 deletions(-)
+
+diff --git a/dbdimp.c b/dbdimp.c
+index c60a5f6..a6410e5 100644
+--- a/dbdimp.c
++++ b/dbdimp.c
+@@ -4894,12 +4894,8 @@ void dbd_st_destroy(SV *sth, imp_sth_t *imp_sth) {
+
+   if (imp_sth->stmt)
+   {
+-    if (mysql_stmt_close(imp_sth->stmt))
+-    {
+-      do_error(DBIc_PARENT_H(imp_sth), mysql_stmt_errno(imp_sth->stmt),
+-          mysql_stmt_error(imp_sth->stmt),
+-          mysql_stmt_sqlstate(imp_sth->stmt));
+-    }
++    mysql_stmt_close(imp_sth->stmt);
++    imp_sth->stmt= NULL;
+   }
+ #endif
+
+diff --git a/mysql.xs b/mysql.xs
+index 55376e1..affde59 100644
+--- a/mysql.xs
++++ b/mysql.xs
+@@ -434,11 +434,8 @@ do(dbh, statement, attr=Nullsv, ...)
+       if (bind)
+         Safefree(bind);
+
+-      if(mysql_stmt_close(stmt))
+-      {
+-        fprintf(stderr, "\n failed while closing the statement");
+-        fprintf(stderr, "\n %s", mysql_stmt_error(stmt));
+-      }
++      mysql_stmt_close(stmt);
++      stmt= NULL;
+
+       if (retval == -2) /* -2 means error */
+       {
+--
+1.7.9.5
diff --git a/gnu/packages/patches/perl-net-ssleay-disable-ede-test.patch b/gnu/packages/patches/perl-net-ssleay-disable-ede-test.patch
deleted file mode 100644
index 16f136fb54..0000000000
--- a/gnu/packages/patches/perl-net-ssleay-disable-ede-test.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-Disable a test that fails with openssl-1.0.2b.
-
---- Net-SSLeay-1.68/t/local/33_x509_create_cert.t.orig	2014-06-07 02:01:39.000000000 -0400
-+++ Net-SSLeay-1.68/t/local/33_x509_create_cert.t	2015-06-12 03:38:57.620286888 -0400
-@@ -2,7 +2,7 @@
- 
- use strict;
- use warnings;
--use Test::More tests => 123;
-+use Test::More tests => 122;
- use Net::SSLeay qw/MBSTRING_ASC MBSTRING_UTF8 EVP_PK_RSA EVP_PKT_SIGN EVP_PKT_ENC/;
- use File::Spec;
- use utf8;
-@@ -101,7 +101,8 @@
-   like(my $key_pem3 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg1), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg");
-   
-   ok(my $alg2 = Net::SSLeay::EVP_get_cipherbyname("DES-EDE3-OFB"), "EVP_get_cipherbyname");
--  like(my $key_pem4 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg2), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg");
-+  # This test fails with openssl-1.0.2b
-+  #like(my $key_pem4 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg2), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg");
-   
-   is(Net::SSLeay::X509_NAME_print_ex($name), "O=Company Name,C=UK,CN=Common name text X509", "X509_NAME_print_ex");  
- 
diff --git a/gnu/packages/patches/perl-no-sys-dirs.patch b/gnu/packages/patches/perl-no-sys-dirs.patch
index da91fef3b4..31d53e0353 100644
--- a/gnu/packages/patches/perl-no-sys-dirs.patch
+++ b/gnu/packages/patches/perl-no-sys-dirs.patch
@@ -1,6 +1,7 @@
 Don't look for headers and libraries in "traditional" locations.
 
-Patch from Nixpkgs by Eelco Dolstra <eelco.dolstra@logicblox.com>.
+Patch adapted from Nixpkgs, originally by Eelco Dolstra
+<eelco.dolstra@logicblox.com>.
 
 diff -ru -x '*~' -x '*.rej' perl-5.20.0-orig/Configure perl-5.20.0/Configure
 --- perl-5.20.0-orig/Configure	2014-05-26 15:34:18.000000000 +0200
@@ -185,39 +186,6 @@ diff -ru -x '*~' -x '*.rej' perl-5.20.0-orig/hints/linux.sh perl-5.20.0/hints/li
  case "$plibpth" in
  '') plibpth=`LANG=C LC_ALL=C $gcc $ccflags $ldflags -print-search-dirs | grep libraries |
  	cut -f2- -d= | tr ':' $trnl | grep -v 'gcc' | sed -e 's:/$::'`
-@@ -178,32 +159,6 @@
-     ;;
- esac
- 
--case "$libc" in
--'')
--# If you have glibc, then report the version for ./myconfig bug reporting.
--# (Configure doesn't need to know the specific version since it just uses
--# gcc to load the library for all tests.)
--# We don't use __GLIBC__ and  __GLIBC_MINOR__ because they
--# are insufficiently precise to distinguish things like
--# libc-2.0.6 and libc-2.0.7.
--    for p in $plibpth
--    do
--        for trylib in libc.so.6 libc.so
--        do
--            if $test -e $p/$trylib; then
--                libc=`ls -l $p/$trylib | awk '{print $NF}'`
--                if $test "X$libc" != X; then
--                    break
--                fi
--            fi
--        done
--        if $test "X$libc" != X; then
--            break
--        fi
--    done
--    ;;
--esac
--
- # Are we using ELF?  Thanks to Kenneth Albanowski <kjahds@kjahds.com>
- # for this test.
- cat >try.c <<'EOM'
 @@ -367,33 +322,6 @@
  	;;
  esac
@@ -252,3 +220,40 @@ diff -ru -x '*~' -x '*.rej' perl-5.20.0-orig/hints/linux.sh perl-5.20.0/hints/li
  # Linux on Synology.
  if [ -f /etc/synoinfo.conf -a -d /usr/syno ]; then
      # Tested on Synology DS213 and DS413
+diff --git a/hints/linux.sh b/hints/linux.sh
+index 3f38ea0..97aed11 100644
+--- a/hints/linux.sh
++++ b/hints/linux.sh
+@@ -195,32 +195,6 @@ case "$usequadmath" in
+   ;;
+ esac
+ 
+-case "$libc" in
+-'')
+-# If you have glibc, then report the version for ./myconfig bug reporting.
+-# (Configure doesn't need to know the specific version since it just uses
+-# gcc to load the library for all tests.)
+-# We don't use __GLIBC__ and  __GLIBC_MINOR__ because they
+-# are insufficiently precise to distinguish things like
+-# libc-2.0.6 and libc-2.0.7.
+-    for p in $plibpth
+-    do
+-        for trylib in libc.so.6 libc.so
+-        do
+-            if $test -e $p/$trylib; then
+-                libc=`ls -l $p/$trylib | awk '{print $NF}'`
+-                if $test "X$libc" != X; then
+-                    break
+-                fi
+-            fi
+-        done
+-        if $test "X$libc" != X; then
+-            break
+-        fi
+-    done
+-    ;;
+-esac
+-
+ if ${sh:-/bin/sh} -c exit; then
+   echo ''
+   echo 'You appear to have a working bash.  Good.'
diff --git a/gnu/packages/patches/poppler-CVE-2017-9776.patch b/gnu/packages/patches/poppler-CVE-2017-9776.patch
deleted file mode 100644
index 17a2807171..0000000000
--- a/gnu/packages/patches/poppler-CVE-2017-9776.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Fix CVE-2017-9776:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776
-https://bugs.freedesktop.org/show_bug.cgi?id=101541
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/poppler/poppler/commit/?id=a3a98a6d83dfbf49f565f5aa2d7c07153a7f62fc
-
-From 55db66c69fd56826b8523710046deab1a8d14ba2 Mon Sep 17 00:00:00 2001
-From: Albert Astals Cid <aacid@kde.org>
-Date: Wed, 21 Jun 2017 00:55:20 +0200
-Subject: [PATCH] Fix crash in malformed documents
-
----
- poppler/JBIG2Stream.cc | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
-index 48535883..d89108c8 100644
---- a/poppler/JBIG2Stream.cc
-+++ b/poppler/JBIG2Stream.cc
-@@ -896,7 +896,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y,
-   oneByte = x0 == ((x1 - 1) & ~7);
- 
-   for (yy = y0; yy < y1; ++yy) {
--    if (unlikely(y + yy) >= h)
-+    if (unlikely((y + yy >= h) || (y + yy < 0)))
-       continue;
- 
-     // one byte per line -- need to mask both left and right side
--- 
-2.13.2
-
diff --git a/gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch b/gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch
deleted file mode 100644
index 353a16e322..0000000000
--- a/gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-Copied from:
-
-  https://cgit.freedesktop.org/poppler/poppler/patch/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a
-
-From 5c9b08a875b07853be6c44e43ff5f7f059df666a Mon Sep 17 00:00:00 2001
-From: Albert Astals Cid <aacid@kde.org>
-Date: Sat, 27 May 2017 00:09:17 +0200
-Subject: pdfunite: Fix crash with broken documents
-
-Sometimes we can't parse pages so check before accessing them
-
-Thanks to Jiaqi Peng for the report
-
-Fixes bugs #101153 and #101149
-
-diff --git a/utils/pdfunite.cc b/utils/pdfunite.cc
-index dfe48bf..c32e201 100644
---- a/utils/pdfunite.cc
-+++ b/utils/pdfunite.cc
-@@ -7,7 +7,7 @@
- // Copyright (C) 2011-2015, 2017 Thomas Freitag <Thomas.Freitag@alfa.de>
- // Copyright (C) 2012 Arseny Solokha <asolokha@gmx.com>
- // Copyright (C) 2012 Fabio D'Urso <fabiodurso@hotmail.it>
--// Copyright (C) 2012, 2014 Albert Astals Cid <aacid@kde.org>
-+// Copyright (C) 2012, 2014, 2017 Albert Astals Cid <aacid@kde.org>
- // Copyright (C) 2013 Adrian Johnson <ajohnson@redneon.com>
- // Copyright (C) 2013 Hib Eris <hib@hiberis.nl>
- // Copyright (C) 2015 Arthur Stavisky <vovodroid@gmail.com>
-@@ -268,15 +268,15 @@ int main (int argc, char *argv[])
-     catDict->lookup("OutputIntents", &intents);
-     catDict->lookupNF("AcroForm", &afObj);
-     Ref *refPage = docs[0]->getCatalog()->getPageRef(1);
--    if (!afObj.isNull()) {
-+    if (!afObj.isNull() && refPage) {
-       docs[0]->markAcroForm(&afObj, yRef, countRef, 0, refPage->num, refPage->num);
-     }
-     catDict->lookupNF("OCProperties", &ocObj);
--    if (!ocObj.isNull() && ocObj.isDict()) {
-+    if (!ocObj.isNull() && ocObj.isDict() && refPage) {
-       docs[0]->markPageObjects(ocObj.getDict(), yRef, countRef, 0, refPage->num, refPage->num);
-     }
-     catDict->lookup("Names", &names);
--    if (!names.isNull() && names.isDict()) {
-+    if (!names.isNull() && names.isDict() && refPage) {
-       docs[0]->markPageObjects(names.getDict(), yRef, countRef, 0, refPage->num, refPage->num);
-     }
-     if (intents.isArray() && intents.arrayGetLength() > 0) {
-@@ -353,6 +353,10 @@ int main (int argc, char *argv[])
- 
-   for (i = 0; i < (int) docs.size(); i++) {
-     for (j = 1; j <= docs[i]->getNumPages(); j++) {
-+      if (!docs[i]->getCatalog()->getPage(j)) {
-+        continue;
-+      }
-+
-       PDFRectangle *cropBox = NULL;
-       if (docs[i]->getCatalog()->getPage(j)->isCropped())
-         cropBox = docs[i]->getCatalog()->getPage(j)->getCropBox();
--- 
-cgit v0.10.2
-
diff --git a/gnu/packages/patches/python-cython-fix-tests-32bit.patch b/gnu/packages/patches/python-cython-fix-tests-32bit.patch
deleted file mode 100644
index 7ccc11dd4c..0000000000
--- a/gnu/packages/patches/python-cython-fix-tests-32bit.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-This fixes a test failure on 32-bit platforms.
-
-Upstream bug URL: https://github.com/cython/cython/issues/1548
-
-Patch copied from upstream source repository:
-
-https://github.com/cython/cython/commit/d92a718a26c9354fbf35f31a17de5c069865a447
-
-From d92a718a26c9354fbf35f31a17de5c069865a447 Mon Sep 17 00:00:00 2001
-From: Robert Bradshaw <robertwb@gmail.com>
-Date: Tue, 24 Jan 2017 16:57:00 -0800
-Subject: [PATCH] Normalize possible L suffix.
-
----
- tests/run/cpdef_enums.pyx | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tests/run/cpdef_enums.pyx b/tests/run/cpdef_enums.pyx
-index 167c762..c264ec5 100644
---- a/tests/run/cpdef_enums.pyx
-+++ b/tests/run/cpdef_enums.pyx
-@@ -93,4 +93,4 @@ def verify_resolution_GH1533():
-     3
-     """
-     THREE = 100
--    return PyxEnum.THREE
-+    return int(PyxEnum.THREE)
diff --git a/gnu/packages/patches/python-fake-factory-fix-build-32bit.patch b/gnu/packages/patches/python-fake-factory-fix-build-32bit.patch
deleted file mode 100644
index cb60896fad..0000000000
--- a/gnu/packages/patches/python-fake-factory-fix-build-32bit.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-These tests fail on 32-bit due to an overflow.
-
-Upstream bug URL: https://github.com/joke2k/faker/issues/408
-
-diff --git a/faker/tests/__init__.py b/faker/tests/__init__.py
-index 6026772..58b6b83 100644
---- a/faker/tests/__init__.py
-+++ b/faker/tests/__init__.py
-@@ -384,7 +384,6 @@ class FactoryTestCase(unittest.TestCase):
-         provider = Provider
-         # test century
-         self.assertTrue(self._datetime_to_time(provider.date_time_this_century(after_now=False)) <= self._datetime_to_time(datetime.datetime.now()))
--        self.assertTrue(self._datetime_to_time(provider.date_time_this_century(before_now=False, after_now=True)) >= self._datetime_to_time(datetime.datetime.now()))
-         # test decade
-         self.assertTrue(self._datetime_to_time(provider.date_time_this_decade(after_now=False)) <= self._datetime_to_time(datetime.datetime.now()))
-         self.assertTrue(self._datetime_to_time(provider.date_time_this_decade(before_now=False, after_now=True)) >= self._datetime_to_time(datetime.datetime.now()))
-@@ -413,8 +412,6 @@ class FactoryTestCase(unittest.TestCase):
- 
-         # ensure all methods provide timezone aware datetimes
-         with self.assertRaises(TypeError):
--            provider.date_time_this_century(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now()
--        with self.assertRaises(TypeError):
-             provider.date_time_this_decade(after_now=False, tzinfo=utc) <= datetime.datetime.now()
-         with self.assertRaises(TypeError):
-             provider.date_time_this_year(after_now=False, tzinfo=utc) <= datetime.datetime.now()
-@@ -423,7 +420,6 @@ class FactoryTestCase(unittest.TestCase):
- 
-         # test century
-         self.assertTrue(provider.date_time_this_century(after_now=False, tzinfo=utc) <= datetime.datetime.now(utc))
--        self.assertTrue(provider.date_time_this_century(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now(utc))
-         # test decade
-         self.assertTrue(provider.date_time_this_decade(after_now=False, tzinfo=utc) <= datetime.datetime.now(utc))
-         self.assertTrue(provider.date_time_this_decade(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now(utc))
--- 
-2.11.1
-
diff --git a/gnu/packages/patches/python-file-double-encoding-bug.patch b/gnu/packages/patches/python-file-double-encoding-bug.patch
deleted file mode 100644
index bbe825c36a..0000000000
--- a/gnu/packages/patches/python-file-double-encoding-bug.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-Fix bug that breaks file's Python bindings when using Python 3. This patch
-should not be applied when using Python 2.
-
-Copied from upstream source repository:
-
-https://github.com/file/file/commit/73e043d2a986234b187a00ed0c8d1f7bf83df372
-
-From 73e043d2a986234b187a00ed0c8d1f7bf83df372 Mon Sep 17 00:00:00 2001
-From: Christos Zoulas <christos@zoulas.com>
-Date: Tue, 28 Jun 2016 17:10:22 +0000
-Subject: [PATCH] PR/562: Reiner Herrmann: Avoid double encoding with python3
-
----
- python/magic.py | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/python/magic.py b/python/magic.py
-index c48f7d5..b0f7a17 100644
---- a/python/magic.py
-+++ b/python/magic.py
-@@ -134,7 +134,7 @@ class Magic(object):
-         if isinstance(r, str):
-             return r
-         else:
--            return str(r).encode('utf-8')
-+            return str(r, 'utf-8')
- 
-     def descriptor(self, fd):
-         """
-@@ -152,7 +152,7 @@ class Magic(object):
-         if isinstance(r, str):
-             return r
-         else:
--            return str(r).encode('utf-8')
-+            return str(r, 'utf-8')
- 
-     def error(self):
-         """
-@@ -163,7 +163,7 @@ class Magic(object):
-         if isinstance(e, str):
-             return e
-         else:
--            return str(e).encode('utf-8')
-+            return str(e, 'utf-8')
- 
-     def setflags(self, flags):
-         """
--- 
-2.10.1
-
diff --git a/gnu/packages/patches/python-pbr-fix-man-page-support.patch b/gnu/packages/patches/python-pbr-fix-man-page-support.patch
deleted file mode 100644
index b9036f5b01..0000000000
--- a/gnu/packages/patches/python-pbr-fix-man-page-support.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-See: https://bugs.launchpad.net/oslosphinx/+bug/1661861
-diff -ur orig/pbr-1.10.0/pbr/builddoc.py pbr-1.10.0/pbr/builddoc.py
---- orig/pbr-1.10.0/pbr/builddoc.py	2016-05-23 21:38:18.000000000 +0200
-+++ pbr-1.10.0/pbr/builddoc.py	2017-02-18 14:01:37.424434317 +0100
-@@ -138,7 +138,8 @@
-             sphinx_config.init_values(warnings.warn)
-         else:
-             sphinx_config.init_values()
--        if self.builder == 'man' and len(sphinx_config.man_pages) == 0:
-+        if self.builder == 'man' and len(
-+                getattr(sphinx_config, 'man_pages', '')) == 0:
-             return
-         app = application.Sphinx(
-             self.source_dir, self.config_dir,
-diff -ur orig/pbr-1.10.0/pbr/util.py pbr-1.10.0/pbr/util.py
---- orig/pbr-1.10.0/pbr/util.py	2016-05-23 21:38:18.000000000 +0200
-+++ pbr-1.10.0/pbr/util.py	2017-02-18 15:36:32.951196795 +0100
-@@ -211,7 +211,9 @@
-     parser.read(path)
-     config = {}
-     for section in parser.sections():
--        config[section] = dict(parser.items(section))
-+        config[section] = dict()
-+        for k, value in parser.items(section):
-+            config[section][k.replace('-', '_')] = value
- 
-     # Run setup_hooks, if configured
-     setup_hooks = has_get_option(config, 'global', 'setup_hooks')
diff --git a/gnu/packages/patches/python-pygit2-disable-network-tests.patch b/gnu/packages/patches/python-pygit2-disable-network-tests.patch
index e46d244807..5578e4c375 100644
--- a/gnu/packages/patches/python-pygit2-disable-network-tests.patch
+++ b/gnu/packages/patches/python-pygit2-disable-network-tests.patch
@@ -1,64 +1,43 @@
 Disable tests trying to look up remote servers.
 
 diff --git a/test/test_credentials.py b/test/test_credentials.py
-index 92482d9..9a281e5 100644
 --- a/test/test_credentials.py
 +++ b/test/test_credentials.py
-@@ -68,39 +68,5 @@ class CredentialCreateTest(utils.NoRepoTestCase):
+@@ -68,6 +68,7 @@ class CredentialCreateTest(utils.NoRepoTestCase):
          self.assertEqual((username, None, None, None), cred.credential_tuple)
  
  
--class CredentialCallback(utils.RepoTestCase):
--    def test_callback(self):
--        class MyCallbacks(pygit2.RemoteCallbacks):
--            @staticmethod
--            def credentials(url, username, allowed):
--                self.assertTrue(allowed & GIT_CREDTYPE_USERPASS_PLAINTEXT)
--                raise Exception("I don't know the password")
--
--        url = "https://github.com/github/github"
--        remote = self.repo.create_remote("github", url)
--
--        self.assertRaises(Exception, lambda: remote.fetch(callbacks=MyCallbacks()))
--
--    def test_bad_cred_type(self):
--        class MyCallbacks(pygit2.RemoteCallbacks):
--            @staticmethod
--            def credentials(url, username, allowed):
--                self.assertTrue(allowed & GIT_CREDTYPE_USERPASS_PLAINTEXT)
--                return Keypair("git", "foo.pub", "foo", "sekkrit")
--
--        url = "https://github.com/github/github"
--        remote = self.repo.create_remote("github", url)
--        self.assertRaises(TypeError, lambda: remote.fetch(callbacks=MyCallbacks()))
--
--class CallableCredentialTest(utils.RepoTestCase):
--
--    def test_user_pass(self):
--        credentials = UserPass("libgit2", "libgit2")
--        callbacks = pygit2.RemoteCallbacks(credentials=credentials)
--
--        url = "https://bitbucket.org/libgit2/testgitrepository.git"
--        remote = self.repo.create_remote("bb", url)
--        remote.fetch(callbacks=callbacks)
--
- if __name__ == '__main__':
-     unittest.main()
++@unittest.skipIf(True, "network tests are not supported in Guix")
+ class CredentialCallback(utils.RepoTestCase):
+     def test_callback(self):
+         class MyCallbacks(pygit2.RemoteCallbacks):
+@@ -92,6 +93,7 @@ class CredentialCallback(utils.RepoTestCase):
+         remote = self.repo.create_remote("github", url)
+         self.assertRaises(TypeError, lambda: remote.fetch(callbacks=MyCallbacks()))
+ 
++@unittest.skipIf(True, "network tests are not supported in Guix")
+ class CallableCredentialTest(utils.RepoTestCase):
+ 
+     def test_user_pass(self):
 diff --git a/test/test_repository.py b/test/test_repository.py
-index cfdf01e..c0d8de4 100644
 --- a/test/test_repository.py
 +++ b/test/test_repository.py
-@@ -538,13 +538,6 @@ class CloneRepositoryTest(utils.NoRepoTestCase):
+@@ -573,6 +573,7 @@ class CloneRepositoryTest(utils.NoRepoTestCase):
          self.assertTrue('refs/remotes/custom_remote/master' in repo.listall_references())
          self.assertIsNotNone(repo.remotes["custom_remote"])
  
--    def test_clone_with_credentials(self):
--        repo = clone_repository(
--            "https://bitbucket.org/libgit2/testgitrepository.git",
--            self._temp_dir, callbacks=pygit2.RemoteCallbacks(credentials=pygit2.UserPass("libgit2", "libgit2")))
--
--        self.assertFalse(repo.is_empty)
--
-     def test_clone_with_checkout_branch(self):
-         # create a test case which isolates the remote
-         test_repo = clone_repository('./test/data/testrepo.git',
++    @unittest.skipIf(True, "network tests are not supported in Guix")
+     def test_clone_with_credentials(self):
+         repo = clone_repository(
+             "https://bitbucket.org/libgit2/testgitrepository.git",
+diff --git a/test/test_submodule.py b/test/test_submodule.py
+--- a/test/test_submodule.py
++++ b/test/test_submodule.py
+@@ -42,6 +42,7 @@ SUBM_PATH = 'submodule'
+ SUBM_URL = 'https://github.com/libgit2/pygit2'
+ SUBM_HEAD_SHA = '819cbff552e46ac4b8d10925cc422a30aa04e78e'
+ 
++@unittest.skipIf(True, "network tests are not supported in Guix")
+ class SubmoduleTest(utils.SubmoduleRepoTestCase):
+ 
+     def test_lookup_submodule(self):
diff --git a/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch b/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch
deleted file mode 100644
index 06b2f4fe03..0000000000
--- a/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Resolves a test failure on 32-bit platforms.
-
-https://github.com/pyca/pyopenssl/issues/657
-
-Patch copied from upstream source repository:
-
-https://github.com/pyca/pyopenssl/commit/ecc0325479c0d5c5f2ca88b4550e87cdb59d6c95
-
-From ecc0325479c0d5c5f2ca88b4550e87cdb59d6c95 Mon Sep 17 00:00:00 2001
-From: Alex Gaynor <alex.gaynor@gmail.com>
-Date: Thu, 6 Jul 2017 22:14:44 -0400
-Subject: [PATCH] Fixed #657 -- handle OverflowErrors on large allocation
- requests
-
----
- tests/test_rand.py | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/tests/test_rand.py b/tests/test_rand.py
-index bdd3af08..6adf72a1 100644
---- a/tests/test_rand.py
-+++ b/tests/test_rand.py
-@@ -32,10 +32,10 @@ def test_bytes_wrong_args(self, args):
- 
-     def test_insufficient_memory(self):
-         """
--        `OpenSSL.rand.bytes` raises `MemoryError` if more bytes are requested
--        than will fit in memory.
-+        `OpenSSL.rand.bytes` raises `MemoryError` or `OverflowError` if more
-+        bytes are requested than will fit in memory.
-         """
--        with pytest.raises(MemoryError):
-+        with pytest.raises((MemoryError, OverflowError)):
-             rand.bytes(sys.maxsize)
- 
-     def test_bytes(self):
diff --git a/gnu/packages/patches/qemu-CVE-2017-10664.patch b/gnu/packages/patches/qemu-CVE-2017-10664.patch
new file mode 100644
index 0000000000..2b60de3dca
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-10664.patch
@@ -0,0 +1,27 @@
+Fix CVE-2017-10664:
+
+https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02693.html
+https://bugzilla.redhat.com/show_bug.cgi?id=1466190
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10664
+https://security-tracker.debian.org/tracker/CVE-2017-10664
+
+Patch copied from upstream source repository:
+
+https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commitdiff;h=041e32b8d9d076980b4e35317c0339e57ab888f1
+
+diff --git a/qemu-nbd.c b/qemu-nbd.c
+index 9464a0461c..4dd3fd4732 100644
+--- a/qemu-nbd.c
++++ b/qemu-nbd.c
+@@ -581,6 +581,10 @@ int main(int argc, char **argv)
+     sa_sigterm.sa_handler = termsig_handler;
+     sigaction(SIGTERM, &sa_sigterm, NULL);
+ 
++#ifdef CONFIG_POSIX
++    signal(SIGPIPE, SIG_IGN);
++#endif
++
+     module_call_init(MODULE_INIT_TRACE);
+     qcrypto_init(&error_fatal);
+ 
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-10806.patch b/gnu/packages/patches/qemu-CVE-2017-10806.patch
new file mode 100644
index 0000000000..ebf782fe7b
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-10806.patch
@@ -0,0 +1,38 @@
+Fix CVE-2017-10806:
+
+https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html
+https://bugzilla.redhat.com/show_bug.cgi?id=1468496
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10806
+https://security-tracker.debian.org/tracker/CVE-2017-10806
+
+Patch copied from upstream source repository:
+
+https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=bd4a683505b27adc1ac809f71e918e58573d851d
+
+diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
+index b001a27f05..ad5ef783a6 100644
+--- a/hw/usb/redirect.c
++++ b/hw/usb/redirect.c
+@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg)
+ static void usbredir_log_data(USBRedirDevice *dev, const char *desc,
+     const uint8_t *data, int len)
+ {
+-    int i, j, n;
+-
+     if (dev->debug < usbredirparser_debug_data) {
+         return;
+     }
+-
+-    for (i = 0; i < len; i += j) {
+-        char buf[128];
+-
+-        n = sprintf(buf, "%s", desc);
+-        for (j = 0; j < 8 && i + j < len; j++) {
+-            n += sprintf(buf + n, " %02X", data[i + j]);
+-        }
+-        error_report("%s", buf);
+-    }
++    qemu_hexdump((char *)data, stderr, desc, len);
+ }
+ 
+ /*
diff --git a/gnu/packages/patches/qemu-CVE-2017-10911.patch b/gnu/packages/patches/qemu-CVE-2017-10911.patch
new file mode 100644
index 0000000000..1dcb860a2d
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-10911.patch
@@ -0,0 +1,106 @@
+Fix CVE-2017-10911:
+
+https://xenbits.xen.org/xsa/advisory-216.html
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10911
+https://security-tracker.debian.org/tracker/CVE-2017-10911
+
+Patch copied from Xen Security Advisory:
+
+https://xenbits.xen.org/xsa/xsa216-qemuu.patch
+
+--- a/hw/block/xen_blkif.h
++++ b/hw/block/xen_blkif.h
+@@ -14,9 +14,6 @@
+ struct blkif_common_request {
+     char dummy;
+ };
+-struct blkif_common_response {
+-    char dummy;
+-};
+ 
+ /* i386 protocol version */
+ #pragma pack(push, 4)
+@@ -36,13 +33,7 @@ struct blkif_x86_32_request_discard {
+     blkif_sector_t sector_number;    /* start sector idx on disk (r/w only)  */
+     uint64_t       nr_sectors;       /* # of contiguous sectors to discard   */
+ };
+-struct blkif_x86_32_response {
+-    uint64_t        id;              /* copied from request */
+-    uint8_t         operation;       /* copied from request */
+-    int16_t         status;          /* BLKIF_RSP_???       */
+-};
+ typedef struct blkif_x86_32_request blkif_x86_32_request_t;
+-typedef struct blkif_x86_32_response blkif_x86_32_response_t;
+ #pragma pack(pop)
+ 
+ /* x86_64 protocol version */
+@@ -62,20 +53,14 @@ struct blkif_x86_64_request_discard {
+     blkif_sector_t sector_number;    /* start sector idx on disk (r/w only)  */
+     uint64_t       nr_sectors;       /* # of contiguous sectors to discard   */
+ };
+-struct blkif_x86_64_response {
+-    uint64_t       __attribute__((__aligned__(8))) id;
+-    uint8_t         operation;       /* copied from request */
+-    int16_t         status;          /* BLKIF_RSP_???       */
+-};
+ typedef struct blkif_x86_64_request blkif_x86_64_request_t;
+-typedef struct blkif_x86_64_response blkif_x86_64_response_t;
+ 
+ DEFINE_RING_TYPES(blkif_common, struct blkif_common_request,
+-                  struct blkif_common_response);
++                  struct blkif_response);
+ DEFINE_RING_TYPES(blkif_x86_32, struct blkif_x86_32_request,
+-                  struct blkif_x86_32_response);
++                  struct blkif_response QEMU_PACKED);
+ DEFINE_RING_TYPES(blkif_x86_64, struct blkif_x86_64_request,
+-                  struct blkif_x86_64_response);
++                  struct blkif_response);
+ 
+ union blkif_back_rings {
+     blkif_back_ring_t        native;
+--- a/hw/block/xen_disk.c
++++ b/hw/block/xen_disk.c
+@@ -769,31 +769,30 @@ static int blk_send_response_one(struct
+     struct XenBlkDev  *blkdev = ioreq->blkdev;
+     int               send_notify   = 0;
+     int               have_requests = 0;
+-    blkif_response_t  resp;
+-    void              *dst;
+-
+-    resp.id        = ioreq->req.id;
+-    resp.operation = ioreq->req.operation;
+-    resp.status    = ioreq->status;
++    blkif_response_t  *resp;
+ 
+     /* Place on the response ring for the relevant domain. */
+     switch (blkdev->protocol) {
+     case BLKIF_PROTOCOL_NATIVE:
+-        dst = RING_GET_RESPONSE(&blkdev->rings.native, blkdev->rings.native.rsp_prod_pvt);
++        resp = RING_GET_RESPONSE(&blkdev->rings.native,
++                                 blkdev->rings.native.rsp_prod_pvt);
+         break;
+     case BLKIF_PROTOCOL_X86_32:
+-        dst = RING_GET_RESPONSE(&blkdev->rings.x86_32_part,
+-                                blkdev->rings.x86_32_part.rsp_prod_pvt);
++        resp = RING_GET_RESPONSE(&blkdev->rings.x86_32_part,
++                                 blkdev->rings.x86_32_part.rsp_prod_pvt);
+         break;
+     case BLKIF_PROTOCOL_X86_64:
+-        dst = RING_GET_RESPONSE(&blkdev->rings.x86_64_part,
+-                                blkdev->rings.x86_64_part.rsp_prod_pvt);
++        resp = RING_GET_RESPONSE(&blkdev->rings.x86_64_part,
++                                 blkdev->rings.x86_64_part.rsp_prod_pvt);
+         break;
+     default:
+-        dst = NULL;
+         return 0;
+     }
+-    memcpy(dst, &resp, sizeof(resp));
++
++    resp->id        = ioreq->req.id;
++    resp->operation = ioreq->req.operation;
++    resp->status    = ioreq->status;
++
+     blkdev->rings.common.rsp_prod_pvt++;
+ 
+     RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&blkdev->rings.common, send_notify);
diff --git a/gnu/packages/patches/qemu-CVE-2017-11334.patch b/gnu/packages/patches/qemu-CVE-2017-11334.patch
new file mode 100644
index 0000000000..cb68c803aa
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-11334.patch
@@ -0,0 +1,52 @@
+Fix CVE-2017-11334:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1471638
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11334
+
+Patch copied from upstream source repository:
+
+http://git.qemu.org/?p=qemu.git;a=commitdiff;h=04bf2526ce87f21b32c9acba1c5518708c243ad0
+
+From 04bf2526ce87f21b32c9acba1c5518708c243ad0 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Wed, 12 Jul 2017 18:08:40 +0530
+Subject: [PATCH] exec: use qemu_ram_ptr_length to access guest ram
+
+When accessing guest's ram block during DMA operation, use
+'qemu_ram_ptr_length' to get ram block pointer. It ensures
+that DMA operation of given length is possible; And avoids
+any OOB memory access situations.
+
+Reported-by: Alex <broscutamaker@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-Id: <20170712123840.29328-1-ppandit@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ exec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/exec.c b/exec.c
+index a083ff89ad..ad103ce483 100644
+--- a/exec.c
++++ b/exec.c
+@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
+             }
+         } else {
+             /* RAM case */
+-            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
++            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
+             memcpy(ptr, buf, l);
+             invalidate_and_set_dirty(mr, addr1, l);
+         }
+@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
+             }
+         } else {
+             /* RAM case */
+-            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
++            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
+             memcpy(buf, ptr, l);
+         }
+ 
+-- 
+2.13.3
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-11434.patch b/gnu/packages/patches/qemu-CVE-2017-11434.patch
new file mode 100644
index 0000000000..4da701a73d
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-11434.patch
@@ -0,0 +1,25 @@
+Fix CVE-2017-11434:
+
+https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html
+https://bugzilla.redhat.com/show_bug.cgi?id=1472611
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11434
+https://security-tracker.debian.org/tracker/CVE-2017-11434
+
+Patch copied from upstream source repository:
+
+https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=413d463f43fbc4dd3a601e80a5724aa384a265a0
+
+diff --git a/slirp/bootp.c b/slirp/bootp.c
+index 5a4646c182..5dd1a415b5 100644
+--- a/slirp/bootp.c
++++ b/slirp/bootp.c
+@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
+             if (p >= p_end)
+                 break;
+             len = *p++;
++            if (p + len > p_end) {
++                break;
++            }
+             DPRINTF("dhcp: tag=%d len=%d\n", tag, len);
+ 
+             switch(tag) {
diff --git a/gnu/packages/patches/qemu-CVE-2017-12809.patch b/gnu/packages/patches/qemu-CVE-2017-12809.patch
new file mode 100644
index 0000000000..e40a14b4e0
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-12809.patch
@@ -0,0 +1,38 @@
+http://openwall.com/lists/oss-security/2017/08/21/2
+https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html
+
+The block backend changed in a way that flushing empty CDROM drives now
+crashes.  Amend IDE to avoid doing so until the root problem can be
+addressed for 2.11.
+
+Original patch by John Snow <address@hidden>.
+
+Reported-by: Kieron Shorrock <address@hidden>
+Signed-off-by: Stefan Hajnoczi <address@hidden>
+---
+ hw/ide/core.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/hw/ide/core.c b/hw/ide/core.c
+index 0b48b64d3a..bea39536b0 100644
+--- a/hw/ide/core.c
++++ b/hw/ide/core.c
+@@ -1063,7 +1063,15 @@ static void ide_flush_cache(IDEState *s)
+     s->status |= BUSY_STAT;
+     ide_set_retry(s);
+     block_acct_start(blk_get_stats(s->blk), &s->acct, 0, BLOCK_ACCT_FLUSH);
+-    s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s);
++
++    if (blk_bs(s->blk)) {
++        s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s);
++    } else {
++        /* XXX blk_aio_flush() crashes when blk_bs(blk) is NULL, remove this
++         * temporary workaround when blk_aio_*() functions handle NULL blk_bs.
++         */
++        ide_flush_cb(s, 0);
++    }
+ }
+      
+ static void ide_cfata_metadata_inquiry(IDEState *s)
+-- 
+2.13.3
diff --git a/gnu/packages/patches/quassel-fix-tls-check.patch b/gnu/packages/patches/quassel-fix-tls-check.patch
new file mode 100644
index 0000000000..057bc02a14
--- /dev/null
+++ b/gnu/packages/patches/quassel-fix-tls-check.patch
@@ -0,0 +1,25 @@
+This allows quasselclient to connect to SSL-enabled quasselcore instances.
+
+The check in qglobal.h requires -fPIC (not -fPIE as it is now). When this check
+fails SSL / TLS is disabled.
+
+This patch comes from the upstream source repository [0] and can be
+removed when the next version is packaged.
+
+[0] https://github.com/quassel/quassel/commit/4768c9e99f99b581d4e32e797db91d0182391696
+
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -428,6 +428,11 @@ endif()
+ cmake_push_check_state(RESET)
+ set(CMAKE_REQUIRED_INCLUDES ${QT_INCLUDES} ${Qt5Core_INCLUDE_DIRS})
+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${Qt5Core_EXECUTABLE_COMPILE_FLAGS}")
++
++if (USE_QT5 AND Qt5_POSITION_INDEPENDENT_CODE)
++    set(CMAKE_REQUIRED_FLAGS "-fPIC -DQT_NO_VERSION_TAGGING")
++endif()
++
+ check_cxx_source_compiles("
+     #include \"qglobal.h\"
+     #if defined QT_NO_SSL
+
diff --git a/gnu/packages/patches/rpm-CVE-2014-8118.patch b/gnu/packages/patches/rpm-CVE-2014-8118.patch
deleted file mode 100644
index 5fdb0f0eb2..0000000000
--- a/gnu/packages/patches/rpm-CVE-2014-8118.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Fix CVE-2014-8118 (integer overflow allowing arbitrary remote code
-execution via crafted CPIO header).
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118
-
-Source:
-https://bugzilla.redhat.com/attachment.cgi?id=962159&action=diff
-
-Adopted by Debian:
-http://anonscm.debian.org/cgit/collab-maint/rpm.git/plain/debian/patches/CVE-2014-8118.patch
-
-diff --git a/lib/cpio.c b/lib/cpio.c
-index 253ff0f..600633a 100644
---- a/lib/cpio.c
-+++ b/lib/cpio.c
-@@ -399,6 +399,9 @@ int rpmcpioHeaderRead(rpmcpio_t cpio, char ** path, int * fx)
- 
-     GET_NUM_FIELD(hdr.filesize, fsize);
-     GET_NUM_FIELD(hdr.namesize, nameSize);
-+    if (nameSize <= 0 || nameSize > 4096) {
-+        return RPMERR_BAD_HEADER;
-+    }
- 
-     char name[nameSize + 1];
-     read = Fread(name, nameSize, 1, cpio->fd);
diff --git a/gnu/packages/patches/ruby-puma-ignore-broken-test.patch b/gnu/packages/patches/ruby-puma-ignore-broken-test.patch
deleted file mode 100644
index 8961ffa4ca..0000000000
--- a/gnu/packages/patches/ruby-puma-ignore-broken-test.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/test/test_cli.rb b/test/test_cli.rb
-index 9c515c6..6bd439f 100644
---- a/test/test_cli.rb
-+++ b/test/test_cli.rb
-@@ -88,7 +88,7 @@ class TestCLI < Test::Unit::TestCase
-     s << "GET /stats HTTP/1.0\r\n\r\n"
-     body = s.read
- 
--    assert_match(/\{ "workers": 2, "phase": 0, "booted_workers": 0, "old_workers": 0, "worker_status": \[\{ "pid": \d+, "index": 0, "phase": 0, "booted": false, "last_checkin": "[^"]+", "last_status": \{\} \},\{ "pid": \d+, "index": 1, "phase": 0, "booted": false, "last_checkin": "[^"]+", "last_status": \{\} \}\] \}/, body.split("\r\n").last)
-+    #assert_match(/\{ "workers": 2, "phase": 0, "booted_workers": 0, "old_workers": 0, "worker_status": \[\{ "pid": \d+, "index": 0, "phase": 0, "booted": false, "last_checkin": "[^"]+", "last_status": \{\} \},\{ "pid": \d+, "index": 1, "phase": 0, "booted": false, "last_checkin": "[^"]+", "last_status": \{\} \}\] \}/, body.split("\r\n").last)
- 
-     # wait until the first status ping has come through
-     sleep 6
diff --git a/gnu/packages/patches/shishi-fix-libgcrypt-detection.patch b/gnu/packages/patches/shishi-fix-libgcrypt-detection.patch
new file mode 100644
index 0000000000..3db42feac9
--- /dev/null
+++ b/gnu/packages/patches/shishi-fix-libgcrypt-detection.patch
@@ -0,0 +1,32 @@
+Fix building of Shishi with libgcrypt 1.6 and later.
+
+Patch copied from Debian:
+
+https://anonscm.debian.org/cgit/collab-maint/shishi.git/tree/debian/patches/fix_gcrypt_detection.diff?id=948301ae648a542a408da250755aeed58a6e3542
+
+Description: Fix autoconf gnutls detection to also accept gcrypt 1.6.
+Author: Andreas Metzler <ametzler@debian.org>
+Bug-Debian: http://bugs.debian.org/753150
+Origin: vendor
+Forwarded: no
+Last-Update: 2014-07-18
+
+--- shishi-1.0.2.orig/gl/m4/gc.m4
++++ shishi-1.0.2/gl/m4/gc.m4
+@@ -12,10 +12,12 @@ AC_DEFUN([gl_GC],
+   if test "$libgcrypt" != no; then
+     AC_LIB_HAVE_LINKFLAGS([gcrypt], [gpg-error], [
+ #include <gcrypt.h>
+-/* GCRY_MODULE_ID_USER was added in 1.4.4 and gc-libgcrypt.c
+-   will fail on startup if we don't have 1.4.4 or later, so
+-   test for it early. */
+-#if !defined GCRY_MODULE_ID_USER
++/* gc-libgcrypt.c will fail on startup if we don't have libgcrypt 1.4.4 or
++   later, test for it early. by checking for either
++   - GCRY_MODULE_ID_USER which was added in 1.4.4 and dropped in 1.6 or
++   - GCRYPT_VERSION_NUMBER which was added in 1.6.
++   */
++#if !defined GCRY_MODULE_ID_USER && !defined GCRYPT_VERSION_NUMBER
+ error too old libgcrypt
+ #endif
+ ])
diff --git a/gnu/packages/patches/sooperlooper-build-with-wx-30.patch b/gnu/packages/patches/sooperlooper-build-with-wx-30.patch
new file mode 100644
index 0000000000..43f4b9be69
--- /dev/null
+++ b/gnu/packages/patches/sooperlooper-build-with-wx-30.patch
@@ -0,0 +1,179 @@
+Downloaded from https://anonscm.debian.org/cgit/pkg-multimedia/sooperlooper.git/plain/debian/patches/04-build_with_wx_30.patch -O gnu/packages/patches/sooperlooper-build-with-wx-30.patch
+
+Author: Jaromír Mikeš <mira.mikes@seznam.cz>, Olly Betts <olly@survex.com>
+Description: build against wx 3.0.
+Forwarded: yes
+
+Index: sooperlooper/src/gui/main_panel.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/main_panel.cpp
++++ sooperlooper/src/gui/main_panel.cpp
+@@ -448,7 +448,7 @@ MainPanel::init_loopers (int count)
+ 		while (count < (int)_looper_panels.size()) {
+ 			looperpan = _looper_panels.back();
+ 			_looper_panels.pop_back();
+-			_main_sizer->Remove(looperpan);
++			_main_sizer->Detach(looperpan);
+ 			looperpan->Destroy();
+ 		}
+ 	}
+@@ -1277,7 +1277,7 @@ void MainPanel::misc_action (bool releas
+ 		}
+ 
+ 
+-		wxString filename = do_file_selector (wxT("Choose file to save loop"), wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"),  wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT);
++		wxString filename = do_file_selector (wxT("Choose file to save loop"), wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"),  wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT);
+ 		
+ 		if ( !filename.empty() )
+ 		{
+@@ -1296,7 +1296,7 @@ void MainPanel::misc_action (bool releas
+ 			index = 0;
+ 		}
+ 
+-		wxString filename = do_file_selector (wxT("Choose file to open"), wxT(""), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR);
++		wxString filename = do_file_selector (wxT("Choose file to open"), wxT(""), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR);
+ 		
+ 		if ( !filename.empty() )
+ 		{
+@@ -1408,7 +1408,7 @@ void MainPanel::set_curr_loop (int index
+ 
+ void MainPanel::do_load_session ()
+ {
+-	wxString filename = do_file_selector (wxT("Choose session to load"), wxT("*.slsess"), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR);
++	wxString filename = do_file_selector (wxT("Choose session to load"), wxT("*.slsess"), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR);
+ 	
+ 	if ( !filename.empty() )
+ 	{
+@@ -1419,7 +1419,7 @@ void MainPanel::do_load_session ()
+ 
+ void MainPanel::do_save_session (bool write_audio)
+ {
+-	wxString filename = do_file_selector (wxT("Choose file to save session"), wxT("slsess"), wxT("*.slsess"), wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT);
++	wxString filename = do_file_selector (wxT("Choose file to save session"), wxT("slsess"), wxT("*.slsess"), wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT);
+ 	
+ 	if ( !filename.empty() )
+ 	{
+Index: sooperlooper/src/gui/pix_button.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/pix_button.cpp
++++ sooperlooper/src/gui/pix_button.cpp
+@@ -250,7 +250,7 @@ PixButton::OnMouseEvents (wxMouseEvent &
+ 		pt.x += bounds.x;
+ 		pt.y += bounds.y;
+ 
+-		if (bounds.Inside(pt)) {
++		if (bounds.Contains(pt)) {
+ 			clicked (get_mouse_button(ev)); // emit
+ 
+ 			if (ev.MiddleUp() && ev.ControlDown()) {
+Index: sooperlooper/src/gui/looper_panel.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/looper_panel.cpp
++++ sooperlooper/src/gui/looper_panel.cpp
+@@ -1428,7 +1428,7 @@ LooperPanel::clicked_events (int button,
+ 	if (cmd == wxT("save"))
+ 	{
+ 		wxString filename = _mainpanel->do_file_selector (wxT("Choose file to save loop"),
+-											      wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"),  wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT);
++											      wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"),  wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT);
+ 		
+ 		if ( !filename.empty() )
+ 		{
+@@ -1442,7 +1442,7 @@ LooperPanel::clicked_events (int button,
+ 	}
+ 	else if (cmd == wxT("load"))
+ 	{
+-		wxString filename = _mainpanel->do_file_selector(wxT("Choose file to open"), wxT(""), wxT("Audio files (*.wav,*.aif)|*.wav;*.WAV;*.Wav;*.aif;*.aiff;*.AIF;*.AIFF|All files (*.*)|*.*"), wxOPEN|wxCHANGE_DIR);
++		wxString filename = _mainpanel->do_file_selector(wxT("Choose file to open"), wxT(""), wxT("Audio files (*.wav,*.aif)|*.wav;*.WAV;*.Wav;*.aif;*.aiff;*.AIF;*.AIFF|All files (*.*)|*.*"), wxFD_OPEN|wxFD_CHANGE_DIR);
+ 		
+ 		if ( !filename.empty() )
+ 		{
+Index: sooperlooper/src/gui/keyboard_target.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/keyboard_target.cpp
++++ sooperlooper/src/gui/keyboard_target.cpp
+@@ -553,10 +553,10 @@ KeyboardTarget::keycode_from_name (const
+                         keycode = WXK_RETURN;
+                     }
+                     else if ( keyname == wxT("PGUP") ) {
+-                        keycode = WXK_PRIOR;
++                        keycode = WXK_PAGEUP;
+                     }
+                     else if ( keyname == wxT("PGDN") ) {
+-                        keycode = WXK_NEXT;
++                        keycode = WXK_PAGEDOWN;
+                     }
+                     else if ( keyname == wxT("LEFT") ) {
+                         keycode = WXK_LEFT;
+@@ -630,10 +630,10 @@ wxString KeyboardTarget::name_from_keyco
+ 	case WXK_RETURN:
+ 		text += wxT("return");
+ 		break;
+-	case WXK_PRIOR:
++	case WXK_PAGEUP:
+ 		text += wxT("pageup");
+ 		break;
+-	case WXK_NEXT:
++	case WXK_PAGEDOWN:
+ 		text += wxT("pagedown");
+ 		break;
+ 	case WXK_LEFT:
+Index: sooperlooper/src/gui/check_box.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/check_box.cpp
++++ sooperlooper/src/gui/check_box.cpp
+@@ -237,7 +237,7 @@ CheckBox::OnMouseEvents (wxMouseEvent &e
+ 	}
+ 	else if (ev.LeftUp())
+ 	{
+-		if (bounds.Inside(ev.GetPosition())) {
++		if (bounds.Contains(ev.GetPosition())) {
+ 			// toggle value
+ 			_value = !_value;
+ 		
+Index: sooperlooper/src/gui/midi_bind_panel.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/midi_bind_panel.cpp
++++ sooperlooper/src/gui/midi_bind_panel.cpp
+@@ -880,7 +880,7 @@ void MidiBindPanel::on_button (wxCommand
+ 	}
+ 	else if (ev.GetId() == ID_LoadButton)
+ 	{
+-		wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to open"), wxT(""), wxT("*.slb"), wxOPEN|wxCHANGE_DIR);
++		wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to open"), wxT(""), wxT("*.slb"), wxFD_OPEN|wxFD_CHANGE_DIR);
+ 		if ( !filename.empty() )
+ 		{
+ 			_parent->get_loop_control().load_midi_bindings(filename,  _append_check->GetValue());
+@@ -888,7 +888,7 @@ void MidiBindPanel::on_button (wxCommand
+ 	}
+ 	else if (ev.GetId() == ID_SaveButton)
+ 	{
+-		wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to save"), wxT(""), wxT("*.slb"), wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT);
++		wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to save"), wxT(""), wxT("*.slb"), wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT);
+ 
+ 		if ( !filename.empty() )
+ 		{
+Index: sooperlooper/src/gui/config_panel.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/config_panel.cpp
++++ sooperlooper/src/gui/config_panel.cpp
+@@ -378,7 +378,7 @@ void ConfigPanel::on_button (wxCommandEv
+ 	else if (ev.GetId() == ID_MidiBrowseButton) {
+ 		
+ 		_parent->get_keyboard().set_enabled(false);
+-		wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to use"), wxT(""), wxT("*.slb"), wxOPEN|wxCHANGE_DIR);
++		wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to use"), wxT(""), wxT("*.slb"), wxFD_OPEN|wxFD_CHANGE_DIR);
+ 		_parent->get_keyboard().set_enabled(true);
+ 		
+ 		if ( !filename.empty() )
+@@ -389,8 +389,8 @@ void ConfigPanel::on_button (wxCommandEv
+ 	else if (ev.GetId() == ID_SessionBrowseButton) {
+ 		
+ 		_parent->get_keyboard().set_enabled(false);
+-		wxString filename = _parent->do_file_selector(wxT("Choose session file to use"), wxT(""), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR);
+-		//wxString filename = wxFileSelector(wxT("Choose session file to use"), wxT(""), wxT(""), wxT(""), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR);
++		wxString filename = _parent->do_file_selector(wxT("Choose session file to use"), wxT(""), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR);
++		//wxString filename = wxFileSelector(wxT("Choose session file to use"), wxT(""), wxT(""), wxT(""), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR);
+ 		_parent->get_keyboard().set_enabled(true);
+ 		
+ 		if ( !filename.empty() )
diff --git a/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch b/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch
new file mode 100644
index 0000000000..db3c56861b
--- /dev/null
+++ b/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch
@@ -0,0 +1,42 @@
+https://github.com/supertuxkart/stk-code/commit/5e05f1178ce6bc5f3a653b55ab3dc6d016196341.patch
+
+From 5e05f1178ce6bc5f3a653b55ab3dc6d016196341 Mon Sep 17 00:00:00 2001
+From: Deve <deveee@gmail.com>
+Date: Mon, 3 Oct 2016 23:26:09 +0200
+Subject: [PATCH] Fixed compiler error on Linux with non-x86 64bit platforms,
+ e.g. arm64, mips, and s390x architectures
+
+This modification is already applied in upstream angelscript repository:
+https://sourceforge.net/p/angelscript/code/2353/
+
+Thanks to Adrian Bunk and Andreas Jonsson
+---
+ lib/angelscript/projects/cmake/CMakeLists.txt | 1 +
+ lib/angelscript/source/as_config.h            | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/angelscript/projects/cmake/CMakeLists.txt b/lib/angelscript/projects/cmake/CMakeLists.txt
+index e93971315e..755d8378c3 100644
+--- a/lib/angelscript/projects/cmake/CMakeLists.txt
++++ b/lib/angelscript/projects/cmake/CMakeLists.txt
+@@ -67,6 +67,7 @@ set(ANGELSCRIPT_SOURCE
+     ../../source/as_builder.cpp
+     ../../source/as_bytecode.cpp
+     ../../source/as_callfunc.cpp
++    ../../source/as_callfunc_mips.cpp
+     ../../source/as_callfunc_x86.cpp
+     ../../source/as_callfunc_x64_gcc.cpp
+     ../../source/as_callfunc_x64_msvc.cpp
+diff --git a/lib/angelscript/source/as_config.h b/lib/angelscript/source/as_config.h
+index cb05bffbd5..5bb5b8e800 100644
+--- a/lib/angelscript/source/as_config.h
++++ b/lib/angelscript/source/as_config.h
+@@ -844,7 +844,7 @@
+ 			#define THISCALL_PASS_OBJECT_POINTER_ON_THE_STACK
+ 			#define AS_X86
+ 			#undef AS_NO_THISCALL_FUNCTOR_METHOD
+-		#elif defined(__LP64__) && !defined(__arm64__)
++		#elif defined(__x86_64__)
+ 			#define AS_X64_GCC
+ 			#undef AS_NO_THISCALL_FUNCTOR_METHOD
+ 			#define HAS_128_BIT_PRIMITIVES
diff --git a/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch b/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch
deleted file mode 100644
index 3a9ae993f6..0000000000
--- a/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Fix CVE-2016-10243:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10243
-
-Patch adapted from upstream commit:
-
-https://www.tug.org/svn/texlive?view=revision&revision=42605
-
---- trunk/Master/texmf-dist/web2c/texmf.cnf	2016/11/29 23:10:33	42604
-+++ trunk/Master/texmf-dist/web2c/texmf.cnf	2016/11/29 23:27:53	42605
-@@ -568,7 +568,6 @@ extractbb,\
- gregorio,\
- kpsewhich,\
- makeindex,\
--mpost,\
- repstopdf,\
- 
- % we'd like to allow:
diff --git a/gnu/packages/patches/vinagre-revert-1.patch b/gnu/packages/patches/vinagre-revert-1.patch
new file mode 100644
index 0000000000..5a983770b7
--- /dev/null
+++ b/gnu/packages/patches/vinagre-revert-1.patch
@@ -0,0 +1,56 @@
+Patch taken from Debian: revert changes that prevent building against freerdp
+version 1.1 branch.
+
+From 8ebc0685b85e0d1f70eb00171f2e7712de3d44bd Mon Sep 17 00:00:00 2001
+From: Michael Biebl <biebl@debian.org>
+Date: Thu, 22 Sep 2016 01:15:55 +0200
+Subject: [PATCH 1/2] Revert "Improve FreeRDP authentication failure handling"
+
+This reverts commit d7b4f88943e8615d252d27e1efc58cb64a9e1821.
+---
+ plugins/rdp/vinagre-rdp-tab.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/plugins/rdp/vinagre-rdp-tab.c b/plugins/rdp/vinagre-rdp-tab.c
+index b731f9b..8572bc3 100644
+--- a/plugins/rdp/vinagre-rdp-tab.c
++++ b/plugins/rdp/vinagre-rdp-tab.c
+@@ -1195,8 +1195,8 @@ open_freerdp (VinagreRdpTab *rdp_tab)
+   VinagreTab           *tab = VINAGRE_TAB (rdp_tab);
+   GtkWindow            *window = GTK_WINDOW (vinagre_tab_get_window (tab));
+   gboolean              success = TRUE;
++  gboolean              authentication_error = FALSE;
+   gboolean              cancelled = FALSE;
+-  guint                 authentication_errors = 0;
+ 
+   priv->events = g_queue_new ();
+ 
+@@ -1205,12 +1205,14 @@ open_freerdp (VinagreRdpTab *rdp_tab)
+ 
+   do
+     {
++      authentication_error = FALSE;
++
+       /* Run FreeRDP session */
+       success = freerdp_connect (priv->freerdp_session);
+       if (!success)
+         {
+-          authentication_errors += freerdp_get_last_error (priv->freerdp_session->context) == 0x20009 ||
+-                                   freerdp_get_last_error (priv->freerdp_session->context) == 0x2000c;
++          authentication_error = freerdp_get_last_error (priv->freerdp_session->context) == 0x20009 ||
++                                 freerdp_get_last_error (priv->freerdp_session->context) == 0x2000c;
+ 
+           cancelled = freerdp_get_last_error (priv->freerdp_session->context) == 0x2000b;
+ 
+@@ -1218,7 +1220,7 @@ open_freerdp (VinagreRdpTab *rdp_tab)
+           init_freerdp (rdp_tab);
+         }
+     }
+-  while (!success && authentication_errors < 3);
++  while (!success && authentication_error);
+ 
+   if (!success)
+     {
+-- 
+2.9.3
+
diff --git a/gnu/packages/patches/vinagre-revert-2.patch b/gnu/packages/patches/vinagre-revert-2.patch
new file mode 100644
index 0000000000..686ee203e4
--- /dev/null
+++ b/gnu/packages/patches/vinagre-revert-2.patch
@@ -0,0 +1,448 @@
+Patch taken from Debian: revert changes that prevent building against freerdp
+version 1.1 branch.
+
+From bb1828b6b7eb29bb037bcc687cf10f916ddc7561 Mon Sep 17 00:00:00 2001
+From: Michael Biebl <biebl@debian.org>
+Date: Thu, 22 Sep 2016 01:18:16 +0200
+Subject: [PATCH 2/2] Revert "Store credentials for RDP"
+
+This reverts commit 60dea279a24c7f0e398b89a0a60d45e80087ed1d.
+---
+ plugins/rdp/vinagre-rdp-connection.c |  22 +---
+ plugins/rdp/vinagre-rdp-plugin.c     |  29 +----
+ plugins/rdp/vinagre-rdp-tab.c        | 231 +++++++++++++++++------------------
+ 3 files changed, 123 insertions(+), 159 deletions(-)
+
+diff --git a/plugins/rdp/vinagre-rdp-connection.c b/plugins/rdp/vinagre-rdp-connection.c
+index f0ff02b..c5f6ed1 100644
+--- a/plugins/rdp/vinagre-rdp-connection.c
++++ b/plugins/rdp/vinagre-rdp-connection.c
+@@ -127,25 +127,9 @@ rdp_parse_item (VinagreConnection *conn, xmlNode *root)
+ static void
+ rdp_parse_options_widget (VinagreConnection *conn, GtkWidget *widget)
+ {
+-  const gchar *text;
+-  GtkWidget   *u_entry, *d_entry, *spin_button, *scaling_button;
+-  gboolean     scaling;
+-  guint        width, height;
+-
+-  d_entry = g_object_get_data (G_OBJECT (widget), "domain_entry");
+-  if (!d_entry)
+-    {
+-      g_warning ("Wrong widget passed to rdp_parse_options_widget()");
+-      return;
+-    }
+-
+-  text = gtk_entry_get_text (GTK_ENTRY (d_entry));
+-  vinagre_cache_prefs_set_string  ("rdp-connection", "domain", text);
+-
+-  g_object_set (conn,
+-		"domain", text != NULL && *text != '\0' ? text : NULL,
+-		NULL);
+-
++  GtkWidget *u_entry, *spin_button, *scaling_button;
++  gboolean   scaling;
++  guint      width, height;
+ 
+   u_entry = g_object_get_data (G_OBJECT (widget), "username_entry");
+   if (!u_entry)
+diff --git a/plugins/rdp/vinagre-rdp-plugin.c b/plugins/rdp/vinagre-rdp-plugin.c
+index 4751102..f41da37 100644
+--- a/plugins/rdp/vinagre-rdp-plugin.c
++++ b/plugins/rdp/vinagre-rdp-plugin.c
+@@ -100,7 +100,7 @@ vinagre_rdp_plugin_init (VinagreRdpPlugin *plugin)
+ static GtkWidget *
+ impl_get_connect_widget (VinagreProtocol *plugin, VinagreConnection *conn)
+ {
+-  GtkWidget *grid, *label, *u_entry, *d_entry, *spin_button, *check;
++  GtkWidget *grid, *label, *u_entry, *spin_button, *check;
+   gchar     *str;
+   gint       width, height;
+ 
+@@ -146,29 +146,10 @@ impl_get_connect_widget (VinagreProtocol *plugin, VinagreConnection *conn)
+   g_free (str);
+ 
+ 
+-  label = gtk_label_new_with_mnemonic (_("_Domain:"));
+-  gtk_misc_set_alignment (GTK_MISC (label), 0.0, 0.5);
+-  gtk_grid_attach (GTK_GRID (grid), label, 0, 3, 1, 1);
+-  gtk_widget_set_margin_left (label, 12);
+-
+-  d_entry = gtk_entry_new ();
+-  /* Translators: This is the tooltip for the domain field in a RDP connection */
+-  gtk_widget_set_tooltip_text (d_entry, _("Optional."));
+-  g_object_set_data (G_OBJECT (grid), "domain_entry", d_entry);
+-  gtk_grid_attach (GTK_GRID (grid), d_entry, 1, 3, 1, 1);
+-  gtk_label_set_mnemonic_widget (GTK_LABEL (label), d_entry);
+-  str = g_strdup (VINAGRE_IS_CONNECTION (conn) ?
+-		  vinagre_connection_get_domain (conn) :
+-		  vinagre_cache_prefs_get_string  ("rdp-connection", "domain", ""));
+-  gtk_entry_set_text (GTK_ENTRY (d_entry), str);
+-  gtk_entry_set_activates_default (GTK_ENTRY (d_entry), TRUE);
+-  g_free (str);
+-
+-
+   /* Host width */
+   label = gtk_label_new_with_mnemonic (_("_Width:"));
+   gtk_misc_set_alignment (GTK_MISC (label), 0.0, 0.5);
+-  gtk_grid_attach (GTK_GRID (grid), label, 0, 4, 1, 1);
++  gtk_grid_attach (GTK_GRID (grid), label, 0, 3, 1, 1);
+   gtk_widget_set_margin_left (label, 12);
+ 
+   spin_button = gtk_spin_button_new_with_range (MIN_SIZE, MAX_SIZE, 1);
+@@ -176,7 +157,7 @@ impl_get_connect_widget (VinagreProtocol *plugin, VinagreConnection *conn)
+   gtk_widget_set_tooltip_text (spin_button, _("Set width of the remote desktop"));
+   gtk_spin_button_set_value (GTK_SPIN_BUTTON (spin_button), DEFAULT_WIDTH);
+   g_object_set_data (G_OBJECT (grid), "width_spin_button", spin_button);
+-  gtk_grid_attach (GTK_GRID (grid), spin_button, 1, 4, 1, 1);
++  gtk_grid_attach (GTK_GRID (grid), spin_button, 1, 3, 1, 1);
+   gtk_label_set_mnemonic_widget (GTK_LABEL (label), spin_button);
+   width = VINAGRE_IS_CONNECTION (conn) ?
+           vinagre_connection_get_width (conn) :
+@@ -188,7 +169,7 @@ impl_get_connect_widget (VinagreProtocol *plugin, VinagreConnection *conn)
+   /* Host height */
+   label = gtk_label_new_with_mnemonic (_("_Height:"));
+   gtk_misc_set_alignment (GTK_MISC (label), 0.0, 0.5);
+-  gtk_grid_attach (GTK_GRID (grid), label, 0, 5, 1, 1);
++  gtk_grid_attach (GTK_GRID (grid), label, 0, 4, 1, 1);
+   gtk_widget_set_margin_left (label, 12);
+ 
+   spin_button = gtk_spin_button_new_with_range (MIN_SIZE, MAX_SIZE, 1);
+@@ -196,7 +177,7 @@ impl_get_connect_widget (VinagreProtocol *plugin, VinagreConnection *conn)
+   gtk_widget_set_tooltip_text (spin_button, _("Set height of the remote desktop"));
+   gtk_spin_button_set_value (GTK_SPIN_BUTTON (spin_button), DEFAULT_HEIGHT);
+   g_object_set_data (G_OBJECT (grid), "height_spin_button", spin_button);
+-  gtk_grid_attach (GTK_GRID (grid), spin_button, 1, 5, 1, 1);
++  gtk_grid_attach (GTK_GRID (grid), spin_button, 1, 4, 1, 1);
+   gtk_label_set_mnemonic_widget (GTK_LABEL (label), spin_button);
+   height = VINAGRE_IS_CONNECTION (conn) ?
+            vinagre_connection_get_height (conn) :
+diff --git a/plugins/rdp/vinagre-rdp-tab.c b/plugins/rdp/vinagre-rdp-tab.c
+index 8572bc3..f3d9c08 100644
+--- a/plugins/rdp/vinagre-rdp-tab.c
++++ b/plugins/rdp/vinagre-rdp-tab.c
+@@ -70,8 +70,6 @@ struct _VinagreRdpTabPrivate
+   gboolean         scaling;
+   double           scale;
+   double           offset_x, offset_y;
+-
+-  guint            authentication_attempts;
+ };
+ 
+ G_DEFINE_TYPE (VinagreRdpTab, vinagre_rdp_tab, VINAGRE_TYPE_TAB)
+@@ -611,7 +609,6 @@ frdp_post_connect (freerdp *instance)
+                               0, 0,
+                               gdi->width, gdi->height);
+ 
+-  vinagre_tab_save_credentials_in_keyring (VINAGRE_TAB (rdp_tab));
+   vinagre_tab_add_recent_used (VINAGRE_TAB (rdp_tab));
+   vinagre_tab_set_state (VINAGRE_TAB (rdp_tab), VINAGRE_TAB_STATE_CONNECTED);
+ 
+@@ -862,76 +859,114 @@ frdp_mouse_moved (GtkWidget      *widget,
+   return TRUE;
+ }
+ 
++static void
++entry_text_changed_cb (GtkEntry   *entry,
++                       GtkBuilder *builder)
++{
++  const gchar *text;
++  GtkWidget   *widget;
++  gsize        username_length;
++  gsize        password_length;
++
++  widget = GTK_WIDGET (gtk_builder_get_object (builder, "username_entry"));
++  text = gtk_entry_get_text (GTK_ENTRY (widget));
++  username_length = strlen (text);
++
++  widget = GTK_WIDGET (gtk_builder_get_object (builder, "password_entry"));
++  text = gtk_entry_get_text (GTK_ENTRY (widget));
++  password_length = strlen (text);
++
++  widget = GTK_WIDGET (gtk_builder_get_object (builder, "ok_button"));
++  gtk_widget_set_sensitive (widget, password_length > 0 && username_length > 0);
++}
++
+ static gboolean
+ frdp_authenticate (freerdp  *instance,
+                    char    **username,
+                    char    **password,
+                    char    **domain)
+ {
+-  VinagreTab           *tab = VINAGRE_TAB (((frdpContext *) instance->context)->rdp_tab);
+-  VinagreRdpTab        *rdp_tab = VINAGRE_RDP_TAB (tab);
+-  VinagreRdpTabPrivate *priv = rdp_tab->priv;
+-  VinagreConnection    *conn = vinagre_tab_get_conn (tab);
+-  GtkWindow            *window = GTK_WINDOW (vinagre_tab_get_window (tab));
+-  gboolean              save_in_keyring = FALSE;
+-  gchar                *keyring_domain = NULL;
+-  gchar                *keyring_username = NULL;
+-  gchar                *keyring_password = NULL;
++  VinagreTab        *tab = VINAGRE_TAB (((frdpContext *) instance->context)->rdp_tab);
++  VinagreConnection *conn = vinagre_tab_get_conn (tab);
++  const gchar       *user_name;
++  const gchar       *domain_name;
++  GtkBuilder        *builder;
++  GtkWidget         *dialog;
++  GtkWidget         *widget;
++  GtkWidget         *username_entry;
++  GtkWidget         *password_entry;
++  GtkWidget         *domain_entry;
++  gboolean           save_credential_check_visible;
++  gboolean           domain_label_visible;
++  gboolean           domain_entry_visible;
++  gint               response;
+ 
+-  priv->authentication_attempts++;
++  builder = vinagre_utils_get_builder ();
+ 
+-  if (priv->authentication_attempts == 1)
+-    {
+-      vinagre_tab_find_credentials_in_keyring (tab, &keyring_domain, &keyring_username, &keyring_password);
+-      if (keyring_password != NULL && keyring_username != NULL)
+-        {
+-          *domain = keyring_domain;
+-          *username = keyring_username;
+-          *password = keyring_password;
++  dialog = GTK_WIDGET (gtk_builder_get_object (builder, "auth_required_dialog"));
++  gtk_window_set_modal ((GtkWindow *) dialog, TRUE);
++  gtk_window_set_transient_for ((GtkWindow *) dialog, GTK_WINDOW (vinagre_tab_get_window (tab)));
+ 
+-          return TRUE;
+-        }
+-      else
+-        {
+-          g_free (keyring_domain);
+-          g_free (keyring_username);
+-          g_free (keyring_password);
+-        }
++  widget = GTK_WIDGET (gtk_builder_get_object (builder, "host_label"));
++  gtk_label_set_text (GTK_LABEL (widget), vinagre_connection_get_host (conn));
++
++  username_entry = GTK_WIDGET (gtk_builder_get_object (builder, "username_entry"));
++  password_entry = GTK_WIDGET (gtk_builder_get_object (builder, "password_entry"));
++  domain_entry = GTK_WIDGET (gtk_builder_get_object (builder, "domain_entry"));
++
++  if (*username != NULL && *username[0] != '\0')
++    {
++      gtk_entry_set_text (GTK_ENTRY (username_entry), *username);
++      gtk_widget_grab_focus (password_entry);
+     }
+ 
+-  if (vinagre_utils_request_credential (window,
+-                                        "RDP",
+-                                        vinagre_connection_get_host (conn),
+-                                        vinagre_connection_get_domain (conn),
+-                                        vinagre_connection_get_username (conn),
+-                                        TRUE,
+-                                        TRUE,
+-                                        TRUE,
+-                                        20,
+-                                        domain,
+-                                        username,
+-                                        password,
+-                                        &save_in_keyring))
++  g_signal_connect (username_entry, "changed", G_CALLBACK (entry_text_changed_cb), builder);
++  g_signal_connect (password_entry, "changed", G_CALLBACK (entry_text_changed_cb), builder);
++
++
++  widget = GTK_WIDGET (gtk_builder_get_object (builder, "save_credential_check"));
++  save_credential_check_visible = gtk_widget_get_visible (widget);
++  gtk_widget_set_visible (widget, FALSE);
++
++  widget = GTK_WIDGET (gtk_builder_get_object (builder, "domain_label"));
++  domain_label_visible = gtk_widget_get_visible (widget);
++  gtk_widget_set_visible (widget, TRUE);
++
++  domain_entry_visible = gtk_widget_get_visible (domain_entry);
++  gtk_widget_set_visible (domain_entry, TRUE);
++
++
++  response = gtk_dialog_run (GTK_DIALOG (dialog));
++  gtk_widget_hide (dialog);
++
++
++  widget = GTK_WIDGET (gtk_builder_get_object (builder, "save_credential_check"));
++  gtk_widget_set_visible (widget, save_credential_check_visible);
++
++  widget = GTK_WIDGET (gtk_builder_get_object (builder, "domain_label"));
++  gtk_widget_set_visible (widget, domain_label_visible);
++
++  gtk_widget_set_visible (domain_entry, domain_entry_visible);
++
++
++  if (response == GTK_RESPONSE_OK)
+     {
+-      if (*domain && **domain != '\0')
+-        vinagre_connection_set_domain (conn, *domain);
++      domain_name = gtk_entry_get_text (GTK_ENTRY (domain_entry));
++      if (g_strcmp0 (*domain, domain_name) != 0)
++        *domain = g_strdup (domain_name);
+ 
+-      if (*username && **username != '\0')
+-        vinagre_connection_set_username (conn, *username);
++      user_name = gtk_entry_get_text (GTK_ENTRY (username_entry));
++      if (g_strcmp0 (*username, user_name) != 0)
++        *username = g_strdup (user_name);
+ 
+-      if (*password && **password != '\0')
+-        vinagre_connection_set_password (conn, *password);
++      *password = g_strdup (gtk_entry_get_text (GTK_ENTRY (password_entry)));
+ 
+-      vinagre_tab_set_save_credentials (tab, save_in_keyring);
++      return TRUE;
+     }
+   else
+     {
+-      vinagre_tab_remove_from_notebook (tab);
+-
+       return FALSE;
+     }
+-
+-  return TRUE;
+ }
+ 
+ static BOOL
+@@ -1028,25 +1063,30 @@ frdp_changed_certificate_verify (freerdp *instance,
+ #endif
+ 
+ static void
+-init_freerdp (VinagreRdpTab *rdp_tab)
++open_freerdp (VinagreRdpTab *rdp_tab)
+ {
+   VinagreRdpTabPrivate *priv = rdp_tab->priv;
+-  rdpSettings          *settings;
+   VinagreTab           *tab = VINAGRE_TAB (rdp_tab);
+   VinagreConnection    *conn = vinagre_tab_get_conn (tab);
+-  gboolean              scaling;
+-  gchar                *hostname;
+-  gint                  width, height;
+-  gint                  port;
++  rdpSettings          *settings;
++  GtkWindow            *window = GTK_WINDOW (vinagre_tab_get_window (tab));
++  gboolean              success = TRUE;
++  gboolean              fullscreen, scaling;
++  gchar                *hostname, *username;
++  gint                  port, width, height;
+ 
+   g_object_get (conn,
+                 "port", &port,
+                 "host", &hostname,
+                 "width", &width,
+                 "height", &height,
++                "fullscreen", &fullscreen,
+                 "scaling", &scaling,
++                "username", &username,
+                 NULL);
+ 
++  priv->events = g_queue_new ();
++
+   /* Setup FreeRDP session */
+   priv->freerdp_session = freerdp_new ();
+   priv->freerdp_session->PreConnect = frdp_pre_connect;
+@@ -1111,6 +1151,17 @@ init_freerdp (VinagreRdpTab *rdp_tab)
+   settings->port = port;
+ #endif
+ 
++  /* Set username */
++  username = g_strstrip (username);
++  if (username != NULL && username[0] != '\0')
++    {
++#if HAVE_FREERDP_1_1
++      settings->Username = g_strdup (username);
++#else
++      settings->username = g_strdup (username);
++#endif
++    }
++
+   /* Set keyboard layout */
+ #if HAVE_FREERDP_1_1
+   freerdp_keyboard_init (KBD_US);
+@@ -1120,24 +1171,6 @@ init_freerdp (VinagreRdpTab *rdp_tab)
+ 
+   /* Allow font smoothing by default */
+   settings->AllowFontSmoothing = TRUE;
+-}
+-
+-static void
+-init_display (VinagreRdpTab *rdp_tab)
+-{
+-  VinagreRdpTabPrivate *priv = rdp_tab->priv;
+-  VinagreTab           *tab = VINAGRE_TAB (rdp_tab);
+-  VinagreConnection    *conn = vinagre_tab_get_conn (tab);
+-  GtkWindow            *window = GTK_WINDOW (vinagre_tab_get_window (tab));
+-  gboolean              fullscreen, scaling;
+-  gint                  width, height;
+-
+-  g_object_get (conn,
+-                "width", &width,
+-                "height", &height,
+-                "fullscreen", &fullscreen,
+-                "scaling", &scaling,
+-                NULL);
+ 
+   /* Setup display for FreeRDP session */
+   priv->display = gtk_drawing_area_new ();
+@@ -1186,54 +1219,20 @@ init_display (VinagreRdpTab *rdp_tab)
+   priv->key_release_handler_id = g_signal_connect (GTK_WIDGET (tab), "key-release-event",
+                                                    G_CALLBACK (frdp_key_pressed),
+                                                    rdp_tab);
+-}
+-
+-static void
+-open_freerdp (VinagreRdpTab *rdp_tab)
+-{
+-  VinagreRdpTabPrivate *priv = rdp_tab->priv;
+-  VinagreTab           *tab = VINAGRE_TAB (rdp_tab);
+-  GtkWindow            *window = GTK_WINDOW (vinagre_tab_get_window (tab));
+-  gboolean              success = TRUE;
+-  gboolean              authentication_error = FALSE;
+-  gboolean              cancelled = FALSE;
+-
+-  priv->events = g_queue_new ();
+-
+-  init_freerdp (rdp_tab);
+-  init_display (rdp_tab);
+-
+-  do
+-    {
+-      authentication_error = FALSE;
+ 
+-      /* Run FreeRDP session */
+-      success = freerdp_connect (priv->freerdp_session);
+-      if (!success)
+-        {
+-          authentication_error = freerdp_get_last_error (priv->freerdp_session->context) == 0x20009 ||
+-                                 freerdp_get_last_error (priv->freerdp_session->context) == 0x2000c;
+-
+-          cancelled = freerdp_get_last_error (priv->freerdp_session->context) == 0x2000b;
+-
+-          freerdp_free (priv->freerdp_session);
+-          init_freerdp (rdp_tab);
+-        }
+-    }
+-  while (!success && authentication_error);
++  /* Run FreeRDP session */
++  success = freerdp_connect (priv->freerdp_session);
+ 
+   if (!success)
+     {
+       gtk_window_unfullscreen (window);
+-      if (!cancelled)
+-        vinagre_utils_show_error_dialog (_("Error connecting to host."),
+-                                         NULL,
+-                                         window);
++      vinagre_utils_show_error_dialog (_("Error connecting to host."),
++                                       NULL,
++                                       window);
+       g_idle_add ((GSourceFunc) idle_close, rdp_tab);
+     }
+   else
+     {
+-      priv->authentication_attempts = 0;
+       priv->update_id = g_idle_add ((GSourceFunc) update, rdp_tab);
+     }
+ }
+-- 
+2.9.3
+
diff --git a/gnu/packages/patches/wget-perl-5.26.patch b/gnu/packages/patches/wget-perl-5.26.patch
new file mode 100644
index 0000000000..ee3a984daa
--- /dev/null
+++ b/gnu/packages/patches/wget-perl-5.26.patch
@@ -0,0 +1,96 @@
+This upstream commit adjusts tests for Perl 5.26.
+
+commit 7ffe93cabb181f39ad5091c31ab9f61bd940a55f
+Author: Anton Yuzhaninov <citrin+github@citrin.ru>
+Date:   Wed Apr 5 19:06:42 2017 +0300
+
+    Fix perl warnings in tests
+    
+    * tests/FTPServer.pm: Escape '{' in RE to fix warnings
+    * tests/FTPTest.pm: Likewise
+    * tests/HTTPServer.pm: Likewise
+    * tests/HTTPTest.pm: Likewise
+    * tests/Test-proxied-https-auth-keepalive.px: Likewise
+    * tests/Test-proxied-https-auth.px: Likewise
+    Escape '{' in RE to fix warnings:
+    Unescaped left brace in regex is deprecated, passed through in regex;
+    marked by <-- HERE in m/{{ <-- HERE port}}/
+
+diff --git a/tests/FTPServer.pm b/tests/FTPServer.pm
+index a5185d66..cac80942 100644
+--- a/tests/FTPServer.pm
++++ b/tests/FTPServer.pm
+@@ -589,7 +589,7 @@ sub new
+     foreach my $file (keys %{$self->{_input}})
+     {
+         my $ref = \$self->{_input}{$file}{content};
+-        $$ref =~ s/{{port}}/$self->sockport/eg;
++        $$ref =~ s/\Q{{port}}/$self->sockport/eg;
+     }
+ 
+     return $self;
+diff --git a/tests/FTPTest.pm b/tests/FTPTest.pm
+index 50385ad0..0a1c768c 100644
+--- a/tests/FTPTest.pm
++++ b/tests/FTPTest.pm
+@@ -53,7 +53,7 @@ sub _substitute_port
+ {
+     my $self = shift;
+     my $ret  = shift;
+-    $ret =~ s/{{port}}/$self->{_server}->sockport/eg;
++    $ret =~ s/\Q{{port}}/$self->{_server}->sockport/eg;
+     return $ret;
+ }
+ 
+diff --git a/tests/HTTPServer.pm b/tests/HTTPServer.pm
+index dd8ec043..78609f65 100644
+--- a/tests/HTTPServer.pm
++++ b/tests/HTTPServer.pm
+@@ -310,7 +310,7 @@ sub _substitute_port
+ {
+     my $self = shift;
+     my $ret  = shift;
+-    $ret =~ s/{{port}}/$self->sockport/eg;
++    $ret =~ s/\Q{{port}}/$self->sockport/eg;
+     return $ret;
+ }
+ 
+diff --git a/tests/HTTPTest.pm b/tests/HTTPTest.pm
+index 00f079f8..6225c7f1 100644
+--- a/tests/HTTPTest.pm
++++ b/tests/HTTPTest.pm
+@@ -47,7 +47,7 @@ sub _substitute_port
+ {
+     my $self = shift;
+     my $ret  = shift;
+-    $ret =~ s/{{port}}/$self->{_server}->sockport/eg;
++    $ret =~ s/\Q{{port}}/$self->{_server}->sockport/eg;
+     return $ret;
+ }
+ 
+diff --git a/tests/Test-proxied-https-auth-keepalive.px b/tests/Test-proxied-https-auth-keepalive.px
+index 049bebec..2a18ccfd 100755
+--- a/tests/Test-proxied-https-auth-keepalive.px
++++ b/tests/Test-proxied-https-auth-keepalive.px
+@@ -153,7 +153,7 @@ my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee"
+     . " --password=Dodgson -e https_proxy=localhost:{{port}}"
+     . " --no-check-certificate"
+     . " https://no.such.domain/needs-auth.txt";
+-$cmdline =~ s/{{port}}/$SOCKET->sockport()/e;
++$cmdline =~ s/\Q{{port}}/$SOCKET->sockport()/e;
+ 
+ if (defined $srcdir) {
+     $VALGRIND_SUPP_FILE = $srcdir . '/valgrind-suppressions-ssl';
+diff --git a/tests/Test-proxied-https-auth.px b/tests/Test-proxied-https-auth.px
+index ce4e736c..878114e7 100755
+--- a/tests/Test-proxied-https-auth.px
++++ b/tests/Test-proxied-https-auth.px
+@@ -152,7 +152,7 @@ my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee"
+     . " --password=Dodgson -e https_proxy=localhost:{{port}}"
+     . " --no-check-certificate"
+     . " https://no.such.domain/needs-auth.txt";
+-$cmdline =~ s/{{port}}/$SOCKET->sockport()/e;
++$cmdline =~ s/\Q{{port}}/$SOCKET->sockport()/e;
+ 
+ if (defined $srcdir) {
+     $VALGRIND_SUPP_FILE = $srcdir . '/valgrind-suppressions-ssl';
diff --git a/gnu/packages/patches/xf86-video-siliconmotion-fix-ftbfs.patch b/gnu/packages/patches/xf86-video-siliconmotion-fix-ftbfs.patch
new file mode 100644
index 0000000000..8aeec455d7
--- /dev/null
+++ b/gnu/packages/patches/xf86-video-siliconmotion-fix-ftbfs.patch
@@ -0,0 +1,171 @@
+From eee8fd4c489a693344da0bba14cfa54c54610b89 Mon Sep 17 00:00:00 2001
+From: Maarten Lankhorst <maarten.lankhorst@ubuntu.com>
+Date: Thu, 9 Mar 2017 13:31:34 +0200
+Subject: [PATCH] Fix build against xorg server 1.17 on certain architectures
+
+Fixes at least arm64, likely also hppa, m68k, sh4.
+
+Signed-off-by: Maarten Lankhorst <maarten.lankhorst@ubuntu.com>
+---
+ src/regsmi.h       | 18 ++++++++++++++++++
+ src/smi.h          |  2 ++
+ src/smi_driver.c   | 19 +++++++++----------
+ src/smilynx_crtc.c |  6 +++---
+ src/smilynx_hw.c   |  5 ++---
+ 5 files changed, 34 insertions(+), 16 deletions(-)
+
+diff --git a/src/regsmi.h b/src/regsmi.h
+index 5dd0320..69205ba 100644
+--- a/src/regsmi.h
++++ b/src/regsmi.h
+@@ -64,8 +64,13 @@ VGAIN8_INDEX(SMIPtr pSmi, int indexPort, int dataPort, CARD8 index)
+ 	MMIO_OUT8(pSmi->IOBase, indexPort, index);
+ 	return(MMIO_IN8(pSmi->IOBase, dataPort));
+     } else {
++#ifdef XSERVER_LIBPCIACCESS
++	pci_io_write8(pSmi->io, indexPort, index);
++	return pci_io_read8(pSmi->io, dataPort);
++#else
+ 	outb(pSmi->PIOBase + indexPort, index);
+ 	return(inb(pSmi->PIOBase + dataPort));
++#endif
+     }
+ }
+ 
+@@ -76,8 +81,13 @@ VGAOUT8_INDEX(SMIPtr pSmi, int indexPort, int dataPort, CARD8 index, CARD8 data)
+ 	MMIO_OUT8(pSmi->IOBase, indexPort, index);
+ 	MMIO_OUT8(pSmi->IOBase, dataPort, data);
+     } else {
++#ifdef XSERVER_LIBPCIACCESS
++	pci_io_write8(pSmi->io, indexPort, index);
++	pci_io_write8(pSmi->io, dataPort, data);
++#else
+ 	outb(pSmi->PIOBase + indexPort, index);
+ 	outb(pSmi->PIOBase + dataPort, data);
++#endif
+     }
+ }
+ 
+@@ -87,7 +97,11 @@ VGAIN8(SMIPtr pSmi, int port)
+     if (pSmi->IOBase) {
+ 	return(MMIO_IN8(pSmi->IOBase, port));
+     } else {
++#ifdef XSERVER_LIBPCIACCESS
++	return pci_io_read8(pSmi->io, port);
++#else
+ 	return(inb(pSmi->PIOBase + port));
++#endif
+     }
+ }
+ 
+@@ -97,7 +111,11 @@ VGAOUT8(SMIPtr pSmi, int port, CARD8 data)
+     if (pSmi->IOBase) {
+ 	MMIO_OUT8(pSmi->IOBase, port, data);
+     } else {
++#ifdef XSERVER_LIBPCIACCESS
++	pci_io_write8(pSmi->io, port, data);
++#else
+ 	outb(pSmi->PIOBase + port, data);
++#endif
+     }
+ }
+ 
+diff --git a/src/smi.h b/src/smi.h
+index 2742c8d..1f20a2d 100644
+--- a/src/smi.h
++++ b/src/smi.h
+@@ -171,6 +171,8 @@ typedef struct
+     pciVideoPtr		PciInfo;	/* PCI info vars */
+ #ifndef XSERVER_LIBPCIACCESS
+     PCITAG		PciTag;
++#else
++    struct pci_io_handle *io;
+ #endif
+     int			Chipset;	/* Chip info, set using PCI
+ 					   above */
+diff --git a/src/smi_driver.c b/src/smi_driver.c
+index 8949cae..6bdf64d 100644
+--- a/src/smi_driver.c
++++ b/src/smi_driver.c
+@@ -446,6 +446,9 @@ SMI_PreInit(ScrnInfoPtr pScrn, int flags)
+ 	pSmi->PIOBase = hwp->PIOOffset;
+ #else
+ 	pSmi->PIOBase = 0;
++#ifdef XSERVER_LIBPCIACCESS
++	pSmi->io = hwp->io;
++#endif
+ #endif
+ 
+ 	xf86ErrorFVerb(VERBLEV, "\tSMI_PreInit vgaCRIndex=%x, vgaIOBase=%x, "
+@@ -2022,16 +2025,14 @@ SMI_EnableMmio(ScrnInfoPtr pScrn)
+ 	vgaHWSetStdFuncs(hwp);
+ 
+ 	/* Enable linear mode */
+-	outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x18);
+-	tmp = inb(pSmi->PIOBase + VGA_SEQ_DATA);
++	tmp = VGAIN8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x18);
+ 	pSmi->SR18Value = tmp;					/* PDR#521 */
+-	outb(pSmi->PIOBase + VGA_SEQ_DATA, tmp | 0x11);
++	VGAOUT8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x18, tmp | 0x11);
+ 
+ 	/* Enable 2D/3D Engine and Video Processor */
+-	outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x21);
+-	tmp = inb(pSmi->PIOBase + VGA_SEQ_DATA);
++	tmp = VGAIN8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x21);
+ 	pSmi->SR21Value = tmp;					/* PDR#521 */
+-	outb(pSmi->PIOBase + VGA_SEQ_DATA, tmp & ~0x03);
++	VGAOUT8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x21, tmp & ~0x03);
+     }
+ 
+     LEAVE();
+@@ -2050,12 +2051,10 @@ SMI_DisableMmio(ScrnInfoPtr pScrn)
+ 	vgaHWSetStdFuncs(hwp);
+ 
+ 	/* Disable 2D/3D Engine and Video Processor */
+-	outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x21);
+-	outb(pSmi->PIOBase + VGA_SEQ_DATA, pSmi->SR21Value);	/* PDR#521 */
++	VGAOUT8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x21, pSmi->SR21Value);	/* PDR#521 */
+ 
+ 	/* Disable linear mode */
+-	outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x18);
+-	outb(pSmi->PIOBase + VGA_SEQ_DATA, pSmi->SR18Value);	/* PDR#521 */
++	VGAOUT8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x18, pSmi->SR18Value);	/* PDR#521 */
+     }
+ 
+     LEAVE();
+diff --git a/src/smilynx_crtc.c b/src/smilynx_crtc.c
+index fb7183c..f4d8b4e 100644
+--- a/src/smilynx_crtc.c
++++ b/src/smilynx_crtc.c
+@@ -619,9 +619,9 @@ SMILynx_CrtcModeSet_bios(xf86CrtcPtr crtc,
+     xf86ExecX86int10(pSmi->pInt10);
+ 
+     /* Enable linear mode. */
+-    outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x18);
+-    tmp = inb(pSmi->PIOBase + VGA_SEQ_DATA);
+-    outb(pSmi->PIOBase + VGA_SEQ_DATA, tmp | 0x01);
++    VGAOUT8(pSmi, VGA_SEQ_INDEX, 0x18);
++    tmp = VGAIN8(pSmi, VGA_SEQ_DATA);
++    VGAOUT8(pSmi, VGA_SEQ_DATA, tmp | 0x01);
+ 
+     /* Enable DPR/VPR registers. */
+     tmp = VGAIN8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x21);
+diff --git a/src/smilynx_hw.c b/src/smilynx_hw.c
+index b2ee8a5..40aa5a4 100644
+--- a/src/smilynx_hw.c
++++ b/src/smilynx_hw.c
+@@ -365,9 +365,8 @@ SMILynx_WriteMode(ScrnInfoPtr pScrn, vgaRegPtr vgaSavePtr, SMIRegPtr restore)
+ 	xf86ExecX86int10(pSmi->pInt10);
+ 
+ 	/* Enable linear mode. */
+-	outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x18);
+-	tmp = inb(pSmi->PIOBase + VGA_SEQ_DATA);
+-	outb(pSmi->PIOBase + VGA_SEQ_DATA, tmp | 0x01);
++	tmp = VGAIN8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x18);
++	VGAOUT8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x18, tmp | 0x01);
+ 
+ 	/* Enable DPR/VPR registers. */
+ 	tmp = VGAIN8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x21);
+-- 
+2.7.4
+
diff --git a/gnu/packages/pciutils.scm b/gnu/packages/pciutils.scm
index 7c9856468d..e428aaedb0 100644
--- a/gnu/packages/pciutils.scm
+++ b/gnu/packages/pciutils.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -30,7 +30,7 @@
 (define-public pciutils
   (package
     (name "pciutils")
-    (version "3.5.4")
+    (version "3.5.5")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -38,7 +38,7 @@
                     version ".tar.xz"))
               (sha256
                (base32
-                "0rpy7kkb2y89wmbcbfjjjxsk2x89v5xxhxib4vpl131ip5m3qab4"))))
+                "1x9rb5y82rzg8b67lh42yy9ag9xr7kzibz566lffd41g37xghqhx"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -56,12 +56,18 @@
                  ;; $prefix/share/man, and wrongly so.
                 (string-append "MANDIR := " (assoc-ref outputs "out")
                                "/share/man\n"))
+
                (("^SHARED=.*$")
                 ;; Build libpciutils.so.
                 "SHARED := yes\n")
                (("^ZLIB=.*$")
-                ;; Ask for zlib support.
-                "ZLIB := yes\n"))))
+                ;; Ask for zlib support, for 'pci.ids.gz' decompression.
+                "ZLIB := yes\n")
+
+               (("^IDSDIR=.*$")
+                ;; Installation directory of 'pci.ids.gz'.
+                "IDSDIR = $(SHAREDIR)/hwdata\n"))
+             #t))
          (replace 'install
            (lambda* (#:key outputs #:allow-other-keys)
              ;; Install the commands, library, and .pc files.
@@ -85,5 +91,6 @@
      "The PCI Utilities are a collection of programs for inspecting and
 manipulating configuration of PCI devices, all based on a common portable
 library libpci which offers access to the PCI configuration space on a variety
-of operating systems.  This includes the 'lspci' and 'setpci' commands.")
+of operating systems.  This includes the @command{lspci} and @command{setpci}
+commands.")
     (license license:gpl2+)))
diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm
index 67a8db1c73..574ae4a6ba 100644
--- a/gnu/packages/pcre.scm
+++ b/gnu/packages/pcre.scm
@@ -34,7 +34,7 @@
   (package
    (name "pcre")
    (version "8.40")
-   (replacement pcre/fixed)
+   (replacement pcre-8.41)
    (source (origin
             (method url-fetch)
             (uri (list
@@ -43,6 +43,7 @@
                                  "pcre-" version ".tar.bz2")
                   (string-append "mirror://sourceforge/pcre/pcre/"
                                  version "/pcre-" version ".tar.bz2")))
+            (patches (search-patches "pcre-CVE-2017-7186.patch"))
             (sha256
              (base32
               "1x7lpjn7jhk0n3sdvggxrlrhab8kkfjwl7qix0ypw9nlx8lpmqh0"))))
@@ -72,12 +73,20 @@ POSIX regular expression API.")
    (license license:bsd-3)
    (home-page "http://www.pcre.org/")))
 
-(define pcre/fixed
+(define pcre-8.41
   (package
     (inherit pcre)
+    (version "8.41")
     (source (origin
-              (inherit (package-source pcre))
-              (patches (search-patches "pcre-CVE-2017-7186.patch"))))))
+              (method url-fetch)
+              (uri (list (string-append "mirror://sourceforge/pcre/pcre/"
+                                        version "/pcre-" version ".tar.bz2")
+                         (string-append "ftp://ftp.csx.cam.ac.uk"
+                                        "/pub/software/programming/pcre/"
+                                        "pcre-" version ".tar.bz2")))
+              (sha256
+               (base32
+                "0c5m469p5pd7jip621ipq6hbgh7128lzh7xndllfgh77ban7wb76"))))))
 
 (define-public pcre2
   (package
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index 7b76955e23..0993543c20 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -76,15 +76,14 @@
 (define-public poppler
   (package
    (name "poppler")
-   (replacement poppler/fixed)
-   (version "0.52.0")
+   (version "0.56.0")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://poppler.freedesktop.org/poppler-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "14hrrac2f1phi5j0qn283457w06vsp9gr075yqjrm7w370bnd2sj"))))
+              "0wviayidfv2ix2ql0d4nl9r1ia6qi5kc1nybd9vjx27dk7gvm7c6"))))
    (build-system gnu-build-system)
    ;; FIXME:
    ;;  use libcurl:        no
@@ -130,23 +129,15 @@
    (license license:gpl2+)
    (home-page "https://poppler.freedesktop.org/")))
 
-(define poppler/fixed
-  (package (inherit poppler)
-  (source
-    (origin
-      (inherit (package-source poppler))
-      (patches (search-patches "poppler-fix-crash-with-broken-documents.patch"
-                               "poppler-CVE-2017-9776.patch"))))))
-
 (define-public poppler-qt4
-  (package/inherit poppler
+  (package (inherit poppler)
    (name "poppler-qt4")
    (inputs `(("qt-4" ,qt-4)
              ,@(package-inputs poppler)))
    (synopsis "Qt4 frontend for the Poppler PDF rendering library")))
 
 (define-public poppler-qt5
-  (package/inherit poppler
+  (package (inherit poppler)
    (name "poppler-qt5")
    (inputs `(("qtbase" ,qtbase)
              ,@(package-inputs poppler)))
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index 6a59e6bf86..1a96ee237b 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -1,12 +1,12 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015, 2016 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2015 Eric Dvorsak <eric@dvorsak.fr>
 ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Jochem Raat <jchmrt@riseup.net>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Coypright © 2016 ng0 <ng0@libertad.pw>
 ;;; Copyright © 2016 Alex Sassmannshausen <alex@pompo.co>
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
@@ -16,6 +16,7 @@
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Adriano Peluso <catonano@gmail.com>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -51,16 +52,16 @@
   ;; Yeah, Perl...  It is required early in the bootstrap process by Linux.
   (package
     (name "perl")
-    (replacement perl/fixed)
-    (version "5.24.0")
+    (version "5.26.0")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://cpan/src/5.0/perl-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "00jj8zr8fnihrxxhl8h936ssczv5x86qb618yz1ig40d1rp0qhvy"))
+               "0zxn9hd7mqgq06ikyi6k70ngbvjf01z1paw0jd25byyl0rlwdrzb"))
              (patches (search-patches
+                       "perl-file-path-CVE-2017-6512.patch"
                        "perl-no-sys-dirs.patch"
                        "perl-autosplit-default-time.patch"
                        "perl-deterministic-ordering.patch"
@@ -148,17 +149,6 @@
     (home-page "http://www.perl.org/")
     (license gpl1+)))                          ; or "Artistic"
 
-(define perl/fixed
-  (package
-    (inherit perl)
-    (source
-      (origin
-        (inherit (package-source perl))
-        (patches
-          (append
-            (origin-patches (package-source perl))
-            (search-patches "perl-file-path-CVE-2017-6512.patch")))))))
-
 (define-public perl-algorithm-c3
   (package
     (name "perl-algorithm-c3")
@@ -426,6 +416,8 @@ compiling the surrounding scope.")
                (base32
                 "1gl9ybm9hgia3ld5s11b7bv2p2hmx5rss5hxcfy6rmbzrjcnci01"))))
     (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)))
     ;; The optional input module Statistics::PointEstimation (from
     ;; Statistics-TTest) lists no license.
     (synopsis "Benchmarking with statistical confidence")
@@ -700,15 +692,15 @@ Perl.")
 (define-public perl-carp-clan
   (package
     (name "perl-carp-clan")
-    (version "6.04")
+    (version "6.06")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/S/ST/STBEY/"
+       (uri (string-append "mirror://cpan/authors/id/K/KE/KENTNL/"
                            "Carp-Clan-" version ".tar.gz"))
        (sha256
         (base32
-         "1v71k8s1pi16l5y579gnrg372c6pdvy6qqm6iddm8h1dx7n16bjl"))))
+         "1m6902n6s627nsvyn2vyrk29q7lh6808hsdk7ka5cirm27vchjpa"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-test-exception" ,perl-test-exception)))
@@ -801,7 +793,8 @@ the same mk_accessors interface.")
          "1zp74yv023q3macrf4rv3i82z8pkffqyhh7xk9xg8fbr63ikwqf4"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-test-exception" ,perl-test-exception)))
+     `(("perl-module-install" ,perl-module-install)
+       ("perl-test-exception" ,perl-test-exception)))
     (propagated-inputs
      `(("perl-class-xsaccessor" ,perl-class-xsaccessor)
        ("perl-module-runtime" ,perl-module-runtime)
@@ -872,7 +865,8 @@ supporting the same interface, but using Class::C3 to do the hard work.")
          "1nzav8arxll0rya7r2vp032s3acliihbb9mjlfa13rywhh77bzvl"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-test-exception" ,perl-test-exception)))
+     `(("perl-module-install" ,perl-module-install)
+       ("perl-test-exception" ,perl-test-exception)))
     (propagated-inputs
      `(("perl-class-c3" ,perl-class-c3)
        ("perl-class-inspector" ,perl-class-inspector)
@@ -967,15 +961,15 @@ to the calling program.")
 (define-public perl-class-inspector
   (package
     (name "perl-class-inspector")
-    (version "1.28")
+    (version "1.31")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/A/AD/ADAMK/"
+       (uri (string-append "mirror://cpan/authors/id/P/PL/PLICEASE/"
                            "Class-Inspector-" version ".tar.gz"))
        (sha256
         (base32
-         "04iij8dbcgaim7g109frpyf7mh4ydsd8zh53r53chk0zxnivg91w"))))
+         "1sqfjgzxx1f951fykc6vgfvys4j8rxaw2zf3jq26yrvs3ygn8pq6"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/Class-Inspector")
     (synopsis "Get information about a class and its structure")
@@ -1207,15 +1201,15 @@ as defined by two typical specimens of Perl coders.")
 (define-public perl-config-any
   (package
     (name "perl-config-any")
-    (version "0.24")
+    (version "0.32")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/B/BR/BRICAS/"
+       (uri (string-append "mirror://cpan/authors/id/H/HA/HAARG/"
                            "Config-Any-" version ".tar.gz"))
        (sha256
         (base32
-         "06n6jn3q3xhk57icwip0ihzqixxav6sgp6rrb35hahj1z748y3vi"))))
+         "0l31sg7dwh4dwwnql42hp7arkhcm15bhsgfg4i6xvbjzy9f2mnk8"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-module-pluggable" ,perl-module-pluggable)))
@@ -1297,7 +1291,7 @@ and writing of @code{.ini}-style configuration files.")
 (define-public perl-context-preserve
   (package
     (name "perl-context-preserve")
-    (version "0.01")
+    (version "0.02")
     (source
      (origin
        (method url-fetch)
@@ -1305,7 +1299,7 @@ and writing of @code{.ini}-style configuration files.")
                            "Context-Preserve-" version ".tar.gz"))
        (sha256
         (base32
-         "0gssillawjknqks81x7fg7w2x94bnyklgd8ry2pr1k6ifkjhwz46"))))
+         "0qkjj1qifr87zlfpfnn21gdyrpfgilh8zp3b53008m2ax02k87gc"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-test-exception" ,perl-test-exception)
@@ -1320,7 +1314,7 @@ the caller.")
 (define-public perl-cpan-meta-check
   (package
     (name "perl-cpan-meta-check")
-    (version "0.011")
+    (version "0.014")
     (source
      (origin
        (method url-fetch)
@@ -1328,7 +1322,7 @@ the caller.")
                            "CPAN-Meta-Check-" version ".tar.gz"))
        (sha256
         (base32
-         "0nxi0xhhd3dwhgri3l8z8gpz2ibvhm5k7jjls8xmnlh0v84p04kh"))))
+         "07rmdbz1rbnb7w33vswn1wixlyh947sqr93xrvcph1hwzhmmg818"))))
     (build-system perl-build-system)
     (native-inputs `(("perl-test-deep" ,perl-test-deep)))
     (propagated-inputs `(("perl-cpan-meta" ,perl-cpan-meta)))
@@ -1529,15 +1523,15 @@ code that, when \"eval\"ed, produces a deep copy of the original arguments.")
 (define-public perl-data-dumper-concise
   (package
     (name "perl-data-dumper-concise")
-    (version "2.022")
+    (version "2.023")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/F/FR/FREW/"
+       (uri (string-append "mirror://cpan/authors/id/E/ET/ETHER/"
                            "Data-Dumper-Concise-" version ".tar.gz"))
        (sha256
         (base32
-         "0z7vxgk1f2kw2zpiimdsyf7jq9f4s5dhh3dlimq5yrirypnk03sc"))))
+         "0lsqbl1mxhkj0qnjfa1jrvx8wwbyi81bgwfyj1si6cdg7h8jzhm6"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/Data-Dumper-Concise")
     (synopsis "Concise data dumper")
@@ -1799,7 +1793,7 @@ hours, minutes, seconds, and time zones.")
 (define-public perl-datetime
   (package
     (name "perl-datetime")
-    (version "1.18")
+    (version "1.43")
     (source
      (origin
        (method url-fetch)
@@ -1807,15 +1801,17 @@ hours, minutes, seconds, and time zones.")
                            "DateTime-" version ".tar.gz"))
        (sha256
         (base32
-         "0fli1ls298qa8nfki15myxqqqfpxvslxk4j5r3vjk577wfgjrnms"))))
+         "0xgrcqs7zza7646g81j54z3fcxb8rw11ynlfm02afr436lgfnfql"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-module-build" ,perl-module-build)
+     `(("perl-cpan-meta-check" ,perl-cpan-meta-check)
+       ("perl-module-build" ,perl-module-build)
        ("perl-test-fatal" ,perl-test-fatal)
        ("perl-test-warnings" ,perl-test-warnings)))
     (propagated-inputs
      `(("perl-datetime-locale" ,perl-datetime-locale)
        ("perl-datetime-timezone" ,perl-datetime-timezone)
+       ("perl-file-sharedir" ,perl-file-sharedir)
        ("perl-params-validate" ,perl-params-validate)
        ("perl-try-tiny" ,perl-try-tiny)))
     (home-page "http://search.cpan.org/dist/DateTime")
@@ -1852,7 +1848,7 @@ precise.")
 (define-public perl-datetime-set
   (package
     (name "perl-datetime-set")
-    (version "0.3400")
+    (version "0.3900")
     (source
      (origin
        (method url-fetch)
@@ -1860,7 +1856,7 @@ precise.")
                            "DateTime-Set-" version ".tar.gz"))
        (sha256
         (base32
-         "1b27699zkj68w5ll9chjhs52vmf39f9via6x5r5844as30qh9zxb"))))
+         "0ih9pi6myg5i26hjpmpzqn58s0yljl2qxdd6gzpy9zda4hwirx4l"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-module-build" ,perl-module-build)))
@@ -1879,7 +1875,7 @@ within a time range.")
 (define-public perl-datetime-event-ical
   (package
     (name "perl-datetime-event-ical")
-    (version "0.12")
+    (version "0.13")
     (source
      (origin
        (method url-fetch)
@@ -1887,7 +1883,7 @@ within a time range.")
                            "DateTime-Event-ICal-" version ".tar.gz"))
        (sha256
         (base32
-         "1rfrjhczfmasf7aaz8rfd89vhwjj2nkxlnirxxrmy75z10nmrpjk"))))
+         "1skmykxbrf98ldi72d5s1v6228gfdr5iy4y0gpl0xwswxy247njk"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-datetime" ,perl-datetime)
@@ -1901,7 +1897,7 @@ create DateTime::Set objects for RFC 2445 style recurrences.")
 (define-public perl-datetime-event-recurrence
   (package
     (name "perl-datetime-event-recurrence")
-    (version "0.16")
+    (version "0.19")
     (source
      (origin
        (method url-fetch)
@@ -1909,7 +1905,7 @@ create DateTime::Set objects for RFC 2445 style recurrences.")
                            "DateTime-Event-Recurrence-" version ".tar.gz"))
        (sha256
         (base32
-         "02c6ky3k26r0c8r87rcsd8gbn7rd6j2pylryin8pllnrdh9f0wiq"))))
+         "19dms2vg9hvfx80p85m8gkn2ww0yxjrjn8qsr9k7f431lj4qfh7r"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-datetime" ,perl-datetime)
@@ -1951,7 +1947,7 @@ to do this without writing reams of structural code.")
 (define-public perl-datetime-format-flexible
   (package
     (name "perl-datetime-format-flexible")
-    (version "0.26")
+    (version "0.28")
     (source
      (origin
        (method url-fetch)
@@ -1959,7 +1955,7 @@ to do this without writing reams of structural code.")
                            "DateTime-Format-Flexible-" version ".tar.gz"))
        (sha256
         (base32
-         "0gb9dsn178dpvgbbgwnaf3v2v8zy4xj36i0w5q8qbhvwx32znvj3"))))
+         "1g63zs0q2x40h29r7in50c55g6kxiw3m2faw2p6c4rg74sj2k2b5"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-datetime" ,perl-datetime)
@@ -2005,7 +2001,7 @@ order to create the appropriate objects.")
 (define-public perl-datetime-format-natural
   (package
     (name "perl-datetime-format-natural")
-    (version "1.02")
+    (version "1.05")
     (source
      (origin
        (method url-fetch)
@@ -2013,7 +2009,7 @@ order to create the appropriate objects.")
                            "DateTime-Format-Natural-" version ".tar.gz"))
        (sha256
         (base32
-         "1qq3adq1y08d0jlmwk9059s5d39hb26f3zjag099gjjyvs5c8yal"))))
+         "10ldrhz5rnpsd8qmqn1a4s0w5hhfbjrr13a93yx7kpp89g85pxqv"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-module-build" ,perl-module-build)
@@ -2038,7 +2034,7 @@ parsing logic.")
 (define-public perl-datetime-format-strptime
   (package
     (name "perl-datetime-format-strptime")
-    (version "1.56")
+    (version "1.73")
     (source
      (origin
        (method url-fetch)
@@ -2046,13 +2042,16 @@ parsing logic.")
                            "DateTime-Format-Strptime-" version ".tar.gz"))
        (sha256
         (base32
-         "0a4bszmff16rw6fz1yr4v9001q9vxrdxnxkj9sqaln83b87rvxig"))))
+         "1gmjcmvh81cla6yn2pvlkr7i25bspg90pzzsizrfb0c5xc37h1vd"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-datetime" ,perl-datetime)
        ("perl-datetime-locale" ,perl-datetime-locale)
        ("perl-datetime-timezone" ,perl-datetime-timezone)
-       ("perl-params-validate" ,perl-params-validate)))
+       ("perl-package-deprecationmanager" ,perl-package-deprecationmanager)
+       ("perl-params-validate" ,perl-params-validate)
+       ("perl-sub-name" ,perl-sub-name)
+       ("perl-test-warnings" ,perl-test-warnings)))
     (home-page "http://search.cpan.org/dist/DateTime-Format-Strptime")
     (synopsis "Parse and format strp and strf time patterns")
     (description "This module implements most of `strptime(3)`, the POSIX
@@ -2064,7 +2063,7 @@ takes a string and a pattern and returns the `DateTime` object associated.")
 (define-public perl-datetime-locale
   (package
     (name "perl-datetime-locale")
-    (version "0.45")
+    (version "1.16")
     (source
      (origin
        (method url-fetch)
@@ -2072,13 +2071,20 @@ takes a string and a pattern and returns the `DateTime` object associated.")
                            "DateTime-Locale-" version ".tar.gz"))
        (sha256
         (base32
-         "175grkrxiv012n6ch3z1sip4zprcili6m5zqi3njdk5c1gdvi8ca"))))
+         "1zkc0wggbsczbj4qadahh197imr9fa6knxr10zl241lw2i14rbyz"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-module-build" ,perl-module-build)))
+     `(("perl-file-sharedir" ,perl-file-sharedir)
+       ("perl-test-file-sharedir-dist" ,perl-test-file-sharedir-dist)
+       ("perl-test-warnings" ,perl-test-warnings)
+       ("perl-test-requires" ,perl-test-requires)
+       ("perl-namespace-autoclean" ,perl-namespace-autoclean)
+       ("perl-file-sharedir-install" ,perl-file-sharedir-install)
+       ("perl-cpan-meta-check" ,perl-cpan-meta-check)
+       ("perl-module-build" ,perl-module-build)))
     (propagated-inputs
      `(("perl-list-moreutils" ,perl-list-moreutils)
-       ("perl-params-validate" ,perl-params-validate)))
+       ("perl-params-validationcompiler" ,perl-params-validationcompiler)))
     (home-page "http://search.cpan.org/dist/DateTime-Locale")
     (synopsis "Localization support for DateTime.pm")
     (description "The DateTime::Locale modules provide localization data for
@@ -2088,7 +2094,7 @@ the DateTime.pm class.")
 (define-public perl-datetime-timezone
   (package
     (name "perl-datetime-timezone")
-    (version "1.86")
+    (version "2.13")
     (source
      (origin
        (method url-fetch)
@@ -2096,7 +2102,7 @@ the DateTime.pm class.")
                            "DateTime-TimeZone-" version ".tar.gz"))
        (sha256
         (base32
-         "1aj5liy9as7yci2s9cqv9gqna5wggah8yg2jqrc89dnrin25s26z"))))
+         "1371sk4p9clygfwxzvivfqz6q9dy8gn3n4dr1424d0xqsv63jg9k"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-test-fatal" ,perl-test-fatal)
@@ -2105,7 +2111,8 @@ the DateTime.pm class.")
      `(("perl-class-singleton" ,perl-class-singleton)
        ("perl-list-allutils" ,perl-list-allutils)
        ("perl-module-runtime" ,perl-module-runtime)
-       ("perl-params-validate" ,perl-params-validate)
+       ("perl-namespace-autoclean" ,perl-namespace-autoclean)
+       ("perl-params-validationcompiler" ,perl-params-validationcompiler)
        ("perl-try-tiny" ,perl-try-tiny)))
     (home-page "http://search.cpan.org/dist/DateTime-TimeZone")
     (synopsis "Time zone object for Perl")
@@ -2169,14 +2176,14 @@ This module parses and emits such dates.")
 (define-public perl-datetime-format-w3cdtf
   (package
     (name "perl-datetime-format-w3cdtf")
-    (version "0.06")
+    (version "0.07")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/G/GW/GWILLIAMS/"
                                   "DateTime-Format-W3CDTF-" version ".tar.gz"))
               (sha256
                (base32
-                "0ymxizwd2zfx8b4bmrmv4k439qwfwf2522jrvn4hlay5v6z459dr"))))
+                "0s32lb1k80p3b3sb7w234zgxnrmadrwbcg41lhaal7dz3dk2p839"))))
     (build-system perl-build-system)
     (inputs
      `(("perl-datetime" ,perl-datetime)))
@@ -2372,7 +2379,7 @@ providing a simple interface to this data.")
 (define-public perl-devel-stacktrace-ashtml
   (package
     (name "perl-devel-stacktrace-ashtml")
-    (version "0.14")
+    (version "0.15")
     (source
      (origin
        (method url-fetch)
@@ -2380,7 +2387,7 @@ providing a simple interface to this data.")
                            "Devel-StackTrace-AsHTML-" version ".tar.gz"))
        (sha256
         (base32
-         "0yl296y0qfwybwjgqjzd4j2w2bj5a2nz342qqgxchnf5bqynl1c9"))))
+         "0iri5nb2lb76qv5l9z0vjpfrq5j2fyclkd64kh020bvy37idp0v2"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-devel-stacktrace" ,perl-devel-stacktrace)))
@@ -2396,7 +2403,7 @@ each stack frame.")
 (define-public perl-devel-symdump
   (package
     (name "perl-devel-symdump")
-    (version "2.17")
+    (version "2.18")
     (source
      (origin
        (method url-fetch)
@@ -2404,7 +2411,7 @@ each stack frame.")
                            "Devel-Symdump-" version ".tar.gz"))
        (sha256
         (base32
-         "0qkfjk7bm7jwn9d9qaldg298zvkqh2f19fgvfh5j1rp66mwzql1c"))))
+         "1h3n0w23camhj20a97nw7v40rqa7xcxx8vkn2qjjlngm0yhq2vw2"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/Devel-Symdump")
     (synopsis "Dump symbol names or the symbol table")
@@ -2572,6 +2579,11 @@ also known as JIS 2000.")
         (base32
          "0fj4vd8iva2i0j6s2fyhwgr9afrvhr6gjlzi7805h257mmnb1m0z"))))
     (build-system perl-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'set-env
+           (lambda _ (setenv "PERL_USE_UNSAFE_INC" "1"))))))
     (home-page "http://search.cpan.org/dist/Encode-HanExtra")
     (synopsis "Additional Chinese encodings")
     (description "This Perl module provides Chinese encodings that are not
@@ -2926,15 +2938,15 @@ directories.")
 (define-public perl-file-find-rule-perl
   (package
     (name "perl-file-find-rule-perl")
-    (version "1.13")
+    (version "1.15")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/A/AD/ADAMK/"
+       (uri (string-append "mirror://cpan/authors/id/E/ET/ETHER/"
                            "File-Find-Rule-Perl-" version ".tar.gz"))
        (sha256
         (base32
-         "0xi4ppqr6r57l5xlkwxpvkvpb9p7dvz053d76v2m9pwdfxqb5v6j"))))
+         "19iy8spzrvh71x33b5yi16wjw5jjvs12jvjj0f7f3370hqzl6j4s"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-file-find-rule" ,perl-file-find-rule)
@@ -2973,19 +2985,18 @@ provide a quick dropin when such functionality is needed.")
 (define-public perl-file-homedir
   (package
     (name "perl-file-homedir")
-    (version "1.00")
+    (version "1.002")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/A/AD/ADAMK/"
+       (uri (string-append "mirror://cpan/authors/id/R/RE/REHSACK/"
                            "File-HomeDir-" version ".tar.gz"))
        (sha256
         (base32
-         "0hvihydd0y4gdxafi8dpybk9ll8q35bz5ycibfic0gh92cslzfc5"))))
+         "0x62hn8rc7ninf9nlp69h61yh21g4cbq2g81sh64cf2ify2hqk7b"))))
     (build-system perl-build-system)
     (propagated-inputs
-     `(("perl-file-which" ,perl-file-which)
-       ("perl-file-temp" ,perl-file-temp)))
+     `(("perl-file-which" ,perl-file-which)))
     (arguments `(#:tests? #f))          ;Not appropriate for chroot
     (home-page "http://search.cpan.org/dist/File-HomeDir")
     (synopsis "Find your home and other directories on any platform")
@@ -3077,15 +3088,15 @@ matching a regular expression.")
 (define-public perl-file-remove
   (package
     (name "perl-file-remove")
-    (version "1.52")
+    (version "1.57")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/A/AD/ADAMK/"
+       (uri (string-append "mirror://cpan/authors/id/S/SH/SHLOMIF/"
                            "File-Remove-" version ".tar.gz"))
        (sha256
         (base32
-         "1p8bal9qhwkjbghivxn1d5m3qdj2qwm1agrjbmakm6la9dbxqm21"))))
+         "1b814lw181kkqh6c1n4p2zlzzsq6ic5pfpr831nphf2w2rhcvgmk"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/File-Remove")
     (synopsis "Remove files and directories in Perl")
@@ -3098,7 +3109,7 @@ accepts wildcards, * and ?, as arguments for file names.")
 (define-public perl-file-sharedir
   (package
     (name "perl-file-sharedir")
-    (version "1.102")
+    (version "1.104")
     (source
      (origin
        (method url-fetch)
@@ -3106,7 +3117,7 @@ accepts wildcards, * and ?, as arguments for file names.")
                            "File-ShareDir-" version ".tar.gz"))
        (sha256
         (base32
-         "04blqn4cms9zjmhlfvwyx6mrglaaq1mmy4xwv7xqf9c8fjwk8wvw"))))
+         "1bqwhk3qfg60bkpi5b83bh93sng8jx20i3ka5sixc0prrppjidh7"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-file-sharedir-install" ,perl-file-sharedir-install)))
@@ -3122,19 +3133,40 @@ correct directory, you can use File::ShareDir to find your files again after
 the installation.")
     (license (package-license perl))))
 
+(define-public perl-file-sharedir-dist
+  (package
+    (name "perl-file-sharedir-dist")
+    (version "0.04")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/P/PL/PLICEASE/"
+                           "File-ShareDir-Dist-" version ".tar.gz"))
+       (sha256
+        (base32
+         "028vnjw3fdmwk540w3b07cmr93ap0s13ni2b4c7iv56mgyy6gfc1"))))
+    (build-system perl-build-system)
+    (home-page "http://search.cpan.org/dist/File-ShareDir-Dist")
+    (synopsis "Locate per-dist shared files")
+    (description "File::ShareDir::Dist finds share directories for
+distributions.  It is a companion module to File::ShareDir.")
+    (license (package-license perl))))
+
 (define-public perl-file-sharedir-install
   (package
     (name "perl-file-sharedir-install")
-    (version "0.10")
+    (version "0.11")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/G/GW/GWYN/"
+       (uri (string-append "mirror://cpan/authors/id/E/ET/ETHER/"
                            "File-ShareDir-Install-" version ".tar.gz"))
        (sha256
         (base32
-         "1xz60bi7x8755lq24rx7y1jkyk3icssn7s55z665mysdxhfzg2kh"))))
+         "1j0cw1aq9fdv9kl1a6fnfa4zihsvmcqzy9sb0xk0i9pyx5r8ggrj"))))
     (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-build" ,perl-module-build)))
     (home-page "http://search.cpan.org/dist/File-ShareDir-Install")
     (synopsis "Install shared files")
     (description "File::ShareDir::Install allows you to install read-only data
@@ -3259,6 +3291,8 @@ shell.")
                (base32
                 "16v61rn0yimpv5kp6b20z2f1c93n5kpsyjvr0gq4w2dc43gfvc8w"))))
     (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)))
     (home-page "http://search.cpan.org/dist/File-Zglob")
     (synopsis "Extended Unix style glob functionality")
     (description "@code{File::Zglob} provides a traditional Unix @code{glob}
@@ -3385,6 +3419,40 @@ objects, which execute a given code block when destroyed, and scoped guards,
 which are tied to the scope exit.")
     (license (package-license perl))))
 
+(define-public perl-hash-fieldhash
+  (package
+    (name "perl-hash-fieldhash")
+    (version "0.15")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/G/GF/GFUJI/"
+                           "Hash-FieldHash-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1wg8nzczfxif55j2nbymbhyd25pjy7dqs4bvd6jrcds3ll3mflaw"))))
+    (build-system perl-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'set-perl-search-path
+           (lambda _
+             ;; Work around "dotless @INC" build failure.
+             (setenv "PERL5LIB"
+                     (string-append (getcwd) ":"
+                                    (getenv "PERL5LIB")))
+             #t)))))
+    (native-inputs
+     `(("perl-module-build" ,perl-module-build)
+       ("perl-test-leaktrace" ,perl-test-leaktrace)))
+    (home-page "http://search.cpan.org/dist/Hash-FieldHash")
+    (synopsis "Lightweight field hash for inside-out objects")
+    (description "@code{Hash::FieldHash} provides the field hash mechanism
+which supports the inside-out technique.  It is an alternative to
+@code{Hash::Util::FieldHash} with a simpler interface, higher performance, and
+relic support.")
+    (license (package-license perl))))
+
 (define-public perl-hash-merge
   (package
     (name "perl-hash-merge")
@@ -3427,6 +3495,29 @@ merged.")
 that may contain multiple values per key, inspired by MultiDict of WebOb.")
     (license (package-license perl))))
 
+(define-public perl-importer
+  (package
+    (name "perl-importer")
+    (version "0.024")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "mirror://cpan/authors/id/E/EX/EXODIST/Importer-"
+                            version ".tar.gz"))
+        (sha256
+         (base32
+          "0mx50xds7iphxykbr9b0w2qki92l3gpagsdchm4ncsrnxc67c68x"))))
+    (build-system perl-build-system)
+    (home-page "http://search.cpan.org/dist/Importer/")
+    (synopsis "Alternative but compatible interface to modules that export symbols")
+    (description "This module acts as a layer between Exporter and modules which
+consume exports.  It is feature-compatible with Exporter, plus some much needed
+extras.  You can use this to import symbols from any exporter that follows
+Exporters specification.  The exporter modules themselves do not need to use or
+inherit from the Exporter module, they just need to set @EXPORT and/or other
+variables.")
+    (license (package-license perl))))
+
 (define-public perl-import-into
   (package
     (name "perl-import-into")
@@ -4066,14 +4157,14 @@ the argument to the CACHESIZE parameter, will be cached.")
 (define-public perl-mime-charset
   (package
     (name "perl-mime-charset")
-    (version "1.012")
+    (version "1.012.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/N/NE/NEZUMI/"
                                   "MIME-Charset-" version ".tar.gz"))
               (sha256
                (base32
-                "1kfc5p4g1x9c0ffhg125wvhravcviny3alwrgnhnrm2a33ad3rff"))))
+                "04qxgcg9mvia121i3zcqxgp20y0d9kg0qv6hddk93ian0af7g347"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/MIME-Charset")
     (synopsis "Charset information for MIME messages")
@@ -4130,17 +4221,16 @@ file names are added for you.")
 (define-public perl-modern-perl
   (package
     (name "perl-modern-perl")
-    (version "1.20150127")
+    (version "1.20170117")
     (source
      (origin
        (method url-fetch)
        (uri (string-append
              "mirror://cpan/authors/id/C/CH/CHROMATIC/Modern-Perl-"
-             version
-             ".tar.gz"))
+             version ".tar.gz"))
        (sha256
         (base32
-         "0iv2crfxl3xh6mq36g1gv9fr8iqq3kpbj8afxy5qi60hh7v3xhcl"))))
+         "0a1n9c04zhs1a1km1zi0d1hj78d10qv3bhxr4bdi4chnc4saiwjx"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-module-build" ,perl-module-build)))
@@ -4384,7 +4474,7 @@ from Moose::Conflicts and moose-outdated.")
 (define-public perl-module-scandeps
   (package
     (name "perl-module-scandeps")
-    (version "1.18")
+    (version "1.24")
     (source
      (origin
        (method url-fetch)
@@ -4392,7 +4482,7 @@ from Moose::Conflicts and moose-outdated.")
                            "Module-ScanDeps-" version ".tar.gz"))
        (sha256
         (base32
-         "17mbyqwd8c20nqw01hjshl524vkw8pq6y2lwndmw36xkqr945npz"))))
+         "0s6cj90ckhy351gql52ksh4ms1x8piv26iadl09fcpzkx7j0srw9"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-test-requires" ,perl-test-requires)))
@@ -4552,7 +4642,8 @@ sentences.")
          "1lkn1h4sxr1483jicsgsgzclbfw63g2i2c3m4v4j9ar75yrb0kh8"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-test-exception" ,perl-test-exception)))
+     `(("perl-module-install" ,perl-module-install)
+       ("perl-test-exception" ,perl-test-exception)))
     (propagated-inputs
      `(("perl-moose" ,perl-moose)))
     (home-page "http://search.cpan.org/dist/MooseX-Emulate-Class-Accessor-Fast")
@@ -4891,7 +4982,7 @@ prevent name clashes between packages.")
 (define-public perl-moosex-types-datetime
   (package
     (name "perl-moosex-types-datetime")
-    (version "0.10")
+    (version "0.13")
     (source
      (origin
        (method url-fetch)
@@ -4899,7 +4990,7 @@ prevent name clashes between packages.")
                            "MooseX-Types-DateTime-" version ".tar.gz"))
        (sha256
         (base32
-         "03p66rx0qj2p23n2i2rj7c7x41621jzzaxscrpg95mb3mqmravc0"))))
+         "1iir3mdvz892kbbs2q91vjxnhas7811m3d3872m7x8gn6rka57xq"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-module-build-tiny" ,perl-module-build-tiny)
@@ -5052,6 +5143,7 @@ subset of the functionality for reduced startup time.")
     (build-system perl-build-system)
     (native-inputs
      `(("perl-any-moose" ,perl-any-moose)
+       ("perl-module-install" ,perl-module-install)
        ("perl-test-fatal" ,perl-test-fatal)))
     (propagated-inputs
      `(("perl-mouse" ,perl-mouse)))
@@ -5087,15 +5179,15 @@ and libraries based on OpenSSL.")
 (define-public perl-mro-compat
   (package
     (name "perl-mro-compat")
-    (version "0.12")
+    (version "0.13")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/B/BO/BOBTFISH/"
+       (uri (string-append "mirror://cpan/authors/id/H/HA/HAARG/"
                            "MRO-Compat-" version ".tar.gz"))
        (sha256
         (base32
-         "1mhma2g83ih9f8nkmg2k9l0x6izhhbb6k5lli4rpllxad4wbk9dv"))))
+         "1y547lr6zccf7919vx01v22zsajy528psanhg5aqschrrin3nb4a"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/MRO-Compat")
     (synopsis "MRO interface compatibility for Perls < 5.9.5")
@@ -5214,6 +5306,8 @@ subroutine, which you can call with a value to be tested against.")
         (base32
          "0c8l7195bjvx0v6zmkgdnxvwg7yj2zq8hi7xd25a3iikd12dc4f6"))))
     (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)))
     (home-page "http://search.cpan.org/dist/Object-Signature")
     (synopsis "Generate cryptographic signatures for objects")
     (description "Object::Signature is an abstract base class that you can
@@ -5440,6 +5534,36 @@ checking parameters easier.")
 function call parameters to an arbitrary level of specificity.")
     (license artistic2.0)))
 
+(define-public perl-params-validationcompiler
+  (package
+    (name "perl-params-validationcompiler")
+    (version "0.24")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "mirror://cpan/authors/id/D/DR/DROLSKY/"
+                            "Params-ValidationCompiler-" version ".tar.gz"))
+        (sha256
+         (base32
+          "11s29wd7gci4c7gcksxw7pzxfzganvr8x4f1dsww4676p93kg5m8"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-test-without-module" ,perl-test-without-module)
+       ("perl-test2-bundle-extended" ,perl-test2-bundle-extended)
+       ("perl-test2-plugin-nowarnings" ,perl-test2-plugin-nowarnings)))
+    (propagated-inputs
+     `(("perl-eval-closure" ,perl-eval-closure)
+       ("perl-exception-class" ,perl-exception-class)
+       ("perl-specio" ,perl-specio)))
+    (home-page "https://github.com/houseabsolute/Params-ValidationCompiler")
+    (synopsis "Build an optimized subroutine parameter validator")
+    (description "This module creates a customized, highly efficient
+parameter checking subroutine.  It can handle named or positional
+parameters, and can return the parameters as key/value pairs or a list
+of values.  In addition to type checks, it also supports parameter
+defaults, optional parameters, and extra \"slurpy\" parameters.")
+    (license artistic2.0)))
+
 (define-public perl-par-dist
   (package
     (name "perl-par-dist")
@@ -5652,17 +5776,38 @@ can also be useful as a development and debugging tool for catching updates to
 variables that should not be changed.")
     (license (package-license perl))))
 
+(define-public perl-ref-util-xs
+  (package
+    (name "perl-ref-util-xs")
+    (version "0.116")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/X/XS/XSAWYERX/"
+                           "Ref-Util-XS-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0l5dzbd71iclv8fdjk7685rq6pbfiiydh0n70br6g9l9iy2smr6f"))))
+    (build-system perl-build-system)
+    (home-page "http://search.cpan.org/dist/Ref-Util-XS")
+    (synopsis "XS implementation for Ref::Util")
+    (description "@code{Ref::Util::XS} is the XS implementation of
+@code{Ref::Util}, which provides several functions to help identify references
+in a more convenient way than the usual approach of examining the return value
+of @code{ref}.")
+    (license x11)))
+
 (define-public perl-regexp-common
   (package
     (name "perl-regexp-common")
-    (version "2013031301")
+    (version "2017060201")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/A/AB/ABIGAIL/"
                                   "Regexp-Common-" version ".tar.gz"))
               (sha256
                (base32
-                "112wybsm0vr8yfannx6sdfvgp5vza28gjgr3pgn69ak4sac836kj"))))
+                "16q8d7mx0c4nbjrvj69jdn4q33d1k40imgxn83h11wq6xqx8a1zf"))))
     (build-system perl-build-system)
     (synopsis "Provide commonly requested regular expressions")
     (description
@@ -5677,6 +5822,27 @@ codes.")
     ;; Quad-licensed: Perl Artistic, Perl Artistic 2.0, X11, and BSD.
     (license (list (package-license perl) x11 bsd-3))))
 
+(define-public perl-regexp-util
+  (package
+    (name "perl-regexp-util")
+    (version "0.003")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/T/TO/TOBYINK/"
+                           "Regexp-Util-" version ".tar.gz"))
+       (sha256
+        (base32
+         "01n1cggiflsnp9f6adkcxzkc0qpgssz60cwnyyd8mzavh2ximr5a"))))
+    (build-system perl-build-system)
+    (home-page "http://search.cpan.org/dist/Regexp-Util")
+    (synopsis "Selection of general-utility regexp subroutines")
+    (description "This package provides a selection of regular expression
+subroutines including @code{is_regexp}, @code{regexp_seen_evals},
+@code{regexp_is_foreign}, @code{regexp_is_anchored}, @code{serialize_regexp},
+and @code{deserialize_regexp}.")
+    (license (package-license perl))))
+
 (define-public perl-role-tiny
   (package
     (name "perl-role-tiny")
@@ -5823,6 +5989,38 @@ compact.")
 arrays by one or multiple calculated keys.")
     (license (package-license perl))))
 
+(define-public perl-specio
+  (package
+    (name "perl-specio")
+    (version "0.38")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/D/DR/DROLSKY/"
+                           "Specio-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1s5xd9awwrzc94ymimjkxqs6jq513wwlmwwarxaklvg2hk4lps0l"))))
+    (build-system perl-build-system)
+    (propagated-inputs
+     `(("perl-devel-stacktrace" ,perl-devel-stacktrace)
+       ("perl-eval-closure" ,perl-eval-closure)
+       ("perl-module-runtime" ,perl-module-runtime)
+       ("perl-mro-compat" ,perl-mro-compat)
+       ("perl-role-tiny" ,perl-role-tiny)
+       ("perl-test-fatal" ,perl-test-fatal)
+       ("perl-test-needs" ,perl-test-needs)))
+    (home-page "http://search.cpan.org/dist/Specio/")
+    (synopsis "Classes for representing type constraints and coercion")
+    (description "The Specio distribution provides classes for representing type
+constraints and coercion, along with syntax sugar for declaring them.  Note that
+this is not a proper type system for Perl. Nothing in this distribution will
+magically make the Perl interpreter start checking a value's type on assignment
+to a variable. In fact, there's no built-in way to apply a type to a variable at
+all.  Instead, you can explicitly check a value against a type, and optionally
+coerce values to that type.")
+    (license artistic2.0)))
+
 (define-public perl-spiffy
   (package
     (name "perl-spiffy")
@@ -5899,6 +6097,16 @@ run from within a source-controlled directory.")
         (base32
          "17kh8nap2z5g5rqcvw0m7mvbai7wr7h0al39w8l827zhqad8ss42"))))
     (build-system perl-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'set-perl-search-path
+           (lambda _
+             ;; Work around "dotless @INC" build failure.
+             (setenv "PERL5LIB"
+                     (string-append (getcwd) ":"
+                                    (getenv "PERL5LIB")))
+             #t)))))
     (home-page "http://search.cpan.org/dist/String-CamelCase")
     (synopsis "Camelcase and de-camelcase")
     (description "This module may be used to convert from under_score text to
@@ -6015,6 +6223,27 @@ renaming exports, if they try to use them.")
 references.")
     (license (package-license perl))))
 
+(define-public perl-sub-info
+  (package
+    (name "perl-sub-info")
+    (version "0.002")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "mirror://cpan/authors/id/E/EX/EXODIST/Sub-Info-"
+                            version ".tar.gz"))
+        (sha256
+         (base32
+          "1snhrmc6gpw2zjnj7zvvqj69mlw711bxah6kk4dg5vxxjvb5cc7a"))))
+    (build-system perl-build-system)
+    (propagated-inputs
+     `(("perl-importer" ,perl-importer)))
+    (home-page "http://search.cpan.org/dist/Sub-Info/")
+    (synopsis "Tool to inspect subroutines")
+    (description "This package provides tools for inspecting subroutines
+in Perl.")
+    (license (package-license perl))))
+
 (define-public perl-sub-install
   (package
     (name "perl-sub-install")
@@ -6174,6 +6403,15 @@ of a system.")
         (base32
          "1i7kd9v8fjsqyhr4rx4a1jv7n5vfjjm1v4agb24pizh0b72p3qk7"))))
     (build-system perl-build-system)
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (add-before 'configure 'set-search-path
+                    (lambda _
+                      ;; Work around "dotless @INC" build failure.
+                      (setenv "PERL5LIB"
+                              (string-append (getcwd) ":"
+                                             (getenv "PERL5LIB")))
+                      #t)))))
     (home-page "http://search.cpan.org/dist/Task-Weaken")
     (synopsis "Ensure that a platform has weaken support")
     (description "One recurring problem in modules that use Scalar::Util's
@@ -6243,6 +6481,8 @@ processing in Perl code.")
         (base32
          "1k6g4q7snxggv5fdqnzw29al4mwbwg0hl0skzfnczh508qiyfx7j"))))
     (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)))
     (home-page "http://search.cpan.org/dist/Term-Encoding")
     (synopsis "Detect encoding of the current terminal")
     (description "Term::Encoding is a simple module to detect the encoding of
@@ -6343,6 +6583,77 @@ other terminal related features, including retrieval/modification of the
 screen size, and retrieval/modification of the control characters.")
     (license (package-license perl))))
 
+(define-public perl-term-table
+  (package
+    (name "perl-term-table")
+    (version "0.008")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "mirror://cpan/authors/id/E/EX/EXODIST/Term-Table-"
+                            version ".tar.gz"))
+        (sha256
+         (base32
+          "0gi4lyvs6n8y6hjwmflfpamfl65y7mb1g39zi0rx35nclj8xb370"))))
+    (build-system perl-build-system)
+    (propagated-inputs
+     `(("perl-importer" ,perl-importer)))
+    (home-page "http://search.cpan.org/dist/Term-Table/")
+    (synopsis "Format a header and rows into a table")
+    (description "This module is able to generically format rows of data
+into tables.")
+    (license (package-license perl))))
+
+(define-public perl-test2-bundle-extended
+  (package
+    (name "perl-test2-bundle-extended")
+    (version "0.000072")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "mirror://cpan/authors/id/E/EX/EXODIST/Test2-Suite-"
+                            version ".tar.gz"))
+        (sha256
+         (base32
+          "0hgd6n29qjh1pwqvbglm2kb852yqshmixqqjhsr2kvvibdr58qpf"))))
+    (build-system perl-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'set-env
+           (lambda _ (setenv "PERL_USE_UNSAFE_INC" "1"))))))
+    (propagated-inputs
+     `(("perl-importer" ,perl-importer)
+       ("perl-term-table" ,perl-term-table)
+       ("perl-sub-info" ,perl-sub-info)))
+    (home-page "http://search.cpan.org/~exodist/Test2-Suite/lib/Test2/Bundle/Extended.pm")
+    (synopsis "Full set of tools for Test2::Suite")
+    (description "This package provides a rich set of tools, plugins, bundles,
+etc built upon the Test2 testing library.")
+    (license (package-license perl))))
+
+(define-public perl-test2-plugin-nowarnings
+  (package
+    (name "perl-test2-plugin-nowarnings")
+    (version "0.06")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "mirror://cpan/authors/id/D/DR/DROLSKY/Test2-Plugin-NoWarnings-"
+                            version ".tar.gz"))
+        (sha256
+         (base32
+          "002qk6qsm0l6r2kaxywvc38w0yf0mlavgywq8li076pn6kcw3242"))))
+    (build-system perl-build-system)
+    (propagated-inputs
+     `(("perl-test2-bundle-extended" ,perl-test2-bundle-extended)))
+    (home-page "http://search.cpan.org/dist/Test2-Plugin-NoWarnings/")
+    (synopsis "Fail if tests warn")
+    (description "Loading this plugin causes your tests to fail if there any
+warnings while they run.  Each warning generates a new failing test and the
+warning content is outputted via diag.")
+    (license (package-license perl))))
+
 (define-public perl-test-base
   (package
     (name "perl-test-base")
@@ -6582,6 +6893,32 @@ Test::Exception.  It does much less, but should allow greater flexibility in
 testing exception-throwing code with about the same amount of typing.")
     (license (package-license perl))))
 
+(define-public perl-test-file-sharedir-dist
+  (package
+    (name "perl-test-file-sharedir-dist")
+    (version "1.001002")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "mirror://cpan/authors/id/K/KE/KENTNL/"
+                            "Test-File-ShareDir-" version ".tar.gz"))
+        (sha256
+         (base32
+          "1bbs6cx69wcinq77gif4i4pmrj8a7lwb92sgvvxzrwmjnk5lfdmk"))))
+    (build-system perl-build-system)
+    (propagated-inputs
+     `(("perl-class-tiny" ,perl-class-tiny)
+       ("perl-file-copy-recursive" ,perl-file-copy-recursive)
+       ("perl-file-sharedir" ,perl-file-sharedir)
+       ("perl-path-tiny" ,perl-path-tiny)
+       ("perl-scope-guard" ,perl-scope-guard)
+       ("perl-test-fatal" ,perl-test-fatal)))
+    (home-page "https://github.com/kentnl/Test-File-ShareDir")
+    (synopsis "Dist oriented ShareDir tester")
+    (description "This module creates a Fake ShareDir for your modules
+for testing.")
+    (license (package-license perl))))
+
 (define-public perl-test-files
   (package
     (name "perl-test-files")
@@ -6610,7 +6947,7 @@ contents of a file is equal to a particular string.")
 (define-public perl-test-harness
   (package
     (name "perl-test-harness")
-    (version "3.36")
+    (version "3.39")
     (source
      (origin
        (method url-fetch)
@@ -6618,7 +6955,7 @@ contents of a file is equal to a particular string.")
                            "Test-Harness-" version ".tar.gz"))
        (sha256
         (base32
-         "0gmnjss0hjkyiwvgby50nl5nzv254pn7fjqqdysjil21n09nymp7"))))
+         "0chiqnzmna2mglm37nzxvn9qhq2j31iwz3i9isqjs7bf3k449gb9"))))
     (build-system perl-build-system)
     (arguments
      `(#:phases (alist-cons-before
@@ -6640,15 +6977,15 @@ automatically aggregated and output to STDOUT.")
 (define-public perl-test-leaktrace
   (package
     (name "perl-test-leaktrace")
-    (version "0.15")
+    (version "0.16")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/G/GF/GFUJI/"
+       (uri (string-append "mirror://cpan/authors/id/L/LE/LEEJO/"
                            "Test-LeakTrace-" version ".tar.gz"))
        (sha256
         (base32
-         "0pp6ip012c474ibw0mwd7jgig34gf98bb8xlqk4wdvw1d65vbf7g"))))
+         "00z4hcjra5nk700f3fgpy8fs036d7ry7glpn8g3wh7jzj7nrw22z"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/Test-LeakTrace")
     (synopsis "Traces memory leaks in Perl")
@@ -6940,25 +7277,24 @@ If this fails, then rather than failing tests this skips all tests.")
 (define-public perl-test-script
   (package
     (name "perl-test-script")
-    (version "1.07")
+    (version "1.20")
     (source (origin
               (method url-fetch)
-              (uri (string-append "mirror://cpan/authors/id/A/AD/ADAMK/"
+              (uri (string-append "mirror://cpan/authors/id/P/PL/PLICEASE/"
                                   "Test-Script-" version ".tar.gz"))
               (sha256
                (base32
-                "15pb4zzsnm33msc1syhig2bk05xqc0pckmfyahdwbd177bj5w7p2"))))
+                "1msavbi6przkxq3npm90nv925v58iym9jrk677wn46x19whwzwzm"))))
     (build-system perl-build-system)
     (propagated-inputs
-     `(("probe-perl" ,perl-probe-perl)
-       ("ipc-run3"   ,perl-ipc-run3)))
+     `(("perl-capture-tiny" ,perl-capture-tiny)
+       ("perl-probe-perl" ,perl-probe-perl)))
     (synopsis "Basic cross-platform tests for scripts")
     (description
      "The intent of the Test::Script module is to provide a series of basic
 tests for 80% of the testing you will need to do for scripts in the script (or
 bin as is also commonly used) paths of your Perl distribution.")
-    (home-page (string-append "http://search.cpan.org/~adamk/"
-                              "Test-Script-" version))
+    (home-page "http://search.cpan.org/dist/Test-Script")
     (license (package-license perl))))
 
 (define-public perl-test-sharedfork
@@ -7025,18 +7361,19 @@ a minimum of effort.")
 (define-public perl-test-trap
   (package
     (name "perl-test-trap")
-    (version "v0.3.0")
+    (version "0.3.2")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "mirror://cpan/authors/id/E/EB/EBHANSSEN/"
-                           "Test-Trap-" version ".tar.gz"))
+                           "Test-Trap-v" version ".tar.gz"))
        (sha256
         (base32
-         "05b4zc4087imwphls4yksg4chzx9yavbri301gaxas9kv1yhx13w"))))
+         "0jq54pkm4s61gk8gzxglix1ff9s0m9vi6bpfv7f63lb9qq4r76rr"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-module-build" ,perl-module-build)))
+     `(("perl-module-build" ,perl-module-build)
+       ("perl-test-simple" ,perl-test-simple)))
     (propagated-inputs
      `(("perl-test-tester" ,perl-test-tester)
        ("perl-data-dump" ,perl-data-dump)))
@@ -7061,6 +7398,8 @@ from boxed blocks of test code.")
         (base32
          "0yhvf735v334qqvp9zg7i66qyk6r4cbk5s2psv93d3fdd4bindzg"))))
     (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)))
     (home-page "http://search.cpan.org/dist/Test-utf8")
     (synopsis "UTF-8 testing in Perl")
     (description "This module is a collection of tests useful for dealing with
@@ -7539,7 +7878,8 @@ $object->TIEHASH are avoided.")
          "0klg33yzb7pr9ra76s6gj5k7nravqnw2lbh022x1xwlj92f43756"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-test-pod" ,perl-test-pod)
+     `(("perl-module-install" ,perl-module-install)
+       ("perl-test-pod" ,perl-test-pod)
        ("perl-test-pod-coverage" ,perl-test-pod-coverage)))
     (home-page "http://search.cpan.org/dist/Time-Duration")
     (synopsis "English expression of durations")
@@ -7702,6 +8042,68 @@ that are designed to minimize common mistakes with eval blocks, and nothing
 else.")
     (license x11)))
 
+(define-public perl-type-tie
+  (package
+    (name "perl-type-tie")
+    (version "0.009")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/T/TO/TOBYINK/"
+                           "Type-Tie-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1wv32kd7gx4kfyvzs13y029f49qbbji991wawvarac7rlz09wpan"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-test-fatal" ,perl-test-fatal)
+       ("perl-test-requires" ,perl-test-requires)))
+    (propagated-inputs
+     `(("perl-exporter-tiny" ,perl-exporter-tiny)
+       ("perl-hash-fieldhash" ,perl-hash-fieldhash)))
+    (home-page "http://search.cpan.org/dist/Type-Tie")
+    (synopsis "Tie a variable to a type constraint")
+    (description "This module exports a single function: @code{ttie}.  It ties
+a variable to a type constraint, ensuring that whatever values stored in the
+variable will conform to the type constraint.  If the type constraint has
+coercions, these will be used if necessary to ensure values assigned to the
+variable conform.")
+    (license (package-license perl))))
+
+(define-public perl-type-tiny
+  (package
+    (name "perl-type-tiny")
+    (version "1.002001")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/T/TO/TOBYINK/"
+                           "Type-Tiny-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1p8krim8kvw123nady96fagi8sk2pj1z8jkr4r8n45ihyamfxjck"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-test-warnings" ,perl-test-warnings)))
+    (propagated-inputs
+     `(("perl-devel-lexalias" ,perl-devel-lexalias)
+       ("perl-devel-stacktrace" ,perl-devel-stacktrace)
+       ("perl-exporter-tiny" ,perl-exporter-tiny)
+       ("perl-moo" ,perl-moo)
+       ("perl-moose" ,perl-moose)
+       ("perl-mouse" ,perl-mouse)
+       ("perl-ref-util-xs" ,perl-ref-util-xs)
+       ("perl-regexp-util" ,perl-regexp-util)
+       ("perl-type-tie" ,perl-type-tie)))
+    (home-page "http://search.cpan.org/dist/Type-Tiny")
+    (synopsis "Tiny, yet Moo(se)-compatible type constraint")
+    (description "@code{Type::Tiny} is a small class for writing type
+constraints, inspired by Moose's type constraint API.  It has only one
+non-core dependency (and even that is simply a module that was previously
+distributed as part of @code{Type::Tiny} but has since been spun off), and can
+be used with Moose, Mouse and Moo (or none of the above).")
+    (license (package-license perl))))
+
 (define-public perl-types-serialiser
   (package
     (name "perl-types-serialiser")
@@ -7736,6 +8138,15 @@ common serialisation formats such as JSON or CBOR.")
         (base32
          "0v04bcyjfcfap4kfpc8q3ikq3j7s68nym4ckw3iasmmksdskmcq0"))))
     (build-system perl-build-system)
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (add-before 'configure 'set-search-path
+                    (lambda _
+                      ;; Work around "dotless @INC" build failure.
+                      (setenv "PERL5LIB"
+                              (string-append (getcwd) ":"
+                                             (getenv "PERL5LIB")))
+                      #t)))))
     (home-page "http://search.cpan.org/dist/Unicode-Normalize")
     (synopsis "Unicode normalization forms")
     (description "This Perl module provides Unicode normalization forms.")
@@ -7789,14 +8200,14 @@ defined by Annex #11 is used to determine breaking positions.")
 (define-public perl-unicode-utf8
   (package
     (name "perl-unicode-utf8")
-    (version "0.60")
+    (version "0.62")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/C/CH/CHANSEN/"
                                   "Unicode-UTF8-" version ".tar.gz"))
               (sha256
                (base32
-                "1g3fp47slsk7wbz3189kpg342lfs7lpsy570jxnx7s9v59dg5k7n"))))
+                "1xnhazbdvpyfpnxd90krzhxkvabf8fa2ji6xzlrf75j6nz8251zs"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-test-fatal" ,perl-test-fatal)
@@ -7913,6 +8324,7 @@ attribute names.")
     (build-system perl-build-system)
     (native-inputs
      `(("perl-extutils-depends" ,perl-extutils-depends)
+       ("perl-module-install" ,perl-module-install)
        ("perl-test-fatal" ,perl-test-fatal)))
     (home-page "http://search.cpan.org/dist/XS-Object-Magic")
     (synopsis "Opaque, extensible XS pointer backed objects using sv_magic")
@@ -7972,17 +8384,17 @@ and memory overhead.")
 (define-public perl-parse-yapp
   (package
     (name "perl-parse-yapp")
-    (version "1.05")
+    (version "1.2")
     (source
      (origin
        (method url-fetch)
        (uri (string-append
-             "mirror://cpan/authors/id/F/FD/FDESAR/Parse-Yapp-"
+             "mirror://cpan/authors/id/W/WB/WBRASWELL/Parse-Yapp-"
              version
              ".tar.gz"))
        (sha256
         (base32
-         "0azjqqf4m7nkfgmmj4q77vy9sdgg01wn8xxv40bq3pis93xnr2i2"))))
+         "16p4qgqg28cy76ylcf4wq1r693gqpx8xq0w32b3564i67h49zljb"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/Parse-Yapp")
     (synopsis "Generate and use LALR parsers")
diff --git a/gnu/packages/photo.scm b/gnu/packages/photo.scm
index 1811e8ad3e..2378acd975 100644
--- a/gnu/packages/photo.scm
+++ b/gnu/packages/photo.scm
@@ -65,16 +65,16 @@
 (define-public libraw
   (package
     (name "libraw")
-    (version "0.17.2")
+    (version "0.18.2")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://www.libraw.org/data/LibRaw-"
+              (uri (string-append "https://www.libraw.org/data/LibRaw-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0p6imxpsfn82i0i9w27fnzq6q6gwzvb9f7sygqqakv36fqnc9c4j"))))
+                "1imby9x88pjx4ad1frdi3bfb8dw90ccyj5pb6w3i6i0iijrnndnf"))))
     (build-system gnu-build-system)
-    (home-page "http://www.libraw.org")
+    (home-page "https://www.libraw.org")
     (synopsis "Raw image decoder")
     (description
      "LibRaw is a library for reading RAW files obtained from digital photo
@@ -255,7 +255,7 @@ overlapping images, as well as some command line tools.")
        ("help2man" ,help2man)
        ("imagemagick" ,imagemagick)
        ("libxml2" ,libxml2)
-       ("texlive-minimal" ,texlive-minimal)
+       ("texlive-minimal" ,texlive-tiny)
        ("tidy" ,tidy)
        ("transfig" ,transfig)))
     (inputs
diff --git a/gnu/packages/php.scm b/gnu/packages/php.scm
index 7d569eef3e..d0afab0931 100644
--- a/gnu/packages/php.scm
+++ b/gnu/packages/php.scm
@@ -49,10 +49,21 @@
   #:use-module (guix build-system gnu)
   #:use-module ((guix licenses) #:prefix license:))
 
+(define gd-for-php
+  (package
+    (inherit gd)
+    (source (origin
+             (inherit (package-source gd))
+             (patches 
+               (append
+                 (origin-patches (package-source gd))
+                 (search-patches "gd-CVE-2017-7890.patch")))))))
+
+
 (define-public php
   (package
     (name "php")
-    (version "7.1.6")
+    (version "7.1.8")
     (home-page "https://secure.php.net/")
     (source (origin
               (method url-fetch)
@@ -60,7 +71,7 @@
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0nr49gqhk4pv8kcdc60cl1mgwlinawpraq9ba15whzmb472lsn01"))
+                "1aramb6dm57pr2iz61id9vzfy7h5qkb6bf7dxhrwnjk0723qahw9"))
               (modules '((guix build utils)))
               (snippet
                '(with-directory-excursion "ext"
@@ -282,7 +293,7 @@
        ("curl" ,curl)
        ("cyrus-sasl" ,cyrus-sasl)
        ("freetype" ,freetype)
-       ("gd" ,gd)
+       ("gd" ,gd-for-php)
        ("gdbm" ,gdbm)
        ("glibc" ,glibc)
        ("gmp" ,gmp)
diff --git a/gnu/packages/pkg-config.scm b/gnu/packages/pkg-config.scm
index 01069d27a5..12f17f1e3c 100644
--- a/gnu/packages/pkg-config.scm
+++ b/gnu/packages/pkg-config.scm
@@ -30,7 +30,7 @@
 (define-public %pkg-config
   (package
    (name "pkg-config")
-   (version "0.29.1")
+   (version "0.29.2")
    (source (origin
             (method url-fetch)
             (uri (list
@@ -46,7 +46,7 @@
                    version ".tar.gz")))
             (sha256
              (base32
-              "00dh1jn8rbppmgbhhgqhmbh3c58b0gccy39rsjdlcma50sg3rd5y"))))
+              "14fmwzki1rlz8bs2p810lk6jqdxsk966d8drgsjmi54cd00rrikg"))))
    (build-system gnu-build-system)
    (arguments `(#:configure-flags '("--with-internal-glib")))
    (native-search-paths
diff --git a/gnu/packages/pulseaudio.scm b/gnu/packages/pulseaudio.scm
index 92ebe6f3eb..846c174fa7 100644
--- a/gnu/packages/pulseaudio.scm
+++ b/gnu/packages/pulseaudio.scm
@@ -45,13 +45,14 @@
 (define-public libsndfile
   (package
     (name "libsndfile")
-    (replacement libsndfile/fixed)
     (version "1.0.28")
     (source (origin
              (method url-fetch)
              (uri (string-append "http://www.mega-nerd.com/libsndfile/files/libsndfile-"
                                  version ".tar.gz"))
-             (patches (search-patches "libsndfile-armhf-type-checks.patch"))
+             (patches (search-patches "libsndfile-armhf-type-checks.patch"
+                                      "libsndfile-CVE-2017-8361-8363-8365.patch"
+                                      "libsndfile-CVE-2017-8362.patch"))
              (sha256
               (base32
                "1afzm7jx34jhqn32clc5xghyjglccam2728yxlx37yj2y0lkkwqz"))))
@@ -77,18 +78,6 @@ SPARC.  Hopefully the design of the library will also make it easy to extend
 for reading and writing new sound file formats.")
     (license l:gpl2+)))
 
-(define libsndfile/fixed
-  (package
-    (inherit libsndfile)
-    (source
-      (origin
-        (inherit (package-source libsndfile))
-        (patches
-          (append
-            (origin-patches (package-source libsndfile))
-            (search-patches "libsndfile-CVE-2017-8361-8363-8365.patch"
-                            "libsndfile-CVE-2017-8362.patch")))))))
-
 (define-public libsamplerate
   (package
     (name "libsamplerate")                     ; aka. Secret Rabbit Code (SRC)
diff --git a/gnu/packages/pv.scm b/gnu/packages/pv.scm
index 59a0853a0e..db6c3dd669 100644
--- a/gnu/packages/pv.scm
+++ b/gnu/packages/pv.scm
@@ -25,7 +25,7 @@
 (define-public pv
   (package
     (name "pv")
-    (version "1.6.0")
+    (version "1.6.6")
     (source
      (origin
       (method url-fetch)
@@ -33,7 +33,7 @@
                           version ".tar.bz2"))
       (sha256
        (base32
-        "13gg6r84pkvznpd1l11qw1jw9yna40gkgpni256khyx21m785khf"))))
+        "1wbk14xh9rfypiwyy68ssl8dliyji30ly70qki1y2xx3ywszk3k0"))))
     (build-system gnu-build-system)
     (home-page "https://www.ivarch.com/programs/pv.shtml")
     (synopsis "Pipeline progress indicator")
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index d110a1cb32..6fe83b2a8b 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -43,6 +43,7 @@
 ;;; Copyright © 2017 Roel Janssen <roel@gnu.org>
 ;;; Copyright © 2017 Kei Kebreau <kei@openmailbox.org>
 ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
+;;; Copyright © 2017 Muriithi Frederick Muriuki <fredmanglis@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -100,6 +101,7 @@
   #:use-module (gnu packages qt)
   #:use-module (gnu packages readline)
   #:use-module (gnu packages sdl)
+  #:use-module (gnu packages search)
   #:use-module (gnu packages shells)
   #:use-module (gnu packages ssh)
   #:use-module (gnu packages statistics)
@@ -342,8 +344,11 @@ data types.")
                (base32
                 "1c6v1n9nz4mlx9mw1125fxpmbrgniqdbbx9hnqx44maqazb2mzpf"))
               (snippet
-               '(delete-file
-                  "Lib/ctypes/test/test_win32.py")))) ; fails on aarch64
+               '(begin
+                  (for-each delete-file
+                            '("Lib/ctypes/test/test_win32.py" ; fails on aarch64
+                              "Lib/test/test_fcntl.py"))
+                  #t))))
     (arguments (substitute-keyword-arguments (package-arguments python-2)
                  ((#:tests? _) #t)))
     (native-search-paths
@@ -652,26 +657,50 @@ on localhost.")
 (define-public python-pytz
   (package
     (name "python-pytz")
-    (version "2016.10")
+    (version "2017.2")
     (source
      (origin
       (method url-fetch)
-      (uri (pypi-uri "pytz" version ".tar.bz2"))
+      (uri (pypi-uri "pytz" version ".zip"))
       (sha256
        (base32
-        "0az099cyp6p5xbsvfcdacj4hvxncbwm2ayn3h55mcp07zb2b45kh"))))
+        "12cmd3j46d2gcw08bspvp6s9icfcvx88zjz52n1bli9dyvl5dh7m"))))
     (build-system python-build-system)
-    (arguments `(#:tests? #f)) ; no test target
+    (native-inputs
+     `(("unzip" ,unzip)))
     (home-page "http://pythonhosted.org/pytz")
     (synopsis "Python timezone library")
-    (description
-     "This library allows accurate and cross platform timezone calculations
-using Python 2.4 or higher and provides access to the Olson timezone database.")
+    (description "This library brings the Olson tz database into Python.  It
+allows accurate and cross platform timezone calculations using Python 2.4 or
+higher.  It also solves the issue of ambiguous times at the end of daylight
+saving time.  Almost all of the Olson timezones are supported.")
     (license license:expat)))
 
 (define-public python2-pytz
   (package-with-python2 python-pytz))
 
+(define-public python-clyent
+  (package
+    (name "python-clyent")
+    (version "1.2.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "clyent" version))
+       (sha256
+        (base32
+         "1r9987qmy1pz3hq54160bapqsywpq14waw4w9x3ly8hmq7kpgfbj"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-mock" ,python-mock)))
+    (home-page "https://github.com/binstar/clyent")
+    (synopsis "Command line client library")
+    (description "Clyent is a Python command line utiliy library.  It is used
+by @code{binstar}, @code{binstar-build} and @code{chalmers}.")
+    (license license:bsd-3)))
+
+(define-public python2-clyent
+  (package-with-python2 python-clyent))
 
 (define-public python-babel
   (package
@@ -777,14 +806,14 @@ NetCDF files can also be read and modified.  Python-HDF4 is a fork of
 (define-public python-h5py
   (package
     (name "python-h5py")
-    (version "2.6.0")
+    (version "2.7.0")
     (source
      (origin
       (method url-fetch)
       (uri (pypi-uri "h5py" version))
       (sha256
        (base32
-        "0df46dg7i7xfking9lp221bfm8dbl974yvlrbi1w7r6m61ac7bxj"))))
+        "0433sdv6xc9p7v1xs1gvbxp7p152ywi3nplgjb258q9fvw9469br"))))
     (build-system python-build-system)
     (arguments
      `(#:tests? #f ; no test target
@@ -826,14 +855,14 @@ concepts.")
 (define-public python-netcdf4
   (package
     (name "python-netcdf4")
-    (version "1.2.7")
+    (version "1.2.9")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "netCDF4" version))
        (sha256
         (base32
-         "1fllizmnpw0zkzzm4j9pgamarlzfn3kmv9zrm0w65q1y31h9ni0c"))))
+         "1h6jq338amlbk0ilzvjyl7cck80i0bah9a5spn9in71vy2qxm7i5"))))
     (build-system python-build-system)
     (native-inputs
      `(("python-cython" ,python-cython)))
@@ -1874,7 +1903,9 @@ code introspection, and logging.")
     (propagated-inputs
      `(("python-py" ,python-py)))
     (native-inputs
-     `(("python-nose" ,python-nose)
+     `(;; Tests need the "regular" bash since 'bash-final' lacks `compgen`.
+       ("bash" ,bash)
+       ("python-nose" ,python-nose)
        ("python-mock" ,python-mock)))
     (home-page "http://pytest.org")
     (synopsis "Python testing library")
@@ -1911,9 +1942,8 @@ and many external plugins.")
                                line)))
              #t)))))
     (native-inputs
-     `(("python-nose" ,python-nose)
-       ("python-mock" ,python-mock)
-       ("python-hypothesis" ,python-hypothesis)))
+     `(("python-hypothesis" ,python-hypothesis)
+       ,@(package-native-inputs python-pytest)))
     (properties `((python2-variant . ,(delay python2-pytest-3.0))))))
 
 (define-public python2-pytest-3.0
@@ -2250,15 +2280,14 @@ protocol.")
 (define python-pbr-minimal
   (package
     (name "python-pbr-minimal")
-    (version "1.10.0")
+    (version "3.0.1")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "pbr" version))
        (sha256
         (base32
-         "177kd9kbv1hvf2ban7l3x9ymzbi1md4hkaymwbgnz7ihf312hr0q"))
-       (patches (search-patches "python-pbr-fix-man-page-support.patch"))))
+         "14fs5acnalnb3h62s7q7av239j541fk0n0z0lawh4h09b1s93s6p"))))
     (build-system python-build-system)
     (arguments
      `(#:tests? #f))
@@ -2711,6 +2740,46 @@ version numbers.")
              (propagated-inputs
               `(("python2-functools32" ,python2-functools32))))))
 
+(define-public python-schema
+  (package
+    (name "python-schema")
+    (version "0.6.6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "schema" version))
+       (sha256
+        (base32
+         "1lw28j9w9vxyigg7vkfkvi6ic9lgjkdnfvnxdr7pklslqvzmk2vm"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-pytest" ,python-pytest)))
+    (home-page "https://github.com/keleshev/schema")
+    (synopsis "Simple data validation library")
+    (description
+     "@code{python-schema} is a library for validating Python data
+structures, such as those obtained from config-files, forms, external
+services or command-line parsing, converted from JSON/YAML (or
+something else) to Python data-types.")
+    (license license:psfl)))
+
+(define-public python2-schema
+  (package-with-python2 python-schema))
+
+(define-public python-schema-0.5
+  (package (inherit python-schema)
+    (version "0.5.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "schema" version))
+       (sha256
+        (base32
+         "10zqvpaky51kgb8nd42bk7jwl8cn2zvayxjpdc1wwmpybj92x67s"))))))
+
+(define-public python2-schema-0.5
+  (package-with-python2 python-schema-0.5))
+
 (define-public python-kitchen
   (package
     (name "python-kitchen")
@@ -3121,6 +3190,36 @@ reStructuredText.")
 (define-public python2-pygments
   (package-with-python2 python-pygments))
 
+(define-public python-sphinxcontrib-websupport
+  (package
+    (name "python-sphinxcontrib-websupport")
+    (version "1.0.1")
+    (source (origin
+              (method url-fetch)
+              (uri (pypi-uri "sphinxcontrib-websupport" version))
+              (sha256
+               (base32
+                "1f9f0wjpi9nhikbyaz6d19s7qvzdf1nq2g5dsh640fma4q9rd1bs"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-mock" ,python-mock)
+       ("python-pytest" ,python-pytest)
+       ("python-xapian-bindings" ,python-xapian-bindings)))
+    ;; Needed for running the test suite
+    (native-inputs
+     `(("python-six" ,python-six)
+       ("python-jinja2" ,python-jinja2)
+       ("python-docutils" ,python-docutils)
+       ("python-sphinx" ,python-sphinx)
+       ("python-sqlalchemy" ,python-sqlalchemy)
+       ("python-whoosh" ,python-whoosh)))
+    (home-page "http://sphinx-doc.org/")
+    (synopsis "Sphinx API for web applications")
+    (description "This package provides a Python API to easily integrate
+Sphinx documentation into your web application.  It provides tools to
+integrate Sphinx documents in web templates and to handle searches.")
+    (license license:bsd-3)))
+
 (define-public python-sphinx
   (package
     (name "python-sphinx")
@@ -3165,6 +3264,36 @@ sources.")
     (license license:bsd-3)
     (properties `((python2-variant . ,(delay python2-sphinx))))))
 
+(define-public python-sphinx-1.6
+  (package (inherit python-sphinx)
+    (name "python-sphinx")
+    (version "1.6.3")
+    (source (origin
+              (method url-fetch)
+              (uri (pypi-uri "Sphinx" version))
+              (sha256
+               (base32
+                "1rj6f3i8hmrx2qlkshi5kp5xcy98dlynwlyl05yvflj5f66dp2xg"))))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (replace 'check
+           (lambda _
+             ;; Requires Internet access.
+             (delete-file "tests/test_build_linkcheck.py")
+             (substitute* "tests/test_build_latex.py"
+               (("@pytest.mark.sphinx\\('latex', testroot='images'\\)")
+                "@pytest.mark.skip()"))
+             (zero? (system* "make" "test")))))))
+    (propagated-inputs
+     `(("python-sphinxcontrib-websupport" ,python-sphinxcontrib-websupport)
+       ,@(package-propagated-inputs python-sphinx)))
+    (native-inputs
+     `(("python-pytest" ,python-pytest-3.0)
+       ("imagemagick" ,imagemagick) ; for "convert"
+       ,@(package-native-inputs python-sphinx)))
+    (properties '())))
+
 (define-public python-sphinx-1.5.3
   (package
     (inherit python-sphinx)
@@ -3348,7 +3477,7 @@ and is very extensible.")
 (define-public python-scikit-learn
   (package
     (name "python-scikit-learn")
-    (version "0.18.1")
+    (version "0.19.0")
     (source
      (origin
        (method url-fetch)
@@ -3358,7 +3487,7 @@ and is very extensible.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1hwswckdmd27f7k1jvwdc0m4mqrgxl2s245yq1scq34v124bjqgq"))))
+         "0g7q4ri75mj93wpa9bp83a3jmrf3dm5va9h7k4zkbcxr6bgqka15"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -3482,15 +3611,14 @@ is designed to have a low barrier to entry.")
 (define-public python-cython
   (package
     (name "python-cython")
-    (version "0.25.2")
+    (version "0.26")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "Cython" version))
-       (patches (search-patches "python-cython-fix-tests-32bit.patch"))
        (sha256
         (base32
-         "01h3lrf6d98j07iakifi81qjszh6faa37ibx7ylva1vsqbwx2hgi"))))
+         "0riciynnr0r68cvg6r3gbhi9x7h44pdwb7926m6n5vfs5p1f492c"))))
     (build-system python-build-system)
     ;; we need the full python package and not just the python-wrapper
     ;; because we need libpython3.3m.so
@@ -3501,7 +3629,7 @@ is designed to have a low barrier to entry.")
        (modify-phases %standard-phases
          (add-before 'check 'set-HOME
            ;; some tests require access to "$HOME/.cython"
-           (lambda _ (setenv "HOME" "/tmp")))
+           (lambda _ (setenv "HOME" "/tmp") #t))
          (replace 'check
            (lambda _ (zero? (system* "python" "runtests.py" "-vv")))))))
     (home-page "http://cython.org/")
@@ -3680,7 +3808,39 @@ association studies (GWAS) on extremely large data sets.")
        ("pkg-config" ,pkg-config)
        ("python-sphinx" ,python-sphinx)
        ("python-numpydoc" ,python-numpydoc)
-       ("texlive" ,texlive)
+       ("texlive" ,(texlive-union (list texlive-fonts-amsfonts
+                                        texlive-fonts-ec
+                                        texlive-generic-ifxetex
+                                        texlive-generic-pdftex
+                                        texlive-latex-amsfonts
+                                        texlive-latex-capt-of
+                                        texlive-latex-cmap
+                                        texlive-latex-environ
+                                        texlive-latex-eqparbox
+                                        texlive-latex-etoolbox
+                                        texlive-latex-expdlist
+                                        texlive-latex-fancyhdr
+                                        texlive-latex-fancyvrb
+                                        texlive-latex-fncychap
+                                        texlive-latex-float
+                                        texlive-latex-framed
+                                        texlive-latex-geometry
+                                        texlive-latex-graphics
+                                        texlive-latex-hyperref
+                                        texlive-latex-mdwtools
+                                        texlive-latex-multirow
+                                        texlive-latex-oberdiek
+                                        texlive-latex-parskip
+                                        texlive-latex-preview
+                                        texlive-latex-tabulary
+                                        texlive-latex-threeparttable
+                                        texlive-latex-titlesec
+                                        texlive-latex-trimspaces
+                                        texlive-latex-ucs
+                                        texlive-latex-upquote
+                                        texlive-latex-url
+                                        texlive-latex-varwidth
+                                        texlive-latex-wrapfig)))
        ("texinfo" ,texinfo)
        ("perl" ,perl)
        ("scipy-sphinx-theme"
@@ -3709,6 +3869,11 @@ association studies (GWAS) on extremely large data sets.")
                     (scipy-sphinx-theme "scipy-sphinx-theme")
                     (sphinx-theme-checkout (assoc-ref inputs scipy-sphinx-theme))
                     (pyver ,(string-append "PYVER=")))
+
+               ;; FIXME: this is needed to for texlive-union to generate
+               ;; fonts, which are not found.
+               (setenv "HOME" "/tmp")
+
                (with-directory-excursion "doc"
                  (copy-recursively sphinx-theme-checkout scipy-sphinx-theme)
                  (mkdir-p html)
@@ -3749,14 +3914,14 @@ association studies (GWAS) on extremely large data sets.")
 (define-public python-pygit2
   (package
     (name "python-pygit2")
-    (version "0.25.0")
+    (version "0.26.0")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "pygit2" version))
        (sha256
         (base32
-         "0wf5rp0fvrw7j3j18dvwjq6xqlbm611wd55aphrfpps0v1gxh3ny"))
+         "1cbc488ra3kg7r3qky17ms0szi3cda2d96qfkv1l9djsy9hnvw57"))
        (patches
         (search-patches "python-pygit2-disable-network-tests.patch"))))
     (build-system python-build-system)
@@ -3778,7 +3943,7 @@ library, libgit2 implements Git plumbing.")
 (define-public python-pyparsing
   (package
     (name "python-pyparsing")
-    (version "2.0.3")
+    (version "2.2.0")
     (source
      (origin
        (method url-fetch)
@@ -3787,31 +3952,29 @@ library, libgit2 implements Git plumbing.")
                            "/pyparsing-" version ".tar.gz"))
        (sha256
         (base32
-         "0kw4py7gn45j93q8r7bzajfrjdc3xlsn2yzln41lf9zmrghjkrq6"))))
+         "016b9gh606aa44sq92jslm89bg874ia0yyiyb643fa6dgbsbqch8"))))
     (build-system python-build-system)
     (outputs '("out" "doc"))
     (arguments
      `(#:tests? #f ; no test target
-       #:modules ((guix build python-build-system)
-                  (guix build utils))
        #:phases
-       (alist-cons-after
-        'install 'install-doc
-        (lambda* (#:key outputs #:allow-other-keys)
-          (let* ((doc (string-append (assoc-ref outputs "doc")
-                                     "/share/doc/" ,name "-" ,version))
-                 (html-doc (string-append doc "/html"))
-                 (examples (string-append doc "/examples")))
-            (mkdir-p html-doc)
-            (mkdir-p examples)
-            (for-each
-             (lambda (dir tgt)
-               (map (lambda (file)
-                      (install-file file tgt))
-                    (find-files dir ".*")))
-             (list "docs" "htmldoc" "examples")
-             (list doc html-doc examples))))
-        %standard-phases)))
+       (modify-phases %standard-phases
+         (add-after 'install 'install-doc
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((doc (string-append (assoc-ref outputs "doc")
+                                        "/share/doc/" ,name "-" ,version))
+                    (html-doc (string-append doc "/html"))
+                    (examples (string-append doc "/examples")))
+               (mkdir-p html-doc)
+               (mkdir-p examples)
+               (for-each
+                (lambda (dir tgt)
+                  (map (lambda (file)
+                         (install-file file tgt))
+                       (find-files dir ".*")))
+                (list "docs" "htmldoc" "examples")
+                (list doc html-doc examples))
+               #t))))))
     (home-page "http://pyparsing.wikispaces.com")
     (synopsis "Python parsing class library")
     (description
@@ -3954,16 +4117,14 @@ convert between colorspaces like sRGB, XYZ, CIEL*a*b*, CIECAM02, CAM02-UCS, etc.
 (define-public python-matplotlib
   (package
     (name "python-matplotlib")
-    (version "2.0.0")
+    (version "2.0.2")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append
-             "https://github.com/matplotlib/matplotlib/archive/v" version ".tar.gz"))
-       (file-name (string-append name "-" version ".tar.gz"))
+       (uri (pypi-uri "matplotlib" version))
        (sha256
         (base32
-         "0w3k5m5qb3wsd7yhvmg042xddvligklvcq2visk2c5wnph3hhsln"))))
+         "1w8z2a1l7s72p1byfz7g03wqhygqxi8w82619dqb3a1lm97w9yqg"))))
     (build-system python-build-system)
     (propagated-inputs ; the following packages are all needed at run time
      `(("python-cycler" ,python-cycler)
@@ -4199,16 +4360,14 @@ functions.")
 (define-public python-scipy
   (package
     (name "python-scipy")
-    (version "0.18.1")
+    (version "0.19.1")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "https://github.com/scipy/scipy/archive/v"
-                           version ".tar.gz"))
-       (file-name (string-append name "-" version ".tar.gz"))
+       (uri (pypi-uri "scipy" version))
        (sha256
         (base32
-         "17slsrfawjp7if6qrlx03zhgp05350ginxx8ddpw9zqx43x905sn"))))
+         "1rl411bvla6q7qfdb47fpdnyjhfgzl6smpha33n9ar1klykjr6m1"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-numpy" ,python-numpy)
@@ -4476,6 +4635,35 @@ multivalue dictionary that retains the order of insertions and deletions.")
 (define-public python2-furl
   (package-with-python2 python-furl))
 
+(define-public python-flaky
+  (package
+    (name "python-flaky")
+    (version "3.4.0")
+    (source (origin
+              (method url-fetch)
+              (uri (pypi-uri "flaky" version))
+              (sha256
+               (base32
+                "18pkmf79rfkfpy1d2rrx3v55nxj762ilyk9rvd6s6dccxw58imsa"))))
+    (build-system python-build-system)
+    (arguments
+     ;; TODO: Tests require 'coveralls' and 'genty' which are not in Guix yet.
+     '(#:tests? #f))
+    (home-page "https://github.com/box/flaky")
+    (synopsis "Automatically rerun flaky tests")
+    (description
+     "Flaky is a plugin for @code{nose} or @code{py.test} that automatically
+reruns flaky tests.
+
+Ideally, tests reliably pass or fail, but sometimes test fixtures must rely
+on components that aren't 100% reliable.  With flaky, instead of removing
+those tests or marking them to @code{@@skip}, they can be automatically
+retried.")
+    (license license:asl2.0)))
+
+(define-public python2-flaky
+  (package-with-python2 python-flaky))
+
 (define-public python-flask-babel
   (package
     (name "python-flask-babel")
@@ -4983,6 +5171,34 @@ Python language binding specification.")
 (define-public python2-drmaa
   (package-with-python2 python-drmaa))
 
+(define-public python-grako
+  (package
+    (name "python-grako")
+    (version "3.99.9")
+    (source
+     (origin
+       (method url-fetch)
+       (uri
+        (pypi-uri "grako" version ".zip"))
+       (sha256
+        (base32
+         "0r63i68wcnv63rfjkasq1ah81frz61a6mzbcnaxhrkdpx84p7hzw"))))
+    (build-system python-build-system)
+    (arguments '(#:tests? #f)) ; Test file 'grako.ebnf' is missing from archive.
+    (native-inputs
+     `(("unzip" ,unzip)
+       ("python-pytest" ,python-pytest-3.0)
+       ("python-pytest-runner" ,python-pytest-runner)))
+    (home-page "https://bitbucket.org/neogeny/grako")
+    (synopsis "EBNF parser generator")
+    (description
+     "Grako takes a grammar in a variation of EBNF as input, and outputs a
+memoizing PEG/Packrat parser in Python.")
+    (license license:bsd-3)))
+
+(define-public python2-grako
+  (package-with-python2 python-grako))
+
 (define-public python-gridmap
   (package
     (name "python-gridmap")
@@ -5014,6 +5230,53 @@ cluster without needing to write any wrapper code yourself.")
 (define-public python2-gridmap
   (package-with-python2 python-gridmap))
 
+(define-public python-honcho
+  (package
+    (name "python-honcho")
+    (version "1.0.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://github.com/nickstenning/honcho/archive/v"
+             version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0zizn61n5z5hq421hkypk9pw8s6fpxw30f4hsg7k4ivwzy3gjw9j"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-pytest" ,python-pytest-3.0)
+       ("python-mock" ,python-mock)
+       ("python-tox" ,python-tox)
+       ("which" ,which))) ;for tests
+    (propagated-inputs
+     `(("python-jinja2" ,python-jinja2)))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (delete 'check)
+         (add-after 'install 'check
+           (lambda* (#:key outputs inputs #:allow-other-keys)
+             ;; fix honcho path in testsuite
+             (substitute* "tests/conftest.py"
+               (("'honcho'") (string-append "'" (assoc-ref outputs "out")
+                                            "/bin/honcho" "'")))
+             ;; It's easier to run tests after install.
+             ;; Make installed package available for running the tests
+             (add-installed-pythonpath inputs outputs)
+             (zero? (system* "py.test" "-v")))))))
+    (home-page "https://github.com/nickstenning/honcho")
+    (synopsis "Manage Procfile-based applications")
+    (description
+      "A Procfile is a file which describes how to run an application
+consisting of serveral processes. honcho starts all listed processes.
+The output of all running processes is collected by honcho and
+displayed.")
+    (license license:expat)))
+
+(define-public python2-honcho
+  (package-with-python2 python-honcho))
+
 (define-public python-pexpect
   (package
     (name "python-pexpect")
@@ -5047,7 +5310,8 @@ cluster without needing to write any wrapper code yourself.")
      `(("python-nose" ,python-nose)
        ("python-pytest" ,python-pytest-3.0)
        ("man-db" ,man-db)
-       ("which" ,which)))
+       ("which" ,which)
+       ("bash-full" ,bash)))                 ;full Bash for 'test_replwrap.py'
     (propagated-inputs
      `(("python-ptyprocess" ,python-ptyprocess)))
     (home-page "http://pexpect.readthedocs.org/")
@@ -5425,7 +5689,40 @@ tools for mocking system commands and recording calls to those.")
        ("python-nose" ,python-nose)
        ("python-sphinx" ,python-sphinx)
        ("python-shpinx-rtd-theme" ,python-sphinx-rtd-theme)
-       ("texlive" ,texlive)
+       ;; FIXME: It's possible that a smaller union would work just as well.
+       ("texlive" ,(texlive-union (list texlive-fonts-amsfonts
+                                        texlive-fonts-ec
+                                        texlive-generic-ifxetex
+                                        texlive-generic-pdftex
+                                        texlive-latex-amsfonts
+                                        texlive-latex-capt-of
+                                        texlive-latex-cmap
+                                        texlive-latex-environ
+                                        texlive-latex-eqparbox
+                                        texlive-latex-etoolbox
+                                        texlive-latex-expdlist
+                                        texlive-latex-fancyhdr
+                                        texlive-latex-fancyvrb
+                                        texlive-latex-fncychap
+                                        texlive-latex-float
+                                        texlive-latex-framed
+                                        texlive-latex-geometry
+                                        texlive-latex-graphics
+                                        texlive-latex-hyperref
+                                        texlive-latex-mdwtools
+                                        texlive-latex-multirow
+                                        texlive-latex-oberdiek
+                                        texlive-latex-parskip
+                                        texlive-latex-preview
+                                        texlive-latex-tabulary
+                                        texlive-latex-threeparttable
+                                        texlive-latex-titlesec
+                                        texlive-latex-trimspaces
+                                        texlive-latex-ucs
+                                        texlive-latex-upquote
+                                        texlive-latex-url
+                                        texlive-latex-varwidth
+                                        texlive-latex-wrapfig)))
        ("texinfo" ,texinfo)))
     (arguments
      `(#:phases
@@ -5652,7 +5949,11 @@ features useful for text console applications.")
       (inherit python2-urwid)
       (arguments
        (append
-        '(#:phases
+        `(;; Explicitly using Python 2 is necessary due the argument list being
+          ;; built from only the 'delete-test_vterm.py' phase and python-urwid's
+          ;; package arguments, which by default assumes the use of Python 3.
+          #:python ,python-2
+          #:phases
           (modify-phases %standard-phases
             ;; Disable the vterm tests because of non-deterministic failures
             ;; with Python 2. See https://github.com/urwid/urwid/issues/230.
@@ -6045,13 +6346,13 @@ of the structure, dynamics, and functions of complex networks.")
 (define-public snakemake
   (package
     (name "snakemake")
-    (version "3.11.2")
+    (version "3.13.3")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "snakemake" version))
        (sha256
-        (base32 "0qcp7y9csvanyzh08jppryhd5di8r1z7p0d4wkfg5591pj3bb8zp"))))
+        (base32 "1nixb944r4hlskwkzc4wjs34b40xpxpw9gmhhm5p09gvmm22ap5d"))))
     (build-system python-build-system)
     (arguments
      ;; TODO: Package missing test dependencies.
@@ -6310,6 +6611,29 @@ connection to each user.")
          ("python2-singledispatch" ,python2-singledispatch)
           ,@(package-propagated-inputs tornado))))))
 
+(define-public python-tornado-http-auth
+  (package
+    (name "python-tornado-http-auth")
+    (version "1.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "tornado-http-auth" version))
+       (sha256
+        (base32
+         "0znrgqd7k2s4ia474xizi6h3061zj4sn5n6cq76bkwl3wwshifn5"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-tornado" ,python-tornado)))
+    (home-page
+     "https://github.com/gvalkov/tornado-http-auth")
+    (synopsis
+     "Digest and basic authentication module for Tornado")
+    (description
+     "Provides support for adding authentication to services using the Tornado
+web framework, either via the basic or digest authentication schemes.")
+    (license license:asl2.0)))
+
 ;; the python- version can be removed with python-3.5
 (define-public python-backports-abc
   (package
@@ -6333,6 +6657,31 @@ connection to each user.")
 (define-public python2-backports-abc
   (package-with-python2 python-backports-abc))
 
+(define-public python-backports-csv
+  (package
+    (name "python-backports-csv")
+    (version "1.0.5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "backports.csv" version))
+       (sha256
+        (base32
+         "1imzbrradkfn8s2m1qcimyn74dn1mz2p3j381jljn166rf2i6hlc"))))
+    (build-system python-build-system)
+    (home-page "https://github.com/ryanhiebert/backports.csv")
+    (synopsis "Backport of Python 3's csv module for Python 2")
+    (description
+     "Provides a  backport of Python 3's @code{csv} module for parsing
+comma separated values.  The API of the @code{csv} module in Python 2
+is drastically different from the @code{csv} module in Python 3.
+This is due, for the most part, to the difference between str in
+Python 2 and Python 3.")
+    (license license:psfl)))
+
+(define-public python2-backports-csv
+  (package-with-python2 python-backports-csv))
+
 (define-public python2-backports-shutil-get-terminal-size
   (package
     (name "python2-backports-shutil-get-terminal-size")
@@ -6993,7 +7342,7 @@ reading and writing MessagePack data.")
 (define-public python-netaddr
   (package
     (name "python-netaddr")
-    (version "0.7.18")
+    (version "0.7.19")
     (source
      (origin
        (method url-fetch)
@@ -7003,7 +7352,7 @@ reading and writing MessagePack data.")
              ".tar.gz"))
        (sha256
          (base32
-          "06dxjlbcicq7q3vqy8agq11ra01kvvd47j4mk6dmghjsyzyckxd1"))))
+          "1zdfadvpq4lmcqzr383gywxn4xyn355kj1n3lk9q2l03vmyfrbiq"))))
     (build-system python-build-system)
     (arguments `(#:tests? #f)) ;; No tests.
     (home-page "https://github.com/drkjam/netaddr/")
@@ -7388,14 +7737,14 @@ responses, rather than doing any computation.")
 (define-public python-cryptography-vectors
   (package
     (name "python-cryptography-vectors")
-    (version "1.9")
+    (version "2.0.3")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "cryptography_vectors" version))
        (sha256
         (base32
-         "1wvq1p1viam1diz9x6d61x1bsy6cninv7cjgd35x9ffig9r6gxxv"))))
+         "1qa117fs1yd50zn2cfxh7d9l999ds0z4h83m9m7j4fk6ffm33f5y"))))
     (build-system python-build-system)
     (home-page "https://github.com/pyca/cryptography")
     (synopsis "Test vectors for the cryptography package")
@@ -7410,14 +7759,14 @@ responses, rather than doing any computation.")
 (define-public python-cryptography
   (package
     (name "python-cryptography")
-    (version "1.9")
+    (version "2.0.3")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "cryptography" version))
        (sha256
         (base32
-         "10j8r1s29f4h59kp3mla14g588rm7qpn90nrczijk03i49q3662m"))))
+         "0fnck37zyvbzmccbp7w3jy27jgmij1992j5wyy3gxhw6a11b4jyh"))))
     (build-system python-build-system)
     (inputs
      `(("openssl" ,openssl)))
@@ -7459,16 +7808,14 @@ message digests and key derivation functions.")
 (define-public python-pyopenssl
   (package
     (name "python-pyopenssl")
-    (version "17.1.0")
+    (version "17.2.0")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "pyOpenSSL" version))
-       (patches
-        (search-patches "python-pyopenssl-17.1.0-test-overflow.patch"))
        (sha256
         (base32
-         "0qwmqhfsq84ydir9dz273ypmlcvs7v71m1jns0sd4k0h6lfsa82s"))))
+         "0d283g4zi0hr9papd24mjl70mi15gyzq6fx618rizi87dgipqqax"))))
     (build-system python-build-system)
     (arguments
      '(#:phases
@@ -7492,7 +7839,8 @@ message digests and key derivation functions.")
     (inputs
      `(("openssl" ,openssl)))
     (native-inputs
-     `(("python-pretend" ,python-pretend)
+     `(("python-flaky" ,python-flaky)
+       ("python-pretend" ,python-pretend)
        ("python-pytest" ,python-pytest-3.0)))
     (home-page "https://github.com/pyca/pyopenssl")
     (synopsis "Python wrapper module around the OpenSSL library")
@@ -7636,10 +7984,6 @@ Python's @code{ctypes} foreign function interface (FFI).")
   (package
     (inherit file)
     (name "python-file")
-    (source (origin
-              (inherit (package-source file))
-              ;; This patch should not be applied to python2-file.
-              (patches (search-patches "python-file-double-encoding-bug.patch"))))
     (build-system python-build-system)
     (arguments
      '(#:tests? #f                                ;no tests
@@ -7707,14 +8051,14 @@ Debian-related files, such as:
 (define-public python-nbformat
   (package
     (name "python-nbformat")
-    (version "4.1.0")
+    (version "4.3.0")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "nbformat" version))
        (sha256
         (base32
-         "0mq8iki3d4mnx7wy05phss7x98mds4fqydin8lcagidp1knw1xnv"))))
+         "12s7j4qja8b5bs1kyw5dzmrqbjxxj8wk52cyasbiqbv7fblcrssz"))))
     (build-system python-build-system)
     (arguments `(#:tests? #f)) ; no test target
     (propagated-inputs
@@ -8984,13 +9328,13 @@ processes across test runs.")
 (define-public python-icalendar
   (package
     (name "python-icalendar")
-    (version "3.11.5")
+    (version "3.11.6")
     (source (origin
              (method url-fetch)
              (uri (pypi-uri "icalendar" version))
              (sha256
               (base32
-               "0y6f2js983ag0d138xx4pzyc71gf44hyqmjsdvw6pq2xrkpj8jzk"))))
+               "1ny9mbm9zgghl612b8wc4ap52bz3kgl486d7f307gxjmlqgz3i64"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-dateutil" ,python-dateutil)
@@ -11641,53 +11985,6 @@ addresses, and phone numbers.")
        `(("python2-ipaddress" ,python2-ipaddress)
          ,@(package-propagated-inputs base))))))
 
-(define-public python-fake-factory
-  (package
-  (name "python-fake-factory")
-  (version "0.7.2")
-  (source (origin
-            (method url-fetch)
-            (uri (pypi-uri "fake-factory" version))
-            (sha256
-             (base32
-              "0vs0dkmg0dlaxf8w6q2i3k0i03gmp56ablldv7ci9x3nbadkn71g"))
-            (patches
-             (search-patches
-              "python-fake-factory-fix-build-32bit.patch"))))
-  (build-system python-build-system)
-  (arguments
-   '(#:phases
-     (modify-phases %standard-phases
-       (replace 'check
-         (lambda _
-           (zero? (system* "python" "-m" "unittest" "-v" "faker.tests")))))))
-  (native-inputs
-   `(;; For testing
-     ("python-email-validator" ,python-email-validator)
-     ("python-mock" ,python-mock)
-     ("python-ukpostcodeparser" ,python-ukpostcodeparser)))
-  (propagated-inputs
-   `(("python-dateutil" ,python-dateutil)
-     ("python-six" ,python-six)))
-  (home-page "https://github.com/joke2k/faker")
-  (synopsis "Python package that generates fake data")
-  (description
-   "Faker is a Python package that generates fake data such as names,
-addresses, and phone numbers.")
-  (license license:expat)
-  (properties `((python2-variant . ,(delay python2-fake-factory))
-                (superseded . ,python-faker)))))
-
-(define-public python2-fake-factory
-  (let ((base (package-with-python2 (strip-python2-variant
-                                     python-fake-factory))))
-    (package
-      (inherit base)
-      (properties `((superseded . ,python2-faker)))
-      (propagated-inputs
-       `(("python2-ipaddress" ,python2-ipaddress)
-         ,@(package-propagated-inputs base))))))
-
 (define-public python-pyaml
   (package
     (name "python-pyaml")
@@ -13300,7 +13597,8 @@ specs from your Flask-Restful projects.")
     (build-system python-build-system)
     (native-inputs
      `(("python-pexpect" ,python-pexpect)
-       ("tcsh" ,tcsh)))
+       ("tcsh" ,tcsh)
+       ("bash-full" ,bash)))             ;full Bash for 'test_file_completion'
     (home-page "https://github.com/kislyuk/argcomplete")
     (synopsis "Shell tab completion for Python argparse")
     (description "argcomplete provides extensible command line tab completion
@@ -13681,7 +13979,7 @@ parse many formal languages.")
 (define-public python2-cliapp
   (package
     (name "python2-cliapp")
-    (version "1.20160724")
+    (version "1.20170823")
     (source
      (origin
        (method url-fetch)
@@ -13690,7 +13988,7 @@ parse many formal languages.")
              version ".tar.gz"))
        (sha256
         (base32
-         "025cyi75vxyghbm4hav8dz4fzwksshddavy9g9fwr440awcvw74f"))))
+         "1i9gik0xrj6jmi95s5w988jl1y265baz5xm5pbqdyvsh8h9ln6yq"))))
     (build-system python-build-system)
     (arguments
      `(#:python ,python-2))
@@ -13707,7 +14005,7 @@ iterating over input files.")
 (define-public python2-ttystatus
   (package
     (name "python2-ttystatus")
-    (version "0.32")
+    (version "0.35")
     (source
      (origin
        (method url-fetch)
@@ -13716,7 +14014,7 @@ iterating over input files.")
              version ".tar.gz"))
        (sha256
         (base32
-         "0b5g889jj23r2w1hi300cdldx6jvspanp0ybf5n1qvdvl150aamf"))))
+         "0vivqbw7ddhsq1zj3g9cvvv4f0phl0pis2smsnwcr2szz2fk3hl6"))))
     (build-system python-build-system)
     (arguments
      `(#:python ,python-2))
@@ -14072,10 +14370,12 @@ Pylint has many rules enabled by default, way too much to silence them
 all on a minimally sized program.  It's highly configurable and handle
 pragmas to control it from within your code.  Additionally, it is
 possible to write plugins to add your own checks.")
+    (properties `((python2-variant . ,(delay python2-pylint))))
     (license license:gpl2+)))
 
 (define-public python2-pylint
-  (let ((pylint (package-with-python2 python-pylint)))
+  (let ((pylint (package-with-python2
+                  (strip-python2-variant python-pylint))))
     (package (inherit pylint)
              (propagated-inputs
               `(("python2-backports-functools-lru-cache"
@@ -14297,6 +14597,29 @@ pytest report.")
 (define-public python2-pytest-warnings
   (package-with-python2 python-pytest-warnings))
 
+(define-public python-pytest-capturelog
+  (package
+    (name "python-pytest-capturelog")
+    (version "0.7")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "pytest-capturelog" version ".tar.gz"))
+       (sha256
+        (base32
+         "038049nyjl7di59ycnxvc9nydivc5m8np3hqq84j2iirkccdbs5n"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("pytest" ,python-pytest-3.0)))
+    (home-page "http://bitbucket.org/memedough/pytest-capturelog/overview")
+    (synopsis "Pytest plugin to catch log messages")
+    (description
+     "Python-pytest-catchlog is a pytest plugin to catch log messages.")
+    (license license:expat)))
+
+(define-public python2-pytest-capturelog
+  (package-with-python2 python-pytest-capturelog))
+
 (define-public python-pytest-catchlog
   (package
     (name "python-pytest-catchlog")
@@ -15173,6 +15496,49 @@ by path in a JSON document (see RFC 6901).")
 (define-public python2-jsonpointer
   (package-with-python2 python-jsonpointer))
 
+(define-public python-jsonpatch
+  (package
+    (name "python-jsonpatch")
+    (version "1.16")
+    (source
+     (origin
+       (method url-fetch)
+       ;; pypi version lacks tests.js
+       (uri (string-append "https://github.com/stefankoegl/python-json-patch/"
+                           "archive/v" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "085ykisl8v7mv9h7hvhdy3l2fjzs4214gx32r5k6nx4f76hbv6y5"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-jsonpointer" ,python-jsonpointer)))
+    (home-page "https://github.com/stefankoegl/python-json-patch")
+    (synopsis "Applying JSON Patches in Python 2.6+ and 3.x")
+    (description "@code{jsonpatch} is a library and program that allows
+applying JSON Patches according to RFC 6902.")
+    (license license:bsd-3)))
+
+(define-public python2-jsonpatch
+  (package-with-python2 python-jsonpatch))
+
+(define-public python-jsonpatch-0.4
+  (package (inherit python-jsonpatch)
+    (name "python-jsonpatch")
+    (version "0.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/stefankoegl/python-json-patch/"
+                           "archive/v" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0j0cd9z9zyp8kppp464jxrfgrnbgkzl1yi10i5gsv8yz6d95929d"))))))
+
+(define-public python2-jsonpatch-0.4
+  (package-with-python2 python-jsonpatch-0.4))
+
 (define-public python-rfc3987
   (package
     (name "python-rfc3987")
@@ -15247,14 +15613,14 @@ address is valid and really exists.")
 (define-public python-marshmallow
   (package
     (name "python-marshmallow")
-    (version "3.0.0b2")
+    (version "3.0.0b3")
     (source
      (origin
       (method url-fetch)
       (uri (pypi-uri "marshmallow" version))
       (sha256
        (base32
-        "11bnpvfdbczr74177p295zbkdrax2cahvbj5bqhhlprgz2xxi5d9"))))
+        "07mcrij1yvk85lvgx44wwr9pc80xryghvlgayb057g1cazcypysd"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-dateutil" ,python-dateutil)
@@ -15549,3 +15915,53 @@ pure Python module.")
 
 (define-public python2-rencode
   (package-with-python2 python-rencode))
+
+(define-public python-flask-principal
+  (package
+    (name "python-flask-principal")
+    (version "0.4.0")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (pypi-uri "Flask-Principal" version))
+        (sha256
+          (base32
+           "0lwlr5smz8vfm5h9a9i7da3q1c24xqc6vm9jdywdpgxfbi5i7mpm"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-blinker" ,python-blinker)))
+    (native-inputs
+     `(("python-flask" ,python-flask)
+       ("python-nose" ,python-nose)))
+    (home-page "http://packages.python.org/Flask-Principal/")
+    (synopsis "Identity management for Flask")
+    (description "@code{flask_principal} is a identity management library for
+Flask.  It supports managing both authentication and authorization data in a
+thread-local variable.")
+    (license license:expat)))
+
+(define-public python2-flask-principal
+  (package-with-python2 python-flask-principal))
+
+(define-public python-flask-httpauth
+  (package
+    (name "python-flask-httpauth")
+    (version "3.2.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "Flask-HTTPAuth" version))
+       (sha256
+        (base32
+         "13gff5w1mqpzm5nccyg02v3ifb9ifqh5k866cssjhghhg6msfjsz"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-flask" ,python-flask)))
+    (home-page "http://github.com/miguelgrinberg/flask-httpauth/")
+    (synopsis "Basic and Digest HTTP authentication for Flask routes")
+    (description "@code{flask_httpauth} provides Basic and Digest HTTP
+authentication for Flask routes.")
+    (license license:expat)))
+
+(define-public python2-flask-httpauth
+  (package-with-python2 python-flask-httpauth))
diff --git a/gnu/packages/qt.scm b/gnu/packages/qt.scm
index 65067efe75..3e3588a505 100644
--- a/gnu/packages/qt.scm
+++ b/gnu/packages/qt.scm
@@ -5,6 +5,8 @@
 ;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016, 2017 ng0 <ng0@libertad.pw>
 ;;; Copyright © 2016 Thomas Danckaert <post@thomasdanckaert.be>
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 Quiliro <quiliro@fsfla.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -28,6 +30,7 @@
   #:use-module (guix build utils)
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
+  #:use-module (guix build-system trivial)
   #:use-module (guix packages)
   #:use-module (guix utils)
   #:use-module (gnu packages)
@@ -1374,6 +1377,109 @@ contain over 620 classes.")
            (inputs
             `(("python" ,python-2)))))
 
+(define-public qscintilla
+  (package
+    (name "qscintilla")
+    (version "2.10.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://sourceforge/pyqt/QScintilla2/"
+                                  "QScintilla-" version "/QScintilla_gpl-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "0r7s7ndblv3jc0xig1y4l64b6mfr879cdv3zwdndn27rj6fqmycp"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (chdir "Qt4Qt5")
+               (substitute* "qscintilla.pro"
+                 (("\\$\\$\\[QT_INSTALL_LIBS\\]")
+                  (string-append out "/lib"))
+                 (("\\$\\$\\[QT_INSTALL_HEADERS\\]")
+                  (string-append out "/include"))
+                 (("\\$\\$\\[QT_INSTALL_TRANSLATIONS\\]")
+                  (string-append out "/translations"))
+                 (("\\$\\$\\[QT_INSTALL_DATA\\]") out)
+                 (("\\$\\$\\[QT_HOST_DATA\\]") out))
+               (zero? (system* "qmake"))))))))
+    (native-inputs `(("qtbase" ,qtbase)))
+    (home-page "http://www.riverbankcomputing.co.uk/software/qscintilla/intro")
+    (synopsis "Qt port of the Scintilla C++ editor control")
+    (description "QScintilla is a port to Qt of Neil Hodgson's Scintilla C++
+editor control.  QScintilla includes features especially useful when editing
+and debugging source code.  These include support for syntax styling, error
+indicators, code completion and call tips.")
+    (license license:gpl3+)))
+
+(define-public python-qscintilla
+  (package (inherit qscintilla)
+    (name "python-qscintilla")
+    (arguments
+     `(#:configure-flags
+       (list "--pyqt=PyQt5"
+             (string-append "--pyqt-sipdir="
+                            (assoc-ref %build-inputs "python-pyqt")
+                            "/share/sip")
+             (string-append "--qsci-incdir="
+                            (assoc-ref %build-inputs "qscintilla")
+                            "/include")
+             (string-append "--qsci-libdir="
+                            (assoc-ref %build-inputs "qscintilla")
+                            "/lib"))
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda* (#:key outputs configure-flags #:allow-other-keys)
+             (chdir "Python")
+             (and (zero? (apply system* "python3" "configure.py"
+                                configure-flags))
+                  ;; Install to the right directory
+                  (begin
+                    (substitute* '("Makefile"
+                                   "Qsci/Makefile")
+                      (("\\$\\(INSTALL_ROOT\\)/gnu/store/[^/]+")
+                       (assoc-ref outputs "out")))
+                    #t)))))))
+    (inputs
+     `(("qscintilla" ,qscintilla)
+       ("python" ,python)
+       ("python-pyqt" ,python-pyqt)))
+    (description "QScintilla is a port to Qt of Neil Hodgson's Scintilla C++
+editor control.  QScintilla includes features especially useful when editing
+and debugging source code.  These include support for syntax styling, error
+indicators, code completion and call tips.
+
+This package provides the Python bindings.")))
+
+;; PyQt only looks for modules in its own directory.  It ignores environment
+;; variables such as PYTHONPATH, so we need to build a union package to make
+;; it work.
+(define-public python-pyqt+qscintilla
+  (package (inherit python-pyqt)
+    (name "python-pyqt+qscintilla")
+    (source #f)
+    (build-system trivial-build-system)
+    (arguments
+     '(#:modules ((guix build union))
+       #:builder (begin
+                   (use-modules (ice-9 match)
+                                (guix build union))
+                   (match %build-inputs
+                     (((names . directories) ...)
+                      (union-build (assoc-ref %outputs "out")
+                                   directories))))))
+    (inputs
+     `(("python-pyqt" ,python-pyqt)
+       ("python-qscintilla" ,python-qscintilla)))
+    (synopsis "Union of PyQt and the Qscintilla extension")
+    (description
+     "This package contains the union of PyQt and the Qscintilla extension.")))
+
 (define-public qtkeychain
   (package
     (name "qtkeychain")
diff --git a/gnu/packages/rails.scm b/gnu/packages/rails.scm
index cee6b2ca5c..7f171eaa6e 100644
--- a/gnu/packages/rails.scm
+++ b/gnu/packages/rails.scm
@@ -66,14 +66,14 @@ migration.")
 (define-public ruby-debug-inspector
   (package
     (name "ruby-debug-inspector")
-    (version "0.0.2")
+    (version "0.0.3")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "debug_inspector" version))
        (sha256
         (base32
-         "109761g00dbrw5q0dfnbqg8blfm699z4jj70l4zrgf9mzn7ii50m"))))
+         "0vxr0xa1mfbkfcrn71n7c4f2dj7la5hvphn904vh20j3x4j5lrx0"))))
     (build-system ruby-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/rdesktop.scm b/gnu/packages/rdesktop.scm
index 3eb82f22f3..65d17de637 100644
--- a/gnu/packages/rdesktop.scm
+++ b/gnu/packages/rdesktop.scm
@@ -26,7 +26,9 @@
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages cups)
+  #:use-module (gnu packages docbook)
   #:use-module (gnu packages gstreamer)
+  #:use-module (gnu packages image)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages pulseaudio)
@@ -70,61 +72,65 @@ to remotely control a user's Windows desktop.")
     (license license:gpl3+)))
 
 (define-public freerdp
-  (package
-    (name "freerdp")
-    (version "1.2.0-beta1+android9")
-    (source (origin
-              (method git-fetch)
-              (uri (git-reference
-                    (url "git://github.com/FreeRDP/FreeRDP.git")
-                    (commit version)))
-              (file-name (git-file-name name version))
-              (sha256
-               (base32 "1m0lzrr7hkxfvc5f9p8snimv0rmin2463zhg25mv36wig8g5k7l3"))))
-    (build-system cmake-build-system)
-    (native-inputs
-     `(("pkg-config" ,pkg-config)
-       ("xmlto" ,xmlto)))
-    (inputs
-     `(("libx11" ,libx11)
-       ("libxkbfile" ,libxkbfile)
-       ("libxcursor" ,libxcursor)
-       ("libxext" ,libxext)
-       ("libxi" ,libxi)
-       ("libxv" ,libxv)
-       ("libxrandr" ,libxrandr)
-       ("libxrender" ,libxrender)
-       ("libxinerama" ,libxinerama)
-       ("libxshmfence" ,libxshmfence)
-       ("libxml2" ,libxml2)
-       ("libxslt" ,libxslt)
-       ("cups" ,cups)
-       ("ffmpeg" ,ffmpeg)
-       ("pulseaudio" ,pulseaudio)
-       ("alsa-lib" ,alsa-lib)
-       ("gstreamer" ,gstreamer)
-       ("gst-plugins-base" ,gst-plugins-base)
-       ("zlib" ,zlib)
-       ("openssl" ,openssl)))
-    (arguments
-     `(#:configure-flags
-       '("-DCMAKE_INSTALL_LIBDIR=lib"
-         "-DWITH_PULSE=ON"
-         "-DWITH_CUPS=ON")
-       #:phases
-       (modify-phases %standard-phases
-         (add-before 'configure 'patch-cmakelists
-           (lambda _
-             ;; CMake would return an error on REMOVE_DUPLICATES because this
-             ;; list is empty.
-             (substitute* "channels/client/CMakeLists.txt"
-               (("list\\(REMOVE_DUPLICATES CHANNEL_STATIC_CLIENT_ENTRIES\\)")
-                "")))))
-       #:tests? #f))                              ; no 'test' target
-    (home-page "https://www.freerdp.com")
-    (synopsis "Remote Desktop Protocol implementation")
-    (description "FreeRDP implements Microsoft's Remote Desktop Protocol.  It
-consists of the @code{xfreerdp} client, libraries for client and server
+  (let ((commit "03ab68318966c3a22935a02838daaea7b7fbe96c"))
+    (package
+      (name "freerdp")
+      (version (git-version "1.1" "1" commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      ;; We need the 1.1 branch for RDP support in vinagre.
+                      (url "git://github.com/FreeRDP/FreeRDP.git")
+                      (commit commit)))
+                (file-name (git-file-name name version))
+                (sha256
+                 (base32 "07ish8rmvbk2zd99k91qybmmh5h4afly75l5kbvslhq1r6k8pbmp"))))
+      (build-system cmake-build-system)
+      (native-inputs
+       `(("pkg-config" ,pkg-config)
+         ("libxslt" ,libxslt)
+         ("libxml2" ,libxml2)
+         ("docbook-xsl" ,docbook-xsl)
+         ("xmlto" ,xmlto)))
+      (inputs
+       `(("libx11" ,libx11)
+         ("libxkbfile" ,libxkbfile)
+         ("libxcursor" ,libxcursor)
+         ("libxext" ,libxext)
+         ("libxi" ,libxi)
+         ("libxv" ,libxv)
+         ("libxrandr" ,libxrandr)
+         ("libxrender" ,libxrender)
+         ("libxinerama" ,libxinerama)
+         ("libxshmfence" ,libxshmfence)
+         ("cups" ,cups)
+         ("ffmpeg" ,ffmpeg-2.8)
+         ("libjpeg" ,libjpeg)
+         ("pulseaudio" ,pulseaudio)
+         ("alsa-lib" ,alsa-lib)
+         ("zlib" ,zlib)
+         ("openssl" ,openssl)))
+      (arguments
+       `(#:configure-flags
+         (list "-DCMAKE_INSTALL_LIBDIR=lib"
+               "-DCMAKE_BUILD_TYPE=RELEASE"
+               "-DWITH_JPEG=ON"
+               ,@(if (string-prefix? "x86_64"
+                                     (or (%current-target-system)
+                                         (%current-system)))
+                     '("-DWITH_SSE2=ON")
+                     '())
+               (string-append "-DDOCBOOKXSL_DIR="
+                              (assoc-ref %build-inputs "docbook-xsl")
+                              "/xml/xsl/docbook-xsl-"
+                              ,(package-version docbook-xsl))
+               "-DWITH_PULSE=ON"
+               "-DWITH_CUPS=ON")
+         #:tests? #f))                              ; no 'test' target
+      (home-page "https://www.freerdp.com")
+      (synopsis "Remote Desktop Protocol implementation")
+      (description "FreeRDP implements Microsoft's Remote Desktop Protocol.
+It consists of the @code{xfreerdp} client, libraries for client and server
 functionality, and Windows Portable Runtime (WinPR), a portable implementation
 of parts of the Windows API.")
-    (license license:asl2.0)))
+    (license license:asl2.0))))
diff --git a/gnu/packages/regex.scm b/gnu/packages/regex.scm
index 275912b9d0..f35d3e63aa 100644
--- a/gnu/packages/regex.scm
+++ b/gnu/packages/regex.scm
@@ -28,7 +28,7 @@
 (define-public re2
    (package
      (name "re2")
-     (version "2017-07-01")
+     (version "2017-08-01")
      (source (origin
                (method url-fetch)
                (uri
@@ -38,7 +38,7 @@
                (file-name (string-append name "-" version ".tar.gz"))
                (sha256
                 (base32
-                 "07jbhcfpa4z8ra08q0i7j9p9sq6yy1wdx09laysz9jysgkc6mw76"))))
+                 "0dhndzr4ncdpa3yq22qlzxk7i1vlrcdg9z65k0k3j9bi37f271wk"))))
      (build-system gnu-build-system)
      (arguments
       `(#:modules ((guix build gnu-build-system)
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 7eba684440..243ff9e5db 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -49,6 +49,7 @@
 (define-public ruby
   (package
     (name "ruby")
+    (replacement ruby-2.4.1)
     (version "2.4.0")
     (source
      (origin
@@ -102,6 +103,26 @@ a focus on simplicity and productivity.")
     (home-page "https://ruby-lang.org")
     (license license:ruby)))
 
+(define-public ruby-2.4.1
+  (package
+    (inherit ruby)
+    (name "ruby")
+    (version "2.4.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://cache.ruby-lang.org/pub/ruby/"
+                           (version-major+minor version)
+                           "/ruby-" version ".tar.xz"))
+       (sha256
+        (base32
+         "0m763zf2v0jhrha3cx21g4dif6vc9gm714invs8h3sg35ncskj2g"))
+       (modules '((guix build utils)))
+       (snippet `(begin
+                   ;; Remove bundled libffi
+                   (delete-file-recursively "ext/fiddle/libffi-3.2.1")
+                   #t))))))
+
 (define-public ruby-2.3
   (package
     (inherit ruby)
@@ -219,13 +240,13 @@ announcement.")
 (define-public ruby-rake-compiler
   (package
     (name "ruby-rake-compiler")
-    (version "1.0.1")
+    (version "1.0.4")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "rake-compiler" version))
               (sha256
                (base32
-                "1lf91nf1fcnmsh54mxz06wyfmjkwh58vljr35zns5cwbg8fwmi20"))))
+                "1xpdi4w8zaklk1i9ps8g3k0icw3v5fcks092l84w28rgrpx82qip"))))
     (build-system ruby-build-system)
     (arguments
      '(#:tests? #f)) ; needs cucumber
@@ -314,13 +335,13 @@ groups.")
 (define-public ruby-diff-lcs
   (package
     (name "ruby-diff-lcs")
-    (version "1.2.5")
+    (version "1.3")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "diff-lcs" version))
               (sha256
                (base32
-                "1vf9civd41bnqi6brr5d9jifdw73j9khc6fkhfl1f8r9cpkdvlx1"))))
+                "18w22bjz424gzafv6nzv98h0aqkwz3d9xhm7cbr1wfbyas8zayza"))))
     (build-system ruby-build-system)
     (arguments
      '(#:tests? #f)) ; avoid dependency cycles
@@ -443,13 +464,13 @@ expectations and mocks frameworks.")
 (define-public bundler
   (package
     (name "bundler")
-    (version "1.15.1")
+    (version "1.15.4")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "bundler" version))
               (sha256
                (base32
-                "1mq0n8g08vf2rnd7fvylx3f4sspx15abid49gycf9zzsjj7w8vps"))))
+                "0wl4r7wbwdq68xidfv4hhzfb1spb6lmhbspwlzrg4pf1l6ipxlgs"))))
     (build-system ruby-build-system)
     (arguments
      '(#:tests? #f)) ; avoid dependency cycles
@@ -488,13 +509,13 @@ supported: XML Markup and XML Events.")
 (define-public ruby-rjb
   (package
     (name "ruby-rjb")
-    (version "1.5.3")
+    (version "1.5.5")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "rjb" version))
               (sha256
                (base32
-                "0gzs92dagk981s4vrymnqg0vll783b9k564j0cdgp167nc5a2zg4"))))
+                "1ppj8rbicj3w0nhh7f73mflq19yd7pzdzkh2a91hcvphriy5b0ca"))))
     (build-system ruby-build-system)
     (arguments
      `(#:tests? #f ; no rakefile
@@ -662,14 +683,14 @@ extensions.")
 (define-public ruby-libxml
   (package
     (name "ruby-libxml")
-    (version "2.8.0")
+    (version "3.0.0")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "libxml-ruby" version))
        (sha256
         (base32
-         "1dhjqp4r9vkdp00l6h1cj8qfndzxlhlxk6b9g0w4v55gz857ilhb"))))
+         "0xy8wmjwjcnv36zi042678ncjzpxvy351ccbv7mzkns2n3kxfp54"))))
     (build-system ruby-build-system)
     (inputs
      `(("zlib" ,zlib)
@@ -709,13 +730,13 @@ Ruby.")
 (define-public ruby-thor
   (package
     (name "ruby-thor")
-    (version "0.19.1")
+    (version "0.19.4")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "thor" version))
               (sha256
                (base32
-                "08p5gx18yrbnwc6xc0mxvsfaxzgy2y9i78xq7ds0qmdm67q39y4z"))))
+                "01n5dv9kql60m6a00zc0r66jvaxx98qhdny3klyj0p3w34pad2ns"))))
     (build-system ruby-build-system)
     (arguments
      '(#:tests? #f)) ; no test suite
@@ -730,13 +751,13 @@ interfaces.")
 (define-public ruby-lumberjack
   (package
     (name "ruby-lumberjack")
-    (version "1.0.10")
+    (version "1.0.12")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "lumberjack" version))
               (sha256
                (base32
-                "0ily8j83q959w19zb7qm6m7y53sdj9afxj4x6mn2adl4i7vpdsv4"))))
+                "0yz26k9mi0djx1qvlmvdw1xw2yf7a2rkfmnb2j0d28kms33xpibp"))))
     (build-system ruby-build-system)
     (native-inputs
      `(("ruby-rspec" ,ruby-rspec)
@@ -752,13 +773,13 @@ same log file.")
 (define-public ruby-nenv
   (package
     (name "ruby-nenv")
-    (version "0.2.0")
+    (version "0.3.0")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "nenv" version))
               (sha256
                (base32
-                "152wxwri0afwgnxdf93gi6wjl9rr5z7vwp8ln0gpa3rddbfc27s6"))))
+                "0r97jzknll9bhd8yyg2bngnnkj8rjhal667n7d32h8h7ny7nvpnr"))))
     (build-system ruby-build-system)
     (arguments
      `(#:tests? #f)) ; no tests included
@@ -834,13 +855,13 @@ the output produced by running shell commands.")
 (define-public ruby-notiffany
   (package
     (name "ruby-notiffany")
-    (version "0.0.7")
+    (version "0.1.1")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "notiffany" version))
               (sha256
                (base32
-                "1v5x1w59qq85r6dpv3y9ga34dfd7hka1qxyiykaw7gm0i6kggbhi"))))
+                "0x838fa5il0dd9zbm3lxkpbfxcf5fxv9556mayc2mxsdl5ghv8nx"))))
     (build-system ruby-build-system)
     ;; Tests are not included in the gem.
     (arguments `(#:tests? #f))
@@ -929,13 +950,13 @@ Ruby Gems.")
 (define-public ruby-ffi
   (package
     (name "ruby-ffi")
-    (version "1.9.14")
+    (version "1.9.18")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "ffi" version))
               (sha256
                (base32
-                "1nkcrmxqr0vb1y4rwliclwlj2ajsi4ddpdx2gvzjy0xbkk5iqzfp"))))
+                "034f52xf7zcqgbvwbl20jwdyjwznvqnwpbaps9nk18v9lgb1dpx0"))))
     (build-system ruby-build-system)
     ;; FIXME: Before running tests the build system attempts to build libffi
     ;; from sources.
@@ -957,13 +978,13 @@ and JRuby.")
 (define-public ruby-simplecov-html
   (package
     (name "ruby-simplecov-html")
-    (version "0.10.0")
+    (version "0.10.1")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "simplecov-html" version))
               (sha256
                (base32
-                "1qni8g0xxglkx25w54qcfbi4wjkpvmb28cb7rj5zk3iqynjcdrqf"))))
+                "0f3psphismgp6jp1fxxz09zbswh7m2xxxr6gqlzdh7sgv415clvm"))))
     (build-system ruby-build-system)
     (arguments `(#:tests? #f)) ; there are no tests
     (native-inputs
@@ -1004,13 +1025,13 @@ suites.")
 (define-public ruby-useragent
   (package
     (name "ruby-useragent")
-    (version "0.13.3")
+    (version "0.16.8")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "useragent" version))
               (sha256
                (base32
-                "0kz7yyz7528bv4a2kfymvkcm8whqcddhmgaw1ksw1d90n30hhkpc"))))
+                "1139cjqyv1hk1qcw89k81ajjkqyakqgbcyvmfrsmjqi8yn9kgqhq"))))
     (build-system ruby-build-system)
     (arguments
      '(#:tests? #f)) ; no test suite
@@ -1040,13 +1061,13 @@ features.")
 (define-public ruby-connection-pool
   (package
     (name "ruby-connection-pool")
-    (version "2.2.0")
+    (version "2.2.1")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "connection_pool" version))
               (sha256
                (base32
-                "1b2bb3k39ni5mzcnqlv9y4yjkbin20s7dkwzp0jw2jf1rmzcgrmy"))))
+                "17vpaj6kyf2i8bimaxz7rg1kyadf4d10642ja67qiqlhwgczl2w7"))))
     (build-system ruby-build-system)
     (native-inputs
      `(("bundler" ,bundler)))
@@ -1059,13 +1080,13 @@ interface for Ruby programs.")
 (define-public ruby-net-http-persistent
   (package
     (name "ruby-net-http-persistent")
-    (version "2.9.4")
+    (version "3.0.0")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "net-http-persistent" version))
               (sha256
                (base32
-                "1y9fhaax0d9kkslyiqi1zys6cvpaqx9a0y0cywp24rpygwh4s9r4"))))
+                "156rv95bgxfz6qw5y1r7c7bswr77918hygl8dyl14qzbqc5vyp18"))))
     (build-system ruby-build-system)
     (native-inputs
      `(("ruby-connection-pool" ,ruby-connection-pool)
@@ -1170,13 +1191,13 @@ use GNU gettext tools for maintenance.")
 (define-public ruby-packnga
   (package
     (name "ruby-packnga")
-    (version "1.0.1")
+    (version "1.0.4")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "packnga" version))
               (sha256
                (base32
-                "1i71yhvlkvi5fp3m8jl9317cnddkbnrcy0syrmiw4y1lrq0cbncj"))))
+                "1vv2j0i43s4xid2km5hgrrxqlqpwgq8nlm8kaxfg2531c1vwfsd4"))))
     (build-system ruby-build-system)
     ;; ruby-test-unit is required to run tests, but that needs ruby-packnga.
     ;; To break the dependency cycle we disable tests.
@@ -1195,13 +1216,13 @@ use GNU gettext tools for maintenance.")
 (define-public ruby-test-unit
   (package
     (name "ruby-test-unit")
-    (version "3.2.4")
+    (version "3.2.5")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "test-unit" version))
               (sha256
                (base32
-                "09mb34lnffracsqxl4dav4c21p5nr4pj9hm5qy2s83k5hbjya3s7"))))
+                "05bx36fw01iqz0xqhvjfrwjgnj1zx3b2vn6w1fzp19rchd7zqc52"))))
     (build-system ruby-build-system)
     (propagated-inputs
      `(("ruby-power-assert" ,ruby-power-assert)))
@@ -1324,13 +1345,13 @@ knowing anything about the constructor.")
 (define-public ruby-introspection
   (package
     (name "ruby-introspection")
-    (version "0.0.3")
+    (version "0.0.4")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "introspection" version))
               (sha256
                (base32
-                "0g1j71sqfxbqk32wj7d0bkd3dlayfqzprfq3dbr0rq107xbxjcrr"))))
+                "1y2nbijkc0zlfmn9ss6588ilarq2kbn2i7w7pwwsli66dj84zgca"))))
     (build-system ruby-build-system)
     (arguments
      `(#:phases
@@ -1365,13 +1386,13 @@ definitions on a Ruby object.")
 (define-public ruby-redcarpet
   (package
     (name "ruby-redcarpet")
-    (version "3.3.3")
+    (version "3.4.0")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "redcarpet" version))
               (sha256
                (base32
-                "14i3wypp97bpk20679d1csy88q4hsgfqbnqw6mryl77m2g0d09pk"))))
+                "0h9qz2hik4s9knpmbwrzb3jcp3vc5vygp9ya8lcpl7f1l9khmcd7"))))
     (build-system ruby-build-system)
     (arguments
      `(#:phases
@@ -1478,13 +1499,13 @@ with processes on remote servers, via SSH2.")
 (define-public ruby-minitest
   (package
     (name "ruby-minitest")
-    (version "5.10.2")
+    (version "5.10.3")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "minitest" version))
               (sha256
                (base32
-                "11my86fnihvpndyknn3c14hc82nhsgggnhlxh8h3bdjpmfsvl0my"))))
+                "05521clw19lrksqgvg2kmm025pvdhdaniix52vmbychrn2jm7kz2"))))
     (build-system ruby-build-system)
     (native-inputs
      `(("ruby-hoe" ,ruby-hoe)))
@@ -1542,13 +1563,13 @@ easier to re-run individual failing tests.")
 (define-public ruby-minitest-bacon
   (package
     (name "ruby-minitest-bacon")
-    (version "1.0.2")
+    (version "1.0.3")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "minitest-bacon" version))
               (sha256
                (base32
-                "0cm7r68422743i3b6fm4rrm0r6cnnjmglq5gcmmgl1f0rk5hnf6r"))))
+                "0zhdwcl6bgha61qiyfvr7zs7ywaxc33wmj9xhxl8jdmpdvifvfaj"))))
     (build-system ruby-build-system)
     (native-inputs
      `(("ruby-hoe" ,ruby-hoe)))
@@ -1658,14 +1679,14 @@ MiniTest @code{Object#stub} with a global @code{stub} method.")
 (define-public ruby-minitest-bonus-assertions
   (package
     (name "ruby-minitest-bonus-assertions")
-    (version "2.0")
+    (version "3.0")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "minitest-bonus-assertions" version))
        (sha256
         (base32
-         "11nrd32kwy61ndg9csk7l1ifya79ghrrv3vsrxj57k50m7na6jkm"))))
+         "1hbq9jk904xkz868yha1bqcm6azm7kmjsll2k4pn2nrcib508h2a"))))
     (build-system ruby-build-system)
     (arguments
      `(#:phases
@@ -1718,14 +1739,14 @@ instance, it provides @code{assert_true}, @code{assert_false} and
 (define-public ruby-minitest-hooks
   (package
     (name "ruby-minitest-hooks")
-    (version "1.4.0")
+    (version "1.4.1")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "minitest-hooks" version))
        (sha256
         (base32
-         "092fymh0c09v3a585qw3hc15b0zf159s74rxx1ga87drk5jr958z"))))
+         "05bngfyxwq1cflk568nhddgfrmws5ff6kiqax4skklsjnh71ykbi"))))
     (build-system ruby-build-system)
     (arguments
      '(#:test-target "spec"))
@@ -1745,13 +1766,13 @@ for specs that share expensive database setup code.")
 (define-public ruby-daemons
   (package
     (name "ruby-daemons")
-    (version "1.2.2")
+    (version "1.2.4")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "daemons" version))
               (sha256
                (base32
-                "121c7vkimg3baxga69xvdkwxiq8wkmxqvdbyqi5i82vhih5d3cn3"))))
+                "1bmb4qrd95b5gl3ym5j3q6mf090209f4vkczggn49n56w6s6zldz"))))
     (build-system ruby-build-system)
     (arguments
      `(#:tests? #f)) ; no test suite
@@ -1764,13 +1785,13 @@ run as a daemon and to be controlled by simple start/stop/restart commands.")
 (define-public ruby-git
   (package
     (name "ruby-git")
-    (version "1.2.9.1")
+    (version "1.3.0")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "git" version))
               (sha256
                (base32
-                "1sqfj8lmhl7c5zamcckkpik4izfph2zkv6krw0i8mzj5pdws5acs"))))
+                "1waikaggw7a1d24nw0sh8fd419gbf7awh000qhsf411valycj6q3"))))
     (build-system ruby-build-system)
     (arguments
      `(#:tests? #f ; no tests
@@ -1799,13 +1820,13 @@ and manipulate Git repositories by wrapping system calls to the git binary.")
 (define-public ruby-slop
   (package
     (name "ruby-slop")
-    (version "4.1.0")
+    (version "4.5.0")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "slop" version))
               (sha256
                (base32
-                "0dj0ps6v1mqd02k84mgwd7hp578n2bzl7c51h3grdhxfl3jkfsj5"))))
+                "0bfm8535g0rkn9cbjndkckf0f7a3wj0rg4rqhrpsgxnbfdf2lm0p"))))
     (build-system ruby-build-system)
     (native-inputs
      `(("ruby-minitest" ,ruby-minitest)))
@@ -1847,13 +1868,13 @@ net/http library.")
 (define-public ruby-arel
   (package
     (name "ruby-arel")
-    (version "7.1.4")
+    (version "8.0.0")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "arel" version))
               (sha256
                (base32
-                "0l757dkkaxk5fq3368l79jpyzq9a9driricjamhiwhwvh0h7xcyx"))))
+                "0nw0qbc6ph625p6n3maqq9f527vz3nbl0hk72fbyka8jzsmplxzl"))))
     (build-system ruby-build-system)
     (arguments '(#:tests? #f)) ; no tests
     (home-page "https://github.com/rails/arel")
@@ -1913,24 +1934,24 @@ to reproduce user environments.")
 
 (define-public ruby-mini-portile-2
   (package (inherit ruby-mini-portile)
-    (version "2.1.0")
+    (version "2.2.0")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "mini_portile2" version))
               (sha256
                (base32
-                "1y25adxb1hgg1wb2rn20g3vl07qziq6fz364jc5694611zz863hb"))))))
+                "0g5bpgy08q0nc0anisg3yvwc1gc3inl854fcrg48wvg7glqd6dpm"))))))
 
 (define-public ruby-nokogiri
   (package
     (name "ruby-nokogiri")
-    (version "1.7.0.1")
+    (version "1.8.0")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "nokogiri" version))
               (sha256
                (base32
-                "10xahg0fwydh27psm8bv429mdja2ks6x83vxizq26ib8wvs05mv3"))))
+                "1nffsyx1xjg6v5n9rrbi8y1arrcx2i5f21cp6clgh9iwiqkr7rnn"))))
     (build-system ruby-build-system)
     (arguments
      ;; Tests fail because Nokogiri can only test with an installed extension,
@@ -2090,14 +2111,14 @@ file or directories are modified.")
 (define-public ruby-thread-safe
   (package
     (name "ruby-thread-safe")
-    (version "0.3.5")
+    (version "0.3.6")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "thread_safe" version))
        (sha256
         (base32
-         "1hq46wqsyylx5afkp6jmcihdpv4ynzzq9ygb6z2pb1cbz5js0gcr"))))
+         "0nmhcgq6cgz44srylra07bmaw99f5271l0dpsvl5f75m44l0gmwy"))))
     (build-system ruby-build-system)
     (arguments
      '(#:tests? #f)) ; needs simplecov, among others
@@ -2110,14 +2131,14 @@ utilities for Ruby.")
 (define-public ruby-tzinfo
   (package
     (name "ruby-tzinfo")
-    (version "1.2.2")
+    (version "1.2.3")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "tzinfo" version))
        (sha256
         (base32
-         "1c01p3kg6xvy1cgjnzdfq45fggbwish8krd0h864jvbpybyx7cgx"))))
+         "05r81lk7q7275rdq7xipfm0yxgqyd2ggh73xpc98ypngcclqcscl"))))
     (build-system ruby-build-system)
     (propagated-inputs
      `(("ruby-thread-safe" ,ruby-thread-safe)))
@@ -2162,14 +2183,14 @@ IANA Time Zone database packaged as Ruby modules for use with @code{TZInfo}.")
 (define-public ruby-rb-inotify
   (package
     (name "ruby-rb-inotify")
-    (version "0.9.5")
+    (version "0.9.10")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "rb-inotify" version))
        (sha256
         (base32
-         "0kddx2ia0qylw3r52nhg83irkaclvrncgy2m1ywpbhlhsz1rymb9"))))
+         "0yfsgw5n7pkpyky6a9wkf1g9jafxb0ja7gz0qw0y14fd2jnzfh71"))))
     (build-system ruby-build-system)
     (arguments
      '(#:tests? #f ; there are no tests
@@ -2253,13 +2274,13 @@ documentation for Ruby code.")
 (define-public ruby-tins
   (package
     (name "ruby-tins")
-    (version "1.7.0")
+    (version "1.15.0")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "tins" version))
               (sha256
                (base32
-                "1060h8dgnjl9az0sv1b74yrni8d4mh3x858wq6yfbfdf5dxrfl0a"))))
+                "09whix5a7ics6787zrkwjmp16kqyh6560p9f317syks785805f7s"))))
     (build-system ruby-build-system)
     ;; This gem needs gem-hadar at development time, but gem-hadar needs tins
     ;; at runtime.  To avoid the dependency on gem-hadar we disable rebuilding
@@ -2363,13 +2384,13 @@ Ruby's large and slower test/unit.")
 (define-public ruby-term-ansicolor
   (package
     (name "ruby-term-ansicolor")
-    (version "1.3.2")
+    (version "1.6.0")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "term-ansicolor" version))
               (sha256
                (base32
-                "0ydbbyjmk5p7fsi55ffnkq79jnfqx65c3nj8d9rpgl6sw85ahyys"))))
+                "1b1wq9ljh7v3qyxkk8vik2fqx2qzwh5lval5f92llmldkw7r7k7b"))))
     (build-system ruby-build-system)
     ;; Rebuilding the gemspec seems to require git, even though this is not a
     ;; git repository, so we just build the gem from the existing gemspec.
@@ -2417,13 +2438,13 @@ process tree data structure for the current host.")
 (define-public ruby-utils
   (package
     (name "ruby-utils")
-    (version "0.2.4")
+    (version "0.9.0")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "utils" version))
               (sha256
                (base32
-                "0vycgscxf3s1xn4yyfsq54zlh082581ga8azybmqgc4pij6iz2cd"))))
+                "196zhgcygrnx09bb9mh22qas03rl9avzx8qs0wnxznpin4pffwcl"))))
     (build-system ruby-build-system)
     (propagated-inputs
      `(("ruby-tins" ,ruby-tins)
@@ -2463,46 +2484,34 @@ a native C extension.")
 (define-public ruby-json-pure
   (package
     (name "ruby-json-pure")
-    (version "1.8.3")
+    (version "2.1.0")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "json_pure" version))
               (sha256
                (base32
-                "025aykr360x6dr1jmg8pmsrx7gr30pws4p1q686vnb48zyw1sc94"))))
+                "12yf9fmhr4c2jm3xl20vf1qyz5i63vc8a6ngz9j0f86nqwhmi2as"))))
     (build-system ruby-build-system)
     (arguments
-     `(#:modules ((srfi srfi-1)
-                  (ice-9 regex)
-                  (rnrs io ports)
-                  (guix build ruby-build-system)
-                  (guix build utils))
-       #:phases
+     `(#:phases
        (modify-phases %standard-phases
-         (add-after 'unpack 'replace-git-ls-files
+         (add-after 'unpack 'fix-rakefile
            (lambda _
-             ;; The existing gemspec file already contains a nice list of
-             ;; files that belong to the gem.  We extract the list from the
-             ;; gemspec file and then replace the file list in the Rakefile to
-             ;; get rid of the call to "git ls-files".
-             (let* ((contents (call-with-input-file "json.gemspec" get-string-all))
-                    ;; Guile is unhappy about the #\nul characters in comments.
-                    (filtered (string-filter (lambda (char)
-                                               (not (equal? #\nul char)))
-                                             contents))
-                    (files (match:substring
-                            (string-match "  s\\.files = ([^]]+\\])" filtered) 1)))
-               (substitute* "Rakefile"
-                 (("FileList\\[`git ls-files`\\.split\\(/\\\\n/\\)\\]")
-                  (string-append "FileList" files))))
-             (substitute* "Gemfile"
-               ((".*json-java.*") "\n"))
-             #t)))))
+             (substitute* "Rakefile"
+               ;; Since this is not a git repository, do not call 'git'.
+               (("`git ls-files`") "`find . -type f |sort`")
+               ;; Loosen dependency constraint.
+               (("'test-unit', '~> 2.0'") "'test-unit', '>= 2.0'"))
+             #t))
+         (add-after 'replace-git-ls-files 'regenerate-gemspec
+           (lambda _
+             ;; Regenerate gemspec so loosened dependency constraints are
+             ;; propagated.
+             (zero? (system* "rake" "gemspec")))))))
     (native-inputs
-     `(("ruby-permutation" ,ruby-permutation)
-       ("ruby-utils" ,ruby-utils)
-       ("ragel" ,ragel)
-       ("bundler" ,bundler)))
+     `(("bundler" ,bundler)
+       ("ruby-test-unit" ,ruby-test-unit)
+       ("ruby-simplecov" ,ruby-simplecov)))
     (synopsis "JSON implementation in pure Ruby")
     (description
      "This package provides a JSON implementation written in pure Ruby.")
@@ -2514,13 +2523,13 @@ a native C extension.")
 (define-public ruby-rb-fsevent
   (package
     (name "ruby-rb-fsevent")
-    (version "0.9.6")
+    (version "0.10.2")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "rb-fsevent" version))
               (sha256
                (base32
-                "1hq57by28iv0ijz8pk9ynih0xdg7vnl1010xjcijfklrcv89a1j2"))))
+                "1fbpmjypwxkb8r7y1kmhmyp6gawa4byw0yb3jc3dn9ly4ld9lizf"))))
     (build-system ruby-build-system)
     ;; Tests need "guard-rspec", which needs "guard".  However, "guard" needs
     ;; "listen", which needs "rb-fsevent" at runtime.
@@ -2534,14 +2543,14 @@ a native C extension.")
 (define-public ruby-listen
   (package
     (name "ruby-listen")
-    (version "3.0.3")
+    (version "3.1.5")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "listen" version))
        (sha256
         (base32
-         "10lhshjklxlrkw7999j0xl6sdxd4x32kiy8rp88jwr68kis5vq2b"))))
+         "01v5mrnfqm6sgm8xn2v5swxsn1wlmq7rzh2i48d4jzjsc7qvb6mx"))))
     (build-system ruby-build-system)
     (arguments '(#:tests? #f)) ; no tests
     (propagated-inputs
@@ -2556,14 +2565,14 @@ you about the changes.")
 (define-public ruby-activesupport
   (package
     (name "ruby-activesupport")
-    (version "5.0.0")
+    (version "5.1.3")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "activesupport" version))
        (sha256
         (base32
-         "0k7zhnz0aw1ym8phs10r85f91ja45vsd058fm9v0h2k0igw12cpf"))))
+         "16r18n6b1nlky0xx2lw8c1f15gr2vm34xz5g4byjcxf88m1s07xh"))))
     (build-system ruby-build-system)
     (arguments
      `(#:phases
@@ -2704,14 +2713,14 @@ unacceptable HTML and/or CSS from a string.")
 (define-public ruby-ox
   (package
     (name "ruby-ox")
-    (version "2.5.0")
+    (version "2.6.0")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "ox" version))
        (sha256
         (base32
-         "0rar0xr5qn3zac1r2z18kmpapx121c2l3z8jsgh60vsddwzpdh7h"))))
+         "0fmk62b1h2i79dfzjj8wmf8qid1rv5nhwfc17l489ywnga91xl83"))))
     (build-system ruby-build-system)
     (arguments
      '(#:tests? #f)) ; no tests
@@ -2727,13 +2736,13 @@ alternative to Marshal for Object serialization. ")
 (define-public ruby-redcloth
   (package
     (name "ruby-redcloth")
-    (version "4.2.9")
+    (version "4.3.2")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "RedCloth" version))
               (sha256
                (base32
-                "06pahxyrckhgb7alsxwhhlx1ib2xsx33793finj01jk8i054bkxl"))))
+                "0m9dv7ya9q93r8x1pg2gi15rxlbck8m178j1fz7r5v6wr1avrrqy"))))
     (build-system ruby-build-system)
     (arguments
      `(#:tests? #f ; no tests
@@ -2766,14 +2775,14 @@ alternative to Marshal for Object serialization. ")
 (define-public ruby-pg
   (package
     (name "ruby-pg")
-    (version "0.20.0")
+    (version "0.21.0")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "pg" version))
        (sha256
         (base32
-         "03xcgwjs6faxis81jxf2plnlalg55dhhafqv3kvjxfr8ic7plpw5"))))
+         "00vhasqwc4f98qb4wxqn2h07fjwzhp5lwyi41j2gndi2g02wrdqh"))))
     (build-system ruby-build-system)
     (arguments
      '(#:test-target "spec"))
@@ -2792,14 +2801,14 @@ with PostgreSQL 8.4 and later.")
 (define-public ruby-byebug
   (package
     (name "ruby-byebug")
-    (version "6.0.2")
+    (version "9.0.6")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "byebug" version))
        (sha256
         (base32
-         "0537h9qbhr6csahmzyn4lk1g5b2lcligbzd21gfy93nx9lbfdnzc"))))
+         "1kbfcn65rgdhi72n8x9l393b89rvi5z542459k7d1ggchpb0idb0"))))
     (build-system ruby-build-system)
     (arguments
      '(#:tests? #f)) ; no tests
@@ -2869,51 +2878,61 @@ including comments and whitespace.")
     (license license:expat)))
 
 (define-public ruby-tdiff
-  (package
-    (name "ruby-tdiff")
-    (version "0.3.3")
-    (source (origin
-              (method url-fetch)
-              (uri (rubygems-uri "tdiff" version))
-              (sha256
-               (base32
-                "0k41jbvn8qq4mgrixnhlk742b971d136i8wpbcv2cczvi22xpc86"))))
-    (build-system ruby-build-system)
-    (native-inputs
-     `(("ruby-rspec-2" ,ruby-rspec-2)
-       ("ruby-yard" ,ruby-yard)
-       ("ruby-rubygems-tasks" ,ruby-rubygems-tasks)))
-    (synopsis "Calculate the differences between two tree-like structures")
-    (description
-     "This library provides functions to calculate the differences between two
+  ;; Use a newer than released snapshot so that rspec-2 is not required.
+  (let ((commit "b662a6048f08abc45c1a834e5f34dd1c662935e2"))
+    (package
+      (name "ruby-tdiff")
+      (version (string-append "0.3.3-1." (string-take commit 8)))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/postmodern/tdiff.git")
+                      (commit commit)))
+                (file-name (string-append name "-" version "-checkout"))
+                (sha256
+                 (base32
+                  "0n3gq8rx49f7ln6zqlshqfg2mgqyy30rsdjlnki5mv307ykc7ad4"))))
+      (build-system ruby-build-system)
+      (native-inputs
+       `(("ruby-rspec" ,ruby-rspec)
+         ("ruby-yard" ,ruby-yard)
+         ("ruby-rubygems-tasks" ,ruby-rubygems-tasks)))
+      (synopsis "Calculate the differences between two tree-like structures")
+      (description
+       "This library provides functions to calculate the differences between two
 tree-like structures.  It is similar to Ruby's built-in @code{TSort} module.")
-    (home-page "https://github.com/postmodern/tdiff")
-    (license license:expat)))
+      (home-page "https://github.com/postmodern/tdiff")
+      (license license:expat))))
 
 (define-public ruby-nokogiri-diff
-  (package
-    (name "ruby-nokogiri-diff")
-    (version "0.2.0")
-    (source (origin
-              (method url-fetch)
-              (uri (rubygems-uri "nokogiri-diff" version))
-              (sha256
-               (base32
-                "0njr1s42war0bj1axb2psjvk49l74a8wzr799wckqqdcb6n51lc1"))))
-    (build-system ruby-build-system)
-    (propagated-inputs
-     `(("ruby-tdiff" ,ruby-tdiff)
-       ("ruby-nokogiri" ,ruby-nokogiri)))
-    (native-inputs
-     `(("ruby-rspec-2" ,ruby-rspec-2)
-       ("ruby-yard" ,ruby-yard)
-       ("ruby-rubygems-tasks" ,ruby-rubygems-tasks)))
-    (synopsis "Calculate the differences between two XML/HTML documents")
-    (description
-     "@code{Nokogiri::Diff} adds the ability to calculate the
+  ;; Use a newer than released snapshot so that rspec-2 is not required.
+  (let ((commit "a38491e4d8709b7406f2cae11a50226d927d06f5"))
+    (package
+      (name "ruby-nokogiri-diff")
+      (version (string-append "0.2.0-1." (string-take commit 8)))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/postmodern/nokogiri-diff.git")
+                      (commit commit)))
+                (file-name (string-append name "-" version "-checkout"))
+                (sha256
+                 (base32
+                  "1ah2sfjh9n1p0ln2wkqzfl448ml7j4zfy6dhp1qgzq2m41php6rf"))))
+      (build-system ruby-build-system)
+      (propagated-inputs
+       `(("ruby-tdiff" ,ruby-tdiff)
+         ("ruby-nokogiri" ,ruby-nokogiri)))
+      (native-inputs
+       `(("ruby-rspec" ,ruby-rspec)
+         ("ruby-yard" ,ruby-yard)
+         ("ruby-rubygems-tasks" ,ruby-rubygems-tasks)))
+      (synopsis "Calculate the differences between two XML/HTML documents")
+      (description
+       "@code{Nokogiri::Diff} adds the ability to calculate the
 differences (added or removed nodes) between two XML/HTML documents.")
-    (home-page "https://github.com/postmodern/nokogiri-diff")
-    (license license:expat)))
+      (home-page "https://github.com/postmodern/nokogiri-diff")
+      (license license:expat))))
 
 (define-public ruby-rack
   (package
@@ -2995,14 +3014,14 @@ Ruby classes.")
 (define-public ruby-gherkin
   (package
     (name "ruby-gherkin")
-    (version "4.0.0")
+    (version "4.1.3")
     (source
       (origin
         (method url-fetch)
         (uri (rubygems-uri "gherkin" version))
         (sha256
           (base32
-            "1ripjv97hg746xszx9isal8z8vrlb98asc2rdxl291b3hr6pj0pr"))))
+            "1d18r8mf2qyd9jbq9xxvca8adyysdzvwdy8v9c2s5hrd6p02kg79"))))
     (build-system ruby-build-system)
     (native-inputs
      `(("bundler" ,bundler)))
@@ -3018,14 +3037,14 @@ files.")
 (define-public ruby-cucumber-core
   (package
     (name "ruby-cucumber-core")
-    (version "1.5.0")
+    (version "2.0.0")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "cucumber-core" version))
        (sha256
         (base32
-         "0qj2fsqvp94nggnikbnrfvnmzr1pl6ifmdsxj69kdw1kkab30jjr"))))
+         "136hnvqv444qyxzcgy1k60y4i6cn3sn9lbqr4wan9dzz1yzllqbm"))))
     (build-system ruby-build-system)
     (propagated-inputs
      `(("ruby-gherkin" ,ruby-gherkin)))
@@ -3182,14 +3201,14 @@ application.")
 (define-public ruby-eventmachine
   (package
     (name "ruby-eventmachine")
-    (version "1.0.8")
+    (version "1.2.5")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "eventmachine" version))
        (sha256
         (base32
-         "1frvpk3p73xc64qkn0ymll3flvn4xcycq5yx8a43zd3gyzc1ifjp"))))
+         "075hdw0fgzldgss3xaqm2dk545736khcvv1fmzbf1sgdlkyh1v8z"))))
     (build-system ruby-build-system)
     (arguments
      '(#:tests? #f)) ; test suite tries to connect to google.com
@@ -3294,14 +3313,14 @@ definitions.")
 (define-public ruby-fivemat
   (package
     (name "ruby-fivemat")
-    (version "1.3.2")
+    (version "1.3.5")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "fivemat" version))
        (sha256
         (base32
-         "1gvw6g4yc96l2pcyvigahyfsjxpdjx21iiwzvf965zippchdh6gk"))))
+         "0ij7n250gk5c1g34rsbwjnpcv64gk4vsas8lkz8fac4wbygvk6z1"))))
     (build-system ruby-build-system)
     (arguments
      `(#:tests? #f)) ; no tests
@@ -3377,14 +3396,14 @@ names.")
 (define-public ruby-shoulda-matchers
   (package
     (name "ruby-shoulda-matchers")
-    (version "3.1.1")
+    (version "3.1.2")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "shoulda-matchers" version))
        (sha256
         (base32
-         "1cf6d2d9br82vylr9p362yk9cfrd14jz8v77n0yb0lbcxdbk7xzq"))))
+         "1zvv94pqk5b5my3w1shdz7h34xf2ldhg5k4qfdpbwi2iy0j9zw2a"))))
     (build-system ruby-build-system)
     (arguments
      `(#:phases
@@ -3484,14 +3503,14 @@ support to both Ruby and JRuby.  It uses @code{unf_ext} on CRuby and
 (define-public ruby-domain-name
   (package
     (name "ruby-domain-name")
-    (version "0.5.20161021")
+    (version "0.5.20170404")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "domain_name" version))
        (sha256
         (base32
-         "1y5c96gzyh6z4nrnkisljqngfvljdba36dww657ka0x7khzvx7jl"))))
+         "12hs8yijhak7p2hf1xkh98g0mnp5phq3mrrhywzaxpwz1gw5r3kf"))))
     (build-system ruby-build-system)
     (arguments
      `(#:phases
@@ -3639,14 +3658,14 @@ subprocess.")
 (define-public ruby-bio-commandeer
   (package
     (name "ruby-bio-commandeer")
-    (version "0.1.3")
+    (version "0.4.0")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "bio-commandeer" version))
        (sha256
         (base32
-         "0lin6l99ldqqjc90l9ihcrv882c4xgbgqm16jqkdy6jf955jd9a8"))))
+         "0khpfw1yl5l3d2m8nxpkk32ybc4c3pa5hic3agd160jdfjjjnlni"))))
     (build-system ruby-build-system)
     (arguments
      `(#:phases
@@ -4010,7 +4029,7 @@ part of the Prawn PDF generator.")
 (define-public ruby-puma
   (package
     (name "ruby-puma")
-    (version "3.6.0")
+    (version "3.9.1")
     (source
      (origin
        (method url-fetch)
@@ -4020,32 +4039,17 @@ part of the Prawn PDF generator.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "08aws79n9slcr50d9lwm011cp1pxvr1409c2jmyjxywvrc0a30v1"))
-       ;; Ignore broken tests reported upstream.
-       ;; https://github.com/puma/puma/issues/995
-       ;; https://github.com/puma/puma/issues/1044
-       (patches (search-patches "ruby-puma-ignore-broken-test.patch"))))
+         "03pifga841h17brh4vgia8i2ybh3cmsyg0dbybzdf6dq51wzcxdx"))))
     (build-system ruby-build-system)
     (arguments
-     `(#:phases
+     `(#:tests? #f ; Tests require an out-dated version of minitest.
+       #:phases
        (modify-phases %standard-phases
-         (add-after 'unpack 'delete-integration-tests
-           (lambda _
-             ;; One broken test in this file cannot be easily removed in
-             ;; isolation, it probably causes race conditions.  So we delete
-             ;; the entire file.
-             (delete-file "test/test_integration.rb")
-             #t))
          (add-before 'build 'fix-gemspec
            (lambda _
              (substitute* "puma.gemspec"
                (("git ls-files") "find * |sort"))
              #t)))))
-    (native-inputs
-     `(("ruby-hoe" ,ruby-hoe)
-       ("ruby-rake-compiler" ,ruby-rake-compiler)
-       ("ruby-hoe-git" ,ruby-hoe-git)
-       ("ruby-rack" ,ruby-rack)))
     (synopsis "Simple, concurrent HTTP server for Ruby/Rack")
     (description
      "Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server
@@ -4082,14 +4086,14 @@ generation.")
 (define-public ruby-sequel
   (package
     (name "ruby-sequel")
-    (version "4.40.0")
+    (version "4.49.0")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "sequel" version))
        (sha256
         (base32
-         "0r39dv3yprai0cy7hslfxswjr4fg783xwxskmbih8ry24f18lbk0"))))
+         "010p4a60npppvgbyw7pq5xia8aydpgxdlhh3qjm2615kwjsw3fl8"))))
     (build-system ruby-build-system)
     (arguments
      '(#:tests? #f)) ; Avoid dependency loop with ruby-minitest-hooks.
@@ -4104,14 +4108,14 @@ associated records.")
 (define-public ruby-timecop
   (package
     (name "ruby-timecop")
-    (version "0.8.1")
+    (version "0.9.1")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "timecop" version))
        (sha256
         (base32
-         "0vwbkwqyxhavzvr1820hqwz43ylnfcf6w4x6sag0nghi44sr9kmx"))))
+         "0d7mm786180v4kzvn1f77rhfppsg5n0sq2bdx63x9nv114zm8jrp"))))
     (build-system ruby-build-system)
     (arguments
      `(#:phases
@@ -4199,14 +4203,14 @@ patterns.")
 (define-public ruby-pkg-config
   (package
     (name "ruby-pkg-config")
-    (version "1.1.7")
+    (version "1.2.5")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "pkg-config" version))
        (sha256
         (base32
-         "0lljiqnm0b4z6iy87lzapwrdfa6ps63x2z5zbs038iig8dqx2g0z"))))
+         "056mzqdh4yjznsg36fi0xiq76f24vxlhzh2n4az919l3x5k318ar"))))
     (build-system ruby-build-system)
     (arguments
      ;; Tests require extra files not included in the gem.
@@ -4221,14 +4225,14 @@ libraries for compiling Ruby native extensions.")
 (define-public ruby-net-http-digest-auth
   (package
     (name "ruby-net-http-digest-auth")
-    (version "1.4")
+    (version "1.4.1")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "net-http-digest_auth" version))
        (sha256
         (base32
-         "14801gr34g0rmqz9pv4rkfa3crfdbyfk6r48vpg5a5407v0sixqi"))))
+         "1nq859b0gh2vjhvl1qh1zrk09pc7p54r9i6nnn6sb06iv07db2jb"))))
     (build-system ruby-build-system)
     (native-inputs
      `(("ruby-hoe" ,ruby-hoe)))
@@ -4243,14 +4247,14 @@ of the more insecure basic authentication scheme.")
 (define-public ruby-mail
   (package
     (name "ruby-mail")
-    (version "2.6.4")
+    (version "2.6.6")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "mail" version))
        (sha256
         (base32
-         "0c9vqfy0na9b5096i5i4qvrvhwamjnmajhgqi3kdsdfl8l6agmkp"))))
+         "0d7lhj2dw52ycls6xigkfz6zvfhc6qggply9iycjmcyj9760yvz9"))))
     (build-system ruby-build-system)
     (propagated-inputs
      `(("ruby-mime-types" ,ruby-mime-types)))
diff --git a/gnu/packages/samba.scm b/gnu/packages/samba.scm
index b7f298d2be..116d7f60ec 100644
--- a/gnu/packages/samba.scm
+++ b/gnu/packages/samba.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Adonay "adfeno" Felipe Nogueira <https://libreplanet.org/wiki/User:Adfeno> <adfeno@openmailbox.org>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
+;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -29,6 +30,7 @@
   #:use-module (gnu packages acl)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages autotools)
+  #:use-module (gnu packages check)
   #:use-module (gnu packages crypto)
   #:use-module (gnu packages cups)
   #:use-module (gnu packages databases)
@@ -147,14 +149,14 @@ anywhere.")
 (define-public samba
   (package
     (name "samba")
-    (version "4.6.4")
+    (version "4.6.7")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.samba.org/pub/samba/stable/"
                                  "samba-" version ".tar.gz"))
              (sha256
               (base32
-               "0qcsinhcq3frlqp7bfav5mdc9xn1h4xy4l6vfpf8cmcfs4lp7ija"))))
+               "1ynxndfk45zkkylz3jsrx42a7kmm42jddk5bdhihyf88vs9l7wly"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -219,14 +221,14 @@ Desktops into Active Directory environments using the winbind daemon.")
 (define-public talloc
   (package
     (name "talloc")
-    (version "2.1.9")
+    (version "2.1.10")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.samba.org/ftp/talloc/talloc-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0qhhf4ib9k65sri2ky115iya6j7dgg0dsdi1r03j4cm3i35x9aph"))))
+                "06gn45if56g81vbj3841fzdjsahrrczwqpfrydm2zv6nxd5yk1f9"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -294,14 +296,14 @@ destructors.  It is the core memory allocator used in Samba.")
 (define-public tevent
   (package
     (name "tevent")
-    (version "0.9.31")
+    (version "0.9.33")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.samba.org/ftp/tevent/tevent-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1z1bij9gccps34q8zakr1k7k3gpqs25jas20x1hch16qd8jz44sa"))))
+                "1p0vxmldk99xpp7i4y6kpb75f8m7hxyv5bzkspy9hhpxh7ljww92"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -329,14 +331,14 @@ many event types, including timers, signals, and the classic file descriptor eve
 (define-public ldb
   (package
     (name "ldb")
-    (version "1.1.27")
+    (version "1.1.31")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.samba.org/ftp/ldb/ldb-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1b1mkl5p8swb67s9aswavhzswlib34hpgsv66zgns009paf2df6d"))))
+                "0ipbz9m50dkancq0dbz12q815nkknbsp2i3sxpsqhmmknlm3xm84"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -351,7 +353,8 @@ many event types, including timers, signals, and the classic file descriptor eve
                                               "/lib/ldb/modules")
                                "--bundled-libraries=NONE"))))))))
     (native-inputs
-     `(("pkg-config" ,pkg-config)
+     `(("cmocka" ,cmocka)
+       ("pkg-config" ,pkg-config)
        ("python" ,python-2)))
     (propagated-inputs
      ;; ldb.pc refers to all these.
diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm
index 92c0170205..161138285e 100644
--- a/gnu/packages/scheme.scm
+++ b/gnu/packages/scheme.scm
@@ -345,7 +345,8 @@ mashups, office (web agendas, mail clients, ...), etc.")
                (base32
                 "12b9gaa9lqh39lj1v4wm48f6z8ww3jdkvc5bh9gqqvn6kd2wwnk0"))
               (patches
-               (search-patches "chicken-CVE-2017-6949.patch"))))
+               (search-patches "chicken-CVE-2017-6949.patch"
+                               "chicken-CVE-2017-11343.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:modules ((guix build gnu-build-system)
diff --git a/gnu/packages/screen.scm b/gnu/packages/screen.scm
index af0079be20..ef67595a89 100644
--- a/gnu/packages/screen.scm
+++ b/gnu/packages/screen.scm
@@ -37,13 +37,13 @@
 (define-public screen
   (package
     (name "screen")
-    (version "4.6.0")
+    (version "4.6.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/screen/screen-"
                                  version ".tar.gz"))
              (sha256
-              (base32 "1m7yd2bs1i623kk27nfy3qa2mgjp5qjqxwj5qz21r51ycmmp0cwl"))))
+              (base32 "0r3wpfxnr5kw73b8ndja26jk03nfbks06iyfmgb5aqb2rdkazadb"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("makeinfo" ,texinfo)))
diff --git a/gnu/packages/sdl.scm b/gnu/packages/sdl.scm
index 9e2d81f182..af598ecb46 100644
--- a/gnu/packages/sdl.scm
+++ b/gnu/packages/sdl.scm
@@ -120,8 +120,13 @@ joystick, and graphics hardware.")
     (version "3.3.10")
     (source (origin
              (method url-fetch)
-             (uri (string-append "mirror://sourceforge/mikmod/libmikmod/"
-                                 version "/libmikmod-" version ".tar.gz"))
+             (uri (list
+                   (string-append "mirror://sourceforge/mikmod/libmikmod/"
+                                  version "/libmikmod-" version ".tar.gz")
+                   ;; Older versions are sometimes moved to:
+                   (string-append "mirror://sourceforge/mikmod/"
+                                  "outdated_versions/libmikmod/"
+                                  version "/libmikmod-" version ".tar.gz")))
              (sha256
               (base32
                "0j7g4jpa2zgzw7x6s3rldypa7zlwjvn97rwx0sylx1iihhlzbcq0"))))
diff --git a/gnu/packages/search.scm b/gnu/packages/search.scm
index 8651b985e3..cc8c0630bb 100644
--- a/gnu/packages/search.scm
+++ b/gnu/packages/search.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015, 2016 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -30,6 +31,7 @@
   #:use-module (gnu packages databases)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages perl)
+  #:use-module (gnu packages python)
   #:use-module (gnu packages web)
   #:use-module (gnu packages xml))
 
@@ -70,6 +72,32 @@ rich set of boolean query operators.")
     (home-page "https://xapian.org/")
     (license (list gpl2+ bsd-3 x11))))
 
+(define-public python-xapian-bindings
+  (package (inherit xapian)
+    (name "python-xapian-bindings")
+    (version (package-version xapian))
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://oligarchy.co.uk/xapian/" version
+                                  "/xapian-bindings-" version ".tar.xz"))
+              (sha256
+               (base32
+                "0fca9nsf7pj3fq991xcm5iainz3s8yqik4ycvavm09y486n3wciv"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags '("--with-python3")
+       #:make-flags
+       (list (string-append "pkgpylibdir="
+                            (assoc-ref %outputs "out")
+                            "/lib/python3.5/site-packages/xapian"))))
+    (inputs
+     `(("python" ,python)
+       ("python-sphinx" ,python-sphinx) ; for documentation
+       ("xapian" ,xapian)
+       ("zlib" ,zlib)))
+    (synopsis "Python bindings for the Xapian search engine library")
+    (license gpl2+)))
+
 (define-public libtocc
   (package
     (name "libtocc")
diff --git a/gnu/packages/serialization.scm b/gnu/packages/serialization.scm
index 6b7461e62b..8032e3181d 100644
--- a/gnu/packages/serialization.scm
+++ b/gnu/packages/serialization.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Corentin Bocquillon <corentin@nybble.fr>
 ;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net>
+;;; Copyright © 2017 Frederick M. Muriithi <fredmanglis@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -38,7 +39,8 @@
   #:use-module (gnu packages lua)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
-  #:use-module (gnu packages perl))
+  #:use-module (gnu packages perl)
+  #:use-module (guix build-system python))
 
 (define-public cereal
   (package
@@ -247,6 +249,8 @@ that implements both the msgpack and msgpack-rpc specifications.")
                (base32
                 "1vk6pjh0f5k6jwk2sszb9z5169whmiha9ainbdpa1arxlkq7v3b6"))))
     (build-system cmake-build-system)
+    (arguments
+     '(#:configure-flags '("-DBUILD_SHARED_LIBS=ON")))
     (inputs
      `(("boost" ,boost)))
     (native-inputs
@@ -351,3 +355,33 @@ it is comparable to protobuf.")
 “Trivial integration”, and “Serious testing”.
 However, “Memory efficiency” and “Speed” have not been primary goals.")
     (license license:expat)))
+
+(define-public python-ruamel.yaml
+  (package
+    (name "python-ruamel.yaml")
+    (version "0.15.19")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "ruamel.yaml" version))
+       (sha256
+        (base32
+         "0qx779avw8d1vsjqyi7z21h1g5ykp8paqavgj0lzbp8h7bw9vpgv"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-pytest" ,python-pytest)))
+    (arguments
+     `(;; TODO: Tests require packaging "ruamel.std.pathlib".
+       #:tests? #f))
+    (home-page "https://bitbucket.org/ruamel/yaml")
+    (synopsis "YAML 1.2 parser/emitter")
+    (description
+     "This package provides YAML parser/emitter that supports roundtrip
+preservation of comments, seq/map flow style, and map key order.  It
+is a derivative of Kirill Simonov’s PyYAML 3.11.  It supports YAML 1.2
+and has round-trip loaders and dumpers.  It supports comments.  Block
+style and key ordering are kept, so you can diff the source.")
+    (license license:expat)))
+
+(define-public python2-ruamel.yaml
+  (package-with-python2 python-ruamel.yaml))
diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm
index 65e0eda50a..f1b408982c 100644
--- a/gnu/packages/shells.scm
+++ b/gnu/packages/shells.scm
@@ -6,8 +6,9 @@
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 Stefan Reichör <stefan@xsteve.at>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2017 ng0 <ng0@no-reply.infotropique.org>
+;;; Copyright © 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -54,17 +55,12 @@
     (version "0.5.9.1")
     (source
      (origin
-       ;; The canonical source is offline, so we fetch the source code
-       ;; from the Git repository. See:
-       ;; https://www.mail-archive.com/dash@vger.kernel.org/msg01323.html
-       (method git-fetch)
-       (uri (git-reference
-              (url "https://git.kernel.org/pub/scm/utils/dash/dash.git/")
-              (commit (string-append "v" version))))
-       (file-name (string-append name "-" version "-checkout"))
+       (method url-fetch)
+       (uri (string-append "http://gondor.apana.org.au/~herbert/dash/files/"
+                           "dash-" version ".tar.gz"))
        (sha256
         (base32
-         "0p01vx7rbyf5hyyaff7h8cbhq81bm5fmq1m933484lncl9rafcai"))
+         "0ng695mq5ngg43h7ljhxvbjm46ym3nayj6ssn47d2gm9fbm5pkay"))
        (modules '((guix build utils)))
        (snippet
         '(begin
@@ -75,17 +71,10 @@
               "a command interpreter based on the original Bourne shell"))
            #t))))
     (build-system gnu-build-system)
-    (native-inputs
-     `(("autoconf" ,autoconf)
-       ("automake" ,automake)))
     (inputs
      `(("libedit" ,libedit)))
     (arguments
-     `(#:phases
-       (modify-phases %standard-phases
-         (add-before 'configure 'bootstrap
-           (lambda _ (zero? (system* "autoreconf" "-vfi")))))
-       #:configure-flags '("--with-libedit")))
+     '(#:configure-flags '("--with-libedit")))
     (home-page "http://gondor.apana.org.au/~herbert/dash")
     (synopsis "POSIX-compliant shell optimised for size")
     (description
@@ -159,7 +148,7 @@ highlighting.")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "https://dist.pragmatique.xyz/fish-guix/"
+       (uri (string-append "https://dist.infotropique.org/fish-guix/"
                            name "-" version ".tar.xz"))
        (sha256
         (base32
@@ -377,14 +366,14 @@ ksh, and tcsh.")
 (define-public xonsh
   (package
     (name "xonsh")
-    (version "0.5.9")
+    (version "0.5.12")
     (source
       (origin
         (method url-fetch)
         (uri (pypi-uri "xonsh" version))
         (sha256
           (base32
-            "09s5k7fh4p0vkq0fha4ikwqlqsyv84vmlbqn8ggn0ymd47ajv38z"))
+            "1yz595hx5bni524m73cx8a08vcr6vfksfci14nx2ylz53igzva2c"))
         (modules '((guix build utils)))
         (snippet
          `(begin
@@ -460,38 +449,41 @@ operating system.")
       (license bsd-3))))
 
 (define-public linenoise
-  (package
-    (name "linenoise")
-    (version "1.0")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (string-append "https://github.com/antirez/linenoise/"
-                           "archive/" version ".tar.gz"))
-       (file-name (string-append name "-" version ".tar.gz"))
-       (sha256
-        (base32
-         "05006hd56xcvxjdpll4x720bpfan7vwqmxbw8a2kvm10w57ll1gm"))))
-    (build-system gnu-build-system)
-    (arguments
-     `(#:tests? #f ;No tests are included
-       #:make-flags (list "CC=gcc")
-       #:phases
-       (modify-phases %standard-phases
-         (delete 'configure)
-         (replace 'install
-           (lambda* (#:key outputs #:allow-other-keys)
-             ;; At the moment there is no 'make install' in upstream.
-             (let* ((out (assoc-ref outputs "out")))
-               (install-file "linenoise.h"
-                             (string-append out "/include/linenoise"))
-               (install-file "linenoise.c"
-                             (string-append out "/include/linenoise"))
-               #t))))))
-    (home-page "https://github.com/antirez/linenoise")
-    (synopsis "Minimal zero-config readline replacement")
-    (description
-     "Linenoise is a minimal, zero-config, readline replacement.
+  (let ((commit "2105ce445821381cf1bca87b6d386d4ea88ee20d")
+        (revision "1"))
+    (package
+      (name "linenoise")
+      (version (string-append "1.0-" revision "." (string-take commit 7)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/antirez/linenoise")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "1z16qwix8z6a40fskdgxsibkqgdrp4q6ncp4n6hnv4r9iihy2d8r"))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:tests? #f ;No tests are included
+         #:make-flags (list "CC=gcc")
+         #:phases
+         (modify-phases %standard-phases
+           (delete 'configure)
+           (replace 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               ;; At the moment there is no 'make install' in upstream.
+               (let* ((out (assoc-ref outputs "out")))
+                 (install-file "linenoise.h"
+                               (string-append out "/include/linenoise"))
+                 (install-file "linenoise.c"
+                               (string-append out "/include/linenoise"))
+                 #t))))))
+      (home-page "https://github.com/antirez/linenoise")
+      (synopsis "Minimal zero-config readline replacement")
+      (description
+       "Linenoise is a minimal, zero-config, readline replacement.
 Its features include:
 
 @enumerate
@@ -501,7 +493,7 @@ Its features include:
 @item Hints (suggestions at the right of the prompt as you type)
 @item A subset of VT100 escapes, ANSI.SYS compatible
 @end enumerate\n")
-    (license bsd-2)))
+      (license bsd-2))))
 
 (define-public s-shell
   (let ((commit "6604341edb3a775ff94415762af3ee9bd86bfb3c")
@@ -564,6 +556,29 @@ extra programs.  > is just another unix command, < is essentially cat(1).
 A @code{andglob} program is also provided along with s.")
       (license bsd-3))))
 
+(define-public oksh
+  (package
+    (name "oksh")
+    (version "0.5.9")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://connochaetos.org/oksh/oksh-"
+                           version ".tar.gz"))
+       (sha256
+        (base32
+         "0ln9yf6pxngsviqszv8klnnvn8vcpplvj1njdn8xr2y8frkbw8r3"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(; The test files are not part of the distributed tarball.
+       #:tests? #f))
+    (home-page "https://connochaetos.org/oksh")
+    (synopsis "Port of OpenBSD Korn Shell")
+    (description
+     "Oksh is a port of the OpenBSD Korn Shell.
+The OpenBSD Korn Shell is a cleaned up and enhanced ksh.")
+    (license gpl3+)))
+
 (define-public loksh
   (package
     (name "loksh")
@@ -599,3 +614,42 @@ interactive POSIX shell targeted at resource-constrained systems.")
     ;; The file 'LEGAL' says it is the public domain, and the 2
     ;; exceptions which are listed are not included in this port.
     (license public-domain)))
+
+(define-public mksh
+  (package
+    (name "mksh")
+    (version "56")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://www.mirbsd.org/MirOS/dist/mir/mksh/mksh-R"
+                           version ".tgz"))
+       (sha256
+        (base32
+         "1x4zjj9259ijpf8jw0nyh1fnr1pbm5fwvylclpvcrlb45xrglf5d"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; tests require access to /dev/tty
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (replace 'build
+           (lambda _
+             (setenv "CC" "gcc")
+             (zero? (system* (which "sh") "Build.sh"))))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin"))
+                    (man (string-append out "/share/man/man1")))
+               (install-file "mksh" bin)
+               (with-directory-excursion bin
+                 (symlink "mksh" "ksh"))
+               (install-file "mksh.1" man)))))))
+    (home-page "https://www.mirbsd.org/mksh.htm")
+    (synopsis "Korn Shell from MirBSD")
+    (description "mksh is an actively developed free implementation of the
+Korn Shell programming language and a successor to the Public Domain Korn
+Shell (pdksh).")
+    (license (list miros
+                   isc)))) ; strlcpy.c
diff --git a/gnu/packages/skarnet.scm b/gnu/packages/skarnet.scm
index 37e09d8642..5a46b0db64 100644
--- a/gnu/packages/skarnet.scm
+++ b/gnu/packages/skarnet.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Claes Wallin <claes.wallin@greatsinodevelopment.com>
 ;;; Copyright © 2016 Eric Le Bihan <eric.le.bihan.dev@free.fr>
+;;; Copyright © 2017 Z. Ren <zren@dlut.edu.cn>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -39,7 +40,16 @@
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--enable-force-devr") ; do not analyze /dev/random
-       #:tests? #f)) ; no tests exist
+       #:tests? #f ; no tests exist
+       #:phases (modify-phases %standard-phases
+                  (add-after 'unpack 'reproducible
+                    (lambda _
+                      ;; Sort source files deterministically so that the *.a
+                      ;; and *.so files are reproducible.
+                      (substitute* "Makefile"
+                        (("\\$\\(ALL_SRCS:%.c=%.o\\)")
+                         "$(sort $(ALL_SRCS:%.c=%.o))"))
+                      #t)))))
     (home-page "http://skarnet.org/software/skalibs/")
     (synopsis "Platform abstraction libraries for skarnet.org software")
     (description
diff --git a/gnu/packages/sml.scm b/gnu/packages/sml.scm
new file mode 100644
index 0000000000..6e57c4a4a0
--- /dev/null
+++ b/gnu/packages/sml.scm
@@ -0,0 +1,72 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Andy Patterson <ajpatter@uwaterloo.ca>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages sml)
+  #:use-module (gnu packages lesstif)
+  #:use-module (gnu packages libffi)
+  #:use-module (gnu packages multiprecision)
+  #:use-module (gnu packages xorg)
+  #:use-module (guix build-system gnu)
+  #:use-module (guix download)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages))
+
+(define-public polyml
+  (package
+    (name "polyml")
+    (version "5.7")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/polyml/polyml/archive/v"
+                           version ".tar.gz"))
+       (sha256
+        (base32 "0ycjl746h0m22w9nsdssjl47d56jih12gpkdg3yw65gakj70sd0r"))
+       (file-name (string-append name "-" version ".tar.gz"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("gmp" ,gmp)
+       ("lesstif",lesstif)
+       ("libffi" ,libffi)
+       ("libx11" ,libx11)
+       ("libxt" ,libxt)))
+    (arguments
+     '(#:configure-flags
+       (list "--with-system-libffi=yes"
+             "--with-x=yes"
+             "--with-threads=yes"
+             "--with-gmp=yes")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'build 'build-compiler
+           (lambda* (#:key make-flags parallel-build? #:allow-other-keys)
+             (define flags
+               (if parallel-build?
+                   (cons (format #f "-j~d" (parallel-job-count))
+                         make-flags)
+                   make-flags))
+             (apply system* "make" (append flags (list "compiler"))))))))
+    (home-page "http://www.polyml.org/")
+    (synopsis "Standard ML implementation")
+    (description "Poly/ML is a Standard ML implementation.  It is fully
+compatible with the ML97 standard.  It includes a thread library, a foreign
+function interface, and a symbolic debugger.")
+    ;; Some source files specify 'or any later version'; some don't
+    (license
+     (list license:lgpl2.1
+           license:lgpl2.1+))))
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 3cde6af5fe..55689a6c6d 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -130,16 +130,12 @@ a server that supports the SSH-2 protocol.")
    (name "openssh")
    (version "7.5p1")
    (source (origin
-            (method url-fetch)
-            (uri (let ((tail (string-append name "-" version ".tar.gz")))
-                   (list (string-append "http://openbsd.cs.fau.de/pub/OpenBSD/OpenSSH/portable/"
-                                        tail)
-                         (string-append "http://ftp.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/"
-                                        tail)
-                         (string-append "http://ftp2.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/"
-                                        tail))))
-            (sha256 (base32
-                     "1w7rb5gbrikxdkp8w7zxnci4549gk4bw1lml01s59w5rzb2y6ilq"))))
+             (method url-fetch)
+             (uri (string-append "mirror://openbsd/OpenSSH/portable/"
+                                 name "-" version ".tar.gz"))
+             (sha256
+              (base32
+               "1w7rb5gbrikxdkp8w7zxnci4549gk4bw1lml01s59w5rzb2y6ilq"))))
    (build-system gnu-build-system)
    (native-inputs `(("groff" ,groff)))
    (inputs `(("openssl" ,openssl)
@@ -219,7 +215,7 @@ Additionally, various channel-specific options can be negotiated.")
 (define-public guile-ssh
   (package
     (name "guile-ssh")
-    (version "0.11.0")
+    (version "0.11.2")
     (home-page "https://github.com/artyom-poptsov/guile-ssh")
     (source (origin
               ;; ftp://memory-heap.org/software/guile-ssh/guile-ssh-VERSION.tar.gz
@@ -231,19 +227,7 @@ Additionally, various channel-specific options can be negotiated.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0r261i8kc3avbmbwgyzak2vnqwssjlgz37g2y2fwm80w9bmn2m7j"))
-              (patches (search-patches "guile-ssh-rexec-bug.patch"
-                                       "guile-ssh-double-free.patch"
-                                       "guile-ssh-channel-finalization.patch"))
-              (modules '((guix build utils)))
-              (snippet
-               ;; 'configure.ac' mistakenly tries to link files from examples/
-               ;; that are not instantiated yet.  Work around it.
-               '(substitute* "configure.ac"
-                  (("AC_CONFIG_LINKS\\(\\[examples/([^:]+):.*" _ file)
-                   (string-append "AC_CONFIG_FILES([examples/" file
-                                  "], [chmod +x examples/"
-                                  file "])\n"))))))
+                "1w0k5s09xj5xycb7lbp5b7rm0xncclms3jwl98lwj8fxwngi1s90"))))
     (build-system gnu-build-system)
     (outputs '("out" "debug"))
     (arguments
@@ -347,13 +331,13 @@ authentication scheme.")
 (define-public mosh
   (package
     (name "mosh")
-    (version "1.3.0")
+    (version "1.3.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://mosh.org/mosh-" version ".tar.gz"))
               (sha256
                (base32
-                "0xikz40q873g9ihvz3x6bwkcb9hb8kcnp5wpcmb72pg5c7s143ij"))))
+                "05hjhlp6lk8yjcy59zywpf0r6s0h0b9zxq0lw66dh9x8vxrhaq6s"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
diff --git a/gnu/packages/sssd.scm b/gnu/packages/sssd.scm
index 2afef03055..7d52ebab4c 100644
--- a/gnu/packages/sssd.scm
+++ b/gnu/packages/sssd.scm
@@ -80,14 +80,14 @@ fundamental object types for C.")
 (define-public sssd
   (package
     (name "sssd")
-    (version "1.15.2")
+    (version "1.15.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://releases.pagure.org/SSSD/sssd/"
                                   "sssd-" version ".tar.gz"))
               (sha256
                (base32
-                "0r6j28f7vjb1aw65gkw4nz2l3jy605h7wsr1k815hynp2jrzrmac"))))
+                "0d36dmzqdjfpspm9fw4zx0kh0qcx60p9vchxvcajn4qf3k3qsl3f"))))
     (build-system gnu-build-system)
     (arguments
      `(#:make-flags
@@ -161,7 +161,8 @@ fundamental object types for C.")
        ("docbook-xsl" ,docbook-xsl)
        ("docbook-xml" ,docbook-xml)
        ("libxslt" ,libxslt)
-       ("pkg-config" ,pkg-config)))
+       ("pkg-config" ,pkg-config)
+       ("util-linux" ,util-linux)))     ; for uuid.h, reqired for KCM
     (home-page "https://pagure.io/SSSD/sssd/")
     (synopsis "System security services daemon")
     (description "SSSD is a system daemon.  Its primary function is to provide
diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm
index 41c0668151..ad3032e2ec 100644
--- a/gnu/packages/statistics.scm
+++ b/gnu/packages/statistics.scm
@@ -34,6 +34,7 @@
   #:use-module (guix build-system trivial)
   #:use-module (gnu packages)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages cran)
   #:use-module (gnu packages curl)
   #:use-module (gnu packages gcc)
   #:use-module (gnu packages gtk)
@@ -64,7 +65,7 @@
 (define-public pspp
   (package
     (name "pspp")
-    (version "0.10.2")
+    (version "1.0.0")
     (source
      (origin
       (method url-fetch)
@@ -72,7 +73,7 @@
                           version ".tar.gz"))
       (sha256
        (base32
-        "1afsq0a3iij64qacczvwhk81qg0q5rfqm055y5h9ls28d6paqz7p"))))
+        "10yb8nknh33c1y2ji3gww5dcnx9n3nqgsj6yfb4wibdjypa1m68v"))))
     (build-system gnu-build-system)
     (inputs
      `(("cairo" ,cairo)
@@ -125,6 +126,13 @@ be output in text, PostScript, PDF or HTML.")
              "PKG_BUILT_STAMP=1970-01-01")
        #:phases
        (modify-phases %standard-phases
+         (add-before 'configure 'do-not-compress-serialized-files
+           (lambda* (#:key inputs #:allow-other-keys)
+             ;; This ensures that Guix can detect embedded store references;
+             ;; see bug #28157 for details.
+             (substitute* "src/library/base/makebasedb.R"
+               (("compress = TRUE") "compress = FALSE"))
+             #t))
          (add-before 'configure 'patch-uname
            (lambda* (#:key inputs #:allow-other-keys)
              (let ((uname-bin (string-append (assoc-ref inputs "coreutils")
@@ -226,7 +234,6 @@ be output in text, PostScript, PDF or HTML.")
        ("perl" ,perl)
        ("pkg-config" ,pkg-config)
        ("texinfo" ,texinfo) ; for building HTML manuals
-       ("which" ,which) ; for tests/Examples/base-Ex.R
        ("tzdata" ,tzdata-2017a)
        ("xz" ,xz)))
     (inputs
@@ -244,6 +251,7 @@ be output in text, PostScript, PDF or HTML.")
        ("libxt" ,libxt)
        ("pcre" ,pcre)
        ("readline" ,readline)
+       ("which" ,which)
        ("zlib" ,zlib)))
     (native-search-paths
      (list (search-path-specification
@@ -260,17 +268,29 @@ publication-quality data plots.  A large amount of 3rd-party packages are
 available, greatly increasing its breadth and scope.")
     (license license:gpl3+)))
 
+(define-public rmath-standalone
+  (package (inherit r-minimal)
+    (name "rmath-standalone")
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'configure 'chdir
+           (lambda _ (chdir "src/nmath/standalone/") #t)))))
+    (synopsis "Standalone R math library")
+    (description
+     "This package provides the R math library as an independent package.")))
+
 (define-public r-boot
   (package
     (name "r-boot")
-    (version "1.3-19")
+    (version "1.3-20")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "boot" version))
        (sha256
         (base32
-         "16hsw4bw9pkfc2lqxfwycm1sbvbrm4linvm0ci71n8sxc7srvkis"))))
+         "0ai1qpm0p4z07xr0dvag8sdn9jrxcwanrsk9khzmww094jvr1jxd"))))
     (build-system r-build-system)
     (home-page "http://cran.r-project.org/web/packages/boot")
     (synopsis "Bootstrap functions for R")
@@ -365,14 +385,14 @@ Hubert, based on Kaufman and Rousseeuw (1990) \"Finding Groups in Data\".")
 (define-public r-foreign
   (package
     (name "r-foreign")
-    (version "0.8-67")
+    (version "0.8-69")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "foreign" version))
        (sha256
         (base32
-         "1mcrm2pydimbyjhkrw5h380bifj1jhwzifph1xgh90asf3lvd1xd"))))
+         "0s1lxmd85dd0kxx8hwk02w9l7pmpk4bpy7787fbyh2dbq5g9ys0k"))))
     (build-system r-build-system)
     (home-page "http://cran.r-project.org/web/packages/foreign")
     (synopsis "Read data stored by other statistics software")
@@ -427,14 +447,14 @@ also flexible enough to handle most nonstandard requirements.")
 (define-public r-matrix
   (package
     (name "r-matrix")
-    (version "1.2-8")
+    (version "1.2-10")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "Matrix" version))
        (sha256
         (base32
-         "1dyv42d7ranb85y8hvi57hbg5xnvhdzqn56wcq3qmhazqj3s3liw"))))
+         "0r3qjcz92xwgdzrfz444mqzwnja5sv9abaf252fh6k48qbyahahh"))))
     (properties `((upstream-name . "Matrix")))
     (build-system r-build-system)
     (propagated-inputs
@@ -472,14 +492,14 @@ nonlinear mixed-effects models.")
 (define-public r-mgcv
   (package
    (name "r-mgcv")
-   (version "1.8-17")
+   (version "1.8-18")
    (source
     (origin
      (method url-fetch)
      (uri (cran-uri "mgcv" version))
      (sha256
       (base32
-       "1zj223l4a3j15d3c01wv7dkzn9w6084gxrq5600ck9rvr0lfpwwg"))))
+       "011mgcypr56xvm9nizsfsb2285kzql93x0d3lzg849g39vbpp4s2"))))
    (build-system r-build-system)
    (propagated-inputs
     `(("r-matrix" ,r-matrix)
@@ -621,14 +641,14 @@ binary booleans, @code{TRUE} and @code{FALSE} can be stored with 1 bit only.")
 (define-public r-bit64
   (package
     (name "r-bit64")
-    (version "0.9-5")
+    (version "0.9-7")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "bit64" version))
        (sha256
         (base32
-         "0fz5m3fhvxgwjl76maag7yn0zdw24rx34gy6v77378fajag9yllg"))))
+         "07znvz9vp1nz1y5ljng4qyskvm943cdbmy996s67560ijxzsm6kv"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-bit" ,r-bit)))
@@ -644,26 +664,6 @@ interactive data exploration and manipulation and optionally leverage
 caching.")
     (license license:gpl2)))
 
-(define-public r-colorspace
-  (package
-    (name "r-colorspace")
-    (version "1.3-2")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (cran-uri "colorspace" version))
-       (sha256
-        (base32 "0d1ya7hx4y58n5ivwmdmq2zgh0g2sbv7ykh13n85c1355csd57yx"))))
-    (build-system r-build-system)
-    (home-page "http://cran.r-project.org/web/packages/colorspace")
-    (synopsis "Color space manipulation")
-    (description
-     "This package carries out a mapping between assorted color spaces
-including RGB, HSV, HLS, CIEXYZ, CIELUV, HCL (polar CIELUV), CIELAB and polar
-CIELAB.  Qualitative, sequential, and diverging color palettes based on HCL
-colors are provided.")
-    (license license:bsd-3)))
-
 (define-public r-dichromat
   (package
     (name "r-dichromat")
@@ -812,30 +812,6 @@ see package vignette.  To quote Rene Magritte, \"Ceci n'est pas un pipe.\"")
 Munsell colour system.")
     (license license:expat)))
 
-(define-public r-rcpp
-  (package
-    (name "r-rcpp")
-    (version "0.12.10")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (cran-uri "Rcpp" version))
-       (sha256
-        (base32 "108p485agxwgmnl9p54vsyy94w96lcimlk08v71ddm77gfl13y2f"))))
-    (build-system r-build-system)
-    (home-page "http://www.rcpp.org")
-    (synopsis "Seamless R and C++ Integration")
-    (description
-     "The Rcpp package provides R functions as well as C++ classes which offer
-a seamless integration of R and C++.  Many R data types and objects can be
-mapped back and forth to C++ equivalents which facilitates both writing of new
-code as well as easier integration of third-party libraries.  Documentation
-about Rcpp is provided by several vignettes included in this package, via the
-'Rcpp Gallery' site at <http://gallery.rcpp.org>, the paper by Eddelbuettel
-and Francois (2011, JSS), and the book by Eddelbuettel (2013, Springer); see
-'citation(\"Rcpp\")' for details on these last two.")
-    (license license:gpl2+)))
-
 (define-public r-permute
   (package
    (name "r-permute")
@@ -1074,14 +1050,14 @@ aesthetic attributes.")
 (define-public r-gdtools
   (package
     (name "r-gdtools")
-    (version "0.1.4")
+    (version "0.1.5")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "gdtools" version))
        (sha256
         (base32
-         "0l8c4bh6765x9s6rw3mfm1bgicdzdngir1kxh9pxx4sidrdndcip"))))
+         "09y9x09gri33ghhrvjjnj5k5rk0kdpsk3wq02cln8gmywd6728vk"))))
     (build-system r-build-system)
     (native-inputs
      `(("r-rcpp" ,r-rcpp)
@@ -1163,13 +1139,13 @@ evaluation (NSE) in R.")
 (define-public r-dbi
   (package
     (name "r-dbi")
-    (version "0.6-1")
+    (version "0.7")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "DBI" version))
               (sha256
                (base32
-                "1fg158k4n6l3rzx9nrwhp4nwkwpbmv1q7z2xz5rw138zws68fkgr"))))
+                "04fyrxdpqcygg5wviy637y6lgk64xqjjq31lvv4hwqj5kbaxamr5"))))
     (build-system r-build-system)
     (home-page "https://github.com/rstats-db/DBI")
     (synopsis "R database interface")
@@ -1201,13 +1177,13 @@ for template use among CRAN packages.")
 (define-public r-evaluate
   (package
     (name "r-evaluate")
-    (version "0.10")
+    (version "0.10.1")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "evaluate" version))
               (sha256
                (base32
-                "0mwna7rjyrmc76651a1fm7c76ippdsc2wsp3sj3iwb1c73mvlqv1"))))
+                "070vvmnbdlp7sz2zhza7fhd2a6mlwiln8fn4hyzhsiizbn4n79y9"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-stringr" ,r-stringr)))
@@ -1223,13 +1199,13 @@ adapted for other output formats, such as HTML or LaTeX.")
 (define-public r-formatr
   (package
     (name "r-formatr")
-    (version "1.4")
+    (version "1.5")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "formatR" version))
               (sha256
                (base32
-                "1fvynq0fj1r9grg9vvfdh5fl2riv6qki9f2rfpyvbvqq3xxpmi3f"))))
+                "19sd23vgs4ac0fwlw40j3676k6mramb0ajlq8hdw23kjwdx1jk47"))))
     (build-system r-build-system)
     (home-page "http://yihui.name/formatR")
     (synopsis "Format R code automatically")
@@ -1324,13 +1300,13 @@ emitter (http://pyyaml.org/wiki/LibYAML) for R.")
 (define-public r-knitr
   (package
     (name "r-knitr")
-    (version "1.15.1")
+    (version "1.16")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "knitr" version))
               (sha256
                (base32
-                "1pbxd3k7kv5sa1a5gxm0zc2bhjxdgx2nfch9xap5k85djmgsfqc1"))))
+                "02balmhvc955rkqv4v0wkxbw4vjphydajgcpy4ml0s3b4sziyj0h"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-evaluate" ,r-evaluate)
@@ -1352,14 +1328,14 @@ generation in R using Literate Programming techniques.")
 (define-public r-knitrbootstrap
   (package
     (name "r-knitrbootstrap")
-    (version "1.0.0")
+    (version "1.0.1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "knitrBootstrap" version))
        (sha256
         (base32
-         "0pshn2slzqwpryklslsxwh1dmqcnwv6bwi7yfm6m342wjybpk0wl"))))
+         "089147g7nqp99rwdxxsfmklsrwc8aia09sr8ndmrc335r33v6r6p"))))
     (properties `((upstream-name . "knitrBootstrap")))
     (build-system r-build-system)
     (propagated-inputs
@@ -1504,13 +1480,13 @@ flexible and easy to set up.")
 (define-public r-r6
   (package
     (name "r-r6")
-    (version "2.2.0")
+    (version "2.2.2")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "R6" version))
               (sha256
                (base32
-                "1ir51pb0y6yj05qaxsflk4a6hv8n73cwlb0qajcskbrz632dsyvx"))))
+                "13xfdr19ca7ymisidsanm6w7hsk3qmy5l8c0mlz3nk48f7s5cxq8"))))
     (build-system r-build-system)
     (home-page "https://github.com/wch/R6/")
     (synopsis "Classes with reference semantics in R")
@@ -1523,20 +1499,38 @@ private members, and they support inheritance, even when the classes are
 defined in different packages.")
     (license license:expat)))
 
+(define-public r-rlang
+  (package
+    (name "r-rlang")
+    (version "0.1.1")
+    (source (origin
+              (method url-fetch)
+              (uri (cran-uri "rlang" version))
+              (sha256
+               (base32
+                "0grwqy3zkvz96mvpwfbfyqid4jkfrqh3ldy2n6dpv2kjd1fzj0ar"))))
+    (build-system r-build-system)
+    (home-page "http://rlang.tidyverse.org")
+    (synopsis "Functions for base types, core R and Tidyverse features")
+    (description "This package provides a toolbox for working with base types,
+core R features like the condition system, and core @code{Tidyverse} features
+like tidy evaluation.")
+    (license license:gpl3)))
+
 (define-public r-tibble
   (package
     (name "r-tibble")
-    (version "1.3.0")
+    (version "1.3.3")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "tibble" version))
        (sha256
         (base32
-         "1q25i1cv3qms6d3lw7jd3z142w188znkcbyam460gn9si8l8g2bk"))))
+         "1bhq4pm56l7l6s1k44ajrcr7hz56h37m9ck4zji9f8xfdqschbl0"))))
     (build-system r-build-system)
     (propagated-inputs
-     `(("r-lazyeval" ,r-lazyeval)
+     `(("r-rlang" ,r-rlang)
        ("r-rcpp" ,r-rcpp)))
     (home-page "https://github.com/hadley/tibble")
     (synopsis "Simple data frames")
@@ -1548,20 +1542,23 @@ and printing capabilities than traditional data frames.")
 (define-public r-dplyr
   (package
     (name "r-dplyr")
-    (version "0.5.0")
+    (version "0.7.2")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "dplyr" version))
               (sha256
                (base32
-                "0ks5cklb03laqf5ygcw986g1lv7wk1ipvypjlha8xly2y4lvilwk"))))
+                "0jpb32ca1c0mr660igna4yw4fmzydzfhxshd0g8wgmggkynx2qi2"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-assertthat" ,r-assertthat)
        ("r-r6" ,r-r6)
        ("r-magrittr" ,r-magrittr)
-       ("r-lazyeval" ,r-lazyeval)
-       ("r-dbi" ,r-dbi)
+       ("r-rlang" ,r-rlang)
+       ("r-plogr" ,r-plogr)
+       ("r-glue" ,r-glue)
+       ("r-pkgconfig" ,r-pkgconfig)
+       ("r-bindrcpp" ,r-bindrcpp)
        ("r-tibble" ,r-tibble)))
     (native-inputs
      `(("r-rcpp" ,r-rcpp)
@@ -1621,37 +1618,17 @@ It is based on the methods described in Kaufman and Rousseeuw (1990) \"Finding
 Groups in Data\".")
     (license license:gpl2+)))
 
-(define-public r-foreign
-  (package
-    (name "r-foreign")
-    (version "0.8-67")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (cran-uri "foreign" version))
-       (sha256
-        (base32
-         "1mcrm2pydimbyjhkrw5h380bifj1jhwzifph1xgh90asf3lvd1xd"))))
-    (build-system r-build-system)
-    (home-page "http://cran.r-project.org/web/packages/foreign")
-    (synopsis "Read data stored by other statistics software in R")
-    (description
-     "This package provides functions for reading and writing data stored by
-some versions of Epi Info, Minitab, S, SAS, SPSS, Stata, Systat and Weka, and
-for reading and writing some dBase files.")
-    (license license:gpl2+)))
-
 (define-public r-formula
   (package
     (name "r-formula")
-    (version "1.2-1")
+    (version "1.2-2")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "Formula" version))
        (sha256
         (base32
-         "02in5325zzrqbhlygx6s0dinj6ymw845q70y56frqacv25ayzcax"))))
+         "0ad49bzip1zqmpj1d8jajwl4bd81fm3k6dq8p26x6mvlzc04dvwd"))))
     (properties `((upstream-name . "Formula")))
     (build-system r-build-system)
     (home-page "http://cran.r-project.org/web/packages/Formula")
@@ -1976,14 +1953,14 @@ limited to R.")
 (define-public r-backports
   (package
     (name "r-backports")
-    (version "1.0.5")
+    (version "1.1.0")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "backports" version))
        (sha256
         (base32
-         "1pn1ii8vbkgxcqvx52kzsbwf9gkn9fp33388087zky2hmdzdirn0"))))
+         "1kcz6j82by28cjk5wi2j6dfqdin1kib4y7d2r4h3zabcxmk6jly5"))))
     (build-system r-build-system)
     (home-page "http://cran.r-project.org/web/packages/backports")
     (synopsis "Reimplementations of functions introduced since R 3.0.0")
@@ -1999,14 +1976,14 @@ R version.")
 (define-public r-checkmate
   (package
     (name "r-checkmate")
-    (version "1.8.2")
+    (version "1.8.3")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "checkmate" version))
        (sha256
         (base32
-         "1zqcggl9m7slvc0q6zyhssdypb7jzf3l9byl5vxh1qdwjiw2y64g"))))
+         "04rxabzamhv6ybynx627sxk02qvq8znkv0y10vmq67xx6pxhqvla"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-backports" ,r-backports)))
@@ -2115,14 +2092,14 @@ module, Java Server Pages, and Python's psp module.")
 (define-public r-desc
   (package
     (name "r-desc")
-    (version "1.1.0")
+    (version "1.1.1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "desc" version))
        (sha256
         (base32
-         "0mc1jmiwqyj7s6gzxz6fyamzjpmdn3rpfpllby2fq11ml30c6jpr"))))
+         "0k07qighac1xzmm8k988zi7i88a0yfvia3gk5hbz0fyvb2v9kzrj"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-assertthat" ,r-assertthat)
@@ -2249,13 +2226,13 @@ functions make it easy to control additional request components.")
 (define-public r-git2r
   (package
     (name "r-git2r")
-    (version "0.18.0")
+    (version "0.19.0")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "git2r" version))
               (sha256
                (base32
-                "0bgzdsdi9n6l8pchivs6a2g4ksa56qs8hygpyv2c0ndqmx4jxcwi"))))
+                "0ws6fbndmaafk2am4dwnz24qizxhld0yh54hgx0z6lzv3p1j209q"))))
     (build-system r-build-system)
     ;; This R package contains modified sources of libgit2.  This modified
     ;; version of libgit2 is built as the package is built.  Hence libgit2 is
@@ -2293,25 +2270,21 @@ informative error messages when it's not available.")
 (define-public r-devtools
   (package
     (name "r-devtools")
-    (version "1.13.2")
+    (version "1.13.3")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "devtools" version))
               (sha256
                (base32
-                "08ajsr12wd31lsx3jv5l9mq4063dc5fpr9lcnzra6kl59vi5pa7v"))))
+                "146wb09cmfh10vhn1ps2nmzx104zldb3nj9qv2ic0gbcikbbryp6"))))
     (build-system r-build-system)
     (propagated-inputs
-     `(("r-curl" ,r-curl)
-       ("r-digest" ,r-digest)
-       ("r-evaluate" ,r-evaluate)
+     `(("r-digest" ,r-digest)
        ("r-git2r" ,r-git2r)
        ("r-httr" ,r-httr)
        ("r-jsonlite" ,r-jsonlite)
        ("r-memoise" ,r-memoise)
-       ("r-roxygen2" ,r-roxygen2)
        ("r-rstudioapi" ,r-rstudioapi)
-       ("r-rversions" ,r-rversions)
        ("r-whisker" ,r-whisker)
        ("r-withr" ,r-withr)))
     (home-page "https://github.com/hadley/devtools")
@@ -2323,13 +2296,13 @@ tools to simplify the devolpment of R packages.")
 (define-public r-withr
   (package
     (name "r-withr")
-    (version "1.0.2")
+    (version "2.0.0")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "withr" version))
               (sha256
                (base32
-                "042z8nmqqilgrvhmbqrjc05qys3gzwq1rqy2wxp2bi5d41859493"))))
+                "0ncq9ygx33rx7aazn53p0a0vbr5xv0r6wbkzcwbhbwyd8k55bgin"))))
     (build-system r-build-system)
     (home-page "https://github.com/jimhester/withr")
     (synopsis "Run code with temporarily modified global state")
@@ -2361,13 +2334,13 @@ time-of-day values, based on the @code{difftime} class.")
 (define-public r-readr
   (package
     (name "r-readr")
-    (version "1.1.0")
+    (version "1.1.1")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "readr" version))
               (sha256
                (base32
-                "1g7g3gdmvq7nj8asw6fi13k38c420sy9696nqgkrhlvv5h13yqs7"))))
+                "1cvw5wdcqk88cp5fyv678mnmp66l3whcd2yh33p2qvx0168bja8s"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-rcpp" ,r-rcpp)
@@ -2385,13 +2358,13 @@ disk (or a connection).")
 (define-public r-plotrix
   (package
     (name "r-plotrix")
-    (version "3.6-4")
+    (version "3.6-5")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "plotrix" version))
               (sha256
                (base32
-                "1wxzjnzvkl3aga51ad2xhv4s7v46kvnp4z0nz4cb9cn10057sfw8"))))
+                "01655y3qzy0283ppc85bi0g42g20zrqzcl0qb30cl6rcbflhymlb"))))
     (build-system r-build-system)
     (home-page "http://cran.r-project.org/web/packages/plotrix")
     (synopsis "Various plotting functions")
@@ -2444,13 +2417,13 @@ well as additional utilities such as panel and axis annotation functions.")
 (define-public r-rcpparmadillo
   (package
     (name "r-rcpparmadillo")
-    (version "0.7.800.2.0")
+    (version "0.7.900.2.0")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "RcppArmadillo" version))
               (sha256
                (base32
-                "025lh504nw7ir1f2xsqnvfkq9rg0rb2xzfn3a2s0b2a9snqdzzwr"))))
+                "01qsff2p1fp5i9lq7rsykrskgr6smz24ddspbl5ad9a8rkmczwyv"))))
     (properties `((upstream-name . "RcppArmadillo")))
     (build-system r-build-system)
     (propagated-inputs
@@ -2536,14 +2509,14 @@ certain criterion, e.g., it contains a certain regular file.")
 (define-public r-rmarkdown
   (package
     (name "r-rmarkdown")
-    (version "1.4")
+    (version "1.6")
     (source
       (origin
         (method url-fetch)
         (uri (cran-uri "rmarkdown" version))
         (sha256
           (base32
-            "1dvs9cq88g61wfimifagq6y98yxavxzjan39jvpdsg98mafckq9g"))))
+            "0p8ph5z5pifk1nxc1bppkfs1ir5gjc6ap9n64b4255m2fdaqfrc7"))))
     (properties `((upstream-name . "rmarkdown")))
     (build-system r-build-system)
     (propagated-inputs
@@ -2606,36 +2579,55 @@ variety of formats.")
 and draw tables.")
     (license license:gpl2+)))
 
-(define-public r-plogr
+(define-public r-pkgconfig
   (package
-    (name "r-plogr")
-    (version "0.1-1")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (cran-uri "plogr" version))
-       (sha256
-        (base32
-         "13zliqlbkl8b04k9ga0sx5jsh7k867gracgl84l2a9kcqy9mqx92"))))
+    (name "r-pkgconfig")
+    (version "2.0.1")
+    (source (origin
+              (method url-fetch)
+              (uri (cran-uri "pkgconfig" version))
+              (sha256
+               (base32
+                "0h2sp93fqqjbfqgq82a3i94ybnndx6ghaal8pbf99firnsjb40mb"))))
     (build-system r-build-system)
-    (home-page "https://github.com/krlmlr/plogr")
-    (synopsis "R bindings for the plog C++ logging library")
-    (description
-     "This package provides the header files for a stripped-down version of
-the plog header-only C++ logging library, and a method to log to R's standard
-error stream.")
+    (home-page "https://github.com/gaborcsardi/pkgconfig")
+    (synopsis "Private configuration for R packages")
+    (description "This package provides the functionality to set configuration
+options on a per-package basis.  Options set by a given package only apply to
+that package, other packages are unaffected.")
     (license license:expat)))
 
+(define-public r-blob
+  (package
+    (name "r-blob")
+    (version "1.1.0")
+    (source (origin
+              (method url-fetch)
+              (uri (cran-uri "blob" version))
+              (sha256
+               (base32
+                "05pazzcyz3c3vd2l70zq9cf172cgjff4dnf419zigfnxycyn1mhn"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-tibble" ,r-tibble)))
+    (home-page "https://github.com/hadley/blob")
+    (synopsis "Simple S3 Class for representing vectors of binary data")
+    (description "Raw vectors in R are useful for storing a single binary
+object.  What if you want to put a vector of them in a data frame?  The blob
+package provides the blob object, a list of raw vectors, suitable for use as
+a column in data frame.")
+    (license license:gpl3+)))
+
 (define-public r-rsqlite
   (package
     (name "r-rsqlite")
-    (version "1.1-2")
+    (version "2.0")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "RSQLite" version))
               (sha256
                (base32
-                "0mg9yhdvny3vjn72agai5ghqxd3vk8cd4x1lsc0gzc2b2dm2w0p4"))))
+                "1xpg1i1jkzkzv44k512k90c2vvl960pl2d4a3spwcha6yclyc3vz"))))
     (properties `((upstream-name . "RSQLite")))
     (build-system r-build-system)
     (propagated-inputs
@@ -2643,13 +2635,16 @@ error stream.")
        ("r-bh" ,r-bh)
        ("r-memoise" ,r-memoise)
        ("r-plogr" ,r-plogr)
-       ("r-rcpp" ,r-rcpp)))
+       ("r-rcpp" ,r-rcpp)
+       ("r-bit64" ,r-bit64)
+       ("r-blob" ,r-blob)
+       ("r-pkgconfig" ,r-pkgconfig)))
     (home-page "https://github.com/rstats-db/RSQLite")
     (synopsis "SQLite interface for R")
     (description
      "This package embeds the SQLite database engine in R and provides an
 interface compliant with the DBI package.  The source for the SQLite
-engine (version 3.8.6) is included.")
+engine (version 3.8.8.2) is included.")
     (license license:lgpl2.0+)))
 
 (define-public r-rcurl
@@ -2686,13 +2681,13 @@ ldap, and also supports cookies, redirects, authentication, etc.")
 (define-public r-xml
   (package
     (name "r-xml")
-    (version "3.98-1.6")
+    (version "3.98-1.9")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "XML" version))
               (sha256
                (base32
-                "1amxx7fpik162nimrr7m5lvv6rhx9cwdyg44fxp1i5wm3y4skwnz"))))
+                "1hzkdkgs0nzmfg9wm7kyh1j9i0i2g7925whzlihqvg9grdlh3dx3"))))
     (properties
      `((upstream-name . "XML")))
     (build-system r-build-system)
@@ -2804,14 +2799,14 @@ statements.")
 (define-public r-segmented
   (package
     (name "r-segmented")
-    (version "0.5-1.4")
+    (version "0.5-2.1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "segmented" version))
        (sha256
         (base32
-         "1740cvx2q4v23g4q0zkvg50s5bv8jcrlzzhm7fac4xn0riwmzp5i"))))
+         "1i576xksc761nyv2dmq86nwbgqvp0plz6bjcn69nkdwq2wbizmw8"))))
     (build-system r-build-system)
     (home-page "http://cran.r-project.org/web/packages/segmented")
     (synopsis "Regression models with breakpoints estimation")
@@ -2845,13 +2840,13 @@ worker processes and collect and return the results on the master.")
 (define-public r-sparsem
   (package
     (name "r-sparsem")
-    (version "1.76")
+    (version "1.77")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "SparseM" version))
               (sha256
                (base32
-                "16xnl9cacim35aawq6bmd2y6rrhnh1kg6dwsy3k5yslkfr1y9j62"))))
+                "0p6ljma2h12cq1xmy0cxb48ih8dhxxbnwkqzvx3cckxf2kprycm9"))))
     (properties
      `((upstream-name . "SparseM")))
     (inputs
@@ -3032,14 +3027,14 @@ flexible than the orphaned \"base64\" package.")
 (define-public r-irlba
   (package
     (name "r-irlba")
-    (version "2.1.2")
+    (version "2.2.1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "irlba" version))
        (sha256
         (base32
-         "1qbcn0ix85pmk296jhpi419kvh06vxm5cq24yk013ps3g7fyi0si"))))
+         "0zfb7x1701n6gask0f8y2yq0vmb82xkxf6limp43ivx551hx600s"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-matrix" ,r-matrix)))
@@ -3054,14 +3049,14 @@ analysis of large sparse or dense matrices.")
 (define-public r-glmnet
   (package
    (name "r-glmnet")
-   (version "2.0-5")
+   (version "2.0-10")
    (source
     (origin
      (method url-fetch)
      (uri (cran-uri "glmnet" version))
      (sha256
       (base32
-       "1cbpzmbv837fvq88rgn6mgzgr9f1wqp9fg8gh2kkmngvr1957a9c"))))
+       "07n2hz4fvjyv0siai8z8wqwfj8d58i8n1vzf1ckdfzp4kxa3z08d"))))
    (build-system r-build-system)
    (inputs
     `(("gfortran" ,gfortran)))
@@ -3304,36 +3299,6 @@ optimized in C++, and the main interface function provides an easy way of
 performing parallel computations on multicore machines.")
     (license license:gpl2+)))
 
-(define-public r-igraph
-  (package
-    (name "r-igraph")
-    (version "1.0.1")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (cran-uri "igraph" version))
-       (sha256
-        (base32
-         "00jnm8v3kvxpxav5klld2z2nnkcpj4sdwv4ksipddy5mp04ysr6w"))))
-    (build-system r-build-system)
-    (native-inputs
-     `(("gfortran" ,gfortran)))
-    (inputs
-     `(("gmp" ,gmp)
-       ("libxml2" ,libxml2)))
-    (propagated-inputs
-     `(("r-irlba" ,r-irlba)
-       ("r-magrittr" ,r-magrittr)
-       ("r-nmf" ,r-nmf)))
-    (home-page "http://igraph.org")
-    (synopsis "Network analysis and visualization")
-    (description
-     "This package provides routines for simple graphs and network analysis.
-It can handle large graphs very well and provides functions for generating
-random and regular graphs, graph visualization, centrality methods and much
-more.")
-    (license license:gpl2+)))
-
 (define-public r-r-methodss3
   (package
     (name "r-r-methodss3")
@@ -3558,14 +3523,14 @@ the 'lite' version of the more complete @code{viridis} package.")
 (define-public r-tidyr
   (package
     (name "r-tidyr")
-    (version "0.6.1")
+    (version "0.6.3")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "tidyr" version))
        (sha256
         (base32
-         "11hs3gqpbaw3w281as4m7j9n594ix5axfpwbyjsd0l62pwnzj217"))))
+         "14s57zrjm2phiy600z9ivq4az71z0ggmp6nj0js7yrybxf0dlah6"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-dplyr" ,r-dplyr)
@@ -3614,21 +3579,19 @@ It uses and relies on grid graphics and formal (S4) classes and methods.")
 (define-public r-purrr
   (package
     (name "r-purrr")
-    (version "0.2.2")
+    (version "0.2.3")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "purrr" version))
        (sha256
         (base32
-         "0lss8q733nv7s154wargm6vnxq55qygnxakib8xdj4jv0y86sxc3"))))
+         "0j1y0nbvljcis9hgic4wbbzslcsidhpw0wzs7d2hx7a2ygi6mkma"))))
     (build-system r-build-system)
     (propagated-inputs
-     `(("r-bh" ,r-bh)
-       ("r-dplyr" ,r-dplyr)
-       ("r-lazyeval" ,r-lazyeval)
+     `(("r-tibble" ,r-tibble)
        ("r-magrittr" ,r-magrittr)
-       ("r-rcpp" ,r-rcpp)))
+       ("r-rlang" ,r-rlang)))
     (home-page "https://github.com/hadley/purrr")
     (synopsis "Functional programming tools")
     (description
@@ -3639,26 +3602,30 @@ features present in other programming languages.")
 (define-public r-plotly
   (package
     (name "r-plotly")
-    (version "4.5.6")
+    (version "4.7.1")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "plotly" version))
               (sha256
                (base32
-                "09yw977yxlcxv57kni3q899zrxyxa6pznr06cylr9lqkyr7llfhx"))))
+                "0wj9lw7w28z8w9ip9vadv6sydjhqyg65kfiai9m3bndzz50b1m3w"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-base64enc" ,r-base64enc)
+       ("r-crosstalk" ,r-crosstalk)
        ("r-digest" ,r-digest)
+       ("r-data-table" ,r-data-table)
        ("r-dplyr" ,r-dplyr)
        ("r-ggplot2" ,r-ggplot2)
        ("r-hexbin" ,r-hexbin)
+       ("r-htmltools" ,r-htmltools)
        ("r-htmlwidgets" ,r-htmlwidgets)
        ("r-httr" ,r-httr)
        ("r-jsonlite" ,r-jsonlite)
        ("r-lazyeval" ,r-lazyeval)
        ("r-magrittr" ,r-magrittr)
        ("r-purrr" ,r-purrr)
+       ("r-rcolorbrewer" ,r-rcolorbrewer)
        ("r-scales" ,r-scales)
        ("r-tibble" ,r-tibble)
        ("r-tidyr" ,r-tidyr)
@@ -3740,14 +3707,14 @@ character vector.")
 (define-public r-googlesheets
   (package
     (name "r-googlesheets")
-    (version "0.2.1")
+    (version "0.2.2")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "googlesheets" version))
        (sha256
         (base32
-         "0ps13h1cv7fj5dh8s4nvwi64wnnyqdsadcaa4iizq1c5s615cwk3"))))
+         "18q0xmxn09b52rmky7gr5flp0awndcnsgb7zcvkzvkrkvmwad52b"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-cellranger" ,r-cellranger)
@@ -3834,21 +3801,20 @@ package instead.")
 (define-public r-hmisc
   (package
     (name "r-hmisc")
-    (version "4.0-2")
+    (version "4.0-3")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "Hmisc" version))
        (sha256
         (base32
-         "1lg9k0kj803wsm3h0a991q9l2lrgsqryzfv2z79b88kjbfapqpqr"))))
+         "1a7i7azag6pldgala85d8hh7wnx1shamyiriy4jfc65nxrr2lq8w"))))
     (properties `((upstream-name . "Hmisc")))
     (build-system r-build-system)
     (native-inputs
      `(("gfortran" ,gfortran)))
     (propagated-inputs
      `(("r-acepack" ,r-acepack)
-       ("r-base64" ,r-base64)
        ("r-base64enc" ,r-base64enc)
        ("r-cluster" ,r-cluster)
        ("r-data-table" ,r-data-table)
@@ -3919,14 +3885,14 @@ hierarchical clustering dendrograms.")
 (define-public r-preprocesscore
   (package
     (name "r-preprocesscore")
-    (version "1.38.0")
+    (version "1.38.1")
     (source
      (origin
        (method url-fetch)
        (uri (bioconductor-uri "preprocessCore" version))
        (sha256
         (base32
-         "1vq8hwxz73j93q0ldw5bnhbas1f2ha5q1lr9pp4l8gp8zdwzfrjn"))))
+         "1ggvmak13rhxc4ghf16ncjfvgszc8yvza93s2l9kn8yiwr96vp2h"))))
     (properties
      `((upstream-name . "preprocessCore")))
     (build-system r-build-system)
@@ -3965,14 +3931,14 @@ existing packages provide.")
 (define-public r-sfsmisc
   (package
     (name "r-sfsmisc")
-    (version "1.1-0")
+    (version "1.1-1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "sfsmisc" version))
        (sha256
         (base32
-         "0580piv4n1nispl3pa8nfjjfnb8iwaqky2dzdy0aqnxrxgrhqhvz"))))
+         "0jzmbywlyzfxs7hlmyd0iynghfc9qp5sa5lnhr73y8r360yv1ahf"))))
     (build-system r-build-system)
     (home-page "http://cran.r-project.org/web/packages/sfsmisc")
     (synopsis "Utilities from \"Seminar fuer Statistik\" ETH Zurich")
@@ -4006,14 +3972,14 @@ tests for whether a value is missing, empty or contains only @code{NA} and
 (define-public r-gdata
   (package
     (name "r-gdata")
-    (version "2.17.0")
+    (version "2.18.0")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "gdata" version))
        (sha256
         (base32
-         "0kiy3jbcszlpmarg311spdsfi5pn89wgy742dxsbzxk8907fr5w0"))))
+         "0zwdj7lscgxr8r62ii8hbdh4mb7sa9w4f5nv32zzrxdvymcpya2b"))))
     (build-system r-build-system)
     (inputs
      `(("perl" ,perl)))
@@ -4239,13 +4205,13 @@ representation of R code.")
 (define-public r-ggbeeswarm
   (package
     (name "r-ggbeeswarm")
-    (version "0.5.3")
+    (version "0.6.0")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "ggbeeswarm" version))
               (sha256
                (base32
-                "1jgp55rvmzc4agcrlsjn8m5lk85di9c4wj94xzikqkql4lvq3qpd"))))
+                "0crk29p5vi1r3a988kms4y7r0iqwgwzsikgvh18r9wbzyr98bb5v"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-beeswarm" ,r-beeswarm)
@@ -4287,13 +4253,13 @@ Wall Street Journal, among others.  This package also provides
 (define-public r-statmod
   (package
     (name "r-statmod")
-    (version "1.4.29")
+    (version "1.4.30")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "statmod" version))
               (sha256
                (base32
-                "1fgzkwriba39d7946lq892f0si2fjdy37pvxki6ix8xyj8qgnci4"))))
+                "07v4x8af60alcw6vbiwf5fp25bhra61kvxz9kqx64lszm0i1fb4x"))))
     (build-system r-build-system)
     (home-page "http://cran.r-project.org/web/packages/statmod")
     (native-inputs
@@ -4313,13 +4279,13 @@ dispersion modeling and Tweedie power-law families.")
 (define-public r-rann
   (package
     (name "r-rann")
-    (version "2.5")
+    (version "2.5.1")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "RANN" version))
               (sha256
                (base32
-                "007cgqg9bybg2zlljbv5m6cmlm3r6i251018rpgjcn0xnm9sjsj7"))))
+                "0il5i99vbcagnxvb15af5n37g04a4q1x96bz73zh3jhki9fpw9vm"))))
     (properties
      `((upstream-name . "RANN")))
     (build-system r-build-system)
@@ -4382,14 +4348,14 @@ Farebrother's algorithm or Liu et al.'s algorithm.")
 (define-public r-cowplot
   (package
     (name "r-cowplot")
-    (version "0.7.0")
+    (version "0.8.0")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "cowplot" version))
        (sha256
         (base32
-         "03iimcsh1pk7iqzjdlfcj43b8khijdk4hg00j4jdllv19xsfb0hx"))))
+         "03bh0r6ynr95gk4lc8asfi3kpmskm59vfzwn417pdziha3igs5x6"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-ggplot2" ,r-ggplot2)
@@ -4455,14 +4421,14 @@ regression.")
 (define-public r-fastica
   (package
     (name "r-fastica")
-    (version "1.2-0")
+    (version "1.2-1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "fastICA" version))
        (sha256
         (base32
-         "0ykk78fsk5da2g16i4wji85bvji7nayjvkfp07hyaxq9d15jmf0r"))))
+         "108z2ymby5y4h8l4l2krqwm28rya93gq09yylgilnm3afvfrfabg"))))
     (properties `((upstream-name . "fastICA")))
     (build-system r-build-system)
     (home-page "http://cran.r-project.org/web/packages/fastICA")
@@ -4538,14 +4504,14 @@ to change in the future.")
 (define-public r-flexmix
   (package
     (name "r-flexmix")
-    (version "2.3-13")
+    (version "2.3-14")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "flexmix" version))
        (sha256
         (base32
-         "1i205yw3kkxs27gqcs6zx0c2mh16p332a2p06wq6fdzb20bazg3z"))))
+         "0sl4zxh1sb2sr5q7svjw9ihrm219jzn82yrc9d43q6r1b8bpyz43"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-lattice" ,r-lattice)
@@ -4564,14 +4530,14 @@ models, generalized linear models and model-based clustering.")
 (define-public r-mclust
   (package
     (name "r-mclust")
-    (version "5.2.3")
+    (version "5.3")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "mclust" version))
        (sha256
         (base32
-         "0045msdw1xndfmlylbnm1ss716iiqzqwj454a97gmcq5kph86qzz"))))
+         "0h5syvpg3azrz5d10z2afilaa27jb4azi38idzlv05mfcs16s6rb"))))
     (build-system r-build-system)
     (native-inputs
      `(("gfortran" ,gfortran)))
@@ -4654,6 +4620,111 @@ can be efficiently implemented directly in the R language.")
 regression methodology including model selections and multivariate statistics.")
     (license license:gpl2+)))
 
+(define-public r-pcapp
+  (package
+    (name "r-pcapp")
+    (version "1.9-72")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "pcaPP" version))
+       (sha256
+        (base32
+         "0i2822bv86dpqmk3q17x61nsp3gjjnn4nr8191rwvbiib7xhpgaq"))))
+    (properties `((upstream-name . "pcaPP")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-mvtnorm" ,r-mvtnorm)))
+    (home-page "http://cran.r-project.org/web/packages/pcaPP")
+    (synopsis "Robust PCA by projection pursuit")
+    (description
+     "This package provides functions for robust @dfn{principal component
+analysis} (PCA) by projection pursuit.")
+    (license license:gpl3+)))
+
+(define-public r-rrcov
+  (package
+    (name "r-rrcov")
+    (version "1.4-3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "rrcov" version))
+       (sha256
+        (base32
+         "0kagqggi634mvrhd67ia7mpjrj5v6w2wq0z3kyppg5xkvzh335nq"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-cluster" ,r-cluster)
+       ("r-lattice" ,r-lattice)
+       ("r-mvtnorm" ,r-mvtnorm)
+       ("r-pcapp" ,r-pcapp)
+       ("r-robustbase" ,r-robustbase)))
+    (native-inputs
+     `(("gfortran" ,gfortran)))
+    (home-page "http://cran.r-project.org/web/packages/rrcov")
+    (synopsis "Scalable robust estimators with high breakdown Point")
+    (description
+     "This package provides an implementation of robust location and scatter
+estimation and robust multivariate analysis with high breakdown point.")
+    (license license:gpl2+)))
+
+(define-public r-fit-models
+  (package
+    (name "r-fit-models")
+    (version "0.5-14")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "fit.models" version))
+       (sha256
+        (base32
+         "0vjbzmx0ambm6yzidb4vbgmhclwzwv2iz2cwl54ccdkvx4cx3fck"))))
+    (properties `((upstream-name . "fit.models")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-lattice" ,r-lattice)))
+    (home-page "http://cran.r-project.org/web/packages/fit.models")
+    (synopsis "Compare fitted models")
+    (description
+     "The @code{fit.models} function and its associated methods (coefficients, print,
+summary, plot, etc.) were originally provided in the @code{robust} package to
+compare robustly and classically fitted model objects.  The aim of the
+@code{fit.models} package is to separate this fitted model object comparison
+functionality from the robust package and to extend it to support fitting
+methods (e.g., classical, robust, Bayesian, regularized, etc.) more
+generally.")
+    ;; Any version of the GPL
+    (license (list license:gpl2+ license:gpl3+))))
+
+(define-public r-robust
+  (package
+    (name "r-robust")
+    (version "0.4-18")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "robust" version))
+       (sha256
+        (base32
+         "1b7qh1aff500nd6dh4y2ipmjgdiq8991shflb63pc39vpc0ny6g4"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-fit-models" ,r-fit-models)
+       ("r-lattice" ,r-lattice)
+       ("r-mass" ,r-mass)
+       ("r-robustbase" ,r-robustbase)
+       ("r-rrcov" ,r-rrcov)))
+    (native-inputs
+     `(("gfortran" ,gfortran)))
+    (home-page "http://cran.r-project.org/web/packages/robust")
+    (synopsis "Port of the S+ \"Robust Library\"")
+    (description
+     "This package is a port of the S+ \"Robust Library\".  It provides
+methods for robust statistics, notably for robust regression and robust
+multivariate analysis.")
+    (license license:gpl2)))
+
 (define-public r-trimcluster
   (package
     (name "r-trimcluster")
@@ -4672,7 +4743,8 @@ regression methodology including model selections and multivariate statistics.")
      "The trimmed k-means clustering method by Cuesta-Albertos, Gordaliza and
 Matran (1997).  This optimizes the k-means criterion under trimming a portion
 of the points.")
-    (license license:gpl2+)))
+    ;; Any GPL version
+    (license (list license:gpl2+ license:gpl3+))))
 
 (define-public r-fpc
   (package
@@ -4711,14 +4783,14 @@ groupings.")
 (define-public r-vgam
   (package
     (name "r-vgam")
-    (version "1.0-3")
+    (version "1.0-4")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "VGAM" version))
        (sha256
         (base32
-         "0wr6szcpj8r4a1rlzgd6iym7khin69fmvxcf37iyvs8mms86dfr3"))))
+         "0r59hyp3afmvms890b3v2yyckf8v0qkjf2w11rnqd2zgg1gri0g5"))))
     (properties `((upstream-name . "VGAM")))
     (build-system r-build-system)
     (inputs
@@ -4736,14 +4808,14 @@ VGLMs can be loosely thought of as multivariate generalised linear models.")
 (define-public r-pbapply
   (package
     (name "r-pbapply")
-    (version "1.3-2")
+    (version "1.3-3")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "pbapply" version))
        (sha256
         (base32
-         "1sdmjlnwxb99f95g5v8k8mirrkzw99yig377v0qi9lzwjgd6fqqr"))))
+         "0iqhymf65jffh00qf056h1p76xf92bfmij6aymlmgnvn24fv4ybk"))))
     (build-system r-build-system)
     (home-page "https://github.com/psolymos/pbapply")
     (synopsis "Adding progress bar to apply functions")
@@ -4800,14 +4872,14 @@ based on an interface to Fortran implementations by M. J. D. Powell.")
 (define-public r-rcppeigen
   (package
     (name "r-rcppeigen")
-    (version "0.3.2.9.1")
+    (version "0.3.3.3.0")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "RcppEigen" version))
        (sha256
         (base32
-         "1ih940yjbc530cmpl6kx1jic7pz2ps1w5vrvy32qizh6m5s3lk7x"))))
+         "0zz9v0f8nnlvhhqv91lkyfblvjnmav84l89mr6vmbqjc2hzqd3n8"))))
     (properties `((upstream-name . "RcppEigen")))
     (build-system r-build-system)
     (propagated-inputs
@@ -4978,14 +5050,14 @@ bootstrap test for generalized linear mixed models.")
 (define-public r-car
   (package
     (name "r-car")
-    (version "2.1-4")
+    (version "2.1-5")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "car" version))
        (sha256
         (base32
-         "0a6v7rsd1xsdyapnfqy37m7c4kx9wslkzsizc9k0lmnba0bwyfgx"))))
+         "1bm0ks9ga60z3izgq0d4kvirr9v4yf1820d1wznkihnbb55bc3m6"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-mass" ,r-mass)
@@ -5122,14 +5194,14 @@ multivariate case.")
 (define-public r-tclust
   (package
     (name "r-tclust")
-    (version "1.2-3")
+    (version "1.2-7")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "tclust" version))
        (sha256
         (base32
-         "0a1b7yp4l9wf6ic5czizyl2cnxrc1virj0icr8i6m1vv23jd8jfp"))))
+         "1mvqr280c6kwpg98byd0r1y0qf238xn2x15y8npqch6lpcszlb3x"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-cluster" ,r-cluster)
@@ -5147,17 +5219,19 @@ diagnostic tools (@code{ctlcurves} and @code{DiscrFact}).")
 (define-public r-ranger
   (package
     (name "r-ranger")
-    (version "0.7.0")
+    (version "0.8.0")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "ranger" version))
        (sha256
         (base32
-         "0g1rnpk4c06lmy0r5n0j7i2xna190kqalmxp42d9gnk3drnb1x43"))))
+         "1fdbm879wx3hlng8s4c4f8f2x5yxz57llakcqnpa0lymybidw3vz"))))
     (build-system r-build-system)
     (propagated-inputs
-     `(("r-rcpp" ,r-rcpp)))
+     `(("r-rcpp" ,r-rcpp)
+       ("r-matrix" ,r-matrix)
+       ("r-rcppeigen" ,r-rcppeigen)))
     (home-page "https://github.com/imbs-hl/ranger")
     (synopsis "Fast implementation of random forests")
     (description
diff --git a/gnu/packages/swig.scm b/gnu/packages/swig.scm
index acf0529377..b931db412b 100644
--- a/gnu/packages/swig.scm
+++ b/gnu/packages/swig.scm
@@ -31,7 +31,7 @@
 (define-public swig
   (package
     (name "swig")
-    (version "3.0.10")
+    (version "3.0.12")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://sourceforge/" name "/" name "/"
@@ -39,8 +39,16 @@
                                  name "-" version ".tar.gz"))
              (sha256
               (base32
-               "0k7ljh07rla6223lhvljgg881b2qr7hmrfgic9a0j1pckpislf99"))))
+               "0kf99ygrjs5616gsqhz1l7bib3a12izmxi7g48bwblbymr3z9ybw"))))
     (build-system gnu-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'set-env
+           ;; Required since Perl 5.26.0's removal of the current
+           ;; working directory from @INC.
+           ;; TODO Try removing this for later versions of SWIG.
+           (lambda _ (setenv "PERL_USE_UNSAFE_INC" "1") #t)))))
     (native-inputs `(("boost" ,boost)
                      ("pcre" ,pcre "bin")))       ;for 'pcre-config'
     (inputs `(;; Provide these to run the corresponding tests.
diff --git a/gnu/packages/sync.scm b/gnu/packages/sync.scm
index 91f4b3d0ed..a914d41c43 100644
--- a/gnu/packages/sync.scm
+++ b/gnu/packages/sync.scm
@@ -107,7 +107,7 @@ silently and reliably flow across to every other.")
 (define-public qsyncthingtray
   (package
     (name "qsyncthingtray")
-    (version "0.5.7")
+    (version "0.5.8")
     (source
       (origin
         (method url-fetch)
@@ -117,7 +117,7 @@ silently and reliably flow across to every other.")
         (file-name (string-append name "-" version ".tar.gz"))
         (sha256
          (base32
-          "1qzlxgq36sb1dk621nkbjw9k6y3css6q3z8xzx6nv7f327vanvp6"))))
+          "1024778ml7q62ziqm4d22z5sc1715l34846pwfyzfpcyl32qlhpz"))))
     (build-system cmake-build-system)
     (arguments
      `(#:configure-flags '("-DQST_BUILD_WEBKIT=1")
diff --git a/gnu/packages/syndication.scm b/gnu/packages/syndication.scm
index f434006656..80c45c396c 100644
--- a/gnu/packages/syndication.scm
+++ b/gnu/packages/syndication.scm
@@ -18,6 +18,7 @@
   #:use-module (guix download)
   #:use-module (guix packages)
   #:use-module (guix build-system gnu)
+  #:use-module (gnu packages)
   #:use-module (gnu packages curl)
   #:use-module (gnu packages databases)
   #:use-module (gnu packages gettext)
@@ -37,6 +38,7 @@
         (method url-fetch)
         (uri (string-append "https://newsbeuter.org/downloads/newsbeuter-"
                             version ".tar.gz"))
+        (patches (search-patches "newsbeuter-CVE-2017-12904.patch"))
         (sha256
          (base32
           "1j1x0hgwxz11dckk81ncalgylj5y5fgw5bcmp9qb5hq9kc0vza3l"))))
diff --git a/gnu/packages/tex.scm b/gnu/packages/tex.scm
index 3b9fb275fc..f12746c83f 100644
--- a/gnu/packages/tex.scm
+++ b/gnu/packages/tex.scm
@@ -7,6 +7,7 @@
 ;;; Copyright © 2016 Federico Beffa <beffa@fbengineering.ch>
 ;;; Copyright © 2016 Thomas Danckaert <post@thomasdanckaert.be>
 ;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -66,29 +67,28 @@
 (define texlive-extra-src
   (origin
     (method url-fetch)
-    (uri "ftp://tug.org/historic/systems/texlive/2016/texlive-20160523-extra.tar.xz")
+    (uri "ftp://tug.org/historic/systems/texlive/2017/texlive-20170524-extra.tar.xz")
     (sha256 (base32
-              "0q4a92zmwhn4ry6xgrp4k8wq11ax2sg9rg9yrsrdkr719y0x887a"))))
+              "0zvd2zskk78ig114mfj24g15qys41hzqv59fmqpirdbgq9c9gr5g"))))
 
 (define texlive-texmf-src
   (origin
     (method url-fetch)
-    (uri "ftp://tug.org/historic/systems/texlive/2016/texlive-20160523b-texmf.tar.xz")
-    (patches (search-patches "texlive-texmf-CVE-2016-10243.patch"))
-    (patch-flags '("-p2"))
+    (uri "ftp://tug.org/historic/systems/texlive/2017/texlive-20170524-texmf.tar.xz")
     (sha256 (base32
-              "1dv8vgfzpczqw82hv9g7a8djhhyzywljmrarlcyy6g2qi5q51glr"))))
+              "1v69y3kgkbk24f7s4dfkknwd317mqmck5jgpyb35wqgqfy5p0qrz"))))
 
 (define-public texlive-bin
   (package
    (name "texlive-bin")
-   (version "2016")
+   (version "20170524")
    (source
     (origin
      (method url-fetch)
-      (uri "ftp://tug.org/historic/systems/texlive/2016/texlive-20160523b-source.tar.xz")
+      (uri (string-append "ftp://tug.org/historic/systems/texlive/2017/"
+                          "texlive-" version "-source.tar.xz"))
       (sha256 (base32
-               "1v91vahxlxkdra0qz3f132vvx5d9cx2jy84yl1hkch0agyj2rcx8"))))
+               "1amjrxyasplv4alfwcxwnw4nrx7dz2ydmddkq16k6hg90i9njq81"))))
    (build-system gnu-build-system)
    (inputs
     `(("texlive-extra-src" ,texlive-extra-src)
@@ -201,11 +201,41 @@ This package contains the binaries.")
        #:builder
        (begin
          (use-modules (guix build utils))
-         (let ((target (string-append (assoc-ref %outputs "out")
-                                      "/share/texmf-dist/dvips")))
-           (mkdir-p target)
-           (copy-recursively (assoc-ref %build-inputs "source") target)
+         (let* ((root (string-append (assoc-ref %outputs "out")
+                                     "/share/texmf-dist"))
+                (dvips (string-append root "/dvips"))
+                (maps  (string-append root "/fonts/map/dvips/tetex"))
+                (encs  (string-append root "/fonts/enc/dvips/base")))
+           (mkdir-p dvips)
+           (copy-recursively (assoc-ref %build-inputs "source") dvips)
+           (mkdir-p maps)
+           (copy-recursively (assoc-ref %build-inputs "dvips-font-maps") maps)
+           (mkdir-p encs)
+           (copy-recursively (assoc-ref %build-inputs "dvips-base-enc") encs)
            #t))))
+    (native-inputs
+     `(("dvips-font-maps"
+        ,(origin
+           (method svn-fetch)
+           (uri (svn-reference
+                 (url (string-append "svn://www.tug.org/texlive/tags/"
+                                     %texlive-tag "/Master/texmf-dist/"
+                                     "/fonts/map/dvips/tetex"))
+                 (revision %texlive-revision)))
+           (sha256
+            (base32
+             "100208pg7q6lj7swiq9p9287nn6b64bl62bnlaxpjni9y2kdrqy5"))))
+       ("dvips-base-enc"
+        ,(origin
+           (method svn-fetch)
+           (uri (svn-reference
+                 (url (string-append "svn://www.tug.org/texlive/tags/"
+                                     %texlive-tag "/Master/texmf-dist/"
+                                     "/fonts/enc/dvips/base"))
+                 (revision %texlive-revision)))
+           (sha256
+            (base32
+             "1xnf6ms0h87r55kxik4vicwr1907scj789lhqflqns8svvsli5iy"))))))
     (home-page "http://www.ctan.org/pkg/dvips")
     (synopsis "DVI to PostScript drivers")
     (description "This package provides files needed for converting DVI files
@@ -429,6 +459,40 @@ converters, will completely supplant the older patterns.")
 build fonts using the Metafont system.")
     (license license:knuth)))
 
+(define-public texlive-fontname
+  (package
+    (name "texlive-fontname")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/fonts/map/fontname"))
+                    (revision %texlive-revision)))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0cssbzcx15221dynp5sii72qh4l18mwkr14n8w1xb19j8pbaqasz"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((target (string-append (assoc-ref %outputs "out")
+                                      "/share/texmf-dist/fonts/map/fontname")))
+           (mkdir-p target)
+           (copy-recursively (assoc-ref %build-inputs "source") target)
+           #t))))
+    (home-page "https://www.ctan.org/pkg/fontname")
+    (synopsis "Scheme for naming fonts in TeX")
+    (description "This is Fontname, a naming scheme for (the base part of)
+external TeX font filenames.  This makes at most eight-character names
+from (almost) arbitrarily complex font names, thus helping portability of TeX
+documents.")
+    (license license:public-domain)))
+
 (define-public texlive-fonts-cm
   (package
     (name "texlive-fonts-cm")
@@ -1442,7 +1506,7 @@ distribution.")
                 "1n3i5adsyy7jw0imnzrm2i8wkf73i3mjk9h3ic8cb9cd19i4r9r3"))))
     (build-system texlive-build-system)
     (arguments
-     '(#:tex-directory "latex/babel"
+     '(#:tex-directory "generic/babel"
        #:phases
        (modify-phases %standard-phases
          ;; This package tries to produce babel.aux twice but refuses to
@@ -1464,6 +1528,28 @@ what has to be done for each language.  Users of XeTeX are advised to use the
 polyglossia package rather than Babel.")
     (license license:lppl1.3+)))
 
+(define-public texlive-generic-babel-english
+  (package
+    (name "texlive-generic-babel-english")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "generic" "babel-english"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "1s404wbx91z5w65hm024kyl4h56zsa096irx18vsx8jvlmwsr5wc"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "generic/babel-english"))
+    (home-page "http://www.ctan.org/pkg/babel-english")
+    (synopsis "Babel support for English")
+    (description
+     "This package provides the language definition file for support of
+English in @code{babel}.  Care is taken to select British hyphenation patterns
+for British English and Australian text, and default (\"american\") patterns
+for Canadian and USA text.")
+    (license license:lppl1.3+)))
+
 (define-public texlive-latex-cyrillic
   (package
     (name "texlive-latex-cyrillic")
@@ -1517,6 +1603,7 @@ standard LaTeX packages."
     (let ((default-packages
             (list texlive-bin
                   texlive-dvips
+                  texlive-fontname
                   texlive-fonts-cm
                   texlive-fonts-latex
                   texlive-metafont-base
@@ -1525,6 +1612,7 @@ standard LaTeX packages."
                   texlive-latex-amsmath
                   texlive-latex-amscls
                   texlive-latex-babel
+                  texlive-generic-babel-english
                   texlive-latex-cyrillic
                   texlive-latex-graphics
                   texlive-latex-psnfss
@@ -1558,7 +1646,8 @@ standard LaTeX packages."
                  (((names . directories) ...)
                   (union-build (assoc-ref %outputs "out")
                                directories
-                               #:create-all-directories? #t)))
+                               #:create-all-directories? #t
+                               #:log-port (%make-void-port "w"))))
 
                ;; The configuration file "texmf.cnf" is provided by the
                ;; "texlive-bin" package.  We take it and override only the
@@ -1602,6 +1691,289 @@ distribution.")
     (description "This is a very limited subset of the TeX Live distribution.
 It includes little more than the required set of LaTeX packages.")))
 
+(define-public texlive-latex-amsrefs
+  (package
+    (name "texlive-latex-amsrefs")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "amsrefs"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "15i4k479dwrpr0kspmm70g1yn4p3dkh0whyzmr93hph9bggnh1i1"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "latex/amsrefs"))
+    (home-page "http://www.ctan.org/pkg/amsrefs")
+    (synopsis "LaTeX-based replacement for BibTeX")
+    (description
+     "Amsrefs is a LaTeX package for bibliographies that provides an archival
+data format similar to the format of BibTeX database files, but adapted to
+make direct processing by LaTeX easier.  The package can be used either in
+conjunction with BibTeX or as a replacement for BibTeX.")
+    (license license:lppl1.3+)))
+
+(define-public texlive-latex-bigfoot
+  (package
+    (name "texlive-latex-bigfoot")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "bigfoot"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "092g8alnsdwlgl1isdnqrr32l161994295kadr1n05d81xgj5wnv"))))
+    (build-system texlive-build-system)
+    (arguments
+     '(#:tex-directory "latex/bigfoot"
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'remove-generated-file
+           (lambda _
+             (for-each delete-file (find-files "." "\\.drv$"))
+             #t)))))
+    (home-page "http://www.ctan.org/pkg/bigfoot")
+    (synopsis "Footnotes for critical editions")
+    (description
+     "This package aims to provide a one-stop solution to requirements for
+footnotes.  It offers: Multiple footnote apparatus superior to that of
+@code{manyfoot}.  Footnotes can be formatted in separate paragraphs, or be run
+into a single paragraph (this choice may be selected per footnote series);
+Things you might have expected (such as @code{\\verb}-like material in
+footnotes, and color selections over page breaks) now work.  Note that the
+majority of the bigfoot package's interface is identical to that of
+@code{manyfoot}; users should seek information from that package's
+documentation.  The bigfoot bundle also provides the @code{perpage} and
+@code{suffix} packages.")
+    (license license:gpl2+)))
+
+(define-public texlive-latex-blindtext
+  (package
+    (name "texlive-latex-blindtext")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "blindtext"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "1jrja9b1pzdh9zgv1jh807w4xijqja58n2mqny6dkwicv8qfgbfg"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "latex/blindtext"))
+    (home-page "http://www.ctan.org/pkg/blindtext")
+    (synopsis "Producing 'blind' text for testing")
+    (description
+     "The package provides the commands @code{\\blindtext} and
+@code{\\Blindtext} for creating \"blind\" text useful in testing new classes
+and packages, and @code{\\blinddocument}, @code{\\Blinddocument} for creating
+an entire random document with sections, lists, mathematics, etc.  The package
+supports three languages, @code{english}, @code{(n)german} and @code{latin};
+the @code{latin} option provides a short \"lorem ipsum\" (for a fuller \"lorem
+ipsum\" text, see the @code{lipsum} package).")
+    (license license:lppl)))
+
+(define-public texlive-latex-dinbrief
+  (package
+    (name "texlive-latex-dinbrief")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "dinbrief"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "0lb0kiy8fxzl6cnhcw1sggy6jrjvcd6kj1kkw3k9lkimm388yjz6"))))
+    (build-system texlive-build-system)
+    (arguments
+     '(#:tex-directory "latex/dinbrief"
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'remove-generated-file
+           (lambda _
+             (delete-file "dinbrief.drv")
+             #t)))))
+    (home-page "http://www.ctan.org/pkg/dinbrief")
+    (synopsis "German letter DIN style")
+    (description
+     "This package implements a document layout for writing letters according
+to the rules of DIN (Deutsches Institut für Normung, German standardisation
+institute).  A style file for LaTeX 2.09 (with limited support of the
+features) is part of the package.  Since the letter layout is based on a
+German standard, the user guide is written in German, but most macros have
+English names from which the user can recognize what they are used for.  In
+addition there are example files showing how letters may be created with the
+package.")
+    (license license:lppl)))
+
+(define-public texlive-latex-draftwatermark
+  (package
+    (name "texlive-latex-draftwatermark")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "draftwatermark"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "1zyl2pcz2x529gzj5m93a1s4ipymdabf7qdjl3l1673pizd4hfyv"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "latex/draftwatermark"))
+    (home-page "http://www.ctan.org/pkg/draftwatermark")
+    (synopsis "Put a grey textual watermark on document pages")
+    (description
+     "This package provides a means to add a textual, light grey watermark on
+every page or on the first page of a document.  Typical usage may consist in
+writing words such as DRAFT or CONFIDENTIAL across document pages.  The
+package performs a similar function to that of @code{draftcopy}, but its
+implementation is output device independent, and made very simple by relying
+on everypage.")
+    (license license:lppl1.3+)))
+
+(define-public texlive-latex-environ
+  (package
+    (name "texlive-latex-environ")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "environ"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "06h28b26dyjkj9shksphgqfv4130jfkwhbw737hxn7d3yvdfffyd"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "latex/environ"))
+    (home-page "http://www.ctan.org/pkg/environ")
+    (synopsis "New interface for environments in LaTeX")
+    (description
+     "This package provides the @code{\\collect@@body} command (as in
+@code{amsmath}), as well as a @code{\\long} version @code{\\Collect@@Body},
+for collecting the body text of an environment.  These commands are used to
+define a new author interface to creating new environments.")
+    (license license:lppl)))
+
+(define-public texlive-latex-eqparbox
+  (package
+    (name "texlive-latex-eqparbox")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "eqparbox"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "0pvmhsd4xmpil0m3c7qcgwilbk266mlkzv03g0jr8r3zd8jxlyzq"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "latex/eqparbox"))
+    (home-page "http://www.ctan.org/pkg/eqparbox")
+    (synopsis "Create equal-widthed parboxes")
+    (description
+     "LaTeX users sometimes need to ensure that two or more blocks of text
+occupy the same amount of horizontal space on the page.  To that end, the
+@code{eqparbox} package defines a new command, @code{\\eqparbox}, which works
+just like @code{\\parbox}, except that instead of specifying a width, one
+specifies a tag.  All @code{eqparbox}es with the same tag---regardless of
+where they are in the document---will stretch to fit the widest
+@code{eqparbox} with that tag.  This simple, equal-width mechanism can be used
+for a variety of alignment purposes, as is evidenced by the examples in
+@code{eqparbox}'s documentation.  Various derivatives of @code{\\eqparbox} are
+also provided.")
+    (license license:lppl1.3+)))
+
+(define-public texlive-latex-expdlist
+  (package
+    (name "texlive-latex-expdlist")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "expdlist"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "1x7byk6x10njir3y9rm56glhdzrxwqag7gsnw2sqn1czlq525w7r"))))
+    (build-system texlive-build-system)
+    (arguments
+     '(#:tex-directory "latex/expdlist"
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'remove-generated-file
+           (lambda _
+             (for-each delete-file
+                       (find-files "." "\\.drv$"))
+             #t)))))
+    (home-page "http://www.ctan.org/pkg/expdlist")
+    (synopsis "Expanded description environments")
+    (description
+     "The package provides additional features for the LaTeX
+@code{description} environment, including adjustable left margin.  The package
+also allows the user to \"break\" a list (for example, to interpose a comment)
+without affecting the structure of the list (this works for @code{itemize} and
+@code{enumerate} lists, and numbered lists remain in sequence).")
+    (license license:lppl)))
+
+(define-public texlive-latex-filemod
+  (package
+    (name "texlive-latex-filemod")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/tex/latex/filemod"))
+                    (revision %texlive-revision)))
+              (sha256
+               (base32
+                "0vpxilfw69xv78f03g0j0zw0bw4qcn36whqp8phcq48qk1ax2kr2"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((target (string-append (assoc-ref %outputs "out")
+                                      "/share/texmf-dist/tex/latex/filemod")))
+           (mkdir-p target)
+           (copy-recursively (assoc-ref %build-inputs "source") target)
+           #t))))
+    (home-page "http://www.ctan.org/pkg/filemod")
+    (synopsis "Provide file modification times, and compare them")
+    (description
+     "This package provides macros to read and compare the modification dates
+of files.  The files may be @code{.tex} files, images or other files (as long
+as they can be found by LaTeX).  It uses the @code{\\pdffilemoddate} primitive
+of pdfLaTeX to find the file modification date as PDF date string, parses the
+string and returns the value to the user.  The package will also work for DVI
+output with recent versions of the LaTeX compiler which uses pdfLaTeX in DVI
+mode.  The functionality is provided by purely expandable macros or by faster
+but non-expandable ones.")
+    (license license:lppl1.3+)))
+
+(define-public texlive-latex-ifplatform
+  (package
+    (name "texlive-latex-ifplatform")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "ifplatform"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "11gvvjvmdfs9b7mm19yf80zwkx49jqcbq6g8qb9y5ns1r1qvnixp"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "latex/ifplatform"))
+    (home-page "http://www.ctan.org/pkg/ifplatform")
+    (synopsis "Conditionals to test which platform is being used")
+    (description
+     "This package uses the (La)TeX extension @code{-shell-escape} to
+establish whether the document is being processed on a Windows or on a
+Unix-like system, or on Cygwin (Unix environment over a Windows system).
+Booleans provided are: @code{\\ifwindows}, @code{\\iflinux}, @code{\\ifmacosx}
+and @code{\\ifcygwin}.  The package also preserves the output of @code{uname}
+on a Unix-like system, which may be used to distinguish between various
+classes of systems.")
+    (license license:lppl)))
+
 (define-public texlive-latex-natbib
   (package
     (name "texlive-latex-natbib")
@@ -1625,6 +1997,66 @@ that are compatible with @code{natbib}: @code{plainnat}, @code{unsrtnat},
 designed from the start to be compatible with @code{natbib}.")
     (license license:lppl)))
 
+(define-public texlive-latex-psfrag
+  (package
+    (name "texlive-latex-psfrag")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "psfrag"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "1dxbl5il7wbbsp0v45vk884xi1192wxw03849pb1g5q4x808n352"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "latex/psfrag"))
+    (home-page "http://www.ctan.org/pkg/psfrag")
+    (synopsis "Replace strings in encapsulated PostScript figures")
+    (description
+     "This package allows LaTeX constructions (equations, picture
+environments, etc.) to be precisely superimposed over Encapsulated PostScript
+figures, using your own favorite drawing tool to create an EPS figure and
+placing simple text \"tags\" where each replacement is to be placed, with
+PSfrag automatically removing these tags from the figure and replacing them
+with a user specified LaTeX construction, properly aligned, scaled, and/or
+rotated.")
+    (license (license:fsf-free "file://psfrag.dtx"))))
+
+(define-public texlive-latex-pstool
+  (package
+    (name "texlive-latex-pstool")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "pstool"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "1kwlk1x67lad4xb7gpkxqgdlxwpi6nvq1r9wika7m92abmyf18h3"))))
+    (build-system texlive-build-system)
+    (arguments
+     '(#:tex-directory "latex/pstool"
+       #:tex-format "latex"))
+    (inputs
+     `(("texlive-fonts-cm" ,texlive-fonts-cm)
+       ("texlive-latex-filecontents" ,texlive-latex-filecontents)))
+    (propagated-inputs
+     `(("texlive-latex-bigfoot" ,texlive-latex-bigfoot)
+       ("texlive-latex-filemod" ,texlive-latex-filemod)
+       ("texlive-latex-graphics" ,texlive-latex-graphics)
+       ("texlive-latex-ifplatform" ,texlive-latex-ifplatform)
+       ("texlive-latex-oberdiek" ,texlive-latex-oberdiek)
+       ("texlive-latex-psfrag" ,texlive-latex-psfrag)
+       ("texlive-latex-trimspaces" ,texlive-latex-trimspaces)))
+    (home-page "http://www.ctan.org/pkg/pstool")
+    (synopsis "Process PostScript graphisc within pdfLaTeX documents")
+    (description
+     "This is a package for processing PostScript graphics with @code{psfrag}
+labels within pdfLaTeX documents.  Every graphic is compiled individually,
+drastically speeding up compilation time when only a single figure needs
+re-processing.")
+    (license license:lppl)))
+
 (define-public texlive-latex-seminar
   (package
     (name "texlive-latex-seminar")
@@ -1652,6 +2084,283 @@ recent classes such as powerdot or beamer, both of which are tuned to
 21st-century presentation styles.")
     (license license:lppl1.2+)))
 
+(define-public texlive-latex-trimspaces
+  (package
+    (name "texlive-latex-trimspaces")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "trimspaces"))
+              (sha256
+               (base32
+                "0da00lb32am4g63mn96625wg48p3pj3spx79lajrk17d549apwqa"))))
+    (build-system texlive-build-system)
+    (arguments
+     '(#:tex-directory "latex/trimspaces"
+       #:tex-format "latex"
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'fix-bug
+           (lambda _
+             ;; The "ins" file refers to the wrong source file.
+             (substitute* "trimspaces.ins"
+               (("pstool.tex") "trimspaces.tex"))
+             #t)))))
+    (inputs
+     `(("texlive-latex-filecontents" ,texlive-latex-filecontents)))
+    (home-page "http://www.ctan.org/pkg/trimspaces")
+    (synopsis "Trim spaces around an argument or within a macro")
+    (description
+     "This very short package allows you to expandably remove spaces around a
+token list (commands are provided to remove spaces before, spaces after, or
+both); or to remove surrounding spaces within a macro definition, or to define
+space-stripped macros.")
+    (license license:lppl)))
+
+(define-public texlive-latex-capt-of
+  (package
+    (name "texlive-latex-capt-of")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/tex/latex/capt-of"))
+                    (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "1y2s50f6lz0jx2748lj3iy56hrpcczgnbzmvphxv7aqndyyamd4x"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((target (string-append (assoc-ref %outputs "out")
+                                      "/share/texmf-dist/tex/latex/capt-of")))
+           (mkdir-p target)
+           (copy-recursively (assoc-ref %build-inputs "source") target)
+           #t))))
+    (home-page "http://www.ctan.org/pkg/capt-of")
+    (synopsis "Captions on more than floats")
+    (description
+     "This package defines a command @code{\\captionof} for putting a caption
+to something that's not a float.")
+    (license license:lppl)))
+
+(define-public texlive-latex-etoolbox
+  (package
+    (name "texlive-latex-etoolbox")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/tex/latex/etoolbox"))
+                    (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "0016bscnpima9krrg2569mva78xzwnygzlvg87dznsm6gf8g589v"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((target (string-append (assoc-ref %outputs "out")
+                                      "/share/texmf-dist/tex/latex/etoolbox")))
+           (mkdir-p target)
+           (copy-recursively (assoc-ref %build-inputs "source") target)
+           #t))))
+    (home-page "http://www.ctan.org/pkg/etoolbox")
+    (synopsis "e-TeX tools for LaTeX")
+    (description
+     "This package is a toolbox of programming facilities geared primarily
+towards LaTeX class and package authors.  It provides LaTeX frontends to some
+of the new primitives provided by e-TeX as well as some generic tools which
+are not strictly related to e-TeX but match the profile of this package.  The
+package provides functions that seem to offer alternative ways of implementing
+some LaTeX kernel commands; nevertheless, the package will not modify any part
+of the LaTeX kernel.")
+    (license license:lppl1.3+)))
+
+(define-public texlive-latex-fncychap
+  (package
+    (name "texlive-latex-fncychap")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/tex/latex/fncychap"))
+                    (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "0fdk84dbicfjfprkz6vk15x36mvlhaw9isjmgkc56jp2khwjswwq"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((target (string-append (assoc-ref %outputs "out")
+                                      "/share/texmf-dist/tex/latex/fncychap")))
+           (mkdir-p target)
+           (copy-recursively (assoc-ref %build-inputs "source") target)
+           #t))))
+    (home-page "http://www.ctan.org/pkg/fncychap")
+    (synopsis "Seven predefined chapter heading styles")
+    (description
+     "This package provides seven predefined chapter heading styles.  Each
+style can be modified using a set of simple commands.  Optionally one can
+modify the formatting routines in order to create additional chapter
+headings.")
+    (license license:lppl1.3+)))
+
+(define-public texlive-latex-framed
+  (package
+    (name "texlive-latex-framed")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/tex/latex/framed"))
+                    (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "14a4ydqsvp3vcfavl21jrv0ybiqypaaqzg2q2cs3rzkandg7w98x"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((target (string-append (assoc-ref %outputs "out")
+                                      "/share/texmf-dist/tex/latex/framed")))
+           (mkdir-p target)
+           (copy-recursively (assoc-ref %build-inputs "source") target)
+           #t))))
+    (home-page "http://www.ctan.org/pkg/framed")
+    (synopsis "Framed or shaded regions that can break across pages")
+    (description
+     "The package creates three environments: @code{framed}, which puts an
+ordinary frame box around the region, @code{shaded}, which shades the region,
+and @code{leftbar}, which places a line at the left side.  The environments
+allow a break at their start (the @code{\\FrameCommand} enables creation of a
+title that is “attached” to the environment); breaks are also allowed in the
+course of the framed/shaded matter.  There is also a command
+@code{\\MakeFramed} to make your own framed-style environments.")
+    ;; The header states: "These macros may be freely transmitted, reproduced,
+    ;; or modified for any purpose provided that this notice is left intact."
+    (license (license:fsf-free "file://framed.sty"))))
+
+(define-public texlive-latex-g-brief
+  (package
+    (name "texlive-latex-g-brief")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "g-brief"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "0sikazkg0dpkcpzlbqw8qzxr81paf2f443vsrh14jnw7s4gswvc5"))))
+    (build-system texlive-build-system)
+    (arguments
+     '(#:tex-directory "latex/g-brief"
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'remove-generated-file
+           (lambda _
+             (delete-file "g-brief.drv")
+             #t)))))
+    (home-page "http://www.ctan.org/pkg/g-brief")
+    (synopsis "Letter document class")
+    (description
+     "This package is designed for formatting formless letters in German; it
+can also be used for English (by those who can read the documentation).  There
+are LaTeX 2.09 @code{documentstyle} and LaTeX 2e class files for both an
+\"old\" and a \"new\" version of g-brief.")
+    (license license:lppl)))
+
+(define-public texlive-latex-galois
+  (package
+    (name "texlive-latex-galois")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "galois"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "0d4l0msk8j5pi95xnmm9wygv1vbpkwkv5amx9l0km86cs79jpp1h"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "latex/galois"))
+    (home-page "http://www.ctan.org/pkg/galois")
+    (synopsis "Typeset Galois connections")
+    (description
+     "The package deals with connections in two-dimensional style, optionally
+in colour.")
+    (license license:lppl)))
+
+(define-public texlive-latex-gcite
+  (package
+    (name "texlive-latex-gcite")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "gcite"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "03g9by54yrypn599y98r1xh7qw0bbbmpzq0bfwpj6j5q5rkl1mfa"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "latex/gcite"))
+    (home-page "http://www.ctan.org/pkg/gcite")
+    (synopsis "Citations in a reader-friendly style")
+    (description
+     "The package allows citations in the German style, which is considered by
+many to be particularly reader-friendly.  The citation provides a small amount
+of bibliographic information in a footnote on the page where each citation is
+made.  It combines a desire to eliminate unnecessary page-turning with the
+look-up efficiency afforded by numeric citations.  The package makes use of
+BibLaTeX, and is considered experimental.")
+    (license license:lppl1.3+)))
+
+(define-public texlive-latex-geometry
+  (package
+    (name "texlive-latex-geometry")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "geometry"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "1r2kfcwclg33yk5z8mvlagwxj7nr1mc3w4bdpmhrwv6dn8mrbvw8"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "latex/geometry"))
+    (home-page "http://www.ctan.org/pkg/geometry")
+    (synopsis "Flexible and complete interface to document dimensions")
+    (description
+     "This package provides an easy and flexible user interface to customize
+page layout, implementing auto-centering and auto-balancing mechanisms so that
+the users have only to give the least description for the page layout.  The
+package knows about all the standard paper sizes, so that the user need not
+know what the nominal \"real\" dimensions of the paper are, just its standard
+name (such as a4, letter, etc.).  An important feature is the package's
+ability to communicate the paper size it's set up to the output.")
+    (license license:lppl)))
+
 (define-public texlive-latex-hyperref
   (package
     (name "texlive-latex-hyperref")
@@ -1692,6 +2401,72 @@ pdf and HTML backends.  The package is distributed with the @code{backref} and
 @code{nameref} packages, which make use of the facilities of @code{hyperref}.")
     (license license:lppl1.3+)))
 
+(define-public texlive-latex-mdwtools
+  (package
+    (name "texlive-latex-mdwtools")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "mdwtools"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "0caxs74hla28hc67csf5i5ahadx97w8vxh3mdmsprxbpd1mr7ssg"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "latex/mdwtools"))
+    (home-page "http://www.ctan.org/pkg/mdwtools")
+    (synopsis "Miscellaneous tools by Mark Wooding")
+    (description
+     "This collection of tools includes: @code{atsupport} for short commands
+starting with @code{@@}, macros to sanitize the OT1 encoding of the
+@code{cmtt} fonts; a @code{doafter} command; improved @code{footnote} support;
+@code{mathenv} for various alignment in maths; list handling; @code{mdwmath}
+which adds some minor changes to LaTeX maths; a rewrite of LaTeX's tabular and
+array environments; verbatim handling; and syntax diagrams.")
+    (license license:gpl3+)))
+
+(define-public texlive-latex-polyglossia
+  (package
+    (name "texlive-latex-polyglossia")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "polyglossia"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "09mvszd5qgqg4cfglpj5qxyzjz190ppb9p8gnsnjydwp1akvhayf"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "latex/polyglossia"))
+    (home-page "http://www.ctan.org/pkg/polyglossia")
+    (synopsis "Alternative to babel for XeLaTeX and LuaLaTeX")
+    (description
+     "This package provides a complete Babel replacement for users of LuaLaTeX
+and XeLaTeX; it relies on the @code{fontspec} package, version 2.0 at least.")
+    (license license:lppl1.3+)))
+
+(define-public texlive-latex-supertabular
+  (package
+    (name "texlive-latex-supertabular")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "supertabular"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "14b2bc7cqz4ckxxycim9sw6jkrr1pahivm1rdbpz5k6hl967w1s3"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "latex/supertabular"))
+    (home-page "http://www.ctan.org/pkg/supertabular")
+    (synopsis "Multi-page tables package")
+    (description
+     "This package was a predecessor of @code{longtable}; the newer
+package (designed on quite different principles) is easier to use and more
+flexible, in many cases, but supertabular retains its usefulness in a few
+situations where longtable has problems.")
+    (license license:lppl1.3+)))
+
 (define-public texlive-tex-texinfo
   (package
     (name "texlive-tex-texinfo")
@@ -1727,6 +2502,34 @@ other programs in the distribution offer online interactive use (with
 hypertext linkages in some cases).")
     (license license:gpl3+)))
 
+(define-public texlive-latex-upquote
+  (package
+    (name "texlive-latex-upquote")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "upquote"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "0d1050i973wnxigy0xpky5l7vn4ff7ldhkjpdqsw5s653gagwixp"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "latex/upquote"))
+    (home-page "http://www.ctan.org/pkg/upquote")
+    (synopsis "Show \"realistic\" quotes in verbatim")
+    (description
+     "Typewriter-style fonts are best for program listings, but Computer
+Modern Typewriter prints @code{`} and @code{'} as bent opening and closing
+single quotes.  Other fonts, and most programming languages, print @code{`} as
+a grave accent and @code{'} upright; @code{'} is used both to open and to
+close quoted strings.  The package switches the typewriter font to Computer
+Modern Typewriter in OT1 encoding, and modifies the behaviour of
+@code{verbatim}, @code{verbatim*}, @code{\\verb}, and @code{\\verb*} to print
+in the expected way.  It does this regardless of other fonts or encodings in
+use, so long as the package is loaded after the other fonts were.  The package
+does not affect @code{\\tt}, @code{\\texttt}, etc.")
+    (license license:lppl1.2+)))
+
 (define-public texlive-latex-anysize
   (package
     (name "texlive-latex-anysize")
@@ -1804,6 +2607,40 @@ package uses 'drivers' to place the bars; the available drivers can work with
 drivers, and VTeX and pdfTeX.")
     (license license:lppl)))
 
+(define-public texlive-latex-cmap
+  (package
+    (name "texlive-latex-cmap")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/tex/latex/cmap"))
+                    (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "1s1rv6zgw105w2j6ffhnk914qrix87y1ndzri1q72g2kbr91zlbg"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((target (string-append (assoc-ref %outputs "out")
+                                      "/share/texmf-dist/tex/latex/cmap")))
+           (mkdir-p target)
+           (copy-recursively (assoc-ref %build-inputs "source") target)
+           #t))))
+    (home-page "https://www.tug.org/svn/texlive/tags/texlive-2017.1/\
+Master/texmf-dist/tex/latex/cmap/")
+    (synopsis "CMap support for PDF files")
+    (description
+     "This package embeds CMap tables into PDF files to make search and
+copy-and-paste functions work properly.")
+    (license license:lppl)))
+
 (define-public texlive-latex-colortbl
   (package
     (name "texlive-latex-colortbl")
@@ -2232,6 +3069,42 @@ splines, and filled circles and ellipses.  The package uses @code{tpic}
 @code{\\special} commands.")
     (license license:public-domain)))
 
+(define-public texlive-latex-enumitem
+  (package
+    (name "texlive-latex-enumitem")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/tex/latex/enumitem"))
+                    (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "0q24b1bkdi9l6bw787bpggww83jh2vj8955aw2m5yccqbx4vgr5r"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((target (string-append (assoc-ref %outputs "out")
+                                      "/share/texmf-dist/tex/latex/enumitem")))
+           (mkdir-p target)
+           (copy-recursively (assoc-ref %build-inputs "source") target)
+           #t))))
+    (home-page "http://www.ctan.org/pkg/enumitem")
+    (synopsis "Customize basic list environments")
+    (description
+     "This package is intended to ease customizing the three basic list
+environments: @code{enumerate}, @code{itemize} and @code{description}.  It
+extends their syntax to allow an optional argument where a set of parameters
+in the form @code{key=value} are available, for example:
+@code{\\begin{itemize}[itemsep=1ex,leftmargin=1cm]}.")
+    (license license:lppl1.3+)))
+
 (define-public texlive-latex-multirow
   (package
     (name "texlive-latex-multirow")
@@ -2287,6 +3160,40 @@ the included graphic.  LaTeX commands can be placed on the graphic at defined
 positions; a grid for orientation is available.")
     (license license:lppl1.0+)))
 
+(define-public texlive-latex-parskip
+  (package
+    (name "texlive-latex-parskip")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/tex/latex/parskip"))
+                    (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "14r6h9hqb0qgccxj5l1208694fx8sb8avmgzps36lsbbpszl7i7m"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((target (string-append (assoc-ref %outputs "out")
+                                      "/share/texmf-dist/tex/latex/parskip")))
+           (mkdir-p target)
+           (copy-recursively (assoc-ref %build-inputs "source") target)
+           #t))))
+    (home-page "http://www.ctan.org/pkg/parskip")
+    (synopsis "Layout with zero \\parindent, non-zero \\parskip")
+    (description
+     "Simply changing @code{\\parskip} and @code{\\parindent} leaves a layout
+that is untidy; this package (though it is no substitute for a properly
+designed class) helps alleviate this untidiness.")
+    (license license:lppl)))
+
 (define-public texlive-latex-pdfpages
   (package
     (name "texlive-latex-pdfpages")
@@ -2368,6 +3275,197 @@ considered obsolete: it was superseded by @code{subfig}, but users may find
 the more recent @code{subcaption} package more satisfactory.")
     (license license:lppl)))
 
+(define-public texlive-latex-tabulary
+  (package
+    (name "texlive-latex-tabulary")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "tabulary"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "1adkdx2zkk42g82nqf57lv1nc1z7kwl13jmy8vpcsizsa0xdnx9n"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "latex/tabulary"))
+    (home-page "http://www.ctan.org/pkg/tabulary")
+    (synopsis "Tabular with variable width columns balanced")
+    (description
+     "The package defines a @code{tabular*}-like environment, @code{tabulary},
+taking a \"total width\" argument as well as the column specifications.  The
+environment uses column types @code{L}, @code{C}, @code{R} and @code{J} for
+variable width columns (@code{\\raggedright}, @code{\\centering},
+@code{\\raggedleft}, and normally justified).  In contrast to
+@code{tabularx}'s @code{X} columns, the width of each column is weighted
+according to the natural width of the widest cell in the column.")
+    (license license:lppl)))
+
+(define-public texlive-latex-threeparttable
+  (package
+    (name "texlive-latex-threeparttable")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/tex/latex/threeparttable"))
+                    (revision %texlive-revision)))
+              (sha256
+               (base32
+                "10vy9k150w2lviw8h22s2mcykff38xci653m5823s2vv44pwbmzq"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((target (string-append (assoc-ref %outputs "out")
+                                      "/share/texmf-dist/tex/latex/threeparttable")))
+           (mkdir-p target)
+           (copy-recursively (assoc-ref %build-inputs "source") target)
+           #t))))
+    (home-page "http://www.ctan.org/pkg/threeparttable")
+    (synopsis "Tables with captions and notes all the same width")
+    (description
+     "This package facilitates tables with titles (captions) and notes.  The
+title and notes are given a width equal to the body of the table (a
+@code{tabular} environment).  By itself, a @code{threeparttable} does not
+float, but you can put it in a @code{table} or a @code{table*} or some other
+environment.")
+    (license (license:fsf-free "file://threeparttable.sty"))))
+
+(define-public texlive-fonts-txfonts
+  (package
+    (name "texlive-fonts-txfonts")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/tex/latex/txfonts"))
+                    (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "0jl921qdphg8i7bkfprackn3xd4gmvxckc526nmzqsmahqkavgg2"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils)
+                  (ice-9 match))
+       #:builder
+       (begin
+         (use-modules (guix build utils)
+                      (ice-9 match))
+         (let ((root (string-append (assoc-ref %outputs "out")
+                                    "/share/texmf-dist/"))
+               (pkgs '(("source"        . "tex/latex/txfonts")
+                       ("txfonts-vf"    . "fonts/tfm/public/txfonts")
+                       ("txfonts-afm"   . "fonts/afm/public/txfonts")
+                       ("txfonts-tfm"   . "fonts/tfm/public/txfonts")
+                       ("txfonts-type1" . "fonts/type1/public/txfonts")
+                       ("txfonts-enc"   . "fonts/enc/dvips/txfonts")
+                       ("txfonts-map"   . "fonts/map/dvips/txfonts"))))
+           (for-each (match-lambda
+                       ((pkg . dir)
+                        (let ((target (string-append root dir)))
+                          (mkdir-p target)
+                          (copy-recursively (assoc-ref %build-inputs pkg)
+                                            target))))
+                     pkgs)
+           #t))))
+    (native-inputs
+     `(("txfonts-tfm"
+        ,(origin
+           (method svn-fetch)
+           (uri (svn-reference
+                 (url (string-append "svn://www.tug.org/texlive/tags/"
+                                     %texlive-tag "/Master/texmf-dist/"
+                                     "/fonts/tfm/public/txfonts"))
+                 (revision %texlive-revision)))
+           (file-name (string-append name "-tfm-" version "-checkout"))
+           (sha256
+            (base32
+             "12ffmbrp48ap35qa3b4mi6ckif9q2vf7972jxh5dc1yzykhla2xv"))))
+       ("txfonts-vf"
+        ,(origin
+           (method svn-fetch)
+           (uri (svn-reference
+                 (url (string-append "svn://www.tug.org/texlive/tags/"
+                                     %texlive-tag "/Master/texmf-dist/"
+                                     "/fonts/vf/public/txfonts"))
+                 (revision %texlive-revision)))
+           (file-name (string-append name "-vf-" version "-checkout"))
+           (sha256
+            (base32
+             "04acyfdwvxpfx4l2xh2bpzdmpvwdf2pzbs7a236b0xckz2jvc1ci"))))
+       ("txfonts-afm"
+        ,(origin
+           (method svn-fetch)
+           (uri (svn-reference
+                 (url (string-append "svn://www.tug.org/texlive/tags/"
+                                     %texlive-tag "/Master/texmf-dist/"
+                                     "/fonts/afm/public/txfonts"))
+                 (revision %texlive-revision)))
+           (file-name (string-append name "-afm-" version "-checkout"))
+           (sha256
+            (base32
+             "1705klz51pnqzcs89s3521b84b6c89wlczflsh0vci66nl155yis"))))
+       ("txfonts-type1"
+        ,(origin
+           (method svn-fetch)
+           (uri (svn-reference
+                 (url (string-append "svn://www.tug.org/texlive/tags/"
+                                     %texlive-tag "/Master/texmf-dist/"
+                                     "/fonts/type1/public/txfonts"))
+                 (revision %texlive-revision)))
+           (file-name (string-append name "-type1-" version "-checkout"))
+           (sha256
+            (base32
+             "0ajwr7zb6ch3gxd0g8p2i4llhy2wr9a9saz6jq6hm6fxf4pgl5h3"))))
+       ("txfonts-map"
+        ,(origin
+           (method svn-fetch)
+           (uri (svn-reference
+                 (url (string-append "svn://www.tug.org/texlive/tags/"
+                                     %texlive-tag "/Master/texmf-dist/"
+                                     "/fonts/map/dvips/txfonts"))
+                 (revision %texlive-revision)))
+           (file-name (string-append name "-map-" version "-checkout"))
+           (sha256
+            (base32
+             "0kamr8a9x24jakas3v09dgv7kkpybj3i7qv4vz1iyypqr6kk1raj"))))
+       ("txfonts-enc"
+        ,(origin
+           (method svn-fetch)
+           (uri (svn-reference
+                 (url (string-append "svn://www.tug.org/texlive/tags/"
+                                     %texlive-tag "/Master/texmf-dist/"
+                                     "/fonts/enc/dvips/txfonts"))
+                 (revision %texlive-revision)))
+           (file-name (string-append name "-enc-" version "-checkout"))
+           (sha256
+            (base32
+             "1bal5fhw0xlhl37ayv8vlnqnsn1y82kadzfjhbgr223blspp4zsj"))))))
+    (home-page "http://www.ctan.org/pkg/threeparttable")
+    (synopsis "Times-like fonts in support of mathematics")
+    (description
+     "Txfonts supplies virtual text roman fonts using Adobe Times (or URW
+NimbusRomNo9L) with some modified and additional text symbols in the OT1, T1,
+and TS1 encodings; maths alphabets using Times/URW Nimbus; maths fonts
+providing all the symbols of the Computer Modern and AMS fonts, including all
+the Greek capital letters from CMR; and additional maths fonts of various
+other symbols.
+
+The set is complemented by a sans-serif set of text fonts, based on
+Helvetica/NimbusSanL, and a monospace set.
+
+All the fonts are in Type 1 format (AFM and PFB files), and are supported by
+TeX metrics (VF and TFM files) and macros for use with LaTeX.")
+    ;; Any version of the GPL with font exception.
+    (license license:gpl3+)))
+
 (define-public texlive-latex-titlesec
   (package
     (name "texlive-latex-titlesec")
@@ -2403,6 +3501,35 @@ styles.  It also includes a package to change the page styles when there are
 floats in a page.  You may assign headers/footers to individual floats, too.")
     (license license:lppl)))
 
+(define-public texlive-latex-type1cm
+  (package
+    (name "texlive-latex-type1cm")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "type1cm"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "1lvxrqfwcwa4p31zyfm80gr05v8c28xybv5ri79zi2ngz6834z12"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "latex/type1cm"))
+    (home-page "http://www.ctan.org/pkg/type1cm")
+    (synopsis "Arbitrary size font selection in LaTeX")
+    (description
+     "LaTeX, by default, restricts the sizes at which you can use its default
+computer modern fonts, to a fixed set of discrete sizes (effectively, a set
+specified by Knuth).  The @code{type1cm} package removes this restriction;
+this is particularly useful when using scalable versions of the CM
+fonts (Bakoma, or the versions from BSR/Y&Y, or True Type versions from Kinch,
+PCTeX, etc.).  In fact, since modern distributions will automatically generate
+any bitmap font you might need, @code{type1cm} has wider application than just
+those using scaleable versions of the fonts.  Note that the LaTeX distribution
+now contains a package @code{fix-cm},f which performs the task of
+@code{type1cm}, as well as doing the same job for T1- and TS1-encoded
+@code{ec} fonts.")
+    (license license:lppl)))
+
 (define-public texlive-latex-lh
   (package
     (name "texlive-latex-lh")
@@ -2462,6 +3589,40 @@ technical illustrations.  Its output is scalable PostScript or SVG, rather
 than the bitmaps Metafont creates.")
     (license license:lppl)))
 
+(define-public texlive-latex-varwidth
+  (package
+    (name "texlive-latex-varwidth")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/tex/latex/varwidth"))
+                    (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "1bmz9ap0ffyg7qry2xi7lki06qx4809w028xvk88cl66h7p46g52"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((target (string-append (assoc-ref %outputs "out")
+                                      "/share/texmf-dist/tex/latex/varwidth")))
+           (mkdir-p target)
+           (copy-recursively (assoc-ref %build-inputs "source") target)
+           #t))))
+    (home-page "http://www.ctan.org/pkg/varwidth")
+    (synopsis "Variable-width minipage")
+    (description
+     "The @code{varwidth} environment is superficially similar to
+@code{minipage}, but the specified width is just a maximum value — the box may
+get a narrower “natural” width.")
+    (license license:lppl)))
+
 (define-public texlive-latex-wasysym
   (package
     (name "texlive-latex-wasysym")
@@ -2483,10 +3644,171 @@ lasy font set and other odds and ends.  The wasysym package implements an easy
 to use interface for these symbols.")
     (license license:lppl)))
 
+(define-public texlive-latex-wrapfig
+  (package
+    (name "texlive-latex-wrapfig")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/tex/latex/wrapfig"))
+                    (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "16xpyl0csmmwndz1xhzqfg9l0zcsnqxslsixsqkwd4zsvfj30sv4"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((target (string-append (assoc-ref %outputs "out")
+                                      "/share/texmf-dist/tex/latex/wrapfig")))
+           (mkdir-p target)
+           (copy-recursively (assoc-ref %build-inputs "source") target)
+           #t))))
+    (home-page "http://www.ctan.org/pkg/wrapfig")
+    (synopsis "Produces figures which text can flow around")
+    (description
+     "This package allows figures or tables to have text wrapped around them.
+It does not work in combination with list environments, but can be used in a
+@code{parbox} or @code{minipage}, and in two-column format.")
+    (license license:lppl)))
+
+(define-public texlive-latex-ucs
+  (package
+    (name "texlive-latex-ucs")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/tex/latex/ucs"))
+                    (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "0rrxwi60wmz5dfjifl4fwk66plf7wix85qnhfv4ylvmj6qi6hw37"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((target (string-append (assoc-ref %outputs "out")
+                                      "/share/texmf-dist/tex/latex/ucs")))
+           (mkdir-p target)
+           (copy-recursively (assoc-ref %build-inputs "source") target)
+           #t))))
+    (home-page "http://www.ctan.org/pkg/ucs")
+    (synopsis "Extended UTF-8 input encoding support for LaTeX")
+    (description
+     "The bundle provides the @code{ucs} package, and @code{utf8x.def},
+together with a large number of support files.  The @code{utf8x.def}
+definition file for use with @code{inputenc} covers a wider range of Unicode
+characters than does @code{utf8.def} in the LaTeX distribution.  The package
+provides facilities for efficient use of its large sets of Unicode characters.
+Glyph production may be controlled by various options, which permits use of
+non-ASCII characters when coding mathematical formulae.  Note that the bundle
+previously had an alias “unicode”; that alias has now been withdrawn, and no
+package of that name now exists.")
+    (license license:lppl1.3+)))
+
+(define-public texlive-latex-preview
+  (package
+    (name "texlive-latex-preview")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "preview"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "0j6fff6q0ca96nwfdgay2jm55792z4q9aa0rczmiw2qccyg5n2dv"))))
+    (build-system texlive-build-system)
+    (arguments
+     '(#:tex-directory "latex/preview"
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'remove-generated-file
+           (lambda _
+             (delete-file "preview.drv")
+             #t)))))
+    (home-page "http://www.ctan.org/pkg/preview")
+    (synopsis "Extract bits of a LaTeX source for output")
+    (description
+     "The main purpose of the preview package is the extraction of selected
+elements from a LaTeX source, like formulas or graphics, into separate
+pages of a DVI file.  A flexible and convenient interface allows it to
+specify what commands and constructs should be extracted.  This works
+with DVI files postprocessed by either Dvips and Ghostscript or
+dvipng, but it also works when you are using PDFTeX for generating PDF
+files.")
+    (license license:gpl3+)))
+
+(define-public texlive-latex-acronym
+  (package
+    (name "texlive-latex-acronym")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (texlive-ref "latex" "acronym"))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "0jmasg40bk53zdd2jc8nc18jvdai3p2wmamy7hwli8gls4nf25qp"))))
+    (build-system texlive-build-system)
+    (arguments '(#:tex-directory "latex/acronym"))
+    (home-page "http://www.ctan.org/pkg/acronym")
+    (synopsis "Expand acronyms at least once")
+    (description
+     "This package ensures that all acronyms used in the text are spelled out
+in full at least once.  It also provides an environment to build a list of
+acronyms used.  The package is compatible with PDF bookmarks.  The package
+requires the suffix package, which in turn requires that it runs under
+e-TeX.")
+    (license license:lppl1.3+)))
+
+(define-public texlive-generic-pdftex
+  (package
+    (name "texlive-generic-pdftex")
+    (version (number->string %texlive-revision))
+    (source (origin
+              (method svn-fetch)
+              (uri (svn-reference
+                    (url (string-append "svn://www.tug.org/texlive/tags/"
+                                        %texlive-tag "/Master/texmf-dist/"
+                                        "/tex/generic/pdftex"))
+                    (revision %texlive-revision)))
+              (sha256
+               (base32
+                "0k68zmqzs4qvrqxdwsrawbjb14hxqjfamq649azvai0jjxdpkljd"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((target (string-append (assoc-ref %outputs "out")
+                                      "/share/texmf-dist/tex/generic/pdftex")))
+           (mkdir-p target)
+           (copy-recursively (assoc-ref %build-inputs "source") target)
+           #t))))
+    (home-page "http://www.ctan.org/pkg/pdftex")
+    (synopsis "TeX extension for direct creation of PDF")
+    (description
+     "This package provides an extension of TeX which can be configured to
+directly generate PDF documents instead of DVI.")
+    (license license:gpl2+)))
+
 (define texlive-texmf
   (package
    (name "texlive-texmf")
-   (version "2016")
+   (version "2017")
    (source texlive-texmf-src)
    (build-system gnu-build-system)
    (inputs
@@ -2558,7 +3880,7 @@ This package contains the complete tree of texmf-dist data.")
 (define-public texlive
   (package
    (name "texlive")
-   (version "2016")
+   (version "2017")
    (source #f)
    (build-system trivial-build-system)
    (inputs `(("bash" ,bash) ; for wrap-program
@@ -2617,81 +3939,6 @@ This package contains the complete TeX Live distribution.")
    (license (license:fsf-free "https://www.tug.org/texlive/copying.html"))
    (home-page "https://www.tug.org/texlive/")))
 
-
-;; texlive-texmf-minimal is a pruned, small version of the texlive tree,
-;; in particular dropping documentation and fonts.  It weighs in at 470 MiB
-;; instead of 4 GiB.
-(define texlive-texmf-minimal
-  (package (inherit texlive-texmf)
-   (name "texlive-texmf-minimal")
-   (arguments
-    (substitute-keyword-arguments
-     (package-arguments texlive-texmf)
-     ((#:modules modules)
-      `((ice-9 ftw)
-        (srfi srfi-1)
-        ,@modules))
-     ((#:phases phases)
-      `(modify-phases ,phases
-         (add-after 'unpack 'prune
-           (lambda _
-             (define (delete subdir exclude)
-               "Delete all files and directories in SUBDIR except for those
-given in the list EXCLUDE."
-               (with-directory-excursion subdir
-                 (for-each delete-file-recursively
-                           (lset-difference equal?
-                                            (scandir ".")
-                                            (append '("." "..")
-                                                    exclude)))))
-             (with-directory-excursion "texmf-dist"
-               (for-each delete-file-recursively
-                         '("doc" "source" "tex4ht"))
-               ;; Delete all subdirectories of "fonts", except for "tfm" and
-               ;; any directories named "cm".
-               (delete "fonts" '("afm" "map" "pk" "source" "tfm" "type1"))
-               (delete "fonts/afm" '("public"))
-               (delete "fonts/afm/public" '("amsfonts"))
-               (delete "fonts/afm/public/amsfonts" '("cm"))
-               (delete "fonts/map" '("dvips"))
-               (delete "fonts/map/dvips" '("cm"))
-               (delete "fonts/source" '("public"))
-               (delete "fonts/source/public" '("cm"))
-               (delete "fonts/tfm" '("public"))
-               (delete "fonts/type1" '("public"))
-               (delete "fonts/type1/public" '("amsfonts"))
-               (delete "fonts/type1/public/amsfonts" '("cm")))
-             #t))))))
-   (description
-    "TeX Live provides a comprehensive TeX document production system.
-It includes all the major TeX-related programs, macro packages, and fonts
-that are free software, including support for many languages around the
-world.
-
-This package contains a small subset of the texmf-dist data.")))
-
-
-;; texlive-minimal is the same as texlive, but using texlive-texmf-minimal
-;; instead of the full texlive-texmf. It can be used, for instance, as a
-;; native input to packages that need texlive to build their documentation.
-(define-public texlive-minimal
-  (package (inherit texlive)
-   (name "texlive-minimal")
-   (inputs
-    `(("texlive-texmf" ,texlive-texmf-minimal)
-      ,@(alist-delete "texlive-texmf" (package-inputs texlive))))
-   (native-search-paths
-    (list (search-path-specification
-           (variable "TEXMFLOCAL")
-           (files '("share/texmf-local")))))
-   (description
-    "TeX Live provides a comprehensive TeX document production system.
-It includes all the major TeX-related programs, macro packages, and fonts
-that are free software, including support for many languages around the
-world.
-
-This package contains a small working part of the TeX Live distribution.")))
-
 (define-public perl-text-bibtex
   (package
     (name "perl-text-bibtex")
@@ -2736,8 +3983,8 @@ values (strings, macros, or numbers) pasted together.")
 
 (define-public biber
   (package
-    (name "biber-next")
-    (version "2.6")
+    (name "biber")
+    (version "2.7")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/plk/biber/archive/v"
@@ -2745,7 +3992,7 @@ values (strings, macros, or numbers) pasted together.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "158smzgjhjvyabdv97si5q88zjj5l8j1zbfnddvzy6fkpfhskgkp"))))
+                "17wd80jg98qyddhvz4cin8779ycvppaf2va77r1lyvymjz6w9bx0"))))
     (build-system perl-build-system)
     (arguments
      `(#:phases
@@ -2814,33 +4061,6 @@ values (strings, macros, or numbers) pasted together.")
 other things it comes with full Unicode support.")
     (license license:artistic2.0)))
 
-;; Our version of texlive comes with biblatex 3.4, which is only compatible
-;; with biber 2.5 according to the compatibility matrix in the biber
-;; documentation.
-(define-public biber-2.5
-  (package (inherit biber)
-    (name "biber")
-    (version "2.5")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "https://github.com/plk/biber/archive/v"
-                                  version ".tar.gz"))
-              (file-name (string-append name "-" version ".tar.gz"))
-              (sha256
-               (base32
-                "163sd343wkrzwnvj2003m2j0kz517jmjr4savw6f8bjxhj8fdrqv"))))
-    (arguments
-     (substitute-keyword-arguments (package-arguments biber)
-       ((#:phases phases)
-        `(modify-phases ,phases
-           (add-before 'check 'delete-failing-test
-             (lambda _
-               (delete-file "t/sort-order.t")
-               #t))))))
-    (inputs
-     `(("perl-date-simple" ,perl-date-simple)
-       ,@(package-inputs biber)))))
-
 (define-public rubber
   (package
     (name "rubber")
diff --git a/gnu/packages/text-editors.scm b/gnu/packages/text-editors.scm
index 98df48119a..7843c120aa 100644
--- a/gnu/packages/text-editors.scm
+++ b/gnu/packages/text-editors.scm
@@ -3,7 +3,8 @@
 ;;; Copyright © 2016 Carlo Zancanaro <carlo@zancanaro.id.au>
 ;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2017 Feng Shu <tumashu@163.com>
-;;; Copyright © 2017 ng0 <ng0@no-reply.pragmatique.xyz>
+;;; Copyright © 2017 ng0 <ng0@infotropique.org>
+;;; Copyright © 2014 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -26,6 +27,7 @@
   #:use-module (guix git-download)
   #:use-module (guix utils)
   #:use-module (guix build-system gnu)
+  #:use-module (guix build-system glib-or-gtk)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (gnu packages)
   #:use-module (gnu packages assembly)
@@ -34,6 +36,7 @@
   #:use-module (gnu packages gcc)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gtk)
+  #:use-module (gnu packages libbsd)
   #:use-module (gnu packages lua)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages pkg-config)
@@ -178,7 +181,7 @@ bindings and many of the powerful features of GNU Emacs.")
               (sha256
                (base32
                 "0b0az2wvqgvam7w0ns1j8xp2llslm1rx6h7zcsy06a7j0yp257cm"))))
-    (build-system gnu-build-system)
+    (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("intltool" ,intltool)
        ("pkg-config" ,pkg-config)))
@@ -227,3 +230,58 @@ Wordstar-, EMACS-, Pico, Nedit or vi-like key bindings.  e3 can be used on
 16, 32, and 64-bit CPUs.")
     (supported-systems '("x86_64-linux" "i686-linux"))
     (license license:gpl2+)))
+
+(define-public mg
+  (package
+    (name "mg")
+    (version "20170401")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://homepage.boetes.org/software/mg/mg-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "1arasswgdadbb265rahq3867r9s54jva6k4m3p5n0f8mgjqhhdha"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  (substitute* "GNUmakefile"
+                    (("/usr/bin/") ""))))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("libbsd" ,libbsd)
+       ("ncurses" ,ncurses)))
+    (arguments
+     ;; No test suite available.
+     '(#:tests? #f
+       #:make-flags (list (string-append "prefix=" %output)
+                          "CURSES_LIBS=-lncurses"
+                          "CC=gcc")
+       #:phases (modify-phases %standard-phases
+                  (delete 'configure)
+                  (add-before 'build 'correct-location-of-difftool
+                    (lambda _
+                      (substitute* "buffer.c"
+                        (("/usr/bin/diff")
+                         (which "diff")))
+                      #t))
+                  (add-before 'install 'patch-tutorial-location
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      (substitute* "mg.1"
+                        (("/usr") (assoc-ref outputs "out")))
+                      #t))
+                  (add-after 'install 'install-tutorial
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      (let* ((out (assoc-ref outputs "out"))
+                             (doc (string-append out "/share/doc/mg")))
+                        (install-file "tutorial" doc)
+                        #t))))))
+    (home-page "http://homepage.boetes.org/software/mg/")
+    (synopsis "Microscopic GNU Emacs clone")
+    (description
+     "Mg (mg) is a GNU Emacs style editor, with which it is \"broadly\"
+compatible.  This is a portable version of the mg maintained by the OpenBSD
+team.")
+    (license license:public-domain)))
diff --git a/gnu/packages/textutils.scm b/gnu/packages/textutils.scm
index e8ae30cd6d..537d013345 100644
--- a/gnu/packages/textutils.scm
+++ b/gnu/packages/textutils.scm
@@ -12,6 +12,7 @@
 ;;; Copyright © 2017 Rene Saavedra <rennes@openmailbox.org>
 ;;; Copyright © 2017 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -409,6 +410,7 @@ runs Word\".")
               (method url-fetch)
               (uri (string-append "http://ftp.wagner.pp.ru/pub/catdoc/"
                                   "catdoc-" version ".tar.gz"))
+              (patches (search-patches "catdoc-CVE-2017-11110.patch"))
               (sha256
                (base32
                 "15h7v3bmwfk4z8r78xs5ih6vd0pskn0rj90xghvbzdjj0cc88jji"))))
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 00e99439b0..111a1c3734 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
@@ -8,6 +8,7 @@
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -53,8 +54,8 @@
 (define-public libtasn1
   (package
     (name "libtasn1")
+    (version "4.12")
     (replacement libtasn1/fixed)
-    (version "4.10")
     (source
      (origin
       (method url-fetch)
@@ -62,7 +63,7 @@
                           version ".tar.gz"))
       (sha256
        (base32
-        "00jsix5hny0g768zv4hk78dib7w0qmk5fbizf4jj37r51nd4s6k8"))))
+        "0ls7jdq3y5fnrwg0pzhq11m21r8pshac2705bczz6mqjc8pdllv7"))))
     (build-system gnu-build-system)
     (native-inputs `(("perl" ,perl)))
     (home-page "https://www.gnu.org/software/libtasn1/")
@@ -77,11 +78,9 @@ specifications.")
 (define libtasn1/fixed
   (package
     (inherit libtasn1)
-    (source
-      (origin
-        (inherit (package-source libtasn1))
-        (patches
-          (search-patches "libtasn1-CVE-2017-6891.patch"))))))
+    (source (origin
+              (inherit (package-source libtasn1))
+              (patches (search-patches "libtasn1-CVE-2017-10790.patch"))))))
 
 (define-public asn1c
   (package
@@ -113,7 +112,7 @@ in intelligent transportation networks.")
 (define-public p11-kit
   (package
     (name "p11-kit")
-    (version "0.23.7")
+    (version "0.23.8")
     (source
      (origin
       (method url-fetch)
@@ -121,7 +120,7 @@ in intelligent transportation networks.")
                           "download/" version "/p11-kit-" version ".tar.gz"))
       (sha256
        (base32
-        "0hdy4h8byvcvd4av504xqfqyd1h6xy914j034mq3c6v4ya37r3lq"))))
+        "0gqk1d09yyin75lvlywpbf3kxlnrcwbq8ridgapvqqjbzvjk98ab"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -140,11 +139,13 @@ coordinating the use of PKCS#11 by different components or libraries
 living in the same process.")
     (license license:bsd-3)))
 
+
+;; TODO Add net-tools-for-tests to #:disallowed-references when we can afford
+;; rebuild GnuTLS (i.e. core-updates).
 (define-public gnutls
   (package
     (name "gnutls")
-    (replacement gnutls-3.5.13)
-    (version "3.5.9")
+    (version "3.5.13")
     (source (origin
              (method url-fetch)
              (uri
@@ -153,15 +154,16 @@ living in the same process.")
               (string-append "mirror://gnupg/gnutls/v"
                              (version-major+minor version)
                              "/gnutls-" version ".tar.xz"))
+             (patches
+              (search-patches "gnutls-skip-trust-store-test.patch"
+                              "gnutls-skip-pkgconfig-test.patch"))
              (sha256
               (base32
-               "0l9971841jsfdcvcyhas17sk5rsby6x5vvwcmmj4x3zi9q60zcc2"))))
+               "15ihq6p0hnnhs8cnjrkj40dmlcaa1jjg8xg0g2ydbnlqs454ixbr"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags
-       (list (string-append "--with-guile-site-dir="
-                            (assoc-ref %outputs "out")
-                            "/share/guile/site/2.0")
+       (list
              ;; GnuTLS doesn't consult any environment variables to specify
              ;; the location of the system-wide trust store.  Instead it has a
              ;; configure-time option.  Unless specified, its configure script
@@ -194,11 +196,11 @@ living in the same process.")
                "debug"
                "doc"))                            ;4.1 MiB of man pages
     (native-inputs
-     `(("net-tools" ,net-tools)
+     `(("net-tools" ,net-tools-for-tests)
        ("pkg-config" ,pkg-config)
        ("which" ,which)))
     (inputs
-     `(("guile" ,guile-2.0)))
+     `(("guile" ,guile-2.2)))
     (propagated-inputs
      ;; These are all in the 'Requires.private' field of gnutls.pc.
      `(("libtasn1" ,libtasn1)
@@ -216,43 +218,21 @@ required structures.")
     (properties '((ftp-server . "ftp.gnutls.org")
                   (ftp-directory . "/gcrypt/gnutls")))))
 
-(define gnutls-3.5.13               ;GNUTLS-SA-2017-{3,4}
-  (package
-    (inherit gnutls)
-    ;; We use 'D' instead of '13' here to keep the store file name at
-    ;; the same length. See <https://bugs.gnu.org/27308>.
-    (version "3.5.D")
-    (source (origin
-              (method url-fetch)
-              (uri
-               (string-append "mirror://gnupg/gnutls/v"
-                              (version-major+minor version)
-                              "/gnutls-3.5.13.tar.xz"))
-              (patches
-               (search-patches "gnutls-skip-trust-store-test.patch"
-                               "gnutls-skip-pkgconfig-test.patch"))
-              (sha256
-               (base32
-                "15ihq6p0hnnhs8cnjrkj40dmlcaa1jjg8xg0g2ydbnlqs454ixbr"))))))
-
 (define-public gnutls/guile-2.2
-  ;; GnuTLS for Guile 2.2.  This is supported by GnuTLS >= 3.5.5.
+  (deprecated-package "guile2.2-gnutls" gnutls))
+
+(define-public gnutls/guile-2.0
+  ;; GnuTLS for Guile 2.0.
   (package
     (inherit gnutls)
-    (source (package-source gnutls-3.5.13))
-    (name "guile2.2-gnutls")
-    (arguments
-     ;; Remove '--with-guile-site-dir=…/2.0'.
-     (substitute-keyword-arguments (package-arguments gnutls)
-       ((#:configure-flags flags)
-        `(cdr ,flags))))
-    (inputs `(("guile" ,guile-2.2)
+    (name "guile2.0-gnutls")
+    (inputs `(("guile" ,guile-2.0)
               ,@(alist-delete "guile" (package-inputs gnutls))))))
 
 (define-public openssl
   (package
    (name "openssl")
-   (version "1.0.2k")
+   (version "1.0.2l")
    (source (origin
              (method url-fetch)
              (uri (list (string-append "ftp://ftp.openssl.org/source/"
@@ -262,7 +242,14 @@ required structures.")
                                        "/" name "-" version ".tar.gz")))
              (sha256
               (base32
-               "1h6qi35w6hv6rd73p4cdgdzg732pdrfgpp37cgwz1v9a3z37ffbb"))
+               "037kvpisc6qh5dkppcwbm5bg2q800xh2hma3vghz8xcycmdij1yf"))
+             (snippet
+              '(begin
+                 ;; Remove ELF files.  'substitute*' can't read them.
+                 (delete-file "test/ssltest_old")
+                 (delete-file "test/v3ext")
+                 (delete-file "test/x509aux")
+                 #t))
              (patches (search-patches "openssl-runpath.patch"
                                       "openssl-c-rehash-in.patch"))))
    (build-system gnu-build-system)
@@ -456,15 +443,13 @@ required structures.")
   (package
     (name "libressl")
     (version "2.5.5")
-    (source
-     (origin
-      (method url-fetch)
-      (uri (string-append
-             "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-"
-             version ".tar.gz"))
-      (sha256
-       (base32
-        "1i77viqy1afvbr392npk9v54k9zhr9zq2vhv6pliza22b0ymwzz5"))))
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://openbsd/LibreSSL/"
+                                  name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1i77viqy1afvbr392npk9v54k9zhr9zq2vhv6pliza22b0ymwzz5"))))
     (build-system gnu-build-system)
     (arguments
      ;; Do as if 'getentropy' was missing since older Linux kernels lack it
@@ -501,13 +486,13 @@ netcat implementation that supports TLS.")
   (package
     (name "python-acme")
     ;; Remember to update the hash of certbot when updating python-acme.
-    (version "0.15.0")
+    (version "0.17.0")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "acme" version))
       (sha256
        (base32
-        "11zwgj663vr575pbqw74ia10wxaw16i8rnkcivsrbsx148rxdbcz"))))
+        "0vmnv7qhdhl9qhq03v6zrcj1lsmpmpjb94s0xsc7piwqxfmf9jrw"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -558,7 +543,7 @@ netcat implementation that supports TLS.")
               (uri (pypi-uri name version))
               (sha256
                (base32
-                "1srvmjxz75dbafx7xfg1w3n9h3srr9p2ljnfsih9dwwd5cxh9i5q"))))
+                "173619jkq4bg88f6i837z3pcjkrfabrvv8vrpyx18k9i7xnb5xa3"))))
     (build-system python-build-system)
     (arguments
      `(,@(substitute-keyword-arguments (package-arguments python-acme)
@@ -613,32 +598,19 @@ certificates for free.")
 (define-public perl-net-ssleay
   (package
     (name "perl-net-ssleay")
-    (version "1.68")
+    (version "1.81")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
                                   "Net-SSLeay-" version ".tar.gz"))
               (sha256
                (base32
-                "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p"))))
+                "0z8vya34g88bc41kx955sv7y4niwbbywji8liqbl52v29qbvdjq0"))))
     (build-system perl-build-system)
-    (native-inputs
-     `(("patch" ,patch)
-       ("patch/disable-ede-test"
-        ,(search-patch "perl-net-ssleay-disable-ede-test.patch"))))
     (inputs `(("openssl" ,openssl)))
     (arguments
      `(#:phases
        (modify-phases %standard-phases
-         (add-after
-          'unpack 'apply-patch
-          (lambda* (#:key inputs #:allow-other-keys)
-            ;; XXX We apply this patch here instead of in the 'origin' because
-            ;; this package's build system fails badly when the source file
-            ;; times are zeroed.
-            ;; XXX Try removing this patch for perl-net-ssleay > 1.68
-            (zero? (system* "patch" "--force" "-p1" "-i"
-                            (assoc-ref inputs "patch/disable-ede-test")))))
          (add-before
           'configure 'set-ssl-prefix
           (lambda* (#:key inputs #:allow-other-keys)
@@ -695,7 +667,7 @@ OpenSSL libraries).")
 (define-public perl-crypt-openssl-bignum
  (package
   (name "perl-crypt-openssl-bignum")
-  (version "0.06")
+  (version "0.08")
   (source
     (origin
       (method url-fetch)
@@ -705,7 +677,7 @@ OpenSSL libraries).")
              ".tar.gz"))
       (sha256
         (base32
-          "05yzrdglrrzp191krf77zrwfkmzrfwrsrx1vyskbj94522lszk67"))))
+          "0gamn4dff1bz77nswacy1dlpn9fkwahzw7yvvik4nbwwy2s63hc8"))))
   (build-system perl-build-system)
   (inputs `(("openssl" ,openssl)))
   (arguments perl-crypt-arguments)
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index 314901fa4e..64acb44490 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
+;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
@@ -44,18 +44,17 @@
 (define-public tor
   (package
     (name "tor")
-    (version "0.3.0.9")
+    (version "0.3.0.10")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://dist.torproject.org/tor-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "0hhyb1wil8japynqnm07r1f67w3wdnafdg9amzlrrcfcyq5qim28"))))
+               "1cas30wk4bhcivi6l9dj7wwlz6pc2jj883x1vijax3b8l54nx3ls"))))
     (build-system gnu-build-system)
     (arguments
-     `(#:configure-flags (list "--enable-expensive-hardening"
-                               "--enable-gcc-hardening"
+     `(#:configure-flags (list "--enable-gcc-hardening"
                                "--enable-linker-hardening")))
     (native-inputs
      `(("python" ,python-2)))  ; for tests
diff --git a/gnu/packages/valgrind.scm b/gnu/packages/valgrind.scm
index 5f2bef16df..611a9a0558 100644
--- a/gnu/packages/valgrind.scm
+++ b/gnu/packages/valgrind.scm
@@ -41,6 +41,8 @@
                "18bnrw9b1d55wi1wnl68n25achsp9w48n51n1xw4fwjjnaal7jk7"))
              (patches (search-patches "valgrind-enable-arm.patch"))))
     (build-system gnu-build-system)
+    (outputs '("doc"                              ;16 MB
+               "out"))
     (arguments
      '(#:phases
        (modify-phases %standard-phases
@@ -53,6 +55,13 @@
                  (("obj:/lib") "obj:*/lib")
                  (("obj:/usr/X11R6/lib") "obj:*/lib")
                  (("obj:/usr/lib") "obj:*/lib"))
+               #t)))
+         (add-after 'install 'install-doc
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((orig (format #f "~a/share/doc" (assoc-ref outputs "out")))
+                   (dest (format #f "~a/share" (assoc-ref outputs "doc"))))
+               (mkdir-p dest)
+               (rename-file orig dest)
                #t))))))
     (inputs `(;; GDB is needed to provide a sane default for `--db-command'.
               ("gdb" ,gdb)))
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 0d10af020c..36a6b7cd18 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -9,12 +9,13 @@
 ;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2015 Kyle Meyer <kyle@kyleam.com>
 ;;; Copyright © 2015, 2017 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Vasile Dumitrascu <va511e@yahoo.com>
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2017 André <eu@euandre.org>
+;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -120,14 +121,16 @@ as well as the classic centralized workflow.")
 (define-public git
   (package
    (name "git")
-   (version "2.13.3")
+   ;; XXX When updating Git, check if the special 'git:src' input to cgit needs
+   ;; to be updated as well.
+   (version "2.14.1")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://kernel.org/software/scm/git/git-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "0qiy696pwqhbxcrvm3zhyjnfjrym541glhvgc4cynrwg8az27ali"))))
+              "1iic3wiihxp3l3k6d4z886v3869c3dzgddjxnd5124wy1rnlqwkg"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("native-perl" ,perl)
@@ -139,8 +142,9 @@ as well as the classic centralized workflow.")
                 "mirror://kernel.org/software/scm/git/git-manpages-"
                 version ".tar.xz"))
           (sha256
+
            (base32
-            "1hl1fhbr3jn4y9pkj26kk9frj6wjlxiphl7x5c9ma6x4081xna0i"))))))
+            "1whlsiicayalym4hkf01zdiqpw37gdf7c52gw9ki7bv2x3hf3g3y"))))))
    (inputs
     `(("curl" ,curl)
       ("expat" ,expat)
@@ -176,7 +180,6 @@ as well as the classic centralized workflow.")
                      ;; nars; see <https://bugs.gnu.org/21949>.
                      "NO_INSTALL_HARDLINKS=indeed")
       #:test-target "test"
-      #:tests? #f ; FIXME: Many tests are failing
 
       ;; The explicit --with-tcltk forces the build system to hardcode the
       ;; absolute file name to 'wish'.
@@ -203,6 +206,37 @@ as well as the classic centralized workflow.")
             ;; Add the "PM.stamp" to avoid "no rule to make target".
             (call-with-output-file "perl/PM.stamp" (const #t))
             #t))
+        (add-before 'check 'patch-tests
+          (lambda _
+            ;; These files contain some funny bytes that Guile is unable
+            ;; to decode for shebang patching. Just delete them.
+            (for-each delete-file '("t/t4201-shortlog.sh"
+                                    "t/t7813-grep-icase-iso.sh"))
+            ;; Many tests contain inline shell scripts (hooks etc).
+            (substitute* (find-files "t" "\\.sh$")
+              (("#!/bin/sh") (string-append "#!" (which "sh"))))
+            ;; Un-do shebang patching here to prevent checksum mismatch.
+            (substitute* '("t/t4034/perl/pre" "t/t4034/perl/post")
+              (("^#!.*/bin/perl") "#!/usr/bin/perl"))
+            (substitute* "t/t5003-archive-zip.sh"
+              (("cp /bin/sh") (string-append "cp " (which "sh"))))
+            (substitute* "t/t6030-bisect-porcelain.sh"
+              (("\"/bin/sh\"") (string-append "\"" (which "sh") "\"")))
+            ;; FIXME: This test runs `git commit` with a bogus EDITOR
+            ;; and empty commit message, but does not fail the way it's
+            ;; expected to. The test passes when invoked interactively.
+            (substitute* "t/t7508-status.sh"
+              (("\tcommit_template_commented") "\ttrue"))
+            ;; More checksum mismatches due to odd shebangs.
+            (substitute* "t/t9100-git-svn-basic.sh"
+              (("\"#!/gnu.*/bin/sh") "\"#!/bin/sh"))
+            (substitute* "t/t9300-fast-import.sh"
+              (("\t#!/gnu.*/bin/sh") "\t#!/bin/sh")
+              (("'#!/gnu.*/bin/sh") "'#!/bin/sh"))
+            ;; FIXME: Some hooks fail with "basename: command not found".
+            ;; See 't/trash directory.t9164.../svn-hook.log'.
+            (delete-file "t/t9164-git-svn-dcommit-concurrent.sh")
+            #t))
         (add-after 'install 'install-shell-completion
           (lambda* (#:key outputs #:allow-other-keys)
             (let* ((out         (assoc-ref outputs "out"))
@@ -317,24 +351,10 @@ everything from small to very large projects with speed and efficiency.")
    (license license:gpl2)
    (home-page "https://git-scm.com/")))
 
-;; Some dependent packages directly access internal interfaces which
-;; have changed in 2.12
-(define-public git@2.10
-  (package
-    (inherit git)
-    (version "2.10.3")
-   (source (origin
-            (method url-fetch)
-            (uri (string-append "mirror://kernel.org/software/scm/git/git-"
-                                version ".tar.xz"))
-            (sha256
-             (base32
-              "02mb7yi49algsya3hnkcxdslwb6p1bi7c732z1g8kzq4hs838m7z"))))))
-
 (define-public libgit2
   (package
     (name "libgit2")
-    (version "0.25.1")
+    (version "0.26.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/libgit2/libgit2/"
@@ -342,12 +362,13 @@ everything from small to very large projects with speed and efficiency.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1cdwcw38frc1wf28x5ppddazv9hywc718j92f3xa3ybzzycyds3s"))
-              (patches (search-patches "libgit2-use-after-free.patch"
-                                       "libgit2-0.25.1-mtime-0.patch"))))
+                "1fdk9yhwvl1w1z71ykzcvgh4nsf8scxcbclz5anh98zpplmhmisa"))
+              (patches (search-patches "libgit2-0.25.1-mtime-0.patch"))))
     (build-system cmake-build-system)
+    (outputs '("out" "debug"))
     (arguments
-     `(#:phases
+     `(#:configure-flags '("-DUSE_SHA1DC=ON") ; SHA-1 collision detection
+       #:phases
        (modify-phases %standard-phases
          (add-after 'unpack 'fix-hardcoded-paths
            (lambda _
@@ -466,6 +487,8 @@ collaboration using typical untrusted file hosts or services.")
 (define-public cgit
   (package
     (name "cgit")
+    ;; XXX When updating cgit, try removing the special 'git:src' input and
+    ;; using the source of the git package.
     (version "1.1")
     (source (origin
               (method url-fetch)
@@ -510,7 +533,16 @@ collaboration using typical untrusted file hosts or services.")
      ;; For building manpage.
      `(("asciidoc" ,asciidoc)))
     (inputs
-     `(("git:src" ,(package-source git@2.10))
+     `(;; Cgit directly accesses some internal Git interfaces that changed in
+       ;; Git 2.12.  Try removing this special input and using the source of the
+       ;; Git package for cgit > 1.1.
+       ("git:src"
+        ,(origin
+           (method url-fetch)
+           (uri "mirror://kernel.org/software/scm/git/git-2.10.4.tar.xz")
+           (sha256
+            (base32
+             "1pni4mgih5w42813dxljl61s7xmcpdnar34d9m4548hzpljjyd4l"))))
        ("openssl" ,openssl)
        ("zlib" ,zlib)))
     (home-page "https://git.zx2c4.com/cgit/")
@@ -707,14 +739,14 @@ control to Git repositories.")
 (define-public mercurial
   (package
     (name "mercurial")
-    (version "4.2.1")
+    (version "4.2.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://www.mercurial-scm.org/"
                                  "release/mercurial-" version ".tar.gz"))
              (sha256
               (base32
-               "182qh6d0srps2n5sydzy8n3gi78la6m0wi3846zpyyd0b8pmgmfp"))))
+               "1b7p3z8lin6hyyzkskskp065qnyfxid2yxnjygni0n4yv33qz404"))))
     (build-system python-build-system)
     (arguments
      `(;; Restrict to Python 2, as Python 3 would require
@@ -785,14 +817,18 @@ following features:
 (define-public subversion
   (package
     (name "subversion")
-    (version "1.8.17")
+    (version "1.8.19")
     (source (origin
              (method url-fetch)
-             (uri (string-append "https://archive.apache.org/dist/subversion/"
-                                 "subversion-" version ".tar.bz2"))
+             (uri
+               (list
+                 (string-append "https://archive.apache.org/dist/subversion/"
+                                "subversion-" version ".tar.bz2")
+                 (string-append "https://www-eu.apache.org/dist/subversion/"
+                                "subversion-" version ".tar.bz2")))
              (sha256
               (base32
-               "1450fkj1jmxyphqn6cd95z1ykwsabajm9jw4i412qpwss8w9a4fy"))))
+               "1gp6426gkdza6ni2whgifjcmjb4nq34ljy07yxkrhlarvfq6ks2n"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -884,6 +920,7 @@ machine.")
              (uri (string-append
                    "https://ftp.gnu.org/non-gnu/cvs/source/feature/"
                    version "/cvs-" version ".tar.bz2"))
+             (patches (search-patches "cvs-2017-12836.patch"))
              (sha256
               (base32
                "0pjir8cwn0087mxszzbsi1gyfc6373vif96cw4q3m1x6p49kd1bq"))))
@@ -1300,16 +1337,21 @@ repository\" with git-annex.")
 (define-public fossil
   (package
     (name "fossil")
-    (version "1.35")
+    (version "2.2")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append
-             "https://www.fossil-scm.org/index.html/uv/download/"
-             "fossil-src-" version ".tar.gz"))
+       ;; Older downloads are moved to another URL.
+       (uri (list
+             (string-append
+              "https://www.fossil-scm.org/index.html/uv/download/"
+              "fossil-src-" version ".tar.gz")
+             (string-append
+              "https://www.fossil-scm.org/index.html/uv/"
+              "fossil-src-" version ".tar.gz")))
        (sha256
         (base32
-         "07ds6rhq69bhydpm9a01mgdhxf88p9b6y5hdnhn8gjc7ba92zyf1"))))
+         "0wfgacfg29dkl0c3l1rp5ji0kraa64gcbg5lh8p4m7mqdqcq53wv"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("tcl" ,tcl)                     ;for configuration only
@@ -1338,9 +1380,6 @@ repository\" with git-annex.")
                     (lambda _
                       (setenv "USER" "guix")
                       (setenv "TZ" "UTC")
-                      ;; Fixing the th1 test would require many backports, so
-                      ;; just disable for now.
-                      (delete-file "test/th1.test")
                       #t)))))
     (home-page "https://fossil-scm.org")
     (synopsis "Software configuration management system")
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 7056a8d19c..4ce2a8f401 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -580,14 +580,14 @@ standards (MPEG-2, MPEG-4 ASP/H.263, MPEG-4 AVC/H.264, and VC-1/VMW3).")
 (define-public ffmpeg
   (package
     (name "ffmpeg")
-    (version "3.3.2")
+    (version "3.3.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://ffmpeg.org/releases/ffmpeg-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "11974vcfsy8w0i6f4lfwqmg80xkfybqw7vw6zzrcn5i6ncddx60r"))))
+               "07is8msrhxr1dk6vgwa192k2pl2a0in1h9w8f9cknlvbvhn01afj"))))
     (build-system gnu-build-system)
     (inputs
      `(("fontconfig" ,fontconfig)
@@ -980,7 +980,7 @@ SVCD, DVD, 3ivx, DivX 3/4/5, WMV and H.264 movies.")
 (define-public mpv
   (package
     (name "mpv")
-    (version "0.25.0")
+    (version "0.26.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -988,7 +988,7 @@ SVCD, DVD, 3ivx, DivX 3/4/5, WMV and H.264 movies.")
                     ".tar.gz"))
               (sha256
                (base32
-                "1khb7c4fdj1aak46lwyb3lq14w5jpxzws0zp6bdc87ljsvx3yhh7"))
+                "0ihvnwrp24jjf43k1hvy8n8w4ipl4z7apjppd4i0y9jzilsyzwys"))
               (file-name (string-append name "-" version ".tar.gz"))))
     (build-system waf-build-system)
     (native-inputs
@@ -1055,7 +1055,7 @@ projects while introducing many more.")
 (define-public gnome-mpv
   (package
     (name "gnome-mpv")
-    (version "0.11")
+    (version "0.12")
     (source
      (origin
        (method url-fetch)
@@ -1064,7 +1064,7 @@ projects while introducing many more.")
                            ".tar.xz"))
        (sha256
         (base32
-         "1hn3mpsxbrwf2m0nz4vzji4i6i896y8kqjb9kijqpk04cnrs3fgz"))))
+         "0dcnz9vlf791v8d15j7hpymv87h6nb15alww6xjq0zpal5hi44kc"))))
     (native-inputs
      `(("intltool" ,intltool)
        ("pkg-config" ,pkg-config)))
@@ -1121,7 +1121,7 @@ access to mpv's powerful playback capabilities.")
 (define-public youtube-dl
   (package
     (name "youtube-dl")
-    (version "2017.07.09")
+    (version "2017.08.23")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://yt-dl.org/downloads/"
@@ -1129,7 +1129,7 @@ access to mpv's powerful playback capabilities.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0phrfby2nk5y5x5173bbg3jcr2ajk849al3zji5y39z39dj36ba2"))))
+                "1vq0r37ynnj2hx0ssh3hycg4wzhwch5pphq76swfz76r1klnrich"))))
     (build-system python-build-system)
     (arguments
      ;; The problem here is that the directory for the man page and completion
@@ -1238,7 +1238,7 @@ other site that youtube-dl supports.")
 (define-public you-get
   (package
     (name "you-get")
-    (version "0.4.775")
+    (version "0.4.803")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1247,7 +1247,7 @@ other site that youtube-dl supports.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1pjjv42c9bysnj8s3c6v0g6b00lr7b21y8ypibnzd6z0jxlsq7sz"))))
+                "1rjy809x67dadzvj3midkhcda2kp6rqmbj6rbhjd5f16rvqgn7jp"))))
     (build-system python-build-system)
     (arguments
      ;; no tests
@@ -1615,7 +1615,8 @@ manipulation.  It aims to be a modern rewrite of Avisynth, supporting
 multithreading, generalized colorspaces, per frame properties, and videos with
 format changes.")
     ;; src/core/cpufeatures only allows x86, ARM or PPC
-    (supported-systems (delete "mips64el-linux" %supported-systems))
+    (supported-systems (fold delete %supported-systems
+                             '("mips64el-linux" "aarch64-linux")))
     ;; As seen from the source files.
     (license license:lgpl2.1+)))
 
@@ -2146,7 +2147,7 @@ of modern, widely supported codecs.")
 (define-public openh264
   (package
     (name "openh264")
-    (version "1.6.0")
+    (version "1.7.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/cisco/"
@@ -2154,7 +2155,7 @@ of modern, widely supported codecs.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1ix2fhk62i4q4kbnkl0gfk4x53vxqavsn0pck1pashr566zhglv5"))))
+                "0gv571bqkxk7ic64dmavs1q8nr7p59mcf4ibqp4lc070gn6w61ww"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("nasm" ,nasm)
diff --git a/gnu/packages/vim.scm b/gnu/packages/vim.scm
index 27c0b0da9c..818d2d207f 100644
--- a/gnu/packages/vim.scm
+++ b/gnu/packages/vim.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013 Cyril Roelandt <tipecaml@gmail.com>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016, 2017 ng0 <ng0@no-reply.pragmatique.xyz>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
@@ -60,7 +60,7 @@
 (define-public vim
   (package
     (name "vim")
-    (version "8.0.0600")
+    (version "8.0.0808")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://github.com/vim/vim/archive/v"
@@ -68,20 +68,13 @@
              (file-name (string-append name "-" version ".tar.gz"))
              (sha256
               (base32
-               "1ifaj0lfzqn06snkcd83l58m9r6lg7lk3wspx71k5ycvypyfi67s"))))
+               "0qrn9fhq5wdrrf2qhpygwfm5rynl32l406xhbr7lg69r9wl8cjjn"))))
     (build-system gnu-build-system)
     (arguments
      `(#:test-target "test"
        #:parallel-tests? #f
        #:phases
        (modify-phases %standard-phases
-         (add-after 'unpack 'make-bit-reproducable
-           (lambda _
-             (substitute* "src/version.c"
-               ((" VIM_VERSION_LONG_DATE") " VIM_VERSION_LONG")
-               ((" __DATE__") "")
-               ((" __TIME__") ""))
-             #t))
          (add-after 'configure 'patch-config-files
            (lambda _
              (substitute* "runtime/tools/mve.awk"
@@ -111,6 +104,9 @@ configuration files.")
 
 (define-public vim-full
   (package
+    ;; This package should share its source with Vim, but it doesn't
+    ;; build reliably, and we want to keep Vim up to date due to the
+    ;; frequency of important bug fixes.
     (inherit vim)
     (name "vim-full")
     (arguments
@@ -132,17 +128,6 @@ configuration files.")
        ,@(substitute-keyword-arguments (package-arguments vim)
            ((#:phases phases)
             `(modify-phases ,phases
-               (add-after 'build 'drop-failing-tests
-                 (lambda _
-                   ;; These tests fail mysteriously with GUI enabled.
-                   ;; https://github.com/vim/vim/issues/1460
-                   (substitute* "src/testdir/test_cmdline.vim"
-                     (("call assert_equal\\(.+getcmd.+\\(\\)\\)") ""))
-                   ;; FIXME: This test broke after GCC-5 core-updates merge.
-                   ;; "Test_system_exmode line 7: Expected '0' but got '/'"
-                   (substitute* "src/testdir/test_system.vim"
-                     (("call assert_equal\\('0', a\\[0\\]\\)") ""))
-                   #t))
                (add-before 'check 'start-xserver
                  (lambda* (#:key inputs #:allow-other-keys)
                    ;; Some tests require an X server, but does not start one.
@@ -663,24 +648,46 @@ refactor Vim in order to:
 (define-public vifm
   (package
     (name "vifm")
-    (version "0.8.2")
+    (version "0.9")
     (source
       (origin
         (method url-fetch)
-        (uri (string-append "mirror://sourceforge/vifm/vifm/vifm-"
-                            version ".tar.bz2"))
+        (uri (list
+               (string-append "https://github.com/vifm/vifm/releases/download/v"
+                              version "/vifm-" version ".tar.bz2")
+               (string-append "https://sourceforge.net/projects/vifm/files/vifm/"
+                              "vifm-" version ".tar.bz2")))
         (sha256
          (base32
-          "07r15kq7kjl3a41sd11ncpsii866xxps4f90zh3lv8jqcrv6silb"))))
+          "1zd72vcgir3g9rhs2iyca13qf5fc0b1f22y20f5gy92c3sfwj45b"))))
     (build-system gnu-build-system)
     (arguments
-    '(#:phases
+    '(#:configure-flags '("--disable-build-timestamp")
+      #:phases
       (modify-phases %standard-phases
         (add-after 'patch-source-shebangs 'patch-test-shebangs
           (lambda _
-            (substitute* (find-files "tests" "\\.c$")
-              (("/bin/sh") (which "sh")))
-            #t)))))
+            (substitute* (cons* "src/background.c"
+                                "src/cfg/config.c"
+                                (find-files "tests" "\\.c$"))
+              (("/bin/sh") (which "sh"))
+              (("/bin/bash") (which "bash")))
+            ;; This test segfaults
+            (substitute* "tests/Makefile"
+              (("misc") ""))
+            #t))
+         (add-after 'install 'install-vim-plugin-files
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (vifm (string-append out "/share/vifm"))
+                    (vimfiles (string-append out "/share/vim/vimfiles")))
+               (copy-recursively (string-append vifm "/colors")
+                                 (string-append vimfiles "/colors"))
+               (copy-recursively (string-append vifm "/vim")
+                                 vimfiles)
+               (delete-file-recursively (string-append vifm "/colors"))
+               (delete-file-recursively (string-append vifm "/vim")))
+             #t)))))
     (native-inputs
      `(("groff" ,groff) ; for the documentation
        ("perl" ,perl)))
diff --git a/gnu/packages/qemu.scm b/gnu/packages/virtualization.scm
index 0bd314c660..d06c55bd57 100644
--- a/gnu/packages/qemu.scm
+++ b/gnu/packages/virtualization.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -19,7 +20,7 @@
 ;;; You should have received a copy of the GNU General Public License
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
-(define-module (gnu packages qemu)
+(define-module (gnu packages virtualization)
   #:use-module (gnu packages)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages attr)
@@ -42,6 +43,7 @@
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages polkit)
   #:use-module (gnu packages python)
+  #:use-module (gnu packages selinux)
   #:use-module (gnu packages sdl)
   #:use-module (gnu packages spice)
   #:use-module (gnu packages texinfo)
@@ -80,7 +82,13 @@
                                       "qemu-CVE-2017-8309.patch"
                                       "qemu-CVE-2017-8379.patch"
                                       "qemu-CVE-2017-8380.patch"
-                                      "qemu-CVE-2017-9524.patch"))
+                                      "qemu-CVE-2017-9524.patch"
+                                      "qemu-CVE-2017-10664.patch"
+                                      "qemu-CVE-2017-10806.patch"
+                                      "qemu-CVE-2017-10911.patch"
+                                      "qemu-CVE-2017-11334.patch"
+                                      "qemu-CVE-2017-11434.patch"
+                                      "qemu-CVE-2017-12809.patch"))
              (sha256
               (base32
                "08mhfs0ndbkyqgw7fjaa9vjxf4dinrly656f6hjzvmaz7hzc677h"))))
@@ -143,7 +151,7 @@
      `(("alsa-lib" ,alsa-lib)
        ("attr" ,attr)
        ("glib" ,glib)
-       ;; ("libaio" ,libaio)
+       ("libaio" ,libaio)
        ("libattr" ,attr)
        ("libcap" ,libcap)           ; virtfs support requires libcap & libattr
        ("libjpeg" ,libjpeg-8)
@@ -266,17 +274,63 @@ all common programming languages.  Vala bindings are also provided.")
     ;; files in the "tools" directory are released under GPLv2+.
     (license (list lgpl2.1+ gpl2+))))
 
+(define-public lxc
+  (package
+    (name "lxc")
+    (version "2.0.8")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://linuxcontainers.org/downloads/lxc/lxc-"
+                    version ".tar.gz"))
+              (sha256
+               (base32
+                "15449r56rqg3487kzsnfvz0w4p5ajrq0krcsdh6c9r6g0ark93hd"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("gnutls" ,gnutls)
+       ("libcap" ,libcap)
+       ("libseccomp" ,libseccomp)
+       ("libselinux" ,libselinux)))
+    (arguments
+     '(#:configure-flags
+       '("--sysconfdir=/etc"
+         "--localstatedir=/var")
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out         (assoc-ref outputs "out"))
+                    (bashcompdir (string-append out "/etc/bash_completion.d")))
+               (zero? (system*
+                       "make" "install"
+                       (string-append "bashcompdir=" bashcompdir)
+                       ;; Don't install files into /var and /etc.
+                       "LXCPATH=/tmp/var/lib/lxc"
+                       "localstatedir=/tmp/var"
+                       "sysconfdir=/tmp/etc"
+                       "sysconfigdir=/tmp/etc/default"))))))))
+    (synopsis "Linux container tools")
+    (home-page "https://linuxcontainers.org/")
+    (description
+     "LXC is a userspace interface for the Linux kernel containment features.
+Through a powerful API and simple tools, it lets Linux users easily create and
+manage system or application containers.")
+    (license lgpl2.1+)))
+
 (define-public libvirt
   (package
     (name "libvirt")
-    (version "3.5.0")
+    (version "3.6.0")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://libvirt.org/sources/libvirt-"
+              (uri (string-append "https://libvirt.org/sources/libvirt-"
                                   version ".tar.xz"))
               (sha256
                (base32
-                "05mm4xdw6g960rwvc9189nhxpm1vrilnmpl4h4m1lha11pivlqr9"))))
+                "0gcyql5dp6j370kvik9hjhxirrg89m7l1q52yq0g75h7jpv9fb1s"))))
     (build-system gnu-build-system)
     (arguments
      `(;; FAIL: virshtest
@@ -286,7 +340,7 @@ all common programming languages.  Vala bindings are also provided.")
        ;; FAIL: networkxml2firewalltest
        ;; FAIL: nwfilterebiptablestest
        ;; FAIL: nwfilterxml2firewalltest
-       ;; Times out after PASS: virsh-vcpupin
+       ;; Times while running commandest.
        #:tests? #f
        #:configure-flags
        (list "--with-polkit"
@@ -308,7 +362,16 @@ all common programming languages.  Vala bindings are also provided.")
            (lambda _
              (zero? (system* "make" "install"
                              "sysconfdir=/tmp/etc"
-                             "localstatedir=/tmp/var")))))))
+                             "localstatedir=/tmp/var"))))
+         (add-after 'install 'wrap-libvirtd
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (wrap-program (string-append out "/sbin/libvirtd")
+                 `("PATH" = (,(string-append (assoc-ref inputs "iproute")
+                                             "/sbin")
+                             ,(string-append (assoc-ref inputs "qemu")
+                                             "/bin"))))
+               #t))))))
     (inputs
      `(("libxml2" ,libxml2)
        ("gnutls" ,gnutls)
@@ -333,7 +396,7 @@ all common programming languages.  Vala bindings are also provided.")
        ("iptables" ,iptables)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
-    (home-page "http://libvirt.org")
+    (home-page "https://libvirt.org")
     (synopsis "Simple API for virtualization")
     (description "Libvirt is a C toolkit to interact with the virtualization
 capabilities of recent versions of Linux.  The library aims at providing long
@@ -430,7 +493,7 @@ virtualization library.")
 (define-public virt-manager
   (package
     (name "virt-manager")
-    (version "1.4.1")
+    (version "1.4.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://virt-manager.org/download/sources"
@@ -438,7 +501,7 @@ virtualization library.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0i1rkxz730vw1nqghrp189jhhp53pw81k0h71hhxmyqlkyclkig6"))))
+                "0x6mnqw8bng3r69pvmnq9q6yyhicxg22yz62b6dzbb4z16xl1r23"))))
     (build-system python-build-system)
     (arguments
      `(#:python ,python-2
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index aec8c1807d..61ebf0d5fa 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -239,14 +239,14 @@ DNS domain name queries.")
 (define-public sshoot
   (package
     (name "sshoot")
-    (version "1.2.5")
+    (version "1.2.6")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri name version))
        (sha256
         (base32
-         "0a92lk8790dpp9j64vb6p4sazax0x3nby01lnfll7mxs1hx6n27q"))))
+         "1ccgh0hjyxrwkgy3hnxz3hgbjbs0lmfs25d5l5jam0xbpcpj63h0"))))
     (build-system python-build-system)
     (arguments
      '(#:phases
@@ -265,7 +265,7 @@ DNS domain name queries.")
      `(("python-fixtures" ,python-fixtures)
        ("python-pbr" ,python-pbr)
        ("python-testtools" ,python-testtools)))
-    (home-page "https://bitbucket.org/ack/sshoot")
+    (home-page "https://github.com/albertodonato/sshoot")
     (synopsis "sshuttle VPN session manager")
     (description "sshoot provides a command-line interface to manage multiple
 @command{sshuttle} virtual private networks.  It supports flexible profiles
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 8029903546..64d6874001 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -54,6 +54,7 @@
   #:use-module (gnu packages)
   #:use-module (gnu packages apr)
   #:use-module (gnu packages check)
+  #:use-module (gnu packages cran)
   #:use-module (gnu packages documentation)
   #:use-module (gnu packages docbook)
   #:use-module (gnu packages autotools)
@@ -72,9 +73,11 @@
   #:use-module (gnu packages gnuzilla)
   #:use-module (gnu packages gperf)
   #:use-module (gnu packages gtk)
-  #:use-module (gnu packages icu4c)
+  #:use-module (gnu packages java)
+  #:use-module (gnu packages javascript)
   #:use-module (gnu packages image)
   #:use-module (gnu packages libidn)
+  #:use-module (gnu packages libunistring)
   #:use-module (gnu packages lua)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages base)
@@ -304,6 +307,42 @@ such as high performance, preforking, signal support, superdaemon awareness,
 and UNIX socket support.")
     (license l:perl-license)))
 
+(define-public icedtea-web
+  (package
+    (name "icedtea-web")
+    (version "1.6.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "http://icedtea.wildebeest.org/download/source/"
+                    name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "004kwrngyxxlrlzby4vzxjr0xcyngcdc9dfgnvi61ffnjr006ryf"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags
+       (list  "--disable-plugin"         ;NPAPI plugins are obsolete nowadays.
+             (string-append "BIN_BASH=" (assoc-ref %build-inputs "bash")
+                            "/bin/bash")
+             (string-append "--with-jdk-home=" (assoc-ref %build-inputs "jdk")))))
+    (outputs '("out" "doc"))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("zip" ,zip)))
+    (inputs
+     `(("gtk+" ,gtk+)
+       ("jdk" ,icedtea "jdk")))
+    (home-page "http://icedtea.classpath.org/wiki/IcedTea-Web")
+    (synopsis "Java Web Start")
+    (description
+     "IcedTea-Web is an implementation of the @dfn{Java Network Launching
+Protocol}, also known as Java Web Start.  This package provides tools and
+libraries for working with JNLP applets.")
+    ;; The program is mainly GPL2+, with some individual files under LGPL2.1+
+    ;; or dual licenses.
+    (license l:gpl2+)))
+
 (define-public jansson
   (package
     (name "jansson")
@@ -449,7 +488,7 @@ current version of any major web browser.")
 (define-public rapidjson
   (package
     (name "rapidjson")
-    (version "1.0.2")
+    (version "1.1.0")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -458,13 +497,7 @@ current version of any major web browser.")
              (file-name (string-append name "-" version ".tar.gz"))
              (sha256
               (base32
-               "0rl6s0vg5y1dhh9vfl1lqay3sxf69sxjh0czxrjmasn7ng91wwf3"))
-             (modules '((guix build utils)))
-             (snippet
-              ;; Building with GCC 4.8 with -Werror was fine, but 4.9.3
-              ;; complains in new ways, so turn of -Werror.
-              '(substitute* (find-files "." "^CMakeLists\\.txt$")
-                 (("-Werror") "")))))
+               "13nrpvw8f1wx0ga7svbzld7pgrv8l172nangpipnj7jaf0lysz5z"))))
     (build-system cmake-build-system)
     (arguments
      `(,@(if (string-prefix? "aarch64" (or (%current-target-system)
@@ -543,7 +576,7 @@ for efficient socket-like bidirectional reliable communication channels.")
 (define-public libpsl
   (package
     (name "libpsl")
-    (version "0.17.0")
+    (version "0.18.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/rockdaboot/libpsl/"
@@ -551,10 +584,13 @@ for efficient socket-like bidirectional reliable communication channels.")
                                   "/libpsl-" version ".tar.gz"))
               (sha256
                (base32
-                "0jyxwc6bcvkcahkwcq237a0x209cysb63n5lak5m7zbglbb2jmq2"))))
+                "00iids8ldsqnnndmcfjp6kc00lv7fawf5l24mpbdbkh98yazgc4i"))))
     (build-system gnu-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
     (inputs
-     `(("icu4c" ,icu4c)
+     `(("libidn2" ,libidn2)
+       ("libunistring" ,libunistring)
        ("python-2" ,python-2)))
     (home-page "https://github.com/rockdaboot/libpsl")
     (synopsis "C library for the Publix Suffix List")
@@ -934,7 +970,7 @@ minimum to provide high performance operation.")
 (define-public sassc
   ;; libsass must be statically linked and it isn't included in the sassc
   ;; release tarballs, hence this odd package recipe.
-  (let* ((version "3.2.5")
+  (let* ((version "3.4.5")
          (libsass
           (origin
             (method url-fetch)
@@ -944,7 +980,7 @@ minimum to provide high performance operation.")
             (file-name (string-append "libsass-" version ".tar.gz"))
             (sha256
              (base32
-              "1x25k6p1s1yzsdpzb7bzh8japilmi1mk3z96q66pycbinj9z9is4")))))
+              "1j22138l5ymqjfj5zan9d2hipa3ahjmifgpjahqy1smlg5sb837x")))))
     (package
       (name "sassc")
       (version version)
@@ -955,11 +991,16 @@ minimum to provide high performance operation.")
                 (file-name (string-append "sassc-" version ".tar.gz"))
                 (sha256
                  (base32
-                  "1xf3w75w840rj0nx375rxi7mcv1ngqqq8p3zrzjlyx8jfpnldmv5"))))
+                  "1xk4kmmvziz9sal3swpqa10q0s289xjpcz8aggmly8mvxvmngsi9"))))
       (build-system gnu-build-system)
       (arguments
-       `(#:make-flags '("CC=gcc")
+       `(#:make-flags
+         (list "CC=gcc"
+               (string-append "PREFIX=" (assoc-ref %outputs "out")))
          #:test-target "test"
+         ;; FIXME: "make test" rebuilds the application and gets lost in a
+         ;; non-existing directory.
+         #:tests? #f
          #:phases
          (modify-phases %standard-phases
            (delete 'configure)
@@ -969,13 +1010,7 @@ minimum to provide high performance operation.")
                     (begin
                       (setenv "SASS_LIBSASS_PATH"
                               (string-append (getcwd) "/libsass-" ,version))
-                      #t))))
-           (replace 'install ; no install target
-             (lambda* (#:key outputs #:allow-other-keys)
-               (let ((bin (string-append (assoc-ref outputs "out") "/bin")))
-                 (mkdir-p bin)
-                 (copy-file "bin/sassc" (string-append bin "/sassc"))
-                 #t))))))
+                      #t)))))))
       (inputs
        `(("libsass" ,libsass)))
       (synopsis "CSS pre-processor")
@@ -1026,6 +1061,13 @@ to perl-code, for faster generation of access_log lines.")
         (base32
          "02afhlrdq5hh5g8b32fa79fqq5i76qzwfqqvfi9zi57h31szl536"))))
     (build-system perl-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'set-env
+           ;; Fix the build with Perl 5.26.0. Try removing this phase for later
+           ;; versions of perl-authen-sasl.
+           (lambda _ (setenv "PERL_USE_UNSAFE_INC" "1") #t)))))
     (propagated-inputs
      `(("perl-digest-hmac" ,perl-digest-hmac)
        ("perl-gssapi" ,perl-gssapi)))
@@ -1049,7 +1091,8 @@ to perl-code, for faster generation of access_log lines.")
          "0j1rrld13cjk7ks92b5hv3xw4rfm2lvmksb4rlzd8mx0a0wj0rc5"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-http-request-ascgi" ,perl-http-request-ascgi)))
+     `(("perl-http-request-ascgi" ,perl-http-request-ascgi)
+       ("perl-module-install" ,perl-module-install)))
     (propagated-inputs
      `(("perl-catalyst-runtime" ,perl-catalyst-runtime)
        ("perl-data-visitor" ,perl-data-visitor)
@@ -1073,7 +1116,8 @@ action, which will forward to the first available view.")
                 "1mpa64p61f3dp24xnhdraswch4sqj5vyv1iivcvvh5h0xi0haiy0"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-test-requires" ,perl-test-requires)))
+     `(("perl-test-requires" ,perl-test-requires)
+       ("perl-module-install" ,perl-module-install)))
     (propagated-inputs
      `(("perl-catalyst-runtime" ,perl-catalyst-runtime)
        ("perl-class-inspector" ,perl-class-inspector)
@@ -1115,6 +1159,7 @@ regular method.")
        ("perl-catalyst-plugin-session-state-cookie"
         ,perl-catalyst-plugin-session-state-cookie)
        ("perl-dbd-sqlite" ,perl-dbd-sqlite)
+       ("perl-module-install" ,perl-module-install)
        ("perl-test-www-mechanize-catalyst" ,perl-test-www-mechanize-catalyst)))
     (propagated-inputs
      `(("perl-catalyst-runtime" ,perl-catalyst-runtime)
@@ -1144,6 +1189,8 @@ DBIx::Class.")
         (base32
          "0wfj4vnn2cvk6jh62amwlg050p37fcwdgrn9amcz24z6w4qgjqvz"))))
     (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)))
     (propagated-inputs
      `(("perl-catalyst-runtime" ,perl-catalyst-runtime)
        ("perl-moose" ,perl-moose)))
@@ -1242,6 +1289,7 @@ when the dispatch type is first seen in your application.")
   (build-system perl-build-system)
   (native-inputs
    `(("perl-dbd-sqlite" ,perl-dbd-sqlite)
+     ("perl-module-install" ,perl-module-install)
      ("perl-test-exception" ,perl-test-exception)
      ("perl-test-requires" ,perl-test-requires)))
   (propagated-inputs
@@ -1310,6 +1358,8 @@ for you.  It will work even with Catalyst debug logging turned off.")
         (base32
          "0v6hb4r1wv3djrnqvnjcn3xx1scgqzx8nyjdg9lfc1ybvamrl0rn"))))
     (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)))
     (propagated-inputs
      `(("perl-catalyst-plugin-session" ,perl-catalyst-plugin-session)
        ("perl-catalyst-runtime" ,perl-catalyst-runtime)
@@ -1345,7 +1395,8 @@ system authorises them to do).")
          "0l83lkwmq0lngwh8b1rv3r719pn8w1gdbyhjqm74rnd0wbjl8h7f"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-test-exception" ,perl-test-exception)))
+     `(("perl-module-install" ,perl-module-install)
+       ("perl-test-exception" ,perl-test-exception)))
     (propagated-inputs
      `(("perl-catalyst-plugin-authentication"
         ,perl-catalyst-plugin-authentication)
@@ -1398,7 +1449,8 @@ Catalyst.")
          "19j7p4v7mbx6wrmpvmrnd974apx7hdl2s095ga3b9zcbdrl77h5q"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-path-class" ,perl-path-class)))
+     `(("perl-path-class" ,perl-path-class)
+       ("perl-module-install" ,perl-module-install)))
     (propagated-inputs
      `(("perl-catalyst-runtime" ,perl-catalyst-runtime)
        ("perl-config-any" ,perl-config-any)
@@ -1425,7 +1477,8 @@ formats.")
          "171vi9xcl775scjaw4fcfdmqvz0rb1nr0xxg2gb3ng6bjzpslhgv"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-test-deep" ,perl-test-deep)
+     `(("perl-module-install" ,perl-module-install)
+       ("perl-test-deep" ,perl-test-deep)
        ("perl-test-exception" ,perl-test-exception)))
     (propagated-inputs
      `(("perl-catalyst-runtime" ,perl-catalyst-runtime)
@@ -1456,6 +1509,8 @@ management in web applications together: the state, and the store.")
         (base32
          "1rvxbfnpf9x2pc2zgpazlcgdlr2dijmxgmcs0m5nazs0w6xikssb"))))
     (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)))
     (propagated-inputs
      `(("perl-catalyst-plugin-session" ,perl-catalyst-plugin-session)
        ("perl-catalyst-runtime" ,perl-catalyst-runtime)
@@ -1514,6 +1569,8 @@ memory interprocess cache.  It is based on Cache::FastMmap.")
         (base32
          "1b2ksz74cpigxqzf63rddar3vfmnbpwpdcbs11v0ml89pb8ar79j"))))
     (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)))
     (propagated-inputs
      `(("perl-catalyst-runtime" ,perl-catalyst-runtime)
        ("perl-devel-stacktrace" ,perl-devel-stacktrace)
@@ -1539,6 +1596,8 @@ number, file name, and code context surrounding the line number.")
         (base32
          "1h8f12bhzh0ssq9gs8r9g3hqn8zn2k0q944vc1vm8j81bns16msy"))))
     (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)))
     (propagated-inputs
      `(("perl-catalyst-runtime" ,perl-catalyst-runtime)
        ("perl-mime-types" ,perl-mime-types)
@@ -1559,7 +1618,7 @@ MIME type directly to the browser, without being processed through Catalyst.")
 (define-public perl-catalyst-runtime
   (package
     (name "perl-catalyst-runtime")
-    (version "5.90082")
+    (version "5.90115")
     (source
      (origin
        (method url-fetch)
@@ -1567,10 +1626,11 @@ MIME type directly to the browser, without being processed through Catalyst.")
                            "Catalyst-Runtime-" version ".tar.gz"))
        (sha256
         (base32
-         "1gs70nq4rikpq6siwds9disb1z03vwjzf979xi9kf7saa1drfncs"))))
+         "0kh3ng6pjpxmndq9vrn515f70x7h44ish5bsgjwj4pjvchcyivzm"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-test-fatal" ,perl-test-fatal)))
+     `(("perl-module-install" ,perl-module-install)
+       ("perl-test-fatal" ,perl-test-fatal)))
     (propagated-inputs
      `(("perl-cgi-simple" ,perl-cgi-simple)
        ("perl-cgi-struct" ,perl-cgi-struct)
@@ -1638,7 +1698,8 @@ run an application on the web, either by doing them itself, or by letting you
     (native-inputs
      `(("perl-catalyst-runtime" ,perl-catalyst-runtime)
        ("perl-catalystx-roleapplicator" ,perl-catalystx-roleapplicator)
-       ("perl-http-message" ,perl-http-message)))
+       ("perl-http-message" ,perl-http-message)
+       ("perl-module-install" ,perl-module-install)))
     (propagated-inputs
      `(("perl-moose" ,perl-moose)
        ("perl-namespace-autoclean" ,perl-namespace-autoclean)
@@ -1667,6 +1728,7 @@ replaced with the contents of the X-Request-Base header.")
     (build-system perl-build-system)
     (native-inputs
      `(("perl-catalyst-runtime" ,perl-catalyst-runtime)
+       ("perl-module-install" ,perl-module-install)
        ("perl-test-simple" ,perl-test-simple)
        ("perl-test-www-mechanize-catalyst" ,perl-test-www-mechanize-catalyst)
        ("perl-text-csv" ,perl-text-csv)
@@ -1692,7 +1754,8 @@ table based report in a variety of formats (CSV, HTML, etc.).")
          "0x943j1n2r0zqanyzdrs1xsnn8ayn2wqskn7h144xcqa6v6gcisl"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-yaml" ,perl-yaml)))
+     `(("perl-module-install" ,perl-module-install)
+       ("perl-yaml" ,perl-yaml)))
     (inputs
      `(("perl-catalyst-runtime" ,perl-catalyst-runtime)
        ("perl-json-maybexs" ,perl-json-maybexs)
@@ -1801,7 +1864,8 @@ application classes.")
          "0h02mpkc4cmi3jpvcd7iw7xyzx55bqvvl1qkf967gqkvpklm0qx5"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-test-www-mechanize-catalyst" ,perl-test-www-mechanize-catalyst)))
+     `(("perl-module-install" ,perl-module-install)
+       ("perl-test-www-mechanize-catalyst" ,perl-test-www-mechanize-catalyst)))
     (propagated-inputs
      `(("perl-catalyst-runtime" ,perl-catalyst-runtime)
        ("perl-moose" ,perl-moose)
@@ -1970,7 +2034,11 @@ with Encode::decode(locale => $string).")
     (build-system perl-build-system)
     (arguments
      ;; Tests expect to query files at http://stupidfool.org/perl/feeds/
-     `(#:tests? #f))
+     `(#:tests? #f
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'set-env
+           (lambda _ (setenv "PERL_USE_UNSAFE_INC" "1"))))))
     (inputs
      `(("perl-class-errorhandler" ,perl-class-errorhandler)
        ("perl-html-parser" ,perl-html-parser)
@@ -2158,15 +2226,15 @@ in tables within an HTML document, either as text or encoded element trees.")
 (define-public perl-html-tree
   (package
     (name "perl-html-tree")
-    (version "5.03")
+    (version "5.06")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/C/CJ/CJM/"
+       (uri (string-append "mirror://cpan/authors/id/K/KE/KENTNL/"
                            "HTML-Tree-" version ".tar.gz"))
        (sha256
         (base32
-         "13qlqbpixw470gnck0xgny8hyjj576m8y24bba2p9ai2lvy76vbx"))))
+         "0vjk4xrybjqs511qrh9cymhpbg9m3jjqr52qr035k6nzrccyndlw"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-module-build" ,perl-module-build)
@@ -2229,14 +2297,14 @@ kinds of HTML parsing operations.")
 (define-public perl-html-template
   (package
     (name "perl-html-template")
-    (version "2.95")
+    (version "2.97")
     (source (origin
               (method url-fetch)
-              (uri (string-append "mirror://cpan/authors/id/W/WO/WONKO/"
+              (uri (string-append "mirror://cpan/authors/id/S/SA/SAMTREGAR/"
                                   "HTML-Template-" version ".tar.gz"))
               (sha256
                (base32
-                "07ahpfgidxsw2yb7y8i7bbr8s64aq6qgq832h9jswmksxbd0l43q"))))
+                "17qjw8swj2q4b1ic285pndgrkmvpsqw0j68nhqzpk1daydhsyiv5"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-cgi" ,perl-cgi)))
@@ -2459,6 +2527,8 @@ supported.")
         (base32
          "02d84xq1mm53c7jl33qyb7v5w4372vydp74z6qj0vc96wcrnhkkr"))))
     (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)))
     (home-page "http://search.cpan.org/dist/HTTP-Parser-XS")
     (synopsis "Fast HTTP request parser")
     (description "HTTP::Parser::XS is a fast, primitive HTTP request/response
@@ -2505,7 +2575,16 @@ environment from an HTTP::Request.")
     (arguments
      ;; See the discussion of a related tests issue at
      ;; https://lists.gnu.org/archive/html/guix-devel/2015-01/msg00346.html
-     `(#:tests? #f))
+     `(#:tests? #f
+
+       #:phases (modify-phases %standard-phases
+                   (add-before 'configure 'set-search-path
+                     (lambda _
+                       ;; Work around "dotless @INC" build failure.
+                       (setenv "PERL5LIB"
+                               (string-append (getcwd) ":"
+                                              (getenv "PERL5LIB")))
+                       #t)))))
     (home-page "http://search.cpan.org/dist/HTTP-Server-Simple")
     (synopsis "Lightweight HTTP server")
     (description "HTTP::Server::Simple is a simple standalone HTTP daemon with
@@ -2785,7 +2864,7 @@ HTTP/1.1.")
 (define-public perl-net-server
   (package
     (name "perl-net-server")
-    (version "2.008")
+    (version "2.009")
     (source
      (origin
        (method url-fetch)
@@ -2793,7 +2872,7 @@ HTTP/1.1.")
                            "Net-Server-" version ".tar.gz"))
        (sha256
         (base32
-         "182gfikn7r40kmm3d35m2qc6r8g0y1j8gxbn9ffaawf8xmm0a889"))))
+         "0gw1k9gcw7habbkxvsfa2gz34brlbwcidk6khgsf1qjm0dbccrw2"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/Net-Server")
     (synopsis "Extensible Perl server engine")
@@ -2955,6 +3034,8 @@ required.")
         (base32
          "1zmsccdy6wr5hxzj07r1nsmaymyibk87p95z0wzknjw10lwmqs9f"))))
     (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)))
     (propagated-inputs
      `(("perl-plack" ,perl-plack)))
     (home-page "http://search.cpan.org/dist/Plack-Middleware-ReverseProxy")
@@ -3022,6 +3103,8 @@ either mocked HTTP or a locally spawned server.")
     (build-system perl-build-system)
     (native-inputs
      `(("perl-test-exception" ,perl-test-exception)))
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)))
     (propagated-inputs
      `(("perl-carp-assert-more" ,perl-carp-assert-more)
        ("perl-html-form" ,perl-html-form)
@@ -3054,6 +3137,7 @@ WWW::Mechanize that incorporates features for web application testing.")
      `(("perl-catalyst-plugin-session" ,perl-catalyst-plugin-session)
        ("perl-catalyst-plugin-session-state-cookie"
         ,perl-catalyst-plugin-session-state-cookie)
+       ("perl-module-install" ,perl-module-install)
        ("perl-test-exception" ,perl-test-exception)
        ("perl-test-pod" ,perl-test-pod)
        ("perl-test-utf8" ,perl-test-utf8)))
@@ -3207,6 +3291,7 @@ methods for WebSocket URIs as it does for HTTP URIs.")
     (native-inputs
      `(("perl-test-pod-coverage" ,perl-test-pod-coverage)
        ("perl-test-pod" ,perl-test-pod)
+       ("perl-module-install" ,perl-module-install)
        ("perl-json" ,perl-json)))
     (home-page "http://search.cpan.org/dist/URI-Template")
     (synopsis "Object for handling URI templates")
@@ -3229,7 +3314,18 @@ RFC 6570.")
                 "1fmp9aib1kaps9vhs4dwxn7b15kgnlz9f714bxvqsd1j1q8spzsj"))))
     (build-system perl-build-system)
     (arguments
-     '(#:tests? #f))                        ;XXX: tests require network access
+     '(#:tests? #f                          ;XXX: tests require network access
+
+       #:phases (modify-phases %standard-phases
+                   (add-before 'configure 'set-search-path
+                     (lambda _
+                       ;; Work around "dotless @INC" build failure.
+                       (setenv "PERL5LIB"
+                               (string-append (getcwd) ":"
+                                              (getenv "PERL5LIB")))
+                       #t)))))
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)))
     (inputs `(("curl" ,curl)))
     (synopsis "Perl extension interface for libcurl")
     (description
@@ -3241,21 +3337,26 @@ library.")
 (define-public perl-www-mechanize
   (package
     (name "perl-www-mechanize")
-    (version "1.73")
+    (version "1.86")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/E/ET/ETHER/"
+       (uri (string-append "mirror://cpan/authors/id/O/OA/OALDERS/"
                            "WWW-Mechanize-" version ".tar.gz"))
        (sha256
         (base32
-         "1zrw8aadhwy48q51x2z2rqlkwf17bya4j4h3hy89mw783j96rmg9"))))
+         "0sfl6b7mx8nannnh3ys5jk44d1s1b2d1mffrnrphkzzykaw6hm0f"))))
     (build-system perl-build-system)
     (native-inputs                      ;only for tests
-     `(("perl-cgi" ,perl-cgi)))
+     `(("perl-cgi" ,perl-cgi)
+       ("perl-test-deep" ,perl-test-deep)
+       ("perl-test-fatal" ,perl-test-fatal)
+       ("perl-test-output" ,perl-test-output)
+       ("perl-test-warnings" ,perl-test-warnings)))
     (propagated-inputs
      `(("perl-html-form" ,perl-html-form)
        ("perl-html-parser" ,perl-html-parser)
+       ("perl-html-tree" ,perl-html-tree)
        ("perl-http-message" ,perl-http-message)
        ("perl-http-server-simple" ,perl-http-server-simple)
        ("perl-libwww" ,perl-libwww)
@@ -3349,13 +3450,13 @@ CDF, Atom 0.3, and Atom 1.0 feeds.")
 (define-public r-httpuv
   (package
     (name "r-httpuv")
-    (version "1.3.3")
+    (version "1.3.5")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "httpuv" version))
               (sha256
                (base32
-                "0aibs0hf38n8f6xxx4g2i2lzd6l5h92m5pscx2z834sdvhnladxv"))))
+                "1sg4f223zfyd265b28rlhsn3b6mqflcpnmya98cjmjncmy9vjdj3"))))
     (build-system r-build-system)
     (native-inputs `(("r-rcpp" ,r-rcpp)))
     (home-page "https://github.com/rstudio/httpuv")
@@ -3373,13 +3474,13 @@ particularly easy to create complete web applications using httpuv alone.")
 (define-public r-jsonlite
   (package
     (name "r-jsonlite")
-    (version "1.4")
+    (version "1.5")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "jsonlite" version))
               (sha256
                (base32
-                "11rgkjp5qir79niad0aizjxvjzyvkl6l9nsrv3ikv446vllmrasn"))))
+                "00lfg464jhf7k01bal9pcjvbdf5cxk6xi2h46hccp1x3h883g434"))))
     (build-system r-build-system)
     (home-page "http://arxiv.org/abs/1403.2805")
     (synopsis "Robust, high performance JSON parser and generator for R")
@@ -3397,13 +3498,13 @@ in systems and applications.")
 (define-public r-servr
   (package
     (name "r-servr")
-    (version "0.5")
+    (version "0.6")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "servr" version))
               (sha256
                (base32
-                "1ixcl9xjc1k9zvl6v6bsw4kpramr1h53b4s46qg8kahkqy6kqd8a"))))
+                "0sqz3wssxa19g9mpmf9s4gx2a5rvzl8nrd11qkgpz5v3iqsc6ysr"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-httpuv" ,r-httpuv)
@@ -3422,13 +3523,13 @@ directory.")
 (define-public r-htmltools
   (package
     (name "r-htmltools")
-    (version "0.3.5")
+    (version "0.3.6")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "htmltools" version))
               (sha256
                (base32
-                "0j9bf80grd6gwh7116m575pycv87c0wcwkxsz3gzzfs4aw3pxyr9"))))
+                "18k8r1s8sz1jy7dkz35n69wj20xhmllr53xmwb4pdzf2z61gpbs4"))))
     (build-system r-build-system)
     (arguments
      `(#:phases
@@ -3456,13 +3557,13 @@ directory.")
 (define-public r-htmlwidgets
   (package
     (name "r-htmlwidgets")
-    (version "0.8")
+    (version "0.9")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "htmlwidgets" version))
               (sha256
                (base32
-                "1df3pwl34rvdbr9sgr5h27q9bmqpckvpwq4frl3d1v614y3vfclj"))))
+                "0plqkfqys1ca3ki7sb7yc6gwjpi7yy4g3mzh7hfy8s6qri0vam0i"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-htmltools" ,r-htmltools)
@@ -3510,13 +3611,13 @@ LaTeX.")
 (define-public r-curl
   (package
     (name "r-curl")
-    (version "2.5")
+    (version "2.8.1")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "curl" version))
               (sha256
                (base32
-                "09p86i5f88gx1i7cidm1ka56g0jjkghqfam96p1jhwlh2fv6nrks"))))
+                "0dgfl7wn4r8inv55xnk4ybf1y2x4qmi4cbr6phr3lfi1dnjm4hsm"))))
     (build-system r-build-system)
     (arguments
      `(#:phases
@@ -4695,3 +4796,252 @@ arrays.  It creates a JSON string on stdout from words provided as
 command-line arguments or read from stdin.")
     (license (list l:gpl2+
                    l:expat)))) ; json.c, json.h
+
+(define-public python-internetarchive
+  (package
+    (name "python-internetarchive")
+    (version "1.7.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/jjjake/internetarchive/archive/"
+                           "v" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1lj4r0y67mwjns2gcjvw0y7m5x0vqir2iv7s4q2y93492azli1qh"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:tests? #f ; 11 tests of 105 fail to mock "requests".
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'check)
+         (add-after 'install 'check
+           (lambda* (#:key inputs outputs target (tests? (not target)) #:allow-other-keys)
+             (if tests?
+               (begin
+                 (add-installed-pythonpath inputs outputs)
+                 (setenv "PATH" (string-append (assoc-ref outputs "out") "/bin"
+                                               ":" (getenv "PATH")))
+                 (zero? (system* "py.test")))
+               (begin
+                 (format #t "test suite not run~%")
+                 #t)))))))
+    (propagated-inputs
+     `(("python-requests" ,python-requests)
+       ("python-jsonpatch" ,python-jsonpatch-0.4)
+       ("python-docopt" ,python-docopt)
+       ("python-clint" ,python-clint)
+       ("python-six" ,python-six)
+       ("python-schema" ,python-schema-0.5)
+       ("python-backports-csv" ,python-backports-csv)))
+    (native-inputs
+     `(("python-pytest-3.0" ,python-pytest-3.0)
+       ("python-pytest-capturelog" ,python-pytest-capturelog)
+       ("python-responses" ,python-responses)))
+    (home-page "https://github.com/jjjake/internetarchive")
+    (synopsis "Command-line interface to archive.org")
+    (description "@code{ia} is a command-line tool for using
+@url{archive.org} from the command-line.  It also emplements the
+internetarchive python module for programatic access to archive.org.")
+    (properties
+     `((python2-variant . ,(delay python2-internetarchive))))
+    (license l:agpl3+)))
+
+(define-public python2-internetarchive
+  (package-with-python2
+   (strip-python2-variant python-internetarchive)))
+
+(define-public r-shiny
+  (package
+    (name "r-shiny")
+    (version "1.0.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/rstudio/shiny/"
+                           "archive/v" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0z2v2s4hd44mvzjn7r70549kdzkrrch9nxhp27r6x2cy6micizm3"))))
+    (build-system r-build-system)
+    (arguments
+     `(#:modules ((guix build r-build-system)
+                  (guix build minify-build-system)
+                  (guix build utils)
+                  (ice-9 match))
+       #:imported-modules (,@%r-build-system-modules
+                           (guix build minify-build-system))
+       #:phases
+       (modify-phases (@ (guix build r-build-system) %standard-phases)
+         (add-after 'unpack 'replace-bundled-minified-JavaScript
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let ((replace-file (lambda (old new)
+                                   (format #t "replacing ~a with ~a\n" old new)
+                                   (delete-file old)
+                                   (symlink new old))))
+               ;; NOTE: Files in ./inst/www/shared/datepicker/js/locales/
+               ;; contain just data.  They are not minified code, so we don't
+               ;; replace them.
+               (with-directory-excursion "inst/www/shared"
+                 (replace-file "bootstrap/shim/respond.min.js"
+                               (string-append (assoc-ref inputs "js-respond")
+                                              "/share/javascript/respond.min.js"))
+                 (replace-file "bootstrap/shim/html5shiv.min.js"
+                               (string-append (assoc-ref inputs "js-html5shiv")
+                                              "/share/javascript/html5shiv.min.js"))
+                 (replace-file "json2-min.js"
+                               (string-append (assoc-ref inputs "js-json2")
+                                              "/share/javascript/json2.min.js"))
+                 (replace-file "strftime/strftime-min.js"
+                               (string-append (assoc-ref inputs "js-strftime")
+                                              "/share/javascript/strftime.min.js"))
+                 (replace-file "highlight/highlight.pack.js"
+                               (string-append (assoc-ref inputs "js-highlight")
+                                              "/share/javascript/highlight.min.js"))
+                 (replace-file "datatables/js/jquery.dataTables.min.js"
+                               (string-append (assoc-ref inputs "js-datatables")
+                                              "/share/javascript/jquery.dataTables.min.js"))
+                 (replace-file "selectize/js/selectize.min.js"
+                               (string-append (assoc-ref inputs "js-selectize")
+                                              "/share/javascript/selectize.min.js"))
+                 (replace-file "selectize/js/es5-shim.min.js"
+                               (string-append (assoc-ref inputs "js-es5-shim")
+                                              "/share/javascript/es5-shim.min.js"))
+                 (for-each (match-lambda
+                             ((source . target)
+                              (delete-file target)
+                              (minify source #:target target)))
+                           '(("jqueryui/jquery-ui.js" .
+                              "jqueryui/jquery-ui.min.js")
+                             ("showdown/src/showdown.js" .
+                              "showdown/compressed/showdown.js")
+                             ("datepicker/js/bootstrap-datepicker.js" .
+                              "datepicker/js/bootstrap-datepicker.min.js")
+                             ("ionrangeslider/js/ion.rangeSlider.js" .
+                              "ionrangeslider/js/ion.rangeSlider.min.js")
+                             ("bootstrap/js/bootstrap.js" .
+                              "bootstrap/js/bootstrap.min.js")
+                             ("shiny.js" .
+                              "shiny.min.js")
+                             ("jquery.js" .
+                              "jquery.min.js")))))
+             #t)))))
+    (propagated-inputs
+     `(("r-httpuv" ,r-httpuv)
+       ("r-mime" ,r-mime)
+       ("r-jsonlite" ,r-jsonlite)
+       ("r-xtable" ,r-xtable)
+       ("r-digest" ,r-digest)
+       ("r-htmltools" ,r-htmltools)
+       ("r-r6" ,r-r6)
+       ("r-sourcetools" ,r-sourcetools)))
+    (inputs
+     `(("js-datatables" ,js-datatables)
+       ("js-html5shiv" ,js-html5shiv)
+       ("js-json2" ,js-json2)
+       ("js-respond" ,js-respond)
+       ("js-selectize" ,js-selectize)
+       ("js-strftime" ,js-strftime)
+       ("js-highlight" ,js-highlight)
+       ("js-es5-shim" ,js-es5-shim)))
+    (home-page "http://shiny.rstudio.com")
+    (synopsis "Easy interactive web applications with R")
+    (description
+     "Makes it incredibly easy to build interactive web applications
+with R.  Automatic \"reactive\" binding between inputs and outputs and
+extensive prebuilt widgets make it possible to build beautiful,
+responsive, and powerful applications with minimal effort.")
+    (license l:artistic2.0)))
+
+(define-public r-crosstalk
+  (package
+    (name "r-crosstalk")
+    (version "1.0.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "crosstalk" version))
+       (sha256
+        (base32
+         "0lfa89vhrzi7a1rghmygcjr8gzddw35sinb3jx6g49mc9jias7mk"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-ggplot2" ,r-ggplot2)
+       ("r-htmltools" ,r-htmltools)
+       ("r-jsonlite" ,r-jsonlite)
+       ("r-lazyeval" ,r-lazyeval)
+       ("r-r6" ,r-r6)
+       ("r-shiny" ,r-shiny)))
+    (home-page "https://rstudio.github.io/crosstalk/")
+    (synopsis "Inter-widget interactivity for HTML widgets")
+    (description
+     "This package provides building blocks for allowing HTML widgets to
+communicate with each other, with Shiny or without (i.e.  static @code{.html}
+files).  It currently supports linked brushing and filtering.")
+    (license l:expat)))
+
+(define-public r-rook
+  (package
+    (name "r-rook")
+    (version "1.1-1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "Rook" version))
+       (sha256
+        (base32
+         "00s9a0kr9rwxvlq433daxjk4ji8m0w60hjdprf502msw9kxfrx00"))))
+    (properties `((upstream-name . "Rook")))
+    (build-system r-build-system)
+    (propagated-inputs `(("r-brew" ,r-brew)))
+    (home-page "http://cran.r-project.org/web/packages/Rook")
+    (synopsis "Web server interface for R")
+    (description
+     "This package contains the Rook specification and convenience software
+for building and running Rook applications.  A Rook application is an R
+reference class object that implements a @code{call} method or an R closure
+that takes exactly one argument, an environment, and returns a list with three
+named elements: the @code{status}, the @code{headers}, and the @code{body}.")
+    (license l:gpl2)))
+
+(define-public rss-bridge
+  (package
+    (name "rss-bridge")
+    (version "2017-08-03")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/RSS-Bridge/rss-bridge/archive/"
+                           version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "05s16y552hbyj91s7bnlkx1bi64s6aw0fjy29az8via3i3b21yhl"))))
+    (build-system trivial-build-system)
+    (native-inputs
+     `(("gzip" ,gzip)
+       ("tar" ,tar)))
+    (arguments
+     '(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils)
+                      (ice-9 match))
+         (let* ((out (assoc-ref %outputs "out"))
+                (share-rss-bridge (string-append out "/share/rss-bridge")))
+           (set-path-environment-variable
+            "PATH" '("bin") (map (match-lambda ((_ . input) input))
+                                 %build-inputs))
+           (mkdir-p share-rss-bridge)
+           (system* "tar" "xvf" (assoc-ref %build-inputs "source")
+                    "--strip-components" "1" "-C" share-rss-bridge)
+           #t))))
+    (home-page "https://github.com/RSS-Bridge/rss-bridge")
+    (synopsis "Generate Atom feeds for social networking websites")
+    (description "rss-bridge generates Atom feeds for social networking
+websites lacking feeds.  Supported websites include Facebook, Twitter,
+Instagram and YouTube.")
+    (license (list l:public-domain
+                   l:expat)))) ;; vendor/simplehtmldom/simple_html_dom.php
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index 8d04242743..5ab27b49f5 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -53,14 +53,14 @@
 (define-public webkitgtk
   (package
     (name "webkitgtk")
-    (version "2.16.5")
+    (version "2.16.6")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.webkitgtk.org/releases/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1m3xpqs6ddq3m8z6vn83mqh5mkagxlp68vl5qnc7hxcf8brrc0wf"))))
+                "08abxbhi2n1pfby9f2c20z8mpmbvbs2z7vf0p5ckq4jkz46na8zw"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f ; no tests
diff --git a/gnu/packages/wget.scm b/gnu/packages/wget.scm
index a73c68004d..3673ad5cc4 100644
--- a/gnu/packages/wget.scm
+++ b/gnu/packages/wget.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org>
-;;; Copyright © 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -41,11 +41,27 @@
       (uri (string-append "mirror://gnu/wget/wget-"
                           version ".tar.xz"))
       (patches (search-patches "wget-CVE-2017-6508.patch"
-                               "wget-fix-504-test-timeout.patch"))
+                               "wget-fix-504-test-timeout.patch"
+                               "wget-perl-5.26.patch"))
       (sha256
        (base32
         "1ljcfhbkdsd0zjfm520rbl1ai62fc34i7c45sfj244l8f6b0p58c"))))
     (build-system gnu-build-system)
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (add-before 'check 'disable-https-tests
+                    (lambda _
+                      ;; XXX: Skip TLS tests, which fail with "The
+                      ;; certificate's owner does not match hostname" as
+                      ;; reported at:
+                      ;; <https://lists.gnu.org/archive/html/bug-wget/2017-07/msg00012.html>.
+                      ;; The problem appears to be due to a change in GnuTLS
+                      ;; 3.5.12, whereby 'gnutls_x509_crt_check_hostname2' no
+                      ;; longer matches IP address against the 'CN' or
+                      ;; 'DNSname' fields of certificates.
+                      (substitute* "testenv/Makefile"
+                        (("SSL_TESTS=1") ""))
+                      #t)))))
     (inputs
      `(("gnutls" ,gnutls)
        ("libidn2" ,libidn2)
diff --git a/gnu/packages/wine.scm b/gnu/packages/wine.scm
index 650352f58f..513b0eb999 100644
--- a/gnu/packages/wine.scm
+++ b/gnu/packages/wine.scm
@@ -66,8 +66,7 @@
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)
                      ("gettext" ,gettext-minimal)
-                     ; A bug in flex prevents building with flex-2.6.3.
-                     ("flex" ,flex-2.6.1)
+                     ("flex" ,flex)
                      ("bison" ,bison)
                      ("perl" ,perl)))
     (inputs
diff --git a/gnu/packages/wm.scm b/gnu/packages/wm.scm
index f901fc1d55..5ba29c3b3d 100644
--- a/gnu/packages/wm.scm
+++ b/gnu/packages/wm.scm
@@ -9,11 +9,12 @@
 ;;; Copyright © 2016 Al McElrath <hello@yrns.org>
 ;;; Copyright © 2016 Carlo Zancanaro <carlo@zancanaro.id.au>
 ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2016, 2017 ng0 <ng0@no-reply.pramatique.xyz>
+;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2016 doncatnip <gnopap@gmail.com>
 ;;; Copyright © 2016 Ivan Vilata i Balaguer <ivan@selidor.net>
 ;;; Copyright © 2017 Mekeor Melire <mekeor.melire@gmail.com>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017 Oleg Pykhalov <go.wigust@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -72,7 +73,7 @@
 (define-public libconfuse
   (package
     (name "libconfuse")
-    (version "3.2")
+    (version "3.2.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/martinh/libconfuse/"
@@ -80,7 +81,7 @@
                                   "/confuse-" version ".tar.xz"))
               (sha256
                (base32
-                "0j2fg93w22apjfqnkak8k8m395n2l7hhm9xnjx0k2v82js3bnsm4"))))
+                "0pnjmlj9i0alp407qd7c0vq83sz7gpsjrbdgpcn4xvzjp9r35ii3"))))
     (build-system gnu-build-system)
     (home-page "https://github.com/martinh/libconfuse")
     (synopsis "Configuration file parser library")
@@ -94,7 +95,7 @@ nested include statements).")
 (define-public bspwm
   (package
     (name "bspwm")
-    (version "0.9")
+    (version "0.9.3")
     (source
      (origin
        (file-name (string-append name "-" version ".tar.gz"))
@@ -104,7 +105,7 @@ nested include statements).")
              version ".tar.gz"))
        (sha256
         (base32
-         "1pig0h2jk8wipyz90j69c4bk37bfyq60asnn0v0bqld2p2vjvyqy"))))
+         "17dwj7w16cdj7g4s2y2f96lgj5msq1s4543dnfa3rijlazzy6mmk"))))
     (build-system gnu-build-system)
     (inputs
      `(("libxcb" ,libxcb)
@@ -224,14 +225,14 @@ developers.")
 (define-public perl-anyevent-i3
   (package
     (name "perl-anyevent-i3")
-    (version "0.16")
+    (version "0.17")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/M/MS/MSTPLBG/"
                                   "AnyEvent-I3-" version ".tar.gz"))
               (sha256
                (base32
-                "1qwva5vmmn929l6k9wzhp4h80ad4qm4m1g2dyv4nlas624003hig"))))
+                "0qvd9bq16jyy7v3ma82qcnvz9j503bw0mh7h55gkjf7ir62ck0jk"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-anyevent" ,perl-anyevent)
@@ -382,6 +383,39 @@ used on each workspace.  Xinerama is fully supported, allowing windows to be
 tiled on several screens.")
     (license license:bsd-3)))
 
+(define-public xmobar
+  (package
+    (name "xmobar")
+    (version "0.24.5")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://hackage/package/xmobar/"
+                                  name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0sdzfj2wa4wpig1i2i5n9qpwm90jp88qifsmaa7j37yhhs6snfir"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-http" ,ghc-http)
+       ("ghc-parsec" ,ghc-parsec)
+       ("ghc-regex-compat" ,ghc-regex-compat)
+       ("ghc-stm" ,ghc-stm)
+       ("ghc-x11-xft" ,ghc-x11-xft)
+       ("ghc-hinotify" ,ghc-hinotify)
+       ("libxpm" ,libxpm)
+       ("wireless-tools" ,wireless-tools)))
+    (arguments
+     `(#:configure-flags
+       '("--flags=with_utf8 with_xft with_xpm with_inotify with_iwlib")))
+    (home-page "http://xmobar.org")
+    (synopsis "Minimalistic text based status bar")
+    (description
+     "@code{xmobar} is a lightweight, text-based, status bar written in
+Haskell.  It was originally designed to be used together with Xmonad, but it
+is also usable with any other window manager.  While xmobar is written in
+Haskell, no knowledge of the language is required to install and use it.")
+    (license license:bsd-3)))
+
 (define-public ghc-xmonad-contrib
   (package
     (name "ghc-xmonad-contrib")
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 5e24440e41..edb70a37a8 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -93,16 +93,15 @@
     (build-system python-build-system)
     (arguments
      `(#:python ,python-2     ;incompatible with python 3
-       #:tests? #f ;no tests
        #:phases
        (modify-phases %standard-phases
-         (add-after 'install 'make-xrandr-available
-           (lambda* (#:key inputs outputs #:allow-other-keys)
-             (wrap-program (string-append (assoc-ref outputs "out")
-                                          "/bin/arandr")
-               `("PATH" ":" prefix (,(string-append (assoc-ref inputs "xrandr")
-                                                    "/bin"))))
-             #t)))))
+         (add-before 'build 'configure
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "screenlayout/xrandr.py"
+               (("\"xrandr\"") (string-append "\"" (assoc-ref inputs "xrandr")
+                                              "/bin/xrandr\"")))
+             #t)))
+       #:tests? #f)) ;no tests
     (inputs `(("pygtk" ,python2-pygtk)
               ("xrandr" ,xrandr)))
     (native-inputs `(("gettext"           ,gettext-minimal)
@@ -288,7 +287,7 @@ rasterisation.")
 (define-public libdrm
   (package
     (name "libdrm")
-    (version "2.4.80")
+    (version "2.4.81")
     (source
       (origin
         (method url-fetch)
@@ -298,7 +297,7 @@ rasterisation.")
                ".tar.bz2"))
         (sha256
          (base32
-          "1wa9cnzf60xwx67zq9ay48xr3j3sn1z80q77jpbzmkg906b52am8"))
+          "1bhimr6za2ddisrvrv1qqd7c2a59s7jc954sjycq2w68b8cmrh4c"))
         (patches (search-patches "libdrm-symbol-check.patch"))))
     (build-system gnu-build-system)
     (inputs
@@ -452,7 +451,7 @@ of the screen selected by mouse.")
 (define-public slop
   (package
     (name "slop")
-    (version "6.3.45")
+    (version "7.3.49")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -461,12 +460,13 @@ of the screen selected by mouse.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0lzyjcg6yff1vzlsda45i57khajp56yrmcjfa5faw3i60fnqqiy7"))))
+                "0gxi174vi13ldjaf776s2jcdyy379lnwwml29nk1bkzj5d5gpghm"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f)) ; no "check" target
     (inputs
-     `(("glm" ,glm)
+     `(("glew" ,glew)
+       ("glm" ,glm)
        ("icu4c" ,icu4c)
        ("libxext" ,libxext)
        ("libxrender" ,libxrender)
@@ -484,7 +484,7 @@ selection's dimensions to stdout.")
 (define-public maim
   (package
     (name "maim")
-    (version "5.4.63")
+    (version "5.4.68")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -493,7 +493,7 @@ selection's dimensions to stdout.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0ncly3mmg9pihda3jfwmvfa4sd3xanrm8hpvfq7lr2rl8rqknx80"))))
+                "0f54s7csrxjd5r9anqqa92diwmzdplpws3llmbr6g3c0l6bp8815"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f))            ; no "check" target
@@ -1061,7 +1061,7 @@ by name.")
 (define-public tint2
   (package
     (name "tint2")
-    (version "0.12.11")
+    (version "0.14.6")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://gitlab.com/o9000/" name
@@ -1069,7 +1069,7 @@ by name.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0dv7zaj2ahnfclnwnwcz9arrvzxn65yy29z7fqdgifdh3jk1kl2h"))))
+                "1kwzwxy4myagybm3rc7dgynfgp75742n348qibn1p2an9ggyivda"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f                      ;no test target
diff --git a/gnu/packages/xiph.scm b/gnu/packages/xiph.scm
index 5f6f47f305..47274411b5 100644
--- a/gnu/packages/xiph.scm
+++ b/gnu/packages/xiph.scm
@@ -322,15 +322,14 @@ ogginfo, to obtain information (tags, bitrate, length, etc.) about
 (define opus
   (package
     (name "opus")
-    (version "1.2")
+    (version "1.2.1")
     (source (origin
               (method url-fetch)
-              (uri (string-append
-                    "http://downloads.xiph.org/releases/opus/opus-" version
-                    ".tar.gz"))
+              (uri (string-append "https://archive.mozilla.org/pub/opus/opus-"
+                                  version ".tar.gz"))
               (sha256
                (base32
-                "1ad9q2g9vivx409jdsslv1hrh5r616qz2pjm96y8ymsigfl4bnvp"))))
+                "0ch7yzgg4bn1g36bpjsfrgs4n19c84d7wpdida6yzifrrhwx7byg"))))
     (build-system gnu-build-system)
     (synopsis "Versatile audio codec")
     (description
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 67d6c8e8df..44fa48af8c 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -55,17 +55,15 @@
 (define-public expat
   (package
     (name "expat")
-    (version "2.2.0")
-    (replacement expat-2.2.1)
+    (version "2.2.1")
+    (replacement expat-2.2.2)
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://sourceforge/expat/expat/"
                                  version "/expat-" version ".tar.bz2"))
-             (patches
-               (search-patches "expat-CVE-2016-0718-fix-regression.patch"))
              (sha256
               (base32
-               "1zq4lnwjlw8s9mmachwfvfjf2x3lk24jm41746ykhdcvs7r0zrfr"))))
+               "11c8jy1wvllvlk7xdc5cm8hdhg0hvs8j0aqy6s702an8wkdcls0q"))))
     (build-system gnu-build-system)
     (home-page "http://www.libexpat.org/")
     (synopsis "Stream-oriented XML parser library written in C")
@@ -75,17 +73,17 @@ stream-oriented parser in which an application registers handlers for
 things the parser might find in the XML document (like start tags).")
     (license license:expat)))
 
-(define expat-2.2.1  ; Fixes CVE-2017-9233, CVE-2016-9063 and other issues.
+(define expat-2.2.2  ; Fixes CVE-2017-9233, CVE-2016-9063 and other issues.
   (package
     (inherit expat)
-    (version "2.2.1")
+    (version "2.2.2")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://sourceforge/expat/expat/"
                                  version "/expat-" version ".tar.bz2"))
              (sha256
               (base32
-               "11c8jy1wvllvlk7xdc5cm8hdhg0hvs8j0aqy6s702an8wkdcls0q"))))))
+               "0ik0r39ala9c6hj4kxrk933klgwkzlkbrfhvhaykx8l1rwgr2xj3"))))))
 
 (define-public libebml
   (package
@@ -241,6 +239,7 @@ the @code{Graph} class and write it out in a specific file format.")
     (native-inputs
      `(("perl-datetime" ,perl-datetime)
        ;; TODO package: perl-datetime-format-atom
+       ("perl-module-install" ,perl-module-install)
        ("perl-xml-xpath" ,perl-xml-xpath)))
     (inputs
      `(("perl-class-data-inheritable" ,perl-class-data-inheritable)
@@ -436,7 +435,7 @@ libxslt library.")
 (define-public perl-xml-namespacesupport
   (package
     (name "perl-xml-namespacesupport")
-    (version "1.11")
+    (version "1.12")
     (source
      (origin
        (method url-fetch)
@@ -444,7 +443,7 @@ libxslt library.")
                            "XML-NamespaceSupport-" version ".tar.gz"))
        (sha256
         (base32
-         "1sklgcldl3w6gn706vx1cgz6pm4y5lfgsjxnfqyk20pilgq530bd"))))
+         "1vz5pbi4lm5fhq2slrs2hlp6bnk29863abgjlcx43l4dky2rbsa7"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/XML-NamespaceSupport")
     (synopsis "XML namespace support class")
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 6adf2e2fc0..2ae87a60b7 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2015 Eric Dvorsak <eric@dvorsak.fr>
 ;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
 ;;; Copyright © 2015 Cyrill Schenkel <cyrill.schenkel@gmail.com>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
@@ -57,6 +57,7 @@
   #:use-module (gnu packages llvm)
   #:use-module (gnu packages m4)
   #:use-module (gnu packages ncurses)
+  #:use-module (gnu packages pciutils)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
@@ -1112,8 +1113,29 @@ themselves.")
           (base32
             "16dr80rdw5bzdyhahvilfjrflj7scs2yl2mmghsb84f3nglm8b3m"))))
     (build-system gnu-build-system)
+    (arguments
+     '(;; Make sure libpciaccess can read compressed 'pci.ids' files as
+       ;; provided by pciutils.
+       #:configure-flags
+       (list "--with-zlib"
+             (string-append "--with-pciids-path="
+                            (assoc-ref %build-inputs "pciutils")
+                            "/share/hwdata"))
+
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'add-L-zlib
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             ;; Provide '-LZLIB/lib' next to '-lz' in the .la file.
+             (let ((zlib (assoc-ref inputs "zlib"))
+                   (out  (assoc-ref outputs "out")))
+               (substitute* (string-append out "/lib/libpciaccess.la")
+                 (("-lz")
+                  (string-append "-L" zlib "/lib -lz")))
+               #t))))))
     (inputs
-      `(("zlib" ,zlib)))
+     `(("zlib" ,zlib)
+       ("pciutils" ,pciutils)))                   ;for 'pci.ids.gz'
     (native-inputs
        `(("pkg-config" ,pkg-config)))
     (home-page "https://www.x.org/wiki/")
@@ -1125,7 +1147,7 @@ themselves.")
 (define-public libpthread-stubs
   (package
     (name "libpthread-stubs")
-    (version "0.3")
+    (version "0.4")
     (source
       (origin
         (method url-fetch)
@@ -1135,7 +1157,7 @@ themselves.")
                ".tar.bz2"))
         (sha256
           (base32
-            "16bjv3in19l84hbri41iayvvg4ls9gv1ma0x0qlbmwy67i7dbdim"))))
+            "0cz7s9w8lqgzinicd4g36rjg08zhsbyngh0w68c3np8nlc8mkl74"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)))
     (home-page "https://www.x.org/wiki/")
@@ -1558,7 +1580,7 @@ by the legacy X11 font system.")
 (define-public presentproto
   (package
     (name "presentproto")
-    (version "1.0")
+    (version "1.1")
     (source
       (origin
         (method url-fetch)
@@ -1568,7 +1590,7 @@ by the legacy X11 font system.")
                ".tar.bz2"))
         (sha256
           (base32
-            "1kir51aqg9cwazs14ivcldcn3mzadqgykc9cg87rm40zf947sb41"))))
+            "1f96dlgfwhsd0834z8ydjzjnb0cwha5r6lxgia4say4zhsl276zn"))))
     (build-system gnu-build-system)
     (home-page "https://www.x.org/wiki/")
     (synopsis "Xorg PresentProto protocol headers")
@@ -1819,7 +1841,7 @@ management to participate in an X11R6 session.")
 (define-public util-macros
   (package
     (name "util-macros")
-    (version "1.19.0")
+    (version "1.19.1")
     (source
       (origin
         (method url-fetch)
@@ -1829,7 +1851,7 @@ management to participate in an X11R6 session.")
                ".tar.bz2"))
         (sha256
           (base32
-            "1fnhpryf55l0yqajxn0cxan3kvsjzi67nlanz8clwqzf54cb2d98"))))
+            "19h6wflpmh7xxqr6lk5z8pds6r9r0dn7ijbvaacymx2q0m05km0q"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)))
     (arguments
@@ -2705,6 +2727,53 @@ framebuffer device.")
     (license license:x11)))
 
 
+(define-public xf86-video-freedreno
+  (let ((commit "ccba8f89995de7d5e1b216e580b789c4cda05035"))
+    (package
+      (name "xf86-video-freedreno")
+      (version (string-append "1.4.0-1-" (string-take commit 7)))
+      (source
+       (origin
+         ;; there's no current tarball
+         (method git-fetch)
+         (uri (git-reference
+               (url (string-append "https://anongit.freedesktop.org/git/xorg/"
+                                   "driver/xf86-video-freedreno.git"))
+               (commit commit)))
+         (sha256
+          (base32
+           "0bl9m1agi793lcddv94j8afzw1xc9w810q91mbq0n3dscbbcr9nh"))
+         (file-name (string-append name "-" version))))
+      (build-system gnu-build-system)
+      (inputs
+       `(("libdrm" ,libdrm)
+         ("mesa" ,mesa)
+         ("udev" ,eudev)
+         ("xorg-server" ,xorg-server)))
+      (native-inputs
+       `(("pkg-config" ,pkg-config)
+         ("autoconf" ,autoconf)
+         ("automake" ,automake)
+         ("libtool" ,libtool)))
+       ;; This driver is only supported on ARM systems.
+      (supported-systems '("armhf-linux" "aarch64-linux"))
+      (arguments
+       `(#:configure-flags
+         (list (string-append "--with-xorg-conf-dir="
+                              (assoc-ref %outputs "out")
+                              "/share/X11/xorg.conf.d"))
+         #:phases (modify-phases %standard-phases
+                    (add-after 'unpack 'bootstrap
+                      (lambda _
+                        (zero? (system* "autoreconf" "-vfi")))))))
+      (home-page "https://www.x.org/wiki/")
+      (synopsis "Adreno video driver for X server")
+      (description
+       "xf86-video-freedreno is a 2D graphics driver for the Xorg X server.
+It supports a variety of Adreno graphics chipsets.")
+      (license license:x11))))
+
+
 (define-public xf86-video-geode
   (package
     (name "xf86-video-geode")
@@ -2817,10 +2886,12 @@ X server.")
 
 
 (define-public xf86-video-intel
-  (let ((commit "6babcf15dd605ef40de53f5c34f95b7fd195edbe"))
+  (let ((commit "2100efa105e8c9615eda867d39471d78e500b1bb")
+        (revision "7"))
     (package
       (name "xf86-video-intel")
-      (version (string-append "2.99.917-6-" (string-take commit 7)))
+      (version (string-append "2.99.917-" revision "-"
+                              (string-take commit 7)))
       (source
        (origin
          ;; there's no current tarball
@@ -2830,7 +2901,7 @@ X server.")
                (commit commit)))
          (sha256
           (base32
-           "055v4z26r00h3mxsd084n3aq8b5h0h3jkv52xss76zgbsq3n2354"))
+           "15fg844msmixsvlxcd5wm2awmns652sxcxj2wmp6819lr32lc4ir"))
          (file-name (string-append name "-" version))))
       (build-system gnu-build-system)
       (inputs `(("mesa" ,mesa)
@@ -3149,7 +3220,8 @@ This driver is intended for ATI Rage 128 based cards.")
                ".tar.bz2"))
         (sha256
           (base32
-           "1g2r6gxqrmjdff95d42msxdw6vmkg2zn5sqv0rxd420iwy8wdwyh"))))
+           "1g2r6gxqrmjdff95d42msxdw6vmkg2zn5sqv0rxd420iwy8wdwyh"))
+        (patches (search-patches "xf86-video-siliconmotion-fix-ftbfs.patch"))))
     (build-system gnu-build-system)
     (inputs `(("xorg-server" ,xorg-server)))
     (native-inputs `(("pkg-config" ,pkg-config)))
@@ -3743,7 +3815,7 @@ extension to the X11 protocol.  It includes:
 (define-public xkeyboard-config
   (package
     (name "xkeyboard-config")
-    (version "2.20")
+    (version "2.21")
     (source
       (origin
         (method url-fetch)
@@ -3753,7 +3825,7 @@ extension to the X11 protocol.  It includes:
               ".tar.bz2"))
         (sha256
           (base32
-            "0d619g4r0w1f6q5qmaqjnsc0956gi02fqgpisqffzqy4acjwggyi"))))
+            "1iffxpchy6dfgbby23nfsqqk17h9lfddlmjnhwagqag1z94p1h9h"))))
     (build-system gnu-build-system)
     (inputs
       `(("gettext" ,gettext-minimal)
@@ -5638,14 +5710,14 @@ to answer a question.  Xmessage can also exit after a specified time.")
 (define-public xterm
   (package
     (name "xterm")
-    (version "322")
+    (version "330")
     (source (origin
               (method url-fetch)
               (uri (string-append "ftp://ftp.invisible-island.net/xterm/"
                                   "xterm-" version ".tgz"))
               (sha256
                (base32
-                "1mh9s5g3fs64iimnl7axk0isb5306dyshisxlv5gr8vn7ysl3nws"))))
+                "1psnfmqd23v9gxj8a98nzrgvymrk0p1whwqi92gy15bbkzrgkvks"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--enable-wide-chars" "--enable-256-color"
@@ -5708,6 +5780,7 @@ programs that cannot use the window system directly.")
     (native-inputs
      `(("perl-extutils-depends" ,perl-extutils-depends)
        ("perl-extutils-pkgconfig" ,perl-extutils-pkgconfig)
+       ("perl-module-install" ,perl-module-install)
        ("perl-test-deep" ,perl-test-deep)
        ("perl-test-exception" ,perl-test-exception)))
     (propagated-inputs
@@ -5803,7 +5876,7 @@ basic eye-candy effects.")
 (define-public xpra
   (package
     (name "xpra")
-    (version "2.0.3")
+    (version "2.1.1")
     (source
      (origin
        (method url-fetch)
@@ -5811,7 +5884,7 @@ basic eye-candy effects.")
                            version ".tar.xz"))
        (sha256
         (base32
-         "1f2mkbgjslfivh5xq5xbab1cn6jjyc1d104f692f3s0dnhq7dafa"))))
+         "0fgdddhafxnpjlw5nhfyfyimxp43hdn4yhp1vbsjrz3ypfsfhxq7"))))
     (build-system python-build-system)
     (inputs `(("ffmpeg", ffmpeg)
               ("flac", flac)
diff --git a/gnu/services/admin.scm b/gnu/services/admin.scm
index b9e3fa70a4..14452a86c7 100644
--- a/gnu/services/admin.scm
+++ b/gnu/services/admin.scm
@@ -20,14 +20,19 @@
 (define-module (gnu services admin)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages base)
+  #:use-module (gnu packages logging)
   #:use-module (gnu services)
   #:use-module (gnu services mcron)
   #:use-module (gnu services shepherd)
+  #:use-module (gnu services web)
+  #:use-module (gnu system shadow)
   #:use-module (guix gexp)
+  #:use-module (guix store)
   #:use-module (guix packages)
   #:use-module (guix records)
   #:use-module (srfi srfi-1)
   #:use-module (ice-9 vlist)
+  #:use-module (ice-9 match)
   #:export (%default-rotations
             %rotated-files
 
@@ -41,7 +46,29 @@
             rottlog-configuration
             rottlog-configuration?
             rottlog-service
-            rottlog-service-type))
+            rottlog-service-type
+
+            <tailon-configuration-file>
+            tailon-configuration-file
+            tailon-configuration-file?
+            tailon-configuration-file-files
+            tailon-configuration-file-bind
+            tailon-configuration-file-relative-root
+            tailon-configuration-file-allow-transfers?
+            tailon-configuration-file-follow-names?
+            tailon-configuration-file-tail-lines
+            tailon-configuration-file-allowed-commands
+            tailon-configuration-file-debug?
+            tailon-configuration-file-http-auth
+            tailon-configuration-file-users
+
+            <tailon-configuration>
+            tailon-configuration
+            tailon-configuration?
+            tailon-configuration-config-file
+            tailon-configuration-package
+
+            tailon-service-type))
 
 ;;; Commentary:
 ;;;
@@ -172,4 +199,146 @@ for ROTATION."
                                  rotations)))))
    (default-value (rottlog-configuration))))
 
+
+;;;
+;;; Tailon
+;;;
+
+(define-record-type* <tailon-configuration-file>
+  tailon-configuration-file make-tailon-configuration-file
+  tailon-configuration-file?
+  (files                   tailon-configuration-file-files
+                           (default '("/var/log")))
+  (bind                    tailon-configuration-file-bind
+                           (default "localhost:8080"))
+  (relative-root           tailon-configuration-file-relative-root
+                           (default #f))
+  (allow-transfers?        tailon-configuration-file-allow-transfers?
+                           (default #t))
+  (follow-names?           tailon-configuration-file-follow-names?
+                           (default #t))
+  (tail-lines              tailon-configuration-file-tail-lines
+                           (default 200))
+  (allowed-commands        tailon-configuration-file-allowed-commands
+                           (default '("tail" "grep" "awk")))
+  (debug?                  tailon-configuration-file-debug?
+                           (default #f))
+  (wrap-lines              tailon-configuration-file-wrap-lines
+                           (default #t))
+  (http-auth               tailon-configuration-file-http-auth
+                           (default #f))
+  (users                   tailon-configuration-file-users
+                           (default #f)))
+
+(define (tailon-configuration-files-string files)
+  (string-append
+   "\n"
+   (string-join
+    (map
+     (lambda (x)
+       (string-append
+        "  - "
+        (cond
+         ((string? x)
+          (simple-format #f "'~A'" x))
+         ((list? x)
+          (string-join
+           (cons (simple-format #f "'~A':" (car x))
+                 (map
+                  (lambda (x) (simple-format #f "      - '~A'" x))
+                  (cdr x)))
+           "\n"))
+         (else (error x)))))
+     files)
+    "\n")))
+
+(define-gexp-compiler (tailon-configuration-file-compiler
+                       (file <tailon-configuration-file>) system target)
+  (match file
+    (($ <tailon-configuration-file> files bind relative-root
+                                    allow-transfers? follow-names?
+                                    tail-lines allowed-commands debug?
+                                    wrap-lines http-auth users)
+     (text-file
+      "tailon-config.yaml"
+      (string-concatenate
+       (filter-map
+        (match-lambda
+         ((key . #f) #f)
+         ((key . value) (string-append key ": " value "\n")))
+
+        `(("files" . ,(tailon-configuration-files-string files))
+          ("bind" . ,bind)
+          ("relative-root" . ,relative-root)
+          ("allow-transfers" . ,(if allow-transfers? "true" "false"))
+          ("follow-names" . ,(if follow-names? "true" "false"))
+          ("tail-lines" . ,(number->string tail-lines))
+          ("commands" . ,(string-append "["
+                                        (string-join allowed-commands ", ")
+                                        "]"))
+          ("debug" . ,(if debug? "true" #f))
+          ("wrap-lines" . ,(if wrap-lines "true" "false"))
+          ("http-auth" . ,http-auth)
+          ("users" . ,(if users
+                          (string-concatenate
+                           (cons "\n"
+                                 (map (match-lambda
+                                       ((user . pass)
+                                        (string-append
+                                         "  " user ":" pass)))
+                                      users)))
+                          #f)))))))))
+
+(define-record-type* <tailon-configuration>
+  tailon-configuration make-tailon-configuration
+  tailon-configuration?
+  (config-file tailon-configuration-config-file
+               (default (tailon-configuration-file)))
+  (package tailon-configuration-package
+           (default tailon)))
+
+(define tailon-shepherd-service
+  (match-lambda
+    (($ <tailon-configuration> config-file package)
+     (list (shepherd-service
+            (provision '(tailon))
+            (documentation "Run the tailon daemon.")
+            (start #~(make-forkexec-constructor
+                      `(,(string-append #$package "/bin/tailon")
+                        "-c" ,#$config-file)
+                      #:user "tailon"
+                      #:group "tailon"))
+            (stop #~(make-kill-destructor)))))))
+
+(define %tailon-accounts
+  (list (user-group (name "tailon") (system? #t))
+        (user-account
+         (name "tailon")
+         (group "tailon")
+         (system? #t)
+         (comment "tailon")
+         (home-directory "/var/empty")
+         (shell (file-append shadow "/sbin/nologin")))))
+
+(define tailon-service-type
+  (service-type
+   (name 'tailon)
+   (extensions
+    (list (service-extension shepherd-root-service-type
+                             tailon-shepherd-service)
+          (service-extension account-service-type
+                             (const %tailon-accounts))))
+   (compose concatenate)
+   (extend (lambda (parameter files)
+             (tailon-configuration
+              (inherit parameter)
+              (config-file
+               (let ((old-config-file
+                      (tailon-configuration-config-file parameter)))
+                 (tailon-configuration-file
+                  (inherit old-config-file)
+                  (files (append (tailon-configuration-file-files old-config-file)
+                                 files))))))))
+   (default-value (tailon-configuration))))
+
 ;;; admin.scm ends here
diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm
new file mode 100644
index 0000000000..22814a6c09
--- /dev/null
+++ b/gnu/services/audio.scm
@@ -0,0 +1,86 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Peter Mikkelsen <petermikkelsen10@gmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services audio)
+  #:use-module (guix gexp)
+  #:use-module (gnu services)
+  #:use-module (gnu services shepherd)
+  #:use-module (gnu packages mpd)
+  #:use-module (guix records)
+  #:use-module (ice-9 match)
+  #:export (mpd-configuration
+            mpd-configuration?
+            mpd-service-type))
+
+;;; Commentary:
+;;;
+;;; Audio related services
+;;;
+;;; Code:
+
+(define-record-type* <mpd-configuration>
+  mpd-configuration make-mpd-configuration
+  mpd-configuration?
+  (user         mpd-configuration-user
+                (default "mpd"))
+  (music-dir    mpd-configuration-music-dir
+                (default "~/Music"))
+  (playlist-dir mpd-configuration-playlist-dir
+                (default "~/.mpd/playlists"))
+  (port         mpd-configuration-port
+                (default "6600"))
+  (address      mpd-configuration-address
+                (default "any"))
+  (pid-file     mpd-configuration-pid-file
+                (default "/var/run/mpd.pid")))
+
+(define (mpd-config->file config)
+  (apply
+   mixed-text-file "mpd.conf"
+   "audio_output {\n"
+   "  type \"pulse\"\n"
+   "  name \"MPD\"\n"
+   "}\n"
+   (map (match-lambda
+          ((config-name config-val)
+           (string-append config-name " \"" (config-val config) "\"\n")))
+        `(("user" ,mpd-configuration-user)
+          ("music_directory" ,mpd-configuration-music-dir)
+          ("playlist_directory" ,mpd-configuration-playlist-dir)
+          ("port" ,mpd-configuration-port)
+          ("bind_to_address" ,mpd-configuration-address)
+          ("pid_file" ,mpd-configuration-pid-file)))))
+
+(define (mpd-service config)
+  (shepherd-service
+   (documentation "Run the MPD (Music Player Daemon)")
+   (provision '(mpd))
+   (start #~(make-forkexec-constructor
+             (list #$(file-append mpd "/bin/mpd")
+                   "--no-daemon"
+                   #$(mpd-config->file config))
+             #:pid-file #$(mpd-configuration-pid-file config)))
+   (stop  #~(make-kill-destructor))))
+
+(define mpd-service-type
+  (service-type
+   (name 'mpd)
+   (extensions
+    (list (service-extension shepherd-root-service-type
+                             (compose list mpd-service))))
+   (default-value (mpd-configuration))))
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 813535ed65..54bd9ca2fb 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -37,7 +37,7 @@
   #:use-module ((gnu packages linux)
                 #:select (alsa-utils crda eudev e2fsprogs fuse gpm kbd lvm2 rng-tools))
   #:use-module ((gnu packages base)
-                #:select (canonical-package glibc))
+                #:select (canonical-package glibc glibc-utf8-locales))
   #:use-module (gnu packages bash)
   #:use-module (gnu packages package-management)
   #:use-module (gnu packages linux)
@@ -1220,6 +1220,9 @@ Service Switch}, for an example."
      # Don't log private authentication messages!
      *.info;mail.none;authpriv.none          /var/log/messages
 
+     # Like /var/log/messages, but also including \"debug\"-level logs.
+     *.debug;mail.none;authpriv.none         /var/log/debug
+
      # Same, in a different place.
      *.info;mail.none;authpriv.none          /dev/tty12
 
@@ -1499,7 +1502,15 @@ failed to register hydra.gnu.org public key: ~a~%" status))))))))
                                    #~())
                             #$@(if cache
                                    #~((string-append "--cache=" #$cache))
-                                   #~()))))
+                                   #~()))
+
+                      ;; Make sure we run in a UTF-8 locale so we can produce
+                      ;; nars for packages that contain UTF-8 file names such
+                      ;; as 'nss-certs'.  See <https://bugs.gnu.org/26948>.
+                      #:environment-variables
+                      (list (string-append "GUIX_LOCPATH="
+                                           #$glibc-utf8-locales "/lib/locale")
+                            "LC_ALL=en_US.utf8")))
             (stop #~(make-kill-destructor)))))))
 
 (define %guix-publish-accounts
diff --git a/gnu/services/cuirass.scm b/gnu/services/cuirass.scm
index 88a9a86111..73a30b2402 100644
--- a/gnu/services/cuirass.scm
+++ b/gnu/services/cuirass.scm
@@ -23,6 +23,7 @@
   #:use-module (guix records)
   #:use-module (gnu packages admin)
   #:autoload   (gnu packages ci) (cuirass)
+  #:autoload   (gnu packages version-control) (git)
   #:use-module (gnu services)
   #:use-module (gnu services base)
   #:use-module (gnu services shepherd)
@@ -66,6 +67,8 @@
                     (default #f))
   (one-shot?        cuirass-configuration-one-shot? ;boolean
                     (default #f))
+  (fallback?        cuirass-configuration-fallback? ;boolean
+                    (default #f))
   (load-path        cuirass-configuration-load-path
                     (default '())))
 
@@ -84,6 +87,7 @@
          (specs            (cuirass-configuration-specifications config))
          (use-substitutes? (cuirass-configuration-use-substitutes? config))
          (one-shot?        (cuirass-configuration-one-shot? config))
+         (fallback?        (cuirass-configuration-fallback? config))
          (load-path        (cuirass-configuration-load-path config)))
      (list (shepherd-service
             (documentation "Run Cuirass.")
@@ -99,8 +103,15 @@
                             "--interval" #$(number->string interval)
                             #$@(if use-substitutes? '("--use-substitutes") '())
                             #$@(if one-shot? '("--one-shot") '())
+                            #$@(if fallback? '("--fallback") '())
                             #$@(if (null? load-path) '()
                                  `("--load-path" ,(string-join load-path ":"))))
+
+                      #:environment-variables
+                      (list "GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt"
+                            (string-append "GIT_EXEC_PATH=" #$git
+                                           "/libexec/git-core"))
+
                       #:user #$user
                       #:group #$group
                       #:log-file #$log-file))
diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm
index 3ecc8aff78..de1f6b8411 100644
--- a/gnu/services/databases.scm
+++ b/gnu/services/databases.scm
@@ -25,6 +25,7 @@
   #:use-module (gnu system shadow)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages databases)
+  #:use-module (guix modules)
   #:use-module (guix records)
   #:use-module (guix gexp)
   #:use-module (ice-9 match)
@@ -33,6 +34,16 @@
             postgresql-service
             postgresql-service-type
 
+            memcached-service-type
+            <memcached-configuration>
+            memcached-configuration
+            memcached-configuration?
+            memcached-configuration-memecached
+            memcached-configuration-interfaces
+            memcached-configuration-tcp-port
+            memcached-configuration-udp-port
+            memcached-configuration-additional-options
+
             mysql-service
             mysql-service-type
             mysql-configuration
@@ -178,6 +189,81 @@ and stores the database cluster in @var{data-directory}."
 
 
 ;;;
+;;; Memcached
+;;;
+
+(define-record-type* <memcached-configuration>
+  memcached-configuration make-memcached-configuration
+  memcached-configuration?
+  (memcached          memcached-configuration-memcached ;<package>
+                      (default memcached))
+  (interfaces         memcached-configuration-interfaces
+                      (default '("0.0.0.0")))
+  (tcp-port           memcached-configuration-tcp-port
+                      (default 11211))
+  (udp-port           memcached-configuration-udp-port
+                      (default 11211))
+  (additional-options memcached-configuration-additional-options
+                      (default '())))
+
+(define %memcached-accounts
+  (list (user-group (name "memcached") (system? #t))
+        (user-account
+         (name "memcached")
+         (group "memcached")
+         (system? #t)
+         (comment "Memcached server user")
+         (home-directory "/var/empty")
+         (shell (file-append shadow "/sbin/nologin")))))
+
+(define memcached-activation
+  #~(begin
+      (use-modules (guix build utils))
+      (let ((user (getpwnam "memcached")))
+        (mkdir-p "/var/run/memcached")
+        (chown "/var/run/memcached"
+               (passwd:uid user) (passwd:gid user)))))
+
+(define memcached-shepherd-service
+  (match-lambda
+    (($ <memcached-configuration> memcached interfaces tcp-port udp-port
+                                  additional-options)
+     (with-imported-modules (source-module-closure
+                             '((gnu build shepherd)))
+       (list (shepherd-service
+              (provision '(memcached))
+              (documentation "Run the Memcached daemon.")
+              (requirement '(user-processes loopback))
+              (modules '((gnu build shepherd)))
+              (start #~(make-forkexec-constructor
+                        `(#$(file-append memcached "/bin/memcached")
+                          "-l" #$(string-join interfaces ",")
+                          "-p" #$(number->string tcp-port)
+                          "-U" #$(number->string udp-port)
+                          "--daemon"
+                          ;; Memcached changes to the memcached user prior to
+                          ;; writing the pid file, so write it to a directory
+                          ;; that memcached owns.
+                          "-P" "/var/run/memcached/pid"
+                          "-u" "memcached"
+                          ,#$@additional-options)
+                        #:log-file "/var/log/memcached"
+                        #:pid-file "/var/run/memcached/pid"))
+              (stop #~(make-kill-destructor))))))))
+
+(define memcached-service-type
+  (service-type (name 'memcached)
+                (extensions
+                 (list (service-extension shepherd-root-service-type
+                                          memcached-shepherd-service)
+                       (service-extension activation-service-type
+                                          (const memcached-activation))
+                       (service-extension account-service-type
+                                          (const %memcached-accounts))))
+                (default-value (memcached-configuration))))
+
+
+;;;
 ;;; MySQL.
 ;;;
 
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 50a561bf51..0509bd8a44 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -73,6 +73,9 @@
             elogind-service
             elogind-service-type
 
+            accountsservice-service-type
+            accountsservice-service
+
             gnome-desktop-configuration
             gnome-desktop-configuration?
             gnome-desktop-service
@@ -705,6 +708,33 @@ when they log out."
 
 
 ;;;
+;;; AccountsService service.
+;;;
+
+(define %accountsservice-activation
+  #~(begin
+      (use-modules (guix build utils))
+      (mkdir-p "/var/lib/AccountsService")))
+
+(define accountsservice-service-type
+  (service-type (name 'accountsservice)
+                (extensions
+                 (list (service-extension activation-service-type
+                                          (const %accountsservice-activation))
+                       (service-extension dbus-root-service-type list)
+                       (service-extension polkit-service-type list)))))
+
+(define* (accountsservice-service #:key (accountsservice accountsservice))
+  "Return a service that runs AccountsService, a system service that
+can list available accounts, change their passwords, and so on.
+AccountsService integrates with PolicyKit to enable unprivileged users to
+acquire the capability to modify their system configuration.
+@uref{https://www.freedesktop.org/wiki/Software/AccountsService/, the
+accountsservice web site} for more information."
+  (service accountsservice-service-type accountsservice))
+
+
+;;;
 ;;; GNOME desktop service.
 ;;;
 
@@ -783,6 +813,7 @@ with the administrator's password."
          (wicd-service)
          (udisks-service)
          (upower-service)
+         (accountsservice-service)
          (colord-service)
          (geoclue-service)
          (polkit-service)
diff --git a/gnu/services/herd.scm b/gnu/services/herd.scm
index f8d60a4802..5c894af6fd 100644
--- a/gnu/services/herd.scm
+++ b/gnu/services/herd.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -49,7 +49,8 @@
             unload-services
             unload-service
             load-services
-            start-service))
+            start-service
+            stop-service))
 
 ;;; Commentary:
 ;;;
@@ -135,7 +136,8 @@ does not denote an error."
 
 (define* (invoke-action service action arguments cont)
   "Invoke ACTION on SERVICE with ARGUMENTS.  On success, call CONT with the
-result.  Otherwise return #f."
+list of results (one result per instance with the name SERVICE).  Otherwise
+return #f."
   (with-shepherd sock
     (write `(shepherd-command (version 0)
                               (action ,action)
@@ -146,7 +148,7 @@ result.  Otherwise return #f."
     (force-output sock)
 
     (match (read sock)
-      (('reply ('version 0 _ ...) ('result (result)) ('error #f)
+      (('reply ('version 0 _ ...) ('result result) ('error #f)
                ('messages messages))
        (for-each display-message messages)
        (cont result))
@@ -185,30 +187,34 @@ of pairs."
   "Return the list of currently defined Shepherd services, represented as
 <live-service> objects.  Return #f if the list of services could not be
 obtained."
-  (with-shepherd-action 'root ('status) services
-    (match services
-      ((('service ('version 0 _ ...) _ ...) ...)
-       (map (lambda (service)
-              (alist-let* service (provides requires running)
-                (live-service provides requires running)))
-            services))
-      (x
-       #f))))
+  (with-shepherd-action 'root ('status) results
+    ;; We get a list of results, one for each service with the name 'root'.
+    ;; In practice there's only one such service though.
+    (match results
+      ((services _ ...)
+       (match services
+         ((('service ('version 0 _ ...) _ ...) ...)
+          (map (lambda (service)
+                 (alist-let* service (provides requires running)
+                   (live-service provides requires running)))
+               services))
+         (x
+          #f))))))
 
 (define (unload-service service)
   "Unload SERVICE, a symbol name; return #t on success."
   (with-shepherd-action 'root ('unload (symbol->string service)) result
-    result))
+    (first result)))
 
 (define (%load-file file)
   "Load FILE in the Shepherd."
   (with-shepherd-action 'root ('load file) result
-    result))
+    (first result)))
 
 (define (eval-there exp)
   "Eval EXP in the Shepherd."
   (with-shepherd-action 'root ('eval (object->string exp)) result
-    result))
+    (first result)))
 
 (define (load-services files)
   "Load and register the services from FILES, where FILES contain code that
@@ -222,6 +228,10 @@ returns a shepherd <service> object."
   (with-shepherd-action name ('start) result
     result))
 
+(define (stop-service name)
+  (with-shepherd-action name ('stop) result
+    result))
+
 ;; Local Variables:
 ;; eval: (put 'alist-let* 'scheme-indent-function 2)
 ;; eval: (put 'with-shepherd 'scheme-indent-function 1)
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index c381581896..b45008de64 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -334,10 +334,13 @@ Protocol (DHCP) client, on all the non-loopback network interfaces."
   (service dhcp-client-service-type dhcp))
 
 (define %ntp-servers
-  ;; Default set of NTP servers.
-  '("0.pool.ntp.org"
-    "1.pool.ntp.org"
-    "2.pool.ntp.org"))
+  ;; Default set of NTP servers. These URLs are managed by the NTP Pool project.
+  ;; Within Guix, Leo Famulari <leo@famulari.name> is the administrative contact
+  ;; for this NTP pool "zone".
+  '("0.guix.pool.ntp.org"
+    "1.guix.pool.ntp.org"
+    "2.guix.pool.ntp.org"
+    "3.guix.pool.ntp.org"))
 
 
 ;;;
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 2a6c8d45c2..697bb1b82e 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -28,6 +28,8 @@
   #:use-module (gnu system shadow)
   #:use-module (guix gexp)
   #:use-module (guix records)
+  #:use-module (guix modules)
+  #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-26)
   #:use-module (ice-9 match)
   #:export (lsh-configuration
@@ -295,7 +297,11 @@ The other options should be self-descriptive."
                          (default #t))
   ;; list of two-element lists
   (subsystems            openssh-configuration-subsystems
-                         (default '(("sftp" "internal-sftp")))))
+                         (default '(("sftp" "internal-sftp"))))
+
+  ;; list of user-name/file-like tuples
+  (authorized-keys       openssh-authorized-keys
+                         (default '())))
 
 (define %openssh-accounts
   (list (user-group (name "sshd") (system? #t))
@@ -309,22 +315,64 @@ The other options should be self-descriptive."
 
 (define (openssh-activation config)
   "Return the activation GEXP for CONFIG."
-  #~(begin
-      (use-modules (guix build utils))
-      (mkdir-p "/etc/ssh")
-      (mkdir-p (dirname #$(openssh-configuration-pid-file config)))
-
-      (define (touch file-name)
-        (call-with-output-file file-name (const #t)))
-
-      (let ((lastlog "/var/log/lastlog"))
-        (when #$(openssh-configuration-print-last-log? config)
-          (unless (file-exists? lastlog)
-            (touch lastlog))))
-
-      ;; Generate missing host keys.
-      (system* (string-append #$(openssh-configuration-openssh config)
-                              "/bin/ssh-keygen") "-A")))
+  (with-imported-modules '((guix build utils))
+    #~(begin
+        (use-modules (guix build utils))
+
+        (define (touch file-name)
+          (call-with-output-file file-name (const #t)))
+
+        ;; Make sure /etc/ssh can be read by the 'sshd' user.
+        (mkdir-p "/etc/ssh")
+        (chmod "/etc/ssh" #o755)
+        (mkdir-p (dirname #$(openssh-configuration-pid-file config)))
+
+        ;; 'sshd' complains if the authorized-key directory and its parents
+        ;; are group-writable, which rules out /gnu/store.  Thus we copy the
+        ;; authorized-key directory to /etc.
+        (catch 'system-error
+          (lambda ()
+            (delete-file-recursively "/etc/authorized_keys.d"))
+          (lambda args
+            (unless (= ENOENT (system-error-errno args))
+              (apply throw args))))
+        (copy-recursively #$(authorized-key-directory
+                             (openssh-authorized-keys config))
+                          "/etc/ssh/authorized_keys.d")
+
+        (chmod "/etc/ssh/authorized_keys.d" #o555)
+
+        (let ((lastlog "/var/log/lastlog"))
+          (when #$(openssh-configuration-print-last-log? config)
+            (unless (file-exists? lastlog)
+              (touch lastlog))))
+
+        ;; Generate missing host keys.
+        (system* (string-append #$(openssh-configuration-openssh config)
+                                "/bin/ssh-keygen") "-A"))))
+
+(define (authorized-key-directory keys)
+  "Return a directory containing the authorized keys specified in KEYS, a list
+of user-name/file-like tuples."
+  (define build
+    (with-imported-modules (source-module-closure '((guix build utils)))
+      #~(begin
+          (use-modules (ice-9 match) (srfi srfi-26)
+                       (guix build utils))
+
+          (mkdir #$output)
+          (for-each (match-lambda
+                      ((user keys ...)
+                       (let ((file (string-append #$output "/" user)))
+                         (call-with-output-file file
+                           (lambda (port)
+                             (for-each (lambda (key)
+                                         (call-with-input-file key
+                                           (cut dump-port <> port)))
+                                       keys))))))
+                    '#$keys))))
+
+  (computed-file "openssh-authorized-keys" build))
 
 (define (openssh-config-file config)
   "Return the sshd configuration file corresponding to CONFIG."
@@ -367,6 +415,11 @@ The other options should be self-descriptive."
            (format port "PrintLastLog ~a\n"
                    #$(if (openssh-configuration-print-last-log? config)
                          "yes" "no"))
+
+           ;; Add '/etc/authorized_keys.d/%u', which we populate.
+           (format port "AuthorizedKeysFile \
+ .ssh/authorized_keys .ssh/authorized_keys2 /etc/ssh/authorized_keys.d/%u\n")
+
            (for-each
             (match-lambda
               ((name command) (format port "Subsystem\t~a\t~a\n" name command)))
@@ -398,6 +451,13 @@ The other options should be self-descriptive."
          #:allow-empty-passwords?
          (openssh-configuration-allow-empty-passwords? config))))
 
+(define (extend-openssh-authorized-keys config keys)
+  "Extend CONFIG with the extra authorized keys listed in KEYS."
+  (openssh-configuration
+   (inherit config)
+   (authorized-keys
+    (append (openssh-authorized-keys config) keys))))
+
 (define openssh-service-type
   (service-type (name 'openssh)
                 (extensions
@@ -409,6 +469,8 @@ The other options should be self-descriptive."
                                           openssh-activation)
                        (service-extension account-service-type
                                           (const %openssh-accounts))))
+                (compose concatenate)
+                (extend extend-openssh-authorized-keys)
                 (default-value (openssh-configuration))))
 
 
diff --git a/gnu/services/sysctl.scm b/gnu/services/sysctl.scm
index be5be59a05..5e9e6f0661 100644
--- a/gnu/services/sysctl.scm
+++ b/gnu/services/sysctl.scm
@@ -33,7 +33,7 @@
 ;;;
 
 (define-record-type* <sysctl-configuration>
-  sysctl-configuration make-sysctl-configuration?
+  sysctl-configuration make-sysctl-configuration
   sysctl-configuration?
   (sysctl   sysctl-configuration-sysctl    ; path of the 'sysctl' command
             (default (file-append procps "/sbin/sysctl")))
diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm
new file mode 100644
index 0000000000..845cdb07ba
--- /dev/null
+++ b/gnu/services/virtualization.scm
@@ -0,0 +1,492 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Ryan Moe <ryan.moe@gmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services virtualization)
+  #:use-module (gnu services)
+  #:use-module (gnu services configuration)
+  #:use-module (gnu services base)
+  #:use-module (gnu services dbus)
+  #:use-module (gnu services shepherd)
+  #:use-module (gnu system shadow)
+  #:use-module (gnu packages admin)
+  #:use-module (gnu packages virtualization)
+  #:use-module (guix records)
+  #:use-module (guix gexp)
+  #:use-module (guix packages)
+  #:use-module (ice-9 match)
+
+  #:export (libvirt-configuration
+            libvirt-service-type
+            virtlog-service-type))
+
+(define (uglify-field-name field-name)
+  (let ((str (symbol->string field-name)))
+    (string-join
+     (string-split (string-delete #\? str) #\-)
+     "_")))
+
+(define (quote-val val)
+  (string-append "\"" val "\""))
+
+(define (serialize-field field-name val)
+  (format #t "~a = ~a\n" (uglify-field-name field-name) val))
+
+(define (serialize-string field-name val)
+  (serialize-field field-name (quote-val val)))
+
+(define (serialize-boolean field-name val)
+  (serialize-field field-name (if val 1 0)))
+
+(define (serialize-integer field-name val)
+  (serialize-field field-name val))
+
+(define (build-opt-list val)
+  (string-append
+   "["
+   (string-join (map quote-val val) ",")
+   "]"))
+
+(define optional-list? list?)
+(define optional-string? string?)
+
+(define (serialize-list field-name val)
+  (serialize-field field-name (build-opt-list val)))
+
+(define (serialize-optional-list field-name val)
+  (if (null? val)
+      (format #t "# ~a = []\n" (uglify-field-name field-name))
+      (serialize-list field-name val)))
+
+(define (serialize-optional-string field-name val)
+  (if (string-null? val)
+      (format #t "# ~a = \"\"\n" (uglify-field-name field-name))
+      (serialize-string field-name val)))
+
+(define-configuration libvirt-configuration
+  (libvirt
+   (package libvirt)
+   "Libvirt package.")
+  (listen-tls?
+   (boolean #t)
+   "Flag listening for secure TLS connections on the public TCP/IP port.
+must set @code{listen} for this to have any effect.
+
+It is necessary to setup a CA and issue server certificates before
+using this capability.")
+  (listen-tcp?
+   (boolean #f)
+   "Listen for unencrypted TCP connections on the public TCP/IP port.
+must set @code{listen} for this to have any effect.
+
+Using the TCP socket requires SASL authentication by default. Only
+SASL mechanisms which support data encryption are allowed. This is
+DIGEST_MD5 and GSSAPI (Kerberos5)")
+  (tls-port
+   (string "16514")
+   "Port for accepting secure TLS connections This can be a port number,
+or service name")
+  (tcp-port
+   (string "16509")
+   "Port for accepting insecure TCP connections This can be a port number,
+or service name")
+  (listen-addr
+   (string "0.0.0.0")
+   "IP address or hostname used for client connections.")
+  (mdns-adv?
+   (boolean #f)
+   "Flag toggling mDNS advertisement of the libvirt service.
+
+Alternatively can disable for all services on a host by
+stopping the Avahi daemon.")
+  (mdns-name
+   (string (string-append "Virtualization Host " (gethostname)))
+   "Default mDNS advertisement name. This must be unique on the
+immediate broadcast network.")
+  (unix-sock-group
+   (string "root")
+   "UNIX domain socket group ownership. This can be used to
+allow a 'trusted' set of users access to management capabilities
+without becoming root.")
+  (unix-sock-ro-perms
+   (string "0777")
+   "UNIX socket permissions for the R/O socket. This is used
+for monitoring VM status only.")
+  (unix-sock-rw-perms
+   (string "0770")
+   "UNIX socket permissions for the R/W socket. Default allows
+only root. If PolicyKit is enabled on the socket, the default
+will change to allow everyone (eg, 0777)")
+  (unix-sock-admin-perms
+   (string "0777")
+   "UNIX socket permissions for the admin socket. Default allows
+only owner (root), do not change it unless you are sure to whom
+you are exposing the access to.")
+  (unix-sock-dir
+   (string "/var/run/libvirt")
+   "The directory in which sockets will be found/created.")
+  (auth-unix-ro
+   (string "polkit")
+   "Authentication scheme for UNIX read-only sockets. By default
+socket permissions allow anyone to connect")
+  (auth-unix-rw
+   (string "polkit")
+   "Authentication scheme for UNIX read-write sockets. By default
+socket permissions only allow root. If PolicyKit support was compiled
+into libvirt, the default will be to use 'polkit' auth.")
+  (auth-tcp
+   (string "sasl")
+   "Authentication scheme for TCP sockets. If you don't enable SASL,
+then all TCP traffic is cleartext. Don't do this outside of a dev/test
+scenario.")
+  (auth-tls
+   (string "none")
+   "Authentication scheme for TLS sockets. TLS sockets already have
+encryption provided by the TLS layer, and limited authentication is
+done by certificates.
+
+It is possible to make use of any SASL authentication mechanism as
+well, by using 'sasl' for this option")
+  (access-drivers
+   (optional-list '())
+   "API access control scheme.
+
+By default an authenticated user is allowed access to all APIs. Access
+drivers can place restrictions on this.")
+  (key-file
+   (string "")
+   "Server key file path. If set to an empty string, then no private key
+is loaded.")
+  (cert-file
+   (string "")
+   "Server key file path. If set to an empty string, then no certificate
+is loaded.")
+  (ca-file
+   (string "")
+   "Server key file path. If set to an empty string, then no CA certificate
+is loaded.")
+  (crl-file
+   (string "")
+   "Certificate revocation list path. If set to an empty string, then no
+CRL is loaded.")
+  (tls-no-sanity-cert
+   (boolean #f)
+   "Disable verification of our own server certificates.
+
+When libvirtd starts it performs some sanity checks against its own
+certificates.")
+  (tls-no-verify-cert
+   (boolean #f)
+   "Disable verification of client certificates.
+
+Client certificate verification is the primary authentication mechanism.
+Any client which does not present a certificate signed by the CA
+will be rejected.")
+  (tls-allowed-dn-list
+   (optional-list '())
+   "Whitelist of allowed x509 Distinguished Name.")
+  (sasl-allowed-usernames
+   (optional-list '())
+   "Whitelist of allowed SASL usernames. The format for username
+depends on the SASL authentication mechanism.")
+  (tls-priority
+   (string "NORMAL")
+   "Override the compile time default TLS priority string. The
+default is usually \"NORMAL\" unless overridden at build time.
+Only set this is it is desired for libvirt to deviate from
+the global default settings.")
+  (max-clients
+   (integer 5000)
+   "Maximum number of concurrent client connections to allow
+over all sockets combined.")
+  (max-queued-clients
+   (integer 1000)
+   "Maximum length of queue of connections waiting to be
+accepted by the daemon. Note, that some protocols supporting
+retransmission may obey this so that a later reattempt at
+connection succeeds.")
+  (max-anonymous-clients
+   (integer 20)
+   "Maximum length of queue of accepted but not yet authenticated
+clients. Set this to zero to turn this feature off")
+  (min-workers
+   (integer 5)
+   "Number of workers to start up initially.")
+  (max-workers
+   (integer 20)
+   "Maximum number of worker threads.
+
+If the number of active clients exceeds @code{min-workers},
+then more threads are spawned, up to max_workers limit.
+Typically you'd want max_workers to equal maximum number
+of clients allowed.")
+  (prio-workers
+   (integer 5)
+   "Number of priority workers. If all workers from above
+pool are stuck, some calls marked as high priority
+(notably domainDestroy) can be executed in this pool.")
+  (max-requests
+    (integer 20)
+    "Total global limit on concurrent RPC calls.")
+  (max-client-requests
+    (integer 5)
+    "Limit on concurrent requests from a single client
+connection. To avoid one client monopolizing the server
+this should be a small fraction of the global max_requests
+and max_workers parameter.")
+  (admin-min-workers
+    (integer 1)
+    "Same as @code{min-workers} but for the admin interface.")
+  (admin-max-workers
+     (integer 5)
+    "Same as @code{max-workers} but for the admin interface.")
+  (admin-max-clients
+    (integer 5)
+    "Same as @code{max-clients} but for the admin interface.")
+  (admin-max-queued-clients
+    (integer 5)
+    "Same as @code{max-queued-clients} but for the admin interface.")
+  (admin-max-client-requests
+    (integer 5)
+    "Same as @code{max-client-requests} but for the admin interface.")
+  (log-level
+    (integer 3)
+    "Logging level. 4 errors, 3 warnings, 2 information, 1 debug.")
+  (log-filters
+    (string "3:remote 4:event")
+    "Logging filters.
+
+A filter allows to select a different logging level for a given category
+of logs
+The format for a filter is one of:
+@itemize
+@item x:name
+
+@item x:+name
+@end itemize
+
+where @code{name} is a string which is matched against the category
+given in the @code{VIR_LOG_INIT()} at the top of each libvirt source
+file, e.g., \"remote\", \"qemu\", or \"util.json\" (the name in the
+filter can be a substring of the full category name, in order
+to match multiple similar categories), the optional \"+\" prefix
+tells libvirt to log stack trace for each message matching
+name, and @code{x} is the minimal level where matching messages should
+be logged:
+
+@itemize
+@item 1: DEBUG
+@item 2: INFO
+@item 3: WARNING
+@item 4: ERROR
+@end itemize
+
+Multiple filters can be defined in a single filters statement, they just
+need to be separated by spaces.")
+  (log-outputs
+    (string "3:stderr")
+    "Logging outputs.
+
+An output is one of the places to save logging information
+The format for an output can be:
+
+@table @code
+@item x:stderr
+output goes to stderr
+
+@item x:syslog:name
+use syslog for the output and use the given name as the ident
+
+@item x:file:file_path
+output to a file, with the given filepath
+
+@item x:journald
+output to journald logging system
+@end table
+
+In all case the x prefix is the minimal level, acting as a filter
+
+@itemize
+@item 1: DEBUG
+@item 2: INFO
+@item 3: WARNING
+@item 4: ERROR
+@end itemize
+
+Multiple outputs can be defined, they just need to be separated by spaces.")
+  (audit-level
+    (integer 1)
+    "Allows usage of the auditing subsystem to be altered
+
+@itemize
+@item 0: disable all auditing
+@item 1: enable auditing, only if enabled on host
+@item 2: enable auditing, and exit if disabled on host.
+@end itemize
+")
+  (audit-logging
+    (boolean #f)
+    "Send audit messages via libvirt logging infrastructure.")
+  (host-uuid
+    (optional-string "")
+    "Host UUID. UUID must not have all digits be the same.")
+  (host-uuid-source
+    (string "smbios")
+    "Source to read host UUID.
+
+@itemize
+
+@item @code{smbios}: fetch the UUID from @code{dmidecode -s system-uuid}
+
+@item @code{machine-id}: fetch the UUID from @code{/etc/machine-id}
+
+@end itemize
+
+If @code{dmidecode} does not provide a valid UUID a temporary UUID
+will be generated.")
+  (keepalive-interval
+    (integer 5)
+    "A keepalive message is sent to a client after
+@code{keepalive_interval} seconds of inactivity to check if
+the client is still responding. If set to -1, libvirtd will
+never send keepalive requests; however clients can still send
+them and the daemon will send responses.")
+  (keepalive-count
+    (integer 5)
+    "Maximum number of keepalive messages that are allowed to be sent
+to the client without getting any response before the connection is
+considered broken.
+
+In other words, the connection is automatically
+closed approximately after
+@code{keepalive_interval * (keepalive_count + 1)} seconds since the last
+message received from the client. When @code{keepalive-count} is
+set to 0, connections will be automatically closed after
+@code{keepalive-interval} seconds of inactivity without sending any
+keepalive messages.")
+  (admin-keepalive-interval
+    (integer 5)
+    "Same as above but for admin interface.")
+  (admin-keepalive-count
+    (integer 5)
+    "Same as above but for admin interface.")
+  (ovs-timeout
+    (integer 5)
+    "Timeout for Open vSwitch calls.
+
+The @code{ovs-vsctl} utility is used for the configuration and
+its timeout option is set by default to 5 seconds to avoid
+potential infinite waits blocking libvirt."))
+
+(define* (libvirt-conf-file config)
+  "Return a libvirtd config file."
+  (plain-file "libvirtd.conf"
+              (with-output-to-string
+                (lambda ()
+                  (serialize-configuration config libvirt-configuration-fields)))))
+
+(define %libvirt-accounts
+  (list (user-group (name "libvirt") (system? #t))))
+
+(define (%libvirt-activation config)
+  (let ((sock-dir (libvirt-configuration-unix-sock-dir config)))
+    #~(begin
+        (use-modules (guix build utils))
+        (mkdir-p #$sock-dir))))
+
+
+(define (libvirt-shepherd-service config)
+  (let* ((config-file (libvirt-conf-file config))
+         (libvirt (libvirt-configuration-libvirt config)))
+    (list (shepherd-service
+           (documentation "Run the libvirt daemon.")
+           (provision '(libvirtd))
+           (start #~(make-forkexec-constructor
+                     (list (string-append #$libvirt "/sbin/libvirtd")
+                           "-f" #$config-file)))
+           (stop #~(make-kill-destructor))))))
+
+(define libvirt-service-type
+  (service-type (name 'libvirt)
+		(extensions
+                 (list
+                  (service-extension polkit-service-type
+                                     (compose list libvirt-configuration-libvirt))
+                  (service-extension profile-service-type
+                                     (compose list
+                                              libvirt-configuration-libvirt))
+                  (service-extension activation-service-type
+                                     %libvirt-activation)
+                  (service-extension shepherd-root-service-type
+                                     libvirt-shepherd-service)
+                  (service-extension account-service-type
+                                     (const %libvirt-accounts))))
+                (default-value (libvirt-configuration))))
+
+
+(define-record-type* <virtlog-configuration>
+  virtlog-configuration make-virtlog-configuration
+  virtlog-configuration?
+  (libvirt      virtlog-configuration-libvirt
+                (default libvirt))
+  (log-level    virtlog-configuration-log-level
+                (default 3))
+  (log-filters  virtlog-configuration-log-filters
+                (default "3:remote 4:event"))
+  (log-outputs  virtlog-configuration-log-outputs
+                (default "3:syslog:virtlogd"))
+  (max-clients  virtlog-configuration-max-clients
+                (default 1024))
+  (max-size     virtlog-configuration-max-size
+                (default 2097152)) ;; 2MB
+  (max-backups  virtlog-configuration-max-backups
+                (default 3)))
+
+(define* (virtlogd-conf-file config)
+  "Return a virtlogd config file."
+  (plain-file "virtlogd.conf"
+              (string-append
+               "log_level = " (number->string (virtlog-configuration-log-level config)) "\n"
+               "log_filters = \"" (virtlog-configuration-log-filters config) "\"\n"
+               "log_outputs = \"" (virtlog-configuration-log-outputs config) "\"\n"
+               "max_clients = " (number->string (virtlog-configuration-max-clients config)) "\n"
+               "max_size = " (number->string (virtlog-configuration-max-size config)) "\n"
+               "max_backups = " (number->string (virtlog-configuration-max-backups config)) "\n")))
+
+(define (virtlogd-shepherd-service config)
+  (let* ((config-file (virtlogd-conf-file config))
+         (libvirt (virtlog-configuration-libvirt config)))
+    (list (shepherd-service
+           (documentation "Run the virtlog daemon.")
+           (provision '(virtlogd))
+           (start #~(make-forkexec-constructor
+                     (list (string-append #$libvirt "/sbin/virtlogd")
+                           "-f" #$config-file)))
+           (stop #~(make-kill-destructor))))))
+
+(define virtlog-service-type
+  (service-type (name 'virtlogd)
+		(extensions
+                 (list
+                  (service-extension shepherd-root-service-type
+                                     virtlogd-shepherd-service)))
+                (default-value (virtlog-configuration))))
+
+(define (generate-libvirt-documentation)
+  (generate-documentation
+   `((libvirt-configuration ,libvirt-configuration-fields))
+   'libvirt-configuration))
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index f85b412159..18278502e4 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -30,18 +30,53 @@
   #:use-module (guix gexp)
   #:use-module (srfi srfi-1)
   #:use-module (ice-9 match)
-  #:export (nginx-configuration
+  #:export (<nginx-configuration>
+            nginx-configuration
             nginx-configuration?
+            nginx-configuartion-nginx
+            nginx-configuration-log-directory
+            nginx-configuration-run-directory
+            nginx-configuration-server-blocks
+            nginx-configuration-upstream-blocks
+            nginx-configuration-file
+
+            <nginx-server-configuration>
             nginx-server-configuration
             nginx-server-configuration?
+            nginx-server-configuration-http-port
+            nginx-server-configuartion-https-port
+            nginx-server-configuration-server-name
+            nginx-server-configuration-root
+            nginx-server-configuration-locations
+            nginx-server-configuration-index
+            nginx-server-configuration-ssl-certificate
+            nginx-server-configuration-ssl-certificate-key
+            nginx-server-configuration-server-tokens?
+
+            <nginx-upstream-configuration>
             nginx-upstream-configuration
             nginx-upstream-configuration?
+            nginx-upstream-configuration-name
+            nginx-upstream-configuration-servers
+
+            <nginx-location-configuration>
             nginx-location-configuration
             nginx-location-configuration?
+            nginx-location-configuration-uri
+            nginx-location-configuration-body
+
+            <nginx-named-location-configuration>
             nginx-named-location-configuration
             nginx-named-location-configuration?
+            nginx-named-location-configuration-name
+            nginx-named-location-configuration-body
+
             nginx-service
-            nginx-service-type))
+            nginx-service-type
+
+            fcgiwrap-configuration
+            fcgiwrap-configuration?
+            fcgiwrap-service-type))
 
 ;;; Commentary:
 ;;;
@@ -110,105 +145,109 @@
 (define (config-domain-strings names)
  "Return a string denoting the nginx config representation of NAMES, a list
 of domain names."
- (string-join
-  (map (match-lambda
+ (map (match-lambda
         ('default "_ ")
-        ((? string? str) (string-append str " ")))
-       names)))
+        ((? string? str) (list str " ")))
+      names))
 
 (define (config-index-strings names)
  "Return a string denoting the nginx config representation of NAMES, a list
 of index files."
- (string-join
-  (map (match-lambda
-        ((? string? str) (string-append str " ")))
-       names)))
+ (map (match-lambda
+        ((? string? str) (list str " ")))
+      names))
 
-(define nginx-location-config
+(define emit-nginx-location-config
   (match-lambda
     (($ <nginx-location-configuration> uri body)
-     (string-append
+     (list
       "      location " uri " {\n"
-      "        " (string-join body "\n    ") "\n"
+      (map (lambda (x) (list "        " x "\n")) body)
       "      }\n"))
     (($ <nginx-named-location-configuration> name body)
-     (string-append
+     (list
       "      location @" name " {\n"
-      "        " (string-join body "\n    ") "\n"
+      (map (lambda (x) (list "        " x "\n")) body)
       "      }\n"))))
 
-(define (default-nginx-server-config server)
-  (string-append
-   "    server {\n"
-   (if (nginx-server-configuration-http-port server)
-       (string-append "      listen "
-                      (number->string (nginx-server-configuration-http-port server))
-                      ";\n")
-       "")
-   (if (nginx-server-configuration-https-port server)
-       (string-append "      listen "
-                      (number->string (nginx-server-configuration-https-port server))
-                      " ssl;\n")
-       "")
-   "      server_name " (config-domain-strings
-                         (nginx-server-configuration-server-name server))
-                        ";\n"
-   (if (nginx-server-configuration-ssl-certificate server)
-       (let ((certificate (nginx-server-configuration-ssl-certificate server)))
-         ;; lstat fails when the certificate file does not exist: it aborts
-         ;; and lets the user fix their configuration.
-         (lstat certificate)
-         (string-append "      ssl_certificate " certificate ";\n"))
-       "")
-   (if (nginx-server-configuration-ssl-certificate-key server)
-       (let ((key (nginx-server-configuration-ssl-certificate-key server)))
-         (lstat key)
-         (string-append "      ssl_certificate_key " key ";\n"))
-       "")
-   "      root " (nginx-server-configuration-root server) ";\n"
-   "      index " (config-index-strings (nginx-server-configuration-index server)) ";\n"
-   "      server_tokens " (if (nginx-server-configuration-server-tokens? server)
-                              "on" "off") ";\n"
-   "\n"
-   (string-join
-    (map nginx-location-config (nginx-server-configuration-locations server))
-    "\n")
-   "    }\n"))
+(define (emit-nginx-server-config server)
+  (let ((http-port (nginx-server-configuration-http-port server))
+        (https-port (nginx-server-configuration-https-port server))
+        (server-name (nginx-server-configuration-server-name server))
+        (ssl-certificate (nginx-server-configuration-ssl-certificate server))
+        (ssl-certificate-key
+         (nginx-server-configuration-ssl-certificate-key server))
+        (root (nginx-server-configuration-root server))
+        (index (nginx-server-configuration-index server))
+        (server-tokens? (nginx-server-configuration-server-tokens? server))
+        (locations (nginx-server-configuration-locations server)))
+    (define-syntax-parameter <> (syntax-rules ()))
+    (define-syntax-rule (and/l x tail ...)
+      (let ((x* x))
+        (if x*
+            (syntax-parameterize ((<> (identifier-syntax x*)))
+              (list tail ...))
+            '())))
+    (for-each
+     (match-lambda
+      ((record-key . file)
+       (if (and file (not (file-exists? file)))
+           (error
+            (simple-format
+             #f
+             "~A in the nginx configuration for the server with name \"~A\" does not exist" record-key server-name)))))
+     `(("ssl-certificate"     . ,ssl-certificate)
+       ("ssl-certificate-key" . ,ssl-certificate-key)))
+    (list
+     "    server {\n"
+     (and/l http-port  "      listen " (number->string <>) ";\n")
+     (and/l https-port "      listen " (number->string <>) " ssl;\n")
+     "      server_name " (config-domain-strings server-name) ";\n"
+     (and/l ssl-certificate     "      ssl_certificate " <> ";\n")
+     (and/l ssl-certificate-key "      ssl_certificate_key " <> ";\n")
+     "      root " root ";\n"
+     "      index " (config-index-strings index) ";\n"
+     "      server_tokens " (if server-tokens? "on" "off") ";\n"
+     "\n"
+     (map emit-nginx-location-config locations)
+     "\n"
+     "    }\n")))
 
-(define (nginx-upstream-config upstream)
-  (string-append
+(define (emit-nginx-upstream-config upstream)
+  (list
    "    upstream " (nginx-upstream-configuration-name upstream) " {\n"
-   (string-concatenate
-    (map (lambda (server)
-           (simple-format #f "      server ~A;\n" server))
-         (nginx-upstream-configuration-servers upstream)))
+   (map (lambda (server)
+          (simple-format #f "      server ~A;\n" server))
+        (nginx-upstream-configuration-servers upstream))
    "    }\n"))
 
+(define (flatten . lst)
+  "Return a list that recursively concatenates all sub-lists of LST."
+  (define (flatten1 head out)
+    (if (list? head)
+        (fold-right flatten1 out head)
+        (cons head out)))
+  (fold-right flatten1 '() lst))
+
 (define (default-nginx-config nginx log-directory run-directory server-list upstream-list)
-  (mixed-text-file "nginx.conf"
-               "user nginx nginx;\n"
-               "pid " run-directory "/pid;\n"
-               "error_log " log-directory "/error.log info;\n"
-               "http {\n"
-               "    client_body_temp_path " run-directory "/client_body_temp;\n"
-               "    proxy_temp_path " run-directory "/proxy_temp;\n"
-               "    fastcgi_temp_path " run-directory "/fastcgi_temp;\n"
-               "    uwsgi_temp_path " run-directory "/uwsgi_temp;\n"
-               "    scgi_temp_path " run-directory "/scgi_temp;\n"
-               "    access_log " log-directory "/access.log;\n"
-               "    include " nginx "/share/nginx/conf/mime.types;\n"
-               "\n"
-               (string-join
-                (filter (lambda (section) (not (null? section)))
-                        (map nginx-upstream-config upstream-list))
-                "\n")
-               "\n"
-               (let ((http (map default-nginx-server-config server-list)))
-                 (do ((http http (cdr http))
-                      (block "" (string-append (car http) "\n" block )))
-                     ((null? http) block)))
-               "}\n"
-               "events {}\n"))
+  (apply mixed-text-file "nginx.conf"
+         (flatten
+          "user nginx nginx;\n"
+          "pid " run-directory "/pid;\n"
+          "error_log " log-directory "/error.log info;\n"
+          "http {\n"
+          "    client_body_temp_path " run-directory "/client_body_temp;\n"
+          "    proxy_temp_path " run-directory "/proxy_temp;\n"
+          "    fastcgi_temp_path " run-directory "/fastcgi_temp;\n"
+          "    uwsgi_temp_path " run-directory "/uwsgi_temp;\n"
+          "    scgi_temp_path " run-directory "/scgi_temp;\n"
+          "    access_log " log-directory "/access.log;\n"
+          "    include " nginx "/share/nginx/conf/mime.types;\n"
+          "\n"
+          (map emit-nginx-upstream-config upstream-list)
+          (map emit-nginx-server-config server-list)
+          "}\n"
+          "events {}\n")))
 
 (define %nginx-accounts
   (list (user-group (name "nginx") (system? #t))
@@ -285,23 +324,58 @@ of index files."
                             (inherit config)
                             (server-blocks
                               (append (nginx-configuration-server-blocks config)
-                              servers)))))))
+                              servers)))))
+                (default-value
+                  (nginx-configuration))))
+
+(define-record-type* <fcgiwrap-configuration> fcgiwrap-configuration
+  make-fcgiwrap-configuration
+  fcgiwrap-configuration?
+  (package       fcgiwrap-configuration-package ;<package>
+                 (default fcgiwrap))
+  (socket        fcgiwrap-configuration-socket
+                 (default "tcp:127.0.0.1:9000"))
+  (user          fcgiwrap-configuration-user
+                 (default "fcgiwrap"))
+  (group         fcgiwrap-configuration-group
+                 (default "fcgiwrap")))
 
-(define* (nginx-service #:key (nginx nginx)
-                        (log-directory "/var/log/nginx")
-                        (run-directory "/var/run/nginx")
-                        (server-list '())
-                        (upstream-list '())
-                        (config-file #f))
-  "Return a service that runs NGINX, the nginx web server.
+(define fcgiwrap-accounts
+  (match-lambda
+    (($ <fcgiwrap-configuration> package socket user group)
+     (filter identity
+             (list
+              (and (equal? group "fcgiwrap")
+                   (user-group
+                    (name "fcgiwrap")
+                    (system? #t)))
+              (and (equal? user "fcgiwrap")
+                   (user-account
+                    (name "fcgiwrap")
+                    (group group)
+                    (system? #t)
+                    (comment "Fcgiwrap Daemon")
+                    (home-directory "/var/empty")
+                    (shell (file-append shadow "/sbin/nologin")))))))))
 
-The nginx daemon loads its runtime configuration from CONFIG-FILE, stores log
-files in LOG-DIRECTORY, and stores temporary runtime files in RUN-DIRECTORY."
-  (service nginx-service-type
-           (nginx-configuration
-            (nginx nginx)
-            (log-directory log-directory)
-            (run-directory run-directory)
-            (server-blocks server-list)
-            (upstream-blocks upstream-list)
-            (file config-file))))
+(define fcgiwrap-shepherd-service
+  (match-lambda
+    (($ <fcgiwrap-configuration> package socket user group)
+     (list (shepherd-service
+            (provision '(fcgiwrap))
+            (documentation "Run the fcgiwrap daemon.")
+            (requirement '(networking))
+            (start #~(make-forkexec-constructor
+                      '(#$(file-append package "/sbin/fcgiwrap")
+			  "-s" #$socket)
+		      #:user #$user #:group #$group))
+            (stop #~(make-kill-destructor)))))))
+
+(define fcgiwrap-service-type
+  (service-type (name 'fcgiwrap)
+                (extensions
+                 (list (service-extension shepherd-root-service-type
+                                          fcgiwrap-shepherd-service)
+		       (service-extension account-service-type
+                                          fcgiwrap-accounts)))
+                (default-value (fcgiwrap-configuration))))
diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm
index 5bae8c18e1..5a8ee6cd40 100644
--- a/gnu/services/xorg.scm
+++ b/gnu/services/xorg.scm
@@ -1,4 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Andy Wingo <wingo@igalia.com>
 ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;;
@@ -22,14 +23,17 @@
   #:use-module (gnu services)
   #:use-module (gnu services shepherd)
   #:use-module (gnu system pam)
+  #:use-module (gnu services dbus)
   #:use-module ((gnu packages base) #:select (canonical-package))
   #:use-module (gnu packages guile)
   #:use-module (gnu packages xorg)
   #:use-module (gnu packages gl)
   #:use-module (gnu packages display-managers)
   #:use-module (gnu packages gnustep)
+  #:use-module (gnu packages gnome)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages bash)
+  #:use-module (gnu system shadow)
   #:use-module (guix gexp)
   #:use-module (guix store)
   #:use-module (guix packages)
@@ -41,6 +45,7 @@
   #:use-module (ice-9 match)
   #:export (xorg-configuration-file
             %default-xorg-modules
+            xorg-wrapper
             xorg-start-command
             xinitrc
 
@@ -53,7 +58,11 @@
             screen-locker
             screen-locker?
             screen-locker-service-type
-            screen-locker-service))
+            screen-locker-service
+
+            gdm-configuration
+            gdm-service-type
+            gdm-service))
 
 ;;; Commentary:
 ;;;
@@ -184,36 +193,51 @@ in @var{modules}."
                                  files)
                        #t))))
 
-(define* (xorg-start-command #:key
-                             (guile (canonical-package guile-2.0))
-                             (configuration-file (xorg-configuration-file))
-                             (modules %default-xorg-modules)
-                             (xorg-server xorg-server))
+(define* (xorg-wrapper #:key
+                       (guile (canonical-package guile-2.0))
+                       (configuration-file (xorg-configuration-file))
+                       (modules %default-xorg-modules)
+                       (xorg-server xorg-server))
   "Return a derivation that builds a @var{guile} script to start the X server
 from @var{xorg-server}.  @var{configuration-file} is the server configuration
 file or a derivation that builds it; when omitted, the result of
-@code{xorg-configuration-file} is used.
-
-Usually the X server is started by a login manager."
+@code{xorg-configuration-file} is used.  The resulting script should be used
+in place of @code{/usr/bin/X}."
   (define exp
     ;; Write a small wrapper around the X server.
     #~(begin
         (setenv "XORG_DRI_DRIVER_PATH" (string-append #$mesa "/lib/dri"))
         (setenv "XKB_BINDIR" (string-append #$xkbcomp "/bin"))
 
-        (apply execl (string-append #$xorg-server "/bin/X")
-               (string-append #$xorg-server "/bin/X") ;argv[0]
-               "-logverbose" "-verbose"
-               "-xkbdir" (string-append #$xkeyboard-config "/share/X11/xkb")
-               "-config" #$configuration-file
-               "-configdir" #$(xorg-configuration-directory modules)
-               "-nolisten" "tcp" "-terminate"
+        (let ((X (string-append #$xorg-server "/bin/X")))
+          (apply execl X X
+                 "-xkbdir" (string-append #$xkeyboard-config "/share/X11/xkb")
+                 "-config" #$configuration-file
+                 "-configdir" #$(xorg-configuration-directory modules)
+                 (cdr (command-line))))))
+
+  (program-file "X-wrapper" exp))
 
-               ;; Note: SLiM and other display managers add the
-               ;; '-auth' flag by themselves.
-               (cdr (command-line)))))
+(define* (xorg-start-command #:key
+                             (guile (canonical-package guile-2.0))
+                             (configuration-file (xorg-configuration-file))
+                             (modules %default-xorg-modules)
+                             (xorg-server xorg-server))
+  "Return a derivation that builds a @code{startx} script in which a number of
+X modules are available.  See @code{xorg-wrapper} for more details on the
+arguments.  The result should be used in place of @code{startx}."
+  (define X
+    (xorg-wrapper #:guile guile
+                  #:configuration-file configuration-file
+                  #:modules modules
+                  #:xorg-server xorg-server))
+  (define exp
+    ;; Write a small wrapper around the X server.
+    #~(apply execl #$X #$X ;; Second #$X is for argv[0].
+             "-logverbose" "-verbose" "-nolisten" "tcp" "-terminate"
+             (cdr (command-line))))
 
-  (program-file "start-xorg" exp))
+  (program-file "startx" exp))
 
 (define* (xinitrc #:key
                   (guile (canonical-package guile-2.0))
@@ -459,4 +483,142 @@ makes the good ol' XlockMore usable."
                           (file-append package "/bin/" program)
                           allow-empty-passwords?)))
 
+(define %gdm-accounts
+  (list (user-group (name "gdm") (system? #t))
+        (user-account
+         (name "gdm")
+         (group "gdm")
+         (system? #t)
+         (comment "GNOME Display Manager user")
+         (home-directory "/var/lib/gdm")
+         (shell (file-append shadow "/sbin/nologin")))))
+
+(define-record-type* <gdm-configuration>
+  gdm-configuration make-gdm-configuration
+  gdm-configuration?
+  (gdm gdm-configuration-gdm (default gdm))
+  (allow-empty-passwords? gdm-configuration-allow-empty-passwords? (default #t))
+  (allow-root? gdm-configuration-allow-root? (default #t))
+  (auto-login? gdm-configuration-auto-login? (default #f))
+  (default-user gdm-configuration-default-user (default #f))
+  (x-server gdm-configuration-x-server))
+
+(define (gdm-etc-service config)
+  (define gdm-configuration-file
+    (mixed-text-file "gdm-custom.conf"
+                     "[daemon]\n"
+                     "#User=gdm\n"
+                     "#Group=gdm\n"
+                     (if (gdm-configuration-auto-login? config)
+                         (string-append
+                          "AutomaticLoginEnable=true\n"
+                          "AutomaticLogin="
+                          (or (gdm-configuration-default-user config)
+                              (error "missing default user for auto-login"))
+                          "\n")
+                         (string-append
+                          "AutomaticLoginEnable=false\n"
+                          "#AutomaticLogin=\n"))
+                     "#TimedLoginEnable=false\n"
+                     "#TimedLogin=\n"
+                     "#TimedLoginDelay=0\n"
+                     "#InitialSetupEnable=true\n"
+                     ;; Enable me once X is working.
+                     "WaylandEnable=false\n"
+                     "\n"
+                     "[debug]\n"
+                     "Enable=true\n"
+                     "\n"
+                     "[security]\n"
+                     "#DisallowTCP=true\n"
+                     "#AllowRemoteAutoLogin=false\n"))
+  `(("gdm" ,(file-union
+             "gdm"
+             `(("custom.conf" ,gdm-configuration-file))))))
+
+(define (gdm-pam-service config)
+  "Return a PAM service for @command{gdm}."
+  (list
+   (pam-service
+    (inherit (unix-pam-service "gdm-autologin"))
+    (auth (list (pam-entry
+                 (control "[success=ok default=1]")
+                 (module (file-append (gdm-configuration-gdm config)
+                                      "/lib/security/pam_gdm.so")))
+                (pam-entry
+                 (control "sufficient")
+                 (module "pam_permit.so")))))
+   (pam-service
+    (inherit (unix-pam-service "gdm-launch-environment"))
+    (auth (list (pam-entry
+                 (control "required")
+                 (module "pam_permit.so")))))
+   (unix-pam-service
+    "gdm-password"
+    #:allow-empty-passwords? (gdm-configuration-allow-empty-passwords? config)
+    #:allow-root? (gdm-configuration-allow-root? config))))
+
+(define (gdm-shepherd-service config)
+  (list (shepherd-service
+         (documentation "Xorg display server (GDM)")
+         (provision '(xorg-server))
+         (requirement '(dbus-system user-processes host-name udev))
+         ;; While this service isn't working properly, turn off auto-start.
+         (auto-start? #f)
+         (start #~(lambda ()
+                    (fork+exec-command
+                     (list #$(file-append (gdm-configuration-gdm config)
+                                          "/bin/gdm"))
+                     #:environment-variables
+                     (list (string-append
+                            "GDM_X_SERVER="
+                            #$(gdm-configuration-x-server config))))))
+         (stop #~(make-kill-destructor))
+         (respawn? #t))))
+
+(define gdm-service-type
+  (service-type (name 'gdm)
+                (extensions
+                 (list (service-extension shepherd-root-service-type
+                                          gdm-shepherd-service)
+                       (service-extension account-service-type
+                                          (const %gdm-accounts))
+                       (service-extension pam-root-service-type
+                                          gdm-pam-service)
+                       (service-extension etc-service-type
+                                          gdm-etc-service)
+                       (service-extension dbus-root-service-type
+                                          (compose list gdm-configuration-gdm))))))
+
+;; This service isn't working yet; it gets as far as starting to run the
+;; greeter from gnome-shell but doesn't get any further.  It is here because
+;; it doesn't hurt anyone and perhaps it inspires someone to fix it :)
+(define* (gdm-service #:key (gdm gdm)
+                       (allow-empty-passwords? #t)
+                       (x-server (xorg-wrapper)))
+  "Return a service that spawns the GDM graphical login manager, which in turn
+starts the X display server with @var{X}, a command as returned by
+@code{xorg-wrapper}.
+
+@cindex X session
+
+GDM automatically looks for session types described by the @file{.desktop}
+files in @file{/run/current-system/profile/share/xsessions} and allows users
+to choose a session from the log-in screen using @kbd{F1}.  Packages such as
+@var{xfce}, @var{sawfish}, and @var{ratpoison} provide @file{.desktop} files;
+adding them to the system-wide set of packages automatically makes them
+available at the log-in screen.
+
+In addition, @file{~/.xsession} files are honored.  When available,
+@file{~/.xsession} must be an executable that starts a window manager
+and/or other X clients.
+
+When @var{allow-empty-passwords?} is true, allow logins with an empty
+password."
+  (service gdm-service-type
+           (gdm-configuration
+            (gdm gdm)
+            (allow-empty-passwords? allow-empty-passwords?)
+            (x-server x-server))))
+
 ;;; xorg.scm ends here
diff --git a/gnu/system.scm b/gnu/system.scm
index ee1e10f82d..6b35e3c0c7 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -112,7 +112,7 @@
             boot-parameters-initrd
             read-boot-parameters
             read-boot-parameters-file
-            menu-entry->boot-parameters
+            boot-parameters->menu-entry
 
             local-host-aliases
             %setuid-programs
@@ -301,17 +301,15 @@ The object has its kernel-arguments extended in order to make it bootable."
                                                      root-device)))
       #f)))
 
-(define (menu-entry->boot-parameters menu-entry)
-  "Convert a <menu-entry> instance to a corresponding <boot-parameters>."
-  (boot-parameters
-   (label (menu-entry-label menu-entry))
-   (root-device #f)
-   (bootloader-name 'custom)
-   (store-device #f)
-   (store-mount-point #f)
-   (kernel (menu-entry-linux menu-entry))
-   (kernel-arguments (menu-entry-linux-arguments menu-entry))
-   (initrd (menu-entry-initrd menu-entry))))
+(define (boot-parameters->menu-entry conf)
+  (menu-entry
+   (label (boot-parameters-label conf))
+   (device (boot-parameters-store-device conf))
+   (device-mount-point (boot-parameters-store-mount-point conf))
+   (linux (boot-parameters-kernel conf))
+   (linux-arguments (boot-parameters-kernel-arguments conf))
+   (initrd (boot-parameters-initrd conf))))
+
 
 
 ;;;
@@ -392,6 +390,7 @@ from the initrd."
   (cond
    ((string-prefix? "arm" (%current-system)) "zImage")
    ((string-prefix? "mips" (%current-system)) "vmlinuz")
+   ((string-prefix? "aarch64" (%current-system)) "Image")
    (else "bzImage")))
 
 (define (operating-system-kernel-file os)
@@ -403,17 +402,18 @@ OS."
 (define* (operating-system-directory-base-entries os #:key container?)
   "Return the basic entries of the 'system' directory of OS for use as the
 value of the SYSTEM-SERVICE-TYPE service."
-  (mlet %store-monad ((locale (operating-system-locale-directory os)))
-    (if container?
-        (return `(("locale" ,locale)))
-        (mlet %store-monad
-            ((kernel  ->  (operating-system-kernel os))
-             (initrd      (operating-system-initrd-file os))
-             (params      (operating-system-boot-parameters-file os)))
-          (return `(("kernel" ,kernel)
-                    ("parameters" ,params)
-                    ("initrd" ,initrd)
-                    ("locale" ,locale)))))))      ;used by libc
+  (let ((locale (operating-system-locale-directory os)))
+    (with-monad %store-monad
+      (if container?
+          (return `(("locale" ,locale)))
+          (mlet %store-monad
+              ((kernel  ->  (operating-system-kernel os))
+               (initrd      (operating-system-initrd-file os))
+               (params      (operating-system-boot-parameters-file os)))
+            (return `(("kernel" ,kernel)
+                      ("parameters" ,params)
+                      ("initrd" ,initrd)
+                      ("locale" ,locale))))))))   ;used by libc
 
 (define* (essential-services os #:key container?)
   "Return the list of essential services for OS.  These are special services
@@ -514,10 +514,16 @@ explicitly appear in OS."
 
          bash-completion
 
+         ;; XXX: We don't use (canonical-package guile-2.2) here because that
+         ;; would create a collision in the global profile between the GMP
+         ;; variant propagated by 'guile-final' and the GMP variant propagated
+         ;; by 'gnutls', itself propagated by 'guix'.
+         guile-2.2
+
          ;; The packages below are also in %FINAL-INPUTS, so take them from
          ;; there to avoid duplication.
          (map canonical-package
-              (list guile-2.2 bash coreutils-8.27 findutils grep sed
+              (list bash coreutils findutils grep sed
                     diffutils patch gawk tar gzip bzip2 xz lzip))))
 
 (define %default-issue
@@ -717,6 +723,8 @@ use 'plain-file' instead~%")
   (let ((shadow (@ (gnu packages admin) shadow)))
     (list (file-append shadow "/bin/passwd")
           (file-append shadow "/bin/su")
+          (file-append shadow "/bin/newuidmap")
+          (file-append shadow "/bin/newgidmap")
           (file-append inetutils "/bin/ping")
           (file-append inetutils "/bin/ping6")
           (file-append sudo "/bin/sudo")
@@ -862,15 +870,16 @@ listed in OS.  The C library expects to find it under
   (store-file-system (operating-system-file-systems os)))
 
 (define* (operating-system-bootcfg os #:optional (old-entries '()))
-  "Return the bootloader configuration file for OS.  Use OLD-ENTRIES to
-populate the \"old entries\" menu."
+  "Return the bootloader configuration file for OS.  Use OLD-ENTRIES
+(which is a list of <menu-entry>) to populate the \"old entries\" menu."
   (mlet* %store-monad
       ((system      (operating-system-derivation os))
        (root-fs ->  (operating-system-root-file-system os))
        (root-device -> (if (eq? 'uuid (file-system-title root-fs))
                            (uuid->string (file-system-device root-fs))
                            (file-system-device root-fs)))
-       (entry (operating-system-boot-parameters os system root-device))
+       (params (operating-system-boot-parameters os system root-device))
+       (entry -> (boot-parameters->menu-entry params))
        (bootloader-conf -> (operating-system-bootloader os)))
     ((bootloader-configuration-file-generator
       (bootloader-configuration-bootloader bootloader-conf))
diff --git a/gnu/system/examples/bare-bones.tmpl b/gnu/system/examples/bare-bones.tmpl
index f7b8823d4f..459d241885 100644
--- a/gnu/system/examples/bare-bones.tmpl
+++ b/gnu/system/examples/bare-bones.tmpl
@@ -12,7 +12,9 @@
 
   ;; Assuming /dev/sdX is the target hard disk, and "my-root" is
   ;; the label of the target root file system.
-  (bootloader (grub-configuration (device "/dev/sdX")))
+  (bootloader (bootloader-configuration
+                (bootloader grub-bootloader)
+                (target "/dev/sdX")))
   (file-systems (cons (file-system
                         (device "my-root")
                         (title 'label)
diff --git a/gnu/system/examples/desktop.tmpl b/gnu/system/examples/desktop.tmpl
index 8b02659478..2131d1f18f 100644
--- a/gnu/system/examples/desktop.tmpl
+++ b/gnu/system/examples/desktop.tmpl
@@ -13,19 +13,20 @@
 
   ;; Assuming /dev/sdX is the target hard disk, and "my-root"
   ;; is the label of the target root file system.
-  (bootloader (grub-configuration (device "/dev/sdX")))
+  (bootloader (bootloader-configuration
+                (bootloader grub-bootloader)
+                (target "/dev/sdX")))
 
   ;; Specify a mapped device for the encrypted root partition.
   ;; The UUID is that returned by 'cryptsetup luksUUID'.
   (mapped-devices
    (list (mapped-device
           (source (uuid "12345678-1234-1234-1234-123456789abc"))
-          (target "the-root-device")
+          (target "my-root")
           (type luks-device-mapping))))
 
   (file-systems (cons (file-system
                         (device "my-root")
-                        (title 'label)
                         (mount-point "/")
                         (type "ext4")
                         (dependencies mapped-devices))
diff --git a/gnu/system/examples/lightweight-desktop.tmpl b/gnu/system/examples/lightweight-desktop.tmpl
index 6fb6283d29..fb7cfebf6d 100644
--- a/gnu/system/examples/lightweight-desktop.tmpl
+++ b/gnu/system/examples/lightweight-desktop.tmpl
@@ -12,9 +12,10 @@
   (locale "en_US.utf8")
 
   ;; Use the UEFI variant of GRUB with the EFI System
-  ;; Partition on /dev/sda1.
-  (bootloader (grub-configuration (grub grub-efi)
-                                  (device "/dev/sda1")))
+  ;; Partition mounted on /boot/efi.
+  (bootloader (bootloader-configuration
+                (bootloader grub-efi-bootloader)
+                (target "/boot/efi")))
 
   ;; Assume the target root file system is labelled "my-root".
   (file-systems (cons* (file-system
diff --git a/gnu/system/examples/vm-image.tmpl b/gnu/system/examples/vm-image.tmpl
index 57ac71c535..056b439c5f 100644
--- a/gnu/system/examples/vm-image.tmpl
+++ b/gnu/system/examples/vm-image.tmpl
@@ -26,7 +26,7 @@ partprobe, and then 2) resizing the filesystem with resize2fs.\n"))
 
   ;; Assuming /dev/sdX is the target hard disk, and "my-root" is
   ;; the label of the target root file system.
-  (bootloader (grub-configuration (device "/dev/sda")
+  (bootloader (grub-configuration (target "/dev/sda")
                                   (terminal-outputs '(console))))
   (file-systems (cons (file-system
                         (device "my-root")
diff --git a/gnu/system/install.scm b/gnu/system/install.scm
index f9aa7f6733..7f6ffe9582 100644
--- a/gnu/system/install.scm
+++ b/gnu/system/install.scm
@@ -299,14 +299,13 @@ Use Alt-F2 for documentation.
     (host-name "gnu")
     (timezone "Europe/Paris")
     (locale "en_US.utf8")
-    (bootloader (grub-configuration
-                 (device "/dev/sda")))
+    (bootloader (grub-configuration (target "/dev/sda")))
     (file-systems
      ;; Note: the disk image build code overrides this root file system with
      ;; the appropriate one.
      (cons* (file-system
               (mount-point "/")
-              (device "GuixSD")
+              (device "GuixSD_image")
               (title 'label)
               (type "ext4"))
 
diff --git a/gnu/system/locale.scm b/gnu/system/locale.scm
index 51482879f7..75cb855b59 100644
--- a/gnu/system/locale.scm
+++ b/gnu/system/locale.scm
@@ -19,10 +19,8 @@
 (define-module (gnu system locale)
   #:use-module (guix gexp)
   #:use-module (guix store)
-  #:use-module (guix monads)
   #:use-module (guix records)
   #:use-module (guix packages)
-  #:use-module (guix utils)
   #:use-module (gnu packages base)
   #:use-module (gnu packages compression)
   #:use-module (srfi srfi-26)
@@ -85,15 +83,6 @@ or #f on failure."
 (define* (localedef-command locale
                             #:key (libc (canonical-package glibc)))
   "Return a gexp that runs 'localedef' from LIBC to build LOCALE."
-  (define (maybe-version-directory)
-    ;; XXX: For libc prior to 2.22, GuixSD did not store locale data in a
-    ;; version-specific sub-directory.  Check whether this is the case.
-    ;; TODO: Remove this hack once libc 2.21 is buried.
-    (let ((version (package-version libc)))
-      (if (version>=? version "2.22")
-          (list version "/")
-          '())))
-
   #~(begin
       (format #t "building locale '~a'...~%"
               #$(locale-definition-name locale))
@@ -102,7 +91,7 @@ or #f on failure."
                       "-i" #$(locale-definition-source locale)
                       "-f" #$(locale-definition-charset locale)
                       (string-append #$output "/"
-                                     #$@(maybe-version-directory)
+                                     #$(package-version libc) "/"
                                      #$(locale-definition-name locale))))))
 
 (define* (single-locale-directory locales
@@ -119,12 +108,7 @@ of LIBC."
     #~(begin
         (mkdir #$output)
 
-        ;; XXX: For libcs < 2.22, locale data is stored in the top-level
-        ;; directory.
-        ;; TODO: Remove this hack once libc 2.21 is buried.
-        #$(if (version>=? version "2.22")
-              #~(mkdir (string-append #$output "/" #$version))
-              #~(symlink "." (string-append #$output "/" #$version)))
+        (mkdir (string-append #$output "/" #$version))
 
         ;; 'localedef' executes 'gzip' to access compressed locale sources.
         (setenv "PATH" (string-append #$gzip "/bin"))
@@ -133,8 +117,7 @@ of LIBC."
          (and #$@(map (cut localedef-command <> #:libc libc)
                       locales)))))
 
-  (gexp->derivation (string-append "locale-" version) build
-                    #:local-build? #t))
+  (computed-file (string-append "locale-" version) build))
 
 (define* (locale-directory locales
                            #:key (libcs %default-locale-libcs))
@@ -148,18 +131,16 @@ data format changes between libc versions."
     ((libc)
      (single-locale-directory locales #:libc libc))
     ((libcs ..1)
-     (mlet %store-monad ((dirs (mapm %store-monad
-                                     (lambda (libc)
-                                       (single-locale-directory locales
-                                                                #:libc libc))
-                                     libcs)))
-       (gexp->derivation "locale-multiple-versions"
-                         (with-imported-modules '((guix build union))
-                           #~(begin
-                               (use-modules (guix build union))
-                               (union-build #$output (list #$@dirs))))
-                         #:local-build? #t
-                         #:substitutable? #f)))))
+     (let ((dirs (map (lambda (libc)
+                        (single-locale-directory locales #:libc libc))
+                      libcs)))
+       (computed-file "locale-multiple-versions"
+                      (with-imported-modules '((guix build union))
+                        #~(begin
+                            (use-modules (guix build union))
+                            (union-build #$output (list #$@dirs))))
+                      #:options '(#:local-build? #t
+                                  #:substitutable? #f))))))
 
 (define %default-locale-libcs
   ;; The libcs for which we build locales by default.
diff --git a/gnu/system/shadow.scm b/gnu/system/shadow.scm
index 712e6df8d8..236807c70a 100644
--- a/gnu/system/shadow.scm
+++ b/gnu/system/shadow.scm
@@ -174,7 +174,8 @@ else
     PS1='\\u@\\h \\w\\$ '
 fi
 alias ls='ls -p --color'
-alias ll='ls -l'\n"))
+alias ll='ls -l'
+alias grep='grep --color'\n"))
         (zlogin    (plain-file "zlogin" "\
 # Honor system-wide environment variables
 source /etc/profile\n"))
@@ -189,6 +190,11 @@ set debug-file-directory ~/.guix-profile/lib/debug\n")))
       (".bashrc" ,bashrc)
       (".zlogin" ,zlogin)
       (".Xdefaults" ,xdefaults)
+      (".guile" ,(plain-file "dot-guile"
+                             (string-append
+                              "(use-modules (ice-9 readline))\n\n"
+                              ";; Enable completion at the REPL.\n"
+                              "(activate-readline)\n")))
       (".guile-wm" ,guile-wm)
       (".gdbinit" ,gdbinit))))
 
diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm
index 66a2448ceb..4494af0031 100644
--- a/gnu/system/vm.scm
+++ b/gnu/system/vm.scm
@@ -39,7 +39,7 @@
   #:use-module (gnu packages gawk)
   #:use-module (gnu packages bash)
   #:use-module (gnu packages less)
-  #:use-module (gnu packages qemu)
+  #:use-module (gnu packages virtualization)
   #:use-module (gnu packages disk)
   #:use-module (gnu packages zile)
   #:use-module (gnu packages linux)
@@ -49,6 +49,7 @@
   #:use-module (gnu packages admin)
 
   #:use-module (gnu bootloader)
+  #:use-module ((gnu bootloader grub) #:select (grub-mkrescue-bootloader))
   #:use-module (gnu system shadow)
   #:use-module (gnu system pam)
   #:use-module (gnu system linux-initrd)
@@ -68,7 +69,10 @@
 
             system-qemu-image/shared-store
             system-qemu-image/shared-store-script
-            system-disk-image))
+            system-disk-image
+
+            virtual-machine
+            virtual-machine?))
 
 
 ;;; Commentary:
@@ -105,16 +109,19 @@
                                              (guile-for-build
                                               (%guile-for-build))
 
+                                             (single-file-output? #f)
                                              (make-disk-image? #f)
                                              (references-graphs #f)
                                              (memory-size 256)
                                              (disk-image-format "qcow2")
                                              (disk-image-size 'guess))
   "Evaluate EXP in a QEMU virtual machine running LINUX with INITRD (a
-derivation).  In the virtual machine, EXP has access to all its inputs from the
-store; it should put its output files in the `/xchg' directory, which is
-copied to the derivation's output when the VM terminates.  The virtual machine
-runs with MEMORY-SIZE MiB of memory.
+derivation).  The virtual machine runs with MEMORY-SIZE MiB of memory.  In the
+virtual machine, EXP has access to all its inputs from the store; it should
+put its output file(s) in the '/xchg' directory.
+
+If SINGLE-FILE-OUTPUT? is true, copy a single file from '/xchg' to OUTPUT.
+Otherwise, copy the contents of /xchg to a new directory OUTPUT.
 
 When MAKE-DISK-IMAGE? is true, then create a QEMU disk image of type
 DISK-IMAGE-FORMAT (e.g., 'qcow2' or 'raw'), of DISK-IMAGE-SIZE bytes and
@@ -164,6 +171,7 @@ made available under the /xchg CIFS share."
                                 #:linux linux #:initrd initrd
                                 #:memory-size #$memory-size
                                 #:make-disk-image? #$make-disk-image?
+                                #:single-file-output? #$single-file-output?
                                 #:disk-image-format #$disk-image-format
                                 #:disk-image-size size
                                 #:references-graphs graphs)))))
@@ -219,6 +227,7 @@ INPUTS is a list of inputs (as for packages)."
            (reboot))))
    #:system system
    #:make-disk-image? #f
+   #:single-file-output? #t
    #:references-graphs inputs))
 
 (define* (qemu-image #:key
@@ -345,7 +354,7 @@ to USB sticks meant to be read-only."
     ;; Volume name of the root file system.  Since we don't know which device
     ;; will hold it, we use the volume name to find it (using the UUID would
     ;; be even better, but somewhat less convenient.)
-    (normalize-label "GuixSD"))
+    (normalize-label "GuixSD_image"))
 
   (define file-systems-to-keep
     (remove (lambda (fs)
@@ -361,6 +370,12 @@ to USB sticks meant to be read-only."
                                #:volatile-root? #t
                                rest)))
 
+              (bootloader (if (string=? "iso9660" file-system-type)
+                              (bootloader-configuration
+                                (inherit (operating-system-bootloader os))
+                                (bootloader grub-mkrescue-bootloader))
+                              (operating-system-bootloader os)))
+
               ;; Force our own root file system.
               (file-systems (cons (file-system
                                     (mount-point "/")
@@ -576,7 +591,8 @@ with '-virtfs' options for the host file systems listed in SHARED-FS."
                                                 full-boot?
                                                 (disk-image-size
                                                  (* (if full-boot? 500 70)
-                                                    (expt 2 20))))
+                                                    (expt 2 20)))
+                                                (options '()))
   "Return a derivation that builds a script to run a virtual machine image of
 OS that shares its store with the host.  The virtual machine runs with
 MEMORY-SIZE MiB of memory.
@@ -609,7 +625,8 @@ it is mostly useful when FULL-BOOT?  is true."
               #$@(common-qemu-options image
                                       (map file-system-mapping-source
                                            (cons %store-mapping mappings)))
-              "-m " (number->string #$memory-size)))
+              "-m " (number->string #$memory-size)
+              #$@options))
 
     (define builder
       #~(call-with-output-file #$output
@@ -621,4 +638,63 @@ it is mostly useful when FULL-BOOT?  is true."
 
     (gexp->derivation "run-vm.sh" builder)))
 
+
+;;;
+;;; High-level abstraction.
+;;;
+
+(define-record-type* <virtual-machine> %virtual-machine
+  make-virtual-machine
+  virtual-machine?
+  (operating-system virtual-machine-operating-system) ;<operating-system>
+  (qemu             virtual-machine-qemu              ;<package>
+                    (default qemu))
+  (graphic?         virtual-machine-graphic?      ;Boolean
+                    (default #f))
+  (memory-size      virtual-machine-memory-size   ;integer (MiB)
+                    (default 256))
+  (port-forwardings virtual-machine-port-forwardings ;list of integer pairs
+                    (default '())))
+
+(define-syntax virtual-machine
+  (syntax-rules ()
+    "Declare a virtual machine running the specified OS, with the given
+options."
+    ((_ os)                                       ;shortcut
+     (%virtual-machine (operating-system os)))
+    ((_ fields ...)
+     (%virtual-machine fields ...))))
+
+(define (port-forwardings->qemu-options forwardings)
+  "Return the QEMU option for the given port FORWARDINGS as a string, where
+FORWARDINGS is a list of host-port/guest-port pairs."
+  (string-join
+   (map (match-lambda
+          ((host-port . guest-port)
+           (string-append "hostfwd=tcp::"
+                          (number->string host-port)
+                          "-:" (number->string guest-port))))
+        forwardings)
+   ","))
+
+(define-gexp-compiler (virtual-machine-compiler (vm <virtual-machine>)
+                                                system target)
+  ;; XXX: SYSTEM and TARGET are ignored.
+  (match vm
+    (($ <virtual-machine> os qemu graphic? memory-size ())
+     (system-qemu-image/shared-store-script os
+                                            #:qemu qemu
+                                            #:graphic? graphic?
+                                            #:memory-size memory-size))
+    (($ <virtual-machine> os qemu graphic? memory-size forwardings)
+     (let ((options
+            `("-net" ,(string-append
+                       "user,"
+                       (port-forwardings->qemu-options forwardings)))))
+       (system-qemu-image/shared-store-script os
+                                              #:qemu qemu
+                                              #:graphic? graphic?
+                                              #:memory-size memory-size
+                                              #:options options)))))
+
 ;;; vm.scm ends here
diff --git a/gnu/tests.scm b/gnu/tests.scm
index 2886a982f4..97b9cc5107 100644
--- a/gnu/tests.scm
+++ b/gnu/tests.scm
@@ -206,7 +206,7 @@ the system under test."
     (timezone "Europe/Berlin")
     (locale "en_US.UTF-8")
 
-    (bootloader (grub-configuration (device "/dev/sdX")))
+    (bootloader (grub-configuration (target "/dev/sdX")))
     (file-systems (cons (file-system
                           (device "my-root")
                           (title 'label)
diff --git a/gnu/tests/admin.scm b/gnu/tests/admin.scm
new file mode 100644
index 0000000000..3c7deb5426
--- /dev/null
+++ b/gnu/tests/admin.scm
@@ -0,0 +1,128 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu tests admin)
+  #:use-module (gnu tests)
+  #:use-module (gnu system)
+  #:use-module (gnu system file-systems)
+  #:use-module (gnu system shadow)
+  #:use-module (gnu system vm)
+  #:use-module (gnu services)
+  #:use-module (gnu services admin)
+  #:use-module (gnu services networking)
+  #:use-module (guix gexp)
+  #:use-module (guix store)
+  #:use-module (guix monads)
+  #:export (%test-tailon))
+
+(define %tailon-os
+  ;; Operating system under test.
+  (simple-operating-system
+   (dhcp-client-service)
+   (service tailon-service-type
+            (tailon-configuration
+             (config-file
+              (tailon-configuration-file
+               (bind "0.0.0.0:8080")))))))
+
+(define* (run-tailon-test #:optional (http-port 8081))
+  "Run tests in %TAILON-OS, which has tailon running and listening on
+HTTP-PORT."
+  (define os
+    (marionette-operating-system
+     %tailon-os
+     #:imported-modules '((gnu services herd)
+                          (guix combinators))))
+
+  (define vm
+    (virtual-machine
+     (operating-system os)
+     (port-forwardings `((,http-port . 8080)))))
+
+  (define test
+    (with-imported-modules '((gnu build marionette))
+      #~(begin
+          (use-modules (srfi srfi-11) (srfi srfi-64)
+                       (ice-9 match)
+                       (gnu build marionette)
+                       (web uri)
+                       (web client)
+                       (web response))
+
+          (define marionette
+            ;; Forward the guest's HTTP-PORT, where tailon is listening, to
+            ;; port 8080 in the host.
+            (make-marionette (list #$vm)))
+
+          (mkdir #$output)
+          (chdir #$output)
+
+          (test-begin "tailon")
+
+          (test-eq "service running"
+            'running!
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (start-service 'tailon)
+                'running!)
+             marionette))
+
+          (define* (retry-on-error f #:key times delay)
+            (let loop ((attempt 1))
+              (match (catch
+                      #t
+                      (lambda ()
+                        (cons #t
+                              (f)))
+                      (lambda args
+                        (cons #f
+                              args)))
+                ((#t . return-value)
+                 return-value)
+                ((#f . error-args)
+                 (if (>= attempt times)
+                     error-args
+                     (begin
+                       (sleep delay)
+                       (loop (+ 1 attempt))))))))
+
+          (test-equal "http-get"
+            200
+            (retry-on-error
+             (lambda ()
+               (let-values (((response text)
+                             (http-get #$(format
+                                          #f
+                                          "http://localhost:~A/"
+                                          http-port)
+                                       #:decode-body? #t)))
+                 (response-code response)))
+             #:times 10
+             #:delay 5))
+
+          (test-end)
+          (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+  (gexp->derivation "tailon-test" test))
+
+(define %test-tailon
+  (system-test
+   (name "tailon")
+   (description "Connect to a running Tailon server.")
+   (value (run-tailon-test))))
diff --git a/gnu/tests/audio.scm b/gnu/tests/audio.scm
new file mode 100644
index 0000000000..8eadaf02e1
--- /dev/null
+++ b/gnu/tests/audio.scm
@@ -0,0 +1,78 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Peter Mikkelsen <petermikkelsen10@gmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu tests audio)
+  #:use-module (gnu tests)
+  #:use-module (gnu system)
+  #:use-module (gnu system vm)
+  #:use-module (gnu services)
+  #:use-module (gnu services audio)
+  #:use-module (gnu packages mpd)
+  #:use-module (guix gexp)
+  #:export (%test-mpd))
+
+(define %mpd-os
+  (simple-operating-system
+   (service mpd-service-type
+            (mpd-configuration
+             (user "root")))))
+
+(define (run-mpd-test)
+  "Run tests in %mpd-os, which has mpd running."
+  (define os
+    (marionette-operating-system
+     %mpd-os
+     #:imported-modules '((gnu services herd))))
+
+  (define vm
+    (virtual-machine os))
+
+  (define test
+    (with-imported-modules '((gnu build marionette))
+      #~(begin
+          (use-modules (srfi srfi-64)
+                       (gnu build marionette))
+          (define marionette
+            (make-marionette (list #$vm)))
+
+          (mkdir #$output)
+          (chdir #$output)
+
+          (test-begin "mpd")
+
+          (test-assert "service is running"
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (start-service 'mpd))
+             marionette))
+
+          (test-assert "mpc connect"
+            (marionette-eval
+             '(zero? (system #$(file-append mpd-mpc "/bin/mpc")))
+             marionette))
+
+          (test-end)
+          (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+  (gexp->derivation "mpd-test" test))
+
+(define %test-mpd
+  (system-test
+   (name "mpd")
+   (description "Test that the mpd can run and be connected to.")
+   (value (run-mpd-test))))
diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm
index 8389b67f68..6132aa96ef 100644
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@@ -34,7 +34,6 @@
   #:use-module (gnu packages package-management)
   #:use-module (guix gexp)
   #:use-module (guix store)
-  #:use-module (guix monads)
   #:use-module (guix packages)
   #:use-module (srfi srfi-1)
   #:export (run-basic-test
@@ -393,17 +392,16 @@ info --version")
     "Instrument %SIMPLE-OS, run it in a VM, and run a series of basic
 functionality tests.")
    (value
-    (mlet* %store-monad ((os -> (marionette-operating-system
-                                 %simple-os
-                                 #:imported-modules '((gnu services herd)
-                                                      (guix combinators))))
-                         (run   (system-qemu-image/shared-store-script
-                                 os #:graphic? #f)))
+    (let* ((os  (marionette-operating-system
+                 %simple-os
+                 #:imported-modules '((gnu services herd)
+                                      (guix combinators))))
+           (vm  (virtual-machine os)))
       ;; XXX: Add call to 'virtualized-operating-system' to get the exact same
       ;; set of services as the OS produced by
       ;; 'system-qemu-image/shared-store-script'.
       (run-basic-test (virtualized-operating-system os '())
-                      #~(list #$run))))))
+                      #~(list #$vm))))))
 
 
 ;;;
@@ -430,60 +428,60 @@ functionality tests.")
      (mcron-service (list job1 job2 job3)))))
 
 (define (run-mcron-test name)
-  (mlet* %store-monad ((os ->   (marionette-operating-system
-                                 %mcron-os
-                                 #:imported-modules '((gnu services herd)
-                                                      (guix combinators))))
-                       (command (system-qemu-image/shared-store-script
-                                 os #:graphic? #f)))
-    (define test
-      (with-imported-modules '((gnu build marionette))
-        #~(begin
-            (use-modules (gnu build marionette)
-                         (srfi srfi-64)
-                         (ice-9 match))
-
-            (define marionette
-              (make-marionette (list #$command)))
-
-            (mkdir #$output)
-            (chdir #$output)
-
-            (test-begin "mcron")
-
-            (test-eq "service running"
-              'running!
-              (marionette-eval
-               '(begin
-                  (use-modules (gnu services herd))
-                  (start-service 'mcron)
-                  'running!)
-               marionette))
-
-            ;; Make sure root's mcron job runs, has its cwd set to "/root", and
-            ;; runs with the right UID/GID.
-            (test-equal "root's job"
-              '(0 0)
-              (wait-for-file "/root/witness" marionette))
-
-            ;; Likewise for Alice's job.  We cannot know what its GID is since
-            ;; it's chosen by 'groupadd', but it's strictly positive.
-            (test-assert "alice's job"
-              (match (wait-for-file "/home/alice/witness" marionette)
-                ((1000 gid)
-                 (>= gid 100))))
-
-            ;; Last, the job that uses a command; allows us to test whether
-            ;; $PATH is sane.  (Note that 'marionette-eval' stringifies objects
-            ;; that don't have a read syntax, hence the string.)
-            (test-equal "root's job with command"
-              "#<eof>"
-              (wait-for-file "/root/witness-touch" marionette))
-
-            (test-end)
-            (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
-
-    (gexp->derivation name test)))
+  (define os
+    (marionette-operating-system
+     %mcron-os
+     #:imported-modules '((gnu services herd)
+                          (guix combinators))))
+
+  (define test
+    (with-imported-modules '((gnu build marionette))
+      #~(begin
+          (use-modules (gnu build marionette)
+                       (srfi srfi-64)
+                       (ice-9 match))
+
+          (define marionette
+            (make-marionette (list #$(virtual-machine os))))
+
+          (mkdir #$output)
+          (chdir #$output)
+
+          (test-begin "mcron")
+
+          (test-eq "service running"
+            'running!
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (start-service 'mcron)
+                'running!)
+             marionette))
+
+          ;; Make sure root's mcron job runs, has its cwd set to "/root", and
+          ;; runs with the right UID/GID.
+          (test-equal "root's job"
+            '(0 0)
+            (wait-for-file "/root/witness" marionette))
+
+          ;; Likewise for Alice's job.  We cannot know what its GID is since
+          ;; it's chosen by 'groupadd', but it's strictly positive.
+          (test-assert "alice's job"
+            (match (wait-for-file "/home/alice/witness" marionette)
+              ((1000 gid)
+               (>= gid 100))))
+
+          ;; Last, the job that uses a command; allows us to test whether
+          ;; $PATH is sane.  (Note that 'marionette-eval' stringifies objects
+          ;; that don't have a read syntax, hence the string.)
+          (test-equal "root's job with command"
+            "#<eof>"
+            (wait-for-file "/root/witness-touch" marionette))
+
+          (test-end)
+          (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+  (gexp->derivation name test))
 
 (define %test-mcron
   (system-test
@@ -526,102 +524,102 @@ functionality tests.")
   ;; *after* nscd.  Failing to do that, libc will try to connect to nscd,
   ;; fail, then never try again (see '__nss_not_use_nscd_hosts' in libc),
   ;; leading to '.local' resolution failures.
-  (mlet* %store-monad ((os -> (marionette-operating-system
-                               %avahi-os
-                               #:requirements '(nscd)
-                               #:imported-modules '((gnu services herd)
-                                                    (guix combinators))))
-                       (run   (system-qemu-image/shared-store-script
-                               os #:graphic? #f)))
-    (define mdns-host-name
-      (string-append (operating-system-host-name os)
-                     ".local"))
-
-    (define test
-      (with-imported-modules '((gnu build marionette))
-        #~(begin
-            (use-modules (gnu build marionette)
-                         (srfi srfi-1)
-                         (srfi srfi-64)
-                         (ice-9 match))
-
-            (define marionette
-              (make-marionette (list #$run)))
-
-            (mkdir #$output)
-            (chdir #$output)
-
-            (test-begin "avahi")
-
-            (test-assert "wait for services"
-              (marionette-eval
-               '(begin
-                  (use-modules (gnu services herd))
+  (define os
+    (marionette-operating-system
+     %avahi-os
+     #:requirements '(nscd)
+     #:imported-modules '((gnu services herd)
+                          (guix combinators))))
 
-                  (start-service 'nscd)
-
-                  ;; XXX: Work around a race condition in nscd: nscd creates its
-                  ;; PID file before it is listening on its socket.
-                  (let ((sock (socket PF_UNIX SOCK_STREAM 0)))
-                    (let try ()
-                      (catch 'system-error
-                        (lambda ()
-                          (connect sock AF_UNIX "/var/run/nscd/socket")
-                          (close-port sock)
-                          (format #t "nscd is ready~%"))
-                        (lambda args
-                          (format #t "waiting for nscd...~%")
-                          (usleep 500000)
-                          (try)))))
-
-                  ;; Wait for the other useful things.
-                  (start-service 'avahi-daemon)
-                  (start-service 'networking)
-
-                  #t)
-               marionette))
-
-            (test-equal "avahi-resolve-host-name"
-              0
-              (marionette-eval
-               '(system*
-                 "/run/current-system/profile/bin/avahi-resolve-host-name"
-                 "-v" #$mdns-host-name)
-               marionette))
+  (define mdns-host-name
+    (string-append (operating-system-host-name os)
+                   ".local"))
 
-            (test-equal "avahi-browse"
-              0
-              (marionette-eval
-               '(system* "avahi-browse" "-avt")
-               marionette))
-
-            (test-assert "getaddrinfo .local"
-              ;; Wait for the 'avahi-daemon' service and perform a resolution.
-              (match (marionette-eval
-                      '(getaddrinfo #$mdns-host-name)
-                      marionette)
-                (((? vector? addrinfos) ..1)
-                 (pk 'getaddrinfo addrinfos)
-                 (and (any (lambda (ai)
-                             (= AF_INET (addrinfo:fam ai)))
-                           addrinfos)
-                      (any (lambda (ai)
-                             (= AF_INET6 (addrinfo:fam ai)))
-                           addrinfos)))))
-
-            (test-assert "gethostbyname .local"
-              (match (pk 'gethostbyname
-                         (marionette-eval '(gethostbyname #$mdns-host-name)
-                                          marionette))
-                ((? vector? result)
-                 (and (string=? (hostent:name result) #$mdns-host-name)
-                      (= (hostent:addrtype result) AF_INET)))))
-
-
-            (test-end)
-            (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
-
-    (gexp->derivation "nss-mdns" test)))
+  (define test
+    (with-imported-modules '((gnu build marionette))
+      #~(begin
+          (use-modules (gnu build marionette)
+                       (srfi srfi-1)
+                       (srfi srfi-64)
+                       (ice-9 match))
+
+          (define marionette
+            (make-marionette (list #$(virtual-machine os))))
+
+          (mkdir #$output)
+          (chdir #$output)
+
+          (test-begin "avahi")
+
+          (test-assert "wait for services"
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+
+                (start-service 'nscd)
+
+                ;; XXX: Work around a race condition in nscd: nscd creates its
+                ;; PID file before it is listening on its socket.
+                (let ((sock (socket PF_UNIX SOCK_STREAM 0)))
+                  (let try ()
+                    (catch 'system-error
+                      (lambda ()
+                        (connect sock AF_UNIX "/var/run/nscd/socket")
+                        (close-port sock)
+                        (format #t "nscd is ready~%"))
+                      (lambda args
+                        (format #t "waiting for nscd...~%")
+                        (usleep 500000)
+                        (try)))))
+
+                ;; Wait for the other useful things.
+                (start-service 'avahi-daemon)
+                (start-service 'networking)
+
+                #t)
+             marionette))
+
+          (test-equal "avahi-resolve-host-name"
+            0
+            (marionette-eval
+             '(system*
+               "/run/current-system/profile/bin/avahi-resolve-host-name"
+               "-v" #$mdns-host-name)
+             marionette))
+
+          (test-equal "avahi-browse"
+            0
+            (marionette-eval
+             '(system* "avahi-browse" "-avt")
+             marionette))
+
+          (test-assert "getaddrinfo .local"
+            ;; Wait for the 'avahi-daemon' service and perform a resolution.
+            (match (marionette-eval
+                    '(getaddrinfo #$mdns-host-name)
+                    marionette)
+              (((? vector? addrinfos) ..1)
+               (pk 'getaddrinfo addrinfos)
+               (and (any (lambda (ai)
+                           (= AF_INET (addrinfo:fam ai)))
+                         addrinfos)
+                    (any (lambda (ai)
+                           (= AF_INET6 (addrinfo:fam ai)))
+                         addrinfos)))))
+
+          (test-assert "gethostbyname .local"
+            (match (pk 'gethostbyname
+                       (marionette-eval '(gethostbyname #$mdns-host-name)
+                                        marionette))
+              ((? vector? result)
+               (and (string=? (hostent:name result) #$mdns-host-name)
+                    (= (hostent:addrtype result) AF_INET)))))
+
+
+          (test-end)
+          (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+  (gexp->derivation "nss-mdns" test))
 
 (define %test-nss-mdns
   (system-test
diff --git a/gnu/tests/databases.scm b/gnu/tests/databases.scm
new file mode 100644
index 0000000000..9d9a753747
--- /dev/null
+++ b/gnu/tests/databases.scm
@@ -0,0 +1,123 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu tests databases)
+  #:use-module (gnu tests)
+  #:use-module (gnu system)
+  #:use-module (gnu system file-systems)
+  #:use-module (gnu system shadow)
+  #:use-module (gnu system vm)
+  #:use-module (gnu services)
+  #:use-module (gnu services databases)
+  #:use-module (gnu services networking)
+  #:use-module (guix gexp)
+  #:use-module (guix store)
+  #:export (%test-memcached))
+
+(define %memcached-os
+  (simple-operating-system
+   (dhcp-client-service)
+   (service memcached-service-type)))
+
+(define* (run-memcached-test #:optional (port 11211))
+  "Run tests in %MEMCACHED-OS, forwarding PORT."
+  (define os
+    (marionette-operating-system
+     %memcached-os
+     #:imported-modules '((gnu services herd)
+                          (guix combinators))))
+
+  (define vm
+    (virtual-machine
+     (operating-system os)
+     (port-forwardings `((11211 . ,port)))))
+
+  (define test
+    (with-imported-modules '((gnu build marionette))
+      #~(begin
+          (use-modules (srfi srfi-11) (srfi srfi-64)
+                       (gnu build marionette)
+                       (ice-9 rdelim))
+
+          (define marionette
+            (make-marionette (list #$vm)))
+
+          (mkdir #$output)
+          (chdir #$output)
+
+          (test-begin "memcached")
+
+          ;; Wait for memcached to be up and running.
+          (test-assert "service running"
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (match (start-service 'memcached)
+                  (#f #f)
+                  (('service response-parts ...)
+                   (match (assq-ref response-parts 'running)
+                     ((pid) (number? pid))))))
+             marionette))
+
+          (let* ((ai (car (getaddrinfo "localhost"
+                                       #$(number->string port))))
+                 (s  (socket (addrinfo:fam ai)
+                             (addrinfo:socktype ai)
+                             (addrinfo:protocol ai)))
+                 (key "testkey")
+                 (value "guix"))
+            (connect s (addrinfo:addr ai))
+
+            (test-equal "set"
+              "STORED\r"
+              (begin
+                (simple-format s "set ~A 0 60 ~A\r\n~A\r\n"
+                               key
+                               (string-length value)
+                               value)
+                (read-line s)))
+
+            (test-equal "get"
+              (simple-format #f "VALUE ~A 0 ~A\r~A\r"
+                             key
+                             (string-length value)
+                             value)
+              (begin
+                (simple-format s "get ~A\r\n" key)
+                (string-append
+                 (read-line s)
+                 (read-line s))))
+
+            (close-port s))
+
+          ;; There should be a log file in here.
+          (test-assert "log file"
+            (marionette-eval
+             '(file-exists? "/var/log/memcached")
+             marionette))
+
+          (test-end)
+          (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+  (gexp->derivation "memcached-test" test))
+
+(define %test-memcached
+  (system-test
+   (name "memcached")
+   (description "Connect to a running MEMCACHED server.")
+   (value (run-memcached-test))))
diff --git a/gnu/tests/dict.scm b/gnu/tests/dict.scm
index 16b6edbd9e..b9c741e3e0 100644
--- a/gnu/tests/dict.scm
+++ b/gnu/tests/dict.scm
@@ -27,7 +27,6 @@
   #:use-module (gnu packages wordnet)
   #:use-module (guix gexp)
   #:use-module (guix store)
-  #:use-module (guix monads)
   #:use-module (guix packages)
   #:use-module (guix modules)
   #:export (%test-dicod))
@@ -54,86 +53,90 @@
 
 (define* (run-dicod-test)
   "Run tests of 'dicod-service-type'."
-  (mlet* %store-monad ((os -> (marionette-operating-system
-                               %dicod-os
-                               #:imported-modules
-                               (source-module-closure '((gnu services herd)))))
-                       (command (system-qemu-image/shared-store-script
-                                 os #:graphic? #f)))
-    (define test
-      (with-imported-modules '((gnu build marionette))
-        #~(begin
-            (use-modules (ice-9 rdelim)
-                         (ice-9 regex)
-                         (srfi srfi-64)
-                         (gnu build marionette))
-            (define marionette
-              ;; Forward the guest's DICT port to local port 8000.
-              (make-marionette (list #$command "-net"
-                                     "user,hostfwd=tcp::8000-:2628")))
-
-            (define %dico-socket
-              (socket PF_INET SOCK_STREAM 0))
-
-            (mkdir #$output)
-            (chdir #$output)
-
-            (test-begin "dicod")
-
-            ;; Wait for the service to be started.
-            (test-eq "service is running"
-              'running!
-              (marionette-eval
-               '(begin
-                  (use-modules (gnu services herd))
-                  (start-service 'dicod)
-                  'running!)
-               marionette))
-
-            ;; Wait until dicod is actually listening.
-            ;; TODO: Use a PID file instead.
-            (test-assert "connect inside"
-              (marionette-eval
-               '(begin
-                  (use-modules (ice-9 rdelim))
-                  (let ((sock (socket PF_INET SOCK_STREAM 0)))
-                    (let loop ((i 0))
-                      (pk 'try i)
-                      (catch 'system-error
-                        (lambda ()
-                          (connect sock AF_INET INADDR_LOOPBACK 2628))
-                        (lambda args
-                          (pk 'connection-error args)
-                          (when (< i 20)
-                            (sleep 1)
-                            (loop (+ 1 i))))))
-                    (read-line sock 'concat)))
-               marionette))
-
-            (test-assert "connect"
-              (let ((addr (make-socket-address AF_INET INADDR_LOOPBACK 8000)))
-                (connect %dico-socket addr)
-                (read-line %dico-socket 'concat)))
-
-            (test-equal "CLIENT"
-              "250 ok\r\n"
-              (begin
-                (display "CLIENT \"GNU Guile\"\r\n" %dico-socket)
-                (read-line %dico-socket 'concat)))
-
-            (test-assert "DEFINE"
-              (begin
-                (display "DEFINE ! hello\r\n" %dico-socket)
-                (display "QUIT\r\n" %dico-socket)
-                (let ((result (read-string %dico-socket)))
-                  (and (string-contains result "gcide")
-                       (string-contains result "hello")
-                       result))))
-
-            (test-end)
-            (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
-
-    (gexp->derivation "dicod" test)))
+  (define os
+    (marionette-operating-system
+     %dicod-os
+     #:imported-modules
+     (source-module-closure '((gnu services herd)))))
+
+  (define vm
+    (virtual-machine
+     (operating-system os)
+     (port-forwardings '((8000 . 2628)))))
+
+  (define test
+    (with-imported-modules '((gnu build marionette))
+      #~(begin
+          (use-modules (ice-9 rdelim)
+                       (ice-9 regex)
+                       (srfi srfi-64)
+                       (gnu build marionette))
+          (define marionette
+            ;; Forward the guest's DICT port to local port 8000.
+            (make-marionette (list #$vm)))
+
+          (define %dico-socket
+            (socket PF_INET SOCK_STREAM 0))
+
+          (mkdir #$output)
+          (chdir #$output)
+
+          (test-begin "dicod")
+
+          ;; Wait for the service to be started.
+          (test-eq "service is running"
+            'running!
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (start-service 'dicod)
+                'running!)
+             marionette))
+
+          ;; Wait until dicod is actually listening.
+          ;; TODO: Use a PID file instead.
+          (test-assert "connect inside"
+            (marionette-eval
+             '(begin
+                (use-modules (ice-9 rdelim))
+                (let ((sock (socket PF_INET SOCK_STREAM 0)))
+                  (let loop ((i 0))
+                    (pk 'try i)
+                    (catch 'system-error
+                      (lambda ()
+                        (connect sock AF_INET INADDR_LOOPBACK 2628))
+                      (lambda args
+                        (pk 'connection-error args)
+                        (when (< i 20)
+                          (sleep 1)
+                          (loop (+ 1 i))))))
+                  (read-line sock 'concat)))
+             marionette))
+
+          (test-assert "connect"
+            (let ((addr (make-socket-address AF_INET INADDR_LOOPBACK 8000)))
+              (connect %dico-socket addr)
+              (read-line %dico-socket 'concat)))
+
+          (test-equal "CLIENT"
+            "250 ok\r\n"
+            (begin
+              (display "CLIENT \"GNU Guile\"\r\n" %dico-socket)
+              (read-line %dico-socket 'concat)))
+
+          (test-assert "DEFINE"
+            (begin
+              (display "DEFINE ! hello\r\n" %dico-socket)
+              (display "QUIT\r\n" %dico-socket)
+              (let ((result (read-string %dico-socket)))
+                (and (string-contains result "gcide")
+                     (string-contains result "hello")
+                     result))))
+
+          (test-end)
+          (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+  (gexp->derivation "dicod" test))
 
 (define %test-dicod
   (system-test
diff --git a/gnu/tests/install.scm b/gnu/tests/install.scm
index 7c5d48104e..866bf885ce 100644
--- a/gnu/tests/install.scm
+++ b/gnu/tests/install.scm
@@ -27,8 +27,8 @@
   #:use-module ((gnu build vm) #:select (qemu-command))
   #:use-module (gnu packages bootloaders)
   #:use-module (gnu packages ocr)
-  #:use-module (gnu packages qemu)
   #:use-module (gnu packages package-management)
+  #:use-module (gnu packages virtualization)
   #:use-module (guix store)
   #:use-module (guix monads)
   #:use-module (guix packages)
@@ -59,7 +59,7 @@
     (timezone "Europe/Paris")
     (locale "en_US.UTF-8")
 
-    (bootloader (grub-configuration (device "/dev/vdb")))
+    (bootloader (grub-configuration (target "/dev/vdb")))
     (kernel-arguments '("console=ttyS0"))
     (file-systems (cons (file-system
                           (device "my-root")
@@ -98,7 +98,7 @@
 
     (bootloader (bootloader-configuration
                  (bootloader extlinux-bootloader-gpt)
-                 (device "/dev/vdb")))
+                 (target "/dev/vdb")))
     (kernel-arguments '("console=ttyS0"))
     (file-systems (cons (file-system
                           (device "my-root")
@@ -326,7 +326,7 @@ per %test-installed-os, this test is expensive in terms of CPU and storage.")
     (timezone "Europe/Paris")
     (locale "en_US.utf8")
 
-    (bootloader (grub-configuration (device "/dev/vdb")))
+    (bootloader (grub-configuration (target "/dev/vdb")))
     (kernel-arguments '("console=ttyS0"))
     (file-systems (cons* (file-system
                            (device "my-root")
@@ -384,7 +384,7 @@ partition.  In particular, home directories must be correctly created (see
     (timezone "Europe/Paris")
     (locale "en_US.UTF-8")
 
-    (bootloader (grub-configuration (device "/dev/vdb")))
+    (bootloader (grub-configuration (target "/dev/vdb")))
     (kernel-arguments '("console=ttyS0"))
     (file-systems (cons* (file-system
                            (device "root-fs")
@@ -460,7 +460,7 @@ where /gnu lives on a separate partition.")
     (timezone "Europe/Paris")
     (locale "en_US.utf8")
 
-    (bootloader (grub-configuration (device "/dev/vdb")))
+    (bootloader (grub-configuration (target "/dev/vdb")))
     (kernel-arguments '("console=ttyS0"))
     (initrd (lambda (file-systems . rest)
               ;; Add a kernel module for RAID-0 (aka. "stripe").
@@ -543,7 +543,7 @@ by 'mdadm'.")
     (timezone "Europe/Paris")
     (locale "en_US.UTF-8")
 
-    (bootloader (grub-configuration (device "/dev/vdb")))
+    (bootloader (grub-configuration (target "/dev/vdb")))
 
     ;; Note: Do not pass "console=ttyS0" so we can use our passphrase prompt
     ;; detection logic in 'enter-luks-passphrase'.
@@ -670,7 +670,7 @@ build (current-guix) and then store a couple of full system images.")
     (timezone "Europe/Paris")
     (locale "en_US.UTF-8")
 
-    (bootloader (grub-configuration (device "/dev/vdb")))
+    (bootloader (grub-configuration (target "/dev/vdb")))
     (kernel-arguments '("console=ttyS0"))
     (file-systems (cons (file-system
                           (device "my-root")
diff --git a/gnu/tests/mail.scm b/gnu/tests/mail.scm
index 247f4f667f..312df9b1cd 100644
--- a/gnu/tests/mail.scm
+++ b/gnu/tests/mail.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Sou Bunnbu <iyzsong@member.fsf.org>
 ;;; Copyright © 2017 Carlo Zancanaro <carlo@zancanaro.id.au>
+;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -25,7 +26,6 @@
   #:use-module (gnu services mail)
   #:use-module (gnu services networking)
   #:use-module (guix gexp)
-  #:use-module (guix monads)
   #:use-module (guix store)
   #:use-module (ice-9 ftw)
   #:export (%test-opensmtpd
@@ -44,105 +44,105 @@ accept from any for local deliver to mbox
 
 (define (run-opensmtpd-test)
   "Return a test of an OS running OpenSMTPD service."
-  (mlet* %store-monad ((command (system-qemu-image/shared-store-script
-                                 (marionette-operating-system
-                                  %opensmtpd-os
-                                  #:imported-modules '((gnu services herd)))
-                                 #:graphic? #f)))
-    (define test
-      (with-imported-modules '((gnu build marionette))
-        #~(begin
-            (use-modules (rnrs base)
-                         (srfi srfi-64)
-                         (ice-9 rdelim)
-                         (ice-9 regex)
-                         (gnu build marionette))
-
-            (define marionette
-              (make-marionette
-               ;; Enable TCP forwarding of the guest's port 25.
-               '(#$command "-net" "user,hostfwd=tcp::1025-:25")))
-
-            (define (read-reply-code port)
-              "Read a SMTP reply from PORT and return its reply code."
-              (let* ((line      (read-line port))
-                     (mo        (string-match "([0-9]+)([ -]).*" line))
-                     (code      (string->number (match:substring mo 1)))
-                     (finished? (string= " " (match:substring mo 2))))
-                (if finished?
-                    code
-                    (read-reply-code port))))
-
-            (mkdir #$output)
-            (chdir #$output)
-
-            (test-begin "opensmptd")
-
-            (test-assert "service is running"
-              (marionette-eval
-               '(begin
-                  (use-modules (gnu services herd))
-                  (start-service 'smtpd)
-                  #t)
-               marionette))
-
-            (test-assert "mbox is empty"
-              (marionette-eval
-               '(and (file-exists? "/var/mail")
-                     (not (file-exists? "/var/mail/root")))
-               marionette))
-
-            (test-eq "accept an email"
-              #t
-              (let* ((smtp (socket AF_INET SOCK_STREAM 0))
-                     (addr (make-socket-address AF_INET INADDR_LOOPBACK 1025)))
-                (connect smtp addr)
-                ;; Be greeted.
-                (read-reply-code smtp)             ;220
-                ;; Greet the server.
-                (write-line "EHLO somehost" smtp)
-                (read-reply-code smtp)             ;250
-                ;; Set sender email.
-                (write-line "MAIL FROM: <someone>" smtp)
-                (read-reply-code smtp)             ;250
-                ;; Set recipient email.
-                (write-line "RCPT TO: <root>" smtp)
-                (read-reply-code smtp)             ;250
-                ;; Send message.
-                (write-line "DATA" smtp)
-                (read-reply-code smtp)             ;354
-                (write-line "Subject: Hello" smtp)
-                (newline smtp)
-                (write-line "Nice to meet you!" smtp)
-                (write-line "." smtp)
-                (read-reply-code smtp)             ;250
-                ;; Say goodbye.
-                (write-line "QUIT" smtp)
-                (read-reply-code smtp)             ;221
-                (close smtp)
-                #t))
-
-            (test-assert "mail arrived"
-              (marionette-eval
-               '(begin
-                  (use-modules (ice-9 popen)
-                               (ice-9 rdelim))
-
-                  (define (queue-empty?)
-                    (eof-object?
-                     (read-line
-                      (open-input-pipe "smtpctl show queue"))))
-
-                  (let wait ()
-                    (if (queue-empty?)
-                        (file-exists? "/var/mail/root")
-                        (begin (sleep 1) (wait)))))
-               marionette))
-
-            (test-end)
-            (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
-
-    (gexp->derivation "opensmtpd-test" test)))
+  (define vm
+    (virtual-machine
+     (operating-system (marionette-operating-system
+                        %opensmtpd-os
+                        #:imported-modules '((gnu services herd))))
+     (port-forwardings '((1025 . 25)))))
+
+  (define test
+    (with-imported-modules '((gnu build marionette))
+      #~(begin
+          (use-modules (rnrs base)
+                       (srfi srfi-64)
+                       (ice-9 rdelim)
+                       (ice-9 regex)
+                       (gnu build marionette))
+
+          (define marionette
+            (make-marionette '(#$vm)))
+
+          (define (read-reply-code port)
+            "Read a SMTP reply from PORT and return its reply code."
+            (let* ((line      (read-line port))
+                   (mo        (string-match "([0-9]+)([ -]).*" line))
+                   (code      (string->number (match:substring mo 1)))
+                   (finished? (string= " " (match:substring mo 2))))
+              (if finished?
+                  code
+                  (read-reply-code port))))
+
+          (mkdir #$output)
+          (chdir #$output)
+
+          (test-begin "opensmptd")
+
+          (test-assert "service is running"
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (start-service 'smtpd)
+                #t)
+             marionette))
+
+          (test-assert "mbox is empty"
+            (marionette-eval
+             '(and (file-exists? "/var/mail")
+                   (not (file-exists? "/var/mail/root")))
+             marionette))
+
+          (test-eq "accept an email"
+            #t
+            (let* ((smtp (socket AF_INET SOCK_STREAM 0))
+                   (addr (make-socket-address AF_INET INADDR_LOOPBACK 1025)))
+              (connect smtp addr)
+              ;; Be greeted.
+              (read-reply-code smtp)              ;220
+              ;; Greet the server.
+              (write-line "EHLO somehost" smtp)
+              (read-reply-code smtp)              ;250
+              ;; Set sender email.
+              (write-line "MAIL FROM: <someone>" smtp)
+              (read-reply-code smtp)              ;250
+              ;; Set recipient email.
+              (write-line "RCPT TO: <root>" smtp)
+              (read-reply-code smtp)              ;250
+              ;; Send message.
+              (write-line "DATA" smtp)
+              (read-reply-code smtp)              ;354
+              (write-line "Subject: Hello" smtp)
+              (newline smtp)
+              (write-line "Nice to meet you!" smtp)
+              (write-line "." smtp)
+              (read-reply-code smtp)              ;250
+              ;; Say goodbye.
+              (write-line "QUIT" smtp)
+              (read-reply-code smtp)              ;221
+              (close smtp)
+              #t))
+
+          (test-assert "mail arrived"
+            (marionette-eval
+             '(begin
+                (use-modules (ice-9 popen)
+                             (ice-9 rdelim))
+
+                (define (queue-empty?)
+                  (eof-object?
+                   (read-line
+                    (open-input-pipe "smtpctl show queue"))))
+
+                (let wait ()
+                  (if (queue-empty?)
+                      (file-exists? "/var/mail/root")
+                      (begin (sleep 1) (wait)))))
+             marionette))
+
+          (test-end)
+          (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+  (gexp->derivation "opensmtpd-test" test))
 
 (define %test-opensmtpd
   (system-test
@@ -179,100 +179,100 @@ acl_check_data:
 
 (define (run-exim-test)
   "Return a test of an OS running an Exim service."
-  (mlet* %store-monad ((command (system-qemu-image/shared-store-script
-                                 (marionette-operating-system
-                                  %exim-os
-                                  #:imported-modules '((gnu services herd)))
-                                 #:graphic? #f)))
-    (define test
-      (with-imported-modules '((gnu build marionette)
-                               (ice-9 ftw))
-        #~(begin
-            (use-modules (rnrs base)
-                         (srfi srfi-64)
-                         (ice-9 ftw)
-                         (ice-9 rdelim)
-                         (ice-9 regex)
-                         (gnu build marionette))
-
-            (define marionette
-              (make-marionette
-               ;; Enable TCP forwarding of the guest's port 25.
-               '(#$command "-net" "user,hostfwd=tcp::1025-:25")))
-
-            (define (read-reply-code port)
-              "Read a SMTP reply from PORT and return its reply code."
-              (let* ((line      (read-line port))
-                     (mo        (string-match "([0-9]+)([ -]).*" line))
-                     (code      (string->number (match:substring mo 1)))
-                     (finished? (string= " " (match:substring mo 2))))
-                (if finished?
-                    code
-                    (read-reply-code port))))
-
-            (define smtp (socket AF_INET SOCK_STREAM 0))
-            (define addr (make-socket-address AF_INET INADDR_LOOPBACK 1025))
-
-            (mkdir #$output)
-            (chdir #$output)
-
-            (test-begin "exim")
-
-            (test-assert "service is running"
-              (marionette-eval
-               '(begin
-                  (use-modules (gnu services herd))
-                  (start-service 'exim)
-                  #t)
-               marionette))
-
-            (sleep 1) ;; give the service time to start talking
-
-            (connect smtp addr)
-            ;; Be greeted.
-            (test-eq "greeting received"
-              220 (read-reply-code smtp))
-            ;; Greet the server.
-            (write-line "EHLO somehost" smtp)
-            (test-eq "greeting successful"
-              250 (read-reply-code smtp))
-            ;; Set sender email.
-            (write-line "MAIL FROM: test@example.com" smtp)
-            (test-eq "sender set"
-              250 (read-reply-code smtp)) ;250
-            ;; Set recipient email.
-            (write-line "RCPT TO: root@komputilo" smtp)
-            (test-eq "recipient set"
-              250 (read-reply-code smtp)) ;250
-            ;; Send message.
-            (write-line "DATA" smtp)
-            (test-eq "data begun"
-              354 (read-reply-code smtp)) ;354
-            (write-line "Subject: Hello" smtp)
-            (newline smtp)
-            (write-line "Nice to meet you!" smtp)
-            (write-line "." smtp)
-            (test-eq "message sent"
-              250 (read-reply-code smtp)) ;250
-            ;; Say goodbye.
-            (write-line "QUIT" smtp)
-            (test-eq "quit successful"
-              221 (read-reply-code smtp)) ;221
-            (close smtp)
-
-            (test-eq "the email is received"
-              1
-              (marionette-eval
-               '(begin
-                  (use-modules (ice-9 ftw))
-                  (length (scandir "/var/spool/exim/msglog"
-                                   (lambda (x) (not (string-prefix? "." x))))))
-               marionette))
-
-            (test-end)
-            (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
-
-    (gexp->derivation "exim-test" test)))
+  (define vm
+    (virtual-machine
+     (operating-system (marionette-operating-system
+                        %exim-os
+                        #:imported-modules '((gnu services herd))))
+     (port-forwardings '((1025 . 25)))))
+
+  (define test
+    (with-imported-modules '((gnu build marionette)
+                             (ice-9 ftw))
+      #~(begin
+          (use-modules (rnrs base)
+                       (srfi srfi-64)
+                       (ice-9 ftw)
+                       (ice-9 rdelim)
+                       (ice-9 regex)
+                       (gnu build marionette))
+
+          (define marionette
+            (make-marionette '(#$vm)))
+
+          (define (read-reply-code port)
+            "Read a SMTP reply from PORT and return its reply code."
+            (let* ((line      (read-line port))
+                   (mo        (string-match "([0-9]+)([ -]).*" line))
+                   (code      (string->number (match:substring mo 1)))
+                   (finished? (string= " " (match:substring mo 2))))
+              (if finished?
+                  code
+                  (read-reply-code port))))
+
+          (define smtp (socket AF_INET SOCK_STREAM 0))
+          (define addr (make-socket-address AF_INET INADDR_LOOPBACK 1025))
+
+          (mkdir #$output)
+          (chdir #$output)
+
+          (test-begin "exim")
+
+          (test-assert "service is running"
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (start-service 'exim)
+                #t)
+             marionette))
+
+          (sleep 1) ;; give the service time to start talking
+
+          (connect smtp addr)
+          ;; Be greeted.
+          (test-eq "greeting received"
+            220 (read-reply-code smtp))
+          ;; Greet the server.
+          (write-line "EHLO somehost" smtp)
+          (test-eq "greeting successful"
+            250 (read-reply-code smtp))
+          ;; Set sender email.
+          (write-line "MAIL FROM: test@example.com" smtp)
+          (test-eq "sender set"
+            250 (read-reply-code smtp))           ;250
+          ;; Set recipient email.
+          (write-line "RCPT TO: root@komputilo" smtp)
+          (test-eq "recipient set"
+            250 (read-reply-code smtp))           ;250
+          ;; Send message.
+          (write-line "DATA" smtp)
+          (test-eq "data begun"
+            354 (read-reply-code smtp))           ;354
+          (write-line "Subject: Hello" smtp)
+          (newline smtp)
+          (write-line "Nice to meet you!" smtp)
+          (write-line "." smtp)
+          (test-eq "message sent"
+            250 (read-reply-code smtp))           ;250
+          ;; Say goodbye.
+          (write-line "QUIT" smtp)
+          (test-eq "quit successful"
+            221 (read-reply-code smtp))           ;221
+          (close smtp)
+
+          (test-eq "the email is received"
+            1
+            (marionette-eval
+             '(begin
+                (use-modules (ice-9 ftw))
+                (length (scandir "/var/spool/exim/msglog"
+                                 (lambda (x) (not (string-prefix? "." x))))))
+             marionette))
+
+          (test-end)
+          (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+  (gexp->derivation "exim-test" test))
 
 (define %test-exim
   (system-test
diff --git a/gnu/tests/messaging.scm b/gnu/tests/messaging.scm
index b76b8e8434..0ba0c839de 100644
--- a/gnu/tests/messaging.scm
+++ b/gnu/tests/messaging.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -26,108 +27,109 @@
   #:use-module (gnu packages messaging)
   #:use-module (guix gexp)
   #:use-module (guix store)
-  #:use-module (guix monads)
   #:export (%test-prosody))
 
 (define (run-xmpp-test name xmpp-service pid-file create-account)
   "Run a test of an OS running XMPP-SERVICE, which writes its PID to PID-FILE."
-  (mlet* %store-monad ((os -> (marionette-operating-system
-                               (simple-operating-system (dhcp-client-service)
-                                                        xmpp-service)
-                               #:imported-modules '((gnu services herd))))
-                       (command (system-qemu-image/shared-store-script
-                                 os #:graphic? #f))
-                       (username -> "alice")
-                       (server -> "localhost")
-                       (jid -> (string-append username "@" server))
-                       (password -> "correct horse battery staple")
-                       (port -> 15222)
-                       (message -> "hello world")
-                       (witness -> "/tmp/freetalk-witness"))
-
-    (define script.ft
-      (scheme-file
-       "script.ft"
-       #~(begin
-           (define (handle-received-message time from nickname message)
-             (define (touch file-name)
-               (call-with-output-file file-name (const #t)))
-             (when (equal? message #$message)
-               (touch #$witness)))
-           (add-hook! ft-message-receive-hook handle-received-message)
-
-           (ft-set-jid! #$jid)
-           (ft-set-password! #$password)
-           (ft-set-server! #$server)
-           (ft-set-port! #$port)
-           (ft-set-sslconn! #f)
-           (ft-connect-blocking)
-           (ft-send-message #$jid #$message)
-
-           (ft-set-daemon)
-           (ft-main-loop))))
-
-    (define test
-      (with-imported-modules '((gnu build marionette))
-        #~(begin
-            (use-modules (gnu build marionette)
-                         (srfi srfi-64))
-
-            (define marionette
-              ;; Enable TCP forwarding of the guest's port 5222.
-              (make-marionette (list #$command "-net"
-                                     (string-append "user,hostfwd=tcp::"
-                                                    (number->string #$port)
-                                                    "-:5222"))))
-
-            (define (host-wait-for-file file)
-              ;; Wait until FILE exists in the host.
-              (let loop ((i 60))
-                (cond ((file-exists? file)
-                       #t)
-                      ((> i 0)
-                       (begin
-                         (sleep 1))
-                       (loop (- i 1)))
-                      (else
-                       (error "file didn't show up" file)))))
-
-            (mkdir #$output)
-            (chdir #$output)
-
-            (test-begin "xmpp")
-
-            ;; Wait for XMPP service to be up and running.
-            (test-eq "service running"
-              'running!
-              (marionette-eval
-               '(begin
-                  (use-modules (gnu services herd))
-                  (start-service 'xmpp-daemon)
-                  'running!)
-               marionette))
-
-            ;; Check XMPP service's PID.
-            (test-assert "service process id"
-              (let ((pid (number->string (wait-for-file #$pid-file
-                                                        marionette))))
-                (marionette-eval `(file-exists? (string-append "/proc/" ,pid))
-                                 marionette)))
-
-            ;; Alice sends an XMPP message to herself, with Freetalk.
-            (test-assert "client-to-server communication"
-              (let ((freetalk-bin (string-append #$freetalk "/bin/freetalk")))
-                (marionette-eval '(system* #$create-account #$jid #$password)
-                                 marionette)
-                ;; Freetalk requires write access to $HOME.
-                (setenv "HOME" "/tmp")
-                (system* freetalk-bin "-s" #$script.ft)
-                (host-wait-for-file #$witness)))
-
-            (test-end)
-            (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
-
-    (gexp->derivation name test)))
+  (define os
+    (marionette-operating-system
+     (simple-operating-system (dhcp-client-service)
+                              xmpp-service)
+     #:imported-modules '((gnu services herd))))
+
+  (define port 15222)
+
+  (define vm
+    (virtual-machine
+     (operating-system os)
+     (port-forwardings `((,port . 5222)))))
+
+  (define username "alice")
+  (define server "localhost")
+  (define jid (string-append username "@" server))
+  (define password "correct horse battery staple")
+  (define message "hello world")
+  (define witness "/tmp/freetalk-witness")
+
+  (define script.ft
+    (scheme-file
+     "script.ft"
+     #~(begin
+         (define (handle-received-message time from nickname message)
+           (define (touch file-name)
+             (call-with-output-file file-name (const #t)))
+           (when (equal? message #$message)
+             (touch #$witness)))
+         (add-hook! ft-message-receive-hook handle-received-message)
+
+         (ft-set-jid! #$jid)
+         (ft-set-password! #$password)
+         (ft-set-server! #$server)
+         (ft-set-port! #$port)
+         (ft-set-sslconn! #f)
+         (ft-connect-blocking)
+         (ft-send-message #$jid #$message)
+
+         (ft-set-daemon)
+         (ft-main-loop))))
+
+  (define test
+    (with-imported-modules '((gnu build marionette))
+      #~(begin
+          (use-modules (gnu build marionette)
+                       (srfi srfi-64))
+
+          (define marionette
+            (make-marionette (list #$vm)))
+
+          (define (host-wait-for-file file)
+            ;; Wait until FILE exists in the host.
+            (let loop ((i 60))
+              (cond ((file-exists? file)
+                     #t)
+                    ((> i 0)
+                     (begin
+                       (sleep 1))
+                     (loop (- i 1)))
+                    (else
+                     (error "file didn't show up" file)))))
+
+          (mkdir #$output)
+          (chdir #$output)
+
+          (test-begin "xmpp")
+
+          ;; Wait for XMPP service to be up and running.
+          (test-eq "service running"
+            'running!
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (start-service 'xmpp-daemon)
+                'running!)
+             marionette))
+
+          ;; Check XMPP service's PID.
+          (test-assert "service process id"
+            (let ((pid (number->string (wait-for-file #$pid-file
+                                                      marionette))))
+              (marionette-eval `(file-exists? (string-append "/proc/" ,pid))
+                               marionette)))
+
+          ;; Alice sends an XMPP message to herself, with Freetalk.
+          (test-assert "client-to-server communication"
+            (let ((freetalk-bin (string-append #$freetalk "/bin/freetalk")))
+              (marionette-eval '(system* #$create-account #$jid #$password)
+                               marionette)
+              ;; Freetalk requires write access to $HOME.
+              (setenv "HOME" "/tmp")
+              (system* freetalk-bin "-s" #$script.ft)
+              (host-wait-for-file #$witness)))
+
+          (test-end)
+          (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+  (gexp->derivation name test))
 
 (define %create-prosody-account
   (program-file
diff --git a/gnu/tests/networking.scm b/gnu/tests/networking.scm
index cfcb490874..aeee105a1c 100644
--- a/gnu/tests/networking.scm
+++ b/gnu/tests/networking.scm
@@ -74,60 +74,61 @@ done" ))))))))))
 (define* (run-inetd-test)
   "Run tests in %INETD-OS, where the inetd service provides an echo service on
 port 7, and a dict service on port 2628."
-  (mlet* %store-monad ((os -> (marionette-operating-system %inetd-os))
-                       (command (system-qemu-image/shared-store-script
-                                 os #:graphic? #f)))
-    (define test
-      (with-imported-modules '((gnu build marionette))
-        #~(begin
-            (use-modules (ice-9 rdelim)
-                         (srfi srfi-64)
-                         (gnu build marionette))
-            (define marionette
-              ;; Forward guest ports 7 and 2628 to host ports 8007 and 8628.
-              (make-marionette (list #$command "-net"
-                                     (string-append
-                                      "user"
-                                      ",hostfwd=tcp::8007-:7"
-                                      ",hostfwd=tcp::8628-:2628"))))
+  (define os
+    (marionette-operating-system %inetd-os))
 
-            (mkdir #$output)
-            (chdir #$output)
+  (define vm
+    (virtual-machine
+     (operating-system os)
+     (port-forwardings `((8007 . 7)
+                         (8628 . 2628)))))
 
-            (test-begin "inetd")
+  (define test
+    (with-imported-modules '((gnu build marionette))
+      #~(begin
+          (use-modules (ice-9 rdelim)
+                       (srfi srfi-64)
+                       (gnu build marionette))
+          (define marionette
+            (make-marionette (list #$vm)))
 
-            ;; Make sure the PID file is created.
-            (test-assert "PID file"
-              (marionette-eval
-               '(file-exists? "/var/run/inetd.pid")
-              marionette))
+          (mkdir #$output)
+          (chdir #$output)
 
-            ;; Test the echo service.
-            (test-equal "echo response"
-              "Hello, Guix!"
-              (let ((echo (socket PF_INET SOCK_STREAM 0))
-                    (addr (make-socket-address AF_INET INADDR_LOOPBACK 8007)))
-                (connect echo addr)
-                (display "Hello, Guix!\n" echo)
-                (let ((response (read-line echo)))
-                  (close echo)
-                  response)))
+          (test-begin "inetd")
 
-            ;; Test the dict service
-            (test-equal "dict response"
-              "GNU Guix is a package management tool for the GNU system."
-              (let ((dict (socket PF_INET SOCK_STREAM 0))
-                    (addr (make-socket-address AF_INET INADDR_LOOPBACK 8628)))
-                (connect dict addr)
-                (display "DEFINE Guix\n" dict)
-                (let ((response (read-line dict)))
-                  (close dict)
-                  response)))
+          ;; Make sure the PID file is created.
+          (test-assert "PID file"
+            (marionette-eval
+             '(file-exists? "/var/run/inetd.pid")
+             marionette))
 
-            (test-end)
-            (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+          ;; Test the echo service.
+          (test-equal "echo response"
+            "Hello, Guix!"
+            (let ((echo (socket PF_INET SOCK_STREAM 0))
+                  (addr (make-socket-address AF_INET INADDR_LOOPBACK 8007)))
+              (connect echo addr)
+              (display "Hello, Guix!\n" echo)
+              (let ((response (read-line echo)))
+                (close echo)
+                response)))
 
-    (gexp->derivation "inetd-test" test)))
+          ;; Test the dict service
+          (test-equal "dict response"
+            "GNU Guix is a package management tool for the GNU system."
+            (let ((dict (socket PF_INET SOCK_STREAM 0))
+                  (addr (make-socket-address AF_INET INADDR_LOOPBACK 8628)))
+              (connect dict addr)
+              (display "DEFINE Guix\n" dict)
+              (let ((response (read-line dict)))
+                (close dict)
+                response)))
+
+          (test-end)
+          (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+  (gexp->derivation "inetd-test" test))
 
 (define %test-inetd
   (system-test
diff --git a/gnu/tests/nfs.scm b/gnu/tests/nfs.scm
index 9e1ac1d55a..889f578d01 100644
--- a/gnu/tests/nfs.scm
+++ b/gnu/tests/nfs.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;;
@@ -41,7 +41,7 @@
     (timezone "Europe/Berlin")
     (locale "en_US.UTF-8")
 
-    (bootloader (grub-configuration (device "/dev/sdX")))
+    (bootloader (grub-configuration (target "/dev/sdX")))
     (file-systems %base-file-systems)
     (users %base-user-accounts)
     (packages (cons*
@@ -55,75 +55,75 @@
 
 (define (run-nfs-test name socket)
   "Run a test of an OS running RPC-SERVICE, which should create SOCKET."
-  (mlet* %store-monad ((os ->   (marionette-operating-system
-                                 %base-os
-                                 #:imported-modules '((gnu services herd)
-                                                      (guix combinators))))
-                       (command (system-qemu-image/shared-store-script
-                                 os #:graphic? #f)))
-    (define test
-      (with-imported-modules '((gnu build marionette))
-        #~(begin
-            (use-modules (gnu build marionette)
-                         (srfi srfi-64))
-
-            (define marionette
-              (make-marionette (list #$command)))
-
-            (define (wait-for-socket file)
-              ;; Wait until SOCKET  exists in the guest
-              (marionette-eval
-               `(let loop ((i 10))
-                  (cond ((and (file-exists? ,file)
-                              (eq? 'socket (stat:type (stat ,file))))
-                         #t)
-                        ((> i 0)
-                         (sleep 1)
-                         (loop (- i 1)))
-                        (else
-                         (error "Socket didn't show up: " ,file))))
-               marionette))
-
-            (mkdir #$output)
-            (chdir #$output)
-
-            (test-begin "rpc-daemon")
-
-            ;; Wait for the rpcbind daemon to be up and running.
-            (test-eq "RPC service running"
-              'running!
-              (marionette-eval
-               '(begin
-                  (use-modules (gnu services herd))
-                  (start-service 'rpcbind-daemon)
-                  'running!)
-               marionette))
-
-            ;; Check the socket file and that the service is still running.
-            (test-assert "RPC socket exists"
-              (and
-                (wait-for-socket #$socket)
-                (marionette-eval
-                 '(begin
-                    (use-modules (gnu services herd)
-                                 (srfi srfi-1))
-
-                    (live-service-running
-                     (find (lambda (live)
-                             (memq 'rpcbind-daemon
-                                   (live-service-provision live)))
-                           (current-services))))
-                 marionette)))
-
-            (test-assert "Probe RPC daemon"
-              (marionette-eval
-               '(zero? (system* "rpcinfo" "-p"))
-               marionette))
-
-            (test-end)
-            (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
-
-    (gexp->derivation name test)))
+  (define os
+    (marionette-operating-system
+     %base-os
+     #:imported-modules '((gnu services herd)
+                          (guix combinators))))
+
+  (define test
+    (with-imported-modules '((gnu build marionette))
+      #~(begin
+          (use-modules (gnu build marionette)
+                       (srfi srfi-64))
+
+          (define marionette
+            (make-marionette (list #$(virtual-machine os))))
+
+          (define (wait-for-socket file)
+            ;; Wait until SOCKET  exists in the guest
+            (marionette-eval
+             `(let loop ((i 10))
+                (cond ((and (file-exists? ,file)
+                            (eq? 'socket (stat:type (stat ,file))))
+                       #t)
+                      ((> i 0)
+                       (sleep 1)
+                       (loop (- i 1)))
+                      (else
+                       (error "Socket didn't show up: " ,file))))
+             marionette))
+
+          (mkdir #$output)
+          (chdir #$output)
+
+          (test-begin "rpc-daemon")
+
+          ;; Wait for the rpcbind daemon to be up and running.
+          (test-eq "RPC service running"
+            'running!
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (start-service 'rpcbind-daemon)
+                'running!)
+             marionette))
+
+          ;; Check the socket file and that the service is still running.
+          (test-assert "RPC socket exists"
+            (and
+             (wait-for-socket #$socket)
+             (marionette-eval
+              '(begin
+                 (use-modules (gnu services herd)
+                              (srfi srfi-1))
+
+                 (live-service-running
+                  (find (lambda (live)
+                          (memq 'rpcbind-daemon
+                                (live-service-provision live)))
+                        (current-services))))
+              marionette)))
+
+          (test-assert "Probe RPC daemon"
+            (marionette-eval
+             '(zero? (system* "rpcinfo" "-p"))
+             marionette))
+
+          (test-end)
+          (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+  (gexp->derivation name test))
 
 (define %test-nfs
   (system-test
diff --git a/gnu/tests/ssh.scm b/gnu/tests/ssh.scm
index 9c83a9cd48..41be360355 100644
--- a/gnu/tests/ssh.scm
+++ b/gnu/tests/ssh.scm
@@ -27,7 +27,6 @@
   #:use-module (gnu packages ssh)
   #:use-module (guix gexp)
   #:use-module (guix store)
-  #:use-module (guix monads)
   #:export (%test-openssh
             %test-dropbear))
 
@@ -37,142 +36,143 @@ SSH-SERVICE must be configured to listen on port 22 and to allow for root and
 empty-password logins.
 
 When SFTP? is true, run an SFTP server test."
-  (mlet* %store-monad ((os ->   (marionette-operating-system
-                                 (simple-operating-system
-                                  (dhcp-client-service)
-                                  ssh-service)
-                                 #:imported-modules '((gnu services herd)
-                                                      (guix combinators))))
-                       (command (system-qemu-image/shared-store-script
-                                 os #:graphic? #f)))
-    (define test
-      (with-imported-modules '((gnu build marionette))
-        #~(begin
-            (eval-when (expand load eval)
-              ;; Prepare to use Guile-SSH.
-              (set! %load-path
-                (cons (string-append #+guile2.0-ssh "/share/guile/site/"
-                                     (effective-version))
-                      %load-path)))
-
-            (use-modules (gnu build marionette)
-                         (srfi srfi-26)
-                         (srfi srfi-64)
-                         (ice-9 match)
-                         (ssh session)
-                         (ssh auth)
-                         (ssh channel)
-                         (ssh sftp))
-
-            (define marionette
-              ;; Enable TCP forwarding of the guest's port 22.
-              (make-marionette (list #$command "-net"
-                                     "user,hostfwd=tcp::2222-:22")))
-
-            (define (make-session-for-test)
-              "Make a session with predefined parameters for a test."
-              (make-session #:user "root"
-                            #:port 2222
-                            #:host "localhost"
-                            #:log-verbosity 'protocol))
-
-            (define (call-with-connected-session proc)
-              "Call the one-argument procedure PROC with a freshly created and
+  (define os
+    (marionette-operating-system
+     (simple-operating-system (dhcp-client-service) ssh-service)
+     #:imported-modules '((gnu services herd)
+                          (guix combinators))))
+  (define vm
+    (virtual-machine
+     (operating-system os)
+     (port-forwardings '((2222 . 22)))))
+
+  (define test
+    (with-imported-modules '((gnu build marionette))
+      #~(begin
+          (eval-when (expand load eval)
+            ;; Prepare to use Guile-SSH.
+            (set! %load-path
+              (cons (string-append #+guile-ssh "/share/guile/site/"
+                                   (effective-version))
+                    %load-path)))
+
+          (use-modules (gnu build marionette)
+                       (srfi srfi-26)
+                       (srfi srfi-64)
+                       (ice-9 match)
+                       (ssh session)
+                       (ssh auth)
+                       (ssh channel)
+                       (ssh sftp))
+
+          (define marionette
+            ;; Enable TCP forwarding of the guest's port 22.
+            (make-marionette (list #$vm)))
+
+          (define (make-session-for-test)
+            "Make a session with predefined parameters for a test."
+            (make-session #:user "root"
+                          #:port 2222
+                          #:host "localhost"
+                          #:log-verbosity 'protocol))
+
+          (define (call-with-connected-session proc)
+            "Call the one-argument procedure PROC with a freshly created and
 connected SSH session object, return the result of the procedure call.  The
 session is disconnected when the PROC is finished."
-              (let ((session (make-session-for-test)))
-                (dynamic-wind
-                  (lambda ()
-                    (let ((result (connect! session)))
-                      (unless (equal? result 'ok)
-                        (error "Could not connect to a server"
-                               session result))))
-                  (lambda () (proc session))
-                  (lambda () (disconnect! session)))))
-
-            (define (call-with-connected-session/auth proc)
-              "Make an authenticated session.  We should be able to connect as
+            (let ((session (make-session-for-test)))
+              (dynamic-wind
+                (lambda ()
+                  (let ((result (connect! session)))
+                    (unless (equal? result 'ok)
+                      (error "Could not connect to a server"
+                             session result))))
+                (lambda () (proc session))
+                (lambda () (disconnect! session)))))
+
+          (define (call-with-connected-session/auth proc)
+            "Make an authenticated session.  We should be able to connect as
 root with an empty password."
-              (call-with-connected-session
-               (lambda (session)
-                 ;; Try the simple authentication methods.  Dropbear requires
-                 ;; 'none' when there are no passwords, whereas OpenSSH accepts
-                 ;; 'password' with an empty password.
-                 (let loop ((methods (list (cut userauth-password! <> "")
-                                           (cut userauth-none! <>))))
-                   (match methods
-                     (()
-                      (error "all the authentication methods failed"))
-                     ((auth rest ...)
-                      (match (pk 'auth (auth session))
-                        ('success
-                         (proc session))
-                        ('denied
-                         (loop rest)))))))))
-
-            (mkdir #$output)
-            (chdir #$output)
-
-            (test-begin "ssh-daemon")
-
-            ;; Wait for sshd to be up and running.
-            (test-eq "service running"
-              'running!
-              (marionette-eval
-               '(begin
-                  (use-modules (gnu services herd))
-                  (start-service 'ssh-daemon)
-                  'running!)
-               marionette))
-
-            ;; Check sshd's PID file.
-            (test-equal "sshd PID"
-              (wait-for-file #$pid-file marionette)
-              (marionette-eval
-               '(begin
-                  (use-modules (gnu services herd)
-                               (srfi srfi-1))
-
-                  (live-service-running
-                   (find (lambda (live)
-                           (memq 'ssh-daemon
-                                 (live-service-provision live)))
-                         (current-services))))
-               marionette))
-
-            ;; Connect to the guest over SSH.  Make sure we can run a shell
-            ;; command there.
-            (test-equal "shell command"
-              'hello
-              (call-with-connected-session/auth
-               (lambda (session)
-                 ;; FIXME: 'get-server-public-key' segfaults.
-                 ;; (get-server-public-key session)
-                 (let ((channel (make-channel session)))
-                   (channel-open-session channel)
-                   (channel-request-exec channel "echo hello > /root/witness")
-                   (and (zero? (channel-get-exit-status channel))
-                        (wait-for-file "/root/witness" marionette))))))
-
-            ;; Connect to the guest over SFTP.  Make sure we can write and
-            ;; read a file there.
-            (unless #$sftp?
-              (test-skip 1))
-            (test-equal "SFTP file writing and reading"
-              'hello
-              (call-with-connected-session/auth
-               (lambda (session)
-                 (let ((sftp-session (make-sftp-session session))
-                       (witness "/root/sftp-witness"))
-                   (call-with-remote-output-file sftp-session witness
-                                                 (cut display "hello" <>))
-                   (call-with-remote-input-file sftp-session witness
-                                                read)))))
-
-            (test-end)
-            (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
-
-    (gexp->derivation name test)))
+            (call-with-connected-session
+             (lambda (session)
+               ;; Try the simple authentication methods.  Dropbear requires
+               ;; 'none' when there are no passwords, whereas OpenSSH accepts
+               ;; 'password' with an empty password.
+               (let loop ((methods (list (cut userauth-password! <> "")
+                                         (cut userauth-none! <>))))
+                 (match methods
+                   (()
+                    (error "all the authentication methods failed"))
+                   ((auth rest ...)
+                    (match (pk 'auth (auth session))
+                      ('success
+                       (proc session))
+                      ('denied
+                       (loop rest)))))))))
+
+          (mkdir #$output)
+          (chdir #$output)
+
+          (test-begin "ssh-daemon")
+
+          ;; Wait for sshd to be up and running.
+          (test-eq "service running"
+            'running!
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (start-service 'ssh-daemon)
+                'running!)
+             marionette))
+
+          ;; Check sshd's PID file.
+          (test-equal "sshd PID"
+            (wait-for-file #$pid-file marionette)
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd)
+                             (srfi srfi-1))
+
+                (live-service-running
+                 (find (lambda (live)
+                         (memq 'ssh-daemon
+                               (live-service-provision live)))
+                       (current-services))))
+             marionette))
+
+          ;; Connect to the guest over SSH.  Make sure we can run a shell
+          ;; command there.
+          (test-equal "shell command"
+            'hello
+            (call-with-connected-session/auth
+             (lambda (session)
+               ;; FIXME: 'get-server-public-key' segfaults.
+               ;; (get-server-public-key session)
+               (let ((channel (make-channel session)))
+                 (channel-open-session channel)
+                 (channel-request-exec channel "echo hello > /root/witness")
+                 (and (zero? (channel-get-exit-status channel))
+                      (wait-for-file "/root/witness" marionette))))))
+
+          ;; Connect to the guest over SFTP.  Make sure we can write and
+          ;; read a file there.
+          (unless #$sftp?
+            (test-skip 1))
+          (test-equal "SFTP file writing and reading"
+            'hello
+            (call-with-connected-session/auth
+             (lambda (session)
+               (let ((sftp-session (make-sftp-session session))
+                     (witness "/root/sftp-witness"))
+                 (call-with-remote-output-file sftp-session witness
+                                               (cut display "hello" <>))
+                 (call-with-remote-input-file sftp-session witness
+                                              read)))))
+
+          (test-end)
+          (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+  (gexp->derivation name test))
 
 (define %test-openssh
   (system-test
diff --git a/gnu/tests/virtualization.scm b/gnu/tests/virtualization.scm
new file mode 100644
index 0000000000..c2939355b2
--- /dev/null
+++ b/gnu/tests/virtualization.scm
@@ -0,0 +1,95 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu tests virtualization)
+  #:use-module (gnu tests)
+  #:use-module (gnu system)
+  #:use-module (gnu system file-systems)
+  #:use-module (gnu system vm)
+  #:use-module (gnu services)
+  #:use-module (gnu services dbus)
+  #:use-module (gnu services networking)
+  #:use-module (gnu services virtualization)
+  #:use-module (gnu packages virtualization)
+  #:use-module (guix gexp)
+  #:use-module (guix store)
+  #:export (%test-libvirt))
+
+(define %libvirt-os
+  (simple-operating-system
+   (dhcp-client-service)
+   (dbus-service)
+   (polkit-service)
+   (service libvirt-service-type)))
+
+(define (run-libvirt-test)
+  "Run tests in %LIBVIRT-OS."
+  (define os
+    (marionette-operating-system
+     %libvirt-os
+     #:imported-modules '((gnu services herd)
+                          (guix combinators))))
+
+  (define vm
+    (virtual-machine
+     (operating-system os)
+     (port-forwardings '())))
+
+  (define test
+    (with-imported-modules '((gnu build marionette))
+      #~(begin
+          (use-modules (srfi srfi-11) (srfi srfi-64)
+                       (gnu build marionette))
+
+          (define marionette
+            (make-marionette (list #$vm)))
+
+          (mkdir #$output)
+          (chdir #$output)
+
+          (test-begin "libvirt")
+
+          (test-assert "service running"
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (match (start-service 'libvirtd)
+                  (#f #f)
+                  (('service response-parts ...)
+                   (match (assq-ref response-parts 'running)
+                     ((pid) (number? pid))))))
+             marionette))
+
+          (test-eq "fetch version"
+            0
+            (marionette-eval
+             `(begin
+                (system* ,(string-append #$libvirt "/bin/virsh")
+                         "-c" "qemu:///system" "version"))
+             marionette))
+
+          (test-end)
+          (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+  (gexp->derivation "libvirt-test" test))
+
+(define %test-libvirt
+  (system-test
+   (name "libvirt")
+   (description "Connect to the running LIBVIRT service.")
+   (value (run-libvirt-test))))
diff --git a/gnu/tests/web.scm b/gnu/tests/web.scm
index bc7e3b89a9..3fa272c676 100644
--- a/gnu/tests/web.scm
+++ b/gnu/tests/web.scm
@@ -27,7 +27,6 @@
   #:use-module (gnu services networking)
   #:use-module (guix gexp)
   #:use-module (guix store)
-  #:use-module (guix monads)
   #:export (%test-nginx))
 
 (define %index.html-contents
@@ -65,68 +64,68 @@
 (define* (run-nginx-test #:optional (http-port 8042))
   "Run tests in %NGINX-OS, which has nginx running and listening on
 HTTP-PORT."
-  (mlet* %store-monad ((os ->   (marionette-operating-system
-                                 %nginx-os
-                                 #:imported-modules '((gnu services herd)
-                                                      (guix combinators))))
-                       (command (system-qemu-image/shared-store-script
-                                 os #:graphic? #f)))
-    (define test
-      (with-imported-modules '((gnu build marionette))
-        #~(begin
-            (use-modules (srfi srfi-11) (srfi srfi-64)
-                         (gnu build marionette)
-                         (web uri)
-                         (web client)
-                         (web response))
-
-            (define marionette
-              ;; Forward the guest's HTTP-PORT, where nginx is listening, to
-              ;; port 8080 in the host.
-              (make-marionette (list #$command "-net"
-                                     (string-append
-                                      "user,hostfwd=tcp::8080-:"
-                                      #$(number->string http-port)))))
-
-            (mkdir #$output)
-            (chdir #$output)
-
-            (test-begin "nginx")
-
-            ;; Wait for nginx to be up and running.
-            (test-eq "service running"
-              'running!
-              (marionette-eval
-               '(begin
-                  (use-modules (gnu services herd))
-                  (start-service 'nginx)
-                  'running!)
-               marionette))
-
-            ;; Make sure the PID file is created.
-            (test-assert "PID file"
-              (marionette-eval
-               '(file-exists? "/var/run/nginx/pid")
-               marionette))
-
-            ;; Retrieve the index.html file we put in /srv.
-            (test-equal "http-get"
-              '(200 #$%index.html-contents)
-              (let-values (((response text)
-                            (http-get "http://localhost:8080/index.html"
-                                      #:decode-body? #t)))
-                (list (response-code response) text)))
-
-            ;; There should be a log file in here.
-            (test-assert "log file"
-              (marionette-eval
-               '(file-exists? "/var/log/nginx/access.log")
-               marionette))
-
-            (test-end)
-            (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
-
-    (gexp->derivation "nginx-test" test)))
+  (define os
+    (marionette-operating-system
+     %nginx-os
+     #:imported-modules '((gnu services herd)
+                          (guix combinators))))
+
+  (define vm
+    (virtual-machine
+     (operating-system os)
+     (port-forwardings `((8080 . ,http-port)))))
+
+  (define test
+    (with-imported-modules '((gnu build marionette))
+      #~(begin
+          (use-modules (srfi srfi-11) (srfi srfi-64)
+                       (gnu build marionette)
+                       (web uri)
+                       (web client)
+                       (web response))
+
+          (define marionette
+            (make-marionette (list #$vm)))
+
+          (mkdir #$output)
+          (chdir #$output)
+
+          (test-begin "nginx")
+
+          ;; Wait for nginx to be up and running.
+          (test-eq "service running"
+            'running!
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (start-service 'nginx)
+                'running!)
+             marionette))
+
+          ;; Make sure the PID file is created.
+          (test-assert "PID file"
+            (marionette-eval
+             '(file-exists? "/var/run/nginx/pid")
+             marionette))
+
+          ;; Retrieve the index.html file we put in /srv.
+          (test-equal "http-get"
+            '(200 #$%index.html-contents)
+            (let-values (((response text)
+                          (http-get "http://localhost:8080/index.html"
+                                    #:decode-body? #t)))
+              (list (response-code response) text)))
+
+          ;; There should be a log file in here.
+          (test-assert "log file"
+            (marionette-eval
+             '(file-exists? "/var/log/nginx/access.log")
+             marionette))
+
+          (test-end)
+          (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+  (gexp->derivation "nginx-test" test))
 
 (define %test-nginx
   (system-test